This is a continuation of my notes on Basic Configuration in Ciena SAOS. This page covers configuring a Ciena SAOS device for remote management.
SAOS defaults to a management VLAN of 127 with DHCP client enabled. The CN3911 has the management VLAN on the upstream ports (9 & 10) while the LE-311v has it enabled on all ports.
CN 3911> vlan show
+-----------------------------------------------------------------------------+
|VLAN| | Ports 1 |
| ID | VLAN Name |1234567890 |
+----+--------------------------------+---------------------------------------+
| 1|Default |xxxxxxxxxx |
| 127|Mgmt | xx |
+----+--------------------------------+---------------------------------------+
CN 3911> dhcp client show
+------------------- DHCP CLIENT STATE --------------------+
| Parameter | Value |
+------------------------------------+---------------------+
| Interface Name | remote |
| Admin State | Enabled |
| Oper State | Enabled |
| DHCP State | Bound |
| Discovery Interval | 30 |
| Lease Time (days hh:mm:ss) | 1:00:00:00 |
| Lease Remaining (seconds) | 82489 |
| Renewal (T1) Time (seconds) | 43200 |
| Rebinding (T2) Time (seconds) | 75600 |
| DHCP Server | 192.168.200.1 |
+------------------------------------+---------------------+
+--------------------- DHCP/BOOTP OPTIONS STATE ---------------------------+
| Option | Description | State | Value |
+--------+---------------------------+-------+-----------------------------+
| 1 | Subnet Mask Option | On | 255.255.255.0 |
| 2 | Time Offset Option | On | |
| 3 | Router Option | On | 192.168.200.1 |
| 6 | Domain Name Server Option | On | 172.31.254.1 |
| | | | 172.31.254.2 |
| 7 | Log Server Option | On | |
| 12 | Host Name Option | On | |
| 15 | Domain Name Option | On | |
| 42 | NTP Servers Option | On | |
| 51 | Lease Time Option | Off | |
| 66 | Tftp Server Name Option | On | |
| 67 | Bootfile Name Option | On | |
+--------+---------------------------+-------+-----------------------------+
Disable DHCP client with:
dhcp client disable
Set a management IP address with:
interface remote set ip 192.168.200.2 subnet 255.255.255.0 gateway 192.168.200.1
You can set different terms (ip, subnet, gateway) all together or one at a time.
Verify the management interface settings with:
interface remote show
Example:
CN 3911> interface remote show
+----------------------------------- remote -----------------------------------+
| Parameter | Operational | User | DHCP |
+----------------------+-------------------+-----------------+-----------------+
| IP Address | 192.168.200.2 | 192.168.200.2 | 0.0.0.0 |
| Subnet Mask | 255.255.255.0 | 255.255.255.0 | 0.0.0.0 |
+----------------------+-------------------+-----------------+-----------------+
| Index | 2 | | |
| Admin State | Enabled | | |
| Oper State | Enabled | | |
| Broadcast Address | 192.168.200.255 | | |
| MAC Address | 00:02:a1:XX:XX:XX | | |
| VLAN | 127 | | |
| Priority | 7 | | |
| MTU | 1500 | | |
+----------------------+-------------------+-----------------+-----------------+
Set location:
snmp set location "Anytown, WI"
Set contact:
snmp set contact noc@example.net
SNMP communities are managed under access-entry. You can see the list of configured communities with:
snmp show access-entry
By default there are entries for public and private on SNMP v1 & v2c: CN 3911> snmp show access-entry
+----------------+---+------+----------------+----------------+----------------+
|Group |Sec|Sec |ReadView |WriteView |NotifyView |
|Name |Mod|Level | | | |
+----------------+---+------+----------------+----------------+----------------+
|public |v1 |noAu |V12cView | |V12cView |
|public |v2c|noAu |V12cView | |V12cView |
|private |v1 |noAu |V12cView |V12cView |V12cView |
|private |v2c|noAu |V12cView |V12cView |V12cView |
+----------------+---+------+----------------+----------------+----------------+
We want to remove all of these and set our own v2c community with a normal ReadView.
Removing the preconfigured communities:
CN 3911> snmp delete access-entry public sec-level noAuth sec-model v1
CN 3911> snmp delete access-entry public sec-level noAuth sec-model v2c
CN 3911> snmp delete access-entry private sec-level noAuth sec-model v1
CN 3911> snmp delete access-entry private sec-level noAuth sec-model v2c
Add community BlahSec:
CN 3911> snmp create access-entry BlahSec sec-model v2c sec-level noAuth read-view V12cView
Verify:
CN 3911> snmp show access-entry
+----------------+---+------+----------------+----------------+----------------+
|Group |Sec|Sec |ReadView |WriteView |NotifyView |
|Name |Mod|Level | | | |
+----------------+---+------+----------------+----------------+----------------+
|BlahSec |v2c|noAu |V12cView | | |
+----------------+---+------+----------------+----------------+----------------+