smhk

Configuring a Brocade FastIron switch

Following are some notes on configuring a Brocade FastIron FCX 624S network switch.

Using the CLI §

Connecting §

Connect an RS-232 cable to the serial port on the switch, determine the correct COM port, then connect via Putty on baud 9600.

Help §

The CLI is a little cryptic. Typing help does not give help, other than telling you to use ? “for a list”, e.g.:

fcx>help
Invalid input -> help
Type ? for a list

At seemingly any time you can type ?, even part way through typing a command(!), and it will list all available commands for your current mode. But there does not seem to be any way to list the arguments a given command takes. If you naïvely run a command without the correct arguments, you will not get any hints, just Incomplete command. or Invalid input, e.g.:

fcx#configure
Incomplete command.
fcx#configure ip
Invalid input -> ip
Type ? for a list

Entering configuration mode §

The switch configuration can only be modified in configuration mode. Upon first connecting, you start in unprivileged mode.

To enter configuration mode, run enable to enter privileged mode (i.e. to log in), then configure terminal to enter configuration mode. For example:

fcx>enable
No password has been assigned yet...
fcx#configure terminal

You can tell you are in configuration mode when the prompt begins with <hostname>(config)#

Then you can make configuration changes:

fcx(config)#ip route 192.168.1.0/24 192.168.2.1

Saving the changes §

By default, changes are not written to flash, so will be lost after a reboot. To save the changes, use write memory. For example:

fcx(config)#write memory
Write startup-config done.

fcx(config)#Flash Memory Write (8192 bytes per dot) .
Copy Done.

Printing the configuration §

You can also write the configuration to your terminal, which will print it all out:

fcx(config)#write terminal
Current configuration:
!
ver 08.0.30uT7f3
!
(etc.)

Similarly, you can run show config, which seems to also include where the config is being loaded from:

fcx(config)#show config
!
Startup-config data location is flash memory
!
Startup configuration:
!
ver 08.0.30uT7f3

For a much more verbose output, you can run show tech-support, which prints pages of information to the terminal.

Exiting configuration mode §

Run exit to exit configuration mode and return back to the “logged in” mode (which you first reached after running enable).

CLI help output §

Following is the output of the ? command.

Help from unprivileged mode §

fcx>
  enable            Enter Privileged mode
  ping              Ping IP node
  show              Display system information
  stop-traceroute   Stop current TraceRoute
  traceroute        TraceRoute to IP Node

Help from privileged mode §

fcx#
  alias                        Display configured aliases
  boot                         Boot system from bootp/tftp server/flash image
  clear                        Clear table/statistics/keys
  clock                        Set clock
  configure                    Enter configuration mode
  copy                         Copy between flash, tftp, scp, config/code
  debug                        Enable debugging functions (see also 'undebug')
  disable                      Disable system monitoring
  dot1x                        802.1X
  downgrade_to                 downgrade to a version prior to 8.0
  enable                       Enable system monitoring
  erase                        Erase image/configuration from flash
  execute                      Execute commands in batch
  exit                         Exit Privileged mode
  fips                         FIPS execution commands
  inline                       Inline power (PoE) configuration/operation
  jitc                         JITC execution commands
  kill                         Kill active CLI session
  license                      Delete software licenses
  page-display                 Display data one page at a time
  phy                          PHY related commands
  ping                         Ping IP node
  port                         Port security command
  quit                         Exit to User level
  rconsole                     Use the console of another unit
  reload                       Halt and perform a warm restart
  show                         Display system information
  simulate-non-stacking-unit   Simulate the absence of the stacking PROM
  skip-page-display            Enable continuous display
  ssh                          SSH by name or IP address / hostkeys
  stack                        stacking run-time commands
  stop-traceroute              Stop TraceRoute operation
  supportsave                  support save related
  telnet                       Telnet by name or IP address
  temperature                  temperature sensor commands
  terminal                     display syslog
  trace-l2                     TraceRoute L2
  traceroute                   TraceRoute to IP node
  undebug                      Disable debugging functions (see also 'debug')
  verify                       Verify object contents
  whois                        WHOIS lookup
  write                        Write running configuration to flash or terminal

Help from configuration mode §

fcx(config)#
  aaa                           Define authentication method list
  access-list                   Define Access Control List (ACL)
  aggregated-vlan               Support for larger Ethernet frames up to 1536
                                bytes
  alias                         Configure alias or display configured alias
  all-client                    Restrict all remote management to a host
  arp                           Enter a static IP ARP entry
  arp-internal-priority         Set packet priority
  authentication                Configure flexible authentication
  banner                        Define a login banner
  batch                         Define a group of commands
  boot                          Set system boot options
  bootp-relay-max-hops          Set maximum allowed hop counts for BOOTP
  bpdu-flood-enable             Flood untagged BPDUs only (MSTP/SSTP)
  buffer-profile                Set the buffer profile for this application
  buffer-sharing-full           Remove buffer allocation limits per port
  captive-portal                Create captive-portal(cp) command mode
  cdp                           Global CDP configuration command
  chassis                       Configure chassis name and polling options
  clear                         Clear table/statistics/keys
  clock                         Set system time and date
  console                       Configure console port
  cpu-limit                     Set limits from each packet processor to CPU
  crypto                        Crypto configuration
  crypto-ssl                    Crypto ssl configuration
  default-vlan-id               Change Id of default VLAN, default is 1
  disable-hw-ip-checksum-check
  enable                        Password, page-mode and other options
  end                           End Configuration level and go to Privileged
                                level
  errdisable                    Set Error Disable Attributions
  exit                          Exit current level
  extern-config-file            Extern configuration file
  fast                          Fast spanning tree options
  fdp                           Global FDP configuration subcommands
  fips                          FIPS Commands
  flash-timeout                 config timeout for flash operations
  flow-control                  Enable 802.3x flow control on full duplex port
  gig-default                   Set Gig port default options
  gvrp-base-vlan-id             Base VLAN-ID used by GVRP (Default: 4093)
  gvrp-enable                   Enable GARP VLAN Registration Protocol (GVRP)
  gvrp-max-leaveall-timer       Maximum Leave-All Timer for GVRP (Default:
                                300,000 ms)
  hash-chain-length             HW hash, 4-32, dflt: 4. High value improves
                                hashing but might affect line rate
  hitless-failover              Enable hitless failover
  hostname                      Rename this switching router
  image-auto-copy               Image Mismatch auto-copy
  inline                        Inline power (PoE) configuration
  interface                     Port commands
  ip                            IP settings
  ipv4-subnet-response          Allow ipv4 subnet broadcast
  ipv6                          IPv6 settings
  jitc                          JITC Commands
  jumbo                         port jumbo frame support (10200 bytes)
  lag                           Link aggregation group
  lag-hash                      Link aggregation hash options
  legacy-inline-power           set legacy (capacitance-based) PD detection -
                                default
  link-config                   Link Configuration
  link-keepalive                Link Layer Keepalive
  lldp                          Configure Link Layer Discovery Protocol
  local-userdb                  Configure local user database
  logging                       Event logging settings
  loop-detection-interval       set period to send loop-detection packets,
                                unit: 0.1 sec
  loop-detection-syslog-interval
  mac                           Set up MAC filtering
  mac-age-time                  Set aging period for all MAC interfaces
  mac-movement                  Configure Mac Movement Notifications
  mac-notification              Enable Mac-notification feature
  management-vrf                Define Global Management VRF
  max-acl-log-num               maximum number of ACL log per minute (0 to
                                4096, default 256)
  mirror-port                   Enable a port to act as mirror-port
  mstp                          Configure MSTP (IEEE 802.1s)
  mtu-exceed                    MTU control action(DF not set)
  no                            Undo/disable commands
  ntp                           Set NTP configuration
  optical-monitor               Enable optical monitoring with default
                                alarm/warn interval
  password-change               Restrict access methods with right to change
                                password
  port                          UDP and Port Security Configuration
  port-statistics-reset-timestamp
  privilege                     Augment default privilege profile
  protected-link-group          Define a Group of ports as Protected Links
  qd-buffer                     # of buffers for the port
  qd-buffer-profile             User defined buffer/descriptor profile for QoS
  qd-descriptor                 Queue depth for traffic class(# of descriptors)
  qd-share-level                configure buffer sharing pool
  qos                           Quality of service commands
  qos-tos                       IPv4 ToS based QoS settings
  quit                          Exit to User level
  radius-client                 Configure RADIUS Dynamic Authorization Client
  radius-server                 Configure RADIUS server
  rarp                          Enter a static IP RARP entry
  rate-limit-arp                Set limit on received ARP per second
  relative-utilization          Display port utilization relative to selected
                                uplinks
  reserved-vlan-map             Map Default Reserved VLAN ID to some other
                                value not used
  rmon                          Configure RMON settings
  route-map                     Create route map or enter route-map command mode
  route-only                    Disable Layer 2 switching
  router                        Enable routing protocols
  scale-timer                   Scale timer by factor for documented features
  sflow                         Set sflow params
  show                          Show system information
  snmp-client                   Restrict SNMP access to a certain IP node
  snmp-server                   Set onboard SNMP server properties
  spanning-tree                 Set spanning tree parameters
  ssh                           Restrict ssh access by ACL
  stack                         Configure stack local parameters
  stp-group                     Spanning Tree Group settings
  symmetric-flow-control        Symmetric Flow Control related parameters
  sysmon                        system monitoring related configuration
  system-max                    Configure system-wide maximum values
  tacacs-server                 Configure TACACS server
  tag-profile                   Configure tag-profile
  tag-type                      Customize value used to identify 802.1Q Tagged
                                Packets
  telnet                        Set telnet access and timeout
  tftp                          Restrict tftp access
  topology-group                Configure topology vlan group for L2 protocols
  traffic-policy                Define Traffic Policy (TP)
  unalias                       Remove an alias
  username                      Create or update user account
  vlan                          VLAN settings
  vlan-group                    VLAN group settings
  vrf                           VRF specific commands
  web                           Restrict web management access to a certain IP
                                node
  web-management                Web management options
  write                         Write running configuration to flash or terminal
  <cr>

Determining the correct COM port §

A simple approach is to list all COM ports before connecting the cable, then list all COM ports after, and spot the new one.

There are several ways to list all COM ports.

Device Manager §

Go to Start → Device Manager → Ports.

reg command §

In a command prompt run reg query HKLM\HARDWARE\DEVICEMAP\SERIALCOMM, e.g.:

C:\Users\bob>reg query HKLM\HARDWARE\DEVICEMAP\SERIALCOMM

HKEY_LOCAL_MACHINE\HARDWARE\DEVICEMAP\SERIALCOMM
    \Device\Serial1    REG_SZ    COM1
    \Device\Serial0    REG_SZ    COM3

mode command §

In a command prompt run mode, e.g.:

C:\Users\bob>mode

Status for device COM1:
-----------------------
    Baud:            1200
    Parity:          None
    Data Bits:       7
    Stop Bits:       1
    Timeout:         OFF
    XON/XOFF:        OFF
    CTS handshaking: OFF
    DSR handshaking: OFF
    DSR sensitivity: OFF
    DTR circuit:     ON
    RTS circuit:     ON


Status for device COM3:
-----------------------
    Baud:            1200
    Parity:          None
    Data Bits:       7
    Stop Bits:       1
    Timeout:         OFF
    XON/XOFF:        OFF
    CTS handshaking: OFF
    DSR handshaking: OFF
    DSR sensitivity: OFF
    DTR circuit:     ON
    RTS circuit:     ON


Status for device CON:
----------------------
    Lines:          9001
    Columns:        120
    Keyboard rate:  31
    Keyboard delay: 1
    Code page:      437