Tip
This is the documentation for the 22.02 version. Looking for the documentation of the latest version? Have a look here.
Step 2: Initial Setup Tasks¶
Use the following diagram to support the initial setup tasks.
Ethernet Ports Connections¶
Use RJ45 ethernet cables to connect the SG-5100 network ports to the outside, corp89, and guest220 networks.
Port Label |
VPP Name |
OS Name |
Assignment/name |
---|---|---|---|
IGB0 |
n/a |
enp3s0 |
HostOS Interface |
IGB1 |
GigabitEthernet4/0/0 |
vpp1 |
outside |
IX0 |
TenGigabitEthernet6/0/0 |
vpp2 |
guest220 |
IX1 |
TenGigabitEthernet6/0/1 |
vpp3 |
corp89 |
IX2 |
TenGigabitEthernet8/0/0 |
vpp4 |
unassigned |
IX3 |
TenGigabitEthernet8/0/1 |
vpp5 |
unassigned |
HostOS Interface Notes¶
Configuration of the HostOS interface is outside the scope of this guide, see Edit the Host Interface Configuration.
Do not connect the HostOS interface to the same subnet, or broadcast domain, used by TNSR VPP interfaces as it may produced unexpected results.
More information at Host Interfaces.
Initial TNSR Setup¶
Boot up the SG-5100 appliance and connect to the console. Once connected, hit return to get a clear login prompt, and log in with the default TNSR user credentials.
Change Default Password¶
It is important to change the default password on the tnsr
user before
proceeding:
localhost tnsr# host shell passwd
Changing password for user tnsr.
Changing password for tnsr.
(current) UNIX password:
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
localhost tnsr#
Set Hostname¶
Set the TNSR hostname and save the configuration:
localhost tnsr# config
localhost tnsr(config)# system name sitex-rtr1
sitex-rtr1 tnsr(config)# configuration copy running startup
sitex-rtr1 tnsr(config)# exit
sitex-rtr1 tnsr#
Configure Dataplane¶
Enable selected network and crypto devices on the TNSR dataplane and then restart it, as shown in the config fragment below:
dataplane dpdk dev 0000:04:00.0 network name outside
dataplane dpdk dev 0000:06:00.0 network name guest220
dataplane dpdk dev 0000:06:00.1 network name corp89
dataplane dpdk dev 0000:01:00.0 crypto
#
service dataplane restart
Note
When enabling the crypto hardware device (QAT) on the console port or during system boot, it is normal for a number of log messages to display as it initializes, these can typically be ignored. For example:
[ 836.798096] c3xxxvf 0000:01:01.4: enabling device (0000 -> 0002)
[ 836.804235] DMAR: 64bit 0000:01:01.4 uses identity mapping
[ 836.839343] c3xxxvf 0000:01:01.0: Failed to register crypto algs
[ 836.859227] c3xxxvf: probe of 0000:01:01.0 failed with error -14
[ 836.865313] c3xxxvf 0000:01:01.1: enabling device (0000 -> 0002)
[ 836.871718] DMAR: 64bit 0000:01:01.1 uses identity mapping
[ 836.877853] c3xxxvf 0000:01:01.4: Failed to register crypto algs
[ 836.897244] c3xxxvf: probe of 0000:01:01.4 failed with error -14
Inspect an interface with the show interface
command. As seen below, the
outside interface is still in Admin down state, no IP address is
assigned, and no packets have been seen.
sitex-rtr1 tnsr(config)# show interface outside
Interface: outside
Admin status: down
Link down, unknown duplex
Link MTU: 9206 bytes
MAC address: 00:90:0b:7c:06:0d
IPv4 Route Table: ipv4-VRF:0
IPv6 Route Table: ipv6-VRF:0
VLAN tag rewrite: disable
counters:
received: 0 bytes, 0 packets, 0 errors
transmitted: 0 bytes, 0 packets, 0 errors
protocols: 0 IPv4, 0 IPv6
0 drops, 0 punts, 0 rx miss, 0 rx no buffer
Note that the default MTU is large. Set the MTU to the size for your application (typically 1500).
Save and Reboot¶
Save the configuration:
configuration copy running startup
And then reboot:
host shell sudo reboot
Watch the console logs as the system boots up, then log in as the tnsr
user
with the new password that was set earlier.