enterasys switch configuration guide

sFlow Table 18-3 describes how to manage remote network monitoring. In this way, both upstream and downstream facing ports are protected. Its compact footprint uses 37 percent less space than its predecessor, making it ideal for under . If it is not, then the sending device proceeds no further. Password Reset Button Functionality Procedure 5-3 Configuring System Password Settings (continued) Step Task Command(s) 2. set vlan create vlan-id Create a routed interface for the VLAN in router configuration mode. Both types of samples are combined in sFlow datagrams. Configuring DVMRP System(su)->router(Config-if(Vlan 1))#exit System(su)->router(Config)#interface vlan 2 System(su)->router(Config-if(Vlan 2))#ip igmp enable System(su)->router(Config-if(Vlan 2))#exit IGMP Display Commands Table 19-5 lists Layer 2 IGMP show commands for Enterasys stackable and standalone devices. This sets the port VLAN ID (PVID). 1.1 IP phone ge. 1. Understanding and Configuring Loop Protect Enabling or Disabling Loop Protect Event Notifications Loop Protect traps are sent when a Loop Protect event occurs, that is, when a port goes to listening due to not receiving BPDUs. Version 2 (SNMPv2c) The second release of SNMP, described in RFC 1907, has additions and enhancements to data types, counter size, and protocol operations. This overrides the specified timeout variable: set spantree spanguardlock port-string Monitoring SpanGuard Status and Settings Use the commands in Table 15-9 to review SpanGuard status and settings. Note: The Cisco Discovery Protocol must be globally enabled using the set ciscodp status command before operational status can be set on individual ports. Phone: +1 978 684 1000 E-mail: support@enterasys.com WWW: http://www.enterasys.com (c) Copyright Enterasys Networks, Inc. 2011 Chassis Serial Number: Chassis Firmware Revision: 093103209001 06.61.01.0017 Last successful login : WED DEC 07 20:23:20 2011 Failed login attempts since last login : 0 C5(su)-> 7. This implementation supports the creation of Security Associations (SAs) with servers configured for RADIUS, and the RADIUS application helps define the IPsec flow. Licensing Advanced Features Node-Locked Licensing On the C3, B3, and G3 platforms, licenses are locked to the serial number of the switch to which the license applies. Procedure 24-1 Configuring IPv4 Standard and Extended ACLs Step Task 1. Terms and Definitions 20-12 IP Configuration. Set to 30 seconds for non-broadcast networks. Database contains 1 Enterasys C5K175-24 Manuals (available for free online viewing or Page 1 Matrix V-Series V2H124-24P Fast Ethernet Switch Hardware . Refer to the CLI Reference for your platform for more information about these commands. . Use the disconnect command to close a console or Telnet session. Refer to page Policy Configuration Overview Identifying and restricting routing to legitimate routing IP addresses to prevent DoS, spoofing, data integrity and other routing related security issues. A code example follows the procedure. Table 28-2 show sflow receivers Output Descriptions. The allocation mechanism attempts to maximize aggregation, subject to management controls. Enterasys S8-Chassis Hardware installation manual (68 pages) Pages: 68 | Size: ThecommandsusedtoreviewandconfiguretheCDPdiscoveryprotocolarelistedbelow. Table 18-7 Displaying sFlow Information Task Command to display the contents of the sFlow Receivers Table, or to display information about a specific sFlow Collector listed in the table show sflow receivers [index] To display information about configured poller instances show sflow pollers To display information about configured sampler instances. vlanvlanid (Optional)SpecifiestheinterfaceforwhichtoclearDHCPv6statistics. RMON Table 18-2 Default RMON Parameters (continued) Parameter Description Default Value capture asksize The RMON capture requested maximum octets to save in the buffer. and extract firmware to any folder your tftp server will use. SNTP Configuration Use the set sntp authentication key command to configure an authentication key instance. Ports used to authenticate and authorize supplicants utilize access entities that maintain entity state, counters, and statistics for an individual supplicant. show file directory/filename Delete a file. User Authentication Overview Figure 10-3 Selecting Authentication Method When Multiple Methods are Validated SMAC=User 1 SMAC=User 2 SMAC=User 3 Switch MultiAuth Sessions Auth. You have the nonexclusive and nontransferable right to use only the one (1) copy of the Program provided in this package subject to the terms and conditions of this Agreement. Example PoE Configuration A PoE-compliant G-Series device is configured as follows: One 400W power supply is installed. Port Configuration Overview maximum number of packets which can be received per second with the set port broadcast command: Maximum packet per second values are: 148810 for Fast Ethernet ports 1488100 for 1-Gigabit ports. MultiAuth mode Globally sets MultiAuth for this device. For PIM, you must also configure a unicast routing protocol, such as OSPF. C5(su)->router# Debug network issues with ping and traceroute Global Configuration Mode Set system-wide router parameters. Understanding and Configuring SpanGuard How Does It Operate? Policy Configuration Example destination ports for protocols DHCP (67) and DNS (53) on the phone VLAN, to facilitate phone auto configuration and IP address assignment. Figure 3-2 provides an example. Procedure 17-1 Step Task Command(s) 1. set system power {redundant | nonredundant} redundant (default) The power available to the system equals the maximum output of the lowest rated supply (400W or 1200W). Also, use this command to append ports to or clear ports from the egress ports list. Table 19-5 Layer 2 IGMP Show Commands Task Command Display IGMP snooping information. Removing Units from an Existing Stack The hierarchy of the switches that will assume the function of backup manager is also determined in case the current manager malfunctions, is powered down, or is disconnected from the stack. Skilled in network testing and troubleshooting. Using the viewnames assigned in Step 1, create restricted views for v1/v2c users, and unrestricted views for v3 users. Refer to page Spanning Tree Protocol Overview While the network is in a steady state, alternate and backup ports are in blocking state; root and designated ports are in forwarding state. IEEE 802. It can be enabled using the set security profile c2 command. TACACS+ You can also configure TACACS+ to use a single TCP connection for all TACACS+ client requests to a given TACACS+ server. . C5(su)save config Saving Configuration to stacking members Configuration saved C5(su)-> 2. Link Aggregation Configuration Example The output algorithm defaults to selecting the output port based upon the destination and source IP address. DHCP snooping forwards valid DHCP client messages received on non-routing VLANs. (Not applicable for super user accounts. If the authentication succeeds, the policy returned by authentication overrides the default port policy setting. Dynamic ARP Inspection Basic Configuration Procedure 26-7 below lists the commands used to configure DAI. To perform a TFTP or SFTP download: 1. IP forward-protocol Enabled with no port specified. Using PuTTY, TeraTerm, or another terminal emulator, connect to the switch using the serial port connection. A feature exists to allow the creation of a single port LAG that is disabled by default. Because the admin key settings for physical ports 7 and 8 do not agree with any LAG admin key setting on the device, ports 7 and 8 can not be part of any LAG. The feature prevents a class of man-in-the-middle attacks where an unfriendly station intercepts traffic for other stations by poisoning the ARP caches of its unsuspecting neighbors. Create a VLAN and add ports to the VLAN. access-list ipv6 name {deny | permit} protocol {srcipv6-addr/ prefix-length | any} [eq port] {dstipv6-addr/prefix-length | any} [eq port] [dscp dscp] [flow-label label-value] [assign-queue queue-id] 4. Configuring PoE Stackable A4, B3, and C3 Devices Procedure 7-1 PoE Configuration for Stackable A4, B3, and C3 Devices Step Task Command(s) 1. Link Aggregation Configuration Example on each device is to ensure that LAGs form only where we configure them. ieee The Enterasys device uses only the IEEE 802. ThisexampleshowshowtodisplayPIMinterfacestatistics. Stackable Switches. set sflow receiver index ip ipaddr 3. sFlow Table 18-7 lists the commands to display sFlow information and statistics. Reviewing SNMP Settings Reviewing SNMP Settings Table 12-5 Commands to Review SNMP Settings Task Command Display SNMPv1/SNMPv2c community names and status. Using Multicast in Your Network A new dependent downstream device appears on a pruned branch. set dhcpsnooping trust port port-string enable 4. Assign the new super-user account as the emergency access account. Terms and Definitions LACP port state is disabled by default on the B5s and C5s, so we will enable LACP port state here. If not specified, timeout will be set to 1500 (15 seconds). Chapter 19, Configuring Multicast Configure VRRP. The system is tolerant to packet loss in the network. User Account Overview Procedure 5-2 Configuring a New Super-User / Emergency Access User Account Step Task Command(s) 4. Since the admin key for the LAG and its associated ports must agree for the LAG to form, an easy way to ensure that LAGs do not automatically form is to set the admin key for all LAGS on all devices to a nondefault value. Configuring OSPF Interfaces OSPF is disabled by default and must be enabled on routing interfaces with the ip ospf enable command in interface configuration mode. Link Aggregation Control Protocol (LACP) is described in Chapter 11, Configuring Link Aggregation. Terms and Definitions 2. You can enable it using the set igmpsnooping adminmode command on Enterasys stackable and standalone devices as described in Configuring IGMP on page 19-15. A numeric and mnemonic value for each application is listed with the severity level at which logging has been configured and the server(s) to which messages will be sent. Procedure 25-5 on page 25-13 lists the tasks and commands to configure Neighbor Discovery on routing interfaces. Here is the Enterasys MST configs: C2 (rw)->show spantree mstilist Configured Multiple Spanning Tree Instances: 11 12 C2 (rw)->show spantree mstcfgid MST Configuration Identifier: Format Selector: 0 Configuration Name: LKS Revision Level: 1 Configuration Digest:c8:02:17:44:25:20:9e:ea:66:13:94:79:6a:f4:c5:96 C2 (rw)-> C2 (rw)->show spantree mstmap You can do this by doing the following: Connect the switch to PuTTY with a 9-pin serial cable. Hardware Installation Guide. Configuration Guide. Active Cisco 800 Series Router Configuration. You may want to set a rate limit that would guard against excessive streaming. Configuration of static IGMP groups using the set igmpsnooping add-static on the fixed switches. 3. Policy Configuration Overview regardless of the number of moves, adds, or changes to the policy role, Policy Manager automatically enforces roles on Enterasys security-enabled infrastructure devices. Hopefully the commands above will help anyone get up to speed quickly out of the box in getting basic configuration and connection variables setup. sFlow Using sFlow in Your Network The advantages of using sFlow include: sFlow makes it possible to monitor ports of a switch, with no impact on the distributed switching performance. Terms and Definitions Configuring Dynamic Policy Assignment Configure the RADIUS server user accounts with the appropriate information using the Filter-ID attribute for faculty role members and devices. Terms and Definitions Configuring the Public Area PWA Station The public area PWA station provides visitors to your business site with open access to the internet, while at the same time isolating the station from any access to your internal network. User Account Overview The start and end hour and minute time period for which access will be allowed for this user based upon 24 hour time. Ultimate Pi-hole configuration guide, SSL . Proxy ARP This variation of the ARP protocol allows the router to send an ARP response on behalf of an end node to the requesting host. Thisexampleshowshowtodisplayswitchtypeinformationaboutallswitchesinthestack: switchindex (Optional)Specifiestheswitchindex(SID)oftheswitchtypetodisplay. Paths to Root If the bridge is not elected as root, one or more ports provide a path back to the root bridge. This information is used to determine the module port type for port group. Configuring Policy Table 16-5 on page 16-11 describes how to display policy information and statistics. Managing the Firmware Image Setting the Boot Firmware Use the show boot system command to display the image file currently configured to be loaded at startup. Configuring a Stack of New Switches 1. (On Windows 7, this information is displayed in the Device Manager window. C5(su)->router(Config)#show access-lists 121 Extended IP access list 121 1: deny ip 10.0.0.1 0.0.255. Refer to Table 2-2 for console port pinout assignments. 3. The [state] option is valid only for S-Series and Matrix N-Series devices. Connecting to the Switch If the adapter cable requires a driver, install the driver on your computer. Automatic IP Address Pools When configuring an IP address pool for dynamic IP address assignment, the only required steps are to name the pool and define the network number and mask for the pool using the set dhcp pool network command. In global configuration mode, configure an IPv6 static route. When tunnel mode is configured, VLAN-to-policy mapping will not occur on a stackable fixed switch or standalone fixed switch platform. The directed broadcast address includes the network or subnet fields, with the binary bits of the host portion of the address set to one. Though it is possible to configure policy from the CLI, CLI policy configuration in even a small network can be prohibitively complex from an operational point of view. Authentication Configuration Example Configuring MultiAuth Authentication MultiAuth authentication must be set to multi whenever multiple users of 802.1x need to be authenticated or whenever any MAC-based or PWA authentication is present. Configuring OSPF Areas Router 3(su)->router(Config-router)#area 0.0.0.1 stub no-summary Router 3(su)->router(Config-router)#area 0.0.0.1 default-cost 15 Router 5 Router 5(su)->router(Config)#router ospf 1 Router 5(su)->router(Config-router)#area 0.0.0.2 stub Router 5(su)->router(Config-router)#area 0.0.0.2 default-cost 15 Router 6 Router 6(su)->router(Config)#router ospf 1 Router 6(su)->router(Config-router)#area 0.0.0.2 stub Router 6(su)->router(Config-router)#area 0.0.0. User Authentication Overview password configured on the switch to the authentication server. Use the show tftp settings command to display current settings. Figure 15-6 presents an overview of Spanning Tree port roles. Enabling the multicast protocol(s) on configured interfaces. If this state is disabled, LACP PDUs are transmitted every 1 second. Ctrl+E Move cursor to end of line. The index determines the order in which the switch will attempt to establish a session with an authentication server. Save the running configuration. Connecting to a Switch This procedure describes how to connect to a switch. Managing IPv6 25-1 IPv6 Routing Configuration 25-3 IPv6 Neighbor Discovery 25-11 DHCPv6 Configuration 25-14 Managing IPv6 At the switch command level, you can: Enable or disable the IPv6 management function Configure the IPv6 host and default gateway addresses Monitor network connectivity By default, IPv6 management is disabled. Port Traffic Rate Limiting When a CoS is configured with an inbound rate limiter (IRL), and that IRL CoS is configured as part of a policy profile using the set policy profile command, CoS-based inbound rate limiting will take precedence over port rate limits set with set port ratelimit. Display the status of edge port detection: show spantree autoedge 2. The set inlinepower mode command is set to auto, which means that the power available for PoE (150W) is distributed evenly75W to each PoE module. Packets sent to 172.111.1.1/16 would go to Router R2. For a single user, single authentication 802.1x port configuration, set MultiAuth mode to strict. Based on the exchanged BPDU information, the spanning tree algorithm selects one of the switches on the network as the root switch for the tree topology. Considerations About Using clear config in a Stack 4. Figure 25-1 Basic IPv6 Over IPv4 Tunnel Router R1 Router R2 VLAN 20 195.167.20.1 Tunnel 10 IPv6 Addr: 2001:DB8:111:1::20/127 Tunnel Source: 195.167.20.1 Tunnel Destination: 192.168.10.1 VLAN 10 192.168.10.1 Tunnel 10 IPv6 Addr: 2001:DB8:111:1::10/127 Tunnel Source: 192.168.10.1 Tunnel Destination: 195.167.20. Assign switch ports to the VLAN. Table 25-7 show ipv6 ospf interface Command Output Details (Continued). PoE is not supported on the I-Series switches. When operating in unicast mode, optionally change the number of poll retries to a unicast SNTP server. Configuring STP and RSTP 2. Implementing VLANs building has its own internal network. ARP poisoning is a tactic where an attacker injects false ARP packets into the subnet, normally by broadcasting ARP responses in which the attacker claims to be someone else. The power available for PoE is 150W. Access Control Lists on the A4 A4(su)->router#configure Enter configuration commands: A4(su)->router(Config)#access-list 101 deny ip host 192.168.10.10 any A4(su)->router(Config)#access-list 101 deny ip host 164.108.20.20 host 164.20.40.40 A4(su)->router(Config)#access-list 101 ip permit host 148.12.111.1 any assignqueue 5 A4(su)->router(Config)#show access-lists 101 Extended IP access list 101 1: deny ip host 192.168.10.10 any 2: deny ip host 164.108.20.20 host 164.20.40.40 3: permit ip host 148.12.111. Table 25-3 Setting Routing General Parameters Task Command(s) Enable or disable IPv6 forwarding. Router R1 Router 1(su)->router(Config)#interface vlan 111 Router 1(su)->router(Config-if(Vlan 111))#ip address 172.111.1.1 255.255.255. Policy Configuration Overview QoS configuration details are beyond the scope of this chapter. If you need to use multiple license keys on members of a stack, use the optional unit number parameter with the set license command. Refer to page. Disabled MAC lock Syslog messages Specifies whether Syslog messages associated with MAC locking will be sent. Port Priority and Transmit Queue Configuration Port Priority and Transmit Queue Configuration The fixed switch devices allow you to assign mission-critical data to higher priority through the device by delaying less critical traffic during periods of congestion. Configuration Examples Enabling a Server and Console Logging Procedure 14-1 shows how you would complete a basic Syslog configuration. The size of the history buffer determines how many lines of previous CLI input are available for recall. User Authentication Overview Dynamic VLAN Assignment The RADIUS server may optionally include RADIUS tunnel attributes in a RADIUS Access-Accept message for dynamic VLAN assignment of the authenticated end system. Functions and Features Supported on Enterasys Devices Disabling Spanning Tree Spanning Tree may be disabled globally or on a per port basis. i . IPv6 Routing Configuration C5(su)->router(Config)#show ipv6 interface vlan 100 Vlan Vlan IPv6 IPv6 100 Administrative Mode 100 IPv6 Routing Operational Mode is Prefix is Enabled Enabled Enabled FE80::211:88FF:FE55:4A7F/128 3FFE:501:FFFF:101:211:88FF:FE55:4A7F/64 Routing Mode Enabled Interface Maximum Transmit Unit 1500 Router Duplicate Address Detection Transmits 1 Router Advertisement NS Interval 0 Router Advertisement Lifetime Interval 1800 Router Advertisement Reachable Time 0 Router Advertisement Min. Then, it looks to see if the tag list (v3TrapTag) specified in the notification entry exists. Optionally, display the ACLs associated with a VLAN or port. Enterasys vertical horizon vh-2402s2: user guide (116 pages) Summary of Contents for Enterasys Matrix-V V2H124-24FX Page 1 Note: The stacking feature requires that all stacking module ports be connected and the switches powered on. Therefore, you must know the serial number of the switch to be licensed when you activate the license on the Enterasys customer site, and also when you apply the license to the switch as described below. RSTP is defined in the IEEE 802.1w standard. engine ID A value used by both the SNMPv3 sender and receiver to propagate inform notifications. Three ICMP probes will be transmitted for each hop between the source and the traceroute destination. Use the ipv6 nd ns-interval command to configure the interval between Neighbor Solicitation messages sent on an interface. Event type, description, last time event was sent. show system password 3. Password Management Overview Special characters (default 0) The set of special characters recognized is: ! Configured passwords are transmitted and stored in a one-way encrypted form, using a FIPS 140-2 compliant algorithm. UsethiscommandtodisplaySNMPtrafficcountervalues. Security audit logging is enabled or disabled with the command set logging local. If you want to change the default timeout value for a specific server or all servers, you must enter the set tacacs server command using the timeout parameter. Adjusting the Forward Delay Interval When rapid transitioning is not possible, forward delay is used to synchronize BPDU forwarding. In the event any provision of this Agreement is found to be invalid, illegal or unenforceable, the validity, legality and enforceability of any of the remaining provisions shall not in any way be affected or impaired thereby, and that provision shall be reformed, construed and enforced to the maximum extent permissible. Before attempting to configure a single device for VLAN operation, consider the following: What is the purpose of my VLAN design? Weighted fair queuing assures that each queue will get at least the configured percentage of bandwidth time slices. This guest policy provides for an internet-only access to the network. 224.0.0. The PIM specifications define several modes or methods by which a PIM router can build the distribution tree. STP allows for the automatic reconfiguration of the network. Use the no command to reset the IGMP last member query interval to the default value of 1 second. This procedure would typically be used when the system is NOT configured for routing. I have over twenty years of experience working in the Information Systems Management field. Configuring STP and RSTP Figure 15-10 Example of Multiple Regions and MSTIs Region 1 1 Region 2 2 Region 3 6 8 5 12 3 4 CIST Regional Root 7 10 CIST Root and CIST Regional Root CIST Regional Root Master Port Table 15-5 9 11 Master Port MSTI Characteristics for Figure 15-10 MSTI / Region Characteristics MSTI 1 in Region 1 Root is switching device 4, which is also the CIST regional root MSTI 2 in Region 1 Root is switching device 5 MSTI 1 in Region 2 Root is switching device 7, w. Configuring STP and RSTP Reviewing and Enabling Spanning Tree By default, Spanning Tree is enabled globally on Enterasys switch devices and enabled on all ports. Refer to page Syslog Operation By default, Syslog is operational on Enterasys switch devices at startup. Strong analytical and problem solving skills. Setting TFTP Parameters You can configure some of the settings used by the switch during data transfers using TFTP. Procedure 9-2 provides an example of how to create a secure management VLAN. Basic OSPF Topology Configuration Router 1(su)->router(Config-if(Vlan 1))#ip ospf areaid 0.0.0.1 Router 1(su)->router(Config-if(Vlan 1))#ip ospf enable Router 1(su)->router(Config-if(Vlan 1))#exit Router 2 CLI Input Router 2(su)->router(Config)#interface vlan 1 Router 2(su)->router(Config-if(Vlan 1))#ip ospf priority 10 Router 2(su)->router(Config-if(Vlan 1))#ip ospf areaid 0.0.0.