See Configuring OSPF Areas on page 22-8 for additional discussion of OSPF area configuration. Router R1 Router 1(su)->router(Config)#interface vlan 111 Router 1(su)->router(Config-if(Vlan 111))#ip address 172.111.1.1 255.255.255. Meraki MS Switches Features. The LLDP-enabled device periodically advertises information about itself (such as management address, capabilities, media-specific configuration information) in an LLDPDU (Link Layer Discovery Protocol Data Unit), which is sent in a single 802.3 Ethernet frame (see Figure 13-3 on page 13-6). Connect the adapter cables USB connector to a USB port on your PC or laptop and determine which COM port has been assigned to that USB port. Agent 802. On the Enterasys switch, define the same user as in the above example (v3user) with this EngineID and with the same Auth/Priv passwords you used previously. Port 5 looks up the destination MAC address in its FID. Factory Default Settings Table 4-1 Default Settings for Basic Switch Operation (continued) Feature Default Setting Password history No passwords are checked for duplication. Optionally, set the interface used for the source IP address of the TACACS+ packets generated by the switch. Refer to Table 2-2 for console port pinout assignments. Table 19-5 Layer 2 IGMP Show Commands Task Command Display IGMP snooping information. You can use the following commands to review and, if necessary, change the edge port detection status on the device and the edge port status of Spanning Tree ports. . You can configure ports to only use MDI or MDIX connections with the set port mdix command. User Authentication Overview Dynamic VLAN Assignment The RADIUS server may optionally include RADIUS tunnel attributes in a RADIUS Access-Accept message for dynamic VLAN assignment of the authenticated end system. User Authentication Overview When the maptable response is set to tunnel mode, the system will use the tunnel attributes in the RADIUS reply to apply a VLAN to the authenticating user and will ignore any Filter-ID attributes in the RADIUS reply. ACL Configuration Overview The following example displays IPv4 extended access control list 120, then deletes entries 2 and 3, and redisplays the ACL. Rules in an ACL are order-dependent. 1. Configuring VRRP then advertisements are sent every advertising interval to let other VRRP routers in this VRID know the router is still acting as master of the VRID. For example, for a network with the address 192.168.0.0/16, the directed broadcast address would be 192.168.255.255. Displaying Scrolling Screens If the CLI screen length has been set using the set length command, CLI output requiring more than one screen will display --More-- to indicate continuing screens. Ctrl+D Delete a character. Managing IPv6 Configuring IPv6 Management Procedure 25-1 describes how to enable IPv6 management and optionally, create a host IPv6 global unicast address and replace the automatically generated default gateway IPv6 address. Audited, designed, integrated, configured and tested LAN and WAN equipment such as Enterasys, juniper, alcatelvb switches, Routers. Creates a user policy profile that uses the user VLAN. Some of these steps are also covered in Chapter 1, Setting Up a Switch for the First Time. This procedure would typically be used when the system is NOT configured for routing. The RP router, for the group, is selected by using the hash algorithm defined in RFC 2362. When Policy Maptable Response is Profile When the switch is configured to use only Filter-ID attributes, by setting the set policy maptable command response parameter to policy: If the Filter-ID attributes are present, the specified policy profile will be applied to the authenticating user. 5 User Account and Password Management This chapter describes user account and password management features, which allow enhanced control of password usage and provide additional reporting of usage. While Enterasys Discovery Protocol and Cisco Discovery Protocol are vendor-specific protocols, LLDP is an industry standard (IEEE 802.1AB), vendor-neutral protocol. RMON Procedure 18-1 Step Configuring Remote Network Monitoring (continued) Task Command(s) startup - (Optional) Specifies the alarm type generated when this event is first enabled rthresh - (Optional) Specifies the minimum threshold that will cause a rising alarm fthresh - (Optional) Specifies the minimum threshold that will cause a falling alarm revent - (Optional) Specifies the index number of the RMON event to be triggered when the rising threshold is crossed fevent - (Optional) Specifies. Select none to allow all frames to pass through. Use the following commands to review, re-enable, and reset the Spanning Tree mode. . Ctrl+I or TAB Complete word. Only a system administrator (super-user) may enable the security audit logging function, and only a system administrator has the ability to retrieve, copy, or upload the secure.log file. ACL Configuration Overview IPv6 Rules For IPv6 rules, IPv6 source and destination addresses and prefix length are specified, or the any option can be used. 3. If authentication fails, the guest policy is used. Examples 17-18 Chapter 18: Configuring Network Monitoring Basic Network Monitoring Features .. 18-1 Console/Telnet History Buffer . Chapter 20: IP Configuration Enabling the Switch for Routing . 20-1 Router Configuration Modes 20-1 Entering Router Configuration Modes . 20-2 Example Configuring Area Virtual-Link Authentication . 22-14 Configuring Area Virtual-Link Timers. 22-14 Configuring Route Redistribution 22-14 Configuring Passive Interfaces .. Extended IPv4 ACL Configuration .. 24-12 MAC ACL Configuration .. 24-13 Chapter 25: Configuring and Managing IPv6 Managing IPv6 . Disabling and Enabling Ports .. 26-9 MAC Locking Defaults . 26-9 MAC Locking Configuration .. 26-10 TACACS+ .. 11-3 13-1 13-2 13-3 14-1 15-1 15-2 15-3 15-4 15-5 15-6 15-7 15-8 15-9 15-10 15-11 15-12 15-13 15-14 15-15 15-16 15-17 16-1 17-1 17-2 17-3 17-4 17-5 19-1 19-2 19-3 19-4 19-5 19-6 22-1 22-2 22-3 22-4 22-5 22-6 23-1 23-2 23-3 25-1 Link Aggregation Example.. 11-12 Communication between LLDP-enabled Devices . 13-3 LLDP-MED .. 4-7 4-8 5-1 6-1 7-1 7-2 7-3 8-1 8-2 8-3 8-4 9-1 9-2 9-3 10-1 10-2 10-3 10-4 11-1 11-2 11-3 11-4 11-5 11-6 11-7 12-1 12-2 12-3 12-4 12-5 13-1 13-2 13-3 13-4 13-5 13-6 14-1 14-2 14-3 14-4 15-1 15-2 15-3 15-4 15-5 15-6 15-7 15-8 15-9 15-10 15-11 16-1 16-2 16-3 16-4 16-5 xx Default DHCP Server Parameters . 4-20 Configuring Pool Parameters 16-6 17-1 18-1 18-2 18-3 18-4 18-5 18-6 18-7 18-8 19-1 19-2 19-3 19-4 19-5 19-6 19-7 19-8 19-9 19-10 20-1 20-2 20-3 21-1 21-2 21-3 22-1 22-2 23-1 23-2 24-1 25-1 25-2 25-3 25-4 25-5 25-6 26-1 26-2 26-3 26-4 26-5 26-6 26-7 26-8 26-9 26-10 26-11 26-12 26-13 26-14 Policy Configuration Terms and Definitions 16-18 CoS Configuration Terminology About This Guide This guide provides basic configuration information for the Enterasys Networks Fixed Switch platforms using the Command Line Interface (CLI0, including procedures and code examples. Automatic IP Address Pools When configuring an IP address pool for dynamic IP address assignment, the only required steps are to name the pool and define the network number and mask for the pool using the set dhcp pool network command. Implementing VLANs building has its own internal network. TheCLIsupportsEMACslikelineeditingcommands.Tabl e 13listssomecommonlyused commands. Switch# Switch#conf t Terms and Definitions Table 15-11 lists terms and definitions used in Spanning Tree configuration. You can also use the show commands described in Reviewing and Enabling Spanning Tree on page 15-20 to review information related to all Spanning Tree protocol activity. Considerations About Using clear config in a Stack To create a virtual switch configuration in a stack environment: 1. Router: Calls the readers attention to router-specific commands and information. set maclock agefirstarrival port-string enable Use either the set maclock agefirstarrival disable or clear maclock firstarrival commands to disable aging. Per Port: Enabled. 2. Counters are only added to the datagram if the sources are within a short period, 5 seconds say, of failing to meet the required sampling interval. You may want to set a rate limit that would guard against excessive streaming. ThisexampleclearsDHCPv6statisticsforVLAN80. A value of 0x06 indicates that the tunneling medium pertains to 802 media (including Ethernet) Tunnel-Private-Group-ID attribute indicates the group ID for a particular tunneled session. FIPS mode can be cleared using the clear security profile command. Configuring the underlying unicast routing protocol (for example, OSPF). Configuring ICMP Redirects This example shows how to enable IP directed broadcasts on VLAN 1 and have all client DHCP requests for users in VLAN 1 to be forwarded to the remote DHCP server with IP address 192.168.1.28 C5(su)->router(Config)#interface vlan 1 C5(su)->router(Config-if(Vlan 1))#ip directed-broadcast C5(su)->router(Config-if(Vlan 1))#ip forward-protocol udp C5(su)->router(Config-if(Vlan 1))#ip helper-address 192.168.1. C5(rw)->show users Session User Location -------- ----- -------------------------* console telnet admin console (via com.1.1) rw 134.141. Understanding and Configuring SpanGuard How Does It Operate? Switch 3s blocking port eventually transitions to a forwarding state which leads to a looped condition. The read er should in all cases consult Enterasys Networks to determine whether any such Configuring PIM-SM Basic PIM-SM Configuration By default, PIM-SM is disabled globally on Enterasys fixed switches and attached interfaces. Policies will be applied dynamically at authentication using a RADIUS authentication server and the Filter-ID attribute. MAC Locking You can configure the switch to issue a violation trap if a packet arrives with a source MAC address different from any of the currently locked MAC addresses for that port. Understanding and Configuring Loop Protect Enabling or Disabling Loop Protect Event Notifications Loop Protect traps are sent when a Loop Protect event occurs, that is, when a port goes to listening due to not receiving BPDUs. In global configuration mode, configure an IPv4 static route. Configuration Procedures 22-20 Configuring OSPFv2. Using Multicast in Your Network Figure 19-3 DVMRP Pruning and Grafting Source DVMRP Multicast Multicast Traffic Graft Prune Prune* IGMP Join * Prune before new host was added New Host Existing Host Protocol Independent Multicast (PIM) Overview PIM dynamically builds a distribution tree for forwarding multicast data on a network. Version 2 (SNMPv2c) The second release of SNMP, described in RFC 1907, has additions and enhancements to data types, counter size, and protocol operations. 2. Optionally set the MultiAuth authentication idle timeout value for the specified authentication method. 3. The creation of additional port groups could be used to combine similar ports by their function for flexibility. set arpinspection vlan vlan-range [logging] 3. Quality of Service Overview Figure 17-4 Hybrid Queuing Packet Behavior Rate Limiting Rate limiting is used to control the rate of traffic entering (inbound) a switch per CoS. Rate limiting allows for the throttling of traffic flows that consume available bandwidth, in the process providing room for other flows. Enter MIB option 6 (destroy) and perform an SNMP Set operation. This is done using the set system service-class console-only command. RADIUS Management Authentication Procedure 26-2 Configuring IPsec Step Task Command(s) 1. This implementation supports the creation of Security Associations (SAs) with servers configured for RADIUS, and the RADIUS application helps define the IPsec flow. Optionally, save the configuration to a backup file named myconfig in the configs directory and copy the file to your computer using TFTP. Configuring ACLs Procedure 24-2 Configuring IPv6 ACLs (continued) Step Task Command(s) 3. Optionally, change the encryption type. For ports where no authentication is present, such as switch to switch, or switch to router connections, you should also set MultiAuth port mode to force authenticate to assure that traffic is not blocked by a failed authentication. Andover, MA 01810-1008 U.S.A. @ # $ % ^ & * () ? In this configuration, an interface on VLAN 111 for Router R1 or Router R2, or VRID 1, 2, or 3 fails, the interface on the other router will take over for forwarding outside the local LAN segment. Setup and maintained DNS, WINS and DHCP servers. The SNTP authentication key is associated with an SNTP server using the set sntp server command. The [state] option is valid only for S-Series and Matrix N-Series devices. Table 9-1 show spantree Output Details, About GARP VLAN Registration Protocol (GVRP), Policy Classification Configuration Summary. Configuring Authentication Note: User + IP Phone authentication is not supported on the I-Series With User + IP Phone authentication, the policy role for the IP phone is statically mapped using a policy admin rule which assigns any frames received with a VLAN tag set to a specific VID (for example, Voice VLAN) to a specified policy role (for example, IP Phone policy role). 1. This overrides the specified timeout variable: set spantree spanguardlock port-string Monitoring SpanGuard Status and Settings Use the commands in Table 15-9 to review SpanGuard status and settings. Thisexampleshowshowtodisplayportsdisabledbylinkflapdetectionduetoaviolation: Tabl e 75providesanexplanationoftheshowlinkflapmetricscommandoutput. Set the primary, and optionally the secondary, IPv4 address for this interface, in interface configuration command mode. See Chapter 17, Configuring Quality of Service in this book for a complete discussion of QoS configuration. Enable or disable MAC authentication globally on the device. Using Multicast in Your Network A DVMRP device forwards multicast packets first by determining the upstream interface, and then by building the downstream interface list. This information is used to determine the module port type for port group. If this state is disabled, LACP PDUs are transmitted every 1 second. Refer to page SNMP Concepts 2. show file directory/filename Delete a file. (Optional) Use the CLI to verify the port mirroring instance has been deleted as shown in the following example: C5(su)->show port mirroring No Port Mirrors configured. When send-on-violation is enabled, this feature authorizes the switch to send an SNMP trap message if an end station is connected that exceeds the maximum values configured using the set maclock firstarrival and set maclock static commands. For example: A4(su)->show boot system Current system image to boot: a4-series_06.61.00.0026 Use the set boot system command to set the firmware image to be loaded at startup. By default, every bridge will have a FID-to-SID mapping that equals VLAN FID 1/SID 0. Therefore, Router R2s interface 172.111.1.2 will be Master for VRID 2 handling traffic on this LAN segment sourced from subnets 172.111.64.0/18. When bridges are added to or removed from the network, root election takes place and port roles are recalculated. If the device supports routing, enter router configuration mode and configure an IP address on the VLAN interface. 10 Configuring User Authentication This chapter describes the user authentication methods supported by Enterasys fixed switch platforms. Please consult the release notes or configuration guide to properly configure a static multicast Filter Database Entry for: 00-00-00-00-00-00 on vlan.0.123 . Connecting to the Switch If the adapter cable requires a driver, install the driver on your computer. Thisexampleshowshowtosetloginattemptsto5andlockouttimeto30minutes: TodisplayandsetthesystemIPaddressandotherbasicsystem(switch)properties. System(su)->show port ratelimit fe.1.1 Global Ratelimiting status is disabled. The client queries these configured SNTP servers at a fixed poll-interval configured using the set sntp poll-interval command. Configuring a Stack of New Switches 1. Prepare high/low level design & solution. Thisexampleshowshowtodisplaymultipleauthenticationsystemconfiguration: Configuring User + IP Phone Authentication. VLAN authorization egress format Determines whether dynamic VLAN tagging will be none, tagged, untagged, or dynamic for an egress frame. After the stack has been configured, you can use the show switch unit command to physically identify each unit. The switch can enforce a password aging interval on a per-user basis (set system login aging). The alternate ports are blocking. Router 2 will translate Type 7 LSAs from the connected domain to Type 5 routes into the backbone. | En savoir plus sur l'exprience professionnelle de Nicolas Fluchaire, sa formation, ses relations et plus en . User logs in via console <164>Apr 21 08:44:13 10.27.12. Using the Command Line Interface commands without optional parameters, the defaults section lists None. ThisexampleshowshowtodisplayswitchtypeinformationaboutSID1: Usethiscommandtodisplayvariousdataflowanderrorcountersonstackports. Determines if the keys for trap doors do exist. 4. A manual pool can be configured using either the clients hardware address (set dhcp pool hardware-address) or the clients client-identifier (set dhcp pool client-identifier), but using both is not recommended. User Authentication Overview password configured on the switch to the authentication server. Procedure 18-2 Configuring sFlow Step Task Command(s) 1. set txqmonitor downtime seconds The default value is 0, meaning that disabled ports will remain disabled until cleared manually or until their next link state transition. Enterasys Fixed Switching Configuration Guide Firmware 6.61. Before attempting to configure a single device for VLAN operation, consider the following: What is the purpose of my VLAN design? Configuring STP and RSTP Figure 15-10 Example of Multiple Regions and MSTIs Region 1 1 Region 2 2 Region 3 6 8 5 12 3 4 CIST Regional Root 7 10 CIST Root and CIST Regional Root CIST Regional Root Master Port Table 15-5 9 11 Master Port MSTI Characteristics for Figure 15-10 MSTI / Region Characteristics MSTI 1 in Region 1 Root is switching device 4, which is also the CIST regional root MSTI 2 in Region 1 Root is switching device 5 MSTI 1 in Region 2 Root is switching device 7, w. Configuring STP and RSTP Reviewing and Enabling Spanning Tree By default, Spanning Tree is enabled globally on Enterasys switch devices and enabled on all ports. Premium Edge The S-Series Edge Switch will be rate-limited using a configured CoS that is applied to the services and phoneES policy role. Configuring PIM-SM Table 19-8 DVMRP Show Commands Task Command Display DVMRP routing information, neighbor information, or DVMRP enable status. Thisexampleshowshowtodisplay802.1Xstatus: Thisexampleshowshowtodisplayauthenticationdiagnosticsinformationforge.1.1: Thisexampleshowshowtodisplayauthenticationstatisticsforge.1.1: ThisexampleshowshowtodisplayMACauthenticationinformationforge.2.1through8: Tabl e 263providesanexplanationofthecommandoutput. GARP Multicast Registration Protocol (GMRP) A GARP application that functions in a similar fashion as GVRP, except that GMRP registers multicast addresses on ports to control the flooding of multicast frames. describes the following security features and how to configure them on the Fixed Switch platforms. Configure the IP address of the sFlow Collector being configured. DHCPv6 Configuration DHCPv6 Configuration DHCP is generally used between clients (for example, hosts) and servers (for example, routers) for the purpose of assigning IP addresses, gateways, and other networking definitions such as DNS, NTP, and/or SIP parameters. Graft messages are sent upstream hop-by-hop until the multicast tree is reached. It can be enabled using the set security profile c2 command. Removing Units from an Existing Stack The hierarchy of the switches that will assume the function of backup manager is also determined in case the current manager malfunctions, is powered down, or is disconnected from the stack. . OSPF Configuration Task List and Commands, Table 20-2 OSPF Configuration Task List and Commands. Optionally, set the timeout period for aging learned MAC entries. This value should be the minimum of the default prune lifetime (randomized to prevent synchronization) and the remaining prune lifetimes of the downstream neighbors. This basic configuration requires the configuration of four interfaces and associated IP addresses. = [ ] \ ; ? ThisexampleshowshowtodisplayLLDPconfigurationinformation. IEEE 802. You can enable it using the set igmpsnooping adminmode command on Enterasys stackable and standalone devices as described in Configuring IGMP on page 19-15. Routing Interfaces Example The following example shows how to enable RIP on the switch, then configure VLAN 1 with IP address 192.168.63.1 255.255.255.0 as a routing interface and enable RIP on the interface. When console-only access is configured, all TCP SYN packets and UDP packets are dropped, with the exception of UDP packets sent to the DHCP Server or DHCP Client ports. Understanding and Configuring Loop Protect Valid values are 065535 seconds. STP allows for the automatic reconfiguration of the network. Counter samples may be taken opportunistically in order to fill these datagrams. Transmit Queue Monitoring If no additional power losses occur on the PoE devices and no additional link flapping conditions occur, the network administrator disables link flap detection on the PoE ports. View online Configuration manual for Enterasys C2H124-24 Switch or simply click Download button to examine the Enterasys C2H124-24 guidelines offline on your desktop or laptop computer. The sources DR registers (that is, encapsulates) and sends multicast data from the source directly to the RP via a unicast routing protocol (number 1 in figure). Figure 25-1 Basic IPv6 Over IPv4 Tunnel Router R1 Router R2 VLAN 20 195.167.20.1 Tunnel 10 IPv6 Addr: 2001:DB8:111:1::20/127 Tunnel Source: 195.167.20.1 Tunnel Destination: 192.168.10.1 VLAN 10 192.168.10.1 Tunnel 10 IPv6 Addr: 2001:DB8:111:1::10/127 Tunnel Source: 192.168.10.1 Tunnel Destination: 195.167.20. 13 Configuring Neighbor Discovery This chapter describes how to configure the Link Layer Discovery Protocol (LLDP), the Enterasys Discovery Protocol, and the Cisco Discovery Protocol on Enterasys fixed stackable and standalone switches. The days of the week for which access will be allowed for this user. , ./ `. FIPS mode is persistent and shown in the running configuration. Table 11-3 lists link aggregation parameters and their default values. By default, Syslog server is globally enabled, with no IP addresses configured, at a severity level of 8. Configuring VRRP Table 23-1 Default VRRP Parameters (continued) Parameter Description Default Value advertise-interval Specifies the interval between the advertisement the master sends to other routers participating in the selection process. This guarantees that the default behavior of a bridge is to not be part of an MST region.