6.4.1 Configuring the Cisco Catalyst 4948 Ethernet Switch

The Cisco Catalyst 4948 Ethernet switch supplied with Oracle Exadata Rack is minimally configured during installation.

The minimal configuration disables IP routing, and sets the following:

• Host name
• IP address setup
• Subnet mask
• Default gateway
• Domain name
• Name server
• NTP server
• Time
• Time zone

Before configuring the switch, note the following:

• The Cisco Ethernet switch should not be connected until the running configuration has been verified, and any necessary changes have been made by the network administrator.

• The Cisco Ethernet switch should not be connected to the customer network until the IP addresses on all components have been configured in Oracle Exadata Rack. This is to prevent any duplicate IP address conflicts which are possible due to the default addresses set in the components when shipped.

Note that the Cisco 4948E-F switch supports multiple uplinks to the customer network by utilizing ports 49 - 52. This is a more complicated switch setup due to the redundant connectivity, and should be performed by the customer's network administrator.

The following procedure describes how to configure the Cisco Ethernet switch. Configuration should be done with the network administrator.

1. Connect a serial cable from the Cisco switch console to a laptop or similar device. An Oracle supplied rollover cable is pre-installed on the Cisco serial console port. Obtain the appropriate adapter and connect it at the end of the rollover cable. An Oracle P/N 530-3100 RJ45-DB9 adapter as used on ILOM ports will also work, connected at the end of the network cable.

2. Ensure the terminal session is recorded on the laptop by logging the output. The output can be used as a reference that the switch has been configured correctly. The default serial port speed is 9600 baud, 8 bits, no parity, 1 stop bit, and no handshake.

   Switch con0 is now available
   Press RETURN to get started.
   

3. Change to the enable mode.

   Switch> enable
   Password: ******
   Switch# 

   Note:

   If you do not have the password, then contact Oracle Support Services.

4. Check the current version on the switch.

   Switch# show version 
   Cisco IOS Software, Catalyst 4500 L3 Switch Software (cat4500e-
   IPBASEK9-M), Version 15.2(3)E2, RELEASE SOFTWARE (fc1)
   Technical Support: http://www.cisco.com/techsupport
   Copyright (c) 1986-2014 by Cisco Systems, Inc.
   Compiled Tue 11-Mar-14 18:28 by prod_rel_team
   
   ROM: 12.2(44r)SG12
   zdlra1sw-ip uptime is 1 minute
   System returned to ROM by reload
   System image file is "bootflash:cat4500e-ipbasek9-mz.152-3.E2.bin"
   Hobgoblin Revision 22, Fortooine Revision 1.40
   ...
   
   Configuration register is 0x2102
   
   Switch#

   The version of the Cisco 4948E-F switch firmware purchased and shipped by Oracle with Oracle Exadata X6 is IPBASEK9-MZ, which includes telnet and ssh support. Currently the full release version string is cat4500e-ipbasek9-mz.152-3.E2.bin.

5. Configure the network for a single VLAN. The following example assumes you are using IPv4 addressing.

   Switch# configure terminal
   Enter configuration commands,one per line.End with CNTL/Z.
   Switch(config)# interface vlan 1
   Switch(config-if)# ip address 10.7.7.34 255.255.255.0
   Switch(config-if)# end
   Switch# *Sep 15 14:12:06.309:%SYS-5-CONFIG_I:Configured from console by console
   Switch# write memory
   Building configuration...
   Compressed configuration from 2474 bytes to 1066 bytes [OK ]
   

6. If IP routing is not used on the switch, this step is required. Disable the default IP routing setting, and configure the default gateway.

   Switch#configure terminal
   Enter configuration commands,one per line.End with CNTL/Z.
   Switch(config)#no ip routing
   Switch(config)#ip default-gateway 10.7.7.1
   Switch(config)#end 
   *Sep 15 14:12:46.309:%SYS-5-CONFIG_I:Configured from console by console
   Switch#write memory
   Building configuration...
   Compressed configuration from 2492 bytes to 1070 bytes [OK ]
   

7. If IP routing is required on the switch, then leave the IP routing setting as the default, and configure the default gateway. Replace 10.7.7.1 with the IP address of the gateway for the installation:

   Switch#configure terminal
   Enter configuration commands,one per line.End with CNTL/Z.
   Switch(config)#ip route 0.0.0.0 0.0.0.0 10.7.7.1
   Switch(config)#end
   *Sep 15 14:13:26.013:%SYS-5-CONFIG_I:Configured from console by console
   Switch#write memory
   Building configuration...
   Compressed configuration from 2502 bytes to 1085 bytes [OK ]

8. Set the host name of the switch.

   This example sets the name to exa1sw-ip:

   Switch#configure terminal
   Enter configuration commands,one per line.End with CNTL/Z.
   Switch(config)#hostname exa1sw-ip
   exa1sw-ip(config)#end
   exa1sw-ip#write memory
   Building configuration...
   Compressed configuration from 3789 bytes to 1469 bytes [OK ]
   

   The system host name is used as the prompt name.

9. Configure up to three DNS servers. Replace the domain name and IP addresses used in this example with the values for the installation:

   exa1sw-ip#configure terminal
   Enter configuration commands,one per line.End with CNTL/Z.
   exa1sw-ip(config)#ip domain-name example.com
   exa1sw-ip(config)#ip name-server 10.7.7.3
   exa1sw-ip(config)#ip name-server 198.51.100.5 
   exa1sw-ip(config)#ip name-server 10.8.160.1
   exa1sw-ip(config)#end 
   *Sep 15 14:26:37.045:%SYS-5-CONFIG_I:Configured from console by console
   exa1sw-ip#write memory
   Building configuration...
   Compressed configuration from 2603 bytes to 1158 bytes [OK ]
   
   

   If you do not have DNS service available, you must still set the domain-name so that you can configure the SSH keys.

10. (Optional) Set the password.

    exa1sw-ip# configure terminal
    Enter configuration commands,one per line. End with CNTL/Z.
    exa1sw-ip(config)# enable password password
    exa1sw-ip(config)# enable secret password 
    exa1sw-ip(config)# end
    exa1sw-ip# write memory 
    *Sep 15 14:25:05.893:%SYS-5-CONFIG_I:Configured from console by console
    Building configuration...
    Compressed configuration from 2502 bytes to 1085 bytes [OK ]
    

11. Verify telnet access is disabled. Telnet is not secure, and should not be enabled unless there is a compelling reason. To enable telnet, set a password. To disable it, remove the password.

    exa1sw-ip#configure terminal
    Enter configuration commands,one per line. End with CNTL/Z.
    exa1sw-ip(config)#line vty 0 15
    exa1sw-ip(config)#login
    % Login disabled on line 1, until 'password' is set
    % Login disabled on line 2, until 'password' is set
     ...
    % Login disabled on line 16, until 'password' is set
    exa1sw-ip(config)#end
    

    If the login command returns output as shown above, then telnet access has been disabled. If instead you get a prompt, then telnet access is not yet disabled so should be disabled now.

    exa1sw-ip(config-line)#no password
    exa1sw-ip(config-line)#end
    exa1sw-ip#write memory 
    Building configuration...
    Compressed configuration from 3786 bytes to 1468 bytes [OK ]
    

12. To configure a secure shell (SSH) on the Ethernet switch:

    exa1sw-ip# configure terminal
    Enter configuration commands, one per line. End with CNTL/Z.
    exa1sw-ip(config)# crypto key generate rsa
    % You already have RSA keys defined named exa1sw-ip.example.com.
    % Do you really want to replace them? [yes/no]: yes
    Choose the size of the key modulus in the range of 360 to 2048 for
    your General Purpose Keys. Choosing a key modulus greater than 512
    may take a few minutes.
    How many bits in the modulus [512]: 768
    
    % Generating 768 bit RSA keys, keys will be non-exportable...[OK]
    exa1sw-ip(config)# username admin password 0 welcome1
    exa1sw-ip(config)# line vty 0 15
    exa1sw-ip(config-line)# transport input ssh
    exa1sw-ip(config-line)# exit
    exa1sw-ip(config)# aaa new-model
    
    exa1sw-ip(config)# ip ssh time-out 60
    exa1sw-ip(config)# ip ssh authentication-retries 3
    exa1sw-ip(config)# ip ssh version 2
    exa1sw-ip(config)# end
    *Sep 15 14:26:37.045: %SYS-5-CONFIG_I: Configured from console by console
    exa1sw-ip# write memory
    Building configuration...
    Compressed configuration from 2603 bytes to 1158 bytes[OK]

13. Set the clock and time zone. The switch keeps internal time in Coordinated Universal Time (UTC) format.

    • To use UTC, use the following command:

      no clock timezone global configuration
      

    • To use a time zone, use the following command:

      clock timezone zone hours-offset [minutes-offset]
      

      In the preceding command, zone is the time zone to display when standard time in effect, hours-offset is the hours offset from UTC, and minutes-offset is the minutes offset from UTC.

    • Daylight savings time (or summer time) is disabled by default. To set summer time hours, use the following command:

      clock summer-time zone recurring [week day monthhh:mm week day month \
      hh:mm[offset]]
      

      In the preceding command, zone is the time zone to be displayed when summer time is in effect (EDT, for example), week is the week of the month (1 to 5 or last), day is the day of the week (Sunday, Monday, ...), month is the month (January, February, ...), hh:mm is the hours and minutes in 24-hour format, and offset is the number of minutes to add during summer time. The default offset is 60 minutes.

    • To manually set the clock to any time use the following command, where the time specified is relative to the configured time zone:

      clock set hh:mm:ss month day year
      

      In the preceding command, hh:mm:ss is the time in 24-hour format, day is the day by date in the month, month is the name of the month, and year is the 4-digit year.

    The ordering of commands is important when setting the local time and time zone. For example, to set the local time to US Eastern time:

    exa1sw-ip# configure terminal
    Enter configuration commands,one per line. End with CNTL/Z.
    exa1sw-ip(config)# clock timezone EST -5 
    exa1sw-ip(config)# clock summer-time EDT recurring
    exa1sw-ip(config)# end
    exa1sw-ip# clock set 21:00:00 August 09 2018
    exa1sw-ip# write memory
    Building configuration...
    Compressed configuration from 3784 bytes to 1465 bytes [OK ]
    exa1sw-ip# show clock
    21:00:06.643 EST Mon Aug 9 2018
    

14. After setting the local time zone, you can configure up to two NTP servers. Replace the IP addresses used in this example with the values for the installation:

    exa1sw-ip# configure terminal
    Enter configuration commands,one per line. End with CNTL/Z.
    exa1sw-ip(config)# ntp server 10.7.7.32 prefer
    exa1sw-ip(config)# ntp server 198.51.100.19
    exa1sw-ip(config)# end
    *Sep 15 14:51:08.665:%SYS-5-CONFIG_I:Configured from console by console
    exa1sw-ip# write memory
    Building configuration...
    Compressed configuration from 2654 bytes to 1163 bytes [OK ]
    exa1sw-ip# show ntp status
    <output will vary per network>
         .
    exa1sw-ip# show clock
    21:00:23.175 EST Mon Aug 9 2018
    

    The NTP server is synchronized to local time when you connect the Cisco switch to the network and it has access to NTP.

    Symbols that precede the show clock display indicate that the time is the following:

    • * Not authoritative
    • . Authoritative, but NTP is not synchronized.
    • Authoritative (blank space).

15. Verify the Ethernet configuration using the following command:

    exa1sw-ip# show running-config
    Building configuration...
    Current configuration : 3923 bytes
    !
    version 15.2
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    service compress-config
         .
         .
         .
    
    

    Note:

    If any setting is incorrect, then repeat the appropriate step. To erase a setting, enter no in front of the same command. For example, to erase the default gateway, use the following commands:

    exa1sw-ip#configure terminal
    Enter configuration commands, one per line. End with CNTL/Z.
    exa1sw-ip(config)# no ip default-gateway 10.7.7.1
    exa1sw-ip(config)# end
    exa1sw-ip#
    *Sep 15 14:13:26.013: %SYS-5-CONFIG_I: Configured from console by console
    exa1sw-ip(config)# write memory
    Building configuration...
    Compressed configuration from 2502 bytes to 1085 bytes[OK]
    

16. Save the current configuration.

    exa1sw-ip#copy running-config startup-config
    Destination filename [startup-config]?
    Building configuration...
    Compressed configuration from 2654 bytes to 1189 bytes[OK]

17. Exit from the session using the following command:

    exa1sw-ip# exit
    
    exa1sw-ip con0 is now available
    
    Press RETURN to get started.

18. Disconnect the cable from the Cisco console.

    The Cisco switch must not be connected to the management network at this stage. The switch will be connected later after Oracle has configured the systems with the necessary IP addresses and you have worked with the field service engineer to make any additional changes necessary for connecting to the network.

19. To check the Cisco switch, attach a laptop computer to port 48, and ping the IP address of the internal management network to check the configuration.