Manuals / Cisco Systems / Computer Equipment / Network Card

Cisco Systems UCSCPCIEBTG, 57712 manual Set group-auth, Scope role-group, Admin user readonly

Models: 57712 UCSCPCIEBTG

1 288

Download 288 pages 20.54 Kb

Page 86

Managing User Accounts

Configuring Active Directory Groups in CIMC

Procedure

	Command or Action		Purpose
Step 1	Server# scope ldap		Enters the LDAP command mode for AD configuration.
Step 2	Server /ldap #	set group-auth	Enables or disables AD group authorization.
	{yes no}
Step 3	Server /ldap #	scope role-group	Selects one of the five available group profiles for
	index		configuration, where index is a number between 1 and 5.
Step 4	Server /ldap/role-group # set name Specifies the name of the group in the AD database that is
	group-name		authorized to access the server.
Step 5	Server /ldap/role-group # set		Specifies the AD domain the group must reside in.
	domain domain-name
Step 6	Server /ldap/role-group # set role		Specifies the permission level (role) assigned to all users in
	{admin user readonly}		this AD group. This can be one of the following:
			• admin—The user can perform all actions available.
			• user—The user can perform the following tasks:
			◦View all information
			◦Manage the power control options such as power
			on, power cycle, and power off
			◦Launch the KVM console and virtual media
			◦Clear all logs
			◦Toggle the locator LED
			• readonly—The user can view information but cannot
			make any changes.
Step 7	Server /ldap/role-group # commit Commits the transaction to the system configuration.

This example shows how to configure AD group authorization:

Server# scope ldap
Server	/ldap # set group-auth yes
Server	/ldap *# scope role-group 5
Server	/ldap/role-group *# set name Training
Server	/ldap/role-group *# set domain example.com
Server	/ldap/role-group *# set role readonly
Server	/ldap/role-group *# commit
ucs-c250-M2 /ldap # show role-group			Role
Group	Name	Domain	Role
------	----------------	----------------	--------
1	(n/a)	(n/a)	admin
2	(n/a)	(n/a)	user
3	(n/a)	(n/a)	readonly
4	(n/a)	(n/a)	(n/a)
5	Training	example.com	readonly

	Cisco UCS C-Series Servers Integrated Management Controller CLI Configuration Guide, Release 1.5
70	OL-28893-01

Image 86

Cisco Systems UCSCPCIEBTG, 57712 manual Set group-auth, Scope role-group, Admin user readonly

Contents

Americas Headquarters First Published March 04Page N T E N T S Viewing Server Properties Viewing Server Sensors Managing User Accounts Creating a vNIC Configuring Communication Services Configuring Platform Event Filters Bios Parameters by Server Model Conventions PrefaceAudience This preface includes the following sectionsString will include the quotation marks Default responses to system prompts are in square bracketsString Indicates a comment lineFeature Description Where Documented New and Changed Information for this ReleaseFeature Description Related Cisco UCS Documentation Documentation RoadmapsOther Documentation Resources System UCS Documentation Roadmap BundleThis chapter includes the following sections OverviewOverview of the Server Software Server OS Cisco Integrated Management ControllerCimc Firmware Management InterfacesCommand Modes Cimc CLIOverview Command Modes Mode Name Command to Access Mode PromptCommand to Access Mode Prompt Scope sensor command from Scope role-group command fromScope power-cap command from Scope trap-destinations commandCommitting, Discarding, and Viewing Pending Commands Complete a CommandCommand History Command Output FormatsOnline Help for the CLI OL-28893-01 KVM Console Installing the Server OSOS Installation Methods You can use the KVM console to install an OS on the server PXE Installation ServersInstalling an OS Using a PXE Installation Server Managing the Server Command or Action Purpose StepEnters chassis command mode Toggling the Locator LEDToggling the Locator LED for a Hard Drive Managing the Server Boot OrderServer Boot Order Server /chassis/hdd # set locateHDDConfiguring the Server Boot Order Server# scope biosServer /bios # show actual-boot-order Resetting the ServerViewing the Actual Server Boot Order DetailShutting Down the Server Server# scope chassis Enters chassis modeServer /chassis # power shutdown Server# scope chassisPowering Off the Server Managing Server PowerPowering On the Server Server# scope chassis Enters chassis command mode Power Cycling the ServerCommand or Action Purpose Name Description Configuring Power PoliciesViewing the Power Statistics Non-Compliance Action Power Capping PolicyConfiguring the Power Cap Policy Server /power-cap # set Server# scope power-capEnters the power cap command mode Enabled yes noRestore-last-state Configuring the Power Restore PolicyPower-off power-on Delay-value delayDual Card Management in the Cisco Flexible Flash Controller Managing the Flexible Flash ControllerCisco Flexible Flash Action DescriptionConfiguring the Flexible Flash Controller Properties Scenario Behavior# set virtual-drives-enabled list # set read-error-count-threshold# set write-error-count-threshold # set raid-primary-member slot1None SCU HV HUU Booting from the Flexible FlashServer /bios # set boot-override Resetting the Flexible Flash Controller Permissible index value is FlexFlash-0Default configuration Server /chassis/flexflash # commitBios Version Version string of the running Bios Configuring Bios SettingsViewing Bios Status Secondary slotFor each Bios setting, see one the following topics Configuring Main Bios SettingsBoot Order Attempt to useConfigure the Bios settings Server /bios/advanced # Configuring Advanced Bios SettingsOn, you are prompted to choose whether to reboot now Server /bios/main # set POSTErrorPause EnabledConfigure the Bios settings Configuring Server Management Bios SettingsCommand or Action Server-managementServer /bios # bios-setup-default Restoring Bios DefaultsRestoring Bios Manufacturing Custom Defaults Server # scope bios Server /bios # restore-mfg-defaults Server /bios # restore-mfg-defaultsDefault values OL-28893-01 Server# show chassis detail Viewing Server PropertiesViewing Server Properties Displays server propertiesServer# show cimc detail Viewing Cimc PropertiesViewing CPU Properties Displays Cimc propertiesViewing Memory Properties This example displays Dimm summary informationViewing Storage Adapter Properties Viewing Power Supply PropertiesViewing Storage Properties Show psu detailSettings detail Error-counters detailHw-config detail Server /chassis # show storageadapterOptional Displays the available Cisco Flexible Viewing the Flexible Flash Controller PropertiesServer /chassis # show flexflash detail Flash controllersViewing Physical Drive Properties Virtual-drive-count detail Viewing Virtual Drive PropertiesVirtual-drive drive-number detail Virtual-drive drive-numberServer # scope chassis Viewing Nvidia GPU Card InformationSlot number of the GPU card Viewing LOM Properties Viewing PCI Adapter PropertiesViewing Network Related Properties Server# scope cimcServer# scope cimc Network OL-28893-01 Server# scope sensor Viewing Power Supply SensorsViewing Server Sensors Show psu-redundancyViewing Fan Sensors Viewing Temperature SensorsServer /sensor # show temperature detail Server /sensor # show psu-redundancyPurpose Step This example displays temperature sensor statisticsViewing Voltage Sensors Viewing Storage Sensors Procedure Command or Action Purpose StepViewing Current Sensors Status columnLED Status column Current LED color, if anyOL-28893-01 KVM Console Managing Remote PresenceManaging the Virtual KVM Disabling the Virtual KVM Server /kvm # set enabled yesEnabling the Virtual KVM Server# scope kvmSet local-video yes Configuring the Virtual KVMSet encrypted yes Server /kvm # set max-sessionsServer# scope vmedia Configuring Virtual MediaSet enabled yes Volume-name remote-share Configuring Network Mounted vMedia MappingCommand or Action Server # scope vmedia Remote-file-path mount optionsRemoving Network Mounted vMedia Mapping Enters the virtual media command modeViewing Network Mount vMedia Mapping Properties Server # scope vmediaManaging Serial over LAN Serial Over LANServer# scope sol Configuring Serial Over LANEnters SoL command mode Yes noLaunching Serial Over LAN Server console port. You can enter this command in anyCommand mode Server# connect hostOL-28893-01 Configuring Local Users Managing User AccountsActive Directory Configuring Active DirectoryConfiguring the Active Directory Server Properties Value RoleConfiguring Active Directory in Cimc Server# scope ldapServer /ldap *# set dc1 Server /ldap *# set gc1 Configuring Active Directory Groups in CimcServer# scope ldap Scope role-group Admin user readonlySet group-auth Viewing User Sessions Terminating a User SessionTerminate NIC Mode Configuring Network-Related SettingsServer NIC Configuration Server NICsNIC Redundancy Configuring Server NICsServer /cimc/network # set mode dedicated Sharedlom Sharedlom10g shipping ciscocardActive-active Configuring Common PropertiesRedundancy none Active-standbyConfiguring IPv4 You must be logged in as admin to configure the server Vlan Configuring the Server VlanOptional Displays the IPv4 network settings Specifies the IP address of the secondary DNSSet vlan-priority Connecting to a Port ProfileSet vlan-enabled Management interface, the virtual Ethernet, and the VIF on Port profile must be defined on the switch toDisplays the network settings Supported adapter cards such as the Cisco UCS VIC1225Network Security Network Security ConfigurationConfiguring Network Security Server # scope cimc Network Time Protocol ConfigurationConfiguring Network Time Protocol Settings Yes10.120.34.45 Server /cimc/network/ntp* # commit Commits the transaction10.120.33.44 10.120.35.46Managing Network Adapters Overview of the Cisco UCS C-Series Network AdaptersCisco UCS P81E Virtual Interface Card Cisco UCS VIC1225 Virtual Interface CardIndex detail Configuring Network Adapter PropertiesViewing Network Adapter Properties Configure-vmfex port-count Fip-mode disable enableNiv-mode disable enable Managing vHBAsAll vHBAs Viewing vHBA PropertiesHost-fc-if fc0 fc1 name detail Modifying vHBA Properties Error-recovery Error-detect-timeout msecResource-allocation-timeout msec # set fcp-error-recovery disable EnableInterrupt Enters the interrupt command modeSet flogi-timeout msec Interrupt-mode intx msi msixPort-p-logi Enters the Fibre Channel port login command modeSet plogi-timeout msec ServerCreating a vHBA Host-fc-if nameServer /chassis/adapter # delete Deleting a vHBASet channel-number number Server /chassis/adapter # commitCreating a Boot Table Entry VHBA Boot TableViewing the Boot Table Show bootServer /chassis # scope adapter Deleting a Boot Table EntryCreate-boot-entry wwpn lun-id VHBA Persistent Binding Delete boot entryTake effect upon the next server reset Locate the number of the entry to be deletedDisabling Persistent Binding Set persistent-lun-binding enableEnabling Persistent Binding PerbiScope perbi Set persistent-lun-binding disableRebuilding Persistent Binding # rebuildViewing vNIC Properties Managing vNICsGuidelines for Managing vNICs Host-eth-if eth0 eth1 name detailUplink 0 Modifying vNIC PropertiesHost-eth-if eth0 eth1 name Uplink-failover disable enable Trust-host-cos disable enableVlan-mode access trunk Channel-number numberSet interrupt-count count Uplink-failback-timeout secondsScope interrupt Set coalescing-time usec# set rq-ring-size size Set tcp-segment-offload disable# set rq-count count Scope trans-queueSet tcp-large-receive-offload disable Set tcp-rx-checksum-offload disableSet tcp-tx-checksum-offload disable Set rss disable enableSet rss-hash-tcp-ipv6-ex disable Set rss-hash-tcp-ipv6 disableSet rss-hash-ipv6-ex disable enable Creating a vNICDeleting a vNIC Host-eth-if nameYou can configure a maximum of 2 iSCSI vNICs for each host Configuring iSCSI Boot CapabilityReboot This example deletes a vNIC on adapterDhcp-iscsi-settings enabled Iscsi-boot indexDhcp-net-settings enabled Eth0 eth1 nameVirtual Machine Fabric Extender Delete iscsi-bootManaging VM FEX Viewing VM FEX Properties Name VM FEX SettingsGeneral Properties Settings Name Description Ethernet Interrupt Settings Name Description Completion Queue Settings Name Description TCP Offload Settings Name Description Receive Side Scaling Settings NameStorageadapter slot Managing Storage AdaptersCreate Virtual Drive from Unused Physical Drives Create virtual-driveWrite policy for the new virtual drive. Enter Create Virtual Drive from an Existing Drive GroupCarve-virtual-drive Appropriate information at each prompt500 MB Clearing Foreign ConfigurationServer /chassis # scope storageadapter # delete-virtual-drive Clear-foreign-configDeleting a Virtual Drive Start-initialization Cancel-initializationInitializing a Virtual Drive # get-operation-statusModifying Attributes of a Virtual Drive Set as Boot DriveSet-boot-drive Server /chassis/storageadapter # scopePolicy Making a Dedicated Hot SpareModify-attributes You are prompted to choose a virtual drive forServer /chassis/storageadapter/physical-drive # Making a Global Hot SparePreparing a Drive for Removal Make-global-hot-spare# remove-hot-spare Removing a Drive from Hot Spare PoolsPrepare-for-removal Undo Preparing a Drive for Removal Enabling Auto Learn Cycles for the Battery Backup UnitEnable-auto-learn Undo-prepare-for-removalDisable-auto-learn Disabling Auto Learn Cycles for the Battery Backup UnitStarting a Learn Cycle for a Battery Backup Unit You must be logged in as an admin to use this commandPhysical-drive Toggling the Locator LED for a Physical DriveStart-learn-cycle # locator-led on offViewing Storage Controller Logs Backing Up and Restoring the Adapter ConfigurationExporting the Adapter Configuration Importing the Adapter Configuration This example exports the configuration of adapterAdapter-reset-defaults index Restoring Adapter DefaultsReboot the server to apply the imported configuration PCI slot number specified by the indexAdapter Firmware Installing Adapter FirmwareManaging Adapter Firmware Or two specified adapters or, if no adapter is specifiedServer /chassis # activate-adapter-fw Resetting the AdapterActivating Adapter Firmware This example resets the adapter in PCI slot Server/chassis # adapter-reset indexResetting the adapter also resets HostServer# scope http Configuring Communication ServicesConfiguring Http Server /http # set http-redirect yesServer# scope ssh Configuring SSHSet timeout seconds Set ssh-port numberEnabling XML API Configuring XML APIXML API for Cimc Server# scope xmlapiSet enabled Configuring IpmiConfiguring Ipmi over LAN Ipmi Over LANEncryption-key key Configuring SnmpConfiguring Snmp Properties Server# scope snmpSettrap-community-str Setcommunity-accessCommunity-str community Server /snmp # set sys-locationVersion 1 2 Configuring Snmp Trap SettingsTrap-destinations number Type trap informTo send a test message Configuring SNMPv3 UsersSending a Test Snmp Trap Message Specified user numberAuthnopriv authpriv V3security-name security-nameV3security-level noauthnopriv MD5 SHA142 Generating a Certificate Signing Request Managing CertificatesManaging the Server Certificate Server /certificate # generate-csr Enters the certificate command modeServer# scope certificate Signing request CSRCreating a Self-Signed Certificate Managing Certificates Creating a Self-Signed CertificateOpenssl req -new -x509 -days numdays Openssl genrsa -out CAkeyfilenameExample Echo nsCertType = server openssl.confNew server certificate Uploading a Server CertificateServer /certificate # upload This example uploads a new certificate to the server Begin CertificatePlatform-event-enabled yes Configuring Platform Event FiltersServer# scope fault Platform Event FiltersDisabling Platform Event Alerts Configuring Platform Event FiltersPlatform-event-enabled no Platform Event Filter None reboot power-cyclePower-off Enabled yes Configuring Platform Event Trap SettingsServer /fault # scope pef-destinations Event Number Note Platform Event Description Interpreting Platform Event TrapsPlatform Event Trap Descriptions Test Trap154 Event Number Note 155156 Cimc Firmware Management Overview of FirmwareClick the Unified Computing System UCS Server Firmware link Obtaining Firmware from CiscoCenter box, click Unified Computing and Servers Click Accept License AgreementInstalling Cimc Firmware from a Remote Server Log in to the as a user with admin privilegesActivating Installed Cimc Firmware Inactive image Server /cimc/firmware # activate 1Is specified, the server activates the currently Installing Bios Firmware from a Remote Server Current FW Version fieldServer # scope bios 163164 Show fault-entries Viewing the Faults and Logs SummaryScope fault Viewing LogsCimc Log Viewing the Cimc LogServer /cimc # scope log Configuring the Cimc Log ThresholdClearing the Cimc Log Server /cimc/log # clearRemote-syslog-severity level Sending the Cimc Log to a Remote ServerLocal-syslog-severity Server-ip ip-address Error Informational DebugCritical Server# scope sel System Event LogViewing the System Event Log Server# scope sel Enters the system event log command modeClearing the System Event Log 172 Server /cimc # scope tech-support Server UtilitiesExporting Technical Support Data Remote-ip ip-addressRemote-username name Remote-password passwordRemote-protocol protocol Server# scope bios Enters the bios command mode Rebooting the CimcClearing the Bios Cmos Provide the generated report file to Cisco TACRecover Recovering from a Corrupted BiosScope bios Power cycle or reset the server Resetting the Cimc to Factory DefaultsThis example shows how to recover from a corrupted Bios Exporting the Cimc Configuration Exporting and Importing the Cimc ConfigurationExporting and Importing the Cimc Configuration Server /cimc # scope import-exportServer /cimc/import-export # Importing a Cimc ConfigurationServer# scope cimc Enters the Cimc command mode Generating Non maskable Interrupts to the Host 181 182 C22 and C24 Servers Bios Parameters by Server ModelMain Bios Parameters for C22 and C24 Servers TPM SupportNumber of Enabled Cores Advanced Bios Parameters for C22 and C24 ServersProcessor Configuration Parameters Name Execute DisableIntel VT-d Coherency Support Intel VTIntel VT-d Intel VT-d ATS SupportAdjacent Cache Line Prefetcher CPU PerformanceHardware Prefetcher DCU IP Prefetcher Direct Cache Access SupportDCU Streamer Prefetch Power Technology Intel Turbo Boost Technology Processor Power State C6Processor Power State C1 Enhanced Frequency Floor OverrideState Coordination Energy PerformanceDram Clock Throttling Memory Configuration Parameters Name DescriptionSelect Memory RAS Channel Interleaving Low Voltage DDR ModeDram Refresh rate Rank InterleavingAltitude Patrol ScrubDemand Scrub Onboard Storage Parameters Name QPI Configuration Parameters Name DescriptionUSB Configuration Parameters Name Description USB Port Front All USB DevicesUSB Port Rear USB Port InternalAspm Support PCI Configuration Parameters Name DescriptionMmio Above 4GB VGA PriorityBits per second Console RedirectionTerminal Type Flow Control Putty KeyPadAll PCIe Slots OptionROM All Onboard LOM PortsLOM Port n OptionROM PCIe Slot n OptionROMOS Watchdog Timer Server Management Bios Parameters for C22 and C24 ServersFRB-2 Timer PCIe Slot n Link SpeedOS Watchdog Timer Timeout OS Watchdog Timer PolicyBoot Order Rules C220 and C240 Servers Main Bios Parameters for C220 and C240 ServersAdvanced Bios Parameters for C220 and C240 Servers 204 Disabled -The processor does not support ATS Enabled -The processor uses VT-d ATS as required206 207 Power consumption but may reduce system performance 209 210 211 212 213 214 4GB or greater address space USB Port SD CardMemory Mapped I/O Above 4GB Offboard -Priority is given to the Pcie Graphics adapter Enables console redirection on COM port 0 during PostEnables console redirection on COM port 1 during Post Allows you to change the action of the PuTTY function keys Introduced by a hidden terminal problem. This can be oneNone -No flow control is used 218 If it hangs during POST. This can be one of the following Server Management Bios Parameters for C220 and C240 ServersPCIe Mezzanine OptionROM Watchdog timer expires 5 minutes after the OS System removes that device type from the boot order Processor Configuration Parameters Name Description Main Bios Parameters for C260 ServersAdvanced Bios Parameters for C260 Servers C260 ServersIntel Hyper-Threading Technology Enhanced Intel Speedstep TechnologyWhether the processor uses Enhanced Intel SpeedStep Which allows multithreaded software applications to executeIntel VT-d Interrupt Remapping Intel Virtualization TechnologyIntel VT for Directed IO Direct Cache Access Processor C3 ReportCPU C State Processor C6 ReportPackage C State Limit Numa Optimized Sparing Sparing ModeMirroring Mode MirroringUSB Configuration Parameters Name Serial Port Configuration Parameters Name DescriptionSerial a Enable Patrol Scrub IntervalPCIe Slot n ROM Onboard NIC n ROMPCIe OptionROMs Onboard Gbit LOMIOH Resource Allocation Onboard 10Gbit LOMSriov Assert NMI on Perr Server Management Bios Parameters for C260 ServersAssert NMI on Serr OS Boot Watchdog Timer Timeout Baud RateLegacy OS Redirection OS Boot Watchdog PolicyOS Boot Watchdog Timer C420 Servers Main Bios Parameters for C420 ServersAdvanced Bios Parameters for C420 Servers 236 237 238 239 240 241 242 243 244 245 Not detected by the Bios and operating system Enabled -Enables the SD card drives247 Can be one of the following Allows you to change the action of the PuTTY function keys 250 Server Management Bios Parameters for C420 Servers 252 C460 Servers Main Bios Parameters for C460 ServersAdvanced Bios Parameters for C460 Servers 254 255 Intel VT-d PassThrough DMA 257 258 259 260 261 262 Server Management Bios Parameters for C460 Servers 264 265 266 D E Installing from remote server 159 obtaining from Cisco Dedicated LDAP, See Active Directory local usersIN-4 Yaml IN-6