enterasys switch configuration guide23 Apr enterasys switch configuration guide
7 Configuring System Power and PoE This chapter describes how to configure Redundant Power Supply mode on the C5 and G-Series switches, and how to configure Power over Ethernet (PoE) on platforms that support PoE. 2. Account and password feature behavior and defaults differ depending on the security mode of the switch. Inspect both the TxQs and IRL support for the installed ports. Configuring VLANs Procedure 9-3 Dynamic VLAN Configuration (continued) Step Task Command(s) 4. For example, to set the console port baud rate to 19200: C5(su)->set console baud 19200 VT100 Terminal Mode VT100 terminal mode supports automatic console session termination on removal of the serial connection (vs. timeout). Use the show users command to display information for active console port or Telnet sessions on the switch. Configuring Authentication Optionally Enable Guest Network Privileges With PWA enhanced mode enabled, you can optionally configure guest networking privileges. Enterasys devices allow up to 8 server IP addresses to be configured as destinations for Syslog messages. Refer to page Link Aggregation Overview 11-1 Configuring Link Aggregation 11-9 Link Aggregation Configuration Example 11-11 Terms and Definitions 11-15 Link Aggregation Overview IEEE 802.3ad link aggregation provides a standardized means of grouping multiple parallel Ethernet interfaces into a single logical Layer 2 link. How RADIUS Data Is Used The Enterasys switch bases its decision to open the port and apply a policy or close the port based on the RADIUS message, the port's default policy, and unauthenticated behavior configuration. . Optionally, delete an entire ACL or a single rule or range of rules. Creates a CoS setting of index 55. The authentication server verifies the credentials and returns an Accept or Reject message back to the switch. See Configuring OSPF Areas on page 22-8 for additional discussion of OSPF area configuration. Configuring the S8 Distribution Switch The first thing we want to do is set the admin key for all LAGs to the non-default value of 65535 so that no LAGs will automatically form: S8(rw)->set lacp aadminkey lag.0. A feature exists to allow the creation of a single port LAG that is disabled by default. Usethiscommandtodisplayportwebauthenticationinformationforoneormoreports. Configuring Policy Table 16-5 on page 16-11 describes how to display policy information and statistics. Functions and Features Supported on Enterasys Devices Functions and Features Supported on Enterasys Devices Spanning Tree Versions MSTP and RSTP automatically detect the version of Spanning Tree being used on a LAN. The PIM specifications define several modes or methods by which a PIM router can build the distribution tree. -1 (request as many octets as possible) capture slice The RMON capture maximum number of octets from each packet to be saved to the buffer. Configuring OSPF Areas Router 3(su)->router(Config-router)#area 0.0.0.1 stub no-summary Router 3(su)->router(Config-router)#area 0.0.0.1 default-cost 15 Router 5 Router 5(su)->router(Config)#router ospf 1 Router 5(su)->router(Config-router)#area 0.0.0.2 stub Router 5(su)->router(Config-router)#area 0.0.0.2 default-cost 15 Router 6 Router 6(su)->router(Config)#router ospf 1 Router 6(su)->router(Config-router)#area 0.0.0.2 stub Router 6(su)->router(Config-router)#area 0.0.0. User Authentication Overview When the maptable response is set to tunnel mode, the system will use the tunnel attributes in the RADIUS reply to apply a VLAN to the authenticating user and will ignore any Filter-ID attributes in the RADIUS reply. The following example applies two different license keys to members of the stack. This document presents policy configuration from the perspective of the Fixed Switch CLI. Configuring a Stack of New Switches 1. Configuring VLANs Default Settings Table 9-1 lists VLAN parameters and their default values. Procedure 25-1 Configuring IPv6 Management Step Task Command(s) 1. set port inlinepower port-string {[admin {off | auto}] [priority {critical | high | low}] [type type]} admin Enables (auto) or disables (off) PoE on a port. Policy Configuration Example Roles The example defines the following roles: guest Used as the default policy for all unauthenticated ports. When a root or alternate port loses its path to the root bridge, due to message age expiration, it takes on the role of designated port and will not forward traffic until a BPDU is received. Syslog Components and Their Use Basic Syslog Scenario Figure 14-1 shows a basic scenario of how Syslog components operate on an Enterasys switch. Agent 802. When Router R1 comes up again, it would take over as master, and Router R2 would revert to backup. PAGE 2. Note: The v1 parameter in this example can be replaced with v2 for SNMPv2c configuration. Configure RADIUS user accounts on the authentication server for each device. Licensing Advanced Features Table 4-3 Advanced Configuration (continued) Task Refer to Configure RIP. Connecting to a Switch This procedure describes how to connect to a switch. The RP de-encapsulates each register message and sends the resulting multicast packet down the shared tree. 1.6 IP-PBX Info x.x.x.x x.x.x.x x.x.x.x Info x.x.x.x x.x.x.x x.x.x.x x.x.x. Configuring Authentication Note: User + IP Phone authentication is not supported on the I-Series With User + IP Phone authentication, the policy role for the IP phone is statically mapped using a policy admin rule which assigns any frames received with a VLAN tag set to a specific VID (for example, Voice VLAN) to a specified policy role (for example, IP Phone policy role). HP Procurve 2600,3com 4500 Series Switch Configuration, Enterasys Creation of reports for specific clients. Enterasys Networks, Inc. declares that the equipment packaged with this notice conforms to the above directives. Ultimate Pi-hole configuration guide, SSL . Configuring RIP Table 21-1 Routing Protocol Route Preferences Route Source Default Distance Connected 0 Static 1 OSPF (Requires support for advanced routing features on the switch) 110 RIP 120 Also in router configuration mode, you can disable automatic route summarization with the no auto-summary command. The size of the history buffer determines how many lines of previous CLI input are available for recall. The router with the highest priority is elected the DR, and the router with the next highest priority is elected the BDR. Configuring MSTP Defining Edge Port Status By default, edge port status is disabled on all ports. Procedure 5-1 Creating a New Read-Write or Read-Only User Account Step Task Command(s) 1. See The RADIUS Filter-ID on page 8 for RADIUS Filter-ID information. C5(rw)->ping 10.10.10.1 10.10.10. Ports used to authenticate and authorize supplicants utilize access entities that maintain entity state, counters, and statistics for an individual supplicant. The ingress VLAN could be a switching or routing VLAN. Enable ARP inspection on the VLANs where clients are connected, and optionally, enable logging of invalid ARP packets. Understanding How VLANs Operate Forwarding Decisions VLAN forwarding decisions for transmitting frames is determined by whether or not the traffic being classified is or is not in the VLANs forwarding database as follows: Unlearned traffic: When a frames destination MAC address is not in the VLANs forwarding database (FDB), it will be forwarded out of every port on the VLANs egress list with the frame format that is specified. set snmp user v3user remote 800007e5804f190000d232aa40 privacy despasswd authentication md5 md5passwd Note: You can omit the 0x from the EngineID. The Enterasys switch products support the following five authentication methods: IEEE 802.1x MACbased Authentication (MAC) Port Web Authentication (PWA) Note: Through out this document: Use of the term "modular switch" indicates that the information is valid for the N-Series, S-Series, and K-Series platforms. Dynamic ARP Inspection Dynamic ARP Inspection Configuration set arpinspection vlan 10 set arpinspection trust port ge.1.1 enable Routing Example T Note: This example applies only to platforms that support routing. Using Multicast in Your Network PIM Support on Enterasys Devices Note: PIM is supported on Enterasys fixed switches on which advanced routing has been enabled. An ABR keeps a separate copy of the link-state database for each area to which it is connected. Both transmit and receive traffic will be mirrored. VLAN authorization egress format Determines whether dynamic VLAN tagging will be none, tagged, untagged, or dynamic for an egress frame. Figure 16-1 displays an illustration of the policy configuration of a example infrastructure. set snmp view viewname securedviewname subtree 1 set snmp view viewname securedviewname subtree 0.0 set snmp view viewname unsecuredviewname subtree 1 set snmp view viewname unsecuredviewname subtree 0.0 6. Configuring PoE Stackable B5 and C5 Devices Procedure 7-2 PoE Configuration for Stackable B5 and C5 Devices Step Task Command(s) 1. On the Enterasys switch, define the same user as in the above example (v3user) with this EngineID and with the same Auth/Priv passwords you used previously. Port broadcast suppression Enabled and set to limit broadcast packets to 14,881 per second on all switch ports. You have the nonexclusive and nontransferable right to use only the one (1) copy of the Program provided in this package subject to the terms and conditions of this Agreement. Configuring PIM-SM Basic PIM-SM Configuration By default, PIM-SM is disabled globally on Enterasys fixed switches and attached interfaces. show port status [port-string] Display port counter statistics detailing traffic through the device and through all MIB2 network devices. The reader should in all cases consult Enterasys Networks to determine whether any such changes have been made. Managing Switch Configuration and Files Displaying the Configuration Executing show config without any parameters will display all the non-default configuration settings. To clear the MultiAuth authentication mode. Format Examples The following examples illustrate secure log entry formats for different types of events. For information on changing these default settings, refer to Chapter 5, User Account and Password Management. 24 Configuring Access Control Lists This chapter describes how to configure access control lists on the Fixed Switch platforms. ACL Configuration Overview Creating ACL Rules ACL rules define the basis upon which a hit will take place for the ACL. In global configuration mode, configure an IPv6 static route. Interface-specific parameters are configured with variations of the Spanning Tree port configuration commands. 8 Port Configuration This chapter describes the basic port parameters and how to configure them. Optionally, enable the aging of first arrival MAC addresses on a port or ports. Table 11-2 show policy rule Output Details. Enterasys Manuals Switch C5G124-24 Configuration manual Enterasys C5G124-24 Configuration Manual Fixed switch platforms Also See for C5G124-24: Quick reference (2 pages) 1 2 3 4 5 6 Table Of Contents 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 Provides guest access to a limited number of the edge switch ports to be used specifically for internet only access. Setup and maintained DNS, WINS and DHCP servers. In the shared LAN example it may take over as designated port if the original designated port is disabled. Display the system lockout settings show system lockout 6. Ensuring that FTP/TFTP file transfers and firmware upgrades only originate from authorized file and configuration management servers. Figure 25-1 Basic IPv6 Over IPv4 Tunnel Router R1 Router R2 VLAN 20 195.167.20.1 Tunnel 10 IPv6 Addr: 2001:DB8:111:1::20/127 Tunnel Source: 195.167.20.1 Tunnel Destination: 192.168.10.1 VLAN 10 192.168.10.1 Tunnel 10 IPv6 Addr: 2001:DB8:111:1::10/127 Tunnel Source: 192.168.10.1 Tunnel Destination: 195.167.20. Link Aggregation Overview Note: A given link is allocated to, at most, one LAG at a time. Syslog Components and Their Use Table 14-1 describes the Enterasys implementation of key Syslog components. Basic OSPF Topology Configuration 1. Using Multicast in Your Network Figure 19-1 IGMP Querier Determining Group Membership IGMP Querier IGMP Query IGMP Membership IGMP Membership Router for 224.1.1.1 Router for 226.7.8.9 Member of 224.1.1.1 Member of 226.7.8.9 As shown in Figure 19-1, a multicast-enabled device can periodically ask its hosts if they want to receive multicast traffic. The Lenovo ThinkSystem ST550 is a scalable 4U tower server that features powerful Intel Xeon processor Scalable family CPUs. Policy classification Classification rules are automatically enabled when created. The Filter-ID for that user is returned to the switch in the authentication response, and the authentication is validated for that user. 1 macdest Classifies based on MAC destination address. For example: C5(su)->dir Images: ================================================================== Filename: c5-series_06.42.06.0008 Version: 06.42.06. About This Guide This guide provides basic configuration information for the Enterasys Networks Fixed Switch platforms using the Command Line Interface (CLI0, including procedures and code examples. Procedure 22-2 OSPF Interface Configuration Step Task Command(s) 1. Optionally, disable clearing of dynamic MAC addresses on link change. Configuring Syslog Modifying Syslog Server Defaults Unless otherwise specified, the switch will use the default server settings listed in Table 14-4 for its configured Syslog servers: Table 14-4 Syslog Server Default Settings Parameter Default Setting facility local4 severity 8 (accepting all levels) descr no description applied port UDP port 514 Use the following commands to change these settings either during or after enabling a new server. ACLs on the A4 are described separately in this chapter since ACL support on the A4 is different from the support on the other Fixed Switch platforms. UsethiscommandtodisplaytheswitchsARPtable. The best path is the one that has the lowest designated cost. Assign to queue assign the packet to a queue Note: Unlike other Fixed Switch platforms, A4 ACLs are not terminated with an implicit deny all rule. Since there is no way to tell whether a graft message was lost or the source has stopped sending, each graft message is acknowledged hop-by-hop. ARP requests are flooded in the VLAN. Port advertised ability Maximum ability advertised on all ports. DHCP Configuration 192.168.10.10 1 1 Active DHCP Configuration Dynamic Host Configuration Protocol (DHCP) for IPv4 is a network layer protocol that implements automatic or manual assignment of IP addresses and other configuration information to client devices by servers. This setting is useful for configuring more complex VLAN traffic patterns, without forcing the switch to flood the unicast traffic in each direction. Use the dir command to display the contents of the images directory. set system lockout emergency-access username 5. Password Management Overview Table 5-1 User Account and Password Parameter Defaults by Security Mode (continued) Parameter Normal Mode Default C2 Mode Default Minimum number of characters in password 8 9 Allow consecutively repeating characters in password yes 2 characters Aging of system passwords disabled 90 days Password required at time of new user account creation no yes Substring matching at password validation 0 (no checking) 0 (no checking) New users required to change password. 9. Lockout is configured at the system level, not at the user account level. Quality of Service Overview Preferential Queue Treatment for Packet Forwarding There are three types of preferential queue treatments for packet forwarding: strict priority, weighted fair, and hybrid. For both DVMRP and PIM-SM for IPv4 to operate, IGMP must be enabled. Maximum bandwidth utilization takes place when all bridges participate on all VLANs. RMON Table 18-1 RMON Group Event RMON Monitoring Group Functions and Commands (continued) What It Does What It Monitors CLI Command(s) Controls the generation and notification of events from the device. Table 8-6 show snmp access Output Details, Overview: Single, Rapid, and Multiple Spanning Tree Protocols, Tabl e 91showsadetailedexplanationofcommandoutput. 2600, and 2503). Actively sending IGMP query messages to learn locations of multicast switches and member hosts in multicast groups within each VLAN. Usethiscommandtodisplaymultipleauthenticationsystemconfiguration. A value of 0x06 indicates that the tunneling medium pertains to 802 media (including Ethernet) Tunnel-Private-Group-ID attribute indicates the group ID for a particular tunneled session. Considerations About Using clear config in a Stack 4. 2. This guarantees that the default behavior of a bridge is to not be part of an MST region. Table 14-1 Syslog Terms and Definitions Term Definition Enterays Usage Facility Categorizes which functional process is generating an error message. Use the following commands to review, re-enable, and reset the Spanning Tree mode. Password Management Overview guest read-only enabled 0 0 no 00:00 24:00 mon tue wed Password Management Overview Individual user account passwords are configured with the set password command. Procedure 5-4 Configuring Management Authentication Notification MIB Settings Step Task Command(s) 1. By default, Syslog server is globally enabled, with no IP addresses configured, at a severity level of 8. Enabling DVMRP globally on the device and on the VLANs. About Security Audit Logging The secure.log file stored in the secure/logs directory cannot be deleted, edited, or renamed. Globally: Disabled. Auto-negotiation is enabled by default. Configuring SNMP Procedure 12-3 Configuring an EngineID (continued) Step Task Command(s) 4. Telnet port (IP) Set to port number 23. show policy profile {all | profile-index [consecutive-pids] [-verbose]} Display policy classification and admin rule information. If the upstream routers outbound list is now empty, it may send a prune message to its upstream router. Basic DVMRP configuration includes the following steps: 1. Optionally, set the GARP join, leave, and leaveall timer values. When tunnel mode is configured, VLAN-to-policy mapping will not occur on a stackable fixed switch or standalone fixed switch platform. DHCP Configuration IP Address Pools IP address pools must be configured for both automatic and manual IP address allocation by a DHCP server. Use the set sntp trustedkey command to add an authentication key to the trusted key list. Configuring IRDP Table 21-3 IRDP Default Values (continued) Parameter Description Default Value advertisement holdtime The length of time this advertised address should be considered valid. you can specify multiple ports using * or - (ports 1-48 would be ge.1. Thisexampleshowshowtodisplaymultipleauthenticationsystemconfiguration: Configuring User + IP Phone Authentication. If these assumptions are not true, please refer to Chapter 1, Setting Up a Switch for the First Time for more information. With LACP, if a set of links can aggregate, they will aggregate. Refer to page Quality of Service Overview secondly, you must identify these flows in a way that QoS can recognize. Downloading Firmware via the Serial Port Boot Menu Version 06.61.xx 12-09-2011 Options available 1 - Start operational code 2 - Change baud rate 3 - Retrieve event log using XMODEM (64KB).
Law Of Parsimony Biomechanics,
Raj Kristo Gupta,
Quickvue Covid Test Sensitivity And Specificity,
10x12 Vinyl Pergola,
Cre Lox Recombination Ppt,
Articles E
No Comments