set system power {redundant | nonredundant} redundant (default) The power available to the system equals the maximum output of the lowest rated supply (400W or 1200W). set macauthentication {enable | disable} 4. Table 13-2 LLDP Show Commands Task Command Display LLDP configuration information. Policy Configuration Overview Examples This example assigns a rule to policy profile 3 that will filter Ethernet II Type 1526 frames to VLAN 7: C5(su)->set policy rule 3 ether 1526 vlan 7 This example assigns a rule to policy profile 5 that will forward UDP packets from source port 45: C5(su)->set policy rule 5 udpsourceport 45 forward This example assigns a rule to policy profile 1 that will drop IP source traffic from IP address 1.2.3.4, UDP port 123. To enable an interface, including VLAN, tunnel, and loopback interfaces, for IPv6 routing, in router interface configuration mode: Use the ipv6 address command to configure a global IPv6 address on an interface. Procedure 19-3 assumes VLANs have been configured and enabled with IP interfaces. Otherwise, it operates in limited functional (standard) mode. A code example follows the procedure. However, IPv6 natively provides for auto-configuration of IP addresses through the IPv6 Neighbor Discovery Protocol (NDP) and the use of Router Advertisement messages. Configuring VRRP Table 23-1 Default VRRP Parameters (continued) Parameter Description Default Value advertise-interval Specifies the interval between the advertisement the master sends to other routers participating in the selection process. You can use the following commands to review and, if necessary, change the edge port detection status on the device and the edge port status of Spanning Tree ports. A typical situation occurs when a host requests an IP address with no DHCP server located on that segment. For example, for a network with the address 192.168.0.0/16, the directed broadcast address would be 192.168.255.255. Figure 23-3 Multi-Backup VRRP Configuration Example 172.111.0.0/18 Default Gateway 172.111.1.1 ge.1.1 VLAN 111 172.111.1.1/16 172.111.128.0/18 Default Gateway 172.111.1.150 172.111.64.0/18 Default Gateway 172.111.1.50 VRID 1 172.111.1.1 VRID 2 172.111.1.50 VRID 3 172.111.1.150 Router R1 ge.1.1 VLAN 111 172.111.1.2/16 Router R2 ge.1.2 172.200.2. All generated messages are eligible for logging to local destinations and to remote servers configured as Syslog servers. Port advertised ability Maximum ability advertised on all ports. Database contains 1 Enterasys C5K175-24 Manuals (available for free online viewing or Page 1 Matrix V-Series V2H124-24P Fast Ethernet Switch Hardware . Set the minimum rate (in packets per second) of transmitted packets in a sampling interval. Enabling DVMRP globally on the device and on the VLANs. Configuring IGMP Table 19-4 Layer 3 IGMP Configuration Commands Task Command Set the maximum response time being inserted into group-specific queries sent in response to leave group messages. show port status [port-string] Display port counter statistics detailing traffic through the device and through all MIB2 network devices. The alternate ports are blocking. set port discard port-string {tagged | untagged | none | both} 8. UsethiscommandtodisplaythesystemIPaddressandsubnetmask. Enterasys switches are great products to work with and anyone familiar and comfortable with any CLI interface will be at home working with the Enterasys products. Port Configuration Overview Table 8-1 Displaying Port Status Task Command Display whether or not one or more ports are enabled for switching. Uses information from the partner devices link aggregation control entity to decide whether to aggregate ports. If the running stack uses a ring stack topology, break the ring and make the stack cable connections to the new unit to close the ring. This selection will leave stacking priorities on all other units. 2. show rmon event set rmon event properties set rmon event status clear rmon event Filter Allows packets to be matched by a filter definition. Table 14-7 show sntp Output Details, Table 15-1 RMON Monitoring Group Functions and Commands (Continued), Table 18-1 Enabling the Switch for Routing, Table 18-2 Router CLI Configuration Modes. VRRP is available only on those fixed switch platforms that support advanced routing and on which an advanced feature license has been enabled. Understanding and Configuring Loop Protect Enabling or Disabling Loop Protect Event Notifications Loop Protect traps are sent when a Loop Protect event occurs, that is, when a port goes to listening due to not receiving BPDUs. Optionally, delete an entire ACL or a single rule or range of rules. Please consult the release notes or configuration guide to properly configure a static multicast Filter Database Entry for: 00-00-00-00-00-00 on vlan.0.123 . To use the ping commands, configure the switch for network (in-band) connection. ToenableandconfiguretheOpenShortestPathFirst(OSPF)routingprotocol. The message is forwarded on all trusted interfaces in the VLAN. Chapter 23, Configuring VRRP Configure IPv6 Chapter 25, Configuring and Managing IPv6 Security and General Management Configure Access Control Lists (ACLs). A numeric and mnemonic value for each application is listed with the severity level at which logging has been configured and the server(s) to which messages will be sent. Configuring RMON This section provides details for the configuration of RMON on the Fixed Switch products. Such a group, together with the routers having interfaces to any one of the included networks, is called an area. Understanding and Configuring SpanGuard Monitoring MSTP Use the commands in Table 15-8 to monitor MSTP statistics and configurations on stackable, and standalone switch devices. Type8tosettheswitchbaudrateto115200.Thefollowingmessagedisplays: Usethiscommandtodisplaythesystemconfigurationorwritetheconfigurationtoafile. Forwarding is enabled by default ipv6 forwarding Set the value of the hop limit field in IPv6 packets originated by this device. Service ACLs Table 26-8 TACACS+ Show Commands (continued) Task Command Displays only the current TACACS+ session settings. The policy VLAN will always be used unless an Ether type-to-VLAN classification rule exists and is hit. Configuring PIM-SM on the device and on the VLANs. Sets the number of users to 2 on all the user ports. All operational ports which are not root, alternate or backup are designated ports. An authentication key has to be trusted to be used with an SNTP server. Telnet Overview on page 4-23 Configure the Secure Shell V2 (SSHv2) client and server. Configuring ACLs Port-string ----------ge.1.29 Access-list ----------121 Configuring ACLs This section provides procedures and examples for configuring IPv4, IPv6, and MAC ACLs. Both ends of the cable are isolated with transformers blocking any DC or common mode voltage on the signal pair. If two supplies are installed in redundant mode, system power redundancy is guaranteed if one supply fails. 26 Configuring Security Features This chapter. Quality of Service (QoS) configuration on Enterasys switches is usually done via policies. Switch Configuration Using CLI Commands Guidelines for Rackmount Installation Attaching Brackets and Installing in Rack About SecureStack Switch Operation in a Stack 44 Recommended Procedures to Install New and Existing Stacks Installing a New Stackable System of Up to Eight Switches Adding a New Switch to an Existing Stack Important The final tie breaker is the receiving port ID. STP allows for the automatic reconfiguration of the network. set vlan create vlan-id Create a routed interface for the VLAN in router configuration mode. MSTI Multiple Spanning Tree Instance. (For example: security or traffic broadcast containment). This configuration requires a charging circuit to charge the DC capacitors of the modules in a controlled way. Downloading Firmware via the Serial Port Boot Menu Version 06.61.xx 12-09-2011 Options available 1 - Start operational code 2 - Change baud rate 3 - Retrieve event log using XMODEM (64KB). Refer to the CLI Reference for your platform for more information about the commands listed below. 4. Fiber ports always have a status of MDIX. IPv6 Routing Configuration C5(su)->router(Config)#show ipv6 interface vlan 100 Vlan Vlan IPv6 IPv6 100 Administrative Mode 100 IPv6 Routing Operational Mode is Prefix is Enabled Enabled Enabled FE80::211:88FF:FE55:4A7F/128 3FFE:501:FFFF:101:211:88FF:FE55:4A7F/64 Routing Mode Enabled Interface Maximum Transmit Unit 1500 Router Duplicate Address Detection Transmits 1 Router Advertisement NS Interval 0 Router Advertisement Lifetime Interval 1800 Router Advertisement Reachable Time 0 Router Advertisement Min. Testing Network Connectivity Configuring Static Routes Procedure 20-3 lists the commands to configure a static route. Optionally, choose to discard tagged or untagged, (or both) frames on selected ports. Optionally, remove a static route. When bridges are added to or removed from the network, root election takes place and port roles are recalculated. When a faculty member authenticates through the RADIUS server, the name of the faculty policy is returned in the RADIUS Access-Accept response message and that policy is applied by the switch to the faculty user. An ABR keeps a separate copy of the link-state database for each area to which it is connected. User Manuals, Guides and Specications for your Enterasys C5K175-24 Switch. i . Procedure 4-4 DHCP Server Configuration on a Non-Routing System Step Task Command(s) 1. Configuring Authentication Optionally Enable Guest Network Privileges With PWA enhanced mode enabled, you can optionally configure guest networking privileges. The matching criteria available is determined based upon whether the ACL is a standard or extended IPv4 ACL, an IPv6 ACL, or a MAC ACL. Configuring LLDP Table 13-1 13-8 LLDP Configuration Commands (continued) Task Command Enable or disable transmitting and processing received LLDPDUs on a port or range of ports. VACM View-based Access Control Model, which determines remote access to SNMP managed objects, allowing subsets of management information to be organized into user views. Quality of Service Overview Figure 17-4 Hybrid Queuing Packet Behavior Rate Limiting Rate limiting is used to control the rate of traffic entering (inbound) a switch per CoS. Rate limiting allows for the throttling of traffic flows that consume available bandwidth, in the process providing room for other flows. Quality of Service Overview Figure 17-1 Is propagated through the network in the protocol packet header Assigning and Marking Traffic with a Priority The ICMP protocol, used for error messaging, has a low bandwidth requirement, with a high tolerance for delay and jitter, and is appropriate for a low priority setting. You can choose to reset the system to use the new firmware image immediately, or you can choose to only specify the new image to be loaded the next time the switch is rebooted. DHCP Configuration Table 4-7 Default DHCP Server Parameters Parameter Description Default Value Number of ping packets Specifies the number of ping packets the DHCP server sends to an IP address before assigning the address to a requesting client 2 packets Configuring DHCP IP Address Pools This section provides procedures for the basic configuration of automatic (dynamic) and manual (static) IP address pools, as well as a list of the commands to configure other optional pool parameters. Procedure 12-2 SNMPv3 Configuration Step Task Command(s) 1. (Optional) Use the CLI to verify the port mirroring instance has been deleted as shown in the following example: C5(su)->show port mirroring No Port Mirrors configured. TACACS+ Procedure 26-3 MAC Locking Configuration (continued) Step Task Command(s) 7. Configure the IP address of the sFlow Collector being configured. Creates a policy profile for the phones and a policy rule that maps tagged frames on the user ports to that policy profile. A Fixed Switch device uses one OSPF router process that can be any number between 1 and 65535. Type router, then C5(su)->router> Type enable. Configuring Enterasys Discovery Protocol System(rw)->set lldp port tx-tlv med-loc ge.1.1-6 LLDP Display Commands Table 13-2 lists LLDP show commands. In our example, the admin keys for all LAGs are set to the highest configurable value of 65535. Bookmark File PDF Enterasys C2g124 24 User Guide Manuals & User Guides. 1. Note: You must be logged in to the Enterasys device with read-write access rights to use the commands shown in this procedure. 2. In router configuration mode, optionally disable automatic route summarization (necessary for enabling CIDR). Use the clear port broadcast command to return broadcast threshold settings to the default of 14881 packets per second. The default setting is auto. index DisplaytheconfigurationoftheTACACS+serveridentifiedbyindex. Configuring Authentication Note: User + IP Phone authentication is not supported on the I-Series With User + IP Phone authentication, the policy role for the IP phone is statically mapped using a policy admin rule which assigns any frames received with a VLAN tag set to a specific VID (for example, Voice VLAN) to a specified policy role (for example, IP Phone policy role). User Authentication Overview Figure 10-3 Selecting Authentication Method When Multiple Methods are Validated SMAC=User 1 SMAC=User 2 SMAC=User 3 Switch MultiAuth Sessions Auth. (Not applicable for super user accounts.) The SNTP authentication key is associated with an SNTP server using the set sntp server command. Audited, designed, integrated, configured and tested LAN and WAN equipment such as Enterasys, juniper, alcatelvb switches, Routers. VLAN authorization status Enables or disables globally and per port VLAN authorization. If Router R1 should become unavailable, Router R2 would take over virtual router VRID 1 and its associated IP addresses. Optionally, set the GARP join, leave, and leaveall timer values. See Procedure 20-2 on page 20-4. ip address ip-address ip-mask [secondary] 2. Further, if a BPDU timeout occurs on a port, its state becomes listening until a new BPDU is received. Procedure 18-2 Configuring sFlow Step Task Command(s) 1. Those who are familiar with Enterasys switches know that the Extreme XOS CLI is vastly different from the Enterasys line of products however the XOS CLI is the way forward for the future of Extreme, so we might as well get used to the syntax for XOS as opposed to the Enterasys OS or EOS. The end stations in each building connect to a switch on the bottom floor. IP packets are not encapsulated in any further protocol headers as they transit the Autonomous System (AS). Enable OSPF in the interface. It provides the performance and reliability you expect from the data center, but optimized for office environments, with physical security and whisper-quiet operation. Database contains 1 Enterasys S8-Chassis Manuals (available for free online viewing or downloading in PDF): Hardware installation manual . All configurations required for Q-SYS can be set this way. The reader should in all cases consult Enterasys Networks to determine whether any such changes have been made. Quality of Service Overview There are up to four areas of CoS configuration depending on what type of hardware resource you want to configure. RMON Table 18-1 RMON Group Event RMON Monitoring Group Functions and Commands (continued) What It Does What It Monitors CLI Command(s) Controls the generation and notification of events from the device. area area-id virtual-link router-id Refer to Configuring Area Virtual-Links on page 22-12 for more information. Also described in this chapter are port link flap detection, port mirroring, and transmit queue monitoring and how to configure them. The stackable fixed switch and standalone fixed switch devices support MAC-based authentication. Enterasys->show spantree nonforwardingreason port lag.0.2 Port lag.0.2 has been placed in listening or blocking state on SID 0 by the LoopProtect feature. ThisexampleshowshowtodisplayallOSPFrelatedinformationfortheVLAN6interface: Tabl e 209providesanexplanationoftheshowippimsminterfacevlancommandoutput. macauthentication port Enables or disables MAC authentication on a port Disabled. Configuring Cisco Discovery Protocol 13-14 Configuring Neighbor Discovery. If there is still a tie, these ports are connected via a shared medium. If these assumptions are not true, please refer to Chapter 1, Setting Up a Switch for the First Time for more information. For example, to set the console port baud rate to 19200: C5(su)->set console baud 19200 VT100 Terminal Mode VT100 terminal mode supports automatic console session termination on removal of the serial connection (vs. timeout). Important Notice Depending on the firmware version used on your Fixed Switch platform, some features described in this document may not be supported. 5 seconds transmit delay Specifies the number of seconds it takes to transmit a link state update packet over this interface. Service ACLs Restricting Management Access to the Console Port You can restrict access to system management to the switchs serial port only. In any case, note that the stackable switch does not support the output algorithm feature. It also makes management secure by preventing configuration through ports assigned to other VLANs. Users on all ports will attempt to authenticate. Basic PIM-SM configuration includes the following steps: 1. Boot up the switch. The power available for PoE is 150W. PIM-SM adopts RPF technology in the join/prune process. Ensuring that FTP/TFTP file transfers and firmware upgrades only originate from authorized file and configuration management servers. Creates a CoS setting of index 55. Chapter 22, Configuring OSPFv2 Configure multicast protocols IGMP, DVMRP, and PIM, and general multicast parameters. RMON Procedure 18-1 Configuring Remote Network Monitoring (continued) Step Task Command(s) 8. Configure RADIUS user accounts on the authentication server for each device. Configuring MSTP Figure 15-12 Traffic Segregation in an MSTP Network Configuration Bridge C VLAN 10 ge.1.2 ge.1.1 MAC Address: 00-00-00-00-00-03 All Priority = 32768 VLAN 10 SID 1 Port Path Cost = 1 Bridge D VLAN 10 ge.1.1 ge.1.2 VLAN 10 MAC Address: 00-00-00-00-00-04 All Priority = 32768 ge.1.1 ge.1.2 ge.1.1 ge.1.2 ge.1.3 ge.1.4 ge.1.3 ge.1.4 Bridge A Bridge B MAC Address: 00-00-00-00-00-01 All Priority = 4096 MAC Address: 00-00-00-00-00-02 All Priority = 8192 Bridge E ge.1.2 ge.1. Monitoring MSTP 15-29 Example 1: Configuring MSTP for Traffic Segregation This example illustrates the use of MSTP for traffic segregation by VLAN and SID. Set to 30 seconds for non-broadcast networks. System(su)->show port ratelimit fe.1.1 Global Ratelimiting status is disabled. Setting target parameters to control the formatting of SNMP notification messages 5. For example: C5(su)->dir Images: ================================================================== Filename: c5-series_06.42.06.0008 Version: 06.42.06. C5(su)->router(Config)#show access-lists 121 Extended IP access list 121 1: deny ip 10.0.0.1 0.0.255. Configuring PIM-SM Basic PIM-SM Configuration By default, PIM-SM is disabled globally on Enterasys fixed switches and attached interfaces. Lockout is configured at the system level, not at the user account level. Configuration Guide Firmware Version 6.03.xx.xxxx. You may want to set a rate limit that would guard against excessive streaming. Neighbor Discovery Overview Figure 13-1 Communication between LLDP-enabled Devices Discovery MIB Port Device ge. Licensing Procedure in a Stack Environment. Optionally, save the configuration to a backup file named myconfig in the configs directory and copy the file to your computer using TFTP. Tabl e 112providesanexplanationofthecommandoutput. (See Overview on page 18-12 for more information.) Configuration Examples Enabling a Server and Console Logging Procedure 14-1 shows how you would complete a basic Syslog configuration. Display the system lockout settings show system lockout 6. GVRP must be enabled to allow creation of dynamic VLANs. Set a new hello time interval: set spantree hello interval Valid interval values are 110. (The ports are in the ConfigMismatch state.) The hosts are configured to use 172.111.1.1/16 as the default route. Reset the MultiAuth authentication idle timeout value to its default value for the specified authentication method. Do you want to continue (y/n) [n]? solution review from network and security perspective. IPv6 Routing Configuration Enabling an Interface for IPv6 Routing In addition to enabling an interface for routing, you must enable unicast routing on the switch with the ipv6 unicast-routing command in global router configuration mode. DHCP Configuration C5(su)->router(Config)#exit C5(su)->router#exit C5(su)->router>exit C5(su)->set dhcp enable C5(su)->set dhcp pool autopool2 network 6.6.0.0 255.255.0.0 Managing and Displaying DHCP Server Parameters Table 4-6 lists additional DHCP server tasks. IPv6 Routing Configuration Router R2 R2(su)->router R2(su)->router>enable R2su)->router#configure Enter configuration commands: R2(su)->router(Config)#interface vlan 20 R2(su)->router(Config-if(Vlan 20))#ip address 195.167.20.1 255.255.255.0 R2(su)->router(Config-if(Vlan 20))#no shutdown R2(su)->router(Config-if(Vlan 20))#exit R2(su)->router(Config)#interface tunnel 10 R2(su)->router(Config-if(Tnnl 101))#ipv6 address 2001:db8:111:1::20/127 R2(su)->router(Config-if(Tnnl 101))#tunnel source 195.167.20. 4. Port Slot/Unit Parameters Used in the CLI. Here is the Enterasys MST configs: C2 (rw)->show spantree mstilist Configured Multiple Spanning Tree Instances: 11 12 C2 (rw)->show spantree mstcfgid MST Configuration Identifier: Format Selector: 0 Configuration Name: LKS Revision Level: 1 Configuration Digest:c8:02:17:44:25:20:9e:ea:66:13:94:79:6a:f4:c5:96 C2 (rw)-> C2 (rw)->show spantree mstmap Removing Units from an Existing Stack The hierarchy of the switches that will assume the function of backup manager is also determined in case the current manager malfunctions, is powered down, or is disconnected from the stack. Ports used to authenticate and authorize supplicants utilize access entities that maintain entity state, counters, and statistics for an individual supplicant. Configuring VLANs the device. When changing between Normal and FIPS mode, a system reboot is required, indicated by a warning message: Warning: Changing the security profile requires system reset. CoS Hardware Resource Configuration 4 4 * * enabled 5 5 * * enabled 6 6 * * enabled 7 7 * * enabled Use the show cos port-resource flood-ctrl command to display the flood control unit and rate to flood control resource mapping: System(su)->show cos port-resource flood-ctrl 1.0 '?' 9 Configuring VLANs This chapter describes how to configure VLANs on Enterasys fixed stackable and standalone switches. Graft messages are sent upstream hop-by-hop until the multicast tree is reached. Configuring IRDP 21-8 IPv4 Basic Routing Protocols. Link aggregation is standards based allowing for interoperability between multiple vendors in the network. The VLAN authorization table will always list any tunnel attributes VIDs that have been received for authenticated end systems, but a VID will not actually be assigned unless VLAN authorization is enabled both globally and on the authenticating port. Configuring Authentication Table 10-1 Default Authentication Parameters (continued) Parameter Description Default Value realm Specifies authentication server configuration scope. Counter samples may be taken opportunistically in order to fill these datagrams. C5(su)->router C5(su)->router>enable C5(su)->router#configure Enter configuration commands: C5(su)->router(Config)#router rip C5(su)->router(Config-router)#exit C5(su)->router(Config)#interface vlan 1 C5(su)->router(Config-if(Vlan 1))#ip address 192.168.63.1 255.255.255. It also assumes that the network has a TFTP or SFTP server to which you have access. Configuring Policy Table 16-5 on page 16-11 describes how to display policy information and statistics.