manualshive.com logo in svg

Enterasys Enterasys Matrix DFE-Gold Series, Configuration Manual

The Enterasys Matrix DFE-Gold Series offers advanced networking solutions for businesses. Easily configure your device with the comprehensive Configuration Manual available for free download from our website. Ensure optimal performance and security with this essential manual. Perfect for maximizing the potential of your Enterasys device.

Share
Download
background image

Enterasys Matrix DFE-Gold Series Configuration Guide

18-1

18

Network Address Translation (NAT) Configuration

This

 

chapter

 

describes

 

the

 

Network

 

Address

 

Translation

 

(NAT)

 

configuration

 

set

 

of

 

commands

 

and

 

how

 

to

 

use

 

them.

Configuring Network Address Translation (NAT)

The

 

Enterasys

 

Network

 

Address

 

Translation

 

(NAT)

 

implementation

 

supports

 

Basic

 

NAT

 

and

 

Network

 

Address

 

Port

 

Translation

 

(NAPT).

 

In

 

addition,

 

the

 

following

 

features

 

are

 

also

 

supported:

Static

 

and

 

Dynamic

 

NAT

 

Pool

 

Binding

FTP,

 

DNS,

 

TELNET,

 

SSH,

 

TFTP,

 

HTTP,

 

NTP

 

(Network

 

Time

 

Protocol),

 

and

 

ICMP

 

(with

 

five

 

different

 

error

 

messages)

 

software

 

path

 

NAT

 

translation

Force

 

Flows

 

(Secure

 

Plus)

Both

 

basic

 

NAT

 

and

 

NAPT

 

are

 

referred

 

to

 

as

 

traditional

 

NAT

 

and

 

provide

 

a

 

mechanism

 

to

 

connect

 

a

 

realm

 

with

 

private

 

addresses

 

to

 

an

 

external

 

realm

 

with

 

globally

 

unique

 

registered

 

addresses.

 

Basic

 

NAT

 

is

 

a

 

method

 

by

 

which

 

IP

 

addresses

 

are

 

mapped

 

from

 

one

 

group

 

to

 

another,

 

transparent

 

to

 

the

 

end

 

user.

 

NAPT

 

is

 

a

 

method

 

by

 

which

 

many

 

network

 

addresses,

 

along

 

with

 

their

 

associated

 

TCP/UDP

 

ports,

 

are

 

translated

 

into

 

a

 

single

 

network

 

address

 

and

 

its

 

associated

 

TCP/UDP

 

ports.

The

 

static

 

address

 

binding

 

feature

 

is

 

designed

 

for

 

both

 

the

 

basic

 

NAT

 

and

 

NAPT

 

implementations

 

to

 

support

 

static

 

and

 

no

 

expire

 

binding,

 

between

 

inside

 

and

 

outside

 

NAT

 

address

 

translation.

 

It

 

supports

 

one

to

one

 

binding,

 

local

 

addresses

 

to

 

global

 

addresses,

 

and

 

TCP/UDP

 

port

 

number

 

translations.

The

 

dynamic

 

address

 

binding

 

feature

 

is

 

designed

 

for

 

both

 

the

 

basic

 

NAT

 

and

 

NAPT

 

implementations

 

to

 

support

 

dynamic

 

binding

 

between

 

an

 

address

 

from

 

an

 

access

list

 

of

 

local

 

addresses

 

to

 

an

 

address

 

from

 

a

 

pool

 

of

 

global

 

addresses.

 

IP

 

addresses

 

defined

 

for

 

dynamic

 

binding

 

are

 

reassigned

 

whenever

 

they

 

become

 

available

 

from

 

the

 

global

 

address

 

pool.

 

NAPT

 

allows

 

port

 

address

 

translation

 

for

 

each

 

IP

 

address

 

in

 

the

 

global

 

pool.

 

The

 

ports

 

are

 

dynamically

 

assigned

 

between

 

a

 

range

 

of

 

1024

 

to

 

4999.

It

 

is

 

sometimes

 

possible

 

for

 

a

 

host

 

on

 

the

 

outside

 

global

 

network

 

that

 

knows

 

an

 

inside

 

local

 

address,

 

to

 

be

 

able

 

to

 

send

 

a

 

message

 

directly

 

to

 

the

 

inside

 

local

 

address

 

without

 

NAT

 

translation.

 

The

 

force

 

flows

 

feature,

 

set

 

using

 

the

 

command

 

ip

 

nat

 

secure

plus

 

on

 

page 18

7

,

 

is

 

designed

 

to

 

force

 

all

 

flows

 

between

 

the

 

inside

 

local

 

pool

 

and

 

the

 

outside

 

global

 

network

 

to

 

be

 

translated.

 

Router: 

Unless otherwise noted, the commands covered in this chapter can be executed only 

when the device is in router mode. For details on how to enable router configuration modes, refer to 

Enabling Router Configuration Modes

” on page 2-103.

Note: 

An Enterasys Feature Guide document that contains a complete discussion on NAT 

configuration exists at the following Enterasys web site: 

http://www.enterasys.com/support/

manuals/

Summary of Contents for Enterasys Matrix DFE-Gold Series

Page 1: ...P N 9033933 15 Enterasys Matrix DFE Gold Configuration Guide Firmware Version 6 11 xx...

Page 2: ......

Page 3: ...KS HAS BEEN ADVISED OF KNEW OF OR SHOULD HAVE KNOWN OF THE POSSIBILITY OF SUCH DAMAGES Enterasys Networks Inc 50 Minuteman Road Andover MA 01810 2008 Enterasys Networks Inc All rights reserved Part Nu...

Page 4: ...ssemble electronically transfer or reverse engineer the Licensed Software or to translate the Licensed Software into another computer language The media embodying the Licensed Software may be copied b...

Page 5: ...obligation under this Agreement including a failure to pay any sums due to Enterasys or in the event that You become insolvent or seek protection voluntarily or involuntarily under any bankruptcy law...

Page 6: ...es do not allow limitations on how long an implied warranty lasts and some states do not allow the exclusion or limitation of incidental or consequential damages so the above limitation and exclusion...

Page 7: ...onfiguring the Line Editor 2 11 Commands 2 13 show line editor 2 13 set line editor 2 14 Setting User Accounts and Passwords 2 15 Purpose 2 15 Commands 2 15 show system login 2 15 set system login 2 1...

Page 8: ...alias 2 53 set physical alias 2 54 clear physical alias 2 55 show physical assetid 2 55 set physical assetid 2 56 clear physical assetid 2 56 Activating Licensed Features 2 58 About Redundant Manageme...

Page 9: ...and Image Files 2 80 Purpose 2 80 Commands 2 80 dir 2 81 show file 2 83 show config 2 85 configure 2 86 copy 2 86 delete 2 87 script 2 88 Enabling or Disabling the Path MTU Discovery Protocol 2 90 Pur...

Page 10: ...imer 3 11 set ciscodp holdtime 3 11 set ciscodp port 3 12 clear ciscodp 3 13 Link Layer Discovery Protocol and LLDP MED 3 15 LLDP Frames 3 15 Configuration Tasks 3 15 Commands 3 16 show lldp 3 17 show...

Page 11: ...ole bits 4 9 show console stopbits 4 9 set console stopbits 4 10 clear console stopbits 4 10 show console parity 4 11 set console parity 4 11 clear console parity 4 12 Reviewing Port Status 4 13 Purpo...

Page 12: ...ort trap 4 39 set port trap 4 40 show linkflap 4 40 set linkflap globalstate 4 43 set linkflap 4 43 set linkflap interval 4 44 set linkflap action 4 44 clear linkflap action 4 45 set linkflap threshol...

Page 13: ...MPv1 and SNMPv2c 5 2 SNMPv3 5 2 About SNMP Security Models and Levels 5 2 Using SNMP Contexts to Access Specific MIBs 5 3 Creating a Basic SNMP Trap Configuration 5 3 Reviewing SNMP Statistics 5 5 Pur...

Page 14: ...nmp notifyprofile 5 39 clear snmp notifyprofile 5 39 Configuring SNMP Walk Behavior 5 41 Purpose 5 41 Commands 5 41 set snmp timefilter break 5 41 Chapter 6 Spanning Tree Configuration Overview Single...

Page 15: ...pathcost 6 30 clear spantree legacypathcost 6 31 show spantree tctrapsuppress 6 31 set spantree tctrapsuppress 6 32 clear spantree tctrapsuppress 6 32 show spantree txholdcount 6 33 set spantree txhol...

Page 16: ...ow spantree adminedge 6 60 set spantree adminedge 6 60 clear spantree adminedge 6 61 show spantree operedge 6 61 show spantree adminpoint 6 62 show spantree operpoint 6 62 set spantree adminpoint 6 63...

Page 17: ...e 7 9 Commands 7 9 show port vlan 7 9 set port vlan 7 10 clear port vlan 7 11 show vlan interface 7 11 set vlan interface 7 12 clear vlan interface 7 13 show port ingress filter 7 13 set port ingress...

Page 18: ...icy Based CoS Default and User Defined Configurations 8 21 Purpose 8 22 Commands 8 22 show cos state 8 23 set cos state 8 23 show cos port type 8 24 show cos unit 8 26 show cos port config 8 27 set co...

Page 19: ...ble 9 6 show igmp grp full action 9 7 set igmp grp full action 9 7 show igmp config 9 8 set igmp config 9 9 set igmp delete 9 10 show igmp groups 9 10 show igmp static 9 11 set igmp add static 9 11 se...

Page 20: ...1 9 clear smon priority 11 9 show smon vlan 11 10 set smon vlan 11 11 clear smon vlan 11 11 Configuring RMON 11 13 RMON Monitoring Group Functions and Commands 11 13 show rmon stats 11 15 set rmon sta...

Page 21: ...oute 12 5 traceroute 12 6 set ip route 12 8 clear ip route 12 8 show port mac 12 9 show mac 12 10 set mac 12 11 clear mac 12 12 show newaddrtraps 12 13 set newaddrtraps 12 14 show movedaddrtrap 12 14...

Page 22: ...clear netflow export interval 15 7 set netflow port 15 7 clear netflow port 15 8 set netflow export version 15 8 clear netflow export version 15 9 set netflow template 15 9 clear netflow template 15 1...

Page 23: ...show ip protocols 16 22 show ip traffic 16 23 clear ip stats 16 24 show ip route 16 25 ip route 16 26 ip icmp 16 27 ping 16 28 traceroute 16 28 Configuring Debug IP Packet 16 30 Purpose 16 30 Commands...

Page 24: ...guring Load Sharing Network Address Translation LSNAT 19 1 About LSNAT 19 1 LSNAT Configuration Considerations 19 1 Session Persistence 19 2 Sticky Persistence Configuration Considerations 19 2 Config...

Page 25: ...name server 20 11 netbios node type 20 11 default router 20 12 bootfile 20 13 next server 20 13 option 20 14 lease 20 15 host 20 16 client class 20 16 client identifier 20 17 client name 20 18 hardwa...

Page 26: ...spf dead interval 21 28 ip ospf authentication key 21 29 ip ospf message digest key md5 21 30 distance ospf 21 30 area range 21 31 area authentication 21 32 area stub 21 33 area default cost 21 34 are...

Page 27: ...vrrp 21 71 Chapter 22 Port Priority and Rate Limiting Configuration Port Priority Configuration Summary 22 1 Configuring Port Priority 22 2 Purpose 22 2 Commands 22 2 show port priority 22 2 set port...

Page 28: ...ver Server Farm 23 20 Configure the cache1 Web Cache 23 21 Configure the Switch and Router 23 21 Chapter 24 Security Configuration Overview of Security Methods 24 1 Configuring MAC Locking 24 2 Purpos...

Page 29: ...t shutdown 24 32 set flowlimit notification 24 33 clear flowlimit notification interval 24 34 clear flowlimit stats 24 34 Chapter 25 Authentication Configuration Overview of Authentication Methods 25...

Page 30: ...t macauthentication reauthentication 25 34 set macauthentication portreauthenticate 25 34 set macauthentication macreauthenticate 25 35 set macauthentication reauthperiod 25 35 clear macauthentication...

Page 31: ...acacs session 25 67 set tacacs session 25 68 clear tacacs session 25 69 show tacacs command 25 70 set tacacs command 25 71 show tacacs singleconnect 25 71 set tacacs singleconnect 25 72 Chapter 26 RAD...

Page 32: ...Editing Emacs vi Commands 2 11 2 8 Enabling the Switch for Routing 2 101 7 1 Example of VLAN Propagation via GVRP 7 23 16 1 Example of a Simple Enterasys Matrix Series Router Config File 16 11 21 1 Ph...

Page 33: ...ls 8 3 8 2 show policy rule Output Details 8 9 8 3 Valid Values for Policy Classification Rules 8 15 8 4 Configuring User Defined CoS 8 21 8 5 show cos port type Output Details 8 25 8 6 show ip policy...

Page 34: ...ils 21 46 21 5 show ip ospf neighbor Output Details 21 48 21 6 show ip ospf virtual links Output Details 21 49 21 7 show ip vrrp Output Details 21 72 22 1 show port ratelimit Output Details 22 10 24 1...

Page 35: ...w setup throttling Configure policy based routing Configure access control lists ACLs Structure of This Guide The guide is organized as follows Chapter 1 Introduction provides an overview of the tasks...

Page 36: ...sify frames to a VLAN or Class of Service CoS and how to assign or unassign ports to policy profiles so that only ports activated for a profile will be allowed to transmit frames accordingly Chapter 9...

Page 37: ...C locking policy based routing and IP access control lists ACLs Denial of Service DoS prevention and flow setup throttling Chapter 25 Authentication Configuration describes how to configure 802 1X Net...

Page 38: ...choice of an optional value Note Calls the reader s attention to any item of information that may be of special importance Router Calls the reader s attention to router specific commands and informati...

Page 39: ...rk A description of your network environment such as layout cable type other relevant environmental information Network load and frame size at the time of trouble if known The device history for examp...

Page 40: ...Getting Help xxxviii About This Guide...

Page 41: ...ueueing and link aggregation Customized single source management and control with SNMP port mirroring Syslog RMON multi image support and configuration upload download Matrix Series CLI Overview Enter...

Page 42: ...IUS TACACS CEP SSHv2 MAC locking and DoS attack prevention Configure access lists ACLs Device Management Methods The Matrix Series device can be managed using the following methods Locally using a VT...

Page 43: ...on the Matrix Series device Table 2 1 lists default settings for Matrix Series switch operation Table 2 2 lists default settings for router mode operation For information about Refer to page Startup a...

Page 44: ...ery interval is set to 125seconds and response time is set to 100 tenths of a second IP mask and gateway Subnet mask set to 255 0 0 0 default gateway set to 0 0 0 0 IP routes No static routes configur...

Page 45: ...bility advertised on all ports Port broadcast suppression Disabled no broadcast limit Port duplex mode Set to half duplex except for 100BASE FX and 1000BASE X which is set to full duplex Port enable d...

Page 46: ...et to 3 Spanning Tree version Set to mstp Multiple Spanning Tree Protocol Spanning Tree Loop Protect Disabled per port and per SID Spanning Tree Loop Protect event threshold 3 events Spanning Tree Loo...

Page 47: ...s allowed Distribute list RIP No filters applied DoS prevention Disabled DVMRP Disabled Metric set to 1 Hello interval OSPF Set to 10 seconds for broadcast and point to point networks Set to 30 second...

Page 48: ...Read Write access will be able to modify all modifiable parameters in set and show commands as well as view Read Only commands Administrators or Super Users will be allowed all Read Write and Read Onl...

Page 49: ...n Guide the startup screen Figure 2 1 will display You can now start the Command Line Interface CLI by Using a default user account as described in Logging in with a Default User Account on page 2 7 o...

Page 50: ...w the steps listed in Logging in with a Default User Account on page 2 7 or Enter an administratively configured user name and password The notice of authorization and the Matrix prompt displays as sh...

Page 51: ...k after a keyword will display all commands beginning with the keyword Figure 2 2 shows how to perform a keyword lookup for the show snmp command In this case 13 additional keywords are used by the sh...

Page 52: ...ed in set length on page 2 52 CLI output requiring more than one screen will display More to indicate continuing screens To display additional screen output Press any key other than ENTER to advance t...

Page 53: ...s unique If it is the CLI will complete the fragment on the current display line By default this function is disabled For more information on enabling it using the set cli completion command refer to...

Page 54: ...X Delete all characters before cursor Ctrl W Delete word to the left of cursor Ctrl Y Restore the most recently deleted item h Move left one character l Move right one character k Get previous shell...

Page 55: ...ete mode Matrix rw show line editor Current Line Editor mode is set to EMACS Default Line Editor mode is set to Default Current DEL mode is set to delete System DEL mode is set to delete dl Delete cha...

Page 56: ...Write Examples This example sets the current line editor to vi mode Matrix rw set line editor vi This example sets the default line editor to emacs mode and sets the selection to persist for future s...

Page 57: ...e Defaults None Mode Switch command Super User Example This example shows how to display login account information In this case device defaults are user names admin ro and rw and have not been changed...

Page 58: ...mmand is executed Configured with set system password history set system password on page 2 20 Password aging Number of days user passwords will remain valid before aging out Configured with set syste...

Page 59: ...unt NOTE This option is intended only for use in configurations generated by the show config command allowed interval HH MM HH MM Optional Specifies the start and end hour HH and minute MM time period...

Page 60: ...ivileges can change their own passwords but cannot enter or modify other system passwords Passwords must be a minimum of 8 characters and a maximum of 40 characters If configured password length must...

Page 61: ...shows how a user with Read Write access would change his password Matrix rw set password Please enter old password Please enter new password Please re enter new password Password changed Matrix rw sh...

Page 62: ...equire at creation yes no allow duplicates yes no substring match len ofChars allow repeating chars yes no change first login yes no change frequency minutes Parameters aging days disable Specifies th...

Page 63: ...account allow duplicates Specifies whether multiple accounts can share the same password yes Specifies that multiple accounts may share the same password no Specifies that multiple accounts may not s...

Page 64: ...there is no restriction on the frequency of password changes A configured minimum change frequency interval applies only to users without super user privileges attempting to change their own passwords...

Page 65: ...s before account lockout 3 Duration of lockout superuser accounts only 15 minutes Period of inactivity before non superuser account lockout 0 days allow duplicates Specifies that the option controllin...

Page 66: ...unt is locked out it can only be re enabled by a super user with the set system login command set system login on page 2 16 Table 2 4 show system lockout Output Details Output What it displays Unsucce...

Page 67: ...words Enterasys Matrix DFE Gold Series Configuration Guide 2 25 Example This example shows how to set login attempts to 5 and lockout time to 30 minutes and the inactivity timer to 60 days Matrix su s...

Page 68: ...isted below and described in the associated section as shown show mgmt auth notify Use this command to display the current setting for the Management Authentication Notification MIB Syntax show mgmt a...

Page 69: ...are entered than all authentications types listed above will either be enabled or disabled Mode Switch command Read Write Usage Insure that SNMP is correctly configured on the DFE in order to send th...

Page 70: ...mt auth notify Use this command to set the current setting for the Management Authentication Notification access types to the default setting of enabled Syntax clear mgmt auth notify Parameters None D...

Page 71: ...gement Authentication Notification MIB Enterasys Matrix DFE Gold Series Configuration Guide 2 29 Matrix su clear mgmt auth notify Matrix su show mgmt auth notify Management Type Status console enabled...

Page 72: ...dress 2 31 set ip address 2 31 clear ip address 2 32 show ip gratuitous arp 2 32 set ip gratuitous arp 2 33 clear ip gratuitous arp 2 33 show system 2 34 show system hardware 2 35 show system utilizat...

Page 73: ...ess and subnet mask Matrix rw show ip address Name Address Mask host 10 42 13 20 255 255 0 0 set ip address Use this command to set the system IP address subnet mask and default gateway Syntax set ip...

Page 74: ...rw set ip address 10 1 10 1 mask 255 255 128 0 gateway 10 1 10 1 clear ip address Use this command to clear the system IP address Syntax clear ip address Parameters None Defaults None Mode Switch com...

Page 75: ...es set ip gratuitous arp Use this command to control the gratuitous ARP processing behavior Syntax set ip gratuitous arp request reply both Parameters Defaults Disabled by default Mode Switch command...

Page 76: ...trix rw clear ip gratuitous arp show system Use this command to display system information including contact information power and fan tray status and uptime Syntax show system Parameters None Default...

Page 77: ...t on page 2 51 System location Where the system is located Default of a blank string can be changed with the set system location command set system location on page 2 50 System name Name identifying t...

Page 78: ...del 7H4382 494H4282 492G4072 52 Serial Number 0123456789AB Part Number 6543210 Vendor ID 1 Base MAC Address 11 22 33 44 55 66 Router MAC Address 11 22 33 44 55 67 Hardware Version 5 Firmware Version 0...

Page 79: ...eters Defaults If not specified CPU process and storage system utilization information will be displayed If not specified information for all modules will be displayed Mode Switch command Read Only Ex...

Page 80: ...1 Switch IGMP 16 0 0 0 0 0 0 Switch LACP 17 0 0 0 0 0 0 Switch MAC Authentication 18 0 0 0 0 0 0 Switch MAC Locking 19 0 0 0 0 0 0 Switch MTU Discovery 20 0 0 0 0 0 0 Switch Node Alias 21 0 0 0 0 0 0...

Page 81: ...131072 22192 Flash Images Miscellaneous 16384 4138 Flash Nonvolatile Data Storage 16384 14308 set system utilization threshold Use this command to set the threshold for sending CPU utilization notifi...

Page 82: ...ead Write Example This example shows how to clear the system utilization threshold Matrix rw clear system utilization 1000 show time Use this command to display the current time of day in the system c...

Page 83: ...he system clock to 7 50 a m Matrix rw set time 7 50 00 show summertime Use this command to display daylight savings time settings Syntax show summertime Parameters None Defaults None Mode Switch comma...

Page 84: ...to configure specific dates to start and stop daylight savings time Syntax set summertime date start_month start_date start_year start_hr_min end_month end_date end_year end_hr_min offset_minutes Par...

Page 85: ...If an offset is not specified none will be applied end_hr_min Specifies the time of day to end daylight savings time Format is hh mm offset_minutes Optional Specifies the amount of time in minutes to...

Page 86: ...f one hour Matrix rw set summertime recurring first Sunday April 02 00 last Sunday October 02 00 60 clear summertime Use this command to clear the daylight savings time configuration Syntax clear summ...

Page 87: ...a unique CLI command fragment using the keyboard spacebar Syntax set cli completion enable disable default Parameters Defaults If not specified the status setting will not be maintained as the default...

Page 88: ...r message that will display at pre and post session login Syntax show banner login motd Parameters None Defaults None Mode Switch command Read Only Example This example shows how to display the banner...

Page 89: ...proceeding with this login you are verifying that you are a member of the Enterasys documentation group and are authorized to use this system Proceed to login y n n Examples This example shows how to...

Page 90: ...the post session message of the day banner to a blank string Matrix rw clear banner motd show version Use this command to display hardware and firmware information Refer to Downloading a New Firmware...

Page 91: ...w 0 Bp 01 00 09 Fw 05 01 561 4G4202 60 041405833244 Hw 0 Bp 01 00 15 Fw 05 01 57 2 4H4282 49 03320004320A Hw 0 Bp 01 00 15 Fw 05 01 511 2G4072 52 041405833244 Hw 0 Bp 01 00 15 Fw 05 01 57 Table 2 6 pr...

Page 92: ...tify the location of the system Syntax set system location string Parameters Defaults If string is not specified the location name will be cleared Mode Switch command Read Write Example This example s...

Page 93: ...and to set the number of columns for the terminal connected to the device s console port The length of the CLI is set using the set length command as described in set length on page 2 52 Syntax set wi...

Page 94: ...show logout Use this command to display the time in seconds an idle console or Telnet CLI session will remain connected before timing out Syntax show logout Parameters None Defaults None Mode Switch...

Page 95: ...powersupply powersupply slot powersupply slot fan fan slot port string port string Parameters timeout Sets the number of minutes the system will remain idle before timing out chassis Optional Display...

Page 96: ...alias of the type specified will be cleared fan slot Optional Displays an alias for the fan tray s slot port string port string Optional Displays the alias set for a specified port string For a detail...

Page 97: ...string port string Parameters Defaults None Mode Switch command Read Write Example This example shows how to set clear the alias set for the chassis Matrix rw clear physical alias chassis show physica...

Page 98: ...s command to set the asset ID for a module Syntax set physical assetid module module string Parameters Defaults None Mode Switch command Read Write Example This example shows how to set the asset ID i...

Page 99: ...DFE Gold Series Configuration Guide 2 57 Parameters Defaults None Mode Switch command Read Write Example This example shows how to clear the asset ID for module 1 Matrix rw clear physical assetid modu...

Page 100: ...FE Gold Series device you must purchase and activate a license key If you have purchased a redundancy license you can proceed to activate it as described in this section If you wish to purchase a redu...

Page 101: ...license key Syntax show license Parameters None Defaults None Mode Switch command Read Write Example This example shows how to display your license key information Matrix rw show license advanced abcd...

Page 102: ...s If not specified the license settings will be cleared from all modules Mode Switch command Read Write Example This example shows how to clear advanced license key settings Matrix rw clear license ad...

Page 103: ...es only to PoE equipped Matrix devices Consult the Installation Guide shipped with your product to determine if it is PoE equipped For information about Refer to page show inlinepower 2 61 set inlinep...

Page 104: ...cted Total Power Assigned 0 Watts Power Allocation Mode auto Power Trap Status disabled Power Redundancy Status not redundant Power Supply 1 Status installed and operating Power Supply 2 Status not in...

Page 105: ...meters None Defaults None Mode Switch command Read Write Example This example shows how to reset the chassis power allocation mode to auto Matrix rw clear inlinepower mode set inlinepower available Us...

Page 106: ...show inlinepower output show inlinepower on page 2 61 for a sample warning message Example This example shows how to set the maximum inline power available to the chassis to 70 percent Matrix rw set...

Page 107: ...Defaults None Mode Switch command Read Write Example This example shows how to enable a chassis power supplies trap Matrix rw set inlinepower powertrap enable clear inlinepower powertrap Use this comm...

Page 108: ...te these parameters a ratio of assigned power will be applied to each module Refer to the show inlinepower output show inlinepower on page 2 61 for a sample warning message Example This example shows...

Page 109: ...de Switch command Read Write Example This example shows how to set the PoE threshold to 50 on module 1 Matrix rw set inlinepower threshold 50 1 clear inlinepower threshold Use this command to reset th...

Page 110: ...de to class on module 1 Matrix rw set inlinepower management class 1 clear inlinepower management Use this command to reset the PoE management mode on a specified module back to the default setting of...

Page 111: ...ameters Defaults Disabled Mode Switch command Read Write Usage The module s PoE usage threshold must be set using the set inlinepower threshold command as described in set inlinepower threshold on pag...

Page 112: ...example shows how to display PoE information for Fast Ethernet ports 11 12 and 13 in module 1 Matrix rw show port inlinepower fe 1 1 2 Oper Admin Power Power PD Port Type Status Status Priority Class...

Page 113: ...E priority on port fe 3 1 to low Matrix rw clear port inlinepower fe 3 1 priority port string Specifies the port s on which to configure PoE admin off auto Sets the PoE administrative state to off dis...

Page 114: ...wing applications HyperTerminal Copyright 1999 Tera Term Pro Version 2 3 Any other terminal applications may work but are not explicitly supported For details refer to Downloading via the Serial Port...

Page 115: ...et the system 10 Restore Configuration to factory defaults delete config files 3 Type 2 The following baud rate selection screen displays 1 1200 2 2400 3 4800 4 9600 5 19200 6 38400 7 57600 8 115200 0...

Page 116: ...se To display and set the image file the device loads at startup Commands show boot system Use this command to display the firmware image the system will load at the next system reset Syntax show boot...

Page 117: ...ommand to set the firmware image the switch loads at startup Syntax set boot system filename Parameters Defaults None Mode Switch command Read Write Usage This is the image that will be loaded automat...

Page 118: ...rt and configure Telnet are listed below and described in the associated section as shown show telnet Use this command to display the status of Telnet on the device Syntax show telnet Parameters None...

Page 119: ...en terminated telnet is now disabled telnet Use this command to start a Telnet connection to a remote host The Matrix Series device allows a total of four inbound and or outbound Telnet session to run...

Page 120: ...arameters None Defaults None Mode Switch command Read Only Example This example shows how to display the state of Telnet service to the router Matrix rw show router telnet Telnet to Router IP is enabl...

Page 121: ...9 clear router telnet Use this command to reset Telnet service to the router to the default state of disabled Syntax clear router telnet Parameters None Defaults None Mode Switch command Read Write Ex...

Page 122: ...enter optional arguments that modify the actions of the commands This feature is intended to simplify the configuration of ports and VLANs by creating script files containing groups of commands that y...

Page 123: ...rix rw dir Images Filename ets mtxe7 msi Version 01 02 00 Size 3263043 bytes Date MON FEB 24 14 07 08 2003 CheckSum 6a2398391ba885531f96f19e161b096b Location slot3 slot4 slot5 slot6 Compatibility 4H42...

Page 124: ...ndicates this image is currently running boot Indicates this image is selected to boot on the next reset Version Firmware version of the image Size Size of image file in the local file system Date Dat...

Page 125: ...Parameters Defaults None Mode Switch Read Only Example This example an excerpt of the complete output shows how to display the contents of the sample cfg configuration file Matrix rw show file slot4...

Page 126: ...e file exit disable exit end router arp cdp console begin NON DEFAULT CONFIGURATION SLOT TYPE ___ ________________ 1 7G4270 12 2 3 7H4382 49 4 7H4382 49 5 7H4382 49 6 7H4382 49 7 7H4382 49 Router inst...

Page 127: ...ayed Mode Switch Read Write Example This example shows how to display the current non default device configuration Matrix su show config This command shows non default configurations only Use show con...

Page 128: ...h will require an automated reset of the chassis Mode Switch Read Write Example This example shows how to execute the myconfig file in the module in slot 1 Matrix rw configure slot1 myconfig copy Use...

Page 129: ...via TFTP to the slot 3 directory Matrix rw copy tftp 134 141 89 34 myconfig slot3 myconfig This example shows how to upload a configuration file via Anonymous FTP from the module in slot 3 Matrix rw c...

Page 130: ...Read Write Usage The script file must first be created on a PC and copied to the Matrix device using the copy command copy on page 2 86 before the script can be executed The file can contain any numbe...

Page 131: ...set port alias 1 script_set_port set port vlan 1 2 modify egress set port jumbo enable 1 set port disable 1 set port lacp port 1 disable Matrix rw script slot4 setport scr fe 1 1 100 When the script...

Page 132: ...will send an ICMP destination unreachable error message indicating to the transmitting station that it must fragment the frame Commands show mtu Use this command to display the status of the path MTU...

Page 133: ...faults None Mode Switch command Read Write Example This example shows how to disable path MTU discovery Matrix rw set mtu disable clear mtu Use this command to reset the state of the path MTU discover...

Page 134: ...e listed below and described in the associated sections as shown cls clear screen Use this command to clear the screen for the current CLI session Syntax cls Parameters None Defaults None Mode Switch...

Page 135: ...user inactivity automatically closing your CLI session Use the set logout command as described in set logout on page 2 53 to change this default When operating in router mode the exit command jumps t...

Page 136: ...ation are listed below and described in the associated sections as shown show reset Use this command to display information about scheduled device resets Syntax show reset Parameters None Defaults Non...

Page 137: ...to continue y n n y Resetting This example shows how to cancel a scheduled system reset Matrix rw reset cancel Reset cancelled This example shows how to reset a Matrix Security Module installed on th...

Page 138: ...oceed with scheduled reset y n n y Reset scheduled for 20 00 00 Sat Oct 12 2002 in 1 day 5 hours 40 minutes This example shows how to schedule a reset at a specific future time and include a reason fo...

Page 139: ...ne or more modules Syntax clear config mod num all Parameters Defaults None Mode Read Write Usage Executing clear config on one Matrix module resets that module back to its factory defaults If that mo...

Page 140: ...ow vlan static show vlan on page 7 3 show logging all show logging all on page 10 2 show snmp counters show snmp counters on page 5 6 show port status show port status on page 4 14 show spantree statu...

Page 141: ...s a support3 txt file Matrix su show support slot1 support3 txt Writing output to file Writing show config output Writing Message Log output Matrix su There is no display example as the list of comman...

Page 142: ...neral platform settings refer to Startup and General Configuration Summary on page 2 1 and Setting User Accounts and Passwords on page 2 15 Once startup and general device settings are complete IP con...

Page 143: ...figure routing Commands Step 3 Enable global router configuration mode configure terminal Router Matrix Router Enabling Router Configuration Modes on page 2 103 Step 4 Enable interface configuration m...

Page 144: ...isplay the module that is currently running routing services Matrix rw show router Router Services are currently running on module 1 clear router Use this command to clear the router configuration Thi...

Page 145: ...rw access mode and a system where module 1 and VLAN 1 have been configured for routing The prompt changes depending on your current configuration mode the specific module and the interface types and...

Page 146: ...d Balancing SLB Server Farm Configuration Mode Configure an LSNAT server farm Type ip slb serverfarm and the serverfarmname from Global Configuration Mode Matrix router config slb sfarm Server Load Ba...

Page 147: ...dentifier and the identifier or hardware address and an address from any DHCP configuration mode Matrix router config dhcp host Note To jump to a lower configuration mode type exit at the command prom...

Page 148: ...Reviewing and Configuring Routing router 2 106 Startup and General Configuration...

Page 149: ...to display Network Neighbor Discovery information from all supported discovery protcols Syntax show neighbors port string Parameters For information about Refer to page Displaying Neighbors 3 1 Entera...

Page 150: ...bors Port Device ID Port ID Type Network Address fe 1 27 00 00 1d 83 77 3f 10 21 64 135 cdp 10 21 64 135 fe 1 33 00 e0 63 9d c1 62 10 21 64 21 cdp 10 21 64 21 fe 1 34 00 01 f4 2a c8 1f 10 21 70 1 cdp...

Page 151: ...Syntax show cdp port string Parameters Defaults If port string is not specified all CDP information will be displayed Mode Switch command Read Only Example This example shows how to display CDP infor...

Page 152: ...the set cdp state command For details refer to set cdp state on page 3 4 CDP Versions Supported CDP version number s supported by the device CDP Hold Time Minimum time interval in seconds at which CDP...

Page 153: ...Write Usage This value determines a device s CDP domain If two or more devices have the same CDP authentication code they will be entered into each other s CDP neighbor tables If they have different a...

Page 154: ...y in seconds of the CDP discovery protocol Syntax set cdp interval frequency Parameters Defaults None Mode Switch command Read Write Example This example shows how to set the CDP interval frequency to...

Page 155: ...s Defaults At least one optional parameter must be entered Mode Switch command Read Write Example This example shows how to reset the CDP state to auto enabled Matrix rw clear cdp state state Optional...

Page 156: ...function described in Configuring Convergence End Points CEP Phone Detection on page 25 39 Commands show ciscodp Use this command to display global Cisco Discovery Protocol information Syntax show ci...

Page 157: ...her Cisco Discovery Protocol is disabled or enabled globally Auto indicates that Cisco DP will be globally enabled only if Cisco DP PDUs are received Default setting of auto can be changed with the se...

Page 158: ...ort ciscodp info Output Details Output What it displays Port Port designation State Whether CiscoDP is enabled or disabled on this port Default state of enabled can be changed using the set ciscodp po...

Page 159: ...codp timer 120 set ciscodp holdtime Use this command to set the time to live TTL for Cisco Discovery Protocol PDUs This is the amount of time in seconds neighboring devices will hold PDU transmissions...

Page 160: ...mes untagged Instructs attached phone to send untagged frames trust ext Sets the extended trust mode on the port trusted Instructs attached phone to allow the device connected to it to transmit traffi...

Page 161: ...ommand There is a one to one correlation between the value set with the cos ext parameter and the 802 1p value assigned to ingressed traffic by the Cisco IP phone A value of 0 equates to an 802 1p pri...

Page 162: ...the default settings Matrix clear ciscodp This example shows how to clear the Cisco DP port status on port fe 1 5 Matrix clear ciscodp port status fe 1 5 cos ext Clears the CoS priority for untrusted...

Page 163: ...Inventory management allowing network administrators to track their network devices and to determine their characteristics such as manufacturer software and hardware versions and serial or asset numbe...

Page 164: ...lldp port network policy 5 Configure which optional TLVs should be sent by specific ports For example if you configured an ECS ELIN and or Network Policy TLVs you must enable those optional TLVs to b...

Page 165: ...nterval 5 MED Fast Start Count 3 Tx Enabled Ports ge 1 1 60 ge 2 1 24 ge 3 1 30 ge 4 1 12 ge 5 1 12 tg 6 1 2 fe 7 1 48 Rx Enabled Ports ge 1 1 60 ge 2 1 24 ge 3 1 30 ge 4 1 12 ge 5 1 12 tg 6 1 2 fe 7...

Page 166: ...n for all ports Matrix ro show lldp port status Tx Enabled Ports ge 1 1 60 ge 2 1 24 ge 3 1 30 ge 4 1 12 ge 5 1 12 tg 6 1 2 fe 7 1 48 Rx Enabled Ports ge 1 1 60 ge 2 1 24 ge 3 1 30 ge 4 1 12 ge 5 1 12...

Page 167: ...to be transmitted on ports Syntax show lldp port tx tlv port string Parameters Defaults If port string is not specified TLV configuration information will be displayed for all ports Mode Switch comman...

Page 168: ...ration information will be displayed for all ports Mode Switch command Read Only Usage Ports are configured with a location value using the set lldp port location info command Example This example sho...

Page 169: ...LLDP PoE test Chassis Sys Desc Enterasys Networks Inc Matrix E7 Gold Rev 05 41 Sys Cap Supported Enabled bridge router bridge Auto Neg Supported Enabled yes yes Auto Neg Advertised 10BASE T 10BASE TF...

Page 170: ...ndicate whether the link associated with this port can be aggregated whether it is currently aggregated and if aggregated the aggregated port identifier Protocol Id IEEE 802 1 Extensions Protocol Iden...

Page 171: ...3 1 Remote Port Id 00 09 6e 0e 14 3d PoE Pair Controllable Used IEEE 802 3 Extensions Power via MDI TLV Displayed only when a port has PoE capabilities Indicates whether pair selection can be controll...

Page 172: ...figured using the set lldp port network policy command Syntax show lldp port network policy all voice voice signaling guest voice guest voice signaling software voice video conferencing streaming vide...

Page 173: ...enabled untagged 1 0 0 video conferencing enabled untagged 1 0 0 streaming video enabled untagged 1 0 0 video signaling enabled untagged 1 0 0 all Displays information about all network policy applic...

Page 174: ...nterval 20 set lldp hold multiplier Use this command to set the time to live value used in LLDP frames sent by this device Syntax set lldp hold multiplier multiplier val Parameters Defaults None Mode...

Page 175: ...been detected Syntax set lldp trap interval frequency Parameters Defaults None Mode Switch command Read Write Example This example sets the minimum interval between LLDP traps to 10 seconds Matrix rw...

Page 176: ...transmitting and processing received LLDPDUs on a port or range of ports Syntax set lldp port status tx enable rx enable both disable port string Parameters Defaults None Mode Switch command Read Wri...

Page 177: ...rap Use this command to enable or disable sending an LLDP MED notification when a change in the topology has been sensed on the port that is a remote endpoint device has been attached or removed from...

Page 178: ...he set lldp port tx tlv command This example configures the ELIN identifier 5551234567 on ports ge 1 1 through ge 1 6 and then configures the ports to send the Location Information TLV Matrix rw set l...

Page 179: ...nabled on the port value sent includes version of protocol being used mac phy MAC PHY Configuration Status IEEE 802 3 Extensions TLV Value sent includes the operational MAU type duplex and speed of th...

Page 180: ...the Power Limit total power the port is capable of sourcing over a maximum length cable and the power priority configured on the port Only valid for PoE enabled ports port string Specifies the port o...

Page 181: ...lldp port network policy voice state enable tag tagged vlan dot1p fe 2 1 Matrix rw set lldp port tx tlv med pol fe 2 1 state enable disable Optional Enables or disables advertising the application inf...

Page 182: ...are enabled Syntax clear lldp port status port string Parameters Defaults None Mode Switch command Read write all Returns all LLDP configuration parameters to their default values including port LLDP...

Page 183: ...ers Defaults None Mode Switch command Read write Example This example returns port ge 1 1 to the default LLDP trap state of disabled Matrix rw clear lldp port trap ge 1 1 clear lldp port med trap Use...

Page 184: ...nferencing streaming video video signaling state tag vid cos dscp port string Parameters elin Specifies that the ECS ELIN location information value should be cleared port string Specifies the port or...

Page 185: ...ear the VLAN identifier for the port to the default value of 1 cos Optional Clear the Layer 2 priority to be used for the application being configured to the default value of 0 A value of 0 represents...

Page 186: ...on defined by Protocol Identity IEEE 802 1 Extensions TLV from being transmitted in LLDPDUs mac phy Disables the MAC PHY Configuration Status IEEE 802 3 Extensions TLV from being transmitted in LLDPDU...

Page 187: ...n activating redundancy on a DFE Gold Series module refer to Activating Licensed Features on page 2 58 Important Notice CLI examples in this guide illustrate a generic Matrix command prompt and chassi...

Page 188: ...les installed in a Matrix N7 or E7 chassis can be 0 through 7 with 0 designating virtual system ports lag vlan host loopback and 1 designating the left most module slot in the chassis Slot location fo...

Page 189: ...example shows the port string syntax for specifying all 1 Gigabit Ethernet ports in the module in chassis slot 3 ge 3 This example shows the port string syntax for specifying all 10 Gbps Ethernet port...

Page 190: ...ole port com 1 1 Matrix rw show console com 1 1 Port Baud Flow Bits StopBits Parity Autobaud com 1 1 38400 ctsrts 8 one none disable clear console Use this command to clear the properties set for one...

Page 191: ...te for one or more console ports Syntax show console baud port string Parameters Defaults If port string is not specified baud rate for all console ports will be displayed Mode Switch command Read Onl...

Page 192: ...is not specified baud rate will be cleared for all console ports Mode Switch command Read Write Example This example shows how to clear the baud rate on console port com 1 1 Matrix rw clear console ba...

Page 193: ...ole flowcontrol none ctsrts dsrdtr port string Parameters Defaults If port string is not specified flow control will be set for all console ports Mode Switch command Read Write Example This example sh...

Page 194: ...ax show console bits port string Parameters Defaults If port string is not specified the bits per character setting for all console ports will be displayed Mode Switch command Read Only Example This e...

Page 195: ...string Parameters Defaults If port string is not specified bits per character will be cleared for all console ports Mode Switch command Read Write Example This example shows how to clear bits per char...

Page 196: ...sole stopbits one oneandhalf two port string Parameters Defaults If port string is not specified stop bits per character will be set for all console ports Mode Switch command Read Write Example This e...

Page 197: ...e or more console ports Syntax show console parity port string Parameters Defaults If port string is not specified parity type for all console ports will be displayed Mode Switch command Read Only Exa...

Page 198: ...parity type for one or more console ports Syntax clear console parity port string Parameters Defaults If port string is not specified parity type will be cleared for all console ports Mode Switch com...

Page 199: ...switching Syntax show port port string Parameters Defaults If port string is not specified operational status information for all ports will be displayed Mode Switch command Read Only Examples This ex...

Page 200: ...tatus information for console ports Matrix rw show port status com Port Alias Oper Admin Speed Duplex Type truncated Status Status com 5 1 up up 38 Kbps RS232 RJ45 com 7 1 up up 38 Kbps RS232 RJ45 Tab...

Page 201: ...ils on using the set port disable command to change the default port status of enabled refer to set port disable on page 4 20 For details on using the set port enable command to re enable ports refer...

Page 202: ...example shows how to display all fe 3 1 port counter statistics related to traffic through the device Matrix rw show port counters fe 3 1 switch Port fe 3 1 Bridge Port 2 No counter discontinuity time...

Page 203: ...down due to link loss linkflap Optional Displays ports down due to link flap violation For more information on configuring the link flap function refer to Configuring Link Traps and Link Flap Detecti...

Page 204: ...to a down or dormant state for one or more ports Syntax clear port operstatuscause port string admin linkflap flowlimit policy cos all Parameters Defaults If no options are specified all operating sta...

Page 205: ...Reviewing Port Status Enterasys Matrix DFE Gold Series Configuration Guide 4 19 Mode Switch command Read Write Example This example shows how to override all operational causes on all ports Matrix rw...

Page 206: ...ively disable one or more ports Syntax set port disable port string Parameters Defaults None Mode Switch command Read Write Example This example shows how to disable Fast Ethernet port 1 in module1 Ma...

Page 207: ...Syntax show port alias port string Parameters Defaults If port string is not specified aliases for all ports will be displayed Mode Switch command Read Only Example This example shows how to display a...

Page 208: ...ort alias fe 3 1 management show forcelinkdown Use this command to display the status of the force link down function Syntax show forcelinkdown Parameters None Defaults None Mode Switch command Read O...

Page 209: ...ults None Mode Switch command Read Write Example This example shows how to enable the force link down function Matrix rw set forcelinkdown enable clear forcelinkdown Use this command to resets the for...

Page 210: ...speed settings for all ports will display Mode Switch command Read Only Example This example shows how to display the default speed setting for 1 Gigabit Ethernet port 14 in module 3 Matrix rw show p...

Page 211: ...s command to display the default duplex setting half or full for one or more ports Syntax show port duplex port string Parameters Defaults If port string is not specified default duplex settings for a...

Page 212: ...set port duplex port string full half Parameters Defaults None Mode Switch command Read Write Usage This command will only take effect on ports that have auto negotiation disabled Example This exampl...

Page 213: ...t jumbo port string Parameters Defaults If port string is not specified jumbo frame support status for all ports will display Mode Switch command Read Only Example This example shows how to display th...

Page 214: ...4 in module 3 Matrix rw set port jumbo enable ge 3 14 This example shows how to enable jumbo frame support for router in slot 2 router instance 1 Matrix rw set port jumbo enable rtr 2 1 clear port jum...

Page 215: ...me Support Enterasys Matrix DFE Gold Series Configuration Guide 4 29 Mode Switch command Read Write Example This example shows how to reset jumbo frame support status for 1 Gigabit Ethernet port 14 in...

Page 216: ...The user may choose to configure a port so that only a portion of its capabilities are advertised and the others are disabled Commands show port negotiation Use this command to display the status of...

Page 217: ...ation on 1 Gigabit Ethernet port 3 in module 14 Matrix rw set port negotiation ge 3 14 disable show port mdix Use this command to display the MDI MDIX mode on one or more ports This function detects a...

Page 218: ...rameters Defaults If port string is not specified mode will be set for all ports Mode Switch command Read Write Example This example shows how to force 1 Gigabit Ethernet port 14 in module 3 to MDIX c...

Page 219: ...Use this command to display the advertised ability on one or more ports Syntax show port advertise port string Parameters Defaults If port string is not specified advertised ability for all ports wil...

Page 220: ...pause Table 4 3 show port advertise Output Details Output What it displays capability Whether or not the port is capable of operating in the following modes 10t 10BASE T half duplex mode 10tfd 10BASE...

Page 221: ...uplex mode 10tfd Optional Advertises 10BASE T full duplex mode 100tx Optional Advertises 100BASE TX half duplex mode 100txfd Optional Advertises 100BASE TX full duplex mode 1000x Optional Advertises 1...

Page 222: ...0BASE X LX SX CX half duplex mode from the port s advertised ability 1000xfd Optional Clears 1000BASE X LX SX CX full duplex mode from the port s advertised ability 1000t Optional Clears 1000BASE T ha...

Page 223: ...ow control information for all ports will be displayed Mode Read Only Example This example shows how to display the port flow control state for fe 1 1 5 Matrix rw show port flowcontrol fe 1 1 5 Port T...

Page 224: ...LI on page 4 2 TX Admin Whether or not the port is administratively enabled or disabled for sending flow control frames TX Oper Whether or not the port is operationally enabled or disabled for sending...

Page 225: ...o network stability because it can trigger Spanning Tree and routing table recalculation Commands show port trap Use this command to display whether the port is enabled for generating an SNMP trap mes...

Page 226: ...arameters Defaults None Mode Switch command Read Write Example This example shows how to disable link traps for Fast Ethernet port 3 in module3 Matrix rw set port trap fe 3 3 disable show linkflap Use...

Page 227: ...trics Displays linkflap detection metrics portsupported Displays ports which can support the link flap detection function actsupported Displays link flap detection actions supported by system hardware...

Page 228: ...e port string values refer to Port String Syntax Used in the CLI on page 4 2 LF Status Link flap enabled state Actions Actions to be taken if the port violates allowed link flap behavior D disabled S...

Page 229: ...k trap detection function Matrix rw set linkflap globalstate enable set linkflap Use this command to enable or disable link flap monitoring on one or more ports Syntax set linkflap portstate disable e...

Page 230: ...ntax set linkflap action port string disableInterface gensyslogentry gentrap all Parameters Defaults None port string Specifies the port s on which to set the link flap interval For a detailed descrip...

Page 231: ...string is not specified actions will be cleared on all ports Mode Switch command Read Write Examples This example shows how to clear all link flap violation actions on all ports Matrix rw clear linkf...

Page 232: ...ite Examples This example shows how to set the link flap downtime on port fe 1 4 to 5000 seconds Matrix rw set linkflap downtime fe 1 4 5000 port string Specifies the port s on which to set the link f...

Page 233: ...ntax clear linkflap all stats port string parameter port string threshold interval downtime all Parameters Defaults If port string is not specified settings and or statistics will be cleared on all po...

Page 234: ...Configuring Link Traps and Link Flap Detection clear linkflap 4 48 Port Configuration Examples This example shows how to clear all link flap options on port fe 1 4 Matrix rw clear linkflap all fe 1 4...

Page 235: ...ports Syntax show port broadcast port string Parameters Defaults If port string is not specified broadcast status of all ports will be displayed Mode Read Only Example This example shows how to displ...

Page 236: ...hreshold peak Table 4 7 show port broadcast Output Details Output What it displays Port Port designation For a detailed description of possible port string values refer to Port String Syntax Used in t...

Page 237: ...broadcast suppression settings on Fast Ethernet ports 1 through 5 in module1 Matrix rw clear port broadcast fe 1 1 5 Setting Port Mirroring port string Specifies the port s on which broadcast settings...

Page 238: ...CP on page 4 55 Active Destination Port Configurations Each Matrix DFE Gold Series device supports three mirroring destination ports which can be configured in a many to one mirroring configuration th...

Page 239: ...rce destination both rx tx Parameters create disable enable Creates disables or enables mirroring settings on the specified ports igmp mcast enable disable Enables or disables the mirroring of IGMP mu...

Page 240: ...ace 1 create Matrix rw set port mirroring create vlan 0 1 fe 1 1 both clear port mirroring Use this command to clear a port mirroring relationship Syntax clear port mirroring igmp mcast source destina...

Page 241: ...up LAG Attaches the port to the aggregator used by the LAG and detaches the port from the aggregator when it is no longer used by the LAG Uses information from the partner device s link aggregation co...

Page 242: ...h lag 0 4 LAG Link Aggregation Group Once underlying physical ports i e fe x x or ge x x are associated with an aggregator port the resulting aggregation will be represented as one LAG with a lag x x...

Page 243: ...on on the Matrix Series device will allow up to a maximum of four ports into a LAG The device with the lowest LAG ID determines which underlying physical ports are allowed into a LAG based on the port...

Page 244: ...ng physical ports i e fe x x ge x x are associated with an aggregator port the resulting aggregation will be represented as one Link Aggregation Group LAG with a lag x x port designation Example This...

Page 245: ...ssociated with an aggregator port the resulting Link Aggregation Group LAG is represented with a lag x x port designation Actor Local device participating in LACP negotiation Partner Remote device par...

Page 246: ...None Mode Switch command Read Write Example This example shows how to reset LACP to enabled Matrix rw clear lacp state set lacp asyspri Use this command to set the LACP system priority Syntax set lacp...

Page 247: ...se this command to set the administratively assigned key for one or more aggregator ports LACP will use this value to form an oper key Only underlying physical ports with oper keys matching those of t...

Page 248: ...same usage considerations for dynamic LAGs discussed in Matrix Series Usage Considerations on page 4 56 apply to statically created LAGs Static LAG configuration should be performed by personnel who...

Page 249: ...d Read Write Example This example shows how to remove Fast Ethernet port 6 in module 1 from the LAG of aggregator port 4 Matrix rw clear lacp static lag 0 484 fe 1 6 show lacp singleportlag Use this c...

Page 250: ...Syntax set lacp singleportlag enable disable Parameters Defaults None Mode Switch command Read Write Example This example shows how to enable single port LAGs Matrix rw set lacp singleportlag enable...

Page 251: ...DC Glp MuxState Detached PartnerAdminSystemID 00 00 00 00 00 00 DebugRxState port Disabled PartnerOperSystemID 00 00 00 00 00 00 This example shows how to display summarized LACP status information f...

Page 252: ...nkey padminkey padminportpri padminportpri padminport padminport padminstate lacpactive lacptimeout lacpagg lacpsync lacpcollect lacpdist lacpdef lacpexpire enable disable Parameters port port string...

Page 253: ...default lacpagg Aggregation on this port lacpsync Transition to synchronization state lacpcollect Transition to collection state lacpdist Transition to distribution state lacpdef Transition to defaul...

Page 254: ...LACP settings will be cleared For a detailed description of possible port string values refer to Port String Syntax Used in the CLI on page 4 2 aadminkey Clears a port s actor admin key aportpri Clear...

Page 255: ...splay the LACP flow regeneration state Syntax show lacp flowRegeneration Parameters None Defaults None Mode Switch command Read Only Example This example shows how to display the current LACP flow reg...

Page 256: ...ill leave existing flows intact Example This example shows how to enable LACP flow regeneration Matrix rw set lacp flowRegeneration enable clear lacp flowRegeneration Use this command to reset LACP fl...

Page 257: ...Mode Switch command Read Write Example This example shows how to set the LACP outport algorithm to DA SA Matrix rw set lacp outportalgorithm da sa clear lacp outportAlgorithm Use this command to rese...

Page 258: ...Configuring LACP clear lacp outportAlgorithm 4 72 Port Configuration Example This example shows how to reset the LACP outport algorithm to DIP SIP Matrix rw clear lacp outportAlgorithm...

Page 259: ...ata types counter size and protocol operations Version 3 SNMPv3 This is the most recent version of SNMP and includes significant enhancements to administration and security SNMPv3 is fully described i...

Page 260: ...and SNMP applications An SNMP engine consists of the following four components Dispatcher This component sends and receives messages Message processing subsystem This component accepts outgoing PDUs...

Page 261: ...usm context router prefix For information on preparing the device for router mode refer back to Preparing the Device for Router Mode on page 2 100 Creating a Basic SNMP Trap Configuration Traps are n...

Page 262: ...and authorization criteria contained in a target parameters entry called v2cExampleParams Matrix rw set snmp community mgmt Matrix rw set snmp targetparams v2cExampleParams user mgmt security model v...

Page 263: ...t was built using the set snmp targetaddr command This command also specifies that this door leads to the management station 192 168 190 80 and the procedure targetparams to cross the doorstep is call...

Page 264: ...e this command to display SNMP traffic counter values Syntax show snmp counters Parameters None Defaults None Mode Switch command Read Only Example This example shows how to display SNMP counter value...

Page 265: ...es delivered to the SNMP entity for an unsupported SNMP version snmpInBadCommunityNames Number of SNMP messages delivered to the SNMP entity that used an SNMP community name not known to the entity sn...

Page 266: ...d by the SNMP protocol entity with the value of the error status as noSuchName snmpOutBadValues Number of SNMP PDUs generated by the SNMP protocol entity with the value of the error status field as ba...

Page 267: ...referenced a user that was not known to the SNMP engine usmStatsUnknownEngineIDs Number of packets received by the SNMP engine that were dropped because they referenced an snmpEngineID that was not kn...

Page 268: ...red to access SNMP management Syntax show snmp user list user remote remote volatile nonvolatile read only Parameters Defaults If list is not specified detailed SNMP information will be displayed For...

Page 269: ...y information for the SNMP guest user Matrix rw show snmp user guest SNMP user information EngineId 00 00 00 63 00 00 00 a1 00 00 00 00 Username Guest Auth protocol usmNoAuthProtocol Privacy protocol...

Page 270: ...without authentication and encryption Entries related to this user will be stored in permanent nonvolatile memory Matrix rw set snmp user netops clear snmp user Use this command to remove a user from...

Page 271: ...on about all SNMP groups will be displayed If user is not specified information about all SNMP users will be displayed If security model is not specified user information about all SNMP versions will...

Page 272: ...lts If storage type is not specified nonvolatile storage will be applied Mode Switch command Read Write Table 5 6 show snmp group Output Details Output What it displays Security model SNMP version ass...

Page 273: ...will be cleared Mode Switch command Read Write Example This example shows how to clear all settings assigned to the public user within the SNMP group anyone Matrix rw clear snmp group anyone public s...

Page 274: ...SNMP security name to associate with this community Default If no security name is specified the community name is used context context Optional Specifies a subset of management information this comm...

Page 275: ...o grant SNMP management privileges to vip community from the routing module operating in router mode Matrix rw set snmp community vip context router clear snmp community Use this command to delete an...

Page 276: ...yed If noauthentication authentication or privacy are not specified access information for all security levels will be displayed If context is not specified all contexts will be displayed For informat...

Page 277: ...Write View Notify View All Context match exact match Storage type nonVolatile Row status active Table 5 7 shows a detailed explanation of the command output Table 5 7 show snmp access Output Details...

Page 278: ...up security model v1 v2c usm Specifies SNMP version 1 2c or 3 usm noauthentication authentication privacy Optional Applies SNMP security level as no authentication authentication without privacy or pr...

Page 279: ...ntry of a specific group including its set SNMP security model and level of security Syntax clear snmp access groupname security model v1 v2c usm noauthentication authentication privacy context contex...

Page 280: ...NMP MIB view configuration information will be displayed Mode Switch command Read Only Example This example shows how to display SNMP MIB view configuration information Matrix rw show snmp view SNMP M...

Page 281: ...using the set snmp view command to assign variables refer to set snmp view on page 5 24 show snmp context Use this command to display the context list configuration for SNMP s view based access contro...

Page 282: ...ix rw show snmp context Configured contexts default context all mibs router set snmp view Use this command to set a MIB configuration for SNMPv3 view based access VACM Syntax set snmp view viewname vi...

Page 283: ...view viewname public subtree 1 3 6 1 included clear snmp view Use this command to delete an SNMPv3 MIB view Syntax clear snmp view viewname subtree Parameters Defaults None Mode Switch command Read W...

Page 284: ...volatile nonvolatile read only Parameters Defaults If targetParams is not specified entries associated with all target parameters will be displayed If not specified entries of all storage types will b...

Page 285: ...me user user security model v1 v2c usm message processing v1 v2c v3 noauthentication authentication privacy volatile nonvolatile Parameters Table 5 9 show snmp targetparams Output Details Output What...

Page 286: ...s Defaults None Mode Switch command Read Write Example This example shows how to clear SNMP target parameters named v1ExampleParams Matrix rw clear snmp targetparams v1ExampleParams security model v1...

Page 287: ...olatile read only Parameters Defaults If targetAddr is not specified entries for all target address names will be displayed If not specified entries of all storage types will be displayed for a target...

Page 288: ...eout Timeout setting for the target address Retry count Retry setting for the target address Parameters Entry in the snmpTargetParamsTable Storage type Whether entry is stored in volatile nonvolatile...

Page 289: ...e a trap notification called TrapSink This trap notification will be sent to the workstation 192 168 190 80 which is target address tr It will use security and authorization criteria contained in a ta...

Page 290: ...ring SNMP Target Addresses clear snmp targetaddr 5 32 SNMP Configuration Mode Switch command Read Write Example This example shows how to clear SNMP target address entry tr Matrix rw clear snmp target...

Page 291: ...f this table is empty meaning that no filtering is associated with any SNMP target then no filtering will take place Traps or informs notifications will be sent to all destinations in the SNMP targetA...

Page 292: ...Notify Tag TrapSink Notify Type trap Storage type nonVolatile Row status active Table 5 11 shows a detailed explanation of the command output notify Optional Displays notify entries for a specific no...

Page 293: ...using the set snmp targetaddr command set snmp targetaddr on page 5 30 Example This example shows how to set an SNMP notify configuration with a notify name of hello and a notify tag of world Notifica...

Page 294: ...ameters Defaults If no parameters are specified all notify filter information will be displayed Mode Switch command Read Only Example This example shows how to display SNMP notify filter information I...

Page 295: ...eful for fine tuning the amount of SNMP traffic generated Example This example shows how to create an SNMP notify filter called pilot1 with a MIB subtree ID of 1 3 6 Matrix rw set snmp notifyfilter pi...

Page 296: ...e profile targetparam targetparam volatile nonvolatile read only Parameters Defaults If no parameters are specified all notify profile information will be displayed Mode Switch command Read Only Examp...

Page 297: ...ermine which management targets should not receive SNMP notifications Example This example shows how to create an SNMP notify profile named area51 and associate a target parameters entry Matrix rw set...

Page 298: ...MP Notification Parameters clear snmp notifyprofile 5 40 SNMP Configuration Example This example shows how to delete SNMP notify profile area51 Matrix rw clear snmp notifyprofile area51 targetparam v3...

Page 299: ...he getNext walk continues to return values until the current time is reached which may not ever occur leaving the user with the impression that the walk is in a loop Enabling this command will exit th...

Page 300: ...Configuring SNMP Walk Behavior set snmp timefilter break 5 42 SNMP Configuration...

Page 301: ...designated port on the other side of the bridge transition to forwarding through an explicit handshake between them By default user ports are configured to rapidly transition to forwarding in RSTP MST...

Page 302: ...stening until a BPDU is received Both upstream and downstream facing ports are protected When a root or alternate port loses its path to the root bridge due to a message age expiration it takes on the...

Page 303: ...he port is a boundary port the MSTIs for that port follow the CIST that is the MSTI port timers are set according to the CIST port timer If the port is internal to the region then the MSTI port timers...

Page 304: ...ow spantree mstcfgid 6 17 set spantree mstcfgid 6 17 clear spantree mstcfgid 6 18 show spantree bridgeprioritymode 6 18 set spantree bridgeprioritymode 6 19 clear spantree bridgeprioritymode 6 19 show...

Page 305: ...guard 6 36 set spantree spanguard 6 36 clear spantree spanguard 6 37 show spantree spanguardtimeout 6 37 set spantree spanguardtimeout 6 38 clear spantree spanguardtimeout 6 38 show spantree spanguard...

Page 306: ...s Spanning Tree configuration Matrix rw show spantree stats Spanning tree status enabled Spanning tree instance 0 Designated Root MacAddr 00 e0 63 9d c1 c8 Designated Root Priority 0 Designated Root C...

Page 307: ...D Priority Bridge priority which is a default value or is assigned using the set spantree priority command For details refer to set spantree priority on page 6 20 Bridge Max Age Maximum time in second...

Page 308: ...ge 1 1 Blocking Disabled 20000 128 Table 6 2 Port Specific show spantree stats Output Details Output What it displays SID The Spanning Tree instance Port The port name State The Spanning Tree forward...

Page 309: ...e this command to set the version of the Spanning Tree protocol to MSTP Multiple Spanning Tree Protocol RSTP Rapid Spanning Tree Protocol or to STP 802 1D compatible Syntax set spantree version mstp s...

Page 310: ...default of MSTP to RSTP Matrix rw set spantree version rstp clear spantree version Use this command to reset the Spanning Tree version to MSTP mode Syntax clear spantree version Parameters None Defaul...

Page 311: ...ng Tree Protocol STP mode Syntax set spantree stpmode none ieee8021 Parameters Defaults None Mode Switch command Read Write Example This example shows how to disable Spanning Tree Matrix rw set spantr...

Page 312: ...maxconfigurablestps Parameters None Defaults None Mode Switch command Read Only Example This example shows how to display the STP maximum configs setting Matrix rw show spantree maxconfigurablestps Ma...

Page 313: ...spantree maxconfigurablestps Parameters None Defaults None Mode Switch command Read Write Example This example shows how to clear the STP max configs setting Matrix rw clearspantree maxconfigurablestp...

Page 314: ...e msti sid 2 create clear spantree msti Use this command to delete one or more Multiple Spanning Tree instances Syntax clear spantree msti sid Parameters Defaults None Mode Switch command Read Write E...

Page 315: ...show spantree mstmap fid 1 FID SID 1 0 set spantree mstmap Use this command to map one or more filtering database IDs FIDs to a SID Since VLANs are mapped to FIDs this essentially maps one or more VL...

Page 316: ...Switch command Read Write Example This example shows how to map FID 2 back to SID 0 Matrix rw clear spantree mstmap 2 show spantree vlanlist Use this command to display the VLAN ID s assigned to one o...

Page 317: ...e mstcfgid Parameters None Defaults None Mode Switch command Read Only Example This example shows how to display the MST configuration identifier elements In this case the default revision level of 0...

Page 318: ...d the configuration name to a default string representing the bridge MAC address Syntax clear spantree mstcfgid Parameters None Defaults None Mode Switch command Read Write Example This example shows...

Page 319: ...e root as described in set spantree priority set spantree priority on page 6 20 Syntax set spantree bridgeprioritymode 8021d 8021t Parameters Defaults None Mode Switch command Read Write Example This...

Page 320: ...Syntax show spantree priority sid Parameters Defaults If sid is not specified priority will be shown for Spanning Tree 0 Mode Switch command Read Only Example This example shows how to show the bridge...

Page 321: ...spantree priority 15 Bride Priority has been translated to incremental step of 61440 This example shows how to set the bridge priority to 4000 on all SIDs with 8021t priority mode enabled Matrix rw se...

Page 322: ...ample This example shows how to reset the bridge priority on SID 1 Matrix rw clear spantree priority 1 show spantree bridgehellomode Use this command to display the status of bridge hello mode on the...

Page 323: ...t spantree bridgehellomode enable disable Parameters Defaults None Mode Switch command Read Write Example This example shows how to disable single Spanning Tree hello mode on the device Per port hello...

Page 324: ...Example This example shows how to display the Spanning Tree hello time Matrix rw show spantree hello Bridge Hello Time is set to 2 seconds set spantree hello Use this command to set the device s Spann...

Page 325: ...ult value Syntax clear spantree hello Parameters None Defaults None Mode Switch command Read Write Example This example shows how to globally reset the Spanning Tree hello time Matrix rw clear spantre...

Page 326: ...regular intervals Any port that ages out STP information provided in the last configuration message becomes the designated port for the attached LAN If it is a root port a new root port is selected fr...

Page 327: ...Spanning Tree forward delay time Matrix rw show spantree fwddelay Bridge Forward Delay is set to 15 seconds set spantree fwddelay Use this command to set the Spanning Tree forward delay Syntax set spa...

Page 328: ...ds Matrix rw set spantree fwddelay 16 clear spantree fwddelay Use this command to reset the Spanning Tree forward delay to the default setting of 15 seconds Syntax clear spantree fwddelay Parameters N...

Page 329: ...tax set spantree autoedge disable enable Parameters Defaults None Mode Switch command Read Write Example This example shows how to disable automatic edge port detection Matrix rw set spantree autoedge...

Page 330: ...Cost is disabled set spantree legacypathcost Use this command to enable or disable legacy 802 1D path cost values Syntax set spantree legacypathcost disable enable Parameters Defaults None Mode Switch...

Page 331: ...Read Write Example This example shows how to set the default path cost values to 802 1t Matrix rw clear spantree legacypathcost show spantree tctrapsuppress Use this command to display the status of t...

Page 332: ...Cs are prevented from sending topology change traps This is because there is usually no need for network management to monitor edge port STP transition states such as when PCs are powered on When topo...

Page 333: ...ead Only Example This example shows how to display the transmit hold count setting Matrix rw show spantree txholdcount Tx hold count 3 set spantree txholdcount Use this command to set the maximum BPDU...

Page 334: ...6 Syntax clear spantree txholdcount Parameters None Defaults None Mode Switch command Read Write Example This example shows how to reset the transmit hold count Matrix rw clear spantree txholdcount s...

Page 335: ...Spanning Tree instance may traverse via relay of BPDUs within the applicable MST region before being discarded Example This example shows how to set the maximum hop count to 40 Matrix rw set spantree...

Page 336: ...uard function Syntax set spantree spanguard enable disable Parameters Defaults None Mode Switch command Read Write Usage When enabled this prevents an unauthorized bridge from becoming part of the act...

Page 337: ...spantree spanguard Parameters None Defaults None Mode Switch command Read Write Example This example shows how to reset the status of the span guard function to disabled Matrix rw clear spantree spang...

Page 338: ...Example This example shows how to set the span guard timeout to 600 seconds Matrix rw set spantree spanguardtimeout 600 clear spantree spanguardtimeout Use this command to reset the Spanning Tree span...

Page 339: ...of these commands to unlock one or more ports locked by the Spanning Tree span guard function Syntax clear spantree spanguardlock port string set spantree spanguardlock port string Parameters Defaults...

Page 340: ...his example shows how to display the state of the span guard trap function Matrix rw show spantree spanguardtrapenable Span Guard Trap is set to enable set spantree spanguardtrapenable Use this comman...

Page 341: ...the span guard trap function to enabled Matrix rw clear spantree spanguardtrapenable show spantree backuproot Use this command to display the state of the Spanning Tree backup root function Syntax sh...

Page 342: ...ill dynamically lower its bridge priority so that it will be selected as the new root over the lost root bridge Example This example shows how to enable the backup root function on SID 2 Matrix rw set...

Page 343: ...s None Mode Switch command Read Only Example This example shows how to display the status of the backup root trap function Matrix rw show spantree backuproottrapenable Backup Root Trap is set to enabl...

Page 344: ...clear spantree backuproottrapenable Parameters None Defaults None Mode Switch command Read Write Example This example shows how to reset the backup root trap function Matrix rw clear spantree backupro...

Page 345: ...trap message when a Spanning Tree becomes the new root of the network Example This example shows how to enable the new root trap function Matrix rw set spantree newroottrapenable enable clear spantree...

Page 346: ...t string sid sid active Parameters Defaults If port string is not specified no port information will be displayed If sid is not specified debug counters will be displayed for Spanning Tree 0 Mode Swit...

Page 347: ...Rx Count 0 STP TC BPDU Tx Count 0 RST BPDU Rx Count 81812 RST BPDU Tx Count 790319 RST TC BPDU Rx Count 2131 RST TC BPDU Tx Count 26623 MST BPDU Rx Count 0 MST BPDU Tx Count 0 MST CIST TC BPDU Rx Cou...

Page 348: ...ee Configuration clear spantree debug Use this command to clear Spanning Tree debug counters Syntax clear spantree debug Parameters None Defaults None Mode Switch command Read Write Example This examp...

Page 349: ...spantree portenable 6 50 set spantree portenable 6 50 clear spantree portenable 6 51 show spantree portadmin 6 51 set spantree portadmin 6 52 clear spantree portadmin 6 52 set spantree protomigration...

Page 350: ...et spantree portenable Use this command to set the port status on one or more Spanning Tree ports Syntax set spantree portenable port string enable disable Parameters Defaults None Mode Switch command...

Page 351: ...and to display the status of the Spanning Tree algorithm on one or more ports Syntax show spantree portadmin port port string Parameters Defaults If port string is not specified status will be display...

Page 352: ...ree admin status to enable on one or more ports Syntax clear spantree portadmin port string Parameters Defaults None Mode Switch command Read Write Example This example shows how to reset the default...

Page 353: ...or more Spanning Trees Syntax show spantree portstate port port string sid sid Parameters Defaults If port string is not specified current state will be displayed for all Spanning Tree ports If sid is...

Page 354: ...te in the transmission of frames thus preventing duplication arising through multiple paths existing in the active topology of the bridged LAN It receives Spanning Tree configuration messages but does...

Page 355: ...e This example shows how to set the priority of fe 1 3 to 240 on SID 1 Matrix rw set spantree portpri fe 1 3 240 sid 1 port port string Optional Specifies the port s for which to display Spanning Tree...

Page 356: ...to set the hello time for one or more Spanning Tree ports This is the time interval in seconds the port s will transmit BPDUs Syntax set spantree porthello port string interval Parameters Defaults Non...

Page 357: ...Defaults None Mode Switch command Read Write Example This example shows how to reset the hello time to 2 seconds for port fe 1 4 Matrix rw clear spantree porthello fe 1 4 show spantree portcost Use th...

Page 358: ...ts will be displayed If sid is not specified admin path cost for Spanning Tree 0 will be displayed Mode Switch command Read Only Example This example shows how to display the admin path cost for fe 3...

Page 359: ...admin path cost to 0 Syntax clear spantree adminpathcost port string sid sid Parameters Defaults If sid is not specified admin path cost will be reset for Spanning Tree 0 Mode Switch command Read Wri...

Page 360: ...hows how to display the edge port status for fe 3 2 Matrix rw show spantree adminedge port fe 3 2 Port fe 3 2 has a Port Admin Edge of Edge Port set spantree adminedge Use this command to set the edge...

Page 361: ...on edge port Matrix rw clear spantree adminedge fe 1 11 show spantree operedge Use this command to display the Spanning Tree edge port operating status for a port Syntax show spantree operedge port po...

Page 362: ...tch command Read Only Example This example shows how to display the point to point status of the LAN segment attached to fe 2 7 Matrix rw show spantree adminpoint port fe 2 7 Port fe 2 7 has a Port Ad...

Page 363: ...a Spanning Tree port Syntax set spantree adminpoint port string true false auto Parameters Defaults None Mode Switch command Read Write Example This example shows how to set the LAN attached to fe 1 3...

Page 364: ...ree port to auto mode Syntax clear spantree adminpoint port string Parameters Defaults None Mode Switch command Read Write Example This example shows how to reset point to point status to auto on fe 2...

Page 365: ...onally per SID Syntax set spantree lp port string enable disable sid sid For information about Refer to page set spantree lp 6 65 show spantree lp 6 66 clear spantree lp 6 67 show spantree lplock 6 67...

Page 366: ...id Parameters Defaults If no port string is specified status is displayed for all ports port string Specifies port s on which to enable or disable the Loop Protect feature For a detailed description o...

Page 367: ...arameters Defaults If no SID is specified SID 0 is assumed Mode Switch command Read Write Example This example shows how to return the Loop Protect state on fe 2 3 to disabled Matrix rw clear spantree...

Page 368: ...KED clear spantree lplock Use this command to manually unlock a blocked port and optionally per SID Syntax clear spantree lplock port string sid sid Parameters Defaults If no SID is specified SID 0 is...

Page 369: ...feature is used If the value is false then there is some ambiguity as to whether an Active Partner timeout is due to a loop protection event or is a normal situation due to the fact that the partner p...

Page 370: ...apable clear spantree lpcapablepartner Use this command to reset the Loop Protect capability of port link partners to the default state of false Syntax clear spantree lpcapablepartner port string Para...

Page 371: ...reaches the threshold within a given period the event window then the port for the given SID becomes locked that is held indefinitely in the blocking state If the threshold is 0 the ports are never lo...

Page 372: ...ead Write Example This example shows how to reset the Loop Protect event threshold to the default of 3 Matrix rw clear spantree lpthreshold set spantree lpwindow Use this command to set the Loop Prote...

Page 373: ...tree lpwindow 120 show spantree lpwindow Use this command to display the current Loop Protect event window value Syntax show spantree lpwindow Parameters None Defaults None Mode Switch command Read On...

Page 374: ...itch command Read Write Usage Loop Protect traps are sent when a Loop Protect event occurs that is when a port goes to listening due to not receiving BPDUs The trap indicates port SID and loop protect...

Page 375: ...e Mode Switch command Read Write Example This example shows how to reset the Loop Protect event notification state to the default of disabled Matrix rw clear spantree lptrapenable set spantree dispute...

Page 376: ...slog message is issued For example if the threshold is 10 then a trap is issued when 10 20 30 and so on disputed BPDUs have been received If the value is 0 traps are not sent The trap indicates port S...

Page 377: ...all ports If no SID is specified SID 0 is assumed Mode Switch command Read Only Usage Exceptional conditions causing a port to be placed in listening or blocking state include a Loop Protect event re...

Page 378: ...Configuring Spanning Tree Loop Protect Features show spantree nonforwardingreason 6 78 Spanning Tree Configuration...

Page 379: ...the network Once the traffic and in effect the users creating the traffic are assigned to a VLAN then broadcast and multicast traffic is contained within the VLAN and users can be allowed or denied ac...

Page 380: ...ged frames received on those ports will be assigned to VLAN 3 By default all ports are members of VLAN ID 1 the default VLAN Policy classification to a VLAN as described in Chapter 8 set policy rule o...

Page 381: ...and if those ports will transmit the traffic with a VLAN tag included Command show vlan Use this command to display all information related to one or more VLANs Syntax show vlan static vlan list Note...

Page 382: ...e 2 1 4 fe 3 1 7 lag 0 1 32 Forbidden Egress Ports None Untagged Ports host 0 1 fe 1 1 10 ge 2 1 4 fe 3 1 7 lag 0 1 32 Table 7 2 provides an explanation of the command output static Optional Displays...

Page 383: ...Gold Series Configuration Guide 7 5 Forbidden Egress Ports Ports prevented from transmitted frames for this VLAN Untagged Ports Ports configured to transmit untagged frames for this VLAN Table 7 2 sho...

Page 384: ...must be unique If a duplicate VLAN ID is entered the device assumes that the Administrator intends to modify the existing VLAN Enter the VLAN ID using a unique number between 2 and 4094 The VLAN IDs...

Page 385: ...me vlan list vlan name Parameters Defaults None Mode Switch command Read Write Example This example shows how to set the name for VLAN 7 to green Matrix rw set vlan name 7 green clear vlan Use this co...

Page 386: ...Matrix rw clear vlan 9 clear vlan name Use this command to remove the name of a VLAN from the VLAN list Syntax clear vlan name vlan list Parameters Defaults None Mode Switch command Read Write Exampl...

Page 387: ...tion Syntax show port vlan port string Parameters Defaults If port string is not specified port VLAN information for all ports will be displayed Mode Switch command Read Only For information about Ref...

Page 388: ...list will be modified Mode Switch command Read Write Usage For information on how to configure protocol based policy classification to a VLAN including how to configure a VLAN policy to override PVID...

Page 389: ...1Q port VLAN ID PVID to the host VLAN ID 1 Syntax clear port vlan port string Parameters Defaults None Mode Switch command Read Write Example This example shows how to reset the Fast Ethernet ports 3...

Page 390: ...ad Write Example This example shows how to create a volatile interface entry mapped to VLAN 1 Matrix rw set vlan interface 1 volatile Table 7 3 show vlan interface Output Details Output What it displa...

Page 391: ...ed for port ingress filtering which limits incoming VLAN ID frames according to a port VLAN egress list Syntax show port ingress filter port string Parameters Defaults If port string is not specified...

Page 392: ...ort ingress filter port string disable enable Parameters Defaults None Mode Switch command Read Write Usage When ingress filtering is enabled on a port the VLAN IDs of incoming frames are compared to...

Page 393: ...for Fast Ethernet port 7 in module 2 In this case the port has been set to discard all tagged frames Matrix rw show port discard fe 2 7 Port Discard Mode fe 2 7 tagged set port discard Use this comma...

Page 394: ...his command to reset the frame discard mode to the factory default setting none Syntax clear port discard port string Parameters Defaults None Mode Switch command Read Write Example This example shows...

Page 395: ...the specified VLAN and ensures that any dynamic requests either through GVRP or dynamic egress for the port to join the VLAN will be ignored Setting a port to untagged allows it to transmit frames wit...

Page 396: ...ports will transmit frames for a particular VLAN Syntax set vlan egress vlan list port string untagged forbidden tagged Parameters Defaults If untagged forbidden or tagged is not specified the port wi...

Page 397: ...r vlan egress vlan list port string forbidden Parameters Defaults If forbidden is not specified tagged and untagged settings will be cleared Mode Switch command Read Write Examples This example shows...

Page 398: ...an dynamicegress VLAN 1 is enabled VLAN 101 is enabled VLAN 102 is enabled VLAN 105 is enabled set vlan dynamicegress Use this command to set the administrative status of one or more VLANs dynamic egr...

Page 399: ...gress Configuring the VLAN Egress List Enterasys Matrix DFE Gold Series Configuration Guide 7 21 Example This example shows how to enable the dynamic egress function on VLAN 7 Matrix rw set vlan dynam...

Page 400: ...out GVRP configured ports on the device in a GARP formatted frame using the GVRP multicast MAC address A switch router that receives this frame examines the frame and extracts the VLAN IDs GVRP then c...

Page 401: ...tch 1 1 R R 3 Switch 2 1 2 D R D 2 1 4 6 8 10 12 14 16 3 5 7 9 11 13 15 18 17 20 22 24 26 28 30 32 19 21 23 25 27 29 31 34 33 36 38 40 42 44 46 48 35 37 39 41 43 45 47 Reset Console PWR CPU 1H152 51 S...

Page 402: ...2 1 enabled 00 e0 63 97 d4 36 Table 7 4 provides an explanation of the command output show garp timer Use this command to display GARP timer values for one or more ports Syntax show garp timer port st...

Page 403: ...n of the command output For details on using the set gvrp command to enable or disable GVRP refer to set gvrp on page 7 26 For details on using the set garp timer command to change default timer value...

Page 404: ...le shows how to enable GVRP on Fast Ethernet port 3 in module 1 Matrix rw set gvrp enable fe 1 3 clear gvrp Use this command to clear GVRP status or on one or more ports Syntax clear gvrp port string...

Page 405: ...nds for all ports Matrix rw set garp timer join 100 This example shows how to set the leave timer value to 300 centiseconds for all ports Matrix rw set garp timer leave 300 This example shows how to s...

Page 406: ...tiseconds on Fast Ethernet port 5 in module 2 Matrix rw clear garp timer leave fe 2 5 join Optional Resets the join timer to 20 centiseconds leave Optional Resets the leave timer to 60 centiseconds le...

Page 407: ...orts activated for a profile will be allowed to transmit frames accordingly Configure CoS to automatically assign policy based inbound rate limiters and transmit queues Note It is recommended that you...

Page 408: ...or all indexes Mode Switch command Read Only Example This example shows how to display policy information for policy profile 11 Matrix rw show policy profile 11 Profile Index 11 Profile Name MacAuth1...

Page 409: ...enabled active or disabled Port VID Status Whether or not PVID override is enabled or disabled for this policy profile If all the classification rules associated with this profile are missed then this...

Page 410: ...the classification rules associated with this profile are missed then this parameter if specified determines default behavior cos cos Optional Specifies a COS value to assign to packets if CoS overrid...

Page 411: ...nknown policy Syntax show policy invalid action count all Parameters Defaults None Mode Switch command Read Only Example This example shows how to display invalid policy action and count information M...

Page 412: ...y invalid action drop clear policy invalid action Use this command to reset the action the device will apply to an invalid or unknown policy to the default action of applying the default policy Syntax...

Page 413: ...data mask mask port string port string rule status active not in service not ready storage type non volatile volatile vlan vlan drop forward dynamic pid dynamic pid cos cos admin pid admin pid verbose...

Page 414: ...a Not required for ipfrag classification Displays rules for a predefined classifier This value is dependent on the classification type entered Refer to Table 8 3 for valid values for each classificati...

Page 415: ...V 1 Table 8 2 provides an explanation of the command output Table 8 2 show policy rule Output Details Output What it displays PID Profile profile index number indicating a classification rule is displ...

Page 416: ...dministratively or dynamically The next four columns from the left indicate the actions that may be performed The last three columns indicate auditing options An x in an action column for a traffic at...

Page 417: ...tion X X X X X X X X X TCP port source X X X X X X X X X TCP port destination X X X X X X X X X ICMP packet type X X X X X X X X X TTL IP type of service X X X X X X X X X IP proto X X X X X X X X X E...

Page 418: ...ies Dropping of packet ether Classifies based on type field in Ethernet II packet llc DSAP SSAP pair in 802 3 type packet field 0 65535 iptos Classifies based on Type of Service field in IP packet ipp...

Page 419: ...s are 1 1023 Note Admin profiles can be assigned to a specific ingress port by specifying port string and admin pid values as described below ether Classifies based on type field in Ethernet II packet...

Page 420: ...1 admin pid 2 Matrix rw set policy rule admin profile ether 1526 admin pid 2 Table 8 3 provides the set policy rule data values that can be entered for a particular classification type and the mask b...

Page 421: ...5 1 8 llcDsapSsap DSAP SSAP CTRL field in llc a b c ab 1 40 Destination or Source MAC macdest macsource MAC Address 00 00 00 00 00 00 1 48 port Port string Eg fe 1 1 1 16 Destination or Source TCP por...

Page 422: ...licy all rules macdest Deletes associated MAC destination address classification rule macsource Deletes associated MAC source address classification rule port Deletes associated port string classifica...

Page 423: ...ith an index of 20 to port fe 1 3 Matrix rw set policy port fe 1 3 20 show policy allowed type Use this command to display a list of currently supported traffic rules applied to the admininstrative pr...

Page 424: ...2 C N I T 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 3 Port 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 5 6 7 8 1 ge 1 5 set policy allowed type Use this command to assign a list of traffic rules that can be a...

Page 425: ...policy allowed type Use this command to clear the list of traffic rules currently assigned to the admin profile for one or more ports This will reassign the default setting which is all rules are all...

Page 426: ...licy Profiles clear policy port hit 8 20 Policy Classification Configuration Defaults None Mode Switch command Read Write Example This example shows how to clear rule port hit indications on all ports...

Page 427: ...transmit queues and traffic rate limiting When policy based CoS is enabled the default and user assigned settings will override port based settings described in Chapter 22 About Policy Based CoS Defa...

Page 428: ...Configuring User Defined CoS To do this Use these commands For information about Refer to page show cos state 8 23 set cos state 8 23 show cos port type 8 24 show cos unit 8 26 show cos port config 8...

Page 429: ...to show the Class of Service enable state Matrix rw show cos state Class of Service application is enabled set cos state Use this command to enable or disable Class of Service Syntax set cos state en...

Page 430: ...and NSA modules Other port groupings can be configured using the commands in this section Example This example shows how to display all Class of Service port type information In this case no new port...

Page 431: ...ates all other modules Port type description Resource specific text description of the port type Default names are DFE P 16Q for port type 0 TXQ Applies to 7GR4270 12 7G4270 12 7G4270 09 and 7G4270 10...

Page 432: ...w cos unit irl Port Type Type Unit Maximum Rate Minimum Rate Granularity 0 irl Gbps 10 1 1 0 irl Mbps 10000 1 1 0 irl Kbps 10000000 5121024 1 0 irl perc 100 1 1 1 irl Gbps 10 1 1 1 irl Mbps 10000 1 1...

Page 433: ...Configuration Entries Port Group Name DFE P 16Q Port Group 0 Port Type 0 Assigned Ports ge 1 1 12 Arbiter Mode Strict Slices queue Q 0 0 Q 1 0 Q 2 0 Q 3 0 Q 4 0 Q 5 0 Q 6 0 Q 7 0 Q 8 0 Q 9 0 Q 10 0 Q...

Page 434: ...e ports port list append clear Parameters Defaults If a name is not specified default names described in Table 8 5 will be applied If not specified this configuration will be applied to all ports in t...

Page 435: ...s port config irl all group type index entry name ports Parameters Defaults None Mode Switch command Read Write Example This example shows how to delete the CoS inbound rate limiting port group entry...

Page 436: ...queue port group configurations Syntax clear cos port config txq all group type index entry name ports Parameters Defaults None group type index Specifies a transmit queue port group type index for t...

Page 437: ...mple shows how to show all inbound rate limiting port resource configuration information for port group 0 1 Matrix rw show cos port resource irl 0 1 after the rate value indicates an invalid rate valu...

Page 438: ...512 syslog enable trap enable group type index Specifies an inbound rate limiting port group type index for this entry Valid entries are in the form of group type Group can be 0 7 with 0 designating t...

Page 439: ...ociated with port group 0 1 resource entry 0 Matrix rw clear cos port resource irl 0 1 0 set cos port resource txq Use this command to configure a Class of Service transmit queue port resource entry S...

Page 440: ...t queue port group type index for this entry Valid entries are in the form of group type Group can be 0 7 with 0 designating the default group and 1 7 reserved for user defined groups Default port typ...

Page 441: ...ts If no options are specified all reference information for all port types will be displayed Mode Switch command Read Only Example This example shows how to show all transmit queue reference configur...

Page 442: ...r one or all Class of Service inbound rate limiting reference configurations Syntax clear cos reference irl all group type index reference Parameters group type index Specifies an inbound rate limitin...

Page 443: ...e entry 0 for port group 0 1 referencing resources defined by TXQ entry 0 Matrix rw set cos reference irl 0 1 0 queue 0 clear cos reference txq Use this command to clear one or all non default Class o...

Page 444: ...ers Syntax show cos settings cos list Parameters Defaults If not specified all CoS entries will be displayed Mode Switch command Read Only Example This example shows how to show all CoS settings Matri...

Page 445: ...s command to clear Class of Service entry settings Syntax clear cos settings cos list all priority tos value txq reference irl reference Parameters cos list Specifies a Class of Service entry Valid va...

Page 446: ...itch command Read Only Example This example shows how to show any CoS inbound rate limiting violations Matrix rw show cos violation irl There are no ports disabled by any irl rate limiters clear cos v...

Page 447: ...clear cos all entries Use this command to clears all Class of Service entries except priority settings 0 7 Syntax clear cos all entries Parameters None Defaults None Mode Switch command Read Write Exa...

Page 448: ...ck is exited and the map having the ACL matching the packet is checked for further routing instruction If the action of that map is permit and a next hop is specified policy based routing will forward...

Page 449: ...ches 0 packets route map Use this command to create a route map for policy based routing and to enable policy based routing configuration mode Syntax route map id number permit deny sequence number no...

Page 450: ...Matrix Router config route map 101 permit 20 match ip address Use this command to match a packet source IP address against a PBR access list Up to 5 access lists can be matched Syntax match ip addres...

Page 451: ...ix Router config route map pbr Usage The no form of this command deletes next hop IP address es Example This example shows how to set IP address 10 2 3 4 as the next hop for packets matching ACL 1 Mat...

Page 452: ...age 8 46 Priority How the PBR next hop selection will be prioritized Set with the ip policy priority command as described in ip policy priority on page 8 47 Load policy How the PBR next hop will be se...

Page 453: ...efaults None Mode Router command Interface configuration Matrix Router config if Vlan vlan_id Usage The no form of this command resets the PBR priority configuration back to the default of first Examp...

Page 454: ...as flagged it as unavailable The no form of this command resets the next hop behavior to first available Example This example shows how to set the load policy behavior on VLAN 1 to round robin Matrix...

Page 455: ...command turns PBR ping to off Example This example shows how to configure the PBR ping interval to 5 and retries to 4 on VLAN 1 Matrix Router config interface vlan 1 Matrix Router config if Vlan 1 ip...

Page 456: ...Configuring Policy Based Routing ip policy pinger 8 50 Policy Classification Configuration...

Page 457: ...IP multicasting across the Internet IGMP provides the final step in an IP multicast packet delivery service since it is only concerned with forwarding multicast traffic from the local switch device t...

Page 458: ...refully pruned at every multicast switch router it passes through to ensure that traffic is only passed to the hosts that subscribed to this service The Enterasys Matrix Series switch device uses IGMP...

Page 459: ...his command to enable IGMP on one or more VLANs Syntax set igmp enable vlan list Parameters Defaults None Mode Switch command Read Write Example This example shows how to enable IGMP on VLAN 104 Matri...

Page 460: ...Enabling Disabling IGMP set igmp disable 9 4 IGMP Configuration Example This example shows how to disable IGMP on VLAN 104 Matrix rw set igmp disable 104...

Page 461: ...meters For information about Refer to page show igmp query 9 5 set igmp query enable 9 6 set igmp query disable 9 6 show igmp grp full action 9 7 set igmp grp full action 9 7 show igmp config 9 8 set...

Page 462: ...ing on one or more VLANs Syntax set igmp query enable vlan list Parameters Defaults None Mode Switch command Read Write Example This example shows how to enable IGMP querying on VLAN 104 Matrix rw set...

Page 463: ...None Mode Switch command Read Only Example This example shows how to display the action taken for multicast frames when the IGMP group table is full Matrix rw show igmp grp full action Group Table Ful...

Page 464: ...N 1 Matrix rw show igmp config 1 IGMP config for vlan 1 VlanQueryInterval 125 VlanStatus Active Vlan IGMP Version 2 VlanQuerier 134 141 22 1 VlanQueryMaxResponseTime 10 VlanRobustness 2 VlanLastMember...

Page 465: ...e IGMP querier has been active Table 9 1 show igmp config Output Details continued Output What it displays vlan list Specifies the VLAN s on which to configure IGMP query interval query interval Optio...

Page 466: ...to remove IGMP configuration settings for VLAN 104 Matrix rw set igmp delete 104 show igmp groups Use this command to display information about IGMP groups known to one or more VLANs Syntax show igmp...

Page 467: ...s If not specified static IGMP information will be displayed for all groups Mode Switch command Read Only Example This example shows how to display static IGMP information for VLAN 105 The display is...

Page 468: ...lude ports exclude ports Parameters Defaults If not specified the static entry will be removed and not modified Mode Switch command Read Write Example This example shows how to remove port fe 1 3 from...

Page 469: ...cast Data 17 Protocol Ids set to routing Protocol 3 7 9 42 43 45 47 48 85 86 88 89 91 92 100 103 112 Protocol Ids set to Ignore 0 4 6 10 16 18 41 44 46 49 84 87 90 93 99 101 102 104 111 113 255 set ig...

Page 470: ...ax clear igmp protocols protocol id protocol id Parameters Defaults None Mode Switch command Read Write Example This example shows how to clear IGMP protocols for protocol id 3 Matrix rw clear igmp pr...

Page 471: ...display IGMP reporter information Syntax show igmp reporters portlist portlist group group vlan list vlan list sip sip Parameters Defaults If no parameters are specified all IGMP reporter information...

Page 472: ...e specified information for all IGMP flows is displayed Mode Switch command Read Only Example This example shows how to display all the IGMP flow information Matrix rw show igmp counters Multicast Flo...

Page 473: ...ted 0 Igmp Group Specific Queries transmitted 0 Igmp Queries received 776482 Igmp Version 1 Joins received 0 Igmp Version 2 Joins received 1024 Igmp Version 3 Joins received 22 Igmp Leave Groups recei...

Page 474: ...oups 9 18 IGMP Configuration Example This example shows how to display the number of multicast groups supported by the device Matrix rw show igmp number groups IGMP current max number of groups 4096 I...

Page 475: ...document that contains a complete discussion on Syslog configuration exists at the following Enterasys web site http www enterasys com support manuals For information about Refer to page show logging...

Page 476: ...ing information Matrix rw show logging all Application Current Severity Level Server List 88 RtrAcl 6 1 8 89 CLI 6 1 8 90 SNMP 6 1 8 91 Webview 6 1 8 93 System 6 1 8 95 RtrFe 6 1 8 96 Trace 6 1 8 105...

Page 477: ...setting this value using the set logging application command refer to set logging application on page 10 9 Defaults Default facility name severity level and UDP port designation as described below Fo...

Page 478: ...ort state enable disable Parameters index Specifies the server table index number for this server Valid values are 1 8 ip addr ip addr Optional Specifies the Syslog message server s IP address facilit...

Page 479: ...mmand shows how to enable a Syslog server configuration for index 1 IP address 134 141 89 113 facility local4 severity level 3 on port 514 Matrix rw set logging server 1 ip addr 134 141 89 113 facilit...

Page 480: ...Syntax set logging default facility facility severity severity port port Parameters Defaults None Mode Switch command Read Write facility facility Specifies the default facility name Valid values are...

Page 481: ...mmand Read Write Example This example shows how to reset the Syslog default severity level to 6 Matrix rw clear logging default severity show logging application Use this command to display the severi...

Page 482: ...how to display system logging information pertaining to the all supported applications Matrix su show logging application Application Current Severity Level Server List 88 RtrAcl 6 1 8 89 CLI 6 1 8 90...

Page 483: ...gging application command refer to set logging application on page 10 9 Server List Servers to which log messages are being sent mnemonic Specifies a case sensitive mnemonic abbreviation of an applica...

Page 484: ...SSH level 4 server 1 Table 10 3 Sample Mnemonic Values for Logging Applications Mnemonic Application AAA Authentication Authorization Accounting AddrNtfy Address Add and Move Notification CLI Command...

Page 485: ...rw clear logging application SSH show logging local Use this command to display the state of message logging to the console and a persistent file Syntax show logging local Parameters None Defaults No...

Page 486: ...ble logging to the console and disable logging to a persistent file Matrix rw set logging local console enable file disable clear logging local Use this command to clear the console and persistent sto...

Page 487: ...ion is using Telnet or SSH but persistent on the console Example This command shows how to enable the display of logging messages to the current CLI session Matrix rw set logging here enable clear log...

Page 488: ...ax show logging buffer Parameters None Defaults None Mode Switch command Read Only Example This example shows a portion of the information displayed with the show logging buffer command Matrix rw show...

Page 489: ...the size of the history buffer and to display and disconnect current user sessions Commands history Use this command to display the contents of the command history buffer Syntax history For informatio...

Page 490: ...age 11 3 Example This example shows how to display the contents of the command history buffer It shows there are five commands in the buffer Matrix rw history 1 hist 2 show gvrp 3 show vlan 4 show igm...

Page 491: ...ics for the switch s active network connections Syntax show netstat icmp ip routes stats tcp udp Parameters Defaults If no parameters are specified show netstat will be executed as shown in the exampl...

Page 492: ...efaults If s is not specified the ping will not be continuous If not specified packet count will be 1 Table 11 1 show netstat Output Details Output What it displays PCB Protocol Control Block designat...

Page 493: ...icmp seq 6 time 0 ms 64 bytes from 134 141 89 29 icmp seq 7 time 0 ms 64 bytes from 134 141 89 29 icmp seq 8 time 0 ms 64 bytes from 134 141 89 29 icmp seq 9 time 0 ms 134 141 89 29 PING Statistics 10...

Page 494: ...s command In this output there are two Telnet users logged in with Read Write access privileges from IP addresses 134 141 192 119 and 134 141 192 18 Matrix rw show users Session User Location telnet r...

Page 495: ...sion from the switch CLI Syntax disconnect ip addr console Parameters Defaults None Mode Switch command Read Write Examples This example shows how to close a Telnet session to host 134 141 192 119 Mat...

Page 496: ...priority queues will be displayed Mode Switch command Read Only Example This example shows how to display SMON priority 0 statistics for 1 Gigabit Ethernet port 14 in module 3 Matrix rw show smon pri...

Page 497: ...d Read Write Example This example shows how set the device to gather SMON priority statistics from 1 Gigabit Ethernet port 14 in module 3 Matrix rw set smon priority ge 3 14 clear smon priority Clears...

Page 498: ...vlan id is not specified statistics for all VLANs will be displayed Mode Switch command Read Only Example This example shows how to display SMON VLAN 1 statistics for 1 Gigabit Ethernet port 14 in mod...

Page 499: ...ple shows how set the device to gather SMON VLAN related statistics from 1 Gigabit Ethernet port 14 in module 3 Matrix rw set smon vlan ge 3 14 clear smon vlan Use this command to delete an SMON VLAN...

Page 500: ...de Switch command Read Write Example This example shows how clear an SMON VLAN statistics counting configuration from 1 Gigabit Ethernet source port 14 in module 3 Matrix rw clear smon vlan ge 3 14 po...

Page 501: ...sized and undersized packets fragments jabbers and counters for packets show rmon stats show rmon stats on page 11 15 set rmon stats set rmon stats on page 11 17 clear rmon stats clear rmon stats on p...

Page 502: ...device detects a new conversation it creates a new matrix entry Source and destination address pairs and packets bytes and errors for each pair show rmon matrix show rmon matrix on page 11 32 set rmo...

Page 503: ...1 20 Port fe 1 20 Index 1011 Owner monitor Data Source 1 3 6 1 2 1 2 2 1 1 51021 Drop Events 0 Packets 0 Collisions 0 Octets 0 Jabbers 0 0 64 Octets 0 Broadcast Pkts 0 65 127 Octets 0 Multicast Pkts...

Page 504: ...the data that was originally sent Undersize Pkts Number of frames received containing less than the minimum Ethernet frame size of 64 bytes not including the preamble but having a valid CRC Oversize...

Page 505: ...were between 512 and 1023 bytes in length excluding framing bits but including FCS bytes 1024 1518 Octets Total number of frames including bad frames received that were between 1024 and 1518 bytes in...

Page 506: ...display RMON history entries for Fast Ethernet port 14 in module 3 A control entry displays first followed by actual entries corresponding to the control entry In this case the default settings for en...

Page 507: ...val will be set to 30 seconds If owner is not specified monitor will be applied Mode Switch command Read Write Example This example shows how configure RMON history entry 1 on port fe 2 1 to sample ev...

Page 508: ...larm group periodically takes statistical samples from RMON variables and compares them with previously configured thresholds If the monitored variable crosses a threshold an RMON event is generated E...

Page 509: ...ether the monitoring method is an absolute or a delta sampling Startup Alarm Whether alarm generated when this entry is first enabled is rising falling or either Interval Interval in seconds at which...

Page 510: ...nerated when this event is first enabled as Rising Sends alarm when an RMON event reaches a maximum threshold condition is reached for example more than 30 collisions per second Falling Sends alarm wh...

Page 511: ...ies command An alarm is a notification that a statistical sample of a monitored variable has crossed a configured threshold Example This example shows how to enable RMON alarm entry 3 Matrix rw set rm...

Page 512: ...ublic Last Time Sent 0 days 0 hours 0 minutes 37 seconds Table 11 5 provides an explanation of the command output index Optional Displays RMON properties and log entries for a specific entry index ID...

Page 513: ...TP topology change type both community public owner Manager set rmon event status Use this command to enable an RMON event entry An event entry describes the parameters of an RMON event that can be tr...

Page 514: ...used index with the set properties command Example This example shows how to enable RMON event entry 1 Matrix rw set rmon event status 1 enable clear rmon event Use this command to delete an RMON even...

Page 515: ...ow to display RMON host properties and statistics A control entry displays first followed by actual entries corresponding to the control entry For a description of the types of statistics shown refer...

Page 516: ...1 Matrix rw set rmon host properties 1 fe 1 5 set rmon host status Use this command to enable an RMON host entry Syntax set rmon host status index enable Parameters Defaults None Mode Switch command...

Page 517: ...Matrix rw clear rmon host 1 show rmon topN Use this command to displays RMON TopN properties and statistics TopN monitoring prepares tables that describe the hosts topping a list ordered by one of th...

Page 518: ...ne top N report prepared for one interface Status Whether this event entry is enabled valid or disabled Owner Text string identifying who configured this entry Start Time System up time when this repo...

Page 519: ...val of 60 seconds and a maximum number of entries of 20 Matrix rw set rmon topN properties 1 1 inpackets 60 20 set rmon topN status Use this command to enable an RMON topN entry Syntax set rmon topN s...

Page 520: ...ults None Mode Switch command Read Write Example This example shows how to delete RMON TopN entry 1 Matrix rw clear rmon topN 1 show rmon matrix Use this command to display RMON matrix properties and...

Page 521: ...x properties command as described in set rmon matrix properties on page 11 34 port string Optional Displays RMON properties and statistics for a specific port s source dest Optional Sorts the display...

Page 522: ...nable Parameters Defaults None Octets Number of octets excluding framing bits but including FCS octets contained in all packets transmitted from the source address to the destination address Errors Er...

Page 523: ...ters Defaults None Mode Switch command Read Write Example This example shows how to delete RMON matrix entry 1 Matrix rw clear rmon matrix 1 show rmon channel Use this command to display RMON channel...

Page 524: ...Maximum value is 65535 port string Specifies the port on which traffic will be monitored accept matched failed Optional Specifies the action of the filters on this channel as matched Packets will be a...

Page 525: ...be set to monitor Mode Switch command Read Write Example This example shows how to accept failed control on description capture all create an RMON channel entry Matrix rw set rmon channel 54313 fe 2...

Page 526: ...configure an RMON filter entry Syntax set rmon filter index channel_index offset offset status status smask smask snotmask snotmask data data dmask dmask dnotmask dnotmask owner owner Parameters inde...

Page 527: ...mmand Read Write Example This example shows how to clear RMON filter entry 1 Matrix rw clear rmon filter index 1 smask smask Optional Specifies the mask applied to status to indicate which bits are si...

Page 528: ...k Captured packets 251 Capture slice 128 Download size 100 Download offset 0 Max Octet Requested 50000 Max Octet Granted 50000 Start time 1 days 0 hours 51 minutes 15 seconds Owner monitor captureEntr...

Page 529: ...eate RMON capture entry 1 to listen on channel 628 Matrix rw set rmon capture 1 628 index Specifies a buffer control entry channel Specifies the channel to which this capture entry will be applied act...

Page 530: ...capture Use this command to clears an RMON capture entry Syntax clear rmon capture index Parameters Defaults None Mode Switch command Read Write Example This example shows how to clear RMON capture e...

Page 531: ...to display add or delete IP routing table addresses and to display MAC address information Commands Note The commands in this section pertain to the Enterasys Matrix Series device from the switch CLI...

Page 532: ...lay the ARP table Matrix rw show arp LINK LEVEL ARP TABLE IP Address Phys Address Flags Interface 10 20 1 1 00 00 5e 00 01 1 S host0 134 142 21 194 00 00 5e 00 01 1 S host0 134 142 191 192 00 00 5e 00...

Page 533: ...his command to delete a specific entry or all entries from the switch s ARP table Syntax clear arp ip all Table 12 1 show arp Output Details Output What it displays IP Address IP address mapped to MAC...

Page 534: ...isplay the status of the RAD Runtime Address Discovery protocol on the switch Syntax show rad Parameters None Defaults None Mode Switch command Read Only Example This example shows how to display RAD...

Page 535: ...ver if the lease time for the address is set to infinity unlimited This will prevent the DFE from switching addresses when a lease time expires Example This example shows how to disable RAD Matrix rw...

Page 536: ...ry R host or net unreachable D created dynamically by redirect M modified dynamically by redirect d message confirmed C generate new routes on use X external daemon resolves name L generated by ARP S...

Page 537: ...put will be displayed If x is not specified checksums will be calculated Mode Switch command Read Only Usage Three UDP or ICMP probes will be transmitted for each hop between the source and the tracer...

Page 538: ...10 000 ms 20 000 ms 3 192 167 252 17 192 167 252 17 50 000 ms 0 000 ms 20 000 ms set ip route Use this command to add a route to the switch s IP routing table Syntax set ip route destination default g...

Page 539: ...s for all ports will be displayed Mode Switch command Read Only Usage These are port MAC addresses programmed into the device during manufacturing To show the MAC addresses learned on a port through t...

Page 540: ...ime 300 seconds This example shows how to display MAC address information for Fast Ethernet port 3 in module 1 agetime Optional Display the time in seconds that a learned MAC address will stay in the...

Page 541: ...dentifier Port Port designation Type Address type Valid types are other entry is other than below invalid entry is no longer valid but has not been yet flushed out learned entry has been learned and i...

Page 542: ...addresses out of the filtering database s Syntax clear mac all address address fid fid vlan id vlan id port string port string type learned mgmt agetime unicast as multicast Parameters unicast mac add...

Page 543: ...be displayed Mode Switch command Read Only vlan id vlan id Specify a VLAN ID from which to clear the MAC address for static multicast entries only port string port string Single port to clear ex fe 1...

Page 544: ...p port string enable disable Parameters Defaults If port string is not specified MAC address traps will be globally enabled or disabled Mode Switch command Read Write Example This example shows how to...

Page 545: ...ing globally or on one or more ports when moved source MAC addresses are detected Syntax set movedaddrtrap port string enable disable Parameters Defaults If port string is not specified MAC address tr...

Page 546: ...itch Network Addresses and Routes set movedaddrtrap 12 16 Network Address and Route Management Configuration Example This example shows how to globally enable MAC address traps Matrix rw set movedaddr...

Page 547: ...h synchronizes device clocks in a network Commands For information about Refer to page show sntp 13 2 set sntp client 13 3 clear sntp client 13 4 set sntp server 13 4 clear sntp server 13 5 set sntp b...

Page 548: ...Delay 3000 microseconds Broadcast Count 0 Poll Interval 512 seconds Poll Retry 1 Poll Timeout 5 seconds SNTP Poll Requests 1175 Last SNTP Update TUE SEP 09 16 05 24 2003 Last SNTP Request TUE SEP 09...

Page 549: ...the set sntp poll retry command set sntp poll retry on page 13 7 Poll Timeout Timeout for a response to a unicast SNTP request Default of 5 seconds can be reset using set sntp poll timeout command cle...

Page 550: ...is example shows how to clear the SNTP client s operational mode Matrix rw clear sntp client set sntp server Use this command to add a server from which the SNTP client will retrieve the current time...

Page 551: ...e Switch command Read Write Example This example shows how to remove the server at IP address 10 21 1 100 from the SNTP server list Matrix rw clear sntp server 10 21 1 100 set sntp broadcastdelay Use...

Page 552: ...stdelay Parameters None Defaults None Mode Switch command Read Write Example This example shows how to clear the SNTP broadcast delay time Matrix rw clear sntp broadcastdelay set sntp poll interval Us...

Page 553: ...to clear the SNTP poll interval Matrix rw clear sntp poll interval set sntp poll retry Use this command to set the number of poll retries to a unicast SNTP server Syntax set sntp poll retry retry Par...

Page 554: ...ommand to set the poll timeout in seconds for a response to a unicast SNTP request Syntax set sntp poll timeout timeout Parameters Defaults None Mode Switch command Read Write Example This example sho...

Page 555: ...splay SNTP time zone settings Matrix rw show timezone Admin Config timezone offset from UTC is 5 hours and 0 minutes Oper Config timezone offset from UTC is 5 hours and 0 minutes set timezone Use this...

Page 556: ...Write Example This example shows how to set the time zone to EST with an offset of minus 5 hours Matrix rw set timezone ETS 5 0 clear timezone Use this command to remove SNTP time zone adjustment val...

Page 557: ...ealias Use this command to display node alias properties for one or more ports Syntax show nodealias port string Parameters For information about Refer to page show nodealias 14 1 show nodealias mac 1...

Page 558: ...Alias ID 1533917044 Active true Vlan ID 1 MAC Address 00 e0 63 04 7b 00 Protocol ip Source IP 63 214 44 63 Table 14 1 provides an explanation of the command output show nodealias mac Use this command...

Page 559: ...following protocols Internet Protocol Appletalk Media Access Control Hot Standby Routing Protocol Dynamic Host Control Protocol Server Dynamic Host Control Protocol Client Boot Protocol Server Boot P...

Page 560: ...hrs 34 mins 54 secs Alias ID 306783579 Active true Vlan ID 1 MAC Address 00 e0 63 59 f4 55 Protocol bpdu Port ge 3 14 Time 0 days 00 hrs 00 mins 46 secs Alias ID 613566759 Active true Vlan ID 1 MAC Ad...

Page 561: ...fig Use this command to display node alias configuration settings on one or more ports Syntax show nodealias config port string Parameters ip apl mac hsrp dhcps dhcpc bootps bootpc ospf vrrp ipx xrip...

Page 562: ...alias Use this command to enable or disable a node alias agent on one or more ports Syntax set nodealias enable disable port string Parameters Table 14 2 show nodealias config Output Details Output Wh...

Page 563: ...lias disable fe 1 3 set nodealias maxentries Use this command to set the maximum number of node alias entries allowed for one or more ports Syntax set nodealias maxentries val port string Parameters D...

Page 564: ...This example shows how to reset the node alias configuration on fe 1 3 Matrix rw clear nodealias config fe 1 3 port string port string Specifies the port s on which to remove all node alias entries Fo...

Page 565: ...and the path the frame takes through the switch Operation NetFlow can be enabled on all ports on a Enterasys Matrix system including fixed front panel ports LAG ports NEM ports and FTM1 backplane por...

Page 566: ...support aggregation caches Provides 4 predefined templates The appropriate template is selected for each flow depending on whether the flow is routed or switched and whether it is a TCP UDP packet or...

Page 567: ...information and statistics Matrix rw show netflow Cache Status enabled Destination IP 10 10 1 1 Destination UDP Port 2055 Export Version 5 clear netflow cache 15 4 set netflow export destination 15 5...

Page 568: ...set netflow cache enable disable Parameters Defaults None Mode Switch command Read Write Usage A NetFlow cache maintains NetFlow information for all active flows By default NetFlow caches are not cre...

Page 569: ...netflow export destination ip address udp port Parameters Defaults None Mode Switch command Read Write Usage By default no collector address is configured Only one collector destination per Enterasys...

Page 570: ...set netflow export interval interval Parameters Defaults None Mode Switch command Read Write Usage Each DFE blade in the Enterasys Matrix system will transmit a NetFlow packet when It has accumulated...

Page 571: ...how to return the NetFlow export interval to its default value Matrix rw clear netflow export interval set netflow port Use this command to enable NetFlow collection on a port Syntax set netflow port...

Page 572: ...export version Use this command to set the NetFlow flow record format used to export data Syntax set netflow export version 5 9 Parameters Defaults None Mode Switch command Read Write Usage Refer to V...

Page 573: ...o the default of Version 5 Syntax clear netflow export version Parameters None Defaults None Mode Switch command Read Write Usage Use the show netflow config command show netflow on page 15 3 to displ...

Page 574: ...ur Enterasys Matrix system must be determined since the default settings of a 20 packet refresh rate and a 30 minute timeout may not be optimal for your environment For example a switch processing an...

Page 575: ...At least one of the refresh rate or timeout parameters must be specified although both can be specified on one command line Mode Switch command Read Write Example This example shows how to return the...

Page 576: ...Configuring NetFlow clear netflow template 15 12 NetFlow Configuration...

Page 577: ...d interface is down IP packets routed to the loopback interface are rerouted back to the router or access server and processed locally Routing interface configuration commands in this guide will confi...

Page 578: ...n id loopback loopback id lo local id Parameters Defaults If interface type is not specified information for all routing interfaces will be displayed Table 16 1 VLAN and Loopback Interface Configurati...

Page 579: ...out 14400 seconds lo is Administratively UP lo is Operationally UP Internet Address is 127 0 0 1 Subnet Mask is 255 255 255 0 The name of this device is lo The MTU is 1500 bytes The bandwidth is 10000...

Page 580: ...igure 2 8 in Pre Routing Configuration Tasks on page 2 100 Each Enterasys Matrix Series routing module or standalone device can support up to 96 routing interfaces Each interface can be configured for...

Page 581: ...Outgoing Access List is not Set IP Helper Address is not Set MTU is 1500 bytes ARP Timeout is 14400 seconds Proxy Arp is Enabled Gratuitous arp learning is not set ICMP Re Directs are enabled ICMP Un...

Page 582: ...d as described in ip helper address on page 16 21 MTU Interface s Maximum Transmission Unit size ARP Timeout Duration for entries to stay in the ARP table before expiring Set using the arp timeout com...

Page 583: ...to 192 168 1 1 and the network mask to 255 255 255 0 for VLAN 1 Matrix Router config interface vlan 1 Matrix Router config if Vlan 1 ip address 192 168 1 1 255 255 255 0 no shutdown Use this command...

Page 584: ...in router mode only For a sample of how to use these commands interchangeably with the Enterasys Matrix Series single configuration interface commands refer to Performing a Basic Router Configuration...

Page 585: ...be displayed to the terminal session Mode Router command Privileged EXEC Matrix Router Usage The write file command must be executed in order to save the router configuration to NVRAM If this command...

Page 586: ...isable IP routing on the device and remove the routing configuration Syntax no ip routing Parameters None Defaults None Mode Router command Global configuration Matrix Router config Usage By default I...

Page 587: ...display or write the current router configuration to a file For details refer to show config on page 2 85 Configuring the Router You can configure the router using either of the following methods Usi...

Page 588: ...on page 2 86 6 Run the configure command using the new config file as described in configure on page 2 86 Reviewing and Configuring the ARP Table Purpose To review and configure the routing ARP table...

Page 589: ...rix Router show ip arp vlan 2 Protocol Address Age min Hardware Addr Type Interface Internet 134 141 235 251 0 0003 4712 7a99 ARPA Vlan2 Table 16 3 provides an explanation of the command output ip add...

Page 590: ...0 2 3 1 and MAC address 0003 4712 7a99 Matrix Router config arp 130 2 3 1 0003 4712 7a99 arpa Table 16 3 show ip arp Output Details Output What it displays Protocol ARP entry s type of network address...

Page 591: ...RP updating from gratuitous ARP requests on VLAN 1 Matrix Router config interface vlan 1 Matrix Router config if Vlan 1 ip gratuitous arp request ip gratuitous arp learning Use this command to allow a...

Page 592: ...le proxy ARP on an interface This variation of the ARP protocol allows the routing module to send an ARP response on behalf of an end node to the requesting host Syntax ip proxy arp default route loca...

Page 593: ...If the user needs interfaces to use different MAC addresses this command will allow it It is the user s responsibility to select a MAC address that will not conflict with other devices on the VLAN sin...

Page 594: ...ws how to set the ARP timeout to 7200 seconds Matrix Router config arp timeout 7200 clear arp cache Use this command to delete all nonstatic dynamic entries from the ARP table Syntax clear arp cache P...

Page 595: ...he routing module forwarding the request as described in ip helper address on page 16 21 The DHCP BOOTP relay function will detect the DHCP request and make the necessary changes to the header replaci...

Page 596: ...age If a certain service exists inside the node and there is no need to forward the request to remote networks the no form of this command should be used to disable the forwarding for the specific por...

Page 597: ...works in conjunction with the ip forward protocol command ip forward protocol on page 16 20 which defines the forward protocol and port number You can use this command to add more than one helper add...

Page 598: ...ommand to display information about IP protocols running on the device Syntax show ip protocols Parameters None Defaults None Mode Router command Any router mode Usage Enabling CIDR for RIP on the Ent...

Page 599: ...et Outgoing update filter list for all interfaces is not set Default Version Control Interface Send Recv Key chain Vlan 1 1 1 Vlan 2 1 1 Routing for Networks 182 127 0 0 Routing Information Sources Ga...

Page 600: ...chable 0 echo 4 echo reply 0 mask requests 2 mask replies 0 quench 0 timestamp 0 info reply 0 time exceeded 0 parameter problem UDP Statistics Rcvd 1 total 0 checksum errors 1 no port Sent 6 total 0 f...

Page 601: ...ains all the active static routes all the RIP routes and up to three best routes to each network as determined by OSPF The RTM selects up to three of the best routes to each network and installs these...

Page 602: ...vlan 1 ip route Use this command to add or remove a static IP route Syntax ip route prefix mask forward addr vlan vlan id distance permanent tag value no ip route prefix mask forward addr vlan vlan id...

Page 603: ...er config ip route 10 0 0 0 255 0 0 0 vlan 100 ip icmp Use this command to re enable the Internet Control Message Protocol ICMP allowing a router to reply to IP ping requests Syntax ip icmp echo reply...

Page 604: ...shows output from a successful ping to IP address 182 127 63 23 Matrix Router ping 182 127 63 23 Reply from 182 127 63 23 Reply from 182 127 63 23 Reply from 182 127 63 23 PING 182 127 63 23 Statisti...

Page 605: ...201 2 hop 2 is rtr10 at 192 4 9 10 hop 3 is rtr43 at 192 167 208 43 and hop 4 is back to the host IP address Round trip times for each of the three ICMP probes are displayed before each hop Probe tim...

Page 606: ...mation A verbose option provides detailed packet information Options are available to both throttle the number of packets per second and limit the number of packets per board Commands debug ip packet...

Page 607: ...et for throttle 5 and limit 20 with a detail value of verbose Matrix rw set logging here enable Opened 71 at index 5 Matrix rw router Matrix rw Router enable Matrix rw Router configure Matrix rw Route...

Page 608: ...Example This example shows how to restart the debug IP packet utility Matrix rw Router config debug ip packet restart show debugging Use this command to display the debug IP Packet utility settings Sy...

Page 609: ...s Matrix DFE Gold Series Configuration Guide 16 33 Parameters None Defaults None Mode Router command Router configuration Matrix Router config Example This example shows how to disable the debug IP pa...

Page 610: ...Configuring Debug IP Packet no debug ip packet 16 34 IP Configuration...

Page 611: ...n page 2 103 Important Notice PIM is an advanced routing feature that must be enabled with a license key If you have purchased an advanced license key and have enabled routing on the device you must a...

Page 612: ...Router config if Vlan 1 Usage The no form of this command disables PIM on an interface Example This example enables PIM sparse mode on VLAN 1 Matrix Router config interface vlan 1 Matrix Router config...

Page 613: ...ip pim dr priority priority no ip dr priority Parameters Defaults None pim interface Interface of the BSR candidate This interface must be enabled with PIM as described in ip pim sparse mode on page...

Page 614: ...priority no ip rp address rp address group address group mask Parameters Defaults If not specified a priority value of 192 will be assigned Mode Router command Global configuration Matrix Router confi...

Page 615: ...dalone device The no form of this command removes the router as an RP candidate Example This example enables the PIM interface at 35 0 0 224 0 0 240 0 0 to advertise itself as an RP candidate with a p...

Page 616: ...own Syntax show ip pim interface interface Table 17 1 show ip pim bsr Output Details Output What it displays BSR Address IP address of the bootstrap router BSR Priority Priority as set by the ip pim b...

Page 617: ...mation about discovered PIM neighbors Syntax show ip pim neighbor interface interface Optional Displays information about a specific PIM interface This interface must be enabled with PIM as described...

Page 618: ...ated multicast routing entries Syntax show ip pim rp group mapping multicast group address interface Optional Displays information about a specific PIM interface This interface must be enabled with PI...

Page 619: ...n Group s 224 0 0 0 4 RP 192 168 41 1 Priority 2 Expiry 00 01 30 Uptime 07 49 31 RP 192 168 91 1 Priority 5 Expiry 00 01 30 Uptime 07 49 31 Table 17 4 provides an explanation of the command output gro...

Page 620: ...source address multicast group address summary Parameters Defaults If no optional parameters are specified detailed information about all source and destination addresses will be displayed Mode Route...

Page 621: ...n 555 Forward Sparse 01 48 54 00 02 33 Vlan 910 Forward Sparse 01 52 43 00 00 00 Vlan 920 Forward Sparse 01 52 43 00 00 00 show ip mforward Use this command to display the IP multicast forwarding tabl...

Page 622: ...n 555 Forward Sparse Vlan 910 Forward Sparse Vlan 920 Forward Sparse show ip rpf Use this command to display the reverse path of an address in the unicast table Syntax show ip rfp Parameters None Defa...

Page 623: ...en inside and outside NAT address translation It supports one to one binding local addresses to global addresses and TCP UDP port number translations The dynamic address binding feature is designed fo...

Page 624: ...se these commands Enable NAT on an inside or outside interface ip nat inside outside Define a NAT address pool ip nat pool name start ip address end ip address netmask netmask prefix length prefix len...

Page 625: ...e NAT interface Matrix rw router Matrix router enable Matrix router configure terminal Enter configuration commands Matrix Router config interface vlan 1 Matrix Router config if Vlan 1 ip nat inside M...

Page 626: ...10 10 10 25 10 10 10 45 netmask 255 255 255 0 ip nat inside source list Use this command to enable dynamic translation of inside source addresses Syntax ip nat inside source list access list pool pool...

Page 627: ...ng pool doc1 on interface vlan 1 Matrix Router config ip nat inside source list 1 pool doc1 interface vlan 1 ip nat inside source static NAT Use this command to enable static NAT translation of inside...

Page 628: ...s example enables a static NAPT translation of inside source addresses for private local address 10 10 10 51 on port 123 destined for and transmitting from unique public address 45 20 10 6 on port 121...

Page 629: ...ontrol port 22 ip nat secure plus Use this command to enable force flows to block clients on the outside interface from establishing connections directly to the inside interface addresses Syntax ip na...

Page 630: ...e number of maximum entries to the default value Example This example sets the maximum number of NAT translation entries to 20000 Matrix Router config ip nat translation max entries 20000 ip nat trans...

Page 631: ...verbose Parameters None Defaults If verbose is not specified standard output is displayed Mode Router command Global configuration Matrix Router config Examples This example shows a dynamic NAPT trans...

Page 632: ...00 use 00 00 03 service type ftp control tcp 81 1 1 1 1025 172 111 1 4 50021 DynOver 2 create 07 39 00 use 00 00 03 service type ftp data tcp 81 1 1 1 1026 172 111 1 4 50022 DynOver 16 create 07 39 0...

Page 633: ...f the verbose version of the above example Matrix Router config show ip nat statistics verbose Nat current status Active Nat secure plus Disable Nat maximum allowed translation entries 32000 All nat t...

Page 634: ...ne Defaults None Mode Router command Global configuration Matrix Router config Example This example clears dynamic ip NAT translations for this router Matrix Router config clear ip nat translation cle...

Page 635: ...ults None Mode Router command Global configuration Matrix Router config Usage This command clears an active NAPT translation Use the no ip nat inside source static command to delete a static NAT confi...

Page 636: ...32000 nat cache nat cache Optional Specifies the maximum NAT cache size for this router Values range from 100 to 2000 Default value of 2000 nat dynamic configs nat dynamic configs Optional Specifies...

Page 637: ...tem Matrix su show router limits LSNAT maximum Bindings 32000 default LSNAT Cache size 2000 default LSNAT maximum Configs 50 default NAT maximum Bindings 32000 default NAT Cache size 2000 default NAT...

Page 638: ...to the default value nat cache Optional Specifies the resetting of NAT cache size router limits to the default value nat dynamic configs Optional Specifies the resetting the number of NAT dynamic mapp...

Page 639: ...nfiguring Network Address Translation NAT Enterasys Matrix DFE Gold Series Configuration Guide 18 17 Example This example resets the NAT cache router limits setting to the default value Matrix rw clea...

Page 640: ...Configuring Network Address Translation NAT clear router limits NAT 18 18 Network Address Translation NAT Configuration...

Page 641: ...ions The following considerations must be taken into account when configuring LSNAT on Enterasys Matrix Series devices On chassis based systems only one router per chassis will be allowed to run LSNAT...

Page 642: ...ne session and would be directed to the same load balancing server for example the server with IP address 10 1 1 1 A request from a different source socket from the same client address to the same vir...

Page 643: ...rvers configured as part of a server farm group there are two mechanisms that can provide direct client access The first mechanism configured within virtual server configuration mode with the allow ac...

Page 644: ...d SMTP For ACV verification you specify the following A string that the router sends to a single server The string can be a simple HTTP command to get a specific HTML page or it can be a command to ex...

Page 645: ...ns on page 19 2 for more information sticky sticky on page 19 10 Configure a real server Optional Display the real server configuration show ip slb reals show ip slb reals on page 19 10 Enable a real...

Page 646: ...to directly access all services provided by real servers EXCEPT FOR those services configured to be accessed through a configured virtual server See Configuring Direct Access to Real Servers on page...

Page 647: ...CTION ACTIVE 2 2 ftpserver ROUNDROBIN ACTIVE 2 2 ten ROUNDROBIN ACTIVE 3 3 big ROUNDROBIN ACTIVE 1 1 ip slb ftpctrlport Use this command to specify an FTP control port for load balancing functionality...

Page 648: ...e Mode Router command Global configuration mode Matrix Router config Usage The no form of this command deletes the server farm from the LSNAT configuration Example This example shows how to identify a...

Page 649: ...real server 10 1 2 3 to the server farm named httpserver and to configure the port number to be used for the service provided by this server Matrix Router config ip slb serverfarm httpserver Matrix Ro...

Page 650: ...and SLB Server Farm Configuration mode Matrix Router config slb sfarm Usage See Sticky Persistence Configuration Considerations on page 19 2 for more information This command is used in conjunction wi...

Page 651: ...l 15 Fail Detect Type ping Current Connections on this real server 0 Current state of this real server UP Maximum Connections Unlimited Real Server Weight 3 InService Real Server IP 10 3 0 2 Real Serv...

Page 652: ...arm Assigned using the real command as described in real on page 19 8 Real Server Port Port number assigned to this server Fail Detect Ping App Retries Number of failure detection ping UDP application...

Page 653: ...no form of this command removes the real server from service Example This example shows how to enable the real server IP 10 1 2 3 in the httpserver server farm Matrix Router config ip slb serverfarm h...

Page 654: ...rm real 10 1 2 4 port 7 type both ping app upd acv udp Specifies that the failure detection mechanism will be ping TCP or UDP application ACV or that both application TCP and ping methods will be used...

Page 655: ...ed when the faildetect type is ACV This is the command that is sent to the application port of the server and for which it s reply will be validated against the ACV reply string specified in the comma...

Page 656: ...the command string sent to the server application port 7 Matrix Router config ip slb serverfarm SF UPD Matrix Router config slb sfarm real 10 1 2 4 port 7 Matrix Router config slb real faildetect typ...

Page 657: ...Router config slb real inservice faildetect read till index Provides for the setting of an exact acv reply string index when the file is not known to the user Syntax faildetect read till index index n...

Page 658: ...l server at IP 10 1 2 3 in the httpserver server farm Matrix Router config ip slb serverfarm httpserver Matrix Router config slb sfarm real 10 1 2 3 port 80 Matrix Router config slb real faildetect pi...

Page 659: ...config slb real inservice show ip slb vservers Use this command to display server load balancing virtual server information Syntax show ip slb vservers detail virtserver name detail Parameters Default...

Page 660: ...ual server Assigned using the ip slb vserver command as described in ip slb vserver on page 19 21 Virtual Server IP Address of the virtual server Assigned with the virtual command as described in virt...

Page 661: ...tual server will be associated Matrix Router config ip slb serverfarm httpserver Matrix Router config slb sfarm real 10 1 2 1 port 80 Matrix Router config slb real inservice Matrix Router config slb r...

Page 662: ...server farm Matrix Router config ip slb serverfarm httpserver Matrix Router config slb sfarm real 10 1 2 1 port 80 Matrix Router config slb real inservice Matrix Router config slb real exit Matrix Rou...

Page 663: ...rm real 10 1 2 3 port 80 Matrix Router config slb real inservice Matrix Router config slb real exit Matrix Router config slb sfarm exit Matrix Router config ip slb vserver virtual http Matrix Router c...

Page 664: ...ix Router config ip slb serverfarm httpserver Matrix Router config slb sfarm real 10 1 2 1 port 80 Matrix Router config slb real inservice Matrix Router config slb real exit Matrix Router config slb s...

Page 665: ...ent to use the virtual server Example This example shows how to allow a client at 100 12 22 42 255 255 255 0 to use the virtual server named virtual lsnat Matrix Router config ip slb vserver virtual l...

Page 666: ...Matrix Router config slb real exit Matrix Router config slb sfarm exit Matrix Router config ip slb vserver virtual http Matrix Router config slb vserver serverfarm httpserver Matrix Router config slb...

Page 667: ...g slb vserver persistence level sticky Matrix Router config slb vserver inservice allow accessservers Use this command to allow specific clients to access the load balancing real servers in a particul...

Page 668: ...mation about using this command in conjunction with the virtual server configuration mode command allow accessservers The no form of this command removes direct access for all clients Examples This ex...

Page 669: ...f no parameters are specified summary information about all active connections will be displayed If detail is not specified summary information will be displayed Mode Router command Any router mode Ex...

Page 670: ...Port 1110 Protocol TCP Created Time stamp 2004 3 24 14 34 07 Connection State outgoing server reply state Table 19 4 provides an explanation of the detailed command output show ip slb stats Use this...

Page 671: ...lb sticky Use this command to display server load balancing active sticky connections Syntax show ip slb sticky client ip address Parameters Defaults If client is not specified all server load balanci...

Page 672: ...r load balancing connections Matrix Router clear ip slb connections all show router limits LSNAT Use this command to display LSNAT router limits Syntax show router limits lsnat bindings lsnat cache ls...

Page 673: ...TWCB Cache size 2000 default TWCB maximum Configs 1 default This example displays the LSNAT cache size limit for this system Matrix su show router limits lsnat cache LSNAT Cache size 2000 default set...

Page 674: ...t to 25 This means that up to 25 server farms 25 virtual servers and 25 direct access entries can be configured and up to 250 real servers and 250 client access entries can be configured Matrix rw set...

Page 675: ...Write Usage This command must be executed from the switch CLI Example This example shows how to reset all chassis based LSNAT limits Matrix rw clear router limits Note Router limits can also be clear...

Page 676: ...Configuring Load Sharing Network Address Translation LSNAT clear router limits LSNAT 19 36 LSNAT Configuration...

Page 677: ...c DHCP assigns an IP address to a client for a limited period of time or until the client explicitly relinquishes the address Manual A client s IP address is assigned by the network administrator and...

Page 678: ...ice on a routing interface required DHCP Supported Options Table 20 1 lists the DHCP server option names and codes supported by the firmware All options specified in Table 20 1 may be configured using...

Page 679: ...scovery 29 Mask Supplier 30 Perform Router Discovery 31 Router Solicitation Address 32 Static Route 33 Trailer Encapsulation 34 ARP Cache Timeout 35 Ethernet Encapsulation 36 TCP Default TTL 37 TCP Ke...

Page 680: ...t Finger Server 73 Default IRC Server 74 StreetTalk Server 75 StreetTalk Directory Assistance Server 76 Relay Agent Information 82 Defined in RFC 3046 Subnet Selection 118 Defined in RFC3011 Table 20...

Page 681: ...ess from any DHCP configuration mode Matrix Router config dhcp host Table 20 2 DHCP Command Modes continued Mode Usage Access Method Resulting Prompt For information about Refer to page ip dhcp server...

Page 682: ...vlan 1 Matrix Router config if Vlan 1 ip dhcp server ip local pool Use this command to configure a local address pool to use as a DHCP subnet This defines the range of IP addresses to be used by DHCP...

Page 683: ...one or more addresses from a DHCP local address pool Syntax exclude ip address number no exclude ip address number Parameters Defaults None Mode Router command IP Local Pool configuration Matrix Route...

Page 684: ...P addresses Example This example shows how to set the number of DHCP ping attempts to 6 Matrix Router config ip dhcp ping packets 6 ip dhcp ping timeout Use this command to specify the amount of time...

Page 685: ...name Parameters Defaults None Mode Router command Global configuration Matrix Router config Usage The no form of this command deletes a DHCP address pool Example This example shows how to assign the n...

Page 686: ...omain name mycompany com dns server Use this command to assign one or more DNS servers to DHCP clients Syntax dns server address address2 address8 no dns server Parameters Defaults If address2 address...

Page 687: ...additional addresses will be configured Mode Router command Any DHCP configuration mode Usage This command configures DHCP option 44 The no form of this command deletes the NetBIOS WINS server list Ex...

Page 688: ...pe h node default router Use this command to assign a default router list to DHCP clients Syntax default router address address2 address8 no default router Parameters Defaults If address2 address8 is...

Page 689: ...to specify the default boot image for a DHCP client Syntax bootfile filename no bootfile Parameters Defaults None Mode Router command Any DHCP configuration mode Usage The no form of this command dele...

Page 690: ...in the boot process Matrix Router config ip dhcp pool localpool Matrix Router config dhcp pool next server 192 168 42 13 option Use this command to configure DHCP options Syntax option code instance...

Page 691: ...with the 01 value Matrix Router config ip dhcp pool localpool Matrix Router config dhcp pool option 19 hex 01 This example shows how to configure DHCP option 72 which assigns one or more Web servers f...

Page 692: ...s found in the IP address pool database the Class A B or C natural mask will be used Mode Router command DHCP Pool Configuration mode Matrix Router config dhcp pool Usage The no form of this command r...

Page 693: ...Matrix Router config ip dhcp pool localpool Matrix Router config dhcp pool client class clientclass1 client identifier Use this command to enable DHCP host configuration mode and associate a client c...

Page 694: ...uration mode Usage The no form of this command deletes a client name Example This example shows how to assign soho1 as a client name in clientclass1 Matrix Router config ip dhcp pool localpool Matrix...

Page 695: ...01 f401 2710 ethernet show ip dhcp binding Use this command to display information about one or all DHCP address bindings Syntax show ip dhcp binding ip address Parameters Defaults If ip address is no...

Page 696: ...d1 12f8 Infinite Manual Y clear ip dhcp binding Use this command to delete one or all automatic DHCP address bindings Syntax clear ip dhcp binding address Parameters Defaults None Mode Router command...

Page 697: ...K 0 Table 20 3 provides an explanation of the command output Table 20 3 show ip dhcp server statistics Output Details Output What it displays Memory usage Bytes of RAM allocated by the DHCP server Add...

Page 698: ...ics Parameters None Defaults None Mode Router command Privileged EXEC Matrix Router Example This example shows how to reset all DHCP server counters Matrix Router clear ip dhcp server statistics Recei...

Page 699: ...cense contact Enterasys Networks Sales Configuring RIP Purpose To enable and configure the Routing Information Protocol RIP RIP Configuration Task List and Commands Table 21 1 lists the tasks and comm...

Page 700: ...ey to the chain key on page 21 9 Specify an authentication string for the key key string on page 21 9 Set the accept time period the authentication string can be received accept lifetime on page 21 10...

Page 701: ...isables RIP Example This example shows how to enable RIP Matrix Router configure terminal Matrix Router config router rip Matrix Router config router network Use this command to attach a network of di...

Page 702: ...rmally a broadcast protocol In order for RIP routing updates to reach nonbroadcast networks the neighbor s IP address must be configured to permit the exchange of routing information The no form of th...

Page 703: ...orm of this command resets RIP administrative distance to the default value of 120 Example This example shows how to change the default administrative distance for RIP to 1001 Matrix Router config rou...

Page 704: ...ion regarding better paths is suppressed Syntax timers basic update seconds invalid seconds holdown seconds flush seconds no timers basic Parameters Defaults None Mode Router command Router configurat...

Page 705: ...ation Matrix Router config if Vlan 1 Usage The no form of this command restores the version of update packets that was transmitted by the RIP module Example This example shows how to set the RIP send...

Page 706: ...eceived on VLAN 1 Matrix Router config interface vlan 1 Matrix Router config if Vlan 1 ip rip receive version 2 key chain Creates or deletes a key chain used globally for RIP authentication Syntax key...

Page 707: ...orts only one key per key chain The no form of this command removes the key from the key chain Example This example shows how to create authentication key 3 within the key chain called md5key Matrix R...

Page 708: ...me start time month date year Parameters text Specifies the authentication string that must be sent and received in RIP packets The string can contain from 1 to 16 uppercase and lowercase alphanumeric...

Page 709: ...lifetime start time month date year Parameters end time Specifies the hours minutes and seconds hh mm ss and the month date and year from the start time the key is valid to be received infinite Specif...

Page 710: ...g keychain key send lifetime 02 30 00 nov 30 2002 infinite ip rip authentication keychain Use this command to enable or disable a RIP authentication key chain for use on an interface Syntax ip rip aut...

Page 711: ...described in ip rip authentication keychain on page 21 12 before RIP authentication mode can be configured The no form of this command suppresses the use of authentication Example This example shows h...

Page 712: ...P automatic route summarization Matrix Router config router rip Matrix Router config router no auto summary ip rip disable triggered updates Use this command to prevent RIP from sending triggered upda...

Page 713: ...unreachable rather than implying it by not including the network in routing updates The no form of this command disables split horizon poison reverse Example This example shows how to disable split h...

Page 714: ...to allow RIP to receive update packets on an interface This does not affect the sending of RIP updates on the specified interface Syntax receive interface vlan vlan id no receive interface vlan vlan...

Page 715: ...y 192 5 34 0 0 0 0 255 Matrix Router config router rip Matrix Router config router distribute list 1 out vlan redistribute Use this command to allow routing information discovered through non RIP prot...

Page 716: ...IP routing information discovered via directly connected interfaces will be redistributed ospf Specifies that OSPF routing information will be redistributed in RIP process id Specifies the process ID...

Page 717: ...rt occurs A restart interval provides for a maximum time in seconds after which the graceful restart will terminate should it not complete or terminate for other reasons within the interval Use the gr...

Page 718: ...e must have 256M of memory to be router protocol process eligible Upon failure of a module running the router protocol process the protocol process is started on a recovery module One of the first mes...

Page 719: ...nated router for the network ip ospf priority ip ospf priority on page 21 25 Adjust timers and message intervals timers spf timers spf on page 21 26 ip ospf retransmit interval ip ospf retransmit inte...

Page 720: ...on page 21 40 Disabling strict LSA checking for graceful restart graceful restart strict lsa checking disable graceful restart strict lsa checking disable on page 21 41 Monitor and maintain OSPF show...

Page 721: ...nal Matrix Router config router ospf 1 Matrix Router config router network Use this command to configure area IDs for OSPF interfaces Syntax network ip address wildcard mask area area id no network ip...

Page 722: ...he router ID as a tie breaker for path selection If not specified this will be set to the lowest IP address of the interfaces configured for IP routing The no form of this command resets the router ID...

Page 723: ...if Vlan 1 ip ospf cost 20 ip ospf priority Use this command to set the OSPF priority value for router interfaces Syntax ip ospf priority number no ip ospf priority Parameters Defaults None Mode Route...

Page 724: ...val Use this command to set the amount of time between retransmissions of link state advertisements LSAs for adjacencies that belong to an interface Syntax ip ospf retransmit interval seconds no ip os...

Page 725: ...se this command to set the amount of time required to transmit a link state update packet on an interface Syntax ip ospf transmit delay seconds no ip ospf transmit delay Parameters Defaults None Mode...

Page 726: ...config if Vlan 1 ip ospf hello interval 5 ip ospf dead interval Use this command to set the number of seconds a router must wait to receive a hello packet from its neighbor before determining that the...

Page 727: ...s Defaults If password is not specified the password will be set to a blank string Mode Router command Interface configuration Matrix Router config if Vlan 1 Usage The password key set with this comma...

Page 728: ...F MD5 routing updates between neighboring routers The no form of this command disables MD5 authentication on an interface Example This example shows how to enable OSPF MD5 authentication on VLAN 1 set...

Page 729: ...sets OSPF administrative distance to the default value of 110 Example This example shows how to change the default administrative distance for external OSPF routes to 100 Matrix Router config router o...

Page 730: ...nable or disable authentication for an OSPF area Syntax area area id authentication simple message digest no area area id authentication simple message digest Parameters Defaults None Mode Router comm...

Page 731: ...specified the stub area will be able to receive LSAs Mode Router command Router configuration Matrix Router config router Usage This is an area that carries no external routes The no form of this com...

Page 732: ...ple shows how to set the cost value for stub area 10 to 99 Matrix Router config router ospf 1 Matrix Router config router area 10 default cost 99 area nssa Use this command to configure an area as a n...

Page 733: ...an OSPF virtual link which represents a logical connection between the backbone and a non backbone OSPF area Syntax area area id virtual link ip address The options for using this syntax are area area...

Page 734: ...fies the number of seconds that the hello packets of a router are not communicated to neighbor routers before the neighbor routers determine that the router sending the hello packet is out of service...

Page 735: ...t RIP routing information will be redistributed in OSPF static Specifies that non OSPF information discovered via static routes will be redistributed Static routes are those created using the ip route...

Page 736: ...of OSPF link state database overflow a condition where the router is unable to maintain the database in its entirety Syntax database overflow external exit overflow interval interval limit limit warn...

Page 737: ...verflow limits Example This example shows how to set the OSPF database exit overflow interval to 240 seconds the overflow limit to 3800 LSAs and the warning level to 2500 LSAs Matrix Router config rou...

Page 738: ...k segment functions as a helper by monitoring the network for topology changes So long as the helper does not see an LSA change it continues to advertise its LSAs as though the restarting router remai...

Page 739: ...lsa checking disable Use this command to disable strict LSA checking during graceful restart Syntax graceful restart strict lsa checking disable no graceful restart strict lsa checking disable Paramet...

Page 740: ...p ospf Routing Process ospf 20 with ID 134 141 7 2 Supports only single TOS TOS0 route It is an area border and autonomous system boundary router Summary Link update interval is 0 seconds External Lin...

Page 741: ...tabase summary link state id show ip ospf database asbr summary link state id show ip ospf database external link state id show ip ospf database nssa external link state id show ip ospf database datab...

Page 742: ...States Area 0 0 0 0 LinkID ADV Router Age Seq Checksum 182 127 63 1 182 127 62 1 956 0x80000001 0xb6ca Table 21 3 provides an explanation of the command output nssa external Displays nssa external Ty...

Page 743: ...ow ip ospf border routers OSPF internal Codes i Intra area route I Inter area route i 192 168 22 1 64 via 192 168 11 1 VLAN2 ABR Area 0 SPF 10 i 192 168 22 1 64 via 192 168 11 1 VLAN2 ABR Area 4 SPF 1...

Page 744: ...n Pre Routing Configuration Tasks on page 2 100 Table 21 4 show ip ospf interface Output Details Output What it displays Vlan Interface VLAN administrative status as up or down Internet Address IP add...

Page 745: ...mer represents the amount of time a router waits before initiating a designated router backup designated router election The wait timer changes when the dead interval changes The retransmit timer repr...

Page 746: ...ents a logical connection between the backbone and a non backbone OSPF area Example This example shows how to display OSPF virtual links information Matrix Router show ip ospf virtual links Virtual Li...

Page 747: ...of the virtual link neighbor and the virtual link status which is up or down Transit area ID of the transit area through which the virtual link is configured via interface Router s interface into the...

Page 748: ...protocol debugging output to display information about Link State Advertisement generation Matrix Router debug ip ospf lsa generation rfc1583compatible Use this command to enable the OSPF router for R...

Page 749: ...1 51 Mode Router command Router configuration Matrix Router config router Usage The no form of this command removes OSPF RFC 1583 compatible Example This example shows how to configure RFC 1583 compat...

Page 750: ...eceive from a particular group Commands ip dvmrp Use this command to enable or disable DVMRP on an interface Syntax ip dvmrp no ip dvmrp Parameters None Defaults None Mode Router command Interface con...

Page 751: ...Parameters Defaults None Mode Router command Interface configuration Matrix Router config if Vlan 1 Usage To reset the DVMRP metric back to the default value of 1 enter ip dvmrp metric 0 Example This...

Page 752: ...ID and netmask in prunes and grafts VPGN Matrix Router show ip dvmrp route flag characters used V Neighbor is verified P Neighbor supports pruning G Neighbor supports generation ID N Neighbor supports...

Page 753: ...ce Syntax ip irdp no ip irdp Parameters None Defaults None Mode Router command Interface configuration Matrix Router config if Vlan 1 Usage The no form of this command disables IRDP on an interface Ex...

Page 754: ...example shows how to set the maximum IRDP advertisement interval to 1000 seconds on VLAN 1 Matrix Router config interface vlan 1 Matrix Router config if Vlan 1 ip irdp maxadvertinterval 1000 ip irdp m...

Page 755: ...tax ip irdp holdtime holdtime no irdp holdtime Parameters Defaults None Mode Router command Interface configuration Matrix Router config if Vlan 1 Usage Hold time is automatically set at three times t...

Page 756: ...Router config if Vlan 1 ip irdp preference 80000000 ip irdp address Use this command to add additional IP addresses for IRDP to advertise Syntax ip irdp address ip address preference no ip irdp prefer...

Page 757: ...advertisements using broadcast rather than multicast transmissions By default the router sends IRDP advertisements via multicast Syntax no ip irdp multicast Parameters None Defaults None Mode Router c...

Page 758: ...P information for all interfaces will be displayed Mode Router command Interface configuration Matrix Router config if Vlan 1 Example This example shows how to display IRDP information for VLAN 1 Matr...

Page 759: ...ters decide who will become master and who will become backup in the event the master fails Commands router vrrp Use this command to enable or disable VRRP configuration mode Syntax router vrrp no rou...

Page 760: ...Router command Router configuration Matrix Router config router Usage This command must be executed to create an instance of VRRP on a routing interface VLAN before any other VRRP settings can be con...

Page 761: ...mmand refer to priority on page 21 64 Each VRRP routing interface can support up to 16 virtual router IP addresses A virtual router IP address can be either an address configured on the routing interf...

Page 762: ...dress vlan 1 1 10 2 2 2 0 Matrix Router config router address vlan 1 1 10 2 2 3 0 priority Use this command to set a priority value for a VRRP router Syntax priority vlan vlan id vrid priority value n...

Page 763: ...ss matches the real IP address of the interface Therefore when the backup router takes over there would be no device that would answer the ICMP echo for that virtual IP because only the primary was co...

Page 764: ...AN VRID know the router is still acting as master of the VLAN VRID The no form of this command clears the VRRP advertise interval value Example This example shows how set an advertise interval of 3 se...

Page 765: ...1 Matrix Router config router vrrp Matrix Router config router critical ip vlan 1 1 182 127 62 3 preempt Use this command to enable or disable preempt mode on a VRRP router Syntax preempt vlan id vri...

Page 766: ...e this command to set a preempt delay time on a VRRP router Syntax preempt delay vlan id vrid delay timer no preempt delay vlan id vrid Parameters Defaults None Mode Router command Router configuratio...

Page 767: ...VRRP on an interface Syntax enable vlan vlan id vrid no enable vlan vlan id vrid Parameters Defaults None Mode Router command Router configuration Matrix Router config router Usage Before enabling VR...

Page 768: ...digest key Use this command to set a VRRP MD5 authentication password on an interface Syntax ip vrrp message digest key vrid md5 password hmac 96 no ip vrrp message digest key Parameters password Spe...

Page 769: ...x Router config interface vlan 1 Matrix Router config if Vlan 1 ip vrrp message digest key 1 md5 qwer show ip vrrp Use this command to display VRRP routing information Syntax show ip vrrp Parameters N...

Page 770: ...critical ip interfaces has decremented the priority to 0 Backup The Vrid is operating in the backup state Master The Vrid is operating in the master state ifDown The Vrid is down because the interface...

Page 771: ...ult priority setting on the port For example if the priority of a port is set to 4 the frames received through that port without a priority indicated in their tag header are classified as a priority 4...

Page 772: ...Commands show port priority Use this command to display the 802 1D priority for one or more ports Syntax show port priority port string Parameters Defaults If port string is not specified priority fo...

Page 773: ...n its tag header is assigned a priority according to the priority setting on the port For example if the priority of a port is set to 5 the frames received through that port without a priority indicat...

Page 774: ...ll cause all frames received without a priority value in its header to be set to priority 0 Example This example shows how to reset fe 1 11 to the default priority Matrix rw clear port priority fe 1 1...

Page 775: ...ear current port priority queue settings for one or more ports Commands show port priority queue Use this command to display the port priority levels 0 through 7 with 0 as the lowest level associated...

Page 776: ...priority of 0 frames with 4 or 5 priority at the second highest transmit priority of 2 and frames with 6 or 7 priority at the highest transmit priority of 3 Matrix rw show port priority queue fe 1 7...

Page 777: ...ar port priority queue Use this command to reset port priority queue settings back to defaults for one or more ports Syntax clear port priority queue port string Parameters Defaults None port string S...

Page 778: ...2 8 Port Priority and Rate Limiting Configuration Mode Switch command Read Write Example This example shows how to clear the priority queue settings on fe 2 12 Matrix rw clear port priority queue fe 2...

Page 779: ...the rate exceeds the programmed limit frames are dropped until the rate falls below the limit Commands show port ratelimit Use this command to show the traffic rate limiting configuration on one or mo...

Page 780: ...ble port string priority threshold disable enable inbound index Parameters Table 22 1 show port ratelimit Output Details Output What it displays Port Number Port designation For a detailed description...

Page 781: ...clear port ratelimit port string index Parameters Defaults If not specified all index entries will be reset Mode Switch command Read Write priority Specifies the 802 1D 802 1p port priority level ass...

Page 782: ...Traffic Rate Limiting clear port ratelimit 22 12 Port Priority and Rate Limiting Configuration Example This example shows how to clear all rate limiting parameters on port fe 2 1Matrix rw clear port...

Page 783: ...s to configure a routed network with IP interfaces that allow the N Series router to send requests for the internet to the correct web caching device There are five aspects to TWCB configuration Creat...

Page 784: ...an end user s cache resides Any future requests for that web object will be handled by the cache server until the cache entry expires Cache entry expiration is configured in the web based proxy cache...

Page 785: ...xample creates the s1Server web cache server farm Matrix rw Router config ip twcb wcserverfarm s1Server Matrix rw Router config twcb wcsfarm bypass list range 23 10 hosts redirect range 23 10 ip twcb...

Page 786: ...lists are cached in cache servers belonging to this server farm If no predictor round robin user list is configured for a server farm all other users not configured in a predictor round robin user lis...

Page 787: ...Matrix rw Router config ip twcb wcserverfarm s1Server Matrix rw Router config twcb wcsfarm cache 186 89 10 51 Matrix rw Router config twcb cache faildetect type Use this command to specify the TWCB ca...

Page 788: ...ter is specified all parameters remain unchanged Mode Router command Cache Server Configuration mode Matrix rw Router config twcb cache Example This example sets the failure detection type to the ping...

Page 789: ...rw Router config twcb wcsfarm cache 186 89 10 51 Matrix rw Router config twcb cache maxconns 1000 inservice Use this command to activate this cache server or web cache Syntax inservice Parameters None...

Page 790: ...ip twcb webcache cache1 Matrix rw Router config twcb webcache serverfarm s1Server Matrix rw Router config twcb webcache inservice ip twcb webcache Use this command to create a web cache using the spe...

Page 791: ...web cache cache1 to 8080 Matrix rw Router config ip twcb webcache cache1 Matrix rw Router config twcb webcache http port 8080 serverfarm Use this command to add the specified server farm to this web...

Page 792: ...ese sites can not be redirected to the cache servers This command provides for the creation of lists of IP addresses that need to bypass the cache servers Example This example creates a bypass list fo...

Page 793: ...irect range 10 10 10 26 10 10 10 50 ip twcb redirect out Use this command to redirect outbound HTTP traffic from an interface to the cache servers Syntax ip twcb webcache name redirect out Parameters...

Page 794: ...wcserverfarm serverfarm name Parameters Defaults If no parameter is specified displays details for all configured server farms Mode Router command Matrix rw Router Examples This example displays conf...

Page 795: ...wcb webcache Web Cache Applied Http Active Active Name Interface Port Status Server Farms cache1 Vlan1 80 inservice s1Server s2Server show ip twcb conns Use this command to display cache server connec...

Page 796: ...None Defaults None Mode Router Command Matrix rw Router Example This example displays connection stats data for all clients and cache servers Matrix rw Router show ip twcb stats created established de...

Page 797: ...ow limits Use this command to display the TWCB entry and memory limits Syntax show limits Parameters None Defaults None Mode Router Command Matrix rw Router Example This example displays the TWCB entr...

Page 798: ...this command to display TWCB router limit configuration settings Syntax show router limits twcb bindings twcb cache twcb configs Parameters Defaults If no parameter is specified all router limit setti...

Page 799: ...ute Table Limit 12000 default TWCB maximum Bindings 32000 default TWCB Cache size 2000 default TWCB maximum Configs 1 default This example displays the TWCB cache size limit for this system Matrix su...

Page 800: ...mits setting to the default value Matrix rw clear router limits twcb cache Note Router limits can also be cleared in the following contexts To clear LSNAT router limits see clear router limits LSNAT o...

Page 801: ...ping with faildetect parameter values changed to an interval of 4 seconds and the number of retries to 5 The s2Server cache servers will use the application faildetect type with faildetect parameter v...

Page 802: ...x Router config twcb cache inservice Matrix Router config twcb cache exit Matrix Router config twcb wcsfarm Configure cache server 186 89 10 55 Matrix Router config twcb wcsfarm cache 186 89 10 55 Mat...

Page 803: ...nge 50 10 10 30 50 10 10 43 Matrix Router config twcb webcache hosts redirect deny redirect range 10 10 10 25 10 10 10 30 Matrix Router config twcb webcache exit Matrix Router config Configure the out...

Page 804: ...TWCB Configuration Example clear router limits TWCB 23 22 Transparent Web Cache Balancing Configuration...

Page 805: ...hell SSH provides for secure remote CLI management access For details refer to Configuring Secure Shell SSH on page 24 11 IP Access Lists ACLs permits or denies access to routing interfaces based on p...

Page 806: ...fied ports the switch discards all subsequent frames not containing the configured source addresses The only frames forwarded on a locked port are those with the locked MAC address es for that port Co...

Page 807: ...maclock Output Details Output What it displays Port Number Port designation For a detailed description of possible port_string values refer to Port String Syntax Used in the CLI on page 4 2 Port Statu...

Page 808: ...08 14 4b 15 active first learned fe 2 6 08 00 20 20 32 4b active first learned fe 2 9 08 00 20 77 aa 80 active first learned fe 2 12 00 03 ba 08 4c f0 active first learned fe 2 14 00 01 f4 2c ad b4 ac...

Page 809: ...and configured for a specific MAC address and port string this locks a port so that only designated end station addresses are allowed to participate in frame relay Example This example shows how to en...

Page 810: ...scribed in set maclock enable on page 24 5 When created and enabled this allows only the end station designated by the MAC address to participate in frame relay port_string Optional Disables MAC locki...

Page 811: ...o restrict MAC locking to 6 MAC addresses on fe 2 3 Matrix rw set maclock firstarrival fe 2 3 6 set maclock move Use this command to move all current first arrival MACs to static entries Syntax set ma...

Page 812: ...3 Matrix rw clear maclock firstarrival fe 2 3 6 set maclock static Use this command to restrict MAC locking on a port to a maximum number of static management defined MAC addresses for end stations co...

Page 813: ...le This example shows how to reset static MAC locking on fe 2 3 Matrix rw clear maclock static fe 2 3 set maclock trap Use this command to enable or disable MAC lock trap messaging Syntax set maclock...

Page 814: ...aclock trap fe 2 3 enable clear maclock Use this command to clear MAC locking from one or more static MAC addresses Syntax clear maclock all mac address port string Parameters Defaults None Mode Switc...

Page 815: ...of SSH on the device Syntax show ssh state Parameters None Defaults None Mode Switch command Read Only Examples This example shows how to display SSH status on the device Matrix rw show ssh state SSH...

Page 816: ...s Syntax set ssh hostkey reinitialize Parameters Defaults None Mode Switch command Read Write Example This example shows how to regenerate SSH keys Matrix rw set ssh hostkey reinitialize show router s...

Page 817: ...d set router ssh Use this command to enables or disable SSH service to the router Syntax set router ssh enable disable Parameters Defaults None Mode Switch command Read Write Example This example show...

Page 818: ...re Shell SSH clear router ssh 24 14 Security Configuration Mode Switch command Read Write Example This example shows how to reset SSH service to the router to the default state of disabled Matrix rw c...

Page 819: ...denies ICMP UDP and IP frames based on restrictions configured with the one of the access list commands For details on configuring standard access lists refer to ip access group on page 24 20 For deta...

Page 820: ...cified entry in an existing ACL or replaces a specified entry with this new entry log 1 5000 all Enable syslog for ACL entry hits Enable syslog for sequential number of ACL entry or for all ACL entrie...

Page 821: ...moves entry 16 to the beginning of ACL 22 Matrix Router config access list 22 move 1 16 access list extended Use this command to define an extended IP access list by number when operating in router m...

Page 822: ...rce2 Optional Moves a sequence of access list entries before another entry Destination is the number of the existing entry before which this new entry will be moved Source1 is a single entry number or...

Page 823: ...heir ICMP message code The code is a number from 0 to 255 operator port Optional Applies access rules to TCP or UDP source or destination port numbers Possible operands include lt port Match only pack...

Page 824: ...TCP host 10 1 2 1 eq 42 any This example shows how to define access list 101 to deny TCP packets transmitted from any IP source port with the precedence field set to a value of 3 and the tos field se...

Page 825: ...nd removes the specified access list Example This example shows how to apply access list 1 for all inbound frames on VLAN 1 Through the definition of access list 1 only frames with destination 192 5 3...

Page 826: ...ICMP packets protection is enabled the Ping of Death counter will not be incremented Ping of Death is a subset of the fragmented ICMP function Example This example shows how to display Denial of Servi...

Page 827: ...er config if Vlan vlan_id Usage The no form of this command disables the specified security features land Enables land attack protection and automatically discards illegal frames This can be enabled g...

Page 828: ...2000 This example shows how to enable spoofed address checking on the VLAN 1 interface Matrix Router config interface vlan 1 Matrix Router config if Vlan 1 hostdos checkspoof clear hostdos counters Us...

Page 829: ...e FST on the switch and on a port by port basis Configure the maximum flows allowed per user classification port type and the actions that will occur when flow limits are reached Assign a user classif...

Page 830: ...case it is enabled for FST with an unspecified port classification is currently operational and has no FST action assigned Matrix rw show flowlimit limit port fe 2 1 Flow setup throttling port config...

Page 831: ...n command as described in set flowlimit action on page 24 28 This limit can be assigned to one or more ports using the set flowlimit class command as described in set flowlimit port on page 24 31 Exam...

Page 832: ...on2 notify drop disable userport serverport aggregateduser interswitchlink unspecified Parameters limit1 limit2 Specifies the configuration to be removed as limit 1 or 2 userport serverport aggregated...

Page 833: ...action1 action2 notify drop disable userport serverport aggregateduser interswitchlink unspecified Parameters drop Optional When flow limit is reached drops excess flows and discard packets disable O...

Page 834: ...userport serverport aggregateduser interswitchlink unspecified Parameters Defaults If port classification type is not specified information related to all classifications will be displayed Mode Switch...

Page 835: ...tion1 notify limit2 0 action2 disable notify set flowlimit port Use this command to enable or disable flow limiting on one or more port s assign a flow limiting user classification to one or more port...

Page 836: ...assification type to Fast Ethernet ports 3 5 in module 2 Matrix rw set flowlimit port class userport fe 2 3 5 clear flowlimit port class Use this command to remove flow limiting port classification pr...

Page 837: ...it on page 24 27 Example This example shows how to enable the flow limit shut down function Matrix rw set flowlimit shutdown enable set flowlimit notification Use this command to enable or disable flo...

Page 838: ...MP flow limit notification interval Matrix rw clear flowlimit notification interval clear flowlimit stats Use this command to reset flow limiting statistics back to default values on one or more port...

Page 839: ...s refer to Configuring MAC Authentication on page 25 26 Convergence End Point CEP Convergence Endpoint CEP detection is an Enterasys Networks mechanism for identifying IP phones that are connected to...

Page 840: ...anular control over user authorization The Enterasys multi user 802 1X implementation includes the following components A Multi Mode Enabled Enterasys Matrix System only when a system is set to operat...

Page 841: ...information for all ports will be displayed For information about Refer to page show dot1x 25 3 show dot1x auth config 25 5 set dot1x 25 7 set dot1x auth config 25 7 clear dot1x auth config 25 9 auth...

Page 842: ...henticating 0 EAP Logoff While Authenticating 0 ReAuths While Authenticated 0 EAP Starts While Authenticated 0 EAP Logoff While Authenticated 0 Backend Responses 0 Backend Access Challenges 0 Backend...

Page 843: ...ol Optional Displays the current value of the controlled Port control parameter for the Port keytxenabled Optional Displays the state of 802 1X key transmission currently in use by the authenticator P...

Page 844: ...display all 802 1X authentication configuration settings for fe 2 24 Matrix rw show dot1x fe 2 24 Port fe 2 24 Auth Config PAE state Initialize Backend auth State Initialize Admin controlled direction...

Page 845: ...ix rw set dot1x enable This example shows how to reinitialize fe 2 24 Matrix rw set dot1x init fe 2 24 set dot1x auth config Use this command to configure 802 1X authentication Syntax set dot1x auth c...

Page 846: ...or disables false 802 1X key transmission by the authenticator PAE state machine maxreq value Specifies the maximum number of authentication requests allowed by the backend authentication state machi...

Page 847: ...auto on all ports Matrix rw clear dot1x auth config authcontrolled portcontrol This example shows how to reset reauthentication control to disabled on ports fe 1 1 3 Matrix rw clear dot1x auth config...

Page 848: ...Configuring 802 1X Authentication clear dot1x auth config 25 10 Authentication Configuration Matrix rw clear dot1x auth config quietperiod fe 1 1 3...

Page 849: ...quirements of an authenticating client needing to send an HTTP request with its web browser Typically the client will need DNS and ARP resolution before it can generate the HTTP request needed to do a...

Page 850: ...explicitly return a static route for the client or to inform the client that all routes are local meaning the client is its own default gateway For more information on configuring policy profiles refe...

Page 851: ...mple shows how to display PWA information for ge 2 1 Matrix rw show pwa ge 2 1 PWA Status enabled PWA IP Address 192 168 62 99 PWA Protocol PAP PWA Enhanced Mode N A PWA Logo enabled PWA Guest Network...

Page 852: ...enabled with RADIUS or no authentication Default state of disabled can be changed using the set pwa gueststatus command as described in set pwa gueststatus on page 25 22 PWA Guest Name Guest user name...

Page 853: ...formation on disabling 802 1X refer to set dot1x on page 25 7 For information on disabling MAC authentication refer to set macauthentication on page 25 29 Example This example shows how to enable port...

Page 854: ...name Syntax clear pwa hostname Parameters None Defaults None Mode Switch command Read Write Example This example shows how to clear the PWA host name Matrix rw clear pwa hostname show pwa banner Use...

Page 855: ...the PWA login banner to Welcome to Enterasys Networks Matrix rw set pwa banner Welcome to Enterasys Networks set pwa displaylogo hide Use this command to disable the currently configured PWA banner S...

Page 856: ...Syntax set pwa displaylogo display hide Parameters Defaults None Mode Switch command Read Write Example This example shows how to hide the Enterasys Networks logo Matrix rw set pwa displaylogo hide s...

Page 857: ...ipaddress ip address Parameters Defaults None Mode Switch command Read Write Usage This is the IP address of the end station from which PWA will prevent network access until the user is authenticated...

Page 858: ...Write Usage When enabled users on unauthenticated PWA ports can type any URL into a browser and be presented the PWA login page on their initial web access They will also be granted guest networking p...

Page 859: ...ed in set pwa enhancedmode on page 25 20 PWA will use this name to grant network access to guests without established login names and passwords Example This example shows how to set the PWA guest user...

Page 860: ...ithout established login names and passwords Example This example shows how to set the PWA guest user password name Matrix rw set pwa guestpasword Guest Password Retype Guest Password set pwa gueststa...

Page 861: ...initialize port string Parameters Defaults If port string is not specified all ports will be initialized Mode Read Write Example This example shows how to initialize ports fe 1 5 7 Matrix rw set pwa i...

Page 862: ...held state Syntax set pwa maxrequests maxrequests port string Parameters Defaults If port string is not specified maximum requests will be set for all ports Mode Read Write Example This example shows...

Page 863: ...y Example This example shows how to display PWA session information Matrix rw show pwa session Port MAC IP User Duration Status ge 2 19 00 c0 4f 20 05 4b 172 50 15 121 pwachap10 0 14 46 55 active ge 2...

Page 864: ...nds show macauthentication Use this command to display MAC authentication information for one or more ports Syntax show macauthentication port string For information about Refer to page show macauthen...

Page 865: ...output port string Optional Displays MAC authentication information for specific port s For a detailed description of possible port string values refer to Port String Syntax Used in the CLI on page 4...

Page 866: ...tring Syntax Used in the CLI on page 4 2 Port State Whether or not MAC authentication is enabled or disabled on this port Quiet Period Enables a reauthentication attempt for failed entries at the peri...

Page 867: ...n session Output Details Output What it displays Port Port designation For a detailed description of possible port string values refer to Port String Syntax Used in the CLI on page 4 2 MAC Address MAC...

Page 868: ...d to clear the MAC authentication password Syntax clear macauthentication password Parameters None Defaults None Mode Switch command Read Write Examples This example shows how to clear the MAC authent...

Page 869: ...ameters None Defaults None Mode Switch command Read Write Example This example shows how to clear the MAC authentication significant bits setting Matrix rw clear macauthentication significant bits set...

Page 870: ...ort string Parameters Defaults None Mode Switch command Read Write Example This example shows how to set the number of allowed MAC authentication sessions to 4 on ge 2 1 Matrix rw set macauthenticatio...

Page 871: ...and remove any currently active sessions on those ports Syntax set macauthentication portinitialize port string Parameters Defaults None Mode Switch command Read Write Example This example shows how t...

Page 872: ...authentication enable disable port string Parameters Defaults None Mode Switch command Read Write Example This example shows how to enable MAC reauthentication on ge 4 1 though 5 Matrix rw set macauth...

Page 873: ...enticate mac_addr Parameters Defaults None Mode Switch command Read Write Example This example shows how to force the MAC authentication session for address 00 60 97 b5 4c 07 to reauthenticate Matrix...

Page 874: ...tion reauthperiod port string Parameters Defaults If port string is not specified the reauthentication period will be cleared on all ports Mode Switch command Read Write Example This example shows how...

Page 875: ...period 120 ge 2 1 5 clear macauthentication quietperiod Use this command to clear the macauthentication quiet period on one or more ports to the default value Syntax clear macauthentication quietperi...

Page 876: ...authentication quietperiod 25 38 Authentication Configuration Usage The default value is 0 never Example This example shows how to clear the macauthentication quietperiod for port ge 1 1 Matrix rw cle...

Page 877: ...for detection Default UDP ports are 1718 1719 1720 Default group address is 224 0 1 41 The commands in this section can be used to configure H 323 detection using new parameters A second default H 323...

Page 878: ...ery Time MON FEB 06 02 31 42 2006 Firmware Version Address Type unknown Endpoint IP unavailable Endpoint MAC 00 04 0d 01 f8 35 show cep detection Use this command to display CEP phone detection parame...

Page 879: ...ection information Matrix show cep detection Global CEP state enabled Detection Rules for Index 1 Endpoint Phone Type h323 Protocol tcp udp Port Low 1718 Port High 1720 Address Type unknown Address Ma...

Page 880: ...CEP types Syntax show cep port port string Parameters Defaults None Mode Read Only Examples This example shows how to display CEP status information for port fe 1 21 Matrix show cep port fe 1 21 Port...

Page 881: ...ne detection on port fe 3 1 Matrix set cep port fe 3 1 cisco enable set cep policy Use this command to set a global default policy for a CEP detection type Syntax set cep policy cisco h323 siemens sip...

Page 882: ...or enable disable or remove an existing group Syntax set cep detection id id create delete disable enable Parameters Defaults None Mode Switch command Read Write cisco Set the Cisco global default pol...

Page 883: ...tion uses CiscoDP as its discovery method There are currently 3 manual detection types Siemens H323 SIP Under manual detection configuration for each of the types the Endpoint Phone Type will be liste...

Page 884: ...will have no IP address configured Example This example shows how to set an IP address of 10 1 1 3 and mask for detection group 1 Matrix set cep detection id 1 address 10 1 1 3 mask 255 255 0 0 set ce...

Page 885: ...oints detection for CEP detection group 1 Matrix set cep detection id 1 protocol both set cep detection id porthigh portlow Use this command to set the maximum and minimum ports used for TCP or UDP co...

Page 886: ...group 1 Matrix set cep detection id 1 portlow 65 set cep initialize Use this command to clear all existing CEP connections for one or more CEP enabled ports Syntax set cep initialize port string Param...

Page 887: ...is example shows how to clears ports fe 1 1 5 of Cisco phone detection parameters Matrix clear cep port fe 1 1 5 cisco all Restores factory defaults to all CEP configuration information policy Restore...

Page 888: ...sical port the user device is authenticating on Filter ID Attribute Formats Enterasys Networks supports two Filter ID formats decorated and undecorated The decorated format has three forms To specify...

Page 889: ...tion login is any set authentication login Use this command to set the authentication login method Syntax set authentication login any local radius tacacs Parameters For information about Refer to pag...

Page 890: ...gin method to use the local password settings Matrix rw set authentication login local clear authentication login Use this command to reset the authentication login method to the default setting of an...

Page 891: ...onfiguration Syntax show radius state retries authtype timeout server index all Parameters For information about Refer to page show radius 25 53 set radius 25 54 clear radius 25 55 show radius account...

Page 892: ...cess any index all Parameters Table 25 4 show radius Output Details Output What it displays RADIUS state Whether the RADIUS client is enabled or disabled RADIUS retries Number of retry attempts before...

Page 893: ...authenticate management access only Matrix rw set radius realm management access all This example shows how to set the RADIUS timeout to 5 seconds Matrix rw set radius timeout 5 This example shows how...

Page 894: ...mum state server index all Parameters state Optional Resets the RADIUS client state to the default setting of disabled retries Optional Resets the maximum number of attempts a user can contact the RAD...

Page 895: ...Index IP Port Retries Timeout Status 1 1 1 1 1 1236 2 5 Primary set radius accounting Use this command to configure RADIUS accounting Syntax set radius accounting enable disable intervalminimum value...

Page 896: ...s to 10 on server 6 Matrix rw set radius accounting retries 10 6 clear radius accounting Use this command to clear RADIUS accounting configuration settings Syntax clear radius accounting server index...

Page 897: ...terasys Matrix DFE Gold Series Configuration Guide 25 59 Defaults None Mode Switch command Read Write Example This example shows how to reset the RADIUS accounting timeout to 5 seconds on all servers...

Page 898: ...n and class of service to be provided Enterasys Networks Layer 2 switches utilize two specific attributes to implement the provisioning of service in response to a successful authentication A propriet...

Page 899: ...gged untagged unknown set vlanauthorization Use this command to set the VLAN Authorization attributes Syntax set vlanauthorization enable disable port port list enable disable none tagged untagged dyn...

Page 900: ...clear vlanauthorization Use this command to clear the VLAN Authorization attributes to the defaults Syntax clear vlanauthorization port list all Parameters Defaults None Mode Switch command Read Writ...

Page 901: ...mands show tacacs Use this command to display the current TACACS configuration information and status Syntax show tacacs state Parameters Defaults If state is not specified all TACACS configuration in...

Page 902: ...enabled or disabled TACACS session accounting state Whether TACACS session accounting is enabled or disabled TACACS command authorization state Whether TACACS command authorization is enabled or disab...

Page 903: ...is enabled the login authentication is switched to RADIUS or local if enabled Examples This example shows how to enable the TACACS client Matrix rw set tacacs enable show tacacs server Use this comma...

Page 904: ...meout seconds set tacacs server index address port secret Parameters Defaults None Mode Switch command Read Write Example This example configures TACACS server 1 The default timeout value of 10 second...

Page 905: ...display the current TACACS client session settings Syntax show tacacs session authorization accounting state Parameters Defaults If state is not specified all session accounting configuration paramet...

Page 906: ...nable disable Enables or disables TACACS session accounting authorization Specifies that TACACS session authorization is being configured service name Specifies the name of the service that the TACACS...

Page 907: ...service requested by the TACACS client as the service name basic Matrix rw set tacacs session authorization service basic This example maps the Matrix read write access privilege level to an attribute...

Page 908: ...status enabled or disabled of TACACS accounting or authorization on a per command basis Syntax show tacacs command accounting authorization state Parameters Defaults If state is not specified all acc...

Page 909: ...executed during the session When per command authorization is enabled the TACACS server will check whether each command is permitted for that authorized session and return a success or fail If the au...

Page 910: ...t TACACS single connect state enabled set tacacs singleconnect Use this command to enable or disable the ability of the TACACS client to send multiple requests over a single TCP connection When enable...

Page 911: ...ributes to be applied to the traffic The client sends a RADIUS Access Request frame to the RADIUS server to initiate the authentication process This request frame contains the Calling Station ID attri...

Page 912: ...S statistics Purpose To enable configure and display information for RADIUS Snooping used by the network manager to manage downstream connections when the full complement of Enterasys SecureNetworks c...

Page 913: ...sponse frame to be returned from the RADIUS server after successfully snooping a RADIUS request frame from the client Syntax set radius snooping timeout seconds Parameters Defaults None Mode Read Writ...

Page 914: ...This value is the maximum number of users per port for all authentication clients In some cases it may be necessary to drop RADIUS traffic in order to maintain session consistency between the distribu...

Page 915: ...rt Flow entries are added to the flow table based upon the entry index value The first matching entry in the table is the entry used for the continuation of the authentication process If a secret is c...

Page 916: ...es all RS sessions associated with port ge 1 1 by initializing the port Matrix rw set radius snooping initialize port ge 1 1 clear radius snooping all Use this command to reset all RS configuration to...

Page 917: ...the index value to clear flows for a particular port Examples This example clears all flow table entries Matrix rw clear radius snooping flow all This example clears the flow table entry for index 5 M...

Page 918: ...ng port port string Parameters Defaults None Mode Read Only Example This example displays the RS status for port fe 1 1 Matrix rw show radius snooping port fe 1 1 Radius Snooping Enabled Port Port Sta...

Page 919: ...s 17 Number pending 4 Total Sessions 85 Total RADIUS Access Requests 242 Table 26 2 Radius Snooping Port Settings Output What it displays Port Specifies the port s currently enabled for RS Port State...

Page 920: ...ons Specifies the number of active sessions for this flow Number pending Specifies the number of valid RADIUS request frames pending but no matching RADIUS response frame has been seen These sessions...

Page 921: ...adius Snooping Session Port Settings Output What it displays MAC Address Specifies the MAC address associated with the session information in this display Port Specifies the port ID associated with th...

Page 922: ...Understanding RADIUS Snooper show radius snooping session 26 12 RADIUS Snooping Configuration...

Page 923: ...will determine which RADIUS returned filter ID will be processed and result in an applied traffic policy profile DFE Gold Multi User Capacities Matrix DFE Gold modules support one authenticated user...

Page 924: ...t 27 6 clear multiauth port 27 7 show multiauth station 27 8 clear multiauth station 27 8 show multiauth session 27 9 show multiauth idle timeout 27 10 set multiauth idle timeout 27 10 clear multiauth...

Page 925: ...auth mode multi clear multiauth mode Use this command to clear the system authentication mode Syntax clear multiauth mode Parameters None Defaults None Mode Switch command Read Write Example This exam...

Page 926: ...erational precedence dot1x mac pwa cep show multiauth counters Use this command to display multiauth counter values Syntax show multiauth counters cep dot1x mac pwa chassis port portstring chassis cep...

Page 927: ...ed by more than one method at the same time the precedence of the authentication methods will determine which RADIUS returned filter ID will be processed and result in an applied traffic policy profil...

Page 928: ...information will be displayed for all ports Mode Switch command Read Only Example This example shows how to display multiple authentication information for ports fe 1 1 4 Matrix rw show multiauth port...

Page 929: ...shows how to clear the port multiple authentication mode on all 1 Gigabit Ethernet ports Matrix rw clear multiauth port mode ge mode auth opt auth reqd force auth force unauth Specifies the port s mul...

Page 930: ...ltiauth station Port Address type Address fe 1 20 mac 00 10 a4 9e 24 87 fe 2 16 mac 00 b0 d0 e5 0c d0 clear multiauth station Use this command to clear one or more multiple authentication station entr...

Page 931: ...mmand Read Only Example This example shows how to display multiple authentication session Matrix rw show multiauth session Multiple authentication session entries Port fe 2 2 Station address 00 01 f4...

Page 932: ...pes dot1x pwa mac and cep Example This example shows how to display timeout values for an idle session for each of the authentication types Matrix rw show multiauth idle timeout Authentication type Ti...

Page 933: ...tiauth idle timeout 600 clear multiauth idle timeout Use this command to reset the maximum number of consecutive seconds an authenticated session may be idle before termination of the session to the d...

Page 934: ...Matrix rw clear multiauth idle timeout mac This example shows how to clear the idle timeout session values for all authentication types back to the default value of 300 seconds Matrix rw set multiauth...

Page 935: ...shows how to set the session timeout value for an active session for cep and mac authentication to 500 seconds Matrix rw set multiauth session timeout cep 500 Matrix rw set multiauth session timeout...

Page 936: ...ix rw clear multiauth idle timeout cep Matrix rw clear multiauth idle timeout mac This example shows how to clear the session timeout values for an active session for all authentication types to the d...

Page 937: ...ed in system disabled traps are not sent when max users reached in system module Configures multiauth module trap settings as follows enabled traps are sent when max users reached in module disabled t...

Page 938: ...uccess failed terminated max reached Parameters Defaults None Mode Switch command Read Only Example This example shows how to display multiple authentication trap settings for port ge 1 1 4 Matrix rw...

Page 939: ...ultiple Authentication Enterasys Matrix DFE Gold Series Configuration Guide 27 17 Matrix rw This example shows how to display multiple authentication trap system settings Matrix rw show multiauth trap...

Page 940: ...Configuring Multiple Authentication show multiauth trap 27 18 MultiAuth Configuration...

Page 941: ...one detection 25 39 Copying Configuration or Image Files 2 86 Cost area default 21 34 OSPF 21 24 21 34 Spanning Tree port 6 60 D Debugging OSPF 21 50 Defaults CLI behavior described 2 6 factory instal...

Page 942: ...Management assigning classification rules 8 7 classifying to a VLAN or Class of Service 8 8 8 14 profiles 8 2 8 21 Port Mirroring 4 52 Port Priority configuring 22 2 Port String syntax used in the CLI...

Page 943: ...Trap SNMP configuration example 5 3 U Updates disable RIP triggered 21 14 RIP distribute list 21 17 User Accounts default 2 7 setting 2 15 V Version RIP receive 21 7 RIP send 21 7 Version Information...

Page 944: ...Index 4...

Reviews:

No comments

Related manuals for Enterasys Matrix DFE-Gold Series

D-Link DI-707 User Manual preview
DI-707
Brand: D-Link Pages: 36
GE GuardSwitch 300 Series Quick Start Manual preview
GuardSwitch 300 Series
Brand: GE Pages: 4
OFFICINE OROBICHE PL Series Instruction Manual preview
PL Series
Brand: OFFICINE OROBICHE Pages: 7
3Com 4210 Series Datasheet preview
4210 Series
Brand: 3Com Pages: 8
3Com PathBuilder S200 Series Feature Manual preview
PathBuilder S200 Series
Brand: 3Com Pages: 11
3Com 4400 Datasheet preview
4400
Brand: 3Com Pages: 8
3Com CoreBuilder 3500 Getting Started Manual preview
CoreBuilder 3500
Brand: 3Com Pages: 96
Barco Matrix-PRO HD-SDI Specifications preview
Matrix-PRO HD-SDI
Brand: Barco Pages: 2
X10 WM100 Product Manual preview
WM100
Brand: X10 Pages: 20
Pakedge SX-8P Quick Start Manual preview
SX-8P
Brand: Pakedge Pages: 24
3onedata TNS5800-8GP16GT-P24VDC Quick Installation Manual preview
TNS5800-8GP16GT-P24VDC
Brand: 3onedata Pages: 3
Dahua PFS3005-5ET-V2 Quick Start Manual preview
PFS3005-5ET-V2
Brand: Dahua Pages: 17
Cabletron Systems DLEHF-MA User Manual preview
DLEHF-MA
Brand: Cabletron Systems Pages: 194
Vega VEGAWAVE S 61 Operating Instructions Manual preview
VEGAWAVE S 61
Brand: Vega Pages: 44
DLS DLS 400A Operating Manual preview
DLS 400A
Brand: DLS Pages: 226
Gefen EXT-VGA-142N User Manual preview
EXT-VGA-142N
Brand: Gefen Pages: 14
T1V ThinkHub Pro Quick Start Manual preview
ThinkHub Pro
Brand: T1V Pages: 2
Optical Systems OSD2700F SERIES Operator'S Manual preview
OSD2700F SERIES
Brand: Optical Systems Pages: 29

Brands by name

Popular brands

Load more brands