enterasys switch configuration guide

Enterasys devices support version 2 of the PIM protocol as described in RFC 4601 and draft-ietfpim-sm-v2-new-09. Specification Guide (English) Quick Setup Guide (English) User Manual (English) Installation Instruction (English) DFE (PLATINUM) WITH 60 10 100 1000BASE-T 7G4202-60 (7) Router 2 forwards the multicast stream to Host 2. interface vlan vlan-id 2. set port vlan port-string vlan-id no shutdown ip address ip-addr ip-mask 3. Figure 25-1 Basic IPv6 Over IPv4 Tunnel Router R1 Router R2 VLAN 20 195.167.20.1 Tunnel 10 IPv6 Addr: 2001:DB8:111:1::20/127 Tunnel Source: 195.167.20.1 Tunnel Destination: 192.168.10.1 VLAN 10 192.168.10.1 Tunnel 10 IPv6 Addr: 2001:DB8:111:1::10/127 Tunnel Source: 192.168.10.1 Tunnel Destination: 195.167.20. Removing Units from an Existing Stack Use clear ip address to remove the IP address of the stack. Refer to page ACL Configuration Overview Inserting a new ACL rule entry into an ACL Moving an ACL rule to a new location in an ACL Apply the ACL to VLAN interfaces, to ports, or to Link Aggregation ports. User Account Overview The start and end hour and minute time period for which access will be allowed for this user based upon 24 hour time. show port [port-string] Display operating and admin status, speed, duplex mode and port type for one or more ports on the device. C5(su)->router(Config)#show access-lists 121 Extended IP access list 121 1: deny ip 10.0.0.1 0.0.255. Using the viewnames assigned in Step 1, create restricted views for v1/v2c users, and unrestricted views for v3 users. Connect the RJ45 connector at one end of the cable to the RJ45 console port on the D2 . Display the current IPsec settings. MSTI Multiple Spanning Tree Instance. Network Engineer Network Engineering Description A network engineer is a technology professional who is highly skilled in maintaining the connectivity of networks in terms of. show mgmt-auth-notify 2. IP packets are not encapsulated in any further protocol headers as they transit the Autonomous System (AS). Using Multicast in Your Network Figure 19-1 IGMP Querier Determining Group Membership IGMP Querier IGMP Query IGMP Membership IGMP Membership Router for 224.1.1.1 Router for 226.7.8.9 Member of 224.1.1.1 Member of 226.7.8.9 As shown in Figure 19-1, a multicast-enabled device can periodically ask its hosts if they want to receive multicast traffic. Password Reset Button Functionality Procedure 5-3 Configuring System Password Settings (continued) Step Task Command(s) 2. Configuring PoE Procedure 7-3 PoE Configuration for G-Series Devices (continued) Step Task Command(s) 7. Enabling the multicast protocol(s) on configured interfaces. Refer to the CLI Reference for your platform for command details. For information about security modes and profiles, see Chapter 26, Configuring Security Features. 23 Configuring VRRP This chapter describes the Virtual Router Redundancy Protocol (VRRP) feature and its configuration. How many VLANs will be required? In this sense, QoS is the third step in a three step process. On all switching devices, the default Spanning Tree version is set to MSTP (802.1s) mode. Table 8-3 Link Flap Detection Show Commands Task Command Display whether the port is enabled for generating an SNMP trap message if its link state changes. Setup and maintained DNS, WINS and DHCP servers. Refer to page Configuring RIP 21-1 Configuring IRDP 21-5 Configuring RIP Using RIP in Your Network The fixed switches support Routing Information Protocol (RIP) Version 1 and 2. If LAG members with different port speeds should tie for the lowest port priority, the LAG member with the lowest port number breaks the tie. Cisco Nexus 5000 Series NX-OS Software Configuration Guide If Spanning Tree is disabled globally all linked ports will be in a forwarding state and the Spanning Tree Protocol will not run. Optionally, enable single port LAGs on the device. OSPF Overview The OSPF protocol is designed expressly for the TCP/IP internet environment. Configuring RIP Procedure 21-1 Basic RIP Configuration (continued) Step Task Command(s) 3. Table 25-9 show ipv6 ospf neighbor Output Details, Overview of Authentication and Authorization Methods. context A subset of MIB information to which associated users have access rights. Terms and Definitions 15-38 Configuring Spanning Tree. The following port administrative states are set by default: lacpactive - Transmitting LACP PDUs is enabled. set vlan create vlan-id Create a routed interface for the VLAN in router configuration mode. set snmp targetaddr targetaddr ipaddr param param [udpport udpport] [mask mask] [timeout timeout] [retries retries] [taglist taglist] [volatile | nonvolatile] If not specified, udpport will be set to 162. Figure 15-5 on page 15-11 presents a root port configuration for Bridge B determined by the port priority setting. IP-directed broadcasts Disabled. . Use the set port negotiation command to disable or enable auto-negotiation. S-Series - Extreme Networks Achtung: Verweit auf wichtige Informationen zum Schutz gegen Beschdigungen. Spanning Tree Basics designated port (Figure 15-6, call out 6), takes the role of backup port. With cloud management, thousands of switch ports can be configured and monitored instantly over the web. Configuring SNMP enterasys(su)->set snmp view viewname RW subtree 0.0 enterasys(su)->set snmp view viewname RW subtree 1.3.6.1.6.3.13.1 excluded enterasys(su)->set snmp targetparams TVv1public user public security-model v1 message processing v1 enterasys(su)->set snmp targetaddr TVTrap 10.42.1.10 param TVv1public taglist TVTrapTag enterasys(su)->set snmp notify TVTrap tag TVTrapTag Adding to or Modifying the Default Configuration By default, SNMPv1 is configured on Enterasys switches. ACLs on the A4 are described separately in this chapter since ACL support on the A4 is different from the support on the other Fixed Switch platforms. Using Multicast in Your Network Generation ID gen id: 1331801871 10.5.40.0/255.255.255.0 [2] via neighbor: 10.5.50.1 Uptime: 66704 , expires: 0 version: 3 Generation ID gen id: 1331805217 10.5.50.0/255.255.255.0 [0] via neighbor: direct 10.5.51.0/255.255.255.0 [0] via neighbor: direct direct direct Uptime: 3615 , expires: 0 version: 3 10.5.70.0/255.255.255.0 [3] via neighbor: Uptime: 66716 , expires: 0 version: 3 10.5.60.0/255.255.255. Downloading Firmware via the Serial Port Boot Menu Version 06.61.xx 12-09-2011 Options available 1 - Start operational code 2 - Change baud rate 3 - Retrieve event log using XMODEM (64KB). The policy VLAN will always be used unless an Ether type-to-VLAN classification rule exists and is hit. Neighbor Discovery Overview There are two primary LLDP-MED device types (as shown in Figure 13-2 on page 13-5): 13-4 Network connectivity devices, which are LAN access devices such as LAN switch/routers, bridges, repeaters, wireless access points, or any device that supports the IEEE 802.1AB and MED extensions defined by the standard and can relay IEEE 802 frames via any method. TheCLIsupportsEMACslikelineeditingcommands.Tabl e 13listssomecommonlyused commands. 1518 capture loadsize The RMON capture maximum number of cotets from each packet to be downloaded from the buffer. Refer to the CLI Reference for your platform for more information about the commands listed below. Enterasys->show spantree nonforwardingreason port lag.0.2 Port lag.0.2 has been placed in listening or blocking state on SID 0 by the LoopProtect feature. show config [all | facility | memcard] Display the contents of a file located in the configs or logs directory. Downloading New Firmware or just want to verify the contents of the images directory, refer to Deleting a Backup Image File on page 1-5 for more information. Policy classification Classification rules are automatically enabled when created. Policy-Based VLANs Rather than making VLAN membership decisions simply based on port configuration, each incoming frame can be examined by the classification engine which uses a match-based logic to assign the frame to a desired VLAN. Any of the management interfaces, including VLAN routing interfaces, can be configured as the source IP address used in packets generated by the TACACS+ client. Enterasys Manuals Switch C5G124-24 Configuration manual Enterasys C5G124-24 Configuration Manual Fixed switch platforms Also See for C5G124-24: Quick reference (2 pages) 1 2 3 4 5 6 Table Of Contents 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 1. A typical situation occurs when a host requests an IP address with no DHCP server located on that segment. 3. The client queries these configured SNTP servers at a fixed poll-interval configured using the set sntp poll-interval command. Policy Configuration Example Policy Configuration Example This section presents a college-based policy configuration example. Phone: +1 978 684 1000 E-mail: support@enterasys.com WWW: http://www.enterasys.com (c) Copyright Enterasys Networks, Inc. 2011 Chassis Serial Number: Chassis Firmware Revision: 093103209001 06.61.01.0017 Last successful login : WED DEC 07 20:23:20 2011 Failed login attempts since last login : 0 C5(su)-> 7. set dhcpsnooping enable 2. IPv6 Neighbor Discovery Neighbor Solicitation Messages Neighbor Solicitation messages are sent on the local link to determine the link-local address of another node on the link, as well as to verify the uniqueness of a unicast address for DAD. If a DHCP relay agent or local DHCP server co-exist with the DHCP snooping feature, DHCP client messages will be sent to the DHCP relay agent or local DHCP server to process further. Configuration parameters and stacking information can also be cleared on the master unit only by selecting the restore configuration to factory defaults option from the boot menu on switch startup. Configuring Authentication The following code example: Creates and names two VLANS, one for the users and one for the phones. The system is tolerant to packet loss in the network. 11 Configuring Link Aggregation This chapter describes how to configure link aggregation on the fixed switch platforms. Quality of Service Overview queue 2 has access to its percentage of time slices, and so on round robin. Also configured are two loopback interfaces, to use for the router IDs. Stateless autoconfiguration is part of Router Advertisement and the Enterasys Fixed Switches can support both stateless and stateful autoconfiguration of end nodes. STP allows for the automatic reconfiguration of the network. Interface-specific parameters are configured with variations of the Spanning Tree port configuration commands. Configuring Cisco Discovery Protocol 13-14 Configuring Neighbor Discovery. Refer to Licensing Advanced Features on page 4-8 for more information. Be sure that your serial connection is set properly: Baud rate: 115200 bps (for 5420, 5520, X435, X465, X590, X690, X695, and X870 models) Baud rate: 9600 bps (for other models) Data bits: 8 Stop bit: 1 Parity: none Flow control: none Type router, then C5(su)->router> Type enable. After the switch resets, return to global router configuration mode, create the ACL and define the rules. A numeric and mnemonic value for each application is listed with the severity level at which logging has been configured and the server(s) to which messages will be sent. lacptimeout - Transmitting LACP PDUs every 30 seconds. When a port mirror is created, the mirror destination port is removed from the egress list of VLAN 1 after a reboot. Display Telnet status show telnet 3. clear multiauth idle-timeout auth-method 3. Configuring IGMP Snooping. The PVID determines the VLAN to which all untagged frames received on the port will be classified. This procedure would typically be used when the system is NOT configured for routing. Both types of samples are combined in sFlow datagrams. Note: The v1 parameter in this example can be replaced with v2 for SNMPv2c configuration. The message is forwarded on all trusted interfaces in the VLAN. Configuring PoE Class mode, in which the PoE controller manages power based on the IEEE 802.3af/.3at definition of the class limits advertised by the attached devices, with the exception that for class 0 and class 4 devices, actual power consumption will always be used. ExtremeXOS User Guide Configuring MSTP Example 2: Configuring MSTP for Maximum Bandwidth Utilization This example illustrates the use of MSTP for maximum bandwidth utilization. ThisexampleshowshowtodisplaySNMPcountervalues, Tabl e 86providesanexplanationofthecommandoutput. + Configuring OSPF Areas OSPF allows collections of contiguous networks and hosts to be grouped together. C5(su)->router(Config)#show access-lists 120 Extended IP access list 120 1: deny ip 20.0.0.1 0.0.255.255 any 2: deny ip 30.0.0.1 0.0.255.255 any 3: deny ip 40.0.0.1 0.0.255.255 any 4: permit ip any any C5(su)->router(Config)#no access-list 120 2 3 C5(su)->router(Config)#show access-lists 120 Extended IP access list 120 1: deny ip 20.0.0.1 0.0.255. Configuring PoE Stackable B5 and C5 Devices Procedure 7-2 PoE Configuration for Stackable B5 and C5 Devices Step Task Command(s) 1. Understanding and Configuring Loop Protect Communicating port non-forwarding status through traps and syslog messages Disabling a port based on frequency of failure events Port Modes and Event Triggers Ports work in two Loop Protect operational modes. ThisexampleshowshowtodisplayLLDPconfigurationinformation. S, K, and 7100 Series CLI Reference Guide for Version 8.41 Aug 2015 In interface configuration mode, configure an IP address for all routing interfaces in the AS. 2. Configuring DVMRP System(su)->router(Config-if(Vlan 1))#exit System(su)->router(Config)#interface vlan 2 System(su)->router(Config-if(Vlan 2))#ip igmp enable System(su)->router(Config-if(Vlan 2))#exit IGMP Display Commands Table 19-5 lists Layer 2 IGMP show commands for Enterasys stackable and standalone devices. Configuring Policy Table 16-5 on page 16-11 describes how to display policy information and statistics. Highly accomplished Network engineering professional with 10+ years of experience in designing, deploying, migrating and supporting critical systems. Optionally, change the authentication protocol. The PIM specifications define several modes or methods by which a PIM router can build the distribution tree. Dynamic ARP Inspection Table 26-13 Displaying Dynamic ARP Inspection Information (continued) Task Command To display the ARP configuration of one or more VLANs show arpinspection vlan vlan-range To display ARP statistics for all DAI-enabled VLANs or for specific VLANs show arpinspection statistics [vlan vlan-range] Table 26-14 Managing Dynamic ARP Inspection Task Command To remove additional optional ARP validation parameters that were previously configured. Refer to the CLI Reference for your platform for more information about the commands listed below. (These drivers are usually provided by the vendor of the adapter cable.) Determine which ports will be connected to the DHCP server and configure them as trusted ports. The higher priority traffic through the device is serviced first before lower priority traffic. The ARP Table This example shows output from a successful ping to IP address 182.127.63.23: C5(su)->router#ping 182.127.63.23 182.127.63.23 is alive Use the traceroute command to display a hop-by-hop path through an IP network from the device to a specific destination host. 2. Configuring SNMP enterasys(su)-> set snmp notify SNMPv3TrapGen tag v3TrapTag inform How SNMP Will Process This Configuration As described in How SNMP Processes a Notification Configuration on page 12-7, if the SNMP agent on the device needs to send an inform message, it looks to see if there is a notification entry that says what to do with inform messages. When Router R1 comes up again, it would take over as master, and Router R2 would revert to backup. Basic PIM-SM configuration includes the following steps: 1. Please consult the release notes or configuration guide to properly configure a static multicast Filter Database Entry for: 00-00-00-00-00-00 on vlan.0.123 . Active Cisco 800 Series Router Configuration. * or ge.1.1-48) assign egress vlan: set vlan egress X ge.1.x untagged Automatic IP Address Pools When configuring an IP address pool for dynamic IP address assignment, the only required steps are to name the pool and define the network number and mask for the pool using the set dhcp pool network command. C5(rw)->show users Session User Location -------- ----- -------------------------* console telnet admin console (via com.1.1) rw 134.141. UsethiscommandtodisplayLLDPconfigurationinformation. System Priority Value used to build a LAG ID, which determines aggregation precedence. Table 24-1 Output of show ipv6 dhcp interface Command. Management Authentication Notification MIB Functionality Refer to the CLI Reference for your platform for detailed information about the commands listed below in Procedure 5-4. Syslog combines this value and the severity value to determine message priority. Connect a null-modem DB9 to DB9 cable between the computer's serial port and the switch; use serial communication settings 9600, n, 8, 1. Table 15-2 provides a summary of STP port roles. IPv6 Neighbor Discovery Testing Network Connectivity Use the ping ipv6 command to determine whether another device is on the network. GVRP must be enabled to allow creation of dynamic VLANs. This enables you to set the IP address and system password using a single console port. Port Configuration Overview maximum number of packets which can be received per second with the set port broadcast command: Maximum packet per second values are: 148810 for Fast Ethernet ports 1488100 for 1-Gigabit ports. All operational ports which are not root, alternate or backup are designated ports. Auto-negotiation is enabled by default. DHCP Configuration C5(su)->router(Config)#exit C5(su)->router#exit C5(su)->router>exit C5(su)->set dhcp enable C5(su)->set dhcp pool autopool2 network 6.6.0.0 255.255.0.0 Managing and Displaying DHCP Server Parameters Table 4-6 lists additional DHCP server tasks. Licensing Advanced Features Node-Locked Licensing On the C3, B3, and G3 platforms, licenses are locked to the serial number of the switch to which the license applies. Configuring SNMP Subtree OID Subtree mask View Type Storage type Row status = = = = = 1.3.6.1.2.1 View Name Subtree OID Subtree mask View Type Storage type Row status = = = = = = All 1.3.6.1.2.1.2 included nonVolatile active excluded nonVolatile active You can test this configuration using any MIB browser directed to the IP of the configured device and using the default community name public associated with the view All. assign ingress vlan using: set port vlan [port-string] X port string is the port number. 2 Set the PC serial port to 9600-n-8-1 with either XON/XOFF or no flow control. Password Management Overview guest read-only enabled 0 0 no 00:00 24:00 mon tue wed Password Management Overview Individual user account passwords are configured with the set password command. Configuring PIM-SM R1(su)->router(Config)#interface vlan 3 R1(su)->router(Config-if(Vlan 3))#ip address 172.1.2.1 255.255.255.0 R1(su)->router(Config-if(Vlan 3))#ip igmp enable R1(su)->router(Config-if(Vlan 3))#ip ospf enable R1(su)->router(Config-if(Vlan 3))#ip pimsm enable R1(su)->router(Config-if(Vlan 3))#no shutdown R1(su)->router(Config-if(Vlan 3))#exit R1(su)->router(Config)#interface vlan 4 R1(su)->router(Config-if(Vlan 4))#ip address 172.1.3.1 255.255.255. Procedure 25-5 Neighbor Discovery Configuration Step Task Command(s) 1. Refer to page. Hany Eskarous - Information Technology Solutions Specialist & Accounts Though it is possible to configure policy from the CLI, CLI policy configuration in even a small network can be prohibitively complex from an operational point of view. Enable OSPF in the interface. Dynamic ARP Inspection Dynamic ARP Inspection Configuration set arpinspection vlan 10 set arpinspection trust port ge.1.1 enable Routing Example T Note: This example applies only to platforms that support routing. Additional Configuration Tasks current.log Deleting a Backup Image File Since the stackable and standalone switches can store only two firmware images at a time, you may have to delete a backup image, if one exists, before you can manually download a new firmware image. 2600, and 2503). Dynamic VLAN authorization is not reflected in the show port vlan display. However, Enterasys Networks strongly recommends that you use NetSight Policy Manager, not CLI commands, to configure policy in your network. The terminology associated with CoS configuration is introduced in Table 17-1. Port auto-negotiation Enabled on all ports. Fast Ethernet Switches. Table 24-2 Output of show ipv6 dhcp statistics Command (Continued). 5 User Account and Password Management This chapter describes user account and password management features, which allow enhanced control of password usage and provide additional reporting of usage. In router configuration mode, optionally enable route redistribution of non-RIP protocol routes. In this case, all destinations outside of the stub area are represented by means of a default route. Enabling DVMRP globally on the device and on the VLANs. The setting is critical and should only be done by someone familiar with the 802.1Q standard. Systems incident management. Table 17-1 CoS Configuration Terminology Term Description CoS Setting Maps configured resources to a CoS index. Figure 15-6 presents an overview of Spanning Tree port roles. Interpreting Messages Every system message generated by the Enterasys switch platforms follows the same basic format: time stamp address application [unit] message text Example This example shows Syslog informational messages, displayed with the show logging buffer command. Configuring OSPF Areas Router 3(su)->router(Config-router)#area 0.0.0.1 stub no-summary Router 3(su)->router(Config-router)#area 0.0.0.1 default-cost 15 Router 5 Router 5(su)->router(Config)#router ospf 1 Router 5(su)->router(Config-router)#area 0.0.0.2 stub Router 5(su)->router(Config-router)#area 0.0.0.2 default-cost 15 Router 6 Router 6(su)->router(Config)#router ospf 1 Router 6(su)->router(Config-router)#area 0.0.0.2 stub Router 6(su)->router(Config-router)#area 0.0.0. Optionally, change the administratively assigned key for each aggregation on the device. show snmp group groupname grpname Display an SNMP groups access rights. Paths to Root If the bridge is not elected as root, one or more ports provide a path back to the root bridge. The port cost value may also be administratively assigned using the set spantree adminpathcost command. Refer to the CLI Reference for your platform for command details. Authentication Configuration Example Authentication Configuration Example Our example covers the three supported stackable and fixed switch authentication types being used in an engineering group: end-user stations, an IP phone, a printer cluster, and public internet access.