Boot Options

System Initialization

Depending on the chassis, the primary copy of 7705 SAR software is located either on a removable compact flash card that is shipped with the 7705 SAR router or in the router on-board flash memory. The compact flash (cf3) contains a copy of the 7705 SAR image, the bootstrap file (boot.ldr), and the boot options file (BOF). The compact flash can also be used to store configurations and executable images. These configurations and images can also be stored at an FTP file location.

The following chassis have removable compact flash cards:

  • 7705 SAR-8 Shelf V2

  • 7705 SAR-18

  • 7705 SAR-H

  • 7705 SAR-M

All other chassis have integrated memory that cannot be removed.

Note: In most cases you must have a console connection to access the node when there is no network connectivity to the node. Some commands can be given to the node through the ACO/LT button before there is network connectivity. See Automatic Discovery Protocol. Also see the appropriate chassis installation guide, ‟Automatic Discovery Protocol”.

Starting a 7705 SAR begins with hardware initialization (a reset or power cycle). By default, the system searches the compact flash (cf3) for the boot.ldr file (also known as the boot loader or bootstrap file). The boot.ldr file is the image that reads and executes the system initialization commands configured in the BOF. The default value to initially search for the boot.ldr file on cf3 cannot be modified.

If the system cannot load or cannot find the boot.ldr file on the compact flash memory device (cf3), the system reboots continuously in an attempt to successfully find and load the file. If this happens, the available options depend on the chassis.

For the 7705 SAR-8 Shelf V2 and 7705 SAR-18, there are two options:

  • remove the compact flash, connect it to a PC, and download another software package from OLCS; contact your Nokia support representative for detailed instructions

  • return the faulty CSM to Nokia for replacement

For the 7705 SAR-M, there are two options:

  • remove the compact flash, connect it to a PC, and download another software package from OLCS; contact your Nokia support representative for detailed instructions

  • return the faulty chassis to Nokia for replacement

For the 7705 SAR-H, there are one or two options:

  • if the compact flash is accessible, connect it to a PC, and download another software package from OLCS; contact your Nokia support representative for detailed instructions

  • return the faulty chassis to Nokia for replacement

For the 7705 SAR-A, 7705 SAR-Ax, 7705 SAR-Hc, 7705 SAR-Wx, and 7705 SAR-X, return the faulty chassis to Nokia for replacement.

When the bootstrap image is loaded, the BOF is read to obtain the location of the image and configuration files. The BOF should be located on the same compact flash drive as the boot.ldr file. If the BOF cannot be found or loaded, the system prompts the user for alternate software and configuration file locations.

The following example displays the output when the boot sequence is interrupted.

. . .

Hit a key within 3 seconds to change boot parms... 
You must supply some required Boot Options. At any prompt, you can type:
   "restart" - restart the query mode.
   "reboot"  - reboot.
   "exit"    - boot with existing values.

Press ENTER to begin, or 'flash' to enter firmware update...

Software Location
-----------------
   You must enter the URL of the TiMOS software.
   The location can be on a Compact Flash device,
   or on the network.

   Here are some examples
      cf3:/timos2.0R1
      ftp://user:passwd@192.168.xx.xxx/./timos2.0R1
      tftp://192.168.xx.xxx/./timos2.0R1

The existing Image URL is 'ftp://*.*@192.168.xx.xxx/./rel/0.0/xx'
Press ENTER to keep it.
Software Image URL: 
Using: 'ftp://*.*@192.168.xx.xxx/./rel/0.0/xx'

Configuration File Location
---------------------------
   You must enter the location of configuration
   file to be used by TiMOS. The file can be on
   a Compact Flash device, or on the network.

   Here are some examples
      cf1:/config.cfg
      ftp://user:passwd@192.168.xx.xxx/./config.cfg
      tftp://192.168.xx.xxx/./config.cfg

The existing Config URL is 'cf3:/config.cfg'
Press ENTER to keep it, or the word 'none' for no Config URL.
Config File URL: 
Using: 'cf3:/config.cfg'

Network Configuration
---------------------
   You specified a network location for either the
   software or the configuration file. You need to
   assign an IP address for this system.

   The IP address should be entered in standard
   dotted decimal form with a network length.
       example:   192.168.xx.xxx/24

Display on Non-Redundant Models


The existing IP address is 192.168.xx.xxx/20. Press ENTER to keep it.
Enter IP Address: 
Using: 192.168.xx.xxx/20

Display on Redundant Models


The existing Active IP address is 192.168.xx.xxx/20. Press ENTER to keep it.
Enter Active IP Address: 
Using: 192.168.xx.xxx/20

The existing Standby IP address is 192.168.xx.xxx/20. Press ENTER to keep it.
Enter Standby IP Address (Type 0 if none desired): 
Using: 192.168.xx.xxx/20


Would you like to add a static route? (yes/no) y           

Static Routes
-------------
   You specified network locations which require
   static routes to reach. You will be asked to
   enter static routes until all the locations become
   reachable.

   Static routes should be entered in the following format:
   prefix/mask next-hop ip-address
       example:     192.168.xx.xxx/16 next-hop 192.168.xx.xxx

Enter route: 1.x.x.0/24 next-hop 192.168.xx.xxx
OK

Would you like to add another static route? (yes/no) n

New Settings
------------
    primary-image    ftp://*.*@192.168.xx.xx/./rel/0.0/xx
    primary-config   cf3:/config.cfg
    address          192.168.xx.xx/20 active
    primary-dns      192.168.xx.xx
    dns-domain       xxx.xxx.com
    static-route     1.x.x.0/24 next-hop 192.168.xx.xxx
    autonegotiate
    duplex           full
    speed            100
    wait             3
    persist          off

Do you want to overwrite cf3:/bof.cfg with the new settings? (yes/no): y

Successfully saved the new settings in cf3:/bof.cfg

System Initialization - Part 1 displays the system initialization sequence.

Figure 1. System Initialization - Part 1

Files on the Compact Flash displays the compact flash directory structure and filenames.

Figure 2. Files on the Compact Flash

Files on the compact flash are:

  • bof.cfg — boot options file

  • boot.ldr — bootstrap image

  • config.cfg — default configuration file

  • TiMOS-m.n.Yz:

    m — major release number

    n — minor release number

    Y: type of release

    • A — Alpha release

    • B — Beta release

    • M — maintenance release

    • R — released software

    z — version number

    • both.tim — CSM image file

    • support.tim — field-programmable gate array (FPGA) file

    • hmac-sha256.txt

Note:
  • The support.tim file is included in the software bundles for the following platforms only: 7705 SAR-8 Shelf V2, 7705 SAR-18, 7705 SAR-H, 7705 SAR-M, and 7705 SAR-X.

  • The hmac-sha256.txt file is supported in FIPS-140-2 mode only. See FIPS-140-2 Mode for more information.

Configuration and Image Loading

When the system executes the boot.ldr file, the initialization parameters from the BOF are processed. Three locations can be configured for the system to search for the files that contain the runtime image. The locations can be local or remote. The first location searched is the primary image location. If not found, the secondary image location is searched, and lastly, the tertiary image location is searched.

If the files cannot be found or loaded, the system enters a console message dialog session prompting the user to enter alternate file locations and filenames.

When the runtime image is successfully loaded, control is passed from the bootstrap loader to the image. Depending on the options in the BOF file, the runtime image loads the configuration in one of two ways.

If ADP is enabled, no configuration files are processed at startup. Instead, ADP discovers the node configuration from the network and the primary-config file is generated based on the configuration discovered by ADP. Any existing primary-config file is backed up, then overwritten.

If ADP is not enabled, the runtime image attempts to locate the configuration file as configured in the BOF. Like the runtime image, three locations can be configured for the system to search for the configuration file. The locations can be local or remote. The first location searched is the primary configuration location. If not found, the secondary configuration location is searched, and lastly, the tertiary configuration location is searched.

The configuration file includes chassis, CSM, adapter card and port configurations, as well as system, routing, and service configurations.

System Initialization - Part 2 displays the boot sequence.

Figure 3. System Initialization - Part 2

System Initialization With ADP shows the boot sequence if Automatic Discovery Protocol (ADP) is run on the system.

Figure 4. System Initialization With ADP

Persistence

The BOF persist parameter can specify whether the system should preserve system indexes when a save command is executed. During a subsequent boot, the index file is read along with the configuration file. As a result, a number of system indexes are preserved between reboots, including the interface index, LSP IDs, and path IDs. If persistence is not required and the configuration file is successfully processed, the system becomes operational. If persistence is required, a matching x.ndx file must be located and successfully processed before the system can become operational. Matching files (configuration and index files) must have the same filename prefix, such as test123.cfg and test123.ndx, and are created at the same time when a save command is executed. The persistence option must be enabled to deploy the Network Management System (NMS). The default is off.

Traps, logs, and console messages are generated if problems occur, and SNMP shuts down for all SNMP gets and sets; however, traps are issued.

Automatic Discovery Protocol

Automatic Discovery Protocol (ADP) is triggered by a factory-installed boot option and automates the initial commissioning of 7705 SAR nodes. When the 7705 SAR is started for the first time, an ADP keyword in the BOF causes automatic discovery to run as part of the TiMOS application image. See the appropriate chassis installation guide, ‟Automatic Discovery Protocol”, for more information on ADP.

ADP supports null, dot1q, and qinq encapsulation on:

  • all ports on the 6-port Ethernet 10Gbps Adapter card

  • all ports on the 8-port Gigabit Ethernet Adapter card

  • all ports on the 10-port 1GigE/1-port 10GigE X-Adapter card (supported on the 7705 SAR-18 only)

  • all ports on the 6-port SAR-M Ethernet module

  • all Ethernet ports on the 7705 SAR-A, 7705 SAR-Ax, 7705 SAR-H, 7705 SAR-Hc, 7705 SAR-Wx, and 7705 SAR-X

Caution: For XOR ports, ADP will not run successfully if the connection to the network is made from the SFP connector because the default connector is RJ45.
Note: ADP is not supported on the 4-port SAR-H Fast Ethernet module.

When run on the system, ADP goes through four basic stages:

Self-discovery

During the self-discovery stage, all supported adapter cards and CSMs are detected and automatically provisioned. The 7705 SAR then brings up all Ethernet ports. Depending on the physical connectivity of the port, some ports may fail to come up. If at least one port connected to the transport network becomes operationally up, ADP moves to the next stage.

Network Discovery

During the network discovery stage, the 7705 SAR sends a DHCP DISCOVER message from all operational ports. DHCP DISCOVER Message Options describes the DHCP DISCOVER message options.

Table 1. DHCP DISCOVER Message Options

Option

Name

Description

chaddr

Client HW Address

The MAC address of the port

51

Lease Time

Always set to Infinite

60

Class Identifier

The class of 7705 SAR router:

ALU-AD | SAR-8

ALU-AD | SAR-18

ALU-AD | SAR-A

ALU-AD | SAR-Ax

ALU-AD | SAR-H

ALU-AD | SAR-Hc

ALU-AD | SAR-M

ALU-AD | SAR-Wx

ALU-AD | SAR-X

61

Client Identifier

Not sent by default, but can be configured to be the chassis MAC address or an operator-defined string

82

Relay Agent Information

Network uplink information, such as circuit ID and gateway address, added by the relay agent, if applicable

No client identifier is sent by default, but you can configure this option during boot-up, or with the auto-discover command, to be the chassis MAC address or a unique string. During boot-up, you can also configure the VLAN ID for ADP with dot1q or qinq encapsulation.

The ADP network discovery phase is enhanced to automatically scan the entire VLAN range on every datapath Ethernet port on supported cards and nodes. During startup a new node acts as an ADP client and send DHCP discovery packets across the entire VLAN range to automatically discover the Ethernet virtual connection (EVC) VLAN. If at least one DHCP discovery packet reaches a server and that server responds with a DHCP offer packet, the ADP client node registers the new interface against that server's VLAN.

Configuration Discovery

During the configuration discovery stage, the DHCP server receives the DHCP DISCOVER message and replies with a DHCP OFFER message that contains an IP address assigned to the network interface. DHCP OFFER Message Options describes the options included in the DHCP OFFER. If any of the required options are not included, the packet may be dropped and not processed.

Table 2. DHCP OFFER Message Options

Option

Name

Description

Required

yiaddr

Client Ip-Address

The network interface IP address

For network consistency, it is recommended that this IP address be a fixed IP address, not assigned randomly from a DHCP server IP pool

Yes

1

Subnet Mask

The network interface subnet mask

Yes

3

Router

The network interface default gateway

Only the first router is used – all others are ignored

No

12

Host Name

The network interface hostname

No

51

Lease Time

The least time, validated as infinite

Yes

54

Server Address

Identifies the DHCP server

No

67

Bootfile Name

Contains the ADP instructions or a URL to an ADP instructions file

No

DHCP OFFER messages are not dropped if they contain a yiaddr that does not match the local configured subnets on the DHCP relay interface. This applies only to regular IES and VPRN interfaces with no lease-populate configured on the DHCP relay interface.

Option 67 contains further configuration information in the form of keyword text files interpreted by ADP as instructions and executed during the Configuration and Test phases. For basic reachability, option 67 is not mandatory; however, it can be used to send the system IP address of a newly discovered node, making it possible to communicate with the NSP NFM-P and complete ADP.

If a system IP address is made available with the DHCP OFFER and a template configuration file is also executed using the load-cfg keyword, then the system IP address specified in the template configuration file is used instead of the one in the DHCP OFFER.

ADP Instructions describes the keywords used in ADP instructions. A DHCP offer message can contain a maximum of 15 instructions in either the Bootfile Name option, or in an external file referenced by the include keyword. If more than 15 instructions are included, ADP fails to complete and the system generates an error message in the ADP log.

Table 3. ADP Instructions

Keyword

Description

Format

sys-addr

Specifies the system interface IP address and the system base routing instance subnet

sys-addr 10.10.10.1/32

sys-name

Specifies the chassis name

sys-name SITE43_7705

sys-loc

Specifies the chassis location

sys-loc 600_MARCH_ROAD

load-cfg

Specifies the URL of a template configuration file to load into the router's runtime configuration

load-cfg ftp://.....@.../7705.cfg

test-ip

Specifies an IP address that must be successfully pinged before committing configuration and declaring ADP a success

test-ip 192.20.2.30

include

Specifies the URL of a file containing additional ADP instructions

include ftp://.....@.../7705.tmp

Any BOF keyword

Interpreted as instructions to update the specified field in the BOF

As per BOF

Test and Commit

In order for ADP to be declared successful during the test and commit stage, the discovered configuration must contain an IP address. If the optional test-ip keyword is included in the ADP instructions, the node pings the IP address included in the DHCP OFFER message. If ADP is successful, the system stores the configuration and opens an SSH session to provide remote operators access to the router.

ADP can be controlled, without a connected PC or ASCII terminal, by the ACO/LT button on the Fan module. You can use the ACO/LT button to terminate or restart ADP, or reboot the chassis.

Note: The ACO/LT button is not available on the 7705 SAR-A, 7705 SAR-Ax, or 7705 SAR-Wx.

ADP runs in the background to allow continued CLI access for status queries and troubleshooting. Periodic progress updates are sent to the console and can be viewed through a connected PC. Additionally, dump commands are available to display information and detailed logs about ADP during and after running on the system. The logs are not retained over a chassis reboot.

ADP runs only once on a router during initial startup if the automatic discovery is successful. The learned network interface configuration is retained in the local database. On subsequent reboots, the router uses its local database to reload its network configuration. After ADP successfully completes, or if it is manually terminated, the system sends a command to the BOF to remove the ADP keyword. You can terminate ADP at any time while it is running by using the CLI or the ACO/LT button.

Any temporary configuration done by ADP is not stored; however, network configuration and remote access remain enabled to allow the router to be manually provisioned remotely. ADP does not run again on future system reboots unless it is re-enabled via the CLI. If a standby CSM with ADP enabled is inserted into a running system that does not have the ADP keyword in its BOF file, the ADP keyword is automatically removed from the inactive card’s BOF file during reconcile.

FIPS-140-2 Mode

The 7705 SAR provides the fips-140-2 boot command to allow a node to run in FIPS-140-2 mode. This mode limits the use of cryptographic algorithms on both the CSM and data plane to only those that are in accordance with security level 1 of the Federal Information Processing Standards 140 series, version 2 (FIPS-140-2).

FIPS-140-2 mode is supported on the CSM on all 7705 SAR platforms that are equipped with a CSM.

FIPS-140-2 mode is supported on both the CSM and data plane on the following platforms:

  • 7705 SAR-8 Shelf V2 and 7705 SAR-18 when equipped with the following adapter cards:

    • 8-port Gigabit Ethernet Adapter card, version 3

    • 2-port 10GigE (Ethernet) Adapter card

    • 10-port 1GigE/1-port 10GigE X-Adapter card, version 2 (supported on the 7705 SAR-18 only)

  • 7705 SAR-Ax

  • 7705 SAR-H

  • 7705 SAR-Hc

  • 7705 SAR-Wx

  • 7705 SAR-X

On the 7705 SAR-A and 7705 SAR-M, FIPS-140-2 mode is supported on the CSM only.

To support the implementation of FIPS-140-2, the TiMOS software image contains an HMAC-SHA-256 secret key that is verified upon boot-up. When FIPS-140-2 is enabled on the node, an HMAC-SHA-256 integrity check is performed during the loading of the both.tim file to ensure that the calculated HMAC-SHA-256 secret key of the loaded image matches that stored in the hmac-sha256.txt file. This is a signature file that has been added to the TiMOS software image and only applies to FIPS-140-2.

Note: The hmac-sha256.txt file must be stored in the same directory as the TiMOS image.

If the image fails the HMAC-SHA-256 check, the node does not boot up, an error message is displayed, and the node tries to reboot the load after a delay of 60 s. The node keeps trying to reboot until the operator cancels the reboot. If the software image is verified by the HMAC-SHA-256 check, the node boots up normally and a message indicating that the software load has passed verification is displayed.

The node performs its normal boot-up sequence, including reading the config.cfg file and loading the configuration. The config.cfg file that is used to boot the node in FIPS-140-2 mode must not contain any configuration that is not supported by the FIPS-140-2 implementation. If such a configuration is present in the config.cfg file when the node boots up, the node loads the config.cfg file until the unsupported configuration is reached and then stops. A failure message is also displayed.

When the node boots in FIPS-140-2 mode, Cryptographic Module Validation Program (CMVP) startup tests are executed on the CSM and applicable data plane. CMVP conditional tests, such as manual key entry tests, pairwise consistency checks, and RNG tests, are executed when required during normal operation.

CSM and Data Path Security Features and Algorithms in FIPS-140-2 Mode

CSM Algorithms and Data Path Algorithms show the CSM and data path security features and associated algorithms for a 7705 SAR node running in FIPS-140-2 mode.

Table 4. CSM Algorithms

FIPS-140-2

CSM Algorithms

SSHv2

IPSec (IKEv1, IKEv2)

NGE

SNMPv3

SCP, SFTP

IGP, BGP, MPLS

PKI

Authentication

RSA 2048

DSA 1024

Preference to RSA in SSH negotiation

PSK (DH G14, DH G15)

SSH

N/A

SSH

N/A

N/A

Asymmetric Key

DH G14

(P ≥ 2K prime numbers, q > 224)

DH G14, DH G15 (P ≥ 2K prime numbers, q > 224)

SSH

N/A

SSH

N/A

RSA/ DSA 2048

Symmetric Key

AES-CBC (128, 192, 256)

AES-CTR (128, 192, 256)

3DES-CBC

AES-CBC

(128, 192, 256)

3DES-CBC

N/A

AES-128

SSH

N/A

N/A

Hash Algorithm

SHA-1 (128)

–HMAC-MD5

–HMAC-SHA1-96

–HMAC-MD5-96

SHA-1 (128)

SHA-2 (256, 384, 512)

N/A

SHA-1 (SHA-128)

SSH

SHA-1 (128)

SHA-2 (256)

AES-18- CMAC-96

SHA1

SHA-224

SHA-256

SHA-384

SHA-512

Digital Signature

RSA 2048

DSA 1024

N/A

N/A

N/A

N/A

N/A

RSA/ DSA 2048

Note: MD5 algorithms are not blocked from configuration in FIPS-140-2 mode. Although MD5 is not a FIPS-140-2-approved algorithm, it is allowed to be used when running in FIPS-140-2 mode.
Table 5. Data Path Algorithms

FIPS-140-2 Data Path Algorithms

SSHv2

IPSec

NGE/L3 Encryption

SNMPv3

SCP, SFTP

IGP, BGP, MPLS

Authentication

N/A

N/A

N/A

N/A

N/A

N/A

Asymmetric Key

N/A

N/A

N/A

N/A

N/A

N/A

Symmetric Key

N/A

AES-CBC

(128, 192, 256)

3DES-CBC

AES-CBC

(128, 256)

N/A

N/A

N/A

Hash Algorithm

N/A

SHA-1 (128)

SHA-2 (256, 384, 512)

N/A

N/A

N/A

N/A

SSHv2 Approved Algorithms in FIPS-140-2 Mode

The following algorithms, configured using the client-cipher-list or server-cipher-list command, are available for SSHv2 when the node is running in FIPS-140-2 mode:

  • aes128-cbc

  • aes192-cbc

  • aes256-cbc

  • aes128-ctr

  • aes192-ctr

  • aes256-ctr

Initial System Startup Process Overview

System Startup Flow displays the process for starting a system that has a removable compact flash. This example assumes that the boot loader, BOF, and the image and configuration files are successfully located. For a system with a non-removable compact flash, the first step in System Startup Flow does not apply.

Figure 5. System Startup Flow

Boot Loader File Protection

Nokia recommends that the boot loader file on all 7705 SAR platforms be upgraded using a specific command. This command is mandatory on all 7705 SAR platforms that do not have a removable compact flash drive and is part of a mechanism that protects the boot loader file from accidental overwrites on these platforms.

The command checks that the new boot.ldr file is a valid image and that it is at least a minimum supported variant for the hardware platform on which it is being loaded. Once this has been verified, the command overwrites the boot.ldr file that is stored on the system.

Before Upgrading

Before starting the upgrade, all 7705 SAR image files must be copied to the cf3: device on the system. Nokia recommends copying all the image files for a given release into an appropriately named subdirectory off the root directory; for example, cf3:\7705-TiMoS-R6.1.R2. Copying the boot.ldr and other files in a given release to a separate subdirectory ensures that all files for that release are available in case it is necessary to downgrade the software version.

Note: On systems that do not have removable flash drives, you cannot overwrite the boot.ldr file in the root directory on cf3:. Instead, copy the file into a subdirectory, or allow the update boot-loader command to obtain the file from a network address. Nokia strongly recommends following this process for all 7705 SAR systems.

Performing the Upgrade

Upgrade the boot loader file using the command admin>update boot-loader source_url, where the source URL specifies the new boot.ldr filename and its location; for example, in the format cf3:\sub_directory\boot.ldr.

WARNING: The file upgrade command takes several minutes to complete. Do not reset or power off the system, or insert or remove cards or modules, while the upgrade is in progress, as this could render the system inoperable.

On systems with redundant CSMs, the upgraded boot.ldr file can be copied to the secondary CSM by using the command admin>redundancy>synchronize boot-env.

See the latest 7705 SAR Software Release Notes, ‟Standard Software Upgrade Procedure” section, for complete instructions.

Accessing the CLI

There are three ways to access management of the 7705 SAR:

  • console connection

  • Telnet connection

  • SSH connection

To access the CLI to configure the software for the first time, follow these steps:

  1. Ensure that the CSM is installed and power to the chassis is turned on. The 7705 SAR software then automatically begins the boot sequence.

  2. When the boot loader and BOF image and configuration files are successfully located, establish a router connection (console session).

Console Connection

To establish a console connection, you need the following:

Table 6. Console Configuration Parameter Values

Parameter

Value

Baud Rate

115 200

Data Bits

8

Parity

None

Stop Bits

1

Flow Control

None

7705 SAR Console Port displays an example of the Console port on a 7705 SAR front panel.

Figure 6. 7705 SAR Console Port

To establish a console connection:

  1. Connect the terminal to the Console port on the front panel (7705 SAR Console Port) using the serial cable.

  2. Power on the terminal.

  3. Establish the connection by pressing the <Enter> key a few times on your terminal keyboard.

  4. At the router prompt, enter the login and password.

    The default login is admin.

    The default password is admin.

Telnet Connection

Telnet access via a connection to the Management port provides the same options for user and administrator access as those available through the Console port or SSH. You can access the chassis with a Telnet connection from a PC or workstation connected to the network once the following conditions are met:

  • the chassis has successfully initialized

  • Telnet connections have been enabled using the config>system>security>telnet-server (or telnet6-server) command

  • the Management port has been configured using the bof>address command as shown below.

CLI Syntax:
bof 
   address ip-prefix/ip-prefix-length [active | standby]

where:

address is an IPv4 (or IPv6) address

Running Telnet

After the Management port IP address is configured, the CLI can be accessed with a Telnet connection. To establish a Telnet connection, run a Telnet program and issue the telnet command, followed by the Management port IP address.

The following displays an example of a Telnet login:

C:\>telnet 192.168.1.xx1
Login: admin
Password: ########
ALU-1#

The default login is admin.

The default password is admin.

SSH Connection

SSH access via a connection to the Management port provides the same options for user and administrator access as those available through the console port or Telnet; however, SSH is more secure than Telnet. You can access the chassis with an SSH connection from a PC or workstation connected to the network once the following conditions are met:

  • the chassis has successfully initialized

  • the Management port has been configured using the bof>address command as shown below:

CLI Syntax:
bof 
   address ip-prefix/ip-prefix-length [active | standby]

where:

address is an IPv4 or IPv6 address

Note: SSH connection attempts after a reboot may generate key warnings as the node generates new SSH keys on each reboot. To avoid these key warnings, enable key preservation using the config>system>security>ssh>preserve-key command.

Running SSH

After the IP parameters are configured, the CLI can be accessed with an SSH connection. To establish an SSH connection, run an SSH program and issue the SSH command, followed by -l and the username (optional), followed by the IP address.

The following displays an example of an SSH connection with the default admin user (the default password is admin).

C:\>ssh -l admin 192.168.1.xx1
TiMOS-B-0.0.I2263 both/hops NOKIA SAR 7705
Copyright (c) 2016 Nokia.
All rights reserved. All use subject to applicable license agreements.
Built on Wed Jul 30 00:11:49 EDT 2016 by csabuild in /rel0.0/I2263/panos/main

admin@192.168.1.xx1’s password: ########

Accessing MPT Radios Connected to a 7705 SAR

The Wavence MPT Craft Terminal Launcher (MCT Launcher) is an application that runs on a Windows PC. By connecting the PC to the 7705 SAR out-of-band Management (Mgmt) port on the active CSM, local MPT radios can be configured and monitored using this application.

To reach both local and remote MPT radios, the PC must be connected to an Ethernet data port on an adapter card and requires a service access point (SAP) to enable in-band management. An IES service together with a local DHCP server configured on the 7705 SAR provides this capability to on-site technicians.

The following output shows a configuration example for a local DHCP server and an IES service.

A:SAR18>config>port# info
----------------------------------------------
        description ‟Craft Port for MW Technicians”
        ethernet
        exit
        no shutdown
----------------------------------------------

*A:SAR18>config>router>dhcp>server# info
----------------------------------------------
                description ‟DHCP server to serve on-site microwave technician pc”
                pool ‟craft_pool” create
                    description ‟Single address pool”
                    use-gi-address
                    subnet 192.168.1.0/30 create
                        options
                            subnet-mask 255.255.255.252
                            default-router 192.168.1.1
                        exit
                        address-range 192.168.1.2 192.168.1.2
                    exit
                exit
                no shutdown
----------------------------------------------

*A:SAR18>config>service>ies>if$ info
----------------------------------------------
                address 192.168.1.1/30
                dhcp 
                    server 192.168.1.1
                    gi-address 192.168.1.1 
                    no shutdown
                exit 
                local-dhcp-server ‟craft_dhcp_server”
                sap 1/3/2 create
                exit
----------------------------------------------

See the Wavence MPT Craft Terminal User Manual for Single NE Mode with 7705 SAR for information about using the MCT Launcher.

Configuration Notes

The following describes BOF configuration guidelines and restrictions.

  • For router initialization on devices with a removable compact flash, the compact flash card must be installed in the compact flash slot.

  • The loading sequence is based on the order in which it is placed in the configuration file (not based on service ID, for example) and it is loaded as it is read in at boot time.

BOF Configuration Overview

The 7705 SAR routers do not contain a boot EEPROM. The boot loader code is loaded from the boot.ldr file. The BOF file performs the following tasks:

  1. Sets up the CSM Management port (speed, duplex, auto)

  2. Assigns the IP address for the CSM Management port

  3. Creates static routes for the CSM Management port

  4. Sets the console port speed

  5. Configures the Domain Name System (DNS) name and DNS servers

  6. Configures the primary, secondary, tertiary configuration source

  7. Configures the primary, secondary, and tertiary image source

  8. Configures operational parameters

    Note: The CSM Management port is referred to as the CPM Management port in the CLI to align with the CLI syntax used with other SR products.

Basic BOF Configuration

The parameters that specify the location of the image filename that the router tries to boot from and the configuration file are in the BOF.

The most basic BOF configuration should have the following:

  • primary address

  • primary image location

  • primary configuration location

The following displays an example of a basic BOF configuration.

A:ALU-1# show bof
===============================================================================
BOF (Memory)
===============================================================================
    primary-image    ftp://*:*@xxx.xxx.xxx.xx/home/csahwreg17/images/both.tim
    primary-config   ftp://*:*@ xxx.xxx.xxx.xx /home/csahwreg17/images/dut-a.cfg
    address          xxx.xxx.xxx.xx /24 active
    address          xxx.xxx.xxx.xx /24 standby
    primary-dns      xxx.xxx.xxx.xx
    dns-domain       labs.ca.alcatel-lucent.com
    static-route     xxx.xxx.0.0/16 next-hop xxx.xxx.xxx.x
    autonegotiate
    duplex           full
    speed            100
    wait             3
    persist          off  
    FIPS-140-2         
    console-speed    115200
===============================================================================
A:ALU-1#

Configuring BOF Parameters

Use the CLI syntax displayed below to configure BOF parameters:

CLI Syntax:
bof 
    address ip-prefix/ip-prefix-length [active | standby]
    auto-discover
    autonegotiate
    console-speed baud-rate
    dns-domain dns-name
    duplex {full | half}
    encrypt {on | off}
    encryption-key key
    fips-140-2
    password password
    persist {on | off}
    primary-config file-url
    primary-dns ip-address
    primary-image file-url
    save [cflash-id]
    secondary-config file-url
    secondary-dns ip-address
    secondary-image file-url
    speed speed
    static-route ip-prefix/ip-prefix-length next-hop ip-address
    tertiary-config file-url
    tertiary-dns ip-address
    tertiary-image file-url
    wait seconds

The following example displays BOF command usage:

Example:
ALU-1# bof
ALU-1>bof# address 10.10.10.103/8 active
ALU-1>bof# dns-domain ca.alcatel.com
ALU-1>bof# duplex full
ALU-1>bof# encrypt on
ALU-1>bof# encryption-key hashed
ALU-1>bof# fips-140-2
ALU-1>bof# password hashed
ALU-1>bof# persist on
ALU-1>bof# wait 3
ALU-1>bof# primary-image cf3:\TIMOS.5.0.R0
ALU-1>bof# primary-config cf3:\test123.cfg
ALU-1>bof# primary-dns 10.10.10.103
ALU-1>bof# save cf3:
A:ALU-1# show bof
===============================================================================
BOF (Memory)
===============================================================================
    primary-image    ftp://*:*@192.168.192.64/cephwreg10/images/both.tim
    primary-config   ftp://*:*@192.168.192.64/cephwreg10/images/dut-a.cfg
    encryption-key   *
    password         *
    address          xxx.xxx.xxx.xx /24 active
    primary-dns      138.120.252.55
    secondary-dns    138.120.252.48
    tertiary-dns     138.120.252.49
    dns-domain       labs.ca.alcatel-lucent.com
    static-route     135.121.0.0/16 next-hop 192.168.192.63
    static-route     138.120.0.0/16 next-hop 192.168.192.63
    static-route     152.148.0.0/16 next-hop 192.168.192.63
    autonegotiate
    duplex           full
    speed            100
    wait             4
    persist          off  
    no fips-140-2         
    console-speed    115200
    encrypt          on
===============================================================================
A:ALU-1#

Configuring BOF Encryption

Use the following CLI syntax to enable encryption of the BOF (bof.cfg) using the AES-256-CBC cipher algorithm.

CLI Syntax:
bof
    encrypt {on | off} 

After the BOF is encrypted, it can still be modified using the BOF interactive menu. Access to the BOF interactive menu is controlled using a password.

Use the following syntax to set the interactive menu password.

CLI Syntax:
bof
    password password [hash | hash2]

The password can be in one of the following formats:

  • a plaintext string between 8 and 32 characters; the plaintext string cannot contain embedded nulls or end with ‟hash” or ‟hash2”

  • a hashed string between 1 and 64 characters; the selected hashing scheme can be hash or hash2

    Note: The hash2 encryption scheme is node-specific and the password cannot be transferred between nodes.

After the password is set, editing of the BOF during a boot process is allowed only if the password is entered correctly (the boot process can be interrupted in order to make BOF changes). If the password is not entered correctly within 30 s, the node reboots whether the BOF is encrypted or not. This adds an additional layer of security that ensures that the BOF is not exposed to any unauthorized user. After the system is booted, changes can be made to the BOF without entering the password.

Note: After BOF encryption is configured, use the bof save command to save the encrypted file.

Configuration File Encryption

Use the following syntax to set the configuration file encryption key using the AES-256-CBC cipher algorithm. This key is used for all configuration files (primary, secondary, and tertiary).

CLI Syntax:
bof
    encryption-key key [hash | hash2]

The encryption key can be in one of the following formats:

  • a plaintext string between 8 and 32 characters; the plaintext string cannot contain embedded nulls or end with ‟hash” or ‟hash2”

  • a hashed string between 1 and 64 characters; the selected hashing scheme can be hash or hash2

Note:
  • The hash2 encryption scheme is node-specific and the key cannot be transferred between nodes.

  • After creating the encryption key, use the admin save command to save the encrypted configuration file.

  • If the admin rollback save command is used, the rollback files are also encrypted.

  • When an encrypted configuration file is opened in a text editor, editing or viewing the file contents is not possible, as the entire file is encrypted.

Service Management Tasks

This section describes system administration commands.

System Administration Commands

Use the following administrative commands to perform management tasks.

CLI Syntax:
admin
    display-config
    reboot [active | standby | upgrade] [now]
    save [file-url] [detail] [index]

Viewing the Current Configuration

Use the following CLI command to display the current configuration. The detail option displays all default values. The index option displays only the persistent indexes.

CLI Syntax:
admin display-config [detail |index]

The following displays an example of a configuration file:

A:ALU-1# admin display-config
# TiMOS-B-0.0.R3 both/hops NOKIA SAR 7705 
# Copyright (c) 2018 Nokia. 
# All rights reserved. All use subject to applicable license agreements.
# Built on Wed Jan 17 01:05:13 EST 2016 by csabuild in /re8.0/I297/panos/main

# Generated THU JAN 18 21:21:21 2018 UTC

exit all
configure
#--------------------------------------------------
echo "System Configuration"
#--------------------------------------------------
    system
        name "ALU-1"
exit
        login-control
            idle-timeout disable
            pre-login-message "CSAxxx - 7705" name
        exit
        time
            sntp
                server-address 192.0.2.37 preferred
                server-address 192.0.2.200
                no shutdown
            exit
            zone EST
        exit
        thresholds
            rmon
            exit
        exit
    exit
#--------------------------------------------------
echo "System Security Configuration"
#--------------------------------------------------
    system
        security 
            telnet-server
            ftp-server
            snmp
    exit
...exit all

# Finished THU JAN 17 21:57:11 2016 UTC
A:ALU-1# 

Modifying or Deleting BOF Parameters

You can modify or delete BOF parameters. The no form of these commands removes the parameter from configuration. The changes remain in effect only during the current power cycle unless a save command is executed. Changes are lost if the system is powered down or the router is rebooted without saving.

Caution: All BOF parameters can be configured, modified, or deleted locally through a console session or remotely using Telnet or SSH. However, when modifying or deleting the BOF address, the following behaviors must be considered:
  • If you have a dual IPv4/IPv6 BOF address configuration and you are running a Telnet IPv6 session or an SSH session, changing or deleting the active IPv4 address will not affect the session.

  • If you have a dual IPv4/IPv6 BOF address configuration and you are running a Telnet IPv4 session or an SSH session, changing or deleting the active IPv6 address will not affect the session.

  • If you have a dual IPv4/IPv6 BOF address configuration and you change or delete the active IP address that is the same version as the session (for example, you delete the active IPv4 address while running a Telnet IPv4 session), the session will hang once the change executes, and CLI access will be lost. You can either close the session (if possible) or wait until it times out. You must start a new session, using the new or existing active BOF address, to regain CLI access.

  • If there is only one active BOF address on the port (that is, not the dual IPv4/IPv6 configuration), and it is deleted through a Telnet or SSH session, the session will hang and CLI access will be lost. You must use a directly connected console session to create a new BOF address. It is strongly recommended that you do not delete a single active BOF address through Telnet or SSH.

Use the following CLI syntax to remove BOF configuration parameters:

CLI Syntax:
bof
    save [cflash-id]
Example:
ALU-1# bof
ALU-1>bof# save cf3:
ALU-1>bof# 
bof# 
 no address ip-prefix/ip-prefix-length [active | standby]
 no autonegotiate
 no console-speed
 no dns-domain
 encrypt off
 no encryption-key
 no password
 no primary-config 
 no primary-dns
 no primary-image 
 no secondary-config 
 no secondary-dns
 no secondary-image 
 no static-route ip-prefix/ip-prefix-length next-hop ip-address
 no tertiary-config 
 no tertiary-dns
 no tertiary-image 

Saving a Configuration

If you modify a configuration file, the changes remain in effect only during the current power cycle unless a save command is executed. Changes are lost if the system is powered down or the router is rebooted without saving.

  • Specify the file URL location to save the running configuration. If a destination is not specified, the files are saved to the location where the files were found for that boot sequence. The same configuration can be saved with different filenames to the same location or to different locations.

  • The detail option adds the default parameters to the saved configuration.

  • The index option forces a save of the index file.

Use either of the following CLI syntaxes to save a configuration:

CLI Syntax:
bof
    save [cflash-id]
Example:
ALU-1# bof
ALU-1>bof# save cf3:
ALU-1>bof# 
CLI Syntax:
admin save [file-url][detail][index]
Example:
ALU-1# admin save cf3:\test123.cfg
Saving config.# Saved to cf3:\test123.cfg
... complete
ALU-1#
Note:
  • If the persist option is enabled and the admin save file-url command is executed with an FTP path used as the file-url parameter, two FTP sessions simultaneously open to the FTP server. The FTP server must be configured to allow multiple sessions from the same login; otherwise, the configuration and index files will not be saved correctly.

  • If BOF encryption is on, the contents of the BOF will be encrypted and unreadable when saved.

Saving a Configuration to a Different Filename

Save the current configuration with a unique filename to have additional backup copies and to edit parameters with a text editor. You can save your current configuration to an ASCII file.

Use either of the following CLI syntaxes to save a configuration to a different location:

CLI Syntax:
bof
    save [cflash-id]
Example:
ALU-1# bof
ALU-1>bof# save cf3:
ALU-1>bof# 

or

CLI Syntax:
admin save [file-url][detail][index]
Example:
ALU-1>admin save cf3:\testABC.cfg
Saving config.# Saved to cf3:\testABC.cfg
... complete
ALU-1#

Rebooting

When an admin>reboot command is issued, routers with redundant CSMs are rebooted. Changes are lost unless the configuration is saved. Use the admin>save file-url command to save the current configuration. If no command line options are specified, the user is prompted to confirm the reboot operation.

Use the following CLI syntax to reboot:

CLI Syntax:
admin 
    reboot [active | standby] [now]
Example:
ALU-1>admin# reboot 
A:DutA>admin# reboot 

Are you sure you want to reboot (y/n)? y 

Resetting...OK

Nokia 7705 Boot ROM. Copyright 2016 
Nokia.

All rights reserved. All use is subject to applicable 
license agreements.

....

BOF Command Reference

Command Hierarchies

Configuration Commands

bof
    - [no] address ip-prefix/ip-prefix-length [active | standby]
    - auto-discover [id client-identifier] [vlan vlan-id]
    - no auto-discover
    - [no] autonegotiate
    - console-speed baud-rate
    - no console-speed
    - dns-domain dns-name
    - no dns-domain
    - duplex {full | half}
    - encrypt {on | off}
    - encryption-key key [hash | hash2]
    - no encryption-key
    - [no] fips-140-2 
    - password password [hash | hash2]
    - no password
    - persist {on | off}
    - primary-config file-url 
    - no primary-config
    - primary-dns ip-address
    - no primary-dns
    - primary-image file-url 
    - no primary-image
    - save [cflash-id]
    - secondary-config file-url 
    - no secondary-config
    - secondary-dns ip-address
    - no secondary-dns
    - secondary-image file-url 
    - no secondary-image
    - speed speed
    - [no] static-route ip-prefix/prefix-length next-hop ip-address
    - tertiary-config file-url 
    - no tertiary-config
    - tertiary-dns ip-address
    - no tertiary-dns
    - tertiary-image file-url 
    - no tertiary-image
    - wait seconds

Command Descriptions

Configuration Commands

File Management Commands
bof
Syntax

bof

Context

<root>

Description

This command creates or edits the boot options file (BOF) for the specified local storage device.

A BOF specifies where the system searches for runtime images, configuration files, and other operational parameters during system initialization.

BOF parameters can be modified. Changes can be saved to a specified compact flash. The BOF must be located in the root directory of either an internal or external compact flash local to the system and have the mandatory filename of bof.cfg.

When modifications are made to in-memory parameters that are currently in use or operating, the changes are effective immediately. For example, if the IP address of the CSM Management port is changed, the change takes place immediately.

Only one entry of the BOF configuration command statement can be saved after the statement has been found to be syntactically correct.

When opening an existing BOF that is not the BOF used in the most recent boot, a message is issued notifying the user that the parameters do not affect the operation of the node.

The pound (#) sign is used at the beginning of the File syntax. Using the command file type bof.cfg displays the # character as a comment delimiter at the top of the raw file. No default BOF exists. The router boots with the factory default boot sequence and options.

Default

n/a

encrypt
Syntax

encrypt {on | off}

Context

bof

Description

This command enables or disables encryption of the BOF (bof.cfg) using the AES256 cipher algorithm.

After the BOF is encrypted, it can still be modified using the BOF interactive menu. Access to the BOF interactive menu is controlled by a password set with the password command.

After BOF encryption is configured, use the bof save command to save the encrypted file.

Default

encrypt off

Parameters
on

enables BOF encryption

off

disables BOF encryption

password
Syntax

password password [hash | hash2]

no password

Context

bof

Description

This command configures a password to access the BOF interactive menu at startup.

After the password is configured, the BOF interactive menu is accessible only when the correct password is entered. If the correct password is not entered within 30 s, the node reboots.

The no form of this command removes the configured password.

Default

no password

Parameters
password

specifies the password

If the hash or hash2 parameter is not configured, the password is entered in plaintext and the password length must be between 8 and 32 characters. A plaintext password cannot contain embedded nulls or end with ‟hash” or ‟hash2”.

If the hash or hash2 parameter is configured, the password is hashed and the password length must be between 1 and 64 characters.

hash

specifies that the password is entered in an encrypted form

hash2

specifies that the password is entered in a more complex encrypted form. The hash2 encryption scheme is node-specific and the password cannot be transferred between nodes.

save
Syntax

save [cflash-id]

Context

bof

Description

This command uses the boot option parameters currently in memory and writes them from the BOF to the specified compact flash.

The BOF must be located in the directory of the compact flash drives local to the system and have the mandatory filename of bof.cfg.

The BOF is saved to the compact flash drive associated with the active CSM. The slot name is not case-sensitive. You can use uppercase or lowercase ‟A” or ‟B”.

Command usage:

  • bof save — saves the BOF to the default drive (cf3:) associated with the active CSM (either in slot A or B)

  • bof save cf3: — saves the BOF to cf3: associated with the active CSM (either in slot A or B)

To save the BOF to a compact flash drive associated with the standby CSM (for example, the redundant (standby) CSM is installed in slot B), specify the -A or -B option.

Command usage:

  • bof save cf3-A: — saves the BOF to cf3: associated with the CSM in slot A whether it is active or standby

  • bof save cf3-B: — saves the BOF to cf3: associated with the CSM in slot B whether it is active or standby

The slot name is not case-sensitive. You can use uppercase or lowercase ‟A” or ‟B”.

The bof save and show bof commands allow you to save to or read from the compact flash of the standby CSM. Use the show card command to determine the active and standby CSM (A or B).

Default

saves must be explicitly executed; the BOF is saved to cf3: if a location is not specified

Parameters
cflash-id

the compact flash ID where the bof.cfg is to be saved (see URL Types and Syntax for parameter descriptions and values)

BOF Processing Control Commands
wait
Syntax

wait seconds

Context

bof

Description

This command configures a pause, in seconds, at the start of the boot process, which allows system initialization to be interrupted at the console.

When system initialization is interrupted, the operator is allowed to manually override the parameters defined in the BOF.

Only one wait command can be defined in the BOF.

Default

3

Parameters
seconds

the time to pause at the start of the boot process, in seconds

Values

1 to 10

Console Port Configuration Commands
console-speed
Syntax

console-speed baud-rate

no console-speed

Context

bof

Description

This command configures the console port baud rate.

When this command is issued while editing the BOF file used for the most recent boot, both the BOF file and the active configuration are changed immediately.

The no form of the command reverts to the default value.

Default

115200 — console configured for 115 200 b/s operation

Parameters
baud-rate

the console port baud rate, expressed as a decimal integer

Values

9600, 19200, 38400, 57600, 115200

Image and Configuration Management Commands
encryption-key
Syntax

encryption-key key [hash | hash2]

no encryption-key

Context

bof

Description

This command creates a key for configuration file encryption and hashing using the AES256 cipher algorithm. This key is used for all configuration files (primary, secondary, and tertiary).

After creating the encryption key, use the admin save command to save the encrypted file.

Note: If the admin rollback save command is used, the rollback files are also encrypted.

The no form of this command deletes the configured encryption key.

Default

no encryption-key

Parameters
key

specifies the encryption key

If the hash or hash2 parameter is not configured, the key is entered in plaintext and the key length must be between 8 and 32 characters. A plaintext key cannot contain embedded nulls or end with ‟hash” or ‟hash2”.

If the hash or hash2 parameter is configured, the key is hashed and the key length must be between 1 and 64 characters.

hash

specifies that the key is entered in an encrypted form

hash2

specifies that the key is entered in a more complex encrypted form. The hash2 encryption scheme is node-specific and the key cannot be transferred between nodes.

persist
Syntax

persist {on | off}

Context

bof

Description

This command specifies whether the system preserves system indexes when a save command is executed. During a subsequent boot, the index file is read along with the configuration file. As a result, a number of system indexes are preserved between reboots, including the interface index, LSP IDs, and path IDs. This reduces resynchronizations of the Network Management System (NMS) with the affected network element.

If persist is on and the reboot with the appropriate index file fails, SNMP is operationally shut down to prevent the management system from accessing and possibly synchronizing with a partially booted or incomplete network element. To enable SNMP access, enter the config>system>snmp>no shutdowncommand.

If persist is enabled and the admin save <url> command is executed with an FTP path used as the <url> parameter, two FTP sessions simultaneously open to the FTP server. The FTP server must be configured to allow multiple sessions from the same login; otherwise, the configuration and index files are not saved correctly.

Note:
  • Persistency files (.pst) should not be saved on the same disk as the configuration files and the image files.

  • When an operator sets the location for the persistency file, the system checks to ensure that the disk has enough free space. If there is not enough free space, the persistency does not become active and a trap is generated. The operator must free up adequate disk space before persistency becomes active. The system performs a space availability check every 30 seconds. As soon as the space is available the persistency becomes active on the next 30-second check.

Default

off

Parameters
on

preserves the system index when saving the configuration

off

disables the system index saves between reboots

primary-config
Syntax

primary-config file-url

no primary-config

Context

bof

Description

This command specifies the name and location of the primary configuration file.

The system attempts to use the configuration specified in primary-config. If the specified file cannot be located, the system automatically attempts to obtain the configuration from the location specified in secondary-config and then in tertiary-config.

If an error in the configuration file is encountered, the boot process aborts.

The no form of the command removes the primary-config configuration.

Default

n/a

Parameters
file-url

the primary configuration file location (see URL Types and Syntax for parameter descriptions)

primary-image
Syntax

primary-image file-url

no primary image

Context

bof

Description

This command specifies the primary directory location for runtime image file loading.

The system attempts to load all runtime image files configured in the primary-image first. If this fails, the system attempts to load the runtime images from the location configured in the secondary-image. If the secondary image load fails, the tertiary image specified in tertiary-image is used.

The no form of the command removes the primary-image configuration.

Default

n/a

Parameters
file-url

the location-url can either be local (this CSM) or a remote FTP server (see URL Types and Syntax for parameter descriptions)

secondary-config
Syntax

secondary-config file-url

no secondary-config

Context

bof

Description

This command specifies the name and location of the secondary configuration file.

The system attempts to use the configuration as specified in secondary-config if the primary config cannot be located. If the secondary-config file cannot be located, the system attempts to obtain the configuration from the location specified in the tertiary-config.

If an error in the configuration file is encountered, the boot process aborts.

The no form of the command removes the secondary-config configuration.

Default

n/a

Parameters
file-url

the secondary configuration file location (see URL Types and Syntax for parameter descriptions)

secondary-image
Syntax

secondary-image file-url

no secondary-image

Context

bof

Description

This command specifies the secondary directory location for runtime image file loading.

The system attempts to load all runtime image files configured in the primary-image first. If this fails, the system attempts to load the runtime images from the location configured in the secondary-image. If the secondary image load fails, the tertiary image specified in tertiary-image is used.

The no form of the command removes the secondary-image configuration.

Default

n/a

Parameters
file-url

the file-url can either be local (this CSM) or a remote FTP server (see URL Types and Syntax for parameter descriptions)

tertiary-config
Syntax

tertiary-config file-url

no tertiary-config

Context

bof

Description

This command specifies the name and location of the tertiary configuration file.

The system attempts to use the configuration specified in tertiary-config if both the primary and secondary config files cannot be located. If this file cannot be located, the system boots with the factory default configuration.

If an error in the configuration file is encountered, the boot process aborts.

The no form of the command removes the tertiary-config configuration.

Default

n/a

Parameters
file-url

the tertiary configuration file location (see URL Types and Syntax for parameter descriptions)

tertiary-image
Syntax

tertiary-image file-url

no tertiary-image

Context

bof

Description

This command specifies the tertiary directory location for runtime image file loading.

The system attempts to load all runtime image files configured in the primary-image first. If this fails, the system attempts to load the runtime images from the location configured in the secondary-image. If the secondary image load fails, the tertiary image specified in tertiary-image is used.

All runtime image files (both.tim) must be located in the same directory.

The no form of the command removes the tertiary-image configuration.

Default

n/a

Parameters
file-url

the file-url can either be local (this CSM) or a remote FTP server (see URL Types and Syntax for parameter descriptions)

CSM Management Configuration Commands
address
Syntax

[no] address ip-prefix/ip-prefix-length [active | standby]

Context

bof

Description

This command assigns an IP address to the CSM Management port in the running configuration and the BOF on the active CSM, or the CSM Management port on the standby CSM for systems using redundant CSMs.

Either an IPv4 or IPv6 address can be assigned to the CSM Management port. If an address already exists, it is overwritten with the new address. If no address exists, a new one is created.

Before changing an active IPv4 or IPv6 address, you must ensure that:

  • all static routes are removed

  • the standby address is removed; address changes are not allowed unless both addresses are on the same subnet

In previous releases, if an IPv6 address was assigned to the CSM Management port, an IPv4 address was also required on the port. This setup is no longer required; therefore, for configurations with both IPv4 and IPv6 addresses, the IPv4 address can be deleted from the BOF.

The no form of the command deletes the IP address from the CSM Management port.

If you delete an active IPv4 address from the BOF, or you replace an IPv4 address with an IPv6 address, the following must be considered.

  • IPv4 static routes must be removed before the IPv4 active address can be deleted.

  • If remote directory locations are used for the primary image file (primary-image) and primary configuration file (primary-config), you must also change the primary image and primary configuration paths (as well as the secondary and tertiary image and configuration files) to use IPv6 addresses. Otherwise, when the 7705 SAR reboots, it tries to load the image using IPv4, which causes continuous reboots.

  • If a primary DNS server is configured (primary-dns), the server address must be changed to an IPv6 address in order for it to be reachable.

If the IPv4 address is removed before any Telnet sessions can be established, Telnet IPv6 servers must be enabled using the config>system>security>telnet6-server command. See the 7705 SAR System Management Guide for the command description.

Caution:
  • If you have a dual IPv4/IPv6 BOF address configuration and you are running a Telnet IPv6 session or an SSH session, changing or deleting the active IPv4 address does not affect the session.

  • If you have a dual IPv4/IPv6 BOF address configuration and you are running a Telnet IPv4 session or an SSH session, changing or deleting the active IPv6 address does not affect the session.

  • If you have a dual IPv4/IPv6 BOF address configuration and you change or delete the active IP address that is the same version as the session (for example, you delete the active IPv4 address while running a Telnet IPv4 session), the session hangs after the change executes, and CLI access is lost. You can either close the session (if possible) or wait until it times out. You must start a new session, using the new or existing active BOF address, to regain CLI access.

  • If there is only one active BOF address on the port (that is, not the dual IPv4/IPv6 configuration), and it is deleted through a Telnet or SSH session, the session hangs and CLI access is lost. You must use a directly connected console session to create a new BOF address. It is strongly recommended that you do not delete a single active BOF address through Telnet or SSH.

Default

no address — there are no IP addresses assigned to CSM Management ports

Parameters
ip-prefix/ip-prefix-length

the IP address for the CSM Management port

active | standby

specifies which CSM Management port address is being configured: the active CSM Management port or the standby CSM Management port

Default

active

auto-discover
Syntax

auto-discover [id client-identifier][vlan vlan-id]

no auto-discover

Context

bof

Description

This command enables ADP as part of the boot-up sequence by adding an ADP keyword to the BOF file. ADP runs the next time the chassis is rebooted. You can also use this command to specify an optional unique identifier to use in the automatic discovery broadcast. You can use any unique identifier of up to 16 characters. If you specify mac, the chassis MAC address is used. If you run ADP with 802.1q encapsulation, you can specify the VLAN ID.

Parameters
client-identifier

indicates the unique system identifier to use in the auto-discovery broadcast. If you use MAC as the client identifier, the chassis MAC address is used.

Values

any combination of up to 16 alphanumeric characters with no spaces

vlan-id

indicates the VLAN ID for ADP with 802.1q encapsulation

Values

0 to 4094

autonegotiate
Syntax

[no] autonegotiate

Context

bof

Description

This command enables speed and duplex autonegotiation on the CSM Management port in the running configuration and the BOF.

When autonegotiation is enabled, the link attempts to automatically negotiate the link speed and duplex parameters. If autonegotiation is enabled, then the configured duplex and speed parameters are ignored.

The no form of the command disables the autonegotiate feature on this port.

Default

autonegotiate

duplex
Syntax

duplex {full | half}

Context

bof

Description

This command configures the duplex mode of the CSM Management port when autonegotiation is disabled in the running configuration and the BOF.

This configuration command allows for the configuration of the duplex mode of the CSM Management port. If the port is configured to autonegotiate, this parameter is ignored.

Default

duplex full — full duplex operation

Parameters
full

sets the link to full duplex mode

half

sets the link to half duplex mode

fips-140-2
Syntax

[no]fips-140-2

Context

bof

Description

This command is used to enable the node to support security level 1 of Federal Information Processing Standards 140 series, version 2 (FIPS-140-2). This mode limits the use of cryptographic algorithms on both the CSM and data plane to only those that are in accordance with FIPS-140-2. The node must be rebooted after executing this command in order for the node to begin operating in FIPS-140-2 mode.

Caution: Before using this command, the operator must ensure that no current configuration exists in the configuration file that is not supported in FIPS-140-2 mode. Failing to remove unsupported configurations results in the node being unable to boot up.

The no form of the command disables support for security level 1 of FIPS-140-2 on the node.

Default

no fips-140-2

speed
Syntax

speed speed

Context

bof

Description

This command configures the speed for the CSM Management port when autonegotiation is disabled in the running configuration and the BOF.

If the port is configured to autonegotiate, this parameter is ignored.

Default

100 — 100 Mb/s operation

Parameters
speed

the link speed, in Mb/s

Values

10, 100, 1000

static-route
Syntax

[no] static-route ip-prefix/prefix-length next-hop ip-address

Context

bof

Description

This command creates a static route entry for the CSM Management port in the running configuration and the BOF.

This command allows manual configuration of static routing table entries. These static routes are only used by traffic generated by the CSM Management port. To reduce configuration, manual address aggregation should be applied where possible.

A static default route (0.0.0.0/0) cannot be configured on the CSM Management port. A maximum of 10 IPv4 and 10 IPv6 static routes can be configured on the CSM Management port.

Each unique next hop of active static routes configured on both the active and standby CSM Management ports are tested every 60 seconds. If the next hop is unreachable, an alarm is raised. The alarm condition is cleared when the preferred static route becomes reachable.

The no form of the command deletes the static route.

Default

n/a

Parameters
ip-prefix/prefix-length

the destination address requiring the static route

next-hop ip-address

the next hop IP address used to reach the destination

DNS Configuration Commands
dns-domain
Syntax

dns-domain dns-name

no dns-domain

Context

bof

Description

This command configures the domain name used when performing DNS address resolution.

This is a required parameter if DNS address resolution is required. Only a single domain name can be configured. If multiple domain statements are configured, the last one encountered is used.

The no form of the command removes the domain name from the configuration.

Default

no dns-domain — no DNS domain name is configured

Parameters
dns-name

the DNS domain name

primary-dns
Syntax

primary-dns ip-address

no primary-dns

Context

bof

Description

This command configures the primary DNS server used for DNS name resolution.

DNS name resolution can be used when executing ping, traceroute, and service-ping, and also when defining file URLs. DNS name resolution is not supported when DNS names are embedded in configuration files.

The no form of the command removes the primary DNS server from the configuration.

Default

no primary-dns — no primary DNS server is configured

Parameters
ip-address

the IP address of the primary DNS server

secondary-dns
Syntax

secondary-dns ip-address

no secondary-dns

Context

bof

Description

This command configures the secondary DNS server for DNS name resolution.

The secondary DNS server is used only if the primary DNS server does not respond.

DNS name resolution can be used when executing ping, traceroute, and service-ping, and also when defining file URLs. DNS name resolution is not supported when DNS names are embedded in configuration files.

The no form of the command removes the secondary DNS server from the configuration.

Default

no secondary-dns — no secondary DNS server is configured

Parameters
ip-address

the IP address of the secondary DNS server

tertiary-dns
Syntax

tertiary-dns ip-address

no tertiary-dns

Context

bof

Description

This command configures the tertiary DNS server for DNS name resolution.

The tertiary DNS server is used only if the primary DNS server and the secondary DNS server do not respond.

DNS name resolution can be used when executing ping, traceroute, and service-ping, and also when defining file URLs. DNS name resolution is not supported when DNS names are embedded in configuration files.

The no form of the command removes the tertiary DNS server from the configuration.

Default

no tertiary-dns — no tertiary DNS server is configured

Parameters
ip-address

the IP address of the tertiary DNS server

Show Commands

Note: The following command outputs are examples only; actual displays may differ depending on supported functionality and user configuration.
bof
Syntax

bof [cflash-id | booted]

Context

show

Description

This command displays the BOF executed on the last system boot or on the specified device.

If no device is specified, the BOF used in the last system boot displays. If the BOF has been modified since the system boot, a message displays.

Parameters
cflash-id

the cflash directory name. The slot name is not case-sensitive. Use uppercase or lowercase ‟A” or ‟B” for the slot name.

Values

see URL Types and Syntax for parameter descriptions and values

booted

displays the BOF used to boot the system

Output

The following outputs are examples of BOF information, and BOF Field Descriptions describes the fields.

Output Example
A:ALU-1# show bof cf3:
===============================================================================
BOF on CF3:
===============================================================================
    primary-image    ftp://*:*@192.168.192.64/cephwreg10/images/both.tim
    primary-config   ftp://*:*@192.168.192.64/cephwreg10/images/dut-a.cfg
    encryption-key   *
    password         *
    address          xxx.xxx.xxx.xx /24 active
    primary-dns      138.120.252.55
    secondary-dns    138.120.252.48
    tertiary-dns     138.120.252.49
    dns-domain       labs.ca.alcatel-lucent.com
    static-route     135.121.0.0/16 next-hop 192.168.192.63
    static-route     138.120.0.0/16 next-hop 192.168.192.63
    static-route     152.148.0.0/16 next-hop 192.168.192.63
    autonegotiate
    duplex           full
    speed            100
    wait             4
    persist          off  
    no fips-140-2         
    console-speed    115200
    encrypt          on
===============================================================================
A:ALU-1#
A:ALU-1# show bof booted
===============================================================================
System booted with BOF
===============================================================================
    primary-image    ftp://*:*@192.168.192.64/cephwreg10/images/both.tim
    primary-config   ftp://*:*@192.168.192.64/cephwreg10/images/dut-a.cfg
    encryption-key   *
    password         *
    address          xxx.xxx.xxx.xx /24 active
    primary-dns      138.120.252.55
    secondary-dns    138.120.252.48
    tertiary-dns     138.120.252.49
    dns-domain       labs.ca.alcatel-lucent.com
    static-route     135.121.0.0/16 next-hop 192.168.192.63
    static-route     138.120.0.0/16 next-hop 192.168.192.63
    static-route     152.148.0.0/16 next-hop 192.168.192.63
    autonegotiate
    duplex           full
    speed            100
    wait             4
    persist          off  
    no fips-140-2         
    console-speed    115200
    encrypt          on
===============================================================================
A:ALU-1#
Table 7. BOF Field Descriptions

Label

Description

primary-image

The primary location of the directory that contains the runtime images of the CSM

primary-config

The primary location of the file that contains the configuration

encryption-key

The encrypted encryption key

password

The encrypted password

address

The IP address and mask associated with the CSM Management port or the secondary CSM Management port

primary-dns

The primary DNS server for resolution of hostnames to IP addresses

secondary-dns

The secondary DNS server for resolution of hostnames to IP addresses

tertiary-dns

The tertiary DNS server for resolution of hostnames to IP addresses

dns-domain

The domain name used when performing DNS address resolution

static-route

The static route entry for the CSM Management port in the running configuration and the BOF

autonegotiate

no autonegotiate — autonegotiate is not enabled

autonegotiate — autonegotiate is enabled

duplex

half — specifies that the system uses half duplex

full — specifies that the system uses full duplex

speed

The speed of the CSM Ethernet interface

wait

The time configured for the boot to pause while waiting for console input

persist

Indicates whether the system preserves system indexes when a save command is executed

fips-140-2

Indicates whether FIPS-140-2 is enabled on the node

console speed

The console port baud rate

encrypt

on — BOF encryption is enabled

off — BOF encryption is not enabled

boot-messages
Syntax

boot-messages

Context

show

Description

This command displays boot messages generated during the last system boot.

Output

The following output is an example of boot messages.

Output Example
A:ALU-1# show boot-messages 
===============================================================================
cf3:/bootlog.txt
===============================================================================
Boot log started on CPU#0
  Build: X-2.1.R1 on Tue Apr 1 16:25:56 EDT 2016 by csabuild

Total Memory: 992MB  Chassis Type: sar8  Card Type: corona_r1
TiMOS-L-2.1.R1 boot/hops NOKIA SAR 7705
Copyright (c) 2016 Nokia.
All rights reserved. All use subject to applicable license agreements.
Built on Wed Apr 9 09:36:02 EDT 2016 by csabuild in /rel2.0/b1/R1/panos/main

TiMOS BOOT LOADER
Time from clock is FRI APR 11 13:31:16 2016 UTC
Switching serial output to sync mode...
Total Memory: 992MB  Chassis Type: sar8  Card Type: corona_r1

TiMOS-B-2.1.R1 both/hops NOKIA SAR 7705
Copyright (c) 2016 Nokia.
All rights reserved. All use subject to applicable license agreements.
Built on Wed Apr 9 09:53:01 EDT 2016 by csabuild in /rel2.0/b1/R1/panos/main

   ___                    ___           ___           ___
  /\  \                  /\__\         /\  \         /\  \
  \:\  \        ___     /::|  |       /::\  \       /::\  \
   \:\  \      /\__\   /:|:|  |      /:/\:\  \     /:/\ \  \
   /::\  \    _\/__/  /:/|:|__|__   /:/  \:\  \   _\:\~\ \  \
  /:/\:\__\  /\__\   /:/ |::::\__\ /:/__/ \:\__\ /\ \:\ \ \__\
 /:/  \/__/ /:/  /   \/__/~~/:/  / \:\  \ /:/  / \:\ \:\ \/__/
/:/  /     /:/  /          /:/  /   \:\  /:/  /   \:\ \:\__\
\/__/      \/__/          /:/  /     \:\/:/  /     \:\/:/  /
                         /:/  /       \::/  /       \::/  /
                         \/__/         \/__/         \/__/

Time from clock is FRI APR 11 13:31:57 2016 UTC
Initial DNS resolving preference is ipv4-only

CRITICAL: CLI #1001 Cannot locate the configuration file -
Using default configuration values.

MAJOR: CLI #1008 The SNMP daemon is disabled.  To enable SNMP, execute the comma
nd 'config>system>snmp no shutdown'.
TiMOS-B-2.1.R1 both/hops NOKIA SAR 7705
Copyright (c) 2016 Nokia.
All rights reserved. All use subject to applicable license agreements.
Built on Wed Apr 9 09:53:01 EDT 2016 by csabuild in /rel2.0/b1/R1/panos/main


Login: 
===============================================================================
cf3:/bootlog_prev.txt
===============================================================================
Boot log started on CPU#0
  Build: X-2.1.R1 on Tue Apr 1 16:25:56 EDT 2016 by csabuild

Total Memory: 992MB  Chassis Type: sar8  Card Type: corona_r1
TiMOS-L-2.1.R1 boot/hops NOKIA SAR 7705
Copyright (c) 2016 Nokia.
All rights reserved. All use subject to applicable license agreements.
Built on Wed Apr 9 09:36:02 EDT 2016 by csabuild in /rel2.0/b1/R1/panos/main

TiMOS BOOT LOADER
Time from clock is FRI APR 11 13:30:38 2016 UTC
Switching serial output to sync mode...

reboot
===============================================================================