# Management Configuration in Ciena SAOS *June 18, 2014* — https://jade.wtf/tech-notes/ciena-saos-management/ Tags: Ciena --- This is a continuation of my notes on [Basic Configuration in Ciena SAOS](/ciena-saos-basic/). This page covers configuring a Ciena SAOS device for remote management. ## In-band management SAOS defaults to a management VLAN of 127 with DHCP client enabled. The CN3911 has the management VLAN on the upstream ports (9 & 10) while the LE-311v has it enabled on all ports. CN 3911> vlan show +-----------------------------------------------------------------------------+ |VLAN| | Ports 1 | | ID | VLAN Name |1234567890 | +----+--------------------------------+---------------------------------------+ | 1|Default |xxxxxxxxxx | | 127|Mgmt | xx | +----+--------------------------------+---------------------------------------+ CN 3911> dhcp client show +------------------- DHCP CLIENT STATE --------------------+ | Parameter | Value | +------------------------------------+---------------------+ | Interface Name | remote | | Admin State | Enabled | | Oper State | Enabled | | DHCP State | Bound | | Discovery Interval | 30 | | Lease Time (days hh:mm:ss) | 1:00:00:00 | | Lease Remaining (seconds) | 82489 | | Renewal (T1) Time (seconds) | 43200 | | Rebinding (T2) Time (seconds) | 75600 | | DHCP Server | 192.168.200.1 | +------------------------------------+---------------------+ +--------------------- DHCP/BOOTP OPTIONS STATE ---------------------------+ | Option | Description | State | Value | +--------+---------------------------+-------+-----------------------------+ | 1 | Subnet Mask Option | On | 255.255.255.0 | | 2 | Time Offset Option | On | | | 3 | Router Option | On | 192.168.200.1 | | 6 | Domain Name Server Option | On | 172.31.254.1 | | | | | 172.31.254.2 | | 7 | Log Server Option | On | | | 12 | Host Name Option | On | | | 15 | Domain Name Option | On | | | 42 | NTP Servers Option | On | | | 51 | Lease Time Option | Off | | | 66 | Tftp Server Name Option | On | | | 67 | Bootfile Name Option | On | | +--------+---------------------------+-------+-----------------------------+ ### Setting a static management address Disable DHCP client with: dhcp client disable Set a management IP address with: interface remote set ip 192.168.200.2 subnet 255.255.255.0 gateway 192.168.200.1 You can set different terms (ip, subnet, gateway) all together or one at a time. Verify the management interface settings with: interface remote show Example: CN 3911> interface remote show +----------------------------------- remote -----------------------------------+ | Parameter | Operational | User | DHCP | +----------------------+-------------------+-----------------+-----------------+ | IP Address | 192.168.200.2 | 192.168.200.2 | 0.0.0.0 | | Subnet Mask | 255.255.255.0 | 255.255.255.0 | 0.0.0.0 | +----------------------+-------------------+-----------------+-----------------+ | Index | 2 | | | | Admin State | Enabled | | | | Oper State | Enabled | | | | Broadcast Address | 192.168.200.255 | | | | MAC Address | 00:02:a1:XX:XX:XX | | | | VLAN | 127 | | | | Priority | 7 | | | | MTU | 1500 | | | +----------------------+-------------------+-----------------+-----------------+ ## Configure SNMP Set location: snmp set location "Anytown, WI" Set contact: snmp set contact noc@example.net SNMP communities are managed under access-entry. You can see the list of configured communities with: snmp show access-entry By default there are entries for public and private on SNMP v1 & v2c: CN 3911> snmp show access-entry +----------------+---+------+----------------+----------------+----------------+ |Group |Sec|Sec |ReadView |WriteView |NotifyView | |Name |Mod|Level | | | | +----------------+---+------+----------------+----------------+----------------+ |public |v1 |noAu |V12cView | |V12cView | |public |v2c|noAu |V12cView | |V12cView | |private |v1 |noAu |V12cView |V12cView |V12cView | |private |v2c|noAu |V12cView |V12cView |V12cView | +----------------+---+------+----------------+----------------+----------------+ We want to remove all of these and set our own v2c community with a normal ReadView. Removing the preconfigured communities: CN 3911> snmp delete access-entry public sec-level noAuth sec-model v1 CN 3911> snmp delete access-entry public sec-level noAuth sec-model v2c CN 3911> snmp delete access-entry private sec-level noAuth sec-model v1 CN 3911> snmp delete access-entry private sec-level noAuth sec-model v2c Add community BlahSec: CN 3911> snmp create access-entry BlahSec sec-model v2c sec-level noAuth read-view V12cView Verify: CN 3911> snmp show access-entry +----------------+---+------+----------------+----------------+----------------+ |Group |Sec|Sec |ReadView |WriteView |NotifyView | |Name |Mod|Level | | | | +----------------+---+------+----------------+----------------+----------------+ |BlahSec |v2c|noAu |V12cView | | | +----------------+---+------+----------------+----------------+----------------+ --- © 2014 Jade Angrboða.