enterasys switch configuration guide
set snmp community community_name 2. The system is tolerant to packet loss in the network. ACLs on the A4 are described separately in this chapter since ACL support on the A4 is different from the support on the other Fixed Switch platforms. Configuring IRDP Table 21-3 IRDP Default Values (continued) Parameter Description Default Value advertisement holdtime The length of time this advertised address should be considered valid. Table 14-4 show netstat Output Details. show snmp group groupname grpname Display an SNMP groups access rights. 4. After you have properly configured the switch, and started Enterasys WebView, you can perform any of the tasks described in the following sections. In the configuration shown, these default settings have not been changed. After you have established your connection to the switch, follow these steps to download the latest firmware: 1. Refer to Table 4-7 on page 4-20 for default DHCP server settings. ThisexampleshowshowtodisplaySNMPcountervalues, Tabl e 86providesanexplanationofthecommandoutput. IEEE 802. It is auto configured with the cost of the intra-area path between the two ABRs that make up the virtuallink. VLAN Support on Enterasys Switches If a unicast untagged frame is received on Port 5, it would be classified for VLAN 50. Globally: Disabled. Spanning Tree Basics RSTP Operation RSTP optimizes convergence by significantly reducing the time to reconfigure the networks active topology when physical topology or configuration parameter changes occur. The directed broadcast address includes the network or subnet fields, with the binary bits of the host portion of the address set to one. Optionally, remove a static route. show file directory/filename Delete a file. VLAN Static Membership by Port VLAN Port Configuration Save the running configuration. Usethiscommandtoenableordisableportwebauthentication. Enabling Master Preemption By default, a router is enabled to preempt a lower priority master for the configured virtual router. Network Policy Used to configure tagged/untagged VLAN ID/L2 priority/DSCP on LLDP-MED endpoints (for example, IP phones). Configuring MSTP Figure 15-14 Maximum Bandwidth in an MSTP Network Configuration Bridge A Bridge B SID 86 Priority = 4096 SID 99 Priority = 32768 SID 86 Priority = 32768 SID 99 Priority = 4096 ge.1.3 ge.1.1 ge.1.3 ge.1.2 ge.1.1 ge.1.1 ge.1.2 ge.1.2 ge.1.2 ge.1. System contact Set to empty string. 1. The sources DR registers (that is, encapsulates) and sends multicast data from the source directly to the RP via a unicast routing protocol (number 1 in figure). A DHCP server manages a user-configured pool of IP addresses from which it can make assignments upon client requests. Chapter Title. This. Port Mirroring Table 8-4 Transmit Queue Monitoring Tasks Task Command Configure the time interval, in seconds, that ports disabled by the transmit queue monitoring feature remain disabled. Quality of Service (QoS) configuration on Enterasys switches is usually done via policies. ACL Configuration Overview IPv6 Rules For IPv6 rules, IPv6 source and destination addresses and prefix length are specified, or the any option can be used. OSPFv2 is available only on those fixed switch platforms that support advanced routing and on which an advanced feature license has been enabled. Figure 3-2 provides an example. C5(su)->router# Debug network issues with ping and traceroute Global Configuration Mode Set system-wide router parameters. Table 11-3 lists link aggregation parameters and their default values. Configuring Policy Table 16-5 on page 16-11 describes how to display policy information and statistics. For a single user, single authentication 802.1x port configuration, set MultiAuth mode to strict. Forwarding is enabled by default ipv6 forwarding Set the value of the hop limit field in IPv6 packets originated by this device. Telnet port (IP) Set to port number 23. ThisexampleshowshowtodisplayOSPFinformation: UsethiscommandtodisplaytheOSPFlinkstatedatabase. By default, this value is 10 link flapping instances. A designated port may forward with the exchange of two BPDUs in rapid succession. Reset password settings to default values. When enabled, this indicates that a port is on the edge of a bridged LAN. For example: A4(su)->show boot system Current system image to boot: a4-series_06.61.00.0026 Use the set boot system command to set the firmware image to be loaded at startup. Configuring Syslog Modifying Syslog Server Defaults Unless otherwise specified, the switch will use the default server settings listed in Table 14-4 for its configured Syslog servers: Table 14-4 Syslog Server Default Settings Parameter Default Setting facility local4 severity 8 (accepting all levels) descr no description applied port UDP port 514 Use the following commands to change these settings either during or after enabling a new server. RADIUS Management Authentication Procedure 26-2 Configuring IPsec Step Task Command(s) 1. Please consult the release notes or configuration guide to properly configure a static multicast Filter Database Entry for: 00-00-00-00-00-00 on vlan.0.123 . sFlow Table 18-3 describes how to manage remote network monitoring. CoS Hardware Resource Configuration System(su)->set cos port-config irl 1.0 ports ge.1.3-5 CoS Port Resource Layer For the CoS port resource layer, use the set cos port-resource irl command to set the kilobits per second rate to 1000 and enable Syslog for this IRL port group 1.0 mapped to IRL resource 0: System(su)->set cos port-resource irl 1. The SNTP authentication key is associated with an SNTP server using the set sntp server command. Dynamic VLAN authorization is not reflected in the show port vlan display. DHCPv6 Configuration Relay Remote ID Option Flags Procedure 25-7 on page 25-17 describes the tasks to configure a Fixed Switch interface as a DHCPv6 server. The end stations in each building connect to a switch on the bottom floor. Specification Guide (English) Quick Setup Guide (English) User Manual (English) Installation Instruction (English) DFE (PLATINUM) WITH 60 10 100 1000BASE-T 7G4202-60 . SpanGuard helps protect against Spanning Tree Denial of Service (DoS) SpanGuard attacks as well as unintentional or unauthorized connected bridges, by intercepting received BPDUs on configured ports and locking these ports so they do not process any received packets. Configuring Authentication Procedure 10-4 MultiAuth Authentication Configuration Step Task Command(s) 1. Configure PoE parameters on ports to which PDs are attached. Configuring PoE Procedure 7-3 PoE Configuration for G-Series Devices (continued) Step Task Command(s) 4. three times the maximum advertisement interval. Port Mirroring LAG ports can be a mirror source port, but not a mirror destination port. show snmp engineid Display SNMP group information. For an IPv6 ACLs, the following protocols can be specified in a rule: Any IPv6 protocol Transmission Control Protocol (TCP) User Datagram Protocol (UDP) IPv6 Internet Control Message Protocol (ICMPv6) TCP and UDP rules can match specific source and destination ports. Link Aggregation Overview Figure 11-1 LAG Formation Device B PARTNER Port Speed Admin Key 1 100M 100 2 100M 100 3 100M 100 ACTOR Device A Admin Key Port Speed 100 100M 1 100 100M 2 200 100M 3 100 100M 4 100 100M 5 100 1Gb 6 1 100M 100 300 1Gb 7 2 100M 100 400 1Gb 8 3 100M 100 4 100M 100 5 100M 100 6 1Gb 100 7 1Gb 100 8 1Gb 100 LAG 1 LAG 2 Device C Actor ports 1 - 3 on device A directly connect to partner ports 1 - 3 on device B: We have. OSPF adjacencies can not be formed on a passive interface. This sets the port VLAN ID (PVID). Configuring PoE Procedure 7-2 PoE Configuration for Stackable B5 and C5 Devices (continued) Step Task Command(s) 6. Network Engineer Network Engineering Description A network engineer is a technology professional who is highly skilled in maintaining the connectivity of networks in terms of. All generated messages are eligible for logging to local destinations and to remote servers configured as Syslog servers. Tabl e 112providesanexplanationofthecommandoutput. Set the MultiAuth mode. 12-18 Display SNMP traffic counter values. IPv6 Routing Configuration Router R2 R2(su)->router R2(su)->router>enable R2su)->router#configure Enter configuration commands: R2(su)->router(Config)#interface vlan 20 R2(su)->router(Config-if(Vlan 20))#ip address 195.167.20.1 255.255.255.0 R2(su)->router(Config-if(Vlan 20))#no shutdown R2(su)->router(Config-if(Vlan 20))#exit R2(su)->router(Config)#interface tunnel 10 R2(su)->router(Config-if(Tnnl 101))#ipv6 address 2001:db8:111:1::20/127 R2(su)->router(Config-if(Tnnl 101))#tunnel source 195.167.20. Configuring Cisco Discovery Protocol 13-14 Configuring Neighbor Discovery. You can also use the colon notation like this: 80:00:07:e5:80:4f:19:00:00:d2:32:aa:40 5. Both types of samples are combined in sFlow datagrams. Configuring OSPF Areas Configuring Area Virtual-Link Authentication An area virtual-link can be configured for simple authentication. Neighbor virtual link routers must have the same password. Using Multicast in Your Network A DVMRP device forwards multicast packets first by determining the upstream interface, and then by building the downstream interface list. Use the set port negotiation command to disable or enable auto-negotiation. Link Aggregation Configuration Example Table 11-6 LAG and Physical Port Admin Key Assignments Device LAG LAG Admin Key Physical Port Physical Port Admin Key S8 Distribution Switch 1 100 ge.1.1 100 ge.2.1 100 ge.3.1 100 ge.4.1 100 ge.1.2 200 ge.2.2 200 ge.3.2 200 ge.4.2 200 ge.1.21 100 ge.1.22 100 ge.2.23 100 ge.3.24 100 ge.1.21 200 ge.1.22 200 ge.1.23 200 ge.1.24 200 ge.2.17 300 ge.2.19 300 ge.2.22 300 ge.2. Table 25-7 show ipv6 ospf interface Command Output Details (Continued). Configuring Switches in a Stack, About SecureStack C3 Switch Operation in a Stack, Installing a New Stackable System of Up to Eight Units, Installing Previously-Configured Systems in a Stack, Adding a New Unit to an Existing Stack This document presents policy configuration from the perspective of the Fixed Switch CLI. sFlow Procedure Procedure 18-2 on page 18-14 provides the steps and commands to configure sFlow. Additional Configuration Tasks Setting User Accounts and Passwords Enterasys switches are shipped with three default user accounts: A super-user access account with a username of admin and no password A read-write access account with a username of rw and no password A read-only access account with a username of ro and no password Enterasys recommends that, for security purposes, you set up one or more unique user accounts with passwords and disable the default login accounts. Configuring VRRP Router 2(su)->router(Config-router)#exit Multiple Backup VRRP Configuration Figure 23-3 shows a multi-backup sample configuration. Table 25-3 Setting Routing General Parameters Task Command(s) Enable or disable IPv6 forwarding. LICENSE. In this way, VACM allows you to permit or deny access to any individual item of management information depending on a user's group membership and the level of security provided by the communications channel. Select none to allow all frames to pass through. Configuring Authentication Procedure 10-2 MAC-Based Authentication Configuration (continued) Step Task Command(s) 3. RSTP bridges receiving MSTP BPDUs interpret them as RSTP BPDUs. Reset the MultiAuth authentication idle timeout value to its default value for the specified authentication method. Maximum bandwidth utilization takes place when all bridges participate on all VLANs. User Account Overview The emergency access user is still subject to the system lockout interval even on the console port. Configuration Guide Firmware Version 6.03.xx.xxxx. Setting the value to 0 will set the timeout to forever. Refer to the CLI Reference for your platform for details about the commands listed below. Router R1 Router 1(su)->router(Config)#interface vlan 111 Router 1(su)->router(Config-if(Vlan 111))#ip address 172.111.1.1 255.255.255. Understanding and Configuring SpanGuard How Does It Operate? SSH Disabled. RSTP provides rapid connectivity following the failure of a switching device, switch port, or the addition of a switch into the network. Configuring IPv4 ACLs Procedure 24-1 describes how to configure IPv4 standard and extended ACLs. 2. VRRP Overview Figure 23-1 Basic VRRP Topology VRID 1 172.111.1.1 Router R1 Router R2 ge.1.1 VLAN 111 172.111.1.1/16 ge.1.1 VLAN 111 172.111.1.2/16 Host 1 172.111.1.100/16 Default Gateway 172.111.1.1 Figure 23-1 shows a basic VRRP topology with a single virtual router. Configuring OSPF Areas Area 2 ABR2(su)->router(Config)#router ospf 1 ABR2(su)->router(Config-router)#area 0.0.0.2 range 10.3.0.0 255.255.0.0 ABR2(su)->router(Config-router)#area 0.0.0.2 range 10.3.2.0 255.255.255.0 noadvertise Area 3 ABR3(su)->router(Config)#router ospf 1 ABR3(su)->router(Config-router)#area 0.0.0.3 range 10.1.0.0 255.255.0.0 Figure 22-3 OSPF Summarization Topology Configuring a Stub Area A stub area is a non-transit area. If you want to change the default timeout value for a specific server or all servers, you must enter the set tacacs server command using the timeout parameter. Important Notice Depending on the firmware version used on your Fixed Switch platform, some features described in this document may not be supported. 3. Terms and Definitions Table 15-11 Spanning Tree Terms and Definitions (continued) Term Definition Max age Maximum time (in seconds) the bridge can wait without receiving a configuration message (bridge hello) before attempting to reconfigure. Most of the procedures assume that you are configuring a single switch that has not been connected to a network, and they require that you have physical access to the console port on the switch. 1 second priority Specifies the router priority for the master election for this virtual router. assign ingress vlan using: set port vlan [port-string] X port string is the port number. . index DisplaytheconfigurationoftheTACACS+serveridentifiedbyindex. Using Multicast in Your Network A new dependent downstream device appears on a pruned branch. Is it reachable? sFlow sFlow Agent Functionality Packet flow sampling and counter sampling are performed by sFlow Instances associated with individual Data Sources within the sFlow Agent. If it is not, then the sending device proceeds no further. i . A code example follows the procedure. i Notice Enterasys Networks reserves the right to make changes in specif ications and other information co ntained in this document and its web site without prior notice. Neighbor Discovery Overview Figure 13-1 Communication between LLDP-enabled Devices Discovery MIB Port Device ge. Spanning Tree Basics Figure 15-8 MSTI 1 in a Region CIST Root 1 MSTI 1 2 5 MST CIST Regional Root 3 4 MSTI 1 Regional Root Legend: Physical Link Blocked VLANs Figure 15-9 MSTI2 in the Same Region MSTI 2 1 5 MST CIST Regional Root 3 2 MSTI 2 Regional Root 4 Legend: Physical Link Blocked VLANs Figure 15-10 on page 15-19 shows 3 regions with five MSTIs. Hosts on the link discover the addresses of their neighboring routers by listening for advertisements. Setup and maintained DNS, WINS and DHCP servers. Audited, designed, integrated, configured and tested LAN and WAN equipment such as Enterasys, juniper, alcatelvb switches, Routers. Proxy ARP can be used to resolve routing issues on end stations that are unable to route in the subnetted environment. 3 CLI Basics This chapter provides information about CLI conventions for stackable and standalone switches and CLI properties that you can configure. show ipv6 status If necessary, enable IPv6 management. Otherwise, it operates in limited functional (standard) mode. Thisexampleshowshowtodisplayswitchtypeinformationaboutallswitchesinthestack: switchindex (Optional)Specifiestheswitchindex(SID)oftheswitchtypetodisplay. Refer to Chapter 14, Configuring Syslog for more information about system logging in general. . Dynamic ARP Inspection Table 26-13 Displaying Dynamic ARP Inspection Information (continued) Task Command To display the ARP configuration of one or more VLANs show arpinspection vlan vlan-range To display ARP statistics for all DAI-enabled VLANs or for specific VLANs show arpinspection statistics [vlan vlan-range] Table 26-14 Managing Dynamic ARP Inspection Task Command To remove additional optional ARP validation parameters that were previously configured. When operating in unicast mode, optionally change the poll interval between SNTP unicast requests. MAC Locking Table 26-6 MAC Locking Defaults (continued) Parameter Description Default Value First arrival MAC address aging Specifies that dynamic MAC locked Disabled addresses will be aged out of the database. Managing the Firmware Image Downloading from a TFTP or SFTP Server This procedure assumes that the switch or stack of switches has been assigned an IP address and that it is connected to the network. . If not specified, mask will be set to 255.255.255.255. Telnet Enabled inbound and outbound. The final tie breaker is the receiving port ID. Figure 10-2 Authenticating Multiple Users With Different Methods on a Single Port Authentication Method 802. See Chapter 17, Configuring Quality of Service in this book for a complete discussion of QoS configuration. Configuring Policy Procedure 16-1 Step Configuring Policy Roles (continued) Task Command egress-vlans (Optional) Specifies the port to which this policy profile is applied should be added to the egress list of the VLANs defined with this parameter. SSH Overview on page 4-24 Configure the Dynamic Host Configuration Protocol (DHCP) server. When a root or alternate port loses its path to the root bridge, due to message age expiration, it takes on the role of designated port and will not forward traffic until a BPDU is received. Graft messages are sent upstream hop-by-hop until the multicast tree is reached. Can you upload files from other sources? Refer to page ACL Configuration Overview Inserting a new ACL rule entry into an ACL Moving an ACL rule to a new location in an ACL Apply the ACL to VLAN interfaces, to ports, or to Link Aggregation ports. enable|disable Enablesordisablesportwebauthentication. sFlow 18-16 Configuring Network Monitoring. show lldp Display the LLDP status of one or more ports. Refer to Licensing Advanced Features on page 4-8 for more information. UsethiscommandtodisplaythesystemIPaddressandsubnetmask. Managing Switch Configuration and Files Managing Files Table 6-1 lists the tasks and commands used to manage files. Port 5 looks up the destination MAC address in its FID. Link Aggregation Configuration Example Table 11-4 Managing Link Aggregation (continued) Task Command Reset the maximum number of LACP groups to the default of 6. clear lacp groups If the number of LACP groups has been changed from the default, executing this command will result in a system reset and LACP configuration settings will be returned to their default values, including the group limit. In this way, both upstream and downstream facing ports are protected. The hello interval is the period between transmissions of hello packet advertisements. DHCP Snooping into the software forwarding path, where it may be processed by the DHCP relay agent, the local DHCP server, or forwarded as an IP packet. Downloading New Firmware Enterasys C5 Command Line Interface Enterasys Networks, Inc. 50 Minuteman Rd. after the rate value indicates an invalid rate value Group Resource Type Unit Rate Rate Limit Index Action type --------- ----------- ---------- ---- ---------- --------------- ------ 1. Port Configuration Overview vlan for vlan interfaces lag for IEEE802.3 link aggregation ports Where unit_or_slotnumber can be: 1 - 8 for stackable switches (up to 8 units in a stack) 1 - 3 for I-Series standalone switches (Note that the uplink ports are considered to be slot 3) 1 - 4 for G-Series standalone switches Where port number depends on the device. Table 25-3 lists the tasks and commands. Bridges A, B, C and D participate in VLAN 10. Thisexampleillustratestheoutputofthiscommandusingtheadvrouterparameter. Inspect both the TxQs and IRL support for the installed ports. The port cost value may also be administratively assigned using the set spantree adminpathcost command. Link Aggregation Configuration Example The output algorithm defaults to selecting the output port based upon the destination and source IP address. By convention, the higher the port speed, the lower the port cost. Because the admin key settings for physical ports 7 and 8 do not agree with any LAG admin key setting on the device, ports 7 and 8 can not be part of any LAG. Access Control Lists on the A4 C5(su)->router>enable C5(su)->router#show access-lists ipv6mode ipv6mode disabled C5(su)->router#configure Enter configuration commands: C5(su)->router(Config)#access-list ipv6mode Changing ipv6mode will result in a system reset. SNTP Configuration Procedure 4-2 Configuring SNTP (continued) Step Task Command(s) 3. Refer to the CLI Reference for your switch model for more information about each command. After setting the index and IP address you are prompted to enter a secret value for this authentication server. Database contains 1 Enterasys S8-Chassis Manuals (available for free online viewing or downloading in PDF): Hardware installation manual . ENTERASYS MATRIX-V V2H124-24 CONFIGURATION MANUAL Pdf . Remote port mirroring involves configuration of the following port mirroring related parameters: 1. Syslog Components and Their Use Basic Syslog Scenario Figure 14-1 shows a basic scenario of how Syslog components operate on an Enterasys switch. Thisexampleshowshowtodisplayportsdisabledbylinkflapdetectionduetoaviolation: Tabl e 75providesanexplanationoftheshowlinkflapmetricscommandoutput. Advanced Configuration Overview Procedure 4-1 contains the steps to assign an IP address and configure basic system parameters. When passwords are entered on the switch using the CLI, the switch automatically suppresses the clear text representation of the password. RMON Procedure 18-1 Step Configuring Remote Network Monitoring (continued) Task Command(s) startup - (Optional) Specifies the alarm type generated when this event is first enabled rthresh - (Optional) Specifies the minimum threshold that will cause a rising alarm fthresh - (Optional) Specifies the minimum threshold that will cause a falling alarm revent - (Optional) Specifies the index number of the RMON event to be triggered when the rising threshold is crossed fevent - (Optional) Specifies. Access Control Lists on the A4 Table 24-1 ACL Rule Precedence (continued) ACL Type and Rule Priority Example IP SIP any DIP exact 18 permit any 10.0.1.22 IP SIP any DIP any 17 deny any any MAC SA any DA any 16 deny any any Rule actions include: Deny drop the packet. OSPF Configuration Task List and Commands, Table 20-2 OSPF Configuration Task List and Commands. 6. User Account Overview Procedure 5-2 Configuring a New Super-User / Emergency Access User Account Step Task Command(s) 4. Configuring PoE Stackable A4, B3, and C3 Devices Procedure 7-1 PoE Configuration for Stackable A4, B3, and C3 Devices Step Task Command(s) 1. Configuring OSPF Areas 0 to 4294967295. (8) When it no longer wants to receive the stream, Host 2 can do one of the following: - Send a leave message to Router 2. Configuring SNMP Configuring SNMPv1/SNMPv2c Creating a New Configuration Procedure 12-1 shows how to create a new SNMPv1 or SNMPv2c configuration. area area-id default-cost cost 5. With LACP, if a set of links can aggregate, they will aggregate. Link Aggregation Overview Investigating port admin keys, we see that ports 4 - 6 on device A are set to 100 (the same setting as all LAG ports on the device), while ports 7 and 8 on device A are set to 300 and 400, respectively. 9. The CIST contains a root bridge, which is the root of the Spanning Tree for the network. See Table 11-2 on page 11-7 for a description of port parameters. trap | inform3 Unsolicited message sent by an SNMP agent to an SNMP manager when an event has occurred. The default setting is auto. You can also close an active console port or Telnet session form the switch CLI. Configuring ACLs Procedure 24-1 Configuring IPv4 Standard and Extended ACLs (continued) Step Task Command(s) 6. Configuring VLANs the device. Configuring SNMP Procedure 12-4 Configuring Secure Community Names (continued) Step Task Command(s) 5. Table 3-1 lists some commonly used commands. Neighbor Discovery Overview connected neighbors. 1 macdest Classifies based on MAC destination address. Packet flow sampling will cause a steady, but random, stream of sFlow datagrams to be sent to the sFlow Collector.
81st Regional Support Command Phone Number,
Does Nelson Franklin Sing,
Articles E