enterasys switch configuration guide enterasys switch configuration guide

2. To enable an interface, including VLAN, tunnel, and loopback interfaces, for IPv6 routing, in router interface configuration mode: Use the ipv6 address command to configure a global IPv6 address on an interface. ENTERASYS SECURESTACK C3 CONFIGURATION MANUAL Pdf Download | ManualsLib Enterasys SECURESTACK C3 Configuration Manual Stackable switches Also See for SECURESTACK C3: Configuration manual (954 pages) 1 2 3 4 5 6 Table Of Contents 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 SSH Overview Configuring Telnet Procedure 4-8 Configuring Telnet Step Task Command(s) 1. Considerations About Using clear config in a Stack To create a virtual switch configuration in a stack environment: 1. Configuring DVMRP System1(su)->router#configure Enter configuration commands: System1(su)->router(Config)#ip igmp System1(su)->router(Config)#ip dvmrp System1(su)->router(Config)#interface vlan 1 System1(su)->router(Config-if(Vlan 1))#ip address 192.0.1.2 255.255.255. Terms and Definitions Configuring the Public Area PWA Station The public area PWA station provides visitors to your business site with open access to the internet, while at the same time isolating the station from any access to your internal network. 12 Configuring SNMP This chapter describes basic SNMP concepts, the SNMP support provided on Enterasys fixed stackable and standalone switches, and how to configure SNMP on the switches using CLI commands. Optionally set the MultiAuth authentication idle timeout value for the specified authentication method. Determine the correct authentication type for each device. Port Configuration Overview Auto-Negotiation and Advertised Ability Auto-negotiation is an Ethernet feature that facilitates the selection of port speed, duplex, and flow control between the two members of a link, by first sharing these capabilities and then selecting the fastest transmission mode that both ends of the link support. 1. This setting will not be changed in our example. Note: OSPF is an advanced routing feature that must be enabled with a license key. RSTP bridges receiving MSTP BPDUs interpret them as RSTP BPDUs. Table 20-3 show ip ospf database Output Details. This example assumes that you havent any preconfigured community names or access rights. While Enterasys Discovery Protocol and Cisco Discovery Protocol are vendor-specific protocols, LLDP is an industry standard (IEEE 802.1AB), vendor-neutral protocol. Spanning TreeConfiguration Guide Supermicro L2/L3 Switches Configuration Guide 5 Spanning tree enabled switches exchange spanning tree protocol messages (BPDU) to form a loop-free topology. RSTP is defined in the IEEE 802.1w standard. 2. show port [port-string] Display operating and admin status, speed, duplex mode and port type for one or more ports on the device. The setting is critical and should only be done by someone familiar with the 802.1Q standard. Syslog Components and Their Use Table 14-1 14-4 Syslog Terms and Definitions (continued) Term Definition Enterays Usage Syslog server A remote server configured to collect and store Syslog messages. set linkflap threshold port-string threshold_value 5. 24 Configuring Access Control Lists This chapter describes how to configure access control lists on the Fixed Switch platforms. Router 4 is configured as an ASBR connected to a RIP autonomous system. Use the following commands to review, re-enable, and reset the Spanning Tree mode. UsethiscommandtodisplayLLDPconfigurationinformation. Configured passwords are transmitted and stored in a one-way encrypted form, using a FIPS 140-2 compliant algorithm. 21 IPv4 Basic Routing Protocols This chapter describes how to configure the Routing Information Protocol (RIP) and the ICMP Router Discovery Protocol (IRDP). Enterasys C2H124-24 Switch Configuration manual PDF View/Download Therefore, a value of 7 is given the highest priority. Configuring IGMP Table 19-2 PIM Terms and Definitions (continued) Term Definition Rendezvous Point (RP) The root of a group-specific distribution tree whose branches extend to all nodes in the PIM domain that want to receive traffic sent to the group. By default, every bridge will have a FID-to-SID mapping that equals VLAN FID 1/SID 0. Remote port mirroring involves configuration of the following port mirroring related parameters: 1. If the running stack uses a ring stack topology, break the ring and make the stack cable connections to the new unit to close the ring. Thisexampleenablesmulticastfloodprotection. installation and programing guide and user manuals. MSTP and RSTP bridges receiving STP BPDUs will switch to use STP BPDUs when sending on the port connected to the STP bridge. Maximum bandwidth utilization takes place when all bridges participate on all VLANs. To start configuration, you want to connect the switch console to PuTTY. Creates a user policy profile that uses the user VLAN. trap | inform3 Unsolicited message sent by an SNMP agent to an SNMP manager when an event has occurred. Configuring ACLs C5(su)->router(Config)#show access-lists ipv6list1 ipv6list1 IPV6 access-list 1: deny icmpv6 2001:DB08:10::1/64 any 2: permit tcp 2001:db08:20::20/64 eq snmp any assign-queue 5 3: permit ipv6 2001:FFFF:30::30/64 any C5(su)->router(Config)#interface vlan 200 C5(su)->router(Config-if(Vlan 200))#ipv6 access-group ipv6list1 in C5(su)->router(Config-if(Vlan 200))#exit Configuring MAC ACLs Procedure 24-3 describes how to configure a MAC ACL. Understanding and Configuring Loop Protect Communicating port non-forwarding status through traps and syslog messages Disabling a port based on frequency of failure events Port Modes and Event Triggers Ports work in two Loop Protect operational modes. Thisexampleshowshowtoenableportwebauthentication: Table 26-8 show pwa Output Details (Continued). 3. Brand New server xeon lenovo ThinkSystem ST550 server tower The authentication server verifies the credentials and returns an Accept or Reject message back to the switch. 1. It is designed for use where there may be many devices communicating at the same time, and any one of the devices could be the sender at any particular time. Configured and maintained VPN products for establish IPsec (L2L . To determine if all these elements are in place, the SNMP agent processes a device configuration as follows: 1. Router: Calls the readers attention to router-specific commands and information. Network Engineering Description & Definition - EU-Vietnam Business ThisexampleshowshowtodisplayOSPFinformation: UsethiscommandtodisplaytheOSPFlinkstatedatabase. Extensible Authentication Protocol (EAP) A protocol that provides the means for communicating the authentication information in an IEEE 802.1x context. 3. An authentication key has to be trusted to be used with an SNTP server. With this operation, an SNMP manager does not need to know the exact variable name. Basic PIM-SM configuration includes the following steps: 1. Configure user authentication. Quality of Service Overview Figure 17-1 Is propagated through the network in the protocol packet header Assigning and Marking Traffic with a Priority The ICMP protocol, used for error messaging, has a low bandwidth requirement, with a high tolerance for delay and jitter, and is appropriate for a low priority setting. It can be enabled using the set security profile c2 command. Power over Ethernet Overview balance of power available for PoE. MAC lock traps Specifies whether SNMP traps associated with MAC locking will be sent. TACACS+ You can also configure TACACS+ to use a single TCP connection for all TACACS+ client requests to a given TACACS+ server. IPsec Configuration IPsec and IKE (Internet Key Exchange protocol) are defined for the RADIUS host application only. Configuring OSPF Areas Router 3(su)->router(Config-router)#area 0.0.0.1 stub no-summary Router 3(su)->router(Config-router)#area 0.0.0.1 default-cost 15 Router 5 Router 5(su)->router(Config)#router ospf 1 Router 5(su)->router(Config-router)#area 0.0.0.2 stub Router 5(su)->router(Config-router)#area 0.0.0.2 default-cost 15 Router 6 Router 6(su)->router(Config)#router ospf 1 Router 6(su)->router(Config-router)#area 0.0.0.2 stub Router 6(su)->router(Config-router)#area 0.0.0. interface {vlan vlan-id | loopback loopbackid } 2. Determine which ports will be connected to the DHCP server and configure them as trusted ports. The [state] option is valid only for S-Series and Matrix N-Series devices. Chapter 19, Configuring Multicast Configure VRRP. C5(rw)->set dhcp pool manual3 client-identifier 01:00:01:22:33:44:55 C5(rw)->set dhcp pool manual3 host 10.12.1.10 255.255.255.0 C5(rw)->set dhcp pool manual3 lease infinite Configuring Additional Pool Parameters Table 4-8 lists the commands that can be used to configure additional IP address pool parameters. All OSPF interface configuration commands are executed in router interface configuration mode. 10 Configuring User Authentication This chapter describes the user authentication methods supported by Enterasys fixed switch platforms. Load Balancer Configuration. Configuring PIM-SM PIM-SM is an advanced routing feature that must be enabled with a license key. Configuring Cisco Discovery Protocol Table 13-3 Enterasys Discovery Protocol Configuration Commands (continued) Task Command Reset Enterasys Discovery Protocol settings to defaults. A relay agent passes DHCP messages between clients and servers which are on different physical subnets. IPv6 Neighbor Discovery Neighbor Discovery Configuration Refer to Table 25-2 on page 25-4 for the default Neighbor Discovery values. Managing Switch Configuration and Files Images: ================================================================== Filename: b5-series_06.42.03.0001 Version: 06.42.03.0001 Size: 6856704 (bytes) Date: Tue Dec 14 14:12:21 2010 CheckSum: 043637a2fb61d8303273e16050308927 Compatibility: B5G124-24, B5G124-24P2, B5G124-48, B5G124-48P2, B5K125-24 B5K125-24P2, B5K125-48, B5K125-48P2 Filename: b5-series_06.61.01.0032 (Active) (Boot) Version: 06.61.01. The process described in this section would be repeated on every device that is connected in the network to ensure that each device has a secure management VLAN. Link Aggregation Configuration Example on each device is to ensure that LAGs form only where we configure them. Port Configuration Overview Table 8-1 Displaying Port Status Task Command Display whether or not one or more ports are enabled for switching. Configuring SNMP . Ultimate Pi-hole configuration guide, SSL . Table 9-1 show spantree Output Details, About GARP VLAN Registration Protocol (GVRP), Policy Classification Configuration Summary. IPv6 Routing Configuration -----------host host gateway ---------------------------------------FE80::201:F4FF:FE5C:2880/64 2001:DB8:1234:5555:201:F4FF:FE5C:2880/64 FE80::201:F4FF:FE5D:1234 Monitoring Network Connections Table 25-1 describes the tasks and commands used to monitor network connections at the switch level. MultiAuth mode Globally sets MultiAuth for this device. Reset password settings to default values. Table 14-1 Syslog Terms and Definitions Term Definition Enterays Usage Facility Categorizes which functional process is generating an error message. DHCP Snooping ------set system service-acl my-sacl deny ip-source 192.168.10.10 mask 255.255.255.255 service ssh priority 1 set system service-acl my-sacl permit port ge.1.1 priority 2 set system service-acl my-sacl permit port ge.1.2 priority 3 set system service-acl my-sacl permit ip-source 10.10.22. three times the maximum advertisement interval. proposal upon business . Table 14-7 show sntp Output Details, Table 15-1 RMON Monitoring Group Functions and Commands (Continued), Table 18-1 Enabling the Switch for Routing, Table 18-2 Router CLI Configuration Modes. Router R1 Router 1(su)->router(Config)#interface vlan 111 Router 1(su)->router(Config-if(Vlan 111))#ip address 172.111.1.1 255.255.255. Enterasys Switch Manuals and User Guides PDF Preview and Download Be sure that your serial connection is set properly: Baud rate: 115200 bps (for 5420, 5520, X435, X465, X590, X690, X695, and X870 models) Baud rate: 9600 bps (for other models) Data bits: 8 Stop bit: 1 Parity: none Flow control: none Uses information from the partner devices link aggregation control entity to decide whether to aggregate ports. Configuring RIP Table 21-1 Routing Protocol Route Preferences Route Source Default Distance Connected 0 Static 1 OSPF (Requires support for advanced routing features on the switch) 110 RIP 120 Also in router configuration mode, you can disable automatic route summarization with the no auto-summary command. Removing Units from an Existing Stack The hierarchy of the switches that will assume the function of backup manager is also determined in case the current manager malfunctions, is powered down, or is disconnected from the stack. User Authentication Overview When the maptable response is set to tunnel mode, the system will use the tunnel attributes in the RADIUS reply to apply a VLAN to the authenticating user and will ignore any Filter-ID attributes in the RADIUS reply. Configuring VLANs Procedure 9-1 Static VLAN Configuration (continued) Step Task Command(s) 7. The forward delay interval is the amount of time spent listening for topology change information after an interface has been activated for bridging and before forwarding actually begins. Older implementations required manual configuration. STP Operation STP Operation Enterasys switch devices support the Spanning Tree Protocol (STP), Rapid Spanning Tree Protocol (RSTP), and Multiple Spanning Tree Protocol (MSTP) as defined in the following standards and described in IEEE 802.1Q: IEEE 802.1D (Spanning Tree Protocol) IEEE 802.1w (Rapid Spanning Tree Protocol) IEEE 802.1s (Multiple Spanning Tree Protocol) IEEE 802.1t (Update to 802. Password Reset Button Functionality Procedure 5-3 Configuring System Password Settings (continued) Step Task Command(s) 2. C5(rw)->ping 10.10.10.1 10.10.10. Configuring Authentication Procedure 10-7 MultiAuth Authentication Timers Configuration Step Task Command(s) 1. Configuring SNMP enterasys(su)-> set snmp notify SNMPv3TrapGen tag v3TrapTag inform How SNMP Will Process This Configuration As described in How SNMP Processes a Notification Configuration on page 12-7, if the SNMP agent on the device needs to send an inform message, it looks to see if there is a notification entry that says what to do with inform messages. Syslog Components and Their Use The following sections provide greater detail on modifying key Syslog components to suit your enterprise. Table 25-5 show ipv6 ospf database Output Details. Refer to page Configuring RIP 21-1 Configuring IRDP 21-5 Configuring RIP Using RIP in Your Network The fixed switches support Routing Information Protocol (RIP) Version 1 and 2. Audited, designed, integrated, configured and tested LAN and WAN equipment such as Enterasys, juniper, alcatelvb switches, Routers. Configuring Syslog Modifying Syslog Server Defaults Unless otherwise specified, the switch will use the default server settings listed in Table 14-4 for its configured Syslog servers: Table 14-4 Syslog Server Default Settings Parameter Default Setting facility local4 severity 8 (accepting all levels) descr no description applied port UDP port 514 Use the following commands to change these settings either during or after enabling a new server. show system password 3. Display the current timeout period for aging learned MAC entries/ show mac agetime 3. Configuration IP ADDRESS on Enterasys for a VLAN All generated messages are eligible for logging to local destinations and to remote servers configured as Syslog servers. Spanning Tree version Set to mstp (Multiple Spanning Tree Protocol). By default, RIP version 2 supports automatic route summarization, which summarizes sub-prefixes to the classful network boundary when crossing network boundaries. TACACS+ Procedure 26-4 TACACS+ Configuration (continued) Step Task Command(s) 8. 1.4 IP switch Discovery MIB Port Device ge. Telnet Overview identifier configured in this example must be 01:00:01:22:33:44:55. Configuring IRDP Table 21-3 IRDP Default Values (continued) Parameter Description Default Value advertisement holdtime The length of time this advertised address should be considered valid. GARP Multicast Registration Protocol (GMRP) A GARP application that functions in a similar fashion as GVRP, except that GMRP registers multicast addresses on ports to control the flooding of multicast frames. Refer to the CLI Reference for your platform for command details. Project with a 2nd level client. Procedure 19-3 assumes VLANs have been configured and enabled with IP interfaces. Therefore, Router R2s interface 172.111.1.2 will be Master for VRID 2 handling traffic on this LAN segment sourced from subnets 172.111.64.0/18. Enterasys Networks N Standalone (NSA) Series : Switch Configuration Guide Hardware Installation Guide. Configuring PoE Class mode, in which the PoE controller manages power based on the IEEE 802.3af/.3at definition of the class limits advertised by the attached devices, with the exception that for class 0 and class 4 devices, actual power consumption will always be used. Configuring Syslog Displaying Current Application Severity Levels To display logging severity levels for one or all applications currently running on your device: show logging application {mnemonic|all} Example This example shows output from the show logging application all command. With cloud management, thousands of switch ports can be configured and monitored instantly over the web. Table 25-3 lists the tasks and commands. Port Configuration Overview maximum number of packets which can be received per second with the set port broadcast command: Maximum packet per second values are: 148810 for Fast Ethernet ports 1488100 for 1-Gigabit ports. Refer to the CLI Reference for your switch model for more information about each command. set telnet {enable | disable} [inbound | outbound | all] Inbound = Telnet to the switch from a remote device Outbound = Telnet to other devices from the switch 2. Configuring Switches in a Stack, About SecureStack C3 Switch Operation in a Stack, Installing a New Stackable System of Up to Eight Units, Installing Previously-Configured Systems in a Stack, Adding a New Unit to an Existing Stack Access Control Lists on the A4 A4(su)->router(Config)#access-list mac mymac permit 00:01:00:02:00:01 any assignqueue 2 A4(su)->router(Config)#show access-lists mymac mymac MAC access-list 1: deny 00-E0-ED-1D-90-D5 any 2: permit 00:01:00:02:00:01 any assign-queue 2 A4(su)->router(Config)#access-list interface mymac fe.1.2 in A4(su)->router(Config)#show access-lists interface fe.1.2 24-14 Port-string Access-list ----------- ----------- fe.1. DHCP Configuration IP Address Pools IP address pools must be configured for both automatic and manual IP address allocation by a DHCP server. Please consult the release notes or configuration guide to properly configure a static multicast Filter Database Entry for: 00-00-00-00-00-00 on vlan.0.123 . If single port LAG is enabled, a single port LAG can be created on this device. Procedure 18-2 Configuring sFlow Step Task Command(s) 1. 14 Configuring Syslog This chapter describes how System Logging, or Syslog, operates on Enterasys fixed stackable and standalone switches, and how to configure Syslog. Firmware V ers ion . Alternatively, you can specify only the interface to be used to contact the DHCPv6 server and the Fixed Switch device will use the DHCPV6-ALL-AGENTS multicast address (FF02::1:2) to relay DHCPv6 messages to the DHCPv6 server. macauthentication port Enables or disables MAC authentication on a port Disabled. 4. Some of these steps are also covered in Chapter 1, Setting Up a Switch for the First Time. 2 ipsourcesocket Classifies based on source IP address and optional post-fixed L4 TCP/UDP port. Terms and Definitions Configuring Dynamic Policy Assignment Configure the RADIUS server user accounts with the appropriate information using the Filter-ID attribute for faculty role members and devices. Functions and Features Supported on Enterasys Devices before their states are allowed to become forwarding. Policy Configuration Overview The following example creates a policy profile with a profile-index value of 1 and a profile name, student, that can be used by the RADIUS Filter-ID functionality: System(rw)->set policy profile 1 name student Setting a Default VLAN for a Role A default VLAN can be configured for a policy role. Terms and Definitions Table 15-11 Spanning Tree Terms and Definitions (continued) Term Definition Max age Maximum time (in seconds) the bridge can wait without receiving a configuration message (bridge hello) before attempting to reconfigure. Table 8-3 Link Flap Detection Show Commands Task Command Display whether the port is enabled for generating an SNMP trap message if its link state changes. 3. DHCP Configuration Procedure 4-5 DHCP Server Configuration on a Routing System Step Task Command(s) 1. ThisexampleshowshowtodisplayPIMinterfacestatistics. Disabled MAC lock Syslog messages Specifies whether Syslog messages associated with MAC locking will be sent. When send-on-violation is enabled, this feature authorizes the switch to send an SNMP trap message if an end station is connected that exceeds the maximum values configured using the set maclock firstarrival and set maclock static commands. Using the output of the show switch switchtype command, determine the switch index (SID) of the model of switch being configured. Switch# Switch#conf t Enterasys Matrix N Standalone (NSA) Series Configuration Guide Firmware Version 5.41.xx P/N 9034073-08 Rev. Do you want to continue (y/n) [n]? Dynamic VLAN authorization is not reflected in the show port vlan display. Refer to RFC 1157 for a full description of functionality. 6 Firmware Image and File Management This chapter describes how to download and install a firmware image file and how to save and display the system configuration as well as manage files on the switch. VLAN authorization status Enables or disables globally and per port VLAN authorization. I have enjoyed my solid commitment to this profession since 1997. with the switch, but you must provide your own RJ45 to RJ45 straight-through console cable. Managing IPv6 25-1 IPv6 Routing Configuration 25-3 IPv6 Neighbor Discovery 25-11 DHCPv6 Configuration 25-14 Managing IPv6 At the switch command level, you can: Enable or disable the IPv6 management function Configure the IPv6 host and default gateway addresses Monitor network connectivity By default, IPv6 management is disabled. Refer to page Syslog Operation By default, Syslog is operational on Enterasys switch devices at startup. show snmp counters Display SNMP engine properties. Per Port: Enabled.