Procedure 19-3 assumes VLANs have been configured and enabled with IP interfaces. 4 - Load new operational code using XMODEM 5 - Display operational code vital product data 6 - Run Flash Diagnostics 7 - Update Boot Code 8 - Delete operational code 9 - Reset the system 10 - Restore Configuration to factory defaults (delete config files) 11 - Set new Boot Code password [Boot Menu] 2 5. Therefore, you must know the serial number of the switch to be licensed when you activate the license on the Enterasys customer site, and also when you apply the license to the switch as described below. Table 25-5 show ipv6 ospf database Output Details. Hany Eskarous - Information Technology Solutions Specialist & Accounts Since MAC-based authentication authenticates the device, not the user, and is subject to MAC address spoofing attacks, it should not be considered a secure authentication method. MultiAuth mode Globally sets MultiAuth for this device. show policy profile {all | profile-index [consecutive-pids] [-verbose]} Display policy classification and admin rule information. Prepare high/low level design & solution. The ingress VLAN could be a switching or routing VLAN. 5 seconds transmit delay Specifies the number of seconds it takes to transmit a link state update packet over this interface. SID 0 within the MST is the Internal Spanning Tree (IST) and provides connectivity out to the CST as well as functioning as another Spanning Tree instance within the MST region. ipv6 route distance pref 3. Configuring ICMP Redirects This example shows how to enable IP directed broadcasts on VLAN 1 and have all client DHCP requests for users in VLAN 1 to be forwarded to the remote DHCP server with IP address 192.168.1.28 C5(su)->router(Config)#interface vlan 1 C5(su)->router(Config-if(Vlan 1))#ip directed-broadcast C5(su)->router(Config-if(Vlan 1))#ip forward-protocol udp C5(su)->router(Config-if(Vlan 1))#ip helper-address 192.168.1. Enterasys devices support version 2 of the PIM protocol as described in RFC 4601 and draft-ietfpim-sm-v2-new-09. Configuring SNMP . You can also use the colon notation like this: 80:00:07:e5:80:4f:19:00:00:d2:32:aa:40 5. Ctrl+D Delete a character. Tabl e 242providesanexplanationofthecommandoutput. Alternatively, you can specify only the interface to be used to contact the DHCPv6 server and the Fixed Switch device will use the DHCPV6-ALL-AGENTS multicast address (FF02::1:2) to relay DHCPv6 messages to the DHCPv6 server. Refer to the CLI Reference for your platform for command details. sFlow 2. Configuring DVMRP Basic DVMRP Configuration By default, DVMRP is disabled globally and on each interface. Configuring STP and RSTP set spantree portpri port-string priority [sid sid] Valid priority values are 0240 (in increments of 16) with 0 indicating high priority. (1800 seconds) preference level The preference value for this advertised address. Note: When configuring any string or name parameter input for any command, do not use any letters with diacritical marks (an ancillary glyph added to a letter). Enterasys S8-Chassis Manuals & User Guides User Manuals, Guides and Specifications for your Enterasys S8-Chassis Chassis. ThisexampleshowshowtodisplaythesystemIPaddressandsubnetmask: Thefollowingtableprovidesanexplanationofthecommandoutput. Using the all parameter will display all default and non-default configuration settings. Extensible Authentication Protocol (EAP) A protocol that provides the means for communicating the authentication information in an IEEE 802.1x context. Configure RADIUS user accounts on the authentication server for each device. Refer to Procedure 4-3 on page 4-14 to configure the switch SNTP client for authentication. Downloading Firmware via the Serial Port Boot Menu Version 06.61.xx 12-09-2011 Options available 1 - Start operational code 2 - Change baud rate 3 - Retrieve event log using XMODEM (64KB). ThecommandsusedtoreviewandconfiguretheCDPdiscoveryprotocolarelistedbelow. The LLDP-enabled device periodically advertises information about itself (such as management address, capabilities, media-specific configuration information) in an LLDPDU (Link Layer Discovery Protocol Data Unit), which is sent in a single 802.3 Ethernet frame (see Figure 13-3 on page 13-6). Configuring Authentication Procedure 10-4 MultiAuth Authentication Configuration Step Task Command(s) 1. Configuring OSPF Areas Configuring Area Virtual-Link Authentication An area virtual-link can be configured for simple authentication. Configuring the Router ID OSPF initially assigns all routers a router ID based on the highest loopback IP address of the interfaces configured for IP routing. If not specified, SID 0 will be assumed. Stackable Switches. To display non-default information about a particular section of the configuration, such as port or system configuration, use the name of the section (or facility) with the command. GARP Multicast Registration Protocol (GMRP) A GARP application that functions in a similar fashion as GVRP, except that GMRP registers multicast addresses on ports to control the flooding of multicast frames. macauthentication port Enables or disables MAC authentication on a port Disabled. Procedure 21-1 lists the basic steps to configure RIP and the commands used. Procedure 26-7 Basic Dynamic ARP Inspection Configuration Step Task Command(s) 1. Configuring PoE Procedure 7-2 PoE Configuration for Stackable B5 and C5 Devices (continued) Step Task Command(s) 6. Factory Default Settings Table 4-1 Default Settings for Basic Switch Operation (continued) Feature Default Setting Spanning Tree topology change trap suppression Enabled. About SecureStack C3 Switch Operation in a Stack, Installing a New Stackable System of Up to Eight Units, Installing Previously-Configured Systems in a Stack, Considerations About Using Clear Config in a Stack, Stacking Configuration and Management Commands, common denominator of functionality will be, You can mix SecureStack C2 and C3 switches in a single stack, although only the lowest. Usethiscommandtoenableordisableportwebauthentication. User Authentication Overview Dynamic VLAN Assignment The RADIUS server may optionally include RADIUS tunnel attributes in a RADIUS Access-Accept message for dynamic VLAN assignment of the authenticated end system. ACL Configuration Overview IPv6 Rules For IPv6 rules, IPv6 source and destination addresses and prefix length are specified, or the any option can be used. PDF ExtremeXOS Quick Guide - Paul T Clark SecureStack B3 Stackable Switches Configuration Guide Firmware - FCC ID User Authentication Overview When the maptable response is set to tunnel mode, the system will use the tunnel attributes in the RADIUS reply to apply a VLAN to the authenticating user and will ignore any Filter-ID attributes in the RADIUS reply. Access Control Lists on the A4 A4(su)->router#configure Enter configuration commands: A4(su)->router(Config)#access-list 101 deny ip host 192.168.10.10 any A4(su)->router(Config)#access-list 101 deny ip host 164.108.20.20 host 164.20.40.40 A4(su)->router(Config)#access-list 101 ip permit host 148.12.111.1 any assignqueue 5 A4(su)->router(Config)#show access-lists 101 Extended IP access list 101 1: deny ip host 192.168.10.10 any 2: deny ip host 164.108.20.20 host 164.20.40.40 3: permit ip host 148.12.111. Stateless autoconfiguration is part of Router Advertisement and the Enterasys Fixed Switches can support both stateless and stateful autoconfiguration of end nodes. This is useful for troubleshooting or problem solving when network management through the console port, telnet, or SSH is not feasible. Be sure that your serial connection is set properly: Baud rate: 115200 bps (for 5420, 5520, X435, X465, X590, X690, X695, and X870 models) Baud rate: 9600 bps (for other models) Data bits: 8 Stop bit: 1 Parity: none Flow control: none Understanding and Configuring Loop Protect Enabling or Disabling Loop Protect Event Notifications Loop Protect traps are sent when a Loop Protect event occurs, that is, when a port goes to listening due to not receiving BPDUs. Spanning Tree Basics Figure 15-8 MSTI 1 in a Region CIST Root 1 MSTI 1 2 5 MST CIST Regional Root 3 4 MSTI 1 Regional Root Legend: Physical Link Blocked VLANs Figure 15-9 MSTI2 in the Same Region MSTI 2 1 5 MST CIST Regional Root 3 2 MSTI 2 Regional Root 4 Legend: Physical Link Blocked VLANs Figure 15-10 on page 15-19 shows 3 regions with five MSTIs. 100 Procedure 18-1 describes how to configure RMON. Note: VRRP is an advanced routing feature that must be enabled with a license key. Apply power to the new unit. Configuring Syslog Note: The set logging local command requires that you specify both console and file settings. Ports 1 through 5 on the switch unit 4 are configured as egress ports for the VLANs while ports 8 through 10 on the switch unit 5 are configured as ingress ports that will do the policy classification. ExtremeXOS User Guide In router configuration mode, optionally enable route redistribution of non-RIP protocol routes. Configuration Guide. Hosts on the link discover the addresses of their neighboring routers by listening for advertisements. 1.6 IP-PBX Info x.x.x.x x.x.x.x x.x.x.x Info x.x.x.x x.x.x.x x.x.x.x x.x.x. . Configuring Authentication Table 10-1 Default Authentication Parameters (continued) Parameter Description Default Value macauthentication Globally enables or disables MAC authentication on a device. Access Control Lists on the A4 Table 24-1 ACL Rule Precedence (continued) ACL Type and Rule Priority Example IP SIP any DIP exact 18 permit any 10.0.1.22 IP SIP any DIP any 17 deny any any MAC SA any DA any 16 deny any any Rule actions include: Deny drop the packet. set inlinepower mode {auto | manual} auto (default) Available power is distributed evenly to PoE modules based on PoE port count. The hello interval is the period between transmissions of hello packet advertisements. 4. By default, security audit logging is disabled. IPv6 Neighbor Discovery Neighbor Discovery Configuration Refer to Table 25-2 on page 25-4 for the default Neighbor Discovery values. You must first associate a receiver/Collector in the sFlow Receivers Table with the poller instance, before configuring the polling interval with the set sflow port poller command. Download File PDF Enterasys V2h124 User Guide If privacy is not specified, no encryption will be applied. Policy Configuration Example A CoS of 8 Create a policy role that applies a CoS 8 to data VLAN 10 and configures it to rate-limit traffic to 200,000 kbps with a moderate priority of 5. dir [filename] Display the system configuration. set dhcpsnooping enable 2. SNMP Support on Enterasys Switches Terms and Definitions Table 12-2 lists common SNMP terms and defines their use on Enterasys devices. Thefollowingconventionsareusedinthetextofthisdocument: Table 1-1 Default Settings for Basic Switch Operation (Continued), Using an Administratively Configured User Account. Table 17-1 CoS Configuration Terminology Term Description CoS Setting Maps configured resources to a CoS index. index DisplaytheconfigurationoftheTACACS+serveridentifiedbyindex. Procedure 12-2 SNMPv3 Configuration Step Task Command(s) 1. Configuring MSTP Figure 15-14 Maximum Bandwidth in an MSTP Network Configuration Bridge A Bridge B SID 86 Priority = 4096 SID 99 Priority = 32768 SID 86 Priority = 32768 SID 99 Priority = 4096 ge.1.3 ge.1.1 ge.1.3 ge.1.2 ge.1.1 ge.1.1 ge.1.2 ge.1.2 ge.1.2 ge.1. Screen Hierarchy The contents of this chapter are arranged following the structure shown in Figure 3-1. Port Traffic Rate Limiting You can mix WRR and SP by assigning SP to the higher numbered queues and assigning WRR to the lower numbered queues, making sure that the values assigned to the WRR queues totals 100 percent. remote access ssh and telnet switches - Cisco Community User Account Overview Procedure 5-2 Configuring a New Super-User / Emergency Access User Account Step Task Command(s) 4. Phone: +1 978 684 1000 E-mail: support@enterasys.com WWW: http://www.enterasys.com (c) Copyright Enterasys Networks, Inc. 2011 Chassis Serial Number: Chassis Firmware Revision: 093103209001 06.61.01.0017 Last successful login : WED DEC 07 20:23:20 2011 Failed login attempts since last login : 0 C5(su)-> 7. After setting the index and IP address you are prompted to enter a secret value for this authentication server. Access Control Lists on the A4 C5(su)->router>enable C5(su)->router#show access-lists ipv6mode ipv6mode disabled C5(su)->router#configure Enter configuration commands: C5(su)->router(Config)#access-list ipv6mode Changing ipv6mode will result in a system reset. Procedure 25-5 Neighbor Discovery Configuration Step Task Command(s) 1. With the exception of A4 ACLs, all ACLs are terminated with an implicit deny all rule. Table 6-1 6-8 File Management Commands Task Command List all the files stored on the system, or only a specific file. Router 2 will translate Type 7 LSAs from the connected domain to Type 5 routes into the backbone. If it is not, then the sending device proceeds no further. C5(su)->set webview disable C5(su)->show webview WebView is Disabled. Refer to the CLI Reference for your platform for details about the commands listed below. Refer to RFC 1157 for a full description of functionality. Enterasys Switch Manuals and User Guides PDF Preview and Download Policy Configuration Example Policy Configuration Example This section presents a college-based policy configuration example. with the switch, but you must provide your own RJ45 to RJ45 straight-through console cable. Also configured are two loopback interfaces, to use for the router IDs. RMON Table 18-1 RMON Group Event RMON Monitoring Group Functions and Commands (continued) What It Does What It Monitors CLI Command(s) Controls the generation and notification of events from the device. Using Multicast in Your Network Figure 19-4 PIM Traffic Flow 7 3 1 DR RP Source 5 4 2 6 Last Hop Router Receiver 1. See The RADIUS Filter-ID on page 8 for RADIUS Filter-ID information. Getting Help The following icons are used in this guide: Note: Calls the readers attention to any item of information that may be of special importance. This basic configuration requires the configuration of four interfaces and associated IP addresses. set multiauth mode strict 2. Configuration of normal port mirroring source ports and one destination port on all switches, as described above. 1518 capture loadsize The RMON capture maximum number of cotets from each packet to be downloaded from the buffer. Type8tosettheswitchbaudrateto115200.Thefollowingmessagedisplays: Usethiscommandtodisplaythesystemconfigurationorwritetheconfigurationtoafile. C5(rw)->set linkflap portstate disable ge.1.1-12 Link Flap Detection Display Commands Table 8-3 lists link flap detection show commands. Table 8-6 show snmp access Output Details, Overview: Single, Rapid, and Multiple Spanning Tree Protocols, Tabl e 91showsadetailedexplanationofcommandoutput. Enable ARP inspection on the VLANs where clients are connected, and optionally, enable logging of invalid ARP packets. Additional Configuration Tasks Setting User Accounts and Passwords Enterasys switches are shipped with three default user accounts: A super-user access account with a username of admin and no password A read-write access account with a username of rw and no password A read-only access account with a username of ro and no password Enterasys recommends that, for security purposes, you set up one or more unique user accounts with passwords and disable the default login accounts. Dynamic ARP Inspection Dynamic ARP Inspection Dynamic ARP inspection (DAI) is a security feature that rejects invalid and malicious ARP packets. set port inlinepower port-string {[admin {off | auto}] [priority {critical | high | low}] [type type]} admin Enables (auto) or disables (off) PoE on a port. switch# show ip igmp snooping groups [[vlan] vlan-id] [detail] trap | inform3 Unsolicited message sent by an SNMP agent to an SNMP manager when an event has occurred. Database contains 1 Enterasys C5K175-24 Manuals (available for free online viewing or Page 1 Matrix V-Series V2H124-24P Fast Ethernet Switch Hardware . Ctrl+E Move cursor to end of line. Up to 5 TACACS+ servers can be configured, with the index value of 1 having the highest priority. Syslog Components and Their Use The following sections provide greater detail on modifying key Syslog components to suit your enterprise. Basic DVMRP configuration includes the following steps: 1. Policy Configuration Example destination ports for protocols DHCP (67) and DNS (53) on the phone VLAN, to facilitate phone auto configuration and IP address assignment. ThisexampleshowshowtodisplayOSPFdatabasesummaryinformation. set maclock agefirstarrival port-string enable Use either the set maclock agefirstarrival disable or clear maclock firstarrival commands to disable aging. VLAN authorization egress format Determines whether dynamic VLAN tagging will be none, tagged, untagged, or dynamic for an egress frame. LICENSE. Table 11-5 describes how to display link aggregation information and statistics. 1.4 IP switch Discovery MIB Port Device ge. RMON Table 18-2 Default RMON Parameters (continued) Parameter Description Default Value capture asksize The RMON capture requested maximum octets to save in the buffer. The Filter-ID for that user is returned to the switch in the authentication response, and the authentication is validated for that user. . UsethiscommandtoenableordisableClassofService. Terms and Definitions Table 9-3 VLAN Terms and Definitions (continued) Term Definition Forwarding List A list of the ports on a particular device that are eligible to transmit frames for a selected VLAN. Table 16-5 Displaying Policy Configuration and Statistics Task Command(s) Display policy role information. set sflow receiver index ip ipaddr 3. sFlow Table 18-7 lists the commands to display sFlow information and statistics. Configuring IRDP 21-8 IPv4 Basic Routing Protocols. Configuring Policy Table 16-5 on page 16-11 describes how to display policy information and statistics. 3. Use the set sntp trustedkey command to add an authentication key to the trusted key list. PoE is not supported on the I-Series switches. DHCP Configuration 192.168.10.10 1 1 Active DHCP Configuration Dynamic Host Configuration Protocol (DHCP) for IPv4 is a network layer protocol that implements automatic or manual assignment of IP addresses and other configuration information to client devices by servers. Class of Service is based on the IEEE 802.1D (802. See Procedure 20-2 on page 20-4. ip address ip-address ip-mask [secondary] 2. Download Configuration manual of Enterasys C2H124-24 Switch for Free or View it Online on All-Guides.com. Guest networking allows an administrator to specify a set of credentials that will, by default, appear on the PWA login page of an end station when a user attempts to access the network. ACL Configuration Overview Creating ACL Rules ACL rules define the basis upon which a hit will take place for the ACL. Neighbor Discovery Overview Figure 13-2 LLDP-MED LLDP-MED Network Connectivity Devices: Provide IEEE 802 network access to LLDP-MED endpoints (for example, L2/L3 switch) LLDP-MED Generic Endpoints (Class I): Basic participant endpoints in LLDP-MED (for example, IP communications controller) IP Network Infrastructure (IEEE 802 LAN) LLDP-MED Media Endpoints (Class ll): Supports IP media streams (for media gateways, conference bridges) LLDP-MED Communication Device Endpoints (Class III): Support IP comm. By enabling the link flap detection feature on your Enterasys switch, you can monitor and act upon link flapping to avoid these recalculations. Optionally, change the administratively assigned key for each aggregation on the device. ACL Configuration Overview The following example displays IPv4 extended access control list 120, then deletes entries 2 and 3, and redisplays the ACL. Configuration Procedures OSPF Interface Configuration Procedure 22-2 on page 22-18 describes the OSPF interface configuration tasks. A relay agent passes DHCP messages between clients and servers which are on different physical subnets. - Time out the IGMP entry by not responding to further queries from Router 2. With LACP, if a set of links can aggregate, they will aggregate. show port status [port-string] Display port counter statistics detailing traffic through the device and through all MIB2 network devices. Dynamic ARP Inspection VLAN Configuration set vlan create 10 set vlan create 192 clear vlan egress 1 ge.1.1-2 set vlan egress 10 ge.1.2 untagged set vlan egress 192 ge.1.1 untagged DHCP Snooping Configuration set dhcpsnooping enable set dhcpsnooping vlan 1 enable set dhcpsnooping vlan 10 enable set dhcpsnooping vlan 192 enable set dhcpsnooping verify mac-address disable set dhcpsnooping trust port ge.1. Authentication Configuration Example Configuring MultiAuth Authentication MultiAuth authentication must be set to multi whenever multiple users of 802.1x need to be authenticated or whenever any MAC-based or PWA authentication is present. RIP Configuration Example Table 21-2 lists the default RIP configuration values. The size of the history buffer determines how many lines of previous CLI input are available for recall. TACACS+ Configuring the Source Address You can configure the source IP address used by the TACACS+ application on the switch when generating packets for management purposes. Interpreting Messages Every system message generated by the Enterasys switch platforms follows the same basic format: time stamp address application [unit] message text Example This example shows Syslog informational messages, displayed with the show logging buffer command. Configuring VLANs Procedure 9-1 Static VLAN Configuration (continued) Step Task Command(s) 4. Configuring STP and RSTP Figure 15-10 Example of Multiple Regions and MSTIs Region 1 1 Region 2 2 Region 3 6 8 5 12 3 4 CIST Regional Root 7 10 CIST Root and CIST Regional Root CIST Regional Root Master Port Table 15-5 9 11 Master Port MSTI Characteristics for Figure 15-10 MSTI / Region Characteristics MSTI 1 in Region 1 Root is switching device 4, which is also the CIST regional root MSTI 2 in Region 1 Root is switching device 5 MSTI 1 in Region 2 Root is switching device 7, w. Configuring STP and RSTP Reviewing and Enabling Spanning Tree By default, Spanning Tree is enabled globally on Enterasys switch devices and enabled on all ports. Configuring OSPF Areas Router 3(su)->router(Config-router)#area 0.0.0.1 stub no-summary Router 3(su)->router(Config-router)#area 0.0.0.1 default-cost 15 Router 5 Router 5(su)->router(Config)#router ospf 1 Router 5(su)->router(Config-router)#area 0.0.0.2 stub Router 5(su)->router(Config-router)#area 0.0.0.2 default-cost 15 Router 6 Router 6(su)->router(Config)#router ospf 1 Router 6(su)->router(Config-router)#area 0.0.0.2 stub Router 6(su)->router(Config-router)#area 0.0.0. 1.1 IP switch ge. set telnet {enable | disable} [inbound | outbound | all] Inbound = Telnet to the switch from a remote device Outbound = Telnet to other devices from the switch 2. To connect to the console port: 1. Optionally set the MultiAuth authentication idle timeout value for the specified authentication method. Set the port duplex mode to full. Elio Panting - Cloud Infrastructure Architect - LinkedIn After you have established your connection to the switch, follow these steps to download the latest firmware: 1. RADIUS Management Authentication Procedure 26-2 Configuring IPsec Step Task Command(s) 1. Enterasys Networks 9034313-07 Configuring Switches in a Stack . Notice Enterasys Networks reserves the right to make changes in specifications and other information contained in this document and its web site without prior notice. User Account Overview The emergency access user is still subject to the system lockout interval even on the console port. Most of my achievements were completed while working in enterprise, multi-national, and multi-culture corporations such as LinkdotNET, Raya Holding, CSC/DXC Australia, Alphawest/Optus Business Australia, Woodside Energy for Oil and Gas . Both types of samples are combined in sFlow datagrams. Here is the Enterasys MST configs: C2 (rw)->show spantree mstilist Configured Multiple Spanning Tree Instances: 11 12 C2 (rw)->show spantree mstcfgid MST Configuration Identifier: Format Selector: 0 Configuration Name: LKS Revision Level: 1 Configuration Digest:c8:02:17:44:25:20:9e:ea:66:13:94:79:6a:f4:c5:96 C2 (rw)-> C2 (rw)->show spantree mstmap This example assumes that VLAN 10 has already been configured for routing. Reset the MultiAuth authentication idle timeout value to its default value for the specified authentication method. Link Aggregation Overview Because port 6 has both a different speed and a higher priority than the port with the lowest priority in the LAG, it is not moved to the attached state. Understanding How VLANs Operate Shared Virtual Local Area Network (VLAN) Learning (SVL): Two or more VLANs are grouped to share common source address information. In this way, both upstream and downstream facing ports are protected. Stops any pending grafts awaiting acknowledgments. PIM-SM adopts RPF technology in the join/prune process. Configuring IPv4 ACLs Procedure 24-1 describes how to configure IPv4 standard and extended ACLs. The PIM specifications define several modes or methods by which a PIM router can build the distribution tree. Configuring Cisco Discovery Protocol 13-14 Configuring Neighbor Discovery. You can enable link flap detection globally on your Enterasys switch or on specific ports, such as uplink ports. Example PoE Configuration A PoE-compliant G-Series device is configured as follows: One 400W power supply is installed. A Fixed Switch device uses one OSPF router process that can be any number between 1 and 65535. Note: The v1 parameter in this example can be replaced with v2 for SNMPv2c configuration.