ACL Configuration Overview 2: deny ip 30.0.0.1 0.0.255.255 any 3: deny ip 40.0.0.1 0.0.255.255 any 4: permit ip any any Inserting ACL Rules When you enter an ACL rule, the new rule is appended to the end of the existing rules by default. . Configuring Node Aliases 4-28 System Configuration. Enterasys devices support version 2 of the PIM protocol as described in RFC 4601 and draft-ietfpim-sm-v2-new-09. (Optional) If desired, change the management unit using the set switch movemanagement command, and/or change the unit numbering with the set switch member command. The default setting is auto. IPv6 Neighbor Discovery Testing Network Connectivity Use the ping ipv6 command to determine whether another device is on the network. Link Aggregation Overview Investigating port admin keys, we see that ports 4 - 6 on device A are set to 100 (the same setting as all LAG ports on the device), while ports 7 and 8 on device A are set to 300 and 400, respectively. 18 Configuring Network Monitoring This chapter describes network monitoring features on the Fixed Switches and their configuration. Chapter 2: Configuring Switches in a Stack, Chapter 6: Discovery Protocol Configuration, Chapter 14: Logging and Network Management, Appendix A: Policy and Authentication Capacities. Optionally, delete an entire ACL or a single rule or range of rules. Download Configuration manual of Enterasys C2H124-24 Switch for Free or View it Online on All-Guides.com. Configuring IGMP Table 19-4 Layer 3 IGMP Configuration Commands Task Command Set the maximum response time being inserted into group-specific queries sent in response to leave group messages. set lacp aadminkey port-string value 5. A typical situation occurs when a host requests an IP address with no DHCP server located on that segment. A value of 0 means that two consecutive SPF calculations are performed one immediately after the other. ENTERASYS SECURESTACK C3 CONFIGURATION MANUAL Pdf Download | ManualsLib Enterasys SECURESTACK C3 Configuration Manual Stackable switches Also See for SECURESTACK C3: Configuration manual (954 pages) 1 2 3 4 5 6 Table Of Contents 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 Refer to page Link Aggregation Overview 11-1 Configuring Link Aggregation 11-9 Link Aggregation Configuration Example 11-11 Terms and Definitions 11-15 Link Aggregation Overview IEEE 802.3ad link aggregation provides a standardized means of grouping multiple parallel Ethernet interfaces into a single logical Layer 2 link. Optionally, configure authentication and/or timer values for the virtual link. Note: OSPF is an advanced routing feature that must be enabled with a license key. 1. Downloading Firmware via the Serial Port Boot Menu Version 06.61.xx 12-09-2011 Options available 1 - Start operational code 2 - Change baud rate 3 - Retrieve event log using XMODEM (64KB). 8 Port Configuration This chapter describes the basic port parameters and how to configure them. Policy-Based VLANs Rather than making VLAN membership decisions simply based on port configuration, each incoming frame can be examined by the classification engine which uses a match-based logic to assign the frame to a desired VLAN. IEEE 802. User Authentication Overview credentials sent to the RADIUS server. Default is 300 seconds. All OSPF interface configuration commands are executed in router interface configuration mode. The hardware, firmware, or software described in this document is subject to change without notice. Terms and Definitions LACP port state is disabled by default on the B5s and C5s, so we will enable LACP port state here. All configurations required for Q-SYS can be set this way. Configuring Authentication Server identification provides for the configuration of the server IP address and index value. VRRP Overview Figure 23-1 Basic VRRP Topology VRID 1 172.111.1.1 Router R1 Router R2 ge.1.1 VLAN 111 172.111.1.1/16 ge.1.1 VLAN 111 172.111.1.2/16 Host 1 172.111.1.100/16 Default Gateway 172.111.1.1 Figure 23-1 shows a basic VRRP topology with a single virtual router. set tacacs singleconnect enable To disable the use of a single TCP connection, use the set tacacs singleconnect disable command. DHCPv6 Configuration Default Conditions The following table lists the default DHCPv6 conditions. Access Control Lists on the A4 A4(su)->router#configure Enter configuration commands: A4(su)->router(Config)#access-list 101 deny ip host 192.168.10.10 any A4(su)->router(Config)#access-list 101 deny ip host 164.108.20.20 host 164.20.40.40 A4(su)->router(Config)#access-list 101 ip permit host 148.12.111.1 any assignqueue 5 A4(su)->router(Config)#show access-lists 101 Extended IP access list 101 1: deny ip host 192.168.10.10 any 2: deny ip host 164.108.20.20 host 164.20.40.40 3: permit ip host 148.12.111. Counters are only added to the datagram if the sources are within a short period, 5 seconds say, of failing to meet the required sampling interval. You can do this by doing the following: Connect the switch to PuTTY with a 9-pin serial cable. Enabling IGMP on the device and on the VLANs. DHCP Snooping Table 26-9 DHCP Snooping Default Parameters (continued) Parameter Default Setting Burst interval 1 second Managing DHCP Snooping Table 26-10 on page 21 lists the commands to display DHCP snooping information. Procedure 4-4 DHCP Server Configuration on a Non-Routing System Step Task Command(s) 1. Table 3-1 lists some commonly used commands. set port inlinepower port-string {[admin {off | auto}] [priority {critical | high | low}] [type type]} admin Enables (auto) or disables (off) PoE on a port. Save Your System Configuration Settings. Configuration Procedures Procedure 22-3 OSPF Area Configuration (continued) Step Task Command(s) 4. Refer to the CLI Reference for your platform for more information about these commands. After authentication succeeds, the user or device gains access to the network based upon the policy information returned by the authentication server in the form of the RADIUS Filter-ID attribute, or the static configuration on the switch. Account and password feature behavior and defaults differ depending on the security mode of the switch. Event type, description, last time event was sent. area area-id virtual-link router-id Refer to Configuring Area Virtual-Links on page 22-12 for more information. Usethiscommandtoenableordisableportwebauthentication. Display the MAC addresses in the switchs filtering database (FID). OSPFv2 is available only on those fixed switch platforms that support advanced routing and on which an advanced feature license has been enabled. Syslog combines this value and the severity value to determine message priority. Configuration Guide. Figure 3-2 provides an example. You can configure ports to only use MDI or MDIX connections with the set port mdix command. Understanding and Configuring Loop Protect Valid values are 065535 seconds. Advanced Configuration Overview Procedure 4-1 contains the steps to assign an IP address and configure basic system parameters. . A typical network may contain multiple MST regions as well as separate LAN segments running legacy STP and RSTP Spanning Tree protocols. Port Configuration Overview By default, Enterasys switch devices are configured to automatically detect the cable type connection, straight through (MDI) or cross-over (MDIX), required by the cable connected to the port. set dhcpsnooping trust port port-string enable 4. Display the system lockout settings show system lockout 6. 1. Dynamic ARP Inspection Loopback addresses (in the range 127.0.0.0/8) Logging Invalid Packets By default, DAI writes a log message to the normal buffered log for each invalid ARP packet it drops. Configuring OSPF Areas 0 to 4294967295. Enabling Master Preemption By default, a router is enabled to preempt a lower priority master for the configured virtual router. Policy Configuration Overview QoS configuration details are beyond the scope of this chapter. Refer to the CLI Reference for your platform for more information about the commands listed below. Port Configuration Overview Auto-Negotiation and Advertised Ability Auto-negotiation is an Ethernet feature that facilitates the selection of port speed, duplex, and flow control between the two members of a link, by first sharing these capabilities and then selecting the fastest transmission mode that both ends of the link support. Project with a 2nd level client. Table 15-5 on page 15-19 defines the characteristics of each MSTI. If Router R1 should become unavailable, Router R2 would take over virtual router VRID 1 and its associated IP addresses. This example, which sets the new VLAN as VLAN 2, assumes the management station is attached to ge.1.1, and wants untagged frames. A dependent downstream device on a pruned branch restarts. The key is an alphanumeric string of up to 8 characters. To clear the MultiAuth authentication mode. Setup and maintained DNS, WINS and DHCP servers. Table 25-3 lists the tasks and commands. + Configuring OSPF Areas OSPF allows collections of contiguous networks and hosts to be grouped together. Assigning Port Costs Each interface has a Spanning Tree port cost associated with it, which helps to determine the quickest path between the root bridge and a specified destination. Enterasys C5 Gigabit Ethernet Switch Hardware Installation Guide Adryan Ramirez Indicates that the concentration of the hazardous substance in all homogeneous materials in the parts is below the relevant threshold of the SJ/T 11363-2006 standard. After you have established your connection to the switch, follow these steps to download the latest firmware: 1. IPv6 Neighbor Discovery Neighbor Solicitation Messages Neighbor Solicitation messages are sent on the local link to determine the link-local address of another node on the link, as well as to verify the uniqueness of a unicast address for DAD. Dynamic ARP Inspection Table 26-13 Displaying Dynamic ARP Inspection Information (continued) Task Command To display the ARP configuration of one or more VLANs show arpinspection vlan vlan-range To display ARP statistics for all DAI-enabled VLANs or for specific VLANs show arpinspection statistics [vlan vlan-range] Table 26-14 Managing Dynamic ARP Inspection Task Command To remove additional optional ARP validation parameters that were previously configured. A value of 0x06 indicates that the tunneling medium pertains to 802 media (including Ethernet) Tunnel-Private-Group-ID attribute indicates the group ID for a particular tunneled session. EAPOL authentication mode When enabled, set to auto for all ports. Configure the IP address of the sFlow Collector being configured. Configuring MSTP Defining Edge Port Status By default, edge port status is disabled on all ports. ThiscommanddisplaysIPv6NeighborCacheinformation. Any of the management interfaces, including VLAN routing interfaces, can be configured as the source IP address used in packets generated by the TACACS+ client. 2. Use the area virtual-link command in OSPF router configuration command mode, providing the transit area ID and the ABRs router ID, to configure an area virtual-link. clear cdp {[state] [port-state portstring] [interval] [hold-time] [authcode]} Refer to your devices CLI Reference Guide for more information about each command. 3. Use the ipv6 nd ns-interval command to configure the interval between Neighbor Solicitation messages sent on an interface. It provides for the authentication of routing updates, and utilizes IP multicast when sending and receiving the updates. Enabling IGMP globally on the device and on the VLANs. set snmp community community_name 2. Any router with a priority of 0 will opt out of the DR election process. If a RADIUS Filter-ID exists for the user account, the RADIUS protocol returns it in the RADIUS Accept message and the firmware applies the policy to the user. routing interface A VLAN or loopback interface configured for IP routing. Per Port: Enabled. Configuring a Stack of New Switches 1. Optionally, insert new or replace existing rules. Interpreting Messages Every system message generated by the Enterasys switch platforms follows the same basic format: time stamp address application [unit] message text Example This example shows Syslog informational messages, displayed with the show logging buffer command. Achtung: Verweit auf wichtige Informationen zum Schutz gegen Beschdigungen. Please post the commands you used to back up the configuration. On I-Series only, display contents of memory card. User Authentication Overview Implementing User Authentication Take the following steps to implement user authentication: Determine the types of devices to be authenticated. solution review from network and security perspective. Spanning Tree Basics displayed in the following example. 3. Interpreting Messages For more information on how to configure these basic settings, refer to Syslog Command Precedence on page 14-8, and the Configuration Examples on page 14-12. Optionally, save the configuration to a backup file named myconfig in the configs directory and copy the file to your computer using TFTP. If a LAG port is a mirror source port, no other ports can be configured as source ports. Table 9-1 show spantree Output Details, About GARP VLAN Registration Protocol (GVRP), Policy Classification Configuration Summary. Configuring STP and RSTP variations of the global bridge configuration commands. 14881000 for 10- Gigabit ports Use the show port broadcast command to display current threshold settings. Ensuring that FTP/TFTP file transfers and firmware upgrades only originate from authorized file and configuration management servers. Spanning Tree Basics designated port (Figure 15-6, call out 6), takes the role of backup port. In any case, note that the stackable switch does not support the output algorithm feature. Use the disconnect command to close a console or Telnet session. You need to know the index value associated with a single entity to enable, disable, initialize, or reauthenticate a single entity. The MST region presents itself to the rest of the network as a single device, which simplifies administration. Link Aggregation Configuration Example Table 11-6 LAG and Physical Port Admin Key Assignments Device LAG LAG Admin Key Physical Port Physical Port Admin Key S8 Distribution Switch 1 100 ge.1.1 100 ge.2.1 100 ge.3.1 100 ge.4.1 100 ge.1.2 200 ge.2.2 200 ge.3.2 200 ge.4.2 200 ge.1.21 100 ge.1.22 100 ge.2.23 100 ge.3.24 100 ge.1.21 200 ge.1.22 200 ge.1.23 200 ge.1.24 200 ge.2.17 300 ge.2.19 300 ge.2.22 300 ge.2. TheCLIsupportsEMACslikelineeditingcommands.Tabl e 13listssomecommonlyused commands. Note: Only one IOM containing a memory card slot may be installed in an I-Series switch. Supervise the activation of network interfaces on access switches, support the default . Configuration Procedures 22-20 Configuring OSPFv2. Factory Default Settings Table 4-1 Default Settings for Basic Switch Operation (continued) Feature Default Setting Spanning Tree topology change trap suppression Enabled. Type "Show version" from the prompt. Using the Command Line Interface Logging In By default, the switch is configured with three user login accountsro for Read-Only access, rw for Read-Write access, and admin for super-user access to all modifiable parameters. show lldp Display the LLDP status of one or more ports. The forward delay interval is the amount of time spent listening for topology change information after an interface has been activated for bridging and before forwarding actually begins. Use the set port negotiation command to disable or enable auto-negotiation. When send-on-violation is enabled, this feature authorizes the switch to send an SNMP trap message if an end station is connected that exceeds the maximum values configured using the set maclock firstarrival and set maclock static commands. Table 20-3 show ip ospf database Output Details. Neighbor Discovery Overview connected neighbors. Configuring Authentication Procedure 10-7 MultiAuth Authentication Timers Configuration Step Task Command(s) 1. To enable an interface, including VLAN, tunnel, and loopback interfaces, for IPv6 routing, in router interface configuration mode: Use the ipv6 address command to configure a global IPv6 address on an interface. Terms and Definitions Table 11-7 11-16 Link Aggregation Configuration Terms and Definitions (continued) Term Definition Port Priority Port priority determines which physical ports are moved to the attached state when physical ports of differing speeds form a LAG. If the running stack uses a ring stack topology, break the ring and make the stack cable connections to the new unit to close the ring. 4. ThecommandsusedtoreviewandconfiguretheCDPdiscoveryprotocolarelistedbelow. The cost of a virtual link is not configured. @ # $ % ^ & * () ? sFlow 18-16 Configuring Network Monitoring. Link Aggregation Configuration Example The output algorithm defaults to selecting the output port based upon the destination and source IP address. Using Multicast in Your Network unsolicited join (sent as a request without receiving an IGMP query first) In Figure 19-2, this type of exchange occurs between Router 2 and Host 2 when: (6) Host 2 sends a join message to Router 2. You can choose to reset the system to use the new firmware image immediately, or you can choose to only specify the new image to be loaded the next time the switch is rebooted. i Notice Enterasys Networks reserves the right to make changes in specif ications and other information co ntained in this document and its web site without prior notice. Using Multicast in Your Network 1. By default, every bridge will have a FID-to-SID mapping that equals VLAN FID 1/SID 0. CoS Hardware Resource Configuration 1.0 4 irl none 1.0 5 irl none 1.0 6 irl none 1.0 7 irl none 1.0 8 irl none 1.0 9 irl none 1.0 10 irl none 1.0 95 irl none 1.0 96 irl none 1.0 97 irl none 1.0 98 irl none 1.0 99 irl none Use the show cos port-resource irl command to display the data rate and unit of the rate limiter for port 1.0: System(su)->show cos port-resource irl 1. Basic OSPF Topology Configuration Router 1(su)->router(Config-if(Vlan 2))#no shutdown Router 1(su)->router(Config-if(Vlan 2))#exit Router 1(su)->router(Config)#interface loopback 0 Router 1(su)->router(Config-if(Lpbk 0))#ip address 10.10.10.10 255.255.255.255 Router 1(su)->router(Config-if(Lpbk 0))#no shutdown Router 1(su)->router(Config-if(Lpbk 0))#exit Router 1(su)->router(Config)#router id 10.10.10. Systems incident management. Configuring OSPF Areas Router 3(su)->router(Config-router)#area 0.0.0.1 stub no-summary Router 3(su)->router(Config-router)#area 0.0.0.1 default-cost 15 Router 5 Router 5(su)->router(Config)#router ospf 1 Router 5(su)->router(Config-router)#area 0.0.0.2 stub Router 5(su)->router(Config-router)#area 0.0.0.2 default-cost 15 Router 6 Router 6(su)->router(Config)#router ospf 1 Router 6(su)->router(Config-router)#area 0.0.0.2 stub Router 6(su)->router(Config-router)#area 0.0.0.