Determine the correct authentication type for each device. Account Lockout User accounts can be locked out based on the number of failed login attempts or a period of inactivity. Some of the most useful ones include: True zero-touch configuration; Integrated troubleshooting tools, logging, and alerting ; Energy-efficient design Disable WebView and show the current state. DHCP Snooping Table 26-9 DHCP Snooping Default Parameters (continued) Parameter Default Setting Burst interval 1 second Managing DHCP Snooping Table 26-10 on page 21 lists the commands to display DHCP snooping information. This configuration requires a charging circuit to charge the DC capacitors of the modules in a controlled way. Configuring Node Aliases Procedure 4-10 Configuring MAC Address Settings Step Task Command(s) 1. By default, security audit logging is disabled. Configuring ACLs Procedure 24-1 Configuring IPv4 Standard and Extended ACLs (continued) Step Task Command(s) 6. In this case, all destinations outside of the stub area are represented by means of a default route. 7 Configuring System Power and PoE This chapter describes how to configure Redundant Power Supply mode on the C5 and G-Series switches, and how to configure Power over Ethernet (PoE) on platforms that support PoE. Thischapterdescribesswitchrelatedloggingandnetworkmanagementcommandsandhowto usethem. Configure an RMON filter entry. A stub area can be configured such that the ABR is prevented from sending type 3 summary LSAs into the stub area using the no-summary option. Refer to RFC 1157 for a full description of functionality. i Notice Enterasys Networks reserves the right to make changes in specif ications and other information co ntained in this document and its web site without prior notice. Stand Alone (SSA) Switch Hardware Installation Guide SSA-T4068-0252 SSA-T1068-0652 SSA-G1018-0652. SNTP Configuration Procedure 4-2 Configuring SNTP (continued) Step Task Command(s) 3. Legacy Protocols If IPX, AppleTalk, DECnet or other protocols should no longer be running on your network, prevent clients from using them. ThisexampleclearsDHCPv6statisticsforVLAN80. Note: Only one IOM containing a memory card slot may be installed in an I-Series switch. Proxy ARP This variation of the ARP protocol allows the router to send an ARP response on behalf of an end node to the requesting host. Telnet port (IP) Set to port number 23. set txqmonitor downtime seconds The default value is 0, meaning that disabled ports will remain disabled until cleared manually or until their next link state transition. Using the output of the show switch switchtype command, determine the switch index (SID) of the model of switch being configured. Fast Ethernet Switches. set sntp poll-retry retry 5. Table 24-1 Output of show ipv6 dhcp interface Command. Table 16-5 Displaying Policy Configuration and Statistics Task Command(s) Display policy role information. When the boot up output is complete, the system prints a Username prompt. This sets the port VLAN ID (PVID). Determines if the keys for trap doors do exist. For commands with optional parameters, this section describes how the CLI responds if the user opts to enter only the keywords of the command syntax. To display non-default information about a particular section of the configuration, such as port or system configuration, use the name of the section (or facility) with the command. Important Notice Depending on the firmware version used on your Fixed Switch platform, some features described in this document may not be supported. Use the clear port broadcast command to return broadcast threshold settings to the default of 14881 packets per second. 3. Basic OSPF Topology Configuration To elect a DR from a host of candidates on the network, each router multicasts a hello packet and examines the priority of hello packets received from other routers. Policy Configuration Example destination ports for protocols DHCP (67) and DNS (53) on the phone VLAN, to facilitate phone auto configuration and IP address assignment. 224.0.0. PAGE 2. To determine if all these elements are in place, the SNMP agent processes a device configuration as follows: 1. Configuring ICMP Redirects This example shows how to enable IP directed broadcasts on VLAN 1 and have all client DHCP requests for users in VLAN 1 to be forwarded to the remote DHCP server with IP address 192.168.1.28 C5(su)->router(Config)#interface vlan 1 C5(su)->router(Config-if(Vlan 1))#ip directed-broadcast C5(su)->router(Config-if(Vlan 1))#ip forward-protocol udp C5(su)->router(Config-if(Vlan 1))#ip helper-address 192.168.1. Enterasys Matrix N Standalone (NSA) Series Configuration Guide Firmware Version 5.41.xx P/N 9034073-08 Rev. VLAN authorization status Enables or disables globally and per port VLAN authorization. FIPS mode can be cleared using the clear security profile command. Set the MultiAuth mode. If no Filter-ID attributes are present, the default policy (if it exists) will be applied. Attaches the port to the aggregator used by the LAG, and detaches the port from the aggregator when it is no longer used by the LAG. Refer to page SNMP Concepts 2. set system login username {readwrite|read-only} enable (All other parameters are optional.) User Account Overview The emergency access user is still subject to the system lockout interval even on the console port. Refer to the CLI Reference for your platform for details about the commands listed below. Interpreting Messages For more information on how to configure these basic settings, refer to Syslog Command Precedence on page 14-8, and the Configuration Examples on page 14-12. A team player who has worked on-site in 6 different countries ranging from Saudi Arabia to Cuba. Configuring DVMRP System(su)->router(Config-if(Vlan 1))#exit System(su)->router(Config)#interface vlan 2 System(su)->router(Config-if(Vlan 2))#ip igmp enable System(su)->router(Config-if(Vlan 2))#exit IGMP Display Commands Table 19-5 lists Layer 2 IGMP show commands for Enterasys stackable and standalone devices. Configuring VRRP then advertisements are sent every advertising interval to let other VRRP routers in this VRID know the router is still acting as master of the VRID. Spanning TreeConfiguration Guide Supermicro L2/L3 Switches Configuration Guide 5 Spanning tree enabled switches exchange spanning tree protocol messages (BPDU) to form a loop-free topology. PoE is not supported on the I-Series switches. Lead and handle change configuration team of process upon business requirements. The following example applies two different license keys to members of the stack. Configuration parameters and stacking information can also be cleared on the master unit only by selecting the restore configuration to factory defaults option from the boot menu on switch startup. 3. Using Multicast in Your Network A new dependent downstream device appears on a pruned branch. Display the current password settings. Configuring Authentication The following code example: Creates and names two VLANS, one for the users and one for the phones. 1.4 IP switch Discovery MIB Port Device ge. Configure PoE parameters on ports to which PDs are attached. Senders use RPs to announce their existence, and receivers use RPs to learn about new senders of a group. The forward delay interval is the amount of time spent listening for topology change information after an interface has been activated for bridging and before forwarding actually begins. Ctrl+F Move cursor forward one character. A typical situation occurs when a host requests an IP address with no DHCP server located on that segment. . Therefore, you must know the serial number of the switch to be licensed when you activate the license on the Enterasys customer site, and also when you apply the license to the switch as described below. Policy is applied using the port level default configuration. (Optional) Use the CLI to verify the port mirroring instance has been deleted as shown in the following example: C5(su)->show port mirroring No Port Mirrors configured. View online Configuration manual for Enterasys C2H124-24 Switch or simply click Download button to examine the Enterasys C2H124-24 guidelines offline on your desktop or laptop computer. UsethiscommandtoenableordisableClassofService. Password Reset Button Functionality Procedure 5-3 Configuring System Password Settings (continued) Step Task Command(s) 2. Refer to Procedure 4-3 on page 4-14 to configure the switch SNTP client for authentication. Configuration Procedures Table 22-1 Default OSPF Parameters (continued) Parameter Description Default Value retransmit interval A timer that determines the retransmission of LSAs in order to ensure reliable flooding. TACACS+ Procedure 26-4 TACACS+ Configuration (continued) Step Task Command(s) 8. Understanding and Configuring SpanGuard Monitoring MSTP Use the commands in Table 15-8 to monitor MSTP statistics and configurations on stackable, and standalone switch devices. These matched packets form a data stream or channel that may be captured or may generate events. Displaying Scrolling Screens If the CLI screen length has been set using the set length command, CLI output requiring more than one screen will display --More-- to indicate continuing screens. Apply power to the new unit. Configuration of normal port mirroring source ports and one destination port on all switches, as described above. (These drivers are usually provided by the vendor of the adapter cable.) Use the show users command to display information for active console port or Telnet sessions on the switch. You can enable it using the set igmpsnooping adminmode command on Enterasys stackable and standalone devices as described in Configuring IGMP on page 19-15. Therefore, Router R2s interface 172.111.1.2 will be Master for VRID 2 handling traffic on this LAN segment sourced from subnets 172.111.64.0/18. show port status [port-string] Display port counter statistics detailing traffic through the device and through all MIB2 network devices. Considerations About Using clear config in a Stack To create a virtual switch configuration in a stack environment: 1. Neighbor Discovery Overview There are two primary LLDP-MED device types (as shown in Figure 13-2 on page 13-5): 13-4 Network connectivity devices, which are LAN access devices such as LAN switch/routers, bridges, repeaters, wireless access points, or any device that supports the IEEE 802.1AB and MED extensions defined by the standard and can relay IEEE 802 frames via any method. Display the MAC addresses in the switchs filtering database (FID). Table 11-3 lists link aggregation parameters and their default values. If the authentication succeeds, the policy returned by authentication overrides the default port policy setting. Optionally, enable the TACACS+ client to send multiple requests to the server over a single TCP connection. Quality of Service Overview Figure 17-4 Hybrid Queuing Packet Behavior Rate Limiting Rate limiting is used to control the rate of traffic entering (inbound) a switch per CoS. Rate limiting allows for the throttling of traffic flows that consume available bandwidth, in the process providing room for other flows. The client queries these configured SNTP servers at a fixed poll-interval configured using the set sntp poll-interval command. MAC Locking Response Validation When the MS-CHAP2-Success attribute is received in an access accept RADIUS response frame, it will be validated according to RFC2548 and RFC2759. Refer to Chapter 14, Configuring Syslog for more information about system logging in general. Refer to page Spanning Tree Basics underlying physical ports. To enable an interface, including VLAN, tunnel, and loopback interfaces, for IPv6 routing, in router interface configuration mode: Use the ipv6 address command to configure a global IPv6 address on an interface. By default, every bridge will have a FID-to-SID mapping that equals VLAN FID 1/SID 0. This attribute contains the 42 byte authenticator response. Though it is possible to configure policy from the CLI, CLI policy configuration in even a small network can be prohibitively complex from an operational point of view. IP interfaces Disabled with no IP addresses specified. Here is the Enterasys MST configs: C2 (rw)->show spantree mstilist Configured Multiple Spanning Tree Instances: 11 12 C2 (rw)->show spantree mstcfgid MST Configuration Identifier: Format Selector: 0 Configuration Name: LKS Revision Level: 1 Configuration Digest:c8:02:17:44:25:20:9e:ea:66:13:94:79:6a:f4:c5:96 C2 (rw)-> C2 (rw)->show spantree mstmap For both DVMRP and PIM-SM for IPv4 to operate, IGMP must be enabled. sFlow Table 18-3 describes how to manage remote network monitoring. . Press ENTER to advance the output one line at a time. Notice Enterasys Networks reserves the right to make changes in specifications and other information contained in this document and its web site without prior notice. Refer to page Quality of Service Overview secondly, you must identify these flows in a way that QoS can recognize. show access-lists [interface [portstring]] | [vlan [vlan-id]] 7. Configuring VLANs Procedure 9-1 Static VLAN Configuration (continued) Step Task Command(s) 7. The final tie breaker is the receiving port ID. Enable OSPF in the interface. Router Advertisement is part of the Neighbor Discovery process and is required for IPv6. This is useful for troubleshooting or problem solving when network management through the console port, telnet, or SSH is not feasible. Spanning Tree Basics designated port (Figure 15-6, call out 6), takes the role of backup port. 1.2 IP phone ge. Create the following SNMP view group configurations. (Optional) Verify the new settings. Network Policy Used to configure tagged/untagged VLAN ID/L2 priority/DSCP on LLDP-MED endpoints (for example, IP phones). In router configuration mode, optionally enable route redistribution of non-RIP protocol routes. For PIM, you must also configure a unicast routing protocol, such as OSPF. RIP is described in RFC 2453. Phone: +1 978 684 1000 E-mail: support@enterasys.com WWW: http://www.enterasys.com (c) Copyright Enterasys Networks, Inc. 2011 Chassis Serial Number: Chassis Firmware Revision: 093103209001 06.61.01.0017 Last successful login : WED DEC 07 20:23:20 2011 Failed login attempts since last login : 0 C5(su)-> 7. Set the primary, and optionally the secondary, IPv4 address for this interface, in interface configuration command mode. ToenableandconfiguretheOpenShortestPathFirst(OSPF)routingprotocol. Link Aggregation Configuration Example The output algorithm defaults to selecting the output port based upon the destination and source IP address. SpanGuard helps protect against Spanning Tree Denial of Service (DoS) SpanGuard attacks as well as unintentional or unauthorized connected bridges, by intercepting received BPDUs on configured ports and locking these ports so they do not process any received packets. When changing between Normal and FIPS mode, a system reboot is required, indicated by a warning message: Warning: Changing the security profile requires system reset. show ipsec 2. Terms and Definitions Table 11-7 11-16 Link Aggregation Configuration Terms and Definitions (continued) Term Definition Port Priority Port priority determines which physical ports are moved to the attached state when physical ports of differing speeds form a LAG. The hosts are configured to use 172.111.1.1/16 as the default route. If so, this door is tagged or bound to the notification entry. 20 IP Configuration This chapter provides general IPv4 routing configuration information. Use the ping ipv6 interface command to ping a link-local or global IPv6 address of an interface, specifying a loopback, tunnel, or logical interface as the source. 1. Table 3-1 lists some commonly used commands. Table 25-3 Setting Routing General Parameters Task Command(s) Enable or disable IPv6 forwarding. Use the following commands to review, re-enable, and reset the Spanning Tree mode. You can use this backup configuration file to quickly restore the configuration if you need to replace the switch or change to a different firmware version. Configuring RMON This section provides details for the configuration of RMON on the Fixed Switch products. Each timer value is in centiseconds. Syslog Components and Their Use Basic Syslog Scenario Figure 14-1 shows a basic scenario of how Syslog components operate on an Enterasys switch. Use the set system lockout command to: Set the number of failed login attempts allowed before disabling a read-write or read-only user account or locking out a super-user account. Password Management Overview guest read-only enabled 0 0 no 00:00 24:00 mon tue wed Password Management Overview Individual user account passwords are configured with the set password command. Extensible Authentication Protocol (EAP) A protocol that provides the means for communicating the authentication information in an IEEE 802.1x context. show snmp engineid Display SNMP group information. Samples are not aggregated into a flow-table on the switch they are forwarded immediately over the network to the sFlow Collector. Port Configuration Overview Table 8-1 Displaying Port Status Task Command Display whether or not one or more ports are enabled for switching. UsethiscommandtodisplaythecontentsoftheNeighborCache. Enterasys S8-Chassis Manuals & User Guides User Manuals, Guides and Specifications for your Enterasys S8-Chassis Chassis. When flood control is enabled on a port, incoming traffic is monitored over one second intervals. Thisexampleshowshowtoenableportwebauthentication: Table 26-8 show pwa Output Details (Continued). Quality of Service (QoS) configuration on Enterasys switches is usually done via policies. Link aggregation is standards based allowing for interoperability between multiple vendors in the network. We then set the lease duration to infinite. FIPS mode is persistent and shown in the running configuration. 11 Configuring Link Aggregation This chapter describes how to configure link aggregation on the fixed switch platforms. CoS Hardware Resource Configuration Inbound Rate Limiting Port Configuration Entries ---------------------------------------------------------------------Port Group Name : Port Group :1 Port Type :0 Assigned Ports :ge.1. By enabling the link flap detection feature on your Enterasys switch, you can monitor and act upon link flapping to avoid these recalculations. 0 advertisement address IP destination address for advertisements. If two supplies are installed in redundant mode, system power redundancy is guaranteed if one supply fails. A designated port may forward with the exchange of two BPDUs in rapid succession. DHCP Configuration C5(su)->router(Config)#exit C5(su)->router#exit C5(su)->router>exit C5(su)->set dhcp enable C5(su)->set dhcp pool autopool2 network 6.6.0.0 255.255.0.0 Managing and Displaying DHCP Server Parameters Table 4-6 lists additional DHCP server tasks. . Can be no less than the max advertisement interval. Downloading New Firmware or just want to verify the contents of the images directory, refer to Deleting a Backup Image File on page 1-5 for more information. (7) Router 2 forwards the multicast stream to Host 2. Configuring SNMP Procedure 12-2 SNMPv3 Configuration (continued) Step Task Command(s) 6. 3 CLI Basics This chapter provides information about CLI conventions for stackable and standalone switches and CLI properties that you can configure. See Chapter 17, Configuring Quality of Service in this book for a complete discussion of QoS configuration. show igmpsnooping Display static IGMP ports for one or more VLANs or IGMP groups. Configuring Syslog Table 14-3 Syslog Command Precedence (continued) Syslog Component Command Function Server settings set logging server index ip-addr ipaddr [facility facility] [severity severity] [descr descr] [port port] state enable | disable During or after new server setup, specifies a server index, IP address, and operational state for a Syslog server. 19 Configuring Multicast This chapter describes the multicast features supported by the Enterasys fixed switches. The RP de-encapsulates each register message and sends the resulting multicast packet down the shared tree. Users on all ports will attempt to authenticate. To clear the MultiAuth authentication mode. Enterasys SecureStack B3. Downloading Firmware via the Serial Port Boot Menu Version 06.61.xx 12-09-2011 Options available 1 - Start operational code 2 - Change baud rate 3 - Retrieve event log using XMODEM (64KB). Procedure 25-1 Configuring IPv6 Management Step Task Command(s) 1. Routing Interfaces Example The following example shows how to enable RIP on the switch, then configure VLAN 1 with IP address 192.168.63.1 255.255.255.0 as a routing interface and enable RIP on the interface. TACACS+ Procedure 26-3 MAC Locking Configuration (continued) Step Task Command(s) 7. In this configuration, an interface on VLAN 111 for Router R1 or Router R2, or VRID 1, 2, or 3 fails, the interface on the other router will take over for forwarding outside the local LAN segment. Set to 30 seconds for non-broadcast networks. ThisexampleshowshowtodisplaySNMPcountervalues, Tabl e 86providesanexplanationofthecommandoutput. (On Windows 7, this information is displayed in the Device Manager window. Refer to page Security Mode Configuration FIPS mode is disabled by default.