Basic Force10 SFTOS S50 configuration

SOURCE:

https://www.force10networks.com/CSPortal20/KnowledgeBase/DOCUMENTATION/CLIConfig/SFTOS/SFTOS_CONFIG_26-Oct-2011.pdf

This S50 console cable can’t use Cisco cable. We need rollover ethernet cable to console it
https://www.computercablestore.com/straight-through-crossover-and-rollover-wiring
Here what you need:
1. USB to serial DB9
2. DB9 to RJ45
3. rollover ethernet cable

#show ver

Switch: 1
System Description……………………….. 48-port E/FE/GE (SA)
Vendor ID……………………………….. 07
Plant ID………………………………… 01
Country Code…………………………….. 04
Date Code……………………………….. 072005
Serial Number……………………………. DE4526024
Part Number……………………………… 759-00001-00
Revision………………………………… 0A
Catalog Number…………………………… SA-01-GE-48T
Burned In MAC Address…………………….. 0001.E8D5.A421
Software Version…………………………. 2.5.2.2
Additional Packages………………………. Force10 Multicast
                                                Force10 Stacking
                                                Force10 Routing
10/100 Ethernet/802.3 interface(s)…………. 1
Gig Ethernet/802.3 interface(s)……………. 0
10Gig Ethernet/802.3 interface(s)………….. 0
Virtual Ethernet/802.3 interface(s)………… 0

System Name………………………………

#show hardware

Switch: 1
System Description……………………….. 48-port E/FE/GE (SA)
Vendor ID……………………………….. 07
Plant ID………………………………… 01
Country Code…………………………….. 04
Date Code……………………………….. 072005
Serial Number……………………………. DE4526024
Part Number……………………………… 759-00001-00
Revision………………………………… 0A
Catalog Number…………………………… SA-01-GE-48T
Burned In MAC Address…………………….. 00:01:E8:D5:A4:21
Software Version…………………………. 2.5.2.2
Additional Packages………………………. Force10 QOS
                                                Force10 Multicast
                                                Force10 Stacking
                                                Force10 Routing
Pluggable Modules and Transceivers:

 None

#show serial

Serial Port Login Timeout (minutes)………… 5
Baud Rate (bps)………………………….. 9600
Character Size (bits)…………………….. 8
Flow Control…………………………….. Disable

Stop Bits……………………………….. 1

-to set clock

#show clock
WED DEC 23 17:59:20 2015
#conf
(Config)#clock time 16:00:00

(Config)#clock time 12/23/2015

-to set ntp

#conf
(Config)#sntp client mode unicast
(Config)#sntp broadcast client poll-interval 10

(Config)#sntp server 171.66.97.126

#show sntp

Last Update Time:                  DEC 23 11:09:39 2015
Last Unicast Attempt Time:         DEC 23 18:09:53 2015
Last Attempt Status:               Success

Broadcast Count:                   0

#show sntp server

Server IP Address:                 171.66.97.126
Server Type:                       ipv4
Server Stratum:                    1
Server Reference Id:               NTP Ref: shm0
Server Mode:                       Server
Server Maximum Entries:            3
Server Current Entries:            1
SNTP Servers
————
IP Address: 171.66.97.126
Address Type: IPV4
Priority: 1
Version: 4
Port: 123
Last Update Time: DEC 23 11:09:39 2015
Last Attempt Time: DEC 23 18:09:53 2015
Last Update Status: Success
Total Unicast Requests: 1

Failed Unicast Requests: 0

-to create another admin user

#conf

(Config)#username admin1 passwd apassword

#show users

                                SNMPv3         SNMPv3        SNMPv3
User Name   User Access Mode  Access Mode  Authentication  Encryption
———-  —————-  ———–  ————–  ———-
admin       Read/Write        Read/Write   None            None

admin1      Read/Write        Read Only    None            None

-to set management ip address

#conf
(Config)#interface managementethernet
(Config-if-ma)#ip address 10.0.10.214 255.255.255.0
(Config-if-ma)#exit

(Config)#management route default 10.0.10.1

#show interface managementethernet

IP Address………………………………. 10.0.10.214
Subnet Mask……………………………… 255.255.255.0
Default Gateway………………………….. 10.0.10.1
Burned In MAC Address…………………….. 00:01:E8:D5:A4:21
Locally Administered MAC Address…………… 00:00:00:00:00:00
MAC Address Type…………………………. Burned In
Network Configuration Protocol Current……… None
Management VLAN ID……………………….. 1
Web Mode………………………………… Enable

Java Mode……………………………….. Disable

-to configure ssh and https

download ssh and ssl keys from
# cd s-series-secure-management/ssh
# ./generate-keys.sh
# cd ../ssl
# # ./generate-pem.sh

copy rsa1.key, rsa2.key, dsa.key, dh512.pem, dh1024.pem, server.pem, rootcert.pem into your tftp server

#copy tftp://10.0.10.112/rsa1.key nvram:sshkey-rsa1

Mode……………………………………. TFTP
Set TFTP Server IP……………………….. 10.0.10.112
TFTP Path……………………………….. ./
TFTP Filename……………………………. rsa1.key
Data Type……………………………….. SSH RSA1 key
Management access will be blocked for the duration of the transfer
Are you sure you want to start?(y/n) y
TFTP SSH key receive complete… updating key file…

Key file transfer operation completed successfully

#copy tftp://10.0.10.112/rsa2.key nvram:sshkey-rsa2

Mode……………………………………. TFTP
Set TFTP Server IP……………………….. 10.0.10.112
TFTP Path……………………………….. ./
TFTP Filename……………………………. rsa2.key
Data Type……………………………….. SSH RSA2 key
Management access will be blocked for the duration of the transfer
Are you sure you want to start?(y/n) y
TFTP SSH key receive complete… updating key file…

Key file transfer operation completed successfully

#copy tftp://10.0.10.112/dsa.key nvram:sshkey-dsa

Mode……………………………………. TFTP
Set TFTP Server IP……………………….. 10.0.10.112
TFTP Path……………………………….. ./
TFTP Filename……………………………. dsa.key
Data Type……………………………….. SSH DSA key
Management access will be blocked for the duration of the transfer
Are you sure you want to start?(y/n) y
TFTP SSH key receive complete… updating key file…

Key file transfer operation completed successfully

#conf

(Config)#ip ssh server enable

-test ssh to 10.0.10.214

-disable telnet server

(Config)#no ip telnet server enable

#show loginsession

ID    User Name    Connection From       Idle Time   Session Time Session Type
— ————— ——————— ———– ———— ————

*00 admin           10.0.10.112           00:00:00    00:12:53     Telnet

#copy tftp://10.0.10.112/dh512.pem nvram:sslpem-dhweak

Mode……………………………………. TFTP
Set TFTP Server IP……………………….. 10.0.10.112
TFTP Path……………………………….. ./
TFTP Filename……………………………. dh512.pem
Data Type……………………………….. SSL DH weak
Management access will be blocked for the duration of the transfer
Are you sure you want to start?(y/n) y
TFTP SSL certificate receive complete… updating certificate file…

Certificate file transfer operation completed succesfully

#copy tftp://10.0.10.112/dh1024.pem nvram:sslpem-dhstrong

Mode……………………………………. TFTP
Set TFTP Server IP……………………….. 10.0.10.112
TFTP Path……………………………….. ./
TFTP Filename……………………………. dh1024.pem
Data Type……………………………….. SSL DH strong
Management access will be blocked for the duration of the transfer
Are you sure you want to start?(y/n) y
TFTP SSL certificate receive complete… updating certificate file…

Certificate file transfer operation completed succesfully

#copy tftp://10.0.10.112/server.pem nvram:sslpem-server

Mode……………………………………. TFTP
Set TFTP Server IP……………………….. 10.0.10.112
TFTP Path……………………………….. ./
TFTP Filename……………………………. server.pem
Data Type……………………………….. SSL Server cert
Management access will be blocked for the duration of the transfer
Are you sure you want to start?(y/n) y
TFTP SSL certificate receive complete… updating certificate file…

Certificate file transfer operation completed succesfully

#copy tftp://10.0.10.112/rootcert.pem nvram:sslpem-root

Mode……………………………………. TFTP
Set TFTP Server IP……………………….. 10.0.10.112
TFTP Path……………………………….. ./
TFTP Filename……………………………. rootcert.pem
Data Type……………………………….. SSL Root cert
Management access will be blocked for the duration of the transfer
Are you sure you want to start?(y/n) y
TFTP SSL certificate receive complete… updating certificate file…

Certificate file transfer operation completed succesfully

#conf

(Config)#ip http secure-server enable

#show ip http

Java Mode: Disabled
HTTP Mode (Unsecure): Enabled
HTTP Mode (Secure): Enabled
Secure Port: 443

Secure Protocol Level(s): TLS1 SSL3

#show logging

Syslog Logging                     : enabled
CLI Command Logging                : disabled
Console Logging                    : disabled
Buffered (In-Memory) Logging       : level debug, 19 Messages Logged
Buffered Logging Wrapping Behavior : On
Logging Host List Empty
<190> JUN 21 03:36:08 10.0.10.214-1 UNKN[108733992]: sslt_util.c(325) 19 %% SSLT: Successfully loaded all required SSL PEM files
<189> JUN 21 03:11:32 10.0.10.214-1 TRAPMGR[193625888]: traputil.c(661) 18 %% Link Up: 1/0/48
<189> JUN 21 03:09:46 10.0.10.214-1 TRAPMGR[166884384]: traputil.c(661) 17 %% Cold Start: Unit: 0
<190> JUN 21 03:09:32 0.0.0.0-1 UNKN[106236016]: sslt_util.c(261) 16 %% SSLT: Error loading certificate from file server.pem
<190> JUN 21 03:09:32 0.0.0.0-1 UNKN[106236016]: sslt_util.c(249) 15 %% SSLT: Did not find SSL PEM file ./rootcert.pem, OK to continue
<190> JUN 21 03:09:32 0.0.0.0-1 UNKN[106300640]: sshd_main.c(249) 14 %% SSHD: Done generating server key
<190> JUN 21 03:09:31 0.0.0.0-1 UNKN[106300640]: sshd_main.c(447) 13 %% SSHD: successfully loaded RSA2 key
<190> JUN 21 03:09:31 0.0.0.0-1 UNKN[106300640]: sshd_main.c(437) 12 %% SSHD: successfully opened file ssh_host_rsa_key

<190> JUN 21 03:09:31 0.0.0.0-1 UNKN[106300640]: sshd_main.c(421) 11 %% SSHD: successfully loaded DSA key

-test to https://10.0.10.214

-disable http server
(Config)#no ip http server enable
Advertisements