We've moved from Blogger to WordPress!

You should be automatically redirected in 5 seconds. If not, visit
http://blog.michaelfmcnamara.com
and update your bookmarks.

Showing posts with label 5500 series. Show all posts
Showing posts with label 5500 series. Show all posts

Tuesday, March 11, 2008

How to set passwords from the CLI?

There have been quite a few comments posted to the Factory Reset Nortel Ethernet Switch article. One of those comments requested some help in how to set the passwords from the CLI (command line interface). You'll obviously need the read-write password in order to login to the switch and reset the passwords. Without the read-write password you'll need to factory reset the switch.

Note: I'm still trying to figure out the best way to display the CLI stuff... if I use the PRE HTML tag the font is really too small, if I don't use the PRE HTML tag the formatting (spacing) gets lost making it difficult to compare the post with the real world output from a CLI interface.

Nortel Ethernet Routing Switch 5500 Series (v5.1)

Here's how to set the passwords on the Nortel Ethernet Routing Switch 5500 Series (v5.1 software).

5520-48T-PWR>enable
5520-48T-PWR#config term
Enter configuration commands, one per line. End with CNTL/Z.
What's the syntax to set the read-only and read-write passwords?
5520-48T-PWR(config)#cli password ?
read-only Modify read-only password
read-write Modify read-write password
serial Enable/disable serial port password.
telnet Enable/disable telnet and web password.
We'll use the commands below to set the read-only (RO) password to "readonlypassword" and the ready-write (RW) passwords to "readwritepassword";
5520-48T-PWR(config)#cli password read-only readonlypassword
5520-48T-PWR(config)#cli password read-write readwritepassword
What is the syntax to enable the passwords on the serial and telnet interfaces?
5520-48T-PWR(config)#cli password serial ?
local Use local password.
none Disable password.
radius Use RADIUS password authentication.
tacacs Use TACACS+ AAA services

5520-48T-PWR(config)#cli password telnet ?
local Use local password.
none Disable password.
radius Use RADIUS password authentication.
tacacs Use TACACS+ AAA services

We'll use the commands below to set the serial and telnet interface to use the local passwords we've just configured above. You could also use RADIUS and TACACS authentication if you set it up.
5520-48T-PWR(config)#cli password serial local
5520-48T-PWR(config)#cli password telnet local
And let's not forget to save the configuration file (even though the switch should auto-save it).
5520-48T-PWR(config)#copy config nvram
5520-48T-PWR(config)#exit
5520-48T-PWR#disable
5520-48T-PWR>
Nortel Ethernet Routing Switch 4500 Series (v5.0)

The Nortel Ethernet Routing Switch 4500 Series (v5.0 software) is piratically identical to the 5500 series except that it does not yet support TACACS authentication.
4548GT-PWR(config)#cli password ?
read-only Modify read-only password
read-write Modify read-write password
serial Enable/disable serial port password.
telnet Enable/disable telnet and web password.

4548GT-PWR(config)#cli password serial ?
local Use local password.
none Disable password.
radius Use RADIUS password authentication.

4548GT-PWR(config)#cli password telnet ?
local Use local password.
none Disable password.
radius Use RADIUS password authentication.
Nortel Ethernet Switch 460/470 (v3.7.2)

The Nortel Ethernet Switch 460/470 (v3.7.2 software) is identical to the ERS 4500 series.
470-48T>enable
470-48T#config term
Enter configuration commands, one per line. End with CNTL/Z.

470-48T(config)#cli password ?
read-only Modify read-only password
read-write Modify read-write password
serial Enable/disable serial port password.
telnet Enable/disable telnet and web password.

470-48T(config)#cli password serial ?
local Use local password.
none Disable password.
radius Use RADIUS password authentication.

470-48T(config)#cli password telnet ?
local Use local password.
none Disable password.
radius Use RADIUS password authentication.
Hopefully this should help a few folks out.

Cheers!

Posted by Michael McNamara at 10:00 PM 0 comments

Sunday, December 30, 2007

Default Nortel Ethernet Switch Usernames

If you've ever tried to connect to the web interface of a Nortel Ethernet Switch 460/470 or Ethernet Routing Switch 5510/5520/5530 you might have found that you need to provide a username.

In software release v3.7.x for the Nortel Ethernet Switch 460/470 you'll also find that you now need to provide a username when you telnet into the switch (in previous releases you were only prompted for a password, now you are prompted for a username and password).

Interestingly enough you cannot change the default usernames (at least I don't believe you can).

For the above mentioned switches there are only two levels of access, read-write and read-only.

The default username for the read-write user level is RW.
The default username for the read-only user level is RO.

Updated 1/16/08: I should have included the default passwords for those two accounts.
The default password for the read-write user level is "secure".
The default password for the read-only user level is "user".

Cheers!

Posted by Michael McNamara at 10:00 PM 3 comments

Monday, November 26, 2007

NVR Audit data initialized

There have been a few folks asking me if I know what the following log entry is on their Nortel Ethernet Routing Switch 5500 Series, "NVR Audit data initialized - incorrect magic number: 0xffffffff".

I believe this is documented from Nortel as a bug in their latest software. The switch is throwing an error because the audit data (a new feature in the v5.x software line) is not present in the configuration or NVRAM the first time the switch boots after an upgrade to v5.x. This error could also occur if you've just factory reset your switch to the default configuration. I believe the error can be safely ignored as I've seen it on all 42 of my 5500 series switches.

I do remember seeing something about this error documented from Nortel, unfortunately I can't seem to find that reference now.

ERS-5520#show logging
Type Time Idx Src Message
---- ----------------------- ---- --- -------
S 00:00:00:00 1 NVR SNTP: Could not sync to NTP servers.
S 2007-04-05 17:18:08 GMT 2 NVR SNTP: Could not sync to NTP servers.
S 2007-04-05 17:22:07 GMT 3 NVR Audit data initialized - incorrect magic number: 0xffffffff
I 2007-04-19 01:21:03 GMT 4 Web server starts service on port 80.
I 2007-04-19 01:21:19 GMT 5 IGMP: Unknown Multicast Filter disabled
I 2007-04-19 01:21:19 GMT 6 PoE Port Detection Status: Port 1 Status: Delivering Power
I 2007-04-19 01:21:22 GMT 7 PoE Port Detection Status: Port 35 Status: Delivering Power
I 2007-04-19 01:21:49 GMT 8 Port 0/47 reenabled by VLACP
I 2007-04-19 01:21:49 GMT 9 Port 0/48 reenabled by VLACP
I 2007-04-19 01:23:05 GMT 10 SNTP: First synchronization successful.
I 2007-04-19 01:23:18 GMT 11 Warm Start Trap
I 2007-04-19 01:23:19 GMT 12 Link Up Trap Port: 1
I 2007-04-19 01:23:20 GMT 13 Trap: pethPsePortOnOffNotification
I 2007-04-19 01:23:20 GMT 14 Trap: bsAdacPortConfigNotification for Port: 47, Config: Applied
Cheers!

Posted by Michael McNamara at 10:00 AM 0 comments

Sunday, November 25, 2007

Factory Reset Nortel Ethernet Switch

There can be times when you need to factory reset a switch. This process can be accomplished through the CLI but if you've lost the switch password you'll need to follow a special process. This process should work for any of the Ethernet Switches (450, 460, 470) and the Ethernet Routing Switches 2500 Series, 4500 Series, 5500 (5510, 5520, 5530) Series. There is a different process to recover lost passwords on the Ethernet Routing Switch 1600 and 8600.

Follow these steps:

  1. Connect to the console port of the switch (9600,8,N,1)
  2. Reboot the switch.
  3. When the first line of the diagnostics tests is displayed, press CTRL-C. The system then displays a menu.
  4. Select option "i" to factory default the switch.
  5. Select option "a" to run the agent code.
Upon boot up, the switch will be in a factory default configuration.

Cheers!

Posted by Michael McNamara at 10:00 AM 20 comments

Saturday, November 10, 2007

Time Domain Reflectometer (TDR)

We have quite a few Nortel Ethernet Routing Switch 5500s deployed throughout our organization. There's a great new benefit in using the new hardware to help us test the cable plant remotely.

Here’s the text from the Nortel manual;

Testing cables with the Time Domain Reflectometer
With Release 5.0 software, the Nortel Ethernet Routing Switch 5500 Series is equipped with a Time Domain Reflectometer (TDR). The TDR provides a diagnostic capability to test connected cables for defects (such as short pin and pin open). You can obtain TDR test results from the CLI or the JDM. The cable diagnostic tests only apply to Ethernet copper ports; fiber ports cannot be tested. You can initiate a test on multiple ports at the same time. When you test a cable with the TDR, if the cable has a 10/100 MB/s link, the link is broken during the test and restored only when the test is complete. Use of the TDR does not affect 1 GB/s links.
 Note: The accuracy margin of cable length diagnosis is between three to five meters. Nortel suggests the shortest cable for length information be five meters long.
Unfortunately this feature is ONLY available on the 5510, 5520 and 5530 switches.
Using Device Manager you’ll find the option on the port settings (a tab to the right labeled “TDR”). You can also use the following CLI commands;
tdr test <portlist>
show tdr <portlist>
Cheers!

Posted by Michael McNamara at 8:30 AM 1 comments
Subscribe to: Posts (Atom)