Changes between Version 16 and Version 17 of GENIRacksHome/ExogeniRacks/AcceptanceTestStatus/EG-ADM-2


Ignore:
Timestamp:
05/28/12 15:50:24 (12 years ago)
Author:
chaos@bbn.com
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • GENIRacksHome/ExogeniRacks/AcceptanceTestStatus/EG-ADM-2

    v16 v17  
    3131|| 3D         || [[Color(orange,Blocked)]]                 ||                      || [exoticket:19]     || ([exoticket:10]) blocked on serial access to switches                                            ||
    3232|| 4A         ||                                           ||                      ||                    || ([exoticket:10]) ready to test                                                                   ||
    33 || 4B         ||                                           ||                      ||                    || ready to test                                                                                    ||
    34 || 4C         ||                                           ||                      ||                    || ready to test                                                                                    ||
     33|| 4B         || [[Color(lightgreen,Pass: most criteria)]] || 2012-05-28           ||                    || enable mode on switch not available to site admins, but available information seems sufficient ||
     34|| 4C         || [[Color(lightgreen,Pass: most criteria)]] || 2012-05-28           ||                    || http access may be enabled, but probably does not work at all, and at most works on the private network ||
    3535|| 4D         || [[Color(orange,Blocked)]]                 ||                      || [exoticket:19]     || ([exoticket:10]) blocked on serial access to switches                                            ||
    3636|| 5          ||                                           ||                      ||                    ||                                                                                                  ||
     
    383383 * SSH login succeeds
    384384
     385==== Results of testing step 4A: 2012-05-28 ====
     386
     387Notes:
     388 * Actually testing as cgolubit for now
     389
     390Login succeeds:
     391{{{
     392(cgolubit) bbn-hn,[~],19:32(0)$ ssh cgolubit@192.168.103.4
     393Enter radius password:
     394
     395IBM Networking Operating System RackSwitch G8264.
     396
     3978264.bbn.xo>
     398}}}
     399
    385400=== Step 4B: verify privileged access to the 8264 switch ===
    386401
     
    394409 * Viewing the running configuration should succeed
    395410 * Viewing the MAC address table should succeed
     411
     412==== Results of testing step 4B: 2012-05-28 ====
     413
     414As determined in EG-ADM-1:
     415 * Enable mode does not succeed:
     416{{{
     4178264.bbn.xo>en
     418
     419Enable access using (oper) credentials restricted to admin accounts only.
     420}}}
     421 * Viewing the running-config does not succeed:
     422{{{
     4238264.bbn.xo>show running-config
     424                  ^
     425% Invalid input detected at '^' marker.
     426}}}
     427 * However viewing the mac address table does succeed:
     428{{{
     4298264.bbn.xo>show mac-address-table
     430Mac address Aging Time: 300
     431
     432FDB is empty.
     433}}}
     434 * And viewing the interface information does succeed:
     435{{{
     4368264.bbn.xo>show interface status
     437------------------------------------------------------------------
     438Alias   Port   Speed    Duplex     Flow Ctrl      Link
     439------- ----   -----   --------  --TX-----RX--   ------
     440...
     441}}}
     442 * And viewing the !OpenFlow status does succeed:
     443{{{
     4448264.bbn.xo>show openflow 1
     445Open Flow Instance ID: 1
     446        DataPath ID: 0x640817f4b52a00
     447...
     448Configured Controllers:
     449        IP Address: 192.168.103.10
     450                State: Active
     451                Port: 6633
     452                Retry Count: 0
     453        Configured Controller Count 1
     454}}}
    396455
    397456=== Step 4C: verify absence of unencrypted login access ===
     
    409468 * No other services appear to allow remote unencrypted authentication
    410469
     470==== Results of testing step 4C: 2012-05-28 ====
     471
     472 * Telnet fails:
     473{{{
     474bbn-hn,[~],19:31(255)$ telnet 192.168.103.4
     475Trying 192.168.103.4...
     476telnet: connect to address 192.168.103.4: Connection refused
     477}}}
     478 * HTTP succeeds, though this isn't a big deal because the switch is on a private network only:
     479{{{
     480bbn-hn,[~],19:36(1)$ telnet 192.168.103.4 80
     481Trying 192.168.103.4...
     482Connected to 192.168.103.4.
     483Escape character is '^]'.
     484GET /
     485}}}
     486 Incidentally, the `GET` hangs, while yesterday trying this on the control plane, it actually gave me a login dialogue.
     487 * According to the running-config, https and ssh are allowed, but no other services which look like login services to me.  Notably, according to the running config, http is disabled.  So i'm not sure what to think of what i'm seeing --- maybe an !OpenFlow firmware issue?
     488
    411489=== Step 4D: verify serial console access to the device ===
    412490