enterasys switch configuration guide

set dhcpsnooping enable 2. Please consult the release notes or configuration guide to properly configure a static multicast Filter Database Entry for: 00-00-00-00-00-00 on vlan.0.123 . Hermgenes Tavares - ITUCS - Unified Communications Specialist and RPs provide a place for receivers and senders to meet. Port Traffic Rate Limiting You can mix WRR and SP by assigning SP to the higher numbered queues and assigning WRR to the lower numbered queues, making sure that the values assigned to the WRR queues totals 100 percent. Create an SNMPv3 user and specify authentication, encryption, and security credentials. Configuration Examples Enabling a Server and Console Logging Procedure 14-1 shows how you would complete a basic Syslog configuration. IP interfaces Disabled with no IP addresses specified. Connect the Switch to PuTTY. Configuration of normal port mirroring source ports and one destination port on all switches, as described above. Two PoE modules are installed. A value of 0 means that two consecutive SPF calculations are performed one immediately after the other. Basic Switch Configuration - YouTube Configuring Syslog If, for any reason, an event that is to be sent to the secure log gets dropped, resulting in the failure to record the event, an SNMP trap will be generated. Configure RADIUS user accounts on the authentication server for each device. Security audit logging is enabled or disabled with the command set logging local. 2. Those who are familiar with Enterasys switches know that the Extreme XOS CLI is vastly different from the Enterasys line of products however the XOS CLI is the way forward for the future of Extreme, so we might as well get used to the syntax for XOS as opposed to the Enterasys OS or EOS. ENTERASYS SECURESTACK C3 CONFIGURATION MANUAL Pdf Download A typical situation occurs when a host requests an IP address with no DHCP server located on that segment. Configuring the Router ID OSPF initially assigns all routers a router ID based on the highest loopback IP address of the interfaces configured for IP routing. Most of the procedures assume that you are configuring a single switch that has not been connected to a network, and they require that you have physical access to the console port on the switch. engine ID A value used by both the SNMPv3 sender and receiver to propagate inform notifications. LLDP-MED extension TLVs: Capabilities Indicates the network connectivity devices capabilities. area area-id virtual-link router-id Refer to Configuring Area Virtual-Links on page 22-12 for more information. Port Mirroring Table 8-4 Transmit Queue Monitoring Tasks Task Command Configure the time interval, in seconds, that ports disabled by the transmit queue monitoring feature remain disabled. STP Operation STP Operation Enterasys switch devices support the Spanning Tree Protocol (STP), Rapid Spanning Tree Protocol (RSTP), and Multiple Spanning Tree Protocol (MSTP) as defined in the following standards and described in IEEE 802.1Q: IEEE 802.1D (Spanning Tree Protocol) IEEE 802.1w (Rapid Spanning Tree Protocol) IEEE 802.1s (Multiple Spanning Tree Protocol) IEEE 802.1t (Update to 802. ip address ip-address ip-mask [secondary] 3. Stackable Switches Configuration Guide Firmware Version 6.03.xx.xxxx P/N 9034313-07. i Notice Enterasys Networks reserves the right to make changes in specifications and other information contained in this document and its web site without prior notice. show snmp engineid Display SNMP group information. set snmp user user [remote remoteid] [privacy privpassword] [authentication {md5 | sha}] [authpassword] If remote is not specified, the user will be registered for the local SNMP engine. show system password 3. Systems incident management. If you want to change the default timeout value for a specific server or all servers, you must enter the set tacacs server command using the timeout parameter. Configuring ACLs Procedure 24-2 Configuring IPv6 ACLs (continued) Step Task Command(s) 3. Managing Switch Configuration and Files Caution: If you do not follow the steps above, you may lose remote connectivity to the switch. vlanvlanid (Optional)SpecifiestheinterfaceforwhichtoclearDHCPv6statistics. The switch can enforce a password aging interval on a per-user basis (set system login aging). Basic PIM-SM configuration includes the following steps: 1. Procedures Perform the following steps to configure and monitor port mirroring using SMON MIB objects. Thisexampleillustratestheoutputofthiscommandusingtheadvrouterparameter. Once the desired master unit has been selected, reset the system using the reset command. The default value of 0 may be administratively changed. Configuring MSTP Figure 15-14 Maximum Bandwidth in an MSTP Network Configuration Bridge A Bridge B SID 86 Priority = 4096 SID 99 Priority = 32768 SID 86 Priority = 32768 SID 99 Priority = 4096 ge.1.3 ge.1.1 ge.1.3 ge.1.2 ge.1.1 ge.1.1 ge.1.2 ge.1.2 ge.1.2 ge.1. Note: If this switch will be added to an existing stack, you should install the primary and backup firmware versions that are currently installed on the stack units. The following example applies two different license keys to members of the stack. Configuration Procedures 22-20 Configuring OSPFv2. This example, which sets the new VLAN as VLAN 2, assumes the management station is attached to ge.1.1, and wants untagged frames. Important Notice Depending on the firmware version used on your Fixed Switch platform, some features described in this document may not be supported. 13 Configuring Neighbor Discovery This chapter describes how to configure the Link Layer Discovery Protocol (LLDP), the Enterasys Discovery Protocol, and the Cisco Discovery Protocol on Enterasys fixed stackable and standalone switches. ThisexampleshowshowtodisplaystatisticsforVLAN80. Set the Tunnel-Private-Group-ID attribute parameters as follows: Type: Set to 81 for Tunnel-Private-Group-ID RADIUS attribute Length: Set to a value greater than or equal to 3. Basic OSPF Topology Configuration To elect a DR from a host of candidates on the network, each router multicasts a hello packet and examines the priority of hello packets received from other routers. Neighbor Discovery Overview Figure 13-3 Frame Format IEEE 802.3 LLDP frame format LLDP Ethertype Data + pad MAC address 88-CC LLDPDU FCS 6 octets 2 octets 1500 octets 4 octets DA SA LLDP_Multicast address 6 octets LLDPDU format Chassis ID TLV Port ID TLV (M) (M) Time to Live TLV (M) Optional TLV Configuring LLDP Maximum Frame Size Advertises the maximum supported 802.3 frame size of the sending station. The key is an alphanumeric string of up to 8 characters. Both: management-access and network-access. Both types of samples are combined in sFlow datagrams. Enterasys Networks, Inc. declares that the equipment packaged with this notice conforms to the above directives. Optionally, save the configuration to a backup file named myconfig in the configs directory and copy the file to your computer using TFTP. Refer to the CLI Reference for your platform for command details. DHCP Snooping Table 26-9 DHCP Snooping Default Parameters (continued) Parameter Default Setting Burst interval 1 second Managing DHCP Snooping Table 26-10 on page 21 lists the commands to display DHCP snooping information. Though it is possible to configure policy from the CLI, CLI policy configuration in even a small network can be prohibitively complex from an operational point of view. The trap indicates port, SID and loop protection status. Attempting to map a router ACL to a host service will fail. clear multiauth idle-timeout auth-method 3. set snmp community community_name 2. Table 11-3 lists link aggregation parameters and their default values. OSPF adjacencies can not be formed on a passive interface. set ipsec encryption {3des | aes128 | aes192 | aes256} 4. SEVERABILITY. Use the disconnect command to close a console or Telnet session. 19 Configuring Multicast This chapter describes the multicast features supported by the Enterasys fixed switches. 1. Policy Configuration Overview Table 16-2 Policy Rule Traffic Descriptions/Classifications Traffic Classification Precedence Level Description macsource Classifies based on MAC source address. Access Control Lists on the A4 A4(su)->router#configure Enter configuration commands: A4(su)->router(Config)#access-list 101 deny ip host 192.168.10.10 any A4(su)->router(Config)#access-list 101 deny ip host 164.108.20.20 host 164.20.40.40 A4(su)->router(Config)#access-list 101 ip permit host 148.12.111.1 any assignqueue 5 A4(su)->router(Config)#show access-lists 101 Extended IP access list 101 1: deny ip host 192.168.10.10 any 2: deny ip host 164.108.20.20 host 164.20.40.40 3: permit ip host 148.12.111. After the stack has been configured, you can use the show switch unit command to physically identify each unit. 14 Configuring Syslog This chapter describes how System Logging, or Syslog, operates on Enterasys fixed stackable and standalone switches, and how to configure Syslog. Setting target addresses to control where SNMP notifications are sent 6. . RADIUS looks up the user account for that user based upon the SMAC. ThiscommanddisplaysIPv6NeighborCacheinformation. This. Revision Level Two octets in length. context A subset of MIB information to which associated users have access rights. Configuring IPv4 ACLs Procedure 24-1 describes how to configure IPv4 standard and extended ACLs. 1.2 IP phone ge. [egress-vlans egressvlans] forbidden-vlans (Optional) Specifies the port to which this policy profile is applied should be added as forbidden to the egress list of the VLANs defined with this parameter. A6500-RC EMERSON16-Channel Output Relay - EMERSON Xiamen xiongba e Auto-negotiation is enabled by default. Link Aggregation Configuration Example Table 11-6 LAG and Physical Port Admin Key Assignments Device LAG LAG Admin Key Physical Port Physical Port Admin Key S8 Distribution Switch 1 100 ge.1.1 100 ge.2.1 100 ge.3.1 100 ge.4.1 100 ge.1.2 200 ge.2.2 200 ge.3.2 200 ge.4.2 200 ge.1.21 100 ge.1.22 100 ge.2.23 100 ge.3.24 100 ge.1.21 200 ge.1.22 200 ge.1.23 200 ge.1.24 200 ge.2.17 300 ge.2.19 300 ge.2.22 300 ge.2. the show arp command to display the link level ARP table. Spanning Tree Basics Figure 15-8 MSTI 1 in a Region CIST Root 1 MSTI 1 2 5 MST CIST Regional Root 3 4 MSTI 1 Regional Root Legend: Physical Link Blocked VLANs Figure 15-9 MSTI2 in the Same Region MSTI 2 1 5 MST CIST Regional Root 3 2 MSTI 2 Regional Root 4 Legend: Physical Link Blocked VLANs Figure 15-10 on page 15-19 shows 3 regions with five MSTIs. Premium Edge The S-Series Edge Switch will be rate-limited using a configured CoS that is applied to the services and phoneES policy role. Configuring Authentication Note: User + IP Phone authentication is not supported on the I-Series With User + IP Phone authentication, the policy role for the IP phone is statically mapped using a policy admin rule which assigns any frames received with a VLAN tag set to a specific VID (for example, Voice VLAN) to a specified policy role (for example, IP Phone policy role). In our example, the admin keys for all LAGs are set to the highest configurable value of 65535. Legacy Protocols If IPX, AppleTalk, DECnet or other protocols should no longer be running on your network, prevent clients from using them. Ports assigned to a new port group cannot belong to another non-default port group entry and must be comprised of the same port type as defined by the port group you are associating it with. Display the current password settings. Table 8-3 Link Flap Detection Show Commands Task Command Display whether the port is enabled for generating an SNMP trap message if its link state changes. The Filter-ID for that user is returned to the switch in the authentication response, and the authentication is validated for that user. Create a DHCPv6 pool and enter pool configuration mode for that pool. ThisexampleclearsDHCPv6statisticsforVLAN80. I have over twenty years of experience working in the Information Systems Management field. 4. ARP requests are flooded in the VLAN. Use this command to enable or disable Loop Protect event notification. Authentication Configuration Example Authentication Configuration Example Our example covers the three supported stackable and fixed switch authentication types being used in an engineering group: end-user stations, an IP phone, a printer cluster, and public internet access. Configuring PoE Refer to the switchs CLI Reference Guide for more information about each command. Enabling DVMRP globally on the device and on the VLANs. Can be no less than the max advertisement interval. Using Multicast in Your Network 1. . Basic OSPF Topology Configuration Router 1(su)->router(Config-if(Vlan 1))#ip ospf areaid 0.0.0.1 Router 1(su)->router(Config-if(Vlan 1))#ip ospf enable Router 1(su)->router(Config-if(Vlan 1))#exit Router 2 CLI Input Router 2(su)->router(Config)#interface vlan 1 Router 2(su)->router(Config-if(Vlan 1))#ip ospf priority 10 Router 2(su)->router(Config-if(Vlan 1))#ip ospf areaid 0.0.0. BEFORE OPENING OR UTILIZING THE ENCLOSED PRODUCT, CAREFULLY READ THIS LICENSE AGREEMENT. Using Multicast in Your Network Figure 19-3 DVMRP Pruning and Grafting Source DVMRP Multicast Multicast Traffic Graft Prune Prune* IGMP Join * Prune before new host was added New Host Existing Host Protocol Independent Multicast (PIM) Overview PIM dynamically builds a distribution tree for forwarding multicast data on a network. PDF ManualsLib - Makes it easy to find manuals online! Policy Configuration Example Policy Configuration Example This section presents a college-based policy configuration example. After you have established your connection to the switch, follow these steps to download the latest firmware: 1. On I-Series only, display contents of memory card. Table 15-2 provides a summary of STP port roles. Extreme Summit XOS Basic Initial Switch Configuration If not specified, timeout will be set to 1500 (15 seconds). The highest valid port number is dependent on the number of ports in the device and the port type. Figure 10-4 provides an overview of the fixed switch authentication configuration. 4. Using Multicast in Your Network Figure 19-4 PIM Traffic Flow 7 3 1 DR RP Source 5 4 2 6 Last Hop Router Receiver 1. Configuring STP and RSTP set spantree portpri port-string priority [sid sid] Valid priority values are 0240 (in increments of 16) with 0 indicating high priority. 3. Optionally, enable the aging of first arrival MAC addresses on a port or ports. Frames will egress as tagged. Table 25-7 show ipv6 ospf interface Command Output Details (Continued). priority Sets which ports continue to receive power in a low power situation. Syslog Components and Their Use The following sections provide greater detail on modifying key Syslog components to suit your enterprise. Note: Globally enabling 802.1x on a switch sets the port-control type to auto for all ports. Link Aggregation Overview Single Port Attached State Rules By default, a LAG must contain two or more actor and partner port pairs for the LAG to be initiated by this device. 1 second hello interval The period between transmissions of hello packet advertisements. Enable ARP inspection on the VLANs where clients are connected, and optionally, enable logging of invalid ARP packets. Understanding and Configuring Loop Protect Figure 15-15 Basic Loop Protect Scenario Figure 15-16 shows that, without Loop Protect, a failure could be as simple as someone accidentally disabling Spanning Tree on the port between Switch 2 and 3. set macauthentication {enable | disable} 4. Enterasys Networks, Inc. Firmware License Agreement BEFORE OPENING OR UTILIZING THE ENCLOSED PRODUCT, CAREFULLY READ THIS LICENSE AGREEMENT. Configuring SNMP . Spanning Tree Basics displayed in the following example. set lldp port status {tx-enable | rxenable | both | disable} port-string Enable or disable sending LLDP traps when a remote system change is detected. Graft messages are sent upstream hop-by-hop until the multicast tree is reached. User Account Overview Procedure 5-2 Configuring a New Super-User / Emergency Access User Account Step Task Command(s) 4. IPv6 Routing Configuration Setting Routing General Parameters IPv6 routing parameters are set in router global configuration mode. show dot1x auth-session-stats 3. Display the current timeout period for aging learned MAC entries/ show mac agetime 3. ThisexampleshowshowtodisplayswitchtypeinformationaboutSID1: Usethiscommandtodisplayvariousdataflowanderrorcountersonstackports. The hardware, firmware, or software described in this document is subject to change without notice. Highly accomplished Network engineering professional with 10+ years of experience in designing, deploying, migrating and supporting critical systems. Configuration Procedures Procedure 22-3 OSPF Area Configuration (continued) Step Task Command(s) 4. 4. About SecureStack C3 Switch Operation in a Stack, Installing a New Stackable System of Up to Eight Units, Installing Previously-Configured Systems in a Stack, Considerations About Using Clear Config in a Stack, Stacking Configuration and Management Commands, common denominator of functionality will be, You can mix SecureStack C2 and C3 switches in a single stack, although only the lowest. show mgmt-auth-notify 2. Using Multicast in Your Network A new dependent downstream device appears on a pruned branch. Determine an appropriate policy best suited for the use of that device on your network. Condition Default Value IPv6 DHCP Disabled IPv6 DHCP Relay Agent Information Option 32 IPv6 DHCP Relay Agent Information Remote ID Sub-option 1 IPv6 DHCP Preferred Lifetime 2592000 seconds IPv6 DHCP Valid Lifetime 604800 seconds Configuration Examples Procedure 25-6 describes the tasks to configure a Fixed Switch interface as a DHCPv6 relay agent. Hardware Installation Guide. ThecommandsusedtoreviewandconfiguretheCDPdiscoveryprotocolarelistedbelow. Tabl e 2510providesanexplanationofthecommandoutput. Go to the website "www.enterasys.com" and download proper firmware from the download library. Figure 16-1 displays an illustration of the policy configuration of a example infrastructure. A value of 0x06 indicates that the tunneling medium pertains to 802 media (including Ethernet) Tunnel-Private-Group-ID attribute indicates the group ID for a particular tunneled session. Both source and target devices need to support ICMPv6 echo requests and echo responses. To determine if all these elements are in place, the SNMP agent processes a device configuration as follows: 1. Note: You must be logged in to the Enterasys device with read-write access rights to use the commands shown in this procedure. If it is, then the sending device proceeds as follows. Took part in business critical , large scale projects and delivered them in a timely manner. ThisexampleshowshowtodisplayLLDPconfigurationinformation. Note: VRRP is an advanced routing feature that must be enabled with a license key. Getting Help The following icons are used in this guide: Note: Calls the readers attention to any item of information that may be of special importance. Thisexampleshowshowtodisplay802.1Xstatus: Thisexampleshowshowtodisplayauthenticationdiagnosticsinformationforge.1.1: Thisexampleshowshowtodisplayauthenticationstatisticsforge.1.1: ThisexampleshowshowtodisplayMACauthenticationinformationforge.2.1through8: Tabl e 263providesanexplanationofthecommandoutput. Basic Network Monitoring Features Network Diagnostics Fixed Switch network diagnostics provide for: Pinging another node on the network to determine its availability Performing a traceroute through the IP network to display a hop-by-hop path from the device to a specific destination host Use the ping command, in switch mode or in router privileged exec mode, to determine whether the specified node is available. All operational ports which are not root, alternate or backup are designated ports. Hardware troubleshooting and replace when it was necessary. Determines if the keys for trap doors do exist. Some of the most useful ones include: True zero-touch configuration; Integrated troubleshooting tools, logging, and alerting ; Energy-efficient design MSTI Multiple Spanning Tree Instance. Enterasys Networks 9034313-07 Configuring Switches in a Stack . However, it does provide a level of authentication for a device where otherwise none would be possible. show access-lists [interface [portstring]] | [vlan [vlan-id]] 7. Spanning Trees primary goal is to ensure a fully connected, loop-free topology. Note: The v1 parameter in this example can be replaced with v2 for SNMPv2c configuration. - Time out the IGMP entry by not responding to further queries from Router 2. Configuring Policy Table 16-5 on page 16-11 describes how to display policy information and statistics. Dynamic ARP Inspection VLAN Configuration set vlan create 10 set vlan create 192 clear vlan egress 1 ge.1.1-2 set vlan egress 10 ge.1.2 untagged set vlan egress 192 ge.1.1 untagged DHCP Snooping Configuration set dhcpsnooping enable set dhcpsnooping vlan 1 enable set dhcpsnooping vlan 10 enable set dhcpsnooping vlan 192 enable set dhcpsnooping verify mac-address disable set dhcpsnooping trust port ge.1. Router Advertisement is part of the Neighbor Discovery process and is required for IPv6. This requires a minimum of two twisted pairs for a single physical link. Policies will be applied dynamically at authentication using a RADIUS authentication server and the Filter-ID attribute. Configuring OSPF Areas 0 to 4294967295. Configuring OSPF Areas Router 3(su)->router(Config-router)#area 0.0.0.1 stub no-summary Router 3(su)->router(Config-router)#area 0.0.0.1 default-cost 15 Router 5 Router 5(su)->router(Config)#router ospf 1 Router 5(su)->router(Config-router)#area 0.0.0.2 stub Router 5(su)->router(Config-router)#area 0.0.0.2 default-cost 15 Router 6 Router 6(su)->router(Config)#router ospf 1 Router 6(su)->router(Config-router)#area 0.0.0.2 stub Router 6(su)->router(Config-router)#area 0.0.0. How to back up the configuration of an Enterasys C2G 124-24 switch via Note: OSPF is an advanced routing feature that must be enabled with a license key. 2. Understanding and Configuring Loop Protect Enabling or Disabling Loop Protect Event Notifications Loop Protect traps are sent when a Loop Protect event occurs, that is, when a port goes to listening due to not receiving BPDUs. Table 25-5 show ipv6 ospf database Output Details. Create a VLAN and add ports to the VLAN. Neighbor virtual link routers must have the same password. Packet Forwarding DAI forwards valid ARP packets whose destination MAC address is not local. For example: A4(su)->show boot system Current system image to boot: a4-series_06.61.00.0026 Use the set boot system command to set the firmware image to be loaded at startup. For a single user, single authentication 802.1x port configuration, set MultiAuth mode to strict. The following port administrative states are set by default: lacpactive - Transmitting LACP PDUs is enabled.