Getting Started
The procedures described in this page assume that you have already installed and powered on your switch according to the instructions in the Hardware Installation Guide, which was shipped with the product.
Due to California Senate Bill No. 327,starting from software version 3.8.2000, Admin and Monitor passwords will need to be typed in manually—no automatic passwords will be created by default.
When the reset button is held for 15 seconds, the management module is reset and the password is deleted. You will then be able to enter without a password and make a new password for the user admin.
Any account created with admin privileges can change all passwords of other user accounts, including other user accounts with admin privileges.
To initialize the switch do the following:
Connect the host PC to the console (RJ-45) port of the switch system using the supplied cable.
WarningDHCP is enabled by default over the MGT port. Therefore, if you have configured your DHCP server and connected an RJ-45 cable to the MGT port, simply log in using the designated IP address.
Configure a serial terminal with the settings described below.
WarningThis step may be skipped if the DHCP option is used and an IP is already configured for the MGT port.
Parameter
Setting
Baud Rate
115200
Data bits
8
Stop bits
1
Parity
None
Flow Control
None
The boot menu is prompted.
NVIDIA Onyx Boot Menu:
1
: <image #1
>2
: <image #2
> u: USB menu (if
USB device is connected) (password required) c: Command prompt (password required) Choice:WarningSelect “0” to boot with software version installed on partition #1.
Select “1” to boot with software version installed on partition #2.The boot menu features a countdown timer. It is recommended to allow the timer to run out by not selecting any of the options.
Login as admin and use admin as password. If the machine is still initializing, you might not be able to access the CLI until initialization completes. As an indication that initialization is ongoing, a countdown of the number of remaining modules to be configured is displayed in the following format: “<no. of modules> Modules are being configured”.
Go through the Switch Management configuration wizard.
IP configuration by DHCP:
Wizard Session Display (Example)
Comments
Do you want to use the wizard for initial configuration? yes
You must perform this configuration the first time you operate the switch or after resetting the switch to the factory defaults. Type “yes” and then press <Enter>.
Step 1: Hostname? [switch-1]
If you wish to accept the default hostname, then press <Enter>. Otherwise, type a different hostname and press <Enter>.
Step 2: Use DHCP on mgmt0 interface? [yes]
Perform this step to obtain an IP address for the switch. (mgmt0 is the management port of the switch.)
- If you wish the DHCP server to assign the IP address, type “yes” and press <Enter>.If you type “no” (no DHCP), then you will be asked whether you wish to use the “zeroconf” configuration or not. If you enter “yes” (yes Zeroconf), the session will continue as shown in the "IP zeroconf configuration" table.
If you enter “no” (no Zeroconf), then you need to enter a static IP, and the session will continue as shown in the "Static IP configuration" table.
Step 3: Enable IPv6 [yes]
Perform this step to enable IPv6 on management ports. The default is "yes" (enabled).
If you enter “no” (no IPv6), then you will automatically be referred to Step 5.
Step 4: Enable IPv6 autoconfig (SLAAC) on mgmt0 interface? [no]
Perform this step to enable stateless address autoconfig on external management port. The default is "no" (disabled).
If you wish to enable it, type “yes” and press <Enter>.
Step 5: Use DHCPv6 on mgmt0 interface? [yes]
Perform this step to enable DHCPv6 on the MGMT0 interface.
Step 6: Update time?
Perform this step to change the time configured. Press <enter> to leave the current time.
Step 7: Enable password hardening? [yes]
Perform this step to enable/disable password hardening on your machine. If enabled, new passwords will be checked upon configured restrictions. The default is "yes" (enabled).
If you wish to disable it, enter “no”.
Step 8: Admin password (Must be typed)? <new_password>
To avoid illegal access to the machine, please type a password and then press <Enter>.
Starting from the 3.8.2000 release, the user musttype in the admin password upon initial configuration. Due to Senate Bill No. 327, this stage is required and cannot be skipped.
Step 9: Confirm admin password? <new_password>
Confirm the password by re-entering it. Note that password characters are not printed.
Step 10: Monitor password (Must be typed)? <new_password>
To avoid illegal access to the machine, please type a password and then press <Enter>.
Starting from the 3.8.2000 release, the user musttype in the admin password upon initial configuration. Due to Senate Bill No. 327, this stage is required and cannot be skipped.
Step 11: Confirm monitor password? <new_password>
Confirm the password by re-entering it. Note that password characters are not printed.
You have entered the following information:
Hostname: <switch name>
Use DHCP on mgmt0 interface: yes
Enable IPv6: yes
Enable IPv6 autoconfig (SLAAC) on mgmt0 interface: yes
Enable DHCPv6 on mgmt0 interface: no
Update time: <current time>
Enable password hardening: yes
Admin password (Enter to leave unchanged): (CHANGED)
To change an answer, enter the step number to return to.
Otherwise hit <enter> to save changes and exit.
Choice: <Enter>
Configuration changes saved.
To return to the wizard from the CLI, enter the “configuration jump-start” command
from configuration mode. Launching CLI...
<switch name> [standalone: master] >The wizard displays a summary of your choices and then asks you to confirm the choices or to re-edit them.
Either press <Enter> to save changes and exit, or enter the configuration step number that you wish to return to.
To run the command “configuration jump-start” you must be in Config mode.
Static IP configuration:
Wizard Session Display (Example)
Do you want to use the wizard for initial configuration? y
Step 1: Hostname? [switch-112126]
Step 2: Use DHCP on mgmt0 interface? [yes] n
Step 3: Use zeroconf on mgmt0 interface? [no]
Step 4: Primary IP address? 192.168.10.4
Mask length may not be zero if address is not zero (interface mgmt0)Step 5: Netmask? [0.0.0.0] 255.255.255.0
Step 6: Default gateway? 192.168.10.1
Step 7: Primary DNS server?
Step 8: Domain name?
Step 9: Enable IPv6? [yes] yes
Step 10: Enable IPv6 autoconfig (SLAAC) on mgmt0 interface? [no] no
Step 11: Update time? [yyyy/mm/dd hh:mm:ss]
Step 12: Enable password hardening? [yes] yes
Step 13: Admin password (Enter to leave unchanged)?You have entered the following information:
Hostname: switch-112126
Use DHCP on mgmt0 interface: no
Use zeroconf on mgmt0 interface: no
Primary IP address: 192.168.10.4
Netmask: 255.255.255.0
Default gateway: 192.168.10.1
Primary DNS server:
Domain name:
Enable IPv6: yes
Enable IPv6 autoconfig (SLAAC) on mgmt0 interface: no
Update time: yyyy/mm/dd hh:mm:ss
Enable password hardening: yes
Admin password (Enter to leave unchanged): (unchanged)To change an answer, enter the step number to return to.
Otherwise hit <enter> to save changes and exit.Choice:
Configuration changes saved.
To return to the wizard from the CLI, enter the “configuration jump-start” command from configure mode. Launching CLI...
<hostname>[standalone: master] >IP zeroconf configuration:
Wizard Session Display (Example)
Configuration wizard
Do you want to use the wizard for initial configuration? y
Step 1: Hostname? [switch-112126]
Step 2: Use DHCP on mgmt0 interface? [no]
Step 3: Use zeroconf on mgmt0 interface? [no] yes
Step 4: Default gateway? [192.168.10.1]
Step 5: Primary DNS server?
Step 6: Domain name?
Step 7: Enable IPv6? [yes] yes
Step 8: Enable IPv6 autoconfig (SLAAC) on mgmt0 interface? [no] no
Step 9: Update time? [yyyy/mm/dd hh:mm:ss]
Step 10: Admin password (Enter to leave unchanged)?You have entered the following information:
Hostname: switch-112126
Use DHCP on mgmt0 interface: no
Use zeroconf on mgmt0 interface: yes
Default gateway: 192.168.10.1
Primary DNS server:
Domain name:
Enable IPv6: yes
Enable IPv6 autoconfig (SLAAC) on mgmt0 interface: yes
Update time: yyyy/mm/dd hh:mm:ss
Enable password hardening: yes
Admin password (Enter to leave unchanged): (unchanged)To change an answer, enter the step number to return to.
Otherwise hit <enter> to save changes and exit.Choice:
Configuration changes saved.
To return to the wizard from the CLI, enter the “configuration jump-start”
command from configure mode. Launching CLI...
<hostname> [standalone: master] >Check the mgmt0 interface configuration before attempting a remote (for example, SSH) connection to the switch. Specifically, verify the existence of an IP address.
switch
# show interfaces mgmt0 Interface mgmt0 status: Comment : Admin up : yes Link up : yes DHCP running : yes IP address :10.12
.67.34
Netmask :255.255
.0.0
IPv6 enabled : yes Autoconf enabled: no Autoconf route : yes Autoconf privacy: no DHCPv6 running : no IPv6 addresses :1
IPv6 address: fe80::268a:7ff:fe53:3d8e/64
Speed : 1000Mb/s (auto) Duplex : full (auto) Interface type : ethernet Interface source: physical MTU :1500
HW address :00
:02
:c9:11
:a1:b2 Rx:11700449
bytes55753
packets0
mcast packets0
discards0
errors0
overruns0
frame Tx:5139846
bytes28452
packets0
discards0
errors0
overruns0
carrier0
collisions1000
queue len
Configuring the Switch with ZTP
Zero-touch Provisioning (ZTP) automates initial configuration of switch systems at boot time. It helps minimize manual operation and reduce customer initial deployment cost.
For more information, please refer to section “Zero-touch Provisioning”.
Rerunning the Wizard
To rerun the wizard:
Enter Config mode. Run:
switch
> enableswitch
# config terminalRerun the wizard. Run:
switch
(config) # configuration jump-start
Set up an Ethernet connection between the switch and a local network machine using a standard RJ-45 connector.
Start a remote secured shell (SSH) to the switch using the command “ssh -l <username> <switch ip address>”.
rem_mach1 > ssh -l <username> <ip address>
Log into the switch (default username is admin, password admin).
Read and accept the EULA when prompted.
Once the following prompt appears, the system is ready to use.
NVIDIA Onyx Switch Management Password: Last login: <time> from <ip-address> NVIDIA Switch Please read and accept the End User License Agreement located at: https:
//www.mellanox.com/related-docs/prod_management_software/MLNX_Onyx_EULA.pdf
switch
>
To start a WebUI connection to the switch platform, follow the steps below:
WebUI access is enabled by default. To disable web access, run the command “no web http enable” or “no web https enable” on the CLI.
Set up an Ethernet connection between the switch and a local network machine using a standard RJ-45 connector.
Open a web browser that is Firefox, Chrome, Internet Explorer, or Safari.
WarningMake sure the screen resolution is set to 1024*768 or higher.
WarningIn order to access WebUI through Sarafi 5.3, enable http:
no web https ssl secure-cookie enable web http enable
Type the IP address of the switch or its DNS name in the following format: https://<switch_IP_address>.
Log into the switch (default user name is admin, password admin).
Read and accept the EULA, if prompted.
The prompt will only occur if the switch has never been accessed through the CLI before.The Welcome popup appears. After reading through the content, click OK to continue.
To reach the OS documentation, click on the links under the Documentation heading.
The link under What’s New takes leads to the Changes and New Features section of the switch OS Release Notes. You may also tick the box to not show this popup again. To see this window again, click “Product Documents” on the upper right corner of the WebUI.A default status summary is displayed.
Zero-Touch Provisioning (ZTP) automates initial configuration of switch systems at boot time. It helps minimize manual operation and reduce customer initial deployment cost. ZTP allows for automatic upgrade of the switch with a specified OS image, setting up initial configuration database, and to load and run a container image file.
The initial configuration is applied using a regular text file. The user can create such a configuration file by editing the output of a “show running-config” command.
Only a textual configuration file is supported.
The user-defined docker image can be used by customers to run their own applications in a sandbox on their platform. They can therefore also be used for automating initial configuration.
Only one docker container can be launched in ZTP.
Running DHCP-ZTP
There is no explicit command to enable ZTP. It is enabled by default. Disabling it is performed by a user-initiated configuration save (using the command “configuration write”). The only way to re-enable ZTP is to run a “reset factory” command, clearing the configuration of the switch and rebooting the system.
ZTP is based on DHCP. For ZTP to work, the software enables DHCP by default on all its management interfaces. The switch OS requests option 66 (tftp-server-name) and 67 (bootfile-name) from the DHCPv4 server or option 58 (bootfile-url) from the DHCPv6 server, and waits for the DHCP responses containing file URLs. The DHCP server must be configured to send back the URLs for the software image, configuration file, and docker container image via these two options. Option 66 would contain the URL prefix to the location of the files, option 67 would contain the name of files, and option 58 would contain the complete URLs of files. The format of these two options is a string list separated by commas. The list items are placed in a fixed order:
<image file>, <config file>, <docker container file>
The item value can be empty, but the comma shall not be omitted.
To have DHCP server discern the proper files based on switch-specific information, the OS must provide identifying information for the server to classify the switches. In addition, the OS attaches option 43 (vendor-specific information) and option 60 (vendor class identifier) in DHCPv4 requests and option 17 (vendor-opts) in DHCPv6. Option 60 is set as string “Mellanox” and options 17 and 43 contain the following specific sub-options:
System Model
Chassis Part Number
Chassis Serial Number
Management MAC
System Profile
NVIDIA Onyx Release Version
The corresponding subtypes respectively are defined as:
DHCP_VENDOR_ENCAPSULATED_SUBOPTION_TLV_TYPE_MODEL 1
DHCP_VENDOR_ENCAPSULATED_SUBOPTION_TLV_TYPE_PARTNUM 2
DHCP_VENDOR_ENCAPSULATED_SUBOPTION_TLV_TYPE_SERIAL 3
DHCP_VENDOR_ENCAPSULATED_SUBOPTION_TLV_TYPE_MAC 4
DHCP_VENDOR_ENCAPSULATED_SUBOPTION_TLV_TYPE_PROFILE 5
DHCP_VENDOR_ENCAPSULATED_SUBOPTION_TLV_TYPE_RELEASE 6
Upon receiving such DHCP requests from a client, the server should be able to map the switch-specific information to the target file URLs according to predefined rules.
Once the OS receives the URLs from the DHCP server, it executes ZTP as follows:
If the software image URL is not specified, this step is skipped. Otherwise:
Perform disk space cleanup if necessary and fetch the image if it does not exist locally
Resolve the image version:
If it is already installed on active partition, proceed to step 2
If it is installed on a standby partition, switch partition and reboot
If it is not installed locally, install it and switch to the new image and then reboot
If a reboot occurs, ZTP performs step 1 again and no image upgrade will occur
If configuration file URL is not specified, skip this step. Otherwise:
Fetch the configuration file
Apply the configuration file
Skip these steps if a docker image file URL is not specified. Otherwise:
Fetch the docker image file
Load the docker image
Clean up the docker images with the same name and different tag.
Start the container based on the image
Remove the downloaded docker image file
While performing file transfer via HTTP, the same information as DHCP option 43 is expected to be carried in a HTTP GET request. This switch software supports the following proprietary HTTP headers:
MlnxSysProfile
MlnxMgmtMac
MlnxSerialNumber
MlnxModelName
MlnxPartNumber
MlnxReleaseVersion
If some sort of failure occurs, the switch waits a random number of seconds between 1 and 20 and reattempts the operation. The switch attempts this up to 10 times.
ZTP progress is printed to terminals including console and active SSH sessions.
ZTP and OS Upgrade
Software upgrade from non-ZTP versions to ZTP versions and vice versa is supported. When upgrading from a non-ZTP version, ZTP is disabled because ZTP is always assumed to start with an empty configuration, otherwise the final configuration becomes a mixture of the existing configuration from the stored database and new configuration from the server and hence not deterministic.
DHCPv4 Configuration Example
The following is a URL configuration example for ISC DHCPv4 server:
host master {
hardware ethernet E4:1D:2D:5B:72
:80
;
fixed-address 3.1
.2.13
;
option tftp-server-name "scp://<user>:<password>@3.1.3.100/ztp/,scp://
<user>:<password>@3
.1.3.100
/ztp/,scp://
<user>:<password>@3
.1.3.100
/ztp/";
option bootfile-name "image-X86_64-3.6.4612.img, switch-1.conf, ubuntu.img.gz"
;
}
DHCPv4 request is made out of the following components:
Option 43 (vendor-encapsulated-options) and option 60 (vendor-class-identifier) are added in the DHCPv4 request packet
Option 66 (tftp-server-name) and option 67 (bootfile-name) are added in the parameter request list of DHCPv4 request packet
DHCPv6 Configuration Example
The following is a DHCPv6 configuration example:
host master {
......
option dhcp6.bootfile-url "scp://<user>:<password>@[2000::1]/ztp/image-X86_64-
3.6
.4612
.img, scp://<user>:<password>@[2000::1]/ztp/
switch
.conf, scp://<user>:<password>@[2000::1]/ztp/
ubuntu.img.gz";
}
host master {
......
option dhcp6.bootfile-url "scp://<user>:<password>@[2000::1]/ztp/image-X86_64-
23.01
.0100
.img, scp://<user>:<password>@[2000::1]/ztp/
switch
.conf, scp://<user>:<password>@[2000::1]/ztp/
ubuntu.img.gz";
}
DHCPv6 request is made out of the following components:
Option 17 (vendor-opts) is added in the DHCPv6 request packet
Option 59 (bootfile-url) is added in the parameter request list of DHCPv6 request packet
ZTP Commands
no zero-touch suppress-write
no zero-touch suppress-write Disables suppression of configuration write. | ||
Syntax Description | N/A | |
Default | Enabled | |
Configuration Mode | config | |
History | 3.6.5000 | |
Example | switch (config) # no zero-touch suppress-write | |
Related Commands | show zero-touch | |
Notes |
|
zero-touch abort
zero-touch abort Aborts on-going zero-touch process. | ||
Syntax Description | N/A | |
Default | Enabled | |
Configuration Mode | config | |
History | 3.6.5000 | |
Example |
| |
Related Commands | show zero-touch | |
Notes |
show zero-touch
show zero-touch Displays zero-touch status. | ||
Syntax Description | N/A | |
Default | N/A | |
Configuration Mode | Any command mode | |
History | 3.6.5000 | |
Example | switch (config) # show zero-touch | |
Related Commands | zero-touch abort | |
Notes |