Router 6000 R17 Operation and Maintenance: Solution To Exercises [PDF]
Router 6000 R17 Operation and Maintenance Solution to Exercises 03815-LZU1082486 Rev A Router 6000 R17 Operation and
46 0 755KB
Papiere empfehlen
![Router 6000 R17 Operation and Maintenance: Solution To Exercises [PDF]](https://vdoc.tips/img/200x200/router-6000-r17-operation-and-maintenance-solution-to-exercises.jpg)
- Author / Uploaded
- AhsanSaleem
Datei wird geladen, bitte warten...
Zitiervorschau
Router 6000 R17 Operation and Maintenance
Solution to Exercises
03815-LZU1082486 Rev A
Router 6000 R17 Operation and Maintenance
DISCLAIMER This document is a training document and contains simplifications. Therefore, it must not be considered as a specification of the system. The contents of this document are subject to revision without notice due to ongoing progress in methodology, design and manufacturing. Ericsson shall have no liability for any error or damage of any kind resulting from the use of this document. This document is not intended to replace the technical documentation that was shipped with your system. Always refer to that technical documentation during operation and maintenance.
© Ericsson AB 2017
This document was produced by Ericsson. •
-2 -
The document is to be used for training purposes only and it is strictly prohibited to copy, reproduce, disclose or distribute it in any manner without the express written consent from Ericsson.
© Ericsson AB 2017
03815-LZU1082486 Rev A
Router 6000 R17 Operation and Maintenance
Table of Contents Exercise 1,Solution: Management Configuration ........... 8 Exercise 1.1,Solution: Configure Management Connection: ...................................................... 8 Exercise 1.2,Solution: Verification Management Connection ...................................................... 8 Exercise 2,Solution: CLI tools, tips and tricks .............. 10 Exercise 2.1,Solution: The command syntax ................ 10 Exercise 2.2,Solution: CLI Help ...................................... 11 Exercise 2.3,Solution: CLI tips and tricks...................... 12 Exercise 2.4,Solution: Command history ...................... 15 Exercise 2.5,Solution: Searching in the CLI EMACS .... 16 Exercise 2.6,Solution: Searching in the CLI GREP ....... 18 Exercise 2.7,Solution: Configure new administrators and set session timeout ............................................ 19 Exercise 2.8,Solution: Verify new administrators and timeout .................................................... 19 Exercise 3,Solution: Context .......................................... 20 Exercise 3.1,Solution: Configure new contexts ............ 20 Exercise 3.2,Solution: Verify context creation .............. 20 Exercise 3.3,Solution: Remove contexts ....................... 21 Exercise 3.4,Solution: Verify configuration in each context .................................................... 22 Exercise 4,Solution: Interfaces, ports, circuits and bindings ....................................................... 23 Exercise 4.1,Solution: Configure interfaces .................. 23
03815-LZU1082486 Rev A
© Ericsson AB 2017
-3 -
Router 6000 R17 Operation and Maintenance
Exercise 4.2,Solution: Verify interface state ................. 23 Exercise 4.3,Solution: Configure ports and circuits ..... 24 Exercise 4.4,Solution: Verify port and circuit states .... 25 Exercise 4.5,Solution: Configure bindings .................... 26 Exercise 4.6,Solution: Verify binding state and verify connectivity .................................................... 26 Exercise 4.7,Solution: Configure bindings in VLANs ... 27 Exercise 4.8,Solution: Verify binding state and verify connectivity .................................................... 28 Exercise 5,Solution: File Management .......................... 30 Exercise 5.1,Solution: Transaction Database ............... 30 Exercise 5.2,Solution: Save configuration .................... 32 Exercise 5.3,Solution: File Management Commands ... 33 Exercise 5.4,Solution: Optional: Start system with empty configuration................................................... 34 Exercise 5.5,Solution: Optional: Load configuration .... 35 Exercise 6,Solution: Software Upgrade ......................... 36 Exercise 6.1,Solution: Software backup - Preparation . 36 Exercise 6.2,Solution: Step 1 – Ensure your system is ready to upgrade .................................................... 36 Exercise 6.3,Solution: Step 2 – Install the New Ericsson IPOS Release .............................................. 38 Exercise 6.4,Solution: Step 3 – Verify system state ..... 40 Exercise 7,Solution: Hardware components ................. 41 Exercise 7.1,Solution: Verify hardware components .... 41 Exercise 7.2,Solution: Verify system alarms ................. 44
-4 -
© Ericsson AB 2017
03815-LZU1082486 Rev A
Router 6000 R17 Operation and Maintenance
Exercise 7.3,Solution: Verify installed/configured line cards .................................................... 45 Exercise 7.4,Solution: Configure line cards: ................. 45 Exercise 7.5,Solution: Verify installed/configured line cards .................................................... 46 Exercise 7.6,Solution: Verify system storage and memory .................................................... 46 Exercise 8,Solution: Power on Diagnostics (POD) ....... 47 Exercise 8.1,Solution: Verify the POD results ............... 47 Exercise 9,Solution: System Processes ........................ 49 Exercise 9.1,Solution: Create a manual coredump: ...... 49 Exercise 9.2,Solution: Search for high load processes: .................................................... 49 Exercise 10,Solution: Service Configuration ................ 51 Exercise 10.1,Solution: Configure the topology for telnet test: .................................................. 51 Exercise 10.2,Solution: Verifying telnet through context local .................................................. 52 Exercise 10.3,Solution: Verifying telnet through context xyz .................................................. 53 Exercise 10.4,Solution: Configure telnet service server .................................................. 53 Exercise 10.5,Solution: Verifying telnet service server again .................................................. 54 Exercise 11,Solution: Privilege Levels .......................... 57 Exercise 11.1,Solution: Configure administrators with privilege levels: .................................................. 57
03815-LZU1082486 Rev A
© Ericsson AB 2017
-5 -
Router 6000 R17 Operation and Maintenance
Exercise 11.2,Solution: Configure commands with privilege levels: .................................................. 57 Exercise 11.3,Solution: Verify privilege levels .............. 58 Exercise 12,Solution: Admin ACLs ................................ 61 Exercise 12.1,Solution: Configure Admin ACL: ............ 61 Exercise 12.2,Solution: Verify Admin ACL: ................... 62 Exercise 13,Solution: TACACS+ .................................... 64 Exercise 13.1,Solution: Configure TACACS+:............... 64 Exercise 13.2,Solution: Verify TACACS+: ..................... 64 Exercise 13.3,Solution: Clean up TACACS+ configuration: .................................................. 66 Exercise 14,Solution: Password Recovery.................... 67 Exercise 14.1,Solution: Preparation............................... 67 Exercise 14.2,Solution: Recovering Password ............. 67 Exercise 15,Solution: Searching and Filtering .............. 68 Exercise 15.1,Solution: Save filtered output to file ....... 68 Exercise 15.2,Solution: Searching the output using EMACS .................................................. 68 Exercise 15.3,Solution: Macro for searching domains . 69 Exercise 15.4,Solution: Macro for searching with dates (optional) .................................................. 69 Exercise 16,Solution: Logging & Syslog ....................... 71 Exercise 16.1,Solution: Configure Syslog and Debug: .................................................. 71 Exercise 16.2,Solution: Generate system events and view results: .................................................. 71
-6 -
© Ericsson AB 2017
03815-LZU1082486 Rev A
Router 6000 R17 Operation and Maintenance
Exercise 17,Solution: Debugging on Router 6000 ........ 73 Exercise 17.1,Solution: System wide debug ................. 73 Exercise 17.2,Solution: Context specific debug ........... 73 Exercise 18,Solution: Connectivity Troubleshooting ... 74 Exercise 18.1,Solution: Connectivity troubleshooting, preparation .................................... 74 Exercise 18.2,Solution: Connectivity troubleshooting . 75
03815-LZU1082486 Rev A
© Ericsson AB 2017
-7 -
Router 6000 R17 Operation and Maintenance
Exercise 1,Solution:
Management Configuration
Exercise 1.1,Solution: Configure Management Connection: General Tasks: 1) System 2) Context 3) Interface 4) Port 5) Binding 6) Static 7) Commit
X = group number [1—5] system hostname Train-X system location Training system contact GroupX
port ethernet management no shutdown
3
bind interface mgmt local
context local administrator ericsson password Ericsson_1 enable password ericsson
4
local 5
7
8
ip route 10.69.78.32/28 10.69.78.30 ip route 10.69.79.144/29 10.69.78.30
6 Ethernet management
interface mgmt ip address 10.69.78.2X/28
9
commit
Figure 0-1: Exercise: Review, Configuration
Exercise 1.2,Solution: Verification Management Connection [local]Train-1# show bindings Circuit State Encaps
Bind Type
Bind Name
RPFP/1
interface
mgmt@local
Summary: total: 1 up: 1 bound: 1 auth: 0 [local]Train-1# › › › › › ›
Up
ethernet
down: 0 unbound: 0 interface: 1
subscriber: 0
bypass: 0
List of bindings in context local circuit identify from which circuit the binding is done State: Up or Down (or unbound) Encapsulation: type of layer 2 encapsulation (Ethernet or dot1q) Bind type: type of the target binding (interface, bypass, mpls, ipsec ...) Bind name: name of the object to which the circuit is bound ( ping 10.69.78.21 Pinging 10.69.78.21 with 32 bytes of data: Reply from 10.69.78.21: bytes=32 time=61ms Reply from 10.69.78.21: bytes=32 time=59ms Reply from 10.69.78.21: bytes=32 time=60ms Reply from 10.69.78.21: bytes=32 time=59ms
TTL=60 TTL=60 TTL=60 TTL=60
Ping statistics for 10.69.78.21: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 59ms, Maximum = 61ms, Average = 59ms C:\>
Figure 0-4: Exercise: Review, Verification
[student@ssh1gbg2 ~]$ telnet 10.69.78.21 Trying 10.69.78.21... Connected to 10.69.78.21 (10.69.78.21). login as: ericsson [email protected]'s password: Ericsson_1 Hello from Router 6672 Copyright (c) 2016 Ericsson AB. All rights reserved. [local]Train-1> enable Successful login! Password: ericsson Management port and admin account were configured correctly! [local]Train-1# Figure 0-5: Exercise: Review, Verification
03815-LZU1082486 Rev A
© Ericsson AB 2017
-9 -
Router 6000 R17 Operation and Maintenance
Exercise 2,Solution:
CLI tools, tips and tricks
Exercise 2.1,Solution:
The command syntax
[local]Train-5# show configuration context local Building configuration... CLI accepts the command --- cut --result: active config shown
[local]Train-5# SHOW CONFIGURATION CONTEXT local Building configuration... CLI accepts the command --- cut --Keywords are not case sensitive!
result: active config shown
[local]Train-5# show configuration context LOCAL Unknown context: CLI parses the command [local]Train-5# result: Unknown context Arguments are case sensitive! Context “LOCAL” does not exist!
command syntax
Result: successful / unsuccessful?
show configuration context local
successful
SHOW CONFIGURATION CONTEXT local
successful
show configuration context LOCAL
unsuccessful
Question 2.1: Which of the words in the command are keywords or arguments?
- 10 -
1.
show
keyword: argument:
2.
configuration
keyword: argument:
3.
context
keyword: argument:
4.
local
keyword: argument:
5.
SHOW
keyword: argument:
6.
CONFIGURATION
keyword: argument:
© Ericsson AB 2017
03815-LZU1082486 Rev A
Router 6000 R17 Operation and Maintenance
7.
CONTEXT
keyword: argument:
8.
LOCAL
keyword: argument:
Question 2.2: Explain why some of the command where unsuccessful? Answer: “show configuration context LOCAL” was unsuccessful because the CLI parses the command and tries to find context “LOCAL” with upper case in the system database. It does not find any contexts thus we get the result “Unknown context:”. This exercise practically shows that keywords are not case sensitive (show configuration context) but arguments are case sensitive (local, LOCAL).
Exercise 2.2,Solution: CLI Help [local]Train-5#show ip interface ? WORD Interface name to be displayed all-context Iterate this command in all contexts brief Brief listing of IP interfaces rp Interfaces on the RP | Output Modifiers
[local]selnre066rtr01#
Question 2.3: List all options for the “show ip interface” command bellow: Answer: Option 1: all-context Option 2: brief Question 2.4: List all options for the “card” command from global configuration mode ([local]Train-1(config)#) bellow: Answer: [localTrain-1(config)#card ? lc-1-10ge-20-8-port 20-port 1GE or 8-port 10GE card
03815-LZU1082486 Rev A
© Ericsson AB 2017
- 11 -
Router 6000 R17 Operation and Maintenance
Exercise 2.2, Solution (continued): CLI help: [local]Train-5# co? configure context [local]Train-5#co
Three possible commands beginning with “co”
copy
[local]Train-5(config)# co? comment commit context [local]Train-5(config)#co
Config mode: Three possible commands beginning with “co”
Question 2.5: List all keywords starting with “co”. Answer, Administrator monitoring mode ([local]Train-5#): Keyword 1: configure
Keyword 2: context
Keyword 3: copy Answer, global configuration mode ([local]Train-5(config)#): Keyword 1: comment
Keyword 2: commit
Keyword 3: context
Exercise 2.3,Solution:
CLI tips and tricks
[local]Train-5# sho conf Building configuration... --- cut ---
Press enter ↵
Partially typed command Parsed by CLI
Question 2.6: Was the result successful? Answer: Yes No Try to explain the result:
- 12 -
© Ericsson AB 2017
03815-LZU1082486 Rev A
Router 6000 R17 Operation and Maintenance
Answer: “sho conf" is unique in the CLI. It can only be interpreted to ONE command: “show configuration”. The CLI parses it and the active configuration is outputted. Exercise 2.3, Solution (continued): Partially typed commands: [local]Train-5# sho con % Ambiguous command: sho con [local]Train-5# sho con? configuration context
Press enter ↵
Why this output? Two command begin with “con” Must be unique!
Question 2.7: Was the result successful? Answer: Yes No Try to explain the result: Answer: The CLI tries to interpret the command. But there is no unique match for the entered command as indicated by “sho con?”. We have two commands which begin with “con”. The CLI cannot execute the command. As a result we get “Ambiguous comman: sho con”. Exercise 2.3, Solution (continued): Using the TAB key: [local]Train-5#sho conf Press TAB ↹ [local]Train-5#sho configuration
CLI completes the command
Question 2.8: Did the CLI complete the command? Answer: Yes No Try to explain the result: Answer: After pressing the TAB key the CLI will try to complete the command. It only can find one possible match “sho configuration” which is shown above.
03815-LZU1082486 Rev A
© Ericsson AB 2017
- 13 -
Router 6000 R17 Operation and Maintenance
Exercise 2.3, Solution (continued): Using the TAB key: Press TAB ↹
[local]Train-5#sh con [local]Train-5#sh con
CLI cannot completes the command Must be unique!
Question 2.9: Did the CLI complete the command? Answer:
Yes
No
Try to explain the result: Answer: After pressing the TAB key the CLI does not find a unique match for the entered command “sh con” and as a result the CLI does not complete the command. Exercise 2.3, Solution (continued): Enter key, submitting a command: [local]Train-5# ▓ show conf Building configuration... --- cut ---
Press enter ↵ CLI parses the command, completes it and accepts it
Question 2.10: Was the result successful? Answer: Yes
No
Try to explain the result: Answer: After pressing the enter key the CLI parses the command regardless of where the cursor is and because the command is unique it can only be interpreted to “show configuration”. This results in output of active system configuration.
- 14 -
© Ericsson AB 2017
03815-LZU1082486 Rev A
Router 6000 R17 Operation and Maintenance
Exercise 2.4,Solution:
Command history
History log of “monitoring commands”
[local]Train-5# show history en sh ip interface brief show context show administrators show history [local]Train-5#
Question 2.11: List 4 of the commands entered in your group’s Router 6000 since last reload: Answer: Command 1: enable Command 2: show ip interface brief Command 3: show context Command 4: show administrators Note! The result could be different in your group’s ROUTER 6000. Exercise 2.4, Solution (continued): Command history: History log of “configuration commands” [local]Train-5# show history configuration no cont LOCAL service multiple-contexts cont abc end no context ABC no cont abc no service multiple-contexts End [local]Train-5#
[local]Train-5(config)# show history no cont LOCAL service multiple-contexts cont abc end no context ABC no cont abc no service multiple-contexts end show history [local]Train-5(config)#
Question 2.12: List 4 of the configuration commands entered in your group’s Router 6000 since last reload: Answer: Command 1: no context LOCAL Command 2: service multiple-contexts
03815-LZU1082486 Rev A
© Ericsson AB 2017
- 15 -
Router 6000 R17 Operation and Maintenance
Command 3: context abc Command 4: end Note! There are two options, in left above from the operator monitoring mode and in right above from configuration mode. Note! The result could be different in your group’s Router 6000.
Exercise 2.5,Solution:
Searching in the CLI EMACS
[local]Train-5# sh conf Building configuration...
Pause after 24 rows, indicated by ---(more)---
Current configuration: ! ! Configuration last changed by user 'ericsson' at Mon Dec 19 14:53:25 2011 ! /context ---(more)--At ---(more)---
Enter “/”followed by “context” and Press enter ↵
no service multiple-contexts ! ! ! ---(more)---
First match for the word “context” found
Question 2.13: Did the search find any matches? Answer:
Yes
No
If yes write down the complete matched row: Answer: no service multiple-contexts
- 16 -
© Ericsson AB 2017
03815-LZU1082486 Rev A
Router 6000 R17 Operation and Maintenance
Exercise 2.5, Solution (continued): Searching in the CLI EMACS: no service multiple-contexts ! ! ! ---(more)---
At ---(more)--- Enter “n” for next match
context local ! no ip domain-lookup !
context local ! no ip domain-lookup !
Next match for the word “context” found
Question 2.14: Did the search find any next matches? Answer:
Yes
No
If yes write down the complete matched row: Answer: context local Exercise 2.5, Solution (continued): Searching in the CLI EMACS: context local ! no ip domain-lookup ! ---(more)--Pattern not found (press RETURN)
At ---(more)--- Enter “/LOCAL”
context local ! no ip domain-lookup ! ---(more)--/LOCAL Pattern not found (press RETURN)
At ---(more)--- Enter “/LOCAL”
03815-LZU1082486 Rev A
© Ericsson AB 2017
No match found!
- 17 -
Router 6000 R17 Operation and Maintenance
Question 2.15: Did the search find any matches? Answer:
Yes
No If yes write down the complete matched row: Answer: none! There is no match for the word LOCAL in the active configuration
Note! There may be different results from your group’s Router 6000.
Exercise 2.6,Solution: Searching in the CLI GREP Output the active config
Only show the rows that contain the word “local”
[local]Train-5#show conf | grep local context local bind interface management local [local]Train-5# Result: Two matches found for the word “local”
Question 2.16: Did the search find any matches? Answer: Yes
No
If yes write down the complete matched row(s): Answer: context local bind interface management local Note! There may be different results from your group’s Router 6000.
- 18 -
© Ericsson AB 2017
03815-LZU1082486 Rev A
Router 6000 R17 Operation and Maintenance
Exercise 2.5, Solution (continued): Searching in the CLI GREP:
[local]Train-5#show conf | grep LOCAL [local]Train-5# Result: No match found for the word “LOCAL” There is no object called “LOCAL” in the active config!
Exercise 2.7,Solution: Configure new administrators and set session timeout General Tasks: 1) System 2) Context 3) Interface 4) Port 5) Binding 6) Commit
X = group number [1—5] system hostname Train-X system location Training system contact GroupX
port ethernet management no shutdown
Done 1
context local administrator ericsson password Ericsson_1 enable password ericsson
Done
bind interface mgmt local
Done 2
local 3
2b
context local administrator jun_admin password Jun_admin1 privilege start 10 privilege max 10
5
6
4 Ethernet management
interface mgmt ip address 10.69.78.2X/28
Done
1b timeout session idle 60
commit
Exercise 2.8,Solution: Verify new administrators and timeout Telnet to the system and login with the admin account: “jun_admin” Successful login verifies the correct configuration
Train-5 login:jun_admin Password:Jun_admin1 [local]Train-5#
[local]Train-5# show privilege Current privilege level is 10 Verify the privilege level for the admin “jun_admin” [local]Train-5# [local]Train-5# enable 15 % Error: user: jun_admin does not have access to this privilege level: 15 [local]Train-5# [local]Train-5# show conf | grep timeout timeout session idle 60 Verify the session inactivity timeout [local]Train-5#
03815-LZU1082486 Rev A
© Ericsson AB 2017
- 19 -
Router 6000 R17 Operation and Maintenance
Exercise 3,Solution: Context Exercise 3.1,Solution: Configure new contexts
service multiple-contexts
local
1 context ABC commit
2 ABC
context XYZ commit
3 XYZ
Exercise 3.2,Solution:
4 abc
5
context abc commit
context xyz commit
xyz
Verify context creation
[local]Train-5# show context all Context Name Context ID VPN-RD Description ----------------------------------------------------------------------------local 0x40080001 XYZ
0x40080002
abc
0x40080003
xyz
0x40080004
ABC
0x40080005
[local]Train-5#
- 20 -
© Ericsson AB 2017
03815-LZU1082486 Rev A
Router 6000 R17 Operation and Maintenance
Exercise 3.3,Solution:
Remove contexts
6
no context local
local
abc
ABC no context ABC commit
Deletion of local context is not allowed Admin context!
7
XYZ
xyz
[XYZ]Train-1(config)# no context XYZ Unable to delete the current context
Question 3.1: For each of following contexts, explain if and why you could not remove them? Answer: Context ABC: was successfully removed. Context local: Context local is a special administrative context. Deletion of local context is not allowed. Context XYZ: You cannot delete a context at the same time that you are monitoring it. This is the reason for the output “Unable to delete the current context”.
03815-LZU1082486 Rev A
© Ericsson AB 2017
- 21 -
Router 6000 R17 Operation and Maintenance
Exercise 3.4,Solution:
Verify configuration in each context
[local]Train-5# context XYZ [XYZ]Train-5# [XYZ]Train-5# show conf Building configuration...
[XYZ]Train-5# context xyz [xyz]Train-5# [xyz]Train-5# show configuration Building configuration...
Current configuration: ! context XYZ ! no ip domain-lookup no logging console ! ! ! ! end [XYZ]Train-5#
Current configuration: ! context xyz ! no ip domain-lookup no logging console ! ! ! ! end [xyz]Train-5#
Note! Context XYZ (upper case) and context xyz (lower case) are two different contexts!
- 22 -
© Ericsson AB 2017
03815-LZU1082486 Rev A
Router 6000 R17 Operation and Maintenance
Exercise 4,Solution: and bindings
Interfaces, ports, circuits
Exercise 4.1,Solution:
Configure interfaces
context ABC interface test ip address 1.1.1.1/24
ABC
XYZ
context ABC interface lo loopback ip address 100.1.1.1/32
context XYZ interface test ip address 1.1.1.2/24
ABC
XYZ context XYZ interface lo loopback ip address 100.1.1.2/32
Exercise 4.2,Solution:
Verify interface state
[local]Ericsson# context ABC [ABC]Ericsson# show ip interface brief Name Address test 1.1.1.1/24 lo 100.1.1.1/32
[ABC]Ericsson# context XYZ [XYZ]Ericsson# show ip interface brief Name Address Bindings lo 100.1.1.2/32 (Loopback) test 1.1.1.2/24 [XYZ]Ericsson#
03815-LZU1082486 Rev A
© Ericsson AB 2017
MTU 0 1500
State UnBound Up
MTU
State
1500
Up
0
UnBound
Bindings (Loopback)
- 23 -
Router 6000 R17 Operation and Maintenance
Question 4.1: Why can we use the same interface name in different contexts (“test” and “lo” in both ABC and XYZ)? Answer: Interface names have local significance in the contexts. We use interface name in combination with context name to refer to an interface at system level. Example: interface test on context ABC. Question 4.2: What is the state of the interface “test” and the interface “lo”? Explain why? Answer: State of “test”: Unbound Explain why? No port or circuit is bound to this interface yet. We will configure binding later. State of “lo”: Up Explain why? This interface is of type loopback which is always up. No binding is required. This interface is usually used for troubleshooting and for administrative purposes.
Exercise 4.3,Solution:
- 24 -
Configure ports and circuits
© Ericsson AB 2017
03815-LZU1082486 Rev A
Router 6000 R17 Operation and Maintenance
Exercise 4.4,Solution:
Verify port and circuit states
[local]Ericsson# show port 1/7 Slot/Port:Ch:SubCh Type 1/7 ethernet [local]Ericsson# show port 1/8 Slot/Port:Ch:SubCh Type 1/8 ethernet
[local]Ericsson# show circuit 1/15 Circuit Internal Id 1/15 vlan-id 1001 1/2/38 [local]Ericsson# show circuit 1/16 Circuit Internal Id 1/16 vlan-id 1001 1/2/38
State Up State Up
Encap dot1q
State Up
Bound to
Encap dot1q
State Up
Bound to
Question 4.3: What is the state of the ports “1/7” and “1/8”? What is the state of the VLAN 1001 on port “1/15”and port “1/16”? Answer: State of port “1/7”: Up State of port “1/8”: Up the state of port 1/7 and port 1/8 go up after both ports are enabled because they are physically connected. State of VLAN 1001 in port “1/15”: Up Circuit follows state of its parent, port 1/15 State of VLAN 1001 in port “1/16”: Up Circuit follows state of its parent, port 1/16
03815-LZU1082486 Rev A
© Ericsson AB 2017
- 25 -
Router 6000 R17 Operation and Maintenance
Exercise 4.5,Solution:
Configure bindings
Exercise 4.6,Solution: connectivity
Verify binding state and verify
[local]Ericsson# show bindings Circuit State Encaps 1/7 Up ethernet 1/8 Up ethernet
Bind Type interface interface
Bind Name test@XYZ test@ABC
Above command shows list of all bindings in the system. To display only bindings related to specific context execute show binding from that context.
[local]Ericsson# context ABC [ABC]Ericsson# show bindings Circuit State Encaps 1/8 Up ethernet
Bind Type interface
Bind Name test@XYZ
[local]Ericsson# context XYZ [XYZ]Ericsson# ping 1.1.1.2
- 26 -
© Ericsson AB 2017
03815-LZU1082486 Rev A
Router 6000 R17 Operation and Maintenance PING 1.1.1.2 (1.1.1.2): source 1.1.1.1, 36 data bytes, timeout is 1 second !!!!! ----1.1.1.2 PING Statistics---5 packets transmitted, 5 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 0.208/0.316/0.610/0.169 ms
[XYZ]Ericsson# context ABC [ABC]Ericsson# ping 1.1.1.1 PING 1.1.1.1 (1.1.1.1): source 1.1.1.2, 36 data bytes, timeout is 1 second !!!!! ----1.1.1.1 PING Statistics---5 packets transmitted, 5 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 0.208/0.316/0.610/0.169 ms
Question 4.4: What is the state of the binding in the system? Answer: •
State of binding from port “1/7” to interface test context XYZ Up
•
State of binding from port “1/8” to interface test context ABC Up
•
Note! Binding state follows the state of port/circuit from which it is bound.
Exercise 4.7,Solution:
03815-LZU1082486 Rev A
Configure bindings in VLANs
© Ericsson AB 2017
- 27 -
Router 6000 R17 Operation and Maintenance
Exercise 4.8,Solution: connectivity
Verify binding state and verify
[local]Ericsson# show bindings Circuit State Encaps 1/15 vlan-id 1001 Up dot1q 1/16 vlan-id 1001 Up dot1q
Bind Type Bind Name interface test@XYZ interface test@ABC
Above command shows list of all bindings in the system. To display only bindings related to specific context execute show binding from that context.
[local]Ericsson# context ABC [ABC]Ericsson# show bindings Circuit State Encaps 1/16 vlan-id 1001 Up dot1q
Bind Type Bind Name interface test@ABC
[local]Ericsson# context XYZ [XYZ]Ericsson# ping 1.1.1.2 PING 1.1.1.2 (1.1.1.2): source 1.1.1.1, 36 data bytes, timeout is 1 second !!!!! ----1.1.1.2 PING Statistics---5 packets transmitted, 5 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 0.208/0.316/0.610/0.169 ms
[XYZ]Ericsson# context ABC [ABC]Ericsson# ping 1.1.1.1 PING 1.1.1.1 (1.1.1.1): source 1.1.1.2, 36 data bytes, timeout is 1 second !!!!! ----1.1.1.1 PING Statistics---5 packets transmitted, 5 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 0.208/0.316/0.610/0.169 ms
- 28 -
© Ericsson AB 2017
03815-LZU1082486 Rev A
Router 6000 R17 Operation and Maintenance
Question 4.5: What is the state of the binding in the system? Answer: •
State of binding from VLAN 1001 on port “3/9” to interface test context XYZ: Up
•
State of binding from VLAN 1001 on port “3/10” to interface test context ABC: Up
•
Note! Binding state follows the state of port/circuit from which it is bound.
03815-LZU1082486 Rev A
© Ericsson AB 2017
- 29 -
Router 6000 R17 Operation and Maintenance
Exercise 5,Solution: File Management Exercise 5.1,Solution: Transaction Database [local]Train-5# configure [local]Train-5(config)# show transaction TID State Sequence State Information User Comment ----------------------------------------------------------------------1066 Active 1 None ericsson
Question 5.1: For which administrator is this transaction database output? What is the value of “Sequence Comment”? Answer: Administrator: ericsson Sequence Comment: 1 Exercise 5.1, Solution (continued): Transaction Database: [local]Train-5(config)# context ABC [local]Train-5(config-ctx)# interface test2 [local]Train-5(config-if)# show transaction TID State Sequence State Information User Comment ----------------------------------------------------------------------1066
Active ericsson
12
None
Question 5.2: What is the value of “Sequence Comment”? Answer: Sequence Comment: 12 Exercise 5.1, Solution (continued): Transaction Database: [local]Train-5(config-if)# show conf Building configuration... Current configuration:
Display the configuration including config from transaction database
context ABC ! interface lo loopback ip address 100.1.1.1/32 ! interface test ip address 1.1.1.1/24 ! interface test2
- 30 -
© Ericsson AB 2017
03815-LZU1082486 Rev A
Router 6000 R17 Operation and Maintenance
Question 5.3: Which newly entered commands are displayed in the show configuration output? Answer: New commands: (only one command) interface test2 Are these commands applied (committed)?
Yes
No
The command is not applied because you did not enter “commit”. Exercise 5.1, Solution (continued): Transaction Database: [local]Train-5(config-if)# abort Abort clears the Transaction aborted. transaction database [local]Train-5(config)# show transaction TID State Sequence State Information User Comment ----------------------------------------------------------------------------1067 Active 1 None ericsson [local]Train-5(config)# end [local]Train-5#
Question 5.4: What is the value of “Sequence Comment”? Answer: Sequence Comment: 1 Exercise 5.1, Solution (continued): Optional, Transaction Database: [local]Train-5(config-ctx)# show transaction TID State Sequence State Information User Comment ----------------------------------------------------------------------------1129 Active 2 None Currently two admins ericsson configuring and their 1126 Active 15 None transaction databases jun_admin [local]Train-5(config-ctx)#
03815-LZU1082486 Rev A
© Ericsson AB 2017
- 31 -
Router 6000 R17 Operation and Maintenance
Question 5.5: (optional) how many entries are displayed? What is the value of “State User” and “Sequence Comment” for each entry? Answer: Number of entries: 2 TID
State User
Sequence Comment
1129
Active, ericsson
2
1126
Active, jun_admin
15
Both administrators are currently configuring the system. The administrator ericsson has less uncommitted commands then administrator jun_admin.
Exercise 5.2,Solution:
Save configuration
[local]Train-5# save configuration Save to file: ericsson.cfg Target file exists, overwrite? y
Save to default: ericsson.cfg when no filename specified
[local]Train-5# save configuration myfile.cfg [local]Train-5# save configuration /md/myfile.cfg Saving config to md: /md/myfile.cfg...
Save to specified filename & location
[local]Train-5# save configuration scp: Save to remote system //student:@10.1.1.3/tmp/myfile5.cfg Saving config to scp: //student:@10.1.1.3/tmp/myfile5.cfg... running_config_2581 100% |*****************************| 1507 00:00 [local]Train-5#
- 32 -
© Ericsson AB 2017
03815-LZU1082486 Rev A
Router 6000 R17 Operation and Maintenance
Exercise 5.3,Solution: •
List files on /flash and verify the saved configuration files
[local]Train-5# dir Contents of /flash -rw------- 1 root drwxr-xr-x 4 root -rw-r--r-- 1 root -rw-r--r-- 1 root -rw-r--r-- 1 root
•
File Management Commands
/flash 0 0 0 0 0
79 512 1507 3659 1507
List file on flash Dec Oct Dec Dec Dec
19 30 21 21 21
06:37 06:46 14:43 14:42 14:42
buf eps myfile.cfg ericsson.bin ericsson.cfg
Verify earlier saved configuration files
List files on /md and verify the saved configuration files
[local]Train-5# dir Contents of /md -rw-r--r-- 1 root -rw-r--r-- 1 root -rw-r--r-- 1 root -rw-r--r-- 1 root
/md 0 0 0 0
List file on md 92843 727 1507 16777216
Nov 2 06:36 loggd_startup_slot.log Nov 15 2010 mgt.cfg Verify earlier saved Dec 21 14:44 myfile.cfg Dec 19 05:38 rtdb.sav configuration files
• Rename the configuration file /flash/myfile.cfg to /flash/myfile2.cfg and verify that (with dir). •
Copy from /md/myfile.cfg to /flsh/myfile.cfg and verify
[local]Train-5# rename myfile.cfg myfile2.cfg
Rename and copy
[local]Train-5# copy /md/myfile.cfg myfile.cfg copying from md:/md/myfile.cfg to local:myfile.cfg...
•
Verify:
[local]Train-5# dir Contents of /flash/ -rw-r--r-- 1 root -rw-r--r-- 1 root -rw-r--r-- 1 root -rw-r--r-- 1 root drwxrwxrwx 3 root
•
List file on flash 0 0 0 0 0
1507 1507 3659 1507 512
Dec Dec Dec Dec Oct
21 21 21 21 14
14:52 14:43 14:42 14:42 02:46
myfile.cfg myfile2.cfg ericsson.bin ericsson.cfg security
Verify earlier saved configuration files
Delete /flash/myfile2.cfg
[local]Train-5# delete myfile2.cfg Are you sure you want to delete myfile2.cfg ?y [local]Train-5#
Delete config files
• Optional: Copy the file /tmp/myfileX.cfg (X = your group number) from external system to the flash and verify.
03815-LZU1082486 Rev A
© Ericsson AB 2017
- 33 -
Router 6000 R17 Operation and Maintenance
Backup to external system [local]Train-5# copy scp: //[email protected]/tmp/myfile5.cfg . Target file exists, overwrite? y copying from scp://[email protected]/tmp/myfile5.cfg to local:./myfile5.cfg... [email protected]'s password: myfile5.cfg 100% |*****************************| 1507 00:00
• Manually Edit “myfile.cfg” by adding a new interface “test” in context local (no IP address required) and backup to external server Start editing the file
[local]Train-5# edit myfile.cfg ! ! context local ! no ip domain-lookup ! interface management ip address 10.1.1.105/24 logging console
Press “i” key Enter text Press “escape” key
interface test ! enable encrypted 1 $1$........$4qhlVuh2HDOCu/EbYfbM6. ! ! administrator redback encrypted 1 $1$........$4qhlVuh2HDOCu/EbYfbM6. privilege start 15
Press ”:w” Press “:q”
! :w :q
[local]Train-5# copy myfile.cfg scp: //[email protected]/tmp/myfile5.cfg copying from local:myfile.cfg to scp://[email protected]/tmp/myfile5.cfg... [email protected]'s password: myfile.cfg 100% 5987 5.9KB/s Backup 00:00 [local]Train-5#
the file to the external server
Exercise 5.4,Solution: configuration
Optional: Start system with empty
[local]Train-5# sh conf | grep boot [local]Train-5# del ericsson.cfg Are you sure you want to delete ericsson.cfg ?y [local]Train-5# del ericsson.bin Are you sure you want to delete ericsson.bin ?y
No boot parameter Del default config files
Backup config [local]Train-5# save configuration myfile.cfg Save to file: myfile.cfg Target file exists, overwrite? y Reload system [local]Train-5# reload The "reload" command will reboot all cards on this system Do you really want to reload? (y/n) y Start to reload system ... Connection closed by foreign host.
- 34 -
© Ericsson AB 2017
03815-LZU1082486 Rev A
Router 6000 R17 Operation and Maintenance
Exercise 5.5,Solution:
Optional: Load configuration System default
[local]Ericsson> enable Load config from flash [local]Ericsson# configure myfile.cfg Dec 21 15:30:44: %CSM-6-CARD: Card in slot 3 entering In Service state. --- cut --Configuration complete [local]Train-5# configure /md/myfile.cfg Configuration complete % Configuration file processing took: 0 seconds
Load config from /md
Load config from /md
[local]Train-5# configure scp: //[email protected]/tmp/myfile5.cfg [email protected]'s password: myfile5.cfg 100% |*****************************| 1507
00:00
Configuration complete % Configuration file processing took: 0 seconds [local]Train-5#
03815-LZU1082486 Rev A
© Ericsson AB 2017
- 35 -
Router 6000 R17 Operation and Maintenance
Exercise 6,Solution:
Software Upgrade
Exercise 6.1,Solution: Software backup - Preparation •
Backup your configuration:
[local]Train-1# save configuration backup_2017_May17.cfg [local]Train-1#
•
You can also save the configuration to an external device/server:
local]Train-1#save configuration sftp: //[email protected]/backup_2017_May17.cfg Saving config to sftp: //[email protected]/backup_2017_May17.cfg... The authenticity of host '10.69.78.33 (10.69.78.33)' can't be established. RSA key fingerprint is SHA256:eE4vA8aFwYxGqf0hYMJpQAst7ao6UogpLS7s8F+SBk0. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '10.69.78.33' (RSA) to the list of known hosts. [email protected]'s password: sftp> put /var/run/running_config_3405 backup_2017_May17.cfg [local]Train-1# [local]Train-1#
Exercise 6.2,Solution: Step 1 – Ensure your system is ready to upgrade •
Verify the location (path) and the name of the software image files on the ftp or ssh server and fill out in the table below.
C:\Users\selnre066usr05>ftp 10.69.78.97 Connected to 10.69.78.97. 220 (vsFTPd 2.2.2) User (10.69.78.97:(none)): student 331 Please specify the password. Password: 230 Login successful. ftp> ls -l /images/16A 200 PORT command successful. Consider using PASV. 150 Here comes the directory listing. -rw-r--r-1 0 0 541424314 Feb 28 08:07 CXP9027695_1-R1K.zip -rw-r--r-1 0 0 274092763 Jul 04 2016 CXP9027695_1-R1K02_3692_SF-RP-P1S.tar.gz -rw-r--r-1 0 0 270580038 Jul 04 2016 CXP9027695_1-R1K02_3692_SF-RP-P1S_NMS.zip -rw-r--r-1 0 0 97221 Jul 04 2016 Router_6672_16A-_Release_Notes.pdf 226 Directory send OK. ftp> ls -l /images/17A 200 PORT command successful. Consider using PASV. 150 Here comes the directory listing. -rw-r--r-1 775 0 239517262 Feb 23 11:21 CXP9027695_1-R2D01_9999_SF-RP-P1S.tar.gz -rw-r--r-1 775 0 236669602 Feb 23 11:23 CXP9027695_1-R2D01_9999_SF-RP-P1S_NMS.zip 226 Directory send OK. ftp: 199 bytes received in 0,00Seconds 199000,00Kbytes/sec. ftp>
•
Use the command “show version” to verify your current version. [local]Train-1#show version
- 36 -
© Ericsson AB 2017
03815-LZU1082486 Rev A
Router 6000 R17 Operation and Maintenance Ericsson IPOS Version IPOS-16.2.0.0-23Jun02:14:542016-spradmin Built by spradmin@eselnblx1044 Thu Jun 23 02:14:54 CEST 2016 Copyright (C) 1998-2016, Ericsson AB. All rights reserved. Operating System version is Linux 3.14.65-mvista System Bootstrap version is CXC1738377_1-R1E01(K0000I0000) There is no minikernel currently installed Minimal Key Revision is 0, images have 0 Minimal Security Revision is 0, images have 0 Kernel version is Linux-3.14-CXC1738378_1-R1K01(K0000I0000) APP version is CXC 173 8380/1-R1K02_3692 Golden Bootstrap version is CXC1738377_1-R1E01(KFFFFIFFFF) Golden SBI version is CXC1738587_1-R1E01 Primary SBI version is CXC1738587_1-R1E01(K0000I0000) FPGA version is CXC 173 8286/1 -R1C03 CPLD version is CXC 173 8076/2-R1C01 twamp-fabl Version IPOS-16.2.0.0-23Jun02:16:182016-spradmin Built by spradmin@eselnblx1044 Thu Jun 23 02:16:18 CEST 2016 Copyright (C) 1998-2016, Ericsson AB. All rights reserved. pppd Version IPOS-16.2.0.0-23Jun02:12:342016-spradmin Built by spradmin@eselnblx1044 Thu Jun 23 02:12:34 CEST 2016 Copyright (C) 1998-2016, Ericsson AB. All rights reserved. ldpd Version IPOS-16.2.0.0-23Jun02:15:342016-spradmin Built by spradmin@eselnblx1044 Thu Jun 23 02:15:34 CEST 2016 Copyright (C) 1998-2016, Ericsson AB. All rights reserved. statd Version IPOS-16.2.0.0-23Jun02:12:352016-spradmin Built by spradmin@eselnblx1044 Thu Jun 23 02:12:35 CEST 2016 Copyright (C) 1998-2016, Ericsson AB. All rights reserved. plat-fabl Version IPOS-16.2.0.0-23Jun02:16:092016-spradmin Ericsson IPOS Version IPOS-15.2.129.1.127-Release Built by [email protected] Tue Sep 1 21:16:02 PDT 2015 Copyright (C) 1998-2015, Ericsson AB. All rights reserved. Operating System version is Linux 3.0.75-1281-gd853cba System Bootstrap version is OpenFirmware 3.0.2.28 PRODUCTION RELEASE Installed minikernel version is v3.0.49-952-g3800651-0590350 ippmd / mloam-service-layer component version: 0.2-194-gf6ac77e Built by [email protected] Tue Jan 13 00:36:02 PST 2015 Copyright (C) 1998-2015, Ericsson AB. All rights reserved. Router Up Time - 5 days, 22 hours 16 minutes 15 seconds [local]Train-1#
03815-LZU1082486 Rev A
© Ericsson AB 2017
- 37 -
Router 6000 R17 Operation and Maintenance
Fill out the table: Note! You may have other results on your system. From Current Version on my system (show version)
Image type
Ericsson IPOS
IPOS- 16.2.0.
To Version and filename to upgrade (on ftp/ssh server) Path: /images
Version: 16.4 Filename: CXP9027695_1-R2D01_9999_SF-RP-P1S.tar.gz
Note! There may be a different version installed in your system.
Exercise 6.3,Solution: Step 2 – Install the New Ericsson IPOS Release [local]Train-1# show release Installed releases: p01: active (will be booted after next reload) ---------------------------------------------Version SPR2-CXP9027695_1-R1K02_3692-Release Built on Thu Jun 23 02:20:54 CEST 2016 Copyright (C) 1998-2016, Ericsson AB. All rights reserved.
p02: alternate -------------Nothing installed [local]Train-1#
• • •
Partition
Active / Alternate
IPOS Release version
P01
Active
IPOS-16.2.0.
P02
Alternate
Nothing installed
Note! You may see a software image in the alternate partition. It will be erased during the installation. Note! On your system P02 may be the active partition and P01 may be the alternate. There may be other versions installed in your system.
[local]Train-1# release download sftp: //[email protected]//images/17A/ CXP9027695_1-R2D01_9999_SF-RP-P1S.tar.gz password: ??????
- 38 -
© Ericsson AB 2017
03815-LZU1082486 Rev A
Router 6000 R17 Operation and Maintenance Installing from [email protected]:/images/17A/CXP9027695_1R2D01_9999_SF-RP-P1S.tar.gz [email protected]'s password: Connected to 10.69.78.33. ###################################################### Installation completed successfully. [local]Train-1#
[local]Train-1# show release Installed releases: p02: active (will be booted after next reload) ---------------------------------------------Version SPR2-CXP9027695_1-R2D01_9999-Release Built on Mon Dec 12 19:37:53 CET 2016 Copyright (C) 1998-2016, Ericsson AB. All rights reserved.
p01: alternate -------------Version SPR2-CXP9027695_1-R2D01_9999-Release Built on Mon Dec 12 19:37:53 CET 2016 Copyright (C) 1998-2016, Ericsson AB. All rights reserved. [local]Train-1#
[local]Train-1# release upgrade Do you want to save the current configuration? (y/n) y Enter URL for configuration to be saved to: ericcson.cfg
Version SPR2-CXP9027695_1-R1K02_3692-Release Built on Thu Jun 23 02:20:54 CEST 2016 Copyright (C) 1998-2016, Ericsson AB. All rights reserved.
Are you sure you wish to continue? (y/n) y WARNING: Upgrade in progress.. DO NOT POWERCYCLE Setting boot partition to "alternate"... upgrading is done, reload chassis The "reload" command will reboot all cards on this system Start to reload system ...
After about 15 minutes: [local]Train-1# show version Ericsson IPOS Version IPOS-16.4.0.0-12Dec19:35:222016-spradmin Built by spradmin@eselnblx1041 Mon Dec 12 19:35:22 CET 2016 Copyright (C) 1998-2016, Ericsson AB. All rights reserved. Operating System version is Linux 3.14.65-mvista System Bootstrap version is CXC1738377_1-R2B01(K0000I0000) There is no minikernel currently installed Minimal Key Revision is 0, images have 0 Minimal Security Revision is 0, images have 0
03815-LZU1082486 Rev A
© Ericsson AB 2017
- 39 -
Router 6000 R17 Operation and Maintenance Kernel version is Linux-3.14-CXC1738378_1-R2B01(K0000I0000) Golden Bootstrap version is CXC1738377_1-R1E01(KFFFFIFFFF) Golden SBI version is CXC1738587_1-R1E01 Primary SBI version is CXC1738587_1-R2B01(K0000I0000) FPGA version is CXC 173 8286/1 -R2A06 CPLD version is CXC 173 8076/2-R1C01 ----output omitted--------More-pnsd Version IPOS-16.4.0.0-12Dec19:35:232016-spradmin Built by spradmin@eselnblx1033 Mon Dec 12 19:35:23 CET 2016 Copyright (C) 1998-2016, Ericsson AB. All rights reserved. Router Up Time - 5 days, 23 hours 14 minutes 12 seconds [local]Train-1#
Exercise 6.4,Solution: Step 3 – Verify system state [local]Train-1# show version Ericsson IPOS Version IPOS-16.4.0.0-12Dec19:35:222016-spradmin Built by spradmin@eselnblx1041 Mon Dec 12 19:35:22 CET 2016 Copyright (C) 1998-2016, Ericsson AB. All rights reserved. Operating System version is Linux 3.14.65-mvista System Bootstrap version is CXC1738377_1-R2B01(K0000I0000) There is no minikernel currently installed Minimal Key Revision is 0, images have 0 Minimal Security Revision is 0, images have 0 Kernel version is Linux-3.14-CXC1738378_1-R2B01(K0000I0000) Golden Bootstrap version is CXC1738377_1-R1E01(KFFFFIFFFF) Golden SBI version is CXC1738587_1-R1E01 Primary SBI version is CXC1738587_1-R2B01(K0000I0000) FPGA version is CXC 173 8286/1 -R2A06 CPLD version is CXC 173 8076/2-R1C01 ----output omitted--------More-pnsd Version IPOS-16.4.0.0-12Dec19:35:232016-spradmin Built by spradmin@eselnblx1033 Mon Dec 12 19:35:23 CET 2016 Copyright (C) 1998-2016, Ericsson AB. All rights reserved. Router Up Time - 5 days, 23 hours 14 minutes 12 seconds [local]Train-1#
[local]Train-1#show chassis Current platform is Router6672 (Flags: A-Active Card B-Standby Card) Slot : Configured Type Installed Type Operational State Flags -------------------------------------------------------------------------RPFP : n/a rp IS A 1 : lc-1-10ge-20-8-port lc-1-10ge-20-8-port IS [local]Train-1#
- 40 -
© Ericsson AB 2017
03815-LZU1082486 Rev A
Router 6000 R17 Operation and Maintenance
Exercise 7,Solution:
Hardware components
Exercise 7.1,Solution: Verify hardware components [local]Train-4# show hardware ? backplane Display backplane hardware information card Display hardware information for a specific card daughter-card Display daughter-card hardware information detail Display detail hardware information for all cards fantray Display fantray hardware information power-module Display power-module hardware information thermal Display hardware thermal information for all cards | Output Modifiers
[local]Train-4# [local]Train-4# show hardware fantray detail Slot : FT Type Product No : BKV106189/1 Serial No Hardware Rev : R1B Mfg Date EEPROM id/ver : 0x20/1 Vendor Name Card Temp Status : Normal Hardware Status : OK POD Status FT status : RUNNING Fan 1 speed : 5400 rpm Fan 2 speed Fan 3 speed : 5400 rpm Fan 4 speed Operation LED : On Fault LED Active Alarms : NONE
: : : :
fan CE51001HCV 19-MAY-2016 AVC
: Passed : 5400 rpm : 5400 rpm : Off
[local]Train-4#
03815-LZU1082486 Rev A
© Ericsson AB 2017
- 41 -
Router 6000 R17 Operation and Maintenance
[local]Train-4# show hardware power-module detail Slot : PM Type Product No : BML 901 371/1 Serial No Mfg Date Hardware Rev : R1B/A Vendor Name : DELTA Hardware Status : OK POD Status Active Alarms : NONE
: pm-dc : BW93501065 : 17-AUG-2016 : Passed
[local]Train-4#
[local]Train-4# show hardware thermal Slot Type Inlet Temp ----- -------------------- --------------1 lc-1-10ge-20-8-port Normal (40 C) RPFP rp Normal (40 C) PM pm-dc Normal (36 C) [local]Train-4#
Card Temp Status ---------------Normal Normal Normal
[local]Train-4# show hardware card ? 1..1 Slot number RPFP1..RPFP1 Slot number [local]Train-4# [local]Train-4# show hardware card RPFP1 detail Slot : RPFP Type Product No : BFD101131/1 Serial No Hardware Rev : R1D Mfg Date Vendor Name : Activated Time : 20 h Fpga : CXC 173 8286/1 -R1C03 Voltage 1.000V : 0.999 (-0%) Voltage 3.300V Voltage 3.300V : 3.315 (+0%) Voltage 3.300V Voltage 3.300V : 3.299 (-0%) Voltage 1.800V Voltage 1.800V : 1.804 (+0%) Voltage 1.200V Voltage 3.300V : 3.299 (-0%) Voltage 2.000V Voltage 1.500V : 1.501 (+0%) Voltage 2.500V Voltage 3.300V : 3.302 (+0%) Voltage 0.975V Voltage 1.000V : 1.000 (+0%) Voltage 1.000V Voltage 1.000V : 0.996 (-0%) Voltage 5.125V Voltage 1.000V : 1.003 (+0%) Voltage 1.000V Voltage 1.500V : 1.505 (+0%) Voltage 1.000V Inlet Temp : Normal (40 C) Card Temp Status Payload Status : OK POD Status Last Payld Reset Active Alarms
: rp : TU8SA01283 : 12-SEP-2016
: : : : : : : : : : : : :
3.310 (+0%) 3.305 (+0%) 1.791 (-0%) 1.195 (-0%) 2.006 (+0%) 2.500 (+0%) 1.005 (+3%) 1.001 (+0%) 5.190 (+1%) 0.960 (-4%) 0.991 (-1%) Normal Passed
: N/A : NONE
[local]Train-4#
- 42 -
© Ericsson AB 2017
03815-LZU1082486 Rev A
Router 6000 R17 Operation and Maintenance [local]Train-4# show hardware card 1 detail Slot : 1 Type Product No : BFD101131/1 Serial No Hardware Rev : R1D Mfg Date Vendor Name : Activated Time : 21 h Payload Status : OK POD Status
: lc-1-10ge-20-8-port : TU8SA01283 : 12-SEP-2016
: Passed
Last Payld Reset Active Alarms
: N/A : NONE
Port CLEI code SFP Serial No ........
: 1 : IPUIBK62AA : PWD13QF
SFP / Media Type Ericsson Approved
: T / Cat5 : No
Port CLEI code SFP Serial No Wavelength TxPwrMin[dbm] RxPwrMin[dbm]
: : : : : :
SFP+ / Media Type Ericsson Approved
: SR / MM : No
TxPwrMax[dbm] RxPwrMax[dbm]
: 1.50 : 2.00
9 155009100128 850.00[nm] -7.00 -13.10
[local]Train-4# sh port ? all show all ports including unconfigured ports bvi Display port BVI information counters show port counters detail show detailed information management Display controller card management port information slot/port Specify slot and port synchronous-mode show port synchronization information transceiver show port transceiver information | Output Modifiers
[local]Train-4# [local]Train-4# show port transceiver Port SFP / Media Type Ericsson Approved Diagnostic Monitoring CLEI code Serial Number Wavelength Additional Features Power Level
: : : : : : : : :
1/4 T / Cat5 NO NO IPUIBK62AA PWD14GC N/A None Normal
[local]Train-4# sh port 1/7 detail ethernet 1/7 state is Up Description : Port circuit : 1/7:511:63:31/1/0/6 Link state : Up Last link state change : Jun 20 15:08:48.947 Line state : Up Admin state : Up Port Type : 1ge ...... Loopback : off SFP Transceiver Status Additional Features : None Diag Monitor : NO Port Alarms : Inserted Transceiver not supported in port Last line state down : Jun 20 15:08:46.497 Trigger faults : NONE [local]Train-4#
03815-LZU1082486 Rev A
© Ericsson AB 2017
- 43 -
Router 6000 R17 Operation and Maintenance
[local]Train-4# show hardware backplane detail Slot : N/A Type backplane Product No : ROA1286101 Serial No Hardware Rev : N/A Mfg Date Vendor Name : MAC Address : ac:60:b6:aa:e4:ee Latest Inv Time : 2017-06-19 17:42:15 Fault LED Operation LED : On Status LED : On Active/Standby LED Chassis Type : Router6672 Active Alarms : N/A
: : N/A : N/A
: Off : On
[local]Train-4# [local]Train-4# show port management detail | grep MAC MAC address : ac:60:b6:aa:e4:ee [local]Train-4#
What are the current state of the LEDs? Answer: From following output:
•
Fault LED state: Off
•
Operational LED state: On
•
Active/standby LED state: On
•
Status LED state: On it means we have at least one major or critical level alarm
Exercise 7.2,Solution: Verify system alarms
- 44 -
© Ericsson AB 2017
03815-LZU1082486 Rev A
Router 6000 R17 Operation and Maintenance [local]Train-4# show system alarm Index Timestamp Source Severity Alarm ID/Type Description ----------------------------------------------------------------------------8 2017-06-20 10:26:08 port 1/4 Minor 3188851748 Inserted Transceiver not supported in port 7 2017-06-20 04:43:34 port 1/16 Minor 3188851748 Inserted Transceiver not supported in port 6 2017-06-20 04:41:51 port 1/15 Minor 3188851748 Inserted Transceiver not supported in port 5 2017-06-20 04:38:39 port 1/8 Minor 3188851748 Inserted Transceiver not supported in port 4 2017-06-20 04:38:39 port 1/7 Minor 3188851748 Inserted Transceiver not supported in port 3 2017-06-19 17:41:53 Lm Major 393216 License Management, Emergency Unlock Reset Key Required [local]Train-4#
[local]Train-4# sh system alarm Index Timestamp Source Severity Alarm ID/Type Description -----------------------------------------------------------------------------9 2017-06-20 14:53:35 port 1/7 Major 3188851713 Link down 10 2017-06-20 14:53:35 port 1/8 Major 3188851713 Link down 11 2017-06-20 14:53:35 port 1/15 Major 3188851713
Transceiver alarms are minor and indicate that these are not Ericsson supported. But these will operate. Licensing alarm indicate that licensing key need to be refreshed or installed, or in worst case emergency unlock should be activated. Port alarms indicate that some ports are shutdown, either by administrator (which is true in this case) or because of an hardware issue (cable, opposite port down, transceiver ...).
Exercise 7.3,Solution: Verify installed/configured line cards [local]Train-1#show chassis Current platform is Router6672 (Flags: A-Active Card B-Standby Card) Slot : Configured Type Installed Type Operational State Flags ------------------------------------------------------------------------RPFP : n/a rp IS A 1 : none lc-1-10ge-20-8-port OOS-NotActivated [local]Train-1#
Note! In router 6672 the line cards are in IS state by default. We shut down the card manually just to show the out of service state.
Exercise 7.4,Solution: Configure line cards: [local]Train-1#config
03815-LZU1082486 Rev A
© Ericsson AB 2017
- 45 -
Router 6000 R17 Operation and Maintenance Enter configuration commands, one per line, 'end' to exit [local]Train-1(config)#card lc-1-10ge-20-8-port 1 [local]Train-1(config-card)#commit Transaction committed. [local]Train-1(config-card)#end [local]Train-1#
Exercise 7.5,Solution: Verify installed/configured line cards [local]Train-1#show chassis Current platform is Router6672 (Flags: A-Active Card B-Standby Card) Slot : Configured Type Installed Type Operational State Flags -------------------------------------------------------------------------RPFP : n/a rp IS A 1 : lc-1-10ge-20-8-port lc-1-10ge-20-8-port IS [local]Train-1#
Exercise 7.6,Solution: Verify system storage and memory [local]Train-4# Filesystem ubi1:rootfs ubi0_0 ubi2_0 ubi3_0 [local]Train-4#
show disk Size Used Avail Use% Mounted on 454M 342M 113M 76% / 454M 296M 159M 66% /p01 101M 2.7M 94M 3% /flash 751M 55M 692M 8% /md
[local]Train-4# mount /media/flash
P02 (Active)
P01 (Alternate)
IPOS.tar.gz
/flash Configuration files
md logs / debug
/media/flash IPOS.tar.gz
[local]Train-4# show memory Memory: Total 4084364k, Used 2185408k, Free 1898956k, Reserved 0k [local]Train-4#
- 46 -
© Ericsson AB 2017
03815-LZU1082486 Rev A
Router 6000 R17 Operation and Maintenance
Exercise 8,Solution: (POD)
Power on Diagnostics
Exercise 8.1,Solution: Verify the POD results [local]Train-1#show diag pod Slot: Card Type Serial No ------ ------------------ --------------FT: fan TU8SA01281 PM: pm-dc TU8SA01281 RPFP: rp TU8SA01281 1: lc-1-10ge-20-8-port TU8SA01281 [local]Train-1#
Chassis Id --------------TU8SA01281 TU8SA01281 TU8SA01281 TU8SA01281
Status ---------Passed Passed Passed Passed
Setting --------Disabled Disabled Disabled Disabled
Chassis Id
Status
Setting
[local]Train-1#show diag pod FT1 Slot: Card Type
Serial No
------ ------------------ --------------- --------------- ---------- --------FT: fan [local]Train-1#
TU8SA01281
TU8SA01281
Passed
Disabled
[local]Train-1#show diag pod ft1 detail Slot: Card Type Serial No Chassis Id Status Setting ------ ------------------ --------------- --------------- ---------- --------FT: fan TU8SA01281 TU8SA01281 Passed Disabled POD: Slot Number Card Type Serial Number Chassis Id Test Level Start Time Status
: : : : : : :
FT fan TU8SA01281 TU8SA01281 1 10:20:06 05/18/2017 (CET) Passed
FANTRAY basic test
: Passed
Test Failure Details: No Test Failure Details [local]Train-1#
[local]Train-1#show diag pod pm1 detail Slot: Card Type Serial No Chassis Id Status Setting ------ ------------------ --------------- --------------- ---------- --------PM: pm-dc TU8SA01281 TU8SA01281 Passed Disabled POD: Slot Number Card Type Serial Number
03815-LZU1082486 Rev A
: PM : pm-dc : TU8SA01281
© Ericsson AB 2017
- 47 -
Router 6000 R17 Operation and Maintenance Chassis Id Test Level Start Time Status
: : : :
TU8SA01281 1 10:20:06 05/18/2017 (CET) Passed
PM
: Passed
Test Failure Details: No Test Failure Details [local]Train-1#
[local]Train-1#show diag pod card 1 Slot: Card Type Serial No Chassis Id Status Setting ------ ------------------ --------------- --------------- ---------- --------1: lc-1-10ge-20-8-port TU8SA01281 TU8SA01281 Passed Disabled [local]Train-1#
[local]Train-1#show diag pod card 1 detail Slot: Card Type Serial No Chassis Id Status Setting ------ ------------------ --------------- --------------- ---------- --------1: lc-1-10ge-20-8-port TU8SA01281 TU8SA01281 Passed Disabled POST: POD: Slot Number Card Type Serial Number Chassis Id Test Level Start Time Status
: : : : : : :
1 lc-1-10ge-20-8-port TU8SA01281 TU8SA01281 1 10:20:06 05/18/2017 (CET) Passed
LC
: Passed
Test Failure Details: No Test Failure Details [local]Train-1#
- 48 -
© Ericsson AB 2017
03815-LZU1082486 Rev A
Router 6000 R17 Operation and Maintenance
Exercise 9,Solution: System Processes Exercise 9.1,Solution: Create a manual coredump: •
Disable process Heartbeat:
[local]Train-1# process set heart-beat off
•
Create a core dump (after core dump the process will be restarted):
[local]Train-1# process coredump ppp Please turn on heart-beat once coredump is complete. [local]Train-1#
Note! “process coredump ppp no-restart” command depend on the version of IPOS. •
Wait for coredump to complete and check the process:
[local]Train-1# show process ppp NAME PID SPAWN MEMORY ppp 31007 2 9016K [local]Train-1#
•
TIME 00:00:00.02
%CPU 0.00%
STATE run
UP/DOWN 00:01:19
Enable the heartbeat again (only when no-restart has been used)
[local]Train-1# process set heart-beat on
•
See the core dump file in /md
[local]Train-1# show crashfiles | grep ppp -rw-rw---- 1 root siara 1030150 May 18 12:11 /md/20170518_121116_pppd.7174.1495102276.Train-1.core.gz
[local]Train-1#
OR : [local]Train-1# dir /md/*ppp* Contents of /md/*ppp* -rw-rw---- 1 root siara 1030855 May 18 12:09 /md/20170518_120910_pppd.1896.1495102149.selnre066rtr02.core.gz [local]Train-1#
Exercise 9.2,Solution: Search for high load processes: •
Processes claiming more than 20%:
[local]Train-1# show conf sh_proc | grep option '-E' '[2-9][0-9]{1,2}\...%' ism 454 1 18280K 00:00:11.96 32.00% run 13:48:30 ppp 473 1 4364K 00:00:08.36 23.00% run 13:48:22
•
Processes claiming any CPU resources:
[local]Train-1# show conf sh_proc | grep option '-E' '[1-9][0-9]{0,2}\...%' ism 454 1 18280K 00:00:11.96 32.00% run 13:48:30 rib 458 1 4540K 00:00:10.35 10.00% run 13:48:28 lm 466 1 4592K 00:00:07.74 12.00% run 13:48:25
03815-LZU1082486 Rev A
© Ericsson AB 2017
- 49 -
Router 6000 R17 Operation and Maintenance ppp aaad
473 480
1 1
4364K 6932K
00:00:08.36 00:00:15.83
23.00% 7.00%
run run
13:48:22 13:48:18
OR [local]Train-1# show conf sh_proc | grep option '-E -v' ' {1,3}0\...%' ism 454 1 18280K 00:00:11.96 32.00% run 13:48:30 rib 458 1 4540K 00:00:10.35 10.00% run 13:48:28 lm 466 1 4592K 00:00:07.74 12.00% run 13:48:25 ppp 473 1 4364K 00:00:08.36 23.00% run 13:48:22 aaad 480 1 6932K 00:00:15.83 7.00% run 13:48:18
•
Processes which restarted more than once:
[local]Train-1# show conf sh_proc | grep option '-E' '^.{26}[2-9]' rcm 453 3 14060K 00:00:14.27 0.00% run dlm 488 2 6828K 00:00:07.17 0.00% run l2tp 482 3 4656K 00:00:33.39 0.00% run [local]Train-1#
- 50 -
© Ericsson AB 2017
13:48:31 13:42:18 13:48:16
03815-LZU1082486 Rev A
Router 6000 R17 Operation and Maintenance
Exercise 10,Solution: Service Configuration Exercise 10.1,Solution: Configure the topology for telnet test: Following configuration is for group 1: configure context local administrator albert password Alber_1 service multiple-contexts !--------------------------------context xyz interface 2 ip address 10.69.76.241/28 administrator bob password Bob_1234 enable pass Bob_1234 port eth 1/1 no shutdown encapsulation dot1q dot1q pvc 1651 bind interface 2 G1_xyz
[local]Train-1#cont xyz [xyz]Train-1#sh ip interface brief Sat Mar 25 08:33:39 2017 Name Address 2 10.69.76.241/28 [xyz]Train-1# [xyz]Train-1#sh bindings Circuit
State Encaps
Bind Type
Bind Name
1/1 vlan-id 1651
Up
interface
2@G1_xyz
MTU 1500
dot1q
State Up
Bindings dot1q 1/1 vlan-id 1651
Summary: total: 1 up: 1 down: 0 bound: 1 unbound: 0 auth: 0 interface: 1 subscriber: 0 bypass: 0 no-bind: 0 atm: 0 chdlc: 0 dot1q: 1 ether: 0 fr: 0 gre: 0 mpls: 0 ppp: 0 pppoe: 0 clips: 0 vpls: 0 ipip: 0 ipsec: 0 ipv6v4-man: 0 ipv6v4-auto: 0 [xyz]Train-1#ping 10.69.76.253 PING 10.69.76.253 (10.69.76.253): source 10.69.76.241, 36 data bytes, timeout is 1 second !!!!! ----10.69.76.253 PING Statistics---5 packets transmitted, 5 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 0.808/2.349/8.353/3.356 ms [xyz]Train-1#
03815-LZU1082486 Rev A
© Ericsson AB 2017
- 51 -
Router 6000 R17 Operation and Maintenance
Exercise 10.2,Solution: Verifying telnet through context local Telnet to 10.69.78.2X you configured earlier with admin account “bob@xyz”. (here group 1) login as: bob@G1_xyz bob@[email protected]'s password: Bob_1234 Hello from Router 6672 Copyright (c) 2016 Ericsson AB. All rights reserved. [xyz]Train-1> enable Password:Bob_1234 [xyz]Train-1# configure ^ % Invalid input at '^' marker [xyz]Train-1# [xyz]Train-1# show config context local Cannot access other context information [xyz]Train-1# [xyz]Train-1# exit
Question 10.1: Answer the following: •
Which context allowed telnet access to the system and which IP interface was used? Answer: Context local allowed telnet access through its IP interface “management”, 10.69.78.2X.
•
Which context authenticated the administrator bob? Answer: Authentication is done by context xyz. Note! After system access, authentication can be passed to another context based on structured username: bob@xyz.
•
Why can’t bob enter configuration mode? Answer: Administrator bob is created in context xyz which is nonlocal context. Administrator bob is a guest admin and does not have configuration privilege.
- 52 -
© Ericsson AB 2017
03815-LZU1082486 Rev A
Router 6000 R17 Operation and Maintenance
Exercise 10.3,Solution: Verifying telnet through context xyz login as: student Using keyboard-interactive authentication. Password: [student@ssh1-gothenburg-1] ~ $ [student@selnre066srv02 ~]$ ping 10.69.76.241 PING 10.69.76.241 (10.69.76.241) 56(84) bytes of data. 64 bytes from 10.69.76.241: icmp_seq=1 ttl=254 time=2.03 ms 64 bytes from 10.69.76.241: icmp_seq=2 ttl=254 time=0.976 ms --- 10.69.76.241 ping statistics --2 packets transmitted, 2 received, 0% packet loss, time 1582ms rtt min/avg/max/mdev = 0.976/1.504/2.033/0.529 ms [student@selnre066srv02 ~]$ telnet 10.69.76.241 Trying 10.69.76.241... telnet: Unable to connect to remote host: Operation timed out
Question 10.2: Answer the following: •
Which context allowed or rejected telnet access to the system and which IP interface was used? Answer: Context name: xyz, Target IP address: 10.69.76.241
•
Which context authenticated the administrator bob? Answer: Context name: none, the authentication was not done!
•
Explain the result: Answer: Telnet service is by default disabled in non-local context, xyz in this case. Telnet was rejected by context xyz.
Exercise 10.4,Solution: Configure telnet service server configure context xyz service telnet server commit
03815-LZU1082486 Rev A
© Ericsson AB 2017
- 53 -
Router 6000 R17 Operation and Maintenance
Exercise 10.5,Solution: Verifying telnet service server again [student@selnre066srv02 ~]$ telnet 10.69.76.241 Trying 10.69.76.241... Connected to 10.69.76.241. Escape character is '^]'. login: bob@xyz Password:Bob_1234 Hello from Router 6672 Copyright (c) 2016 Ericsson AB. All rights reserved. [xyz]Train-5>enable Password:Bob_1234 [xyz]Train-1# [xyz]Train-1# configure ^ % Invalid input at '^' marker [xyz]Train-1#exit Connection closed by foreign host. [student@selnre066srv02 ~]$ [student@selnre066srv02 ~]$ telnet 10.69.76.241 Trying 10.69.76.241... Connected to 10.69.76.241. Escape character is '^]'. login: albert@local Password:Albert_1 Hello from Router 6672 Copyright (c) 2016 Ericsson AB. All rights reserved. [local]Train-5>enable Password:ericsson [local]Train-5# [local]Train-4# configure Enter configuration commands, one per line, 'end' to exit [local]Train-4(config)#
Question 10.3: Answer the following: Which context allowed telnet access to the system and which IP interface was used? Answer: Context name: xyz, Target IP address: 10.69.76.241
- 54 -
© Ericsson AB 2017
03815-LZU1082486 Rev A
Router 6000 R17 Operation and Maintenance
•
What difference in privileges are given when logged in as bob@xyz compared to albert@local? Why? Answer: Administrator bob was created in context xyz which is non-local context. Administrator bob is a guest admin and does not have configuration privilege. Administrator albert@local has full privileges and administrator bob@abc has limited privileges.
•
What is the default setting for Telnet and SSH server service for context local? What is the default for other (non-local) contexts? Answer: Context local: telnet and ssh services enabled by default Other Contexts: all services disabled by default
•
When is “service multiple-contexts” command required? Answer: To enable the creation of multiple contexts on the system. By default this feature is disabled.
•
What determines if an IP interface will support Telnet server service? Answer: The context containing the IP interface is configured to support or reject Telnet server service (command: service telnet server).
•
What determines what privileges are given to the administrator? Answer: Administrator credential (username and password) which are configured within a specific context determines what privileges he has. Ex: administrator albert@local has full privileges and administrator bob@abc has limited privileges.
•
What is the difference between an administrator account that exists in context local compared to other contexts? What is the reason for this difference?
Answer:
03815-LZU1082486 Rev A
© Ericsson AB 2017
- 55 -
Router 6000 R17 Operation and Maintenance
–
Administrator accounts configured in context local are automatically given the privilege to enter configuration mode. Accounts in other context are not.
–
Remote operators only need to monitor the system thus they are assigned accounts in other contexts than context local.
- 56 -
© Ericsson AB 2017
03815-LZU1082486 Rev A
Router 6000 R17 Operation and Maintenance
Exercise 11,Solution: Privilege Levels Exercise 11.1,Solution: Configure administrators with privilege levels: configure context local administrator one pass one privilege start 1 privilege max 1 administrator two pass two privilege start 2 privilege max 2 administrator three pass three privilege start 3 privilege max 3 commit
Exercise 11.2,Solution: Configure commands with privilege levels: configure privilege privilege privilege privilege privilege privilege privilege privilege
exec exec exec exec exec exec exec exec
level level level level level level level level
2 2 2 2 2 2 2 2
show ping show show show show show show
privilege port counters bindings context configuration chassis version
commit
03815-LZU1082486 Rev A
© Ericsson AB 2017
- 57 -
Router 6000 R17 Operation and Maintenance
Exercise 11.3,Solution: Verify privilege levels [student@ selnre066srv02 ~]$ telnet 10.69.76.241 Trying 10.1.1.101... Connected to 10.1.1.101. Escape character is '^]'. Train-1 login: one Password: One_1111 [local]Train-1> ? change-password Change current login password disable Drop into disable administrator mode enable Modify command mode privilege exit Exit exec mode no Disable an interactive option [local]Train-1> show ? % Unrecognized command [local]Train-1> ping ? % Unrecognized command
[student@selnre066srv02 ~]$ telnet 10.69.76.241 Trying 10.69.76.241... Connected to 10.69.76.241. Escape character is '^]'. Train-1 login: two Password: Two_2222 [local]Train-1> ? change-password disable enable exit no ping show
Change current login password Drop into disable administrator mode Modify command mode privilege Exit exec mode Disable an interactive option Packet Internet Groper Command Show running system information
[local]Train-1> show ? bindings Display circuit and bind information configuration Show running or saved configuration privilege Show current privilege level version Display software version [local]Train-1> ping ? WORD IP address or host name to PING X:X:X:X::X IPv6 Address to PING
[local]Train-1> ping 10.69.76.253 PING 10.69.76.253 (10.69.76.253): source 10.69.76.241, 36 data bytes, timeout is 1 second !!!!! ----10.69.76.253 PING Statistics---5 packets transmitted, 5 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 0.236/0.324/0.425/0.089 ms [local]Train-1> show privilege Current privilege level is 2 [local]Train-1>
- 58 -
© Ericsson AB 2017
03815-LZU1082486 Rev A
Router 6000 R17 Operation and Maintenance [student@selnre066srv02 ~]$ telnet 10.69.76.241 Trying 10.69.76.241... Connected to 10.69.76.241. Escape character is '^]'. Train-1 login: three Password: Three_3333 [local]Train-1> ? archive change-password disable enable exit help modify mrinfo mtrace no oam ping rollback show telnet terminal traceroute twamp
Archive configurations for rollback Change current login password Drop into disable administrator mode Modify command mode privilege Exit exec mode Description of the interactive help system Modify condition action for ACL rule Request multicast router information Trace reverse multicast path from source to receiver Disable an interactive option oam commands Packet Internet Groper Command Rollback a configuration Show running system information Telnet to a host Modify terminal settings Trace route to destination Twamp commands
[local]Train-1> show config Building configuration... Current configuration: ! context local ! no ip domain-lookup no logging console ! ! administrator three encrypted 2 $1$........$ZJP3vu5JO/0sVts1ZCT4urqYGlP/FGMd3qtxFS6TkbW29kJPerhc2rd/otnOIZC zS1k4k8ozPpqfgYhBhgAF2. privilege start 3 privilege max 3 ! ! ! ! ! ! ! ! ! end [local]Train-1>
[local]Train-1> show privilege Current privilege level is 3 [local]Train-1>
03815-LZU1082486 Rev A
© Ericsson AB 2017
- 59 -
Router 6000 R17 Operation and Maintenance
Question 11.1: Which administrator could execute the commands? Can you explain why?
Answer: Admin “one”: none Admin “two”: all configured commands Admin “three”: all configured commands The configured command will be available for administrators starting at configured level or higher.
- 60 -
© Ericsson AB 2017
03815-LZU1082486 Rev A
Router 6000 R17 Operation and Maintenance
Exercise 12,Solution: Admin ACLs Exercise 12.1,Solution: Configure Admin ACL: context xyz interface 2 ip address 10.69.76.241/28 port ethernet 1/1 no shutdown encapsulation dot1q dot1q pvc 1651 bind interface 2 xyz
context xyz ip access-list AdminACL permit tcp host any
admin-access-group AdminACL in count
Tasks: 1) IP ACL 2) Admin ACL
2.2.2.2 tcp
X
1 xyz
source IP#
Use ACL “AdminACL” to filter incoming packets Turn on counters and logs
2
tcp 3.3.3.3 udp
X
Only tcp traffic from this host will reach the kernel!
Try to telnet from the ssh server to your router Try to telnet from your router, context local, to other routers
03815-LZU1082486 Rev A
© Ericsson AB 2017
show access-group ip-filter admin in [log|count]
- 61 -
Router 6000 R17 Operation and Maintenance
Exercise 12.2,Solution: Verify Admin ACL: [xyz]Train-1#show ip access-list ip access-list AdminACL: count: 2, sequences: 10 - 20, client count: 1 modified: 00:02:10 (hh:mm:ss) ago, version: 5873, grid: 0x40030000 seq 10 permit tcp host 10.69.79.145 any seq 20 deny ip any any [xyz]Train-1#
[xyz]Train-1#sh access-group (Enabled Info: C-counters; L-logging; S-service; Circuit ACL Name Prot Type AdminACL v4 Filter [xyz]Train-1# [xyz]Train-1#clear access-group ip-filter admin in [xyz]Train-1#
M-ACL in diff context) Ifc Name Dir Info Rules admin In C 2 counters
[xyz]Train-1#sh access-group ip-filter admin in counters Admin IPv4 access-list: Hit Count:
0
No Match (Default)
Admin IPv4 access-list AdminACL, in, 2 rules Hit Count: Hit Count:
0 0
seq 10 permit tcp host 10.69.79.145 any seq 20 deny ip any any
Slot RPFP, PFE 0: Admin IPv4 access-list: Hit Count:
0
No Match (Default)
Admin IPv4 access-list, AdminACL, in, 2 rules Hit Count: Hit Count: [xyz]Train-1#
0 0
seq 10 permit tcp host 10.69.79.145 any seq 20 deny ip any any
Login from server - 10.69.78.98 (through management port 1/1 vlan 1651 for Group 1): [student@selnre066srv02 ~]$ telnet 10.69.76.241 Trying 10.69.76.241... ^C [student@selnre066srv02 ~]$
Login from windows RD (through management interface / management port): login as: bob@xyz bob@[email protected]'s password: Last login: Sat Mar 25 09:32:36 2017 from 10.69.76.253 Hello from Router 6672 Copyright (c) 2016 Ericsson AB.
- 62 -
© Ericsson AB 2017
03815-LZU1082486 Rev A
Router 6000 R17 Operation and Maintenance All rights reserved. [xyz]Train-1>
[xyz]Train-1#sh access-group ip-filter admin in counters Admin IPv4 access-list: Hit Count:
0
No Match (Default)
Admin IPv4 access-list AdminACL, in, 2 rules Hit Count: Hit Count:
0 3
seq 10 permit tcp host 10.69.79.145 any seq 20 deny ip any any
Slot RPFP, PFE 0: Admin IPv4 access-list: Hit Count:
0
No Match (Default)
Admin IPv4 access-list, AdminACL, in, 2 rules Hit Count: Hit Count: [xyz]Train-1#
0 3
seq 10 permit tcp host 10.69.79.145 any seq 20 deny ip any any
Note! ACL logs not available on Router 6000 for this version
03815-LZU1082486 Rev A
© Ericsson AB 2017
- 63 -
Router 6000 R17 Operation and Maintenance
Exercise 13,Solution: TACACS+ Exercise 13.1,Solution: Configure TACACS+: Tasks; 1) AAA 2) TACACS+ 3) Interface
context xyz tacacs+ server 10.69.76.253 key 12345
Try first TACACS+ if not try local authen or no authen
1
Port
2 xyz
context xyz aaa authentication administrator tacacs+ local aaa authorization commands 6 tacacs+ none aaa accounting administrator tacacs+ aaa accounting commands 6 tacacs+ aaa authentication administrator maximum session 2
3
interface 2 ip address 10.69.76.24X/28 ip source-address tacacs+
Use this interface’s IP-addr as source to the server
READY
Exercise 13.2,Solution:
Verify TACACS+:
login as: admin_tacacs@xyz admin_tacacs@[email protected]'s password: ericsson Last login: Sun May 21 16:23:20 2017 from 10.69.79.145 Hello from Router 6672 Copyright (c) 2016 Ericsson AB. All rights reserved. [xyz]Train-5>
[xyz]Train-5# show tacacs+ server IP Address/Hostname Port Timeout/Max-Tries Key ----------------------------------------------------------------10.69.76.253 49 10/3 EE937297D6B3E299
[instructor@ssh1-gothenburg-1] ~ $ tail -f /var/log/tac_acc.log Nov 17 05:54:43 10.69.211.9 admin_tacacs@G1_xyz /dev/pts/15 10.69.109.145 start start_time=1479362083 task_id=32203 timezone=CET service=shell Nov 17 05:55:05 10.69.211.9 admin_tacacs@G1_xyz /dev/pts/15 10.69.109.145 start start_time=1479362106 task_id=32203 timezone=CET service=shell priv-lvl=10 cmd=show cmdarg=configuration
- 64 -
© Ericsson AB 2017
03815-LZU1082486 Rev A
Router 6000 R17 Operation and Maintenance Nov 17 05:56:16 10.69.211.9 admin_tacacs@G1_xyz /dev/pts/15 10.69.109.145 stop stop_time=1479362177 task_id=32203 timezone=CET service=shell Nov 17 05:59:56 10.69.211.9 admin_tacacs@G1_xyz /dev/pts/15 10.69.109.145 start start_time=1479362396 task_id=2980 timezone=CET service=shell Nov 17 06:00:04 10.69.211.9 admin_tacacs@G1_xyz /dev/pts/15 10.69.109.145 start start_time=1479362405 task_id=2980 timezone=CET service=shell priv-lvl=10 cmd=show cmdarg=configuration Nov 17 06:00:10 10.69.211.9 admin_tacacs@G1_xyz /dev/pts/15 10.69.109.145 stop stop_time=1479362411 task_id=2980 timezone=CET service=shell Nov 17 06:01:09 10.69.211.9 user_tacacs@G1_xyz /dev/pts/15 10.69.109.145 start start_time=1479362470 task_id=3763 timezone=CET service=shell Nov 17 06:01:37 10.69.211.9 user_tacacs@G1_xyz /dev/pts/15 10.69.109.145 stop stop_time=1479362497 task_id=3763 timezone=CET service=shell
03815-LZU1082486 Rev A
© Ericsson AB 2017
- 65 -
Router 6000 R17 Operation and Maintenance
Exercise 13.3,Solution: Clean up TACACS+ configuration: configure context xyz no aaa authentication administrator TACACS+ local no aaa authorization commands 6 tacacs+ none no aaa accounting administrator tacacs+ no aaa accounting commands 6 tacacs+ no tacacs+ server 10.1.1.3 key 12345 interface management no ip source-address tacacs+ commit
- 66 -
© Ericsson AB 2017
03815-LZU1082486 Rev A
Router 6000 R17 Operation and Maintenance
Exercise 14,Solution: Password Recovery Exercise 14.1,Solution: Preparation •
Save configuration! [local]Train-1# save configuration mybackup.cfg
•
Connect to the console port.
Exercise 14.2,Solution: Recovering Password •
Enter a field-support account. login: _cde
•
At the password prompt, enter the field-support account password. Password: Letmein123
•
At the > prompt, enter the enable command to enter the maximum privilege level. [local]Ericsson>enable
•
At the password prompt, enter the password for the privilege level. password:ericsson
•
From the configuration mode, enter the context configuration mode. [local]Ericsson#configure [local]Ericsson(config)#context local
•
Use the administrator command to delete the existing administrator account and to add a new administrator account and password. [local]Ericsson(config-ctx)#no administrator Jun_admin1 [local]Ericsson(config-ctx)#administrator admin2 password Supersecret1 [local]Ericsson(config-ctx)#commit [local]Ericsson(config-ctx)#end
•
Confirm the configuration [local]Ericsson#show administrators TTY START TIME REMOTE HOST ADMINISTRATOR ----------------------------------------------------------------* pts/1 Tue Jul 23 16:02:21 2013 10.170.81.139:tel admin2@local
03815-LZU1082486 Rev A
© Ericsson AB 2017
- 67 -
Router 6000 R17 Operation and Maintenance
Exercise 15,Solution: Searching and Filtering Exercise 15.1,Solution: Save filtered output to file [local]Train-1# show log | grep fail | save /md/log_group1.txt [local]Train-1# [local]Train-1# dir /md/log_group1.txt Contents of /flash/log_group1.txt -rw-rw-r-- 1 admin siara 40724 Dec 17 09:33 /md/log_group1.txt [local]Train-1#
Exercise 15.2,Solution: Searching the output using EMACS [local]Train-1# sh configuration subs_active 0016CED62A70@internet Circuit 12/1:1 vpi-vci 30 381 pppoe 1292 Internal Circuit 12/1:1:63/2/2/34 Interface bound 192.168.166.0 Current port-limit unlimited context-name internet_1 (applied) dns primary 192.168.237.147 (applied) dns secondary 192.168.145.147 (applied) ip pool (applied from sub_default) ip address 192.168.166.83 (applied from pool) atm profile UBR-8000 (applied) qos-queuing-policy PQ (applied) qos-metering-policy marking-qos-1 (applied from sub_default) 0014A45AEE1A@internet Circuit 12/1:1 vpi-vci 30 321 pppoe 3622 Internal Circuit 12/1:1:63/2/2/48 Interface bound 192.168.166.0 Current port-limit unlimited context-name internet_1 (applied) dns primary 192.168.237.148 (applied) dns secondary 192.168.145.148 (applied) ip pool (applied from sub_default) ip address 192.168.166.89 (applied from pool) atm profile UBR-608 (applied) qos-queuing-policy PQ (applied) qos-metering-policy marking-qos-1 (applied from sub_default) 00173391DE24@internet /192.168.162.105
ip address 192.168.162.105 (applied from pool) atm profile UBR-608 (applied) qos-queuing-policy PQ (applied) qos-metering-policy marking-qos-1 (applied from sub_default) 001733AE712C@internet ---(more)---
•
- 68 -
Press "=" to get the row number 234 (may be different in your output)
© Ericsson AB 2017
03815-LZU1082486 Rev A
Router 6000 R17 Operation and Maintenance
•
After pressing "n" (=next match) “Pattern not found” only one match
Question 15.1: What is the row number for address 192.168.162.105? Answer: 234 Only one match!
Exercise 15.3,Solution: Macro for searching domains •
Create a macro called “subs_domain” that searches the “subs_all” file and outputs how many subscribers that are from ericsson or redback:
[local]Train-1(config)# macro exec subs_domain [local]Train-1(config-macro)# seq 10 show config subs_all | grep opt '-E -c -i' 'ericsson|redback' [local]Train-1(config-macro)# end
•
Verify the macro:
[local]Train-1# subs_domain [10] (subs_domain)# show config subs_all | 'ericsson|redback' 2505
grep opt '-E -c -i'
[local]Train-1#
Exercise 15.4,Solution: dates (optional)
Macro for searching with
•
Create a macro for how many subscribers logged in between Oct 20th – 29th and
•
Create another macro for who logged in on October, 8th:
[local]Train-1(config)# macro exec sub_date [local]Train-1(config-macro)# show conf subs_all | grep option '-E' 'Oct 2[0-9]' | count [local]Train-1(config-macro)# show conf subs_all | grep option '-E' 'Oct {1,2}8' [local]Train-1(config-macro)#end
•
Verify the macro:
[local]Train-1# sub_date [10] (sub_date)# show conf subs_all | grep option '-E' 'Oct 2[0-9]' | count 1245 [20] (sub_date)# show conf subs_all | grep option '-E' 'Oct {1,2}8' pppoe 12/1:1 vpi-vci 34 340 pppo [email protected] internet Oct 8 11:56:18
03815-LZU1082486 Rev A
© Ericsson AB 2017
- 69 -
Router 6000 R17 Operation and Maintenance pppoe 12/2:1 vpi-vci pppoe 12/2:1 vpi-vci pppoe 12/2:1 vpi-vci pppoe 12/3:1 vpi-vci pppoe 12/4:1 vpi-vci pppoe 12/4:1 vpi-vci pppoe 13/1:1 vpi-vci pppoe 13/2:1 vpi-vci pppoe 13/2:1 vpi-vci pppoe 13/2:1 vpi-vci pppoe 13/3:1 vpi-vci pppoe 13/3:1 vpi-vci pppoe 13/3:1 vpi-vci pppoe 13/3:1 vpi-vci pppoe 13/4:1 vpi-vci pppoe 14/1:1 vpi-vci [local]Train-1#
• •
- 70 -
31 31 31 30 52 39 33 42 45 42 36 33 33 33 80 47
322 233 419 426 185 432 108 304 375 421 425 396 496 261 117 299
pppo pppo pppo pppo pppo pppo pppo pppo pppo pppo pppo pppo pppo pppo pppo pppo
[email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected]
internet internet internet internet internet internet internet internet internet internet internet internet internet internet internet internet
Oct Oct Oct Oct Oct Oct Oct Oct Oct Oct Oct Oct Oct Oct Oct Oct
8 8 8 8 8 8
17:52:47 17:54:45 17:54:28 23:05:09 14:00:06 16:12:47 8 07:48:09 8 21:04:35 8 15:38:03 8 16:52:41 8 17:11:14 8 12:17:42 8 20:18:30 8 15:47:31 8 12:50:49 8 22:59:22
From the output above 1245 subscribers logged in from 20th to 29th Oct! Also 17 subscribers shown above logged in at Oct 8th.
© Ericsson AB 2017
03815-LZU1082486 Rev A
Router 6000 R17 Operation and Maintenance
Exercise 16,Solution: Logging & Syslog Exercise 16.1,Solution: Configure Syslog and Debug:
Exercise 16.2,Solution: Generate system events and view results: •
In context xyz start debug for aaa:
[xyz]Train-1# debug aaa all
• From the lab ssh server prompt, check the log messages from the syslog (the file may be in different location, ask the instructor): [student@ssh1-gothenburg-1]# tail -f /var/log/HOSTS/10.1.1.101/messages Nov 7 13:21:38 [local6.notice] Nov 7 13:36:06: %AAA-5-NOTICE: [local] administr ator: (G1) logged in via tty: /dev/ttyp0, host: 10.1.1.3 Nov 7 13:21:41 [local6.notice] Nov 7 13:36:09: %AAA-5-NOTICE: [local] administr ator: (G1) found on /dev/ttyp0 from 10.1.1.3 - record as logged out. Nov 7 13:34:19 [local6.notice] Nov 7 13:48:47: %AAA-5-NOTICE: [local] administr ator: (G1) logged in via tty: /dev/ttyp0, host: 10.1.1.3 Nov 7 13:50:20 [local6.notice] Nov 7 14:04:47: %AAA-5-NOTICE: [local] administr ator: (G1) found on /dev/ttyp0 from 10.1.1.3 - record as logged out. Nov 7 13:50:47 [local6.notice] Nov 7 14:05:14: %AAA-5-NOTICE: [local] administr ator: (G1) logged in via tty: /dev/ttyp0, host: 10.1.1.3 Nov 7 13:51:41 [local6.notice] Nov 7 14:06:09: %AAA-5-NOTICE: [local] administr ator: (G1) found on /dev/ttyp0 from 10.1.1.3 - record as logged out.
•
Save (active) logs to the file “test.log”:
03815-LZU1082486 Rev A
© Ericsson AB 2017
- 71 -
Router 6000 R17 Operation and Maintenance [local]Train-1# save log text test.log
•
Display the content of this file by using the show log command:
[local]Train-1#[local]Train-1# show log file test.log --- cut --Nov 7 13:11:26: %AAA-5-NOTICE: [local] administrator: (ericsson) found on /dev/ttyp0 from 10.1.1.3 - record as logged out. Nov 7 13:15:24: %AAA-5-NOTICE: [local] administrator: (ericsson) logged in via tty: /dev/ttyp0, host: 10.1.1.3
•
Display the active logs for aaa only:
[local]Train-1# show log active fac aaa Nov 7 13:11:26: %AAA-5-NOTICE: [local] administrator: (ericsson) found on /dev/ttyp0 from 10.1.1.3 - record as logged out. Nov 7 13:15:24: %AAA-5-NOTICE: [local] administrator: (ericsson) logged in via tty: /dev/ttyp0, host: 10.1.1.3 Nov 7 13:32:24: %AAA-5-NOTICE: [local] administrator: (ericsson) found on /dev/ttyp0 from 10.1.1.3 - record as logged out. --- cut ---
- 72 -
© Ericsson AB 2017
03815-LZU1082486 Rev A
Router 6000 R17 Operation and Maintenance
Exercise 17,Solution: Debugging on Router 6000 In the Router 6000 we can generally group debug functions in two categories: •
System wide debug, for example debugging subscriber authentication
•
Context specific debug, for example debugging the static routes.
Exercise 17.1,Solution: System wide debug [xyz]Train-1# debug admin authen [xyz]Train-1# show debug AAA: Admin authentication debugging is turned on [xyz]Train-1# terminal monitor Feb 6 15:09:13: [1/1:1:63/1/2/11]: %AAA-7-AUTHEN: aaa_idx 1000001f: Received SESSION_DOWN msg extern_handle 0
Exercise 17.2,Solution: Context specific debug [xyz]Train-1# debug static all [xyz]Train-1# show debug static: Configuration debugging is turned on .... [xyz]Train-1# terminal monitor Feb 6 15:07:25: [0002]: [1/1:1:63/1/2/11]: %STATIC-7CONFIG: aaa_idx 1000001e: unprovision attr 1
03815-LZU1082486 Rev A
© Ericsson AB 2017
- 73 -
Router 6000 R17 Operation and Maintenance
Exercise 18,Solution: Connectivity Troubleshooting Exercise 18.1,Solution: Connectivity troubleshooting, preparation › The instructor will help you to load new configuration on your Router 6000 before we can start [local]Train-1# configure scp://student@IP_number/troubleshooting_1.cfg student@?.?.?.?'s password: Troubleshooting_1.cf 100% |*****************************|
1896
00:00
Configuration complete % Configuration file processing took: 2 seconds [local]Train-1#
a1
b1
d1
a2
b2
d2
c1
c2
• What are the interfaces and bindings? • How are the contexts connected? • Does IP connectivity work?
1/7
1/8
1/15 1/16
[local]Train-1# show context all Context Name Context ID
VPN-RD
Description
-------------------------------------------------------------------------------local 0x40080001 a1 0x40080007 a2 0x40080008 b1 0x40080009 b2 0x4008000a c1 0x4008000b c2 0x4008000c d1 0x4008000d e1 0x4008000e d2 0x4008000f [local]Train-1#
- 74 -
© Ericsson AB 2017
03815-LZU1082486 Rev A
Router 6000 R17 Operation and Maintenance
Exercise 18.2,Solution: Connectivity troubleshooting
03815-LZU1082486 Rev A
© Ericsson AB 2017
- 75 -
Router 6000 R17 Operation and Maintenance [local]Train-1# context a1 [a1]Train-1# show ip interface brief Name Address MTU State e0 1.1.1.1/30 1500 Up [a1]Train-1# [a1]Train-1# [a1]Train-1#context a2 [a2]Train-1# show ip interface brief Name Address MTU State e0 1.1.1.2/30 1500 Up l0 2.2.2.2/32 1500 Up [a2]Train-1# [a1]Train-1# ping 2.2.2.2 PING 2.2.2.2 (2.2.2.2): source 1.1.1.1, 36 data bytes, timeout is 1 second .....
Bindings dot1q 1/7 vlan-id 10
Bindings ethernet 1/8 (Loopback)
Ping failed! Why?
----2.2.2.2 PING Statistics---5 packets transmitted, 0 packets received, 100.0% packet loss [a1]Train-1#
[a1]Train-1# show ip interface brief Fri Jun 9 08:33:15 2017 Name Address e0 1.1.1.1/30 [a1]Train-1# [a1]Train-1# [a1]Train-1#context a2 [a2]Train-1# show ip interface brief Name Address e0 1.1.1.2/30 l0 2.2.2.2/32 [a2]Train-1#
MTU 1500
State Up
Bindings dot1q 1/7 vlan-id 10
MTU 1500 1500
State Up Up
Bindings ethernet 1/8 (Loopback)
a1
interface e0 ip address 1.1.1.1/30
1/7 VLAN 10 Encapsulation mismatch
a2
1/8 Untagged
- 76 -
© Ericsson AB 2017
interface e0 ip address 1.1.1.2/30 interface lo ip address 2.2.2.2/32
03815-LZU1082486 Rev A
Router 6000 R17 Operation and Maintenance Fix the issue! port ethernet 1/8 no bind dot1q pvc 10 bind interface e0 a2 [a1]Train-1#ping 2.2.2.2 PING 2.2.2.2 (2.2.2.2): source 1.1.1.1, 36 data bytes, timeout is 1 second !!!!! ----2.2.2.2 PING Statistics---5 packets transmitted, 5 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 0.722/7.052/31.997/13.945 ms [a1]Train-1#
a1
interface e0 ip address 1.1.1.1/30
1/7 VLAN 10
a2 1/8 VLAN 10
03815-LZU1082486 Rev A
© Ericsson AB 2017
interface e0 ip address 1.1.1.2/30 interface lo ip address 2.2.2.2/32
- 77 -
Router 6000 R17 Operation and Maintenance [a1]Train-1# context b1 [b1]Train-1# show ip interface brief Name Address e0 1.1.1.1/30 [b1]Train-1# [b2]Train-1# show ip interface brief Fri Jun 9 09:03:13 2017 Name Address Name Address e0 1.1.1.2/30 l0 2.2.2.2/32 [b2]Train-1# [b2]Train-1#context b2 [b2]Train-1# ping 2.2.2.2 PING 2.2.2.2 (2.2.2.2): 36 data bytes, timeout is 1 second .....
MTU 1500
State Up
Bindings dot1q 1/7 vlan-id 20
MTU MTU 1500 1500
State State Up Up
VLANs Ok! Bindings Bindings dot1q 1/8 vlan-id 20 (Loopback)
Ping failed! Why?
----2.2.2.2 PING Statistics---5 packets transmitted, 0 packets received, 100.0% packet loss [b2]Train-1#
[b1]Train-1# ping 1.1.1.2 PING 1.1.1.2 (1.1.1.2): source 1.1.1.1, 36 data bytes, timeout is 1 second !!!!! Next hop IP connectivity ok! ----1.1.1.2 PING Statistics---5 packets transmitted, 5 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 0.772/0.970/1.509/0.307 ms [b1]Train-1#
b1
interface e0 ip address 1.1.1.1/30
1/7 VLAN 20
b2 1/8 VLAN 20
- 78 -
© Ericsson AB 2017
interface e0 ip address 1.1.1.2/30 interface lo ip address 2.2.2.2/32
03815-LZU1082486 Rev A
Router 6000 R17 Operation and Maintenance [b1]Train-1# show ip route 2.2.2.2 [b1]Train-1#
Route to 2.2.2.2 missing!
context b1 ip route 2.2.2.2/32 1.1.1.2
Fix issue!
[b1]Train-1# show ip route 2.2.2.2 Type Network Next Hop > C > S
1.1.1.0/30 2.2.2.2/32
1.1.1.2
Dist
Metric
UpTime
0 1
0 0
01:05:48 00:02:12
Interface e0 e0
[b1]Train-1#
b1
interface e0 ip address 1.1.1.1/30
1/7 VLAN 20
b2
interface e0 ip address 1.1.1.2/30 interface lo ip address 2.2.2.2/32
1/8 VLAN 20
[b1]Train-1# ping 2.2.2.2 PING 2.2.2.2 (2.2.2.2): source 1.1.1.1, 36 data bytes, timeout is 1 second !!!!!
Ping successful!
----2.2.2.2 PING Statistics---5 packets transmitted, 5 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 1.061/2.675/7.675/2.844 ms [b1]Train-1#
b1
interface e0 ip address 1.1.1.1/30
1/7 VLAN 20
b2 1/8 VLAN 20
03815-LZU1082486 Rev A
© Ericsson AB 2017
interface e0 ip address 1.1.1.2/30 interface lo ip address 2.2.2.2/32
- 79 -
Router 6000 R17 Operation and Maintenance [b1]Train-1#context c1 [c1]Train-1# show ip interface brief Fri Jun 9 09:22:57 2017 Name Address MTU State e0 1.1.1.1/30 1000 Up [c1]Train-1# [c1]Train-1#cont c2 [c2]Train-1# show ip interface brief Fri Jun 9 09:23:18 2017 Name Address MTU State e0 1.1.1.2/30 1000 Up l0 2.2.2.2/32 1500 Up [c2]Train-1# [c2]Train-1#context c1 [c1]Train-1# ping 2.2.2.2 PING 2.2.2.2 (2.2.2.2): source 1.1.1.1, 36 data bytes, timeout is 1 second !!!!!
Bindings dot1q 1/15 vlan-id 30 VLANs Ok!
Bindings dot1q 1/16 vlan-id 30 (Loopback)
----2.2.2.2 PING Statistics---5 packets transmitted, 5 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 0.772/1.413/2.463/0.763 ms [c1]Train-1#
Ping works! All ok?
[c1]Train-1# ping 2.2.2.2 size 1400 df PING 2.2.2.2 (2.2.2.2): source 1.1.1.1, 1400 data bytes, timeout is 1 second FFFFF Ping with 1400 bytes packets F - Destination unreachable (fragmentation needed) and don’t fragment fail! ----2.2.2.2 PING Statistics---5 packets transmitted, 0 packets received, 100.0% packet loss [c1]Train-1#
c1
interface e0 ip address 1.1.1.1/30
1/15 VLAN 30
c2 1/16 VLAN 30
- 80 -
© Ericsson AB 2017
interface e0 ip address 1.1.1.2/30 interface lo ip address 2.2.2.2/32
03815-LZU1082486 Rev A
Router 6000 R17 Operation and Maintenance [c1]Train-1# show port 1/15 detail | grep MTU MTU size : 1000 Bytes [c1]Train-1#show port 1/16 detail | grep MTU MTU size : 1500 Bytes [c1]Train-1#
Check MTU on the ports
port eth 1/15 mtu 1500
Fix issue!
c1
interface e0 ip address 1.1.1.1/30
1/15 VLAN 30 MTU 1000
c2
interface e0 ip address 1.1.1.2/30 interface lo ip address 2.2.2.2/32
1/16 VLAN 30 MTU 1500 [c1]Train-1# ping 2.2.2.2 size 1400 df PING 2.2.2.2 (2.2.2.2): source 1.1.1.1, 1400 data bytes, timeout is 1 second !!!!! ----2.2.2.2 PING Statistics---5 packets transmitted, 5 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 0.918/1.068/1.593/0.294 ms [c1]Train-1#
c1
interface e0 ip address 1.1.1.1/30
1/15 VLAN 30 MTU 1500
c2
interface e0 ip address 1.1.1.2/30 interface lo ip address 2.2.2.2/32
1/16 VLAN 30 MTU 1500 [c1]Train-1#cont d1 [d1]selnre066rtr05# show ip interface brief Name Address MTU e0 1.1.1.1/30 1500 [d1]selnre066rtr05#context d2 [d2]selnre066rtr05#sh ip interface brief Name Address MTU e0 1.1.1.2/30 1500 l0 2.2.2.2/32 1500 [d2]selnre066rtr05# [d1]selnre066rtr05# context d1 [d1]selnre066rtr05# ping 2.2.2.2 size 1400 df PING 2.2.2.2 (2.2.2.2): source 1.1.1.1, 1400 data timeout is 1 second .....
State Up
Bindings dot1q 1/7 vlan-id 30
State Up Up
VLANs Ok! Bindings dot1q 1/8 vlan-id 30 (Loopback)
bytes,
----2.2.2.2 PING Statistics---5 packets transmitted, 0 packets received, 100.0% packet loss [d1]selnre066rtr05#
03815-LZU1082486 Rev A
© Ericsson AB 2017
Ping fails! MTU?
- 81 -
Router 6000 R17 Operation and Maintenance [d1]selnre066rtr05# show port 1/7 detail | grep MTU MTU size : 1500 Bytes [d1]selnre066rtr05#show port 1/8 detail | grep MTU MTU size : 1500 Bytes [d1]selnre066rtr05#
MTU ok What is the problem?
d1
interface e0 ip address 1.1.1.1/30
d2
interface e0 ip address 1.1.1.2/30 interface lo ip address 2.2.2.2/32
1/7 VLAN 30
1/8 VLAN 30
[d1]selnre066rtr05# show arp-cache Host Hardware address 1.1.1.1 ac:60:b6:aa:e5:35 1.1.1.2 00:55:88:00:33:77 [d1]selnre066rtr05# context b2 [b2]selnre066rtr05#show arp-cache Total number of arp entries in cache: Resolved entry : 2 Incomplete entry : 0 Host Hardware address 1.1.1.1 ac:60:b6:aa:e5:35 1.1.1.2 ac:60:b6:aa:e5:36 [b2]selnre066rtr05#
1.1.1.2 00:55:88:00:33:77
Check arp table Ttl -
Type ARPA ARPA
One sides MAC is wrong for address for 1.1.1.2
2
Ttl 3187 -
Circuit 1/7 vlan-id 30 1/7 vlan-id 30
Type ARPA ARPA
Circuit 1/8 vlan-id 20 1/8 vlan-id 20
d1
interface e0 ip address 1.1.1.1/30
d2
interface e0 ip address 1.1.1.2/30 interface lo ip address 2.2.2.2/32
1/7 VLAN 30 1.1.1.2 ac:60:b6:aa:e5:36
1/8 VLAN 30
- 82 -
© Ericsson AB 2017
03815-LZU1082486 Rev A
Router 6000 R17 Operation and Maintenance [d2]selnre066rtr05# show port 1/7 detail | grep MAC MAC address : ac:60:b6:aa:e5:35 [d2]selnre066rtr05# show port 1/8 detail | grep MAC MAC address : ac:60:b6:aa:e5:36 [d2]selnre066rtr05#
Check MAC on ports
d1’s MAC is wrong for address for 1.1.1.2
[d2]selnre066rtr05# context d1 [d1]selnre066rtr05# sh conf | grep arp ip arp 1.1.1.2 00:55:88:00:33:77 [d1]selnre066rtr05# Fix issue!
context d1 no ip arp 1.1.1.2 00:55:88:00:33:77
d1
interface e0 ip address 1.1.1.1/30
d2
interface e0 ip address 1.1.1.2/30 interface lo ip address 2.2.2.2/32
1/7 VLAN 30 1.1.1.2 ac:60:b6:aa:e5:36
1/8 VLAN 30
[d1]selnre066rtr05#ping 2.2.2.2 size 1400 df PING 2.2.2.2 (2.2.2.2): source 1.1.1.1, 1400 data bytes, timeout is 1 second !!!!!
Ping successful!
----2.2.2.2 PING Statistics---5 packets transmitted, 5 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 0.875/1.062/1.682/0.349 ms [d1]selnre066rtr05#
1.1.1.2 ac:60:b6:aa:e5:36
d1
interface e0 ip address 1.1.1.1/30
d2
interface e0 ip address 1.1.1.2/30 interface lo ip address 2.2.2.2/32
1/7 VLAN 30 1.1.1.2 ac:60:b6:aa:e5:36
1/8 VLAN 30
03815-LZU1082486 Rev A
© Ericsson AB 2017
- 83 -
Router 6000 R17 Operation and Maintenance
Exercise 18.6, Solution (continued): Traffic troubleshooting between context e1 and the internet (optional):
Exercise 18.6, Solution (continued): Traffic troubleshooting between context e1 and the internet (optional):
- 84 -
© Ericsson AB 2017
03815-LZU1082486 Rev A