enterasys switch configuration guide

3. By default, security audit logging is disabled. set multiauth mode strict 2. An interface must have an IP address assigned to it before it can be set as the TACACS+ source. Usethiscommandtoenableordisableportwebauthentication. Tabl e 147providesanexplanationofthecommandoutput. Tabl e 203providesanexplanationofthecommandoutput. For information about upgrading firmware on a new stack, refer to Configuring a Stack of New Switches on page 1-8. Port broadcast suppression Enabled and set to limit broadcast packets to 14,881 per second on all switch ports. Creates a CoS setting of index 55. ThisexampleclearsDHCPv6statisticsforVLAN80. vlanvlanid SpecifiestheVLANinterfaceforwhichtodisplaystatistics. Connect the RJ45 connector at one end of the cable to the RJ45 console port on the D2 . The RP router, for the group, is selected by using the hash algorithm defined in RFC 2362. CoS Hardware Resource Configuration System(su)->set cos port-config irl 1.0 ports ge.1.3-5 CoS Port Resource Layer For the CoS port resource layer, use the set cos port-resource irl command to set the kilobits per second rate to 1000 and enable Syslog for this IRL port group 1.0 mapped to IRL resource 0: System(su)->set cos port-resource irl 1. IPv6 Neighbor Discovery Testing Network Connectivity Use the ping ipv6 command to determine whether another device is on the network. The ARP Table This example shows output from a successful ping to IP address 182.127.63.23: C5(su)->router#ping 182.127.63.23 182.127.63.23 is alive Use the traceroute command to display a hop-by-hop path through an IP network from the device to a specific destination host. Such a group, together with the routers having interfaces to any one of the included networks, is called an area. Using the Command Line Interface Logging In By default, the switch is configured with three user login accountsro for Read-Only access, rw for Read-Write access, and admin for super-user access to all modifiable parameters. Using the all parameter will display all default and non-default configuration settings. Link Aggregation Overview Figure 11-1 LAG Formation Device B PARTNER Port Speed Admin Key 1 100M 100 2 100M 100 3 100M 100 ACTOR Device A Admin Key Port Speed 100 100M 1 100 100M 2 200 100M 3 100 100M 4 100 100M 5 100 1Gb 6 1 100M 100 300 1Gb 7 2 100M 100 400 1Gb 8 3 100M 100 4 100M 100 5 100M 100 6 1Gb 100 7 1Gb 100 8 1Gb 100 LAG 1 LAG 2 Device C Actor ports 1 - 3 on device A directly connect to partner ports 1 - 3 on device B: We have. These matched packets form a data stream or channel that may be captured or may generate events. If single port LAG is enabled, a single port LAG can be created on this device. Using Multicast in Your Network 1. Thisexampleillustratestheoutputofthiscommandusingtheadvrouterparameter. February 23rd, 2018 - View and Download Enterasys N Standalone NSA Series configuration manual online Enterasys Networks Switch Configuration Guide N Standalone NSA Series Switch pdf manual download An Open Letter to Non Natives in Headdresses April 28th, 2018 - my name is tara and I come from an indian back ground as well my grand father was . Monitoring MSTP 15-29 Example 1: Configuring MSTP for Traffic Segregation This example illustrates the use of MSTP for traffic segregation by VLAN and SID. set port inlinepower port-string {[admin {off | auto}] [priority {critical | high | low}] [type type]} admin Enables (auto) or disables (off) PoE on a port. set dhcpsnooping trust port port-string enable 4. A manual pool can be configured using either the clients hardware address (set dhcp pool hardware-address) or the clients client-identifier (set dhcp pool client-identifier), but using both is not recommended. Refer to the CLI Reference for your platform for command details. DHCPv6 Configuration DHCPv6 Pool: pool22 Static Bindings: Binding for Client 00:01:00:06:99:a3:ff:11:22:33:44:55:66:77 IA PD: IA ID not specified, Prefix: 3001:2222::/48 Preferred Lifetime infinite, Valid Lifetime infinite Static Bindings: Binding for Client 00:01:00:06:99:a3:ff:11:22:33:44:55:66:77 IA PD: IA ID not specified, Prefix: 3001:3333::/48 Preferred Lifetime infinite, Valid Lifetime infinite DNS Server: 2001:DB8:222:111::10 DNS Server: 2001:DB8:4444:5555::20 Domain Name: enterasys. Configuring ACLs Procedure 24-1 Configuring IPv4 Standard and Extended ACLs (continued) Step Task Command(s) 6. A value of 0 means that two consecutive SPF calculations are performed one immediately after the other. For information on the command syntax and parameters, refer to the online help or the CLL Reference for your platform. Licensing Advanced Features When adding a new unit to an existing stack, the ports on a switch lacking a licensed feature that has been enabled on the master will not pass traffic until the license has been enabled on the added switch. Both transmit and receive traffic will be mirrored. 23 Configuring VRRP This chapter describes the Virtual Router Redundancy Protocol (VRRP) feature and its configuration. Router: Calls the readers attention to router-specific commands and information. These ports provide a path to the root for attached devices. If the upstream routers outbound list is now empty, it may send a prune message to its upstream router. Thefollowingtabledescribestheoutputofthiscommand. About This Guide This guide provides basic configuration information for the Enterasys Networks Fixed Switch platforms using the Command Line Interface (CLI0, including procedures and code examples. Procedure 19-3 describes the basic steps to configure DVMRP on fixed switches with advanced routing enabled. (Not applicable for super user accounts.) Create a DHCPv6 pool and enter pool configuration mode for that pool. Optionally, modify the LAG port parameters. Thisexampledisplaystheneighborsinthecache. Spanning Tree Basics that port will be selected as root. Procedure 21-1 lists the basic steps to configure RIP and the commands used. Refer to page Syslog Operation By default, Syslog is operational on Enterasys switch devices at startup. The reader should in all cases consult Enterasys Networks to determine whether any such changes have been made. A code example follows the procedure. ACL Configuration Overview The following example displays IPv4 extended access control list 120, then deletes entries 2 and 3, and redisplays the ACL. Using Multicast in Your Network Figure 19-1 IGMP Querier Determining Group Membership IGMP Querier IGMP Query IGMP Membership IGMP Membership Router for 224.1.1.1 Router for 226.7.8.9 Member of 224.1.1.1 Member of 226.7.8.9 As shown in Figure 19-1, a multicast-enabled device can periodically ask its hosts if they want to receive multicast traffic. MAC Locking Response Validation When the MS-CHAP2-Success attribute is received in an access accept RADIUS response frame, it will be validated according to RFC2548 and RFC2759. Configuring Authentication Procedure 10-2 MAC-Based Authentication Configuration (continued) Step Task Command(s) 3. 1.1 IP phone ge. interface {vlan vlan-id | loopback loopbackid } 2. In this way, both upstream and downstream facing ports are protected. VLAN Support on Enterasys Switches If a unicast untagged frame is received on Port 5, it would be classified for VLAN 50. Inspect both the TxQs and IRL support for the installed ports. IP Broadcast Settings the clear arp command to delete a specific entry or all entries from the switch ARP table. Ctrl+D Delete a character. enable|disable Enablesordisablesportwebauthentication. VLAN authorization status Enables or disables globally and per port VLAN authorization. TACACS+ You can also configure TACACS+ to use a single TCP connection for all TACACS+ client requests to a given TACACS+ server. A value of 0x06 indicates that the tunneling medium pertains to 802 media (including Ethernet) Tunnel-Private-Group-ID attribute indicates the group ID for a particular tunneled session. Configuring Port Link Flap Detection Procedure 8-2 Link Flap Detection Configuration (continued) Step Task Command(s) 4. Creating and enabling VLANs with IP interfaces. routing interface A VLAN or loopback interface configured for IP routing. Configuration Guide Firmware 6.61.xx and Higher. Using the viewnames assigned in Step 1, create restricted views for v1/v2c users, and unrestricted views for v3 users. Refer to the CLI Reference for your switch model for more information about each command. Table 18-7 Displaying sFlow Information Task Command to display the contents of the sFlow Receivers Table, or to display information about a specific sFlow Collector listed in the table show sflow receivers [index] To display information about configured poller instances show sflow pollers To display information about configured sampler instances. C5(rw)->ping 10.10.10.1 10.10.10. Reset the MultiAuth authentication idle timeout value to its default value for the specified authentication method. Interface-specific parameters are configured with variations of the Spanning Tree port configuration commands. Note: If this switch will be added to an existing stack, you should install the primary and backup firmware versions that are currently installed on the stack units. Both types of samples are combined in sFlow datagrams. The cost of a virtual link is not configured. Enterasys vertical horizon vh-2402s2: user guide (116 pages) Summary of Contents for Enterasys Matrix-V V2H124-24FX Page 1 Note: The stacking feature requires that all stacking module ports be connected and the switches powered on. Configuring CLI Properties 3-8 CLI Basics. Configuring Authentication If VLAN authorization is not enabled, the tunnel attributes are ignored. set snmp view viewname securedviewname subtree 1 set snmp view viewname securedviewname subtree 0.0 set snmp view viewname unsecuredviewname subtree 1 set snmp view viewname unsecuredviewname subtree 0.0 6. Figure 23-3 Multi-Backup VRRP Configuration Example 172.111.0.0/18 Default Gateway 172.111.1.1 ge.1.1 VLAN 111 172.111.1.1/16 172.111.128.0/18 Default Gateway 172.111.1.150 172.111.64.0/18 Default Gateway 172.111.1.50 VRID 1 172.111.1.1 VRID 2 172.111.1.50 VRID 3 172.111.1.150 Router R1 ge.1.1 VLAN 111 172.111.1.2/16 Router R2 ge.1.2 172.200.2. Spanning Tree Basics Figure 15-8 MSTI 1 in a Region CIST Root 1 MSTI 1 2 5 MST CIST Regional Root 3 4 MSTI 1 Regional Root Legend: Physical Link Blocked VLANs Figure 15-9 MSTI2 in the Same Region MSTI 2 1 5 MST CIST Regional Root 3 2 MSTI 2 Regional Root 4 Legend: Physical Link Blocked VLANs Figure 15-10 on page 15-19 shows 3 regions with five MSTIs. C5(su)->router C5(su)->router>enable C5(su)->router#configure Enter configuration commands: C5(su)->router(Config)#router rip C5(su)->router(Config-router)#exit C5(su)->router(Config)#interface vlan 1 C5(su)->router(Config-if(Vlan 1))#ip address 192.168.63.1 255.255.255. 3. Service ACLs Table 26-8 TACACS+ Show Commands (continued) Task Command Displays only the current TACACS+ session settings. Set the port duplex mode to full. show rmon event set rmon event properties set rmon event status clear rmon event Filter Allows packets to be matched by a filter definition. A relay agent passes DHCP messages between clients and servers which are on different physical subnets. 3. 16 Configuring Policy This chapter provides an overview of Enterasys policy operation, describes policy terminology, and explains how to configure policy on Fixed Switch platforms using the CLI. Configuring Authentication Procedure 10-4 MultiAuth Authentication Configuration Step Task Command(s) 1. Configuring CLI Properties Table 3-2 CLI Properties Configuration Commands (continued) Task Command Set the time (in minutes) an idle console or Telnet set logout timeout CLI session will remain connected before timing out. Type router, then C5(su)->router> Type enable. area area-id virtual-link router-id Refer to Configuring Area Virtual-Links on page 22-12 for more information. Switch (config-if)#ip address {your ip address} {mask} Switch (config-if)#no shutdown Configuration of default gateway takes place in the configuration mode and the command does not include the mask for the ip. DHCP Snooping ------set system service-acl my-sacl deny ip-source 192.168.10.10 mask 255.255.255.255 service ssh priority 1 set system service-acl my-sacl permit port ge.1.1 priority 2 set system service-acl my-sacl permit port ge.1.2 priority 3 set system service-acl my-sacl permit ip-source 10.10.22. How many VLANs will be required? This basic configuration requires the configuration of four interfaces and associated IP addresses. Interpreting Messages Every system message generated by the Enterasys switch platforms follows the same basic format: time stamp address application [unit] message text Example This example shows Syslog informational messages, displayed with the show logging buffer command. Note: Only one IOM containing a memory card slot may be installed in an I-Series switch. Enterasys C5 Gigabit Ethernet Switch Hardware Installation Guide Adryan Ramirez Indicates that the concentration of the hazardous substance in all homogeneous materials in the parts is below the relevant threshold of the SJ/T 11363-2006 standard. This procedure would typically be used when the system is NOT configured for routing. Optionally, enable the TACACS+ client to send multiple requests to the server over a single TCP connection. ip route dest-prefix dest-prefixmask forwarding-rtr-addr [distance] 2. Enabling IGMP globally on the device and on the VLANs. Router R1 Router 1(su)->router(Config)#interface vlan 111 Router 1(su)->router(Config-if(Vlan 111))#ip address 172.111.1.1 255.255.255. Extensible Authentication Protocol (EAP) A protocol that provides the means for communicating the authentication information in an IEEE 802.1x context. When the boot up output is complete, the system prints a Username prompt. In this case, all destinations outside of the stub area are represented by means of a default route. On I-Series only, display contents of memory card. Configuring IPv4 ACLs Procedure 24-1 describes how to configure IPv4 standard and extended ACLs. 100 Procedure 18-1 describes how to configure RMON. Functions and Features Supported on Enterasys Devices Functions and Features Supported on Enterasys Devices Spanning Tree Versions MSTP and RSTP automatically detect the version of Spanning Tree being used on a LAN. show igmpsnooping Display static IGMP ports for one or more VLANs or IGMP groups. Set the minimum rate (in packets per second) of transmitted packets in a sampling interval. Port Configuration Overview By default, Enterasys switch devices are configured to automatically detect the cable type connection, straight through (MDI) or cross-over (MDIX), required by the cable connected to the port. If the address is a multicast or link-local address, then you must also specify the interface to be used to contact the DHCPv6 server. Valid sid values are 04094. Meraki MS Switches Features. Refer to the CLI Reference for your platform for details about the commands listed below. show file directory/filename Delete a file. Disable Telnet inbound while leaving Telnet outbound enabled, and show the current state. Additional Configuration Tasks Setting User Accounts and Passwords Enterasys switches are shipped with three default user accounts: A super-user access account with a username of admin and no password A read-write access account with a username of rw and no password A read-only access account with a username of ro and no password Enterasys recommends that, for security purposes, you set up one or more unique user accounts with passwords and disable the default login accounts. 12-18 Display SNMP traffic counter values. Configuring Policy Table 16-5 on page 16-11 describes how to display policy information and statistics. SNMP Support on Enterasys Switches Table 12-1 SNMP Message Functions (continued) Operation Function get-response Replies to a get-request, get-next-request, and set-request sent by a management station. Terms and Definitions Table 11-7 11-16 Link Aggregation Configuration Terms and Definitions (continued) Term Definition Port Priority Port priority determines which physical ports are moved to the attached state when physical ports of differing speeds form a LAG. Use the set port negotiation command to disable or enable auto-negotiation. Network Engineer Network Engineering Description A network engineer is a technology professional who is highly skilled in maintaining the connectivity of networks in terms of. Lockout is configured at the system level, not at the user account level. Optionally set the MultiAuth authentication idle timeout value for the specified authentication method. Tabl e 112providesanexplanationofthecommandoutput. Systems incident management. Licensing Advanced Features Node-Locked Licensing On the C3, B3, and G3 platforms, licenses are locked to the serial number of the switch to which the license applies. Legacy Protocols If IPX, AppleTalk, DECnet or other protocols should no longer be running on your network, prevent clients from using them. Figure 15-13 shows that with a single Spanning Tree configuration, only a single link towards the root forwards on a bridge. Note: VRRP is an advanced routing feature that must be enabled with a license key. Policy Configuration Example Standard Edge Edge Switch platforms will be rate-limited using a configured CoS that will be applied to the student and faculty, and phoneFS policy roles. Procedure 5-4 Configuring Management Authentication Notification MIB Settings Step Task Command(s) 1. . Table 25-3 lists the tasks and commands. Quality of Service Overview There are up to four areas of CoS configuration depending on what type of hardware resource you want to configure. DHCPv6 Configuration address, a multicast address, or a link-local address. describes the following security features and how to configure them on the Fixed Switch platforms. Searches for the doors matching such a key and verifies that the door is available. Table 14-4 show netstat Output Details. 1 Setting Up a Switch for the First Time This chapter describes how to configure an Enterasys stackable or standalone Fixed Switch received from the factory that has not been previously configured. Configuring the underlying unicast routing protocol (for example, OSPF). Configuration Procedures Procedure 22-3 OSPF Area Configuration (continued) Step Task Command(s) 4. A6500-RC EMERSON16-Channel Output Relay, EMERSON, ACS880 frame size R8i inverter modules can be connected to the drive DC bus through a disconnector (or fuse-switch). Find out what model of switch you are upgrading and what is current version of firmware running on the switch. An ABR keeps a separate copy of the link-state database for each area to which it is connected. Port Priority and Transmit Queue Configuration Port Priority and Transmit Queue Configuration The fixed switch devices allow you to assign mission-critical data to higher priority through the device by delaying less critical traffic during periods of congestion. After setting the index and IP address you are prompted to enter a secret value for this authentication server. Supervise the activation of network interfaces on access switches, support the default . An authentication key has to be trusted to be used with an SNTP server. 21 IPv4 Basic Routing Protocols This chapter describes how to configure the Routing Information Protocol (RIP) and the ICMP Router Discovery Protocol (IRDP). To display non-default information about a particular section of the configuration, such as port or system configuration, use the name of the section (or facility) with the command. Configuring Syslog If, for any reason, an event that is to be sent to the secure log gets dropped, resulting in the failure to record the event, an SNMP trap will be generated. Display current IPv6 management status. 2. GARP Multicast Registration Protocol (GMRP) A GARP application that functions in a similar fashion as GVRP, except that GMRP registers multicast addresses on ports to control the flooding of multicast frames. Port Slot/Unit Parameters Used in the CLI. Table 12-2 SNMP Terms and Definitions Term Definition community A name string used to authenticate SNMPv1 and v2c users. (These drivers are usually provided by the vendor of the adapter cable.) Configuring Link Aggregation The virtual link aggregation ports continue to be designated as lag.0.x, where x can range from 1 to 24, depending on the maximum number of LAGs configured. Both: management-access and network-access. In router global configuration mode, enable DHCPv6. Enterasys Manuals Switch C5G124-24 Configuration manual Enterasys C5G124-24 Configuration Manual Fixed switch platforms Also See for C5G124-24: Quick reference (2 pages) 1 2 3 4 5 6 Table Of Contents 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 show ipsec 2. ThisexampleshowshowtodisplaySNMPcountervalues, Tabl e 86providesanexplanationofthecommandoutput. Configuring VRRP Table 23-1 Default VRRP Parameters (continued) Parameter Description Default Value advertise-interval Specifies the interval between the advertisement the master sends to other routers participating in the selection process. Managing Switch Configuration and Files Displaying the Configuration Executing show config without any parameters will display all the non-default configuration settings. RIP Configuration Example Table 21-2 lists the default RIP configuration values. ARP requests are flooded in the VLAN. Implementao e Suporte em Redes convergentes de Voz e Dados para suporte de toda a Soluo SIEMENS proposta, com estudo de novas tecnologias que se adequam necessidade de novos . Based on the exchanged BPDU information, the spanning tree algorithm selects one of the switches on the network as the root switch for the tree topology. 5 User Account and Password Management This chapter describes user account and password management features, which allow enhanced control of password usage and provide additional reporting of usage. 22 Configuring OSPFv2 This chapter gives a brief overview of OSPFv2 and then presents several configuration scenarios. = [ ] \ ; ? (Optional) Configure the allocation mode for system power available for PoE. This example, which sets the new VLAN as VLAN 2, assumes the management station is attached to ge.1.1, and wants untagged frames. MST region An MSTP group of devices configured together to form a logical region. Also, use this command to append ports to or clear ports from the egress ports list. Configuring a Stack of New Switches 1. set lldp port status {tx-enable | rxenable | both | disable} port-string Enable or disable sending LLDP traps when a remote system change is detected. Precaucin: Contiene informacin esencial para prevenir daar el equipo. Configuring IRDP Configuring IRDP Using IRDP in Your Network The ICMP Router Discovery Protocol (IRDP), described in RFC 1256, enables a host on multicast or broadcast networks to determine the address of a router it can use as a default gateway. Use the dir command to display the contents of the images directory. You may want to set a rate limit that would guard against excessive streaming. Additionally, a received BPDU will be treated as any multicast packet and flooded out all ports. The MST region presents itself to the rest of the network as a single device, which simplifies administration. Using Multicast in Your Network 2. Display MAC authentication configuration or status of active sessions. Automatic IP Address Pools When configuring an IP address pool for dynamic IP address assignment, the only required steps are to name the pool and define the network number and mask for the pool using the set dhcp pool network command. Configuring Authentication Authentication Required Authentication methods are active on the port, based on the global and per port authentication method configured. The order in which servers are queried is based on a precedence value optionally specified when you configure the server. Connecting to a Switch This procedure describes how to connect to a switch. Preventing clients from using legacy protocols such as IPX, Apple Talk, and DECnet that should no longer be running on your network. Policy Configuration Overview Table 16-2 Policy Rule Traffic Descriptions/Classifications Traffic Classification Precedence Level Description macsource Classifies based on MAC source address. 3. Press ENTER to advance the output one line at a time. EAPOL authentication mode When enabled, set to auto for all ports. If authentication is not specified, no authentication will be applied.