enterasys switch configuration guide

Refer to page. ExtremeXOS User Guide Version 22.7 > STP > Spanning Tree Protocol Overview > Compatibility Between IEEE 802.1D-1998 and IEEE 802.1D-2004 STP Bridges > Bridge Priority > Spanning Tree Protocol . Default Settings Configuring OSPF Interface Timers The following OSPF timers are configured at the interface level in interface configuration mode: Hello Interval Dead Interval Retransmit Interval Transmit Delay Use the hello interval (ip ospf hello-interval) and dead interval (ip ospf dead-interval) timers to ensure efficient adjacency between OSPF neighbors. Configuring PoE Procedure 7-2 PoE Configuration for Stackable B5 and C5 Devices (continued) Step Task Command(s) 6. The final tie breaker is the receiving port ID. Using Multicast in Your Network Figure 19-4 PIM Traffic Flow 7 3 1 DR RP Source 5 4 2 6 Last Hop Router Receiver 1. Autodidacte dans de multiples domaines informatique, je suis passionn par la scurit informatique.<br>actuellement technicien et admin systme, j'envisage long terme une rorientation (via des formations o diplme scolaire) dans le domaine de l'audit et du pentest. Refer to Getting Help Getting Help For additional support, contact Enterasys Networks using one of the following methods: World Wide Web www.enterasys.com/support Phone 1-800-872-8440 (toll-free in U.S. and Canada) or 1-978-684-1000 To find the Enterasys Networks Support toll-free number in your country: www.enterasys.com/support Email support@enterasys.com To expedite your message, type [switching] in the subject line. Configuring Syslog Modifying Syslog Server Defaults Unless otherwise specified, the switch will use the default server settings listed in Table 14-4 for its configured Syslog servers: Table 14-4 Syslog Server Default Settings Parameter Default Setting facility local4 severity 8 (accepting all levels) descr no description applied port UDP port 514 Use the following commands to change these settings either during or after enabling a new server. If not specified, mask will be set to 255.255.255.255. MSTI Multiple Spanning Tree Instance. Enter MIB option 6 (destroy) and perform an SNMP Set operation. Use the dir command to display the contents of the images directory. Initial Configuration Overview Table 4-2 Default Settings for Router Operation (continued) Feature Default Setting Hello interval (OSPF) Set to 10 seconds for broadcast and point-to-point networks. The stackable fixed switch and standalone fixed switch devices support MAC-based authentication. set system lockout emergency-access username 5. Thisexampleshowshowtodisplaythelinkflapparameterstable: Tabl e 74providesanexplanationoftheshowlinkflapparameterscommandoutput. Configuring PoE Stackable A4, B3, and C3 Devices Procedure 7-1 PoE Configuration for Stackable A4, B3, and C3 Devices Step Task Command(s) 1. See Procedure 20-2 on page 20-4. ip address ip-address ip-mask [secondary] 2. interface vlan vlan-id 2. set port vlan port-string vlan-id no shutdown ip address ip-addr ip-mask 3. Each area has its own link-state database. Dynamic ARP Inspection Basic Configuration Procedure 26-7 below lists the commands used to configure DAI. sFlow 18-16 Configuring Network Monitoring. Basic Network Monitoring Features 18-1 RMON 18-5 sFlow 18-9 Basic Network Monitoring Features Console/Telnet History Buffer The history buffer lets you recall your previous CLI input. CoS Hardware Resource Configuration 4 4 * * enabled 5 5 * * enabled 6 6 * * enabled 7 7 * * enabled Use the show cos port-resource flood-ctrl command to display the flood control unit and rate to flood control resource mapping: System(su)->show cos port-resource flood-ctrl 1.0 '?' installation and programing guide and user manuals. Using Multicast in Your Network IGMP snooping is disabled by default on Enterasys devices. Optionally, set the timeout period for aging learned MAC entries. Some of the most useful ones include: True zero-touch configuration; Integrated troubleshooting tools, logging, and alerting ; Energy-efficient design Event type, description, last time event was sent. Configuring Policy Table 16-5 on page 16-11 describes how to display policy information and statistics. routing interface A VLAN or loopback interface configured for IP routing. Refer to the CLI Reference for your platform for more information about these commands. Note: If this switch will be added to an existing stack, you should install the primary and backup firmware versions that are currently installed on the stack units. 13 Configuring Neighbor Discovery This chapter describes how to configure the Link Layer Discovery Protocol (LLDP), the Enterasys Discovery Protocol, and the Cisco Discovery Protocol on Enterasys fixed stackable and standalone switches. Thisexampleshowshowtodisplayinformationaboutallswitchunitsinthestack: Thisexampleshowshowtodisplayinformationaboutswitchunit1inthestack: Thisexampleshowshowtodisplaystatusinformationforswitchunit1inthestack: Usethiscommandtodisplayinformationaboutsupportedswitchtypesinthestack. , ./ `. set sflow receiver index ip ipaddr 3. sFlow Table 18-7 lists the commands to display sFlow information and statistics. Enable ARP inspection on the VLANs where clients are connected, and optionally, enable logging of invalid ARP packets. 2. 1.4 IP phone ge. For example: C5(su)->dir Images: ================================================================== Filename: c5-series_06.42.06.0008 Version: 06.42.06. 14 Configuring Syslog This chapter describes how System Logging, or Syslog, operates on Enterasys fixed stackable and standalone switches, and how to configure Syslog. SNTP Configuration Use the set sntp authentication key command to configure an authentication key instance. Optionally, configure a default distance, or preference, for static IPv6 routes that do not have a preference specified. SSH Disabled. Any such invalidity, illegality, or unenforceability in any jurisdiction shall not invalidate or render illegal or unenforceable such provision in any other jurisdiction. for me it was ge.1.x. Table 14-7 show sntp Output Details, Table 15-1 RMON Monitoring Group Functions and Commands (Continued), Table 18-1 Enabling the Switch for Routing, Table 18-2 Router CLI Configuration Modes. . Power over Ethernet Overview balance of power available for PoE. Note Do not use hardware flow control. Firmware V ers ion . System contact Set to empty string. RMON There are only three Filter Entries available, and a user can associate all three Filter Entries with the Channel Entry. show ip dvmrp [route | neighbor | status] Display the IP multicast routing table. Dynamic ARP Inspection Table 26-13 Displaying Dynamic ARP Inspection Information (continued) Task Command To display the ARP configuration of one or more VLANs show arpinspection vlan vlan-range To display ARP statistics for all DAI-enabled VLANs or for specific VLANs show arpinspection statistics [vlan vlan-range] Table 26-14 Managing Dynamic ARP Inspection Task Command To remove additional optional ARP validation parameters that were previously configured. Port Traffic Rate Limiting You can mix WRR and SP by assigning SP to the higher numbered queues and assigning WRR to the lower numbered queues, making sure that the values assigned to the WRR queues totals 100 percent. Configuring IRDP Configuring IRDP Using IRDP in Your Network The ICMP Router Discovery Protocol (IRDP), described in RFC 1256, enables a host on multicast or broadcast networks to determine the address of a router it can use as a default gateway. Configuring SNMP Procedure 12-4 Configuring Secure Community Names (continued) Step Task Command(s) 5. 2600, and 2503). Policy profile number 1 is created that enables PVID override and defines the default behavior (classify to VLAN 3) if none of the classification rules created for the profile are matched. Lead and handle change configuration team of process upon business requirements. The CIST root may be, but is not necessarily, located inside an MST region. Use this command to enable or disable Loop Protect event notification. 1 macdest Classifies based on MAC destination address. Refer to page Quality of Service Overview secondly, you must identify these flows in a way that QoS can recognize. show policy profile {all | profile-index [consecutive-pids] [-verbose]} Display policy classification and admin rule information. Figure 10-4 provides an overview of the fixed switch authentication configuration. Table 19-5 Layer 2 IGMP Show Commands Task Command Display IGMP snooping information. Configuring Authentication Procedure 10-1 IEEE 802.1x Configuration (continued) Step Task Command(s) 2. Enterasys Core Switch/Router Commands Enable Untagged Vlans: set port vlan ge.2.1-30 20 set vlan egress 20 ge.2.1-30 untagged reload Enable jumbo frame support: show port jumbo set port jumbo enable ge.2.22-30 Enable LACP: show lacp state <=== to discover global lacp setting status set lacp {disable|enable} User Account Overview Procedure 5-2 on page 5-4 shows how a super-user creates a new super-user account and assigns it as the emergency access account. Thisexampleillustratestheoutputofthiscommandusingtheadvrouterparameter. Syslog Components and Their Use Table 14-1 describes the Enterasys implementation of key Syslog components. 10 Configuring User Authentication This chapter describes the user authentication methods supported by Enterasys fixed switch platforms. Hopefully the commands above will help anyone get up to speed quickly out of the box in getting basic configuration and connection variables setup. with the switch, but you must provide your own RJ45 to RJ45 straight-through console cable. For an IPv6 ACLs, the following protocols can be specified in a rule: Any IPv6 protocol Transmission Control Protocol (TCP) User Datagram Protocol (UDP) IPv6 Internet Control Message Protocol (ICMPv6) TCP and UDP rules can match specific source and destination ports. Dynamic ARP Inspection Loopback addresses (in the range 127.0.0.0/8) Logging Invalid Packets By default, DAI writes a log message to the normal buffered log for each invalid ARP packet it drops. Stops any pending grafts awaiting acknowledgments. Note: OSPF is an advanced routing feature that must be enabled with a license key. The highest valid port number is dependent on the number of ports in the device and the port type. ThisexampleshowshowtodisplayLLDPconfigurationinformation. You can configure ports to only use MDI or MDIX connections with the set port mdix command. show ipv6 status If necessary, enable IPv6 management. Examples 17-18 Chapter 18: Configuring Network Monitoring Basic Network Monitoring Features .. 18-1 Console/Telnet History Buffer . Chapter 20: IP Configuration Enabling the Switch for Routing . 20-1 Router Configuration Modes 20-1 Entering Router Configuration Modes . 20-2 Example Configuring Area Virtual-Link Authentication . 22-14 Configuring Area Virtual-Link Timers. 22-14 Configuring Route Redistribution 22-14 Configuring Passive Interfaces .. Extended IPv4 ACL Configuration .. 24-12 MAC ACL Configuration .. 24-13 Chapter 25: Configuring and Managing IPv6 Managing IPv6 . Disabling and Enabling Ports .. 26-9 MAC Locking Defaults . 26-9 MAC Locking Configuration .. 26-10 TACACS+ .. 11-3 13-1 13-2 13-3 14-1 15-1 15-2 15-3 15-4 15-5 15-6 15-7 15-8 15-9 15-10 15-11 15-12 15-13 15-14 15-15 15-16 15-17 16-1 17-1 17-2 17-3 17-4 17-5 19-1 19-2 19-3 19-4 19-5 19-6 22-1 22-2 22-3 22-4 22-5 22-6 23-1 23-2 23-3 25-1 Link Aggregation Example.. 11-12 Communication between LLDP-enabled Devices . 13-3 LLDP-MED .. 4-7 4-8 5-1 6-1 7-1 7-2 7-3 8-1 8-2 8-3 8-4 9-1 9-2 9-3 10-1 10-2 10-3 10-4 11-1 11-2 11-3 11-4 11-5 11-6 11-7 12-1 12-2 12-3 12-4 12-5 13-1 13-2 13-3 13-4 13-5 13-6 14-1 14-2 14-3 14-4 15-1 15-2 15-3 15-4 15-5 15-6 15-7 15-8 15-9 15-10 15-11 16-1 16-2 16-3 16-4 16-5 xx Default DHCP Server Parameters . 4-20 Configuring Pool Parameters 16-6 17-1 18-1 18-2 18-3 18-4 18-5 18-6 18-7 18-8 19-1 19-2 19-3 19-4 19-5 19-6 19-7 19-8 19-9 19-10 20-1 20-2 20-3 21-1 21-2 21-3 22-1 22-2 23-1 23-2 24-1 25-1 25-2 25-3 25-4 25-5 25-6 26-1 26-2 26-3 26-4 26-5 26-6 26-7 26-8 26-9 26-10 26-11 26-12 26-13 26-14 Policy Configuration Terms and Definitions 16-18 CoS Configuration Terminology About This Guide This guide provides basic configuration information for the Enterasys Networks Fixed Switch platforms using the Command Line Interface (CLI0, including procedures and code examples. The port cost value may also be administratively assigned using the set spantree adminpathcost command. = [ ] \ ; ? The cost of a virtual link is not configured. Both ends of the cable are isolated with transformers blocking any DC or common mode voltage on the signal pair. sFlow Configuring Poller and Sampler Instances A poller instance performs counter sampling on the data source to which it is configured. show config [all | facility | memcard] Display the contents of a file located in the configs or logs directory. Table 16-5 Displaying Policy Configuration and Statistics Task Command(s) Display policy role information. The trap generation will be done using the Enterasys Syslog Client MIB notification etsysSyslogSecureLogDroppedMsgNotification. DHCPv6 Configuration Default Conditions The following table lists the default DHCPv6 conditions. Configuring ACLs Procedure 24-2 Configuring IPv6 ACLs (continued) Step Task Command(s) 3. Configuring the S8 Distribution Switch The first thing we want to do is set the admin key for all LAGs to the non-default value of 65535 so that no LAGs will automatically form: S8(rw)->set lacp aadminkey lag.0. The feature prevents a class of man-in-the-middle attacks where an unfriendly station intercepts traffic for other stations by poisoning the ARP caches of its unsuspecting neighbors. Terms and Definitions 10-30 Configuring User Authentication. Packet Forwarding DAI forwards valid ARP packets whose destination MAC address is not local. For ports where no authentication is present, such as switch to switch, or switch to router connections, you should also set MultiAuth port mode to force authenticate to assure that traffic is not blocked by a failed authentication. Type 2. Determine an appropriate policy best suited for the use of that device on your network. Use the set port negotiation command to disable or enable auto-negotiation. For both DVMRP and PIM-SM for IPv4 to operate, IGMP must be enabled. BEFORE OPENING OR UTILIZING THE ENCLOSED PRODUCT, CAREFULLY READ THIS LICENSE AGREEMENT. macauthentication port Enables or disables MAC authentication on a port Disabled. Configuring Syslog Note: The set logging local command requires that you specify both console and file settings. PIM-SM adopts RPF technology in the join/prune process. priority Sets which ports continue to receive power in a low power situation. This attribute contains the 42 byte authenticator response. The system is tolerant to packet loss in the network. To start configuration, you want to connect the switch console to PuTTY. The Extreme switch does not use it and does not assert CTS. UsethiscommandtodisplayIPv6routingtableinformationforactiveroutes. Refer to the CLI Reference for your switch model for more information about each command. 4. C5(su)->set webview disable C5(su)->show webview WebView is Disabled. on page 2-5 for information about configuring a mixed stack. Tabl e 203providesanexplanationofthecommandoutput. Configuring Authentication Authentication Required Authentication methods are active on the port, based on the global and per port authentication method configured. Start the TFTP application. The [state] option is valid only for S-Series and Matrix N-Series devices. In this configuration, an interface on VLAN 111 for Router R1 or Router R2, or VRID 1, 2, or 3 fails, the interface on the other router will take over for forwarding outside the local LAN segment. About SecureStack C3 Switch Operation in a Stack, Installing a New Stackable System of Up to Eight Units, Installing Previously-Configured Systems in a Stack, Considerations About Using Clear Config in a Stack, Stacking Configuration and Management Commands, common denominator of functionality will be, You can mix SecureStack C2 and C3 switches in a single stack, although only the lowest. Configuring LLDP Table 13-1 LLDP Configuration Commands (continued) Task Command Clear the optional LLDP and LLDP-MED TLVs to be transmitted in LLDPDUs by the specified port or ports to the default value of disabled. Port Configuration Overview By default, Enterasys switch devices are configured to automatically detect the cable type connection, straight through (MDI) or cross-over (MDIX), required by the cable connected to the port. The key is an alphanumeric string of up to 8 characters. Alternatively, you can specify only the interface to be used to contact the DHCPv6 server and the Fixed Switch device will use the DHCPV6-ALL-AGENTS multicast address (FF02::1:2) to relay DHCPv6 messages to the DHCPv6 server. Screen Hierarchy The contents of this chapter are arranged following the structure shown in Figure 3-1. Thisexampleshowshowtodisplayswitchtypeinformationaboutallswitchesinthestack: switchindex (Optional)Specifiestheswitchindex(SID)oftheswitchtypetodisplay. vlanvlanid (Optional)SpecifiestheinterfaceforwhichtoclearDHCPv6statistics. 1. Figure 23-2 Basic Configuration Example VRID 1 172.111.1.1 Router R1 Router R2 ge.1.1 VLAN 111 172.111.1.1/16 ge.1.1 VLAN 111 172.111.1. Configuring SNMP enterasys(su)-> set snmp notify SNMPv3TrapGen tag v3TrapTag inform How SNMP Will Process This Configuration As described in How SNMP Processes a Notification Configuration on page 12-7, if the SNMP agent on the device needs to send an inform message, it looks to see if there is a notification entry that says what to do with inform messages. Factory Default Settings Table 4-1 Default Settings for Basic Switch Operation (continued) Feature Default Setting Console (serial) port required settings Baud rate: 9600 Data bits: 8 Flow control: disabled Stop bits: 1 Parity: none DHCP server Disabled. Considerations About Using clear config in a Stack To create a virtual switch configuration in a stack environment: 1. In this case, all destinations outside of the stub area are represented by means of a default route. set port discard port-string {tagged | untagged | none | both} 8. Quality of Service Overview Figure 17-1 Is propagated through the network in the protocol packet header Assigning and Marking Traffic with a Priority The ICMP protocol, used for error messaging, has a low bandwidth requirement, with a high tolerance for delay and jitter, and is appropriate for a low priority setting. Stand Alone (SSA) Switch Hardware Installation Guide SSA-T4068-0252 SSA-T1068-0652 SSA-G1018-0652. Configuring the Router ID OSPF initially assigns all routers a router ID based on the highest loopback IP address of the interfaces configured for IP routing. MAC Locking If a connected end station exceeds the maximum values configured with the set maclock firstarrival and set maclock static commands (a violation). Enabling IGMP globally on the device and on the VLANs. Apply power to the new unit. TACACS+ Procedure 26-4 TACACS+ Configuration (continued) Step Task Command(s) 8. Note that the actor and partner LACP timeout values must agree. Refer to page Spanning Tree Protocol Overview While the network is in a steady state, alternate and backup ports are in blocking state; root and designated ports are in forwarding state. set txqmonitor downtime seconds The default value is 0, meaning that disabled ports will remain disabled until cleared manually or until their next link state transition. User Authentication Overview Figure 10-3 Selecting Authentication Method When Multiple Methods are Validated SMAC=User 1 SMAC=User 2 SMAC=User 3 Switch MultiAuth Sessions Auth. S, K, and 7100 Series CLI Reference Guide for Version 8.41 Aug 2015 Connecting to the Switch If the adapter cable requires a driver, install the driver on your computer. OSPFv2 is available only on those fixed switch platforms that support advanced routing and on which an advanced feature license has been enabled. ieee The Enterasys device uses only the IEEE 802. Configuration Procedures OSPF Interface Configuration Procedure 22-2 on page 22-18 describes the OSPF interface configuration tasks. Switch 3s blocking port eventually transitions to a forwarding state which leads to a looped condition. Setting TFTP Parameters You can configure some of the settings used by the switch during data transfers using TFTP. Use the advertise-interval command to change the advertise-interval for this VRID. ipv6 route ipv6-prefix/prefix-length {global-next-hop-addr | interface {tunnel tunnel-id | vlan vlan-id} ll-next-hop-addr} [pref] 2. (8) When it no longer wants to receive the stream, Host 2 can do one of the following: - Send a leave message to Router 2. Syslog Components and Their Use Basic Syslog Scenario Figure 14-1 shows a basic scenario of how Syslog components operate on an Enterasys switch. SNTP Configuration b. If privacy is not specified, no encryption will be applied. 18 Configuring Network Monitoring This chapter describes network monitoring features on the Fixed Switches and their configuration. The power available for PoE is 150W. The setting is critical and should only be done by someone familiar with the 802.1Q standard. Configuring PoE Procedure 7-3 PoE Configuration for G-Series Devices (continued) Step Task Command(s) 7. For information on changing these default settings, refer to Chapter 5, User Account and Password Management. Link Aggregation Overview Because port 6 has both a different speed and a higher priority than the port with the lowest priority in the LAG, it is not moved to the attached state. Link Aggregation Overview Note: A given link is allocated to, at most, one LAG at a time. Frames will egress as tagged. Table 14-1 Syslog Terms and Definitions Term Definition Enterays Usage Facility Categorizes which functional process is generating an error message. IRDP Disabled on all interfaces. Authentication can be either clear text or encrypted MD5. 3. Also configured are two loopback interfaces, to use for the router IDs. If necessary, configure an OSPF virtual link. Since MAC-based authentication authenticates the device, not the user, and is subject to MAC address spoofing attacks, it should not be considered a secure authentication method.