The setup of the
Broadcom BES-53248 as a NetApp ONTAP Cluster Switch, is very similar
to the setup of the NetApp CN1610 cluster switch (which always was a
Broadcom switch, just re-badged NetApp). So this post is quite
similar to 2017's: NetApp
CN1610 Cluster Switch Notes: How to Setup.
BES-53248
and License Options
The
default license (or no license), allows by default 16 * 10/25 GbE
ports and 2 * 40/100 ports (for the ISL). This blog post will assume
we're just following the default setup. The RCF/ports configuration
needs to be modified if you have licenses to apply.
Image: BES-53248
Cluster Switch
BES
Software
Alas,
it's no longer possible to obtain the switch software (called EFOS)
from NetApp's website, you get directed to:
https://www.broadcom.com/support/bes-switch
You'll need to register for an account. If you don't have an account you need to email:
BES-Support@techdata.com
What
you can do from the NetApp website is download the RCF file,
SHM_Broadcom_BES_53248, and review the switch compatibility matrix
for your version of ONTAP:
https://mysupport.netapp.com/site/products/all/details/broadcom-cluster-switches/downloads-tab
https://mysupport.netapp.com/site/info/broadcom-cluster-switch
1)
Initial Cluster Switch Setup Script
Note: Full
instructions are available at docs.netapp.com under Configuring
a new Broadcom-supported BES-53248 cluster switch.
Connect
a laptop to the switch’s console (RJ45) port (115200 baud).
Out-of-the-factory, the default BES-53248 login is admin with
no password, and you will be prompted to change it to a
secure password on first login.
username
= admin
password
= {blank}
Note: NetApp123#!
will work as a secure password.
You
will initially be in the user USER command mode: >
From
> , copy and paste the
below script, with the highlighted entries updated accordingly:
en
hostname SWITCH_NAME
serviceport protocol none
y
network protocol none
y
serviceport ip SWITCH_IP
NETWORK_MASK GATEWAY
show serviceport
show network
Note: Type ‘en’
or ‘enable’ to get from the USER command mode - >
- to the EXEC mode - #
2)
Cluster Switch OS and RCF File
To
check EFOS and RCF, run the below commands - the RCF version is
listed in running-config.
Note: Brand new
switches might be running the correct EFOS version, but are unlikely
to have had the RCF applied.
(BES_SW1) # show version
(BES_SW1) # show running-config
Upgrading
EFOS and/or the RCF requires a TFTP/FTP/SFTP server (sometimes if the
upload fails one, you have better luck trying a different one.)
Note: In the below,
you only need to run 'copy active backup' if the active is different
to the backup.
show
version
show
bootvar
copy
active backup
show
bootvar
ping
{YOUR_TFTP_SERVER}
copy
tftp://{YOUR_TFTP_SERVER}/EFOS.3.4.4.6.stk
active
show
bootvar
copy
tftp://{YOUR_TFTP_SERVER}/BES-53248_RCF_v1.6-Cluster-HA.txt
nvram:script BES-53248_RCF_v1.6-Cluster-HA.scr
script
list
script
apply BES-53248_RCF_v1.6-Cluster-HA.scr
show
port all | exclude Detach
show
running-config
write
memory
y
reload
y
show
version
3) Configuring
DNS, NTP, and SSH
Configure DNS, NTP and
SSH using the commands below with the highlighted entries updated
accordingly (from the #
prompt):
#DNS
configure
ip
domain name {YOUR_DOMAIN}
ip
name server {DNS_IP_1}
{DNS_IP_2}
exit
#NTP
configure
sntp
client mode unicast
sntp
server {NTP SERVER 1 IP}
sntp
server {NTP SERVER 2 IP}
clock
timezone 0 zone UK
exit
#SSH
show
ip ssh
config
crypto
key generate rsa
crypto
key generate dsa
crypto
key generate ecdsa 521
exit
ip
ssh server enable
show
ip ssh
4) Passwords
To change the current
logged in user’s password:
(BES_SW1)
> password
If you want to set an
enable password:
(BES_SW1)
# enable password PASSWORD
IMPORTANT) Saving
Changes!
To save changes so that
they are persistent to reboots:
(BES_SW1)
# write memory
~~~
2021.09.23: Security recommendation to disable the BMC on BES-53248 switches:
#Disable access to the BMC
(switch1) > enable
(switch1) #
(switch1) # linuxsh
# ipmitool raw 0x32 0x6a 0x20 0x0 0x0 0x0 0x0 0x46 0x46 0x46 0x46 0x46 0x46 0x46 0x46 0x46 0x46 0x46 0x46 0x46 0x46 0x46 0x46 0x0 0xff 0xff 0xff 0xff 0x16 0x0 0x0 0x0 0xe0 0x1 0x0 0x0 0xff 0x0
Optionally set bogus IP address to disable it from being active on the network:
(switch1) # ipmitool lan set 1 ipsrc static
(switch1) # ipmitool lan set 1 ipaddr 1.1.1.2
(switch1) # ipmitool lan set 1 netmask 255.255.255.252
(switch1) # ipmitool lan set 1 defgw ipaddr 1.1.1.1
(switch1) # ipmitool mc reset cold
Disable Password Lockout:
(switch1) (Config)# passwords lock-out 0
Another excellent article. Thank you Cosonok.
ReplyDeleteHi Unknown. Many thanks for the comment. Cheers, VC
DeleteHello. Quick question. When you download the software you are left with a zip file. Do I rename this to .stk or unzip and use the stk inside?
ReplyDeleteEFOS Firmware 3.4.4.4.zip
Inside this zip file - FastPath-EFOS-esw-qcp_td3-qcp_td3_x86_64-LX44R-CNTRF-BD6IOQHr3v4m4b4_signed.stk
Hello Bessler, apologies for the slow reply. I'm sure you have your answer already. I can't remember but 99% sure you unzip to reveal the stk file inside the zip and use the stk file. You can rename the horribly long named stk file to a simpler name. Cheers, VC
Delete