Basic Force10 SFTOS S50 configuration

SOURCE:

https://www.force10networks.com/CSPortal20/KnowledgeBase/DOCUMENTATION/CLIConfig/SFTOS/SFTOS_CONFIG_26-Oct-2011.pdf

This S50 console cable can’t use Cisco cable. We need rollover ethernet cable to console it
https://www.computercablestore.com/straight-through-crossover-and-rollover-wiring
Here what you need:
1. USB to serial DB9
2. DB9 to RJ45
3. rollover ethernet cable

#show ver

Switch: 1

System Description……………………….. 48-port E/FE/GE (SA)

Vendor ID……………………………….. 07

Plant ID………………………………… 01

Country Code…………………………….. 04

Date Code……………………………….. 072005

Serial Number……………………………. DE4526024

Part Number……………………………… 759-00001-00

Revision………………………………… 0A

Catalog Number…………………………… SA-01-GE-48T

Burned In MAC Address…………………….. 0001.E8D5.A421

Software Version…………………………. 2.5.2.2

Additional Packages………………………. Force10 Multicast

                                                Force10 Stacking

                                                Force10 Routing

10/100 Ethernet/802.3 interface(s)…………. 1

Gig Ethernet/802.3 interface(s)……………. 0

10Gig Ethernet/802.3 interface(s)………….. 0

Virtual Ethernet/802.3 interface(s)………… 0

System Name………………………………

#show hardware

Switch: 1

System Description……………………….. 48-port E/FE/GE (SA)

Vendor ID……………………………….. 07

Plant ID………………………………… 01

Country Code…………………………….. 04

Date Code……………………………….. 072005

Serial Number……………………………. DE4526024

Part Number……………………………… 759-00001-00

Revision………………………………… 0A

Catalog Number…………………………… SA-01-GE-48T

Burned In MAC Address…………………….. 00:01:E8:D5:A4:21

Software Version…………………………. 2.5.2.2

Additional Packages………………………. Force10 QOS

                                                Force10 Multicast

                                                Force10 Stacking

                                                Force10 Routing

Pluggable Modules and Transceivers:

 None

#show serial

Serial Port Login Timeout (minutes)………… 5

Baud Rate (bps)………………………….. 9600

Character Size (bits)…………………….. 8

Flow Control…………………………….. Disable

Stop Bits……………………………….. 1

-to set clock

#show clock

WED DEC 23 17:59:20 2015

#conf

(Config)#clock time 16:00:00

(Config)#clock time 12/23/2015

-to set ntp

#conf

(Config)#sntp client mode unicast

(Config)#sntp broadcast client poll-interval 10

(Config)#sntp server 171.66.97.126

#show sntp

Last Update Time:                  DEC 23 11:09:39 2015

Last Unicast Attempt Time:         DEC 23 18:09:53 2015

Last Attempt Status:               Success

Broadcast Count:                   0

#show sntp server

Server IP Address:                 171.66.97.126

Server Type:                       ipv4

Server Stratum:                    1

Server Reference Id:               NTP Ref: shm0

Server Mode:                       Server

Server Maximum Entries:            3

Server Current Entries:            1

SNTP Servers

————

IP Address: 171.66.97.126

Address Type: IPV4

Priority: 1

Version: 4

Port: 123

Last Update Time: DEC 23 11:09:39 2015

Last Attempt Time: DEC 23 18:09:53 2015

Last Update Status: Success

Total Unicast Requests: 1

Failed Unicast Requests: 0

-to create another admin user

#conf

(Config)#username admin1 passwd apassword

#show users

                                SNMPv3         SNMPv3        SNMPv3

User Name   User Access Mode  Access Mode  Authentication  Encryption

———-  —————-  ———–  ————–  ———-

admin       Read/Write        Read/Write   None            None

admin1      Read/Write        Read Only    None            None

-to set management ip address

#conf

(Config)#interface managementethernet

(Config-if-ma)#ip address 10.0.10.214 255.255.255.0

(Config-if-ma)#exit

(Config)#management route default 10.0.10.1

#show interface managementethernet

IP Address………………………………. 10.0.10.214

Subnet Mask……………………………… 255.255.255.0

Default Gateway………………………….. 10.0.10.1

Burned In MAC Address…………………….. 00:01:E8:D5:A4:21

Locally Administered MAC Address…………… 00:00:00:00:00:00

MAC Address Type…………………………. Burned In

Network Configuration Protocol Current……… None

Management VLAN ID……………………….. 1

Web Mode………………………………… Enable

Java Mode……………………………….. Disable

-to configure ssh and https

download ssh and ssl keys from

https://www.force10networks.com/CSPortal20/Knowledgebase/DOCUMENTATION/InstallGuidesQuickrefs/S-Series/s-series-secure-management.zip

# unzip s-series-secure-management.zip

# cd s-series-secure-management/ssh

# ./generate-keys.sh

# cd ../ssl

# # ./generate-pem.sh

copy rsa1.key, rsa2.key, dsa.key, dh512.pem, dh1024.pem, server.pem, rootcert.pem into your tftp server

#copy tftp://10.0.10.112/rsa1.key nvram:sshkey-rsa1

Mode……………………………………. TFTP

Set TFTP Server IP……………………….. 10.0.10.112

TFTP Path……………………………….. ./

TFTP Filename……………………………. rsa1.key

Data Type……………………………….. SSH RSA1 key

Management access will be blocked for the duration of the transfer

Are you sure you want to start?(y/n) y

TFTP SSH key receive complete… updating key file…

Key file transfer operation completed successfully

#copy tftp://10.0.10.112/rsa2.key nvram:sshkey-rsa2

Mode……………………………………. TFTP

Set TFTP Server IP……………………….. 10.0.10.112

TFTP Path……………………………….. ./

TFTP Filename……………………………. rsa2.key

Data Type……………………………….. SSH RSA2 key

Management access will be blocked for the duration of the transfer

Are you sure you want to start?(y/n) y

TFTP SSH key receive complete… updating key file…

Key file transfer operation completed successfully

#copy tftp://10.0.10.112/dsa.key nvram:sshkey-dsa

Mode……………………………………. TFTP

Set TFTP Server IP……………………….. 10.0.10.112

TFTP Path……………………………….. ./

TFTP Filename……………………………. dsa.key

Data Type……………………………….. SSH DSA key

Management access will be blocked for the duration of the transfer

Are you sure you want to start?(y/n) y

TFTP SSH key receive complete… updating key file…

Key file transfer operation completed successfully

#conf

(Config)#ip ssh server enable

-test ssh to 10.0.10.214

-disable telnet server

(Config)#no ip telnet server enable

#show loginsession

ID    User Name    Connection From       Idle Time   Session Time Session Type

— ————— ——————— ———– ———— ————

*00 admin           10.0.10.112           00:00:00    00:12:53     Telnet

#copy tftp://10.0.10.112/dh512.pem nvram:sslpem-dhweak

Mode……………………………………. TFTP

Set TFTP Server IP……………………….. 10.0.10.112

TFTP Path……………………………….. ./

TFTP Filename……………………………. dh512.pem

Data Type……………………………….. SSL DH weak

Management access will be blocked for the duration of the transfer

Are you sure you want to start?(y/n) y

TFTP SSL certificate receive complete… updating certificate file…

Certificate file transfer operation completed succesfully

#copy tftp://10.0.10.112/dh1024.pem nvram:sslpem-dhstrong

Mode……………………………………. TFTP

Set TFTP Server IP……………………….. 10.0.10.112

TFTP Path……………………………….. ./

TFTP Filename……………………………. dh1024.pem

Data Type……………………………….. SSL DH strong

Management access will be blocked for the duration of the transfer

Are you sure you want to start?(y/n) y

TFTP SSL certificate receive complete… updating certificate file…

Certificate file transfer operation completed succesfully

#copy tftp://10.0.10.112/server.pem nvram:sslpem-server

Mode……………………………………. TFTP

Set TFTP Server IP……………………….. 10.0.10.112

TFTP Path……………………………….. ./

TFTP Filename……………………………. server.pem

Data Type……………………………….. SSL Server cert

Management access will be blocked for the duration of the transfer

Are you sure you want to start?(y/n) y

TFTP SSL certificate receive complete… updating certificate file…

Certificate file transfer operation completed succesfully

#copy tftp://10.0.10.112/rootcert.pem nvram:sslpem-root

Mode……………………………………. TFTP

Set TFTP Server IP……………………….. 10.0.10.112

TFTP Path……………………………….. ./

TFTP Filename……………………………. rootcert.pem

Data Type……………………………….. SSL Root cert

Management access will be blocked for the duration of the transfer

Are you sure you want to start?(y/n) y

TFTP SSL certificate receive complete… updating certificate file…

Certificate file transfer operation completed succesfully

#conf

(Config)#ip http secure-server enable

#show ip http

Java Mode: Disabled

HTTP Mode (Unsecure): Enabled

HTTP Mode (Secure): Enabled

Secure Port: 443

Secure Protocol Level(s): TLS1 SSL3

#show logging

Syslog Logging                     : enabled

CLI Command Logging                : disabled

Console Logging                    : disabled

Buffered (In-Memory) Logging       : level debug, 19 Messages Logged

Buffered Logging Wrapping Behavior : On

Logging Host List Empty

<190> JUN 21 03:36:08 10.0.10.214-1 UNKN[108733992]: sslt_util.c(325) 19 %% SSLT: Successfully loaded all required SSL PEM files

<189> JUN 21 03:11:32 10.0.10.214-1 TRAPMGR[193625888]: traputil.c(661) 18 %% Link Up: 1/0/48

<189> JUN 21 03:09:46 10.0.10.214-1 TRAPMGR[166884384]: traputil.c(661) 17 %% Cold Start: Unit: 0

<190> JUN 21 03:09:32 0.0.0.0-1 UNKN[106236016]: sslt_util.c(261) 16 %% SSLT: Error loading certificate from file server.pem

<190> JUN 21 03:09:32 0.0.0.0-1 UNKN[106236016]: sslt_util.c(249) 15 %% SSLT: Did not find SSL PEM file ./rootcert.pem, OK to continue

<190> JUN 21 03:09:32 0.0.0.0-1 UNKN[106300640]: sshd_main.c(249) 14 %% SSHD: Done generating server key

<190> JUN 21 03:09:31 0.0.0.0-1 UNKN[106300640]: sshd_main.c(447) 13 %% SSHD: successfully loaded RSA2 key

<190> JUN 21 03:09:31 0.0.0.0-1 UNKN[106300640]: sshd_main.c(437) 12 %% SSHD: successfully opened file ssh_host_rsa_key

<190> JUN 21 03:09:31 0.0.0.0-1 UNKN[106300640]: sshd_main.c(421) 11 %% SSHD: successfully loaded DSA key

-test to https://10.0.10.214

-disable http server

(Config)#no ip http server enable