Website of latouche

[home] [Computers and networks] [User guides]

Basic commands on Alcatel Omniswitch

This page is based on the notes I took when managing Alcatel Omniswitchs 6600, 6800 and 6850. The full documentation can be found on the Alcatel-Lucent website.

Manage configuration files

Alcatel Omniswitchs can operate in two modes: working and certified (show running-directory to know in which mode the switch is). In working mode, the configuration can be modified, whereas it's no possible in certified mode (in fact, it is). When booting, if working and certified configuration files are different, the switch will boot in certified mode. Conf files are stored in certifed/boot.cfg and working/boot.cfg (they can be directly edited with vi).

When playing with the configuration, it can be useful to reload the switch in certified mode if a configuration error occurs. It is possible to program the reload before playing: reload in <n> where n is the number of minutes to wait before reloading. A reload can be canceled with reload cancel. show reload will show you when the switch will reboot.

Configure VLANs

A layer 2 VLAN is created with vlan <vlan_number> enable name “VLAN name” and removed with no vlan <vlan_number>. show vlan lists all the VLANs, show vlan <vlan_number> shows the details of <vlan_number>.

Depending on the microcode version (show microcode), a layer 3 VLAN is created using:

and removed with: Port association: 802.1Q:

Link aggregation

Hardware

When stacking is operational, one switch is primary, one other secondary and the others in idle state. If the primary disappears, the secondary becomes primary and the first ilde becomes secondary.
Get info about the chassis: show chassis and about the stack: show stack topology.

Interface:

To monitor the health of the system: show health all (cpu|memory)

To show CMM (Control Management Module) information: show cmm

System

Uptime, date, name, contact, location: show system

To change:

The default prompt is “->”. session prompt default “sw1->” changes it to “sw1->”. You can get the other session parameters with show session config

When a command lists to many lines on the screen, it's possible to use more to see page by page: more size <size> where <size> is the number of lines shown. Use more to activate the mode and more size <size> to set the number of lines shown. Cancel this mode with no more.

To change the timeout of the telnet/ssh sessions: session timeout cli <timeout>

NTP

Set a server: ntp server <server_ip>. Even if the DNS is configured, you can't specify a name for the NTP server. Then activate NTP: ntp client enable.

Get NTP info:

Logs

Show logging configuration: show swlog

Show switch logs:

Enable syslog with: swlog output socket <syslog_server_ip>

STP

STP can operates in two modes: flat and 1x1. In flat mode, there is only one instance for the whole switch whereas in 1x1 mode, there is one instance per VLAN. I recommand the 1x1 mode (now the default one). Change STP mode: bridge mode (flat|1x1)

Get STP configuration: show spantree

It is possible to deactivate STP on specified vlans/ports : vlan <vlan_number> stp (enable|disable) and bridge <vlan_number> <slot>/<port> (enable|disable)

Change STP algorithm: bridge protocol (802.1D|STP|RTSP). I didn't managed to set rstp for all vlan as a global config, I had to set it vlan per vlan using: bridge 1x1 <vlan_number> protocol (802.1D|STP|RTSP).

DNS

DHCP relay

Services

Activate/deactivate services: [no] ip service (ftp|ssh|telnet|http|secure-http|udp-relay|snmp|all). List of activated services: show ip service.

For https: ip http ssl

AAA

Authentification can be local or made with a radius

To activate a service, the authentication has to be set: aaa authentication default “local”, aaa authentication (console|ssh|ftp|802.1X|vlan|...) “local”

ARP

ARP table: show arp

Mac Address table: show mac-address-table

Add a static MAC/IP entry: arp <IP> <MAC>, no arp <IP> to remove it.

Clear dynamic arp entries: clear arp-table

To specify when an dynamic entry timeouts (default: 300seconds): mac-address-table aging-time <seconds> [vlan <vlan_number>]

SNMP

Firts, you have to create a user and give it the right to do SNMP:

Then configure the snmp server:

Port mirroring

Port mirroring works 12 ports by 12 ports (at least for models up to 6800). It is possible to configure multiple sources for one session and thus see the traffic of multiple ports in one output.

POE

By default, the POE is disabled on all ports.

A power of 230W is enough for a full slot equipped with IP Phones (note: TBC). It has been noticed that a switch may provide instable POE if too many equipments are connected and its PSU is not enough powerfull.

QoS and ACL

To come soon ...

802.1X

To come soon ...


Last update: 2012/07/23