DHCP Configuration The subnet of the IP address being issued should be on the same subnet as the ingress interface (that is, the subnet of the host IP address of the switch, or if routing interfaces are configured, the subnet of the routing interface). Refer to page Policy Configuration Overview Identifying and restricting routing to legitimate routing IP addresses to prevent DoS, spoofing, data integrity and other routing related security issues. Syslog Components and Their Use The following sections provide greater detail on modifying key Syslog components to suit your enterprise. Configuring STP and RSTP Figure 15-10 Example of Multiple Regions and MSTIs Region 1 1 Region 2 2 Region 3 6 8 5 12 3 4 CIST Regional Root 7 10 CIST Root and CIST Regional Root CIST Regional Root Master Port Table 15-5 9 11 Master Port MSTI Characteristics for Figure 15-10 MSTI / Region Characteristics MSTI 1 in Region 1 Root is switching device 4, which is also the CIST regional root MSTI 2 in Region 1 Root is switching device 5 MSTI 1 in Region 2 Root is switching device 7, w. Configuring STP and RSTP Reviewing and Enabling Spanning Tree By default, Spanning Tree is enabled globally on Enterasys switch devices and enabled on all ports. (Optional) Use the CLI to verify the port mirroring instance has been deleted as shown in the following example: C5(su)->show port mirroring No Port Mirrors configured. If there is still a tie, these ports are connected via a shared medium. Thefollowingconventionsareusedinthetextofthisdocument: Table 1-1 Default Settings for Basic Switch Operation (Continued), Using an Administratively Configured User Account. If you need to use multiple license keys on members of a stack, use the optional unit number parameter with the set license command. Notice Enterasys Networks reserves the right to make changes in specifications and other information contained in this document and its web site without prior notice. 13 Configuring Neighbor Discovery This chapter describes how to configure the Link Layer Discovery Protocol (LLDP), the Enterasys Discovery Protocol, and the Cisco Discovery Protocol on Enterasys fixed stackable and standalone switches. C5(su)save config Saving Configuration to stacking members Configuration saved C5(su)-> 2. Agent 802. Configuring Authentication The following code example: Creates and names two VLANS, one for the users and one for the phones. Configuration Guide. Figure 10-4 provides an overview of the fixed switch authentication configuration. Can be no less than the max advertisement interval. MultiAuth mode Globally sets MultiAuth for this device. A stub area can be configured such that the ABR is prevented from sending type 3 summary LSAs into the stub area using the no-summary option. Determine the correct authentication type for each device. Table 25-9 show ipv6 ospf neighbor Output Details, Overview of Authentication and Authorization Methods. show policy profile {all | profile-index [consecutive-pids] [-verbose]} Display policy classification and admin rule information. Configuring IGMP Table 19-4 Layer 3 IGMP Configuration Commands Task Command Set the maximum response time being inserted into group-specific queries sent in response to leave group messages. Using Multicast in Your Network 2. The VLAN authorization table will always list any tunnel attributes VIDs that have been received for authenticated end systems, but a VID will not actually be assigned unless VLAN authorization is enabled both globally and on the authenticating port. Thisexampleshowshowtodisplaymultipleauthenticationsystemconfiguration: Configuring User + IP Phone Authentication. Table 18-7 Displaying sFlow Information Task Command to display the contents of the sFlow Receivers Table, or to display information about a specific sFlow Collector listed in the table show sflow receivers [index] To display information about configured poller instances show sflow pollers To display information about configured sampler instances. IPv6 Routing Configuration Procedure 25-4 Configuring Static Routers Step Task Command(s) 1. RMON Procedure 18-1 Configuring Remote Network Monitoring (continued) Step Task Command(s) 8. The hosts are configured to use 172.111.1.1/16 as the default route. Refer to the CLI Reference for your platform for more information about the commands listed below. Authentication Configuration Example Authentication Configuration Example Our example covers the three supported stackable and fixed switch authentication types being used in an engineering group: end-user stations, an IP phone, a printer cluster, and public internet access. Basic OSPF Topology Configuration To elect a DR from a host of candidates on the network, each router multicasts a hello packet and examines the priority of hello packets received from other routers. i . after the rate value indicates an invalid rate value Group Resource Type Unit Rate Rate Limit Index Action type --------- ----------- ---------- ---- ---------- --------------- ------ 1. MAC Locking Table 26-6 MAC Locking Defaults (continued) Parameter Description Default Value First arrival MAC address aging Specifies that dynamic MAC locked Disabled addresses will be aged out of the database. ipv6 route distance pref 3. no ip route dest-prefix dest-prefixmask forwarding-rtr-addr 3. ToenableandconfiguretheOpenShortestPathFirst(OSPF)routingprotocol. Refer to the CLI Reference for your switch model for more information about each command. Considerations About Using clear config in a Stack 4. . It also makes management secure by preventing configuration through ports assigned to other VLANs. If LAG members with different port speeds should tie for the lowest port priority, the LAG member with the lowest port number breaks the tie. Ports 1 through 5 on the switch unit 4 are configured as egress ports for the VLANs while ports 8 through 10 on the switch unit 5 are configured as ingress ports that will do the policy classification. Counter samples may be taken opportunistically in order to fill these datagrams. (7) Router 2 forwards the multicast stream to Host 2. Actively sending IGMP query messages to learn locations of multicast switches and member hosts in multicast groups within each VLAN. show port status port-string Example This example shows how to configure port ge.2.1 in the G3G-24SFP module to operate with a 100BASE-FX transceiver installed. set macauthentication {enable | disable} 4. Refer to page Syslog Operation By default, Syslog is operational on Enterasys switch devices at startup. Then, it looks to see if the tag list (v3TrapTag) specified in the notification entry exists. In router configuration mode, optionally enable split horizon poison reverse. Setting SNMP Management Information Base (MIB) view attributes 4. Using Multicast in Your Network IGMP snooping is disabled by default on Enterasys devices. VLAN authorization status Enables or disables globally and per port VLAN authorization. ACL Configuration Overview This section describes ACL creation, rule entry, and application of the ACL to a port or routing VLAN required to implement an ACL, as well as, the features available for managing ACL rules and displaying ACLs. + Configuring OSPF Areas OSPF allows collections of contiguous networks and hosts to be grouped together. About SecureStack C3 Switch Operation in a Stack, Installing a New Stackable System of Up to Eight Units, Installing Previously-Configured Systems in a Stack, Considerations About Using Clear Config in a Stack, Stacking Configuration and Management Commands, common denominator of functionality will be, You can mix SecureStack C2 and C3 switches in a single stack, although only the lowest. Note: If this switch will be added to an existing stack, you should install the primary and backup firmware versions that are currently installed on the stack units. ThiscommanddisplaysIPv6DHCPstatisticsforallinterfaces. Condition Default Value IPv6 DHCP Disabled IPv6 DHCP Relay Agent Information Option 32 IPv6 DHCP Relay Agent Information Remote ID Sub-option 1 IPv6 DHCP Preferred Lifetime 2592000 seconds IPv6 DHCP Valid Lifetime 604800 seconds Configuration Examples Procedure 25-6 describes the tasks to configure a Fixed Switch interface as a DHCPv6 relay agent. GARP Multicast Registration Protocol (GMRP) A GARP application that functions in a similar fashion as GVRP, except that GMRP registers multicast addresses on ports to control the flooding of multicast frames. set multiauth mode multi 5. A value of 0x06 indicates that the tunneling medium pertains to 802 media (including Ethernet) Tunnel-Private-Group-ID attribute indicates the group ID for a particular tunneled session. show system password 3. Create an SNMPv3 user and specify authentication, encryption, and security credentials. Troubleshooting em equipamentos ativos da Rede SIEMENS para VOIP como 3COM, Cisco, Extreme, Foundry, Enterasys (Cabletron) (Routers e Switch's Level 2 e 3. UsethiscommandtodisplaySNMPtrafficcountervalues. By default, Syslog server is globally enabled, with no IP addresses configured, at a severity level of 8. User Account Overview Procedure 5-2 Configuring a New Super-User / Emergency Access User Account Step Task Command(s) 4. Table 26-3 show macauthentication Output Details. You and Enterasys agree as follows: 1. If the port is configured so that it is connected to a switching device known to implement Loop Protect, it uses full functional (enhanced) mode. UsethiscommandtodisplaythecontentsoftheNeighborCache. interface vlan vlan-id 2. set port vlan port-string vlan-id no shutdown ip address ip-addr ip-mask 3. Configure user authentication. Systems incident management. In this configuration, an interface on VLAN 111 for Router R1 or Router R2, or VRID 1, 2, or 3 fails, the interface on the other router will take over for forwarding outside the local LAN segment. Procedure 18-2 Configuring sFlow Step Task Command(s) 1. Adjusting the Forward Delay Interval When rapid transitioning is not possible, forward delay is used to synchronize BPDU forwarding. Spanning Tree Basics RSTP Operation RSTP optimizes convergence by significantly reducing the time to reconfigure the networks active topology when physical topology or configuration parameter changes occur. Authentication Configuration Example In an 802.1x configuration, policy is specified in the RADIUS account configuration on the authentication server using the RADIUS Filter-ID. 7 Configuring System Power and PoE This chapter describes how to configure Redundant Power Supply mode on the C5 and G-Series switches, and how to configure Power over Ethernet (PoE) on platforms that support PoE. Configure NetFlow to Manage Your Cisco Switch (Optional) 1. 16 Configuring Policy This chapter provides an overview of Enterasys policy operation, describes policy terminology, and explains how to configure policy on Fixed Switch platforms using the CLI. sFlow Using sFlow in Your Network The advantages of using sFlow include: sFlow makes it possible to monitor ports of a switch, with no impact on the distributed switching performance. In global configuration mode, configure an IPv4 static route. Refer to page SNMP Concepts 2. Using Multicast in Your Network A new dependent downstream device appears on a pruned branch. If a DHCP relay agent or local DHCP server co-exist with the DHCP snooping feature, DHCP client messages will be sent to the DHCP relay agent or local DHCP server to process further. Default Settings Configuring OSPF Interface Timers The following OSPF timers are configured at the interface level in interface configuration mode: Hello Interval Dead Interval Retransmit Interval Transmit Delay Use the hello interval (ip ospf hello-interval) and dead interval (ip ospf dead-interval) timers to ensure efficient adjacency between OSPF neighbors. After you have properly configured the switch, and started Enterasys WebView, you can perform any of the tasks described in the following sections. SEVERABILITY. The Lenovo ThinkSystem ST550 is a scalable 4U tower server that features powerful Intel Xeon processor Scalable family CPUs. 5 seconds transmit delay Specifies the number of seconds it takes to transmit a link state update packet over this interface. Saving the Configuration and Connecting Devices C5(su)->show ssh SSH Server status: Enabled 2. To create and enable a port mirroring instance: 1. 15 Configuring Spanning Tree This chapter provides the following information about configuring and monitoring the Spanning Tree protocol on Enterasys stackable and standalone fixed switches. Telnet Enabled inbound and outbound. Refer to page Quality of Service Overview secondly, you must identify these flows in a way that QoS can recognize. Inspect both the TxQs and IRL support for the installed ports. Use the disconnect command to close a console or Telnet session. set tacacs singleconnect enable To disable the use of a single TCP connection, use the set tacacs singleconnect disable command. By default, RIP version 2 supports automatic route summarization, which summarizes sub-prefixes to the classful network boundary when crossing network boundaries. Configuring SNMP enterasys(su)-> set snmp notify SNMPv3TrapGen tag v3TrapTag inform How SNMP Will Process This Configuration As described in How SNMP Processes a Notification Configuration on page 12-7, if the SNMP agent on the device needs to send an inform message, it looks to see if there is a notification entry that says what to do with inform messages. Routing Interfaces Example The following example shows how to enable RIP on the switch, then configure VLAN 1 with IP address 192.168.63.1 255.255.255.0 as a routing interface and enable RIP on the interface. Attaches the port to the aggregator used by the LAG, and detaches the port from the aggregator when it is no longer used by the LAG. Configuring DVMRP Basic DVMRP Configuration By default, DVMRP is disabled globally and on each interface. Remote port mirroring involves configuration of the following port mirroring related parameters: 1. To determine if all these elements are in place, the SNMP agent processes a device configuration as follows: 1. Phone: +1 978 684 1000 E-mail: support@enterasys.com WWW: http://www.enterasys.com (c) Copyright Enterasys Networks, Inc. 2011 Chassis Serial Number: Chassis Firmware Revision: 093103209001 06.61.01.0017 Last successful login : WED DEC 07 20:23:20 2011 Failed login attempts since last login : 0 C5(su)-> 7. describes the following security features and how to configure them on the Fixed Switch platforms. Configuring Authentication Table 10-1 Default Authentication Parameters (continued) Parameter Description Default Value macauthentication Globally enables or disables MAC authentication on a device. area area-id default-cost cost 5. This information is used to determine the module port type for port group. Use the set system lockout command to: Set the number of failed login attempts allowed before disabling a read-write or read-only user account or locking out a super-user account. Licensing Advanced Features When adding a new unit to an existing stack, the ports on a switch lacking a licensed feature that has been enabled on the master will not pass traffic until the license has been enabled on the added switch. Configuring SNMP enterasys(su)->set snmp view viewname RW subtree 0.0 enterasys(su)->set snmp view viewname RW subtree 1.3.6.1.6.3.13.1 excluded enterasys(su)->set snmp targetparams TVv1public user public security-model v1 message processing v1 enterasys(su)->set snmp targetaddr TVTrap 10.42.1.10 param TVv1public taglist TVTrapTag enterasys(su)->set snmp notify TVTrap tag TVTrapTag Adding to or Modifying the Default Configuration By default, SNMPv1 is configured on Enterasys switches. Configuring Policy Table 16-5 on page 16-11 describes how to display policy information and statistics. User Account Overview Procedure 5-2 on page 5-4 shows how a super-user creates a new super-user account and assigns it as the emergency access account. Interpreting Messages Every system message generated by the Enterasys switch platforms follows the same basic format: time stamp address application [unit] message text Example This example shows Syslog informational messages, displayed with the show logging buffer command. 100 Procedure 18-1 describes how to configure RMON. To perform a TFTP or SFTP download: 1. ThisexampleshowshowtodisplayswitchtypeinformationaboutSID1: Usethiscommandtodisplayvariousdataflowanderrorcountersonstackports. Connects a PC to the network providing internet only access to the network. Terms and Definitions 10-30 Configuring User Authentication. The read er should in all cases consult Enterasys Networks to determine whether any such Database contains 1 Enterasys C5K175-24 Manuals (available for free online viewing or Page 1 Matrix V-Series V2H124-24P Fast Ethernet Switch Hardware . Policy Configuration Example destination ports for protocols DHCP (67) and DNS (53) on the phone VLAN, to facilitate phone auto configuration and IP address assignment. Refer to Procedure 26-6 on page 26-20. Ctrl+E Move cursor to end of line. Table 20-3 show ip ospf database Output Details. For commands with optional parameters, this section describes how the CLI responds if the user opts to enter only the keywords of the command syntax. Advanced Configuration Overview Procedure 4-1 contains the steps to assign an IP address and configure basic system parameters. C5(su)->set policy rule 1 ipsourcesocket 1.2.3. When tunnel mode is configured, VLAN-to-policy mapping will not occur on a stackable fixed switch or standalone fixed switch platform. set snmp community community_name 2. ACL Configuration Overview The following example displays IPv4 extended access control list 120, then deletes entries 2 and 3, and redisplays the ACL. Precaucin: Contiene informacin esencial para prevenir daar el equipo. Refer to Licensing Advanced Features on page 4-8 for more information. 3. P/N 9034174-01. . Valid sid values are 04094. A Fixed Switch device uses one OSPF router process that can be any number between 1 and 65535. Version 2 (SNMPv2c) The second release of SNMP, described in RFC 1907, has additions and enhancements to data types, counter size, and protocol operations. Additional Configuration Tasks Setting User Accounts and Passwords Enterasys switches are shipped with three default user accounts: A super-user access account with a username of admin and no password A read-write access account with a username of rw and no password A read-only access account with a username of ro and no password Enterasys recommends that, for security purposes, you set up one or more unique user accounts with passwords and disable the default login accounts. Display the types of switches supported in the stack, using the show switch switchtype command. set inlinepower detectionmode {auto | ieee} auto (default) The Enterasys device first uses the IEEE 802.3af/at standards resistorbased detection method. Refer to Table 2-2 for console port pinout assignments. Use the ipv6 nd ns-interval command to configure the interval between Neighbor Solicitation messages sent on an interface. Periodically, say every second, the sFlow Agent examines the list of counter sources and sends any counters that need to be sent to meet the sampling interval requirement. Because port admin keys for all LAGs and the physical ports 4 - 6 are the same, physical ports 4 - 6 satisfy rule 2. Configuring VLANs Figure 9-3 Example of VLAN Propagation Using GVRP Switch 3 Switch 2 R 2D 1 3 1 D R Switch 1 1 R 2 End Station A D 3 D 1 R D Switch 4 1 R Switch 5 R = Port registered as a member of VLAN Blue = Port declaring VLAN Blue VLANpropagation GVMP Note: If a port is set to forbidden for the egress list of a VLAN, then the VLANs egress list will not be dynamically updated with that port. 1.1 IP switch ge. There are a couple of restrictions on the use of stub areas. IPv6 Neighbor Discovery Neighbor Discovery Configuration Refer to Table 25-2 on page 25-4 for the default Neighbor Discovery values. Terms and Definitions Configuring the Public Area PWA Station The public area PWA station provides visitors to your business site with open access to the internet, while at the same time isolating the station from any access to your internal network. Took part in business critical , large scale projects and delivered them in a timely manner. The port cost value may also be administratively assigned using the set spantree adminpathcost command. Use the area virtual-link command in OSPF router configuration command mode, providing the transit area ID and the ABRs router ID, to configure an area virtual-link. How RADIUS Data Is Used The Enterasys switch bases its decision to open the port and apply a policy or close the port based on the RADIUS message, the port's default policy, and unauthenticated behavior configuration. Configuration of normal port mirroring source ports and one destination port on all switches, as described above. 3. Syslog Components and Their Use Table 14-1 14-4 Syslog Terms and Definitions (continued) Term Definition Enterays Usage Syslog server A remote server configured to collect and store Syslog messages. Upon receipt, the RADIUS client software will calculate its own authenticator response using the information that was passed in the MS-CHAP2-Response attribute and the user's passed clear text password. Spanning Tree version Set to mstp (Multiple Spanning Tree Protocol). We next want to set the admin keys for the stackable switch physical ports: Stack2(rw)->set Stack2(rw)->set Stack2(rw)->set Stack2(rw)->set Stack2(rw)->set Stack2(rw)->set Stack2(rw)->set Stack2(rw)->set port port port port port port port port lacp lacp lacp lacp lacp lacp lacp lacp port port port port port port port port ge.1.21 ge.1.22 ge.1.23 ge.1.24 ge.2.17 ge.2.19 ge.2.22 ge.2. Packets sent to 172.111.1.1/16 would go to Router R2. The creation of additional port groups could be used to combine similar ports by their function for flexibility. Since there is no way to tell whether a graft message was lost or the source has stopped sending, each graft message is acknowledged hop-by-hop. Note: For security, you may wish to disable Telnet and only use SSH. A designated port may forward with the exchange of two BPDUs in rapid succession. S, K, and 7100 Series CLI Reference Guide for Version 8.41 Aug 2015 OSPF adjacencies can not be formed on a passive interface. Factory Default Settings Table 4-1 Default Settings for Basic Switch Operation (continued) Feature Default Setting Spanning Tree topology change trap suppression Enabled. If necessary, configure an OSPF virtual link. 1.1 IP phone ge. For example, set logging local console enable would not execute without also specifying file enable or disable. 20 IP Configuration This chapter provides general IPv4 routing configuration information. set multiauth mode strict 2. Default settings are listed in Table 15-6: Table 15-6 Spanning Tree Port Default Settings Setting Default Value Bridge priority mode 802. Creates a user policy profile that uses the user VLAN. Andover, MA 01810-1008 U.S.A. 2. Neighbor Discovery Overview There are two primary LLDP-MED device types (as shown in Figure 13-2 on page 13-5): 13-4 Network connectivity devices, which are LAN access devices such as LAN switch/routers, bridges, repeaters, wireless access points, or any device that supports the IEEE 802.1AB and MED extensions defined by the standard and can relay IEEE 802 frames via any method. Configuring Authentication Procedure 10-1 IEEE 802.1x Configuration (continued) Step Task Command(s) 2. Configuring STP and RSTP 2. (B3 platforms only) EAPOL Disabled. The following example applies two different license keys to members of the stack. 30 pounds of muscle before and after 30 pounds of muscle before and after Home Realizacje i porady Bez kategorii 30 pounds of muscle before and after Configuring Port Link Flap Detection If left unresolved, link flapping can be detrimental to network stability by triggering Spanning Tree and routing table recalculations. Quality of Service Overview There are up to four areas of CoS configuration depending on what type of hardware resource you want to configure. ThiscommandclearsIPv6DHCPstatistics,eitherallstatisticsoronlyforaspecificinterface. Understanding and Configuring Loop Protect Valid values are 065535 seconds. Configuring Node Aliases 4-28 System Configuration. This requires a minimum of two twisted pairs for a single physical link. Quality of Service Overview Figure 17-4 Hybrid Queuing Packet Behavior Rate Limiting Rate limiting is used to control the rate of traffic entering (inbound) a switch per CoS. Rate limiting allows for the throttling of traffic flows that consume available bandwidth, in the process providing room for other flows. Terms and Definitions Table 11-7 11-16 Link Aggregation Configuration Terms and Definitions (continued) Term Definition Port Priority Port priority determines which physical ports are moved to the attached state when physical ports of differing speeds form a LAG. MAC Locking If a connected end station exceeds the maximum values configured with the set maclock firstarrival and set maclock static commands (a violation). The system is tolerant to packet loss in the network.