enterasys switch configuration guide enterasys switch configuration guide

Based on the exchanged BPDU information, the spanning tree algorithm selects one of the switches on the network as the root switch for the tree topology. 300 seconds. A destination port will only act as a mirroring port when the session is operationally active. Tabl e 112providesanexplanationofthecommandoutput. set mac agetime time 4. Create a DHCPv6 pool and enter pool configuration mode for that pool. 4. RADIUS Management Authentication Procedure 26-2 Configuring IPsec Step Task Command(s) 1. 2. Note: Globally enabling 802.1x on a switch sets the port-control type to auto for all ports. Link Aggregation Overview Table 11-2 LAG Port Parameters (continued) Term Definition Administrative State A number of port level administrative states can be set for both the actor and partner ports. OSPF adjacencies can not be formed on a passive interface. Thisexampledisplaystheoutputofthiscommand. Reviewing SNMP Settings Reviewing SNMP Settings Table 12-5 Commands to Review SNMP Settings Task Command Display SNMPv1/SNMPv2c community names and status. Spanning Tree Basics Spanning Tree Basics This section provides you with a more detailed understanding of how the Spanning Tree operates in a typical network environment. Table 26-3 show macauthentication Output Details. set snmp targetaddr targetaddr ipaddr param param [udpport udpport] [mask mask] [timeout timeout] [retries retries] [taglist taglist] [volatile | nonvolatile] If not specified, udpport will be set to 162. Link Aggregation Configuration Example Table 11-6 LAG and Physical Port Admin Key Assignments Device LAG LAG Admin Key Physical Port Physical Port Admin Key S8 Distribution Switch 1 100 ge.1.1 100 ge.2.1 100 ge.3.1 100 ge.4.1 100 ge.1.2 200 ge.2.2 200 ge.3.2 200 ge.4.2 200 ge.1.21 100 ge.1.22 100 ge.2.23 100 ge.3.24 100 ge.1.21 200 ge.1.22 200 ge.1.23 200 ge.1.24 200 ge.2.17 300 ge.2.19 300 ge.2.22 300 ge.2. 2600, and 2503). DHCP Snooping Procedure 26-6 Basic Configuration for DHCP Snooping Step Task Command(s) 1. For detailed information about the CLI commands used in this book, refer to the CLI Reference for your Fixed Switch platform. If the authentication succeeds, the policy returned by authentication overrides the default port policy setting. If these assumptions are not true, please refer to Chapter 1, Setting Up a Switch for the First Time for more information. IPv6 Routing Configuration Router R2 R2(su)->router R2(su)->router>enable R2su)->router#configure Enter configuration commands: R2(su)->router(Config)#interface vlan 20 R2(su)->router(Config-if(Vlan 20))#ip address 195.167.20.1 255.255.255.0 R2(su)->router(Config-if(Vlan 20))#no shutdown R2(su)->router(Config-if(Vlan 20))#exit R2(su)->router(Config)#interface tunnel 10 R2(su)->router(Config-if(Tnnl 101))#ipv6 address 2001:db8:111:1::20/127 R2(su)->router(Config-if(Tnnl 101))#tunnel source 195.167.20. Thischapterdescribesswitchrelatedloggingandnetworkmanagementcommandsandhowto usethem. Terms and Definitions Table 10-4 Authentication Configuration Terms and Definitions (continued) Term Definition Dynamic Host Configuration Protocol (DHCP) A protocol used by networked clients to obtain various parameters necessary for the clients to operate in an Internet Protocol (IP) network. (The ports are in the ConfigMismatch state.) set port inlinepower port-string {[admin {off | auto}] [priority {critical | high | low}] [type type]} admin Enables (auto) or disables (off) PoE on a port. (For example: security or traffic broadcast containment). VRRP Overview Figure 23-1 Basic VRRP Topology VRID 1 172.111.1.1 Router R1 Router R2 ge.1.1 VLAN 111 172.111.1.1/16 ge.1.1 VLAN 111 172.111.1.2/16 Host 1 172.111.1.100/16 Default Gateway 172.111.1.1 Figure 23-1 shows a basic VRRP topology with a single virtual router. Enterasys Core Switch/Router Commands Enable Untagged Vlans: set port vlan ge.2.1-30 20 set vlan egress 20 ge.2.1-30 untagged reload Enable jumbo frame support: show port jumbo set port jumbo enable ge.2.22-30 Enable LACP: show lacp state <=== to discover global lacp setting status set lacp {disable|enable} Configure DHCP snooping. 1. Note: If this switch will be added to an existing stack, you should install the primary and backup firmware versions that are currently installed on the stack units. Ctrl+H Delete character to left of cursor. With LACP, if a set of links can aggregate, they will aggregate. Optionally, modify the LAG port parameters. 2. Apply power to the new unit. Configuring VLANs Procedure 9-1 Static VLAN Configuration (continued) Step Task Command(s) 7. Configuring SNMP . Type 2. Class of Service is based on the IEEE 802.1D (802. You can do this by doing the following: Connect the switch to PuTTY with a 9-pin serial cable. with the switch, but you must provide your own RJ45 to RJ45 straight-through console cable. Figure 10-4 provides an overview of the fixed switch authentication configuration. 10 Configuring User Authentication This chapter describes the user authentication methods supported by Enterasys fixed switch platforms. Terms and Definitions Table 15-11 Spanning Tree Terms and Definitions (continued) Term Definition Max age Maximum time (in seconds) the bridge can wait without receiving a configuration message (bridge hello) before attempting to reconfigure. It is designed for use where there may be many devices communicating at the same time, and any one of the devices could be the sender at any particular time. If necessary, configure an OSPF virtual link. On ABRs connected to stub areas and NSSAs, configure the cost value for the default route sent into stub areas and NSSAs. The days of the week for which access will be allowed for this user. MAC Locking If a connected end station exceeds the maximum values configured with the set maclock firstarrival and set maclock static commands (a violation). Therefore, Router R2s interface 172.111.1.2 will be Master for VRID 2 handling traffic on this LAN segment sourced from subnets 172.111.64.0/18. Display the current timeout period for aging learned MAC entries/ show mac agetime 3. The stackable fixed switch and standalone fixed switch devices support MAC-based authentication. area area-id virtual-link router-id Refer to Configuring Area Virtual-Links on page 22-12 for more information. When any change is made to the hardware configuration, power supply status, or redundancy mode, the firmware recalculates the power available for PoE. Configuration Guide Firmware 6.61.xx and Higher. Troubleshooting em equipamentos ativos da Rede SIEMENS para VOIP como 3COM, Cisco, Extreme, Foundry, Enterasys (Cabletron) (Routers e Switch's Level 2 e 3. Step 10. If Spanning Tree is disabled globally all linked ports will be in a forwarding state and the Spanning Tree Protocol will not run. Thisexampleshowshowtodisplay802.1Xstatus: Thisexampleshowshowtodisplayauthenticationdiagnosticsinformationforge.1.1: Thisexampleshowshowtodisplayauthenticationstatisticsforge.1.1: ThisexampleshowshowtodisplayMACauthenticationinformationforge.2.1through8: Tabl e 263providesanexplanationofthecommandoutput. Stops any pending grafts awaiting acknowledgments. User Manuals, Guides and Specications for your Enterasys C5K175-24 Switch. Refer to the CLI Reference for your platform for more information about these commands. Basic Network Monitoring Features Network Diagnostics Fixed Switch network diagnostics provide for: Pinging another node on the network to determine its availability Performing a traceroute through the IP network to display a hop-by-hop path from the device to a specific destination host Use the ping command, in switch mode or in router privileged exec mode, to determine whether the specified node is available. For detailed information about the CLI commands used in this book, refer to the CLI Reference for your Fixed Switch platform. set igmpsnooping adminmode {enable | disable} Enable or disable IGMP on one or all ports. Whether the switch enforces aging of system passwords. The two switches are connected to one another with a high speed link. Remote port mirroring involves configuration of the following port mirroring related parameters: 1. It is auto configured with the cost of the intra-area path between the two ABRs that make up the virtuallink. Factory Default Settings Table 4-1 Default Settings for Basic Switch Operation (continued) Feature Default Setting Console (serial) port required settings Baud rate: 9600 Data bits: 8 Flow control: disabled Stop bits: 1 Parity: none DHCP server Disabled. A relay agent passes DHCP messages between clients and servers which are on different physical subnets. * or ge.1.1-48) assign egress vlan: set vlan egress X ge.1.x untagged ACLs on the A4 are described separately in this chapter since ACL support on the A4 is different from the support on the other Fixed Switch platforms. Link Aggregation Control Protocol (LACP) is described in Chapter 11, Configuring Link Aggregation. You can enable it using the set igmpsnooping adminmode command on Enterasys stackable and standalone devices as described in Configuring IGMP on page 19-15. Spanning Tree Basics RSTP Operation RSTP optimizes convergence by significantly reducing the time to reconfigure the networks active topology when physical topology or configuration parameter changes occur. Using Multicast in Your Network 1. About Security Audit Logging The secure.log file stored in the secure/logs directory cannot be deleted, edited, or renamed. 1. C5(su)->set policy rule 1 ipsourcesocket 1.2.3. Thefollowingtabledescribestheoutputfields. This document is an agreement (Agreement) between the end user (You) and Enterasys Networks, Inc. Moldova, Mongolia, North Korea, the Peoples Republic of China, Russia, Tajikistan, Turkmenistan, Ukraine, Uzbekistan, Vietnam, or such other countries as may be designated by the United States Government), (ii) export to Country Groups D:1 or E:2 (as defined herein) the direct product of the Program or the technology, if such foreign produced direct product is subject to national security controls as identified on the U.S. 13. Configuring OSPF Areas Configuring Area Virtual-Link Authentication An area virtual-link can be configured for simple authentication. Thisexampleenablesmulticastfloodprotection. In this configuration, an interface on VLAN 111 for Router R1 or Router R2, or VRID 1, 2, or 3 fails, the interface on the other router will take over for forwarding outside the local LAN segment. ACL Configuration Overview 2: deny ip 30.0.0.1 0.0.255.255 any 3: deny ip 40.0.0.1 0.0.255.255 any 4: permit ip any any Inserting ACL Rules When you enter an ACL rule, the new rule is appended to the end of the existing rules by default. ieee The Enterasys device uses only the IEEE 802. MACs are unlocked as a result of: A link down event When MAC locking is disabled on a port When a MAC is aged out of the forwarding database when FirstArrival aging is enabled When properly configured, MAC locking is an excellent security tool as it prevents MAC spoofing on configured ports. The sources DR registers (that is, encapsulates) and sends multicast data from the source directly to the RP via a unicast routing protocol (number 1 in figure). To display additional screen output: Press any key other than ENTER to advance the output one screen at a time. Neighbor Discovery Overview connected neighbors. Configuring IRDP The following code example enables IRDP on VLAN 10, leaving all default values, and then shows the IRDP configuration on that VLAN. Table 18-7 Displaying sFlow Information Task Command to display the contents of the sFlow Receivers Table, or to display information about a specific sFlow Collector listed in the table show sflow receivers [index] To display information about configured poller instances show sflow pollers To display information about configured sampler instances. VLAN Static Membership by Port VLAN Port Configuration Type configure from Privileged EXEC mode. Configuring VLANs Figure 9-3 Example of VLAN Propagation Using GVRP Switch 3 Switch 2 R 2D 1 3 1 D R Switch 1 1 R 2 End Station A D 3 D 1 R D Switch 4 1 R Switch 5 R = Port registered as a member of VLAN Blue = Port declaring VLAN Blue VLANpropagation GVMP Note: If a port is set to forbidden for the egress list of a VLAN, then the VLANs egress list will not be dynamically updated with that port. The RP router, for the group, is selected by using the hash algorithm defined in RFC 2362. Attaches the port to the aggregator used by the LAG, and detaches the port from the aggregator when it is no longer used by the LAG. IP forward-protocol Enabled with no port specified. IPv6 Routing Configuration Procedure 25-4 Configuring Static Routers Step Task Command(s) 1. Authentication Configuration Example In an 802.1x configuration, policy is specified in the RADIUS account configuration on the authentication server using the RADIUS Filter-ID. If LAG members with different port speeds should tie for the lowest port priority, the LAG member with the lowest port number breaks the tie. Configuring VRRP The master advertise-interval is changed to 2 seconds for VRID 1. You may want to set a rate limit that would guard against excessive streaming. Upon receipt, the RADIUS client software will calculate its own authenticator response using the information that was passed in the MS-CHAP2-Response attribute and the user's passed clear text password. This attribute contains the 42 byte authenticator response. Systems incident management. User Authentication Overview devices that do not support 802.1x or web authentication. Configuring DVMRP System1(su)->router#configure Enter configuration commands: System1(su)->router(Config)#ip igmp System1(su)->router(Config)#ip dvmrp System1(su)->router(Config)#interface vlan 1 System1(su)->router(Config-if(Vlan 1))#ip address 192.0.1.2 255.255.255. After setting the index and IP address you are prompted to enter a secret value for this authentication server. Configuring Authentication Note: User + IP Phone authentication is not supported on the I-Series With User + IP Phone authentication, the policy role for the IP phone is statically mapped using a policy admin rule which assigns any frames received with a VLAN tag set to a specific VID (for example, Voice VLAN) to a specified policy role (for example, IP Phone policy role). I I worked on Planning cabling, planning and configuring switch and LAN security infrastructure. PoE is not supported on the I-Series switches. A feature exists to allow the creation of a single port LAG that is disabled by default. User Authentication Overview Value: Indicates the type of tunnel. SEVERABILITY. Violating MAC addresses are dropped from the devices (or stacks) filtering database.