Secure Remote Access, Snmp Defaults | Sun Microsystems CP3240

4.10.3.3SNMP Defaults

SNMP is enabled by default. The default read-only community string is public. The default read-write community string is private.

4.10.4Secure Remote Access

4.10.4.1SSH and SSL/TLS Keys

The switch supports SSH for a secure CLI console as well as SSL/TLS for secure HTTP. By default, SSH and SSL are disabled. The switch cannot generate its own keys. Keys must be generated on an external PC, and uploaded to the switch via TFTP. Once the keys are on the switch, SSH and HTTPS must be enabled to be used.

4.10.4.2Enabling SSH and SSL

First, the certifications and keys must be uploaded to the switch using a command such as the following:

copy tftp://<ip>/<file> <location>

Upload the following files to the switch:.

FileLocation

rsa1.key nvram:sshkey-rsa1

rsa2.key nvram:sshkey-rsa2

dsa.key nvram:sshkey-dsa

dh512.pem nvram:sslpem-dhweak

dh1024.pem nvram:sslpem-dhstrong

server.pem nvram:sslpem-server rootcert.pem nvram:sslpem-root

Enable secure access (SSH/Telnet) and disable non-secure access (SSL/HTTP).

ip ssh configure

Chapter 4 Configuring Switch Software 4-21

Image 99

Sun Microsystems CP3240 manual Secure Remote Access, Snmp Defaults, SSH and SSL/TLS Keys, Enabling SSH and SSL

Contents

Sun Netra CP3240 Switch Installation Guide Please Recycle Please Recycle Page Contents Overview Jumper Settings 1 P4 Cross-Connect Control Configuring Jumper Settings Configuring Switch Software Contents Environment Specifications CE Certification Atca Zone 3 RTM Connector J6-BottomB-12 Xii Sun Netra CP3240 Switch Installation Guide September Figures Xiv Sun Netra CP3240 Switch Installation Guide September Tables Table A-1 Table B-10 Xviii Sun Netra CP3240 Switch Installation Guide September Obtain and read the following documents Before You Read This Document How This Document Is Organized Typographic Conventions Related Documentation Xxii Sun Netra CP3240 Switch Installation Guide September Sun Welcomes Your Comments Third-Party Web Sites Xxiv Sun Netra CP3240 Switch Installation Guide September This chapter contains the following topics Getting Started Electrical and Environmental Switch has the following power requirementsSystem Requirements Connectivity Getting Started Unpacking Handling Switches Jumper Options Connectors Switch Faceplate Switch and RTM Faceplates Serial Management Port RJ-45 RTM AirflowsBase 10/100/1000 Uplink Ports RJ-45 2 10/100 Management Port RJ-45 2Netra CP3240H-RTM-CU Airflow Pa RTM Pressure Drop Versus Airflows Impedence Curves Getting Started Removing a Switch Set Removing and Installing Switches 6Front Cable Management Bracket in Lower Position Removing a Switch From the Front of the Server Injector/ejector mechanism Removing a Rear Transition Module for a Switch Installing a Switch Set Installing the Rear Transition Module for a SwitchInstalling a Switch Switch LEDs Atca Board Status LEDs3ATCA Board Status LEDs 4Hot-Swap LED States Hot-Swap LED Overview General Features Base Interface Fabric Gigabit Interface Site 1 AMC.0 Mid-size, AMC.2 Type E1 AMC Sites Switch Components Broadcom StrataXGS 3 BCM56503 Ethernet SwitchBroadcom StrataXGS 3 BCM56800 Ethernet Switch Pigeon Point BMR-H8S-AMCc AdvancedTCA Ipmi Subsystem Freescale PowerQUICC II MPC8247 Communications Processor Protocols, RFCs, and MIBs Support Fastpath Switching System Facilities Additional Layer 2 Functionality RFC 2096-IP forwarding table MIB Switching MIBsRouting MIBs RFC 1724-RIP v2 MIB extension Fastpath Routing Fastpath Quality of Service Access Control Lists ACLsDiffServ Class of Service CoS Quality of Service MIBsFastpath Multicast RFC 2932-IPv4 multicast routing MIB Fastpath Enterprise MIBs supporting multicast featuresFastpath IPv6 Routing Multicast MIBs 5.1 IPv6 Routing MIBs Fastpath Management Dual firmware image support Additional Management FeaturesSSL 3.0 and TLS SSH 1.5 Switch Functional Diagrams and Port Maps 1Switch External Ports Rear Transition Modules RTMs2Zone 3 RTM Ports Copper RTM 2Copper RTM Functional Block Diagram 4Copper RTM Port Restrictions 3Copper RTM External Ports Fiber Optic RTM 3Fiber Optic RTM Functional Block Diagram 6Fiber Optic RTM Port Restrictions 5Fiber Optic External RTM Ports 4Base Fabric Switch Subsystem Base Fabric Switch Subsystem 5Expansion Fabric Switch Subsystem Expansion Fabric Switch Subsystem AdvancedMC Sites AMC Port Maps 6AMC Port Map Diagram 7AMC Ethernet Port Availability 28Sun Netra CP3240 Switch Installation Guide September Overview AMC Module Support by Site AMC Port Restrictions for RTMsFollowing tables list AMC port restrictions for RTMs Configuring Jumper Settings 1 P4 Cross-Connect Control Jumper Settings1Switch Configuration Jumper Settings 2P4 Cross-Connect Jumper Settings 4 P81-2 Base Write Protect 2 P61-2 Fabric Zero Reset Configuration Word3 P63-4 Base Zero Reset Configuration Word 3P6 1-2 Fabric Zero Reset Jumper Settings 7 P101-2 Ipmc Reset 5 P83-4 Fabric Write Protect6 P9 Ipmc Firmware Program 9 P111-2 Forced-Board Enable 10 P113-4 Ipmc Board Reset8 P103-4 Ipmc FWE 12 P13 Serial Direction 11 P121-2 and P12 3-4 EMI Ground to Logic Ground 1Switch Jumper Locations 1shows the locations of the jumper settings 8Sun Netra CP3240 Switch Installation Guide September Configuring Switch Software 1IPMI State Sensors Ipmi Firmware SensorsState Sensors This section describes the Ipmi firmware sensors Configuring Switch Software Ipmi Thresold Sensors Threshold Sensors UBoot Console UBoot Keying Control in uBoot Or use the word all to disable e-Keying completelyTo re-enable e-Keying clear the variable Serial-Baud Rate Control in uBoot LinuxKeying Serial Select Keying BypassAtca LEDs This example, the serial port direction is to the RTM Changing Serial Location from UBootSerial Location Changing Serial Location from Fastpath Boot Sequence Following is an example of a boot sequenceCode Example 4-3Boot Sequence Example Code Example 4-4Boot Utility Menu Access Boot Utility Menu Erase Permanent Storage Load Code Update Package using TFTP/FTPErase Current Configuration Select Boot Method Dual Firmware Images Primary and Backup FlashBooting the Non-Active Image Start Diagnostic Application Tftpd is the standard Tftp server for Linux and Solaris Network BootUpdating the Non-Active Image Fabric 1G/10G Auto-negotiation Code Example 4-5Example Console Output Press number 1 to boot the system 16Sun Netra CP3240 Switch Installation Guide September User 10.1.1 CLI Management Options 6Basic CLI Commands Basic CLI Commands Logins and Prompts CLI DefaultsWeb Interface Defaults SSH and SSL/TLS Keys Secure Remote AccessSnmp Defaults Upload the following files to the switch Default Settings Port Ordering7Port Order List Netra CP3240 ShMC None ShMC 2 if cross connect Firmware Updates Firmware UpgradesFirmware List Backplane Ports Versus RTM Optical Ports Fiber Optic RTM Configuration12.3 10G Configuration for RTM Optical Port Module Support Code Example 4-7Enabling 1G Operation on RTM Optical Ports 12.4 1G Configuration for RTM Optical Port Environment Specifications Electrical and Environmental Absolute Maximum RatingsNormal Operating Ranges Board Dimensions and Weight 2ReliabilityMechanical Figure A-1PCB Dimensions Connectors Table B-1Connector Assignments Connector Assignments Figure B-1Connector Locations Topside Connector Locations Topside Figure B-2ATCA Zone 1 Connector J9 Table B-2ATCA Zone 1 Connector J9 Pins Table B-3ATCA Zone 2 P20 ZD Connector J5 Atca Zone 2 P20 ZD Connector J5Atca Zone 2 P21 ZD Connector J4 Table B-4ATCA Zone 2 P21 ZD Connector J4 Table B-4 Atca Zone 2 P22 ZD Connector J3 Atca Zone 2 P23 ZD Connector J2Table B-6ATCA Zone 2 P23 ZD Connector J2 ShM Atca Zone 2 P24 ZD Connector J1 Serial RJ-45 Connector J13 TopTable B-7ATCA Zone 2 P24 ZD Connector J1 Serial Cable 10 10/100/1000Base-T RJ-45 Connector J13 3rd, J13 Bottom 11 10/100Base-TX RJ-45 Connector J13 2ndTable B-1110/100Base-TX RJ-45 Connector J13-2nd Table B-13ATCA Zone 3 RTM Connector J7-Middle Atca Zone 3 RTM Connector Top J8Atca Zone 3 RTM Connector J7 Middle Table B-12ATCA Zone 3 RTM Connector J8-Top Table B-14ATCA Zone 3 RTM Connector J6-Bottom Atca Zone 3 RTM Connector J6 Bottom Datasheet Reference Ietf makes all RFCs freely available on their website Broadcom Datasheets CE Certification Agency Certifications Safety Emissions Test Regulations 1 EN 50081-1 Emissions2 EN 55024 Immunity 1 D.4.1FCC USA Regulatory Information Industry Canada Canada 6Sun Netra CP3240 Switch Installation Guide September Index Index-2Sun Netra CP3240 Switch Installation Guide September