XSCF and telnet 2

[KenCunningham]

Hi folks. My first time setting up XSCF for remote access via telnet or ssh. My reading of the docs suggest I need an IP address for DSCP and one for the XSCF LAN interface as well. Is that other folks' experience too?

The internet - allowing those who don't know what they're talking about to have their say.

 

[djr111]

hmm,

the short answer is yes, you need an IP.

We have the M4000 running here.

For the DSCP, you need a non-routable IP address, it really never leaves the XSCF, it is the life link from what I have been told.

I had my network team assign a non-routable subnet so I could do this.

you need a non routable for the dscp, xscf

you then need your routable address to connect to the xscf remotely.

non-routable:
setup dscp network:
 setdscp -i 192.124.67.0 -m 255.255.255.0

specify IP of XSCF:
setdscp - 192.124.67.1 

Specify IP of Domain 0
setdscp -d 0 -i 192.124.67.2


routable:
setroute -c add -n 0.0.0.0 -g 145.43.23.50  xscf#0-lan#0

applynetwork


There are more steps you need to take, these are just some of them. don't forget to enable ssh, by default it is disabled.

enable ssh

rebootxscf

I have it so when I configure a new xscf, it just takes a few minutes, cut and paste with new ip's.



David

 

[KenCunningham]

Thanks David, have a star!

The internet - allowing those who don't know what they're talking about to have their say.

 

[KenCunningham]

Still trying, and totally failing, to get to grips with this rubbish. I am using two IPs in the same range but getting absolutely nowhere. Why do Sun/Oracle find it necessary to have such a plethora of backend things (LOM, ALOM etc etc) to contend with?

Any more advice gratefully received.

The internet - allowing those who don't know what they're talking about to have their say.

 

[djr111]

no worries,

can you post what you are entering line by line?

I can send you every step I do to configure the xscf's after I get out of my meeting in a few hours.

I know what you mean about all these different loms, I had a few choice words the first time I did it, but once you get it, it is easy to redo.

by the way, you did get the stupid procedure done they make you do to get to the xscf in the first place, you know the procedure with the key switch.

David

 

[KenCunningham]

Hi David, and thanks, that would be useful. Sorry for the mini rant earlier - I don't like starting my days with a dismal failure! Basically I was following the procedure outlined at

http://jackhammer.org/node/14

replacing as appropriate with my own information.

The internet - allowing those who don't know what they're talking about to have their say.

 

[djr111]

That's funny, almost 2 years ago when I configured my first m4000's xscf, I was scouring the internet just like you and came across the same web site. Like you, it was of no good to me. The power of google, good or bad.


Beside doing the first step which is geting into the xscf via the default username, here is every step I do. keep in mind there are different ways to setup networking depending on your network infrastructure, hopefully this will work word for word for you.


The names and faces have been change to protect the innocent...

you will see notes as I go EG: [note:1] at the bottom there will be more info on the syntax provided.


=====
Add User:

1) adduser mickeymouse
2) password mickeymouse
3) setpriveldges mickeymouse userasdm platadm

Configure Network:

1) setnetwork xscf#0 -m 255.255.255.0 156.45.54.99  [note:1]
2) setdscp -i 194.12.10.0 -m 255.255.255.0 [note:2]   
3) setdscp -s -i 194.12.10.1 [note:3]
4) setdscp -d 0 -i 194.12.10.2 [note:4]
5) sethostname xscf#0 scf0-grumpy [note:5]
6) sethostname -d sun.com [note:6]
7) setroute -c add -n 0.0.0.0 -g 156.45.54.1 [note:7]
8) setnameserver 193.54.67.76 146.89.45.9 [note:8]
9) applynetwork
10) rebootxscf [note:14]

Set ntp, enable ssh/https and other good stuff:

1) setntp -c add 145.76.78.2 145.76.98.4 [note:9]
2) setssh -c enable
3) setssh -c genhostkey [note:10]
4) setautologout -s 90 [note:11]
5) sethttps -c enable [note:12]
6) sethttps -c selfsign companynamehere scf0-grumpy.sun.com david@yahoo.com  [note:13]
7) rebootxscf  [note:14]

note:1 - this IP address is the address you will use to get to the xscf remotely

note:2 - this is a non-routable subnet

note:3 - this is an IP assigned from the non-routable subnet, this is the internal IP used for the XSCF.

note:4 - This uses an IP from the non-routable subnet, this is used to setup communication between the domain and the xscf. If you are going to have more than one domain, you would need to replicate as necessary. we only use one domain.

note:5 - grumpy is my fictitious hostname, this is not the same name as your server. it can be based off the server name if you like.

note:6 - Assign a domain (maybe I should of put oracle.com)

note:7 This adds your netmask and your gateway. Don't ask me why it is 0's for netmask, don't know. It is just what they configured it to be.

note:8 Dns name servers

note:9 - we are using are name servers to set this. I do not remember why I used those. Those are not our ntp servers, I'm not sure if I had a reason, it works though.

note:10 - generates a hostkey that will be used later.

note:11 - modifies the default logout time, it may be good to change it to the max which is 255 while your are configuring everything. the number is minutes I believe.

note:12 - enable https for web based gui (

https://156.45.54.99

or

https://grumpy.sun.com)

note:13 - this is to create a selfsign certificate. I opted for this instead of importing a cert.

note:14 - reboot is required for some of the changes made to take affect.


Well this is everything I do initially to get the XSCF functional. Once you have it functional you can tweak/set other things as needed.

I hope this helps.

David

 

[KenCunningham]

David - thanks, I will give this a go on Monday. i wish I had the ability to add another star, but perhaps some kind person would do the honours on my behalf? I wonder whether you've considered adding this a a FAQ? Thanks again.

The internet - allowing those who don't know what they're talking about to have their say.

 

[KenCunningham]

Thank you anonymous star-donator!

The internet - allowing those who don't know what they're talking about to have their say.

 

[KenCunningham]

After all this, it turne out that a dodgy cable in one of the cabinets was to blame!

Still - a good learning experience anyway.

The internet - allowing those who don't know what they're talking about to have their say.

 

[djr111]

im glad you got it working, It stinks when it is the little things like a cable that can mess you up.

David