enterasys switch configuration guide

. Remote port mirroring involves configuration of the following port mirroring related parameters: 1. . Service ACLs Table 26-8 TACACS+ Show Commands (continued) Task Command Displays only the current TACACS+ session settings. (Optional on C5 only) Set the power redundancy mode on the system if two power supplies are installed. DHCP Snooping Procedure 26-6 Basic Configuration for DHCP Snooping Step Task Command(s) 1. Creates a CoS setting of index 55. Therefore, Router R2s interface 172.111.1.2 will be Master for VRID 2 handling traffic on this LAN segment sourced from subnets 172.111.64.0/18. CoS Hardware Resource Configuration Figure 17-5 Rate Limiting Clipping Behavior Flood Control CoS-based flood control is a form of rate limiting that prevents configured ports from being disrupted by a traffic storm, by rate limiting specific types of packets through those ports. Enterasys devices allow up to 8 server IP addresses to be configured as destinations for Syslog messages. 18 Configuring Network Monitoring This chapter describes network monitoring features on the Fixed Switches and their configuration. In interface configuration mode, configure an IP address for all routing interfaces in the AS. ENTERASYS C5G124-24 CONFIGURATION MANUAL Pdf Download Dynamic ARP Inspection Dynamic ARP Inspection Configuration set arpinspection vlan 10 set arpinspection trust port ge.1.1 enable Routing Example T Note: This example applies only to platforms that support routing. By enabling the link flap detection feature on your Enterasys switch, you can monitor and act upon link flapping to avoid these recalculations. It provides the performance and reliability you expect from the data center, but optimized for office environments, with physical security and whisper-quiet operation. A value of 0 equates to an 802.1p priority of 0. RMON Procedure 18-1 Configuring Remote Network Monitoring (continued) Step Task Command(s) 8. Refer to page Spanning Tree Protocol Overview While the network is in a steady state, alternate and backup ports are in blocking state; root and designated ports are in forwarding state. Port Mirroring LAG ports can be a mirror source port, but not a mirror destination port. You can insert a new rule into a specified entry location using the insert option. Link Aggregation Overview Table 11-2 LAG Port Parameters (continued) Term Definition Administrative State A number of port level administrative states can be set for both the actor and partner ports. set port inlinepower port-string {[admin {off | auto}] [priority {critical | high | low}] [type type]} admin Enables (auto) or disables (off) PoE on a port. (7) Router 2 forwards the multicast stream to Host 2. If a LAG port is a mirror source port, no other ports can be configured as source ports. show rmon event set rmon event properties set rmon event status clear rmon event Filter Allows packets to be matched by a filter definition. 14 Configuring Syslog This chapter describes how System Logging, or Syslog, operates on Enterasys fixed stackable and standalone switches, and how to configure Syslog. Based on the exchanged BPDU information, the spanning tree algorithm selects one of the switches on the network as the root switch for the tree topology. set ipsec encryption {3des | aes128 | aes192 | aes256} 4. If not specified, timeout will be set to 1500 (15 seconds). Terms and Definitions 9-16 Configuring VLANs. The router with the highest priority is elected the DR, and the router with the next highest priority is elected the BDR. The default password is set to a blank string. Configuring Authentication Procedure 10-4 MultiAuth Authentication Configuration Step Task Command(s) 1. Please consult the release notes or configuration guide to properly configure a static multicast Filter Database Entry for: 00-00-00-00-00-00 on vlan.0.123 . UsethiscommandtodisplaySNMPtrafficcountervalues. 1.1 IP switch ge. Boot up the switch. Table 13-2 LLDP Show Commands Task Command Display LLDP configuration information. Procedure 9-2 provides an example of how to create a secure management VLAN. SNTP Configuration Procedure 4-2 Configuring SNTP (continued) Step Task Command(s) 3. Enable DHCP snooping globally on the switch. Configuring IRDP Table 21-3 IRDP Default Values (continued) Parameter Description Default Value advertisement holdtime The length of time this advertised address should be considered valid. Spanning Tree Basics that port will be selected as root. Load Balancer Configuration. This enables you to set the IP address and system password using a single console port. Extensible Authentication Protocol (EAP) A protocol that provides the means for communicating the authentication information in an IEEE 802.1x context. Understanding and Configuring SpanGuard Monitoring MSTP Use the commands in Table 15-8 to monitor MSTP statistics and configurations on stackable, and standalone switch devices. Configuring SNMP . Took part in business critical , large scale projects and delivered them in a timely manner. It assumes that you have gathered the necessary TACACS+ server information, such as the servers IP address, the TCP port to use, shared secret, the authorization service name, and access level attribute-value pairs. Configure NetFlow to Manage Your Cisco Switch (Optional) 1. Routing Interfaces Example The following example shows how to enable RIP on the switch, then configure VLAN 1 with IP address 192.168.63.1 255.255.255.0 as a routing interface and enable RIP on the interface. The MST region presents itself to the rest of the network as a single device, which simplifies administration. 10 Configuring User Authentication This chapter describes the user authentication methods supported by Enterasys fixed switch platforms. @ # $ % ^ & * () ? Alcatel-Lucent OmniSwitch Ethernet Switches vs Juniper EX Series Port Traffic Rate Limiting You can mix WRR and SP by assigning SP to the higher numbered queues and assigning WRR to the lower numbered queues, making sure that the values assigned to the WRR queues totals 100 percent. Ctrl+E Move cursor to end of line. This procedure would typically be used when the system is NOT configured for routing. Configuring PoE Stackable B5 and C5 Devices Procedure 7-2 PoE Configuration for Stackable B5 and C5 Devices Step Task Command(s) 1. Using Multicast in Your Network unsolicited join (sent as a request without receiving an IGMP query first) In Figure 19-2, this type of exchange occurs between Router 2 and Host 2 when: (6) Host 2 sends a join message to Router 2. Figure 15-11 shows the problem that arises when using a single Spanning Tree configuration for traffic segregation with redundancy. Procedure 21-1 lists the basic steps to configure RIP and the commands used. Refer to Chapter 14, Configuring Syslog for more information about system logging in general. (For example: security or traffic broadcast containment). Because port admin keys for all LAGs and the physical ports 4 - 6 are the same, physical ports 4 - 6 satisfy rule 2. Policies will be applied dynamically at authentication using a RADIUS authentication server and the Filter-ID attribute. When send-on-violation is enabled, this feature authorizes the switch to send an SNMP trap message if an end station is connected that exceeds the maximum values configured using the set maclock firstarrival and set maclock static commands. Interface-specific parameters are configured with variations of the Spanning Tree port configuration commands. You need to know the index value associated with a single entity to enable, disable, initialize, or reauthenticate a single entity. Example CLI Properties Configuration In this example, the prompt is changed and a login banner is added. (Optional) Specify the method the Enterasys device uses to detect connected PDs. The value of weighted fair queuing is in its assurance that no queue is starved for bandwidth. Configuring a Stack of New Switches 1. User Account Overview The start and end hour and minute time period for which access will be allowed for this user based upon 24 hour time. OSPF Overview The OSPF protocol is designed expressly for the TCP/IP internet environment. The set port mdix command only configures Ethernet ports, and cannot be used to configure combo ports on the switch. Online Library Enterasys V2h124 User Guide - opus.soton.ac.uk See Table 11-2 on page 11-7 for a description of port parameters. . set txqmonitor downtime seconds The default value is 0, meaning that disabled ports will remain disabled until cleared manually or until their next link state transition. Figure 16-1 displays an illustration of the policy configuration of a example infrastructure. Configuring VRRP The master advertise-interval is changed to 2 seconds for VRID 1. SNMP Support on Enterasys Switches Table 12-2 SNMP Terms and Definitions (continued) Term Definition USM User-Based Security Model, the SNMPv3 authentication model which relies on a user name match for access to network management components. Dynamic ARP Inspection Loopback addresses (in the range 127.0.0.0/8) Logging Invalid Packets By default, DAI writes a log message to the normal buffered log for each invalid ARP packet it drops. The Lenovo ThinkSystem ST550 is a scalable 4U tower server that features powerful Intel Xeon processor Scalable family CPUs. Configuring ACLs Procedure 24-1 Configuring IPv4 Standard and Extended ACLs (continued) Step Task Command(s) 6. For example, you could assign WRR to queues 0 through 4 by assigning 20 percent to each of those queues, and then setting queue 5 to SP. PoE is not supported on the I-Series switches. Any of the management interfaces, including VLAN routing interfaces, can be configured as the source IP address used in packets generated by the TACACS+ client. FIPS mode is persistent and shown in the running configuration. Resolution of incidents of 2nd level. Quality of Service Overview Additional port groups, up to eight (0 through 7) total, may be created by changing the port group value. Transferring switch configurations - Hewlett Packard Enterprise For example: A4(su)->show boot system Current system image to boot: a4-series_06.61.00.0026 Use the set boot system command to set the firmware image to be loaded at startup. Spanning Tree Basics displayed in the following example. Weighted fair queuing assures that each queue will get at least the configured percentage of bandwidth time slices. Notes on Enterasys Networks Equipment You can choose to reset the system to use the new firmware image immediately, or you can choose to only specify the new image to be loaded the next time the switch is rebooted. Using Multicast in Your Network Figure 19-1 IGMP Querier Determining Group Membership IGMP Querier IGMP Query IGMP Membership IGMP Membership Router for 224.1.1.1 Router for 226.7.8.9 Member of 224.1.1.1 Member of 226.7.8.9 As shown in Figure 19-1, a multicast-enabled device can periodically ask its hosts if they want to receive multicast traffic. StudentFS(rw)->set policy profile 2 name student pvid-status enable pvid 10 cos-status enable cos 8 Assigning Traffic Classification Rules Forward traffic on UDP source port for IP address request (68), and UDP destination ports for protocols DHCP (67) and DNS (53). Table 25-9 show ipv6 ospf neighbor Output Details, Overview of Authentication and Authorization Methods. . Tabl e 112providesanexplanationofthecommandoutput. Display the status of edge port detection: show spantree autoedge 2. This is done using the set system service-class console-only command. The message is forwarded on all trusted interfaces in the VLAN. Enter MIB option 6 (destroy) and perform an SNMP Set operation. MACs are unlocked as a result of: A link down event When MAC locking is disabled on a port When a MAC is aged out of the forwarding database when FirstArrival aging is enabled When properly configured, MAC locking is an excellent security tool as it prevents MAC spoofing on configured ports. Monitoring MSTP 15-29 Example 1: Configuring MSTP for Traffic Segregation This example illustrates the use of MSTP for traffic segregation by VLAN and SID. A numeric and mnemonic value for each application is listed with the severity level at which logging has been configured and the server(s) to which messages will be sent. Telnet Enabled inbound and outbound. Thefollowingtabledescribestheoutputofthiscommand. Brand . Licensing Advanced Features Node-Locked Licensing On the C3, B3, and G3 platforms, licenses are locked to the serial number of the switch to which the license applies. Supervise the activation of network interfaces on access switches, support the default . User Authentication Overview devices that do not support 802.1x or web authentication. Packet flow sampling and counter sampling are designed as part of an integrated system. You can enable link flap detection globally on your Enterasys switch or on specific ports, such as uplink ports. Table 18-7 Displaying sFlow Information Task Command to display the contents of the sFlow Receivers Table, or to display information about a specific sFlow Collector listed in the table show sflow receivers [index] To display information about configured poller instances show sflow pollers To display information about configured sampler instances. Reviewing SNMP Settings Reviewing SNMP Settings Table 12-5 Commands to Review SNMP Settings Task Command Display SNMPv1/SNMPv2c community names and status. Removing Units from an Existing Stack If the running stack uses a daisy chain topology, make the stack cable connections from the bottom of the stack to the new unit (that is, STACK DOWN port from the bottom unit of the running stack to the STACK UP port on the new unit). Configuring Syslog Modifying Syslog Server Defaults Unless otherwise specified, the switch will use the default server settings listed in Table 14-4 for its configured Syslog servers: Table 14-4 Syslog Server Default Settings Parameter Default Setting facility local4 severity 8 (accepting all levels) descr no description applied port UDP port 514 Use the following commands to change these settings either during or after enabling a new server. Configuring Authentication Table 10-1 Default Authentication Parameters (continued) Parameter Description Default Value macauthentication Globally enables or disables MAC authentication on a device. set port duplex port-string full 5. The port cost value may also be administratively assigned using the set spantree adminpathcost command. Set the Tunnel-Private-Group-ID attribute parameters as follows: Type: Set to 81 for Tunnel-Private-Group-ID RADIUS attribute Length: Set to a value greater than or equal to 3. ThisexampleclearsDHCPv6statisticsforVLAN80. The port with the best path is selected as the root port. If the device supports routing, enter router configuration mode and configure an IP address on the VLAN interface. Managing IPv6 25-1 IPv6 Routing Configuration 25-3 IPv6 Neighbor Discovery 25-11 DHCPv6 Configuration 25-14 Managing IPv6 At the switch command level, you can: Enable or disable the IPv6 management function Configure the IPv6 host and default gateway addresses Monitor network connectivity By default, IPv6 management is disabled. In router configuration mode, optionally disable automatic route summarization (necessary for enabling CIDR). show ip mroute [unicast-source-address | multicast-group-address] [summary] Refer to the devices CLI Reference Guide, as applicable, for an example of each commands output. Table 20-9 show ip pimsm interface vlan Output Details, Table 20-10 show ip pimsm interface stats Output Details. Since MSTP mode is fully compatible and interoperable with legacy STP and RSTP bridges, in most networks, this default should not be changed. context A subset of MIB information to which associated users have access rights. Spanning Tree Basics string corresponding to the bridge MAC address. 159 Enterasys Switch Manuals and User Guides (392 Models) were found in All-Guides Database. -1 (request as many octets as possible) capture slice The RMON capture maximum number of octets from each packet to be saved to the buffer.