Sun Microsystems, Inc.  Sun System Handbook - ISO 4.1 October 2012 Internal/Partner Edition
   Home | Current Systems | Former STK Products | EOL Systems | Components | General Info | Search | Feedback

Asset ID: 1-79-1387761.1
Update Date:2012-03-22
Keywords:

Solution Type  Predictive Self-Healing Sure

Solution  1387761.1 :   How to replace Netra CP3140/CP3240 switch blade for Netra CT900 platform/chassis  


Related Items
  • Sun Netra CT900 Server
  •  
Related Categories
  • PLA-Support>Sun Systems>SAND>Network>SN-SND: Sun Network Interfaces
  •  
  • .Old GCS Categories>Sun Microsystems>Boards>NEBS-Certified Servers
  •  
  • .Old GCS Categories>Sun Microsystems>Operating Systems>Solaris Network
  •  


High level flow of how to replace Netra CP3140/3240 switch blade for Netra CT900 platform/chassis.  Each customer has slightly different set up or implementation; thus, customer will need to fill in the details.  This document serves as guide on how the replacement should be done generically.

In this Document
  Purpose
  How to replace Netra CP3140/CP3240 switch blade for Netra CT900 platform/chassis
     --- Goal ---
     --- Solution ---


Applies to:

Sun Netra CT900 Server - Version: Not Applicable to Not Applicable - Release: N/A to N/A
Information in this document applies to any platform.

Purpose

To help the Field Engineer and customer understand the over-all procedure of replacing Netra CP3140/3240 switch blade.

How to replace Netra CP3140/CP3240 switch blade for Netra CT900 platform/chassis

--- Goal ---

The goal is to guide both Field Engineer and customer on how to prepare and perform Netra CP3140/3240 replacement.

--- Solution ---

REQUIREMENT & NOTE:

A. An accessible TFTP server is required; it is critical to make sure the switch blade has access to a TFTP server.  This TFTP server is where the switch firmware and configuration binary backup are stored.

B. There are 4 upgrade to upgrade firmware in total: Switch 7B (BASE fabric of slot 7), 7E (EXTENDED fabric of slot 7), 8B, and 8E.

C. Showing an example of the switch 7B, and this has to be repeated for 7E, 8B, and 8E as well.

E. The following steps provides generic steps, and customer should fill in the details as each customer had different setup.

F. Might not have to follow all the steps if initial procedure, that set up a brand new system, exists and could be used.



REPLACING SW BLADE:

1. Log into the Switch blade console (make sure also use "enable" to reach to exclusive mode)

2. Preserve the switch configuration:

2A. Store the output of "show serviceport" and "show network"

(ATS1160 Base) # show serviceport
IP Address...................................... 192.168.4.2
Subnet Mask .................................... 255.255.255.0
Default Gateway ................................ 192.168.4.1
ServPort Configured Protocol Current ........... None
Burned In MAC Address .......................... 00:20:13:F0:BA:3C
(ATS1160 Base) #

(ATS1160 Base) # show network
IP Address..................................... 192.168.1.2
Subnet Mask.................................... 255.255.255.0
Default Gateway................................ 192.168.1.1
Burned In MAC Address.......................... 00:20:13:F0:B9:D7
Locally Administered MAC Address............... 00:00:00:00:00:00
MAC Address Type............................... Burned In
Network Configuration Protocol Current......... None
Management VLAN ID............................. 1
Web Mode....................................... Enable
Java Mode...................................... Enable
(ATS1160 Base) #

If one of the above has all 0 IP (0.0.0.0), it is not set and thus no need to preserve

2B. Store the configuration as binary (both commands are needed):

(ATS1160 Base) # copy system:running-config nvram:startup-config

(ATS1160 Base) # copy nvram:startup-config tftp://<tftp server IP>/<desired directory and file name>

will be saved in the /tftpboot directory of the tftp server.

Here is an example:

(ATS1160 Base) # copy system:running-config nvram:startup-config

This operation may take a few minutes.
Management interfaces will not be available during this time.

Are you sure you want to save? (y/n) y

Configuration Saved!

(ATS1160 Base) # copy nvram:startup-config tftp://192.168.4.1/switch.cfg

3. Repeat step 2 for the FABRIC

4. Replace the blade

5. Configure either the "serviceport" or "network" according to the output of 2A

(ATS1160 Base) # serviceport protocol none
(ATS1160 Base) # serviceport ip 192.168.4.2 255.255.255.0 192.168.4.1

(ATS1160 Base) # network parms 192.168.1.2 255.255.255.0 192.168.1.1

6. Check the switch firmware version using "show hardware"

7. Upgrade/downgrade the switch firmware to the desire level (Please refer to the section "UPGRADE SW FIRMWARE" below).

8. Restore the switch configuration using one of the following command:

(ATS1160 Base) # copy tftp://<tftp server IP>/<directory and file name> system:running-config

or

(ATS1160 Base) # copy tftp://<tftp server IP>/<directory and file name> nvram:startup-config

Here is an example:

(ATS1160 Base) # copy tftp://192.168.4.1/switch.cfg system:running-config

Download configuration file. Current configuration will be cleared.

Are you sure you want to start? (y/n) y
Configuration update completed successfully.

(ATS1160 Base) #

9. Configuration any other parameters that are not covered by step 5 and 8.

10. If using ssh as exclusive method to administrate the switch blade, also need to generate and upload ssh Certificate files and enable ssh.  Please refer to the section "GENERATE AND UPLOAD CERTIFICATE FILE FOR SSH ACCESS" below.

11. The following applies for both CP3140/3240.

To enable ssh:  ip ssh server

To disable ssh:  no ip ssh server

12. Reboot the BASE using "reload"

13. Repeat step 5 to 12 for the FABRIC

14. Repeat step 2 to 13 for another switch blade




UPGRADE SW FIRMWARE:

1. Configure the Switch management port (serviceport).

2. Copy the image to the TFTP server. Be sure to backup the switch configuration to the TFTP server as well.

3. Make sure the TFTP server is pingable.

4. Use copy command to copy the firmware from TFTP server to the switch:

(ATS1160 Base) # ping 192.168.4.102

Send count=3, Receive count=3 from 192.168.4.102

(ATS1160 Base) # copy tftp://192.168.4.102/cp3140.1.7.1.0.tgz system:image

Mode........................................... TFTP
Set TFTP Server IP............................. 192.168.4.102
TFTP Path...................................... ./
TFTP Filename.................................. cp3140.1.7.1.0.tgz
Data Type...................................... Code

Are you sure you want to start? (y/n) y
TFTP Code transfer starting...
Extracting components...
Detecting IPMC...
Switching from 115200 to 38400 baud.
Updating IPMC Firmware...
Saving FRU Contents...
Ready for Firmware Download.
Transferring IPMC Firmware Image...
0%......100%
Transfer took 7m 21s.
Firmware Download Successful.
Programming IPMC Firmware...........................
Firmware Update Successful.
Operating System Matches. Skipping Update.

File transfer operation completed successfully.

(ATS1160 Base) #

When upgrading the firmware for FABRIC, it is faster than BASE because there is no need to load the IPMC firmware.

5. The new firmware will not become active until the switch unit is rebooted.

(ATS1160 Fabric) # reload

The system has unsaved changes.
Would you like to save them now? (y/n) y

Configuration Saved!
System will now restart!
The Switch Driver has been reset at the request of the user - sim.c
...

6. Use "show hardware" command to confirm the new firmware version.

7. Reload the SW configuration

8. Repeat the above for all other switch fabrics.




GENERATE AND UPLOAD CERTIFICATE FILE FOR SSH ACCESS:

There are 4 scripts in total. Just needs to copy them onto a UNIX machine, and execute those scripts to generate the certificate. In the manual, only the first two are script (and attached in the end of
APPENDIX below), the others are configuration files. In fact, only the first one is executable without any error, the second one requires openssl package to be installed.

Execute the sshKeygen.sh script, and upload the key files to the switch (using "copy" command) as following ( and lists are shown in "Appendix C: Management Security" of CP3140/3240 Switch Software Reference Manual --- and please remember to copy all the certificate files ):

copy tftp://192.168.77.122/rsa1.key nvram:sshkey-rsa1

Here is a list of all the key files:
  • rsa1.key nvram:sshkey-rsa1
  • rsa2.key nvram:sshkey-rsa2
  • dsa.key nvram:sshkey-dsa
  • dh512.pem nvram:sslpem-dhweak
  • dh1024.pem nvram:sslpem-dhstrong
  • server.pem nvram:sslpem-server
  • rootcert.pem nvram:sslpem-root
(Only couple of them are generated by the sshKeygen.sh --- and they are sufficient. The rest are generated by other scripts or configuration files --- needed by the openssl if in use.)


Attachments
This solution has no attachment
  Copyright © 2012 Sun Microsystems, Inc.  All rights reserved.
 Feedback