SSM160 CLI
Description
The SSM (Security Switch Module) is the networking module of the gateway. The SSM transmits traffic to and from the SGM and performs the load distribution among the SGMs.
The SSM includes two modules:
- Fabric switch - includes the Data ports
- Base switch - includes the Management ports.
Most of the communication with the SSM is done automatically by SNMP requests from the SGM but on some events connecting directly to the SSM can be useful.
Configuration
Connection to the SSM CLI can be established in two ways:
- The administrator can connect with a serial console to the "CLI" port on the SSM front panel (baud rate 9600).
- From one of the SGMs use SSH to connect to the SSM.
The SSM IPs can be retrieved from CLISH/GCLISH:- show Chassis id <1|2|all> module SSM<1|2> ip
- The password for the SSM is admin.
- Once connected to the SSM CLI you can do the following:
View the current configuration
# show running-config <feature name> Since the entire configuration is very long it is recommended to specify the feature that you are interested in its configuration. For example, show running-config load-balance to see the Load Balance configuration. You can press tab to see a complete list of the features.
View current ports status
#show port
View detailed port information (speed, administrative state, link state, etc.) #show port <port id>
View interface statistics
# show port <port_id> statistics
T-HUB4#show port 1/3/1 statistics
===============================================================================
Port Statistics
===============================================================================
Input Output
-------------------------------------------------------------------------------
Unicast Packets 5003 7106
Multicast Packets 568409 1880
Broadcast Packets 122151 1972
Flow Control 0 0
Discards 16 0
Errors 0 0
--------------------------------------------------------------------------------
Total 695563 10958
===============================================================================
===============================================================================
Ethernet Statistics in Packets
===============================================================================
RX CRC Errors 0 TX Collisions 0
RX Undersize 0
-------------------------------------------------------------------------------
Input Output
-------------------------------------------------------------------------------
Fragments 0 0
Oversize 0 0
Jabbers 0 0
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
Packets Input and Output
-------------------------------------------------------------------------------
Octets 71085491
Packets 706521
Packets of 64 Octets 2290
Packets of 65 to 127 Octets 689951
Packets of 128 to 255 Octets 4122
Packets of 256 to 511 Octets 6009
Packets of 512 to 1023 Octets 258
Packets of 1024 to 1518 Octets 994
Packets of 1519 or more Octets 0
--------------------------------------------------------------------------------
Total 695563 10958
===============================================================================
===============================================================================
Rates in Bytes per Second
===============================================================================
Input Output
Rate for last 10 sec 1477 25
Rate for last 60 sec 1435 50
===============================================================================
Pay special intention to "Discards" and "Errors" fields which might indicate on a problem if they are constantly increasing.
View SSM logs #unhide private (default password is "private") #show private shell # tail /var/log/messages
Modify load distribution SGM group # configure terminal (config)# load-balance mtx-bucket 1 buckets [<SGM ID><SGM ID>:<SGM ID><SGM ID>…] (config)# commit (config)# exit #load-balance apply
Note
You need to provide a full list of the SGMs as the SGM list parameter to the load-balance mtx-bucket command.
Otherwise, traffic might be dropped on the SSM.
Switch between Ports modes for 40G ports (4X10G or 1X40G): #unhide private (default password is "private") #show private shell For switching to 1X40G mode: # /batm/binux/bin/ub_util -s ahub4_40G yes For switching to 4X10G mode: # /batm/binux/bin/ub_util -s ahub4_40G # exit #config terminal (config)#system reload Note This procedure requires to reload the SSM. It is recommended to do it one SSM at a time.
View the current version information #show version
Logout from current session #logout
Changing SSM160 admin password
Login via SSH/Serial console to an SGM which resides in the same Chassis you wish to change SSMs password
From Expert shell Login to either of the SSMs in the Chassis using: ssh admin@ssm<ssm_id>
Enter admin password when prompted.
In SSMs shell run the following commands:
#conf t
#system security user admin
#password
Enter new password
#commit
#end
#logout
Notes
This procedure should be done separately on each SSM in the system.
This procedure does not cause any traffic interruption
Example
# ssh ssm2
admin@ssm2's password:
BATM T-HUB4
admin connected from 198.51.100.215 using ssh on T-HUB4
T-HUB4#conf t
Entering configuration mode terminal
T-HUB4(config)#system security user admin
T-HUB4(config-user-admin)#password
(<MD5 digest string>): *****
T-HUB4(config-user-admin)#commit
Commit complete.
T-HUB4(config-user-admin)#end
T-HUB4#log
Connection to ssm2 closed.
Each port ID on the SGM maps to a port on the SSM. Below table maps SSM port ID to SGM port ID. Note that this table relates to SSM1. For SSM2 replace eth1-X with eth2-X:
SGM
|
SSM
|
eth1-01
|
1/3/1
|
eth1-02
|
1/3/2
|
eth1-03
|
1/3/3
|
eth1-04
|
1/3/4
|
eth1-05
|
1/3/5
|
eth1-06
|
1/3/6
|
eth1-07
|
1/3/7
|
eth1-Sync
|
1/3/8
|
eth1-09
|
1/1/1
|
eth1-10
|
1/1/2
|
eth1-11
|
1/1/3
|
eth1-12
|
1/1/4
|
eth1-13
|
1/1/5
|
eth1-14
|
1/1/6
|
eth1-15
|
1/1/7
|
eth1-16
|
1/1/8
|
eth1-Mgmt1
|
1/5/1
|
eth1-Mgmt2
|
1/5/2
|
eth1-Mgmt3
|
1/5/3
|
eth1-Mgmt4
|
1/5/4
|
Verification
To verify that you have connectivity to the SSMs from the SGMs ping all the SSM modules IPs. You can also verify that SNMP connectivity is available by running from SGM shell: asg_chassis_ctrl get_ssm_firmware all
|