manualshive.com logo in svg

Enterasys 1G58x-09, Configuration Manual

The Enterasys 1G58x-09 Configuration Manual is a comprehensive and easy-to-follow guide that provides step-by-step instructions on setting up and operating your device. This manual is available for free download on manualshive.com, ensuring you have the necessary resources to optimize your product's performance and functionality.

Share
Download
background image

Security Configuration Command Set

Configuring MAC Authentication

14-30

Matrix E1 Series (1G58x-09 and 1H582-xx) Configuration Guide

Examples

This example shows how to enable EAPOL:

This example shows how to enable EAPOL with forced unauthorized mode on Fast Ethernet front 
panel port 1:

14.3.3 Configuring MAC Authentication

Purpose

To review, disable, enable and configure MAC authentication. This allows the device to 
authenticate source MAC addresses in an exchange with an authentication server. The authenticator 
(switch) selects a source MAC seen on a MAC-authentication enabled port and submits it to a 
backend client for authentication. The backend client uses the MAC address stored password, if 
required, as credentials for an authentication attempt. If accepted, a string representing an access 
policy may be returned. If present, the switch applies the associated policy rules. For an overview 
on working with MAC authentication, refer to 

Section 14.4.2

.

Commands

The commands needed to review, enable, disable, and configure MAC authentication are listed 
below and described in the associated section as shown:

show macauthentication (

Section 14.3.3.1

)

show macauthentication session (

Section 14.3.3.2

)

set macauthentication (

Section 14.3.3.3

)

Matrix>

set eapol enable

Matrix>

set eapol auth-mode forced-unauthorized fe.0.1

NOTES:

When both 802.1X (EAPOL) and MAC authentication are enabled on the 

same Matrix E1 device, the switch enforces a precedence relationship between MAC 
authentication and 802.1X methods. For more information on these precedence rules, 
refer to 

Section 14.4.3.2

.

The Matrix E1 MAC authentication commands have no direct interdependencies with 
the MAC locking commands described in 

Section 14.3.4

. When a frame arrives at a 

port, the Matrix E1 device runs the MAC locking algorithm first. If the frame passes the 
MAC lock (i.e., it is not in violation), then the frame is eligible for authentication.

Summary of Contents for 1G58x-09

Page 1: ...Matrix E1 Series 1G58x 09 and 1H582 xx Configuration Guide Firmware Version 3 07 xx P N 9033755 22 ...

Page 2: ......

Page 3: ... BEEN ADVISED OF KNEW OF OR SHOULD HAVE KNOWN OF THE POSSIBILITY OF SUCH DAMAGES Enterasys Networks Inc 50 Minuteman Road Andover MA 01810 2008 Enterasys Networks Inc All rights reserved Part Number 9033755 22 September 2008 ENTERASYS ENTERASYS NETWORKS ENTERASYS MATRIX ENTERASYS NETSIGHT LANVIEW WEBVIEW and any logos associated therewith are trademarks or registered trademarks of Enterasys Networ...

Page 4: ... YOU DO NOT AGREE TO THE TERMS OF THIS AGREEMENT OR ARE NOT AUTHORIZED TO ENTER INTO THIS AGREEMENT ENTERASYS IS UNWILLING TO LICENSE THE PROGRAM TO YOU AND YOU AGREE TO RETURN THE UNOPENED PRODUCT TO ENTERASYS OR YOUR DEALER IF ANY WITHIN TEN 10 DAYS FOLLOWING THE DATE OF RECEIPT FOR A FULL REFUND IF YOU HAVE ANY QUESTIONS ABOUT THIS AGREEMENT CONTACT ENTERASYS NETWORKS LEGAL DEPARTMENT AT 978 68...

Page 5: ... or iii if the direct product of the technology is a complete plant or any major component of a plant export to Country Groups D 1 or E 2 the direct product of the plant or a major component thereof if such foreign produced direct product is subject to national security controls as identified on the U S Commerce Control List or is subject to State Department controls under the U S Munitions List 5...

Page 6: ...edge and agree that any breach of Sections 2 4 or 9 of this Agreement by You may cause Enterasys irreparable damage for which recovery of money damages would be inadequate and that Enterasys may be entitled to seek timely injunctive relief to protect Enterasys rights under this Agreement in addition to any and all remedies available at law 11 ASSIGNMENT You may not assign transfer or sublicense th...

Page 7: ...o an IBM or Compatible Device 2 2 2 1 3 Connecting to a VT Series Terminal 2 3 2 1 4 Connecting to a Modem 2 4 2 1 4 1 Configuring the Modem to Not Send Login Requests 2 5 2 1 5 Adapter Wiring and Signal Assignments 2 7 3 STARTUP AND GENERAL CONFIGURATION 3 1 Startup and General Configuration Summary 3 1 3 1 1 Factory Default Settings 3 1 3 1 2 Command Defaults Descriptions 3 10 3 1 3 CLI Command ...

Page 8: ...ord history 3 27 3 2 1 8 set system lockout attempts 3 28 3 2 1 9 set system lockout 3 29 3 2 2 Setting Basic Device Properties 3 30 3 2 2 1 show system resources 3 31 3 2 2 2 show system 3 32 3 2 2 3 show time 3 33 3 2 2 4 set time 3 33 3 2 2 5 set prompt 3 34 3 2 2 6 show banner motd 3 35 3 2 2 7 set banner motd 3 35 3 2 2 8 clear banner motd 3 36 3 2 2 9 show version 3 37 3 2 2 10 set system na...

Page 9: ... show ciscodp 3 72 3 2 6 5 set ciscodp status 3 74 3 2 6 6 set ciscodp timer 3 74 3 2 6 7 set ciscodp holdtime 3 75 3 2 6 8 set ciscodp populatecdp 3 76 3 2 6 9 show port ciscodp info 3 76 3 2 6 10 show port ciscodp neighborinfo 3 78 3 2 6 11 set port ciscodp status 3 79 3 2 6 12 set port ciscodp trust ext 3 80 3 2 6 13 set port ciscodp cos ext 3 81 3 2 6 14 set port ciscodp vvid 3 82 3 2 7 Pausin...

Page 10: ...duplex 4 16 4 3 3 4 set port duplex 4 17 4 3 4 Enabling Disabling Jumbo Frame Support 4 18 4 3 4 1 show port jumbo 4 18 4 3 4 2 set port jumbo 4 19 4 3 5 Setting Port Auto Negotiation and Advertised Ability 4 20 4 3 5 1 show port negotiation 4 21 4 3 5 2 set port negotiation 4 22 4 3 5 3 show port advertised ability 4 23 4 3 5 4 set port advertised ability 4 26 4 3 6 Setting Flow Control and Thesh...

Page 11: ... 12 2 LACP Terminology 4 60 4 3 12 3 Matrix E1 LAG Usage Considerations 4 61 4 3 13 Configuring Link Aggregation 4 63 4 3 13 1 set lacp 4 63 4 3 13 2 set lacp static 4 64 4 3 13 3 clear lacp static 4 65 4 3 13 4 show port lacp 4 66 4 3 13 5 set port lacp 4 68 4 3 14 Configuring Port Broadcast Suppression 4 70 4 3 14 1 show port broadcast 4 70 4 3 14 2 set port broadcast 4 71 4 3 15 Configuring Unk...

Page 12: ...7 5 2 3 2 set snmp access 5 29 5 2 3 3 clear snmp access 5 31 5 2 3 4 show snmp authenticationtrap 5 31 5 2 3 5 set snmp authentication trap 5 32 5 2 4 Configuring SNMP MIB Views 5 33 5 2 4 1 show snmp view 5 33 5 2 4 2 set snmp view 5 35 5 2 4 3 clear snmp view 5 35 5 2 5 Configuring SNMP Target Parameters 5 37 5 2 5 1 show snmp targetparams 5 37 5 2 5 2 set snmp targetparams 5 39 5 2 5 3 clear s...

Page 13: ...spantree 6 9 6 2 1 3 show spantree version 6 10 6 2 1 4 set spantree version 6 11 6 2 1 5 clear spantree version 6 11 6 2 1 6 show spantree mstilist 6 12 6 2 1 7 set spantree msti 6 13 6 2 1 8 clear spantree msti 6 13 6 2 1 9 show spantree mstmap 6 14 6 2 1 10 set spantree mstmap 6 15 6 2 1 11 clear spantree mstmap 6 16 6 2 1 12 show spantree vlanlist 6 16 6 2 1 13 show spantree mstcfgid 6 17 6 2 ...

Page 14: ... 39 6 2 2 4 show spantree blocked ports 6 39 6 2 2 5 show spantree portpri 6 40 6 2 2 6 set spantree portpri 6 41 6 2 2 7 clear spantree portpri 6 42 6 2 2 8 show spantree portcost 6 43 6 2 2 9 set spantree portcost 6 43 6 2 2 10 clear spantree portcost 6 45 6 2 2 11 show spantree adminedge 6 45 6 2 2 12 set spantree adminedge 6 46 6 2 2 13 clear spantree adminedge 6 47 6 2 2 14 show spantree span...

Page 15: ...3 3 clear port vlan 7 15 7 3 3 4 show port ingress filter 7 16 7 3 3 5 set port ingress filter 7 17 7 3 4 Configuring the VLAN Egress List 7 18 7 3 4 1 set vlan forbidden 7 18 7 3 4 2 show port egress 7 19 7 3 4 3 set vlan egress 7 20 7 3 4 4 clear vlan egress 7 21 7 3 4 5 show vlan dynamic egress 7 22 7 3 4 6 set vlan dynamicegress 7 23 7 3 5 Assigning VLANs According to Classification Rules 7 24...

Page 16: ...tion 8 7 8 3 2 Assigning Classification Rules to Policy Profiles 8 8 8 3 2 1 show policy class 8 8 8 3 2 2 set policy classify 8 9 8 3 2 3 Classification Precedence Rules 8 15 8 3 2 4 clear policy class 8 16 8 3 2 5 show policy maptable 8 17 8 3 2 6 show vlanauthorization 8 18 8 3 2 7 set vlanauthorization 8 19 8 3 2 8 set policy maptable response 8 20 8 3 2 9 clear policy maptable response 8 20 8...

Page 17: ...assification 9 23 9 3 4 5 set priority classification tosvalue 9 24 9 3 4 6 set priority classification tosstatus 9 26 9 3 4 7 show priority classification qtagoverride 9 27 9 3 4 8 set priority classification qtagoverride 9 27 9 3 5 Classification Precedence Rules 9 28 9 3 5 1 set priority classification ingress 9 31 9 3 5 2 clear priority classification ingress 9 32 9 3 6 Configuring Port Traffi...

Page 18: ...le 11 7 11 2 1 4 set logging console 11 8 11 2 1 5 show logging server 11 8 11 2 1 6 set logging server 11 10 11 2 1 7 clear logging server 11 11 11 2 1 8 show logging default 11 11 11 2 1 9 set logging default 11 12 11 2 1 10 clear logging default 11 14 11 2 1 11 show logging application 11 14 11 2 1 12 set logging application 11 16 11 2 1 13 clear logging application 11 20 11 2 1 14 show logging...

Page 19: ...0 clear dns server 11 51 11 2 3 21 clear dns 11 52 11 2 3 22 ping 11 53 11 2 3 23 traceroute 11 55 11 2 3 24 set mac multicast 11 57 11 2 3 25 show mac multicast 11 59 11 2 4 Configuring Simple Network Time Protocol SNTP 11 60 11 2 4 1 show sntp 11 60 11 2 4 2 set sntp client 11 61 11 2 4 3 set sntp broadcastdelay 11 62 11 2 4 4 set sntp poll interval 11 62 11 2 4 5 set sntp server 11 63 11 2 4 6 ...

Page 20: ...12 2 1 3 show ip interface 12 7 12 2 1 4 ip address 12 8 12 2 1 5 no shutdown 12 8 12 2 2 Reviewing and Saving the Routing Configuration 12 9 12 2 2 1 show running config 12 10 12 2 2 2 write 12 11 12 2 2 3 no ip routing 12 13 12 2 3 Reviewing and Configuring the ARP Table 12 14 12 2 3 1 show ip arp 12 14 12 2 3 2 arp 12 17 12 2 3 3 ip gratuitous arp learning 12 17 12 2 3 4 ip proxy arp 12 18 12 2...

Page 21: ... 12 accept lifetime 13 14 13 1 1 13 send lifetime 13 15 13 1 1 14 ip rip authentication keychain 13 17 13 1 1 15 ip rip authentication mode 13 18 13 1 1 16 no auto summary 13 19 13 1 1 17 ip rip disable triggered updates 13 20 13 1 1 18 ip split horizon 13 20 13 1 1 19 passive interface 13 21 13 1 1 20 receive interface 13 22 13 1 1 21 distribute list 13 23 13 1 1 22 redistribute 13 24 13 1 2 Conf...

Page 22: ... links 13 60 13 1 2 29 clear ip ospf process 13 61 13 1 3 Configuring DVMRP 13 63 13 1 3 1 ip dvmrp 13 63 13 1 3 2 ip dvmrp metric 13 64 13 1 3 3 show ip dvmrp route 13 65 13 1 3 4 show ip mroute 13 66 13 1 4 Configuring IRDP 13 68 13 1 4 1 ip irdp 13 68 13 1 4 2 ip irdp maxadvertinterval 13 69 13 1 4 3 ip irdp minadvertinterval 13 70 13 1 4 4 ip irdp holdtime 13 71 13 1 4 5 ip irdp preference 13 ...

Page 23: ...eapol 14 29 14 3 3 Configuring MAC Authentication 14 30 14 3 3 1 show macauthentication 14 31 14 3 3 2 show macauthentication session 14 34 14 3 3 3 set macauthentication 14 35 14 3 3 4 set macauthentication password 14 36 14 3 3 5 set macauthentication port 14 37 14 3 3 6 set macauthentication portinitialize 14 38 14 3 3 7 set macauthentication macinitialize 14 38 14 3 3 8 set macauthentication r...

Page 24: ... 5 5 set pwa refreshtime 14 69 14 3 5 6 set pwa nameservices 14 70 14 3 5 7 set pwa ipaddress 14 70 14 3 5 8 set pwa protocol 14 71 14 3 5 9 set pwa enhancedmode 14 72 14 3 5 10 set pwa guestname 14 73 14 3 5 11 set pwa guestpassword 14 73 14 3 5 12 set pwa gueststatus 14 74 14 3 5 13 set pwa initialize 14 75 14 3 5 14 set pwa quietperiod 14 75 14 3 5 15 set pwa maxrequests 14 76 14 3 5 16 set pwa...

Page 25: ...mit 14 105 14 3 9 3 set flowlimit limit 14 106 14 3 9 4 set flowlimit class 14 108 14 3 9 5 clear flowlimit action 14 109 14 3 9 6 set flowlimit shutdown 14 110 14 3 9 7 set flowlimit notification 14 111 14 3 9 8 set flowlimit clearstats 14 111 14 4 Working with Security Configurations 14 113 14 4 1 Host Access Control Authentication HACA 14 113 14 4 2 802 1X Port Based Network Access Control Over...

Page 26: ...Contents xxiv Matrix E1 Series 1G58x 09 and 1H582 xx Configuration Guide ...

Page 27: ...n 3 17 3 4 Performing a Key Word Lookup 3 18 3 5 Performing a Partial Keyword Lookup 3 18 3 6 Scrolling Screen Output 3 19 3 7 Configuring Two VLANs for IP Routing 3 95 4 1 1H582 51 Expansion Module and Fixed Front Panel Port Numbering Scheme 4 2 4 2 Optional Ethernet Expansion Modules 4 3 4 3 Port Grouping Designations for the Matrix E1 1H582 51 4 48 4 4 Port Grouping Designations for the Matrix ...

Page 28: ...Figures xxvi Matrix E1 Series 1G58x 09 and 1H582 xx Configuration Guide ...

Page 29: ...24 4 5 Port Grouping IDs for the Matrix E1 1H582 xx Fixed Front Panel 4 48 4 6 Port Grouping IDs for the 1H 16TX and 1H 8FX Expansion Modules 4 49 4 7 show trunk Output Details 4 52 4 8 LACP Terms and Definitions 4 60 5 1 SNMP Security Levels 5 3 5 2 show snmp engineid Output Details 5 7 5 3 show snmp counters Output Details 5 10 5 4 show snmp user Output Details 5 16 5 5 show snmp group Output De...

Page 30: ...ils 11 40 11 7 show nodealias Output Details 11 68 11 8 show nodealias config Output Details 11 70 12 1 VLAN and Loopback Interface Configuration Modes 12 3 12 2 show running config Output Details 12 11 12 3 show ip arp Output Details 12 16 13 1 RIP Configuration Task List and Commands 13 2 13 2 OSPF Configuration Task List and Commands 13 26 13 3 show ip ospf database Output Details 13 55 13 4 sh...

Page 31: ...Matrix E1 CLI Use CLI commands to perform network management and device configuration operations Establish and manage Virtual Local Area Networks VLANs Establish and manage priority classification Configuring Convergence End Points CEP IP telephony detection Configure IP routing and routing protocols including RIP versions 1 and 2 OSPF DVMRP and VRRP Establish and manage security including 802 1x ...

Page 32: ...w to disable or enable the Simple Network Management Protocol how to review SNMP statistics and how to configure SNMP users and how to associate access rights security and parameters for those users to receive SNMP notification messages A sample basic SNPM trap configuration is also provided Chapter 6 Spanning Tree Configuration describes how to review and set Spanning Tree 802 1D 802 1w and 802 1...

Page 33: ...etwork addresses how to configure SNTP how to configure node aliases and how to configure Convergence End Points CEP IP telephony detection Chapter 12 IP Configuration describes how to configure IP interface settings how to review and save the routing configuration how to review and configure the routing ARP table how to review and configure routing broadcasts and how to configure IP routes Chapte...

Page 34: ... Bold type indicates required user input including command keywords that must be entered as shown for the command to execute RETURN Indicates either the ENTER or RETURN key depending on your keyboard ESC Indicates the keyboard Escape key SPACE bar Indicates the keyboard space bar key BACKSPACE Indicates the keyboard backspace key arrow keys Refers to the four keyboard arrow keys Indicates the keyb...

Page 35: ...neric use of a letter e g xxx indicates any combination of three alphabetic characters n A lowercase italic n indicates the generic use of a number e g 19nn indicates a four digit number in which the last two digits are unknown Square brackets indicate optional parameters Braces indicate required parameters One or more parameters must be entered A vertical bar indicates a choice in parameters Brac...

Page 36: ...Typographical and Keystroke Conventions xxxiv Matrix E1 Series 1G58x 09 and 1H582 xx Configuration Guide ...

Page 37: ...urity Download a new firmware image Designate which network management workstations receive SNMP traps from the device View device interface and RMON statistics Manage configuration files Assign ports to operate in the standard or full duplex mode Configure ports to perform load sharing using trunking and link aggregation commands Control the number of received broadcasts that are switched to the ...

Page 38: ...ication ACLs DoS prevention a Flow Setup Throttling FST There are five ways to manage the Matrix E1 device Locally using a VT type terminal connected to the console port Remotely using a VT type terminal connected through a modem Remotely using an SNMP management station In band through a Telnet connection Remotely using WebView Enterasys Networks embedded web server for basic switch management ta...

Page 39: ...escription of your network environment layout cable type etc Network load and frame size at the time of trouble if known The device history i e have you returned the device before is this a recurring problem etc Any previous Return Material Authorization RMA numbers World Wide Web www enterasys com support Phone 1 800 872 8440 toll free in U S and Canada or 1 978 684 1000 For the Enterasys Network...

Page 40: ...Getting Help 1 4 Matrix E1 Series 1G58x 09 and 1H582 xx Configuration Guide ...

Page 41: ...T series terminal or VT type terminal running emulation programs for the Digital Equipment Corporation VT series Section 2 1 3 A modem Section 2 1 4 2 1 1 What Is Needed One RJ45 to DB9 female adapter supplied with the device The following is a list of the user supplied parts that may be needed depending on the connection UTP cable with RJ45 connectors RJ45 to DB25 female adapter PN 9372110 RJ45 t...

Page 42: ...nsole port to a Hayes compatible modem that supports 9600 baud 2 1 2 Connecting to an IBM or Compatible Device To connect an IBM PC or compatible device running the VT terminal emulation to an Enterasys Networks device console port Figure 2 1 proceed as follows 1 Connect the RJ45 connector at one end of the cable not supplied to the console port on the Enterasys Networks device 2 Plug the RJ45 con...

Page 43: ... PN 9372110 and proceed as follows 1 Connect the RJ45 connector at one end of the cable to the console port on the Enterasys Networks device 2 Plug the RJ45 connector at the other end of the cable into the RJ45 to DB25 female adapter Refer to Section 2 1 5 for adapter wiring and signal assignments 3 Connect the RJ45 to DB25 adapter to the port labeled COMM on the VT terminal 4 Turn on the terminal...

Page 44: ...n optional RJ45 to DB25 male adapter PN 9372112 and proceed as follows 1 Connect the RJ45 connector at one end of the cable to the modem port on the Enterasys Networks device 2 Plug the RJ45 connector at the other end of the cable into the RJ45 to DB25 male adapter Refer to Section 2 1 5 for adapter wiring and signal assignments Parameter Setting Mode 7 Bit Control Transmit Transmit 9600 Bits Pari...

Page 45: ...ill treat these actions as login requests and will fail the login and lockout the console session as a result The modem should be configured to not send requests to the console port when attached Suggested settings are below Often there is a set of dip switches on the bottom of the modem that can be adjusted as in the following example Parameter Setting Mode 7 Bit Control Transmit Transmit 9600 Bi...

Page 46: ...raffic to the console port at start up would be to configure the E1 lockout retry count to a higher value or disable it altogether You would do this using the set system lockout attempts command as described in Section 3 2 1 8 Figure 2 3 Connecting to a Modem 1 RJ45 Modem Port 3 RJ45 to DB25 Modem Adapter 5 RJ45 Console Port 2 Modem 4 UTP Cable with RJ45 Connectors Ä 2 1 Reset Console PWR CPU 1H58...

Page 47: ...ion Guide 2 7 2 1 5 Adapter Wiring and Signal Assignments Console Port Adapter Wiring and Signal Diagram RJ45 DB9 Pin Conductor Pin Signal 1 Blue 2 Receive RX 4 Red 3 Transmit TX 5 Green 5 Ground GRD 2 Orange 7 Request to Send RTS 6 Yellow 8 Clear to Send CTS RJ45 Connector Female Pins 8 1 045905 6 9 DB9 Connector Female 1 5 Pins 045904 ...

Page 48: ... Yellow 5 Clear to Send CTS 5 Green 7 Ground GRD 2 Orange 20 Data Terminal Ready Modem Port Adapter Wiring and Signal Diagram RJ45 DB25 Pin Conductor Pin Signal 1 Blue 2 Transmit TX 2 Orange 8 Data Carrier Detect DCD 4 Red 3 Receive 5 Green 7 Ground GRD 6 Yellow 20 Data Terminal Ready DTR 8 Gray 22 Ring Indicator RJ45 Connector Female Pins 8 1 045905 DB25 Connector Female Pins 045906 25 14 13 1 RJ...

Page 49: ... to adapt to your work environment and how to prepare to run the device in router mode 3 1 1 Factory Default Settings The following tables list factory default device settings available on the Matrix E1 Table 3 1 lists default settings for basic operation and for when the device is in switch mode Table 3 2 lists default settings for router mode operation Table 3 1 Default Device Settings for Basic...

Page 50: ...ll timer set to 1000 centiseconds GVRP Globally enabled Host VLAN Assigned to default VID 1 VLAN IGMP Disabled When enabled query interval is set to 125 seconds and response time is set to 100 tenths of a second IP mask and gateway Subnet mask set to 255 255 0 0 default gateway set to 0 0 0 0 IP routes No static routes configured Jumbo frame support Disabled on all ports Link aggregation LACP LACP...

Page 51: ...rt auto negotiation Enabled on all ports Port advertised ability Enabled on all ports Port broadcast suppression Disabled no broadcast limit Port duplex mode Set to half for 10BASE T and 100BASE TX set to full for 1000BASE X Port enable disable Enabled Port priority Set to 1 Port rate limiting Disabled Port speed Set to 10 mbps for 10BASE T 100 for 100BASE TX and 1000 for 1000BASE X and 1000BASE T...

Page 52: ...o 3 RADIUS timeout When the client is enabled set to 20 seconds Rate limiting Disabled globally and on all ports SNMP Enabled SNTP Disabled Spanning Tree Enabled globally and on all ports Spanning Tree edge port administrative status Disabled Spanning Tree edge port delay Enabled Spanning Tree forward delay Set to 15 seconds Spanning Tree hello interval Set to 2 seconds Spanning Tree ID SID Set to...

Page 53: ... set to 32768 Spanning Tree real time BPDU message age mode Disabled Spanning Tree topology change trap suppression Enabled on edge ports Spanning Tree transmit hold count Set to 3 Spanning Tree version Set to mstp Multiple Spanning Tree SSH Secure Shell Enabled with the following settings Listening port 22 Rekey interval 3600 seconds Login grace time 60 seconds Authentication attempts allowed 3 N...

Page 54: ...ification Classification rules are automatically enabled when created VLAN dynamic egress Disabled VLAN ID All ports use a VLAN identifier of 1 and are included on the host VLAN ID 1 port VLAN list WebView Enabled WebView port Set at TCP port number 80 Table 3 2 Default Device Settings for Router Mode Operation Device Feature Default Setting Access groups IP security None configured Access lists I...

Page 55: ...rks Set to 30 seconds for non broadcast and point to multipoint networks Host name System command prompt set to Matrix Router ICMP Enabled on routing interfaces for both echo reply and mask reply modes IP directed broadcasts Disabled IP forward protocol Enabled with no port specified IP interfaces Disabled with no IP addresses specified IRDP Disabled on all interfaces When enabled maximum advertis...

Page 56: ...l interfaces Receive interfaces RIP Enabled on all interfaces Retransmit delay OSPF Set to 1 second Retransmit interval OSPF Set to 5 seconds RIP Enabled RIP receive version Set to accept both version 1 and version 2 RIP send version Set to version 1 RIP timers Update timer set to 30 seconds invalid timer set to 180 hold down timer set to 120 flush timer set to 300 RIP offset No value applied Spli...

Page 57: ...uration Guide 3 9 Telnet port IP Set to port number 23 TFTP server IP address Set to 0 0 0 0 Timers OSPF SPF delay set to 5 seconds SPF holdtime set to 10 seconds Transmit delay OSPF Set to 1 second VRRP Disabled Table 3 2 Default Device Settings for Router Mode Operation Continued Device Feature Default Setting ...

Page 58: ...Table 3 2 The command defaults section defines CLI behavior if the user enters a command without optional parameters indicated by square brackets For commands without optional parameters the defaults section lists None For commands with optional parameters this section describes how the CLI responds if the user opts to enter only the keywords of the command syntax Figure 3 1 provides an example Fi...

Page 59: ...es whether the command is executable in Admin Super User Read Write or Read Only mode Users with Read Only access will only be permitted to view Read Only show commands Users with Read Write access will be able to modify all modifiable parameters in set and show commands as well as view Read Only commands Administrators or Super Users will be allowed all Read Write and Read Only privileges and wil...

Page 60: ...isable at the CLI command prompt This example shows how to enable WebView Setting the WebView port To set a different TCP port through which to run WebView enter set webview port webview_port at the CLI command prompt Webview_port must be a number value from 1 to 65535 specifying the WebView TCP port This example shows how to set the WebView TCP port to 100 NOTE This guide describes configuring an...

Page 61: ...arting and navigating the Command Line Interface CLI Section 3 1 6 2 Setting user accounts and passwords Section 3 2 1 3 Setting basic device properties Section 3 2 2 4 Downloading a new firmware image Section 3 2 3 5 Configuring Telnet Section 3 2 4 6 Managing switch configuration files Section 3 2 5 7 Configuring Enterasys and Cisco discovery protocols Section 3 2 6 8 Pausing clearing and closin...

Page 62: ...d Only access rw for Read Write access admin for Super User access 2 Press ENTER The Password prompt displays 3 Leave this string blank and press ENTER The notice of authorization and the Matrix prompt displays as shown in Figure 3 3 NOTE By default the Matrix E1 Series device is configured with three user login accounts ro for Read Only access rw for Read Write access and admin for super user acc...

Page 63: ...g functional image Application image loaded to CPU SDRAM Start Application done 1H582 51 Switch init start Switch Budget init Initializing hardware Switch clear VLAN table Initializing databases Generating 1024 bit dsa key pair Key generated 1024 bit dsa Private key saved to sshdrv ssh2 dsa Public key saved to sshdrv ssh2 dsa pub Generating 1024 bit rsa key pair Key generated 1024 bit rsa Private ...

Page 64: ... has a valid IP address you can establish a Telnet session from any TCP IP based node on the network as follows 1 Telnet to the device s IP address 2 Enter login user name and password information in one of the following ways If the device s default login and password settings have not been changed follow the steps listed in Section 3 1 6 2 or Enter an administratively configured user name and pas...

Page 65: ...ress refer to Section 3 2 2 23 For information about configuring Telnet settings refer to Section 3 2 4 2 Refer to the instructions included with the Telnet application for information about establishing a Telnet session Figure 3 3 Startup Screen After User Authorization Username rw Password waiting for authorization Matrix 1G587 09 Enterasys Networks Inc 50 Minuteman Road Andover MA 01810 USA Mat...

Page 66: ...mands beginning with co Figure 3 5 Performing a Partial Keyword Lookup Matrix set vlan 1 4094 vlan_num classification Use the set vlan classification command to create a classification rule that will assign untagged traffic to a vlan based on Layer 2 3 4 rules dynamicegress Use the set vlan dynamicegress command to enable or disable the ability to create vlans dynamically based on incoming frames ...

Page 67: ... Output To disable the More feature on continuing screens use the set terminal command as described in Section 3 2 2 14 Matrix show mac Dynamic Address Counts 103 Static Address Counts 2 MAC Address FID Port Type 00 00 1d 67 68 69 1 host 0 1 self 00 00 02 00 00 00 1 ge 0 2 learned 00 00 02 00 00 01 1 ge 0 2 learned 00 00 02 00 00 02 1 ge 0 2 learned 00 00 02 00 00 03 1 ge 0 2 learned 00 00 02 00 0...

Page 68: ...te character Ctrl E Move cursor to end of line Ctrl F Move cursor forward one character Ctrl H Delete character to left of cursor Ctrl I or TAB key Command completion Ctrl K Delete all characters after cursor Ctrl L or Ctrl R Re display line Ctrl N Scroll to next command in command history use the CLI show history command to display the history Ctrl P Scroll to previous command in command history ...

Page 69: ...counts and passwords are listed below and described in the associated section as shown show system login Section 3 2 1 1 set system login Section 3 2 1 2 clear system login Section 3 2 1 3 set password Section 3 2 1 4 set system password length Section 3 2 1 5 set system password aging Section 3 2 1 6 set system password history Section 3 2 1 7 set system lockout attempts Section 3 2 1 8 set syste...

Page 70: ...time 15 Lockout attempts 3 User Privileges Status admin su enabled rw rw enabled ro ro enabled Table 3 4 show system login Output Details Output What It Displays Password history size Number of user login passwords that will be checked for duplication when the set password command is executed Configured with the set system password history command Section 3 2 1 7 Password aging Number of days user...

Page 71: ...after the maximum number of failed attempts to log on to the switch Configured with the set system lockout command Section 3 2 1 9 Lockout attempts Number of failed login attempts before user lock out occurs Configured with the set system lockout attempts command Section 3 2 1 8 User Login user names Privileges Access assigned to this user account su Super User rw Read Write or ro Read Only Status...

Page 72: ...s privileges 3 2 1 3 clear system login Use this command to remove a local login user account clear system login username Syntax Description Command Defaults None Command Type Switch command Command Mode Super User Example This example shows how to remove the netops user account Matrix set system login netops su enable username Specifies the login name of the account to be cleared NOTE The default...

Page 73: ...ite rw or Read Only ro access privileges can change their own passwords but cannot enter or modify other system passwords If configured password length must conform to the minimum number of characters set with the set system password length command Section 3 2 1 5 The admin password can be reset by toggling dip switch 8 on the device as described in the Matrix E1 Series Installation Guide username...

Page 74: ... user login password length set system password length characters Syntax Description Command Defaults None Command Type Switch command Command Mode Super User Example This example shows how to set the minimum system password length to 8 characters Matrix set password rw Please enter new password Please re enter new password Password changed Matrix set password Please enter old password Please ente...

Page 75: ...is example shows how to set the system password age time to 45 days 3 2 1 7 set system password history Use this command to set the number of user login passwords that will be checked for password duplication This prevents duplicate passwords from being entered into the system with the set password command set system password history size Syntax Description Command Defaults None days Specifies the...

Page 76: ...accounts will be disabled and the admin account will be locked out for the number of minutes specified by the set system lockout command Section 3 2 1 9 Once a user account is locked out it can only be re enabled by a super user with the set system login command Section 3 2 1 2 set system lockout attempts attempts disable Syntax Description Command Defaults None Command Type Switch command Command...

Page 77: ...ount will be locked out after the maximum number of failed attempts to log on to the switch set system lockout time Syntax Description Command Defaults None Command Type Switch command Command Mode Super User Example This example shows how to set lockout time to 30 minutes Matrix set system lockout attempts 5 time Specifies the number of minutes the default admin user account will be locked out af...

Page 78: ...ds The commands needed to set basic system information are listed below and described in the associated section as shown show system resources Section 3 2 2 1 show time Section 3 2 2 3 set time Section 3 2 2 4 set prompt Section 3 2 2 5 show banner motd Section 3 2 2 6 set banner motd Section 3 2 2 7 clear banner motd Section 3 2 2 8 show version Section 3 2 2 9 set system name Section 3 2 2 10 se...

Page 79: ...em resources Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Only Example This example shows how to display system resources Matrix show system resources Cpu Type MPC8245 300 MHz Local Memory Installed 64 MB Local Memory Used 56015752 Bytes Installed NVRAM 1024 kB Used NVRAM 902144 Bytes Installed Flash 8192 kB Used Flash 6580072 Bytes Switch Load 0 Swit...

Page 80: ...tax Description None Command Defaults None Command Type Switch command Command Mode Read Only Example This example shows how to display system information Matrix show system Power Supply Status PS1 Non Operational PS2 Operational System Baud 9600 System Timeout 60 minutes System Lockout Time 15 minutes System Uptime 0 days 1 hours 15 minutes 35 seconds System Name System Location System Contact sy...

Page 81: ...o display the current time The output shows the day of the week month day year hour minutes and seconds 3 2 2 4 set time Use this command to change the time of day on the system clock set time day_of_week mm dd yyyy hh mm ss Syntax Description Command Defaults At least one of the three optional parameters must be specified Command Type Switch command Matrix show time Thu 11 06 2001 08 24 28 day_of...

Page 82: ...se this command to modify the command prompt set prompt prompt_string Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to set the command prompt to Switch 1 Matrix set time sat 10 31 2003 7 50 prompt_string Specifies a text string for the command prompt A prompt string containing a space in the text must be enclosed in quot...

Page 83: ...ows how to display the banner message of the day 3 2 2 7 set banner motd Use this command to set the banner message of the day displayed at session login set banner motd message Syntax Description Command Defaults None Command Type Switch command Matrix show banner motd Not one hundred percent efficient of course but nothing ever is Kirk Metamorphosis stardate 3219 8 message Specifies a message of...

Page 84: ... is the price of survival Winston Churchill 3 2 2 8 clear banner motd Use this command to clear the banner message of the day displayed at session login clear banner motd Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to clear the message of the day banner Matrix set banner motd Change is the price of survival n Wins...

Page 85: ...yed show version Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Only Example This example shows how to display version information This example illustrates the message that is displayed if a firmware image has been downloaded to the switch since the last reboot Table 3 5 provides an explanation of the command output Matrix show version Boot Prom Version...

Page 86: ...tput What It Displays Slot Fixed front panel or expansion module slot location designation For details on how slots are numbered refer to Section 4 1 2 Ports Number of ports in the fixed front panel or expansion module Model Model number of the chassis or expansion module Serial Number Serial number if applicable of the chassis or expansion module HW Version Hardware version number if applicable o...

Page 87: ...x Description Command Defaults If location_string is not specified the system location will be set to a blank string Command Type Switch command Command Mode Read Write Example This example shows how to set the system location string Matrix set system name Information Systems location_string Optional Specifies a text string that indicates where the system is located A location string containing a ...

Page 88: ...ite Example This example shows how to set the system contact string 3 2 2 13 show terminal Use this command to display the number of columns and rows for the terminal connected to the device s console port This information is used to control the output of the CLI itself show terminal Syntax Description None Command Defaults None Command Type Switch command contact_string Optional Specifies a text ...

Page 89: ...is not specified More will display at the bottom of scrolling screen output If static is not specified terminal settings will apply only to the current session Command Type Switch command Command Mode Read Write Matrix show terminal Terminal height set to 23 Terminal width set to 79 rows num_rows Specifies the number of terminal rows to be set Valid values are 2 to 200 disable Disables the More li...

Page 90: ...ption Command Defaults If console or remote are not specified both timeout values will be set Command Type Switch command Command Mode Read Write Example This example shows how to set the system timeout for both console and remote logins to 10 minutes 3 2 2 16 show summertime Use this command to display daylight savings time settings show summertime Syntax Description None Matrix set terminal cols...

Page 91: ...set summertime enable disable zone Syntax Description Command Defaults If a zone name is not specified none will be applied Command Type Switch command Command Mode Read Write Matrix show summertime Summertime is disabled and set to Start SUN APR 04 02 00 00 2004 End SUN OCT 31 02 00 00 2004 Offset 60 minutes 1 hours 0 minutes Recurring yes starting at 2 00 of the first Sunday of April and ending ...

Page 92: ...n Command Defaults If an offset is not specified none will be applied Matrix set summertime enable start_month Specifies the month of the year to start daylight savings time start_date Specifies the day of the month to start daylight savings time start_year Specifies the year to start daylight savings time start_hr_min Specifies the time of day to start daylight savings time Format is hh mm end_mo...

Page 93: ...ctober 31 2004 at 2 a m with an offset time of one hour 3 2 2 19 set summertime recurring Use this command to configure recurring daylight savings time settings These settings will start and stop daylight savings time at the specified day of the month and hour each year and will not have to be reset annually set summertime recurring start_week start_day start_month start_hr_min end_week end_day en...

Page 94: ...rt daylight savings time Valid values are first second third fourth and last start_day Specifies the day of the week to start daylight savings time start_hr_min Specifies the time of day to start daylight savings time Format is hh mm end_week Specifies the week of the month to end daylight savings time end_day Specifies the day of the week to end daylight savings time end_hr_min Specifies the time...

Page 95: ...None Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to clear the daylight savings time configuration 3 2 2 21 set console baud Use this command to set the console port baud rate set console baud rate Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Matrix clear summertime rate Specifies the consol...

Page 96: ... 19200 3 2 2 22 show ip address Use this command to display the local host port IP address system mask and default gateway show ip address Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Only Example This example shows how to display the system IP address the system mask and the default gateway Matrix set console baud 19200 Matrix show ip address System ...

Page 97: ...aults If not specified ip_mask and ip_gateway will not be changed Command Type Switch command Command Mode Read Write Example This example shows how to set the host port IP address to 10 1 10 1 with a mask of 255 255 128 0 and a default gateway of 10 1 0 1 ip_address Specifies the IP address to set for the device mask ip_mask Optional Specifies the IP mask of the local host gateway ip_gateway Opti...

Page 98: ... band operation that copies the firmware through the serial port to the device This operation takes approximately three minutes and requires minimal configuration Serial console download has been successfully tested with the following applications SecureCRT Version 3 3 2 HyperTerminal Copyright 1999 Any other terminal applications may work but are not explicitly supported For details refer to Sect...

Page 99: ...ice s IP address as detailed in Section 3 2 2 23 You then use the dload command to enter the IP address of the TFTP server and the name of the image file dload Use this command to download a new firmware image from a TFTP server to the device dload hostname ip address filename noreboot D ownload System Image or S tart Application S Select the Firmware Type to Download 1 Runtime 2 POST 1 Your Selec...

Page 100: ...stname ip_address Specifies the host name or IP address of the TFTP server from which the new image file will be downloaded filename Specifies the TFTP server path and file name of the new image noreboot Optional Specifies that the device will not reboot after completing the download of an image file The device will continue using the existing firmware image and will store the new image in FLASH m...

Page 101: ...ly Updating flashROM image at 0xFF200000 Image update successful Updating flashROM image at 0xFF500000 Image update successful Restarting system Saving persistent data c Copyright ENTERASYS Networks Inc 2001 Matrix 1H582 51 POST Version 01 00 00 Application image found in Flash memory Loading functional image Application image loaded to CPU SDRAM Start Application 1H582 51 Switch init start Switch...

Page 102: ...re listed below and described in the associated section as shown show telnet Section 3 2 4 1 set telnet Section 3 2 4 2 3 2 4 1 show telnet Use this command to display Telnet status and information show telnet Syntax Description None Command Defaults None Command Type Switch command Command Mode Read only Example This example shows how to display Telnet status and information In this case inbound ...

Page 103: ... 23 Outbound telnet is currently enabled Maximum inbound telnet sessions 4 Maximum outbound telnet sessions 4 Maximum ssh telnet sessions 4 disable enable Disables or enables Telnet services inbound outbound all Disables or enables inbound service the ability to Telnet to this device outbound service the ability to Telnet to other devices or all both inbound and outbound port port Sets the Telnet ...

Page 104: ...bound and outbound Telnet services This example shows how to set the maximum number of outbound Telnet sessions to 3 This example shows how to reset the Telnet port to 23 Matrix set telnet disable all Disconnect all telnet sessions and disable now y n n y All telnet sessions have been terminated telnet is now disabled Matrix set telnet session outbound 3 Matrix set telnet port default ...

Page 105: ... described in the associated section as shown dir Section 3 2 5 1 show config Section 3 2 5 2 configure Section 3 2 5 3 summaryconfig Section 3 2 5 4 copy Section 3 2 5 5 set system bootconfig Section 3 2 5 6 delete Section 3 2 5 7 3 2 5 1 dir Use this command to display CLI configuration files stored in NVRAM dir all Syntax Description Command Type Switch command Command Mode Read only Command De...

Page 106: ...current CLI set commands will be regenerated and spooled to the console If all or system are not specified with a filename the entire configuration file will be displayed If a facility is not specified configurations for all known facilities will be displayed Matrix dir Filename Filesize CLITXT CFG 480 filename Optional Displays a specific file The filename extension must be cfg all Optional Displ...

Page 107: ...trix show config clitxt cfg system clitxt cfg set vlan 30 create set vlan 40 create set vlan 30 enable set vlan name 30 blue set vlan egress 30 fe 0 7 untagged set vlan classification enable set vlan classification 30 802 3 SAP 0X0020 create set vlan classification 30 802 3 SAP 0X0020 enable set port vlan fe 0 4 fe 0 7 30 set port broadcast fe 0 10 fe 0 15 enable set port ingress filter fe 0 3 ena...

Page 108: ...reviously downloaded configuration file schedule a configuration update for a later time cancel a configuration update or display scheduled configuration update information configure filename append at time in time reason reason show cancel Matrix show config Creating CLI device configuration Set commands cdp community dns garp gvrp history host vlan igmp set igmp enable ip set ip address 10 2 242...

Page 109: ...s example shows how to execute clitxt txt and update NVRAM to reflect the new configuration filename Specifies the name of the configuration file to execute append Optional Executes the configuration as an appendage update to the current configuration at time Optional Schedules a configuration update at a specific time using a 24 hour system hh mm in time Optional Schedules a configuration update ...

Page 110: ...1 non default configuration to the console or by entering the file keyword write it to the swfile cfg file summaryconfig file Syntax Description Command Type Switch command Command Mode Read Write Command Defaults If file is not specified the configuration will be displayed to the console Matrix configure clitxt txt append in 02 00 file Optional Writes the configuration to the scfile cfg This file...

Page 111: ... 3 RADIUS timeout 20 seconds RADIUS Server Status Auth Port 0 0 0 0 Primary 0 0 0 0 0 Secondary 0 RADIUS last resort action Status Local Challenge Remote Challenge show snmp SNMP is currently enabled show system Power Supply Status PS1 Operational PS2 Non Operational System Baud 9600 System Timeout 5 minutes System Lockout Time 15 minutes System Uptime 0 days 23 hours 26 minutes 54 seconds System ...

Page 112: ...ce including IP addresses source Specifies the source file to copy Options are device config a filename or the URL of a TFTP server See individual descriptions below destination Specifies the destination where the file will be copied Options are device config a filename or the URL of a TFTP server See individual descriptions below filename Specifies the source file to copy or the destination where...

Page 113: ...xt file can then be executed using the configure command NOTES There is an important distinction between specifying a filename and using the device config option When uploading the filename specified in the destination pathname the server is created When downloading if the device config keyword is entered then the filename specified in the source pathname is downloaded and executed This file will ...

Page 114: ...and to select the configuration file the device will load at startup set system bootconfig flash network file location Syntax Description Command Type Switch command Command Mode Read Write Command Defaults None Example This example shows how to set the boot configuration file to flash Matrix copy tftp 10 1 129 3 config clitxt txt device config Matrix copy tftp 10 1 29 3 config cliappend txt devic...

Page 115: ...delete Use this command to remove a configuration file from the Matrix E1 system delete filename Syntax Description Command Type Switch command Command Mode Read Write Command Defaults None Example This example shows how to delete the clitxt1 cfg configuration file filename Specifies the configuration file to remove Matrix delete clitxt1 cfg ...

Page 116: ...rgence End Points CEP IP phone detection function described in Section 11 2 6 Commands The commands needed to configure the Enterasys and Cisco discovery protocols are listed below and described in the associated section as shown show cdp Section 3 2 6 1 set cdp Section 3 2 6 2 set cdp interval Section 3 2 6 3 show ciscodp Section 3 2 6 4 set ciscodp status Section 3 2 6 5 set ciscodp timer Sectio...

Page 117: ...Command Type Switch command Command Mode Read Only Example This example shows how to display Enterasys Discovery Protocol for Fast Ethernet front panel ports 3 through 11 Table 3 6 provides an explanation of the command output port string Optional Displays Enterasys Discovery Protocol information for specific port s For a detailed description of possible port string values refer to Section 4 1 2 M...

Page 118: ...ersion number Global CDP State Whether Enterasys Discovery Protocol is globally auto enabled enabled or disabled Global Hold Time Transmit frequency in seconds of Enterasys Discovery Protocol messages For details on using the set cdp interval command to change the default value of 60 refer to Section 3 2 6 2 Port Port designation For a detailed description of possible port string values refer to S...

Page 119: ...n auto mode which is the default mode for all ports a port automatically becomes CDP enabled upon receiving its first CDP message on any port NOTE Auto mode will only be operational for specific ports if the global CDP state has been set to auto as well If the global state is enabled then all ports in auto mode will run CDP If the global state is disabled then all ports in auto mode will not run C...

Page 120: ...s Discovery Protocol set cdp interval frequency Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to set the CDP interval frequency to 15 seconds 3 2 6 4 show ciscodp Use this command to display global Cisco Discovery Protocol information show ciscodp Syntax Description None Command Defaults None Matrix set cdp disable fe 2 ...

Page 121: ...P Disabled Table 3 7 show ciscodp Output Details Output What It Displays CiscoDP Whether Cisco Discovery Protocol is disabled or enabled Default setting of disabled can be changed with the set ciscodp status command as described in Section 3 2 6 5 Timer Number of seconds between Cisco Discovery Protocol PDU transmissions Default value of 60 can be changed with the set ciscodp timer command as desc...

Page 122: ...to enable Cisco Discovery Protocol on the device 3 2 6 6 set ciscodp timer Use this command to set the number of seconds between Cisco Discovery Protocol PDU transmissions set ciscodp timer time Device ID Sending device s serial number PopulateCDP Whether the populate Enterasys CDP discovery protocol function is enabled or disabled Default setting of disabled can be changed with the set ciscodp po...

Page 123: ...seconds 3 2 6 7 set ciscodp holdtime Use this command to set the time to live TTL for Cisco Discovery Protocol PDUs This is the amount of time in seconds neighboring devices will hold PDU transmissions from the sending device set ciscodp holdtime time Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write time Specifies the number of seconds between PDU transm...

Page 124: ...ws Cisco devices to appear in the Enterasys Discovery Protocol CDP MIB along with Enterasys devices set ciscodp populatecdp enable disable Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to enable the CDP populate function 3 2 6 9 show port ciscodp info Use this command to display summary information about the Cisco Discov...

Page 125: ...ptional Displays information about specific port s For a detailed description of possible port string values refer to Section 4 1 2 Matrix show port ciscodp info ge Port State VVID Neigh PDU TX PDU RX CosExt TrustExt ge 0 1 Disabled none 0 0 0 undef undef ge 0 2 Disabled none 0 0 0 undef undef ge 0 3 Disabled none 0 0 0 undef undef ge 0 4 Disabled none 0 0 0 undef undef ge 0 5 Disabled none 0 0 0 ...

Page 126: ...e set port ciscodp vvid command Section 3 2 6 14 Neigh Number of neighboring Cisco devices detected on this port PDU TX Number of Cisco DP PDUs transmitted on this port PDU RX Number of Cisco DP PDUs received on this port CosExt Whether or not a Cisco DP Class of Service has been defined for this port Default of undefined can be changed using the set port ciscodp cos ext command Section 3 2 6 13 T...

Page 127: ... set port ciscodp status port string disable enable Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Matrix show port ciscodp neighborinfo ge 0 4 Sysname Platform Port ID ge 0 4 ggismysysname WS C6509 2 1 NOTE The Cisco Discovery Protocol must be globally enabled using the set ciscodp status command as described in Section 3 2 6 5 before operational stat...

Page 128: ...cated to the Cisco IP phone instructing it to allow the device connected to it to transmit traffic containing any CoS or Layer 2 802 1p marking If the switch port is configured to a Cisco DP trust state of untrusted this setting is communicated to the Cisco IP phone instructing it to overwrite the 802 1p tag of traffic transmitted by the device connected to it to 0 by default or to the value speci...

Page 129: ...ed to the IP phone when the switch port is configured to a Cisco DP trust state of untrusted refer to the set port ciscodp trust ext command Section 3 2 6 13 If a CoS priority value is not set with this command by default the Cisco IP phone will overwrite the 802 1p tag value with 0 set port ciscodp cos ext port string classify value undefined untrusted Tell the Cisco IP phone to overwrite the 802...

Page 130: ...codp vvid port string vlan id none dot1p untagged port string Specifies the port s on which to set a CoS value For a detailed description of possible port string values refer to Section 4 1 2 classify value Assigns a Class of Service to untrusted traffic Valid values are 0 7 with 0 given the lowest priority There is a one to one correlation between this classify value and the 802 1p value assigned...

Page 131: ... s on which tagging will be set For a detailed description of possible port string values refer to Section 4 1 2 vlan id Instructs an attached Cisco IP phone to transmit to a specific VLAN Valid values are 1 4094 For information on creating and configuring VLANs refer to Chapter 7 none Specifies that no VVID will be included in CiscoDP PDUs transmitted out this port dot1p Instructs an attached Cis...

Page 132: ...elow and described in the associated sections as shown wait Section 3 2 7 1 cls Section 3 2 7 2 exit Section 3 2 7 3 3 2 7 1 wait Use this command to pause the CLI for a specified number of seconds before executing the next command wait seconds Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to pause the CLI for 10 seconds...

Page 133: ...and Mode Read Only Example This example shows how to clear the CLI screen 3 2 7 3 exit Use this command to leave a CLI session when operating in switch mode exit Syntax Description None Command Defaults None Command Type Switch command Matrix cls NOTE Device timeout occurs after five minutes of user inactivity automatically closing your CLI session When operating in router mode the exit command ju...

Page 134: ...nfiguration Command Set Pausing Clearing and Closing the CLI 3 86 Matrix E1 Series 1G58x 09 and 1H582 xx Configuration Guide Command Mode Read Only Example This example shows how to exit a CLI session Matrix exit ...

Page 135: ...NVRAM user defined config settings Commands Commands to reset the device are listed below and described in the associated section as shown show reset Section 3 2 8 1 reset Section 3 2 8 2 reset at Section 3 2 8 3 reset in Section 3 2 8 4 clear config Section 3 2 8 5 3 2 8 1 show reset Use this command to display information about scheduled device resets show reset Syntax Description None Command D...

Page 136: ...be reset Command Type Switch command Command Mode Read Write Examples This example shows how to reset the system immediately Matrix show reset Reset scheduled for Fri Jan 21 2004 23 00 00 in 3 days 12 hours 56 minutes 57 seconds Reset reason Software upgrade system Optional Resets the system cancel Optional Cancels a reset scheduled using the reset at command as described in Section 3 2 8 3 or the...

Page 137: ...ot specified the reset will be scheduled for the first occurrence of the specified time If a reason is not specified none will be applied Command Type Switch command Command Mode Read Write Examples This example shows how to schedule a reset at 8 p m on October 12 Matrix reset cancel Reset cancelled hh mm Schedules the hour and minute of the reset using the 24 hour system mm dd Optional Schedules ...

Page 138: ...rite Example This example shows how to schedule a device reset in 5 hours and 20 minutes 3 2 8 5 clear config Use this command to clear the user defined switch configuration parameters stored in NVRAM This resets the device back to its factory default settings while giving you the option to maintain the system IP address and SSH Secure Shell host keys For a list of default settings for this device...

Page 139: ...ple This example shows how to clear the device s NVRAM configuration parameters without clearing the IP address or SSH keys NOTE Clear config will not clear user account settings such as lockout attempts login names and passwords unless executed by a super user admin Matrix clear config This command will clear NVRAM Do you want to continue y n n y Keep the IP setting y n n y Keep the SSH host keys...

Page 140: ...he system IP address Section 3 2 2 23 File management tasks including uploading or downloading flash or text configuration files and displaying directory and file contents Section 3 2 5 Configuring two or more VLANs that will be dedicated to IP routing Section 3 3 2 Important Notice Startup and general configuration of the Matrix E1 must occur when the device is in switch mode For details on how t...

Page 141: ...ion to NVRAM The commands needed for this process are listed in Table 3 9 and are described in the associated sections as shown Table 3 9 Command Set for Configuring VLANs for IP Routing To do this task Type this command In this mode For details see Step 1 Disable Spanning Tree on the dedicated routing port set spantree portadmin port string disable Switch Matrix Section 6 2 2 2 Step 2 Create a ne...

Page 142: ...ep 6 Enable router mode router Switch Matrix Section 3 3 3 Step 7 Enable global router configuration mode configure terminal Router Matrix Router Section 3 3 3 Step 8 Enable interface configuration mode interface vlan_id Router Matrix Router config Section 12 2 1 2 Step 9 Assign an IP address to the VLAN ip address ip_address ip_mask Router Matrix Router config if Vlan vlan_id Section 12 2 1 4 Ste...

Page 143: ...D is used to classify untagged frames as they ingress into a given port Would you like to add the selected port s to this vlan s untagged egress list and remove them from all other vlans untagged egress list y n n NOTE choosing y will not remove the port s from previously configured tagged egress lists y Matrix clear vlan egress 20 fe 0 2 Matrix Matrix set vlan egress 20 fe 0 2 untagged Matrix set...

Page 144: ...ce types and numbers configured for routing on your system Table 3 10 Router CLI Configuration Modes Use this mode To Access method Prompt Privileged EXEC Mode Set system operating parameters Show configuration parameters Save copy configurations Type router from switch mode Matrix Router Global Configuration Mode Set system wide parameters Type configure terminal from Privileged EXEC mode Matrix ...

Page 145: ...nfiguration mode Matrix Router config keychain Key Chain Key Configuration Mode Configureaspecific key within a RIP authentication key chain Type key and the key id from Key Chain Configuration Mode Matrix Router config keychain key NOTE To jump to a lower configuration mode type exit at the command prompt To revert back to switch mode type exit from Privileged EXEC router mode Table 3 10 Router C...

Page 146: ...Preparing the Device for Router Mode Enabling Router Configuration Modes 3 98 Matrix E1 Series 1G58x 09 and 1H582 xx Configuration Guide ...

Page 147: ...6 Small Form Factor Pluggable SFP 1 Gigabit fiber optic ports Depending on the Ethernet expansion module s installed each slot provides up to 16 ports via Fast Ethernet RJ45 connectors or Gigabit Ethernet via fiber optic connections using GBICs 4 1 1 Port Assignment Scheme The expansion module and fixed front panel port numbering scheme used when configuring Matrix E1 ports is shown in Figure 4 1 ...

Page 148: ...ble 4 1 indicates the port numbering scheme for each expansion module In this numbering scheme port 2 on the expansion module in slot 2 would be expressed as 2 2 in the CLI syntax For information on how this device s port assignment scheme is expressed in CLI syntax refer to Section 4 1 2 Figure 4 1 1H582 51 Expansion Module and Fixed Front Panel Port Numbering Scheme 2 1 4 6 8 10 12 14 16 3 5 7 9...

Page 149: ...e Types and Port Numbering Ethernet expansion module Interface Type Port Numbering 1H 16TX Fast Ethernet 10 100BASE TX Sixteen fixed RJ45 ports 1 3 5 7 9 11 13 15 2 4 6 8 10 12 14 16 1G 2TX Fast Ethernet 1000BASE TX Two fixed RJ45 ports 1 2 1G 2GBIC Gigabit 1000BASE SX LX Two port slots for optional GBICs GBICs have 1 SC connector 1 2 37552_27 1G 2TX 1 1 1H 16TX 1G 2GBIC 1G 2GBIC 1 1G 2MGBIC 1 1 1...

Page 150: ... be 0 for the fixed front panel slot 1 for left expansion module slot in the 1H582 51 and 1G58x 09 devices or the single expansion module slot in the 1H582 25 device 2 for middle expansion module slot or 3 for right expansion module slot Port number can be Any port number in a slot location The highest port number that can be entered is dependent on the number of ports in a slot location 1G 2MGBIC...

Page 151: ...s 1 through 10 in the device s fixed front panel This example shows the port string syntax for specifying Fast Ethernet ports 1 3 7 8 9 and 10 in the device s left expansion module slot This example shows the port string syntax for specifying Gigabit Ethernet port 2 in the device s right expansion module slot This example shows the port string syntax for specifying all Gigabit Ethernet ports in th...

Page 152: ...g ports Section 4 3 2 3 Setting speed and duplex mode Section 4 3 3 4 Enabling disabling jumbo frame support Section 4 3 4 5 Setting auto negotiation and advertised ability Section 4 3 5 6 Setting flow control and thresholds Section 4 3 6 7 Setting port traps Section 4 3 7 8 Setting port mirroring Section 4 3 9 9 Configuring port trunking and link aggregation Section 4 3 10 10 Configuring port bro...

Page 153: ...ciated sections as shown show port status Section 4 3 1 1 show port counters Section 4 3 1 2 clear port counters Section 4 3 1 3 4 3 1 1 show port status Use this command to display duplex mode speed and port type and statistical information about traffic received and transmitted through one or more ports on the device show port status port string Syntax Description Command Defaults If port string...

Page 154: ...r a detailed description of possible port string values refer to Section 4 1 2 Oper Status Whether the specified port has a valid link Oper status will be down until a link is established to an external device and the port is enabled Admin Status Whether the specified port is enabled up or disabled down For details on using the set port disable command to change the default port status of enabled ...

Page 155: ...be displayed for the specified port s Command Type Switch command Command Mode Read Only Flow Ctrl Whether flow control status is enabled disabled or N A auto negotiation is enabled Type Port type as 10 100TX 10Base T 100Base T 100FX 100Base FX 1000SX 1000Base SX 1000LX 1000Base LX port string Optional Displays counter statistics for specific port s For a detailed description of possible port stri...

Page 156: ... device Table 4 3 provides an explanation of the command output Matrix show port counters fe 0 1 Port fe 0 1 Bridge Port 1 MIB2 Interface Counters In Octets 0 In Unicast Pkts 0 In Multicast Pkts 0 In Broadcast Pkts 0 In Discards 0 In Errors 0 In Unknown Protocol 0 Out Octets 0 Out Unicast Pkts 0 Out Multicast Pkts 0 Out Broadcast Pkts 0 Out Discards 0 Out Errors 0 Out Queue Length 0 802 1Q Switch ...

Page 157: ...xamples This example shows how to clear all counter statistics for Fast Ethernet front port panel 42 Table 4 3 show port counters Output Details Output What It Displays Port Port designation For a detailed description of possible port string values refer to Section 4 1 2 Bridge Port Spanning Tree bridge port designation MIB2 Interface Counters MIB2 network traffic counts 802 1Q Switch Counters Cou...

Page 158: ...eeded to enable and disable ports are listed below and described in the associated section as shown set port disable Section 4 3 2 1 set port enable Section 4 3 2 2 4 3 2 1 set port disable Use this command to administratively disable one or more ports set port disable port string Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example show...

Page 159: ...t front panel port 3 4 3 3 Setting Speed and Duplex Mode Purpose To set the current operational speed in Mbps and to set the default duplex mode Half for half duplex or Full for full duplex Commands The commands needed to set port speed and duplex mode are listed below and described in the associated section as shown show port speed Section 4 3 3 1 port string Specifies the port s to enable For a ...

Page 160: ...ort s auto negotiation state is disabled Note that the configured speed may be different from the current assigned speed if auto negotiation is enabled show port speed port string Syntax Description Command Defaults If a port string is not entered configured port speed settings for all ports are displayed Command Type Switch command Command Mode Read Write port string Optional Specifies the port s...

Page 161: ...rt while auto negotiation is enabled However the configured speed will not take effect until auto negotiation is disabled set port speed port string 10 100 1000 Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write E1 2 show port speed fe 0 10 16 When autonegotiation is disabled the port speed setting is port speed fe 0 10 10 fe 0 11 10 fe 0 12 10 fe 0 13 10 ...

Page 162: ...ort s auto negotiation state is disabled Note that the configured duplex setting may be different from the current assigned setting if auto negotiation is enabled show port duplex port string Syntax Description Command Defaults If a port string is not entered configured port duplex settings for all ports are displayed Command Type Switch command Command Mode Read Write Matrix set port speed fe 3 9...

Page 163: ...f a port while auto negotiation is enabled However the configured setting will not take effect until auto negotiation is disabled set port duplex port string full half Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write E1 2 show port duplex fe 0 10 16 When autonegotiation is disabled the port duplex setting is port duplex fe 0 10 half fe 0 11 half fe 0 12 ...

Page 164: ...lows ports to transmit frames up to 6 KB in size Commands The commands used to review enable and disable jumbo frame support are listed below and described in the associated section as shown show port jumbo Section 4 3 4 1 set port jumbo Section 4 3 4 2 4 3 4 1 show port jumbo Use this command to display the status of jumbo frame support and maximum transmission units MTU on one or more ports show...

Page 165: ...command to enable or disable jumbo frame support on all ports set port jumbo disable enable Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to enable jumbo frame support Matrix show port jumbo Port Number Jumbo Oper Status Jumbo Admin Status Jumbo MTU ge 0 1 6 disabled disabled 6144 disable enable Disables or enables jumbo...

Page 166: ...bled the port reverts to the values specified by default speed default duplex and the port flow control commands In normal operation with all capabilities enabled advertised ability enables a port to advertise that it has the ability to operate in any mode The user may choose to configure a port so that only a portion of its capabilities are advertised and the others are disabled Commands The comm...

Page 167: ...cription Command Defaults If port string is not specified auto negotiation status for all ports will be displayed Command Type Switch command Command Mode Read Only Example This example shows how to display auto negotiation status on Fast Ethernet expansion module 3 port 1 port string Optional Displays auto negotiation status for specific port s For a detailed description of possible port string v...

Page 168: ... port string enable disable Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to disable auto negotiation on Fast Ethernet front panel port 11 port string Specifies the port s for which to enable or disable auto negotiation For a detailed description of possible port string values refer to Section 4 1 2 enable disable Enable...

Page 169: ...his command shows the display of advertised ability when advertising of flow control has been enabled with the set port advertised ability command port string Optional Displays advertised ability for specific port s For a detailed description of possible port string values refer to Section 4 1 2 verbose Optional Displays more detail about the port s advertised ability Matrix show port advertised a...

Page 170: ...4 VerboseOutput Details Output What It Displays Capability Whether or not the port is capable of operating in the following modes BASE10 T 10BASE T half duplex mode BASE10 TFD 10BASE T full duplex mode BASE100 TX 100BASE TX half duplex mode BASE100 TXFD 100BASE TX full duplex mode BASE1000 X 1000BASE X LX SX CX half duplex mode BASE1000 XFD 1000BASE X LX SX CX full duplex mode BASE1000 T 1000BASE ...

Page 171: ...full 100half 100full fe 0 3 10half 10full 100half 100full fe 0 4 10half 10full 100half 100full fe 0 5 10half 10full 100half 100full fe 0 6 10half 10full 100half 100full fe 0 7 10half 10full 100half 100full fe 0 8 10half 10full 100half 100full fe 0 9 10half 10full 100half 100full fe 0 10 10half 10full 100half 100full fe 0 11 10half 10full 100half 100full fe 0 12 10half 10full 100half 100full fe 0 1...

Page 172: ... Ethernet front panel port 1 from advertising any speed or duplex settings port string Specifies the port s for which to enable disable or configure advertised ability For a detailed description of possible port string values refer to Section 4 1 2 10 100 1000 all Specifies a speed for the port to advertise in Mbps or enables the port to advertise all the speeds at which it can operate half full a...

Page 173: ...t approach Head of Line blocking occurs when a switch can t accept frames because frames already in the system can t leave fast enough causing congestion When enabled Head of Line Blocking Prevention drops congested frames unable to leave the switch allowing it to always accept new frames Instead of exerting flow control HOL Blocking Prevention drops frames after a pre defined number of frames are...

Page 174: ...splayed Command Type Switch command Command Mode Read Only Example This example shows how to display the port flow control state for Fast Ethernet front panel ports 15 through 18 It shows that auto negotiation is enabled on ports 15 and 18 therefore flow control cannot be enabled on these ports It also shows that flow control is disabled on port 16 and enabled on port 17 port string Optional Displ...

Page 175: ...abled set port flowcontrol port string disable enable Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to enable flow control on Fast Ethernet front panel ports 21 through 24 port string Specifies the port s for which to enable or disable flow control For a detailed description of possible port string values refer to Sectio...

Page 176: ...IngressRx threshold types For more information on these threshold types and how to configure them using the set port buffer threshold command refer to Section 4 3 6 4 Matrix show port buffer threshold Fast Ethernet Gigabit Ethernet Priority Queue Priority Queue 0 1 2 3 0 1 2 3 Threshold IngressHOL 50 0 50 0 50 0 50 0 50 0 50 0 50 0 50 0 IngressSoftHOL 25 0 25 0 25 0 25 0 25 0 25 0 25 0 25 0 Egress...

Page 177: ...old Sets the threshold type Valid entries and their corresponding actions are IngressRx controls frames entering the switch for a given port IngressHOL drops all frames after the set percentage of buffers for the given priority queue are awaiting transmission to other port destinations IngressSoftHOL drops frames marked as discardable after the set percentage of buffers for the given priority queu...

Page 178: ...be set as fe Fast Ethernet ge Gigabit Ethernet or all queue0 queue3 Sets the percentage to allocate to each of four priority queues Valid values are 1 to 100 rounded to the nearest 0 1 and must be entered in decimal format 00 0 If the sum of these percentages is greater than 100 then buffer sharing is allowed amongst the queues receive buffer When the IngressRX threshold type is chosen sets the pe...

Page 179: ...d The receiving port then ceases sending flow control pause frames allowing transmissions from the sending port to be turned back on Valid values are 1 to 100 rounded to the nearest 0 1 and must be entered in decimal format 00 0 In order for proper configuration of buffer settings the receive buffer percentage must be higher than the xoff limit which must be higher than the xon limit NOTE Xon limi...

Page 180: ... buffers to default values 4 3 6 5 show flow agetime Use this command to display the flow age time setting This is the amount of time in seconds until a flow control entry will be removed if no activity has occurred on the flow show flow agetime Syntax Description None Command Type Switch command Command Mode Read Only Command Defaults None Example This example shows how to display the flow age ti...

Page 181: ...and Type Switch command Command Mode Read Write Command Defaults None Example This example shows how to set the flow limit age time to 200 seconds 4 3 6 7 clear flow agetime Use this command to resets the number of seconds flow control entries will remain active to the default value of 30 seconds clear flow agetime Syntax Description None Command Type Switch command Command Mode Read Write time Sp...

Page 182: ...n Gigabit Ethernet front panel ports In this case HOL is enabled on all priority queues for all Gigabit Ethernet ports When these ports buffer queues ingress or egress get congested frames will be dropped after their respective buffer thresholds have been reached Threshold types and Matrix clear flow agetime port string Specifies the port s for which to display HOL Blocking Prevention settings For...

Page 183: ...ix show port holbp ge 0 egress Port Egress HOL Priority Queue 0 1 2 3 ge 0 1 enabled enabled enabled enabled ge 0 2 enabled enabled enabled enabled ge 0 3 enabled enabled enabled enabled ge 0 4 enabled enabled enabled enabled ge 0 5 enabled enabled enabled enabled ge 0 6 enabled enabled enabled enabled port string Specifies the port s for which to enable or disable HOL Blocking Prevention For a de...

Page 184: ... and Thesholds 4 38 Matrix E1 Series 1G58x 09 and 1H582 xx Configuration Guide Command Mode Read Write Example This example shows how to enable egress HOL Blocking Prevention on Fast Ethernet front panel port 2 Matrix set port holbp fe 0 2 egress enable ...

Page 185: ...disable port traps are listed below and described in the associated section as shown show port trap Section 4 3 7 1 set port trap Section 4 3 7 2 4 3 7 1 show port trap Use this command to display the status of an SNMP link trap on one or more ports show port trap port string Syntax Description Command Defaults If port string is not specified the trap status for all ports will be displayed Command...

Page 186: ... fe 0 5 enabled fe 0 6 enabled fe 0 7 enabled fe 0 8 enabled fe 0 9 enabled fe 0 10 enabled fe 0 11 enabled fe 0 12 enabled fe 0 13 enabled fe 0 14 enabled fe 0 15 enabled fe 0 16 enabled fe 0 17 enabled fe 0 18 enabled fe 0 19 enabled fe 0 20 enabled fe 0 21 enabled fe 0 22 enabled fe 0 23 enabled fe 0 24 enabled fe 0 25 enabled fe 0 26 enabled fe 0 27 enabled fe 0 28 enabled fe 0 29 enabled fe 0...

Page 187: ...isable Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to disable the SNMP link trap for Fast Ethernet front panel port 3 port string Specifies the port s for which to enable or disable a trap For a detailed description of possible port string values refer to Section 4 1 2 enable disable Enables or disables a trap on the s...

Page 188: ... of 12 source target port pairs may be configured Traffic mirrored includes both received and transmitted packets Unknown protocol packets and broadcast packets can be forwarded out the monitor port when mirroring is enabled None of the ports in a trunk or LAG should be configured as a mirror source port or mirror target port If a port with an active LACP link is configured as a mirror source or t...

Page 189: ... shown show port mirroring Section 4 3 9 1 set port mirroring Section 4 3 9 2 clear port mirroring Section 4 3 9 3 4 3 9 1 show port mirroring Use this command to display the source and target ports for mirroring and whether mirroring is currently enabled or disabled for those ports show port mirroring Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Only...

Page 190: ... Source Port fe 0 19 Target Port fe 0 23 disable enable Disables or enables port mirroring source_port Specifies the port designation for the source on which the traffic will be monitored For a detailed description of possible port string values refer to Section 4 1 2 target_port Specifies the port designation for the target that will duplicate or mirror all the traffic on the monitored port For a...

Page 191: ...e this command to clear a mirroring association between ports clear port mirroring source_port Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Examples This example shows how to clear port mirroring for source port fe 0 4 Matrix set port mirroring fe 0 4 fe 0 11 Matrix set port mirroring disable source_port Specifies the source port for the mirroring as...

Page 192: ...device will remain in port trunking mode To change the link aggregation mode on the device use the set port trunkmode command as described in Section 4 3 11 2 4 3 10 1 Matrix E1 Trunk and LAG Usage Considerations When configuring port trunking and 802 3ad link aggregation on Matrix E1 devices it is important consider the following factors Ports can only be assigned to one trunk or Link Aggregation...

Page 193: ...trunk you should first remove the network cable and then disable both ends of the link This allows the traffic passing across that link to be automatically distributed to the other links in that trunk without losing any significant amount of traffic 4 3 10 2 Port Grouping Considerations When configuring the Matrix E1 for link aggregation it is important to understand how ports are grouped in the d...

Page 194: ...Table 4 5 Port Grouping IDs for the Matrix E1 1H582 xx Fixed Front Panel NOTE This port grouping limitation does not apply to the Matrix E1 1G582 09 model or Gigabit Ethernet expansion modules Fixed Front Panel Slot Location 0 1H582 51 Group IDs 1 2 3 4 5 6 Ports 1 thru 8 9 thru 16 17 thru 24 25 thru 32 33 thru 40 41 thru 48 1H582 25 Group IDs 1 2 3 Ports 1 thru 8 9 thru 16 17 thru 24 1 x 2 x 3 x ...

Page 195: ...figuration Guide 4 49 Table 4 6 Port Grouping IDs for the 1H 16TX and 1H 8FX Expansion Modules For details on how to specify port designation in the CLI syntax refer to Section 4 1 2 Expansion Module Slot Location 1 2 or 3 1H 16TX Group IDs 1 2 Ports 1 thru 8 9 thru 16 1H 8FX Group IDs 1 Ports 1 thru 8 ...

Page 196: ...ing over the load if another port in the trunk should fail However before making any physical connections between devices use the set trunk command to specify the trunk on the devices at both ends Purpose To display trunking information to set the device trunking mode to create and delete trunks on the device to display and configure port settings for a particular trunk and to set the trunking alg...

Page 197: ...s not specified information for all trunks will be displayed Command Type Switch command Command Mode Read Only Examples This example shows how to display trunking information when the device is in 802 3ad mode trunk_name Optional portTrunking mode only Displays trunking information for a specific trunk Matrix show trunk Device is in 802 3AD mode Trunking algorithm is round robin LACP Rx Tx is glo...

Page 198: ...runk port fe 0 11 trunk port fe 0 12 Table 4 7 show trunk Output Details Output What It Displays Device is in Trunking mode of the device Default of 802 3ad can be changed using the set trunkmode command Section 4 3 11 2 Trunking algorithm is Whether the trunking algorithm is round robin default or MAC hashing Default can be changed using the set trunk algorithm command Section 4 3 11 7 trunkName ...

Page 199: ...on Guide 4 53 OKey Displayed in 802 3ad mode only Operational key which determines underlying physical ports ability to aggregate For more details refer to Section 4 3 13 2 ports Displayed in 802 3ad mode only Physical ports belonging to the LAG Table 4 7 show trunk Output Details Continued Output What It Displays ...

Page 200: ...Type Switch command Command Mode Read Write Example This example shows how enable port trunking mode on the device 4 3 11 3 set trunk Use this command to create enable or disable a trunk when the device is set to port trunking mode set trunk trunk_name create disable enable Syntax Description Command Defaults None 8023ad Enables 802 3ad link aggregation mode porttrunking Enables manual port trunki...

Page 201: ...e a trunk named blue 4 3 11 4 clear trunk Use this command to delete a trunk when the device is set to port trunking mode clear trunk trunk_name Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to delete the green trunk from the device Matrix set trunk blue create trunk_name Specifies the name of the trunk to be deleted Mat...

Page 202: ... command Command Mode Read Write Example This example shows how to add Fast Ethernet front panel ports 3 through 6 to the blue trunk 4 3 11 6 clear trunk port Use this command to remove a port from a trunk when the device is set to port trunking mode clear trunk port trunk_name port string trunk_name Specifies the name of the trunk to which the trunk port will be added port string Specifies the de...

Page 203: ...be used to distribution MAC addresses across a trunk group as they are learned on the device set trunk algorithm machashing roundrobin Syntax Description Command Defaults None Command Type Switch command trunk_name Specifies the name of the trunk from which the port will be removed port string Specifies the designation of the port to be removed from the trunk For a detailed description of possible...

Page 204: ...iguring Static Port Trunking 4 58 Matrix E1 Series 1G58x 09 and 1H582 xx Configuration Guide Command Mode Read Write Example This example shows how to set the device s trunk algorithm to MAC hashing Matrix set trunk algorithm machashing ...

Page 205: ...n to end users ie a server or to a router 4 3 12 1 LACP Operation For each aggregatable port in the device LACP Maintains configuration information reflecting the inherent properties of the individual links as well as those established by management to control aggregation Exchanges configuration information with other devices to allocate the link to a Link Aggregation Group LAG Attaches the port t...

Page 206: ...ts associated aggregator 4 3 12 2 LACP Terminology Table 4 8 defines key terminology used in LACP configuration Table 4 8 LACP Terms and Definitions Term Definition Aggregator A virtual port that controls link aggregation for underlying physical ports Depending on the model and expansion modules installed each Matrix E1 device can provide up to 12 aggregator ports which are designated in the CLI a...

Page 207: ...aggregating by comparing operational keys Aggregator ports allow only underlying ports with keys matching theirs to join their LAG There are a few cases in which ports will not aggregate An underlying physical port is attached to another port on this same switch loopback Actor and Partner An actor is the local device sending LACPDUs Its protocol partner is the device on the other end of the link a...

Page 208: ...wo or more ports with the same LAG ID This can happen if there are simply no available aggregators or if none of the aggregators have a matching admin key and system priority 802 1x authentication is enabled using the set eapol command Section 14 3 2 8 and ports that would otherwise aggregate are not 802 1X authorized MAC locking is enabled on the ports as described in Section 14 3 4 NOTE To aggre...

Page 209: ...view and configure LACP are listed below and described in the associated section as shown set lacp Section 4 3 13 1 set lacp static Section 4 3 13 2 clear lacp static Section 4 3 13 3 show port lacp Section 4 3 13 4 set port lacp Section 4 3 13 5 4 3 13 1 set lacp Use this command to disable or enable the Link Aggregation Control Protocol LACP on the device set lacp disable enable Syntax Descripti...

Page 210: ...LAG port for a Link Aggregation Group to form and attach to the specified LAG port Usage considerations discussed in Section 4 3 10 1 apply to statically created LAGs Ports and aggregators that are not statically assigned can still form trunks dynamically A port that is not statically assigned can never join an aggregator that has ports statically assigned to it Static LAG configuration should be ...

Page 211: ...d to remove specific ports from a Link Aggregation Group clear lacp static lagportstring port string Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to remove Fast Ethernet front panel port 6 from a static assignment Matrix set lacp static lag 0 1 fe 0 1 4 lagportstring Specifies the LAG aggregator port from which ports wi...

Page 212: ...ned to an aggregator lag 0 1 but not attached as indicated by the asterisks placed in the aggregator names port string Displays LACP information for specific port s For a detailed description of possible port string values refer to Section 4 1 2 counters port string Displays LACP counter information for one or more ports detail port string Displays detailed LACP status information for one or more ...

Page 213: ...led C Collecting rx enabled S Synchronized attached to appropriate aggregator A i Aggregable individual port S l Short Long LACP timeout A p Active Passive LACP For more information about these states refer to set port lacp Section 4 3 13 5 and the IEEE 802 3 2002 specification Matrix show port lacp counters fe 0 Port LACPTx LACPRx TLastRx MrkTx MrkRx LACPErr fe 0 1 23 20 22 84s 0 0 0 fe 0 2 7 4 1...

Page 214: ...atus Valid entries and their corresponding actions are active Enables active LACP operation aggregable Enables aggregations on this port default Enables default values active long timeout aggregable inaggregable Disables aggregations on this port long timeout Enables a long LACP time out 30 seconds passive Enables passive LACP operation short timeout Enables a short LACP timeout 3 seconds padminke...

Page 215: ...ow to place ports ge 0 1 and ge 0 2 in the same LAG by assigning both padminkey 1 This example shows how to clear the LAG created This example shows how to disable LACP processing on all Gigabit Ethernet front panel ports Matrix set port lacp padminkey ge 0 1 1 Matrix set port lacp padminkey ge 0 2 1 Matrix set port lacp padminkey ge 0 default Matrix set port lacp disable ge 0 ...

Page 216: ...al data Commands The commands needed to configure port broadcast suppression are listed below and described in the associated section as shown show port broadcast Section 4 3 14 1 set port broadcast Section 4 3 14 2 4 3 14 1 show port broadcast Use this command to display port broadcast suppression information for one or more ports show port broadcast port string Syntax Description Command Default...

Page 217: ...able or disable is not specified port broadcast packet_count will be set on specified ports where broadcast suppression is enabled Command Type Switch command Command Mode Read Write Examples This example shows how to enable broadcast suppression to 800 packets per second on Fast Ethernet front panel ports 10 through 13 Matrix show port broadcast fe 0 1 Broadcast Suppression enabled for port fe 0 ...

Page 218: ...adcast Suppression 4 72 Matrix E1 Series 1G58x 09 and 1H582 xx Configuration Guide This example shows how to set broadcast suppression to 2000 packets per second on Fast Ethernet front panel ports 10 through 13 Matrix set port broadcast fe 0 10 13 2000 ...

Page 219: ...ed to configure unknown destination address suppression are listed below and described in the associated section as shown show port unknowndestsuppress Section 4 3 15 1 set port unknowndestsuppress Section 4 3 15 2 clear port unknowndestsuppress Section 4 3 15 3 4 3 15 1 show port unknowndestsuppress Use this command to display the status of unknown unicast traffic suppression on one or more ports...

Page 220: ...m one or more ports set port unknowndestsuppress port string enable disable Syntax Description Command Defaults If disable is not specified suppression will be enabled Command Type Switch command Command Mode Read Write Example This example shows how to enable unknown destintation address suppression on Fast Ethernet front panel port 1 Matrix show port unknowndestsuppress fe 0 1 Unknown Destinatio...

Page 221: ... disabled clear port unknowndestsuppress port string Syntax Description Command Defaults If port string is not specified status of all ports will be reset Command Type Switch command Command Mode Read Write Example This example shows how to reset unknown destintation address suppression on Fast Ethernet front panel port 1 to disabled port string Optional Resets status for specific port s For a det...

Page 222: ...Port Configuration Command Set Configuring Unknown Destination Address Suppression 4 76 Matrix E1 Series 1G58x 09 and 1H582 xx Configuration Guide ...

Page 223: ...ll description of functionality Version 2 SNMPv2 The second release of SNMP described in RFC 1907 has additions and enhancements to data types counter size and protocol operations Version 3 SNMPv3 This is the most recent version of SNMP and includes significant enhancements to administration and security SNMPv3 is fully described in RFC 2571 RFC 2572 RFC 2573 RFC 2574 and RFC 2575 5 1 1 SNMPv1 and...

Page 224: ...his component accepts outgoing PDUs from the dispatcher and prepares them for transmission by wrapping them in a message header and returning them to the dispatcher The message processing subsystem also accepts incoming messages from the dispatcher processes each message header and returns the enclosed PDU to the dispatcher Security subsystem This component authenticates and encrypts messages Acce...

Page 225: ... string match for authentication v2 NoAuthNoPriv Community string None Uses a community string match for authentication v3 NoAuthNoPriv User name None Uses a user name match for authentication AuthNoPriv MD5 None Provides authentication based on the HMAC MD5 algorithm authPriv MD5 DES Provides authentication based on the HMAC MD5 algorithm Provides DES 56 bit encryption in addition to authenticati...

Page 226: ...NMP Configuration 5 4 Matrix E1 Series 1G58x 09 and 1H582 xx Configuration Guide 6 Configuring SNMP target addresses Section 5 2 6 7 Configuring SNMP notification parameters Section 5 2 7 8 Configuring a basic SNMP trap notification Section 5 2 8 ...

Page 227: ...ds needed to disable or enable SNMP and review SNMP statistics are listed below and described in the associated section as shown show snmp Section 5 2 1 1 set snmp Section 5 2 1 2 show snmp engineid Section 5 2 1 3 show snmp counters Section 5 2 1 4 5 2 1 1 show snmp Use this command to display the status of SNMP management on the device By default it is enabled at device startup show snmp Syntax ...

Page 228: ...nable disable Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to disable SNMP 5 2 1 3 show snmp engineid Use this command to display the SNMP local engine ID This is the SNMP v3 engine s administratively unique identifier show snmp engineid Syntax Description None Command Defaults None Matrix show snmp SNMP is currently en...

Page 229: ... command to display SNMP traffic counter values show snmp counters Syntax Description None Command Defaults None Matrix show snmp engineid EngineId 80 00 15 f8 03 00 e0 63 9d b5 87 Engine Boots 12 Engine Time 162181 Max Msg Size 2048 Table 5 2 show snmp engineid Output Details Output What It Displays EngineId String identifying the SNMP agent on the device Engine Boots Number of times the SNMP eng...

Page 230: ...SNMP Command Set Disabling Enabling and Reviewing SNMP Statistics 5 8 Matrix E1 Series 1G58x 09 and 1H582 xx Configuration Guide Command Type Switch command Command Mode Read Only ...

Page 231: ... 0 snmpInTooBigs 0 snmpInNoSuchNames 0 snmpInBadValues 0 snmpInReadOnlys 0 snmpInGenErrs 0 snmpInTotalReqVars 403661 snmpInTotalSetVars 534 snmpInGetRequests 290 snmpInGetNexts 396279 snmpInSetRequests 32 snmpInGetResponses 0 snmpInTraps 0 snmpOutTooBigs 0 snmpOutNoSuchNames 11 snmpOutBadValues 0 snmpOutGenErrs 0 snmpOutGetRequests 0 snmpOutGetNexts 0 snmpOutSetRequests 0 snmpOutGetResponses 39660...

Page 232: ...ity that represented an SNMP operation not allowed by the SNMP community named in the message snmpInASNParseErrs Number of ASN 1 Abstract Syntax Notation or BER Basic Encoding Rules errors encountered by the SNMP entity when decoding received SNMP messages snmpInTooBigs Number of SNMP PDUs delivered to the SNMP protocol entity with the value of the error status field as tooBig snmpInNoSuchNames Nu...

Page 233: ...rocessed by the SNMP protocol entity snmpInGetResponses Number of SNMP Get Response PDUs accepted and processed by the SNMP protocol entity snmpInTraps Number of SNMP Trap PDUs accepted and processed by the SNMP protocol entity snmpOutTooBigs Number of SNMP PDUs generated by the SNMP protocol entity with the value of the error status field as tooBig snmpOutNoSuchNames Number of SNMP PDUs generated...

Page 234: ...rm request error messages that were dropped because the reply was larger than the proxy target s maximum message size usmStatsUnsupportedSec Levels Number of packets received by the SNMP engine that were dropped because they requested a security level that was unknown to the SNMP engine or otherwise unavailable usmStatsNotInTimeWindows Number of packets received by the SNMP engine that were droppe...

Page 235: ...atsWrongDigests Number of packets received by the SNMP engine that were dropped because they did not contain the expected digest value usmStatsDecriptionErrors Number of packets received by the SNMP engine that were dropped because they could not be decrypted Table 5 3 show snmp counters Output Details Continued Output What It Displays ...

Page 236: ...s Community A name used to authenticate SNMPv1 and v2 users Commands The commands needed to review and configure SNMP users groups and communities are listed below and described in the associated section as shown show snmp user Section 5 2 2 1 set snmp user Section 5 2 2 2 clear snmp user Section 5 2 2 3 show snmp group Section 5 2 2 4 set snmp group Section 5 2 2 5 clear snmp group Section 5 2 2 ...

Page 237: ...ified user information about the local SNMP engine will be displayed Command Type Switch command Command Mode Read Only Example This example shows how to display information for the SNMP guest user Table 5 4 shows a detailed explanation of the command output user Optional Displays information about a specific user remote remote Optional Displays information about users on a specific remote SNMP en...

Page 238: ...gine identifier Username SNMPv1 or v2 community name or SNMPv3 user name Auth protocol Type of authentication protocol applied to this user Privacy protocol Whether a privacy protocol is applied when authentication protocol is in use Storage Type Whether access entries for this group are stored in volatile nonvolatile or read only memory Row status Status of this entry active notInService or notRe...

Page 239: ...rivacy encryption 5 2 2 3 clear snmp user Use this command to remove a user from the SNMPv3 security model list clear snmp user user remote remote Syntax Description Command Defaults If remote is not specified the user will be removed from the local SNMP engine Command Type Switch command Command Mode Read Write Matrix set snmp user netops authentication md5 privacy Matrix Enter authentication pas...

Page 240: ...Description Command Defaults If groupname is not specified information about all SNMP groups will be displayed If user is not specified information about all SNMP users will be displayed If security model is not specified user information about all SNMP versions will be displayed Command Type Switch command Command Mode Read Only Matrix clear snmp user bill groupname groupname Optional Displays in...

Page 241: ...roup name Anyone Storage type nonVolatile Row status active Security model SNMPv1 Security user name public router1 Group name Anyone Storage type nonVolatile Row status active Table 5 5 show snmp group Output Details Output What It Displays Security model SNMP version associated with this group Security user name Users belonging to the SNMP group Group name Name of SNMP group Storage Type Whether...

Page 242: ...pe is not specified nonvolatile storage will be applied Command Type Switch command Command Mode Read Write Example This example shows how to create an SNMP group called anyone assign a user named public and assign SNMPv3 security to the group groupname Specifies an SNMP group name to create user user Specifies an SNMPv3 user name to assign to the group security model v1 v2 v3 Specifies an SNMP se...

Page 243: ...s If user is not specified settings will be cleared for all SNMP users If security model is not specified settings will be cleared for all SNMP versions If no parameters are specified all SNMP group settings will be cleared Command Type Switch command Command Mode Read Write Example This example shows how to clear all settings assigned to the public user within the SNMP group anyone groupname Spec...

Page 244: ... Description None Command Defaults None Command Type Switch command Command Mode Read Only Example This example shows how to display community names and access policies Table 5 6 provides an explanation of the command output For details on using the set community command to assign variables refer to Section 5 2 2 11 Matrix show community Community Name Permissions Public Read Write Private Read Wr...

Page 245: ... shows how to set the community name green for Read Write access community_name Specifies the name through which a user will access SNMP management Up to 5 community names can be set access_ policy Specifies the access permission accorded each community name The available access levels are Read Only ro This community name gives the user Read Only access to the device MIB objects and excludes acces...

Page 246: ...xample This example shows how to delete the community name green 5 2 2 10 show snmp community Use this command to display the mapping of SNMPv1and v2 community names to SNMPv3 access policies show snmp community name Syntax Description Command Defaults If name is not specified information will be displayed for all SNMP communities Command Type Switch command community_name Specifies the SNMP manag...

Page 247: ...me volatile nonvolatile Syntax Description Command Defaults If storage type is not specified nonvolatile will be applied Command Type Switch command Command Mode Read Write Matrix show snmp community public Community Name public Security User Name initial restricted SNMP Engine ID 80 00 38 18 03 00 01 f4 d2 bc 80 Storage Type nonvolatile Row Status active name Specifies a community name user usern...

Page 248: ...to remove a relationship between an SNMP v1 or v2 community name and an SNMPv3 access policy clear snmp community name Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to remove the green community s access to the netops user security policy Matrix set snmp community green netops name Specifies the SNMPv1 or v2 community na...

Page 249: ...tion 5 2 3 3 show snmp authenticationtrap Section 5 2 3 4 set snmp authenticationtrap Section 5 2 3 5 5 2 3 1 show snmp access Use this command to display access rights and security levels configured for SNMP one or more groups show snmp access groupname security model v1 v2 v3 noauth auth authpriv Syntax Description Command Defaults If groupname is not specified access information for all SNMP gr...

Page 250: ...of the command output Matrix show snmp access Group Name initial Security Model SNMPv3 Security Level No authentication No Privacy Storage Type nonvolatile Row Status active Read View Name internet Write View Name internet Notify View Name internet Group Name initial restricted Security Model SNMPv3 Security Level No authentication No Privacy Storage Type nonvolatile Row Status active Read View Na...

Page 251: ...cy protocol required authpriv Authentication and privacy protocol required Storage Type Whether access entries for this group are stored in volatile nonvolatile or read only memory Row Status Status of this entry active notInService or notReady Read View Name Name of the view that allows this group to view SNMP MIB objects Write View Name Name of the view that allows this group to configure the co...

Page 252: ...ive notification messages specified the hello notification configuration groupname Specifies a name for an SNMP group security model v1 v2 v3 Applies SNMP version 1 2c or 3 noauth auth authpriv Applies an SNMPv3 security level as no authentication authentication without privacy or authentication with privacy Privacy specifies that messages sent on behalf of the user are protected from disclosure r...

Page 253: ...d Command Mode Read Write Example This example shows how to clear SNMP version 3 access for the mis group 5 2 3 4 show snmp authenticationtrap Use this command to display the status of the SNMP authentication trap function show snmp authenticationtrap Syntax Description None Command Defaults None groupname Specifies the name of the SNMP group for which to clear access security model v1 v2 v3 Speci...

Page 254: ...on trap Use this command to enable or disable the SNMP authentication trap function set snmp authenticationtrap enable disable Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to enable the SNMP authentication trap function Matrix show snmp authenticatontrap authentication traps enabled enable disable Enables or disables th...

Page 255: ... the associated section as shown show snmp view Section 5 2 4 1 set snmp view Section 5 2 4 2 clear snmp view Section 5 2 4 3 5 2 4 1 show snmp view Use this command to display the MIB configuration for SNMPv3 view based access VACM show snmp view viewname subtree oid Syntax Description Command Defaults If no parameters are specified all SNMP MIB view configuration information will be displayed Co...

Page 256: ...ssign variables refer to Section 5 2 4 2 Matrix show snmp view internet View Name internet Subtree OID 1 View Type Included Row Status active Storage Type nonvolatile Table 5 8 show snmp view Output Details Output What It Displays View Name Name assigned to a MIB view Subtree OID Subtree object identifier View Type Whether or not subtree use must be included or excluded for this view Row Status St...

Page 257: ... nonvolatile will be applied Command Type Switch command Command Mode Read Write Example This example shows how to set an SNMP MIB view to public with a subtree name of 1 3 6 1 included 5 2 4 3 clear snmp view Use this command to delete an SNMPv3 MIB view clear snmp view viewname subtree subtree viewname Specifies a name for a MIB view subtree subtree Specifies a MIB subtree name included excluded...

Page 258: ...Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to delete SNMP MIB view public viewname Specifies the MIB view name to be deleted subtree subtree Specifies the subtree name of the MIB view to be deleted Matrix clear snmp view public subtree 1 3 6 1 ...

Page 259: ...ands The commands needed to review and configure SNMP target parameters are listed below and described in the associated section as shown show snmp targetparams Section 5 2 5 1 set snmp targetparams Section 5 2 5 2 clear snmp targetparams Section 5 2 5 3 5 2 5 1 show snmp targetparams Use this command to display SNMP parameters used to generate a message to a target show snmp targetparams targetpa...

Page 260: ...riv Storage type nonVolatile Row status active Target Parameter Name v2ExampleParams Security Name public Message Proc Model SNMPv2 Security Level noAuthNoPriv Storage type nonVolatile Row status active Target Parameter Name v3ExampleParams Security Name CharlieDChief Message Proc Model v3 Security Level authNoPriv Storage type nonVolatile Row status active Table 5 9 show snmp targetparams Output ...

Page 261: ... v2c v3 message processing v1 v2c v3 noauthentication authentication privacy volatile nonvolatile Security Level Type of security level Valid levels are noauth No authentication or privacy protocol required auth Authentication but no privacy protocol required authpriv Authentication and privacy protocol required Storage type Whether entry is stored in volatile nonvolatile or read only memory Row s...

Page 262: ...o generate SNMP messages to a particular target user user Specifies an SNMPv1 or v2 community name or an SNMPv3 user name Maximum length is 32 bytes security model v1 v2 v3 Specifies the SNMP security model applied to this target parameter as version 1 2c or 3 noauthentication authentication privacy Specifies the SNMP security level applied to this target parameter as no authentication authenticat...

Page 263: ...get parameter configuration clear snmp targetparams targetparams Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to clear SNMP target parameters named v1ExampleParams targetparams Specifies the name of the parameter in the SNMP target parameters table to be cleared Matrix clear snmp targetparams v1ExampleParams ...

Page 264: ...on 5 2 5 2 Commands The commands needed to review and configure SNMP target addresses are listed below and described in the associated section as shown show snmp targetaddr Section 5 2 6 1 set snmp targetaddr Section 5 2 6 2 clear snmp targetaddr Section 5 2 6 3 5 2 6 1 show snmp targetaddr Use this command to display SNMP target address information show snmp targetaddr targetaddr Syntax Descripti...

Page 265: ... type nonVolatile Row status active Target Address Name 2 Tag List Console IP Address 127 0 0 1 UDP Port 0 Target Mask 255 255 255 255 Timeout 100 Retry count 3 Parameters v2ExampleParams Storage type nonVolatile Row status active Table 5 10 show snmp targetaddr Output Details Output What It Displays Target Address Name Unique identifier in the snmpTargetAddressTable Tag List Tags a location to th...

Page 266: ...dress configuration can be linked to optional SNMP transmit parameters such as timeout retry count and UDP port set snmp targetaddr targetaddr param param ipaddress ipaddr port udpport timeout timeout retries retries volatile nonvolatile taglist tagname Parameters Entry in the snmpTargetParamsTable Storage type Whether entry is stored in volatile nonvolatile or read only memory Row status Status o...

Page 267: ...n generating a message to the target Maximum length is 32 bytes ipaddress ipaddr Specifies the IP address of the target port udpport Optional Specifies which UDP port of the target host to use Default value is 162 timeout timeout Optional Specifies the maximum round trip time allowed to communicate to this target address This value is in 01 seconds and the default is 1500 15 seconds retries retrie...

Page 268: ...d UDP port 160 5 2 6 3 clear snmp targetaddr Use this command to delete an SNMP target address entry clear snmp targetaddr targetAddr Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to clear SNMP target address entry 1 Matrix set snmp targetaddr 1 param v1ExampleParams ipaddress 127 0 0 1 udp 160 targetAddr Specifies the t...

Page 269: ...with security and authorization criteria target parameters and mapped to a management target address refer to Section 5 2 8 Commands The commands needed to configure SNMP notification parameters and filters are listed below and described in the associated section as shown show trap Section 5 2 7 1 set trap Section 5 2 7 2 clear trap Section 5 2 7 3 show newaddrtrap Section 5 2 7 4 set newaddrtrap ...

Page 270: ...One is assigned to the orange community at IP address 1 2 3 4 Another is assigned to the blue community at IP address 100 54 5 112 Table 5 11 provides an explanation of the command output For details on using the set trap command to assign variables refer to Section 5 2 7 2 Matrix show trap Community Name IP Address Status orange 1 2 3 4 enabled blue 100 54 5 112 enabled public 0 0 0 0 disabled pu...

Page 271: ...munity_name enable disable Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to enable a trap on IP address 172 29 65 123 in the blue community 5 2 7 3 clear trap Use this command to clear an SNMP trap assigned to an IP address clear trap ip_address Syntax Description Command Defaults None ip_address Specifies the IP address...

Page 272: ...d to display the status of the SNMP new MAC addresses trap function on one or more ports show newaddrtrap port string Syntax Description Command Defaults If port string is not specified the status of the new MAC addresses trap function will be displayed for all ports Command Mode Read Only Matrix clear trap 172 29 65 123 port string Optional Displays the status of the new MAC addresses trap functi...

Page 273: ...ommand Type Switch command Matrix show newaddrtrap ge New Address Trap Globally disabled Port Enable State ge 0 1 disabled ge 0 2 disabled ge 0 3 disabled ge 0 4 disabled ge 0 5 disabled ge 0 6 disabled NOTE Transmitting SNMP new address traps requires that you configure the device with the SNMP management station information using the set trap command as described in Section 5 2 7 2 port string O...

Page 274: ... 5 2 7 6 show snmp notify Use this command to display the SNMP notify configuration which determines which management targets will receive SNMP notifications show snmp notify notify Syntax Description Command Defaults If a notify name is not specified all entries will be displayed Command Type Switch command Command Mode Read Only Matrix set newaddrtrap ge 0 3 enable notify Optional Displays notif...

Page 275: ...torage type nonVolatile Row status active Notify name 2 Notify Tag TrapSink Notify Type trap Storage type nonVolatile Row status active Table 5 12 show snmp notify Output Details Output What It Displays Notify name A unique identifier used to index the SNMP notify table Notify Tag Name of the entry in the SNMP motify table Notify Type Type of notification SNMPv1 or v2 trap or SNMPv3 InformRequest ...

Page 276: ...o tag will be set If not specified message type will be set to trap If not specified storage type will be set to nonvolatile Command Type Switch command Command Mode Read Write Example This example shows how to set an SNMP notify configuration with a notify name of hello and a notify tag of world Notifications will be sent as trap messages and storage type will automatically default to nonvolatile...

Page 277: ...nmp notify Use this command to clear an SNMP notify configuration set snmp notify notify Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to clear the SNMP notify configuration for hello notify Specifies an SNMP notify name to clear Matrix clear snmp notify hello ...

Page 278: ...hen the NotifyFilter table contains profile entries the SNMP agent will find any filter profile name that corresponds to the target parameter name contained in an outgoing notification message It will then apply the appropriate subtree specific filter when generating notification messages 5 2 7 9 show snmp notifyfilter Use this command to display SNMP notify filter information identifying which pr...

Page 279: ...or the management targets that should receive notification messages If you create an SNMP notify filter to include all OIDs you can then create SNMP notify filters to exclude specific OIDs As an alternative you can create SNMP notify filters to include specific OIDs in which case the OIDs that you do not specify will be excluded automatically set snmp notifyfilter profile subtree oid mask mask inc...

Page 280: ...ion with a MIB subtree ID of 1 to include all management targets This example shows how to create an SNMP notify filter called pilot1 with a MIB subtree ID of 1 3 6 5 2 7 11 clear snmp notifyfilter Use this command to delete an SNMP notify filter configuration clear snmp notifyfilter profile subtree oid Syntax Description Command Defaults None Command Type Switch command Matrix set snmp notifyfilt...

Page 281: ...ile profile targetparam targetparam Syntax Description Command Defaults If no parameters are specified all notify profile information will be displayed Command Type Switch command Command Mode Read Only Example This example shows how to display SNMP notify information for the profile named area51 Matrix clear snmp notifyfilter pilot1 subtree 1 3 6 profile Optional Displays a specific notify profil...

Page 282: ... volatile nonvolatile Syntax Description Command Defaults If storage type is not specified nonvolatile will be applied Command Type Switch command Command Mode Read Write Example This example shows how to create an SNMP notify profile named area51 and associate a target parameters entry 5 2 7 14 clear snmp notifyprofile Use this command to delete an SNMP notify profile configuration clear snmp not...

Page 283: ...mmand Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to delete SNMP notify profile area51 profile Specifies an SNMP filter notify name to delete targetparam targetparam Specifies an associated entry in the snmpTargetParamsTable Matrix clear snmp notifyprofile area51 targetparam v3ExampleParams ...

Page 284: ... criteria to the users in the community created in Step 1 3 Verify if any applicable SNMP notification entries exist or create a new one You will use this entry to send SNMP notification messages to the appropriate management targets created in Step 2 4 Create a target address entry to bind a management IP address to The notification entry and tag name created in Step 3 and The target parameters e...

Page 285: ...subtree ID of 1 to include all management targets Figure 5 1 Creating a Basic SNMP Trap Configuration Create a new notification entry set snmp notify Section 5 2 7 7 Create a target address entry set snmp targetaddr Section 5 2 6 2 Create an SNMP notify filter set snmp notifyfilter Section 5 2 7 10 Matrix set snmp community mgmt Matrix set snmp targetparams v3ExampleParams user mgmt security model...

Page 286: ...SNMP Command Set Basic SNMP Trap Configuration 5 64 Matrix E1 Series 1G58x 09 and 1H582 xx Configuration Guide ...

Page 287: ...e time to reconfigure the network s active topology when physical topology or configuration parameter changes occur It selects one switch as the root of a Spanning Tree connected active topology and assigns port roles to individual ports on the switch depending on whether that port is part of the active topology RSTP provides rapid connectivity following the failure of a switch switch port or a LA...

Page 288: ...ing Spanning Tree instances to VLANs refer to Section 6 2 1 10 6 1 2 Spanning Tree Features The Matrix E1 device meets the requirements of the Spanning Tree Protocols by performing the following functions Creating a single Spanning Tree from any arrangement of switching or bridging elements Compensating automatically for the failure removal or addition of any device in an active data path Achievin...

Page 289: ...1 Reviewing and setting Spanning Tree bridge device parameters Section 6 2 1 2 Reviewing and setting Spanning Tree port parameters Section 6 2 2 CAUTION Spanning Tree configuration should be performed only by personnel who are very knowledgeable about Spanning Trees and the configuration of the Spanning Tree Algorithm Otherwise the proper operation of the network could be at risk NOTE The term bri...

Page 290: ... are listed below and described in the associated section as shown show spantree stats Section 6 2 1 1 set spantree Section 6 2 1 2 show spantree version Section 6 2 1 3 set spantree version Section 6 2 1 4 clear spantree version Section 6 2 1 5 show spantree mstilist Section 6 2 1 6 set spantree msti Section 6 2 1 7 clear spantree msti Section 6 2 1 8 show spantree mstmap Section 6 2 1 9 set span...

Page 291: ...lear spantree fwddelay Section 6 2 1 26 show spantree autoedge Section 6 2 1 27 set spantree autoedge Section 6 2 1 28 clear spantree autoedge Section 6 2 1 29 show spantree legacypathcost Section 6 2 1 30 set spantree legacypathcost Section 6 2 1 31 clear spantree legacypathcost Section 6 2 1 32 show spantree tctrapsuppress Section 6 2 1 33 set spantree tctrapsuppress Section 6 2 1 34 clear spant...

Page 292: ...ort port string Syntax Description Command Defaults If port string is not specified Spanning Tree information for the device will be displayed If sid is not specified information for Spanning Tree 0 will be displayed Command Type Switch command Command Mode Read Only sid sid Optional Displays Spanning Tree information for a specific Spanning Tree port port string Optional Displays Spanning Tree in...

Page 293: ...c Root Hold Time 1 sec Root Forward Delay 15 sec Bridge ID Mac Address 00 00 1d 11 71 00 Bridge ID Priority 32768 Bridge Max Age 20 sec Bridge Hello Time 2 sec Bridge Forward Delay 15 sec Topology Change Count 6 Max Hops 20 SID Port State Role Cost Priority 0 fe 0 1 blocking disabled 100 128 Table 6 1 show spantree stats Output Details Output What It Displays Spanning tree Whether the Spanning Tre...

Page 294: ...d by all bridges in the network Bridge ID Priority Bridge priority which is a default value or is assigned using the set spantree priority command For details refer to Section 6 2 1 16 Bridge Max Age Maximum time in seconds the bridge can wait without receiving a configuration message bridge hello before attempting to reconfigure This is a default value or is assigned using the set spantree maxage...

Page 295: ...unt Default of 20 can be changed using the set spantree maxhops command as described in Section 6 2 1 39 SID Spanning Tree ID Port Spanning Tree port designation For a detailed description of possible port string values refer to Section 4 1 2 State Spanning Tree port state listening learning forwarding or blocked Role Whether the port s Spanning Tree role is root designated backup alternate disabl...

Page 296: ...the device 6 2 1 3 show spantree version Use this command to display the current version of the Spanning Tree protocol running on the device show spantree version Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Only Example This example shows how to display Spanning Tree version information Matrix set spantree disable Matrix show spantree version Spannin...

Page 297: ...ear spantree version Use this command to reset the version of the Spanning Tree protocol to the default mode of MSTP clear spantree version Syntax Description None NOTE In most networks Spanning Tree version should not be changed from its default setting of mstp Multiple Spanning Tree Protocol mode MSTP mode is fully compatible and interoperable with legacy STP 802 1D and Rapid Spanning Tree RSTP ...

Page 298: ...Spanning Tree protocol to MSTP 6 2 1 6 show spantree mstilist Use this command to display a list of Multiple Spanning Tree MST instances configured on the device show spantree mstilist Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Only Example This example shows how to display a list of MST instances In this case SID 2 has been configured Matrix clear ...

Page 299: ... Command Mode Read Write Example This example shows how to create MST instance 2 6 2 1 8 clear spantree msti Use this command to delete one or more Multiple Spanning Tree instances clear spantree msti sid Syntax Description Command Defaults If sid is not specified all MST instances will be cleared sid Sets the Multiple Spanning Tree ID Valid values are 1 4094 NOTE Matrix E1 devices will support up...

Page 300: ... which SID a VLAN is mapped show spantree mstmap first_fid_num last_fid_num Syntax Description Command Defaults If last_fid_num is not specified all FID mapping information beginning with the first_fid_num will be displayed Command Type Switch command Command Mode Read Only Matrix clear spantree msti first_fid_num Specifies the first in a range or FIDs for which MSTP mapping will be displayed Vali...

Page 301: ...s are mapped to FIDs this essentially maps a Spanning Tree SID to a VLAN ID set spantree mstmap fid_num sid Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Matrix show spantree mstmap 1 8 FID SID 1 0 2 0 3 0 4 0 5 0 6 0 7 0 8 0 fid_num Specifies a FID to assign to the MST Valid values are 1 4094 and must correspond to a VLAN ID created using the set vla...

Page 302: ... Description Command Defaults If fid_num is not specified all SID to FID mappings will be reset Command Type Switch command Command Mode Read Write Example This example shows how to map FID 2 back to SID 0 6 2 1 12 show spantree vlanlist Use this command to display the VLAN s mapped to a Spanning Tree ID show spantree vlanlist sid Matrix set spantree mstmap 3 2 fid_num Optional Resets the mapping ...

Page 303: ...nd as described in Section 6 2 1 7 and the FIDs must be mapped to SID 1 using the set spantree mstmap command as described in Section 6 2 1 10 6 2 1 13 show spantree mstcfgid Use this command to display the MST configuration identifier elements including format selector configuration name revision level and configuration digest show spantree mstcfgid Syntax Description None Command Defaults None C...

Page 304: ...o Section 6 2 1 14 6 2 1 14 set spantree mstcfgid Use this command to set the MST configuration name and or revision level set spantree mstcfgid cfgname name rev level Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to set the MST configuration name to mstconfig Matrix show spantree mstcfgid MST Configuration Identifier Fo...

Page 305: ...configuration identifier elements to default values 6 2 1 16 set spantree priority Use this command to set the bridge priority for one or more Spanning Trees The device with the highest priority becomes the Spanning Tree root device If all devices have the same priority the device with the lowest MAC address will then become the root device set spantree priority bridge_priority sid Syntax Descript...

Page 306: ...096 6 2 1 17 clear spantree priority Use this command to reset the bridge priority to the default value of 32768 clear spantree priority sid Syntax Description Command Defaults If sid is not specified all SIDs will be reset Command Type Switch command Command Mode Read Write Example This example shows how to reset the bridge priority for SID 6 Matrix set spantree priority 4096 6 sid Optional Reset...

Page 307: ...Type Switch command Command Mode Read Only Example This example shows how to display the Spanning Tree bridge hello mode In this case a single bridge hello mode has been enabled using the set spantree bridgehellomode command as described in Section 6 2 1 21 6 2 1 19 set spantree bridgehellomode Use this command to enable or disable bridge hello mode on the device set spantree bridgehellomode enabl...

Page 308: ...ree bridgehellomode Use this command to reset the Spanning Tree administrative hello mode to enabled clear spantree bridgehellomode Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to reset the Spanning Tree bridge hello mode to enabled 6 2 1 21 set spantree hello Use this command to set the hello time for the bridge o...

Page 309: ...e Example This example shows how to set the bridge hello time to 3 seconds 6 2 1 22 clear spantree hello Use this command to reset the bridge hello time for the bridge or for one or more ports to the default value of 2 seconds clear spantree hello port string interval Specifies the number of seconds the system waits before broadcasting a bridge hello message a multicast message indicating that the...

Page 310: ...time This is the maximum time in seconds a device can wait without receiving a configuration message bridge hello before attempting to reconfigure All device ports except for designated ports should receive configuration messages at regular intervals Any port that ages out STP information provided in the last configuration message becomes the designated port for the attached LAN If it is a root po...

Page 311: ...ows how to set the maximum aging time to 25 seconds 6 2 1 24 clear spantree maxage Use this command to reset the bridge maximum aging time to the default value of 20 seconds clear spantree maxage Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Write agingtime Specifies the maximum number of seconds that the system retains the information received from ot...

Page 312: ...gy changes before it starts to forward frames In addition each port needs time to listen for conflicting information that would make it return to a blocking state otherwise temporary data loops might result set spantree fwddelay delay Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to set the bridge forward delay to 16 sec...

Page 313: ...w to reset the bridge forward delay to 15 seconds 6 2 1 27 show spantree autoedge Use this command to display the status of automatic edge port detection show spantree autoedge Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Only Example This example shows how to display the status of the automatic edge port detection function Matrix clear spantree fwdde...

Page 314: ...Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to disable automatic edge port detection 6 2 1 29 clear spantree autoedge Use this command to reset automatic edge port detection to the default state of enabled clear spantree autoedge Syntax Description None Command Defaults None Command Type Switch command Command Mode Rea...

Page 315: ...antree legacypathcost Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Only Example This example shows how to display the status of the legacy path cost setting 6 2 1 31 set spantree legacypathcost Use this command to enable or disable legacy 802 1D path cost values set spantree legacypathcost disable enable Syntax Description Command Defaults None Matrix...

Page 316: ...ee legacypathcost Use this command to reset path cost to 802 1D values clear spantree legacypathcost Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to reset legacy path cost 6 2 1 33 show spantree tctrapsuppress Use this command to display the status of topology change trap suppression on Rapid Spanning Tree edge por...

Page 317: ...r blocking cause the switch to issue a topology change trap When topology change trap suppression is enabled which is the device default edge ports such as end station PCs are prevented from sending topology change traps This is because there is usually no need for network management to monitor edge port STP transition states such as when PCs are powered on When topology change trap suppression is...

Page 318: ... this command to clear topology change trap suppression settings clear spantree tctrapsuppress Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to clear topology change trap suppression settings 6 2 1 36 show spantree txholdcount Use this command to display the maximum BPDU transmission rate show spantree txholdcount S...

Page 319: ...ssion rate This is the number of BPDUs which will be transmitted before transmissions are subject to a one second timer set spantree txholdcount txholdcount Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to set the transmit hold count to 5 Matrix show spantree txholdcount Tx hold count 3 txholdcount Specifies the maximum ...

Page 320: ...Write Example This example shows how to reset the transmit hold count to 3 6 2 1 39 set spantree maxhops Use this command to set the Spanning Tree maximum hop count This is the maximum number of hops that the information for a particular Spanning Tree instance may traverse via relay of BPDUs within the applicable MST region before being discarded set spantree maxhops max_hop_count Syntax Descripti...

Page 321: ...e shows how to set the maximum hop count to 40 6 2 1 40 clear spantree maxhops Use this command to reset the maximum hop count to the default value of 20 clear spantree maxhops Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to reset the maximum hop count to 20 Matrix set spantree maxhops 40 Matrix clear spantree maxh...

Page 322: ...t parameters are listed below and described in the associated section as shown show spantree portadmin Section 6 2 2 1 set spantree portadmin Section 6 2 2 2 clear spantree portadmin Section 6 2 2 3 show spantree blocked ports Section 6 2 2 4 show spantree portpri Section 6 2 2 5 set spantree portpri Section 6 2 2 6 clear spantree portpri Section 6 2 2 7 show spantree portcost Section 6 2 2 8 set ...

Page 323: ...ection 6 2 2 23 clear spantree spanguardtrapenable Section 6 2 2 24 show spantree adminpoint Section 6 2 2 25 set spantree adminpoint Section 6 2 2 26 clear spantree adminpoint Section 6 2 2 27 6 2 2 1 show spantree portadmin Use this command to display the status of the Spanning Tree algorithm on one or more ports show spantree portadmin port string Syntax Description Command Defaults None Comman...

Page 324: ...ntree portadmin ge Port ge 0 1 has portadmin set to enabled Port ge 0 2 has portadmin set to enabled Port ge 0 3 has portadmin set to enabled Port ge 0 4 has portadmin set to enabled Port ge 0 5 has portadmin set to enabled Port ge 0 6 has portadmin set to enabled NOTE Spanning Tree must be disabled on ports that will be dedicated as IP routing uplinks VLANs To display administrative status for al...

Page 325: ...hernet front panel port 12 6 2 2 4 show spantree blocked ports Use this command to display the blocked ports in one or more Spanning Trees A port in this state does not participate in the transmission of frames thus preventing duplication arising through multiple paths existing in the active topology of the bridged LAN It receives Spanning Tree configuration messages but does not forward packets s...

Page 326: ...Tree When more than one port is assigned the highest priority the port with the lowest numeric identifier will be enabled show spantree portpri port string sid Syntax Description Command Defaults If sid is not specified port priority for SID 0 will be displayed Command Type Switch command Command Mode Read Only Matrix show spantree blockedports 1 Port ge 0 1 in Blocking State Port ge 0 2 in Blocki...

Page 327: ... command Command Mode Read Write Example This example shows how to set the priority of Fast Ethernet front panel port 3 to 240 Matrix show spantree portpri fe 0 3 port priority 128 for port fe 0 3 NOTE Path cost set spantree portcost takes precedence over port priority port string Specifies the port s for which to set Spanning Tree port priority For a detailed description of possible port string v...

Page 328: ... Command Defaults If port string is not specified bridge priority will be reset for all ports If sid is not specified bridge priority will be reset on all SIDs Command Type Switch command Command Mode Read Write Example This example shows how to reset the priority of Fast Ethernet front panel port 3 to 128 port string Optional Resets the priority for specific port s For a detailed description of p...

Page 329: ...port 3 6 2 2 9 set spantree portcost Use this command to assign a cost value to a Spanning Tree or port This parameter is used to determine the best path between Spanning Tree devices Therefore lower values should be assigned to ports attached to faster media and higher values assigned to ports with slower media set spantree portcost port string cost sid port string Specifies the port s for which ...

Page 330: ...port s to which to assign a cost value For a detailed description of possible port string values refer to Section 4 1 2 cost Specifies a cost value Ranges are 0 to 65535 with legacy path cost enabled 0 to 200000000 with legacy path cost disabled NOTES A cost value of 0 will allow a port s default cost which is based on link speed to be used If the link is part of a trunk the sum of all link speeds...

Page 331: ...ring is not specified path cost will be reset for all ports If sid is not specified port cost will be reset on all SIDs Command Type Switch command Command Mode Read Write Example This example shows how to reset port cost to 0 on Fast Ethernet front panel port 11 6 2 2 11 show spantree adminedge Use this command to display the edge port administrative status for a port show spantree adminedge port...

Page 332: ...ge port administrative status on a Spanning Tree port set spantree adminedge port string true false Syntax Description Command Defaults None Command Type Switch command port string Specifies the port s for which to display edge port administrative status For a detailed description of possible port string values refer to Section 4 1 2 Matrix show spantree adminedge fe 0 3 admin edge TRUE for port f...

Page 333: ...ge port string Syntax Description Command Defaults If port string is not specified edge port status will be reset for all ports Command Type Switch command Command Mode Read Write Example This example shows how to reset Fast Ethernet front panel port 24 as a non edge port 6 2 2 14 show spantree spanguard Use this command to display the status of the Spanning Tree span guard function show spantree ...

Page 334: ...d bridge from becoming part of the active Spanning Tree topology It does this by disabling a port that receives a BPDU when that port has been defined as an edge user port as described in Section 6 2 2 12 This port will remain disabled until the amount of time defined by the set spantree spanguardtimeout Section 6 2 2 18 has passed since the last seen BPDU or the port is manually unlocked as descr...

Page 335: ...rd function to disabled clear spantree spanguard Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to reset the status of the span guard function to disabled 6 2 2 17 show spantree spanguardtimeout Use this command to display the Spanning Tree span guard timeout setting show spantree spanguardtimeout Syntax Description ...

Page 336: ...uard function set spantree spanguardtimeout timeout Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to set the span guard timeout to 600 seconds 6 2 2 19 clear spantree spanguardtimeout Use this command to reset the Spanning Tree span guard timeout to the default value of 300 seconds clear spantree spanguardtimeout Matrix ...

Page 337: ... to reset the span guard timeout to 300 seconds 6 2 2 20 show spantree spanguardlock Use this command to display the span guard lock status of one or more ports show spantree spanguardlock port string Syntax Description Command Defaults None Command Type Switch command Command Mode Read Only Matrix clear spantree spanguardtimeout port string Specifies the port s for which to show span guard lock s...

Page 338: ...bed in Section 6 2 2 12 clear spantree spanguardlock port string Syntax Description Command Defaults If port string is not specified all span guard locked ports will be unlocked Command Type Switch command Command Mode Read Only Example This example shows how to unlock Fast Ethernet front panel port 16 6 2 2 22 show spantree spanguardtrapenable Use this command to display the state of the Spanning...

Page 339: ...uardtrapenable Use this command to enable or disable the sending of an SNMP trap message when span guard detects that an unauthorized port has tried to join the Spanning Tree set spantree spanguardtrapenable disable enable Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to enable the span guard trap function Matrix show sp...

Page 340: ... None Command Type Switch command Command Mode Read Write Example This example shows how to reset the span guard trap function to disabled 6 2 2 25 show spantree adminpoint Use this command to display the administrative point to point status of the LAN segment attached to a port show spantree adminpoint port string Syntax Description Command Defaults None Command Type Switch command Matrix clear s...

Page 341: ...ee adminpoint port string true false auto Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Matrix show spantree adminpoint fe 0 3 admin point to point AUTO for port fe 0 3 port string Specifies the port s for which to set point to point protocol status For a detailed description of possible port string values refer to Section 4 1 2 true false auto Specif...

Page 342: ...more ports clear spantree adminpoint port string Syntax Description Command Defaults If port string is not specified point to point status will be reset on all ports Command Type Switch command Command Mode Read Write Example This example shows how to reset the point to point status of the LAN segment attached to Fast Ethernet front panel port 3 to auto Matrix set spantree adminpoint fe 0 3 true p...

Page 343: ... devices can be logically grouped into VLANs even if they span long physical distances over a vast intricate physical network The VLAN set of commands allows such VLANs to be configured on a network at the switched port of the Matrix E1 Also some or all of the ports on the device can be configured as GVRP ports which enable frames received with a particular VLAN ID and protocol to be transmitted o...

Page 344: ...sable GVRP GARP VLAN Registration Protocol Section 7 3 8 Preparing for VLAN Configuration A little forethought and planning is essential to a good VLAN implementation Before attempting to configure a single device for VLAN operation consider the following How many VLANs will be required What stations will belong to them What ports are connected to those stations What ports will be configured as GV...

Page 345: ... will recognize Depending on the command used you can see a list of all VLANs dynamic and static or just the static VLANs Commands The commands needed to configure Static VLANs are listed below and described in the associated section as shown show vlan Section 7 3 1 1 show vlan static Section 7 3 1 2 show vlan portinfo Section 7 3 1 3 7 3 1 1 show vlan Use this command to display all information r...

Page 346: ...nd it is enabled to operate There are 48 Fast Ethernet ports in its port egress list which are configured to transmit untagged frames There are no VLAN 1 forbidden ports This example shows how to display the information for VLAN 7 only In this case VLAN 7 has a VLAN name of green and it is enabled Fast Ethernet front panel ports 5 through 10 12 and 30 are detail Optional Displays detailed attribut...

Page 347: ...efer to Section 7 3 2 1 For more information on configuring GVRP refer to Section 7 3 8 VLANs can also be automatically created when dynamic egress is enabled as described in Section 7 3 4 6 Matrix show vlan 7 VLAN 7 Name green Status enabled Egress Ports fe 0 5 10 fe 0 12 fe 0 30 Forbidden Egress Ports None Untagged Ports None Matrix show vlan detail Number of vlans 17 Number of vlans deleted 172...

Page 348: ...an name are not specified information for all static VLANs will be displayed Command Type Switch command Command Mode Read Only Example This example shows that the static VLAN 7 has the name green and is enabled to operate Fast Ethernet front panel ports 5 through 10 12 and 30 are in the VLAN 7 port egress list and configured to transmit frames tagged as VLAN 7 frames vlan list vlan name Optional ...

Page 349: ...r vlan name are not specified information for all static VLANs will be displayed If port string is not specified information for all ports will be displayed Command Type Switch command Command Mode Read Only vlan vlan list vlan name Optional Displays specific VLAN s For VLAN name to display it must first be set using the set vlan name command For details refer to Section 7 3 2 2 port port string O...

Page 350: ...to VLAN 1 the default VLAN Ingress filtering has not been enabled Ports ge 0 1 5 are assigned to transmit untagged frames for the default VLAN only while port ge 0 6 is also configured to transmit tagged frames for VLANs 510 520 530 4000 and 4094 Matrix show vlan portinfo ge Port Ingress Egress Vlan Filter Vlan ge 0 1 1 N untagged 1 ge 0 2 1 N untagged 1 ge 0 3 1 N untagged 1 ge 0 4 1 N untagged 1...

Page 351: ... IEEE 802 1Q VLAN or to enable or disable an existing VLAN When a new VLAN is created it is added to the list of VLANs that the device will recognize Once a VLAN is created you can assign it a name using the set vlan name command described in Section 7 3 2 2 set vlan create enable disable vlan list Syntax Description Command Defaults None NOTE Each VLAN ID must be unique If a duplicate VLAN ID is ...

Page 352: ...o disable VLAN 3 7 3 2 2 set vlan name Use this command to set the ASCII name for a new or existing VLAN Once set you can use the vlan name interchangeably with the vlan id in the show vlan show vlan static and show vlan dynamicegress commands set vlan name vlan id vlan name Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Matrix set vlan create 3 Matrix...

Page 353: ... clear vlan Use this command to remove one or more static VLANs from the list of VLANs recognized by the device clear vlan vlan list Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to remove a static VLAN 9 from the device s VLAN list Matrix set vlan name 7 green vlan list Specifies the VLAN s to be removed Matrix clear vl...

Page 354: ... Use this command to remove the name of a VLAN from the VLAN list clear vlan name vlan id Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to clear the name for VLAN 9 vlan id Specifies the number of the VLAN associated with the VLAN name to be cleared Matrix clear vlan name 9 ...

Page 355: ...the classification rule and not the Port VLAN ID assigned to the port VLAN classification takes precedence over the PVID Commands The commands associated with configuring port VLAN IDs are listed below and described in the associated section as shown show port vlan Section 7 3 3 1 set port vlan Section 7 3 3 2 clear port vlan Section 7 3 3 3 show port ingress filter Section 7 3 3 4 set port ingres...

Page 356: ...and Defaults None Command Type Switch command Command Mode Read Write Matrix show port vlan fe 0 1 5 Port fe 0 1 has a port VLAN ID of 1 Port fe 0 2 has a port VLAN ID of 1 Port fe 0 3 has a port VLAN ID of 1 Port fe 0 4 has a port VLAN ID of 1 Port fe 0 5 has a port VLAN ID of 1 NOTE The PVID is used to classify untagged frames as they ingress into a given port When setting a PVID with the set po...

Page 357: ...d Mode Read Write Example This example shows how to reset the Fast Ethernet front panel ports 3 and 11 to a VLAN ID of 1 Host VLAN Matrix set port vlan fe 0 10 4 The PVID is used to classify untagged frames as they ingress into a given port Would you like to add the selected port s to this vlan s untagged egress list and remove them from all other vlans untagged egress list y n n NOTE choosing y w...

Page 358: ...s command described in Section 7 3 3 5 show port ingress filter port string Syntax Description Command Defaults If port string is not specified ingress filtering status for all ports will be displayed Command Type Switch command Command Mode Read Only Example This example shows how to display the port ingress filter status to see which of the front panel ports 10 through 15 are enabled or disabled...

Page 359: ...LAN If the received port does not belong to that frame s VLAN egress list then the frame is dropped Ingress filtering is implemented according to the IEEE 802 1Q standard set port ingress filter port string enable disable Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to disable port ingress filtering on Fast Ethernet fro...

Page 360: ...or dynamic egress for the port to join the VLAN will be ignored Setting a port to untagged allows it to transmit frames without a tag header This setting is usually used to configure a port connected to an end user device Commands The commands used to configure VLAN egress and dynamic VLAN egress are listed below and described in the associated section as shown set vlan forbidden Section 7 3 4 1 s...

Page 361: ...ts show port egress port string Syntax Description Command Defaults If port string is not specified VLAN membership will be displayed for all ports Command Type Switch command Command Mode Read Write vlan id Specifies the VLAN for which to set forbidden port s port string Specifies the port s to set as forbidden for the specified vlan id For a detailed description of possible port string values re...

Page 362: ...x Description Command Defaults If untagged is not specified the port will be added to the VLAN egress list as able to transmit 802 1Q tagged frames Command Type Switch command Matrix show port egress fe 0 1 3 Port Vlan Egress Registration Number Id Status Status fe 0 1 1 tagged static fe 0 1 10 untagged static fe 0 2 1 tagged static fe 0 2 10 untagged static fe 0 3 1 tagged static fe 0 3 10 untagg...

Page 363: ...AN egress lists clear vlan egress vlan list port string Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Examples This example shows how to remove Fast Ethernet port 1 on expansion module 3 from the egress list of VLANs 2 and 9 Matrix set vlan egress 7 fe 0 5 10 vlan list Specifies the VLAN s from which port s will be removed from the egress list port st...

Page 364: ...cegress vlan id vlan name Syntax Description Command Defaults If vlan id or vlan name is not specified status for all VLANs where dynamic egress is enabled will be displayed Command Type Switch command Command Mode Read Only Example This example shows how to determine that dynamic VLAN egress is currently enabled for VLANs 10 100 and 3072 Matrix clear vlan egress 4 fe 2 vlan id vlan name Optional ...

Page 365: ... a tagged frame to the VLAN egress list of the port according to the frame VLAN ID If the VLAN does not exist it is created set vlan dynamicegress vlan id enable disable Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to enable the dynamic egress function on VLAN 7 vlan id Specifies the number of the VLAN on which to enabl...

Page 366: ...ated section as shown show vlan classification Section 7 3 5 1 set vlan classification Section 7 3 5 2 clear vlan classification Section 7 3 5 5 set vlan classification ingress Section 7 3 5 6 clear vlan classification ingress Section 7 3 5 7 7 3 5 1 show vlan classification Use this command to display the VLAN ID VID protocol classification and description of each classification of the current en...

Page 367: ...been configured on the device 7 3 5 2 set vlan classification Use this command to assign or contain frames according to classification rule enable or disable the global classifier on the device create a rule that will assign untagged traffic to a VLAN based on Layer 2 3 4 classification rules and enable or disable a classification rule associated with a VLAN Matrix show vlan classification VLAN Cl...

Page 368: ...for all VLANs 1 classifies these frames the default VLAN 2 4094 classifies these frames to the specified VLAN data_meaning Specifies the parameter used to classify or filter frames Refer to Table 7 1 and Table 7 2 for lists of supported data_meanings and associated protocol types and classifications data_value Specifies the code for a predefined classifier This value is dependent on the classifica...

Page 369: ...isable create Creates a new classification rule that will be applied to the vlan id enable If a classification rule is not entered in this command this entry enables the global classifier in the device so that VLAN classification rules may be implemented NOTE Classification rules are automatically enabled when created disable If a classification rule is not entered in this command this entry disab...

Page 370: ...tion data_meaning parameters that can be entered to classify frames into a VLAN and the data_values that can be entered for each classifier associated with those parameters Values applied are listed next to each data_value keyword Table 7 2 provides the set vlan classification data_meaning parameters that can be entered to filter drop untagged frames and the data_values that can be entered for eac...

Page 371: ...tion into a VLAN AppleTalk Banyan Vines and RARP are considered user defined but are listed as options Additional user defined Ethernet II Type values will filter drop untagged frames as described in Table 7 2 IP and DECNET rules also classify the SNAP frame type 802 3 SAP IPX LLC E0E0 IPX RAW FFFF IPX SNAP AAAA Netbios F0F0 SNA 0000 0404 0808 and 0C0C Not applicable Table 7 2 Valid Values for VLA...

Page 372: ...a_meaning data_value s data_ mask IP Address Group Src IP Address Dest IP Address Bil IP Address IP Address in dotted decimal format 000 000 000 000 Data maskindotteddecimal format 000 000 000 000 NOTE While the distinction of Source Destination Bilateral makes entries with the same IP Address Network Number Port Range or MAC address unique only one entry from this and similar groups in this table...

Page 373: ...AP2 IMAP3 Netbios Datagram Netbios Name Server Netbios Sess Server POP3 RIP Smart Voice Gateway SMTP Telnet TFTP Not applicable data_meaning data_value s data_ mask TCP Port Group Src TCP Port Dest TCP Port Bil TCP Port Same selection as for UDP Port Group Not applicable IPX Socket Group Src IPX Socket Dest IPX Socket Bil IPX Socket Integer 0 65535 Diagnostics IPX WAN NCP Netbios NLSP RIP SAP Not ...

Page 374: ...0 00 00 00 Data mask bits UDP Range Group Src UDP Range Dest UDP Range Bil UDP Range Lower boundary of port range 0 65535 Upper boundary of port range 0 65535 TCP Range Group Src TCP Range Dest TCP Range Bil TCP Range Lower boundary of port range 0 65535 Upper boundary of port range 0 65535 NOTE It is important that you have a comprehensive understanding of the precedence concept before configurin...

Page 375: ...Source IP Address Exact Match 4 Source IP Address Best Match Subnet 5 Destination IP Address Exact Match 6 Destination IP Address Best Match Subnet 7 UDP TCP Port Source 8 UDP TCP Port Destination 9 IP TOS 10 IP Type 11 Protocol Type Ether Type or DSAP SSAP 12 Receive Port 13 Classification Type IPX Default Precedence Level 802 1Q frame tag received 1 Source MAC Address Best Match 2 Destination MA...

Page 376: ...ss of Service 8 IPX Type 9 Protocol Type Ether Type or DSAP SSAP 10 Receive Port 11 vlan id Specifies the number of the VLAN associated with the classification to be cleared data_meaning Specifies the data_meaning of the classification to be cleared Refer to Table 7 1 and Table 7 2 for lists of the data_meanings and associated protocol types and classifications data _value Specifies the data_value...

Page 377: ...equired only for classification types requiring a second data_value For details refer to Table 7 2 Matrix clear vlan classification 7 ethernet II type ip vlan id Specifies the number of the VLAN that will be associated with the new classification port string Specifies the port s to add to the new classification rule For a detailed description of possible port string values refer to Section 4 1 2 d...

Page 378: ...ample shows how to drop all Source UDP traffic received on Fast Ethernet front panel ports 5 through 10 from source UDP sockets 45 to 53 This would be accomplished by assigning the frames to a discard VLAN in this example VLAN ID 5 which will result in dropping the frames 7 3 5 7 clear vlan classification ingress Use this command to remove ports from a VLAN classification rule clear vlan classific...

Page 379: ...pecifies the number of the VLAN to remove from the classification rule port string Specifies the port s to remove from the classification rule For a detailed description of possible port string values refer to Section 4 1 2 data_meaning Specifies the data_meaning for the parameter used to classify or filter frames Refer to Table 7 1 and Table 7 2 for lists of the data_meanings and associated proto...

Page 380: ...nly tasks Commands The commands needed to configure host VLANs are listed below and described in the associated section as shown show host vlan Section 7 3 6 1 set port vlan host Section 7 3 6 2 clear host vlan Section 7 3 6 3 7 3 6 1 show host vlan Use this command to display the current host VLAN show host vlan Syntax Description None Command Defaults None Command Type Switch command Command Mod...

Page 381: ...nt This would allow a management station connected to the management VLAN to manage all ports on the device and make management secure by preventing management via ports assigned to other VLANs set port vlan host vlan id Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Command Alternative v2 05 xx and previous set host vlan vlan id Matrix show host vlan ...

Page 382: ... VLAN 7 as the host VLAN 7 3 6 3 clear host vlan Use this command to reset the host VLAN to the default setting of 1 clear host vlan Syntax Description None Command Defaults None Command Type Switch Command Command Mode Read Write Example This example shows how to set the host VLAN to the default setting Matrix set port vlan host 7 Matrix clear host vlan ...

Page 383: ...is one VLAN configured on the Matrix E1 It is vlan id 1 the default VLAN The default community name which determines remote access for SNMP management is set to public with Read Write access Table 7 4 Command Set for Creating a Secure Management VLAN To do this Use these commands Create and name a new VLAN and confirm settings set vlan Section 7 3 2 1 set vlan name Section 7 3 2 2 Optional show vl...

Page 384: ...information is transmitted out GVRP configured ports on the device in a GARP formatted frame using the GVRP multicast MAC address A switch router that receives this frame examines the frame and extracts the VLAN IDs GVRP then creates the VLANs and adds the receiving port to its tagged member list for the extracted VLAN ID s The information is then transmitted out the other GVRP configured ports of...

Page 385: ...rp Section 7 3 8 1 show garp timer Section 7 3 8 2 End Station A Switch 4 Switch 5 Port registered as a member of VLAN Blue Port declaring VLAN Blue D R 3680_77 1 1 2 3 D R D Switch 1 1 R R 3 Switch 2 1 2 D R D 2 1 4 6 8 10 12 14 16 3 5 7 9 11 13 15 18 17 20 22 24 26 28 30 32 19 21 23 25 27 29 31 34 33 36 38 40 42 44 46 48 35 37 39 41 43 45 47 Reset Console PWR CPU 1H152 51 Switch 3 1 R 2 1 4 6 8 ...

Page 386: ...displayed for all ports Command Type Switch command Command Mode Read Only Example This example shows how to display GVRP status for Fast Ethernet front panel ports 1 though 10 port string Optional Displays GVRP configuration information for specific port s For a detailed description of possible port string values refer to Section 4 1 2 Matrix show gvrp fe 0 1 10 Global GVRP Configuration is enabl...

Page 387: ...ied GARP timer information will be displayed for all ports Command Type Switch command Command Mode Read Only Example This example shows how to display GARP timer information on Fast Ethernet front panel ports 1 through 10 port string Optional Displays GARP timer information for specific port s For a detailed description of possible port string values refer to Section 4 1 2 NOTE For a functional d...

Page 388: ...to Section 7 3 8 4 Matrix show garp timer fe 0 1 10 Port based GARP Configuration Timer units are centiseconds Port Number Join Leave Leaveall fe 0 1 20 60 1000 fe 0 2 20 60 1000 fe 0 3 20 60 1000 fe 0 4 20 60 1000 fe 0 5 20 60 1000 fe 0 6 20 60 1000 fe 0 7 20 60 1000 fe 0 8 20 60 1000 fe 0 9 20 60 1000 fe 0 10 20 60 1000 Table 7 5 show gvrp configuration Output Details Output What It Displays Por...

Page 389: ...fied GVRP will be globally disabled or enabled Command Type Switch command Command Mode Read Write Examples This example shows how to enable GVRP globally on the device This example shows how to disable GVRP This example shows how to enable GVRP on Fast Ethernet front panel port 1 disable enable Disables or enables GVRP on the device port string Optional Disables or enables GVRP on specific port s...

Page 390: ...mer value to 100 centiseconds for all the ports on all the VLANs NOTE The setting of these timers is critical and should only be changed by personnel familiar with the 802 1Q standards documentation which is not supplied with this device join timer_value Sets the GARP join timer in centiseconds Refer to 802 1Q standard leave timer_value Sets the GARP leave timer in centiseconds Refer to 802 1Q sta...

Page 391: ...H582 xx Configuration Guide 7 49 This example shows how to set the leave timer value to 300 centiseconds for all the ports on all the VLANs This example shows how to set the leaveall timer value to 20000 centiseconds for all the ports on all the VLANs Matrix set garp timer leave 300 Matrix set garp timer leaveall 20000 ...

Page 392: ...VLAN Configuration Command Set Enabling Disabling GVRP GARP VLAN Registration Protocol 7 50 Matrix E1 Series 1G58x 09 and 1H582 xx Configuration Guide ...

Page 393: ...ating and assigning classification rules which map user profiles to frame filtering policies Assign or unassign ports to policy profiles so that only ports activated for a profile will be allowed to transmit frames accordingly 8 2 PROCESS OVERVIEW POLICY CLASSIFICATION CONFIGURATION Use the following steps as a guide to configure policy classification on the device 1 Configuring policy profiles Se...

Page 394: ...elow and described in the associated section as shown show policy profile Section 8 3 1 1 set policy profile Section 8 3 1 2 clear policy profile Section 8 3 1 3 show policy invalid action Section 8 3 1 4 set policy invalid action Section 8 3 1 5 clear policy invalid action Section 8 3 1 6 8 3 1 1 show policy profile Use this command to display policy profile information show policy profile profil...

Page 395: ...atus Disabled COS 0 SummaryAdminId fe 0 1 SummaryOperId fe 0 1 Table 8 1 show policy profile Output Details Output What It Displays Profile Index Number of the profile entry Profile Name User supplied name assigned to this profile entry Row Status Whether or not the profile is enabled active or disabled Port Vid Status Whether or not PVID override is enabled or disabled for this profile Port Vid P...

Page 396: ...le disable Enables or disables the profile entry name Specifies a name for the entry enable disable vlan id Enables or disables port VLAN ID PVID override for this profile with the specified vlan id Valid values and their corresponding actions are 4095 classifies all traffic to an 802 1Q PVID and permits it to forward PVID must be assigned to this policy profile with the set policy port command as...

Page 397: ...ex all Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to delete policy profile 8 8 3 1 4 show policy invalid action Displays information about the action the device will apply on an invalid or unknown policy and if applicable the invalid policy ID that was attempted during authentication show policy invalid action Syntax ...

Page 398: ...ice will apply to an invalid or unknown policy set policy invalid action default policy drop forward Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Matrix show policy invalid action Current action on invalid unknown profile is Apply default policy Number of invalid unknown profiles detected 0 default policy Instructs the device to ignore this result an...

Page 399: ...policy invalid action Use this command to reset the action the device will apply to an invalid or unknown policy to the default action of applying the default policy clear policy invalid action Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to reset the invalid policy action Matrix set policy invalid action drop Matr...

Page 400: ...policy class Section 8 3 2 1 set policy classify Section 8 3 2 2 clear policy class Section 8 3 2 4 show policy maptable Section 8 3 2 5 show vlanauthorization Section 8 3 2 6 set vlanauthorization Section 8 3 2 7 set policy maptable response Section 8 3 2 8 clear policy maptable response Section 8 3 2 9 set policy maptable Section 8 3 2 10 clear policy maptable Section 8 3 2 11 8 3 2 1 show polic...

Page 401: ...agged frames to a specific policy profile and to VLAN or Class of Service classification rules set policy classify profile index classify index vlan cos classify value ether ipbil ipdest ipproto ipsource iptos ipxbil ipxbilsocket ipxclass ipxdest ipxdestsocket ipxsource ipxsourcesocket ipxtype llc macbil macdest macsource tcpbilrange tcpdestrange tcpportdest tcpportsource tcpsrcrange udpportbil ud...

Page 402: ... Specifies a Class of Service value or VLAN ID to associate with the classification rule Valid CoS values are 0 7 Valid VLAN ID values and associated actions are 4095 permits these frames to forward on all VLANs 0 denies and discards these frames for all VLANs 1 classifies these frames the default VLAN 2 4094 classifies these frames to the specified VLAN ether Classifies based on type field in Eth...

Page 403: ... ports tcpdestrange Classifies based on a range of TCP destination ports tcpportdest Classifies based on TCP destination port tcpportsource Classifies based on TCP source port tcpsrcrange Classifies based on a range of TCP source ports udpbilrange Classifies based on a range of UDP bilateral ports udpdestrange Classifies based on a range of UDP destination ports udpportbil Classifies based on UDP ...

Page 404: ...d from VLAN 7 on ports assigned to policy profile 8 Table 8 2 provides the set policy classify data_values that can be entered for a particular classification type and the data_mask that can be entered for each classifier associated with that parameter Matrix set policy classify 1 1 vlan 7 ether 1526 Matrix set policy classify 2 2 vlan 4095 ether 1526 Matrix set policy classify 8 5 vlan 7 udpports...

Page 405: ...table may exist for a given address or port designation Additional entries will fail ipproto Protocol field in IP packet 0 255 Not applicable iptos Type of Service field in IP packet 0 255 Not applicable ipxclass Transmission control Class of Service field in IPX 0 255 Not applicable ipxtype IPX packet type field 0 255 Not applicable IPX Network Address Bilateral Source or Destination ipxbil ipxso...

Page 406: ...t Number 0 65535 Not applicable TCP Range Bilateral Source or Destination tcpbilrange tcpsrcrcrange tcpdestrange Lower boundary of port range 0 65535 Upper boundary of port range 0 65535 UDP Port Bilateral Source or Destination udpportbil udpportsource udpportdest UDP Port Number 0 65535 Not applicable UDP Range Bilateral Source or Destination udpbilrange udpdsrcrange udpdestrange Lower boundary o...

Page 407: ...concept before configuring the switch as these rules can have a significant impact on the network operation NOTE In Table 8 3 the following applies Exact Match indicates a match of an explicitly defined address Best Match indicates a match of an entire subnet or range of addresses within a subnet Table 8 3 Classification Precedence Classification Type s Precedence Level Source MAC Address Best Mat...

Page 408: ...file index all Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to delete all policy classification entries Ethertype Field DSAP SSAP Fields 13 VLAN 14 Priority 15 profile index Specifies the profile index number of the policy classification to be deleted Valid values are 1 to 65535 all Deletes all policy classification ent...

Page 409: ... the VLAN tunnel attributes show policy maptable Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Only Example This example shows how to display policy to VLAN mapping information In this case RADIUS authentication is configured to authenticate according to policy profile ID Policy profile 2 is assigned to authenticate for VLANs 3 and 4 and policy profile...

Page 410: ...nd Command Mode Read Only Example This example shows how to display the status of VLAN authorization In this case it is globally enabled and enabled on all ports No VLAN IDs have been configured for policy authentication Matrix show vlanauthorization VLAN Authorization is globally enabled Port Status VLAN Id fe 0 1 enabled 0 fe 0 2 enabled 0 fe 0 3 enabled 0 fe 0 4 enabled 0 fe 0 5 enabled 0 fe 0 ...

Page 411: ...led but will not be enabled on any ports Command Type Switch command Command Mode Read Write Example This example shows how to enable VLAN authorization globally and on ports fe 0 1 through 4 NOTE The following RADIUS tunnel attributes must be present for proper VLAN authentication Tunnel medium type 802 Tunnel Type Virtual LANs VLANs Tunnel pvt group id VLAN number to authenticate enable disable ...

Page 412: ... described in Section 8 3 2 7 If a port is authenticated to a VLAN the port VLAN is overridden and if present any default policy on the port will be removed set policy maptable response policyprofile vlantunnel Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to configure policy authentication to use VLAN tunnel attributes ...

Page 413: ...8 3 2 7 the policy map table can be used to authenticate a mapped policy profile index to a VLAN tunnel attribute If the policy maptable is zero for any VLAN entry the maptable will not be used and the authentication will simply be to override the port VLAN for the duration of the authenticated session set policy maptable vlan list profile index Syntax Description Command Defaults None Command Typ...

Page 414: ...ommand to clear policy profile mapping to one or more VLANs clear policy maptable vlan list Syntax Description Command Defaults If vlan list is not specified policy to VLAN mapping will be cleared for all VLANs Command Type Switch command Command Mode Read Write Example This example shows how to clear the policy profile mapping for VLAN 10 Matrix set policy maptable 10 6 vlan list Optional Specifi...

Page 415: ...ed in the associated section as shown show policy port Section 8 3 3 1 set policy port Section 8 3 3 2 clear policy port Section 8 3 3 3 8 3 3 1 show policy port Use this command to display policy information for one or more ports show policy port port string Syntax Description Command Defaults If port string is not specified policy information will be displayed for all ports Command Type Switch c...

Page 416: ...ive for this profile Untagged frames received will be tagged according to the policy profile settings set policy port port string admin id Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to allow Fast Ethernet front panel ports 5 through 15 to classify frames according to policy profile 5 Matrix show policy port fe 0 21 Po...

Page 417: ...ar policy port port string all Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to remove Fast Ethernet front panel port 21 from a policy profile port string Specifies the port s to remove from a policy profile For a detailed description of possible port string values refer to Section 4 1 2 all Deletes all policy port entri...

Page 418: ...Policy Classification Configuration Command Set Assigning Ports to Policy Profiles 8 26 Matrix E1 Series 1G58x 09 and 1H582 xx Configuration Guide ...

Page 419: ...gh 7 and four transmit queues 0 3 of traffic for each port A priority 0 through 7 can be set on each port with 0 being the lowest priority A port receiving a frame without priority information in its tag header is assigned a priority according to the default priority setting on the port For example if the priority of a port is set to 5 the frames received through that port without a priority indic...

Page 420: ...aches more than a predetermined proportion of the overall capacity Guarantee Maximum Bandwidth under stress Hybrid Queueing There are two modes of hybrid queueing Mode 1 In mode 1 the highest queue Q3 has a strict priority over all other three queues so that the frames in the lower three transmit queues are not served until there are no frames in the highest queue When there are no frames in the h...

Page 421: ...ion contained in the 802 1Q frame tag When configuring the ports you can display the current classification and entries of each classification rule assign priorities to classification rules assign an 8 bit Type of Service ToS value to incoming IP frames add delete a priority and associated protocol entry overwrite default precedence levels assigned in an 802 1Q tagged frame and overwrite an existi...

Page 422: ...guring Port Traffic Rate Limiting Section 9 3 6 9 3 PORT PRIORITY AND CLASSIFICATION CONFIGURATION COMMANDS 9 3 1 Configuring Port Priority Purpose To view or configure port priority characteristics as follows Display or change the port default transmit priority 0 through 7 of each port for frames that are received ingress without priority information in their tag header Display the current traffi...

Page 423: ... 5 9 3 1 2 set port priority Use this command to set the 802 1D transmit queue priority 0 through 7 on each port A port receiving a frame without priority information in its tag header is assigned a priority according to the priority setting on the port For example if the priority of a port is set to 5 the frames received through that port without a priority indicated in their tag header are class...

Page 424: ... port priority Use this command to reset the current 802 1D port priority setting to 0 This will cause all frames received without a priority value in its header to be set to priority 0 clear port priority port string Syntax Description Command Defaults None port string Specifies the port for which to set priority For a detailed description of possible port string values refer to Section 4 1 2 pri...

Page 425: ... described back in Section 9 3 1 2 or according to a priority based on a percentage of port transmission capacity set using the set priority queue command described in Section 9 3 2 2 Commands The commands used in configuring transmit priority queues are listed below and described in the associated section show priority queue Section 9 3 2 1 set priority queue Section 9 3 2 2 9 3 2 1 show priority...

Page 426: ...is case the frames shown with a priority of 0 or 3 are transmitted according to the transmit priority queue of 1 the second lowest transmit priority frames with 1 or 2 priority at the lowest transmit priority of 0 frames with 4 or 5 priority at the second highest transmit priority of 2 and frames with 6 or 7 priority at the highest transmit priority of 3 This example shows how to display the trans...

Page 427: ... those frames would be transmitted before any frames contained in traffic classes 2 through 0 Refer to the following table for the transmit priority queue default values according to port priority set priority queue priority queue Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Frame Port Priority 0 1 2 3 4 5 6 7 Transmit Port Priority Queue Traffic Cla...

Page 428: ...Queue Mapping 9 10 Matrix E1 Series 1G58x 09 and 1H582 xx Configuration Guide Example This example shows how to use the set priority queue command to program the device so the priority 5 frames received are transmitted at the lowest transmit priority queue of 0 Matrix set priority queue 5 0 ...

Page 429: ...Quality of Service are listed below and described in the associated section show port qos Section 9 3 3 1 set port qos sp Section 9 3 3 2 set port qos wrr Section 9 3 3 3 set port qos hybrid Section 9 3 3 4 9 3 3 1 show port qos Use this command to display Quality of Service information including the current QoS algorithm and associated queue settings for one or more ports show port qos port strin...

Page 430: ...specified all ports will be enabled for strict 802 1 queuing Command Type Switch command Command Mode Read Write Example This example shows how to set strict queues on the front panel Fast Ethernet port 13 With this configuration all frames in the next higher queue must always be processed first Matrix show port qos fe 0 10 13 Queue Queue 0 Queue 1 Queue 2 Queue 3 Port Algorithm Weight Weight Weig...

Page 431: ...e hybrid queues 0 1 2 and 3 are being set to 10 20 30 and 40 percent respectively port string Specifies the port s on which to set QoS weighted queues For a detailed description of possible port string values refer to Section 4 1 2 que0_weight Specifies a percentage of weight 0 through 100 with 25 as the default for queue 0 que1_weight Specifies a percentage of weight 0 through 100 with 25 as the ...

Page 432: ...Read Write hybrid_setting Specifies an integer 1 or 2 to select the hybrid mode of operation port string Specifies port s on which to set QoS weighted queues For a detailed description of possible port string values refer to Section 4 1 2 que1_weight Specifies a percentage of traffic 0 through 100 for queue 0 For Mode 2 do not set a weight because this queue is controlled by the SP algorithm and n...

Page 433: ...ueue 3 first Whenever there are no frames in Queue 3 frames in Queues 0 1 and 2 will be serviced using the WRR algorithm Example Mode 2 This example shows how to set hybrid Mode 2 and the transmission queues on the front panel Fast Ethernet ports 1 through 3 In this example the hybrid queues 0 and 1 are being set to 20 and 80 percent respectively Queues 2 and 3 will automatically use the 802 1p st...

Page 434: ...ature Assign an 8 bit Type of Service TOS value to incoming IP frames Overwrite an existing TOS value Commands The commands used in configuring priority classification are listed below and described in the associated section show priority classification Section 9 3 4 1 set priority classification Section 9 3 4 2 clear priority classification Section 9 3 4 4 set priority classification ingress Sect...

Page 435: ...xample shows that priority classification is currently enabled on the device and that two priority classification entries have been created with a priority of 5 Currently there are no ports on the priority classification ingress list associated with these classification rules The ingress list is created using the set priority classification ingress command described in Section 9 3 5 1 Matrix show ...

Page 436: ... Write Command Alternative v2 05 xx and higher set policy classify Section 8 3 2 2 priority_value Specifies a port priority number 0 through 7 to which the frame classification is applied data_meaning Specifies the parameters used to classify frames Refer to Table 9 1 for the list of data_meanings and associated protocol types and classifications data _value Specifies the code of a predefined clas...

Page 437: ... Priority Classification Table 9 1 provides the set priority classification data_meaning parameters that can be entered to classify frames and the data_values that can be entered for each classifier associated with those parameters Values applied are listed next to each data_value keyword When applicable data_masks are also listed for each data_value Matrix set priority classification enable Matri...

Page 438: ...n Vines 0BAD DECNET 6003 IP 0800 IPX 8137 RARP 8035 Not applicable 802 3 SAP IPX LLC E0E0 IPX RAW FFFF IPX SNAP AAAA Netbios F0F0 SNA 0000 0404 0808 and 0C0C Not applicable IP TOS Type of Service Integer 0 255 Not applicable IP Protocol Type Integer 0 255 ICMP IGMP OSPF TCP UDP Not applicable IPX COS Class of Service Integer 0 255 Not applicable IPX Packet Type 0 Hello or SAP 1 RIP 2 Echo Packet 3...

Page 439: ... Range or MAC address unique only one entry from this and similar groups in this table may exist for a given address or port designation Additional entries will fail IPX Network Group Src IPX Network Dest IPX Network Bil IPX Network IPX Network Num 0x00000000 Not applicable UDP Port Group Src UDP Port Dest UDP Port Bil UDP Port Integer 0 65535 BootP Client BootP Server DNS FTP FTP Data HTTP IMAP2 ...

Page 440: ...nostics IPX WAN NCP Netbios NLSP RIP SAP Not applicable MAC Address Group Src MAC Address Dest MAC Address Bil MAC Address MAC Address 00 00 00 00 00 00 Data mask bits UDP Range Group Src UDP Range Dest UDP Range Bil UDP Range Lower boundary of port range 0 65535 Upper boundary of port range 0 65535 TCP Range Group Src TCP Range Dest TCP Range Bil TCP Range Lower boundary of port range 0 65535 Upp...

Page 441: ... clear policy class Section 8 3 2 4 Example This example shows how to remove the Ethernet II Type IP classification rule from port priority 7 priority_value Specifies a port priority 0 through 7 associated with the classification to be cleared data_meaning Specifies the data_meaning of the classification to be cleared Refer to Table 9 1 for the list of data_meaning numbers and associated protocol ...

Page 442: ... enables a Network Administrator to assign both Layer 2 Class of Service CoS0 and Layer 3 ToS characteristics to incoming frames by rewriting the 8 bit ToS value in the IP header of incoming frames The Matrix E1 products enable you to configure the device to Insert a user defined 8 bit value into the IP ToS field Overwrite an existing ToS value This is useful when the Network Administrator wants t...

Page 443: ...r 0 255 to identify priority to the various switch devices and routers in the IP based network priority_value Specifies a port priority 0 through 7 associated with the classification to be set data_meaning Specifies the data_meaning for the parameter used to classify frames Refer to Table 9 1 for the list of the data_meanings and associated protocol types and classifications data _value Specifies ...

Page 444: ... Example This example shows how to enable the TOS value configured for the Ethernet Type II IP classification rule priority_value Specifies a port priority 0 through 7 associated with the classification to be enabled or disabled data_meaning Specifies the data_meaning for the parameter used to classify frames Refer to Table 9 1 for the list of the data_meanings and associated protocol types and cl...

Page 445: ...r Fast Ethernet front panel ports 1 through 3 9 3 4 8 set priority classification qtagoverride Use this command to enable or disable the priority tag override feature on one or more ports When enabled this feature lowers the precedence level of 802 1Q VLAN frame tags received on specified ports allowing MAC address matching and other types of priority classifications to receive higher precedence C...

Page 446: ...rride feature is enabled on a port as described in Section 9 3 4 8 802 1Q frame tags received on that port are assigned a lower precedence This allows MAC address matching and other types of priority classifications to receive higher precedence Table 9 2 lists the ISO layer associated classification default precedence levels and precedence levels with priority tag override enabled port string Spec...

Page 447: ...h 802 1Q Priority Tag Override 802 1Q frame tag received 1 12 Source MAC Address Best Match 2 1 Destination MAC Address Best Match 3 2 Source IP Address Exact Match 4 3 Source IP Address Best Match Subnet 5 4 Destination IP Address Exact Match 6 5 Destination IP Address Best Match Subnet 7 6 UDP TCP Port Source 8 7 Classification Type IP Precedence Level Default With 802 1Q Priority Tag Override U...

Page 448: ...tion Guide Source MAC Address Best Match 2 1 Destination MAC Address Best Match 3 2 Source IPX Network Number 4 3 Destination IPX Network Number 5 4 IPX Source Socket 6 5 IPX Destination Socket 7 6 IPX Class of Service 8 7 IPX Type 9 8 Protocol Type Ether Type or DSAP SSAP 10 9 Receive Port 11 11 Table 9 2 Classification Precedence Continued ...

Page 449: ...nd Mode Read Write priority_value Specifies the number of the port priority 0 through 7 being associated with the priority ingress classification list port string Specifies the port s being added to the port priority ingress classification list For a detailed description of possible port string values refer to Section 4 1 2 data_meaning Specifies the data_meaning for the parameter used to classify...

Page 450: ...atrix set priority classification ingress 7 fe 0 30 33 ethernet II type IP priority_value Specifies the number of the port priority 0 through 7 being removed from the priority ingress classification list port string Specifies the port s being removed from the port priority ingress classification list For a detailed description of possible port string values refer to Section 4 1 2 data_meaning The ...

Page 451: ...atrix E1 Series 1G58x 09 and 1H582 xx Configuration Guide 9 33 Command Mode Read Write Example This example shows how to clear Fast Ethernet front panel ports 5 to 7 from the Src UDP Range 44 46 classification rule Matrix clear priority classification ingress 5 fe 0 5 7 src udp range 44 46 ...

Page 452: ...ty levels The rate of all traffic entering the port with the priorities configured to that port is not allowed to exceed the programmed limit If the rate exceeds the programmed limit frames are dropped until the rate falls below the limit Commands The commands to configure traffic rate limiting are listed below and described in the associated section show port ratelimit Section 9 3 6 1 set port ra...

Page 453: ...d within these priority queues will be discarded after the rate limiting threshold is reached Matrix show port ratelimit fe 0 1 2 Global Ratelimiting State disabled Threshold Packet Port Port Priority bits sec Type Status fe 0 1 0 195000 discard disabled fe 0 1 1 195000 discard disabled fe 0 1 2 195000 discard disabled fe 0 1 3 195000 discard disabled fe 0 1 4 195000 discard disabled fe 0 1 5 1950...

Page 454: ...s on which to set the rate limiting threshold and other parameters For a detailed description of possible port string values refer to Section 4 1 2 priority Specifies the 802 1D port priority level associated with the port string Valid values are 0 7 with 0 specifying the lowest priority and all to set the rate limiting threshold and other parameters on all port priority levels associated with the...

Page 455: ...alues for one or more priorities on one or more ports clear port ratelimit port string priority Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Matrix set port ratelimit enable Matrix set port ratelimit fe 0 3 7 5 200000 discard enable port string Specifies a port on which to reset the rate limiting threshold and other parameters For a detailed descript...

Page 456: ...nfiguring Port Traffic Rate Limiting 9 38 Matrix E1 Series 1G58x 09 and 1H582 xx Configuration Guide Example This example shows how to reset rate limiting on port priority 5 for Fast Ethernet front panel ports 3 through 7 Matrix clear port ratelimit fe 0 3 7 5 ...

Page 457: ... through to ensure that traffic is only passed to the hosts that subscribed to this service The Matrix E1 switch device uses IGMP Internet Group Management Protocol to query for any attached hosts who want to receive a specific multicast service The device looks up the IP Multicast Group used for this service and adds any port that received a similar request to that group It then propagates the se...

Page 458: ...as shown show igmp Section 10 2 1 1 set igmp Section 10 2 1 2 10 2 1 1 show igmp Use this command to display IGMP information show igmp groups query interval response time Syntax Description Command Defaults If no parameters are specified IGMP status enabled or disabled will be displayed Command Type Switch command Command Mode Read Only groups Optional Displays a list of IGMP streams and client c...

Page 459: ... the device it wants to receive transmissions addressed to a specific multicast group set igmp enable disable Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Examples This example shows how to enable IGMP snooping on the device This example shows how to disable IGMP snooping on the device Matrix show igmp IGMP Snooping is disabled enable disable Enables...

Page 460: ...s The commands needed to display and set IGMP query interval and response time are listed below and described in the associated sections as shown show igmp query interval Section 10 2 2 1 set igmp query interval Section 10 2 2 2 show igmp response time Section 10 2 2 3 set igmp response time Section 10 2 2 4 10 2 2 1 show igmp query interval Use this command to display the IGMP query interval sett...

Page 461: ...ion Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to set the IGMP query interval to 60 seconds 10 2 2 3 show igmp response time Use this command to display the IGMP response time setting show igmp response time Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Only intervaltime Specifies the freque...

Page 462: ... set the maximum IGMP query response time as defined in RFC 2236 Section 8 3 set igmp response time value Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to set the IGMP response time to 200 tenths of a second Matrix show igmp response time IGMP response time is 100 1 seconds value Specifies the maximum query response time...

Page 463: ...listed below and described in the associated section as shown show igmp groups Section 10 2 3 1 10 2 3 1 show igmp groups Use this command to display a list of IGMP streams and client connection ports show igmp groups Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Only Examples This example shows how to display IGMP groups In this example the device kno...

Page 464: ...Table 10 1 show igmp groups Output Details Output What It Displays Vlan ID VLAN segment configured for IGMP Multicast IP IP address associated with the VLAN ID through which all multicast traffic is forwarded Type Protocol type which is IGMP IGMP Port List Port designation s wishing to receive multicast transmissions For a detailed description of possible port string values refer to Section 4 1 2 ...

Page 465: ...se of IGMP VLAN Registration refer to Section 10 3 1 Command The command used to configure IGMP VLAN registration are listed below and described in the associated sections as shown show igmp mode Section 10 2 4 1 set igmp mode vlan Section 10 2 4 2 set igmp mode ipaddress Section 10 2 4 3 set igmp mode Section 10 2 4 4 10 2 4 1 show igmp mode Use this command to display IVR information for one or ...

Page 466: ...d Matrix show igmp mode fe 0 1 3 IGMP MODE VLAN 1 IGMP MODE IP 10 1 2 3 Port Mode Port Mode Port Mode fe 0 1 open fe 0 2 open fe 0 3 open Table 10 2 show igmp mode Output Details Output What It Displays IGMP MODE VLAN VLAN segment to be used by all ports running in IGMP open mode IGMP MODE IP Virtual IP address associated with the VLAN ID through which all multicast traffic is forwarded Port Port ...

Page 467: ...LAN 10 2 4 3 set igmp mode ipaddress Use this command to set the virtual IP address through which multicast traffic will be forwarded to all subscribing or open ports set igmp mode ipaddress ip_address Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write vlan_id Specifies the IGMP registered VLAN Matrix set igmp mode vlan 1 ip_address Specifies the virtual I...

Page 468: ...nd Section 10 2 4 2 Ports in secure mode will scope multicast transmissions to the VLAN receiving the IGMP requests set igmp mode port string open secure Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to set the IGMP mode to open for front panel Fast Ethernet ports 1 through 3 Matrix set igmp mode ipaddress 10 1 2 3 port ...

Page 469: ...rts multicast group management by passively snooping on the IGMP query and IGMP report packets transferred between IP multicast switches and IP multicast host groups to learn IP multicast group members and actively sending IGMP query messages to solicit IP multicast group members The purpose of multicast group management is to optimize a switched network s performance so multicast packets will onl...

Page 470: ...es dynamically register for streams of multicast traffic in the multicast VLAN The switch modifies the forwarding behavior to allow the traffic to be forwarded from the multicast VLAN to the client port in a different VLAN selectively allowing traffic to cross between two VLANs To use IVR only user access ports should be configured in open mode The switch identifies clients that are in open mode a...

Page 471: ...ging Section 11 2 1 Monitoring Switch Network Events and Statistics Section 11 2 2 Managing Switch Network Addresses Section 11 2 3 Configuring Simple Network Time Protocol SNTP Section 11 2 4 Configuring Node Aliases Section 11 2 5 Configuring Convergence End Points CEP phone detection Section 11 2 6 NOTE The commands in this section pertain to network management of the Matrix E1 device when it i...

Page 472: ...ted below and described in the associated section as shown set logging Section 11 2 1 1 show logging all Section 11 2 1 2 show logging console Section 11 2 1 3 set logging console Section 11 2 1 4 show logging server Section 11 2 1 5 set logging server Section 11 2 1 6 clear logging server Section 11 2 1 7 show logging default Section 11 2 1 8 set logging default Section 11 2 1 9 clear logging def...

Page 473: ...his command to display all configuration information for system logging show logging all Syntax Description None Command Defaults None enable disable Enables or disables Syslog Matrix set logging disable NOTE Most system messages are logged at severity level of 6 Notice By default the logging applications are set to 5 Warning which will suppress level 6 Notice messages from the console session To ...

Page 474: ...Logging and Network Management Command Set Configuring System Logging 11 4 Matrix E1 Series 1G58x 09 and 1H582 xx Configuration Guide Command Type Switch command Command Mode Read Only ...

Page 475: ... State Enabled Application Current Severity Level 0 default 6 1 GARP 5 2 MSTP 5 3 IGMP 5 4 LAG 5 5 FilterDb 5 6 hostVx 5 7 CDP 5 8 RMON 5 9 Policy 5 10 Syslog 5 11 RatePol 5 12 rtrFE 6 13 RtrCfg 5 14 etsVlan 5 15 rtrACL 5 16 MII 5 17 Envoy 5 18 SSH 5 19 RtrDvmrp 5 20 RtrOspf 5 21 Eapol 5 22 Radius 5 23 Trunking 5 24 CiscoDP 5 25 MacAuth 5 26 Alias 5 27 SNMP 5 28 sntp 5 29 CLI 5 30 Telnet 5 31 SysD...

Page 476: ...bal Logging State Whether logging is globally enabled or disabled Application Mnemonic values for applications being logged For details on setting this value using the set logging application command refer to Section 11 2 1 12 For a list of valid values and their corresponding applications refer to Table 11 3 Current Severity Level Severity level 1 8 at which the server is logging messages for the...

Page 477: ...ally enabled and the severity level is set to 8 so that debugging level messages will be shown on the console For an explanation of the command output refer back to Table 11 1 Facility Syslog facility that will be encoded in messages sent to this server Valid values are local0 to local7 Severity Severity level at which the server is logging messages Description Text string description of this faci...

Page 478: ...e Read Write Example This command shows how to set the console logging severity level to 3 11 2 1 5 show logging server Use this command to display the Syslog configuration for a particular server severity Specifies the severity level at which log messages will display to the console Valid values and corresponding levels are 1 emergencies system is unusable 2 alerts immediate action required 3 cri...

Page 479: ...n will be displayed Command Type Switch command Command Mode Read Only Example This command shows how to display Syslog server configuration information For an explanation of the command output refer back to Table 11 1 index Optional Displays Syslog information pertaining to a specific server table entry Valid values are 1 8 Matrix show logging server IP Address Facility Severity Port Status 1 10 ...

Page 480: ...fies the Syslog message server s IP address facility facility Specifies the server s facility name Valid values are local0 to local7 severity severity Specifies the severity level at which the server will log messages Valid values and corresponding levels are 1 emergencies system is unusable 2 alerts immediate action required 3 critical conditions 4 error conditions 5 warning conditions 6 notifica...

Page 481: ...ver from the Syslog server table clear logging server index Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This command shows how to remove the Syslog server with index 1 from the server table 11 2 1 8 show logging default Use this command to display the Syslog server default values show logging default Matrix set logging server 1 ip_addr 134 1...

Page 482: ... command to set logging default values set logging default facility facility severity severity port port Matrix show logging default Facility Severity Port Defaults local7 warnings 5 514 NOTE Most system messages are logged at severity level of 6 Notice By default the logging applications are set to 5 Warning which will suppress level 6 Notice messages from the console session To view most of the ...

Page 483: ...gging facility facility Specifies the default facility name Valid values are local0 to local7 severity severity Specifies the default logging severity level Valid values and corresponding levels are 1 emergencies system is unusable 2 alerts immediate action required 3 critical conditions 4 error conditions 5 warning conditions 6 notifications significant conditions 7 informational messages 8 debug...

Page 484: ...mand Command Mode Read Write Example This command shows how to reset the Syslog default severity level to 5 11 2 1 11show logging application Use this command to display the severity level of Syslog messages for applications show logging application Syntax Description None Command Defaults None Command Type Switch command facility Optional Resets the default facility name to local7 severity Option...

Page 485: ...command shows a portion of the information displayed with the show logging application command For a full list of supported applications refer to Table 11 3 Table 11 2 provides an explanation of the command output Matrix show logging application Application Current Severity Level 1 default 2 Syslog 5 3 rtrFE 5 4 RtrCfg 5 5 etsVlan 5 6 SSH 5 7 rtrDvmrp 5 8 rtrOspf 5 More ...

Page 486: ...ing application command refer to Section 11 2 1 12 For a list of valid values and their corresponding applications refer to Table 11 3 Current Severity Level Severity level from 1 to 8 at which the server is logging messages for the listed application NOTE Most system messages are logged at severity level of 6 Notice By default the logging applications are set to 5 Warning which will suppress leve...

Page 487: ...4 error conditions 5 warning conditions 6 notifications significant conditions 7 informational messages 8 debugging messages NOTES Mnemonic values are case sensitive and must be typed as they appear in Table 11 3 Most system messages are logged at severity level of 6 Notice By default the logging applications are set to 5 Warning which will suppress level 6 Notice messages from the console session...

Page 488: ...GMP Internet Group Management Protocol FilterDb 802 1D Q compliant filter database hostVx Host interface services CDP CDP discovery protocol RMON Remote Monitoring Services Policy L2 L3 L4 Packet Policy Classification Services Syslog Syslog Service RatePol Rate Policing Limiting Services rtrFE Router Forwarding Engine RtrCfg Router Debug Configuration etsVlan VLAN Interface Manager rtrACL Router A...

Page 489: ...or conditions will be logged for that application Radius RADIUS client server Trunking Port trunking MacAuth MAC authentication Alias Node and alias SNMP Simple Network Management Protocol sntp Simple Network Time Protocol CLI Command Line Interface Telnet Telnet server and client SysDownload System download PortMirroring Port mirroring redirect Webview Enterasys WebView management application Mat...

Page 490: ...xample shows how to reset the logging severity level for SSH 11 2 1 14show logging audit trail Use this command to display the contents of a logging audit trail file This will be a record of all events that occur when users request and use specific system resources The device can store up to 200 messages show logging audit trail file Syntax Description mnemonic Resets the severity level for a spec...

Page 491: ...il command 11 2 1 15copy audit trail Use this command to copy the Syslog audit trail history buffer to a target file copy audit trail destination Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Matrix show logging audit trail 132 5 Apr 7 14 14 07 48 10 1 130 14 rtrFE HOST_DISP_ host Bad Source Address detect from interface vlan 3 with a source address o...

Page 492: ...y network and RMON statistics Commands Commands to monitor switch network events and status are listed below and described in the associated section as shown show eventlog Section 11 2 2 1 clear eventlog Section 11 2 2 2 history Section 11 2 2 3 repeat Section 11 2 2 4 show history Section 11 2 2 5 set history Section 11 2 2 6 show netstat Section 11 2 2 7 show rmon stats Section 11 2 2 8 show use...

Page 493: ...ow to use the show eventlog command 11 2 2 2 clear eventlog Use this command to delete all entries from the system event log clear eventlog Syntax Description None Command Defaults None Command Type Switch Command Command Mode Read Write Example This example shows how to clear the event log Matrix show eventlog 07 01 2001 16 57 28 Info system started 07 02 2001 08 29 13 Info system started 07 04 2...

Page 494: ...ed up to a maximum of 32 as specified in the set history command Section 11 2 2 6 history Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Only Example This example shows how to display the contents of the command history buffer It shows there are five commands in the buffer 11 2 2 4 repeat Use this command to repeat a command shown in the command history...

Page 495: ...fer display It is repeated once cmd_num Optional Specifies the number of the command from the history display iterations Optional Specifies the number of times to re execute the command Valid values are 0 to 2147483647 Entering 0 causes the specified cmd_num to be repeated endlessly until the user enters Ctrl C Matrix history 1 show arp 2 history 3 show ip 4 show cdp fe 0 1 5 history Matrix repeat...

Page 496: ...ption None Command Defaults None Command Type Switch command Command Mode Read Only Example This example shows how to display the size of the history buffer 11 2 2 6 set history Use this command to set the size of the history buffer set history size Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Matrix show history History buffer size 3 size Specifies ...

Page 497: ...x Description Command Defaults If no parameters are specified show netstat will be executed as shown in the example below Command Type Switch command Command Mode Read Only Matrix set history 3 icmp Optional Displays Internet Control Message Protocol ICMP statistics interface Optional Displays interface statistics ip Optional Displays Internet Protocol IP statistics routes Optional Displays the IP...

Page 498: ...ing servers PCB Proto Recv Q Send Q Local Address Foreign Address state 1cc6314 TCP 0 0 0 0 0 0 80 0 0 0 0 0 LISTEN 1cc6104 TCP 0 0 0 0 0 0 23 0 0 0 0 0 LISTEN 1cc6290 UDP 0 0 0 0 0 0 162 0 0 0 0 0 1cc620c UDP 0 0 0 0 0 0 161 0 0 0 0 0 Table 11 4 show netstat Output Details Output What It Displays PCB Protocol Control Block designation Proto Type of protocol running on the connection Recv Q Number...

Page 499: ...rnet expansion module 1 port 1 Table 11 5 provides an explanation of the command output port string Optional Displays RMON statistics for specific port s For a detailed description of possible port string values refer to Section 4 1 2 Matrix show rmon stats fe 1 1 Index 1 Status 1 active Owner Data Source Drop Events 5 Jabbers 515 Collisions 230 Octets 12455 Packets 12164 0 64 Octets 1894 Broadcas...

Page 500: ...ed to discard frames Collisions Total number of collisions that have occurred on this interface Packets Total number of frames including bad frames broadcast frames and multicast frames received on this interface Broadcast Pkts Total number of good frames that were directed to the broadcast address This value does not include multicast frames Multicast Pkts Total number of good frames that were di...

Page 501: ...ved on this interface 0 64 Octets Total number of frames including bad frames received that were 64 bytes in length excluding framing bits but including FCS bytes 65 127 Octets Total number of frames including bad frames received that were between 65 and 127 bytes in length excluding framing bits but including FCS bytes 128 255 Octets Total number of frames including bad frames received that were ...

Page 502: ...ration Guide show users Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Only Example This example shows how to use the show users command In this output there is one Telnet user at IP address 10 1 10 10 Matrix show users Console Port Active Number of telnet users 1 Telnet Session Users 10 1 10 10 ...

Page 503: ...net session to host 10 1 10 10 This example shows how to close the current console session 11 2 3 Managing Switch Network Addresses Purpose To display add or delete switch ARP table entries to display or set the status of RAD Runtime Address Discovery protocol to display or delete MAC address information to configure MAC address aging time to configure DNS and to execute PING and traceroute ip_add...

Page 504: ...ac Section 11 2 3 7 clear mac Section 11 2 3 8 show mac agingtime Section 11 2 3 9 set mac agingtime Section 11 2 3 10 clear mac agingtime Section 11 2 3 11 show port stopaging Section 11 2 3 12 set port stopaging Section 11 2 3 13 clear port stopaging Section 11 2 3 14 set mac algorithm Section 11 2 3 15 show dns Section 11 2 3 16 set dns domain Section 11 2 3 17 clear dns domain Section 11 2 3 1...

Page 505: ...on None Command Defaults None Command Type Switch command Command Mode Read Only Example This example shows how to display the ARP table 11 2 3 2 set arp Use this command to add mapping entries to the switch s ARP table set arp ip_address mac_address temp pub trail Matrix show arp LINK LEVEL ARP TABLE destination gateway flags Refcnt Use Interface 10 1 0 1 00 00 1d bc df bf 405 1 0 host0 10 1 10 1...

Page 506: ...33 219 232 to MAC address 00 00 0c 40 0f bc 11 2 3 3 clear arp Use this command to delete a specific entry or all entries from the switch s ARP table clear arp hostname ip_address ip_address Specifies the IP address to map to the MAC address and add to the ARP table mac_address Specifies the MAC address to map to the IP address and add to the ARP table temp Optional Sets the ARP entry as not perma...

Page 507: ...e ARP table 11 2 3 4 show rad Use this command to display the status of the RAD Runtime Address Discovery protocol on the switch show rad Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Only Example This example shows how to display RAD status hostname ip_address Optional Specifies the IP address in the ARP table to be cleared An IP alias or host name th...

Page 508: ... a text configuration file from the network set rad enable disable Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to disable RAD 11 2 3 6 show mac Use this command to display MAC addresses information in the switch s routing table show mac address mac address fid vlan_id port port string type learned self mgmt NOTE In ord...

Page 509: ... detailed description of possible port string values refer to Section 4 1 2 type Optional Displays information related to specific address type Valid types are learned Shows the network MAC addresses learned by the device self Shows the device s own MAC address mgmt Shows MAC addresses connected to the management host ports Matrix show mac Filter Database Algorithm mac vid sequential Current Filte...

Page 510: ...h the set mac algorithm command Section 11 2 3 15 Aging Time Time in seconds to age out inactive MAC address entries Set with the set mac agingtime command Section 11 2 3 10 Dynamic Address Counts Number of dynamic MAC addresses in the routing table Static Address Counts Number of static MAC addresses in the routing table MAC Address MAC address designation FID Filter database identifier associate...

Page 511: ...te Example This example shows how to add a permanent MAC address to the IP routing table mac_address Specifies the MAC address to set vlan_id Specifies the number identifying the VLAN to which the MAC address belongs port string Specifies the port designation for the MAC addresses For a detailed description of possible port string values refer to Section 4 1 2 delete on reset Adds a temporary entr...

Page 512: ...This example shows how to clear all dynamic MAC address information address mac_address vlan_id Optional Removes all dynamic MAC address entries attached to the specified VLAN If you enter a multicast MAC address and ingress VLAN pair this command will clear the scoping of this pair to an egress VLAN configured with the set mac multicast command Section 11 2 3 24 port port string Optional Removes ...

Page 513: ... agingtime Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Only Example This example shows how to display the MAC aging time For a detailed description of this output refer back to Table 11 6 Matrix clear mac address 01 00 00 11 11 11 2 Matrix show mac multicast MAC Address Ingress VLAN Egress VLAN Counts 1 01 00 00 11 11 11 5 3 Matrix show mac agingtime...

Page 514: ...ption Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to set the MAC aging time to 400 11 2 3 11clear mac agingtime Use this command to reset the MAC address aging time to the default value of 300 seconds clear mac agingtime Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Write seconds Specifies th...

Page 515: ...aults If port string is not specified status for all ports will be displayed Command Type Switch command Command Mode Read Only Example This example shows how to display the status of the MAC address stop aging function on Fast Ethernet front panel port 1 In this case the default status of disabled addresses are still aging out has not been changed Matrix clear mac agingtime port string Optional D...

Page 516: ...ble the stop aging function on Fast Ethernet front panel ports 1 through 8 NOTE This command must be configured in groups of eight ports for Fast Ethernet ports Port string variables that are a subset of eight will be rounded up to include all eight ports For example if you enable stop aging on ports fe 0 1 4 ports fe 0 1 8 will also be enabled If you enable it on ports fe 0 4 12 this spans two gr...

Page 517: ... 1 through 8 11 2 3 15set mac algorithm Use this command to set the MAC algorithm mode which determines the hash mechanism used by the device when performing layer 2 lookups on received frames Each algorithm is optimized for a different spread of MAC addresses set mac algorithm mac random mac sequential mac vid random mac vid sequential port string Optional Resets the stop aging function on specif...

Page 518: ...okups When running in this mode the filter database lookup algorithm is optimized for networks with MAC addresses that very by the non vendor bytes of the address mac vid random Sets the mode to mac vid random algorithm which is best used by networks where a single MAC can be on more than one VLAN and it is necessary for the VLAN ID to be used in the Layer 2 lookup When running in this mode the fi...

Page 519: ...DNS translates domain names into IP addresses show dns Syntax Description None Command Defaults None Command Mode Read Only Example This example shows how to display DNS settings In this case DNS is enabled using three servers and a domain name of net com 11 2 3 17set dns domain Use this command to set the DNS domain name set dns domain domain name Matrix set mac algorithm mac vid sequential Matri...

Page 520: ...de Read Write Example This example shows how to set the DNS domain name to net com 11 2 3 18clear dns domain Use this command to clear the DNS domain name clear dns domain Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to clear the DNS domain name domain name Specifies a DNS domain name Matrix set dns domain net com ...

Page 521: ...mmand Type Switch command Command Mode Read Write Example This example shows how to add the server at IP address 134 141 92 37 to the DNS server list 11 2 3 20clear dns server Use this command to remove a server from the DNS server list set dns server ip address Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write ip address Specifies an IP address of a DNS ...

Page 522: ...ows how to remove the server at IP address 134 141 92 37 from the DNS server list 11 2 3 21clear dns Use this command to clear all DNS information clear dns Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to clear all DNS information Matrix set dns server 134 141 92 37 Matrix clear dns ...

Page 523: ... Command Mode Read Only Read Write or Admin su Examples This example shows how to ping IP address 10 1 10 1 s Optional Causes a continuous ping sending one datagram per second and printing one line of output for every response received until the user enters Ctrl C hostname ip_address Specifies a host name or an IP address of the device to which the ping will be sent packet count Optional Specifies...

Page 524: ...y from 10 1 10 1 Reply from 10 1 10 1 Reply from 10 1 10 1 Reply from 10 1 10 1 Reply from 10 1 10 1 Reply from 10 1 10 1 Reply from 10 1 10 1 Reply from 10 1 10 1 Reply from 10 1 10 1 Reply from 10 1 10 1 PING 10 1 10 1 Statistics 10 packets transmitted 10 packets received 0 packet loss Matrix ping s 10 1 10 1 Reply from 10 1 10 1 Reply from 10 1 10 1 Reply from 10 1 10 1 Reply from 10 1 10 1 Rep...

Page 525: ... first outgoing probe packet m max ttl Optional Specifies the maximum time to live TTL used in outgoing probe packets p port Optional Specifies the base UDP port number used in probes q nqueries Optional Specifies the number of probe inquiries s src addr Optional Specifies the source IP address to use in outgoing probe packets r Optional Bypasses the normal host routing tables d Optional Sets the ...

Page 526: ...ting tables will be used If d is not specified the debug socket option will not be used If not specified tos will be set to 0 If F is not specified the don t fragment bit will not be applied If gateway is not specified none will be applied If I is not specified UDP datagrams will be used If v is not specified summary output will be displayed If x is not specified checksums will be calculated Comma...

Page 527: ...s MAC address VLAN pairs may be configured set mac multicast mac_address ingress_vlanid egress_vlanid Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Matrix traceroute 192 167 252 17 traceroute to 192 167 252 17 192 167 252 17 30 hops max 40 byte packets 1 matrix enterasys com 192 167 201 40 20 000 ms 20 000 ms 20 000 ms 2 14 1 0 45 14 1 0 45 40 000 ms ...

Page 528: ...the same or different egress VLANs You may also assign several different ingress MAC address VLAN pairs to the same egress VLAN To set up a scoping VLAN 1 Determine which ports the multicast servers are attached to 2 Create a scoping VLAN which egresses only those ports 3 Assign an ingress multicast MAC address VLAN pair to point to this newly created egress VLAN with the set mac multicast command...

Page 529: ...ing VLAN from a configured ingress MAC address VLAN pair 11 2 3 25show mac multicast Use this command to display information about all configured scoped ingress MAC address VLAN pairs show mac multicast Syntax Description None Command Defaults None Command Mode Switch command Command Mode Read Only Example This example shows the output of this command Matrix set mac multicast 01 00 00 11 11 11 5 3...

Page 530: ... 2 Setting Basic Device Properties on page 3 30 Commands Commands to configure SNTP are listed below and described in the associated section as shown show sntp Section 11 2 4 1 set sntp client Section 11 2 4 2 set sntp broadcastdelay Section 11 2 4 3 set sntp poll interval Section 11 2 4 4 set sntp server Section 11 2 4 5 clear sntp server Section 11 2 4 6 set timezone Section 11 2 4 7 clear timez...

Page 531: ... this command to set the SNTP operation mode set sntp client broadcast unicast disable Syntax Description Command Defaults None Command Type Switch command Matrix show sntp SNTP Version 3 Current Time Thursday April 3 2003 09 42 54 Timezone EST offset from UTC is 5 hours and 0 minutes Last SNTP update Wednesday April 2 2003 11 02 48 Client mode broadcast Broadcast delay 3000 Poll Interval 512 SNTP...

Page 532: ...cast mode set sntp broadcastdelay time Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to set the SNTP broadcast delay to 12000 milliseconds 11 2 4 4 set sntp poll interval Use this command to set the SNTP poll interval in seconds This is the time between SNTP requests when operation in broadcast or unicast mode set sntp p...

Page 533: ...30 seconds 11 2 4 5 set sntp server Use this command to add a server from which the SNTP client will retrieve the current time when operating in unicast mode Up to 10 servers can be set as SNTP servers set sntp server ip address hostname Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write interval Specifies the poll interval in seconds Valid values are 16 t...

Page 534: ...e or all servers from the SNTP server list clear sntp server all ip address hostname Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to remove the server at IP address 10 21 1 100 from SNTP server list Matrix set sntp server 10 21 1 100 all Removes all servers from the SNTP server list ip address hostname Specifies the IP ...

Page 535: ...fied none will be applied Command Type Switch command Command Mode Read Write Example This example shows how to set the time zone to EST with an offset of minus 5 hours 11 2 4 8 clear timezone Use this command to remove SNTP time zone adjustment values clear timezone Syntax Description None Command Defaults None name Specifies the time zone name hours Optional Specifies the number of hours this ti...

Page 536: ...ring Simple Network Time Protocol SNTP 11 66 Matrix E1 Series 1G58x 09 and 1H582 xx Configuration Guide Command Type Switch command Command Mode Read Write Example This example shows how to remove SNTP time zone adjustment values Matrix clear timezone ...

Page 537: ...w nodealias Section 11 2 5 1 show nodealias config Section 11 2 5 2 set nodealias Section 11 2 5 3 set nodealias maxentries Section 11 2 5 4 clear nodealias Section 11 2 5 5 clear nodealias config Section 11 2 5 6 11 2 5 1 show nodealias Use this command to display node alias properties on one or more ports show nodealias port string Syntax Description Command Defaults If port string is not specif...

Page 538: ... Address 0a 02 f0 01 Address Text 10 2 240 1 Table 11 7 show nodealias Output Details Output What It Displays Alias ID Alias dynamically assigned to this port NOTE Node aliases are dynamically assigned upon packet reception to ports enabled with an alias agent which is the default setting on Matrix E1 Series devices Node aliases cannot be statically created but can be deleted using the clear node ...

Page 539: ... example shows how to display node alias configuration settings for all Gigabit Ethernet ports Table 11 8 provides an explanation of the command output port string Optional Displays node alias configuration settings for specific port s For a detailed description of possible port string values refer to Section 4 1 2 Matrix show nodealias config ge Total Control Entries 11 Active Entries 11 Purge Ti...

Page 540: ...utput Details Output What It Displays Total Control Entries Total aliases learned Active Entries Number of Total Control Entries that are active not marked for deletion Purge Time Last time the node alias table was cleared State Node alias is ready to learn new entries Allocated Entries Number of entries that have been allocated to all the ports This is the total of the Max Entries column Availabl...

Page 541: ...de alias entries allowed for one or more ports set nodealias maxentries val port string Syntax Description Command Defaults None enable disable Enables or disables a node alias agent port string Specifies the port s on which to enable or disable a node alias agent For a detailed description of possible port string values refer to Section 4 1 2 Matrix set nodealias disable fe 0 3 val Specifies the ...

Page 542: ...tring alias id alias id Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to clear all node alias entries on Fast Ethernet front panel port 3 Matrix set nodealias maxentries 1000 fe 0 3 port port string Specifies the port s on which to remove all node alias entries For a detailed description of possible port string values re...

Page 543: ...2 5 6 clear nodealias config Use this command to reset node alias state to enabled and clear the maximum entries value clear nodealias config Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to reset the node alias configuration Matrix clear nodealias config ...

Page 544: ...nd there is no IP address configured The commands in this section can be used to configure Siemens detection using new parameters H 323 Phone Detection Uses either a group IP address or a UDP TCP port number for detection Default UDP ports are 1718 1719 1720 Default group address is 224 0 1 41 The commands in this section can be used to configure H 323 detection using new parameters Purpose To rev...

Page 545: ...p initialize Section 11 2 6 10 clear cep Section 11 2 6 11 11 2 6 1 show cep Use this command to display CEP phone detection settings show cep connections detection policy port port string Syntax Description Command Defaults If no parameters are specified all CEP settings will be displayed for all ports Command Mode Read Only connections Optional Displays CEP connections detection Optional Display...

Page 546: ...olicy information In this case no policies have been configured for the three CEP detection types 11 2 6 2 set cep Use this command to globally enable or disable CEP detection set cep enable disable Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Matrix show cep port ge 0 1 CEP Detection disabled ge 0 1 H323 phone disabled Siemens phone disabled Cisco p...

Page 547: ...sco phone detection on port fe 3 1 11 2 6 4 set cep policy Use this command to set a global default policy for a CEP detection type This is the policy that will be applied when a phone of the specified type is detected on a port It must be configured using the policy management commands described in Chapter 11 set cep policy cisco h323 siemens profile id Matrix set cep enable port string Specifies...

Page 548: ...mand to create a new H 323 or Siemens phone detection configuration group or enable disable or remove an existing group set cep detection detection id create delete disable enable cisco h323 siemens Specifies the default policy as Cisco H 323 or Siemens phone detection profile id Specifies an ID for this CEP policy profile This must be configured using the policy management commands described in C...

Page 549: ...y whether a phone detection group will use H 323 or Siemens as its phone discovery type set cep detection detection id type h323 siemens detection id Specifies a CEP discovery group ID Valid values are 1 2147483647 create delete disable enable Creates a new convergence end points detection configuration group or removes disables or enables an existing group A group must first be created then enabl...

Page 550: ...ection group s IP address or mask By default H 323 will use 224 0 1 41 as its IP address and Siemens will have no IP address configured set cep detection detection id address ipv4 ip address unknown mask ipv4 mask unknown detection id Specifies a CEP discovery group ID This group must be created and enabled using the set cep detection command as described in Section 11 2 6 5 Valid values are 1 214...

Page 551: ...ing a port range defined with the set cep detection porthigh portlow command as described in Section 11 2 6 9 set cep detection detection id protocol tcp udp both none detection id Specifies a CEP discovery group ID This group must be created and enabled using the set cep detection command as described in Section 11 2 6 5 Valid values are 1 2147483647 address Sets an IP address for the CEP discove...

Page 552: ...end points detection Once UDP and or TCP phone detection has been specified using the set cep detection protocol command as described in Section 11 2 6 8 the protocols will use this port range for detection matching set cep detection detection id porthigh portlow port detection id Specifies a CEP discovery group ID This group must be created and enabled using the set cep detection command as descr...

Page 553: ...points detection for CEP group 1 11 2 6 10set cep initialize Use this command to re initialize convergence end points detection on one or more CEP enabled ports set cep initialize port string detection id Specifies a CEP discovery group ID This group must be created and enabled using the set cep detection command as described in Section 11 2 6 5 Valid values are 1 2147483647 porthigh portlow port ...

Page 554: ...mens Syntax Description Command Defaults None port string Specifies the CEP enabled port s to re initialize This must be a port string enabled for CEP using the set cep port command as described in Section 11 2 6 3 For a detailed description of possible port string values refer to Section 4 1 2 Matrix set cep initialize fe 1 3 5 all policy detection Clears all CEP parameters or specifies that poli...

Page 555: ...ing Convergence End Points CEP Phone Detection Matrix E1 Series 1G58x 09 and 1H582 xx Configuration Guide 11 85 Command Type Switch command Command Mode Read Write Example This example shows how to clear all CEP policy parameters Matrix clear cep policy ...

Page 556: ...Logging and Network Management Command Set Configuring Convergence End Points CEP Phone Detection 11 86 Matrix E1 Series 1G58x 09 and 1H582 xx Configuration Guide ...

Page 557: ... on the device 1 Configuring routing interface settings Section 12 2 3 2 Reviewing and saving the routing configuration Section 12 2 2 3 Reviewing and configuring the ARP table Section 12 2 3 4 Reviewing and configuring broadcast settings Section 12 2 4 5 Reviewing IP traffic and configuring routes Section 12 2 5 ROUTER The commands covered in this chapter can be executed when the device is in rou...

Page 558: ...ck vs VLAN Interfaces Loopback interfaces are different from VLAN routing interfaces because they allow you to disconnect the operation of routing protocols from network hardware operation improving the reliability of IP connections A loopback interface is always reachable The IP address assigned to the loopback interface is used as the router ID which helps when running protocols like OSPF becaus...

Page 559: ...ed in the associated section as shown show interface interface Section 12 2 1 2 show ip interface Section 12 2 1 3 ip address Section 12 2 1 4 no shutdown Section 12 2 1 5 12 2 1 1 show interface Use this command to display information about all interfaces VLANs or loopbacks configured on the router show interface vlan vlan id loopback loopback id Table 12 1 VLAN and Loopback Interface Configurati...

Page 560: ...iption Command Type Router command Command Mode Privileged EXEC Matrix Router Command Defaults If not specified information for all interfaces will be displayed vlan vlan id loopback loopback id Optional Displays interface information for a specific VLAN or loopback This interface must be configured for IP routing as described in Section 3 3 2 ...

Page 561: ... Internet Address is 15 1 1 1 Subnet Mask is 255 0 0 0 Secondary Internet Address is 16 1 1 1 Subnet Mask is 255 0 0 0 Secondary Internet Address is 17 1 1 1 Subnet Mask is 255 0 0 0 Secondary Internet Address is 18 1 1 1 Subnet Mask is 255 0 0 0 Secondary Mac Address is 0001 f4c1 6b1f The name of this device is Vlan 1 Ports in Vlan fe 0 1 46 fe 1 1 16 ge 2 1 2 ge 3 1 2 The MTU is 1500 bytes The b...

Page 562: ...t be created in switch mode before they can be configured for IP routing For details on creating VLANs and configuring them for IP refer to Section 3 3 2 Each VLAN or loopback interface must be configured for routing separately using the interface command To end configuration on one VLAN before configuring another type exit at the command prompt Enabling interface configuration mode is required fo...

Page 563: ...nformation for all interfaces will be displayed Example This example shows how to display configuration information for all VLANs configured for IP routing vlan vlan_id loopback loopback id Optional Displays interface information for a specific VLAN or loopback This interface must be configured for IP routing as described in Section 3 3 2 Matrix Router show ip interface Vlan 1 is Admin UP Internet...

Page 564: ...dress ip_mask Command Type Router command Command Mode Interface configuration Matrix Router config if Vlan vlan_id Command Defaults None Example The following example sets the IP address to 192 168 1 1 and the network mask to 255 255 255 0 for VLAN 1 12 2 1 5 no shutdown Use this command to enable an interface for IP routing and to allow the interface to automatically be enabled at device startup...

Page 565: ...1 for IP routing 12 2 2 Reviewing and Saving the Routing Configuration Purpose To review and save the current routing configuration and to disable IP routing Commands The commands needed to review and save the routing configuration are listed below and described in the associated section as shown show running config Section 12 2 2 1 write Section 12 2 2 2 no ip routing Section 12 2 2 3 NOTE The sh...

Page 566: ...tax Description None Command Type Router command Command Mode Privileged EXEC Matrix Router Command Defaults None Example This example shows how to display the current router operating configuration Table 12 2 provides an explanation of the command output Matrix Router show running config Router id 182 127 62 1 interface vlan 1 IP Address 182 127 63 1 255 255 255 0 no shutdown interface vlan 2 IP ...

Page 567: ...the lowest IP address of interfaces configured for routing on the device interface vlan VLANs configured for IP routing and their IP addresses At least two VLAN interfaces must be configured for IP routing to operate the device in router mode For details on how to do this refer to Section 3 3 2 router rip RIP routing protocol is enabled For details on configuring RIP refer to Section 13 1 1 networ...

Page 568: ... to display the router specific configuration to the terminal erase Optional Deletes the router specific file file Optional Saves the router specific configuration to NVRAM filename config_file Optional Saves the router specific configuration to a file terminal Optional Displays the current router specific configuration to the terminal session Matrix Router write terminal Enable Config t interface...

Page 569: ...ing on the device and remove the routing configuration By default IP routing is enabled when interfaces are configured for it as described in Section 12 2 1 no ip routing Syntax Description None Command Type Router command Command Mode Global configuration Matrix Router config Command Defaults None Example This example shows how to disable IP routing on the device Matrix Router config no ip routin...

Page 570: ... needed to review and configure the ARP table are listed below and described in the associated section as shown show ip arp Section 12 2 3 1 arp Section 12 2 3 2 ip gratuitous arp learning Section 12 2 3 3 ip proxy arp Section 12 2 3 4 ip mac address Section 12 2 3 5 arp timeout Section 12 2 3 6 clear arp cache Section 12 2 3 7 12 2 3 1 show ip arp Use this command to display entries in the ARP Ad...

Page 571: ...ys ARP entries related to a specific IP address vlan vlan_id Optional Displays only ARP entries learned through a specific VLAN interface This VLAN must be configured for IP routing as described in Section 3 3 2 output modifier Optional Displays ARP entries within a specific range Options are begin ip_address Displays only ARP entries that begin with the specified IP address exclude ip_address Exc...

Page 572: ... Matrix Router show ip arp 134 141 235 165 Protocol Address Age min Hardware Addr Type Interface Internet 134 141 235 165 0002 1664 a5b3 ARPA Vlan2 Matrix Router show ip arp vlan 2 Protocol Address Age min Hardware Addr Type Interface Internet 134 141 235 251 0 0003 4712 7a99 ARPA Vlan2 Table 12 3 show ip arp Output Details Output What It Displays Protocol ARP entry s type of network address Addre...

Page 573: ...ig Command Defaults None Example The following example shows how to add a permanent ARP entry for the IP address 130 2 3 1 and MAC address 0003 4712 7a99 12 2 3 3 ip gratuitous arp learning Use this command to allow an interface to learn new ARP bindings using gratuitous ARP ip gratuitous arp learning both reply request ip_address Specifies the IP address of a device on the network Valid values ar...

Page 574: ...oth requests and replies on VLAN 1 12 2 3 4 ip proxy arp Use this command to re enable proxy ARP on an interface This variation of the ARP protocol allows the router to send an ARP response on behalf of an end node to the requesting host Proxy ARP can lessen bandwidth use on slow speed WAN links It is enabled by default ip proxy arp Syntax Description None Command Syntax of the no Form The no form...

Page 575: ...e proxy ARP on VLAN 1 12 2 3 5 ip mac address Use this command to set a MAC address on an interface ip mac address address Syntax Description Command Syntax of the no Form The no form of this command clears the MAC address no ip mac address Command Type Router command Command Mode Interface configuration Matrix Router config if Vlan vlan_id Command Defaults None Matrix Router config interface vlan...

Page 576: ... form of this command restores the default value of 1200 seconds 20 minutes no arp timeout seconds Command Type Router command Command Mode Global configuration Matrix Router config Command Defaults None Example This example shows how to set the ARP timeout to 15 seconds 12 2 3 7 clear arp cache Use this command to delete all nonstatic dynamic entries from the ARP table clear arp cache Matrix Rout...

Page 577: ... Matrix E1 Series 1G58x 09 and 1H582 xx Configuration Guide 12 21 Syntax Description None Configuration Mode Privileged EXEC Matrix Router Command Defaults None Example This example shows how to delete all dynamic entries from the ARP table Matrix Router clear arp cache ...

Page 578: ...ion as shown ip directed broadcast Section 12 2 4 1 ip helper address Section 12 2 4 3 ip forward protocol Section 12 2 4 2 12 2 4 1 ip directed broadcast Use this command to enable or disable IP directed broadcasts on an interface ip directed broadcast Syntax Description None Command Syntax of the no Form The no form of this command disables IP directed broadcast globally no ip directed broadcast...

Page 579: ...tocol Use this command to enable UDP broadcast forwarding and specify which protocols will be forwarded This command works in conjunction with the ip helper address command to configure UDP broadcast forwarding For information on specifying a new destination for UDP broadcasts refer to Section 12 2 4 3 ip forward protocol udp port Matrix Router config interface vlan 1 Matrix Router config if Vlan ...

Page 580: ...e that controls which UDP services are forwarded Valid services and their corresponding names and port numbers are as follows If not specified the forwarding protocols are forwarded on the default ports listed bootps Bootstrap Protocol server 67 domain Domain Name Service 53 nameserver IEN116 name service 42 netbios dgm NetBIOS datagram service 138 netbios ns NetBIOS name service 137 tacacs Termin...

Page 581: ...HCP request and make the necessary changes to the header replacing the destination address with the address of the server and the source with its own address and send it to the server When the response comes from the server the DHCP BOOTP relay function sends it to the host 12 2 4 3 ip helper address Use this command to enable DHCP BOOTP relay and the forwarding of local UDP broadcasts specifying ...

Page 582: ...vlan_id Command Defaults None Example This example shows how to permit UDP broadcasts from hosts on networks 191 168 1 255 and 192 24 1 255 to reach servers on those networks Matrix Router config ip forward protocol udp Matrix Router config interface vlan 1 Matrix Router config if Vlan 1 ip helper address 192 168 1 255 Matrix Router config interface vlan 2 Matrix Router config if Vlan 2 ip helper ...

Page 583: ...P traffic and configure routes are listed below and described in the associated section as shown show ip protocols Section 12 2 5 1 show limits Section 12 2 5 2 show ip traffic Section 12 2 5 3 clear ip stats Section 12 2 5 4 show ip route Section 12 2 5 5 ip route Section 12 2 5 6 ip icmp Section 12 2 5 7 ping Section 12 2 5 8 traceroute Section 12 2 5 9 12 2 5 1 show ip protocols Use this comman...

Page 584: ...ols running on the device show limits Syntax Description None Command Type Router command Command Mode Global configuration Matrix Router config Command Defaults None Matrix Router show ip protocols Routing Protocol is rip Sending updates every 30 seconds Next due in 19 seconds Invalid after 180 seconds hold down 120 flushed after 300 Incoming update filter list for all interfaces is not set Outgo...

Page 585: ...ng Table 10000 0 10000 168 1680000 0 Static Routes 512 0 512 44 22528 0 IP Helper 5520 0 5520 12 66240 0 Router LSA type 1 200 0 200 1672 167200 0 Network LSA type 2 400 0 400 1548 619200 0 Summary LSA type 3 2000 0 2000 248 496000 0 ASBR Summary LSA type 4 2000 0 2000 372 744000 0 External LSA type 5 3000 0 3000 372 1116000 0 NSSA LSA type 7 3000 0 3000 428 1284000 0 Opaque LSA link local type 9 ...

Page 586: ...d 8 sent Mcast 0 received 16 sent Sent 24 generated 0 forwarded 0 no route ICMP Statistics Rcvd 4 total 0 checksum errors 0 redirects 0 unreachable 4 echo 0 echo reply 0 mask requests 0 quench 0 parameter 0 timestamp 0 time exceeded Sent 6 total 0 redirects 0 unreachable 0 echo 4 echo reply 0 mask requests 2 mask replies 0 quench 0 timestamp 0 info reply 0 time exceeded 0 parameter problem UDP Sta...

Page 587: ... ICMP UDP TCP IGMP and ARP clear ip stats Syntax Description None Configuration Mode Privileged EXEC Matrix Router Command Defaults None Example This example shows how to clear all IP traffic counters 12 2 5 5 show ip route Use this command to display information about IP routes show ip route destination prefix destination prefix mask longer prefixes connected ospf rip static summary Matrix Router...

Page 588: ...ask into a prefix and displays any routes that match the prefix connected Optional Displays connected routes ospf Optional Displays routes configured for the OSPF routing protocol rip Optional Displays routes configured for the RIP routing protocol static Optional Displays static routes summary Optional Displays a summary of the IP routing table Matrix Router show ip route Codes C connected S stat...

Page 589: ...mmand Defaults If permanent and tag are not specified the route will be set as non permanent with no tag assigned Examples This example shows how to set IP address 10 1 2 3 as the next hop gateway to destination address 10 0 0 0 The route is assigned a tag of 1 prefix Specifies a destination IP address prefix mask Specifies a destination prefix mask forward addr vlan vlan id Specifies a forwarding...

Page 590: ...ocol ICMP allowing a router to reply to IP ping requests By default ICMP messaging is enabled on a routing interface for both echo reply and mask reply modes If for security reasons ICMP has been disabled using no ip icmp this command will re enable it on the routing interface ip icmp echo reply mask reply Syntax Description Command Syntax of the no Form The no form of this command disables ICMP n...

Page 591: ... requests with a packet size of 100 The application stops when the response has been received or after the maximum number of requests has been sent ping s hostname ip_address Syntax Description Command Type Router command Command Mode Privileged EXEC Matrix Router Command Defaults If s is not specified the ping will not be sent continuously Matrix Router config interface vlan 1 Matrix Router confi...

Page 592: ...ree ICMP probes will be transmitted for each hop between the source and the traceroute destination traceroute host Syntax Description Command Type Router command Command Mode Privileged EXEC Matrix Router Command Defaults None Matrix Router ping 182 127 63 23 Reply from 182 127 63 23 Reply from 182 127 63 23 Reply from 182 127 63 23 PING 182 127 63 23 Statistics 3 packets transmitted 3 packets rec...

Page 593: ...is rtr43 at 192 167 208 43 and hop 4 is back to the host IP address Round trip times for each of the three ICMP probes are displayed before each hop Probe time outs are indicated by an asterisk Matrix Router traceroute 192 167 225 46 Traceroute to 192 167 225 46 30 hops max 40 byte packets 1 10 00 ms 20 00 ms 20 00 ms 192 167 201 2 2 20 00 ms 20 00 ms 20 00 ms 192 4 9 10 enatel rtr10 enatel com 3 ...

Page 594: ...IP Configuration Command Set Reviewing IP Traffic and Configuring Routes 12 38 Matrix E1 Series 1G58x 09 and 1H582 xx Configuration Guide ...

Page 595: ...guring OSPF Section 13 1 2 3 Configuring DVMRP Section 13 1 3 4 Configuring IRDP Section 13 1 4 5 Configuring VRRP Section 13 1 5 ROUTER The commands covered in this chapter can be executed when the device is in router mode only For details on how to enable router configuration modes refer to Section 3 3 3 NOTE The command prompts used in examples throughout this guide show a system where VLAN 1 h...

Page 596: ...twork commands is required if you want to run RIP on the device All other tasks are optional Table 13 1 RIP Configuration Task List and Commands To do this Use these commands Enable RIP configuration mode and associate a network router rip Section 13 1 1 1 network RIP Section 13 1 1 2 Allow unicast updates by defining a neighboring router neighbor RIP Section 13 1 1 3 Configure an administrative d...

Page 597: ...necessary for enabling CIDR no auto summary Section 13 1 1 16 Disable triggered updates ip rip disable triggered updates Section 13 1 1 17 Disable or re enable split horizon ip split horizon Section 13 1 1 18 Control the processing of routing updates passive interface Section 13 1 1 19 receive interface Section 13 1 1 20 distribute list Section 13 1 1 21 Enable redistribution from non RIP routes r...

Page 598: ... shows how to enable RIP 13 1 1 2 network Use this command to attach a network of directly connected networks to a RIP routing process or to remove a network from a RIP routing process network ip_address Syntax Description Command Syntax of the no Form The no form of this command removes the network from the RIP routing process no network ip_address Matrix Router configure terminal Matrix Router c...

Page 599: ...1 1 3 neighbor Use this command to instruct the router to send unicast RIP information to a specific IP address neighbor ip_address Syntax Description Command Syntax of the no Form The no form of this command disables point to point routing exchanges no neighbor ip_address Command Type Router command Command Mode Router configuration Matrix Router config router Command Defaults None Matrix Router ...

Page 600: ...tive distance will be chosen for route installation By default RIP administrative distance is set to 120 The distance command can be used to change this value resetting RIP s route preference in relation to other routes as shown in the table below distance weight Syntax Description Command Syntax of the no Form The no form of this command resets RIP administrative distance to the default value of ...

Page 601: ... incoming or outgoing RIP route Adding an offset on an interface is used for the purpose of making an interface a backup ip rip offset in out value Syntax Description Command Syntax of the no Form The no form of this command removes an offset no ip rip offset in out Command Type Router command Matrix Router config router rip Matrix Router config router distance 100 in Applies the offset to incomin...

Page 602: ...conds flush_seconds Syntax Description Command Syntax of the no Form The no form of this command clears RIP timer parameters no timers basic Command Type Router command Matrix Router config vlan 1 Matrix Router config if Vlan 1 ip rip offset in 1 basic Specifies a basic configuration for RIP routing timers update_seconds Specifies the rate seconds between updates at which routing updates are sent ...

Page 603: ...nsmitted on an interface ip rip send version 1 2 r1compatible Syntax Description Command Syntax of the no Form The no form of this command restores the version of update packets transmitted by RIP no ip rip send version Command Type Router command Command Mode Interface configuration Matrix Router config if Vlan vlan_id Matrix Router config router rip Matrix Router config router timers basic 5 10 ...

Page 604: ...version 1 2 1 2 none Syntax Description Command Syntax of the no Form The no form of this command restores the default version of the RIP update packets that are accepted on the interface no ip rip receive version Command Type Router command Command Mode Interface configuration Matrix Router config if Vlan vlan_id Command Defaults None Matrix Router config interface vlan 1 Matrix Router config if ...

Page 605: ...3 1 1 11 4 Set the time periods the authentication string can be received and sent as valid as described in Section 13 1 1 12 and Section 13 1 1 13 5 Enable a key chain for use on an interface as described in Section 13 1 1 14 6 Specify an authentication mode as described in Section 13 1 1 15 13 1 1 9 key chain Creates or deletes a key chain used globally for RIP authentication key chain name Synt...

Page 606: ... key key id Syntax Description Command Syntax of the no Form The no form of this command removes the key from the key chain no key key id Command Type Router command Command Mode Key chain configuration Matrix Router config keychain Command Defaults None Matrix Router config key chain password NOTE This release of the Matrix E1 supports only one key per key chain key id Specifies an authentication...

Page 607: ...oves the authentication string no key string text Command Type Router command Command Mode Key chain key configuration Matrix Router config keychain key Command Defaults None Example This example shows how to create an authentication string called name for key 1 in the password key chain Matrix Router config router key chain password Matrix Router config keychain key 1 text Specifies the authentic...

Page 608: ...key will begin to be valid to be received Valid input is hours minutes seconds hh mm ss month Specifies the month the authentication key will begin to be valid to be received Valid input is the first three letters of the month date Specifies the day of the month the authentication key will begin to be valid to be received Valid values depending on the length of the month are 1 31 year Specifies th...

Page 609: ... its RIP configured interface beginning at 2 30 on November 30 2002 with no ending time infinitely 13 1 1 13send lifetime Use this command to specify the time period during which an authentication key on a key chain is valid to be sent send lifetime start time month date year duration seconds end time infinite Matrix Router config router key chain md5key Matrix Router config keychain key 3 Matrix ...

Page 610: ... to be sent Valid input is hours minutes seconds hh mm ss month Specifies the month the authentication key will begin to be valid to be sent Valid input is the first three letters of the month date Specifies the day of the month the authentication key will begin to be valid to be sent Valid values depending on the length of the month are 1 31 year Specifies the year the authentication key will beg...

Page 611: ...escription Command Syntax of the no Form The no form of this command prevents RIP from using authentication no ip rip authentication keychain name Command Type Router command Command Mode Interface configuration Matrix Router config if Vlan vlan_id Command Defaults None Matrix Router config router key chain md5key Matrix Router config keychain key 3 Matrix Router config keychain key key string nam...

Page 612: ... authentication no ip rip authentication mode Command Type Router command Command Mode Interface configuration Matrix Router config if Vlan vlan_id Command Defaults None Example This example shows how to set the authentication mode for VLAN 1 as text Matrix Router config interface vlan 1 Matrix Router config if Vlan 1 ip rip authentication keychain password NOTE The RIP authentication keychain mus...

Page 613: ...t routing information on the Matrix E1 Series device To verify which routes are summarized for an interface use the show ip protocols command as described in Section 12 2 5 1 no auto summary Syntax Description None Syntax to Reverse Command This form of the command re enables automatic route summarization auto summary Command Type Router command Command Mode Router configuration Matrix Router conf...

Page 614: ...pdates Syntax Description None Command Syntax of the no Form The no form of this command allows RIP to respond to a request for a triggered update no ip rip disable triggered updates Command Type Router command Command Mode Interface configuration Matrix Router config if Vlan vlan_id Command Defaults None Example This example shows how to prevent RIP from responding to a request for triggered upda...

Page 615: ...out poison reverse Example This example shows how to set the split horizon mode with poison reverse for RIP packets transmitted on VLAN 1 13 1 1 19passive interface Use this command to prevent RIP from transmitting update packets on an interface passive interface vlan vlan_id poison Optional Specifies that split horizon be performed with poison reverse This explicitly indicates that a network is u...

Page 616: ... 1 1 20receive interface Use this command to allow RIP to receive update packets on an interface This does not affect the sending of RIP updates on the specified interface receive interface vlan vlan_id Syntax Description Command Syntax of the no Form The no use of this command denies the reception of RIP updates vlan vlan_id Specifies the number of the VLAN to make a passive interface This VLAN m...

Page 617: ...n_id out vlan vlan_id Syntax Description Command Syntax of the no Form The no form of this command removes the filter no distribute list access list number in vlan vlan_id out vlan vlan_id Command Type Router command Matrix Router config router rip Matrix Router config router no receive interface vlan 2 access list number Specifies the number of the IP access list This list defines which networks ...

Page 618: ...suppress the network 192 5 34 0 from being advertised in outgoing routing updates 13 1 1 22redistribute Use this command to allow routing information discovered through non RIP protocols to be distributed in RIP update messages redistribute connected ospf process_id static metric metric value subnets Matrix Router config access list 1 deny 192 5 34 0 0 0 0 255 Matrix Router config router rip Matri...

Page 619: ...on RIP routing information discovered via directly connected interfaces will be redistributed ospf Specifies that OSPF routing information will be redistributed in RIP process id Specifies the process ID an internally used identification number for each instance of the OSPF routing process run on a router Valid values are 1 to 65535 static Specifies that non RIP routing information discovered via ...

Page 620: ... All other tasks are optional Table 13 2 OSPF Configuration Task List and Commands To do this Use these commands Enable OSPF configuration mode associate a network and assign a router ID router ospf Section 13 1 2 1 network Section 13 1 2 2 router id Section 13 1 2 3 Configure OSPF Interface Parameters Set the cost of sending a packet on an OSPF interface ip ospf cost Section 13 1 2 4 Set priority...

Page 621: ...able area authentication area authentication Section 13 1 2 15 Define an area as a stub area area stub Section 13 1 2 16 Set the cost value for the default route that is sent into a stub area area default cost Section 13 1 2 17 Define an area as an NSSA area nssa Section 13 1 2 18 Create virtual links area virtual link Section 13 1 2 19 Enable passive OSPF mode on an interface passive ospf Section...

Page 622: ...13 1 2 23 show ip ospf database Section 13 1 2 24 show ip ospf border routers Section 13 1 2 25 show ip ospf interface Section 13 1 2 26 show ip ospf neighbor Section 13 1 2 27 show ip ospf virtual links Section 13 1 2 28 clear ip ospf process Section 13 1 2 29 NOTE You must execute the router ospf command to enable the protocol before completing many OSPF specific configuration tasks For details ...

Page 623: ...ddress and mask parameters no network ip_address wildcard_mask area area id Command Type Router command Command Mode Router configuration Matrix Router config router Command Defaults None Matrix Router conf terminal Matrix Router config router ospf 1 Matrix Router config router ip_address Specifies the IP address of an interface or a group of interfaces within the network address range wildcard_ma...

Page 624: ...e interfaces configured for IP routing router id ip_address Syntax Description Command Syntax of the no Form The no form of this command resets the router ID to the first interface configured for IP routing no router id Command Type Router command Command Mode Router configuration Matrix Router config router Command Defaults None Example This example shows how to set the OSPF router ID to IP addre...

Page 625: ... OSPF cost to the default of 10 no ip ospf cost Command Type Router command Command Mode Interface configuration Matrix Router config if Vlan vlan_id Command Defaults None Example This example shows how to set the OSPF cost to 20 for VLAN 1 13 1 2 5 ip ospf priority Use this command to set the OSPF priority value for router interfaces The priority value is communicated between routers by means of ...

Page 626: ... Type Router command Command Mode Interface configuration Matrix Router config if Vlan vlan_id Command Defaults None Example This example shows how to set the OSPF priority to 20 for VLAN 1 13 1 2 6 timers spf Use this command to change OSPF timer values to fine tune the OSPF network timers spf spf delay spf hold number Specifies the router s OSPF priority in a range from 0 to 255 Matrix Router co...

Page 627: ...onds and hold time to 3 13 1 2 7 ip ospf retransmit interval Use this command to set the amount of time between retransmissions of link state advertisements LSAs for adjacencies that belong to an interface ip ospf retransmit interval seconds spf delay Specifies the delay in seconds between the receipt of an update and the SPF execution Valid values are 0 to 4294967295 spf hold Specifies the minimu...

Page 628: ...s example shows how to set the OSPF retransmit interval for VLAN 1 to 20 13 1 2 8 ip ospf transmit delay Use this command to set the amount of time required to transmit a link state update packet on an interface ip ospf transmit delay seconds Syntax Description Command Syntax of the no Form The no form of this command resets the retransmit interval value to the default 1 second seconds Specifies t...

Page 629: ...sending a hello packet to neighbor routers on an interface ip ospf hello interval seconds Syntax Description Command Syntax of the no Form The no form of this command sets the hello interval value to the default 10 seconds for broadcast and point to point networks 30 seconds for non broadcast and point to multipoint networks no ip ospf hello interval Command Type Router command Matrix Router confi...

Page 630: ...is out of service ip ospf dead interval seconds Syntax Description Command Syntax of the no Form The no form of this command sets the dead interval value to the default 40 seconds no ip ospf dead interval Command Type Router command Command Mode Interface configuration Matrix Router config if Vlan vlan_id Command Defaults None Matrix Router config interface vlan 1 Matrix Router config if Vlan 1 ip...

Page 631: ...no Form The no form of this command removes an OSPF authentication password on an interface no ip ospf authentication key Command Type Router command Command Mode Interface configuration Matrix Router config if Vlan vlan_id Command Defaults If password is not specified the password will be set to a blank string Matrix Router config interface vlan 1 Matrix Router config if Vlan 1 ip ospf dead inter...

Page 632: ...id md5 key Syntax Description Command Syntax of the no Form The no form of this command disables MD5 authentication on an interface no ip ospf message digest key keyid Command Type Router command Command Mode Interface configuration Matrix Router config if Vlan vlan_id Command Defaults None Matrix Router config interface vlan 1 Matrix Router config if Vlan 1 ip ospf authentication key yourpass key...

Page 633: ...ent protocols are presented to the Matrix E1 Series Route Table Manager RTM the protocol with the lowest administrative distance will be chosen for route installation By default OSPF administrative distance is set to 110 The distance ospf command can be used to change this value resetting OSPF s route preference in relation to other routes as shown in the table below distance ospf external inter a...

Page 634: ...ow to change the default administrative distance for external OSPF routes to 100 13 1 2 14area range Use this command to define the range of addresses to be used by Area Border Routers ABRs when they communicate routes to other areas area area id range ip_address ip_mask external inter area intra area Applies the distance value to external type 5 and type 7 to inter area or to intra area routes NO...

Page 635: ...one Example This example shows how to define the address range as 172 16 0 0 16 for summarized routes communicated at the boundary of area 0 0 0 0 13 1 2 15area authentication Use this command to enable or disable authentication for an OSPF area area area id authentication simple message digest area id Specifies the area at the boundary of which routes are to be summarized ip_address Specifies the...

Page 636: ...0 13 1 2 16area stub Use this command to define an OSPF area as a stub area This is an area that carries no external routes area area id stub no summary area id Specifies the OSPF area in which to enable authentication Valid values are decimal values or IP addresses simple Enables simple text authentication Simple password authentication allows a password key to be configured per area Routers in t...

Page 637: ... how to define OSPF area 10 as a stub area 13 1 2 17area default cost Use this command to set the cost value for the default route that is sent into a stub area by an Area Border Router ABR The use of this command is restricted to ABRs attached to stub areas area area id default cost cost area id Specifies the stub area Valid values are decimal values or ip addresses no summary Optional Prevents a...

Page 638: ...t so stubby area NSSA An NSSA allows some external routes represented by external Link State Advertisements LSAs to be imported into it This is in contrast to a stub area that does not allow any external routes External routes that are not imported into an NSSA can be represented by means of a default route This configuration is used when an OSPF internetwork is connected to multiple non OSPF rout...

Page 639: ... an NSSA area 13 1 2 19area virtual link Use this command to define an OSPF virtual link which represents a logical connection between the backbone and a non backbone OSPF area area area_id virtual link ip_address The options for using this syntax are area area_id virtual link ip_address authentication key key area area_id virtual link ip_address dead interval seconds area area_id virtual link ip_...

Page 640: ...gs of up to 8 bytes Neighbor routers on a network must have the same password dead interval seconds Specifies the number of seconds that the hello packets of a router are not communicated to neighbor routers before the neighbor routers determine that the router sending the hello packet is out of service This value must be the same for all nodes attached to a certain subnet and it is a value rangin...

Page 641: ...This example shows how to configure a virtual link between OSPF area 0 0 0 2 and ABR network 134 141 7 2 13 1 2 20passive ospf Use this command to enable passive OSPF on an interface This allows an interface to be included in the OSPF route table but turns off sending and receiving hellos for an interface It also prevents OSPF adjacencies from being formed on an interface passive ospf vlan vlan id...

Page 642: ...router Command Defaults None Example This example shows how enable passive OSPF mode on VLAN 102 13 1 2 21redistribute Use this command to allow routing information discovered through non OSPF protocols to be distributed in OSPF update messages redistribute connected rip static metric metric value metric type type value subnets Matrix Router config router ospf 1 Matrix Router config router passive...

Page 643: ...ed These are routes not specified in the OSPF network command as described in Section 13 1 2 2 rip Specifies that RIP routing information will be redistributed in OSPF static Specifies that non OSPF information discovered via static routes will be redistributed Static routes are those created using the ip route command detailed in Section 12 2 5 6 metric metric value Optional Specifies a metric fo...

Page 644: ... specified level Every exit overflow interval seconds the database will be checked and if the total is less than the limit specified the self originated external LSAs will be restored database overflow external exit overflow interval interval limit limit warning level level Syntax Description Matrix Router config router ospf Matrix Router config router redistribute rip external Specifies the LSA t...

Page 645: ...mmand Defaults None Example This example shows how to set the OSPF database exit overflow interval to 240 seconds the overflow limit to 3800 LSAs and the warning level to 2500 LSAs 13 1 2 23show ip ospf Use this command to display OSPF information show ip ospf Syntax Description None Command Type Router command Command Mode Privileged EXEC Matrix Router Matrix Router config router ospf 1 Matrix Ro...

Page 646: ...KBONE 0 Number of interfaces in this area is 0 Area has no authentication SPF algorithm executed 65 times Area ranges are Link State Update Interval is 00 30 00 and due in 00 03 12 Link State Age Interval is 00 00 00 and due in 00 00 00 Area 0 0 0 3 Number of interfaces in this area is 1 Area has no authentication SPF algorithm executed 59 times Area ranges are Link State Update Interval is 00 30 ...

Page 647: ...ifier Valid values are IP addresses router Displays router Type 1 link state records in their detailed format Router records are originated by all routers network Displays network Type 2 link state records in their detailed format Network records are originated by designated routers summary Displays summary Type 3 link state records in their original format Summary records are originated by ABRs a...

Page 648: ...ate database information Table 13 3 provides an explanation of the command output Matrix Router show ip ospf database OSPF Router with ID 182 127 64 1 Displaying Net Link States Area 0 0 0 0 LinkID ADV Router Age Seq Checksum 182 127 63 1 182 127 62 1 956 0x80000001 0xb6ca Displaying Router Link States Area 0 0 0 0 LinkID ADV Router Age Seq Checksum LinkCount 182 127 64 1 182 127 64 1 308 0x800000...

Page 649: ...Link ID Link ID which varies as a function of the link state record type as follows Net Link States Shows the interface IP address of the designated router to the broadcast network Router Link States Shows the ID of the router originating the record Summary Link States Shows the summary network prefix ADV Router Router ID of the router originating the link state record Age Age in seconds of the li...

Page 650: ...llo interval and dead interval show ip ospf interface vlan vlan_id Syntax Description Command Type Router command Command Mode Privileged EXEC Matrix Router Command Defaults If vlan_id is not specified OSPF statistics will be displayed for all VLANs Matrix Router show ip ospf border routers OSPF internal Codes i Intra area route I Inter area route i 192 168 22 1 64 via 192 168 11 1 VLAN2 ABR Area ...

Page 651: ...w ip ospf interface Output Details Output What It Displays Vlan Interface VLAN administrative status as up or down Internet Address IP address and mask assigned to this interface Router ID Router ID which OSPF selects from IP addresses configured on this router Network Type OSPF network type for instance broadcast Cost OSPF interface cost which is either default or assigned with the ip ospf cost c...

Page 652: ...val Section 13 1 2 7 the ip ospf hello interval Section 13 1 2 9 and the ip ospf dead interval Section 13 1 2 10 commands The wait timer represents the amount of time a router waits before initiating a designated router backup designated router election The wait timer changes when the dead interval changes The retransmit timer represents the amount of time between successive transmissions of LSAs ...

Page 653: ...is example shows how to use the show ospf neighbor command Table 13 5 provides an explanation of the command output detail Optional Displays detailed information about the neighbors including the area in which they are neighbors who the designated router backup designated router is on the subnet if applicable and the decimal equivalent of the E bit value from the hello packet options field ip_addr...

Page 654: ... show ip ospf virtual links Syntax Description None Command Type Router command Command Mode Privileged EXEC Matrix Router Command Defaults None Table 13 5 show ip ospf neighbor Output Details Output What It Displays ID Neighbor s router ID of the OSPF neighbor Pri Neighbor s priority over this interface State Neighbor s OSPF communication state Dead Int Interval in seconds this router will wait w...

Page 655: ...Hello 10 Dead 40 Wait 40 Retransmit 5 Adjacency State FULL Table 13 6 show ip ospf virtual links Output Details Output What It Displays Virtual Link ID of the virtual link neighbor and the virtual link status which is up or down Transit area ID of the transit area through which the virtual link is configured via interface Router s interface into the transit area Cost of using OSPF cost of routing ...

Page 656: ...ommand Type Router command Command Mode Privileged EXEC Matrix Router Command Defaults None Example This example shows how to reset OSPF process 1 process id Specifies the process ID an internally used identification number for each instance of the OSPF routing process run on a router Valid values are 1 to 65535 Matrix Router clear ip ospf process 1 ...

Page 657: ...o not want to receive from a particular multicast group the router can send a prune message back up the distribution tree to stop subsequent packets from traveling where there are no members DVMRP will periodically reflood in order to reach any new hosts that want to receive from a particular group Commands The commands needed to enable and configure DVMRP are listed below and described in the ass...

Page 658: ...d with a set of destinations for DVMRP reports ip dvmrp metric metric Syntax Description Command Type Router command Command Mode Interface configuration Matrix Router config if Vlan vlan_id Command Defaults None Matrix Router config interface vlan 1 Matrix Router config if Vlan 1 ip dvmrp metric Specifies a metric associated with a set of destinations for DVMRP reports Valid values are from 0 to ...

Page 659: ... 65 Example This example shows how to set a DVMRP of 16 on VLAN 1 13 1 3 3 show ip dvmrp route Use this command to display DVMRP routing information show ip dvmrp route Syntax Description None Command Type Router command Command Mode Privileged EXEC Router Command Defaults None Matrix Router config if Vlan 1 ip dvmrp metric 16 ...

Page 660: ... network mask and upstream neighbors Other items used to build the forwarding cache table are source groups received pruned neighbors and VLANs upstream and downstream VLANs and other information The forwarding cache table represents the local router s understanding of the shortest path source based delivery tree for each source group pair Basically it is the source s RPM Reverse Path Multicast fo...

Page 661: ...the same upstream neighbor via the same interface and four downstream VLANs The table shows that two VLANs have asked to be pruned from this multicast distribution route Matrix Router show ip mroute Active IP Multicast Sources Flags D Dense S Sparse C Connected L Local P Pruned R RP bit set F Register flag T SPT bit set Outgoing interface flags H Hardware switched Timers Uptime Expires Interface s...

Page 662: ...ure IRDP are listed below and described in the associated section as shown ip irdp Section 13 1 4 1 ip irdp maxadvertinterval Section 13 1 4 2 ip irdp minadvertinterval Section 13 1 4 3 ip irdp holdtime Section 13 1 4 4 ip irdp preference Section 13 1 4 5 ip irdp address Section 13 1 4 6 no ip irdp multicast Section 13 1 4 7 show ip irdp Section 13 1 4 8 13 1 4 1 ip irdp Use this command to enable...

Page 663: ...interval in seconds between IRDP advertisements ip irdp maxadvertinterval interval Syntax Description Command Syntax of the no Form The no form of this command resets the maximum advertisement interval to the default value of 600 seconds no irdp maxadvertinterval Command Type Router command Command Mode Interface configuration Matrix Router config if Vlan vlan_id Command Defaults None Matrix Route...

Page 664: ...ustom holdtime setting and resets the minimum advertisement interval to the default value of three fourths of the maxadvertinterval value no irdp minadvertinterval Command Type Router command Command Mode Interface configuration Matrix Router config if Vlan vlan_id Command Defaults None Example This example shows how to set the minimum IRDP advertisement interval to 500 seconds on VLAN 1 Matrix Ro...

Page 665: ...value no irdp holdtime Command Type Router command Command Mode Interface configuration Matrix Router config if Vlan vlan_id Command Defaults None Example This example shows how to set the IRDP hold time to 4000 seconds on VLAN 1 NOTE Hold time is automatically set at three times the maxadvertinterval value when the maximum advertisement interval is set as described in Section 13 1 4 2 and the min...

Page 666: ...P preference value to the default of 0 no irdp preference Command Type Router command Command Mode Interface configuration Matrix Router config if Vlan vlan_id Command Defaults None Example This example shows how to set the IRDP preference value to 80000000 seconds on VLAN 1 preference Specifies the value to indicate the interface s use as a default router address Valid values are 2147483648 to 21...

Page 667: ...his example shows how to advertise IP address 183 255 0 162 with a preference of 1 on VLAN 1 13 1 4 7 no ip irdp multicast Use this command to enable the router to send IRDP advertisements using broadcast rather than multicast transmissions By default the router sends IRDP advertisements via multicast no ip irdp multicast ip_address Specifies an IP address to advertise preference Specifies the val...

Page 668: ...ng broadcast 13 1 4 8 show ip irdp Use this command to display IRDP information show ip irdp vlan vlan_id Syntax Description Command Type Router command Command Mode Interface configuration Matrix Router config if Vlan vlan_id Command Defaults If vlan vlan_id is not specified IRDP information for all interfaces will be displayed Matrix Router config interface vlan 1 Matrix Router config if Vlan 1 ...

Page 669: ...ng IRDP Matrix E1 Series 1G58x 09 and 1H582 xx Configuration Guide 13 75 Example This example shows how to display IRDP information for VLAN 1 Matrix Router config interface vlan 1 Matrix Router config if vlan 1 show ip irdp vlan 1 Interface 1 is not enabled ...

Page 670: ...commands needed to enable and configure VRRP are listed below and described in the associated section as shown router vrrp Section 13 1 5 1 create Section 13 1 5 2 address Section 13 1 5 3 priority Section 13 1 5 4 advertise interval Section 13 1 5 5 critical ip Section 13 1 5 6 preempt Section 13 1 5 7 enable Section 13 1 5 8 ip vrrp authentication key Section 13 1 5 9 ip vrrp message digest key ...

Page 671: ...rp Command Type Router command Command Mode Global configuration Matrix Router config Command Defaults None Example This example shows how enable VRRP configuration mode 13 1 5 2 create Use this command to create a VRRP session create vlan vlan_id vrid Matrix Router configure terminal Matrix Router config router vrrp Matrix Router config router NOTE This command must be executed to create an insta...

Page 672: ...ster sends an advertisement to all other VRRP routers declaring its status and assumes responsibility for forwarding packets associated with its virtual router ID VRID If the virtual router IP address is not owned by any of the VRRP routers then the routers compare their priorities and the higher priority owner becomes the master If priority values are the same then the VRRP router with the higher...

Page 673: ...er 13 1 5 4 priority Use this command to set a priority value for a VRRP router priority vlan vlan_id vrid priority_value vlan vlan_id Specifies the number of the VLAN on which to configure a virtual router address This VLAN must be configured for IP routing as described in Section 3 3 2 vrid Specifies a unique Virtual Router ID VRID associated with the routing interface Valid values are from 1 to...

Page 674: ...the VLAN on which to configure VRRP priority This VLAN must be configured for IP routing as described in Section 3 3 2 vrid Specifies a unique Virtual Router ID VRID associated with the routing interface Valid values are from 1 to 255 priority_value Specifies the VRRP priority value to associate with the vrid Valid values are from 1 to 254 with the highest value setting the highest priority Priori...

Page 675: ..._id vrid interval Syntax Description Command Syntax of the no Form The no form of this command clears the VRRP advertise interval value no advertise interval vlan vlan_id vrid interval Command Type Router command Command Mode Router configuration Matrix Router config router Command Defaults None NOTE All routers with the same VRID should be configured with the same advertisement interval vlan vlan...

Page 676: ...t access would be considered a critical IP address for VRRP routing critical ip vlan vlan_id vrid ip_address Syntax Description Command Syntax of the no Form The no form of this command clears the critical IP address no critical ip vlan vlan_id vrid ip_address Command Type Router command Command Mode Router configuration Matrix Router config router Command Defaults None Matrix Router config router...

Page 677: ...ription Command Syntax of the no Form The no form of this command disables preempt mode no preempt vlan_id vrid Command Type Router command Command Mode Router configuration Matrix Router config router Command Defaults None Matrix Router config router vrrp Matrix Router config router critical ip vlan 1 1 182 127 62 3 NOTE The router that owns the virtual router IP address always preempts other rou...

Page 678: ...Type Router command Command Mode Router configuration Matrix Router config router Command Defaults None Matrix Router config router vrrp Matrix Router config router no preempt vlan 1 1 NOTE Before enabling VRRP you must set the other options described in this section Once enabled you cannot make any configuration changes to VRRP without first disabling it using the no enable vlan command vlan vlan...

Page 679: ...hentication key Command Type Router command Command Mode Interface configuration Matrix Router config if Vlan vlan_id Command Defaults None Example This example shows how to set the VRRP authentication password to vrrpkey on VLAN 1 13 1 5 10ip vrrp message digest key Use this command to set a VRRP MD5 authentication password on an interface ip vrrp message digest key md5 password Matrix Router con...

Page 680: ...an 1 Command Defaults None Example This example shows how to set the VRRP MD5 authentication password to qwer on VLAN 1 13 1 5 11show ip vrrp Use this command to display VRRP routing information show ip vrrp Syntax Description None Command Type Router command Command Mode Global configuration Matrix Router config md5 Specifies the authentication type as MD5 password Specifies an MD5 authentication...

Page 681: ...RRP Matrix E1 Series 1G58x 09 and 1H582 xx Configuration Guide 13 87 Command Defaults None Example This example shows how to display VRRP information Matrix Router config show ip vrrp VRRP CONFIGURATION Vlan Vrid State Owner AssocIpAddr 1 1 Master 1 182 127 63 1 ...

Page 682: ...Process Overview Routing Protocol Configuration Configuring VRRP 13 88 Matrix E1 Series 1G58x 09 and 1H582 xx Configuration Guide ...

Page 683: ... For an overview on working with HACA refer to Section 14 4 1 For details on using CLI commands to configure HACA RADIUS refer to Section 14 3 1 802 1X Port Based Network Access Control using EAPOL Extensible Authentication Protocol Over LANs provides a mechanism via a RADIUS server for administrators to securely authenticate and grant appropriate access to end user devices directly attached to Ma...

Page 684: ...tion 14 3 7 Denial of Service DoS Prevention prevents Denial of Service attacks including land fragmented and large ICMP packets spoofed address attacks and UDP TCP port scanning For details refer to Section 14 3 8 Flow Setup Throttling FST prevents the effects of DoS attacks by limiting the number of new or established flows that can be programmed on any individual switch port For details refer t...

Page 685: ...s including IP address timeout period and number of user login attempts allowed Reset RADIUS server settings to default values Configure a RADIUS accounting server Commands The commands needed to review and configure RADIUS are listed below and described in the associated section as shown show radius Section 14 3 1 1 set radius Section 14 3 1 2 clear radius Section 14 3 1 3 show radius accounting ...

Page 686: ...faults If no parameters are specified all RADIUS configuration information will be displayed last resort action Optional Displays last resort action settings This is the action to be taken if the RADIUS server times out during local or remote login retries Optional Displays the maximum number of attempts a user can contact the RADIUS server before timing out server index Optional Displays all or a...

Page 687: ...nabled or disabled RADIUS retries Maximum number of attempts a user can contact the RADIUS server before timing out The default value of 3 can be reset using the set radius command as described in Section 14 3 1 2 RADIUS timeout Maximum amount of time in seconds to establish contact with the RADIUS server before timing out The default value of 20 can be reset using the set radius command as descri...

Page 688: ... RADIUS last resort action Last resort action to be taken if the RADIUS server times out during local or remote login Possible actions are Accept allows access Reject doesn t allow access and Challenge prompts for local password enable disable Enables or disables the RADIUS client last resort action Sets the action to be taken if the RADIUS server times out during login local Sets last resort acti...

Page 689: ...er secret Read Write password to access this server Device will prompt for this entry upon creating a server instance as shown in the example below timeout timeout_value Specifies the maximum amount of time in seconds to establish contact with the RADIUS server before timing out Valid values are from 1 2147483647 Default is 20 seconds mgmt auth enable disable Enables or disables RADIUS login authe...

Page 690: ...s command to reset RADIUS server settings to default values clear radius last resort action local remote retries server index all timeout Syntax Description Command Type Switch command Matrix set radius server 1 10 1 6 203 1812 Server Secret Retype Server Secret Warning rfc2138 recommends secret minimum length of 16 Matrix set radius timeout 5 Matrix set radius retries 10 last resort action local ...

Page 691: ...ode Read Write Command Defaults If local or remote are not specified all last resort actions will be reset Examples This example shows how to reset configurations on all RADIUS servers This example shows how to reset the RADIUS timeout to the default value of 20 seconds Matrix clear radius server all Matrix clear radius timeout ...

Page 692: ...g configuration information will be displayed server index Optional Displays one or all RADIUS accounting server configurations counter index Optional Displays counters for one or all active RADIUS accounting servers retries Optional Displays the maximum number of attempts to contact the RADIUS accounting server before timing out timeout Optional Displays the maximum amount of time in seconds to e...

Page 693: ...tings have not been changed One server has been configured The Matrix E1 Series device allows for up to 10 RADIUS accounting servers to be configured with up to 2 active at any given time For details on enabling and configuring RADIUS accounting refer to Section 14 3 1 5 Matrix show radius accounting Accounting status Disabled Accounting update interval 1800 secs Accounting interval minimum 600 se...

Page 694: ... 65535 server secret Read Write password to access this accounting server Device will prompt for this entry upon creating a server instance as shown in the example below retries retries index Sets the maximum number of attempts to contact a specified RADIUS accounting server before timing out Valid retry values are 1 2147483647 timeout timeout index Sets the maximum amount of time in seconds to es...

Page 695: ...secret password entered here must match that already configured as the Read Write rw password on the RADIUS accounting server This example shows how to set the RADIUS accounting timeout to 30 seconds on server 6 This example shows how to set RADIUS accounting retries to 10 on server 6 Matrix set radius accounting server 1 10 2 4 12 1800 Server Secret Retype Server Secret Make This Entry Active y n...

Page 696: ... Write Command Defaults None Example This example shows how to reset the RADIUS accounting timeout to 5 seconds on all servers server index all Clears the configuration on one or more accounting servers counter index all Clears counters on one or more accounting servers retries index all Resets the retries to the default value of 2 on one or more accounting servers timeout index all Resets the tim...

Page 697: ...x Section 14 3 2 3 set dot1x auth config Section 14 3 2 4 set dot1x port Section 14 3 2 5 clear dot1x auth config Section 14 3 2 6 show eapol Section 14 3 2 7 set eapol Section 14 3 2 8 For an overview on 802 1X port based authentication refer to Section 14 4 2 NOTES When both 802 1X and MAC authentication are enabled on the same device the switch enforces a precedence relationship between MAC aut...

Page 698: ...Defaults If no parameters are specified 802 1X status will be displayed If port string is not specified authentication information for all ports will be displayed Examples This example shows how to display 802 1X status auth config Optional Displays authentication configuration information auth diag Optional Displays authentication diagnostics information auth session stats Optional Displays authe...

Page 699: ...uts While Authenticating 0 Fail While Authenticating 0 ReAuths While Authenticating 0 EAP Starts While Authenticating 0 EAP Logoff While Authenticating 0 ReAuths While Authenticated 0 EAP Starts While Authenticated 0 EAP Logoff While Authenticated 0 Backend Responses 0 Backend Access Challenges 0 Backend Other Requests To Supp 0 Backend NonNak Responses From Supp 0 Backend Auth Successes 0 Backend...

Page 700: ...ics for Fast Ethernet front panel port 1 Matrix show dot1x auth stats fe 0 1 Port 1 Auth Stats EAPOL Frames Rx 0 EAPOL Frames Tx 0 EAPOL Start Frames Rx 0 EAPOL Logoff Frames Rx 0 EAPOL RespId Frames Rx 0 EAPOL Resp Frames Rx 0 EAPOL ReqId Frames Tx 0 EAPOL Req Frames Tx 0 Invalid EAPOL Frames Rx 0 EAP Length Error Frames Rx 0 Last EAPOL Frame Version 0 Last EAPOL Frame Source 0 0 0 0 0 0 ...

Page 701: ...ll be displayed If port string is not specified information for all ports will be displayed authcontrolled portcontrol Optional Displays the EAPOL port control mode keytxenabled Optional Displays the state of 802 1X key transmission maxreq Optional Displays the value set for maximum requests quietperiod Optional Displays the value set for quiet period reauthenabled Optional Displays the state of r...

Page 702: ...t Ethernet front panel port 1 14 3 2 3 set dot1x Use this command to enable or disable 802 1X authentication set dot1x enable disable Syntax Description Command Type Switch command Command Mode Read Write Command Defaults None Example This example shows how to enable 802 1X Matrix show dot1x auth config authcontrolled portcontrol fe 0 1 Port 1 Auth controlled port control Auto Matrix show dot1x au...

Page 703: ...ate of the port For details on this mode refer to Table 14 2 forced auth Forced authorized mode which disables authentication on the port forced unauth Forced unauthorized mode which filters and discards all frames received on the port keytxenabled false true Enables true or disables false 802 1X key transmission maxreq value Specifies the maximum number of authentictation requests allowed Valid v...

Page 704: ... panel ports 1 3 This example shows how to set the 802 1X quiet period to 120 seconds on Fast Ethernet front panel ports 1 3 supptimeout timeout Specifies a timeout period in seconds for the authentication supplicant Valid values are 1 2147483647 txperiod value Specifies the period in seconds allowed for the transmission of 802 1X keys Valid values are 1 2147483647 port string Specifies the port s...

Page 705: ...ommand Type Switch command Command Mode Read Write Command Defaults If not specified both initialization control and reauthentication on specified ports Example This example shows how to enable reauthentication control on ports fe 0 1 5 port string Specifies the port s on which to enable reauthentication or reauthentication For a detailed description of possible port string values refer to Section...

Page 706: ...s will be set on all ports authcontrolled portcontrol Optional Resets the 802 1X port control mode to auto keytxenabled Optional Resets the 802 1X key transmission state to disabled false maxreq Optional Resets the maximum requests value to 2 quietperiod Optional Resets the quiet period value to 60 seconds reauthenabled Optional Resets the reauthentication control state to disabled false reauthper...

Page 707: ...l ports 1 3 14 3 2 7 show eapol Use this command to display EAPOL settings for one or more ports show eapol port string Syntax Description Command Type Switch command Command Mode Read Only Command Alternatives v3 xx xx and higher show dot1x Section 14 3 2 1 show dot1x auth config authcontrolled portcontrol Section 14 3 2 4 Matrix clear dot1x auth config authcontrolled portcontrol Matrix clear dot...

Page 708: ...orts 1 3 Table 14 2 provides an explanation of the command output For details on using the set eapol command to enable the protocol and assign an authentication mode refer to Section 14 3 2 8 Matrix show eapol fe 0 1 3 EAPOL is disabled Port Authentication State Authentication Mode fe 0 1 Initialized Auto fe 0 2 Initialized Auto fe 0 3 Initialized Auto Table 14 2 show eapol Output Details Output W...

Page 709: ...change reauthentication failure or management intervention connecting While in this state the authenticator sends request ID messages to the end user authenticating The port enters this state from connecting after receiving a response ID from the end user It remains in this state until the entire authentication exchange between the end user and the authentication server completes authenticated The...

Page 710: ...uthorized Mode Meant to disable authentication on a port It is intended for ports that support ISLs and devices that cannot authenticate such as printers and file servers If a default policy is applied to the port via the policy profile MIB then frames are forwarded according to the configuration set by that policy otherwise frames are forwarded according to the current configuration for that port...

Page 711: ...v3 xx xx and higher set dot1x Section 14 3 2 3 set dot1x auth config authcontrolled portcontrol Section 14 3 2 4 enable disable Enables or disables EAPOL auth mode auto forced authorized forced unauthorized Specifies the authorization mode as auto Auto authorization mode This is the default mode and will forward frames according to the authentication state of the port For details on this mode refe...

Page 712: ...the associated policy rules For an overview on working with MAC authentication refer to Section 14 4 2 Commands The commands needed to review enable disable and configure MAC authentication are listed below and described in the associated section as shown show macauthentication Section 14 3 3 1 show macauthentication session Section 14 3 3 2 set macauthentication Section 14 3 3 3 Matrix set eapol ...

Page 713: ...macauthentication macreauthenticate Section 14 3 3 10 set macauthentication reauthperiod Section 14 3 3 11 set macauthentication quietperiod Section 14 3 3 12 14 3 3 1 show macauthentication Use this command to display MAC authentication information for one or more ports show macauthentication port string Syntax Description Command Type Switch command Command Mode Read Only Command Defaults If por...

Page 714: ...e 0 4 disabled 30 3600 1 1 disabled fe 0 5 disabled 30 3600 1 1 disabled fe 0 6 disabled 30 3600 1 1 disabled fe 0 7 disabled 30 3600 1 1 disabled fe 0 8 disabled 30 3600 1 1 disabled fe 0 9 disabled 30 3600 1 1 disabled fe 0 10 disabled 30 3600 1 1 disabled fe 0 11 disabled 30 3600 1 1 disabled fe 0 12 disabled 30 3600 1 1 disabled fe 0 13 disabled 30 3600 1 1 disabled fe 0 14 disabled 30 3600 1 ...

Page 715: ...ues refer to Section 4 1 2 Port State Whether or not MAC authentication is enabled or disabled on this port Quiet Period Quiet period for this port Default value of 30 can be changed using the set macauthentication quietperiod command described in Section 14 3 3 12 Reauth Period Reauthentication period for this port Default value of 30 can be changed using the set macauthentication reauthperiod co...

Page 716: ...o display MAC session information for Fast Ethernet front panel port 2 Table 14 4 provides an explanation of the command output port string Optional Displays active MAC authenticated sessions for specific port s For a detailed description of possible port string values refer to Section 4 1 2 Matrix show macauthentication session fe 0 2 Port MAC Address Duration Reauth Period Reauthentications fe 0...

Page 717: ...This example shows how to globally enable MAC authentication Reauth Period Reauthentication period for this port set using the set macauthentication reauthperiod command described in Section 14 3 3 11 Reauthentications Whether or not reauthentication is enabled or disabled on this port Set using the set macauthentication reauthentication command described in Section 14 3 3 8 enable disable Globall...

Page 718: ...se this command to set a MAC authentication password set macauthentication password password Syntax Description Command Type Switch command Command Mode Read Write Command Defaults None Example This example shows how to set the MAC authentication password to macauth password Specifies a text string MAC authentication password Matrix set macauthentication password macauth ...

Page 719: ... or disabled on all ports Example This example shows how to enable MAC authentication on Fast Ethernet front panel ports 1 through 5 NOTE Enabling port s for MAC authentication requires globally enabling MAC authentication on the device as described in Section 14 3 3 3 and then enabling it on a port by port basis By default MAC authentication is globally disabled and disabled on all ports enable d...

Page 720: ... all MAC authentication ports will be initialized Example This example shows how to force Fast Ethernet front panel ports 1 through 5 to initialize 14 3 3 7 set macauthentication macinitialize Use this command to force a current MAC authentication session to re initialize and remove the session set macauthentication macinitialize mac_addr Syntax Description Command Type Switch command Command Mode...

Page 721: ...ion enable disable port string Syntax Description Command Type Switch command Command Mode Read Write Command Defaults If port string is not specified reauthentication will be enabled or disabled on all MAC authentication ports Example This example shows how to enable MAC reauthentication on Fast Ethernet front panel ports 1 through 5 Matrix set macauthentication macinitialize 00 60 97 b5 4c 07 en...

Page 722: ...C authentication ports will be forced to reauthenticate Example This example shows how to force Fast Ethernet front panel ports 1 through 5 to reauthenticate 14 3 3 10set macauthentication macreauthenticate Use this command to force an immediate reauthentication of a MAC address set macauthentication macreauthenticate mac_addr Syntax Description Command Type Switch command Command Mode Read Write ...

Page 723: ...tication reauthperiod time port string Syntax Description Command Type Switch command Command Mode Read Write Command Defaults If port string is not specified the reauthentication period will be set on all MAC authentication ports Example This example shows how to globally set the MAC reauthentication period to 7200 seconds 2 hours Matrix set macauthentication macreauthenticate 00 60 97 b5 4c 07 t...

Page 724: ...d Type Switch command Command Mode Read Write Command Defaults If port string is not specified the authentication quiet period will be set on all MAC authentication ports Example This example shows how to globally set the MAC quiet period to 3600 seconds 1 hour time Specifies the number of seconds between reauthentication attempts Valid values are 1 4294967295 Default is 30 port string Optional Se...

Page 725: ...4 1 show maclock stations Section 14 3 4 2 set maclock enable Section 14 3 4 3 set maclock disable Section 14 3 4 4 set maclock Section 14 3 4 5 set maclock firstarrival Section 14 3 4 6 set maclock static Section 14 3 4 7 set maclock move Section 14 3 4 8 clear maclock static Section 14 3 4 9 show maclock autostatic Section 14 3 4 10 set maclock autostatic Section 14 3 4 11 set maclock autostatic...

Page 726: ...3 4 1 show maclock Use this command to display the status of MAC locking on one or more ports show maclock port string Syntax Description Command Defaults If port string is not specified MAC locking status will be displayed for all ports Command Type Switch command Command Mode Read Only port string Optional Displays MAC locking status for specified port s For a detailed description of possible po...

Page 727: ...fe 0 1 disabled disabled 15 600 fe 0 2 enabled enabled 0 5 fe 0 3 disabled disabled 15 200 fe 0 4 disabled disabled 0 0 fe 0 5 disabled disabled 3 600 fe 0 6 disabled disabled 15 600 fe 0 7 disabled disabled 15 600 fe 0 8 enabled disabled 15 600 fe 0 9 disabled disabled 15 600 fe 0 10 disabled disabled 15 600 fe 0 11 disabled disabled 15 600 fe 0 12 disabled disabled 15 600 fe 0 13 disabled disabl...

Page 728: ...bled by default For details on using set maclock commands to enable it on the device and on one or more ports refer to Section 14 3 4 3 and Section 14 3 4 5 Trap Status Whether MAC lock trap messaging is enabled or disabled on the port For details on setting this status using the set maclock trap command refer to Section 14 3 4 17 Max Static Allocated The maximum static MAC addresses allowed locke...

Page 729: ...e port string values refer to Section 4 1 2 firstarrival firstarrival port string Optional Displays MAC locking information about end stations first connected to all MAC locked ports or about those first connected to specific port s static static port string Optional Displays MAC locking information about static management defined end stations connected to all MAC locked ports or about those conne...

Page 730: ...0 8 Number of stations found 3 Port Number MAC address Status State fe 0 8 00 20 78 06 0e a0 active first learned fe 0 8 00 44 55 44 55 21 active static fe 0 8 00 a0 39 00 0c 7b active first learned Table 14 6 show maclock stations Output Details Output What It Displays Port Number Port designation For a detailed description of possible port string values refer to Section 4 1 2 MAC address MAC add...

Page 731: ... maclock disable Use this command to disable MAC locking on one or more ports set maclock disable port string Syntax Description Command Defaults If port string is not specified MAC locking will be disabled on all ports Command Type Switch command Command Mode Read Write port string Optional Enables MAC locking on specific port s For a detailed description of possible port string values refer to S...

Page 732: ...ommand Type Switch command Command Mode Read Write Matrix set maclock disable fe 0 3 NOTE Configuring one or more ports for MAC locking requires globally enabling it on the device first using the set maclock enable command as described in Section 14 3 4 3 mac_address Specifies the MAC address for which MAC locking will be created enabled or disabled port string Specifies the port on which to creat...

Page 733: ...t port set maclock firstarrival port string value Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to restrict MAC locking to 6 MAC addresses on Fast Ethernet front panel port 3 Matrix set maclock 00 a0 c9 0d 32 11 fe 0 3 create port string Specifies the port on which to limit MAC locking For a detailed description of possi...

Page 734: ...ing value Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to use restrict MAC locking to 4 static addresses on Fast Ethernet front panel port 3 port string Specifies the port on which to limit MAC locking For a detailed description of possible port string values refer to Section 4 1 2 value Specifies the number of static M...

Page 735: ...rrival MACs to static entries on Fast Ethernet front panel port 3 14 3 4 9 clear maclock static Use this command to remove statically locked MACs from a port clear maclock static port string Syntax Description Command Defaults None port string Specifies the port where all current first arrival MACs will be moved to static entries For a detailed description of possible port string values refer to S...

Page 736: ...n one or more ports show maclock autostatic port port string Syntax Description Command Defaults If port string is not specified the status of the MAC locking autostatic function will be displayed for all ports as well as the public ingress and egress VLANs and public MAC address configured for the autostatic function Command Type Switch command Command Mode Read Only Matrix clear maclock static f...

Page 737: ...o determine when to lock the port When the MAC locking autostatic function is enabled on a port the address will not be allowed to move to another port If the autostatic function is not enabled static MAC locking can still be applied to multiple ports to scope valid ports for a particular MAC address Once enabled the autostatic function is enabled the dynamic address count will be disregarded unle...

Page 738: ...different from the egress VLAN s traffic use to leave the switch the this command can be used with the set maclock autostatic publicvlan command Section 14 3 4 13 and the set maclock autostatic publicmac command Section 14 3 4 14 to automatically assign MAC VID bindings to both the ingress and egress ports to improve switch performance set maclock autostatic isl port string enable disable port str...

Page 739: ...ostatic publicvlan Use this command to set the public ingress or egress VLAN that can be used with autostatic MAC locking set maclock autostatic publicvlan vlan id ingress egress Syntax Description Command Defaults None Command Type Switch command port string Specifies the port s on which to enable or disable the auto learning function For a detailed description of possible port string values refe...

Page 740: ...mmand to set the public MAC address to which all ports communicate when MAC locking autostatic is enabled set maclock autostatic publicmac mac address Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to assign MAC address 00 a0 c9 0d 32 11 as the public autostatic MAC locking address Matrix set maclock autostatic publicvlan...

Page 741: ...scription Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to assign MAC address 01 00 5e 00 00 05 as the autostatic MAC pass through address NOTE For this command to work properly both the public ingress and egress VLANs must be configured for autostatic MAC locking and described in Section 14 3 4 13 and the pass through MAC address must be ...

Page 742: ...le shows how to reset the MAC locking autostatic function on Fast Ethernet front panel port 3 back to the default state of disabled isl port string Resets autolearning of the autostatic public VLAN back to the default state of disabled for one or more ports or clears the public VLAN ID on specified ports publicmac Clears the autostatic public MAC address publicvlan egress ingress Clears the autost...

Page 743: ...maclock static commands Violating MAC addresses are dropped from the device s routing table set maclock trap port string enable disable Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to enable MAC lock trap messaging on Fast Ethernet front panel port 3 port string Specifies the port on which MAC lock trap messaging will b...

Page 744: ...iption Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to clear MAC locking between MAC address 00 a0 c9 0d 32 11 and Fast Ethernet front panel port 3 mac_address Specifies the MAC address for which the MAC locking will be cleared port string Specifies the port on which to clear MAC locking For a detailed description of possible port string ...

Page 745: ...o beyond the switch port to which the user is connected To log on using PWA the user makes a request via a web browser for the Secure Harbour web page Depending upon the authenticated state of the port a login page or a logout page will display When a user submits a login page with a configured username and password the switch then authenticates the user via a preconfigured RADIUS server If the lo...

Page 746: ...Section 14 3 5 9 set pwa guestname Section 14 3 5 10 set pwa guestpassword Section 14 3 5 11 set pwa gueststatus Section 14 3 5 12 set pwa initialize Section 14 3 5 13 set pwa quietperiod Section 14 3 5 14 set pwa maxrequests Section 14 3 5 15 set pwa portcontrol Section 14 3 5 16 14 3 5 1 show pwa Use this command to display port web authentication information show pwa Syntax Description None Com...

Page 747: ...forceAuthorized authenticated 60 2 ge 0 3 forceAuthorized authenticated 60 2 ge 0 4 forceAuthorized authenticated 60 2 ge 0 5 forceAuthorized authenticated 60 2 ge 0 6 forceAuthorized authenticated 60 2 Table 14 7 show pwa Output Details Output What It Displays PWA Status Whether or not port web authentication is enabled or disabled Default state of disabled can be changed using the set pwa comman...

Page 748: ...A enhanced mode networking Default value of guest can be changed using the set pwa guestname command as described in Section 14 3 5 10 PWA Guest Password Guest user s password Default value of an empty string can be changed using the set pwa guestpassword command as described in Section 14 3 5 11 PWA Guest Network Status Whether PWA guest user status is disabled or enabled with RADIUS or no authen...

Page 749: ...o the network Default value of 60 can be changed using the set pwa quietperiod command as described in Section 14 3 5 14 MaxReq Maximum number of log on attempts allowed before transitioning the port to a held state Default value of 2 can be changed using the set pwa maxrequests command as described in Section 14 3 5 15 NOTE Port Web Authentication cannot be enabled if either MAC authentication or...

Page 750: ...lts None Command Type Switch command Command Mode Read Write Example This example shows how to set the PWA host name to pwahost 14 3 5 4 set pwa displaylogo Use this command to set the display options for the Enterasys Networks logo on the PWA website set pwa displaylogo display hide Syntax Description Command Defaults None Command Type Switch command name Specifies a name for accessing the PWA lo...

Page 751: ... refreshtime Use this command to set the port web authentication screen refresh time set pwa refreshtime time Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to set the PWA screen refresh time to 60 seconds Matrix set pwa displaylogo hide time Specifies the time interval in seconds at which the PWA screen will refresh Vali...

Page 752: ...ommand Type Switch command Command Mode Read Write Example This example shows how to enable PWA name services 14 3 5 7 set pwa ipaddress Use this command to set the PWA IP address This is the IP address of the end station from which PWA will prevent network access until the user is authenticated It is bound to the host name configured in Section 14 3 5 3 set pwa ipaddress ip address Syntax Descrip...

Page 753: ...hentication protocol set pwa protocol chap pap Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to set a the PWA protocol to CHAP Matrix set pwa ipaddress 1 2 3 4 chap pap Sets the PWA protocol to CHAP PPP Challenge Handshake Protocol encrypts the username and password between the end station and the switch port PAP Passwor...

Page 754: ...be presented the PWA login page on their initial web access They will also be granted guest networking privileges set pwa enhancedmode enable disable Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to enable PWA enhanced mode NOTE In order for PWA enhanced mode to operate PWA port control mode must be set to auto as descri...

Page 755: ...name Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to set the PWA guest user name to guestuser 14 3 5 11set pwa guestpassword Use this command to set the guest user password for PWA networking When enhanced mode is enabled as described in Section 14 3 5 9 PWA will use this password and the guest user name to grant networ...

Page 756: ...th default policy privileges to users without established login names and passwords set pwa gueststatus authnone authradius disable Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to enable PWA guest networking with RADIUS authentication Matrix set pwa guestpassword Guest Password Retype Guest Password authnone Enables gue...

Page 757: ...et front panel ports 5 7 14 3 5 14set pwa quietperiod Use this command to set the amount of time a port will remain in the held state after a user unsuccessfully attempts to log on to the network set pwa quietperiod time port string Syntax Description Command Defaults If port string is not specified quiet period will be set for all ports port string Optional Initializes specific port s For a detai...

Page 758: ...efore transitioning the PWA port to a held state set pwa maxrequests requests port string Syntax Description Command Defaults If port string is not specified maximum requests will be set for all ports Command Type Switch command Command Mode Read Write Example This example shows how to set the PWA maximum requests to 3 for all ports Matrix set pwa quietperiod 30 fe 0 5 7 requests Specifies the max...

Page 759: ... will respond to requests If a default policy exists on the port it will be ignored in the unauthenticated state NOTE In order for PWA enhanced mode to operate port control mode must be set to auto forceauthorized Sets the port to force authorized mode In this mode the port is transmitting and receiving traffic The Web server Login Logout screens are inaccessible as is the Secure Harbour IP Spoofi...

Page 760: ...address ciphers and MAC algorithms Commands The commands needed to review and configure SSH are listed below and described in the associated section as shown show ssh Section 14 3 6 1 ssh server Section 14 3 6 2 set ssh Section 14 3 6 3 set ssh ciphers Section 14 3 6 4 clear ssh ciphers Section 14 3 6 5 set ssh port Section 14 3 6 6 set ssh mac Section 14 3 6 7 clear ssh mac Section 14 3 6 8 set s...

Page 761: ...Examples This example shows how to display SSH status on the device This example shows how to display SSH operational configuration settings In this case settings have not been changed from default values ciphers Optional Displays server supported ciphers config admin oper Optional Displays SSH administration admin or operational oper configuration settings mac Optional Displays all server support...

Page 762: ...and Mode Read Write Command Defaults None Matrix show ssh sessions SSH Session 1 inbound Server Version SSH 2 0 3 0 4 SSH Secure Shell Username rw Client Host 10 0 0 2 Client Version SSH 1 99 3 1 0 SSH Secure Shell for Windows Host Key Exchange Algorithm diffie hellman group1 sha1 Public Key Algorithm ssh rsa MAC Hash Algorithm hmac md5 Cipher aes128 cbc SSH Session 2 outbound Server Version SSH 2...

Page 763: ...d Defaults If not specified TCP port 22 will be used as the SSH listening port Example This example shows how to configure a connection to an SSH server at IP address 10 0 0 12 with a login of rw Matrix set ssh disable ipaddr Specifies the IP address of the remote SSH server login Specifies a login name for the remote SSH server port Optional Specifies the remote SSH server s TCP listening port Va...

Page 764: ...d Command Mode Read Write Command Defaults None Example This example shows how to set the cipher name used for SSH encryption to blowfish cbc all Specifies that all supported ciphers will be allowed anycipher Specifies that all server supported ciphers will be allowed anystdcipher Specifies that the subset of server and IETF supported ciphers will be allowed ciphername Specifies a user named ciphe...

Page 765: ...ion Command Type Switch command Command Mode Read Write Command Defaults None Example This example shows how to rest SSH cipher names 14 3 6 6 set ssh port Use this command to set the SSH listening port set ssh port port_num Syntax Description Command Type Switch command Command Mode Read Write all Resets the cipher name to the default anycipher ciphername Specifies a user named cipher to clear Ma...

Page 766: ...ese algorithms provide integrity checking set ssh mac all anymac anystdmac mac_name Syntax Description Command Type Switch command Command Mode Read Write Command Defaults None Matrix set ssh port 4 all Specifies all server supported MAC algorithms anymac Specifies any server supported MAC algorithms anystdmac Specifies that the subset of server and IETF supported MAC algorithms mac_name Specifies...

Page 767: ...e this command to clear one or more MAC algorithms supported by SSH clear ssh mac all mac_name Syntax Description Command Type Switch command Command Mode Read Write Command Defaults None Example This example shows how to clear all SSH MAC algorithms Matrix set ssh mac hmac md5 all Specifies that all server supported MAC algorithms will be cleared mac_name Specifies a MAC algorithm name to be clea...

Page 768: ...example shows how to set the SSH re key interval to 7200 2 hours 14 3 6 10set ssh passwordguesses Use this command to set the number of SSH authentication attempts allowed before access is denied set ssh passwordguesses value Syntax Description Command Type Switch command value Specifies the interval in seconds between SSH key exchanges Valid values are from 0 which disables re keying to 86400 Def...

Page 769: ...val for an SSH client to authenticate set ssh logingracetime value Syntax Description Command Type Switch command Command Mode Read Write Command Defaults None Example This example shows how to set the SSH login grace time to 120 seconds 2 minutes 14 3 6 12clear ssh keys Use this command to regenerate new SSH authentication keys clear ssh keys Matrix set ssh passwordguesses 1 value Specifies the n...

Page 770: ...ate SSH keys 14 3 6 13clear ssh config Use this command to reset the SSH configuration to default settings clear ssh config Syntax Description None Command Type Switch command Matrix clear ssh keys Generating 1024 bit dsa key pair Key generated 1024 bit dsa Private key saved to sshdrv ssh2 dsa Public key saved to sshdrv ssh2 dsa pub Generating 1024 bit rsa key pair Key generated 1024 bit rsa Priva...

Page 771: ...rictions Commands The commands needed to review and configure security access lists are listed below and described in the associated section as shown show access lists Section 14 3 7 1 access list standard Section 14 3 7 2 access list extended Section 14 3 7 3 ip access group Section 14 3 7 4 14 3 7 1 show access lists Use this command to display configured IP access lists when operating in router...

Page 772: ... this command to define a standard IP access list by number when operating in router mode Restrictions defined by an access list are applied by using the ip access group command Section 14 3 7 4 access list access list number insert replace entry move destination source1 source2 deny permit source source wildcard access list number Optional Displays access list information for a specific access li...

Page 773: ...ess list entries before another entry Destination is the number of the existing entry before which this new entry will be moved Source1 is a single entry number or the first entry number in the range to be moved Source2 optional is the last entry number in the range to be moved If not specified only the source1 entry will be moved deny permit Denies or permits access if specified conditions are me...

Page 774: ...e network addresses Any host with a source address that does not match the access list statements will be rejected This example moves entry 16 to the beginning of ACL 144 14 3 7 3 access list extended Use this command to define an extended IP access list by number when operating in router mode Restrictions defined by an access list are applied by using the ip access group command as described in S...

Page 775: ...er configuration modes refer to Section 3 3 3 NOTE Valid access list numbers for extended ACLs are 100 to 199 For standard ACLs valid values are 1 to 99 access list number Specifies an extended access list number Valid values are from 100 to 199 insert replace entry Optional Inserts this new entry before a specified entry in an existing ACL or replaces a specified entry with this new entry move de...

Page 776: ... addresses A B C D any Any source host host source IP address of a single source host source wildcard Optional Specifies the bits to ignore in the source address destination Specifies the network or host to which the packet will be sent Valid options for expressing destination are IP address A B C D any Any destination host host source IP address of a single destination host destination wildcard O...

Page 777: ...rs will be applied to all ICMP message types If operator and port are not specified access parameters will be applied to all TCP or UDP ports If established is not specified TCP restriction will be applied to all connections operator port Optional Applies access rules to TCP or UDP source or destination port numbers Possible operands include lt port Match only packets with a lower port number gt p...

Page 778: ...ist number in out Syntax Description Command Syntax of the no Form The no form of this command removes the specified access list no ip access group access list number in out Command Type Router command Command Mode Interface configuration Matrix Router config if Vlan vlan_id Matrix Router config access list 101 deny ICMP any any Matrix Router config access list 102 deny TCP host 10 1 2 1 eq 42 any...

Page 779: ...n received on VLAN 1 are dropped 14 3 8 Configuring Denial of Service Prevention Purpose To configure Denial of Service DoS prevention which will protect the router from attacks and notify administrators via Syslog Commands The commands needed to configure DoS prevention are listed below and described in the associated section as shown show HostDos Section 14 3 8 1 HostDos Section 14 3 8 2 clear h...

Page 780: ...os Syntax Description None Command Type Router command Command Mode Global configuration Matrix Router config Command Defaults None ROUTER This command can be executed when the device is in router mode only For details on how to enable router configuration modes refer to Section 3 3 3 NOTE When fragmented ICMP packets protection is enabled the Ping of Death counter will not be incremented Ping of ...

Page 781: ...al of Service security features HostDos land fragmicmp largeicmp size checkspoof portscan Matrix Router config show HostDos LANDd Attack Destination IP Source IP Disabled Spoofed Address Check Disabled IP packet with multicast broadcast source address Always enabled 0 attacks Fragmented ICMP traffic Disabled Large ICMP packet Disabled Ping of Death attack Always enabled 0 attacks Port Scanning Dis...

Page 782: ...s larger than 2000 bytes land Enables land attack protection and automatically discards illegal frames fragmicmp Enables fragmented ICMP and Ping of Death packets protection and automatically discards illegal frames largeicmp size Enables large ICMP packets protection specifies the packet size above which the protection starts and automatically discards illegal frames Valid packet size values are ...

Page 783: ...nters clear hostdos counters Syntax Description None Command Type Router command Command Mode Global configuration Matrix Router config Command Defaults None Example This example shows how to clear Denial of Service security counters ROUTER This command can be executed when the device is in router mode only For details on how to enable router configuration modes refer to Section 3 3 3 Matrix Route...

Page 784: ...ork by allowing administrators to Globally enable FST on the switch and on a port by port basis Configure the maximum flows allowed per user classification port type and the actions that will occur when flow limits are reached Assign a user classification to each interface Control the generation of SNMP notifications Control the time in seconds to wait before generating another notification of the...

Page 785: ...p throttling information show flowlimit limit port port string stats port string Syntax Description Command Type Switch command Command Mode Read Only Command Defaults If no optional parameters are specified detailed flow limiting information will be displayed for all ports limit Optional Displays flow limits and actions port port string Optional Displays flow limiting port settings for one or all...

Page 786: ...Flow limit maximum flowcount 128000 Flow limit table Limit Action User port limit 1 1 limit 2 0 Server port limit 1 0 limit 2 0 Aggregation port limit 1 0 limit 2 0 Interswitch link limit 1 0 limit 2 0 Unspecified limit 1 0 limit 2 0 Table 14 8 show flowlimit Output Details Output What It Displays Flow limit status Whether FST is enabled or disabled Default state of disabled can be changed with th...

Page 787: ...mmand Section 14 3 9 6 Flow limit notification interval Interval in seconds at which an SNMP notification will be sent when a specified flow limit is reached This function can be enabled and the default interval of 120 can be changed with the set flowlimit notification command Section 14 3 9 7 Flow limit maximum flowcount Number of flows that if exceeded will trigger a configured action Set using ...

Page 788: ...n Section 14 3 9 4 set flowlimit limit 1 2 aggregationport interswitchlink serverport unspecified userport limit discard drop trap disable Syntax Description Matrix set flowlimit fe 0 1 5 enable 1 2 Specifies this configuration as action 1 or 2 Two actions describing what will occur when a certain flow limit is reached can be defined per user classification aggregationport interswitchlink serverpo...

Page 789: ...ts are accepted to this flow but are discarded not forwarded anywhere This allows the flow counters to be updated and possibly reach a second higher threshold action for example trap or disable as described below Dropping excess flows The E1 does not support this option If set the E1 will behave the same as setting the attribute to discard and discard flows will be created Generating an SNMP trap ...

Page 790: ...n 14 3 9 3 set flowlimit port string class aggregationport interswitchlink serverport unspecified userport Syntax Description Command Type Switch command Command Mode Read Write Command Defaults None Example This example shows how to assign the user port classification type to Fast Ethernet front panel ports 3 5 port string Specifies port s on which to assign user classification aggregationport in...

Page 791: ...how to remove flow limiting action 1 which is to discard all flows exceeding 12 on ports classified as user ports 1 2 Specifies that action 1 or 2 will be removed aggregationport interswitchlink serverport unspecified userport Removes this action configuration from the specified user classification port type For a description of these parameters refer back to Section 14 3 9 3 limit Specifies the n...

Page 792: ...igured with a disable action to shut down For information on using the set flowlimit limit command to configure set a disable action on a port refer to Section 14 3 9 3 set flowlimit shutdown enable disable Syntax Description Command Type Switch command Command Mode Read Write Command Defaults None Example This example shows how to enable the flow limit shut down function enable disable Enables or...

Page 793: ...owlimit notification enable disable interval interval Syntax Description Command Type Switch command Command Mode Read Write Command Defaults None Example This example shows how to enable the flow limit notification function 14 3 9 8 set flowlimit clearstats Use this command to reset flow limiting statistics back to default values on one or more port s set flowlimit port string clearstats Syntax D...

Page 794: ...14 112 Matrix E1 Series 1G58x 09 and 1H582 xx Configuration Guide Command Mode Read Write Command Defaults None Example This example shows how to reset flow limiting statistics back to default values on Fast Ethernet front panel port 5 Matrix set flowlimit fe 0 5 clearstats ...

Page 795: ...primary server It is not necessary to reboot after the client is reconfigured When the RADIUS client is active on the Matrix E1 device the user is prompted for a user login name and password when attempting to access the host IP address via CLI The embedded RADIUS client encrypts the information entered by the user and sends it to the RADIUS server for validation Then the server returns an access ...

Page 796: ...asswords token cards or other high level identification Thus a system manager does not need to spend hours setting low level MAC address filters on every edge switch to simulate user level access controls Divide system functionality between supplicants user machines authenticators and authentication servers Authenticators reside in edge switches They shuffle messages and tell the switch when to gr...

Page 797: ...hentication are enabled on the same device the switch enforces a precedence relationship between MAC authentication and 802 1X methods This section defines the precedence rules to determine which authentication method has control over an interface When both methods are enabled and when a user is authenticated using the 802 1X method 802 1X takes precedence over MAC authentication If the port or MA...

Page 798: ...the switch receives an EAPOL response ID frame Table 14 9 further defines the precedence rules the Matrix E1 uses to determine which authentication method has control over an interface NOTE The switch may terminate a session in many different ways All of these reactivate the MAC authentication method Refer to Table 14 9 for the precedence relationship between MAC and 802 1X authentication Table 14...

Page 799: ...n both methods are active Frames are discarded Auto Disabled Yes Don t Care Yes 802 1X performs authentication Frames are forwarded according to authorized policy Auto Disabled Yes Yes No 802 1X performs authentication Frames are forwarded according to default policy Auto Disabled Yes No No 802 1X performs authentication Frames are forwarded Auto Disabled No Yes Don t Care 802 1X performs authenti...

Page 800: ...zation Enabled Yes No No MAC performs authentication Frames are forwarded Force Unauthori zation Enabled No Yes Don t Care MAC performs authentication Frames are forwarded according to default policy Force Unauthori zation Enabled No No Don t Care MAC performs authentication Frames are discarded Force Unauthori zation Disabled Don t Care Don t Care Don t Care Neither method performs authentication...

Page 801: ...cy Profile Assignment If you configure an authentication method that requires communication with a RADIUS server you can use the RADIUS Filter ID attribute to dynamically assign a policy profile and or management level to authenticating users and or devices The RADIUS Filter ID attribute is simply a string that is formatted in the RADIUS Access Accept packet sent back from the RADIUS server to the...

Page 802: ...level management access authentication Enterasys version 1 mgmt level where level indicates the management level either ro rw or su To specify both management level and policy profile Enterasys version 1 mgmt level policy string The undecorated format is simply a string that specifies a policy profile name The undecorated format cannot be used for management access authentication Decorated Filter ...

Page 803: ...ord 13 37 port web 14 63 RADIUS server 14 6 14 12 RIP 13 11 SSH 14 86 to 14 87 VRRP 13 85 Auto negotiation 4 20 B Banner for Message of the Day 3 35 Baud Rate 3 47 Broadcast settings for IP routing 12 22 suppression enabling on ports 4 70 C Class of Service 9 1 Classification Precedence Rules 7 32 8 15 9 28 Classification Rules 8 8 entering data meanings for protocols 9 20 setting precedence 9 28 ...

Page 804: ...Authentication HACA how to use 14 113 Host VLAN 7 38 Hybrid quality of service QoS 9 14 queueing 9 2 I ICMP 11 53 12 34 IGMP 10 13 enabling and disabling 10 2 groups 10 7 setting query interval and response time 10 4 IGMP VLAN Registration IVR 10 9 Ingress Filtering 7 13 7 17 Interface Configuration Mode 12 6 Interface s configuring as VLANs for IP routing 3 93 configuring OSPF parameters 13 26 co...

Page 805: ...learing 3 90 displaying files stored in 3 57 downloading configuration to 3 65 O OSPF Area Border Routers ABRs 13 40 13 55 areas authentication 13 41 areas defining NSSAs 13 44 areas defining range 13 40 areas defining stub 13 42 configuration mode enabling 13 28 configuration tasks 13 26 cost 13 31 13 43 hello packet intervals 13 35 to 13 36 information displaying 13 51 to 13 60 link state advert...

Page 806: ... 63 Q Quality of Service QoS configuring 9 11 R RAD 11 38 Radius Client and HACA use of 14 113 RADIUS server 14 6 14 12 Rapid Spanning Tree Protocol RSTP 6 1 Rate Limiting 9 34 Redistribute 13 24 13 48 Reset 3 88 Resetting the Device 3 87 RIP authentication 13 11 configuration mode enabling 13 3 configuration tasks 13 2 distribute list 13 23 neighbors 13 5 network adding 13 4 offset 13 7 passive i...

Page 807: ...rver transferring configuration files 3 65 Thresholds setting port 4 27 Timeout ARP 12 20 CLI system 3 42 RADIUS 14 6 Timers OSPF 13 32 RIP 13 8 Traceroute in router mode 12 36 Traps port setting 4 39 U Updates disable RIP triggered 13 20 RIP distribute list 13 23 User accounts creating 3 23 V Version RIP receive 13 10 RIP send 13 9 Version Information 3 37 Virtual Links 13 45 13 60 VLANs assignin...

Page 808: ...Index Index 6 Matrix E1 Series 1G58x 09 and 1H582 xx Configuration Guide W WebView 1 2 3 12 Weighted Round Robin WRR 9 2 ...

Reviews:

No comments

Related manuals for 1G58x-09

D-Link DSL-500 Command Reference Manual preview
DSL-500
Brand: D-Link Pages: 15
D-Link DWL-G550 Product Data Sheet preview
DWL-G550
Brand: D-Link Pages: 2
B+B SmartWorx UR5i v2 Libratum Start Manual preview
UR5i v2 Libratum
Brand: B+B SmartWorx Pages: 8
B+B SmartWorx ICR-1601 Start Manual preview
ICR-1601
Brand: B+B SmartWorx Pages: 8
Ubiquiti NanoBeam M5 Setup preview
NanoBeam M5
Brand: Ubiquiti Pages: 3
National Instruments NI-9252 Calibration Procedure preview
NI-9252
Brand: National Instruments Pages: 9
TP-Link TD-8817 Specifications preview
TD-8817
Brand: TP-Link Pages: 3
Waves MaxxBCL Manual preview
MaxxBCL
Brand: Waves Pages: 41
Jøtul ERS 01 Operation And Maintenance Manual preview
ERS 01
Brand: Jøtul Pages: 20
HELVAR Imagine 920 Installation Manual preview
Imagine 920
Brand: HELVAR Pages: 2
ICP DAS USA USB-87P1 User Manual preview
USB-87P1
Brand: ICP DAS USA Pages: 62
IDT Digital Encoder Plus User Manual preview
Digital Encoder Plus
Brand: IDT Pages: 98
Conel UR5i v2 SL User Manual preview
UR5i v2 SL
Brand: Conel Pages: 32
NEC uPD75P3116 Datasheet preview
uPD75P3116
Brand: NEC Pages: 70
Cypress Semiconductor CY7C1303BV25 Specification Sheet preview
CY7C1303BV25
Brand: Cypress Semiconductor Pages: 19
Variscite VAR-EXT-CB103 Manual preview
VAR-EXT-CB103
Brand: Variscite Pages: 17
Vivint AirBridge VS-YOFIMN-000 Quick Reference preview
AirBridge VS-YOFIMN-000
Brand: Vivint Pages: 2
Edge-Core ES3510 Installation Manual preview
ES3510
Brand: Edge-Core Pages: 64

Brands by name

Popular brands

Load more brands