NAI Documentation

ES Module Guide

17 min read

Ethernet Switch (ES) Family Guide

Overview

NAI’s ES-series modules are managed Ethernet switches — smart function modules that put a full Layer 2 / Layer 3 switch fabric inside an NAI chassis. The family’s current member, the ES2, is a managed switch with 16 Gigabit (10/100/1000Base-T) copper ports and up to four 10 GbE fiber-optic ports, running an industry-standard switch OS (ISS) with VLANs, IP routing, QoS, SNMP, and secure management (SSH/SSL/RADIUS/TACACS).

Where an EM NIC gives one SBC a couple of endpoint Ethernet ports, an ES2 is the switch fabric that ties endpoints together — it aggregates and segments traffic among the SBCs in a system and the outside world. Use it to build a network inside the box: connect several processor cards and I/O endpoints, carve them into VLANs (for example a mission/data network kept separate from a maintenance/control network), route between subnets, and uplink the chassis to an external LAN over copper or fiber.

Unlike NAI’s measurement and I/O modules, you don’t drive the ES2 with a simple naibrd read/write lifecycle. It is a real managed switch, so there are two ways to configure and monitor it:

  1. The switch’s own management plane — CLI over the serial console, or Telnet/SSH/HTTP/SNMP over the network. This is the primary, full-featured path (everything the switch OS supports), and it’s what most of this guide walks through.
  2. A host-side NAI SSK API (naibrd_ESW_*) — lets the host SBC configure and monitor a useful subset (VLANs, port link settings, link and BIT status) programmatically over the backplane, without a console session. This API is SSK 1.x only (see Host-side configuration & monitoring).

ES modules at a glance

The ES family currently has one member, the ES2. There are no software model variants to choose between — what you configure are its ports, VLANs, and management settings. The one hardware option is how many of the four 10 GbE fiber ports are populated.

AttributeES2
FunctionManaged Layer 2 / Layer 3 Ethernet switch
Copper ports16 × 10/100/1000Base-T (Gigabit), auto-negotiating, auto-MDI/MDI-X
Fiber portsUp to 4 × 10 GbE fiber-optic (optional; each field-toggleable 10 G ↔ 1 G)
Switch OSISS (industry-standard CLI syntax)
ManagementCLI (serial console), Telnet, SSH, HTTP, SNMP
Default IP / mask12.0.0.1 / 255.0.0.0
Default loginroot / admin123
As-shipped stateOnly port 1 enabled (for initial access); all other ports disabled
Host-side APInaibrd_ESW_* (SSK 1.x) — VLANs, link settings, link/BIT status
Generation / form factorGen5, 3U or 6U VPX

Switch features include VLANs (port- and subnet-based), IP routing, QoS, IGMP snooping, link aggregation, and secure management (SSH, SSL, RADIUS, TACACS+) — the full ISS feature set documented in the ES2-Main Manual.

There is no combination module that bundles an ES switch function with another NAI I/O function.

Note

Copper port numbering. The 16 Gigabit ports are labeled 1–16 externally but referenced as g 0/3g 0/18 inside the switch OS (external port 1 is g 0/3; the lowest interface numbers are used internally). The fiber ports are e 0/1e 0/4.

Physical setup

The ES2 brings out 16 copper Gigabit ports and up to four 10 GbE fiber ports, plus an RS-232 serial console. Two things make the first hookup easy: as shipped, only external port 1 is enabled (so you have a known port to connect to), and the serial console is always available for configuration even before any Ethernet port is up.

When you configure ports in the switch OS, you reference them by their internal nomenclature, not the external label. The interface type is gigabitethernet (abbreviated g) or extreme-ethernet (e), the slot is always 0, and the port number follows:

External portInternal nameExternal portInternal name
Copper 1g 0/3Copper 9g 0/11
Copper 2g 0/4Copper 10g 0/12
Copper 3g 0/5Copper 11g 0/13
Copper 4g 0/6Copper 12g 0/14
Copper 5g 0/7Copper 13g 0/15
Copper 6g 0/8Copper 14g 0/16
Copper 7g 0/9Copper 15g 0/17
Copper 8g 0/10Copper 16g 0/18
Fiber 1e 0/1Fiber 3e 0/3
Fiber 2e 0/2Fiber 4e 0/4

A few things hold for the family:

  • Copper ports are standard 10/100/1000Base-T. They auto-negotiate speed and duplex and do auto-MDI/MDI-X, so a straight-through Cat5e/Cat6 cable works to a switch or directly to a host.
  • Fiber ports default to 10 G. Each of the four fiber ports ships at 10 Gbps and can be set to 1 Gbps per port in the management console — auto-negotiation/auto-MDIX terms don’t apply to the fiber ports (that’s a copper concept).
  • Port 1 is your way in. It’s the only port enabled out of the box; bring the others up with no shutdown once you’re connected (see Connecting and first configuration).
  • The serial console always works. If the network side isn’t reachable yet, configure over RS-232 — no IP required.

The exact connector pins are per-board, so get them from the manuals; the pattern is the same:

  1. Identify the ES2’s slot number on your NAI motherboard or system.
  2. The slot brings the switch’s port signals and the serial console out as generic IO# pins on the breakout/connector.
  3. Map those IO# pins to the copper ports, fiber ports, and serial console using the pinout in the ES2-Main Manual together with your motherboard’s I/O connector tables.
  4. Land the copper ports on RJ45 jacks, the fiber ports on their optical connectors, and the serial console on a DB9/header for your terminal.

Connecting and first configuration

You configure the ES2 through its management plane — the switch’s own CLI and management protocols — not through a build-and-deploy SSK workflow. The first session brings the switch up to a known state: reach it, log in, enable the ports you need, give it an address, and save. Everything here is the switch OS, so the same steps apply regardless of what OS your host SBC runs.

1. Get on the switch’s subnet. As shipped the switch answers at 12.0.0.1 / 255.0.0.0, and only port 1 is enabled. Set the PC you’ll manage from to an address in that subnet — for example 12.0.0.20 / 255.0.0.0 — and cable it to external port 1. (Or skip the network entirely and use the RS-232 serial console, which needs no IP.)

2. Open a session and log in. Connect by SSH or Telnet to 12.0.0.1 (or open the serial console in a terminal like Tera Term), then log in:

ISS login: root
Password: ********
es2#

Note

The default credentials are root / admin123. Change them before the switch goes on any shared network.

3. Know the command modes. The CLI is mode-based, like other industry-standard switch CLIs. You move down into more specific modes and back up with end:

ModePromptEnter with
User EXECes2>(initial)
Privileged EXECes2#enable
Global Configurationes2(config)#configure terminal (c t)
Interface Configurationes2(config-if)#interface <type> <slot>/<port>
VLAN Configurationes2(config-vlan)#vlan <id>

Commands can be abbreviated to their shortest unambiguous form, and TAB autocompletes.

4. Enable the ports you’ll use. Every port except port 1 is disabled out of the box — turn the ones you need on with no shutdown. To enable all 16 Gigabit ports at once:

es2# configure terminal
es2(config)# interface range g 0/3-18
es2(config-if-range)# no shutdown
es2(config-if-range)# end

(Enable the fiber ports the same way with interface range e 0/1-4.)

5. Set the switch’s IP address. Change the management address on the default VLAN (VLAN 1). The interface must be shut down while you change its address:

es2# configure terminal
es2(config)# interface vlan 1
es2(config-if)# shutdown
es2(config-if)# ip address 192.168.1.10 255.255.255.0
es2(config-if)# no shutdown
es2(config-if)# end

To have the switch take this address persistently across reboots, also set it as the default with default ip address …; to pull an address from a server instead, use ip address dhcp.

6. Save the configuration. Running config is lost on reboot unless you write it to flash:

es2# write startup-config

From here the switch reloads into this configuration on every power cycle. Confirm what you’ve done with show interfaces, show ip interface, and show nvram.

Other ways to manage it. Everything above is also reachable over HTTP (point a browser at the switch IP) and SNMP (for monitoring/management from an NMS via MIB objects). The CLI is available identically over the serial console, Telnet, and SSH.

Where to find what you need:

  • The full command set — the ES2-Main Manual documents the switch configuration, VLANs, IP, and the supported ISS CLI commands.
  • Reaching the host SBCConnecting to Boards covers powering and networking the processor card the ES2 shares a chassis with.
  • Host-side programmatic control — see Host-side configuration & monitoring below for the naibrd_ESW_* API.

Confirm communication

There are two independent ways to confirm the ES2 is alive and reachable — one over the management plane, one from the host SBC — and neither needs extra test equipment.

1. Reach the switch over the network (or console). With your PC on the switch’s subnet and a cable to port 1:

ping 12.0.0.1          # the switch answers at its default address

A reply confirms the port, the link, and the switch’s management interface. Then log in (SSH/Telnet/serial) and ask the switch what it sees:

es2# show ip interface       # VLAN 1 "up", the management IP and mask
es2# show interfaces         # per-port state and link

If show interfaces lists your enabled ports as up, the switch fabric is configured and running.

2. See the switch from the host SBC (naibrd_ESW_*, SSK 1.x). Because the module also sits on the backplane, the host can confirm it’s present and read live port status without a console session. A successful GetPortCount proves the SBC, the SSK, and the module are talking; GetLinkStatus then tells you which ports have a live partner:

/* SSK 1.x */
int32_t ports = naibrd_ESW_GetPortCount(cardIndex, module);   /* > 0 => module present and responding */
 
nai_esw_link_status_t link;
naibrd_ESW_GetLinkStatus(cardIndex, module, port, &link);     /* NAI_ESW_LINK_UP / NAI_ESW_LINK_DOWN */
 
uint32_t bitWord = 0;
naibrd_ESW_GetBITStatusWord(cardIndex, module, &bitWord);     /* 0 => no port BIT faults */

If GetPortCount returns a positive count and the ports you’ve cabled report NAI_ESW_LINK_UP with a clear BIT word, the module is confirmed end-to-end from the host side. The ESW_Config sample exercises all of this interactively.

Note

The host-side naibrd_ESW_* API is SSK 1.x only. If you’re on SSK 2.x, use the management-plane checks (ping / show) above — there is no naibrd_esw in the 2.x kit.

Host-side configuration & monitoring (naibrd_ESW_*, SSK 1.x)

In addition to the management plane, the host SBC can configure and monitor a subset of the switch programmatically over the backplane with the naibrd_ESW_* API — handy when you want a board to set up its own VLANs or check link health at boot without scripting a console session. Calls take the cardIndex / module coordinates of the switch (and a port or vlan index where relevant); naibrd_ESW_GetPortCount / GetVLANCount tell you how many of each the module has.

Important

This API is part of SSK 1.x only. There is no naibrd_esw library or ESW sample in the SSK 2.x kit, so these calls have no 1.x/2.x version toggle — they’re shown once, in their 1.x form. On SSK 2.x, configure and monitor the switch through its management plane instead. The host-side API also covers only a subset of the switch’s capability; for VLANs/IP/QoS/security beyond what’s below, use the CLI/SNMP plane.

The API does not replace the management plane — it complements it. The blocks below group the calls by what you’re doing.

Configure a VLAN from the host

What it does: create or modify a VLAN — its ID, member ports, tagging, and (for a routed/subnet VLAN) its IP address and mask — then commit the change and read back whether it took. VLAN setup is a staged handshake: set the parameters, then initiate the configuration with a control word, then check the return status.

Applies to: the ES2’s VLAN table (size from naibrd_ESW_GetVLANCount).

Relevant APIs:

/* SSK 1.x */
nai_status_t naibrd_ESW_SetVLANControlEnable(int32_t cardIndex, int32_t module, int32_t vlan, bool_t enable);
nai_status_t naibrd_ESW_SetVLANControlType(int32_t cardIndex, int32_t module, int32_t vlan, nai_esw_vlan_type_t vlanType);   /* PORT_BASED / SUBNET_BASED */
nai_status_t naibrd_ESW_SetVLANID(int32_t cardIndex, int32_t module, int32_t vlan, uint32_t groupID);
nai_status_t naibrd_ESW_SetVLANMembers(int32_t cardIndex, int32_t module, int32_t vlan, uint32_t members);                   /* bitmask; use NAI_ESW_VLAN_MEMBER(port) */
nai_status_t naibrd_ESW_SetVLANMemberTagPkt(int32_t cardIndex, int32_t module, int32_t vlan, uint32_t tagPackets);
nai_status_t naibrd_ESW_SetVLANIPAddress(int32_t cardIndex, int32_t module, int32_t vlan, uint16_t ip63to48, uint16_t ip47to32, uint16_t ip31to16, uint16_t ip15to0);
nai_status_t naibrd_ESW_SetVLANNetworkMask(int32_t cardIndex, int32_t module, int32_t vlan, uint16_t net63to48, uint16_t net47to32, uint16_t net31to16, uint16_t net15to0);
nai_status_t naibrd_ESW_SetVLANControlWord(int32_t cardIndex, int32_t module, int32_t vlan, nai_esw_vlan_ctrl_t control);    /* OR in NAI_ESW_VLAN_CTRL_CFG_INITIATE to commit */
nai_status_t naibrd_ESW_GetVLANReturnStatus(int32_t cardIndex, int32_t module, int32_t vlan, uint32_t* returnStatus);        /* NAI_ESW_VLAN_GROUP_ENABLED on success */
nai_status_t naibrd_ESW_ClearVLANReturnStatus(int32_t cardIndex, int32_t module, int32_t vlan);

Exercise it: ESW Config (its VLAN configuration menu walks this exact sequence).

What it does: force or auto-negotiate a port’s speed and duplex, control Gigabit capability advertisement, and disable a port from the host. Leave speed on AUTO for normal copper links; pin a rate only for a fixed-speed link or a finicky partner.

Applies to: any port (count from naibrd_ESW_GetPortCount). *Word variants set/read all ports at once via a bitmask.

Relevant APIs:

/* SSK 1.x */
nai_status_t naibrd_ESW_SetLinkSpeed(int32_t cardIndex, int32_t module, int32_t port, nai_esw_link_speed_t linkSpeed);        /* AUTO / 10 / 100 / 1G / DISABLE */
nai_status_t naibrd_ESW_SetLinkDuplex(int32_t cardIndex, int32_t module, int32_t port, nai_esw_link_duplex_t linkDuplex);     /* HALF / FULL */
nai_status_t naibrd_ESW_SetLinkGigCapAdv(int32_t cardIndex, int32_t module, int32_t port, nai_esw_link_gig_adv_t gigAdv);     /* OFF / ON */
nai_status_t naibrd_ESW_SetLinkSpeedWord(int32_t cardIndex, int32_t module, int32_t group, uint32_t linkSpeedWord);
nai_status_t naibrd_ESW_SetLinkDuplexWord(int32_t cardIndex, int32_t module, uint32_t linkDuplexWord);

Exercise it: ESW Config (link speed/duplex menu).

What it does: read each port’s link up/down, its negotiated speed and duplex, the detected MDI/MDI-X mode, and the switch’s built-in test result. Run BIT on demand or read the continuously available status.

Applies to: any port; *Word variants return all ports in one read.

Relevant APIs:

/* SSK 1.x */
nai_status_t naibrd_ESW_GetLinkStatus(int32_t cardIndex, int32_t module, int32_t port, nai_esw_link_status_t* linkStatus);          /* UP / DOWN */
nai_status_t naibrd_ESW_GetLinkSpeedStatus(int32_t cardIndex, int32_t module, int32_t port, nai_esw_link_speed_t* linkSpeed);
nai_status_t naibrd_ESW_GetLinkDuplexStatus(int32_t cardIndex, int32_t module, int32_t port, nai_esw_link_duplex_t* linkDuplex);
nai_status_t naibrd_ESW_GetLinkMDIXMode(int32_t cardIndex, int32_t module, int32_t port, nai_esw_link_mdix_mode_t* mdixMode);        /* MDI / MDIX */
nai_status_t naibrd_ESW_SetBITTestInitiate(int32_t cardIndex, int32_t module);
nai_status_t naibrd_ESW_GetBITStatus(int32_t cardIndex, int32_t module, int32_t port, nai_esw_bit_status_t* bitStatus);
nai_status_t naibrd_ESW_GetBITStatusWord(int32_t cardIndex, int32_t module, uint32_t* bitStatusWord);

Exercise it: ESW Config (link/BIT status display).

Try it

Two complete sequences — one on each control surface.

Try it — first-config over the CLI

Bring a factory-default ES2 to a usable state: enable all 16 Gigabit ports, give the switch a management address, and save it so it survives a reboot. (Your PC is already on the 12.0.0.0/8 subnet and connected to port 1.)

es2# configure terminal
es2(config)# interface range g 0/3-18
es2(config-if-range)# no shutdown          # enable all 16 copper ports
es2(config-if-range)# exit
es2(config)# interface vlan 1
es2(config-if)# shutdown
es2(config-if)# ip address 192.168.1.10 255.255.255.0
es2(config-if)# no shutdown                # management IP on the default VLAN
es2(config-if)# end
es2# write startup-config                  # persist across power cycles
es2# show ip interface                     # confirm: VLAN 1 up, the new address

Try it — configure a VLAN from the host (SSK 1.x)

The host-side equivalent of carving out a VLAN: put a couple of ports into a new port-based VLAN, commit, and confirm it took. The commit is the key step — parameters don’t take effect until you initiate the configuration and the switch reports success.

/* SSK 1.x — create port-based VLAN 2 with two member ports */
int32_t vlan = 2;
uint32_t members = NAI_ESW_VLAN_MEMBER(3) | NAI_ESW_VLAN_MEMBER(4);   /* bit positions follow the module's port numbering */
uint32_t ret = 0;
 
naibrd_ESW_ClearVLANReturnStatus(cardIndex, module, vlan);
naibrd_ESW_SetVLANControlEnable(cardIndex, module, vlan, NAI_TRUE);
naibrd_ESW_SetVLANControlType(cardIndex, module, vlan, NAI_ESW_VLAN_TYPE_PORT_BASED);
naibrd_ESW_SetVLANID(cardIndex, module, vlan, 2);
naibrd_ESW_SetVLANMembers(cardIndex, module, vlan, members);
 
/* commit and check the result */
naibrd_ESW_SetVLANControlWord(cardIndex, module, vlan, NAI_ESW_VLAN_CTRL_CFG_INITIATE);
do {
   naibrd_ESW_GetVLANReturnStatus(cardIndex, module, vlan, &ret);
} while (ret == NAI_ESW_VLAN_CFG_PROCESSING);
/* ret == NAI_ESW_VLAN_GROUP_ENABLED on success */

Building and running the SSK sample. The host-side snippet is condensed for orientation; for the full, buildable program — the complete VLAN handshake plus link and BIT menus — see ESW Config and Using NAI SSK 1.x Sample Applications for build/run instructions across platforms. (ESW_Config is an SSK 1.x sample; there is no SSK 2.x equivalent.)

Hardware capabilities and status monitoring

What the hardware provides:

  • 20 switched ports — 16 × 10/100/1000Base-T copper (auto-negotiating, auto-MDI/MDI-X) plus up to 4 × 10 GbE fiber (each settable 10 G ↔ 1 G).
  • Managed Layer 2 / Layer 3 — VLANs (port- and subnet-based), inter-VLAN IP routing, QoS, IGMP snooping, and link aggregation, all configurable through the switch OS.
  • Secure, standards-based management — CLI, Telnet, SSH, HTTP, and SNMP access, with RADIUS/TACACS+ authentication and SSL.
  • Per-port Built-In Test — the switch runs BIT on its ports; results are readable from the host with naibrd_ESW_GetBITStatus.
  • Non-volatile configuration — save the running config to on-board flash (write startup-config) so the switch reloads it on every power cycle.

Statuses you can monitor:

StatusWhat it tells youHow to read it
Link stateWhether a port has a live partnershow interfaces · naibrd_ESW_GetLinkStatus
Speed & duplexThe negotiated rate and duplex per portshow interfaces · naibrd_ESW_GetLinkSpeedStatus / GetLinkDuplexStatus
MDI / MDI-XThe detected cable-crossover mode on a copper portnaibrd_ESW_GetLinkMDIXMode
Port BITWhether a port passed built-in testnaibrd_ESW_GetBITStatus / GetBITStatusWord
VLAN config resultWhether a host-driven VLAN change succeedednaibrd_ESW_GetVLANReturnStatus · show ip interface vlan <id>
Switch / NVRAM configSaved IP, mode, MAC, and feature settingsshow nvram · show running-config

The management plane (CLI show commands, SNMP) exposes the full set of switch counters and state; the host-side naibrd_ESW_* calls cover the link- and BIT-level subset most useful to a host application.

Common pitfalls

  • Can’t reach 12.0.0.1? Your management PC must be on the same subnet — set its NIC to something like 12.0.0.20 / 255.0.0.0 first. If the network side is unreachable, fall back to the serial console, which needs no IP.
  • Ports won’t pass traffic. Only port 1 is enabled as shipped; every other port is administratively down until you no shutdown it. A cabled, link-lit port still won’t forward until it’s enabled.
  • Configuration vanishes after a reboot. The running config is volatile — run write startup-config to save it to flash, or the switch comes back at factory defaults.
  • Changing an interface IP fails or drops you. You must shutdown the VLAN interface before changing its address, then no shutdown after. Configuring an IP on a live interface is rejected.
  • A fiber port won’t link to a 1 G partner. The fiber ports default to 10 G; set the port to 1 G in the management console to match a Gigabit partner.
  • Host VLAN changes “don’t take.” The naibrd_ESW_* VLAN calls only stage parameters — nothing applies until you commit with SetVLANControlWord(... CFG_INITIATE) and then verify with GetVLANReturnStatus. Check the return status, not just that the calls returned success.
  • naibrd_ESW_* isn’t in SSK 2.x. The host-side API is 1.x only. On 2.x, manage the switch through its CLI/SNMP/web plane.
  • Default credentials are public. root / admin123 ship on every unit — change them before the switch touches a shared network.
  • External vs internal port numbers. External port 1 is g 0/3, port 2 is g 0/4, and so on — off-by-two against the label. Use the port map when writing interface commands.
  • ES2-Main Manual — switch configuration, VLANs, IP, and the supported ISS CLI command set
  • ES2 Data Sheet — full port, electrical, and environmental specifications
  • EM Family Guide — the sibling Ethernet module: the EM1 NIC gives an SBC endpoint ports, where the ES2 is the switch fabric that connects them
  • ESW Config — the SSK 1.x sample that exercises the host-side naibrd_ESW_* API
  • Download the SSK — get the library and sample apps (the ESW sample is in the 1.x kit)
  • Connecting to Boards — power, network, console, and file transfer to the host SBC the ES2 shares a chassis with
NAI Docs Assistant
Was this document helpful?