A value of 0 means that two consecutive SPF calculations are performed one immediately after the other. Stateless autoconfiguration is part of Router Advertisement and the Enterasys Fixed Switches can support both stateless and stateful autoconfiguration of end nodes. Table 20-9 show ip pimsm interface vlan Output Details, Table 20-10 show ip pimsm interface stats Output Details. Enabling IGMP on the device and on the VLANs. ENTERASYS MATRIX-V V2H124-24 CONFIGURATION MANUAL Pdf . Optionally, configure a default distance, or preference, for static IPv6 routes that do not have a preference specified. Figure 3-2 provides an example. Procedure 24-1 Configuring IPv4 Standard and Extended ACLs Step Task 1. Note Do not use hardware flow control. Table 9-1 show spantree Output Details, About GARP VLAN Registration Protocol (GVRP), Policy Classification Configuration Summary. The switch can enforce a system-wide default for password aging (set system password aging). Using the Command Line Interface Note: At the end of the lookup display, the system will repeat the command you entered without the ?. A sampler instance performs packet flow sampling on the data source to which it is configured. GARP Multicast Registration Protocol (GMRP) A GARP application that functions in a similar fashion as GVRP, except that GMRP registers multicast addresses on ports to control the flooding of multicast frames. Port auto-negotiation Enabled on all ports. You may want to set a rate limit that would guard against excessive streaming. Before attempting to configure a single device for VLAN operation, consider the following: What is the purpose of my VLAN design? Managing Switch Configuration and Files Images: ================================================================== Filename: b5-series_06.42.03.0001 Version: 06.42.03.0001 Size: 6856704 (bytes) Date: Tue Dec 14 14:12:21 2010 CheckSum: 043637a2fb61d8303273e16050308927 Compatibility: B5G124-24, B5G124-24P2, B5G124-48, B5G124-48P2, B5K125-24 B5K125-24P2, B5K125-48, B5K125-48P2 Filename: b5-series_06.61.01.0032 (Active) (Boot) Version: 06.61.01. 2. Port 5 looks up the destination MAC address in its FID. Frames will egress as tagged. Agent 802. . Configuring SNMP enterasys(su)->set snmp view viewname RW subtree 0.0 enterasys(su)->set snmp view viewname RW subtree 1.3.6.1.6.3.13.1 excluded enterasys(su)->set snmp targetparams TVv1public user public security-model v1 message processing v1 enterasys(su)->set snmp targetaddr TVTrap 10.42.1.10 param TVv1public taglist TVTrapTag enterasys(su)->set snmp notify TVTrap tag TVTrapTag Adding to or Modifying the Default Configuration By default, SNMPv1 is configured on Enterasys switches. Setting security access rights 3. This guest policy provides for an internet-only access to the network. Procedure 22-2 OSPF Interface Configuration Step Task Command(s) 1. Ports used to authenticate and authorize supplicants utilize access entities that maintain entity state, counters, and statistics for an individual supplicant. show snmp engineid Display SNMP group information. Using Multicast in Your Network Figure 19-3 DVMRP Pruning and Grafting Source DVMRP Multicast Multicast Traffic Graft Prune Prune* IGMP Join * Prune before new host was added New Host Existing Host Protocol Independent Multicast (PIM) Overview PIM dynamically builds a distribution tree for forwarding multicast data on a network. EAPOL authentication mode When enabled, set to auto for all ports. The Filter-ID for that user is returned to the switch in the authentication response, and the authentication is validated for that user. Enterasys Core Switch/Router Commands Enable Untagged Vlans: set port vlan ge.2.1-30 20 set vlan egress 20 ge.2.1-30 untagged reload Enable jumbo frame support: show port jumbo set port jumbo enable ge.2.22-30 Enable LACP: show lacp state <=== to discover global lacp setting status set lacp {disable|enable} Port Configuration Overview By default, Enterasys switch devices are configured to automatically detect the cable type connection, straight through (MDI) or cross-over (MDIX), required by the cable connected to the port. Display the system lockout settings show system lockout 6. Service ACLs Restricting Management Access to the Console Port You can restrict access to system management to the switchs serial port only. enable|disable Enablesordisablesportwebauthentication. Dynamic ARP Inspection Basic Configuration Procedure 26-7 below lists the commands used to configure DAI. This document presents policy configuration from the perspective of the Fixed Switch CLI. Using the Command Line Interface Logging In By default, the switch is configured with three user login accountsro for Read-Only access, rw for Read-Write access, and admin for super-user access to all modifiable parameters. The default setting is auto. To start configuration, you want to connect the switch console to PuTTY. The read er should in all cases consult Enterasys Networks to determine whether any such set tacacs singleconnect enable To disable the use of a single TCP connection, use the set tacacs singleconnect disable command. RIP is a distance-vector routing protocol for use in small networks it is not intended for complex networks. OSPF routes IP packets based solely on the destination IP address found in the IP packet header. Determine the correct authentication type for each device. VLAN Support on Enterasys Switches the perspective of the access layerwhere users are most commonly locatedegress is generally untagged. ACL Configuration Overview This section describes ACL creation, rule entry, and application of the ACL to a port or routing VLAN required to implement an ACL, as well as, the features available for managing ACL rules and displaying ACLs. When the boot up output is complete, the system prints a Username prompt. The PIM specifications define several modes or methods by which a PIM router can build the distribution tree. Revision Level Two octets in length. RMON Procedure 18-1 Configuring Remote Network Monitoring (continued) Step Task Command(s) 8. Achtung: Verweit auf wichtige Informationen zum Schutz gegen Beschdigungen. This is done using the set system service-class console-only command. Terms and Definitions 20-12 IP Configuration. Ctrl+B Move cursor back one character. RESTRICTIONS. enterasys handles ingress and egress separately. CoS Hardware Resource Configuration Figure 17-5 Rate Limiting Clipping Behavior Flood Control CoS-based flood control is a form of rate limiting that prevents configured ports from being disrupted by a traffic storm, by rate limiting specific types of packets through those ports. Chapter 2: Configuring Switches in a Stack, Chapter 6: Discovery Protocol Configuration, Chapter 14: Logging and Network Management, Appendix A: Policy and Authentication Capacities. Routers R1 and R2 are both configured with one virtual router (VRID 1). Configuration Guide Firmware Version 6.03.xx.xxxx. If a DHCP relay agent or local DHCP server co-exist with the DHCP snooping feature, DHCP client messages will be sent to the DHCP relay agent or local DHCP server to process further. Figure 10-2 Authenticating Multiple Users With Different Methods on a Single Port Authentication Method 802. Telnet Overview identifier configured in this example must be 01:00:01:22:33:44:55. The order in which servers are queried is based on a precedence value optionally specified when you configure the server. Configuring MSTP Figure 15-12 Traffic Segregation in an MSTP Network Configuration Bridge C VLAN 10 ge.1.2 ge.1.1 MAC Address: 00-00-00-00-00-03 All Priority = 32768 VLAN 10 SID 1 Port Path Cost = 1 Bridge D VLAN 10 ge.1.1 ge.1.2 VLAN 10 MAC Address: 00-00-00-00-00-04 All Priority = 32768 ge.1.1 ge.1.2 ge.1.1 ge.1.2 ge.1.3 ge.1.4 ge.1.3 ge.1.4 Bridge A Bridge B MAC Address: 00-00-00-00-00-01 All Priority = 4096 MAC Address: 00-00-00-00-00-02 All Priority = 8192 Bridge E ge.1.2 ge.1. 1 Setting Up a Switch for the First Time This chapter describes how to configure an Enterasys stackable or standalone Fixed Switch received from the factory that has not been previously configured. PAGE 2. When operating in unicast mode, optionally change the poll interval between SNTP unicast requests. P/N 9034174-01. . Configuring Syslog Table 14-3 Syslog Command Precedence (continued) Syslog Component Command Function Server settings set logging server index ip-addr ipaddr [facility facility] [severity severity] [descr descr] [port port] state enable | disable During or after new server setup, specifies a server index, IP address, and operational state for a Syslog server. OSPFv2 is available only on those fixed switch platforms that support advanced routing and on which an advanced feature license has been enabled. 2. When a faculty member authenticates through the RADIUS server, the name of the faculty policy is returned in the RADIUS Access-Accept response message and that policy is applied by the switch to the faculty user. Minimally configures RADIUS, 802.1x, and MAC authentication. = [ ] \ ; ? ThisexampleshowshowtodisplayOSPFinformation: UsethiscommandtodisplaytheOSPFlinkstatedatabase. (See Overview on page 18-12 for more information.) Enter router interface configuration command mode for the specified interface from global configuration command mode. 3. See The RADIUS Filter-ID on page 8 for RADIUS Filter-ID information. Refer to Table 2-2 for console port pinout assignments. Syslog combines this value and the severity value to determine message priority. set ipsec encryption {3des | aes128 | aes192 | aes256} 4. Procedure 12-1 New SNMPv1/v2c Configuration Step Task Command(s) 1. Use the clear port broadcast command to return broadcast threshold settings to the default of 14881 packets per second. Refer to the CLI Reference for your platform for command details. Also, use this command to append ports to or clear ports from the egress ports list. Guide the actions of Level 1 and Level 2 teams focus on configuration changes, software updates, and preventive/ corrective maintenance, define and develop together with Management team, the initial performance procedures that should be used by the NOC. Remote port mirroring involves configuration of the following port mirroring related parameters: 1. A code example follows the procedure. ARP responses are unicast toward their destination. Example PoE Configuration A PoE-compliant G-Series device is configured as follows: One 400W power supply is installed. Table 25-7 show ipv6 ospf interface Command Output Details (Continued). Link Aggregation Overview Table 11-2 LAG Port Parameters (continued) Term Definition Administrative State A number of port level administrative states can be set for both the actor and partner ports. Apply power to the new unit. -1 (request as many octets as possible) capture slice The RMON capture maximum number of octets from each packet to be saved to the buffer. In the configuration shown, these default settings have not been changed. CoS Hardware Resource Configuration System(su)->set cos port-config irl 1.0 ports ge.1.3-5 CoS Port Resource Layer For the CoS port resource layer, use the set cos port-resource irl command to set the kilobits per second rate to 1000 and enable Syslog for this IRL port group 1.0 mapped to IRL resource 0: System(su)->set cos port-resource irl 1. The higher priority traffic through the device is serviced first before lower priority traffic. Configure RADIUS user accounts on the authentication server for each device. RMON Procedure 18-1 Step Configuring Remote Network Monitoring (continued) Task Command(s) startup - (Optional) Specifies the alarm type generated when this event is first enabled rthresh - (Optional) Specifies the minimum threshold that will cause a rising alarm fthresh - (Optional) Specifies the minimum threshold that will cause a falling alarm revent - (Optional) Specifies the index number of the RMON event to be triggered when the rising threshold is crossed fevent - (Optional) Specifies. The CIST root may be, but is not necessarily, located inside an MST region. engine ID A value used by both the SNMPv3 sender and receiver to propagate inform notifications. Configuring Cisco Discovery Protocol 13-14 Configuring Neighbor Discovery. When enabled, this indicates that a port is on the edge of a bridged LAN. Configuring Authentication Note: User + IP Phone authentication is not supported on the I-Series With User + IP Phone authentication, the policy role for the IP phone is statically mapped using a policy admin rule which assigns any frames received with a VLAN tag set to a specific VID (for example, Voice VLAN) to a specified policy role (for example, IP Phone policy role). with the switch, but you must provide your own RJ45 to RJ45 straight-through console cable. 3. Spanning Tree Basics Figure 15-8 MSTI 1 in a Region CIST Root 1 MSTI 1 2 5 MST CIST Regional Root 3 4 MSTI 1 Regional Root Legend: Physical Link Blocked VLANs Figure 15-9 MSTI2 in the Same Region MSTI 2 1 5 MST CIST Regional Root 3 2 MSTI 2 Regional Root 4 Legend: Physical Link Blocked VLANs Figure 15-10 on page 15-19 shows 3 regions with five MSTIs. Router 2 will translate Type 7 LSAs from the connected domain to Type 5 routes into the backbone. Configuring SNMP Procedure 12-3 Configuring an EngineID (continued) Step Task Command(s) 4. A Fixed Switch device uses one OSPF router process that can be any number between 1 and 65535. Bridges A, B, C and D participate in VLAN 10. SEVERABILITY. FIPS mode can be cleared using the clear security profile command. ipv6 route ipv6-prefix/prefix-length {global-next-hop-addr | interface {tunnel tunnel-id | vlan vlan-id} ll-next-hop-addr} [pref] 2. By default, all applications running on the Enterasys switch are allowed to forward Syslog messages generated at severity levels 6 through 1. On all switching devices, the default Spanning Tree version is set to MSTP (802.1s) mode. Switch 3s blocking port eventually transitions to a forwarding state which leads to a looped condition. If single port LAG is disabled, a single port LAG will not be initiated by this device. show port status port-string Example This example shows how to configure port ge.2.1 in the G3G-24SFP module to operate with a 100BASE-FX transceiver installed. The final tie breaker is the receiving port ID. Untagged. set sntp poll-interval value The poll interval is 2 to the power of value in seconds, where value can range from 6 to 10. Authentication Header (AH) mode is not supported. Saving the Configuration and Connecting Devices C5(su)->show ssh SSH Server status: Enabled 2. Use the ping ipv6 interface command to ping a link-local or global IPv6 address of an interface, specifying a loopback, tunnel, or logical interface as the source. UsethiscommandtodisplaythesystemIPaddressandsubnetmask. Auto-negotiation is enabled by default. Port Mirroring Table 8-4 Transmit Queue Monitoring Tasks Task Command Configure the time interval, in seconds, that ports disabled by the transmit queue monitoring feature remain disabled. Configuring SNMP Procedure 12-4 Configuring Secure Community Names Step Task Command(s) 1. Each area has its own link-state database. Graft messages are sent upstream hop-by-hop until the multicast tree is reached. Table 25-5 show ipv6 ospf database Output Details. User Manuals, Guides and Specications for your Enterasys C5K175-24 Switch. A designated port may forward with the exchange of two BPDUs in rapid succession. Rate limiting guarantees the availability of bandwidth for other traffic by preventing the rate limited traffic from consuming more than the assigned amount of a networks resources. Figure 15-5 on page 15-11 presents a root port configuration for Bridge B determined by the port priority setting. The physical ports will initially retain admin key defaults. set port discard port-string {tagged | untagged | none | both} 8. Display the routing table, including static routes. Three ICMP probes will be transmitted for each hop between the source and the traceroute destination. Configuring Node Aliases Procedure 4-10 Configuring MAC Address Settings Step Task Command(s) 1. ACL Configuration Overview The following example displays IPv4 extended access control list 120, then deletes entries 2 and 3, and redisplays the ACL. 12 ipdestsocket Classifies based on destination IP address and optional post-fixed L4 TCP/UDPport. Thischapterdescribesswitchrelatedloggingandnetworkmanagementcommandsandhowto usethem. The following example applies two different license keys to members of the stack. A packet is either forwarded (a permit rule) or not forwarded (a deny rule) according to the first rule that is matched. set sflow receiver index ip ipaddr 3. sFlow Table 18-7 lists the commands to display sFlow information and statistics. Quality of Service Overview Preferential Queue Treatment for Packet Forwarding There are three types of preferential queue treatments for packet forwarding: strict priority, weighted fair, and hybrid. RFC 3580s RADIUS tunnel attributes are often configured on a RADIUS server to dynamically assign users belonging to the same organizational group within an enterprise to the same VLAN, or to place all offending users according to the organizations security policy in a Quarantine VLAN. Violating MAC addresses are dropped from the devices (or stacks) filtering database. show file directory/filename Delete a file. See Table 11-2 on page 11-7 for a description of port parameters. Managing Switch Configuration and Files Managing Files Table 6-1 lists the tasks and commands used to manage files. 5 User Account and Password Management This chapter describes user account and password management features, which allow enhanced control of password usage and provide additional reporting of usage. Active Cisco 800 Series Router Configuration. set dhcpsnooping trust port port-string enable 4. 1 macdest Classifies based on MAC destination address. To clear the MultiAuth authentication mode. 21 IPv4 Basic Routing Protocols This chapter describes how to configure the Routing Information Protocol (RIP) and the ICMP Router Discovery Protocol (IRDP). This configuration requires a charging circuit to charge the DC capacitors of the modules in a controlled way. Syslog Components and Their Use Basic Syslog Scenario Figure 14-1 shows a basic scenario of how Syslog components operate on an Enterasys switch. The following port administrative states are set by default: lacpactive - Transmitting LACP PDUs is enabled. 1.2 PC ge. set ipsec authentication {md5 | sha1} Note: This command is not available if the security mode setting is C2. Configuring Authentication Server identification provides for the configuration of the server IP address and index value. Policy Configuration Example A CoS of 8 Create a policy role that applies a CoS 8 to data VLAN 10 and configures it to rate-limit traffic to 200,000 kbps with a moderate priority of 5. Optionally, change the encryption type. A team player who has worked on-site in 6 different countries ranging from Saudi Arabia to Cuba. Telnet Enabled inbound and outbound. It provides the performance and reliability you expect from the data center, but optimized for office environments, with physical security and whisper-quiet operation. Nokia SRA -#367- and Cisco CCNP certified engineer with 5 years of experience. no ip route dest-prefix dest-prefixmask forwarding-rtr-addr 3. Refer to the CLI Reference for your platform for more information about the commands listed below. Chapter 19, Configuring Multicast Configure VRRP. Removing Units from an Existing Stack If the running stack uses a daisy chain topology, make the stack cable connections from the bottom of the stack to the new unit (that is, STACK DOWN port from the bottom unit of the running stack to the STACK UP port on the new unit). Spanning Tree Basics RSTP Operation RSTP optimizes convergence by significantly reducing the time to reconfigure the networks active topology when physical topology or configuration parameter changes occur. set snmp view viewname securedviewname subtree 1 set snmp view viewname securedviewname subtree 0.0 set snmp view viewname unsecuredviewname subtree 1 set snmp view viewname unsecuredviewname subtree 0.0 6. UsethiscommandtodisplayLLDPconfigurationinformation. Considerations About Using clear config in a Stack To create a virtual switch configuration in a stack environment: 1. MSTI Multiple Spanning Tree Instance. All routers with the same VRID should be configured with the same advertisement interval. enable|disable EnablesordisablesClassofServiceontheswitch.Defaultstateis disabled. Port Configuration Overview Auto-Negotiation and Advertised Ability Auto-negotiation is an Ethernet feature that facilitates the selection of port speed, duplex, and flow control between the two members of a link, by first sharing these capabilities and then selecting the fastest transmission mode that both ends of the link support. Understanding How VLANs Operate Preparing for VLAN Configuration A little forethought and planning is essential to a successful VLAN implementation. RSTP bridges receiving MSTP BPDUs interpret them as RSTP BPDUs. set port inlinepower port-string {[admin {off | auto}] [priority {critical | high | low}] [type type]} admin Enables (auto) or disables (off) PoE on a port. SSH Overview on page 4-24 Configure the Dynamic Host Configuration Protocol (DHCP) server. 9 Configuring VLANs This chapter describes how to configure VLANs on Enterasys fixed stackable and standalone switches. In global configuration mode, configure an IPv4 static route. Optionally, remove a static route. When Policy Maptable Response is Profile When the switch is configured to use only Filter-ID attributes, by setting the set policy maptable command response parameter to policy: If the Filter-ID attributes are present, the specified policy profile will be applied to the authenticating user. Any router with a priority of 0 will opt out of the DR election process. Table 25-9 show ipv6 ospf neighbor Output Details, Overview of Authentication and Authorization Methods. 4. Configuring SNMP Configuring SNMPv1/SNMPv2c Creating a New Configuration Procedure 12-1 shows how to create a new SNMPv1 or SNMPv2c configuration. sFlow 18-16 Configuring Network Monitoring. It is auto configured with the cost of the intra-area path between the two ABRs that make up the virtuallink. I have enjoyed my solid commitment to this profession since 1997. To use the ping commands, configure the switch for network (in-band) connection. Senders use RPs to announce their existence, and receivers use RPs to learn about new senders of a group. If Router R1 should become unavailable, Router R2 would take over virtual router VRID 1 and its associated IP addresses. When bridges are added to or removed from the network, root election takes place and port roles are recalculated. The memory card provides a removable, non-volatile means for storing the system configuration and IP address only, and may be used to move the systems configuration to another switch. A typical situation occurs when a host requests an IP address with no DHCP server located on that segment. Creates a policy profile for the phones and a policy rule that maps tagged frames on the user ports to that policy profile. Lockout is configured at the system level, not at the user account level. Since there is no way to tell whether a graft message was lost or the source has stopped sending, each graft message is acknowledged hop-by-hop. 4. vlanvlanid (Optional)SpecifiestheinterfaceforwhichtoclearDHCPv6statistics. Managing Switch Configuration and Files Displaying the Configuration Executing show config without any parameters will display all the non-default configuration settings. A2H124-24FX. I I worked on Planning cabling, planning and configuring switch and LAN security infrastructure. Enterasys->show spantree nonforwardingreason port lag.0.2 Port lag.0.2 has been placed in listening or blocking state on SID 0 by the LoopProtect feature. Using the output of the show switch switchtype command, determine the switch index (SID) of the model of switch being configured. Thisexampleshowshowtodisplay802.1Xstatus: Thisexampleshowshowtodisplayauthenticationdiagnosticsinformationforge.1.1: Thisexampleshowshowtodisplayauthenticationstatisticsforge.1.1: ThisexampleshowshowtodisplayMACauthenticationinformationforge.2.1through8: Tabl e 263providesanexplanationofthecommandoutput. Configuring VRRP Router 2(su)->router(Config-router)#exit Multiple Backup VRRP Configuration Figure 23-3 shows a multi-backup sample configuration. Forwarding is enabled by default ipv6 forwarding Set the value of the hop limit field in IPv6 packets originated by this device. Dynamic ARP Inspection 26-28 Configuring Security Features.