Technical Guide

Getting Started with AlliedWare Plus

Feature Overview and Configuration Guide

Introduction
This guide introduces a number of commonly-used management features of the AlliedWare PlusTM
Operating System (OS).

Products and software version that apply to this guide

This guide applies to all AlliedWare Plus products, running version 5.4.4 or later.

However, feature support and implementation varies between products. For more information, see
the following documents:

 The product’s Installation Guide

 The product’s Datasheet

 The product’s Command Reference

These documents are available from the above links on our website at alliedtelesis.com.

Most of this guide applies for versions 5.4.4 onwards, but automatic IP address assignment on
start-up applies from version 5.4.7-0.4 onwards.

C613-22045-00 REV G alliedtelesis.com

 Getting Started with AlliedWare Plus

Contents
Introduction .........................................................................................................................................1
Products and software version that apply to this guide ...............................................................1

Start-up Process .................................................................................................................................4

Unconfigured (factory-new) ..........................................................................................................4
Configured ....................................................................................................................................4
Management interfaces ................................................................................................................4
How the start-up process works ..................................................................................................5

How to Login .......................................................................................................................................6

Login from the console port..........................................................................................................6
Login to a management interface port with SSH..........................................................................8
Login with the web-based firewall GUI .........................................................................................9

How to Work with Command Modes ................................................................................................10

Entering privileged exec commands when in a configuration mode ..........................................14

How to Get Command Help..............................................................................................................14

Viewing a list of valid parameters ...............................................................................................15
Completing keywords .................................................................................................................16
Viewing command error messages.............................................................................................17

How to Change the Configuration.....................................................................................................18

How to see the current configuration .........................................................................................18
Default settings ...........................................................................................................................18
The default configuration ............................................................................................................19
How to change a management interface IP address on the NET MGMT port ...........................21
How to change a management interface IP address on VLAN1 ................................................21

How to Save and Boot from the Current Configuration ....................................................................23

How to save to the default configuration file ..............................................................................23
How to create and use a new configuration file .........................................................................23

How to Undo Settings .......................................................................................................................25

How to use the no parameter .....................................................................................................25
How to use the default parameter .............................................................................................25

Passwords.........................................................................................................................................25
How to Change the Password ....................................................................................................25
How to set strong passwords .....................................................................................................26
How to add and remove users....................................................................................................27
Pre-encrypted passwords...........................................................................................................29

How to View System Information ......................................................................................................30

Viewing overall system information ............................................................................................30

C613-22045-00 REV G Introduction | Page 2

 Getting Started with AlliedWare Plus

Viewing voltage, fan status, power supply, alarm status, and temperature ...............................31
Viewing the serial number...........................................................................................................31

How to Set System Parameters ........................................................................................................32

How to change the Telnet session timeout.................................................................................32
How to name the device .............................................................................................................32
How to display a text banner at login .........................................................................................33

How to Set the Time and Date ..........................................................................................................34

How to show current settings .....................................................................................................34
How to set the time and date .....................................................................................................34
How to set the timezone .............................................................................................................35
How to configure summer-time ..................................................................................................35

How to Enable Secure Mode ............................................................................................................36

What Secure Mode disables.......................................................................................................36
Entering Secure Mode ................................................................................................................36
Leaving Secure Mode .................................................................................................................37

How to Verify the Release File...........................................................................................................38

Verifying the release on subsequent boot-ups ...........................................................................38

How to Work with Files......................................................................................................................39

How to list files............................................................................................................................39
How to display the contents of configuration and text files .......................................................40
How to navigate through the file system ....................................................................................41
How to copy files ........................................................................................................................42
How to use the editor .................................................................................................................44

How to Return to the Factory Defaults..............................................................................................45

How to Upgrade the Firmware ..........................................................................................................47

How to Easily Locate the Device in a Server Room (Find Me) ..........................................................48

How to Filter and Save “show” Command Output ...........................................................................48

Output modifiers .........................................................................................................................49

C613-22045-00 REV G Introduction | Page 3

 Getting Started with AlliedWare Plus

Start-up Process
From software version 5.4.7-0.4 onwards, unconfigured devices automatically receive a
management IP address on start-up. When your device is started without any configuration, IPv4
and IPv6 addresses are automatically applied to the Ethernet-based management interface.

Your device must be factory new or unconfigured for automatic address assignment to occur.
This means you can use SSH to manage your device remotely instead of locally.

Unconfigured (factory-new)

If your device is factory new it is considered unconfigured because none of the following
configuration files exist in the root directory of external media:

 .config

 .config_backup

 .cfg files

 User created folders

Configured
Otherwise your device is considered configured. Your device may have an existing configuration
or it could have been pre-configured (for example, Firewalls are pre-configured). You can use the
command erase factory-default if you want to manually return it to an unconfigured state, so
that automatic address assignment can occur.

For more information about erasing the factory default, see How to Return to the Factory
Defaults.

Management interfaces
The management interface depends on the interface ports available on your device.

Table 1: Management Interfaces

SWITCH SWITCH OR FIREWALL FIREWALL WITH NO SWITCHPORTS

eth0 labelled NET MGMT vlan1 if there is no NET MGMT the first eth port to go link-up, for
example the AR2010V

C613-22045-00 REV G Start-up Process | Page 4

 Getting Started with AlliedWare Plus

How the start-up process works

The following sequence of events occur after the management interface comes up on a factory-
new (unconfigured) device:

 Nothing happens until the management interface goes link-up.

 If the management interface is vlan1, then your device waits until vlan1 has gone into a STP
forwarding state.

 Telnet is automatically disabled and the SSH server is enabled.

 Loop Protection is enabled on devices that support it. Some devices (e.g. AR-Series Firewalls)
do not support Loop Protection, so will not include the loop-protection configuration.

 DHCP and DHCPv6 clients are enabled and their processes started.

 An IPv6 link-local address is automatically assigned.

 If your device obtains an address from DHCP or DHCPv6, then the IP address is assigned.

 If your device does not obtain an IPv4 address via DHCP within 10 seconds, then it applies
the class B IPv4 link-local address 169.254.42.42/16. Then the IPv4 DHCP client is disabled.

You can manage your device by using SSH to connect to the IPv4 or IPv6 address that has been
assigned to the management interface. You will need to ensure your management computer is
configured with an IP/IPv6 address within the same subnet as the management IP address on
the device. The following commands are configured:

no service telnet
service ssh
ssh server allow-users manager
loop-protection loop-detect fast-block ldf-interval 1
interface <management-interface>
ip address dhcp
ipv6 address dhcp

Automatic IP address assignment

An IP address is assigned automatically on start-up by either:

 automatic assignment by a DHCP server, for example 10.33.22.33 as follows:

awplus login: 03:17:10 awplus IP address assignment underway:

03:17:10 awplus Password change is strongly recommended
03:17:22 awplus Interface vlan1 address set to 10.33.22.33/24

awplus login: manager

Password:

AlliedWare Plus (TM) 5.4.7 06/09/17 05:35:30

An IP address has been assigned - password change is strongly recommended

awplus>

C613-22045-00 REV G Start-up Process | Page 5

 Getting Started with AlliedWare Plus

or,

 if no DHCP server is available then the IP address 169.254.42.42 is applied as follows:

awplus login: 02:36:51 awplus IP address assignment underway:

02:36:51 awplus Password change is strongly recommended
02:37:04 awplus Interface vlan1 address set to 169.254.42.42/16

awplus login: manager

Password:

AlliedWare Plus (TM) 5.4.7 06/09/17 05:35:30

An IP address has been assigned - password change is strongly recommended

awplus>

Note: For security reasons a password change is strongly recommended after the IP address is
assigned.

How to Login
You can choose one of the following options to login to your device:

 Login from the console port

Use the console to login to your device if you have cable access via the local Console Port.

 Login to a management interface port with SSH

Use SSH to login to your device via a Management Interface Port if you do not have access
via the Console Port, or if you want to manage your device remotely.

 Login with the web-based firewall GUI

Use the firewall GUI if you want to manage your device using web access.

Login from the console port

Follow these steps to login locally or out-of-band:

1. Connect the local management cable (with DB-9 connector) provided from your device to the
management computer.

2. Power up your device (allow 10 seconds).

3. Open a PuTTY session (or equivalent terminal emulator).

From the PuTTY Configuration dialog enter the following basic options:

C613-22045-00 REV G How to Login | Page 6

 Getting Started with AlliedWare Plus

 Select the Serial button.

 Enter the Serial line, for example COM3. To find the Serial line from Microsoft Windows,
go to Device Manager> Ports (COM @ LPT).

 Change the Speed (console baud rate) if necessary, for example to 115200. The default
baud rate is 9600. See your product’s Installation Guide for the correct baud rate.

Caution On IE200 and IE300 Series switches, we do not recommend changing the baud rate. The
bootloader on these switches always runs at 9600 Baud. If you change the baud rate, you
will lose access to the bootloader.

Click Open to establish a local management session with your device.

 Press Enter to display the login prompt.

By default the AlliedWare Plus OS supports VT100 compatible terminals on the console
port. This means that the terminal size is 80 columns by 24 rows.

4. Log in. The defaults are:

 Username: manager

 Password: friend

Your device logs you into User Exec mode. From User Exec mode, you can perform high-
level diagnostics (some show commands, ping, traceroute, for example), start sessions
(Telnet, SSH), and change mode.

C613-22045-00 REV G How to Login | Page 7

 Getting Started with AlliedWare Plus

Login to a management interface port with SSH

Follow these steps to login remotely to a management interface:

1. The management computer must have an IP address in the target subnet.

2. The management computer must be connected to the same network as the device.

3. Connect your device into the network via the management interface.

4. Power up your device. If your device is factory new (unconfigured) and you want it to receive
an IP address automatically, wait approximately 30 seconds after the management port has
gone link-up for this to happen. For details see Automatic IP address assignment.

5. Open a remote PuTTY session (or equivalent terminal emulator).

From the PuTTY Configuration dialog enter the following basic options:

 Select the SSH button and enter the Host Name (or IP address), for example
10.33.22.33.

 Click Open to establish a remote management session with your device.

C613-22045-00 REV G How to Login | Page 8

 Getting Started with AlliedWare Plus

 Click Yes if you receive the following PuTTY Security Alert Warning message:

This message can be bypassed because it is referring to the host key not matching the
cache.

 Press Enter to display the login prompt.

By default the AlliedWare Plus OS terminal size is 80 columns by 24 rows.

Login with the web-based firewall GUI

The firewall GUI provides setup of the firewall, enabling the configuration of entities (zones,
networks and hosts) and then creating firewall, NAT, and traffic-control rules for managing traffic
between these entities. Features such as the Intrusion Prevention System (IPS) and URL Filtering
help protect the network, and manage website access.

The GUI also supports a DHCP server, interface management, VLAN management, file
management, system tools, a CLI window and a dashboard for network monitoring. The
dashboard shows interface and firewall traffic, system and environmental information, and the
security monitoring widget lets you view and manage rules and security features. The complete
AlliedWare Plus feature-set can be configured using the firewalls built-in industry standard
Command Line Interface (CLI). The firewall and its graphical management and monitoring
functionality will increase with subsequent releases.

If your firewall is new and unused, it will already have the GUI installed from the factory, and the
IP address 192.168.1.1 on vlan1, and 172.16.0.1/24 on eth1, and 128.0.0.1/24 on eth2 and the
HTTP service enabled. Connect to any switch port and browse to 192.168.1.1 to begin.

For further information about using the firewall GUI, see

 Getting Started with the VPN Routers GUI or

 Getting Started with the UTM Firewall GUI

C613-22045-00 REV G How to Login | Page 9

 Getting Started with AlliedWare Plus

How to Work with Command Modes

AlliedWare Plus is modal, which means that the command line forms a hierarchy with different
commands available at different levels of the hierarchy. Figure 1 below shows the command
mode hierarchy and the commands you use to move to lower-level modes.

Multiple users can Telnet/SSH and issue commands using the User Exec mode and the
Privileged Exec mode. However, only one user is allowed to use the Configure mode at a time.
This prevents multiple users from issuing configuration commands simultaneously.

Figure 1: AlliedWare Plus CLI modes

AlliedWare Plus CLI modes

User
Command mode
Exec mode

enable Command used to

enter the next
command mode

Privileged
Exec mode

configure terminal

Global
Configuration
mode
interface
[interface name]

Interface Other
mode sub-modes

User Exec User Exec mode is the mode you log into on the device. It lets you perform high-level diagnostics
mode (show commands, ping, traceroute, for example), start sessions (Telnet, SSH), and change
mode.

The default User Exec mode prompt is awplus>

C613-22045-00 REV G How to Work with Command Modes | Page 10

 Getting Started with AlliedWare Plus

Privileged Privileged Exec mode is the main mode for monitoring—for example, running show commands
Exec mode and debugging. From Privileged Exec mode, you can do all the commands from User Exec mode
plus many system commands.

To change from User Exec to Privileged Exec mode, enter the command:

awplus> enable

The default Privileged Exec mode prompt is awplus#

Global From Global Configuration mode, you can configure most aspects of the device.
Configuration
mode
To change from Privileged Exec to Global Configuration mode, enter the command:

awplus# configure terminal

The default Global Configuration mode prompt is awplus(config)#

Interface From Interface Configuration mode, you can configure the settings of one or more specified
Configuration interfaces.
mode

To change from Global Configuration mode to Interface Configuration mode, enter the command:

awplus(config)# interface <interface-list>

<interface-list> is the name of one or more interfaces (for example, port1.0.1-1.0.3)

The default Interface Configuration mode prompt is awplus(config-if)#

Router From Router Configuration mode, you can configure routing using BGP, IP, IPv6, OSPF, RIP, or
Configuration VRRP.
mode

To change from Global Configuration mode to Router Configuration mode, enter the command:

awplus(config)# router <protocol> <other-parameters>

The default Router Configuration mode prompt is awplus(config-router)#

VLAN From VLAN Database mode, you can create and configure VLANs.
Database
mode
To change from Global Configuration mode to VLAN Database mode, enter the command:

awplus(config)# vlan database

The default VLAN Database mode prompt is awplus(config-vlan)#

C613-22045-00 REV G How to Work with Command Modes | Page 11

 Getting Started with AlliedWare Plus

Other lower-level configuration modes

A number of other features are also configured by entering a lower-level mode from Global
Configuration mode.

The following tables lists some (but not all) examples of the lower-level modes:

MODE WHAT IT CONFIGURES COMMAND DEFAULT PROMPT

Class map QoS classes, which isolate and name specific traffic (first enable QoS globally awplus(config-cmap)#
flows (classes) from all other traffic. with mls qos enable)
class-map name

EPSR Ethernet Protection Switching Ring, a loop epsr configuration awplus(config-epsr)#

protection mechanism with extremely fast
convergence times.
Line Console port settings or virtual terminal settings for line console 0 awplus(config-line)#
Telnet. line vty number

Ping poll Ping polling, which checks whether specified ping-poll number awplus(config-ping-poll)#
devices are reachable or not.
Policy map QoS policies, a collection of user-defined QoS (first enable QoS globally awplus(config-pmap)#
classes and the default class. with mls qos enable)
policy-map name

Policy map class The QoS actions to take on a class-map, and which (in Policy map mode) awplus(config-pmap-c)#
class-maps to associate with a QoS policy. class name
This mode is a sub-mode of Policy map mode.
Route map Route maps, which select routes to include or route-map name awplus(config-route-map)#
exclude from the device’s routing table and/or route deny|permit entry-number
advertisements.

MST Multiple Spanning Tree Protocol. spanning-tree mst awplus(config-mst)#

configuration

Trigger Triggers, which run configuration scripts in response trigger number awplus(config-trigger)#
to events.

Some protocols have commands in both Global Configuration mode and lower-level
configuration modes. For example, to configure MSTP, you use:

 Global Configuration mode to select MSTP as the spanning tree mode

 MST mode to create instances and specify other MSTP settings

 Interface Configuration mode to associate the instances with the appropriate ports.

C613-22045-00 REV G How to Work with Command Modes | Page 12

 Getting Started with AlliedWare Plus

Returning to higher-level modes

The following figure shows the commands to use to move from a lower-level mode to a higher-
level mode.

Figure 2: Returning to higher-level modes

AlliedWare Plus CLI modes - returning to higher-level modes

User
Command mode
Exec mode

disable Command used to

return to this
command mode

Privileged
Exec mode
end
or Ctrl+Z
or Ctrl+C exit

Global
Configuration
mode

exit

Sub-modes

Examples To go from Interface Configuration to Global Configuration mode:

awplus(config-if)# exit
awplus(config)#

To go from Interface Configuration to Privileged Exec mode:

awplus(config-if)# end
awplus#

To go from Privileged Exec to User Exec:

awplus# exit
awplus>

C613-22045-00 REV G How to Work with Command Modes | Page 13

 Getting Started with AlliedWare Plus

Entering privileged exec commands when in a configuration mode

As you configure the device you will be constantly entering various show commands to confirm
your configuration. This requires constantly changing between configuration modes and
Privileged Exec mode.

However, you can run Privileged Exec commands without changing mode, by using the
command:

awplus(config)# do <command you want to run>

You cannot use the ? help to find out command syntax when using the do command.

Example To display information about the IP interfaces when in Global Configuration mode, enter the
command:

awplus(config)# do show ip int brief

This results in the following output:

Output 1: Example output after entering the command do show ip int brief

Interface IP-Address Status Protocol

eth0 172.28.8.200 admin up running
vlan1 unassigned admin up running
...

How to Get Command Help

The following kinds of command help are available:

 lists of valid parameters with brief descriptions (the ? key)

 completion of keywords (the Tab key)

 error messages for incomplete or incorrect syntax

Command Abbreviations

The AlliedWare Plus CLI contains a number of abbreviations for its commands.

For example, the show interface command can be entered in the abbreviated form shown
below:

awplus# sh in vlan100

C613-22045-00 REV G How to Get Command Help | Page 14

 Getting Started with AlliedWare Plus

Viewing a list of valid parameters

To get syntax help, type ? (i.e. “space question mark”) after:

 the prompt:

this will list all commands available in the mode you are in.

 one or more parameters:

this will list parameters that can come next in the partial command.

 one or more letters of a parameter:

this will list matching parameters.

Note: The AlliedWare Plus OS only displays one screenful of text at a time, with the prompt
“--More--” at the end of each screenful. Press the space bar to display the next screenful
or the Q key to return to the command prompt.

Example To see which commands are available in Privileged Exec mode, enter “?” at the Privileged Exec
mode command prompt:

awplus# ?

This results in the following output:

Output 2: Example output from the ? command

Exec commands:
activate Activate a script
cd Change the current working directory
clear Reset functions
clock Manage clock
configure Enter configuration mode
copy Copy from one file to another
...

Example To see which show commands that start with “i” are available in Privileged Exec mode, enter “?”
after show i:

awplus# show i?

This results in the following output:

Output 3: Example output from the show i? command

interface Select an interface to configure

ip Internet Protocol (IP)
ipv6 Internet Protocol version 6 (IPv6)

C613-22045-00 REV G How to Get Command Help | Page 15

 Getting Started with AlliedWare Plus

Examples To use the ? help to work out the syntax for the clock timezone command, enter the following
sequence of commands:

awplus> enable
awplus# configure terminal
awplus(config)# clock ?

summer-time Manage summer-time

timezone Set clock timezone

awplus(config)# clock timezone ?

TIMEZONE Timezone name, up to 5 characters

awplus(config)# clock timezone NZST ?

minus negative offset

plus positive offset

awplus(config)# clock timezone NZST plus ?

<0-12> Time zone offset to UTC

awplus(config)# clock timezone NZST plus 12

The above example demonstrates that the ? help only indicates what you can type next. For
commands that have a series of parameters, like clock timezone, the ? help does not make the
number of parameters obvious.

Completing keywords
To complete keywords, type the Tab key after part of the command.

If only one keyword matches the partial command, the AlliedWare Plus OS fills in that keyword. If
multiple keywords match, it lists them.

Examples In this example we use Tab completion in successive steps to build the complete command
show ip dhcp snooping. We have included “<Tab>” to show where to type the Tab key — this is
not displayed on screen.

Output 4: Example output after entering the command show ip <Tab>

awplus#show ip <Tab>
access-list dhcp dhcp-relay domain-list domain-name filter
forwarding igmp interface mroute name-server prefix-list
route rpf rrp sockets source traffic

Output 5: Example output after entering the command show ip d<Tab>

awplus#show ip d<Tab>
dhcp dhcp-relay domain-list domain-name

C613-22045-00 REV G How to Get Command Help | Page 16

 Getting Started with AlliedWare Plus

Output 6: Example output after entering the show ip dhcp <Tab> command

awplus#show ip dhcp <Tab>

binding pool server snooping

Output 7: Example output after entering the show ip dhcp s<Tab> command

awplus#show ip dhcp s<Tab>

server snooping

Viewing command error messages

The device displays the following generic error messages about command input:

% Incomplete command—this message indicates that the command requires more

parameters. Use the ? help to find out what other parameters are available.

awplus# interface

% Incomplete command.

% Invalid input detected at '^' marker—this indicates that the device could not process the
command you entered. The device also prints the command and marks the first invalid character
by putting a '^' under it. Note that you may get this error if you enter a command in the wrong
mode, as the following output shows.

awplus# interface port1.0.1

interface port1.0.1
^
% Invalid input detected at '^' marker.

% Unrecognized command—when you try to use ? help and get this message, it indicates that
the device can not provide help on the command because it does not recognize it. This means
the command does not exist, or that you have entered it in the wrong mode, as the following
output shows.

awplus# interface ?

% Unrecognized command

Note: The AlliedWare Plus OS does not tell you when commands are successful. If it does not
display an error message, you can assume the command was successful.

C613-22045-00 REV G How to Get Command Help | Page 17

 Getting Started with AlliedWare Plus

How to Change the Configuration

How to see the current configuration

The current configuration is called the running-config. To see it, enter the following command in
either Privileged Exec mode or any configuration mode:

awplus# show running-config

To see only part of the current configuration, enter the command:

awplus# show running-config|include <word>

This displays only the lines that contain word.

To start the display at a particular place, enter the command:

awplus# show running-config|begin <word>

This searches the running-config for the first instance of word and begins the display from that
line.

Note: The show running-config command works in all modes except User Exec mode.

Default settings
When the device initially started up with the AlliedWare Plus OS, it applied default settings and
copied these defaults dynamically into its running-config.

These default settings mean that the AlliedWare Plus OS:

 encrypts passwords, such as user passwords.

 records log message priority in log messages.

 turns on jumbo frame support for all ports on devices with the jumboframe command.

 SSH is enabled.

 the Telnet server is disabled by default.

 enables the device to look up domain names (but for domain name lookups to work, you have
to configure a DNS server).

 turns off Layer 3 multicast packet switching in the switch’s hardware (on Layer 3 switches).
This prevents Layer 3 multicast from flooding the switch’s CPU in its default state as a Layer
2 switch.

 sets the maximum number of ECMP routes, on devices that support ECMP.

 turns on RSTP on all ports. Note that the ports are not set to be edge ports.

 sets all the switch ports to access mode. This means they are untagged ports, suitable for
connecting to hosts.

C613-22045-00 REV G How to Change the Configuration | Page 18

 Getting Started with AlliedWare Plus

 creates VLAN 1 and adds all the switch ports to it.

 allows logins on the serial console port.

 allows logins on VTY sessions (for SSH, for example).

 forwards Layer 2 traffic appropriately without further configuration.

 allocates all the routing table memory space to IPv4 and IPv6 routes on devices that support
IPv6 routing.

 allows configured ports to autonegotiate their speed and duplex mode.

 allows copper ports to be set to auto MDI/MDI-X mode.

The default configuration

Most of the above default settings are in the form of commands, which the device copied to its
running-config when it first booted up.

For more information about start-up files, see "How to Save and Boot from the Current
Configuration" on page 23. An example default config, with explanations of the meanings of the
commands, is shown below:

CONTENTS OF DEFAULT SETTINGS DESCRIPTION

! An empty comment line (comments begin with an !).
service password-encryption Forces passwords in the script to be encrypted.
!
no banner motd No message of the day is set by default.
!
log record-priority Records log message priority.
!
username manager privilege 15 password Specifies the password for the manager user.
8 $1$bJoVec4D$JwOJGPr7YqoExA0GVasdE0
ssh server allow-users manager The SSH server is set to allow the user manager.
service ssh SSH is enabled by default.
!
no service telnet Telnet is disabled by default.
!
no service http HTTP is disabled by default.
!
no clock timezone The clock is disabled by default.
!
snmp-server SNMP is enabled by default.
!
!
aaa authentication enable default local AAA authentication is enabled by default.
aaa authentication login default local

C613-22045-00 REV G How to Change the Configuration | Page 19

 Getting Started with AlliedWare Plus

CONTENTS OF DEFAULT SETTINGS DESCRIPTION

ip domain-lookup Allows domain name lookups.
!
no service dhcp-server DHCP is disabled by default.
!
no ip multicast-routing Turns off L3 multicast packet switching in the switch hardware.
!
spanning-tree mode rstp Turns on RSTP.
!
lacp global-passive-mode enable LACP is enabled by default.
!
interface eth0 A heading for any configuration settings for the management eth0
! port. There are no eth0 settings.
ip address dhcp The DHCP client is activated for IPv4 and IPv6.
ipv6 address dhcp
interface port1.0.1-1.0.24 Sets each switch port to access mode.
switchport
switchport mode access
!
interface vlan1 Creates VLAN 1.
!
line con 0 A heading for any configuration settings for the console port. There
are no console port settings.
line vty 0 32 A heading for any configuration settings for VTY sessions. There are
no VTY session settings.
!
end

C613-22045-00 REV G How to Change the Configuration | Page 20

 Getting Started with AlliedWare Plus

How to change a management interface IP address on the NET

MGMT port
Some devices include an eth0 (NET MGMT) management interface port. This section describes
how to set an IP address on that port. If your device does not have a NET MGMT management
interface port, you can manage it via VLAN1 (see "How to change a management interface IP
address on VLAN1" on page 21).

Step 1: If desired, check the current configuration.

After logging in, enter Privileged Exec mode by using the command:

awplus> enable

Then check the current configuration by using the commands:

awplus# show ip interface eth0 brief

If an address is already set, this results in the following output:

Interface IP-Address Status Protocol

eth0 172.28.8.200 admin up running

Step 2: Enter Interface Configuration mode for the eth0 interface.

Enter Global Configuration mode and enter the command:

awplus(config)# interface eth0

Step 3: Enter the IP address and mask.

Enter the command:

awplus(config-if)# ip address <address/mask>

For example, to set the address to 172.28.8.210/12, enter the command:

awplus(config-if)# ip address 172.28.8.210/12

How to change a management interface IP address on VLAN1

This section describes how to change an IP address on the default VLAN (vlan1) management
interface.

Step 1: If desired, check the current configuration.

After logging in, enter Privileged Exec mode by using the command:

awplus> enable

Then check the current configuration by using the command:

awplus# show ip interface vlan1 brief

C613-22045-00 REV G How to Change the Configuration | Page 21

 Getting Started with AlliedWare Plus

The output looks similar to this (note that this example already has an address assigned):

Interface IP-Address Status Protocol

vlan1 172.28.8.200 admin up running

Step 2: Enter Interface Configuration mode for the vlan1 interface.

Enter Global Configuration mode and enter the command:

awplus(config)# interface vlan1

Step 3: Enter the IP address and mask.

Enter the command:

awplus(config-if)# ip address <address/mask>

For example, to change the address to 172.28.8.210/12, enter the command:

awplus(config-if)# ip address 172.28.8.210/12

C613-22045-00 REV G How to Change the Configuration | Page 22

 Getting Started with AlliedWare Plus

How to Save and Boot from the Current Configuration

This section tells you how to save your configuration and run the saved configuration when the
device starts up.

You can either:

 save the configuration to the device’s default configuration file (called “default.cfg”). By
default, the device uses that file at start-up.

 create a new configuration file and set the device to use the new configuration file at start-up.

How to save to the default configuration file

Enter Privileged Exec mode and enter the command:

awplus# copy running-config startup-config

The parameter startup-config is a short-cut for the current boot configuration file, which will be
the default configuration file unless you have changed it, as described in the next section.

How to create and use a new configuration file

Step 1: Copy the current configuration to a new file

Enter Privileged Exec mode and enter the command:

awplus# copy running-config <destination-url>

Note: that you can save the file onto Flash memory, or an SD card or USB device. The default is
Flash. For details about file names and paths, see the Configuration and File Management
Feature Overview and Configuration Guide.

Example To save the current configuration in a file called “example.cfg”, enter the command:

awplus# copy running-config example.cfg

Step 2: Set the device to use the new file at startup

To run the new file’s configuration when the device starts up, enter Global Configuration mode
and enter the command:

awplus(config)# boot config-file <filepath-filename>

Note that you can set the device to use a configuration file on an SD card or USB device if you
have saved the configuration file to that card or device. You can only specify that the
configuration file is on an SD card or USB device if there is a backup configuration file already
specified in Flash.

To set a backup configuration file to load if the main configuration file cannot be loaded, enter the
command:

awplus(config)# boot config-file backup <filepath-filename>

C613-22045-00 REV G How to Save and Boot from the Current Configuration | Page 23
 Getting Started with AlliedWare Plus

Example To run the commands in “example.cfg” on startup, enter the command:

awplus(config)# boot config-file flash:/example.cfg

To set “backup.cfg” as the backup to the main configuration file, enter the command:

awplus(config)# boot config-file backup flash:/backup.cfg

Step 3: Display the new settings.

To see the files that the device uses at startup, enter Privileged Exec mode and enter the
command:

awplus# show boot

This results in the following output:

Boot configuration
----------------------------------------------------------------
Current software : x510-5.4.4-3.5.rel
Current boot image : flash:/x510-5.4.4-3.5.rel
Backup boot image : flash:/x510-5.4.4-3.4.rel
Default boot config: flash:/default.cfg
Current boot config: usb:/example.cfg (file exists)
Backup boot config: flash:/backup.cfg (file exists)

Step 4: Continue updating the file when you change the configuration

When you next want to save the current configuration, enter Privileged Exec mode and enter the
command:

awplus# copy running-config startup-config

The parameter startup-config is a short-cut for the current boot configuration file.

C613-22045-00 REV G How to Save and Boot from the Current Configuration | Page 24
 Getting Started with AlliedWare Plus

How to Undo Settings

There are two possibilities for undoing settings: the no parameter and the default parameter.

How to use the no parameter

To undo most settings, simply re-enter the first parameters of the configuration command with
the parameter no before them.

Example You can set the timezone to Eastern Standard Time by entering the command:

awplus(config)# clock timezone EST minus 5

To remove the timezone setting, enter the command:

awplus(config)# no clock timezone

How to use the default parameter

Some commands have a default parameter that returns the feature to its default setting.

Example You can change the login banner to “this is a new banner” by entering the command:

awplus(config)# banner motd this is a new banner

To return to the default banner, enter the command:

awplus(config)# banner motd default

Note that this command also has a no parameter that lets you remove the banner altogether.

Passwords

How to Change the Password

To change the password for the manager account, enter Global Configuration mode and enter
the following command:

awplus(config)# username manager password <new-password>

The password can be up to 23 characters in length and include characters from up to four
categories. The password categories are:

 uppercase letters: A to Z

 lowercase letters: a to z

 digits: 0 to 9

 special symbols: all printable ASCII characters not included in the previous three categories.
The question mark ? cannot be used as it is reserved for help functionality.

C613-22045-00 REV G How to Undo Settings | Page 25

 Getting Started with AlliedWare Plus

How to set strong passwords

The password security rules are disabled by default. To set password security rules for users with
administrative rights, or privilege level 15, enter Global Configuration mode.

You can then either specify whether the user is forced to change an expired password at the next
login, or specify whether the user is not allowed to login with an expired password. You will need
to specify a password lifetime greater than 0 before selecting either of these features. Note that
the security-password forced-change and the security-password reject-expired-pwd
commands cannot be enabled concurrently.

Password Enter the following command to specify the password lifetime in days:
lifetime
awplus(config)# security-password lifetime <0-1000>

Note that the value 0 will disable lifetime functionality and passwords will never expire. If lifetime
functionality is disabled, the security-password forced-change command and the security-
password warning command are also disabled.

Password To specify that a user is forced to change an expired password at the next login, enter the
forced change following command:

awplus(config)# security-password forced-change

If the security-password forced-change command is enabled, users with expired passwords

are forced to change to a password that must comply with the current password security rules at
the next login.

Reject expired To specify that a user is not allowed to login with an expired password, enter the following
password command:

awplus(config)# security-password reject-expired-pwd

If the security-password reject-expired-pwd command is enabled, users with expired

passwords are rejected at login. Users then have to contact the Network Administrator to change
their password.
Caution Once all users’ passwords are expired you are unable to login to the device again if
the security-password reject-expired-pwd command has been executed. You will
have to reboot the device with a default configuration file, or load an earlier software
version that does not have the security password feature.

We recommend you never have the command line “security-password reject-

expired-pwd” in a default config file.

Use other password security rules to further configure password security settings.

Password AlliedWare Plus can warn users that passwords will expire in a specified number of days. To
warning specify the number of days, enter the command:

awplus(config)# security-password warning <0-1000>

C613-22045-00 REV G Passwords | Page 26

 Getting Started with AlliedWare Plus

The value 0 will disable warning functionality. The warning period must be less than, or equal to,
the password lifetime.

Password To specify the number of previous passwords that are unable to be reused, enter the command:
history
awplus(config)# security-password history <0-15>

A new password is invalid if it matches a password retained in the password history. The value 0
will disable history functionality. If history functionality is disabled, all users’ password history is
reset and all password history is lost.

Password To specify the minimum allowable password length, enter the command:
minimum
length awplus(config)# security-password minimum-length <1-23>

Password To specify the minimum number of categories that the password must contain in order to be
minimum considered valid, enter the command:
categories
awplus(config)# security-password minimum-categories <1-4>

The password categories are:

 uppercase letters: A to Z

 lowercase letters: a to z

 digits: 0 to 9

 special symbols: all printable ASCII characters not included in the previous three categories.
The question mark ? cannot be used as it is reserved for help functionality.

To ensure password security, the minimum number of categories should align with the lifetime
selected, i.e. the fewer categories specified the shorter the lifetime specified.

How to add a user is described in "How to add and remove users" on page 27.

Display To list the configuration settings for the various security password rules, enter the command:
security
password awplus# show security-password configuration
settings
To list users’ remaining lifetime or last password change, enter the command:

awplus# show security-password user

How to add and remove users

Adding users To add a new user with administrative rights, enter Global Configuration mode and enter the
command:

awplus(config)# username <name> privilege 15 password <password>

Both <name> and <password> can contain any printable character and are case sensitive.

C613-22045-00 REV G Passwords | Page 27

 Getting Started with AlliedWare Plus

When you add a user with administrative rights, <password> will have to conform to the
following rules:

 security-password minimum-categories command

 security-password minimum-length command

 security-password history command. If this command is enabled, <password> is invalid if

it matches a password retained in the password history.

The AlliedWare Plus OS gives you a choice of privilege levels of 1-15. Level 1-6 users are limited
to User Exec mode and can only access some show commands. Level 7-14 users can access a
majority of show commands. Level 15 users have access to all show and configuration
commands.

Note that some show commands, such as show running-configuration and show startup-
configuration, are only available at privilege level 15.

For example, to add user Bob with password 123$%^, enter the command:

awplus(config)# username Bob privilege 15 password 123$%^

Removing To remove a user, enter Global Configuration mode and enter the command:
users
awplus(config)# no username <name>

For example, to remove user Bob, enter the command:

awplus(config)# no username Bob

Note that you can delete all users, including the user called “manager” and the user you are
logged in as. If all privilege 15 user accounts are deleted, a warning message is generated:

% Warning: No privileged users exist.

If all privilege level 15 user accounts are deleted, and there are no other users configured for the
device, you may have to reboot with the default configuration file.

You can also set a password for the step of moving from User Exec mode to Privileged Exec
mode. This enables users with privilege level 1-6 to access Privileged Exec mode by entering the
password.

To set the password, use the commands:

awplus# configure terminal

awplus(config)# enable password <password>

When low-privilege-level users log in, they can access the Privileged Exec mode by entering the
enable command with the password. For example, if the password is ‘mypassword’, they would
enter:

awplus> enable mypassword

awplus#

C613-22045-00 REV G Passwords | Page 28

 Getting Started with AlliedWare Plus

Displaying To list the currently logged-in users, enter User Exec or Privileged Exec mode and enter the
users command:

awplus# show users

The output looks like this:

Line User Host(s) Idle Location Priv Idletime Timeout

con 0 manager idle 00:00:00 ttyS0 15 10 N/A
vty 0 bob idle 00:00:03 172.16.11.3 1 0 5

To list all configured users, enter User Exec or Privileged Exec mode and enter the command:

awplus# show running-config|include username

The output looks like this:

username manager privilege 15 password 8 $1$bJoVec4D$JwOJGPr7YqoExA0GVasdE0

username Bob privilege 15 password 8 $1$gXJLY8dw$iqkMXLgQxbzSOutNUa5E2.

Pre-encrypted passwords
The running-config output above includes the number 8 after the password parameter. This
indicates that the password is displayed in its encrypted form.

You can enter the number 8 and a pre-encrypted password on the command line. You may want
to pre-encrypt passwords if you need to load them onto devices via an insecure method (such as
HTTP, or by emailing them to remote users).
Caution Only enter the number 8 if you are entering a pre-encrypted password—otherwise, you will be
unable to log in using the password and will be unable to access the device through that
username. The next section describes why.

Testing this If you want to test the effect of this, create a new user for the test instead of using the manager
feature user (or another existing user). The test stops you from logging in as the test user, so you need to
have the manager user available to log in as. The following output shows how specifying the
number 8 puts the password into the running-config exactly as you typed it:

awplus(config)#username Bob privilege 15 password 8 friend

awplus(config)#show running-config |include username Bob
username Bob privilege 15 password 8 friend

After entering the command above, logging in as “Bob” with a password of “friend” does not
work. This is because the device takes the password you enter (“friend”), hashes it, and
compares the hash with the string in the running-config (“friend”). The hashed value and “friend”
are not the same, so the device rejects the login.

C613-22045-00 REV G Passwords | Page 29

 Getting Started with AlliedWare Plus

How to View System Information

This section describes how to view the following system information:

 overview information

 details of temperature and voltage

 serial number

Viewing overall system information

To display an overview of the device hardware, software, and system settings, enter User Exec or
Privileged Exec mode and enter the command:

awplus# show system

The output depends on the product, but is similar to this:

System Status Wed Sep 28 12:44:10 2016

Board ID Bay Board Name Rev Serial number

------------------------------------------------------------------------------
Chassis 315 AT-SBx8112 E-0 A042764112500070
Blade 317 Bay1 AT-SBx81GP24 D-0 A042774112800031
Blade 353 Bay2 AT-SBx81XS6 X8-0 A045624113500003
Blade 317 Bay3 AT-SBx81GP24 D-0 A042774112700005
Controller 316 Bay5 AT-SBx81CFC400 F-0 A042854111300027
Controller 316 Bay6 AT-SBx81CFC400 F-0 A042854111300029
Blade 352 Bay7 AT-SBx81GS24a C-1 A042824112400004
Blade 351 Bay11 AT-SBx81GT24 B-1 A044024110900001
Blade 352 Bay12 AT-SBx81GS24a C-1 A042824104600004
PSU 319 PSU4 AT-SBxPWR-SYS/AC A-0 -
Fan module 321 PSU5 AT-SBxFAN12 E-0 A042844112400016
------------------------------------------------------------------------------
RAM: Total: 513436 kB Free: 365932 kB
Flash: 126.0MB Used: 121.2MB Available: 4.8MB
------------------------------------------------------------------------------
Environment Status : Normal
Uptime : 0 days 00:03:26
Bootloader version : 2.0.23

Current software : SBx81CFC400-5.4.6-1.3.rel

Software version : 5.4.6
Build date : Mon Aug 29 13:49:19 NZST 2016

Current boot config: flash:/default.cfg (file exists)

System Name
awplus
System Contact

System Location

C613-22045-00 REV G How to View System Information | Page 30

 Getting Started with AlliedWare Plus

Viewing voltage, fan status, power supply, alarm status, and

temperature
The device monitors the environmental status of its power supplies and fan.

To display this information, enter User Exec or Privileged Exec mode and enter the command:

awplus# show system environment

The output depends on the product, but is similar to this:

awplus#show system environment

Stack Environment Monitoring Status

Stack member 1:

Overall Status: Normal

Resource ID: 1 Name: x510-28GTX

ID Sensor (Units) Reading Low Limit High Limit Status
1 Fan: Fan 1 (Rpm) 4344 3000 - Ok
2 Voltage: 1.8V (Volts) 1.804 1.617 1.978 Ok
3 Voltage: 1.0V (Volts) 0.995 0.896 1.099 Ok
4 Voltage: 3.3V (Volts) 3.291 2.960 3.613 Ok
5 Voltage: 5.0V (Volts) 5.066 4.477 5.498 Ok
6 Voltage: 1.2V (Volts) 1.187 1.072 1.318 Ok
7 Temp: CPU (Degrees C) 50 -10 90 Ok

Viewing the serial number

The device’s serial number is displayed in the output of the show system command, but for
convenience, you can also display it by itself.

To do this, enter User Exec or Privileged Exec mode and enter the command:

awplus# show system serialnumber

The output looks like this:

P1FY7502C

C613-22045-00 REV G How to View System Information | Page 31

 Getting Started with AlliedWare Plus

How to Set System Parameters

You can set system parameters to personalize the device and make it easy to identify it when
troubleshooting.

This section describes how to configure the following system parameters:

 Telnet session timeout

 Device name

 Login banner

How to change the Telnet session timeout

By default, Telnet sessions time out after 10 minutes of idle time. If desired, you can change this.

To change the timeout for all Telnet sessions, enter Global Configuration mode and enter the
commands:

awplus(config)# line vty 0 32

awplus(config-line)# exec-timeout <new-timeout>

The new timeout value only applies to new sessions, not current sessions.

Examples To set the timeout to 30 minutes, enter the command:

awplus(config-line)# exec-timeout 30

To set the timeout to 30 seconds, enter the command:

awplus(config-line)# exec-timeout 0 30

To set the timeout to infinity, so that sessions never time out, enter either of the commands:

awplus(config-line)# no exec-timeout
awplus(config-line)# exec-timeout 0 0

How to name the device

To give the device a name, enter Global Configuration mode and enter the command:

awplus(config)# hostname <name>

For example, to name the device “mycompany”

awplus(config)# hostname mycompany

The prompt displays the new name:

my company(config)#

C613-22045-00 REV G How to Set System Parameters | Page 32

 Getting Started with AlliedWare Plus

The name can contain hyphens and underscore characters, for example:

mycompany(config)#hostname mycompany_more_words
mycompany_more_words(config)#hostname mycompany-hyphenated
mycompany-hyphenated(config)

However, the name must be a single word, as the following example shows.

mycompany(config)#hostname mycompany more words

^
% Invalid input detected at '^' marker.

It also cannot be surrounded by quote marks, as the following example shows.

awplus(config)#hostname "mycompany more words"

% hostname contains invalid characters

Removing the name

To remove the hostname, enter the command:

my company(config)# no hostname

The prompt changes back to the default prompt:

awplus(config)#

How to display a text banner at login

By default, the device displays the AlliedWare Plus OS version and build date before login. You
can customize this by changing the Message of the Day (MOTD) banner. To enter a new MOTD
banner, enter Global Configuration mode and enter the command:

awplus(config)# banner motd <banner-text>

The text can contain spaces and other printable characters. You do not have to surround words
with quote marks.

Example To display “this is a new banner” when someone logs in, enter the command:

awplus(config)# banner motd this is a new banner

This results in the following output at login:

awplus login: manager

Password:
this is a new banner
awplus>

Removing the banner

To return to the default banner (AlliedWare Plus OS version and build date), enter the command:

awplus(config)# banner motd default

To remove the banner instead of replacing it, enter the command:

awplus(config)# no banner motd

C613-22045-00 REV G How to Set System Parameters | Page 33

 Getting Started with AlliedWare Plus

How to Set the Time and Date

There are three aspects to setting the time and date:

 setting the current time and date

 setting the timezone

 configuring the device to automatically change the time when summer-time begins and ends

Instead of manually setting the time, you can use NTP to automatically get it from another device.

How to show current settings

To display the current time, timezone and date, enter Privileged Exec mode and enter the
command:

awplus# show clock

The output looks like this:

UTC Time: Wed, 16 May 2015 16:08:14 +0000

Timezone: UTC
Timezone Offset: +00:00
Summer time zone: None

How to set the time and date

Note that IE200 and IE300 Series switches do not retain time settings over a cold reboot. We
recommend using NTP on these products.

To set the time and date, enter Privileged Exec mode and enter the clock set command:

clock set <hh:mm:ss> <day> <month> <year>

where:

 hh is two digits giving the hours in 24-hour format (e.g. 14)

 mm is two digits giving the minutes

 ss is two digits giving the seconds

 day is two digits giving the day of the month

 month is the first three letters of the month name (e.g. sep)

 year is four digits giving the year

Example To set the time to 14:00:00 on 25 January 2015, use the command:

awplus# clock set 14:00:00 25 jan 2015

C613-22045-00 REV G How to Set the Time and Date | Page 34

 Getting Started with AlliedWare Plus

How to set the timezone

To set the timezone, enter Global Configuration mode and enter the clock timezone command:

clock timezone <timezone-name> {plus|minus} <0-12>

 The <timezone-name> can be any string up to 6 characters long.

 To return the timezone to UTC+0, enter the command:

awplus(config)# no clock timezone

Example To set the timezone to Eastern Standard Time, use the command:

awplus(config)# clock timezone EST minus 5

How to configure summer-time

There are two approaches for setting summer-time:

 recurring, when you specify the week when summer-time starts and ends and each year the
device changes the time at those weeks. For example, Eastern Daylight Time (EDT) starts at
2 am on the second Sunday in March and ends at 2 am on the first Sunday in November.

 date-based, when you specify the start and end dates for summer-time for a particular year.
For example, Eastern Daylight Time (EDT) starts at 2 am on Sunday, 8 March 2008 and ends
at 2 am on Sunday, 2 November 2008.

Recurring To set summer-time with recurring dates, enter Global Configuration mode and enter the clock
summer-time recurring command:

clock summer-time <zone-name> recurring <start-week> <start-day> <start-

month> <start-time> <end-week> <end-day> <end-month> <end-time> <1-180>

 The <zone-name> can be any string up to 6 characters long.

 The <start-time> and <end-time> are in the form hh:mm, in 24-hour time.

Note that if you specify 5 for the week, this changes the time on the last day of the month, not the
5th week.

Example To configure EDT, enter the command:

awplus(config)# clock summer-time EDT recurring 2 Sun Mar 02:00 1 Sun

Nov 02:00 60

Date-based To set summer-time for a single year, enter Global Configuration mode and enter the clock
summer-time date command:

clock summer-time <zone-name> date <start-day> <start-month> <start-

year> <start-time> <end-day> <end-month> <end-year> <end-time> <1-180>

 The <zone-name> can be any string up to 6 characters long.

 The <start-time> and <end-time> are in the form hh:mm, in 24-hour time.

Example For example, to configure EDT for 2015 enter the command:
awplus(config)# clock summer-time EDT date 8 Mar 2008 02:00 2 Nov 2015 02:00 60

C613-22045-00 REV G How to Set the Time and Date | Page 35

 Getting Started with AlliedWare Plus

How to Enable Secure Mode

Caution: On x930 Series switches, before enabling Secure Mode, make sure that your switch is
running bootloader version 3.1.3 or later. You can see the bootloader version by
running the command show system. If your bootloader version is earlier than 3.1.3,
please contact Allied Telesis technical support for assistance.

You can put a number of AlliedWare Plus devices into Secure Mode, to make the device as
secure as possible by using the strongest encryption algorithms available. Weak hashing
functions such as MD5 and broken cryptographic algorithms such as RC2, DES, DSA, etc, are no
longer considered secure, as they can be susceptible to brute force attacks and collisions.
Secure Mode only allows you to use hashes from the SHA-2 family, and AES block cipher
algorithms instead of the weaker DES cryptographic algorithms.

Block cipher algorithms encrypt data on a per-block basis. Blocks, which are measured in bits,
determine the input of plain text and output of cipher text. So, for example, if you used AES128,
then for every 128 bits of plain text, 128 bits of cipher text are produced.

Secure Mode meets the Common Criteria standard. Common Criteria is an internationally
recognized set of guidelines for the security of information technology products.

What Secure Mode disables

When in Secure Mode, the following are disabled:

 Telnet

 SSHv1

 SNMPv1/v2

 All privilege levels except 1 and 15

 Algorithms that are not supported under FIPS, including MD5, RSA-1 and DSA

 The ability to store passwords in cleartext and to specify an enable password

In Secure Mode, the web server on the device (used by the Device GUI) only accepts AES128-
SHA ciphers.

Entering Secure Mode

1. On x930 Series switches, make sure that your switch is running bootloader version 3.1.3 or
later. You can see the bootloader version by running the command show system.

Do not enable Secure Mode if your device has an older bootloader. Instead, contact Allied
Telesis technical support for assistance.

2. Obtain the correct release file and its sha256sum file by downloading them from the Allied
Telesis Download Center. Save the files on a trusted USB device and connect the USB device
to the device.

C613-22045-00 REV G How to Enable Secure Mode | Page 36

 Getting Started with AlliedWare Plus

3. Erase the device’s Flash. To do this, boot the device into the bootloader diagnostics menu,
using Ctrl-D. Select option 7 'Bootup stage 2 diagnostics menu', and then select option 4
'Erase FLASH (Filesystem only)'.

4. Then select option 0 ‘Restart’ to reboot the device. Enter the main bootloader menu by using
Ctrl-B. Select option 1 ‘Perform one-off boot from alternate source’ and then select the ‘USB’
option and the release you saved in step 1.

5. Once the device has booted up, save the release file to Flash and verify it, as described in
"How to Verify the Release File" on page 38.

6. Set the verified release as the boot release. For example, use the following commands:

awplus#configure terminal
awplus(config)#boot system x550-5.4.8-1.2.rel

7. Use the following commands to enter secure mode:

awplus(config)# crypto secure-mode

awplus(config)# exit
awplus# write
awplus# reboot

8. Use the following command to confirm that the device is in secure mode:

awplus# show secure-mode

The following message should be displayed:

Secure mode is enabled

Leaving Secure Mode

1. If you wish to leave Secure Mode, you should delete all sensitive information first. This means
deleting all trustpoints (one by one), by using the commands:

awplus# configure terminal

awplus(config)# no crypto pki trustpoint <name>

Also, delete all public/private key pairs, by using the commands:

awplus# crypto key zeroize all

2. Turn off Secure Mode, by using the commands:

awplus(config)# no crypto secure-mode

awplus(config)# exit
awplus# write
awplus# reboot

3. Reboot the device. The device must be rebooted after Secure Mode is turned off, and ideally
Flash memory should be erased via the bootloader, as described above.

C613-22045-00 REV G How to Enable Secure Mode | Page 37

 Getting Started with AlliedWare Plus

How to Verify the Release File

On devices that support Secure Mode, to ensure that the release file has not been corrupted or
interfered with during download, you can verify the release file. To do this, enter Global
Configuration mode and enter the following command to verify the SHA256 checksum of the file:

awplus(config)# crypto verify <filename> <hash-value>

where <hash-value> is the known correct checksum of the file.

This command compares the SHA256 checksum of the release file with the correct checksum for
the file.

The correct checksum is listed in the release’s sha256sum file, which is available from the Allied
Telesis Download Center.

Caution: If the verification fails, the following error message will be generated:
“% Verification Failed”
If this happens, please delete the release file and contact Allied Telesis support.

All device models of a particular series run the same release file and therefore have the same
checksum. For example, all x930 Series switches have the same checksum.

Verifying the release on subsequent boot-ups

Once the device has successfully verified the release file, it adds the crypto verify command to
the running configuration.

If the device is in secure mode, it will verify the release file every time it boots up. To do this, it
runs the crypto verify command while booting. Therefore, you need to copy the crypto verify
command to the startup configuration, by using the command:

awplus# copy running-config startup-config

If the crypto verify command is not in the startup configuration, the device will report a
verification error at bootup.

If there is a verification error at bootup, the device produces an error message and finishes
booting up. If this happens, run the crypto verify command after bootup finishes, to verify the
running release file. If verification of the running release file fails, delete the release file and
contact Allied Telesis support.

C613-22045-00 REV G How to Verify the Release File | Page 38

 Getting Started with AlliedWare Plus

How to Work with Files

The AlliedWare Plus OS lets you create directory trees for file storage. This section summarizes
file operations; for detailed information, see the Configuration and File Management Feature
Overview and Configuration Guide.

This section shows:

 "How to list files" on page 39

 "How to display the contents of configuration and text files" on page 40

 "How to navigate through the file system" on page 41

 "How to copy files" on page 42

 "How to use the editor" on page 44

How to list files

Listing files
To list files, enter Privileged Exec mode and enter the command:

awplus# dir
The output lists files and directories in order of modification date, descending. It looks like this:

-rw- 534 Jul 12 2007 17:52:50 stp.cfg

-rw- 534 Jul 12 2007 17:12:50 example.cfg
-rw- 12429011 Jul 12 2007 16:26:06 r1-5.2.1-rc3.rel

Listing files including hidden system files

The dir command does not list all files—it hides system files and directories because users
generally do not need to create or edit them. To list all files including system files, enter Privileged
Exec mode and enter the command:

awplus# dir all

The output looks like this:

drwx 0 Jul 12 2007 17:16:32 ./

-rw- 401 Jul 12 2007 17:16:32 example.cfg
-rw- 534 Jul 12 2007 17:52:50 stp.cfg
-rw- 12429011 Jul 12 2007 16:26:06 r1-5.2.1-rc3.rel
drwx 216 Jul 9 2007 11:31:18 ../
drwx 0 Jun 13 2007 04:31:51 .configs/
-rw- 17 Jun 13 2007 04:27:27 .release
-rw- 9 Jun 12 2007 23:09:19 .ash_history
drwx 0 Jul 10 1977 23:40:00 .ssh/

The hidden files and directories begin with a dot.

C613-22045-00 REV G How to Work with Files | Page 39

 Getting Started with AlliedWare Plus

Seeing information about the file system

To display information about the different memory types on the device, enter Privileged Exec
mode and enter the command:

awplus# show file systems

The output includes the amount of free memory and the prefix you type to access that memory
type, and looks like this:

awplus#show file systems

Size(b) Free(b) Type Flags Prefixes S/D/V Lcl/Ntwk Avail
-------------------------------------------------------------------
63.0M 28.5M flash rw flash: static local Y
- - system rw system: virtual local -
10.0M 9.8M debug rw debug: static local Y
499.0K 431.0K nvs rw nvs: static local Y
- - tftp rw tftp: - network -
- - scp rw scp: - network -
- - sftp ro sftp: - network -
- - http ro http: - network -
- - rsync rw rsync: - network -

Listing files in a subdirectory

To list the contents of a directory, enter Privileged Exec mode and enter the command:

awplus# dir <directory-name>

Note: You can specify the directory with or without a / after the directory name.

Example To display the contents of a directory called ‘example’, enter the command:

awplus# dir example

Listing files in NVS memory or on an SD card

To list the contents of a directory in NVS (non-volatile storage), enter Privileged Exec mode and
enter the command:

awplus# dir nvs:<directory-name>

To list the contents of a directory on an SD card, enter the command:

awplus# dir card:<directory-name>

Example To display the contents of a directory in NVS called “example”, enter the command:

awplus# dir nvs:example

How to display the contents of configuration and text files

To display the contents of a file, enter Privileged Exec mode and enter the command:

awplus# show file <filename>

Example To display the contents of the file called “example.cfg”, enter the command:

awplus# show file example.cfg

C613-22045-00 REV G How to Work with Files | Page 40

 Getting Started with AlliedWare Plus

How to navigate through the file system

Showing the current directory
To see which directory you are currently in, enter Privileged Exec mode and enter the command:

awplus# pwd
For the top-level directory, the output looks like this:

flash:

Changing directories

To change to another directory, enter Privileged Exec mode and enter the command:

awplus# cd <directory-name>

To go to a directory one level higher in the directory tree, enter the command:

awplus# cd ..

Example To change to a directory called “example”, enter the command:

awplus# cd example
To go up one level, which returns you to the top level directory, enter the command:

awplus# cd ..

Changing to a directory in NVS memory or on an SD card

To change to the top-level directory in the NVS memory file system, enter Privileged Exec mode
and enter the command:

awplus# cd nvs:
To change to the top-level directory on an SD card, enter the command:

awplus# cd card:

Note that the prefix for the SD card is “card” not “sdcard”. Next, you can change to other
directories in NVS memory or on the SD card, by entering the command:

awplus# cd <directory-name>

Alternatively, you can go straight from Flash to a subdirectory in the alternative file system, by
entering one of the commands:

awplus# cd nvs:<directory-name>
awplus# cd card:<directory-name>

To return to the Flash file system, enter the command:

awplus# cd flash:

Example To change to the directory within NVS called “example”, enter the command:

awplus# cd nvs:example

C613-22045-00 REV G How to Work with Files | Page 41

 Getting Started with AlliedWare Plus

To go up one level, which returns you to the top-level directory of NVS memory, enter the
command:

awplus# cd ..

Creating new directories

To create a directory, enter Privileged Exec mode and enter the command:

awplus# mkdir <directory-name>

Example To make a directory called “example” within the Flash file system, enter the command:

awplus# mkdir example

Deleting directories
To delete an empty directory, enter Privileged Exec mode and enter the command:

awplus# rmdir <directory-name>

To delete a directory and all its contents, enter Privileged Exec mode and enter the command:

awplus# delete recursive <directory-name>

The device prompts you for confirmation.

Example To delete an empty directory called “example” from within the Flash file system, enter the
command:

awplus# rmdir example

How to copy files

Within a To copy a file within the same directory, enter Privileged Exec mode and enter the command:
directory
awplus# copy <source-filename> <destination-filename>
If the file already exists, the device asks whether to overwrite it, with a message like this:

Overwrite flash:/example.cfg? (y/n)[n]:

To overwrite, press the “y” key then the Enter key.

Between To copy a file to another directory within the same file system, enter the command:
directories
awplus# copy <source-filename> <directory-name>/
The / after the directory name is required. Otherwise the device displays an error:
(“37: Destination file is a directory”).

The device then prompts you for the destination filename. To give the copy a new name, type the
name at the prompt. You can include directory names in the path.

To use the same filename as the original, press the Enter key (do not press the “y” key—that
names the copy “y”).

Example To put a copy of example.cfg into the example directory, enter the command:

awplus# copy example.cfg example/

C613-22045-00 REV G How to Work with Files | Page 42

 Getting Started with AlliedWare Plus

The prompt and messages look like this:

Enter destination file name [example.cfg]:

Copying from source file, please wait...
Copying to destination file, please wait...
0: Successful operation

Copying to and from NVS, SD card or USB memory device

To copy between file systems, you need to specify the file system prefix (nvs: or card: or usb:).

For example, to copy from Flash to NVS when your current directory is the top-level Flash
directory, enter Privileged Exec mode and enter the command:

awplus# copy <source-filename> nvs:

The device prompts you for the filename, as described in the previous section.

To copy from NVS to Flash when your current directory is the top-level Flash directory, enter the
command:

awplus# copy nvs:<source-filename> <destination-filename>

Example To copy the file “example.txt” from the directory in NVS called “example” to the top level of Flash,
enter the command:

awplus# copy nvs:example/example.txt example.txt

Copying to and from a TFTP server

To copy a file from a TFTP server to Flash memory, enter Privileged Exec mode and enter the
command:

awplus# copy tftp flash

The device prompts you for the:

 TFTP server hostname (you can enter its IP address instead)

 source filename on the TFTP server

 destination filename in Flash on the device

To copy a file from Flash to a TFTP server, enter the command:

awplus# copy flash tftp

Follow the prompts for source filename, server, and destination filename.

Note: You can specify the server and filename in the command instead of waiting for prompts.
Use a format like the following:

copy tftp://172.1.1.1/example.cfg flash

Example To copy example.cfg to the TFTP server at 172.1.1.1, enter the command:

awplus# copy flash tftp

C613-22045-00 REV G How to Work with Files | Page 43

 Getting Started with AlliedWare Plus

The prompts, responses, and messages look like this:

Enter source file name []:example.cfg

Enter destination host name []:172.1.1.1
Enter destination file name [example.cfg]:
Copying from source file, please wait...
Copying to destination file, please wait...
0: Successful operation

How to use the editor

The inbuilt editor is JOE (Joe’s Own Editor).

To edit an existing file, enter Privileged Exec mode and enter the command:

edit <filename>

To open the editor with a empty file, enter the command:

edit

When you save the new file, you may need to specify the file system to store it on. For Flash, use
flash:<filename>.

Using JOE To format and manipulate text in JOE, you use control-character sequences. The following table
summarizes a few useful sequences—for details, see:

http://joe-editor.sourceforge.net/manpage.html

FUNCTION CONTROL-CHARACTER SEQUENCE

Access the Help Ctrl-K-H

Saving the file without exiting (for new files, this prompts Ctrl-K-D
for a filename).

Save the file and exit (this prompts for a filename) Ctrl-K-X
Exit without saving the file Ctrl-C
Go to the beginning of the file Ctrl-K-U
Go to the end of the file Ctrl-K-V
Go up one screenful of text in the file Ctrl-U
Go down one screenful of text in the file Ctrl-V
Select a block of text:

Mark the beginning of the block Ctrl-K-B

- Mark the end of the block Ctrl-K-K
- Copy and paste a selected block of text Place cursor at destination then enter: Ctrl-K-C

Move a selected block of text Place cursor at destination then enter: Ctrl-K-M

Delete a selected block of text Ctrl-K-Y

C613-22045-00 REV G How to Work with Files | Page 44

 Getting Started with AlliedWare Plus

How to Return to the Factory Defaults

Note: After reboot the show running-config output will show the default factory settings for
your device once you have removed the default.cfg file. To recreate the default.cfg file
enter copy running-config startup-config. When you enter copy running-config startup-
config commands the default.cfg file is updated with the startup-config.

Completely To return to factory settings, enter Privileged Executive mode and use the command:
restore
defaults awplus# erase factory-default

This command erases all data from NVS and all data from flash excluding the following:

 The current release file and its /flash/.release file

 The backup release file and /flash/.backup file

 v1 license files /flash/.configs/.swfeature.lic

 v2 license files /flash/.configs/.sw_v2.lic

The device is then rebooted and returned to its factory default condition as follows:

awplus login: manager

Password:
Last login: Thu Jul 6 00:54:10 UTC 2017 on ttyS0

AlliedWare Plus (TM) 5.4.7 06/09/17 05:35:30

awplus>en
awplus#erase factory-default
This command will erase all NVS, all flash contents except for
the boot release, and any license files, and then reboot the switch.
Proceed ? (y/n):y
.
.
.
Loading default configuration
Warning: flash:/default.cfg does not exist, loading factory defaults.
..

done!
Received event network.configured

Restore The device dynamically adds the default settings to the running-config at start-up if the default
default file is not present. You can use this feature to completely remove your configuration and return to
configuration
the factory default configuration, without removing any other files. To do this, delete or rename
the default file and make sure no other file is set as the start-up configuration file.

 Find the location of the default boot configuration file, by entering Privileged Exec mode and
entering the command:

awplus# show boot

 Delete the default file when it is the current boot configuration file, by entering Privileged Exec
mode and entering either of the commands:

C613-22045-00 REV G How to Return to the Factory Defaults | Page 45

 Getting Started with AlliedWare Plus

awplus# delete force <filename>

or

awplus# erase startup-config

Caution Erasing startup-config deletes the current boot configuration file—it does not simply
stop the file from being the boot file.

To make sure that no other file is loaded at start-up, enter Global Configuration mode and enter
the command:

awplus(config)# no boot config-file

Partially To partially restore the default settings, make a configuration file that contains the settings you
restore want to keep and set this as the start-up configuration file. On start-up, the device will add the
defaults
missing settings to the running-config.

For example, to use default settings but still keep an IP address on the eth0 (NET MGMT)
management port, create a file like the following one and set it as the boot configuration file:

!
interface eth0
ip address 172.28.8.210/16
!
ip route 0.0.0.0/0 172.28.0.1
!
end

C613-22045-00 REV G How to Return to the Factory Defaults | Page 46

 Getting Started with AlliedWare Plus

How to Upgrade the Firmware

New releases of the AlliedWare Plus OS become available regularly. Contact your customer
support representative for more information.

Step 1: Put the new release onto your TFTP server or your USB drive.

Step 2: If necessary, create space in the device’s Flash memory for the new release.

Note that you cannot delete the current release file. To see how much space is free, use the
command:

awplus# show file systems

Step 3: Copy the new release from your TFTP server or your USB drive onto the
device.

To copy the release file from a TFTP server to Flash memory, enter Privileged Exec mode and
enter the command:

awplus# copy tftp flash

To copy the release file from a USB device, when your current directory is the top-level Flash
directory, enter the command:

awplus# copy usb:<source-filename> flash

On SBx8100 Series switches, you only need to copy the new release to the Active
SBx81CFC400 Control Fabric Card (CFC). If your SBx8100 system has a standby CFC installed,
the new release file, the configuration file, and all licenses are automatically synchronized from
the Active CFC.

Step 4: Set the device to boot from the new release.

Enter Global Configuration mode and enter the command:

awplus(config)# boot system <filepath-filename>

You can set a backup release file to load if the main release file cannot be loaded. Enter the
command:

awplus(config)# boot system backup <filepath-filename>

Step 5: Check the boot settings.

Enter Privileged Exec mode and enter the command:

awplus# show boot

Step 6: Reboot.

Enter Privileged Exec mode and enter the command:

awplus# reboot

C613-22045-00 REV G How to Upgrade the Firmware | Page 47

 Getting Started with AlliedWare Plus

How to Easily Locate the Device in a Server Room

(Find Me)
The Find Me feature enables you to physically locate a specific device from a group of similar
devices.

Running the findme command causes the device’s LEDs to alternately flash green and amber at
a rate of 1 Hz. If the device has no amber LED, then the green LED will flash on/off at a rate of 1
Hz.

An optional interface parameter specifies one or more interfaces to flash, while an optional
member parameter specifies a particular stack member. Both these parameters are mutually
exclusive. If no interface or member parameter is specified, then all ports on the device or stack
are flashed.

An optional timeout parameter specifies the flash behavior duration. The default time is one
minute (60 seconds). Normal LED behavior is restored automatically after either the default time,
or a specified time, has elapsed or a no findme command is used.

How to Filter and Save “show” Command Output

You can control the output of show commands by using the | and > or >> tokens in the following
ways:

 To display only part of the output, follow the command with | and then other keywords (see
“Output modifiers” below)

 To save the output to a file, follow the command with > filename

 To append the output to an existing file, follow the command with >> filename

Using the ? after typing the show command displays the following information about these
tokens.

awplus# show users

| Output modifiers
> Output redirection
>> Output redirection (append)

C613-22045-00 REV G How to Easily Locate the Device in a Server Room (Find Me) | Page 48
 Getting Started with AlliedWare Plus

Output modifiers
Type the | (vertical bar) to use output modifiers.

append Append output

begin Begin with the first line that contains
matching output
exclude Exclude lines that contain matching output
include Include lines that contain matching output
redirect Redirect output

Begin The begin parameter causes the display to begin at the first line that contains the input string.

awplus# show run | begin vlan1

...skipping
interface vlan1
ip address 192.168.14.1
!!
line con 0
login
line vty 0 4
login
!
end

Exclude The exclude parameter excludes all lines of output that contain the input string. In the following
output all lines containing the word “input” are excluded:

awplus# show interface vlan1 | exclude input

Interface vlan1
Scope: both
Hardware is Ethernet, address is 192.168.14.1
index 3 metric 1 mtu 1500 <UP,BROADCAST,RUNNING,MULTICAST>
Label switching is disabled
No Virtual Circuit configured
Administrative Group(s): None
DSTE Bandwidth Constraint Mode is MAM
output packets 4438, bytes 394940, dropped 0
output errors 0, aborted 0, carrier 0, fifo 0, heartbeat 0, window 0
collisions 0

Include The include parameter includes only those lines of output that contain the input string. In the
output below, all lines containing the word “input” are included:

awplus# show interface vlan1 | include input

input packets 80434552, bytes 2147483647, dropped 0, multicast packets 0

input errors 0, length 0, overrun 0, CRC 0, frame 0, fifo 1, missed 0

C613-22045-00 REV G How to Filter and Save “show” Command Output | Page 49
 Redirect The redirect parameter puts the lines of output into the specified file. If the file already exists, the
new output overwrites the file’s contents; the new output is not appended to the existing file
contents.

| redirect and > are synonyms

awplus# show history | redirect history.txt

Output The output redirection token > puts the lines of output into the specified file. If the file already exists,
redirection the new output overwrites the file’s contents; the new output is not appended to the existing file
contents.

| redirect and > are synonyms

awplus# show history > history.txt

Append The append output token >> adds the lines of output into the specified file. The file must already
output exist, for the new output to be added to the end of the file’s contents; the new output is appended to
the existing file contents.

| append and >> are synonyms.

awplus# show history >> history.txt

C613-22045-00 REV G

NETWORK SMARTER
North America Headquarters | 19800 North Creek Parkway | Suite 100 | Bothell | WA 98011 | USA | T: +1 800 424 4284 | F: +1 425 481 3895
Asia-Pacific Headquarters | 11 Tai Seng Link | Singapore | 534182 | T: +65 6383 3832 | F: +65 6383 3830
EMEA & CSA Operations | Incheonweg 7 | 1437 EK Rozenburg | The Netherlands | T: +31 20 7950020 | F: +31 20 7950021

alliedtelesis.com
© 2019 Allied Telesis, Inc. All rights reserved. Information in this document is subject to change without notice. All company names, logos, and product designs that are trademarks or registered trademarks are the property of their respective owners.