enterasys switch configuration guide

Enterasys Fixed Switching Configuration Guide Firmware 6.61. Here is the Enterasys MST configs: C2 (rw)->show spantree mstilist Configured Multiple Spanning Tree Instances: 11 12 C2 (rw)->show spantree mstcfgid MST Configuration Identifier: Format Selector: 0 Configuration Name: LKS Revision Level: 1 Configuration Digest:c8:02:17:44:25:20:9e:ea:66:13:94:79:6a:f4:c5:96 C2 (rw)-> C2 (rw)->show spantree mstmap set ipsec encryption {3des | aes128 | aes192 | aes256} 4. ThiscommandclearsIPv6DHCPstatistics,eitherallstatisticsoronlyforaspecificinterface. Procedure 4-4 DHCP Server Configuration on a Non-Routing System Step Task Command(s) 1. If single port LAG is enabled, a single port LAG can be created on this device. 3 CLI Basics This chapter provides information about CLI conventions for stackable and standalone switches and CLI properties that you can configure. Any authentication requests to this authentication server must present the correct secret value to gain authentication. Use this command to manually unlock a port that was locked by the SpanGuard function. Syslog Components and Their Use Table 14-1 describes the Enterasys implementation of key Syslog components. Once the desired master unit has been selected, reset the system using the reset command. Apply power to the new unit. Configuring IGMP Snooping. . RSTP is defined in the IEEE 802.1w standard. Table 20-9 show ip pimsm interface vlan Output Details, Table 20-10 show ip pimsm interface stats Output Details. Set the SNMP target address for notification message generation. Type router, then C5(su)->router> Type enable. The set inlinepower mode command is set to auto, which means that the power available for PoE (150W) is distributed evenly75W to each PoE module. Refer to page ACL Configuration Overview Inserting a new ACL rule entry into an ACL Moving an ACL rule to a new location in an ACL Apply the ACL to VLAN interfaces, to ports, or to Link Aggregation ports. Strict Priority Queuing With Strict Priority Queuing, a higher priority queue must be empty before a lower priority queue can transmit any packets. Thisexampledisplaystheneighborsinthecache. interface {vlan vlan-id | loopback loopbackid } 2. 2. Terms and Definitions Table 11-7 11-16 Link Aggregation Configuration Terms and Definitions (continued) Term Definition Port Priority Port priority determines which physical ports are moved to the attached state when physical ports of differing speeds form a LAG. Procedure 18-2 Configuring sFlow Step Task Command(s) 1. Quality of Service Overview Figure 17-4 Hybrid Queuing Packet Behavior Rate Limiting Rate limiting is used to control the rate of traffic entering (inbound) a switch per CoS. Rate limiting allows for the throttling of traffic flows that consume available bandwidth, in the process providing room for other flows. For a subnet with the address 192.168.12.0/24, the directed broadcast address would be 192.168.12.255. switch# show ip igmp snooping groups [[vlan] vlan-id] [detail] When a packet is received, the packet is mapped to a CoS index based on the packet 802.1 priority, port, and policy role, if a policy role is present. Extensible Authentication Protocol (EAP) A protocol that provides the means for communicating the authentication information in an IEEE 802.1x context. Forwarding is enabled by default ipv6 forwarding Set the value of the hop limit field in IPv6 packets originated by this device. With the exception of A4 ACLs, all ACLs are terminated with an implicit deny all rule. A typical network may contain multiple MST regions as well as separate LAN segments running legacy STP and RSTP Spanning Tree protocols. Basic OSPF Topology Configuration OSPF Router Types OSPF router type is an attribute of an OSPF process. Using Multicast in Your Network PIM Support on Enterasys Devices Note: PIM is supported on Enterasys fixed switches on which advanced routing has been enabled. Strict priority queuing is illustrated in Figure 17-2. Connects a PC to the network providing internet only access to the network. set snmp user v3user remote 800007e5804f190000d232aa40 privacy despasswd authentication md5 md5passwd Note: You can omit the 0x from the EngineID. Sets the number of users to 2 on all the user ports. 3. If it is, then the sending device proceeds as follows. 3. Creating and enabling VLANs with IP interfaces. Quality of Service Overview Figure 17-1 Is propagated through the network in the protocol packet header Assigning and Marking Traffic with a Priority The ICMP protocol, used for error messaging, has a low bandwidth requirement, with a high tolerance for delay and jitter, and is appropriate for a low priority setting. 3. Configure the owner identity string and timeout value for an sFlow Collector in the switchs sFlow Receivers Table set sflow receiver index owner owner-string timeout timeout 2. set port duplex port-string full 5. Figure 3-2 Sample CLI Defaults Description Syntax show port status [port-string] Defaults If port-string is not specified, status information for all ports will be displayed. The RP de-encapsulates each register message and sends the resulting multicast packet down the shared tree. Set to 30 seconds for non-broadcast networks. Routers R1 and R2 are both configured with one virtual router (VRID 1). Configuring CLI Properties 3-8 CLI Basics. Enterasys Networks, Inc. Firmware License Agreement BEFORE OPENING OR UTILIZING THE ENCLOSED PRODUCT, CAREFULLY READ THIS LICENSE AGREEMENT. IPv6 Neighbor Discovery Neighbor Solicitation Messages Neighbor Solicitation messages are sent on the local link to determine the link-local address of another node on the link, as well as to verify the uniqueness of a unicast address for DAD. Table 25-3 Setting Routing General Parameters Task Command(s) Enable or disable IPv6 forwarding. Access Control Lists on the A4 Table 24-1 ACL Rule Precedence (continued) ACL Type and Rule Priority Example IP SIP any DIP exact 18 permit any 10.0.1.22 IP SIP any DIP any 17 deny any any MAC SA any DA any 16 deny any any Rule actions include: Deny drop the packet. Terms and Definitions Configuring the Public Area PWA Station The public area PWA station provides visitors to your business site with open access to the internet, while at the same time isolating the station from any access to your internal network. Monitoring MSTP 15-29 Example 1: Configuring MSTP for Traffic Segregation This example illustrates the use of MSTP for traffic segregation by VLAN and SID. Upon receipt, the RADIUS client software will calculate its own authenticator response using the information that was passed in the MS-CHAP2-Response attribute and the user's passed clear text password. EAPOL authentication mode When enabled, set to auto for all ports. (8) When it no longer wants to receive the stream, Host 2 can do one of the following: - Send a leave message to Router 2. Switch Configuration Using CLI Commands Guidelines for Rackmount Installation Attaching Brackets and Installing in Rack About SecureStack Switch Operation in a Stack 44 Recommended Procedures to Install New and Existing Stacks Installing a New Stackable System of Up to Eight Switches Adding a New Switch to an Existing Stack Important show port status port-string Example This example shows how to configure port ge.2.1 in the G3G-24SFP module to operate with a 100BASE-FX transceiver installed. Advanced Configuration Overview Procedure 4-1 contains the steps to assign an IP address and configure basic system parameters. This example, which sets the new VLAN as VLAN 2, assumes the management station is attached to ge.1.1, and wants untagged frames. show ip mroute [unicast-source-address | multicast-group-address] [summary] Refer to the devices CLI Reference Guide, as applicable, for an example of each commands output. Table 19-5 Layer 2 IGMP Show Commands Task Command Display IGMP snooping information. Configuring VRRP The master advertise-interval is changed to 2 seconds for VRID 1. If authentication is not specified, no authentication will be applied. Policy Configuration Overview regardless of the number of moves, adds, or changes to the policy role, Policy Manager automatically enforces roles on Enterasys security-enabled infrastructure devices. PDF ExtremeXOS Quick Guide - Paul T Clark Understanding How VLANs Operate Shared Virtual Local Area Network (VLAN) Learning (SVL): Two or more VLANs are grouped to share common source address information. Figure 10-4 provides an overview of the fixed switch authentication configuration. Tabl e 203providesanexplanationofthecommandoutput. If that fails, the device uses the proprietary capacitor-based detection method. RMON Table 18-2 Default RMON Parameters (continued) Parameter Description Default Value capture asksize The RMON capture requested maximum octets to save in the buffer. Determine the correct authentication type for each device. Basic Network Monitoring Features 18-1 RMON 18-5 sFlow 18-9 Basic Network Monitoring Features Console/Telnet History Buffer The history buffer lets you recall your previous CLI input. Violating MAC addresses are dropped from the devices (or stacks) filtering database. Quality of Service Overview Preferential Queue Treatment for Packet Forwarding There are three types of preferential queue treatments for packet forwarding: strict priority, weighted fair, and hybrid. The higher priority traffic through the device is serviced first before lower priority traffic. Configuring OSPF Areas Example Figure 22-5 OSPF NSSA Topology Area 1 RIP Backbone Router 1 Router 2 Router 3 Router 4 Router 5 Using the topology shown in Figure 22-5, the following code examples will configure Router 2 as the ABR between Area 1 and the backbone area 0. Configuring SNMP enterasys(su)->set snmp view viewname RW subtree 0.0 enterasys(su)->set snmp view viewname RW subtree 1.3.6.1.6.3.13.1 excluded enterasys(su)->set snmp targetparams TVv1public user public security-model v1 message processing v1 enterasys(su)->set snmp targetaddr TVTrap 10.42.1.10 param TVv1public taglist TVTrapTag enterasys(su)->set snmp notify TVTrap tag TVTrapTag Adding to or Modifying the Default Configuration By default, SNMPv1 is configured on Enterasys switches. Using Multicast in Your Network Figure 19-4 PIM Traffic Flow 7 3 1 DR RP Source 5 4 2 6 Last Hop Router Receiver 1. Important Notice Depending on the firmware version used on your Fixed Switch platform, some features described in this document may not be supported. The Enterasys Fixed Switches support neighbor advertise and solicit, duplicate address detection, and unreachability detection. Policy profile number 1 is created that enables PVID override and defines the default behavior (classify to VLAN 3) if none of the classification rules created for the profile are matched. Start the TFTP application. Quality of Service Overview Additional port groups, up to eight (0 through 7) total, may be created by changing the port group value. Counters are only added to the datagram if the sources are within a short period, 5 seconds say, of failing to meet the required sampling interval. Configuring a Stack of New Switches 1. About SecureStack C3 Switch Operation in a Stack, Installing a New Stackable System of Up to Eight Units, Installing Previously-Configured Systems in a Stack, Considerations About Using Clear Config in a Stack, Stacking Configuration and Management Commands, common denominator of functionality will be, You can mix SecureStack C2 and C3 switches in a single stack, although only the lowest. The power available for PoE is 150W. then assign the ports you want in each vlan. The authentication server verifies the credentials and returns an Accept or Reject message back to the switch. 2 Set the PC serial port to 9600-n-8-1 with either XON/XOFF or no flow control. The trap indicates port, SID and loop protection status. If a LAG port is a mirror source port, no other ports can be configured as source ports. VLAN authorization egress format Determines whether dynamic VLAN tagging will be none, tagged, untagged, or dynamic for an egress frame. Neighbor virtual link routers must have the same password. The end stations in each building connect to a switch on the bottom floor. After the switch resets, return to global router configuration mode, create the ACL and define the rules. Switch# Switch#conf t Packet flow sampling will cause a steady, but random, stream of sFlow datagrams to be sent to the sFlow Collector. SNMP Support on Enterasys Switches Versions Supported Enterasys devices support three versions of SNMP: Version 1 (SNMPv1) This is the initial implementation of SNMP. show port status [port-string] Display port counter statistics detailing traffic through the device and through all MIB2 network devices. The hardware, firmware, or software described in this document is subject to change without notice. In any case, note that the stackable switch does not support the output algorithm feature. This value should be the minimum of the default prune lifetime (randomized to prevent synchronization) and the remaining prune lifetimes of the downstream neighbors. Figure 10-2 Authenticating Multiple Users With Different Methods on a Single Port Authentication Method 802. The default setting is auto. routing interface A VLAN or loopback interface configured for IP routing. Meraki MS Switches have many valuable key features. Display the routing table, including static routes. Ultimate Pi-hole configuration guide, SSL . 1. If so, this door is tagged or bound to the notification entry. Its compact footprint uses 37 percent less space than its predecessor, making it ideal for under . These ports provide a path to the root for attached devices. Connect a null-modem DB9 to DB9 cable between the computer's serial port and the switch; use serial communication settings 9600, n, 8, 1. Assign switch ports to the VLAN. , ./ `. (Optional) Use the CLI to verify the port mirroring instance has been deleted as shown in the following example: C5(su)->show port mirroring No Port Mirrors configured. ACL Configuration Overview IPv6 Rules For IPv6 rules, IPv6 source and destination addresses and prefix length are specified, or the any option can be used. Brand New server xeon lenovo ThinkSystem ST550 server tower You can also use the show commands described in Reviewing and Enabling Spanning Tree on page 15-20 to review information related to all Spanning Tree protocol activity. It provides the performance and reliability you expect from the data center, but optimized for office environments, with physical security and whisper-quiet operation. Some of the most useful ones include: True zero-touch configuration; Integrated troubleshooting tools, logging, and alerting ; Energy-efficient design Enterasys Core Switch/Router Commands Enable Untagged Vlans: set port vlan ge.2.1-30 20 set vlan egress 20 ge.2.1-30 untagged reload Enable jumbo frame support: show port jumbo set port jumbo enable ge.2.22-30 Enable LACP: show lacp state <=== to discover global lacp setting status set lacp {disable|enable} A manual pool can be configured using either the clients hardware address (set dhcp pool hardware-address) or the clients client-identifier (set dhcp pool client-identifier), but using both is not recommended. Per Port: Enabled. Refer to the CLI Reference for your platform for command details. System Priority Value used to build a LAG ID, which determines aggregation precedence. The matching criteria available is determined based upon whether the ACL is a standard or extended IPv4 ACL, an IPv6 ACL, or a MAC ACL. Note: If this switch will be added to an existing stack, you should install the primary and backup firmware versions that are currently installed on the stack units. Configuring PIM-SM Figure 19-6 PIM-SM Configuration VLAN 9 172.2.2/24 Router R2 VLAN 3 VLAN 5 VLAN 7 VLAN 2 172.2.4/24 VLAN 8 172.1.2/24 Router R1 172.1.1/24 Router R4 172.4.4/24 172.3.4/24 172.1.3/24 VLAN 4 VLAN 6 Router R3 172.3.3/24 VLAN 10 Routers R1 and R4 Configuration On Router R1, at the switch level, IGMP snooping is enabled globally and on the ports connected to hosts. The system is tolerant to packet loss in the network. ENTERASYS C5G124-24 CONFIGURATION MANUAL Pdf Download Do you want to continue (y/n) [n]? Use the ping ipv6 interface command to ping a link-local or global IPv6 address of an interface, specifying a loopback, tunnel, or logical interface as the source. Rate limiting guarantees the availability of bandwidth for other traffic by preventing the rate limited traffic from consuming more than the assigned amount of a networks resources. IP interfaces Disabled with no IP addresses specified. Authentication can be either clear text or encrypted MD5. Configuring MSTP Defining Edge Port Status By default, edge port status is disabled on all ports. With this operation, an SNMP manager does not need to know the exact variable name. A numeric and mnemonic value for each application is listed with the severity level at which logging has been configured and the server(s) to which messages will be sent. All OSPF interface configuration commands are executed in router interface configuration mode. set multiauth mode multi 5. The set port mdix command only configures Ethernet ports, and cannot be used to configure combo ports on the switch. We next want to set the admin keys for the stackable switch physical ports: Stack2(rw)->set Stack2(rw)->set Stack2(rw)->set Stack2(rw)->set Stack2(rw)->set Stack2(rw)->set Stack2(rw)->set Stack2(rw)->set port port port port port port port port lacp lacp lacp lacp lacp lacp lacp lacp port port port port port port port port ge.1.21 ge.1.22 ge.1.23 ge.1.24 ge.2.17 ge.2.19 ge.2.22 ge.2. (7) Router 2 forwards the multicast stream to Host 2. Configuring SNMP Procedure 12-4 Configuring Secure Community Names Step Task Command(s) 1. 2. Optionally, remove a static route. Use the clear port broadcast command to return broadcast threshold settings to the default of 14881 packets per second. Optionally, change the encryption type. set inlinepower detectionmode {auto | ieee} auto (default) The Enterasys device first uses the IEEE 802.3af/at standards resistorbased detection method. SNTP Configuration Procedure 4-2 Configuring SNTP (continued) Step Task Command(s) 3. In router configuration mode, optionally enable split horizon poison reverse. Router 4 is configured as an ASBR connected to a RIP autonomous system. Configuring Syslog Note: The set logging local command requires that you specify both console and file settings. (Telnet client is enabled by default.) (For example: security or traffic broadcast containment). You can choose to reset the system to use the new firmware image immediately, or you can choose to only specify the new image to be loaded the next time the switch is rebooted. How to upgrade firmware for Enterasys switches - www.ipBalance.com Configuring ACLs Procedure 24-2 Configuring IPv6 ACLs (continued) Step Task Command(s) 3. Event type, description, last time event was sent. Proxy ARP can be used to resolve routing issues on end stations that are unable to route in the subnetted environment. vii Enterasys Networks, Inc. Firmware License Agreement BEFORE OPENING OR UTILIZING THE ENCLOSED PRODUCT, . Thisexampleshowshowtoenableportwebauthentication: Table 26-8 show pwa Output Details (Continued). To enable an interface, including VLAN, tunnel, and loopback interfaces, for IPv6 routing, in router interface configuration mode: Use the ipv6 address command to configure a global IPv6 address on an interface. Fiber ports always have a status of MDIX. set multiauth mode multi 3. SSH Overview on page 4-24 Configure the Dynamic Host Configuration Protocol (DHCP) server. Thefollowingtabledescribestheoutputofthiscommand. Please post the commands you used to back up the configuration. RIP is a distance-vector routing protocol for use in small networks it is not intended for complex networks. DHCPv6 Configuration address, a multicast address, or a link-local address. Additional Configuration Tasks Setting User Accounts and Passwords Enterasys switches are shipped with three default user accounts: A super-user access account with a username of admin and no password A read-write access account with a username of rw and no password A read-only access account with a username of ro and no password Enterasys recommends that, for security purposes, you set up one or more unique user accounts with passwords and disable the default login accounts.