Embedded switch CLI for wireless LOM Package configuration

Use this information to set configuration of wireless LOM package.

Use UCI (Unified Configuration Interface) to configure wireless LOM package core services.

Embedded Switch CLI can be accessed by SSH from Management port but dedicated address (192.168.70.254)
  • User name: oper

  • Password: (use the same password as XCC)

Configuration display

To show the configuration of system wireless function, use the commands below:

  • sudo uci show → Show entire system configuration
  • sudo uci show config_profile → Show specific configure profile of all interfaces
  • sudo uci show config_profile.interface → Show configure profile of specific interface
  • sudo uci show config_profile.interface.configName → Show specific configure setting
Table 1. Common profiles
Configure profile Description
dhcp DHCP and DNS setting
firewall firewall (NAT), packet filter, and port forwarding setting
network Switch, interface, and route configuration
wireless Wireless settings and wifi network definition
Table 2. Common interfaces
Interface name Description
mgmt_xcc_lan Management Port of XCC access
edge_lan Downlink ports
cloud_wan Uplink ports (Wireline)
x86_lan Dedicated internal 10Gb port to the OS (in Windows is called “LOM1-Switchboard”)
lte_wan 4G LTE port
wifi_lan_ap WLAN port (AP mode)
wifi_wan_sta WLAN port (Station mode)

Commands example:

sudo uci show network 
sudo uci show network.edge_lan 
sudo uci show network.edge_lan.ipaddr 

Configuration setting

Table 3. Configure a DHCP server (Profile dhcp)
Syntax
sudo uci set dhcp.<name>=dhcp
sudo uci set dhcp.<name>.ignore=<ignore>
sudo uci set dhcp.<name>.interface=<interface>
sudo uci set dhcp.<name>.start=<start>
sudo uci set dhcp.<name>.limit=<limit>
sudo uci set dhcp.<name>.leasetime=<leasetime>
sudo uci set dhcp.<name>.dynamicdhcp=<dynamicdhcp>
sudo uci set dhcp.<name>.force=<force>
sudo uci set dhcp.<name>.netmask=<netmask>
sudo uci set dhcp.<name>.dhcp_option=<dhcp_option>
sudo uci set dhcp.<name>.ra=<ra>
sudo uci set dhcp.<name>.dhcpv6=<dhcpv6>
sudo uci set dhcp.<name>.ndp=<ndp>
sudo uci set dhcp.<name>.ra_management=<ra_management>
sudo uci set dhcp.<name>.ra_default=<ra_default>
sudo uci add_list dhcp.<name>.dns=<dns>
sudo uci add_list dhcp.<name>.domain=<domain>
sudo uci commit dhcp
Table 4. Parameters
Name Type Required Default Description

name

string

no

none

Dhcp pool name.

ignore

boolean

no

0

Specifies whether dnsmasq should ignore this pool if set to 1.

interface

logical interface name

yes

none

Specifies the interface associated with this DHCP address pool; must be one of the interfaces defined in /etc/config/network.

start

integer

yes

100

Specifies the offset from the network address of the underlying interface to calculate the minimum address that may be leased to clients. It may be greater than 255 to span subnets.

limit

integer

yes

150

Specifies the size of the address pool (e.g. with start=100, limit=150, maximum address will be .249).

leasetime

string

yes

12h

Specifies the lease time of addresses handed out to clients, for example 12h or 30m

dynamicdhcp

boolean

no

1

Dynamically allocate client addresses, if set to 0 only clients present in the ethers files are served.

force

boolean

no

0

Forces DHCP serving on the specified interface even if another DHCP server is detected on the same network segment.

dhcp_option

list of strings

no

none

The ID dhcp_option here must be with written with an underscore. It will be translated to –dhcp-option, with a hyphen, as ultimately used by dnsmasq. Multiple option values can be given for this network-id, with a a space between them and the total string between ””. E.g. '26,1470' or 'option:mtu, 1470' that can assign an MTU per DHCP. Your client must accept MTU by DHCP for this to work. Or “3,192.168.1.1 6,192.168.1.1” to give out gateway and dns server addresses.

ra

string

no

none

Specifies whether Router Advertisements should be enabled (server), relayed (relay) or disabled (disabled).

dhcpv6

string

no

none

Specifies whether DHCPv6 server should be enabled (server), relayed (relay) or disabled (disabled).

ndp

string

no

none

Specifies whether NDP should be relayed relay or disabled none.

ra_management

integer

no

1

RA management mode : no M-Flag but A-Flag (0), both M and A flags (1), M flag but not A flag (2).

ra_default

integer

no

0

Default router lifetime in the RA message will be set if default route is present and a global IPv6 address (0) or if default route is present but no global IPv6 address (1) or neither of both conditions (2).

dns

string

no

none

Announced DNS servers.

domain

string

no

none

Announced DNS domains.

Commands example:

Table 5. Configure a DHCPv4 server

Configure a DHCPv4 server listening on the downlink /internal link to x86/ WiFi AP/dedicated management ports

For downlink ports, IP assignment range :1~100

# sudo uci set dhcp.edge.start='1'
# sudo uci set dhcp.edge.limit='100'
# sudo uci commit dhcp
# sudo /etc/init.d/dnsmasq restart
For internal link (to X86) , IP assignment range :1~100(preset 5 no x86_lan interface): 1~100
# sudo uci set dhcp.x86.start='1'
# sudo uci set dhcp.x86.limit='100'
# sudo uci commit dhcp
# sudo /etc/init.d/dnsmasq restart
For WiFi AP mode (Except for preset 4 due to WiFi is configured to station mode): 1~100
# sudo uci set dhcp.wifi_lan_ap.start='1'
# sudo uci set dhcp.wifi_lan_ap.limit='100'
# sudo uci commit dhcp
# sudo /etc/init.d/dnsmasq restart
For dedicated management port, IP assignment range :1~100
sudo uci set dhcp.lan.start='1'
sudo uci set dhcp.lan.limit='100'
sudo uci commit dhcp
sudo /etc/init.d/dnsmasq restart

Configure IP related setting (Profile: network)

Table 6. Configure IP related setting (Profile: network)
Syntax
sudo uci set network.<interface>=interface
sudo uci set network.<interface>.ifname=<ifname>
sudo uci set network.<interface>.proto=static
sudo uci set network.<interface>.ipaddr=<ipaddr>
sudo uci set network.<interface>.netmask=<netmask>
sudo uci set network.<interface>.gateway=<gateway>
sudo uci set network.<interface>.broadcast=<broadcast>
sudo uci set network.<interface>.dns=<dns>
sudo uci set network.<interface>.ip6assign=<ip6assign>
sudo uci set network.<interface>.ip6hint=<ip6hint>
sudo uci set network.<interface>.ip6ifaceid=<ip6ifaceid>
sudo uci set network.<interface>.auto=<auto>
sudo uci set network.<interface>.force_link=<force_link>
sudo uci set network.<interface>.macaddr=<macaddr>
sudo uci set network.<interface>.mtu=<mtu>
sudo uci set network.<interface>.metric=<metric>
Table 7. Parameters
Name Type Required Default Description

interface

string

yes

none

Logical interface name you want to create.

ifname

string

yes

none

physical interface name on the device

ipaddr

ip address

yes, if no ip6addr is set.

none

IP address. It could be a list of ipaddr , that is: several ipaddresses will be assigned to the interface. If, instead of a list, several ipaddr are specified as options, only the last is applied.

netmask

netmask

yes, if no ip6addr is sets

none

Netmask.

gateway

ip address

no

none

Default gateway.

broadcast

ip address

no

none

Broadcast address (autogenerated if not set).

dns

list of ip addresses

no

none

DNS server(s).

ip6assign

prefix length

no

none

Delegate a prefix of given length to this interface (Barrier Breaker and later only).

ip6hint

prefix hint (hex)

no

none

Hint the subprefix-ID that should be delegated as hexadecimal number (Barrier Breaker and later only)

ip6ifaceid

ipv6 suffix

no

::1

Allowed values: 'eui64', 'random', fixed value like '::1:2'. When IPv6 prefix (like 'a:b:c:d::') is received from a delegating server, use the suffix (like '::1') to form the IPv6 address ('a:b:c:d::1') for this interface. Useful with several routers in LAN.

auto

boolean

no

0 for proto none, else 1

Specifies whether to bring up interface on boot.

force_link

boolean

no

1 for protocol static, else 0

Specifies whether ip address, route, and optionally gateway are assigned to the interface regardless of the link being active ('1') or only after the link has become active ('0'); when set to '1', carrier sense events do not invoke hotplug handlers

macaddr

mac address

no

none

Override MAC address of this interface.

mtu

number

no

none

Override the default MTU on this interface.

metric

integer

no

0

Specifies the default route metric to use.

Commands example:

Table 8. Modify base IP of downlink /internal link to x86/ WiFi AP/dedicated management ports
Modify base IP of downlink /internal link to x86/ WiFi AP/dedicated management ports
Configure downlink port to 192.168.71.254
# sudo uci set network.edge_lan.ipaddr='192.168.71.254'
# sudo uci commit network
# sudo /etc/init.d/network restart
Configure internal link(to X86) to 192.168.73.254(preset 5 has no x86_lan interface):
# sudo uci set network.x86_lan.ipaddr='192.168.73.254'
# sudo uci commit network
# sudo /etc/init.d/network restart
Configure WiFI ports (AP mode,preset 4 is station mode): 192.168.74.254
# sudo uci set network.wifi_lan_ap.ipaddr='192.168.74.254'
# sudo uci commit network
# sudo /etc/init.d/network restart
Configure dedicated management port to 192.168.70.254
# sudo uci set network.mgmt_xcc_lan.ipaddr='192.168.70.254'
# sudo uci commit network
# sudo /etc/init.d/network restart

Remove eth3 and eth6 edge_lan:

# show interfaces in edge ports
sudo uci show network.edge_lan.ifname

# Remove eth3 and eth6 from edge_lan.ifname
sudo uci set network.edge_lan.ifname='eth1'
sudo uci commit
sudo /etc/init.d/network restart
Note: For those ports(ethx) which are not assigned into any network interface, will be set as disable

Configure Wireless setting (WLAN)

The wifi-device refer to physical radio devices present on the system. The options present in this section describe properties common across all wireless interfaces on this radio device, such as channel.

Table 9. Wireless devices
Syntax
sudo uci set wireless.radio0.type=<type>
sudo uci set wireless.radio0.channel=<channel>
sudo uci set wireless.radio0.hwmode=<hwmode>
sudo uci set wireless.radio0.htmode=<htmode>
sudo uci set wireless.radio0.disabled=<disabled>
Table 10. Parameters
Name Type Required Default Description

type

string

yes

(auto detected)

The type is determined on firstboot during the initial radio device detection - it is usually not required to change it.

hwmode

string

no

11n

Selects the wireless protocol to use, possible values are 11b, 11g, and 11a. Note that 11ng and 11na are not available options

htmode

string

no

HT40

Specifies the channel width in 802.11n and 802.11ac mode, possible values are: HT20, HT40-, HT40+, HT40, or VHT20, VHT40, VHT80, VHT160, NOHT disables 11n

disabled

boolean

no

1

Disables the radio adapter if set to 1. Removing this option or setting it to 0 will enable the adapter

channel

integer (1-11)

yes

11

Specifies the wireless channel to use.

Commands example:

Table 11. Default channel setting
To enable wireless function in 802.11n mode, set default channel to 11
sudo uci set wireless.radio0.channel='11'
sudo uci set wireless.radio0.hwmode='11n'
sudo uci set wireless.radio0.disabled='0'
sudo uci commit wireless
sudo wifi

Wireless Interface

Table 12. Wireless Interface
Syntax
sudo uci set wireless.default_radio0.encryption=<encryption>
sudo uci set wireless.default_radio0.ssid=<ssid>
sudo uci set wireless.default_radio0.mode=<mode>
sudo uci set wireless.default_radio0.key=<key>
sudo uci set wireless.default_radio0.network=<network>
Table 13. Parameters
Name Type Required Default Description

network

string

yes

wifi_lan_ap

Specifies the network interface to attach the wireless to.Possible values are wifi_lan_ap,wifi_wan_sta.

mode

string

yes

ap

Selects the operation mode of the wireless network interface controller. Possible values are ap, sta.

ssid

string

yes

hodaka_ap

The broadcasted SSID of the wireless network and for managed mode the SSID of the network you’re connecting to

encryption

string

yes

psk2

Wireless encryption method.

1.AP mode: WPA2 personal only, value : psk2

2.Station mode: WPA2 Enterprise and Personal.

key

integer or string

yes

user defined

In any WPA-PSK mode, this is a string that specifies the pre-shared passphrase from which the pre-shared key will be derived. The clear text key has to be 8-63 characters long. If a 64-character hexadecimal string is supplied, it will be used directly as the pre-shared key instead. IIn any WPA-Enterprise AP mode, this option has a different interpretation.

WPA Enterprise (client mode)

Listing of Client related options for WPA Enterprise:

Name Default Description

eap_type

(none)

Defines the EAP protocol to use, possible values are tls for EAP-TLS and peap or ttls for EAP-PEAP

auth

MSCHAPV2

“auth=PAP”/PAP/MSCHAPV2 - Defines the phase 2 (inner) authentication method to use, only applicable if eap_type is peap or ttls

identity

(none)

EAP identity to send during authentication

password

(none)

Password to send during EAP authentication

ca_cert

(none)

Specifies the path the CA certificate used for authentication

client_cert

(none)

Specifies the client certificate used for the authentication

priv_key

(none)

Specifies the path to the private key file used for authentication, only applicable if eap_typeis set to tls

priv_key_pwd

(none)

Password to unlock the private key file, only works in conjunction with priv_key

Note: When using WPA Enterprise type PEAP with Active Directory Servers, the “auth” option must be set to “auth=MSCHAPV2” or “auth=PAP”.

Commands example:

Table 14. Wireless client mode

To configure wireless to station mode, and connect to AP which SSID is Hoda-WF2G-TEST with WPA2 personal.

sudo uci set wireless.default_radio0.encryption='psk2'
sudo uci set wireless.default_radio0.ssid='Hoda-WF2G-TEST'
sudo uci set wireless.default_radio0.mode='sta'
sudo uci set wireless.default_radio0.key='hodaka#1'
sudo uci set wireless.default_radio0.network='wifi_wan_sta'
sudo uci commit wireless
sudo wifi

To configure wireless to station mode, and connect to AP which SSID is Hoda-WF2G-TEST with WPA2 enterprise.

sudo uci set wireless.default_radio0.network='wifi_wan_sta'
sudo uci set wireless.default_radio0.mode='sta'
sudo uci set wireless.default_radio0.ssid='Hoda-WF2G-TEST'
sudo uci set wireless.default_radio0.encryption='wpa2'
sudo uci set wireless.default_radio0.doth='1'
sudo uci set wireless.default_radio0.eap_type='peap'
sudo uci set wireless.default_radio0.auth='EAP-MSCHAPV2'
sudo uci set wireless.default_radio0.identity='123'
sudo uci set wireless.default_radio0.password='123'
sudo uci commit wireless
sudo wifi

Configure LTE setting

Table 15. Configure LTE setting
Syntax
sudo uci set network.lte_wan.apn=<apn>  
sudo uci set network.lte_wan.pincode=<pincode>  
sudo uci set network.lte_wan.username=<username>  
sudo uci set network.lte_wan.password=<password>  
sudo uci set network.lte_wan.pdptype=<pdptype>  
sudo uci set network.lte_wan.auth=<auth>
Table 16. Parameters
Name Type Required Default Description

apn

string

yes

internet

Used APN

pincode

number

no

(none)

PIN code to unlock SIM card

username

string

no

(none)

Username for PAP/CHAP authentication

password

string

no

(none)

Password for PAP/CHAP authentication

auth

string

no

chap

Authentication type: pap, chap, both, none

pdptype

string

no

IPV4

Used IP-stack mode, IP (for IPv4), IPV6 (for IPv6) or IPV4V6 (for dual-stack)

plmn

number

no

(none)

First three digits are the mcc (mobile country code) and the last three digits are the mnc (mobile network code), for example if plmn=338020, then the mcc is 338 and the mnc is 020

Commands example:

sudo uci set network.lte_wan.pincode='0000'  
sudo uci set network.lte_wan.apn='testapn'  
sudo uci set network.lte_wan.username='Name1'  
sudo uci set network.lte_wan.password='Password'  
sudo uci commit network  
sudo /etc/init.d/network restart

Configuration import and export

Table 17. Configuration import and export

Back up embedded switch configuration to local PC.

# Generate backup
sudo sysupgrade -b /tmp/backup.tar.gz
ls /tmp/backup.tar.gz

# Download backup
scp oper@192.168.70.254://tmp/backup.tar.gz ./

Restore previously saved embedded switch configuration from local PC.

# Upload backup
scp backup.tar.gz oper@192.168.70.254://tmp/backup.tar.gz

# Restore backup
ls /tmp/backup.tar.gz
sudo sysupgrade -r /tmp/backup.tar.gz

sudo reboot
Note: If you have modified the configurations in the backup file, after untarring and modifying the backup file, go to the root directory which contains the “home” and “etc” folder and run the following command to re-tar the backup file:
tar cvfz backup.tar.gz 

Upgrade firmware of embedded switch

  1. Connect your laptop to BMC management port, and configure ip of laptop to "192.168.70.xxx" .

  2. Transfer image from client to switch board by scp:

    • [Linux OS] $> scp -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null ./se350-hyl403g-r378-bd144013.bin.sign oper@192.168.70.254://tmp/

    • [Windows OS] .\pscp.exe -scp .\se350-hyl403g-r378-bd144013.bin.sign oper@192.168.70.254://tmp/

  3. Update FW in CLI of switch board: (all settings will be reset to factory default if "sudo sysupgrade -n") $> sudo sysupgrade /tmp/se350-hyl403g-r378-bd144013.bin.sign

Static route for remote configuration on embedded switch

If cloud ports are active, the default gateway obtained from cloud ports will overwrite existing default gateway of embedded switch. User will not be allowed to connect to embedded switch ip remotely (from different ip segment) due to network traffic back to management port will be redirected to cloud ports. Following example demonstrates how to add "static route" to allow remote configuration to embedded switch ip when the cloud ports are active.

#.If ip domain of management port is "172.18.x.x", with default gateway "172.18.221.254".

#.To force traffic targets to 172.18.0.0/16 & 10.0.0.0/8 to go through gateway 172.18.221.254

sudo uci set network.rtmgmt1=route
sudo uci set network.rtmgmt1.interface='mgmt_xcc_lan'
sudo uci set network.rtmgmt1.target='172.18.0.0'
sudo uci set network.rtmgmt1.netmask='255.255.0.0'
sudo uci set network.rtmgmt1.gateway='172.18.221.254'

sudo uci set network.rtmgmt2=route
sudo uci set network.rtmgmt2.interface='mgmt_xcc_lan'
sudo uci set network.rtmgmt2.target='10.0.0.0'
sudo uci set network.rtmgmt2.netmask='255.0.0.0'
sudo uci set network.rtmgmt2.gateway='172.18.221.254'

sudo uci commit
sudo /etc/init.d/network restart