5. Boot Options

This chapter provides information about configuring boot option parameters.

Topics in this chapter include:

  1. System Initialization
  2. Initial System Startup Process Overview
  3. Boot Loader File Protection
  4. Accessing the CLI
  5. Accessing the Management Port on a 7705 SAR-W
  6. Accessing MPT Radios Connected to a 7705 SAR
  7. Configuration Notes
  8. Configuring Boot File Options with the CLI
  9. BOF Command Reference

5.1. System Initialization

Depending on the chassis, the primary copy of 7705 SAR software is located either on a removable compact flash card that is shipped with the 7705 SAR router or in the router on-board flash memory. The compact flash (cf3) contains a copy of the 7705 SAR image, the bootstrap file (boot.ldr), and the boot option file (BOF). The compact flash can also be used to store configurations and executable images. These configurations and images can also be stored at an FTP file location.

The following chassis have removable compact flash cards:

  1. 7705 SAR-8
  2. 7705 SAR-18
  3. 7705 SAR-H
  4. 7705 SAR-M

All other chassis have integrated memory that cannot be removed.

Note:

In most cases you must have a console connection in order to access the node when there is no network connectivity to the node. Some commands can be given to the node through the ACO/LT button before there is network connectivity. See Automatic Discovery Protocol. Also refer to the appropriate chassis installation guide, “Automatic Discovery Protocol”.

Starting a 7705 SAR begins with hardware initialization (a reset or power cycle). By default, the system searches the compact flash (cf3) for the boot.ldr file (also known as the boot loader or bootstrap file). The boot.ldr file is the image that reads and executes the system initialization commands configured in the BOF. The default value to initially search for the boot.ldr file on cf3 cannot be modified.

If the system cannot load or cannot find the boot.ldr file on the compact flash memory device (cf3), the system will reboot continuously in an attempt to successfully find and load the file. If this happens, the available options depend on the chassis.

For the 7705 SAR-8 and 7705 SAR-18, there are two options:

  1. remove the compact flash, connect it to a PC, and download another software package from OLCS; contact your Nokia support representative for detailed instructions
  2. return the faulty CSM to Nokia for replacement

For the 7705 SAR-M, there are two options:

  1. remove the compact flash, connect it to a PC, and download another software package from OLCS; contact your Nokia support representative for detailed instructions
  2. return the faulty chassis to Nokia for replacement

For the 7705 SAR-H, there are one or two options:

  1. if the compact flash is accessible, connect it to a PC, and download another software package from OLCS; contact your Nokia support representative for detailed instructions
  2. return the faulty chassis to Nokia for replacement

For the 7705 SAR-A, 7705 SAR-Ax, 7705 SAR-Hc, 7705 SAR-W, 7705 SAR-Wx, and 7705 SAR-X, return the faulty chassis to Nokia for replacement.

When the bootstrap image is loaded, the BOF is read to obtain the location of the image and configuration files. The BOF should be located on the same compact flash drive as the boot.ldr file. If the BOF cannot be found or loaded, the system prompts the user for alternate software and configuration file locations.

The following example displays the output when the boot sequence is interrupted.

. . .

Hit a key within 3 seconds to change boot parms... 
You must supply some required Boot Options. At any prompt, you can type:
   "restart" - restart the query mode.
   "reboot"  - reboot.
   "exit"    - boot with existing values.
 
Press ENTER to begin, or 'flash' to enter firmware update...
 
Software Location
-----------------
   You must enter the URL of the TiMOS software.
   The location can be on a Compact Flash device,
   or on the network.
 
   Here are some examples
      cf3:/timos2.0R1
      ftp://user:passwd@192.168.xx.xxx/./timos2.0R1
      tftp://192.168.xx.xxx/./timos2.0R1
 
The existing Image URL is 'ftp://*.*@192.168.xx.xxx/./rel/0.0/xx'
Press ENTER to keep it.
Software Image URL: 
Using: 'ftp://*.*@192.168.xx.xxx/./rel/0.0/xx'
 
Configuration File Location
---------------------------
   You must enter the location of configuration
   file to be used by TiMOS. The file can be on
   a Compact Flash device, or on the network.
 
   Here are some examples
      cf1:/config.cfg
      ftp://user:passwd@192.168.xx.xxx/./config.cfg
      tftp://192.168.xx.xxx/./config.cfg
 
The existing Config URL is 'cf3:/config.cfg'
Press ENTER to keep it, or the word 'none' for no Config URL.
Config File URL: 
Using: 'cf3:/config.cfg'
 
Network Configuration
---------------------
   You specified a network location for either the
   software or the configuration file. You need to
   assign an IP address for this system.
 
   The IP address should be entered in standard
   dotted decimal form with a network length.
       example:   192.168.xx.xxx/24
Display on Non-Redundant Models
 
The existing IP address is 192.168.xx.xxx/20. Press ENTER to keep it.
Enter IP Address: 
Using: 192.168.xx.xxx/20
Display on Redundant Models
 
The existing Active IP address is 192.168.xx.xxx/20. Press ENTER to keep it.
Enter Active IP Address: 
Using: 192.168.xx.xxx/20
 
The existing Standby IP address is 192.168.xx.xxx/20. Press ENTER to keep it.
Enter Standby IP Address (Type 0 if none desired): 
Using: 192.168.xx.xxx/20
 
 
Would you like to add a static route? (yes/no) y           
 
Static Routes
-------------
   You specified network locations which require
   static routes to reach. You will be asked to
   enter static routes until all the locations become
   reachable.
 
   Static routes should be entered in the following format:
   prefix/mask next-hop ip-address
       example:     192.168.xx.xxx/16 next-hop 192.168.xx.xxx
 
Enter route: 1.x.x.0/24 next-hop 192.168.xx.xxx
OK
 
Would you like to add another static route? (yes/no) n
 
New Settings
------------
    primary-image    ftp://*.*@192.168.xx.xx/./rel/0.0/xx
    primary-config   cf3:/config.cfg
    address          192.168.xx.xx/20 active
    primary-dns      192.168.xx.xx
    dns-domain       xxx.xxx.com
    static-route     1.x.x.0/24 next-hop 192.168.xx.xxx
    autonegotiate
    duplex           full
    speed            100
    wait             3
    persist          off
 
Do you want to overwrite cf3:/bof.cfg with the new settings? (yes/no): y
 
Successfully saved the new settings in cf3:/bof.cfg

Figure 4 displays the system initialization sequence.

Figure 4:  System Initialization - Part 1 

Figure 5 displays the compact flash directory structure and filenames.

Figure 5:  Files on the Compact Flash 

Files on the compact flash are:

  1. bof.cfg — boot option file
  2. boot.ldr — bootstrap image
  3. config.cfg — default configuration file
  4. TiMOS-m.n.Yz:
    m — major release number
    n — minor release number
    Y: type of release
    1. A — Alpha release
    2. B — Beta release
    3. M — maintenance release
    4. R — released software
    z — version number
    1. both.tim — CSM image file
    2. support.tim — field-programmable gate array (FPGA) file
    3. hmac-sha1.txt
Note:

  1. The support.tim file is included in the software bundles for the following platforms only: 7705 SAR-8, 7705 SAR-18, 7705 SAR-H, 7705 SAR-M, and 7705 SAR-X.
  2. The hmac-sha1.txt file is supported in FIPS-140-2 mode only. See FIPS-140-2 Mode for more information.

5.1.1. Configuration and Image Loading

When the system executes the boot.ldr file, the initialization parameters from the BOF are processed. Three locations can be configured for the system to search for the files that contain the runtime image. The locations can be local or remote. The first location searched is the primary image location. If not found, the secondary image location is searched, and lastly, the tertiary image location is searched.

If the files cannot be found or loaded, the system enters a console message dialog session prompting the user to enter alternate file locations and filenames.

When the runtime image is successfully loaded, control is passed from the bootstrap loader to the image. Depending on the options in the BOF file, the runtime image loads the configuration in one of two ways.

If ADP is enabled, no configuration files are processed at startup. Instead, ADP discovers the node configuration from the network and the primary-config file is generated based on the configuration discovered by ADP. Any existing primary-config file is backed up, then overwritten.

If ADP is not enabled, the runtime image attempts to locate the configuration file as configured in the BOF. Like the runtime image, three locations can be configured for the system to search for the configuration file. The locations can be local or remote. The first location searched is the primary configuration location. If not found, the secondary configuration location is searched, and lastly, the tertiary configuration location is searched.

The configuration file includes chassis, CSM, adapter card and port configurations, as well as system, routing, and service configurations.

Figure 6 displays the boot sequence.

Figure 6:  System Initialization - Part 2 

Figure 7 shows the boot sequence if Automatic Discovery Protocol (ADP) is run on the system.

Figure 7:  System Initialization With ADP 

5.1.1.1. Persistence

The BOF persist parameter can specify whether the system should preserve system indexes when a save command is executed. During a subsequent boot, the index file is read along with the configuration file. As a result, a number of system indexes are preserved between reboots, including the interface index, LSP IDs, and path IDs. If persistence is not required and the configuration file is successfully processed, the system becomes operational. If persistence is required, a matching x.ndx file must be located and successfully processed before the system can become operational. Matching files (configuration and index files) must have the same filename prefix, such as test123.cfg and test123.ndx, and are created at the same time when a save command is executed. The persistence option must be enabled to deploy the Network Management System (NMS). The default is off.

Traps, logs, and console messages are generated if problems occur, and SNMP shuts down for all SNMP gets and sets; however, traps are issued.

5.1.2. Automatic Discovery Protocol

Automatic Discovery Protocol (ADP) is triggered by a factory-installed boot option and automates the initial commissioning of 7705 SAR nodes. When the 7705 SAR is started for the first time, an ADP keyword in the BOF causes automatic discovery to run as part of the TiMOS application image. Refer to the appropriate chassis installation guide, “Automatic Discovery Protocol”, for more information on ADP.

ADP supports null, dot1q, and qinq encapsulation on:

  1. all ports on the 8-port Ethernet Adapter card on the 7705 SAR-8 (qinq is not supported on the version 1 card)
  2. all ports on the 8-port Ethernet Adapter card on the 7705 SAR-18 (the 7705 SAR-18 does not support the version 1 card)
  3. all ports on the 10-port 1GigE/1-port 10GigE X-Adapter card on the 7705 SAR-18
  4. all ports on the 6-port Ethernet 10Gbps Adapter card on the 7705 SAR-8 Shelf V2 with CSMv2 and the 7705 SAR-18
  5. all ports on the 8-port Gigabit Ethernet Adapter card
  6. all ports on the 6-port SAR-M Ethernet module
  7. all Ethernet ports on the 7705 SAR-H, 7705 SAR-Hc, 7705 SAR-W, 7705 SAR-Wx (all variants), 7705 SAR-X, 7705 SAR-A (all variants), and 7705 SAR-Ax
  8. all DSL or GPON ports on the 7705 SAR-M (variants with module slots), when a GPON, DCM, or xDSL module is installed in the chassis (qinq is not supported)
  9. the xDSL port on the 7705 SAR-Wx
Note:

ADP is not supported on the 4-port SAR-H Fast Ethernet module.

Caution:

In the case of an XOR port, ADP will not run successfully if the connection to the network is made from the SFP connector because the default connector is RJ-45.

When run on the system, ADP goes through four basic stages:

  1. Self-discovery
  2. Network Discovery
  3. Configuration Discovery
  4. Test and Commit

5.1.2.1. Self-discovery

During the self-discovery stage, all supported adapter cards and CSMs are detected and automatically provisioned. The 7705 SAR then brings up all Ethernet ports. Depending on the physical connectivity of the port, some ports may fail to come up. If at least one port connected to the transport network becomes operationally up, ADP moves to the next stage.

5.1.2.2. Network Discovery

During the network discovery stage, the 7705 SAR sends a DHCP DISCOVER message from all operational ports. Table 16 describes the DHCP DISCOVER message options.

Table 16:  DHCP DISCOVER Message Options  

Option

Name

Description

chaddr

Client HW Address

The MAC address of the port

51

Lease Time

Always set to Infinite

60

Class Identifier

The class of 7705 SAR router:

ALU-AD | SAR-8

ALU-AD | SAR-18

ALU-AD | SAR-A

ALU-AD | SAR-Ax

ALU-AD | SAR-H

ALU-AD | SAR-Hc

ALU-AD | SAR-M

ALU-AD | SAR-W

ALU-AD | SAR-Wx

ALU-AD | SAR-X

61

Client Identifier

Not sent by default, but can be configured to be the chassis MAC address or an operator-defined string

82

Relay Agent Information

Network uplink information, such as circuit ID and gateway address, added by the relay agent, if applicable

No client identifier is sent by default, but you can configure this option during boot-up, or with the auto-discover command, to be the chassis MAC address or a unique string. During boot-up, you can also configure the VLAN ID for ADP with dot1q or qinq encapsulation.

The ADP network discovery phase has been enhanced to automatically scan the entire VLAN range on every datapath Ethernet port on supported cards and nodes. During startup a new node will act as an ADP client and send DHCP discovery packets across the entire VLAN range to automatically discover the Ethernet virtual connection (EVC) VLAN. If at least one DHCP discovery packet reaches a server and that server responds with a DHCP offer packet, the ADP client node registers the new interface against that server's VLAN.

5.1.2.3. Configuration Discovery

During the configuration discovery stage, the DHCP server receives the DHCP DISCOVER message and replies with a DHCP OFFER message that contains an IP address assigned to the network interface. Table 17 describes the options included in the DHCP OFFER. If any of the required options are not included, the packet may be dropped and not processed.

Table 17:  DHCP OFFER Message Options  

Option

Name

Description

Required

yiaddr

Client Ip-Address

The network interface IP address

For network consistency, it is recommended that this IP address be a fixed IP address, not assigned randomly from a DHCP server IP pool

Yes

1

Subnet Mask

The network interface subnet mask

Yes

3

Router

The network interface default gateway

Only the first router is used – all others are ignored

No

12

Host Name

The network interface host name

No

51

Lease Time

The least time, validated as infinite

Yes

54

Server Address

Identifies the DHCP server

No

67

Bootfile Name

Contains the ADP instructions or a URL to an ADP instructions file

No

DHCP OFFER messages are not dropped if they contain a yiaddr that does not match the local configured subnets on the DHCP relay interface. This applies only to regular IES and VPRN interfaces with no lease-populate configured on the DHCP relay interface.

Option 67 contains further configuration information in the form of keyword text files interpreted by ADP as instructions and executed during the Configuration and Test phases. For basic reachability, option 67 is not mandatory; however, it can be used to send the system IP address of a newly discovered node, making it possible to communicate with the NSP NFM-P and complete ADP.

If a system IP address is made available with the DHCP OFFER and a template configuration file is also executed using the load-cfg keyword, then the system IP address specified in the template configuration file is used instead of the one in the DHCP OFFER.

Table 18 describes the keywords used in ADP instructions. A DHCP offer message can contain a maximum of 15 instructions in either the Bootfile Name option, or in an external file referenced by the include keyword. If more than 15 instructions are included, ADP fails to complete and the system generates an error message in the ADP log.

Table 18:  ADP Instructions  

Keyword

Description

Format

sys-addr

Specifies the system interface IP address and the system base routing instance subnet

sys-addr 10.10.10.1/32

sys-name

Specifies the chassis name

sys-name SITE43_7705

sys-loc

Specifies the chassis location

sys-loc 600_MARCH_ROAD

load-cfg

Specifies the URL of a template configuration file to load into the router's runtime configuration

load-cfg ftp://.....@.../7705.cfg

test-ip

Specifies an IP address that must be successfully pinged before committing configuration and declaring ADP a success

test-ip 100.20.2.30

include

Specifies the URL of a file containing additional ADP instructions

include ftp://.....@.../7705.tmp

Any BOF keyword

Interpreted as instructions to update the specified field in the BOF

As per BOF

5.1.2.4. Test and Commit

In order for ADP to be declared successful during the test and commit stage, the discovered configuration must contain an IP address. If the optional test-ip keyword is included in the ADP instructions, the node pings the IP address included in the DHCP OFFER message. If ADP is successful, the system stores the configuration and opens an SSH session to provide remote operators access to the router.

ADP can be controlled, without a connected PC or ASCII terminal, by the ACO/LT button on the Fan module. You can use the ACO/LT button to terminate or restart ADP, or reboot the chassis.

Note:

The ACO/LT button is not available on the 7705 SAR-A, 7705 SAR-Ax, 7705 SAR-W, or 7705 SAR-Wx.

ADP runs in the background to allow continued CLI access for status queries and troubleshooting. Periodic progress updates are sent to the console and can be viewed through a connected PC. Additionally, dump commands are available to display information and detailed logs about ADP during and after running on the system. The logs are not retained over a chassis reboot.

ADP runs only once on a router during initial startup if the automatic discovery is successful. The learned network interface configuration is retained in the local database. On subsequent reboots, the router uses its local database to reload its network configuration. After ADP successfully completes, or if it is manually terminated, the system sends a command to the BOF to remove the ADP keyword. You can terminate ADP at any time while it is running by using the CLI or the ACO/LT button.

Any temporary configuration done by ADP is not stored; however, network configuration and remote access remain enabled to allow the router to be manually provisioned remotely. ADP does not run again on future system reboots unless it is re-enabled via the CLI. If a standby CSM with ADP enabled is inserted into a running system that does not have the ADP keyword in its BOF file, the ADP keyword is automatically removed from the inactive card’s BOF file during reconcile.

5.1.3. FIPS-140-2 Mode

The 7705 SAR provides the fips-140-2 boot command to allow a node to run in FIPS-140-2 mode. This mode limits the use of cryptographic algorithms on both the CSM and data plane to only those that are in accordance with security level 1 of the Federal Information Processing Standards 140 series, version 2 (FIPS-140-2). This functionality is supported on the CSM on all 7705 SAR platforms that are equipped with a CSM. It is supported on both the CSM and data plane on the 7705 SAR-8 Shelf V2 and 7705 SAR-18 platforms when equipped with the following adapter cards:

  1. 7705 SAR-8 Shelf V2—8-port Gigabit Ethernet Adapter card, version 3; 2-port 10GigE (Ethernet) Adapter card
  2. 7705 SAR-18—8-port Gigabit Ethernet Adapter card, version 3; 2-port 10GigE (Ethernet) Adapter card; 10-port 1GigE/1-port 10GigE X-Adapter card, version 2

To support the implementation of FIPS-140-2, the TiMOS software image contains an HMAC-SHA-1 secret key that is verified upon boot-up. When FIPS-140-2 is enabled on the node, an HMAC-SHA-1 integrity check is performed during the loading of the both.tim file to ensure that the calculated HMAC-SHA-1 secret key of the loaded image matches that stored in the hmac-sha1.txt file. This is a new signature file that has been added to the TiMOS software image and only applies to FIPS-140-2.

Note:

The hmac-sha1.txt file must be stored in the same directory as the TiMOS image.

If the image fails the HMAC-SHA-1 check, the node does not boot up, an error message is displayed, and the node tries to reboot the load after a delay of 60 s. It keeps trying to reboot until the operator cancels the reboot. If the software image is verified by the HMAC-SHA-1 check, the node boots up normally and a message indicating that the software load has passed verification is displayed.

The node performs its normal boot-up sequence, including reading the config.cfg file and loading the configuration. The config.cfg file that is used to boot the node in FIPS-140-2 mode must not contain any configuration that is not supported by the FIPS-140-2 implementation. If such a configuration is present in the config.cfg file when the node boots up, the node loads the config.cfg file until the unsupported configuration is reached and then stops. A failure message is also displayed.

When the node boots in FIPS-140-2 mode, Cryptographic Module Validation Program (CMVP) startup tests are executed on the CSM and applicable data plane. CMVP conditional tests, such as manual key entry tests, pairwise consistency checks, and RNG tests, are executed when required during normal operation.

5.1.3.1. CSM and Data Path Security Features and Algorithms in FIPS-140-2 Mode

Table 19 and Table 20 show the CSM and data path security features and associated algorithms for a 7705 SAR node running in FIPS-140-2 mode.

Table 19:  CSM Algorithms  

FIPS-140-2

CSM Algorithms

SSH2

IPSec (IKEv1, IKEv2)

NGE

SNMPv3

SCP, SFTP

IGP, BGP, MPLS

PKI

Authentication

RSA 2048

DSA 1024

Preference to RSA in SSH negotiation

PSK (DH G14, DHG 15)

SSH

N/A

SSH

N/A

N/A

Asymmetric Key

DH G14

(P ≥ 2K prime numbers, q > 224)

DH G14, DHG 15 (P ≥ 2K prime numbers, q > 224)

SSH

N/A

SSH

N/A

RSA/ DSA 2048

Symmetric Key

AES-CBC (128,192, 256)

3DES-CBC

AES-CBC

(128,192, 256)

3DES-CBC

N/A

AES-128

SSH

N/A

N/A

Hash Algorithm

SHA-1 (128)

–HMAC-MD5

–HMAC-RIPEMD-160

–HMAC-SHA1-96

–HMAC-MD5-96

SHA-1 (128)

SHA-2 (256, 384, 512)

N/A

SHA-1 (SHA-128)

SSH

SHA-1 (128)

SHA-2 (256)

AES-18- CMAC-96

SHA1

SHA-224

SHA-256

SHA-384

SHA-512

Digital Signature

RSA 2048

DSA 1024

N/A

N/A

N/A

N/A

N/A

RSA/ DSA-2048

Note:

MD5 algorithms are not blocked from configuration in FIPS-140-2 mode. Although MD5 is not a FIPS-140-2-approved algorithm, it is allowed to be used when running in FIPS-140-2 mode.

Table 20:  Data Path Algorithms  

FIPS-140-2 Data Path Algorithms

SSH2

IPSec

NGE/L3 Encryption

SNMPv3

SCP, SFTP

IGP, BGP, MPLS

Authentication

N/A

N/A

N/A

N/A

N/A

N/A

Asymmetric Key

N/A

N/A

N/A

N/A

N/A

N/A

Symmetric Key

N/A

AES-CBC

(128,192, 256)

3DES-CBC

AES-CBC

(128, 256)

N/A

N/A

N/A

Hash Algorithm

N/A

SHA-1 (128)

SHA-2 (256, 384, 512)

N/A

N/A

N/A

N/A

5.1.3.2. SSH2 Approved Algorithms in FIPS-140-2 Mode

SSH1 is not supported in FIPS-140-2 mode and is therefore blocked from configuration; only SSH2 is supported. The following algorithms, configured using the client-cipher-list or server-cipher-list command, are available for SSH2 when the node is running in FIPS-140-2 mode:

  1. aes128-cbc
  2. 3des-cbc
  3. aes192-cbc
  4. aes256-cbc

The following algorithms are not available for SSH2 when the node is running in FIPS-140-2 mode:

  1. blowfish-cbc
  2. cast128-cbc
  3. arcfour
  4. rijndael-cbc

5.2. Initial System Startup Process Overview

Figure 8 displays the process for starting a system that has a removable compact flash. This example assumes that the boot loader, BOF, and the image and configuration files are successfully located. For a system with a non-removable compact flash, the first step in Figure 8 does not apply.

Figure 8:  System Startup Flow 

5.3. Boot Loader File Protection

Nokia recommends that the boot loader file on all 7705 SAR platforms be upgraded using a specific command. This command is mandatory on all 7705 SAR platforms that do not have a removable compact flash drive and is part of a mechanism that protects the boot loader file from accidental overwrites on these platforms.

The command checks that the new boot.ldr file is a valid image and that it is at least a minimum supported variant for the hardware platform on which it is being loaded. Once this has been verified, the command overwrites the boot.ldr file that is stored on the system.

5.3.1. Before Upgrading

Before starting the upgrade, all 7705 SAR image files must be copied to the cf3: device on the system. Nokia recommends copying all the image files for a given release into an appropriately named subdirectory off the root directory; for example, cf3:\7705-TiMoS-R6.1.R2. Copying the boot.ldr and other files in a given release to a separate subdirectory ensures that all files for that release are available in case it is necessary to downgrade the software version.

Note:

On systems that do not have removable flash drives, you cannot overwrite the boot.ldr file in the root directory on cf3:. Instead, copy the file into a subdirectory, or allow the update boot-loader command to obtain the file from a network address. Nokia strongly recommends following this process for all 7705 SAR systems.

5.3.2. Performing the Upgrade

Upgrade the boot loader file using the command admin>update boot-loader source_url, where the source URL specifies the new boot.ldr filename and its location; for example, in the format cf3:\sub_directory\boot.ldr.

Warning:

The file upgrade command takes several minutes to complete. Do not reset or power down the system, or insert or remove cards or modules, while the upgrade is in progress, as this could render the system inoperable.

On systems with redundant CSMs, the upgraded boot.ldr file can be copied to the secondary CSM by using the command admin>redundancy>synchronize boot-env.

Refer to the 7705 SAR OS Software Release Notes”, Standard Software Upgrade Procedure” for complete instructions.

5.4. Accessing the CLI

There are three ways to access management of the 7705 SAR:

  1. console connection
  2. Telnet connection
  3. SSH connection

To access the CLI to configure the software for the first time, follow these steps:

  1. Ensure that the CSM is installed and power to the chassis is turned on. The 7705 SAR software then automatically begins the boot sequence.
  2. When the boot loader and BOF image and configuration files are successfully located, establish a router connection (console session).

5.4.1. Console Connection

To establish a console connection, you will need the following:

  1. an ASCII terminal or a PC running terminal emulation software set to the parameters shown in Table 21
  2. a standard serial cable with a male DB9 connector
Table 21:  Console Configuration Parameter Values  

Parameter

Value

Baud Rate

115 200

Data Bits

8

Parity

None

Stop Bits

1

Flow Control

None

Figure 9 displays an example of the Console port on a 7705 SAR front panel.

Figure 9:  7705 SAR Console Port 

To establish a console connection:

  1. Connect the terminal to the Console port on the front panel (Figure 9) using the serial cable.
  2. Power on the terminal.
  3. Establish the connection by pressing the <Enter> key a few times on your terminal keyboard.
  4. At the router prompt, enter the login and password.
    The default login is admin.
    The default password is admin.

5.4.2. Telnet Connection

Telnet access via a connection to the Management port provides the same options for user and administrator access as those available through the Console port or SSH. You can access the chassis with a Telnet connection from a PC or workstation connected to the network once the following conditions are met:

  1. the chassis has successfully initialized
  2. Telnet connections have been enabled using the config>system>security>telnet-server (or telnet6-server) command
  3. the Management port has been configured using the bof>address command as shown below.
CLI Syntax:
bof
address ip-prefix/ip-prefix-length [active | standby]

where:

address is an IPv4 (or IPv6) address

5.4.2.1. Running Telnet

After the Management port IP address is configured, the CLI can be accessed with a Telnet connection. To establish a Telnet connection, run a Telnet program and issue the telnet command, followed by the Management port IP address.

The following displays an example of a Telnet login:

C:\>telnet 192.168.1.xx1
Login: admin
Password: ########
ALU-1#

The default login is admin.

The default password is admin.

5.4.3. SSH Connection

SSH access via a connection to the Management port provides the same options for user and administrator access as those available through the console port or Telnet; however, SSH is more secure than Telnet. You can access the chassis with an SSH connection from a PC or workstation connected to the network once the following conditions are met:

  1. the chassis has successfully initialized
  2. the Management port has been configured using the bof>address command as shown below:
CLI Syntax:
bof
address ip-prefix/ip-prefix-length [active | standby]

where:

address is an IPv4 or IPv6 address

Note:

SSH connection attempts after a reboot may generate key warnings as the node generates new SSH keys on each reboot. To avoid these key warnings, enable key preservation using the config>system>security>ssh>preserve-key command.

5.4.3.1. Running SSH

After the IP parameters are configured, the CLI can be accessed with an SSH connection. To establish an SSH connection, run an SSH program and issue the SSH command, followed by -l and the user name (optional), followed by the IP address.

The following displays an example of an SSH connection with the default admin user (the default password is admin).

C:\>ssh -l admin 192.168.1.xx1
TiMOS-B-0.0.I2263 both/hops NOKIA SAR 7705
Copyright (c) 2016 Nokia.
All rights reserved. All use subject to applicable license agreements.
Built on Wed Jul 30 00:11:49 EDT 2016 by csabuild in /rel0.0/I2263/panos/main
 
admin@192.168.1.xx1’s password: ########

5.5. Accessing the Management Port on a 7705 SAR-W

The 7705 SAR-W supports in-band and out-of-band node management communication. The RJ-45 Management port provides physical access for out-of-band communication. When the Inband/Local switch on the chassis is in the Inband position, the management interface on the CSM processor connects to the internal data port on the datapath for in-band management, and the external RJ-45 Management port is disabled.

The internal data port is identified in the CLI as vrtl-mgmt, and as port 1/1/6 in SNMP. The vrtl-mgmt port only supports access mode and Epipe service, where the port has encap-type null, dot1q, or qinq with VLAN 0.

See the “Installation and Provisioning” section in the 7705 SAR-W Chassis Installation Guide for details on setting up in-band management connections.

5.6. Accessing MPT Radios Connected to a 7705 SAR

The 9500 MPR MPT Craft Terminal Launcher (MCT Launcher) is an application that runs on a Windows PC. By connecting the PC to the 7705 SAR out-of-band Management (Mgmt) port on the active CSM, local MPT radios can be configured and monitored using this application.

To reach both local and remote MPT radios, the PC must be connected to an Ethernet data port on an adapter card and requires a service access point (SAP) to enable in-band management. An IES service together with a local DHCP server configured on the 7705 SAR provides this capability to on-site technicians.

The following output shows a configuration example for a local DHCP server and an IES service.

A:SAR18>config>port# info
----------------------------------------------
        description “Craft Port for MW Technicians”
        ethernet
        exit
        no shutdown
----------------------------------------------
 
*A:SAR18>config>router>dhcp>server# info
----------------------------------------------
                description “DHCP server to serve on-site microwave technician pc”
                pool “craft_pool” create
                    description “Single address pool”
                    use-gi-address
                    subnet 192.168.1.0/30 create
                        options
                            subnet-mask 255.255.255.252
                            default-router 192.168.1.1
                        exit
                        address-range 192.168.1.2 192.168.1.2
                    exit
                exit
                no shutdown
----------------------------------------------
 
*A:SAR18>config>service>ies>if$ info
----------------------------------------------
                address 192.168.1.1/30
                dhcp 
                    server 192.168.1.1
                    gi-address 192.168.1.1 
                    no shutdown
                exit 
                local-dhcp-server “craft_dhcp_server”
                sap 1/3/2 create
                exit
----------------------------------------------

Refer to the 9500 MPR MCT User Manual for Single NE Mode with 7705 SAR for information on using the MCT Launcher.

5.7. Configuration Notes

The following describes BOF configuration guidelines and caveats.

  1. For router initialization on devices with a removable compact flash, the compact flash card must be installed in the compact flash slot.
  2. The loading sequence is based on the order in which it is placed in the configuration file (not based on service ID, for example) and it is loaded as it is read in at boot time.

5.7.1. Reference Sources

For information on supported IETF drafts and standards as well as standard and proprietary MIBs, refer to Standards and Protocol Support.