Configure a Brocade Management Switch

Configure ClusterStor 9000 Brocade ICX6610 switches to use DHCP.

Only service personnel who have completed ClusterStor 9000 training should perform this procedure.

Use this procedure to configure a ClusterStor 9000 Brocade management switch to use DHCP. The following schematic shows the management switches (highlighted) and network switches in the rack (rear view).
Figure: TOR Management Switches

In this procedure, each rack has two management switches (referred to in this procedure as management switch 0 and management switch 1. Perform this procedure only on the replacement switch.

  1. Connect the DB9-to-RJ45 rollover/null modem serial cable to the console port (RJ45, |O|O|) on the replacement switch and to a serial COM port (DB9) on a PC or laptop.
    The console port is coupled with the out-of-band management Ethernet port which not used by the ClusterStor 9000 systems.
    Figure: Brocade ICX 6610 Console Port
  2. Open a terminal session and specify these serial port settings:
    Baud rate (bits per second):9600
    Data bits:8
    Stop bits:1
    Parity:None
    Flow control:Off
  3. Specify the following serial port settings when using an emulator program:
    screen /dev/ttyUSB0 cs8,9600
    After connecting to the new switch, the terminal screen and switch prompt displays.
    Figure: Terminal Screen after Connecting to the Switch
  4. Configure the replacement switch hostname.
    switch:admin> enable
switch:admin> configure terminal
switch:admin> hostname switch_name
switch:admin> write memory
    Where switch_name is: 
    cluster_name-sw_type num-rrack_num
  5. Configure the Spanning-Tree.
    The primary management switch is the lower switch (0), and the secondary management switch is the upper switch (1).
    Figure: TOR Management Switches
    Enter the following:
    switch:admin> spanning-tree 802-1w
switch:admin> spanning-tree 802-1w priority [‘0’ for primary, ‘4096’ for secondary
    With the exception of the ISL port and any inter-rack link port, the remaining ports are configured this way: 
    switch:admin> interface ethernet 1/1/1
switch:admin> spanning-tree 802-1w admin-edge-port
switch:admin> interface ethernet 1/1/2
switch:admin> spanning-tree 802-1w admin-edge-port
switch:admin> interface ethernet 1/1/3
switch:admin> spanning-tree 802-1w admin-edge-port
    This sequence is repeated until all ports are configured, followed by: 
    switch:admin> write memory
    This saves the configuration.
    Important: Ports used for the ISL link between switches and any inter-rack connection should not have admin-edge-port enabled, leave them blank (not configured).
  6. Set the management IP address to enable DHCP.
    switch:admin> enable
switch:admin> configure terminal
switch:admin> ip dhcp-client enable
switch:admin> ip dhcp-clientauto-update enable
switch:admin> write memory
  7. Configure the username and password:
    switch:admin> Username admin priv 0 password ClusterStor
switch:admin> Enable super-user-password ClusterStor
switch:admin> write memory
  8. Enable logging, SSH, SNMP, and NTP; and disable Telnet:
    switch:admin> Logging 172.16.2.2
switch:admin> snmp-server community ClusterRead ro
switch:admin> snmp-server community ClusterWrite rw
switch:admin> crypto key generate rsa modulus 1024
switch:admin> ip access-list standard 10
switch:admin> permit 172.16.0.0/16
switch:admin> ssh access-group 10
switch:admin> enable aaa console
switch:admin> aaa authentication login default local
switch:admin> no telnet server
switch:admin> write memory
  9. Obtain the IP address of the switch:
    cls12345n006-primary # ship address
  10. Verify that the new switch can be accessed via SSH.
    1. Log in to the primary management node via SSH.
    2. Access the new switch via SSH:
      [MGMT0]$ ssh admin@mgmt_switch_ip_address
    3. Enter the switch's password.
    4. If a switch prompt appears, the new switch can be accessed via SSH access.
    The following error may occur when SSH is used to access the switch.
    "aes128-ctr,3des-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes256-cbc,twofish256-cbc,twofish-cbc,twofish128-cbc"
    The above text shows ciphers, while the client supports only the following:
    "arcfour256,arcfour,blowfish-cbc"
  11. Enable SSH if the previous error occurs.
    1. Add one of the server ciphers to the primary MGMT node (MGMT0) configuration to one of the following files:
      ~/.ssh/config
      OR
      /etc/ssh/ssh_config
      Following is an example that adds one of the server ciphers to the client configuration:
      [MGMT0]# cd /etc/ssh
[MGMT0]# vi ssh_config
# Protocol 2,1
# Cipher 3des
# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
# MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
# EscapeChar ~
# Tunnel no
# TunnelDevice any:any
# PermitLocalCommand no
"ssh_config" 64L, 2164C written
    2. Remove the “#” prompt from the next line to match the following entry:
      Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256, arcfour128,aes128-cbc,3des-cbc
    3. Press the Esc key.
    4. Enter wq! and press Enter to exit.
      SSH should no longer display errors on the system.
  12. Reconnect the network cables, after the replacement switch has booted.
    Important: Wait for links to be established on all connected ports (green LEDs).
  13. Verify all status LEDs are green.