Brocade Configuration Examples

Terminal Configurations

Windows Environment

In a UNIX environment, enter the following string at the prompt:

tip /dev/ttyb -9600
If ttyb is already in use, use ttya instead and enter the following string at the prompt:
tip /dev/ttya -9600

Brocade Configuration Examples

system
prompt.
User =

>

Privileged =

CONFIG =

(config)#

Brocade Configuration Examples

POE/POE+

PoE
Device will supply 15.4 watts of power at the RJ-45 jack
PoE+
Device will supply either 15.4 or 30 watts of power

Brocade Configuration Examples

POE/POE+ Configurations
Brocade#configure terminal
Brocade(config)# interface ethernet 1/1
Brocade(config-if-e1000-1/1)# inline power power-limit 14000

commands enable in-line power on interface ethernet 1 in slot 1 and set the PoE power level to
atts (14 watts).
Syntax: inline power power-limit <power level>

<power level> variable is the maximum power level in number of milliwatts. The following values
orted:
PoE: Enter a value from 1000 through 15,400. The default is 15,400.
PoE+: Enter a value from 1000 through 30,000. The default is 30,000.

Brocade Configuration Examples

LI Commands for use with the management port

To display the current configuration
show running-config interface management
Syntax: show running-config interface management <num>
Brocade(config-if-mgmt)#ip addr 10.44.9.64/24
Brocade(config)#show running-config interface management 1
interface management 1
ip address 10.44.9.64 255.255.255.0

Brocade Configuration Examples

management port Show Commands

show interfaces management <num> Syntax: show interfaces brief management <num>

rocade(config)#show interfaces management 1

GigEthernetmgmt1 is up, line protocol is up
Hardware is GigEthernet, address is 0000.9876.544a (bia 0000.9876.544a)
Configured speed auto, actual 1Gbit, configured duplex fdx, actual fdx
Configured mdi mode AUTO, actual none
BPRU guard is disabled, ROOT protect is disabled
Link Error Dampening is Disabled
STP configured to OFF, priority is level0, mac-learning is enabled Syntax: show statistics brief management <num>
Flow Control is config disabled, oper enabled
Mirror disabled, Monitor disabled
Not member of any active trunks
Brocade(config)#show statistics brief management
Not member of any configured trunks
PortIn PacketsOut PacketsTrunkIn ErrorsOut Errors
No port name
mgmt1399462200
IPG MII 0 bits-time, IPG GMII 0 bits-time
IP MTU 1500 bytes
Total399452200
300 second input rate: 83728 bits/sec, 130 packets/sec, 0.01% utilization
300 second output rate: 24 bits/sec, 0 packets/sec, 0.00% utilization
39926 packets input, 3210077 bytes, 0 no buffer
Received 4353 broadcasts, 32503 multicasts, 370 unicasts
0 input errors, 0 CRC, 0 frame, 0 ignored
0 runts, 0 giants
22 packets output, 1540 bytres, 0 underruns
Transmitted 0 broadcasts, 6 multicasts, 16 unicasts
0 output errors, 0 collisions
Brocade Configuration Examples

management port Show Commands Cont..

show statistics management <num>

Brocade Configuration Examples

Change Host Name

Syntax: hostname <string>
Brocade(config)# hostname zappa
zappa(config)#

Brocade Configuration Examples

CLI banner configuration

etting a message of the day banner

nn
a
b
For example, to display the message Welcome to FESX! when a Telnet CLI session
no
e
is establishedbanner motd $ (Press Return)
th
ocade(config)#
r
te
n
e
ter TEXT message, End with the character '$'.
r,
e
n
elcome to FESX! $
an
b
he
t
ve
o
em
r
To
etting a privileged EXEC CLI level banner

otd
m
r

You can configure the Brocade device to display a message when a user enters the Privileged
EXEC CLI level.
Example
Brocade(config)# banner exec_mode # (Press Return)
Enter TEXT message, End with the character '#'.
You are entering Privileged EXEC level
up to 4000
Do not foul anything up! #
characters

Brocade Configuration Examples

10

mm
o
c

Assigning a port name

To assign a name to a port.

Brocade(config)# interface ethernet 2

Brocade(config-if-e1000-2)# port-name Marsha

e
Th

am

Brocade Configuration Examples

n
ca

be

up

to

64

r
a
ch

rs
e
t
ac

n
lo

11

Port speed and duplex mode modification

designed to auto-sense and auto-negotiate the speed and duplex mode of

the connected device
If the attached device does not support you can manually enter the port
speed to operate at either 10, 100, or 1000 Mbps
default and recommended setting is 10/100/1000 auto-sense

Brocade Configuration Examples

12

ort speed and duplex mode configuration syntax

e following commands change the port speed of copper interface 8 on a FastIron from the
ault of 10/100/1000 auto-sense, to 100 Mbps operating in full-duplex mode.
Brocade(config)# interface ethernet 8
Brocade(config-if-e1000-8)# speed-duplex 100-full

NOTE
On FastIron devices, when setting the
speed and duplex-mode of an interface
to 1000-full, configure
one side of the link as master (1000full-master) and the other side as slave
(1000-full-slave).

Brocade Configuration Examples

13

Enabling auto-negotiation maximum port speed advertisement

and down-shift
ort speed down-shift enables Gbps copper ports on the Brocade device to establish a link at 1000
bps over a 4-pair wire when possible, or to down-shift to 100 Mbps if the medium is a 2-pair wire.

Maximum port speed application notes

t speed down-shift and maximum port speed advertisement work only when
o-negotiation is enabled (CLI command speed-duplex auto). If auto-negotiation is OFF, the
vice will reject the port speed down-shift and maximum port speed advertisement
nfiguration.

Combo Ports not support

Brocade Configuration Examples

14

Enabling port speed down-shift

following at the Global CONFIG level of the CLI
Brocade(config)# link-config gig copper autoneg-control down-shift ethernet 1 ethernet 2

Brocade Configuration Examples

15

Enabling port speed down-shift Cont

onfiguring port speed down-shift and auto-negotiation for a range of ports

t speed down-shift and auto-negotiation can be configured for an entire range of ports with a
gle command.

example, to configure down-shift on ports 0/1/1 to 0/1/10 and 0/1/15 to 0/1/20 on the
vice, enter the following.
Brocade(config)# link-config gig copper autoneg-control down-shift ethernet 0/1/1 to 0/1/10
ethernet 0/1/15 to 0/1/20

configure down-shift on ports 5 to 13 and 17 to 19 on a compact switch, enter the following.

Brocade(config)# link-config gig copper autoneg-control down-shift ethernet 5 to 13 ethernet 17
to 19

Brocade Configuration Examples

16

nabling port speed down-shift Cont

To disable selective auto-negotiation of 100m-auto on ports 0/1/21 to 0/1/25 and 0/1/30,
enter
the following.
Brocade(config)# no link-config gig copper autoneg-control 100m-auto Ethernet 0/1/21 to
0/1/25 ethernet 0/1/30

Brocade Configuration Examples

17

nfiguring maximum port speed advertisement

o configure a maximum port speed advertisement of 10 Mbps on a port that has auto-negotiation
nabled, enter a command such as the following at the Global CONFIG level of the CLI.
Brocade(config)# link-config gig copper autoneg-control 10m ethernet 1

o configure a maximum port speed advertisement of 100 Mbps on a port that has
uto-negotiation enabled, enter the following command at the Global CONFIG level of the CLI.
Brocade(config)# link-config gig copper autoneg-control 100m ethernet 2
Syntax: [no] link-config gig copper autoneg-control 10m | 100m ethernet <port>
[Ethernet [<port>]

Brocade Configuration Examples

18

Modifying port duplex mode

You can manually configure a 10/100 Mbps port to accept either full-duplex (bi-directional) or
half-duplex (uni-directional) traffic.

Port duplex mode configuration syntax

To change the port speed of interface 8 from the default of 10/100/1000 auto-sense to 10 Mbps
operating at full-duplex, enter the following.
Brocade(config)# interface ethernet 8
Brocade(config-if-e1000-8)# speed-duplex 10-full

Brocade Configuration Examples

19

Disabling or re-enabling a port

A port can be made inactive (disable) or active (enable) by selecting the appropriate status option.
The default value for a port is enabled.
disable port 8 of a Brocade device, enter the following.
Brocade(config)# interface ethernet 8
Brocade(config-if-e1000-8)# disable
You also can disable or re-enable a virtual
interface. To do so, enter commands such as the
following.
Brocade(config)#interfacevev1
Brocade(configvif1)#disable

Brocade Configuration Examples

20

Changing the Gbps fiber negotiation mode

e globally configured Gbps negotiation mode is the default mode for all Gbps fiber ports. You
n override the globally configured default and set individual ports to the following: NOTE
Gbps negotiation is
not supported on
egotiate-full-auto The port first tries to perform a handshake with the other portICX
to 6430 and ICX
6450 devices.
hange capability information. If the other port does not respond to the handshake attempt,
port uses the manually configured configuration information (or the defaults if an
ministrator has not set the information). This is the default.

uto-Gbps The port tries to perform a handshake with the other port to exchange capability
rmation.

egotiation-off The port does not try to perform a handshake. Instead, the port uses
figuration information manually configured by an administrator.
To change the mode for individual ports, enter commands such as the following.
Brocade(config)# interface ethernet 1 to 4
Brocade(config-mif-1-4)# gig-default auto-gig
Brocade Configuration Examples

21

ermining the flash image version running on the device

To determine the flash image version running on a device, enter the show version command at any
evel of the CLI. Some examples are shown below.

Brocade Configuration Examples

22

playing the boot image version running on the device

To determine the boot image running on a device, enter the show flash command at any level of the
CLI. The following shows an example output.

Brocade Configuration Examples

23

Flash image verification

The Flash Image Verification feature allows you to verify boot images based on hash codes, and to
generate hash codes where needed. This feature lets you select from three data integrity
verification algorithms:
MD5 - Message Digest algorithm (RFC 1321)
SHA1 - US Secure Hash Algorithm (RFC 3174)
CRC - Cyclic Redundancy Checksum algorithm

Brocade Configuration Examples

24

Flash image verification Cont

mage CLI commands

e following command syntax to verify the flash image:

x: verify md5 | sha1 | crc32 <ASCII string> | primary | secondary [<hash code>]

Generates a 16-byte hash code

Generates a 20-byte hash code
2 Generates a 4 byte checksum
string A valid image filename
ary The primary boot image (primary.img)
ndary The secondary boot image (secondary.img)
code The hash code to verify

Brocade Configuration Examples

25

Flash image verification Cont

o generate an MD5 hash value for the secondary image, enter the following command.

rocade#verify md5 secondary

rocade#.........................Done
ize = 2044830, MD5 01c410d6d153189a4a5d36c955653862

o generate a SHA-1 hash value for the secondary image, enter the following command.
rocade#verify sha secondary
rocade#.........................Done
ize = 2044830, SHA1 49d12d26552072337f7f5fcaef4cf4b742a9f525

o generate a CRC32 hash value for the secondary image, enter the following command.
rocade#verify crc32 secondary
rocade#.........................Done
ize = 2044830, CRC32 b31fcbc0

Brocade Configuration Examples

26

Flash image verification Cont

To verify the hash value of a secondary image with a known value, enter the following
commands.
Brocade#verify md5 secondary 01c410d6d153189a4a5d36c955653861
Brocade#.........................Done
Size = 2044830, MD5 01c410d6d153189a4a5d36c955653862
Verification FAILED.
In the previous example, the codes did not match, and verification failed. If verification
succeeds,
the output will look like this.
Brocade#verify md5 secondary 01c410d6d153189a4a5d36c955653861
Brocade#.........................Done
Size = 2044830, MD5 01c410d6d153189a4a5d36c955653861
Verification SUCEEDED.
The following examples show this process for SHA-1 and CRC32 algorithms.
Brocade#verify sha secondary 49d12d26552072337f7f5fcaef4cf4b742a9f525
Brocade#.........................Done
Size = 2044830, sha 49d12d26552072337f7f5fcaef4cf4b742a9f525
Brocade Configuration Examples
Verification SUCCEEDED.

27

Software upgrades

Brocade Configuration Examples

28

oading and saving configuration files

For easy configuration management, all Brocade devices support both the download and upload of
configuration files between the devices and a TFTP server on the network.

Brocade Configuration Examples

29

Replacing the startup configuration with the running

configuration

er you make configuration changes to the active system, you can save those changes by writing
m to flash memory. When you write configuration changes to flash memory, you replace the
rtup configuration with the running configuration.

eplace the startup configuration with the running configuration, enter the following command
any Enable or CONFIG command prompt.

Brocade#write memory

Brocade Configuration Examples

30

Replacing the running configuration with the

startup configuration

you want to back out of the changes you have made to the running configuration and return to
e startup configuration, enter the following command at the Privileged EXEC level of the CLI.
Brocade#reload

Brocade Configuration Examples

31

pying a configuration file to or from a TFTP server

The maximum size for the running-config and

the startup-config file is 512K each.

Brocade Configuration Examples

32

E
NOT Make sure you enter each command at the correct CLI level. Since some commands have
identical forms at both the global CONFIG level and individual configuration levels, if the CLI
response to the configuration file results in the CLI entering a configuration level you did not
intend, then you can get unexpected results.

r example, if a trunk group is active on the device, and the configuration file contains a
mmand to disable STP on one of the secondary ports in the trunk group, the CLI rejects the
mmands to enter the interface configuration level for the port and moves on to the next
mmand in the file you are loading. If the next command is a spanning-tree command whose
ntax is valid at the global CONFIG level as well as the interface configuration level, then the
ftware applies the command globally. Here is an example.

The configuration file contains these commands.

nterface ethernet 2
no spanning-tree

Brocade Configuration Examples

33

If the file contains commands that must be entered in a specific order, the commands mus
appear in the file in the required order. For example, if you want to use the file to replace a
E
NOT address on an interface, you must first remove the old address using no in front of the
address command, then add the new address. Otherwise, the CLI displays an error messag
and does not implement the command. Here is an example.

The configuration file contains these commands.

interface ethernet 11
ip address 10.10.10.69/24

The end command must appear

on the
last line of the file, by itself

Brocade Configuration Examples

34

Network connectivity testing

Brocade Configuration Examples

35

Defining the console

idle time

efault, a Brocade device does not time out serial console sessions. A serial session remains
n indefinitely until you close it. You can however define how many minutes a serial management
on can remain idle before it is timed out.

Brocade Configuration Examples

36

E
NOT

Brocade Configuration Examples

37

E
NOT

Brocade Configuration Examples

38

E
NOT

Brocade Configuration Examples

39

E
NOT

Brocade Configuration Examples

40

E
NOT

Brocade Configuration Examples

41

Local user accounts

You can define up to 16 local user accounts on a Brocade device. User accounts regulate who can
access the management functions in the CLI using the following methods:
Telnet access
Web management access
SNMP access
A management privilege level, which can be one of the following:
Super User level (default) Allows complete read-and-write access to the system. This is
generally for system administrators and is the only privilege level that allows you to
configure passwords.
Port Configuration level Allows read-and-write access for specific ports but not for global
parameters.
Read Only level Allows access to the Privileged EXEC mode and User EXEC mode with
read access only.

Brocade Configuration Examples

42

Local user accounts Cont.

Brocade Configuration Examples

43

abling enhanced user password combination requirements

en strict password enforcement is enabled on the Brocade device, you must enter a minimum of
ht characters containing the following combinations when you create an enable and a user
sword:
least
least
least
least

two
two
two
two

upper case characters

lower case characters
numeric characters
special characters

se the enable strict-password-enforcement command to enable the password security feature.

rocade(config)#enable strict-password-enforcement

Brocade Configuration Examples

44

Enabling user password masking

By default, when you use the CLI to create a user password, the password displays on the console
as you type it. For enhanced security, you can configure the Brocade device to mask the password
characters entered at the CLI. When password masking is enabled, the CLI displays asterisks (*) on
the console instead of the actual password characters entered.

The following shows the default CLI behavior when configuring a username and password.
Brocade(config)#username kelly password summertime

The following shows the CLI behavior when configuring a username and password when
password-masking is enabled.

Brocade(config)#username kelly password

Enter Password: ********
Brocade Configuration Examples

45

System reload scheduling

Brocade Configuration Examples

46

Brocade Configuration Examples

47

Brocade Configuration Examples

48

Setting a Telnet password

Brocade Configuration Examples

49

Setting a SSH password

Lets break this down into steps:
1) generate a key
#crypto key gen
2) create an ACL access group and bind it to the SSH login
#access-list 10 permit <ip_address/maskbits>
... repeat as necessary ...
#ssh access-group 10
3) set an idle timeout
#ip ssh idle-time 20 !time in minutes
4) set a login timeout
#ip ssh timeout 60 !time in seconds
5) consider disabling telnet (optional)
#no telnet server
6) Now create the local login accounts:
#user icxadmin privilege 0 pass <yourSuperSecurePassword>
7) Configure AAA to use the local user database as default
#aaa authentication login default local
8) Consider enabling user/pass requirement for console access too (optional)
#enable aaa console
Always keep your routers/switches secure and document your configuration, including access
Brocade Configuration Examples
settings, in your secure run book.

50

Changing the MAC age time and disabling MAC address

learning

Brocade Configuration Examples

51

Brocade Configuration Examples

52

LAB
Create VLAN
Assign IP to VLAN
MAP Ports to VLAN
VLAN Routing

Brocade Configuration Examples

53

Brocade Configuration Examples

54

THANK YOU!

Brocade Configuration Examples

55