Operation and Maintenance of layer 2 switch (cisco and extreme), configuration, backup and replacement. Thisexampleshowshowtodisplaythelinkflapmetricstable: Table 7-4 show linkflap parameters Output Details, Table 7-5 show linkflap metrics Output Details, Using SNMP Contexts to Access Specific MIBs. Using the viewnames assigned in Step 1, create restricted views for v1/v2c users, and unrestricted views for v3 users. User Manuals, Guides and Specications for your Enterasys C5K175-24 Switch. Optionally, configure authentication and/or timer values for the virtual link. Configuring PIM-SM Table 19-8 DVMRP Show Commands Task Command Display DVMRP routing information, neighbor information, or DVMRP enable status. Set the SNMP target address for notification message generation. Configuring Authentication Procedure 10-1 IEEE 802.1x Configuration (continued) Step Task Command(s) 2. Enabling the multicast protocol(s) on configured interfaces. The PVID determines the VLAN to which all untagged frames received on the port will be classified. Configuring SNMP Configuring SNMPv1/SNMPv2c Creating a New Configuration Procedure 12-1 shows how to create a new SNMPv1 or SNMPv2c configuration. SID 0 within the MST is the Internal Spanning Tree (IST) and provides connectivity out to the CST as well as functioning as another Spanning Tree instance within the MST region. Access Control Lists on the A4 Table 24-1 ACL Rule Precedence (continued) ACL Type and Rule Priority Example IP SIP any DIP exact 18 permit any 10.0.1.22 IP SIP any DIP any 17 deny any any MAC SA any DA any 16 deny any any Rule actions include: Deny drop the packet. Managing Switch Configuration and Files Images: ================================================================== Filename: b5-series_06.42.03.0001 Version: 06.42.03.0001 Size: 6856704 (bytes) Date: Tue Dec 14 14:12:21 2010 CheckSum: 043637a2fb61d8303273e16050308927 Compatibility: B5G124-24, B5G124-24P2, B5G124-48, B5G124-48P2, B5K125-24 B5K125-24P2, B5K125-48, B5K125-48P2 Filename: b5-series_06.61.01.0032 (Active) (Boot) Version: 06.61.01. Procedure 21-1 lists the basic steps to configure RIP and the commands used. Understanding and Configuring SpanGuard How Does It Operate? Note Do not use hardware flow control. For both DVMRP and PIM-SM for IPv4 to operate, IGMP must be enabled. Figure 25-1 Basic IPv6 Over IPv4 Tunnel Router R1 Router R2 VLAN 20 195.167.20.1 Tunnel 10 IPv6 Addr: 2001:DB8:111:1::20/127 Tunnel Source: 195.167.20.1 Tunnel Destination: 192.168.10.1 VLAN 10 192.168.10.1 Tunnel 10 IPv6 Addr: 2001:DB8:111:1::10/127 Tunnel Source: 192.168.10.1 Tunnel Destination: 195.167.20. Stackable Switches Configuration Guide Firmware Version 1.1.xx P/N 9034314-05. i Notice Enterasys Networks reserves the right to make changes in specifications and other information contained in this document and its web site without prior notice. Refer to the CLI Reference for your platform for details about the commands listed below. Note: The Cisco Discovery Protocol must be globally enabled using the set ciscodp status command before operational status can be set on individual ports. This sets the port VLAN ID (PVID). The Lenovo ThinkSystem ST550 is a scalable 4U tower server that features powerful Intel Xeon processor Scalable family CPUs. A2H124-24FX. DHCPv6 Configuration address, a multicast address, or a link-local address. The sources DR registers (that is, encapsulates) and sends multicast data from the source directly to the RP via a unicast routing protocol (number 1 in figure). set tacacs singleconnect enable To disable the use of a single TCP connection, use the set tacacs singleconnect disable command. IPv6 Neighbor Discovery Neighbor Solicitation Messages Neighbor Solicitation messages are sent on the local link to determine the link-local address of another node on the link, as well as to verify the uniqueness of a unicast address for DAD. Terms and Definitions 20-12 IP Configuration. For commands with optional parameters, this section describes how the CLI responds if the user opts to enter only the keywords of the command syntax. Alternatively, you can specify only the interface to be used to contact the DHCPv6 server and the Fixed Switch device will use the DHCPV6-ALL-AGENTS multicast address (FF02::1:2) to relay DHCPv6 messages to the DHCPv6 server. A manual pool can be configured using either the clients hardware address (set dhcp pool hardware-address) or the clients client-identifier (set dhcp pool client-identifier), but using both is not recommended. Setup and maintained DNS, WINS and DHCP servers. The DC voltage can be directly connected to the modules only after the capacitors are charged to a sufficient level. A stub area can be configured such that the ABR is prevented from sending type 3 summary LSAs into the stub area using the no-summary option. Each timer value is in centiseconds. Once the desired master unit has been selected, reset the system using the reset command. BEFORE OPENING OR UTILIZING THE ENCLOSED PRODUCT, CAREFULLY READ THIS LICENSE AGREEMENT. Note: You must be logged in to the Enterasys device with read-write access rights to use the commands shown in this procedure. show igmpsnooping Display static IGMP ports for one or more VLANs or IGMP groups. Configuring VLANs Figure 9-3 Example of VLAN Propagation Using GVRP Switch 3 Switch 2 R 2D 1 3 1 D R Switch 1 1 R 2 End Station A D 3 D 1 R D Switch 4 1 R Switch 5 R = Port registered as a member of VLAN Blue = Port declaring VLAN Blue VLANpropagation GVMP Note: If a port is set to forbidden for the egress list of a VLAN, then the VLANs egress list will not be dynamically updated with that port. If privacy is not specified, no encryption will be applied. Remote port mirroring involves configuration of the following port mirroring related parameters: 1. Enterasys S8-Chassis Hardware installation manual (68 pages) Pages: 68 | Size: Configuring PoE Procedure 7-2 PoE Configuration for Stackable B5 and C5 Devices (continued) Step Task Command(s) 6. If you need to use multiple license keys on members of a stack, use the optional unit number parameter with the set license command. If authentication is not specified, no authentication will be applied. Configuring VRRP Router 2(su)->router(Config-router)#exit Multiple Backup VRRP Configuration Figure 23-3 shows a multi-backup sample configuration. Configuring VLANs the device. These matched packets form a data stream or channel that may be captured or may generate events. 12-18 Display SNMP traffic counter values. Interpreting Messages Every system message generated by the Enterasys switch platforms follows the same basic format: time stamp address application [unit] message text Example This example shows Syslog informational messages, displayed with the show logging buffer command. Enterasys Switch: List of Devices # Model Type of Document; 1: Enterasys I3H252: Enterasys Switch I3H252 Hardware installation manual (78 pages) 2: Enterasys I Series: Downloading New Firmware or just want to verify the contents of the images directory, refer to Deleting a Backup Image File on page 1-5 for more information. Some of the most useful ones include: True zero-touch configuration; Integrated troubleshooting tools, logging, and alerting ; Energy-efficient design Configuring OSPF Areas The virtual-link is treated as if it were an unnumbered point-to-point network belonging to the backbone and joining the two ABRs. SNMP Support on Enterasys Switches Table 12-2 SNMP Terms and Definitions (continued) Term Definition USM User-Based Security Model, the SNMPv3 authentication model which relies on a user name match for access to network management components. ICMP Enabled for echo-reply and mask-reply modes. Port Mirroring LAG ports can be a mirror source port, but not a mirror destination port. Strict priority queuing is illustrated in Figure 17-2. Andover, MA 01810-1008 U.S.A. Using the output of the show switch switchtype command, determine the switch index (SID) of the model of switch being configured. Tabl e 242providesanexplanationofthecommandoutput. In global configuration mode, configure an IPv4 static route. 5 User Account and Password Management This chapter describes user account and password management features, which allow enhanced control of password usage and provide additional reporting of usage. Tabl e 147providesanexplanationofthecommandoutput. Here is the Enterasys MST configs: C2 (rw)->show spantree mstilist Configured Multiple Spanning Tree Instances: 11 12 C2 (rw)->show spantree mstcfgid MST Configuration Identifier: Format Selector: 0 Configuration Name: LKS Revision Level: 1 Configuration Digest:c8:02:17:44:25:20:9e:ea:66:13:94:79:6a:f4:c5:96 C2 (rw)-> C2 (rw)->show spantree mstmap RFC 3580s RADIUS tunnel attributes are often configured on a RADIUS server to dynamically assign users belonging to the same organizational group within an enterprise to the same VLAN, or to place all offending users according to the organizations security policy in a Quarantine VLAN. The following example configures DHCP snooping and dynamic ARP inspection in a routing environment using RIP. TACACS+ Procedure 26-3 MAC Locking Configuration (continued) Step Task Command(s) 7. Optionally, set the interface used for the source IP address of the TACACS+ packets generated by the switch. Configuring Node Aliases C5(su)->show nodealias config ge.1.1 Port Number ----------ge.1.1 Max Entries ----------32 Used Entries -----------32 Status ---------Enable The following command disables the node alias agent on port ge.1.8: C5(su)->set nodealias disable ge.1. DHCP Snooping into the software forwarding path, where it may be processed by the DHCP relay agent, the local DHCP server, or forwarded as an IP packet. Multicast Operation Multicast allows a source to send a single copy of data using a single IP address from a welldefined range for an entire group of recipients (a multicast group). The port cost value may also be administratively assigned using the set spantree adminpathcost command. (7) Router 2 forwards the multicast stream to Host 2. Factory Default Settings Table 4-1 Default Settings for Basic Switch Operation (continued) Feature Default Setting Password history No passwords are checked for duplication. area area-id virtual-link router-id Refer to Configuring Area Virtual-Links on page 22-12 for more information. MultiAuth mode Globally sets MultiAuth for this device. Using Multicast in Your Network Table 19-1 PIM-SM Message Types (continued) Message Type Description Join/Prune (J/P) These messages contain information on group membership received from downstream routers. (Not applicable for super user accounts. User Account Overview The start and end hour and minute time period for which access will be allowed for this user based upon 24 hour time. The power available for PoE is 150W. An authentication key has to be trusted to be used with an SNTP server. Initial Configuration Overview Table 4-2 Default Settings for Router Operation (continued) Feature Default Setting Hello interval (OSPF) Set to 10 seconds for broadcast and point-to-point networks. Configuring Policy Procedure 16-1 Step Configuring Policy Roles (continued) Task Command egress-vlans (Optional) Specifies the port to which this policy profile is applied should be added to the egress list of the VLANs defined with this parameter. Using Multicast in Your Network Generation ID gen id: 1331801871 10.5.40.0/255.255.255.0 [2] via neighbor: 10.5.50.1 Uptime: 66704 , expires: 0 version: 3 Generation ID gen id: 1331805217 10.5.50.0/255.255.255.0 [0] via neighbor: direct 10.5.51.0/255.255.255.0 [0] via neighbor: direct direct direct Uptime: 3615 , expires: 0 version: 3 10.5.70.0/255.255.255.0 [3] via neighbor: Uptime: 66716 , expires: 0 version: 3 10.5.60.0/255.255.255. 1 Use a DB9 male null-modem (laplink) cable. The trap generation will be done using the Enterasys Syslog Client MIB notification etsysSyslogSecureLogDroppedMsgNotification. Additional Configuration Tasks Setting User Accounts and Passwords Enterasys switches are shipped with three default user accounts: A super-user access account with a username of admin and no password A read-write access account with a username of rw and no password A read-only access account with a username of ro and no password Enterasys recommends that, for security purposes, you set up one or more unique user accounts with passwords and disable the default login accounts. Setting target parameters to control the formatting of SNMP notification messages 5. Display the current IPsec settings. Figure 23-2 Basic Configuration Example VRID 1 172.111.1.1 Router R1 Router R2 ge.1.1 VLAN 111 172.111.1.1/16 ge.1.1 VLAN 111 172.111.1. 6 Firmware Image and File Management This chapter describes how to download and install a firmware image file and how to save and display the system configuration as well as manage files on the switch. Refer to page Security Mode Configuration FIPS mode is disabled by default. Achtung: Verweit auf wichtige Informationen zum Schutz gegen Beschdigungen. Using Multicast in Your Network A new dependent downstream device appears on a pruned branch. Switch Configuration Using CLI Commands Guidelines for Rackmount Installation Attaching Brackets and Installing in Rack About SecureStack Switch Operation in a Stack 44 Recommended Procedures to Install New and Existing Stacks Installing a New Stackable System of Up to Eight Switches Adding a New Switch to an Existing Stack Important However, Enterasys Networks strongly recommends that you use NetSight Policy Manager, not CLI commands, to configure policy in your network. 15 Configuring Spanning Tree This chapter provides the following information about configuring and monitoring the Spanning Tree protocol on Enterasys stackable and standalone fixed switches. TACACS+ Basic TACACS+ Configuration Procedure 26-4 describes the basic steps to configure TACACS+ on Enterasys devices. Display MAC authentication configuration or status of active sessions. Spanning Tree Basics Spanning Tree Basics This section provides you with a more detailed understanding of how the Spanning Tree operates in a typical network environment. Ifnointerfaceisspecified,IPv6DHCPstatisticsforallinterfacesarecleared. IPsec Configuration IPsec and IKE (Internet Key Exchange protocol) are defined for the RADIUS host application only. Table 24-2 Output of show ipv6 dhcp statistics Command (Continued). See Procedure 20-2 on page 20-4. ip address ip-address ip-mask [secondary] 2. Table 25-5 show ipv6 ospf database Output Details. Save the running configuration. ThiscommandclearsIPv6DHCPstatistics,eitherallstatisticsoronlyforaspecificinterface. Usethiscommandtodisplaythesystemshardwareconfiguration. Account Lockout User accounts can be locked out based on the number of failed login attempts or a period of inactivity. User Authentication Overview Multi-User Authentication Multi-user authentication provides for the per-user or per-device provisioning of network resources when authenticating. Account and password feature behavior and defaults differ depending on the security mode of the switch. set port inlinepower port-string {[admin {off | auto}] [priority {critical | high | low}] [type type]} admin Enables (auto) or disables (off) PoE on a port. Connecting to a Switch This procedure describes how to connect to a switch. A value of 0x06 indicates that the tunneling medium pertains to 802 media (including Ethernet) Tunnel-Private-Group-ID attribute indicates the group ID for a particular tunneled session. Important Notice Depending on the firmware version used on your Fixed Switch platform, some features described in this document may not be supported. show lldp Display the LLDP status of one or more ports. The default value of 0 may be administratively changed. Configuring MSTP Figure 15-14 Maximum Bandwidth in an MSTP Network Configuration Bridge A Bridge B SID 86 Priority = 4096 SID 99 Priority = 32768 SID 86 Priority = 32768 SID 99 Priority = 4096 ge.1.3 ge.1.1 ge.1.3 ge.1.2 ge.1.1 ge.1.1 ge.1.2 ge.1.2 ge.1.2 ge.1. Configuring OSPF Areas 0 to 4294967295. Chapter Title. IP interfaces Disabled with no IP addresses specified. Apply power to the new unit. With this operation, an SNMP manager does not need to know the exact variable name. After the switch resets, return to global router configuration mode, create the ACL and define the rules. Configuring Cisco Discovery Protocol 13-14 Configuring Neighbor Discovery.