manualshive.com logo in svg

Enterasys G3G170-24, Cli Reference Manual

Share
Download
Enterasys G3G170-24 Cli Reference Manual Download Page 603

Enterasys G-Series CLI Reference 20-1

20

Security Configuration

This

 

chapter

 

describes

 

the

 

Security

 

Configuration

 

set

 

of

 

commands

 

and

 

how

 

to

 

use

 

them.

Overview of Security Methods

The

 

following

 

security

 

methods

 

are

 

available

 

for

 

controlling

 

which

 

users

 

are

 

allowed

 

to

 

access,

 

monitor,

 

and

 

manage

 

the

 

switch.

 

Login

 

user

 

accounts

 

and

 

passwords

 

 

used

 

to

 

log

 

in

 

to

 

the

 

CLI

 

via

 

a

 

Telnet

 

connection

 

or

 

local

 

COM

 

port

 

connection.

 

For

 

details,

 

refer

 

to

 

Setting

 

User

 

Accounts

 

and

 

Passwords

 

on

 

page 2

2.

Host

 

Access

 

Control

 

Authentication

 

(HACA)

 

 

authenticates

 

user

 

access

 

of

 

Telnet

 

management,

 

console

 

local

 

management

 

and

 

WebView

 

via

 

a

 

central

 

RADIUS

 

Client/Server

 

application.

 

When

 

RADIUS

 

is

 

enabled,

 

this

 

essentially

 

overrides

 

login

 

user

 

accounts.

 

When

 

HACA

 

is

 

active

 

per

 

a

 

valid

 

RADIUS

 

configuration,

 

the

 

user

 

names

 

and

 

passwords

 

used

 

to

 

access

 

the

 

switch

 

via

 

Telnet,

 

SSH,

 

WebView,

 

and

 

COM

 

ports

 

will

 

be

 

validated

 

against

 

the

 

configured

 

RADIUS

 

server.

 

Only

 

in

 

the

 

case

 

of

 

a

 

RADIUS

 

timeout

 

will

 

those

 

credentials

 

be

 

compared

 

against

 

credentials

 

locally

 

configured

 

on

 

the

 

switch.

 

For

 

details,

 

refer

 

to

 

Configuring

 

RADIUS

 

on

 

page 20

3.

SNMP

 

user

 

or

 

community

 

names

 

 

allows

 

access

 

to

 

the

 

G

Series

 

switch

 

via

 

a

 

network

 

SNMP

 

management

 

application.

 

To

 

access

 

the

 

switch,

 

you

 

must

 

enter

 

an

 

SNMP

 

user

 

or

 

community

 

name

 

string.

 

The

 

level

 

of

 

management

 

access

 

is

 

dependent

 

on

 

the

 

associated

 

access

 

policy.

 

For

 

details,

 

refer

 

to

 

Chapter 5

.

802.1X

 

Port

 

Based

 

Network

 

Access

 

Control

 

using

 

EAPOL

 

(Extensible

 

Authentication

 

Protocol)

 

 

provides

 

a

 

mechanism

 

via

 

a

 

RADIUS

 

server

 

for

 

administrators

 

to

 

securely

 

For information about...

Refer to page...

Overview of Security Methods

20-1

Configuring RADIUS

20-3

Configuring 802.1X Authentication

20-10

Configuring MAC Authentication

20-19

Configuring Multiple Authentication Methods

20-30

Configuring VLAN Authorization (RFC 3580)

20-41

Configuring MAC Locking

20-46

Configuring Port Web Authentication (PWA)

20-57

Configuring Secure Shell (SSH)

20-68

Configuring Access Lists

20-70

Summary of Contents for G3G170-24

Page 1: ...Enterasys G Series Ethernet Switch CLI Reference Firmware Version 1 00 xx P N 9034358 01...

Page 2: ......

Page 3: ...EN IF ENTERASYS NETWORKS HAS BEEN ADVISED OF KNEW OF OR SHOULD HAVE KNOWN OF THE POSSIBILITY OF SUCH DAMAGES Enterasys Networks Inc 50 Minuteman Road Andover MA 01810 2008 Enterasys Networks Inc All r...

Page 4: ...nd conditions of this Agreement 2 RESTRICTIONS Except as otherwise authorized in writing by Enterasys You may not nor may You permit any third party to a Reverse engineer decompile disassemble or modi...

Page 5: ...HE PROGRAM TO YOU 7 LIMITATION OF LIABILITY IN NO EVENT SHALL ENTERASYS OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING WITHOUT LIMITATION DAMAGES FOR LOSS OF BUSINESS PROFITS BUSINESS...

Page 6: ...ach of this Agreement 12 WAIVER A waiver by Enterasys of a breach of any of the terms and conditions of this Agreement must be in writing and will not be construed as a waiver of any subsequent breach...

Page 7: ...rpose 2 2 Commands 2 2 show system login 2 3 set system login 2 3 clear system login 2 4 set password 2 5 set system password length 2 6 set system password aging 2 6 set system password history 2 7 s...

Page 8: ...epower trap 2 33 show port inlinepower 2 33 set port inlinepower 2 34 Downloading a Firmware Image 2 35 Downloading from a TFTP Server 2 35 Downloading via the Serial Port 2 35 Reverting to a Previous...

Page 9: ...cdp state 3 3 set cdp auth 3 3 set cdp interval 3 4 set cdp hold time 3 5 clear cdp 3 5 show neighbors 3 6 Configuring Cisco Discovery Protocol 3 6 Purpose 3 6 Commands 3 7 show ciscodp 3 7 show cisc...

Page 10: ...3 Purpose 4 3 Commands 4 4 show port 4 4 show port status 4 4 show port counters 4 5 Disabling Enabling and Naming Ports 4 7 Purpose 4 7 Commands 4 7 set port disable 4 7 set port enable 4 8 show por...

Page 11: ...broadcast 4 30 Port Mirroring 4 30 Mirroring Features 4 31 Purpose 4 31 Commands 4 31 show port mirroring 4 31 set port mirroring 4 32 clear port mirroring 4 33 Link Aggregation Control Protocol LACP...

Page 12: ...show snmp community 5 13 set snmp community 5 13 clear snmp community 5 14 Configuring SNMP Access Rights 5 15 Purpose 5 15 Commands 5 15 show snmp access 5 15 set snmp access 5 16 clear snmp access...

Page 13: ...et spantree version 6 8 clear spantree version 6 8 show spantree bpdu forwarding 6 9 set spantree bpdu forwarding 6 9 show spantree bridgeprioritymode 6 10 set spantree bridgeprioritymode 6 10 clear s...

Page 14: ...i 6 34 clear spantree portpri 6 35 show spantree adminpathcost 6 35 set spantree adminpathcost 6 36 clear spantree adminpathcost 6 36 show spantree adminedge 6 37 set spantree adminedge 6 37 clear spa...

Page 15: ...t discard 7 10 set port discard 7 11 Configuring the VLAN Egress List 7 11 Purpose 7 11 Commands 7 12 show port egress 7 12 set vlan forbidden 7 13 set vlan egress 7 13 clear vlan egress 7 14 show vla...

Page 16: ...0 show cos settings 8 21 set cos port config 8 21 show cos port config 8 22 clear cos port config 8 23 set cos port resource 8 24 show cos port resource 8 25 clear cos port resource 8 26 set cos refer...

Page 17: ...pose 10 9 Commands 10 9 ip igmp 10 10 ip igmp enable 10 10 ip igmp version 10 11 show ip igmp interface 10 11 show ip igmp groups 10 12 ip igmp query interval 10 13 ip igmp query max response time 10...

Page 18: ...w mac unreserved flood 11 23 set mac unreserved flood 11 24 Configuring Simple Network Time Protocol SNTP 11 25 Purpose 11 25 Commands 11 25 show sntp 11 25 set sntp client 11 27 clear sntp client 11...

Page 19: ...rmon channel 12 16 clear rmon channel 12 17 show rmon filter 12 17 set rmon filter 12 18 clear rmon filter 12 19 Packet Capture Commands 12 20 Purpose 12 20 Commands 12 20 show rmon capture 12 20 set...

Page 20: ...efault router 13 21 clear dhcp pool default router 13 22 set dhcp pool dns server 13 22 clear dhcp pool dns server 13 23 set dhcp pool domain name 13 23 clear dhcp pool domain name 13 24 set dhcp pool...

Page 21: ...Configuration Activating Advanced Routing Features 16 1 Configuring RIP 16 1 Purpose 16 1 RIP Configuration Task List and Commands 16 2 router rip 16 2 ip rip enable 16 3 distance 16 3 ip rip send ve...

Page 22: ...16 32 ip dvmrp metric 16 33 show ip dvmrp 16 33 Configuring IRDP 16 34 Purpose 16 34 Commands 16 34 ip irdp enable 16 34 ip irdp maxadvertinterval 16 35 ip irdp minadvertinterval 16 35 ip irdp holdti...

Page 23: ...18 3 ipv6 route 18 4 ipv6 route distance 18 5 ipv6 unicast routing 18 6 ping ipv6 18 6 ping ipv6 interface 18 7 traceroute ipv6 18 8 Interface Configuration Commands 18 9 ipv6 address 18 9 ipv6 enable...

Page 24: ...tv 19 14 area range 19 14 area stub 19 15 area stub no summary 19 16 area virtual link 19 16 area virtual link dead interval 19 17 area virtual link hello interval 19 18 area virtual link retransmit i...

Page 25: ...iguring MAC Authentication 20 19 Purpose 20 19 Commands 20 19 show macauthentication 20 20 show macauthentication session 20 21 set macauthentication 20 22 set macauthentication password 20 23 clear m...

Page 26: ...20 44 show vlanauthorization 20 45 Configuring MAC Locking 20 46 Purpose 20 46 Commands 20 46 show maclock 20 47 show maclock stations 20 48 set maclock enable 20 49 set maclock disable 20 50 set mac...

Page 27: ...P 7 20 Tables 1 1 Default Settings for Basic Switch and Router Operation 1 2 1 2 Basic Line Editing Commands 1 10 2 1 show system lockout Output Details 2 7 2 2 show system Output Details 2 12 2 3 sho...

Page 28: ...5 5 15 2 show ip arp Output Details 15 12 16 1 RIP Configuration Task List and Commands 16 2 16 2 OSPF Configuration Task List and Commands 16 10 16 3 show ip ospf database Output Details 16 27 16 4 s...

Page 29: ...19 43 19 13 show ipv6 ospf virtual link Output Details 19 44 20 1 show radius Output Details 20 4 20 2 show eapol Output Details 20 16 20 3 show macauthentication Output Details 20 20 20 4 show macaut...

Page 30: ...xxviii...

Page 31: ...cking and MAC authentication Configure access control lists ACLs Structure of This Guide The guide is organized as follows Chapter 1 Introduction provides an overview of the tasks that can be accompli...

Page 32: ...IGMP Configuration describes how to configure Internet Group Management Protocol IGMP settings for multicast filtering Chapter 11 Logging and Network Management describes how to configure Syslog how...

Page 33: ...font Indicates complete document titles Courier font Used for examples of information displayed on the screen Courier font in italics Indicates a user supplied value either required or optional Squar...

Page 34: ...twork environment for example layout cable type Network load and frame size at the time of trouble if known The switch history for example have you returned the switch before is this a recurring probl...

Page 35: ...sign IP address and subnet mask Select a default gateway Establish and manage Virtual Local Area Networks VLANs Establish and manage policy profiles and classifications Establish and manage priority c...

Page 36: ...Set to 00 00 00 00 00 00 00 00 CDP hold time Set to 180 seconds CDP interval Transmit frequency of CDP messages set to 60 seconds Cisco discovery protocol Auto enabled on all ports Cisco DP hold time...

Page 37: ...ecked for duplication Policy classification Classification rules are automatically enabled when created Port auto negotiation Enabled on all ports Port advertised ability Maximum ability advertised on...

Page 38: ...medium priority Spanning Tree priority Bridge priority is set to 32768 Spanning Tree topology change trap suppression Enabled Spanning Tree version Set to mstp Multiple Spanning Tree Protocol SSH Disa...

Page 39: ...rt specified IP interfaces Disabled with no IP addresses specified IRDP Disabled on all interfaces When enabled maximum advertisement interval is set to 600 seconds minimum advertisement interval is s...

Page 40: ...ccount on page 1 7 Figure 1 1 G Series Startup Screen Split horizon Enabled for RIP packets without poison reverse Stub area OSPF None configured Telnet Enabled Telnet port IP Set to port number 23 Ti...

Page 41: ...l modifiable parameters The default password is set to a blank string For information on changing these default settings refer to Setting User Accounts and Passwords on page 2 2 Using a Default User A...

Page 42: ...Only access will only be permitted to view Read Only show commands Users with Read Write access will be able to modify all modifiable parameters in set and show commands as well as view Read Only com...

Page 43: ...n Figure 1 5 shows how the show mac command indicates that output continues on more than one screen Figure 1 5 Scrolling Screen Output Abbreviating and Completing Commands The G Series switch allows y...

Page 44: ...123 Table 1 2 Basic Line Editing Commands Key Sequence Command Ctrl A Move cursor to beginning of line Ctrl B Move cursor back one character Ctrl D Delete a character Ctrl E Move cursor to end of lin...

Page 45: ...ormation about Refer to page Quick Start Setup Commands 2 1 Setting User Accounts and Passwords 2 2 Setting Basic Switch Properties 2 8 Activating Licensed Features 2 27 Configuring System Power and P...

Page 46: ...port string enable disable 4 20 Set the per port broadcast limit set port broadcast port string threshold value 4 29 Configure a VLAN set vlan create vlan id 7 4 set port vlan port string vlan id mod...

Page 47: ...gin Use this command to create a new user login account or to disable or enable an existing account The G Series switch supports up to 16 user accounts including the admin account which cannot be dele...

Page 48: ...ar system login username Parameters Defaults None Mode Switch command super user Example This example shows how to remove the netops user account G3 su clear system login netops username Specifies a l...

Page 49: ...lt blank string G3 su set password rw Please enter new password Please re enter new password Password changed G3 su This example shows how a user with Read Write access would change his password G3 su...

Page 50: ...this command to set the number of days user passwords will remain valid before aging out or to disable user account password aging Syntax set system password aging days disable Parameters Defaults No...

Page 51: ...onfigure the system to check the last 10 passwords for duplication G3 su set system password history 10 show system lockout Use this command to display settings for locking out users after failed atte...

Page 52: ...ill be disabled Lockout time Number of minutes the default admin user account will be locked out after the maximum login attempts For information about Refer to page show ip address 2 9 set ip address...

Page 53: ...dress Use this command to set the system IP address subnet mask and default gateway Syntax set ip address ip address mask ip mask gateway ip gateway Parameters set system contact 2 23 set width 2 24 s...

Page 54: ...1 with a mask of 255 255 128 0 G3 su set ip address 10 1 10 1 mask 255 255 128 0 clear ip address Use this command to clear the system IP address Syntax clear ip address Parameters None Defaults None...

Page 55: ...ement Syntax set ip protocol bootp dhcp none Parameters Defaults None Mode Switch command read write Example This example shows how to set the method used to acquire a network IP address to DHCP G3 su...

Page 56: ...on Guide for information on the location of system hardware components Table 2 4 show system Output Details Output Field What It Displays System contact Contact person for the system Default of a blan...

Page 57: ...ch behind Group 1 to cool the CPU subsystem Group 3 fans 4 5 6 and 7 are located on either side of the power slots to cool the power supplies Thermal Sensor Location of thermal sensor s Thermal Thresh...

Page 58: ...Model G3G 24SFP Serial Number Vendor ID 0xbc00 Base MAC Address 00 11 88 B1 76 C0 Hardware Version BCM56512 REV 1 FirmWare Version 01 00 00 0052 Boot Code Version 01 00 42 POWER SUPPLY 1 HARDWARE INF...

Page 59: ...lable Kb RAM RAM device 262144 97173 Flash Images Config Other 31095 8094 This example shows how to display information about the processes running on the system Only partial output is shown G3 ro sho...

Page 60: ...day on the system clock Syntax set time mm dd yyyy hh mm ss Parameters Defaults None Mode Switch command read write Example This example shows how to set the system clock to 7 50 a m G3 su set time 7...

Page 61: ...savings time function G3 su set summertime enable set summertime date Use this command to configure specific dates to start and stop daylight savings time These settings will be non recurring and wil...

Page 62: ...pecifies the day of the month to end daylight savings time end_year Specifies the year to end daylight savings time end_hr_min Specifies the time of day to end daylight savings time Format is hh mm of...

Page 63: ...60 clear summertime Use this command to clear the daylight savings time configuration Syntax clear summertime Parameters None Defaults None Mode Switch command read write Example This example shows h...

Page 64: ...y the banner message of the day G3 rw show banner motd O Knights of Ni you are just and fair and we will return with a shrubbery King Arthur set banner motd Use this command to set the banner message...

Page 65: ...n t King Arthur clear banner motd Use this command to clear the banner message of the day displayed at session login to a blank string Syntax clear banner motd Parameters None Defaults None Mode Switc...

Page 66: ...nfigure a name for the system Syntax set system name string Parameters Defaults If string is not specified the system name will be cleared Mode Switch command read write Table 2 5 show version Output...

Page 67: ...ng G3 su set system location Bldg N32 04 Closet 9 set system contact Use this command to identify a contact person for the system Syntax set system contact string Parameters Defaults If string is not...

Page 68: ...tch command read write Usage The number of rows of CLI output displayed is set using the set length command as described in set length on page 2 24 Example This example shows how to set the terminal c...

Page 69: ...w logout Parameters None Defaults None Mode Switch command read only Example This example shows how to display the CLI logout setting G3 su show logout Logout currently set to 10 minutes set logout Us...

Page 70: ...specified all settings will be displayed Mode Switch command read only Example This example shows how to display all console settings G3 su show console Baud Flow Bits StopBits Parity 9600 Disable 8 1...

Page 71: ...t will be sent to you as a character string similar to the following INCREMENT g3advrouter 2006 0127 27 jan 2011 0123456789AB 0123456789AB The contents of the six fields from the left indicate Type th...

Page 72: ...ture DBV expiration key hostid Parameters Defaults None Mode Switch command read write Usage When activating licenses with this command Enterasys Networks recommends that you copy and paste the entire...

Page 73: ...REMENT G3ipv6router 2008 0212 permanent DF6A8558E5AB 075103099041 Validating license License successfully validated and set G3 rw show license Use this command to display license key information for s...

Page 74: ...s Commands The commands used to review and set system power parameters are listed below set system power Use this command to set the status of power redundancy on the system By default when two power...

Page 75: ...stem power non redundant show inlinepower Use this command to display system power properties Syntax show inlinepower Parameters None Defaults None Mode Switch command read only redundant Sets the sys...

Page 76: ...hen power redundancy is set to non redundant mode G3 su show inlinepower Detection Mode auto Total Power Detected 2400 Watts Total Power Available 2200 Watts Total Power Assigned 0 Watts Power Allocat...

Page 77: ...e set inlinepower threshold command as described on page 2 30 Syntax set inlinepower trap disable enable module number Parameters Mode Switch command read write Example This example shows how to enabl...

Page 78: ...on one or more ports Syntax set port inlinepower port string admin off auto priority critical high low type type Parameters Defaults None Mode Switch command read write Example This example shows how...

Page 79: ...minal Copyright 1999 Tera Term Pro Version 2 3 Any other terminal applications may work but are not explicitly supported The G3 switch allows you to download and store dual images The backup image can...

Page 80: ...displays Setting baud rate to 115200 you must change your terminal baud rate 5 Set the terminal baud rate to 115200 and press ENTER 6 From the boot menu options screen type 4 to load new operational c...

Page 81: ...nfig page 2 43 2 Load your previous version of code on the device as described in Downloading a Firmware Image page 2 35 3 Set this older version of code to be the boot code as described in Reviewing...

Page 82: ...G3 su show boot system Current system image to boot bootfile set boot system Use this command to set the firmware image the switch loads at startup Syntax set boot system filename Parameters Defaults...

Page 83: ...nfigure Telnet are listed below show telnet Use this command to display the status of Telnet on the switch Syntax show telnet Parameters None Defaults None Mode Switch command read only Example This e...

Page 84: ...switch allows a total of four inbound and or outbound Telnet session to run simultaneously Syntax telnet host port Parameters Defaults If not specified the default port number 23 will be used Mode Swi...

Page 85: ...persistent You can change the persistence mode from auto to manual with the set snmp persistmode command If the persistence mode is set to manual configuration commands will not be automatically writt...

Page 86: ...ssued as described in Configuration Persistence Mode on page 2 41 Example This example shows how to display the configuration persistence mode setting In this case persistence mode is set to manual wh...

Page 87: ...tch command read write Example This example shows how to save the running configuration G3 su save config dir Use this command to list configuration and image files stored in the file system Syntax di...

Page 88: ...heckSum 7eb3dd1118a8ef60cf2c7bb162ac07ee Compatibility G3G124 24 G3G124 24P Filename G3 image_02 61 30 Active Boot Version 1 00 xx Size 6883328 bytes Date Tue Apr 5 16 41 50 2005 CheckSum 37cb8761e176...

Page 89: ...999 cos status enable cos 3 untagged vlans 999 12 13 set policy port ge 1 1 4 14 15 set policy port ge 1 2 4 show config Use this command to display the system configuration or write the configuratio...

Page 90: ...ault configurations begin NON DEFAULT CONFIGURATION port set port jumbo disable ge 1 1 end configure Use this command to execute a previously downloaded configuration file stored on the switch Syntax...

Page 91: ...s how to download a configuration file to the configs directory G3 su copy tftp 10 1 192 1 Jan1_2004 cfg configs Jan1_2004 cfg delete Use this command to remove an image or a CLI configuration file fr...

Page 92: ...ata transfers using TFTP Syntax show tftp settings Parameters None Defaults None Mode Switch command read only Usage The TFTP timeout value can be set with the set tftp timeout command The TFTP retry...

Page 93: ...Switch command read write Example This example shows how to clear the timeout value to the default of 2 seconds G3 rw clear tftp timeout set tftp retry Use this command to configure how many times TFT...

Page 94: ...value of 5 retries Syntax clear tftp retry Parameters None Defaults None Mode Switch command read write Example This example shows how to clear the retry value to the default of 5 retries G3 rw clear...

Page 95: ...example shows how to clear the CLI screen G3 su cls exit Use either of these commands to leave a CLI session Syntax exit Parameters None Defaults None Mode Switch command read only Usage By default s...

Page 96: ...nfiguration settings Syntax reset Parameters None Defaults None Mode Switch command read write Examples This example shows how to reset the system G3 su reset This command will reset all modules and m...

Page 97: ...h You can verify WebView status and enable or disable WebView using the commands described in this section WebView can also be securely used over SSL port 443 if SSL is enabled on the switch By defaul...

Page 98: ...efaults None Mode Switch command read write Usage It is good practice for security reasons to disable HTTP access on the switch when finished configuring with WebView and then to only enable WebView o...

Page 99: ...switch This command can also be used to reinitialize the hostkey that is used for encryption Syntax set ssl enabled disabled reinitialize hostkey reinitialize Parameters Defaults None Mode Switch comm...

Page 100: ...set ssl 2 56 Basic Configuration...

Page 101: ...s to neighboring devices Commands The commands used to review and configure the CDP discovery protocol are listed below show cdp Use this command to display the status of the CDP discovery protocol an...

Page 102: ...port string Optional Displays CDP status for a specific port For a detailed description of possible port string values refer to Port String Syntax Used in the CLI on page 4 1 Table 3 1 show cdp Output...

Page 103: ...Transmit Frequency Frequency in seconds at which CDP messages can be transmitted The default of 60 seconds can be reset with the set cdp interval command For details refer to set cdp interval on page...

Page 104: ...r what their authentication code and enter them into its CDP neighbor table Example This example shows how to set the CDP authentication code to 1 2 3 4 5 6 7 8 G3 su set cdp auth 1 2 3 4 5 6 7 8 set...

Page 105: ...l hold time auth code Parameters Defaults At least one optional parameter must be entered Mode Switch command read write Example This example shows how to reset the CDP state to auto enabled G3 su cle...

Page 106: ...6 00 01 f4 00 72 fe 140 2 4 102 cdp 140 2 4 102 ge 1 6 00 01 f4 00 70 8a 140 2 4 104 cdp 140 2 4 104 ge 1 6 00 01 f4 c5 f7 20 140 2 4 101 cdp 140 2 4 101 ge 1 6 00 01 f4 89 4f ae 140 2 4 105 cdp 140...

Page 107: ...iscoDP Enabled Timer 5 Holdtime TTl 180 Device ID 001188554A60 Last Change WED NOV 08 13 19 56 2006 Table 3 2 provides an explanation of the command output For information about Refer to page show cis...

Page 108: ...hboring devices will hold PDU transmissions from the sending device Default value of 180 can be changed with the set ciscodp holdtime command Device ID The MAC address of the switch Last Change The ti...

Page 109: ...ansmissions Syntax set ciscodp timer seconds Parameters Defaults None trusted The trust mode of the port Default of trusted can be changed using the set ciscodp port command cos The Class of Service p...

Page 110: ...how to set Cisco DP hold time to 180 seconds G3 su set ciscodp hold time 180 set ciscodp port Use this command to set the status voice VLAN extended trust mode and CoS priority for untrusted traffic...

Page 111: ...cting it to overwrite the 802 1p tag of traffic transmitted by the device connected to it to 0 by default or to the value specified by the cos parameter of this command There is a one to one correlati...

Page 112: ...clear all the Cisco DP parameters back to the default settings G3 rw clear ciscodp This example shows how to clear the Cisco DP status on port ge 1 5 G3 rw clear ciscodp port status ge 1 5 Note The C...

Page 113: ...rts can be configured to send this information receive this information or both send and receive Either LLDP or LLDP MED but not both can be used on an interface between two devices A switch port uses...

Page 114: ...ort med trap 3 25 set lldp port location info 3 25 set lldp port tx tlv 3 26 clear lldp 3 28 clear lldp port status 3 28 clear lldp port trap 3 29 clear lldp port med trap 3 29 clear lldp port locatio...

Page 115: ...ge 3 1 30 ge 4 1 12 show lldp port status Use this command to display the LLDP status of one or more ports The command lists the ports that are enabled to send and receive LLDP PDUs Ports are enabled...

Page 116: ...witch command read only Example This example shows how to display LLDP port trap information for all ports G3 ro show lldp port trap Trap Enabled Ports MED Trap Enabled Ports show lldp port tx tlv Use...

Page 117: ...s Ports are configured with a location value using the set lldp port location info command Syntax show lldp port location info port string Parameters Defaults If port string is not specified port loca...

Page 118: ...0 E0 63 93 74 A5 Sys Name LLDP PoE test Chassis Sys Desc Enterasys Networks Inc Sys Cap Supported Enabled bridge router bridge Auto Neg Supported Enabled yes yes Auto Neg Advertised 10BASE T 10BASE TF...

Page 119: ...is supported but not enabled these values will be used by the port Max Frame Size bytes IEEE 802 3 Extensions Maximum Frame Size TLV Value indicates maximum frame size capability of the device s MAC a...

Page 120: ...lue for Controllable can be true or false Value of Used can be signal signal pairs only are in use or spare spare pairs only are in use PoE Power Class IEEE 802 3 Extensions Power via MDI TLV Displaye...

Page 121: ...ype of remote device that is connected to the port Table 3 5 describes the output fields that are unique to the remote system information database Refer to Table 3 4 on page 19 for descriptions of the...

Page 122: ...LLDPDU data is calculated by multiplying the transmit interval by the hold multiplier value Syntax set lldp hold multiplier multiplier val Parameters Defaults None Mode Switch command read write Examp...

Page 123: ...LLDP TLVs in LLDPDUs until they detect that an LLDP MED endpoint device has connected to a port At that point the network connectivity device starts sending LLDP MED TLVs at a fast start rate on that...

Page 124: ...us both ge 1 1 6 set lldp port trap Use this command to enable or disable sending LLDP notifications traps when a remote system change is detected Syntax set lldp port trap enable disable port string...

Page 125: ...ble disable port string Parameters Defaults None Mode Switch command read write Example This example enables transmitting LLDP MED traps on ports ge 1 1 through ge 1 6 G3 rw set lldp port med trap ena...

Page 126: ...name sys desc sys cap mgmt addr vlan id stp lacp gvrp mac phy poe link aggr max frame med cap med loc med poe port string Parameters elin Specifies that the ECS ELIN data format is to be used elin str...

Page 127: ...sions TLV Values sent include whether pair selection can be controlled on port and the power class supplied by the port Only valid for PoE enabled ports link aggr Link Aggregation IEEE 802 3 Extension...

Page 128: ...r lldp port status port string Parameters Defaults None Mode Switch command read write all Returns all LLDP configuration parameters to their default values including port LLDP configuration parameter...

Page 129: ...command read write Example This example returns port ge 1 1 to the default LLDP trap state of disabled G3 rw clear lldp port trap ge 1 1 clear lldp port med trap Use this command to return the port LL...

Page 130: ...t tx tlv all port desc sys name sys desc sys cap mgmt addr vlan id stp lacp gvrp mac phy poe link aggr max frame med cap med loc med poe port string Parameters elin Specifies that the ECS ELIN locatio...

Page 131: ...mation defined by Protocol Identity IEEE 802 1 Extensions TLV from being transmitted in LLDPDUs mac phy Disables the MAC PHY Configuration Status IEEE 802 3 Extensions TLV from being transmitted in LL...

Page 132: ...clear lldp port tx tlv 3 32 Discovery Protocol Configuration...

Page 133: ...rt vlan for vlan interfaces lag for IEEE802 3 link aggregation ports Slot number also refered to as unit or module number in the CLI can be 1 4 Port number can be 1 24 For information about Refer to p...

Page 134: ...24 base units and the G3G 24TX and G3G 24SFP optional IOM modules support 1 Gigabit tranceivers Mini GBICs for 1000BASE LX SX fiber optic connections and 1000BASE T copper connections Optionally thes...

Page 135: ...remote 10BASE T no no no 10BASE TFD no no no 100BASE TX no no no 100BASE TXFD yes no no 1000BASE T no no no 1000BASE TFD yes yes no pause yes yes no G3 su show port status ge 2 1 Alias Oper Admin Spe...

Page 136: ...ort ge 3 14 Port ge 3 14 enabled show port status Use this command to display operating and admin status speed duplex mode and port type for one or more ports on the device Syntax show port status por...

Page 137: ...s truncated Alias configured for the port For details on using the set port alias command refer to set port alias on page 4 9 Oper Status Operating status up or down Admin Status Whether the specified...

Page 138: ...In Octets 0 In Unicast Pkts 0 In Multicast Pkts 0 In Broadcast Pkts 0 In Discards 0 In Errors 0 Out Octets 0 Out Unicasts Pkts 0 Out Multicast Pkts 0 Out Broadcast Pkts 0 Out Errors 0 802 1Q Switch Co...

Page 139: ...the forwarding database Syntax set port disable port string Parameters Defaults None Table 4 2 show port counters Output Details Output Field What It Displays Port Port designation For a detailed desc...

Page 140: ...able ge 1 3 show port alias Use this command to display the alias name for one or more ports Syntax show port alias port string Parameters Defaults If port string is not specified aliases for all port...

Page 141: ...w set port alias ge 3 3 Admin This example shows how to clear the alias for ge 3 3 G3 rw set port alias ge 3 3 Setting Speed and Duplex Mode Purpose To review and set the operational speed in Mbps and...

Page 142: ...eed Use this command to set the default speed of one or more ports This setting only takes effect on ports that have auto negotiation disabled Syntax set port speed port string 10 100 1000 Parameters...

Page 143: ...ead only Example This example shows how to display the default duplex setting for Gigabit Ethernet port 14 in slot 3 G3 su show port duplex ge 3 14 default duplex mode is full on port ge 3 14 set port...

Page 144: ...of jumbo frame support and maximum transmission units MTU on one or more ports Syntax show port jumbo port string Parameters port string Specifies the port s for which duplex type will be set For a d...

Page 145: ...t string Parameters Defaults If port string is not specified jumbo frame support will be enabled or disabled on all ports Mode Switch command read write Example This example shows how to enable jumbo...

Page 146: ...peed default duplex and the port flow control commands In normal operation with all capabilities enabled advertised ability enables a port to advertise that it has the ability to operate in any mode T...

Page 147: ...s command to enable or disable auto negotiation on one or more ports Syntax set port negotiation port string enable disable Parameters Defaults None Mode Switch command read write Example This example...

Page 148: ...s yes 10BASE TFD yes yes yes 100BASE TX yes yes yes 100BASE TXFD yes yes yes 1000BASE T no no no 1000BASE TFD yes yes yes pause yes yes no ge 1 14 capability advertised remote 10BASE T yes yes yes 10B...

Page 149: ...vertise 10BASE T full duplex mode 100tx Advertise 100BASE TX half duplex mode 100txfd Advertise 100BASE TX full duplex mode Refer to Configuring SFP Ports for 100BASE FX on page 4 2 for more informati...

Page 150: ...s used to manage the transmission between two devices as specified by IEEE 802 3x to prevent receiving ports from being overwhelmed by frames from transmitting devices Commands show flowcontrol Use th...

Page 151: ...trap messages indicating changes to their link status up or down The link flap function detects when a link is going up and down rapidly also called link flapping on a physical port and takes the requ...

Page 152: ...Link traps enabled on port ge 3 1 Link traps enabled on port ge 3 2 Link traps enabled on port ge 3 3 Link traps enabled on port ge 3 4 set port trap Use this command to enable of disable ports for se...

Page 153: ...es when link status changes globalstate Displays the global enable state of link flap detection portstate Displays the port enable state of link flap detection parameters Displays the current value of...

Page 154: ...ameters table G3 rw show linkflap parameters Linkflap Port Settable Parameter Table X means error occurred Port LF Status Actions Threshold Interval Downtime ge 1 1 disabled 10 5 300 ge 1 2 enabled D...

Page 155: ...ion LF Status Link flap enabled state Actions Actions to be taken if the port violates allowed link flap behavior D disabled S Syslog entry will be generated T SNMP trap will be generated Threshold Nu...

Page 156: ...string Parameters Defaults If port string is not specified all ports are enabled or disabled Mode Switch command read write Example This example shows how to enable the link trap monitoring on all po...

Page 157: ...mode read write Example This example shows how to set the link flap violation action on port ge 1 4 to generating a Syslog entry G3 rw set linkflap action ge 1 4 gensyslogentry clear linkflap action U...

Page 158: ...set the link flap threshold on port ge 1 4 to 5 G3 rw set linkflap threshold ge 1 4 5 set linkflap downtime Use this command to set the time interval in seconds one or more ports will be held down af...

Page 159: ...string is not specified all ports disabled by a link flap violation will be made operational Mode Switch mode read write Example This example shows how to make disabled port ge 1 4 operational G3 rw...

Page 160: ...c multicast traffic is not affected By default a broadcast suppression threshold of 14881 packets per second pps will be used regardless of actual port speed Broadcast suppression protects against bro...

Page 161: ...the broadcast traffic that is received and switched out to other ports Syntax set port broadcast port string threshold val Parameters Defaults None Mode Switch command read write port string Optional...

Page 162: ...Syntax clear port broadcast port string threshold Parameters Defaults None Mode Switch command read write Example This example clears the broadcast threshold limit to 14881 pps for ports 1 through 5 G...

Page 163: ...ed with the mirror VLAN ID This will prevent the ability to snoop traffic across multiple hops Purpose To review and configure port mirroring on the device Commands show port mirroring Use this comman...

Page 164: ...age 4 33 cannot be mirrored Example This example shows how to create and enable port mirroring with ge 1 4 as the source port and ge 1 11 as the target port Notes When a port mirror is created the mir...

Page 165: ...ly groups interfaces together to create a greater bandwidth uplink or link aggregation according to the IEEE 802 3ad standard This standard allows the switch to determine which ports are in LAGs and c...

Page 166: ...r a set of links connect to the same device and to determine whether those links are compatible from the point of view of aggregation it is necessary to be able to establish A globally unique identifi...

Page 167: ...loopback There is no available aggregator for two or more ports with the same LAG ID This can happen if there are simply no available aggregators or if none of the aggregators have a matching admin k...

Page 168: ...G and all the ports in the LAG are assigned to the egress list of the desired VLAN Otherwise when the LAG is removed the remaining port may be assigned to the wrong VLAN The other option is to enable...

Page 169: ...6 show lacp Output Details Output Field What It Displays Global Link Aggregation state Shows if LACP is enabled or disabled on the switch Single Port LAGs Displays if the single port LAG feature has b...

Page 170: ...s None Mode Switch command read write Oper Key Port s operational key derived from the admin key Only underlying physical ports with oper keys matching the aggregator s will be allowed to aggregate At...

Page 171: ...inkey port string value Parameters Defaults None Mode Switch command read write Usage LACP will use this value to form an oper key Only underlying physical ports with oper keys matching those of their...

Page 172: ...add port ge 1 6 to the LAG of aggregator port 6 G3 su set lacp static lag 0 6 ge 1 6 aadminkey port string Resets admin keys for one or more ports to the default value of 32768 disable enable Disable...

Page 173: ...ch command read write Usage When single port LAGs are enabled Link Aggregration Groups can be formed when only one port is receiving protocol transmissions from a partner When this setting is disabled...

Page 174: ...nd read write Example This example shows how to reset the single port LAG function back to disabled G3 su clear lacp singleportlag show port lacp Use this command to display link aggregation informati...

Page 175: ...1411 ActorSystemPriority 32768 PartnerOperPort 1411 ActorPortPriority 32768 PartnerAdminSystemPriority 32768 ActorAdminKey 32768 PartnerOperSystemPriority 32768 ActorOperKey 32768 PartnerAdminPortPrio...

Page 176: ...of aggregating by comparing oper keys Aggregator ports allow only underlying ports with oper keys matching theirs to join their LAG Valid values are 1 65535 The default key value is 32768 aadminstate...

Page 177: ...adminkey aportpri asyspri aadminstate lacpactive lacptimeout lacpagg lacpsync lacpcollect lacpdist lacpdef lacpexpire all padminsyspri padminsysid padminkey padminportpri padminport padminstate lacpac...

Page 178: ...String Syntax Used in the CLI on page 4 1 aadminkey Clears a port s actor admin key aportpri Clears a port s actor port priority asyspri Clears the port s actor system priority aadminstate lacpactive...

Page 179: ...ent group if they are in the same VLAN Unprotected ports can forward traffic to both protected and unprotected ports A port may belong to only one group of protected ports This feature only applies to...

Page 180: ...tion about all protected ports G3 ro show port protected Group id Port 1 ge 1 1 1 ge 1 2 1 ge 1 3 clear port protected Use this command to remove a port or group from protected mode Syntax clear port...

Page 181: ...lts None Mode Switch command read write Example This example shows how to assign the name group1 to protected port group 1 G3 rw set port protected name 1 group1 show port protected name Use this comm...

Page 182: ...p1 clear port protected name Use this command to clear the name of a protected group Syntax clear port protected name group id Parameters Defaults None Mode Switch command read write Example This exam...

Page 183: ...to data types counter size and protocol operations Version 3 SNMPv3 This is the most recent version of SNMP and includes significant enhancements to administration and security SNMPv3 is fully describ...

Page 184: ...sion by wrapping them in a message header and returning them to the dispatcher The message processing subsystem also accepts incoming messages from the dispatcher processes each message header and ret...

Page 185: ...context on page 5 20 Example This example permits the powergroup to manage all MIBs via SNMPv3 G3 su set snmp access powergroup security model usm Configuration Considerations Commands for configurin...

Page 186: ...gineid EngineId 80 00 15 f8 03 00 e0 63 9d b5 87 Engine Boots 12 Engine Time 162181 Max Msg Size 2048 Table 5 2 provides an explanation of the command output For information about Refer to page show s...

Page 187: ...ames 0 snmpInBadCommunityUses 0 snmpInASNParseErrs 0 snmpInTooBigs 0 snmpInNoSuchNames 0 snmpInBadValues 0 snmpInReadOnlys 0 snmpInGenErrs 0 snmpInTotalReqVars 403661 snmpInTotalSetVars 534 snmpInGetR...

Page 188: ...as noSuchName snmpInBadValues Number of SNMP PDUs delivered to the SNMP protocol entity with the value of the error status field as badValue snmpInReadOnlys Number of valid SNMP PDUs delivered to the...

Page 189: ...SNMP Get Set or Inform request error messages that were dropped because the reply was larger than the requestor s maximum message size snmpProxyDrops Number of SNMP Get Set or Inform request error me...

Page 190: ...cal SNMP engine will be displayed If not specified user information for all storage types will be displayed Mode Switch command read only For information about Refer to page show snmp user 5 8 set snm...

Page 191: ...le Parameters Table 5 4 show snmp user Output Details Output Field What It Displays EngineId SNMP local engine identifier Username SNMPv1 or v2 community name or SNMPv3 user name Auth protocol Type of...

Page 192: ...tored in permanent nonvolatile memory G3 su set snmp user netops clear snmp user Use this command to remove a user from the SNMPv3 security model list Syntax clear snmp user user remote remote Paramet...

Page 193: ...nonVolatile Row status active Security model SNMPv1 Security user name public router1 Group name Anyone Storage type nonVolatile Row status active Table 5 5 provides an explanation of the command outp...

Page 194: ...ear snmp group Use this command to clear SNMP group settings globally or for a specific SNMP group and user Syntax clear snmp group groupname user security model v1 v2c usm Parameters Defaults If not...

Page 195: ...ple This example shows how to display information about the SNMP public community name For a description of this output refer to set snmp community page 5 13 G3 su show snmp community public Configure...

Page 196: ...name Parameters Defaults None Mode Switch command read write Example This example shows how to delete the community name vip G3 su clear snmp community vip context context Optional Specifies a subset...

Page 197: ...or privacy are not specified access information for all security levels will be displayed If context is not specified all contexts will be displayed If volatile nonvolatile or read only are not specif...

Page 198: ...Field What It Displays Group SNMP group name Security model Security model applied to this group Valid types are SNMPv1 SNMPv2c and SNMPv3 User based USM Security level Security level applied to this...

Page 199: ...roup security model usm groupname Specifies a name for an SNMPv3 group security model v1 v2c usm Specifies SNMP version 1 2c or 3 usm noauthentication authentication privacy Optional Applies SNMP secu...

Page 200: ...group via the authentication protocol G3 su clear snmp access mis group security model usm authentication Configuring SNMP MIB Views Purpose To review and configure SNMP MIB views SNMP views map SNMP...

Page 201: ...ubtree OID 1 Subtree mask View Type included Storage type nonVolatile Row status active View Name All Subtree OID 0 0 Subtree mask View Type included Storage type nonVolatile Row status active View Na...

Page 202: ...ement information Example This example shows how to display a list of all SNMP contexts known to the device G3 su show snmp context Configured contexts default context all mibs set snmp view Use this...

Page 203: ...is command to delete an SNMPv3 MIB view Syntax clear snmp view viewname subtree Parameters Defaults None Mode Switch command read write Example This example shows how to delete SNMP MIB view public G3...

Page 204: ...mmand to display SNMP parameters used to generate a message to a target Syntax show snmp targetparams targetParams volatile nonvolatile read only Parameters Defaults If targetParams is not specified e...

Page 205: ...target parameters a named set of security authorization criteria used to generate a message to a target Syntax set snmp targetparams paramsname user user security model v1 v2c usm message processing...

Page 206: ...Defaults None Mode Switch command read write user user Specifies an SNMPv1 or v2 community name or an SNMPv3 user name Maximum length is 32 bytes security model v1 v2c usm Specifies the SNMP security...

Page 207: ...5 23 Commands show snmp targetaddr Use this command to display SNMP target address information Syntax show snmp targetaddr targetAddr volatile nonvolatile read only Parameters Defaults If targetAddr i...

Page 208: ...t volatile nonvolatile Parameters Table 5 9 show snmp targetaddr Output Details Output Field What It Displays Target Address Name Unique identifier in the snmpTargetAddressTable Tag List Tags a locati...

Page 209: ...asic SNMP Trap Configuration on page 5 36 G3 su set snmp targetaddr tr 192 168 190 80 param v2cExampleParams taglist TrapSink clear snmp targetaddr Use this command to delete an SNMP target address en...

Page 210: ...an outgoing notification message It will then apply the appropriate subtree specific filter when generating notification messages Purpose To configure SNMP notification parameters and optional filters...

Page 211: ...e This example displays the status for Gigabit Ethernet ports 1 through 5 in slot 1 G3 ro show newaddrtrap ge 1 1 5 New Address Traps Globally disabled Port Enable State ge 1 1 disabled ge 1 2 disable...

Page 212: ...mmand to display the SNMP notify configuration which determines the management targets that will receive SNMP notifications Syntax show snmp notify notify volatile nonvolatile read only Parameters Def...

Page 213: ...nd set snmp targetaddr on page 5 26 Syntax set snmp notify notify tag tag trap inform volatile nonvolatile Parameters Defaults If not specified message type will be set to trap Table 5 10 show snmp no...

Page 214: ...tify configuration Syntax clear snmp notify notify Parameters Defaults None Mode Switch command read write Example This example shows how to clear the SNMP notify configuration for hello G3 su clear s...

Page 215: ...atile Row status active set snmp notifyfilter Use this command to create an SNMP notify filter configuration This identifies which management targets should NOT receive notification messages which is...

Page 216: ...1 3 6 clear snmp notifyfilter Use this command to delete an SNMP notify filter configuration Syntax clear snmp notifyfilter profile subtree oid or mibobject Parameters Defaults None Mode Switch comman...

Page 217: ...ation This associates a notification filter created with the set snmp notifyfilter command set snmp notifyfilter on page 5 33 to a set of SNMP target parameters to determine which management targets s...

Page 218: ...tion a console or a terminal to indicate the occurrence of a significant event such as when a port or device goes up or down when there are authentication failures and when power supply errors occur T...

Page 219: ...dress tr It will use security and authorization criteria contained in a target parameters entry called v2cExampleParams G3 su set snmp community mgmt G3 su set snmp targetparams v2cExampleParams user...

Page 220: ...ation 192 168 190 80 and the procedure targetparams to cross the doorstep is called v2ExampleParams 4 Verifies that the v2ExampleParams description of how to step through the door is in fact there The...

Page 221: ...igns port roles to individual ports on the switch depending on whether that port is part of the active topology RSTP provides rapid connectivity following the failure of a switch switch port or a LAN...

Page 222: ...unt of communications bandwidth to accomplish the operation of the Spanning Tree Protocol Reconfiguring the active topology in a manner that is transparent to stations transmitting and receiving data...

Page 223: ...m is implemented This means the designated port can rely on receiving a response to its proposal regardless of the role of the connected port which has two important implications First the designated...

Page 224: ...11 set spantree msti 6 12 clear spantree msti 6 12 show spantree mstmap 6 13 set spantree mstmap 6 13 clear spantree mstmap 6 14 show spantree vlanlist 6 15 show spantree mstcfgid 6 15 set spantree ms...

Page 225: ...spantree spanguard 6 26 show spantree spanguardtimeout 6 26 set spantree spanguardtimeout 6 26 clear spantree spanguardtimeout 6 27 show spantree spanguardlock 6 27 clear set spantree spanguardlock 6...

Page 226: ...the root bridge can be reached Designated Root Priority Priority of the designated root bridge Designated Root Cost Total path cost to reach the root Root Max Age Amount of time in seconds a BPDU pack...

Page 227: ...None Bridge Forward Delay Amount of time in seconds the bridge spends in listening or learning mode This is a default value or is assigned using the set spantree fwddelay command For details refer to...

Page 228: ...not be changed from its default setting of mstp Multiple Spanning Tree Protocol mode MSTP mode is fully compatible and interoperable with legacy STP 802 1D and Rapid Spanning Tree RSTP bridges Settin...

Page 229: ...orwarding mode Syntax show spantree bpdu forwarding Parameters None Defaults None Mode Switch command read only Example This example shows how to display the Spanning Tree BPDU forwarding mode G3 su s...

Page 230: ...o display the Spanning Tree bridge priority mode setting Syntax show spantree bridgeprioritymode Parameters None Defaults None Mode Switch command read only Example This example shows how to display t...

Page 231: ...dgeprioritymode Use this command to reset the Spanning Tree bridge priority mode to the default setting of 802 1t Syntax clear spantree bridgeprioritymode Parameters None Defaults None Mode Switch com...

Page 232: ...msti Use this command to create or delete a Multiple Spanning Tree instance Syntax set spantree msti sid sid create delete Parameters Defaults None Mode Switch command read write Example This example...

Page 233: ...N is mapped Syntax show spantree mstmap fid fid Parameters Defaults If fid is not specified information for all assigned FIDs will be displayed Mode Switch command read only Example This example shows...

Page 234: ...reset Mode Switch command read write Example This example shows how to map FID 2 back to SID 0 G3 su clear spantree mstmap 2 Note Since any MST maps that are associated with GVRP generated VLANs will...

Page 235: ...antree mstmap command as described in set spantree mstmap on page 6 13 G3 su show spantree vlanlist 1 The following SIDS are assigned to VLAN 1 2 16 42 show spantree mstcfgid Use this command to displ...

Page 236: ...write Example This example shows how to set the MST configuration name to mstconfig G3 su set spantree mstconfigid cfgname mstconfig clear spantree mstcfgid Use this command to reset the MST revision...

Page 237: ...ioritymode on page 6 10 some priority values may be rounded up or down Example This example shows how to set the bridge priority to 4096 on SID 1 G3 su set spantree priority 4096 1 clear spantree prio...

Page 238: ...d write Example This example shows how to globally set the Spanning Tree hello time to 10 seconds G3 su set spantree hello 10 clear spantree hello Use this command to reset the Spanning Tree hello tim...

Page 239: ...ny port that ages out STP information provided in the last configuration message becomes the designated port for the attached LAN If it is a root port a new root port is selected from among the device...

Page 240: ...s delay is required because every device must receive information about topology changes before it starts to forward frames In addition each port needs time to listen for conflicting information that...

Page 241: ...e shows how to display the status of the backup root function on SID 0 G3 rw show spantree backuproot Backup root is set to disable on sid 0 set spantree backuproot Use this command to enable or disab...

Page 242: ...the backup root function on SID 2 G3 rw set spantree backuproot 2 enable clear spantree backuproot Use this command to reset the Spanning Tree backup root function to the default state of disabled Sy...

Page 243: ...suppression is enabled which is the device default edge ports such as end station PCs are prevented from sending topology change traps This is because there is usually no need for network management t...

Page 244: ...s a port to transmit MSTP BPDUs Syntax set spantree protomigration port string Parameters Defaults None Mode Switch command read write Example This example shows how to reset the protocol state migrat...

Page 245: ...edge port is expected to be connected to a workstation or other end user type of device and not to another switch in the network When Spanguard is enabled if a non loopback BPDU is received on an edg...

Page 246: ...ard function to disabled G3 rw clear spantree spanguard show spantree spanguardtimeout Use this command to display the Spanning Tree SpanGuard timeout setting Syntax show spantree spanguardtimeout Par...

Page 247: ...eout to the default value of 300 seconds Syntax clear spantree spanguardtimeout Parameters None Defaults None Mode Switch command read write Example This example shows how to reset the SpanGuard timeo...

Page 248: ...as edge user ports as described in set spantree adminedge on page 6 37 Syntax clear spantree spanguardlock port string set spantree spanguardlock port string Parameters Defaults None Mode Switch comma...

Page 249: ...e or disable the sending of an SNMP trap message when SpanGuard has locked a port Syntax set spantree spanguardtrapenable disable enable Parameters Defaults None Mode Switch command read write Example...

Page 250: ...path cost setting Syntax show spantree legacypathcost Parameters None Defaults None Mode Switch command read only Example This example shows how to display the default Spanning Tree path cost setting...

Page 251: ...D G3 rw set spantree legacypathcost enable clear spantree legacypathcost Use this command to set the Spanning Tree default value for legacy path cost to 802 1t values Syntax clear spantree legacypathc...

Page 252: ...lt Spanning Tree admin status to enable on one or more ports Syntax clear spantree portadmin port string show spantree portpri 6 33 set spantree portpri 6 34 clear spantree portpri 6 35 show spantree...

Page 253: ...example shows how to display port admin status for ge 1 1 G3 ro show spantree portadmin port ge 1 1 Port ge 1 1 has portadmin set to enabled show spantree portpri Use this command to show the Spanning...

Page 254: ...e priority of ge 1 3 to 240 on SID 1 G3 su set spantree portpri ge 1 3 240 sid 1 port port string Optional Specifies the port s for which to display Spanning Tree priority For a detailed description o...

Page 255: ...string is not specified admin path cost for all Spanning Tree ports will be displayed If sid is not specified admin path cost for Spanning Tree 0 will be displayed Mode Switch command read only port...

Page 256: ...lear spantree adminpathcost Use this command to reset the Spanning Tree default value for port admin path cost to 0 Syntax clear spantree adminpathcost port string sid sid Parameters port string Speci...

Page 257: ...itch command read only Example This example shows how to display the edge port status for ge 3 2 G3 su show spantree adminedge port ge 3 2 Port ge 3 2 has a Port Admin Edge of Edge Port set spantree a...

Page 258: ...status Syntax clear spantree adminedge port string Parameters Defaults None Mode Switch command read write Example This example shows how to reset ge 1 11 as a non edge port G3 su clear spantree admi...

Page 259: ...3 clear spantree lpcapablepartner 6 44 set spantree lpthreshold 6 44 show spantree lpthreshold 6 45 clear spantree lpthreshold 6 45 set spantree lpwindow 6 46 show spantree lpwindow 6 46 clear spantre...

Page 260: ...per port and or per SID Syntax show spantree lp port port string sid sid Parameters Defaults If no port string is specified status is displayed for all ports If no SID is specified SID 0 is assumed Mo...

Page 261: ...ee the set spantree lpthreshold and set spantree lpwindow commands Once a port is forced into blocking locked it remains locked until manually unlocked with the clear spantree lplock command Syntax sh...

Page 262: ...ge 1 1 G3 rw show spantree lplock port ge 1 1 The LoopProtect lock status for port ge 1 1 SID 0 is LOCKED G3 rw clear spantree lplock ge 1 1 G3 rw show spantree lplock port ge 1 1 The LoopProtect loc...

Page 263: ...on is maintained by keeping the port from forwarding but since this is not considered a loop event it will not be factored into locking the port Example This example shows how to set the Loop Protect...

Page 264: ...ameters Defaults None The default event threshold is 3 Mode Switch command read write Usage The LoopProtect event threshold is a global integer variable that provides protection in the case of intermi...

Page 265: ...aults None Mode Switch command read only Example This example shows how to display the current Loop Protect threshold value G3 rw show spantree lpthreshold The Loop Protect event threshold value is 4...

Page 266: ...d is reached If the threshold is reached that constitutes a loop protection event Example This example shows how to set the Loop Protect event window to 120 seconds G3 rw set spantree lpwindow 120 sho...

Page 267: ...window set spantree lptrapenable Use this command to enable or disable Loop Protect event notification Syntax set spantree lptrapenable enable disable Parameters Defaults None Mode Switch command read...

Page 268: ...event notification status is enable clear spantree lptrapenable Use this command to return the Loop Protect event notification state to its default state of disabled Syntax clear spantree lptrapenable...

Page 269: ...that represents the number of disputed BPDUs that must be received on a given port SID until a disputed BPDU trap is sent and a syslog message is issued For example if the threshold is 10 then a trap...

Page 270: ...d write Example This example shows how to reset the disputed BPDU threshold to the default of 0 G3 rw clear spantree disputedbpduthreshold show spantree nonforwardingreason Use this command to display...

Page 271: ...ns causing a port to be placed in listening or blocking state include a Loop Protect event receipt of disputed BPDUs and loopback detection Example This example shows how to display the non forwarding...

Page 272: ...show spantree nonforwardingreason 6 52 Spanning Tree Configuration...

Page 273: ...ated with a particular VLAN and protocol isolated from the other parts of the network Port String Syntax Used in the CLI For information on how to designate VLANs and port numbers in the CLI syntax re...

Page 274: ...ill transmit the traffic with a VLAN tag included Step Task Refer to page 1 Create a new VLAN 7 4 2 Set the PVID for the desired switch port to the VLAN created in Step 1 7 7 3 Add the desired switch...

Page 275: ...show vlan 1 VLAN 1 NAME DEFAULT VLAN VLAN Type Default Egress Ports ge 1 1 10 ge 2 1 4 ge 3 1 7 Forbidden Egress Ports None Untagged Ports ge 1 1 10 ge 2 1 4 ge 3 1 7 Table 7 2 provides an explanatio...

Page 276: ...eld What It Displays VLAN VLAN ID NAME Name assigned to the VLAN Status Whether it is enabled or disabled VLAN Type Whether it is permanent static or dynamic Egress Ports Ports configured to transmit...

Page 277: ...ples This example shows how to create VLAN 3 G3 su set vlan create 3 set vlan name Use this command to set or change the ASCII name for a new or existing VLAN Syntax set vlan name vlan list vlan name...

Page 278: ...faults None Mode Switch command read write Example This example shows how to clear the name for VLAN 9 G3 su clear vlan name 9 Assigning Port VLAN IDs PVIDs and Ingress Filtering Purpose To assign def...

Page 279: ...untagged frames received on these ports will be classified to VLAN 1 G3 su show port vlan ge 2 1 6 ge 2 1 is set to 1 ge 2 2 is set to 1 ge 2 3 is set to 1 ge 2 4 is set to 1 ge 2 5 is set to 1 ge 2 6...

Page 280: ...s example shows how to reset ports ge 1 3 through 11 to a VLAN ID of 1 Host VLAN G3 su clear port vlan ge 1 3 11 port string Specifies the port s for which to configure a VLAN identifier For a detaile...

Page 281: ...this case the ports are disabled for ingress filtering G3 su show port ingress filter ge 1 10 15 Port State ge 1 10 disabled ge 1 11 disabled ge 1 12 disabled ge 1 13 disabled ge 1 14 disabled ge 1 1...

Page 282: ...discard mode for one or more ports Ports can be set to discard frames based on whether or not the frame contains a VLAN tag They can also be set to discard both tagged and untagged frames or neither...

Page 283: ...determines which ports on the switch will be eligible to transmit frames for a particular VLAN For example ports 1 5 7 8 could be allowed to transmit frames belonging to VLAN 20 and ports 7 8 9 10 co...

Page 284: ...lt VLAN defaults its egress to untagged for all ports Commands show port egress Use this command to display the VLAN membership for one or more ports Syntax show port egress port string Parameters Def...

Page 285: ...ipating in a VLAN This setting instructs the device to ignore dynamic requests either through GVRP or dynamic egress for the port to join the VLAN Syntax set vlan forbidden vlan id port string Paramet...

Page 286: ...rt string forbidden Parameters vlan list Specifies the VLAN where a port s will be added to the egress list port string Specifies one or more ports to add to the VLAN egress list of the specified vlan...

Page 287: ...s enabled or disabled for one or more VLANs Syntax show vlan dynamicegress vlan list Parameters Defaults If vlan list is not specified the dynamic egress status for all VLANs will be displayed Mode Sw...

Page 288: ...an AppleTalk VLAN with a VLAN ID of 55 with a classification rule that all AppleTalk traffic gets tagged with VLAN ID 55 Then you enable dynamic egress for VLAN 55 Now when an AppleTalk user plugs in...

Page 289: ...nly Example This example shows how to display the host VLAN G3 su show host vlan Host vlan is 7 set host vlan Use this command to assign host status to a VLAN Syntax set host vlan vlan id Parameters D...

Page 290: ...s how to set the host VLAN to the default setting G3 su clear host vlan Enabling Disabling GVRP GARP VLAN Registration Protocol About GARP VLAN Registration Protocol GVRP The following sections descri...

Page 291: ...each port is updated with the new information accordingly Configuring a VLAN on an 802 1Q switch creates a static VLAN entry The entry will always remain registered and will not time out However dyna...

Page 292: ...ead only Example This example shows how to display GVRP status for the device and for fw 2 1 G3 su show gvrp ge 2 1 Global GVRP status is enabled Port Number GVRP status ge 2 1 disabled show garp time...

Page 293: ...on using the set gvrp command to enable or disable GVRP refer to set gvrp on page 7 22 For details on using the set garp timer command to change default timer values refer to set garp timer on page 7...

Page 294: ...e shows how to enable GVRP on ge 1 3 G3 su set gvrp enable ge 1 3 clear gvrp Use this command to clear GVRP status or on one or more ports Syntax clear gvrp port string Parameters Defaults If port str...

Page 295: ...to set the GARP join timer value to 100 centiseconds for all ports G3 su set garp timer join 100 This example shows how to set the leave timer value to 300 centiseconds for all ports G3 su set garp ti...

Page 296: ...set garp timer 7 24 802 1Q VLAN Configuration...

Page 297: ...ly ports activated for a profile will be allowed to transmit frames accordingly Configuring Policy Profiles Purpose To review create change and remove user profiles that relate to business driven poli...

Page 298: ...ot specified summary information will be displayed for the specified index or all indices Mode Switch command read only For information about Refer to page show policy profile 8 2 set policy profile 8...

Page 299: ...profile Profile Name User supplied name assigned to this policy profile Row Status Whether or not the policy profile is enabled active or disabled Port VID Status Whether or not PVID override is enabl...

Page 300: ...le Valid values are 1 255 name name Optional Specifies a name for the policy profile This is a string from 1 to 64 characters pvid status enable disable Optional Enables or disables PVID override for...

Page 301: ...cy profiles This maps user profiles to protocol based frame filtering policies Commands show policy rule Use this command to display policy classification rule information profile index Specifies the...

Page 302: ...urce port rules udpdestport Displays UDP destination port rules udpsourceport Displays UDP source port rules data Displays rules for a predefined classifier This value is dependent on the classificati...

Page 303: ...in Port ge 1 9 16 ge 1 9 A NV 1 admin Port ge 1 10 16 ge 1 10 A NV 1 admin Port ge 1 11 16 ge 1 11 A NV 1 admin Port ge 1 12 16 ge 1 12 A NV 1 Table 8 2 provides an explanation of the command output d...

Page 304: ...ute Above the table is a list of all the actions possible on this device The left most column of the table lists all possible classifiable traffic attributes The next two columns from the left indicat...

Page 305: ...A R Y S A D V D W S T A M M L C R A L R B I I A O O R O A L SUPPORTED RULE TYPES C N N S P D G P E MAC source address X X X MAC destination address X X X IPX source address IPX destination address IP...

Page 306: ...nd as described in set policy profile on page 8 4 Valid profile index values are 1 255 ether Classifies based on type field in Ethernet II packet ipproto Classifies based on Protocol field in IP packe...

Page 307: ...lues are 0 4095 A value of 1 indicates that no CoS forwarding behavior modification is desired Not supported on B3 C3 and G3 drop forward Specifies that packets within this classification will be drop...

Page 308: ...ule entries associated with policy profile 1 from all ports G3 su clear policy rule 1 ether 1526 profile index Specifies a policy profile for which to delete classification rules Valid profile index v...

Page 309: ...s Syntax clear policy all rules Parameters None Defaults None Mode Switch command read write Example This example shows how to remove all administrative and policy index rules G3 su clear policy all r...

Page 310: ...a detailed description of possible port string values refer to Port String Syntax Used in the CLI on page 4 1 profile index Specifies the ID of the policy profile role to which the port s will be add...

Page 311: ...olicy based CoS function by defining new port groupings and assigning inbound rate limiters The process for user defined CoS configuration involves the following steps and associated commands listed i...

Page 312: ...dex Resource Type Unit Rate Rate Limit Type Action 1 0 1 irl kbps 512 drop none G3 su show cos port resource irl 2 0 1 Group Index Resource Type Unit Rate Rate Limit Type Action 2 0 1 irl kbps 10000 d...

Page 313: ...this command to enable or disable Class of Service Syntax set cos state enable disable For information about Refer to page set cos state 8 17 show cos state 8 18 clear cos state 8 18 set cos settings...

Page 314: ...rvice enable state Syntax show cos state Parameters None Defaults None Mode Switch command read only Example This example shows how to show the Class of Service enable state G3 rw show cos state Class...

Page 315: ...class of service entry consists of an index 802 1p priority an optional ToS value and an IRL reference CoS Index Indexes are unique identifiers for each CoS setting CoS indexes 0 through 7 are created...

Page 316: ...not assign an inbound rate limit but points to the CoS IRL Reference Mapping Table This reference may be thought of as the virtual rate limiter that will assign the physical rate limiter defined by t...

Page 317: ...for inbound rate limiting and add or remove ports from the group Syntax set cos port config irl group type index name name ports port list append clear Parameters cos list Optional Specifies a Class...

Page 318: ...ass of service can assign different rate limits to each port group User ports can be assigned one rate limit while Uplink ports can be assigned another DFE supports a maximum of 8 port groups per CoS...

Page 319: ...clear inbound rate limiting groups or assigned ports Syntax clear cos port config irl all group type index entry name ports Parameters group type index Optional Show assigned ports for a specific port...

Page 320: ...ult ports Clear the ports assigned to this group to its default irl Set an IRL port resource group type index Specifies an inbound rate limiting port group type index Valid entries are in the form of...

Page 321: ...se Example This example sets the inbound rate limit resource index number 1 for port group 2 0 to 10000 Kbps or 1 MB G3 su set cos port resource irl 2 0 1 unit kbps rate 10000 type drop show cos port...

Page 322: ...ar cos port resource irl 2 0 1 rate set cos reference Use this command to set the Class of Service inbound rate limiting reference configuration irl Specifies that an IRL resource is to be cleared all...

Page 323: ...reference IRL references are not populated with limiters resources but can be configured by the user The IRL reference table can be displayed using the show cos reference command Example In the CoS IR...

Page 324: ...iguration Syntax clear cos reference irl all group type index reference Parameters irl Optional Specifies that inbound rate limiting reference information should be displayed group type index Optional...

Page 325: ...tax show cos unit Parameters None Defaults None Mode Switch command read only Example This example shows possible unit entries for inbound rate limiting G3 su show cos unit Type Unit irl inbound rate...

Page 326: ...ntation provides one default port type 0 for designating available inbound rate limiting resources Port type 0 includes all ports The port type 0 description is G3100 IRL which indicates that this por...

Page 327: ...lt priority setting on the port For example if the priority of a port is set to 4 the frames received through that port without a priority indicated in their tag header are classified as a priority 4...

Page 328: ...f Service transmit priority 0 through 7 on each port A port receiving a frame without priority information in its tag header is assigned a priority according to the priority setting on the port For ex...

Page 329: ...urrent CoS port priority setting to 0 This will cause all frames received without a priority value in its header to be set to priority 0 Syntax clear port priority port string Parameters Defaults None...

Page 330: ...e or more ports Commands show port priority queue Use this command to display the port priority levels 0 through 7 with 0 as the lowest level associated with the current transmit queues 0 being the lo...

Page 331: ...ead write Usage Priority to transmit queue mapping on an individual port basis can only be configured on Gigabit Ethernet ports ge x x When you use the set port priority queue command to configure a F...

Page 332: ...for each port The commands in this section allow you to set the priority mode and weight for each of the available queues 0 through 7 for each physical port on the switch Priority mode and weight can...

Page 333: ...alue2 value3 value4 value5 value6 value7 Parameters Defaults None Mode Switch command read write port string Optional Specifies port s for which to display QoS settings For a detailed description of p...

Page 334: ...1 0 0 0 0 0 O O 100 G3 su show port txq ge 1 1 Port Alg Q0 Q1 Q2 Q3 Q4 Q5 Q6 Q7 ge 1 1 STR SP SP SP SP SP SP SP SP clear port txq Use this command to clear port transmit queue values back to their def...

Page 335: ...acket delivery service since it is only concerned with forwarding multicast traffic from the local device to group members on a directly attached subnetwork or LAN segment This device supports IP mult...

Page 336: ...y for any attached hosts who want to receive a specific multicast service The device looks up the IP Multicast Group used for this service and adds it to the egress list of the Level 3 interface It th...

Page 337: ...ership Interval 260 Max Response Time 100 Multicast Router Present Expiration Time 0 Interfaces Enabled for IGMP Snooping ge 1 1 ge 1 2 ge 1 3 Multicast Control Frame Count 0 Data Frames Forwarded by...

Page 338: ...mpsnooping adminmode on page 10 3 and then enabled on a port s using this command Example This example shows how to enable IGMP on port ge 1 10 G3 su set igmpsnooping interfacemode ge 1 10 enable set...

Page 339: ...configure the IGMP query maximum response time for the system Syntax set igmpsnooping maxresponse time Parameters Defaults None Mode Switch command read write Usage This value must be less than the I...

Page 340: ...ime 0 set igmpsnooping add static This command creates a new static IGMP entry or adds one or more new ports to an existing entry Syntax set igmpsnooping add static group vlan list modify port string...

Page 341: ...s If no ports are specified all ports are removed from the entry Mode Switch command read write Example This example removes port ge 1 1 from the entry for the multicast group with IP address of 233 1...

Page 342: ...FDB table entries will be displayed Mode Switch command read only Examples This example shows how to display multicast forwarding database entries G3 su show igmpsnooping mfdb MAC Address Type Descrip...

Page 343: ...ng Entries Cleared Configuring IGMP on Routing Interfaces Purpose To configure IGMP on routing interfaces Commands Router The commands covered in this section can be executed only when the device is i...

Page 344: ...an interface Once these commands are executed the device will start sending and processing IGMP multicast traffic IGMP is disabled by default both globally and on a per interface basis Example This e...

Page 345: ...G3 su router Config interface vlan 1 G3 su router Config if Vlan 1 ip igmp enable ip igmp version Use this command to set the version of IGMP running on the router The no form of this command resets I...

Page 346: ...Query Max Response Time is 100 1 10 of a second Robustness is 2 Startup Query Interval is 31 secs Startup Query Count is 2 Last Member Query Interval is 10 1 10 of a second Last Member Query Count is...

Page 347: ...an 1 G3 su router Config if Vlan 1 ip igmp query interval 1800 ip igmp query max response time Use this command to set the maximum response time interval advertised in IGMPv2 queries The no form of th...

Page 348: ...u router Config if Vlan 1 Example This example shows how to set the IGMP startup query interval to 100 seconds on VLAN 1 G3 su router Config interface vlan 1 G3 su router Config if Vlan 1 ip igmp star...

Page 349: ...r query interval Parameters Defaults None Mode Interface configuration G3 su router Config if Vlan 1 Example This example shows how to set the IGMP last member query interval to 10 seconds on VLAN 1 G...

Page 350: ...ness value to the default of 2 Syntax ip igmp robustness robustness no ip igmp robustness Parameters Defaults None Mode Interface configuration G3 su router Config if Vlan 1 Usage This value determine...

Page 351: ...h CLI only For information on router related network management tasks including reviewing router ARP tables and IP traffic refer to Chapter 15 For information about Refer to page Configuring System Lo...

Page 352: ...application 11 8 show logging local 11 9 set logging local 11 9 clear logging local 11 10 show logging buffer 11 10 For information about Refer to page index Optional Displays Syslog information perta...

Page 353: ...113 facility local4 severity level 3 on port 514 G3 su set logging server 1 ip addr 134 141 89 113 facility local4 severity 3 port 514 state enable index Specifies the server table index number for th...

Page 354: ...3 su clear logging server 1 show logging default Use this command to display the Syslog server default values Syntax show logging default Parameters None Defaults None Mode Switch command read only Ex...

Page 355: ...clear logging default facility severity port Parameters facility facility Specifies the default facility name Valid values are local0 to local7 severity severity Specifies the default logging severity...

Page 356: ...em Syntax show logging application mnemonic all Parameters Defaults If no parameter is specified information for all applications will be displayed Mode Switch command read only port Optional Resets t...

Page 357: ...escription for applications being logged Current Severity Level Severity level at which the server is logging messages for the listed application This range from 1 to 8 and its associated severity lis...

Page 358: ...all level level Optional Specifies the severity level at which the server will log messages for applications Valid values and corresponding levels are 1 emergencies system is unusable 2 alerts immedi...

Page 359: ...ample This example shows how to display the state of message logging In this case logging to the console is enabled and logging to a persistent file is disabled G3 su show logging local Syslog Console...

Page 360: ...t store logging for the local session Syntax clear logging local Parameters None Defaults None Mode Switch command read write Example This example shows how to clear local logging G3 su clear logging...

Page 361: ...lnet Monitoring Network Events and Status Purpose To display switch events and command history to set the size of the history buffer and to display and disconnect current user sessions Commands histor...

Page 362: ...display the size in lines of the history buffer Syntax show history Parameters None Defaults None Mode Switch command read only Example This example shows how to display the size of the history buffe...

Page 363: ...ode Switch command read write Examples This example shows how to ping IP address 134 141 89 29 In this case this host is alive G3 su ping 134 141 89 29 134 141 89 29 is alive In this example the host...

Page 364: ...connect Use this command to close an active console port or Telnet session from the switch CLI Syntax disconnect ip addr console Parameters Defaults None Mode Switch command read write Examples This e...

Page 365: ...the switch s ARP table Syntax show arp Parameters None Defaults None Mode Switch command read only For information about Refer to page show arp 11 15 set arp 11 16 clear arp 11 17 traceroute 11 17 sh...

Page 366: ...eters Defaults None Mode Switch command read write Example This example shows how to map IP address 192 168 219 232 to MAC address 00 00 0c 40 0f bc G3 su set arp 192 168 219 232 00 00 0c 40 0f bc Tab...

Page 367: ...ries r d n v host Parameters ip address all Specifies the IP address in the ARP table to be cleared or clears all ARP entries w waittime Optional Specifies time in seconds to wait for a response to a...

Page 368: ...su traceroute 192 167 252 17 traceroute to 192 167 252 17 192 167 252 17 30 hops max 40 byte packets 1 matrix enterasys com 192 167 201 40 20 000 ms 20 000 ms 20 000 ms 2 14 1 0 45 14 1 0 45 40 000 m...

Page 369: ...display the timeout period for aging learned MAC entries Syntax show mac agetime Parameters None Defaults None Table 11 5 show mac Output Details Output Field What It Displays MAC Address MAC addresse...

Page 370: ...ime Parameters Defaults None Mode Switch command read only Example This example shows how to set the MAC timeout period G3 su set mac agetime 250 clear mac agetime Use this command to reset the timeou...

Page 371: ...Each algorithm is optimized for a different spread of MAC addresses When changing this mode the switch will display a warning message and prompt you to restart the device The default MAC algorithm is...

Page 372: ...This example resets the MAC hashing algorithm to the default value G3 su clear mac algorithm set mac multicast Use this command to define on what ports within a VLAN a multicast address can be dynami...

Page 373: ...ode Switch command read write Example This example clears multicast MAC address 01 01 22 33 44 55 from VLAN 24 G3 su clear mac multicast 01 01 22 33 44 55 24 show mac unreserved flood Use this command...

Page 374: ...When enabled this prevents policy profiles requiring a full 10 masks from being loaded Syntax set mac unreserved flood disable enable Parameters Defaults None Mode Switch command read write Usage The...

Page 375: ...SNTP client settings Syntax show sntp Parameters None Defaults None Mode Switch command read only Note A host IP address must be configured on the G3 to support SNTP For information about Refer to pa...

Page 376: ...nt on page 11 27 Broadcast Count Number of SNTP broadcast frames received Poll Interval Interval between SNTP unicast requests Default of 512 seconds can be reset using the set sntp poll interval comm...

Page 377: ...client broadcast clear sntp client Use this command to clear the SNTP client s operational mode Syntax clear sntp client Parameters None Defaults None Mode Switch command read write Example This exam...

Page 378: ...r G3 su set sntp server 10 21 1 100 clear sntp server Use this command to remove one or all servers from the SNTP server list Syntax clear sntp server ip address all Parameters Defaults None Mode Swit...

Page 379: ...s G3 su set sntp poll interval 30 clear sntp poll interval Use this command to clear the poll interval between unicast SNTP requests Syntax clear sntp poll interval Parameters None Defaults None Mode...

Page 380: ...P server Syntax clear sntp poll retry Parameters None Defaults None Mode Switch command read write Example This example shows how to clear the number of SNTP poll retries G3 su clear sntp poll retry s...

Page 381: ...yntax clear sntp poll timeout Parameters None Defaults None Mode Switch command read write Example This example shows how to clear the SNTP poll timeout G3 su clear sntp poll timeout Configuring Node...

Page 382: ...5 47 0 Enable ge 2 6 47 2 Enable ge 2 7 47 0 Enable ge 2 8 47 0 Enable ge 2 9 4000 1 Enable Table 11 7 provides an explanation of the command output set nodealias Use this command to enable or disabl...

Page 383: ...s disable ge 1 3 clear nodealias config Use this command to reset node alias state to enabled and clear the maximum entries value Syntax clear nodealias config port string Parameters Defaults None Mod...

Page 384: ...clear nodealias config 11 34 Logging and Network Management...

Page 385: ...roups supported on G Series devices each group s function and the elements it monitors and the associated configuration commands needed For information about Refer to page RMON Monitoring Group Functi...

Page 386: ...of events from the device Event type description last time event was sent show rmon event on page 12 12 set rmon event properties on page 12 13 set rmon event status on page 12 14 clear rmon event on...

Page 387: ...one or more ports Syntax show rmon stats port string Parameters Defaults If port string is not specified RMON stats will be displayed for all ports Mode Switch command read only Note Due to hardware...

Page 388: ...1023 Octets 0 Oversize Pkts 0 1024 1518 Octets 0 Fragments 0 Table 12 2 provides an explanation of the command output set rmon stats Use this command to configure an RMON statistics entry Syntax set r...

Page 389: ...d clear RMON history properties and statistics Commands show rmon history Use this command to display RMON history properties and statistics The RMON history group records periodic statistical samples...

Page 390: ...Status valid Data Source ifIndex 1 Interval 30 Buckets Requested 50 Buckets Granted 10 Sample 2779 Interval Start 1 days 0 hours 2 minutes 22 seconds Drop Events 0 Undersize Pkts 0 Octets 0 Oversize P...

Page 391: ...to delete one or more RMON history entries or reset one or more entries to default values For specific values refer to set rmon history on page 12 6 Syntax clear rmon history index list to defaults Pa...

Page 392: ...how to display RMON alarm entry 3 G3 rw show rmon alarm 3 Index 3 Owner Manager Status valid Variable 1 3 6 1 4 1 5624 1 2 29 1 2 1 0 Sample Type delta Startup Alarm rising Interval 30 Value 0 Rising...

Page 393: ...ng Threshold Minimum threshold for causing a rising alarm Falling Threshold Maximum threshold for causing a falling alarm Rising Event Index Index number of the RMON event to be triggered when the ris...

Page 394: ...lling either Optional Specifies the type of alarm generated when this event is first enabled as Rising Sends alarm when an RMON event reaches a maximum threshold condition is reached for example more...

Page 395: ...an unused index with the set rmon alarm properties command Example This example shows how to enable RMON alarm entry 3 G3 rw set rmon alarm status 3 enable clear rmon alarm Use this command to delete...

Page 396: ...d Mode Switch command read only Example This example shows how to display RMON event entry 3 G3 rw show rmon event 3 Index 3 Owner Manager Status valid Description STP Topology change Type log and tra...

Page 397: ...ed valid or disabled Description Text string description of this event Type Whether the event notification will be a log entry and SNMP trap both or none Community SNMP community name if message type...

Page 398: ...enable Parameters Defaults None Mode Switch command read write Usage An RMON event entry can be created using this command configured using the set rmon event properties command set rmon event proper...

Page 399: ...en captured the capture will stop Filtering will be performed on the frames captured in the buffer Therefore only a subset of the frames captured will be available for display One channel at a time ca...

Page 400: ...NetSight smith set rmon channel Use this command to configure an RMON channel entry Syntax set rmon channel index port string accept matched failed control on off description description owner owner...

Page 401: ...ccept failed control on description capture all clear rmon channel Use this command to clear an RMON channel entry Syntax clear rmon channel index Parameters Defaults None Mode Switch command read wri...

Page 402: ...sk dmask dnotmask dnotmask owner owner Parameters index index channel channel Optional Displays information about a specific filter entry or about all filters which belong to a specific channel index...

Page 403: ...MON filter entry Syntax clear rmon filter index index channel channel Parameters Defaults None Mode Switch command read write Example This example shows how to clear RMON filter entry 1 G3 rw clear rm...

Page 404: ...MON capture entries and associated buffer control entries Syntax show rmon capture index nodata Parameters Defaults If no options are specified all buffer control entries and associated captured packe...

Page 405: ...0 11 0b 00 set rmon capture Use this command to configure an RMON capture entry Syntax set rmon capture index channel action lock slice slice loadsize loadsize offset offset asksize asksize owner owne...

Page 406: ...be applied If owner is not specified it will be set to monitor Mode Switch command read write Example This example shows how to create RMON capture entry 1 to listen on channel 628 G3 rw set rmon capt...

Page 407: ...assigns an IP address to a client for a limited period of time or until the client explicitly relinquishes the address from a defined pool of IP addresses configured on the server Manual A client s I...

Page 408: ...ubnet and use the same mask as the system host port IP address For example set dhcp pool auto pool network 192 0 0 0 255 255 255 0 All DHCP clients served by this switch must be in the same VLAN as th...

Page 409: ...on the G Series Syntax set dhcp enable disable Parameters Defaults None Mode Switch command read write For information about Refer to page set dhcp 13 3 set dhcp bootp 13 4 set dhcp conflict logging 1...

Page 410: ...disable Parameters Defaults None Mode Switch command read write Example This example enables address allocation for BOOTP clients G3 rw set dhcp bootp enable set dhcp conflict logging Use this comman...

Page 411: ...t IP address Detection Method Detection Time 192 0 0 2 Ping 0 days 19h 01m 23s 192 0 0 3 Ping 0 days 19h 00m 46s 192 0 0 4 Ping 0 days 19h 01m 25s 192 0 0 12 Ping 0 days 19h 01m 26s clear dhcp conflic...

Page 412: ...s the address pool named auto1 with 255 addresses for the Class C network 172 20 28 0 with the set dhcp pool network command Then the example limits the scope of the addresses that can be assigned by...

Page 413: ...ent Syntax set dhcp ping packets number Parameters Defaults None Mode Switch command read write Example This example sets the number of ping packets sent to 3 G3 rw set dhcp ping packets 3 clear dhcp...

Page 414: ...is example displays binding information about all addresses G3 rw show dhcp binding IP address Hardware Address Lease Expiration Type 192 0 0 6 00 33 44 56 22 39 00 11 02 Automatic 192 0 0 8 00 33 44...

Page 415: ...server statistics Syntax show dhcp server statistics Parameters None Defaults None Mode Read only Example This example displays server statistics G3 ro show dhcp server statistics Automatic Bindings...

Page 416: ...onfigured using either the client s hardware address set dhcp pool hardware address or the client s client identifier set dhcp pool client identifier but using both is not recommended If the incoming...

Page 417: ...cp pool client name 13 18 set dhcp pool bootfile 13 18 clear dhcp pool bootfile 13 19 set dhcp pool next server 13 19 clear dhcp pool next server 13 20 set dhcp pool lease 13 20 clear dhcp pool lease...

Page 418: ...lts None Mode Switch command read write Example This example creates an address pool named auto1 G3 rw set dhcp pool auto1 clear dhcp pool Use this command to delete a DHCP server pool of addresses Sy...

Page 419: ...ol named auto1 Alternatively the mask could have been specified as 255 255 255 0 G3 rw set dhcp pool auto1 network 172 20 28 0 24 This example limits the scope of 255 addresses created for the Class C...

Page 420: ...d Mode Switch command read write Example This example specifies 0001 f401 2710 as the Ethernet MAC address for the manual address pool named manual1 Alternatively the MAC address could have be entered...

Page 421: ...ite Example This example shows how to configure the minimum requirements for a manual binding address pool First the hardware address of the client s hardware platform is configured followed by config...

Page 422: ...dware address command to create a manual binding pool but using both is not recommended Syntax set dhcp pool poolname client identifier id Parameters Defaults None Mode Switch command read write Usage...

Page 423: ...tax clear dhcp pool poolname client identifier Parameters Defaults None Mode Switch command read write Example This example deletes the client identifier from the address pool named manual1 G3 rw clea...

Page 424: ...lear dhcp pool poolname client name Parameters Defaults None Mode Switch command read write Example This example deletes the client name from the manual binding pool manual2 G3 rw clear dhcp pool manu...

Page 425: ...e This example removes the boot image filename from address pool named auto1 G3 rw clear dhcp pool auto1 bootfile set dhcp pool next server Use this command to specify the file server from which the d...

Page 426: ...example removes the file server from address pool auto1 G3 rw clear dhcp pool auto1 next server set dhcp pool lease Use this command to specify the duration of the lease for an IP address assigned by...

Page 427: ...lease time for this address pool to the default value of one day Mode Switch command read write Example This example restores the default lease duration of one day for address pool auto1 G3 rw clear d...

Page 428: ...e removes the default router from the address pool auto1 G3 rw clear dhcp pool auto1 default router set dhcp pool dns server Use this command to specify one or more DNS servers for the DHCP clients se...

Page 429: ...d write Example This example removes the DNS server list from the address pool auto1 G3 rw clear dhcp pool auto1 dns server set dhcp pool domain name Use this command to specify a domain name to be as...

Page 430: ...his example removes the domain name from the address pool auto1 G3 rw clear dhcp pool auto1 domain name set dhcp pool netbios name server Use this command to assign one or more NetBIOS name servers fo...

Page 431: ...Example This example removes the NetBIOS name server list from the address pool auto1 G3 rw clear dhcp pool auto1 netbios name server set dhcp pool netbios node type Use this command to specify a Net...

Page 432: ...read write Example This example removes the NetBIOS node type from the address pool auto1 G3 rw clear dhcp pool auto1 netbios node type set dhcp pool option Use this command to configure DHCP options...

Page 433: ...253 clear dhcp pool option Use this command to remove a DHCP option from the address pool being configured Syntax clear dhcp pool poolname option code Parameters Defaults None poolname Specifies the...

Page 434: ...le displays configuration information for all address pools G3 rw show dhcp pool configuration all Pool Atg_Pool Pool Type Dynamic Network 192 0 0 0 255 255 255 0 Lease Time 1 days 0 hrs 0 mins Defaul...

Page 435: ...sic platform settings such as host name system clock and terminal display settings Setting Basic Switch Properties on page 2 8 Setting the system IP address set ip address on page 2 9 Creating and ena...

Page 436: ...al router configuration mode configure Router G3 su router 4 Enable interface configuration mode using the routing VLAN or loopback id interface vlan vlan id loopback loop id Router G3 su router Confi...

Page 437: ...l name and for OSPF the instance ID from Global or Interface Configuration mode G3 su router Config router Note To jump to a lower configuration mode type exit at the command prompt To revert back to...

Page 438: ...Enabling Router Configuration Modes 14 4 Preparing for Router Mode...

Page 439: ...nds Router Unless otherwise noted the commands covered in this chapter can be executed only when the device is in router mode For details on how to enable router configuration modes refer to Enabling...

Page 440: ...name of this device is Vlan 1 The MTU is 1500 bytes The bandwidth is 10000 Mb s Encapsulation ARPA Loopback not set ARP type ARPA ARP Timeout 14400 seconds This example shows how to display informatio...

Page 441: ...t Enabling interface configuration mode is required for completing interface specific configuration tasks For an example of how these commands are used refer to Pre Routing Configuration Tasks on page...

Page 442: ...ce type is not specified status information for all routing interfaces will be displayed Mode Any router mode Example This example shows how to display configuration information for VLAN 1 G3 su route...

Page 443: ...ess on page 15 5 Frame Type Encapsulation type used by this interface Set using the arp command as described in arp on page 15 12 MAC Address MAC address mapped to this interface Incoming Access List...

Page 444: ...e device Syntax show running config Parameters None Defaults None Mode Any router mode Example This example shows how to display the current router operating configuration G3 su router show running co...

Page 445: ...ter Config Defaults None Example This example shows how to disable IP routing on the device G3 su router Config no ip routing Configuring Tunnel Interfaces Purpose The commands in this section describ...

Page 446: ...The no form of this command removes the tunnel interface and associated configuration parameters Example This example creates a configured tunnel interface 1 G3 su router Config interface tunnel 1 G3...

Page 447: ...transport address of the tunnel Syntax tunnel destination ipv4 addr no tunnel destination Parameters Defaults None Mode Router interface configuration G3 su router Config if Tnnl 1 Usage The no form o...

Page 448: ...su router Config if Tnnl 1 G3 su router Config if Tnnl 1 tunnel mode ipv6ip show interface tunnel This command displays information about a configured tunnel interface Syntax show interface tunnel tu...

Page 449: ...ddress Syntax show ip arp ip address vlan vlan id output modifier Parameters For information about Refer to page show ip arp 15 11 arp 15 12 ip proxy arp 15 13 arp timeout 15 14 clear arp cache 15 14...

Page 450: ...Internet 134 141 235 251 0 0003 4712 7a99 ARPA Vlan2 Table 15 2 provides an explanation of the command output arp Use this command to add or remove permanent static ARP table entries Up to 1 000 stati...

Page 451: ...nable proxy ARP on an interface The no form of this command disables proxy ARP Syntax ip proxy arp no ip proxy arp Parameters None Defaults Disabled Mode Interface configuration G3 su router Config if...

Page 452: ...ers Defaults 14 400 seconds Mode Global configuration G3 su router Config Example This example shows how to set the ARP timeout to 7200 seconds G3 su router Config arp timeout 7200 clear arp cache Use...

Page 453: ...c network or subnet The directed broadcast address includes the network or subnet fields with the binary bits of the host portion of the address set to one For example for a network with the address 1...

Page 454: ...ormally the router drops all broadcast packets However by executing this command you enable the routed interface to pass DHCP broadcast frames through sending them directly to the remote DHCP server s...

Page 455: ...prefix match connected ospf rip static summary Parameters Defaults If no parameters are specified all IP route information will be displayed For information about Refer to page show ip route 15 17 ip...

Page 456: ...ck 0 O 11 11 27 27 32 8 10 via 168 1 0 254 Vlan 1200 O 11 11 28 28 32 8 20 via 168 1 0 254 Vlan 1200 E2 12 0 0 0 17 150 20 via 168 0 0 249 Vlan 3205 E2 19 0 0 0 30 150 20 via 168 0 0 249 Vlan 3205 IA...

Page 457: ...ddress 10 0 0 0 G3 su router Config ip route 10 0 0 0 255 0 0 0 10 1 2 3 ping Use this command to test routing network connectivity by sending IP ping requests Syntax ping ip address Parameters Defaul...

Page 458: ...te destination Syntax traceroute host Parameters Defaults None Mode Privileged EXEC G3 su router Usage There is also a traceroute command available in switch mode Example This example shows how to use...

Page 459: ...terasys Networks Sales Configuring RIP Purpose To enable and configure the Routing Information Protocol RIP Router The commands covered in this chapter can be executed only when the device is in route...

Page 460: ...1 RIP Configuration Task List and Commands To do this Use these commands Enable RIP configuration mode router rip on page 16 2 Enable RIP on an interface ip rip enable on page 16 3 Configure an admin...

Page 461: ...efaults None Mode Interface configuration G3 su router Config if Vlan 1 Example This example shows how to enable RIP on the VLAN 1 interface G3 su router Config interface vlan 1 G3 su router Config if...

Page 462: ...version for RIP update packets transmitted out an interface The no version of this command sets the version of the RIP update packets to RIPv1 Syntax ip rip send version 1 2 r1compatible no ip rip se...

Page 463: ...eived on the VLAN 1 interface G3 su router Config interface vlan 1 G3 su router Config if Vlan 1 ip rip receive version 2 ip rip authentication key Use this command to enable or disable a RIP authenti...

Page 464: ...key keyid md5 key no ip rip message digest key keyid Parameters Mode Interface configuration G3 su router Config if Vlan 1 Defaults None Examples This example shows how to set the MD5 authentication...

Page 465: ...Example This example shows how to disable RIP automatic route summarization G3 su router Config router rip G3 su router Config router no auto summary split horizon poison Use this command to enable o...

Page 466: ...N 2 G3 su router Config router rip G3 su router Config router passive interface vlan 2 receive interface Use this command to allow RIP to receive update packets on an interface The no form of this com...

Page 467: ...ts If metric value is not specified 1 will be applied If subnets is not specified only non subnetted routes will be redistributed connected Specifies that non RIP routing information discovered via di...

Page 468: ...on page 2 27 in order to enable the OSPF command set If you wish to purchase an advanced routing license contact Enterasys Networks Sales Table 16 2 OSPF Configuration Task List and Commands To do th...

Page 469: ...ed by Area Boundary Routers ABRs area range on page 16 20 Define an area as a stub area area stub on page 16 21 Set the cost value for the default route that is sent into a stub area area default cost...

Page 470: ...iguration tasks For details on enabling configuration modes refer to Table 14 2 in Enabling Router Configuration Modes on page 14 2 Only one OSPF process process id is allowed per G Series router Exam...

Page 471: ...ne Mode Interface configuration G3 su router Config if Vlan 1 Example This example shows how to enable OSPF on the VLAN 1 interface G3 su router Config interface vlan 1 G3 su router Config if Vlan 1 i...

Page 472: ...st no ip ospf cost Parameters Defaults None Mode Interface configuration G3 su router Config if Vlan 1 Usage Each router interface that participates in OSPF routing is assigned a default cost This com...

Page 473: ...5 seconds for delay and 10 seconds for holdtime Syntax timers spf spf delay spf hold no timers spf Parameters Defaults None Mode Router configuration G3 su router Config router Example This example sh...

Page 474: ...vlan 1 G3 su router Config if Vlan 1 ip ospf retransmit interval 20 ip ospf transmit delay Use this command to set the amount of time required to transmit a link state update packet on an interface Th...

Page 475: ...conds a router must wait to receive a hello packet from its neighbor before determining that the neighbor is out of service The no form of this command sets the dead interval value to the default valu...

Page 476: ...is password is used as a key that is inserted directly into the OSPF header in routing protocol packets A separate password can be assigned to each OSPF network on a per interface basis All neighborin...

Page 477: ...ospf external inter area intra area weight no distance ospf external inter area intra area Parameters Defaults If route type is not specified the distance value will be applied to all OSPF routes Mod...

Page 478: ...of addresses to be used by Area Border Routers ABRs when they communicate routes to other areas Each G Series can support up to 4 OSPF areas The no form of this command stops the routes from being sum...

Page 479: ...s Example The following example shows how to define OSPF area 10 as a stub area G3 su router Config router ospf 1 G3 su router Config router area 10 stub area default cost Use this command to set the...

Page 480: ...riginate is not specified no default type will be generated Mode Router configuration G3 su router Config router Usage An NSSA allows some external routes represented by external Link State Advertisem...

Page 481: ...id transmit delay seconds no area area id virtual link router id transmit delay seconds Parameters area id Specifies the transit area for the virtual link Valid values are decimal values or IP addres...

Page 482: ...tributed transmit delay seconds Specifies the estimated number of seconds before a link state update packet on the interface to be transmitted Valid values range from 1 to 8192 Default is 1 second con...

Page 483: ...mode Example This example shows how to display OSPF information G3 su router show ip ospf Routing process ospf 1 with ID 155 155 155 155 Supports only Normal TOS route It is not an area border router...

Page 484: ...3 3 7 155 155 155 155 1307 0x8000003c 0x33ea 191 3 3 8 155 155 155 155 1307 0x8000003c 0x29f3 191 3 3 9 155 155 155 155 1307 0x8000003c 0x1ffc 191 4 0 0 155 155 155 155 1307 0x8000003c 0x8e98 Displayi...

Page 485: ...e 16 4 provides an explanation of the command output Table 16 3 show ip ospf database Output Details Output Field What It Displays Link ID Link ID which varies as a function of the link state record t...

Page 486: ...ospf priority on page 16 14 Designated Router id The router ID of the designated router on this subnet if one exists in which case Err will be displayed Interface Addr IP address of the designated ro...

Page 487: ...ommand output show ip ospf virtual links Use this command to display information about the virtual links configured on a router A virtual link represents a logical connection between the backbone and...

Page 488: ...ws how to reset OSPF process 1 G3 su router clear ip ospf process 1 Table 16 6 show ip ospf virtual links Output Details Output Field What It Displays Neighbor ID ID of the virtual link neighbor and t...

Page 489: ...lobally and on each interface Enabling DVMRP on a routed interface requires completing the steps listed in Table 16 1 Advanced License Required DVMRP is an advanced routing feature that must be enable...

Page 490: ...mple shows how to enable the DVMRP process G3 su router Config ip dvmrp ip dvmrp enable Use this command to enable DVMRP on an interface The no form of this command disables DVMRP on an interface Synt...

Page 491: ...mple This example shows how to set a DVMRP of 16 on the VLAN 1 interface G3 su router Config if Vlan 1 ip dvmrp metric 16 show ip dvmrp Use this command to display DVMRP routing information Syntax sho...

Page 492: ...iscovery Protocol IRDP on an interface This protocol enables a host to determine the address of a router it can use as a default gateway It is disabled by default Commands ip irdp enable Use this comm...

Page 493: ...rs Defaults None Mode Interface configuration G3 su router Config if Vlan 1 Example This example shows how to set the maximum IRDP advertisement interval to 1000 seconds on the VLAN 1 interface G3 su...

Page 494: ...is equal to 1800 seconds Syntax ip irdp holdtime holdtime no irdp holdtime Parameters Defaults None Mode Interface configuration G3 su router Config if Vlan 1 Example This example shows how to set th...

Page 495: ...e limited broadcast address of 255 255 255 255 The default is multicast with address 224 0 0 1 The no form of this command resets IRDP to use multicast on IP address 224 0 0 1 Syntax ip irdp broadcast...

Page 496: ...configure the Virtual Router Redundancy Protocol VRRP This protocol eliminates the single point of failure inherent in the static default routed environment by transferring the responsibility from one...

Page 497: ...router vrrp command to enable the protocol before completing other VRRP specific configuration tasks For details on enabling configuration modes refer to Table 14 2 in Enabling Router Configuration M...

Page 498: ...Use this command to configure a virtual router IP address The no form of this command clears the VRRP address configuration Syntax address vlan vlan id vrid ip address owner no address vlan vlan id vr...

Page 499: ...ows how to configure a virtual router address of 182 127 62 1 on the VLAN 1 interface VRID 1 and to set the router connected to the VLAN via this interface as the master G3 su router Config router vrr...

Page 500: ...master is selected then advertisements are sent every advertising interval to let other VRRP routers in this VLAN VRID know the router is still acting as master of the VLAN VRID priority value Specif...

Page 501: ...routers by default which allows a higher priority backup router to preempt a lower priority master The router that owns the virtual router IP address always preempts other routers regardless of this...

Page 502: ...on Syntax ip vrrp authentication key name no ip vrrp authentication key Parameters Defaults None Mode Interface configuration G3 su router Config if Vlan 1 Example This example shows how to set the VR...

Page 503: ...rk and bandwidth is limited In situations where members are densely located and bandwidth is plentiful DVMRP would suffice see Configuring DVMRP on page 16 31 PIM SM determines the network topology us...

Page 504: ...bal router configuration G3 su router Config Example This example shows how to globally enable and disable PIM G3 su router Config ip pimsm G3 su router Config no ip pimsm For information about Refer...

Page 505: ...taticrp 192 15 18 3 224 0 0 0 240 0 0 0 ip pimsm enable This command sets the administrative mode of PIM SM multicast routing on a routing interface to enabled By default PIM is disabled on all IP int...

Page 506: ...seconds no ip pimsm query interval Parameters Defaults None Mode Interface configuration G3 su router Config if Vlan 1 Example This example shows how to set the hello interval rate to 100 seconds G3 s...

Page 507: ...g objects specific to a PIM domain One row exists for each domain to which the router is connected Syntax show ip pimsm componenttable Parameters None Defaults None Mode Any router mode Table 16 7 sho...

Page 508: ...erface vlan vlan id stats vlan id all Parameters Defaults None Mode Any router mode Table 16 8 show ip pimsm componenettable Output Details Output Field What it displays Component Index This field dis...

Page 509: ...he IP address of the specified interface Subnet Mask The Subnet Mask for the IP address of the PIM interface Mode Indicates whether PIM SM is enabled or disabled on the specified interface This is a c...

Page 510: ...6 11 provides an explanation of the command output show ip pimsm rp This command displays the PIM information for candidate Rendezvous Points RPs for all IP multicast groups or for a specific group ad...

Page 511: ...TABLE Group Address Group Mask Address 224 0 0 0 240 0 0 0 192 168 30 2 group address The multicast group IP address group mask The multicast group address subnet mask all For all known group addresse...

Page 512: ...his example shows how to display RP that will be selected for group address 224 0 0 0 G3 su router show ip pimsm rphash 224 0 0 0 192 168 129 223 show ip pimsm staticrp Display the PIM SM static Rende...

Page 513: ...e 16 13 provides an explanation of the command output Table 16 13 show ip pimsm staticrp Output Details Output Field What it displays Address The IP address of the RP Group Address The group address s...

Page 514: ...show ip pimsm staticrp 16 56 IPv4 Routing Protocol Configuration...

Page 515: ...the switch and to display IPv6 status information Commands show ipv6 status Use this command to display the status of the IPv6 management function Syntax show ipv6 status Parameters None For informati...

Page 516: ...management is disabled Mode Switch mode read write Usage When you enable IPv6 management on the switch the system automatically generates a link local host address for the switch from the host MAC ad...

Page 517: ...su set ipv6 address 2001 0db8 1234 5555 9876 2 64 G3 su show ipv6 address Name IPv6 Address host FE80 201 F4FF FE5C 2880 64 host 2001 DB8 1234 5555 9876 2 64 This example shows how to use the eui64 pa...

Page 518: ...4 host 2001 DB8 1234 5555 201 F4FF FE5C 2880 64 gateway FE80 201 F4FF FE5D 1234 clear ipv6 address Use this command to clear IPv6 global addresses Syntax clear ipv6 address all ipv6 addr prefix length...

Page 519: ...55 9876 2 64 gateway FE80 201 F4FF FE5D 1234 G3 su clear ipv6 address all G3 su show ipv6 address Name IPv6 Address host FE80 201 F4FF FE5C 2880 64 gateway FE80 201 F4FF FE5D 1234 set ipv6 gateway Use...

Page 520: ...1234 clear ipv6 gateway Use this command to clear an IPv6 gateway address Syntax clear ipv6 gateway Parameters None Defaults None Mode Switch mode read write Example This example shows how to remove a...

Page 521: ...shows example output of this command G3 su show ipv6 neighbors Last IPv6 Address MAC Address isRtr State Updated 2001 db8 1234 6666 2310 3 00 04 76 73 42 31 True Reachable 00 01 16 show ipv6 netstat U...

Page 522: ...480 1384 F58C B114 1053 TCP 3333 211 88FF FE59 4424 80 ESTABLISHED 2020 D480 1384 F58C B114 1054 TCP 443 LISTEN TCP 3333 211 88FF FE59 4424 22 ESTABLISHED 2020 D480 1384 F58C B114 1048 TCP 3333 211 88...

Page 523: ...ts actually take when traveling to their destination through the network on a hop by hop basis Syntax traceroute ipv6 ipv6 addr Parameters Defaults None Mode Switch mode read write Usage This command...

Page 524: ...traceroute ipv6 17 10 IPv6 Management...

Page 525: ...ch are supported hop by hop options and destination options While new options can be defined in the future the following are currently supported routing for source routing fragment router alert and pa...

Page 526: ...tion router and address lifetimes and Neighbor Discovery timer control Ping and traceroute applications for IPv6 are provided Management of IPv6 features is provided by means of CLI commands and SNMP...

Page 527: ...no form of this command disables IPv6 forwarding on the router Example This example disables IPv6 forwarding G3 su router Config no ipv6 forwarding ipv6 hop limit This command sets the maximum number...

Page 528: ...v6 route ipv6 prefix prefix length interface tunnel tunnel id vlan vlan id next hop addr pref Parameters hops Specifies the maximum number of IPv6 hops used in IPv6 packets and router advertisements g...

Page 529: ...d configures the default distance or preference for static IPv6 routes Syntax ipv6 route distance pref no ipv6 route distance Parameters Defaults Default preference or administrative distance is 1 Mod...

Page 530: ...les forwarding of IPv6 unicast datagrams Syntax ipv6 unicast routing no ipv6 unicast routing Parameters None Defaults Disabled Mode Router global configuration G3 su router Config Usage Use this comma...

Page 531: ...001 DB8 1234 5555 1234 1 Average round trip time 1 00 ms This example shows output from an unsuccessful ping to IPv6 address 2001 0db8 1234 5555 1234 1 G3 su ping ipv6 2001 0db8 1234 5555 1234 1 no an...

Page 532: ...example shows output from a successful ping to link local address fe80 211 88ff fe55 4a7f G3 su router ping ipv6 interface vlan 6 link local address fe80 211 88ff fe55 4a7f Send count 3 Receive count...

Page 533: ...Router interface configuration G3 su router Config if Vlan 1 For information about Refer to page ipv6 address 18 9 ipv6 enable 18 10 ipv6 mtu 18 11 ipv6 addr The IPv6 address to be configured on the i...

Page 534: ...es an IPv6 address by using the eui64 parameter Then the show ipv6 interface is executed to display the configuration Note that a link local address has also automatically been generated G3 su router...

Page 535: ...r show ipv6 interface vlan 7 Vlan 7 Administrative Mode Enabled Vlan 7 IPv6 Routing Operational Mode Enabled IPv6 is Enabled IPv6 Prefix is FE80 211 88FF FE55 4A7F 128 Routing Mode Enabled Interface M...

Page 536: ...n be made to the Neighbor Cache by the Neighbor Discovery protocol The Neighbor Discovery commands allow you to set protocol parameters on an interface basis clear ipv6 neighbors This command clears a...

Page 537: ...ss Detection must be performed on unicast addresses prior to assigning them to an interface An address remains in a tentative state while Duplicate Address Detection is being performed If a tentative...

Page 538: ...en resolving a unicast address DAD or when probing the reachability of a neighbor This value is also advertised in Router Advertisement RA messages sent on the interface Use the no form of this comman...

Page 539: ...me is unspecified by this router is sent out in RA messages Use the no form of this command to reset this value to the default The show ipv6 interface command displays the current reachable time setti...

Page 540: ...transmission interval between router advertisements Syntax ipv6 nd ra interval sec no ipv6 nd ra interval Parameters Defaults 600 seconds Mode Router interface configuration G3 su router Config if Vla...

Page 541: ...Syntax ipv6 nd suppress ra no ipv6 nd suppress ra Parameters None Defaults Suppression disabled Mode Router interface configuration G3 su router Config if Vlan 1 Usage By default transmission of rout...

Page 542: ...the network portion of the address valid lifetime infinite Optional Specifies the length of time in seconds relative to the time the packet is sent that the prefix is valid for the purpose of on link...

Page 543: ...is allowed see ipv6 nd other config flag The no form of this command removes the prefix from the list of prefixes advertised in router advertisements by this interface Example This example configures...

Page 544: ...If no interface is specified information about all IPv6 interfaces is displayed Mode Router privileged execution G3 su router Router global configuration G3 su router Config Usage Use this command to...

Page 545: ...uter Advertisement Suppress Flag Disabled This example displays information about IPv6 interface tunnel 1 G3 su router show ipv6 interface tunnel 1 Tunnel 1 Administrative Mode Enabled Tunnel 1 IPv6 R...

Page 546: ...2D0 B7FF FE2C 76AC 00 d0 b7 2c 76 ac False Stale 1566 Vlan 6 FE80 2D0 B7FF FE2C 76B4 00 d0 b7 2c 76 b4 False Delay 1903 Vlan 6 Table 18 1 provides an explanation of the command output show ipv6 route...

Page 547: ...network prefix of the route to display and the prefix length The prefix must be in the form documented in RFC 4291 with the address specified in hexadecimal using 16 bit values between colons The pre...

Page 548: ...ue associated with the type of route Syntax show ipv6 route preference Parameters None Table 18 2 show ipv6 route Output Details Output Field What It Displays Codes Key for the routing protocol codes...

Page 549: ...s Local 0 Static 1 OSPF Intra 8 OSPF Inter 10 OSPF Ext T1 13 OSPF Ext T2 150 OSPF NSSA T1 14 OSPF NSSA T2 151 Table 18 3 provides an explanation of the command output Note The configuration of NSSA pr...

Page 550: ...6 Routing Table Summary 6 entries Connected Routes 3 Static Routes 3 OSPF Routes 0 Intra Area Routes 0 Inter Area Routes 0 External Type 1 Routes 0 External Type 2 Routes 0 Total routes 6 Number of Pr...

Page 551: ...tagrams Locally Delivered 116 Received Datagrams Discarded Due To Header Errors 0 Received Datagrams Discarded Due To MTU 0 Received Datagrams Discarded Due To No Route 0 Received Datagrams With Unkno...

Page 552: ...Pv6 Router Advertisement Messages Transmitted 7 ICMPv6 Neighbor Solicit Messages Transmitted 625 ICMPv6 Neighbor Advertisement Messages Transmitted 27 ICMPv6 Redirect Messages Transmitted 0 ICMPv6 Gro...

Page 553: ...at this interface Note that this counter increments at the interface to which these fragments were addressed which might not be necessarily the input interface for some of the fragments Datagrams Suc...

Page 554: ...ors Received Number of ICMP messages which the interface received but determined as having ICMP specific errors bad ICMP checksums bad length etc ICMPv6 Destination Unreachable Messages Received Numbe...

Page 555: ...nistratively prohibited messages sent ICMPv6 Time Exceeded Messages Transmitted Number of ICMP Time Exceeded messages sent by the interface ICMPv6 Parameter Problem Messages Transmitted Number of ICMP...

Page 556: ...ied the counters for all IPv6 traffic statistics are reset to zero when this command is executed Example This example clears the statistics for VLAN 6 G3 su router clear ipv6 statistics vlan 6 ICMPv6...

Page 557: ...t to point interface with a link local address and possibly a global unicast address OSPFv3 uses the reported MTU for tunnel interfaces OSPFv3 supports ECMP routes OSPFv3 includes NSSA and AS external...

Page 558: ...table lists the default OSPFv3 conditions Condition Default Value IPv6 OSPF Disabled IPv6 OSPF cost 10 IPv6 OSPF dead interval 40 seconds IPv6 OSPF hello interval 10 seconds IPv6 OSPF mtu ignore Enabl...

Page 559: ...router Syntax ipv6 router id ip address Parameters Defaults None Mode Router global configuration G3 su router Config Usage Use this command to configure the OSPFv3 router ID Example This example illu...

Page 560: ...n originate This command is used to control the advertisement of default routes Syntax default information originate always metric value metric type type no default information originate metric metric...

Page 561: ...efault metric for routes redistributed from another protocol into OSPFv3 Syntax default metric metric no default metric Parameters Defaults No default metric is configured Mode Router OSPFv3 configura...

Page 562: ...The following example set the intra area preference to 5 G3 su router Config router distance ospf intra 5 exit overflow interval This command configures the exit overflow interval for OSPFv3 Syntax ex...

Page 563: ...LSDB limit for OSPFv3 Syntax external lsdb limit limit no external lsdb limit Parameters Defaults The default value is 1 Mode Router OSPFv3 configuration G3 su router Config router Usage When the numb...

Page 564: ...OSPFv3 protocol to allow redistribution of routes from the specified source protocol routers Syntax redistribute connected static metric value metric type type tag tag no redistribute connected static...

Page 565: ...G3 su router Config router redistribute static metric 10 Area Configuration Commands Purpose These commands are used to configure area parameters Commands For information about Refer to page area def...

Page 566: ...BR The no form of this command removes the cost value from the summary route that is sent into the stub area Example This example sets the default route cost to 50 for area 20 G3 su router Config rout...

Page 567: ...ault route advertised into the NSSA Syntax area areaid nssa default info originate metric comparable non comparable no area areaid nssa default info originate Parameters Defaults Default metric value...

Page 568: ...m of this command to enable redistribution of learned external routes to the NSSA Example This example configures the router to not redistribute learned external routes into NSSA 20 G3 su router Confi...

Page 569: ...Type 5 LSAs when acting as an NSSA border router When the always parameter is specified with this command the router will always translate Type 7 LSAs regardless of the translator state of other NSSA...

Page 570: ...60 area range This command creates an address range for the specified NSSA Syntax area areaid range ipv6 prefix prefix length summarylink nssaexternallink advertise not advertise no area areaid range...

Page 571: ...eter or NSSA external LSAs Type 7 specified with the nssaexternallink parameter You can configure multiple address ranges with this command Use the no form of this command to remove a configured addre...

Page 572: ...As into the specified stub area Syntax area areaid stub no summary no area areaid stub no summary Parameters Defaults None Mode Router OSPFv3 configuration G3 su router Config router Usage Use the no...

Page 573: ...k neighborid dead interval seconds no area areaid virtual link neighborid dead interval Parameters Defaults The default dead interval is 40 seconds Mode Router OSPFv3 configuration G3 su router Config...

Page 574: ...t value of 10 seconds Example This example configures a hello interval of 30 seconds for the specified OSPFv3 virtual interface G3 su router Config router area 20 virtual link 2 2 2 2 hello interval 3...

Page 575: ...ansmit delay seconds no area areaid virtual link neighborid transmit delay Parameters Defaults The default transmit delay is 1 second Mode Router OSPFv3 configuration G3 su router Config router Usage...

Page 576: ...pv6 ospf enable This command enables OSPFv3 on a router interface or a loopback interface Syntax ipv6 ospf enable no ipv6 ospf enable Parameters None Defaults OSPFv3 is disabled by default Mode Router...

Page 577: ...on G3 su router Config if Vlan 1 Usage The area ID uniquely identifies the area to which the interface connects Assigning an area ID which does not exist on an interface causes the area to be created...

Page 578: ...t value of 10 Example This example configures the cost for router interface VLAN 7 to 100 G3 su router Config interface vlan 7 G3 su router Config if Vlan 7 ipv6 ospf cost 100 ipv6 ospf dead interval...

Page 579: ...l for the router interface Syntax ipv6 ospf hello interval seconds no ipv6 ospf hello interval seconds Parameters Defaults The default hello interval is 10 seconds Mode Router interface configuration...

Page 580: ...ription packet is rejected and the OSPF adjacency is not established Use this command to prevent the OSPFv3 router process from checking whether neighbors are using the same maximum transmission unit...

Page 581: ...nterface vlan 7 G3 su router Config if Vlan 7 ipv6 ospf network point to point ipv6 ospf priority This command sets the OSPFv3 priority for the router interface Router priority helps determine the des...

Page 582: ...scription and link state request packets Use the no form of this command to reset the retransmit interval to the default value of 4 seconds Example This example sets the retransmit interval to 10 seco...

Page 583: ...vlan 7 G3 su router Config if Vlan 7 ipv6 ospf transmit delay 4 OSPFv3 Show Commands Purpose These commands are used to display OSPFv3 information and statistics Commands show ipv6 ospf This command...

Page 584: ...fying the router about which information is displayed This is a configured value OSPF Admin Mode Whether the administrative mode of OSPF in the router is enabled or disabled This is a configured value...

Page 585: ...s Received The number of link state advertisements received determined to be new instantiations External LSDB Limit The maximum number of non default AS external LSAs entries that can be stored in the...

Page 586: ...uting The external routing capabilities for this area Spf Runs Number of times that the intra area route table has been calculated using this area s link state database Area Border Router Count Total...

Page 587: ...and output Table 19 3 show ipv6 ospf abr Output Details Output Field What It Displays Type The type of the route to the destination which is one of the following values INTRA Intra area route INTER In...

Page 588: ...ospf asbr Output Details Continued Output Field What It Displays areaid Optional Display database information about a specific area Enter the area ID in IP address format dotted quad or as a decimal...

Page 589: ...a Prefix States Area 0 0 0 10 Adv Router Link Id Age Sequence Csum Options Rtr Opt 2 2 2 2 0 506 80000027 DD00 AS External States Adv Router Link Id Age Sequence Csum Options Rtr Opt 2 2 2 2 1 342 800...

Page 590: ...e The format and function of the specified LSA LS Seq Number Number that represents which LSA is more recent Checksum Total number LSA checksum Lenght Size of the LSA in bytes Options Option bits in L...

Page 591: ...a Prefix 51 Inter area Router 0 Type 7 Ext 0 Link 2 Intra area Prefix 2 Link Unknown 0 Area Unknown 0 AS Unknown 0 AS Unknown 0 Self Originated Type 7 0 Subtotal 58 Router database summary Router 4 Ne...

Page 592: ...link source unknown LSAs in the OSPFv3 link state database Area Unknown Total number of area unknown LSAs in the OSPFv3 link state database AS Unknown Total number of as unknown LSAs in the OSPFv3 lin...

Page 593: ...G3 su router show ipv6 ospf interface tunnel 0 IPv6 Address FE80 5000 2 ifIndex 456 OSPF Admin Mode Enable OSPF Area ID 0 0 0 0 Router Priority 1 Retransmit Interval 5 Hello Interval 10 Dead Interval...

Page 594: ...transmission Authentication Type The type of authentication the interface performs on LSAs it receives Metric Cost The priority of the path Low costs have a higher priority than high costs OSPF MTU ig...

Page 595: ...es an explanation of the command output Table 19 8 show ipv6 ospf interface stats Output Details Output Field What It Displays OSPFv3 Area ID The area ID of this OSPFv3 interface Spf Runs Is the numbe...

Page 596: ...he number of OSPFv3 packets sent on the interface Received Packets The number of OSPFv3 packets received on the interface Discards Number of packets discarded Bad Version Number of bad version packets...

Page 597: ...he neighbor conversation no recent information has been received from the neighbor Attempt no recent information has been received from the neighbor but a more concerted effort should be made to conta...

Page 598: ...outer Area ID OSPFv3 area ID associated with the interface Options An integer value that indicates the optional OSPFv3 capabilities supported by the neighbor These are listed in its Hello packets This...

Page 599: ...rmation G3 su router show ipv6 ospf stub table AreaId TypeofService Metric Val Import SummaryLSA 0 0 0 20 Normal 1 Enable Table 19 12 provides an explanation of the command output Table 19 11 show ipv...

Page 600: ...provides an explanation of the command output Metric Val The metric value is applied based on the TOS It defaults to the least metric of the type of service among the interfaces to other areas The OS...

Page 601: ...interval for the OSPFv3 virtual interface State The OSPFv3 Interface States are down loopback waiting point to point designated router and backup designated router This is the state of the OSPFv3 inte...

Page 602: ...show ipv6 ospf virtual link 19 46 OSPFv3 Configuration...

Page 603: ...alidated against the configured RADIUS server Only in the case of a RADIUS timeout will those credentials be compared against credentials locally configured on the switch For details refer to Configur...

Page 604: ...to routing interfaces based on protocol and inbound and or outbound IP address restrictions configured in access lists For details refer to Configuring Access Lists on page 20 70 RADIUS Filter ID Att...

Page 605: ...fies a policy profile name The undecorated format cannot be used for management access authentication Decorated Filter IDs are processed first by the switch If no decorated Filter IDs are found then u...

Page 606: ...times out timeout Optional Displays the maximum amount of time in seconds to establish contact with the RADIUS server before retry attempts begin server Optional Displays RADIUS server configuration...

Page 607: ...0 to 10 Default is 3 timeout timeout Specifies the maximum amount of time in seconds to establish contact with the RADIUS server before retry attempts begin Valid values are from 1 to 30 Default is 20...

Page 608: ...le shows how to set the RADIUS timeout to 5 seconds G3 su set radius timeout 5 This example shows how to set RADIUS retries to 10 G3 su set radius retries 10 This example shows how to force any manage...

Page 609: ...ip address retries timeout Parameters Mode Switch command read only Defaults If no parameters are specified all RADIUS accounting configuration information will be displayed index all For use with th...

Page 610: ...radius accounting enable disable retries retries timeout timeout server ip_address port server secret Parameters Mode Switch command read write Defaults None enable disable Enables or disables the RAD...

Page 611: ...accounting timeout to 30 seconds G3 su set radius accounting timeout 30 This example shows how to set RADIUS accounting retries to 10 G3 su set radius accounting retries 10 clear radius accounting Us...

Page 612: ...To configure EAP pass through which allows client authentication packets to be forwarded through the switch to an upstream device 802 1X authentication must be globally disabled with the set dot1x com...

Page 613: ...ile Authenticating 0 Backend Responses 0 Backend Access Challenges 0 Backend Others Requests To Supp 0 Backend NonNak Responses From 0 Backend Auth Successes 0 Backend Auth Fails 0 This example shows...

Page 614: ...t control parameter for the port maxreq Optional Displays the value set for maximum requests currently in use by the backend authentication state machine quietperiod Optional Displays the value set fo...

Page 615: ...reauth true false port string Parameters Defaults If no ports are specified the reinitialization or reauthentication setting will be applied to all ports Mode Switch command read write Usage Disablin...

Page 616: ...g a failed authentication before another attempt can be made by the authenticator PAE state machine Valid values are 0 65535 Default value is 60 seconds reauthenabled false true Enables true or disabl...

Page 617: ...ample shows how to reset the 802 1X port control mode to auto on all ports G3 su clear dot1x auth config authcontrolled portcontrol This example shows how to reset reauthentication control to disabled...

Page 618: ...ge 1 1 3 EAPOL is disabled Port Authentication State Authentication Mode ge 1 1 Initialize Auto ge 1 2 Initialize Auto ge 1 3 Initialize Auto Table 20 2 provides an explanation of the command output F...

Page 619: ...The port enters this state from authenticating state after the exchange completes with a favorable result It remains in this state until linkdown logoff or until a reauthentication begins aborting The...

Page 620: ...auth mode auto forced auth forced unauth Specifies the authentication mode as auto Auto authorization mode This is the default mode and will forward frames according to the authentication state of the...

Page 621: ...pplies the associated policy rules You can specify a mask to apply to MAC addresses when authenticating users through a RADIUS server see set macauthentication significant bits on page 20 29 The most...

Page 622: ...4 disabled 3600 1 1 disabled ge 2 5 disabled 3600 1 1 disabled ge 2 6 disabled 3600 1 1 disabled ge 2 7 disabled 3600 1 1 disabled ge 2 8 disabled 3600 1 1 disabled Table 20 3 provides an explanation...

Page 623: ...henticate the full address i e authentication server timeout causes the next attempt to start once again with a full MAC authentication Default value of 48 can be changed with the set macauthenticatio...

Page 624: ...cauthentication enable Table 20 4 show macauthentication session Output Details Output Field What It Displays Port Port designation For a detailed description of possible port string values refer to P...

Page 625: ...ntication password macauth clear macauthentication password Use this command to clear the MAC authentication password Syntax clear macauthentication password Parameters None Defaults None Mode Switch...

Page 626: ...to force one or more MAC authentication ports to re initialize and remove any currently active sessions on those ports Syntax set macauthentication portinitialize port string Parameters Defaults None...

Page 627: ...e of 30 seconds Syntax clear macauthentication portquietperiod port string Parameters Defaults If a port string is not specified then all ports will be set to the default port quiet period Mode Switch...

Page 628: ...ntication Use this command to enable or disable reauthentication of all currently authenticated MAC addresses on one or more ports Syntax set macauthentication reauthentication enable disable port str...

Page 629: ...ntication ge 2 1 5 set macauthentication macreauthenticate Use this command to force an immediate reauthentication of a MAC address Syntax set macauthentication macreauthenticate mac addr Parameters D...

Page 630: ...5 G3 su set macauthentication reauthperiod 7200 ge 2 1 5 clear macauthentication reauthperiod Use this command to clear the MAC reauthentication period on one or more ports Syntax clear macauthenticat...

Page 631: ...the user name If access is denied and if a significant bit mask has been configured other than 48 with this command the switch will apply the mask and resend the masked address to the RADIUS server Fo...

Page 632: ...ssible method of authentication MAC authentication 802 1X PWA must be enabled globally and configured appropriately on the desired ports with its corresponding command set described in this chapter Mu...

Page 633: ...sers 768 Current number of users 2 System mode multi Default precedence dot1x pwa mac Admin precedence dot1x pwa mac Operational precedence dot1x pwa mac set multiauth mode Use this command to set the...

Page 634: ...e simultaneous multiple authentications G3 rw set multiauth mode multi clear multiauth mode Use this command to clear the system authentication mode Syntax clear multiauth mode Parameters None Default...

Page 635: ...ffic policy profile Example This example shows how to set precedence for MAC authentication G3 rw set multiauth precedence mac dot1x clear multiauth precedence Use this command to clear the system s m...

Page 636: ...rt Use this command to set multiple authentication properties for one or more ports Syntax set multiauth port mode auth opt auth reqd force auth force unauth numusers numusers port string Parameters p...

Page 637: ...Syntax clear multiauth port mode numusers port string Parameters Defaults None Mode Switch command read write Examples This example shows how to clear the port multiple authentication mode on port ge...

Page 638: ...16 mac 00 b0 d0 e5 0c d0 show multiauth session Use this command to display multiple authentication session entries Syntax show multiauth session all agent dot1x mac pwa mac address port port string...

Page 639: ...ccess Last attempt FRI MAY 18 11 16 36 2007 Agent type dot1x Session applied true Server type radius VLAN Tunnel Attr none Policy index 0 Policy name Administrator Session timeout 0 Session duration 0...

Page 640: ...by a RADIUS server that server may encode a Idle Timeout Attribute in its authentication response Example This example sets the idle timeout value for all authentication methods to 300 seconds G3 su...

Page 641: ...l authentication methods Syntax show multiauth session timeout Parameters None Defaults None Mode Switch mode read only Example This example displays the session timeout values for all authentication...

Page 642: ...for the IEEE 802 1X authentication method to 300 seconds G3 su set multiauth session timeout dot1x 300 clear multiauth session timeout Use this command to reset the maximum number of consecutive seco...

Page 643: ...esired VLAN by including tunnel attributes within its Access Accept parameters However the IEEE 802 1X or MAC authenticator can also be configured to instruct the VLAN to be assigned to the supplicant...

Page 644: ...maptable response Parameters None Defaults None Mode Switch command read only Example This example shows how to display the current policy maptable response setting G3 rw show policy maptable respons...

Page 645: ...hernet ports G3 rw set vlanauthorization enable ge This example shows how to disable VLAN authentication for all Gigabit Ethernet ports on switch unit module 3 G3 rw set vlanauthorization disable ge 3...

Page 646: ...gged Syntax clear vlanauthorization port string Parameters Defaults If no port string is entered all ports a will be reset to default configuration with VLAN authorization disabled and egress frames u...

Page 647: ...henticated vlan id egress egress mac address ge 1 1 enabled untagged Table 20 5 provides an explanation of command output For details on enabling and assigning protocol and egress attributes refer to...

Page 648: ...source MAC address different from any of the currently locked MAC addresses for that port MACs are unlocked as a result of A link down event When MAC locking is disabled on a port When a MAC is aged o...

Page 649: ...enabled disabled enabled 20 1 00 a0 c9 39 5c b4 Table 20 6 provides an explanation of the command output set maclock static 20 52 clear maclock static 20 52 set maclock firstarrival 20 53 clear maclo...

Page 650: ...s enabled or disabled on the port Refer to set maclock agefirstarrival on page 20 54 Max Static Allocated The maximum static MAC addresses allowed locked to the port For details on setting this value...

Page 651: ...king defines which MAC addresses as well as how many MAC addresses are permitted to use specific port s Table 20 7 show maclock stations Output Details Output Field What It Displays Port Number Port d...

Page 652: ...e Example This example shows how to disable MAC locking on ge 2 3 G3 su set maclock disable ge 2 3 set maclock Use this command to create a static MAC address to port locking and to enable or disable...

Page 653: ...ge 3 2 G3 rw set maclock 0e 03 ef d8 44 55 ge 3 2 create clear maclock Use this command to remove a static MAC address to port locking entry Syntax clear maclock mac address port string Parameters Def...

Page 654: ...icate on port ge 3 2 G3 rw clear maclock 0e 03 ef d8 44 55 ge 3 2 set maclock static Use this command to set the maximum number of static MAC addresses allowed per port Static MACs are administrativel...

Page 655: ...t arrival count will be reset every time a user moves to another port but will still protect against connecting multiple devices on a single port and will protect against MAC address spoofing port str...

Page 656: ...mmand to enable or disable the aging of first arrival MAC addresses When enabled first arrival MAC addresses that are aged out of the forwarding database will be removed from the associated port MAC l...

Page 657: ...example disables first arrival aging on port ge 1 1 G3 su clear maclock agefirstarrival ge 1 1 enable set maclock move Use this command to move all current first arrival MACs to static entries Syntax...

Page 658: ...lock trap Use this command to enable or disable MAC lock trap messaging Syntax set maclock trap port string enable disable Parameters Defaults None Mode Switch command read write Usage When enabled th...

Page 659: ...successful then the user will be granted full network access according to the user s policy configuration on the switch Purpose To review enable disable and configure Port Web Authentication PWA Comm...

Page 660: ...output port string Optional Displays PWA information for specific port s Table 20 8 show pwa Output Details Output Field What It Displays PWA Status Whether or not port web authentication is enabled o...

Page 661: ...ssword Guest user s password Default value of an empty string can be changed using the set pwa guestpassword command as described in set pwa guestpassword on page 20 64 PWA Redirect Time Time in secon...

Page 662: ...mmand read only Example This example shows how to display the PWA login banner G3 su show pwa banner Welcome to Enterasys Networks set pwa banner Use this command to configure a string to be displayed...

Page 663: ...w to reset the PWA login banner to a blank string G3 su clear pwa banner set pwa displaylogo Use this command to set the display options for the Enterasys Networks logo Syntax set pwa displaylogo disp...

Page 664: ...se this command to set the port web authentication protocol Syntax set pwa protocol chap pap Parameters Defaults None Mode Switch command read write Example This example shows how to set a the PWA pro...

Page 665: ...stname name Parameters Defaults None Mode Switch command read write Example This example shows how to set the PWA guest user name to guestuser G3 su set pwa guestname guestuser clear pwa guestname Use...

Page 666: ...s how to set the PWA guest user password name G3 su set pwa guestpassword Guest Password Retype Guest Password set pwa gueststatus Use this command to enable or disable guest networking for port web a...

Page 667: ...ports will be initialized Mode Switch command read write Example This example shows how to initialize ports ge 1 5 7 G3 su set pwa initialize ge 1 5 7 set pwa quietperiod Use this command to set the...

Page 668: ...ters Defaults If port string is not specified maximum requests will be set for all ports Mode Switch command read write Example This example shows how to set the PWA maximum requests to 3 for all port...

Page 669: ...nd read only Example This example shows how to display PWA session information G3 su show pwa session Port MAC IP User Duration Status ge 2 19 00 c0 4f 20 05 4b 172 50 15 121 pwachap10 0 14 46 55 acti...

Page 670: ...None Mode Switch command read write Example This example shows how to enable PWA enhancedmode G3 su set pwa enhancedmode enable Configuring Secure Shell SSH Purpose To review enable disable and config...

Page 671: ...ult the SSH server is disabled Syntax set ssh enable disable reinitialize Parameters Defaults None Mode Switch command read write Example This example shows how to disable SSH G3 su set ssh disable se...

Page 672: ...ists Use this command to display configured IP access lists when operating in router mode Syntax show access lists number Parameters Defaults If number is not specified the entire table of access list...

Page 673: ...standard IP access list by number when operating in router mode The no form of this command removes the defined access list or entry Syntax To create an ACL entry access list access list number deny p...

Page 674: ...permit 128 88 0 0 0 0 255 255 G3 su router Config access list 1 permit 36 0 0 0 0 255 255 255 This example moves entry 16 to the beginning of ACL 22 G3 su router Config access list 22 move 1 16 access...

Page 675: ...ing source are IP address or range of addresses A B C D any Any source host host source IP address of a single source host source wildcard Optional Specifies the bits to ignore in the source address o...

Page 676: ...ntax ip access group access list number in no ip access group access list number in Parameters Defaults None Mode Interface configuration G3 su router Config if Vlan vlan_id Usage ACLs must be applied...

Page 677: ...configuring 13 1 DVMRP 16 31 Dynamic policy profile assignment 20 2 E EAP pass through 20 2 20 13 EAPOL 20 17 F Flow Control 4 18 Forbidden VLAN port 7 13 G Getting help xxxii GVRP enabling and disabl...

Page 678: ...Service 8 6 8 11 dynamic assignment of profiles 20 2 profiles 8 1 8 15 Port Mirroring 4 30 Port Priority configuring 9 1 Port String syntax used in the CLI 4 1 Port Trunking 4 33 Port web authenticati...

Page 679: ...example 5 36 Tunnel Attributes RFC 3580 RADIUS attributes 20 41 Tunnel interfaces about 15 7 configuring 18 9 U User Accounts default 1 7 setting 2 2 V Version RIP receive 16 5 RIP send 16 4 Version...

Reviews:

No comments

Brands by name

Popular brands

Load more brands