Home
/
Enterasys
/
Matrix 2G4072-52
/
Configuration Manual

Enterasys Matrix 2G4072-52, Configuration Manual, Page: 1372 / 1422

Share

Page: 1372 / 1422

Enterasys Matrix 2G4072-52 Configuration Manual Download Page 1372

Security Configuration Command Set

Configuring Access Lists

14-162

Matrix DFE-Platinum and Diamond Series Configuration Guide

Command Syntax of the “no” Form

The “no” form of this command removes the defined access list or entry:

no access-list

access-list-number

[

entry

]

Command Type

Router command.

Command Mode

Global configuration:

Matrix>Router1(config)#

Command Defaults

•

If

insert, replace

or

move

are not specified, the new entry will be appended to

the access list.

•

If

source2

is not specified with

move

, only one entry will be moved.

Examples

This example shows how to allow access to only those hosts on the three specified networks. The
wildcard bits apply to the host portions of the network addresses. Any host with a source address
that does not match the access list statements will be rejected:

protocol

Specifies an IP protocol for which to deny or permit access.
Valid values and their corresponding protocols are:

•

ip

- Any Internet protocol

•

icmp

- Internet Control Message Protocol

•

udp

- User Datagram Protocol

•

tcp

- Transmission Protocol

source

Specifies the network or host from which the packet will be
sent. Valid options for expressing source are:

•

IP address or range of addresses (A.B.C.D)

•

any

- Any source host

•

host

source

- IP address of a single source host

source-wildcard

(Optional) Specifies the bits to ignore in the

source

address.

Matrix>Router1(config)#

access-list 1 permit 192.5.34.0 0.0.0.255

Matrix>Router1(config)#

access-list 1 permit 128.88.0.0 0.0.255.255

Matrix>Router1(config)#

access-list 1 permit 36.0.0.0 0.255.255.255

«
...
1370
1371
1372
1373
1374
...
»

Summary of Contents for Matrix 2G4072-52

Page 1: ...Enterasys Matrix DFE Platinum and Diamond Series Configuration Guide Firmware Version 5 41 xx P N 9033800 14 Rev 0C...

Page 2: ......

Page 3: ...ERASYS NETWORKS HAS BEEN ADVISED OF KNEW OF OR SHOULD HAVE KNOWN OF THE POSSIBILITY OF SUCH DAMAGES Enterasys Networks Inc 50 Minuteman Road Andover MA 01810 2008 Enterasys Networks Inc All rights res...

Page 4: ...OVISIONS THE LICENSE THE DISCLAIMER OF WARRANTY AND THE LIMITATION OF LIABILITY IF YOU DO NOT AGREE TO THE TERMS OF THIS AGREEMENT OR ARE NOT AUTHORIZED TO ENTER INTO THIS AGREEMENT ENTERASYS IS UNWIL...

Page 5: ...l security controls as identified on the U S Commerce Control List or iii if the direct product of the technology is a complete plant or any major component of a plant export to Country Groups D 1 or...

Page 6: ...dge and agree that any breach of Sections 2 4 or 9 of this Agreement by You may cause Enterasys irreparable damage for which recovery of money damages would be inadequate and that Enterasys may be ent...

Page 7: ...tions 2 9 2 1 3 CLI Command Modes 2 9 2 1 4 Using WebView 2 10 2 1 5 Process Overview CLI Startup and General Configuration 2 10 2 1 6 Starting and Navigating the Command Line Interface 2 12 2 1 6 1 U...

Page 8: ...ode 2 160 2 3 1 Pre Routing Configuration Tasks 2 160 2 3 2 Reviewing and Configuring Routing Modules 2 162 2 3 3 Enabling Router Configuration Modes 2 167 3 CONFIGURING DISCOVERY PROTOCOLS 3 1 Overvi...

Page 9: ...tion 5 5 5 3 SNMP Configuration Command Set 5 5 5 3 1 Reviewing SNMP Statistics 5 5 5 3 2 Configuring SNMP Users Groups and Communities 5 12 5 3 3 Configuring SNMP Access Rights 5 26 5 3 4 Configuring...

Page 10: ...sification Configuration Command Set 8 2 8 3 1 Configuring Policy Profiles 8 2 8 3 2 Assigning Classification Rules to Policy Profiles 8 23 8 3 3 Configuring Policy Class of Service CoS 8 57 8 3 4 Set...

Page 11: ...ration Command Set 12 2 12 2 1 Configuring Routing Interface Settings 12 2 12 2 2 Managing Router Configuration Files 12 12 12 2 3 Performing a Basic Router Configuration 12 17 12 2 4 Reviewing and Co...

Page 12: ...ring RFC 3580 14 20 14 3 4 Configuring TACACS 14 24 14 3 5 Configuring 802 1X Authentication 14 39 14 3 6 Configuring Port Web Authentication PWA 14 51 14 3 7 Configuring MAC Authentication 14 78 14 3...

Page 13: ...p Screen 2 14 2 3 Performing a Keyword Lookup 2 15 2 4 Performing a Partial Keyword Lookup 2 15 2 5 Scrolling Screen Output 2 16 2 6 Abbreviating a Command 2 17 2 7 Completing a Partial Command 2 17 2...

Page 14: ...Figures xii Matrix DFE Platinum and Diamond Series Configuration Guide...

Page 15: ...ldp port local info Output Details 3 34 3 5 show lldp port remote info Output Display 3 39 4 1 show port status Output Details 4 27 4 2 show port counters Output Details 4 30 4 3 show port advertise O...

Page 16: ...Values for Logging Applications 11 17 11 4 show netstat Output Details 11 31 11 5 RMON Monitoring Group Functions and Commands 11 44 11 6 show rmon stats Output Details 11 49 11 7 show rmon alarm Out...

Page 17: ...13 64 13 4 show ip ospf interface Output Details 13 67 13 5 show ip ospf neighbor Output Details 13 70 13 6 show ip ospf virtual links Output Details 13 71 14 1 show radius Output Details 14 11 14 2...

Page 18: ...Tables xvi Matrix DFE Platinum and Diamond Series Configuration Guide...

Page 19: ...perform network management and device configuration operations Establish and manage Virtual Local Area Networks VLANs Manage static and dynamically assigned user policies Establish and manage priority...

Page 20: ...ex mode auto negotiation flow control port mirroring link aggegation and broadcast suppression Chapter 5 SNMP Configuration describes how to configure SNMP users and user groups access rights target a...

Page 21: ...d node aliases Chapter 12 IP Configuration describes how to enable IP routing for router mode operation how to configure IP interface settings how to review and configure the routing ARP table how to...

Page 22: ...Decimal Notation DDN e g 000 000 000 000 in an IP address x A lowercase italic x indicates the generic use of a letter e g xxx indicates any combination of three alphabetic characters n A lowercase i...

Page 23: ...URES Matrix Series devices support business driven networking with New Enterasys advanced Distributed Forwarding Engine DFE architecture allowing for single IP address management of an entire chassis...

Page 24: ...de Control the number of received broadcasts that are switched to the other interfaces Set flow control on a port by port basis Set port configurations and port based VLANs Configure ports to prioriti...

Page 25: ...document contact Enterasys Networks using one of the following methods Before calling Enterasys Networks have the following information ready Your Enterasys Networks service contract number A descript...

Page 26: ...escription of your network environment for example layout cable type Network load and frame size at the time of trouble if known The device history for example have you returned the device before is t...

Page 27: ...r work environment and how to prepare to run the device in router mode 2 1 1 Factory Default Settings The following tables list factory default device settings available on the Matrix Series device Ta...

Page 28: ...query interval is set to 125seconds and response time is set to 100 tenths of a second IP mask and gateway Subnet mask set to 255 0 0 0 default gateway set to 0 0 0 0 IP routes No static routes confi...

Page 29: ...o 6 significant conditions for all applications MAC aging time Set to 300 seconds MAC locking Disabled globally and on all ports Management Authentication Notification Enabled MTU discovery protocol E...

Page 30: ...eed Set to 10 Mbps except for 1000BASE X which is set to 1000 Mbps and 100BASE FX which is set to 100 Mbps Port trap All ports are enabled to send link traps Priority classification Classification rul...

Page 31: ...ning Tree point to point Set to auto for all Spanning Tree ports Spanning Tree port priority All ports with bridge priority are set to 128 medium priority Spanning Tree priority Bridge priority is set...

Page 32: ...to 9600 baud System contact Set to empty string System location Set to empty string System name Set to empty string Terminal CLI display set to 80 columns and 24 rows Timeout Set to 15 minutes User na...

Page 33: ...gured Area range OSPF None configured ARP table No permanent entries configured ARP timeout Set to 14 400 seconds Authentication key RIP and OSPF None configured Authentication mode RIP and OSPF None...

Page 34: ...ss preference is set to 0 MD5 authentication OSPF Disabled with no password set MTU size Set to 1500 bytes on all interfaces OSPF Disabled OSPF cost Set to 10 for all interfaces OSPF network None conf...

Page 35: ...1 provides an example Figure 2 1 Sample CLI Default Description 2 1 3 CLI Command Modes Each command description in this guide includes a section entitled Command Mode which states whether the comman...

Page 36: ...ed in the following section Displaying WebView status To display WebView status enter show webview at the CLI command prompt This example shows that WebView is enabled on TCP port 80 the default port...

Page 37: ...7 Configuring Power over Ethernet PoE Section 2 2 5 8 Downloading a new firmware image Section 2 2 6 9 Reviewing and selecting the boot firmware image Section 2 2 7 10 Starting and configuring Telnet...

Page 38: ...ging in with a Default User Account If this is the first time your are logging in to the Matrix Series device or if the default user accounts have not been administratively changed proceed as follows...

Page 39: ...address 2 Enter login user name and password information in one of the following ways If the device s default login and password settings have not been changed follow the steps listed in Section 2 1 6...

Page 40: ...a specific command will display usage and syntax information for that command This example shows how to display context sensitive help for the set length command login admin Password M A T R I X DFE...

Page 41: ...s function for all commands beginning with co Figure 2 4 Performing a Partial Keyword Lookup Matrix rw show snmp access SNMP VACM access configuration community SNMP v1 v2c community name configuratio...

Page 42: ...ss ENTER to advance the output one line at a time The example in Figure 2 5 shows how the show mac command indicates that output continues on more than one screen Figure 2 5 Scrolling Screen Output NO...

Page 43: ...20 Figure 2 7 shows how when the function is enabled entering conf and pressing the spacebar would be completed as configure Figure 2 7 Completing a Partial Command 2 1 7 Configuring the Line Editor...

Page 44: ...H Delete character to left of cursor Ctrl I or TAB Complete word Ctrl K Delete all characters after cursor Ctrl L or Ctrl R Re display line Ctrl N Scroll to next command in command history use the CL...

Page 45: ...PACE Change character cl Change character cw Change word cc Change entire line c Change everything from cursor to end of line i Insert I Insert at beginning of line R Type over characters nrc Replace...

Page 46: ...s The commands used to configure the line editor are listed below and described in the associated sections as shown show line editor Section 2 1 7 1 set line editor Section 2 1 7 2 p Put last deletion...

Page 47: ...ine editor mode and Delete character mode show line editor Command Defaults None Command Type Switch command Command Mode Read Only Example This example shows how to view the current and default line...

Page 48: ...nly to the current session and will not persist for future sessions Command Type Switch command Command Mode Read Write Examples This example sets the current line editor to vi mode emacs Selects emac...

Page 49: ...Configuring the Line Editor Matrix DFE Platinum and Diamond Series Configuration Guide 2 23 This example sets the default line editor to emacs mode and sets the selection to persist for future session...

Page 50: ...new user accounts and passwords Commands The commands used to configure user accounts and passwords are listed below and described in the associated section as shown show system login Section 2 2 1 1...

Page 51: ...yntax Description None Command Defaults None Command Type Switch command Command Mode Super User Example This example shows how to display login account information In this case device defaults have n...

Page 52: ...login passwords that will be checked for duplication when the set password command is executed Configured with set system password history Section 2 2 1 7 Password aging Number of days user passwords...

Page 53: ...ax Description Command Defaults None Command Type Switch command Command Mode Super User Example This example shows how to enable a new user account with the login name netops with super user access p...

Page 54: ...d to remove a local login user account clear system login username Syntax Description Command Defaults None Command Type Switch command Command Mode Super User Example This example shows how to remove...

Page 55: ...change their own passwords but cannot enter or modify other system passwords Passwords must be a minimum of 8 characters and a maximum of 40 characters IIf configured password length must conform to...

Page 56: ...change the Read Write password from the system default blank string This example shows how a user with Read Write access would change his password Matrix su set password rw Please enter new password P...

Page 57: ...nimum user login password length set system password length characters Syntax Description Command Defaults None Command Type Switch command Command Mode Super User Examples This example shows how to s...

Page 58: ...ore aging out or to disable user account password aging set system password aging days disable Syntax Description Command Defaults None Command Type Switch command Command Mode Super User Example This...

Page 59: ...sword duplication This prevents duplicate passwords from being entered into the system with the set password command set system password history size Syntax Description Command Defaults None Command T...

Page 60: ...ows how to display user lockout settings In this case device defaults have not been changed Table 2 5 provides an explanation of the command output These settings are configured with the set system lo...

Page 61: ...a super user with the set system login command Section 2 2 1 2 set system lockout attempts attempts time time Syntax Description Command Defaults None Command Type Switch command Command Mode Super U...

Page 62: ...vent occurs for various management access types The types of access currently supported by the MIB include console telnet ssh and web Commands The CLI commands used to set the Management Authenticatio...

Page 63: ...the current setting for the Management Authentication Notification MIB show mgmt auth notify Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Only Example Th...

Page 64: ...pes are enabled set mgmt auth notify enable disable console ssh telnet web Syntax Description Command Defaults If none of the optional Management Authentication Access types are entered than all authe...

Page 65: ...w command This example shows how to set only the console and telnet authentication access types to be enabled on the Management Authentication Notification MIB That information is then displayed with...

Page 66: ...mmand to set the current setting for the Management Authentication Notification access types to the default setting of enabled clear mgmt auth notify Syntax Description None Command Defaults None Comm...

Page 67: ...gement Authentication Notification access types prior to using the clear command then displays the same information after using the clear command Matrix su show mgmt auth notify Management Type Status...

Page 68: ...ection as shown show ip address Section 2 2 3 1 set ip address Section 2 2 3 2 clear ip address Section 2 2 3 3 show ip gratuitous arp Section 2 2 3 4 set ip gratuitous arp Section 2 2 3 5 clear ip gr...

Page 69: ...2 3 24 show version Section 2 2 3 25 set system name Section 2 2 3 26 set system location Section 2 2 3 27 set system contact Section 2 2 3 28 set width Section 2 2 3 29 set length Section 2 2 3 30 sh...

Page 70: ...ip address Use this command to display the system IP address and subnet mask show ip address Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Only Example Th...

Page 71: ...d ip mask will be set to the natural mask of the ip address and ip gateway will be set to the ip address Command Type Switch command Command Mode Read Write Example This example shows how to set the s...

Page 72: ...Series Configuration Guide 2 2 3 3 clear ip address Use this command to clear the system IP address clear ip address Syntax Description None Command Defaults None Command Type Switch command Command M...

Page 73: ...this command to display the gratuitous ARP processing behavior show ip gratuitous arp Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Only Example This exam...

Page 74: ...ARP processing behavior set ip gratuitous arp request reply both Syntax Description Command Defaults Disabled by default Command Type Switch command Command Mode Read Write Example This example sets b...

Page 75: ...ide 2 49 2 2 3 6 clear ip gratuitous arp Use this command to stop all gratuitous ARP processing clear ip gratuitous arp Syntax Description None Command Defaults None Command Type Switch command Comman...

Page 76: ...and uptime show system Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Only Example This example shows how to display system information Table 2 6 provides...

Page 77: ...n 2 2 3 27 System name Name identifying the system Default of a blank string can be changed with the set system name command Section 2 2 3 26 PS1 and PS2 Status Operational status for power supply 1 a...

Page 78: ...e system s hardware configuration show system hardware Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Only Example The example on the following page shows...

Page 79: ...MAC Address 11 22 33 44 55 66 Router MAC Address 11 22 33 44 55 67 Hardware Version 5 Firmware Version 02 00 13 BootCode Version 01 00 07 CPU Version 8 PPC 740 750 UpLink Not Present SDRAM 128 MB NVRA...

Page 80: ...displayed If not specified information for all modules will be displayed Command Type Switch command Command Mode Read Only Example This example shows how to display all system utilization informatio...

Page 81: ...ch CDP 11 0 0 0 0 0 0 Switch Dot1x 12 0 0 0 0 0 0 Switch Filter Database 13 0 0 0 0 0 0 Switch GVRP 14 0 0 0 0 0 0 Switch Host IP 15 0 1 0 1 0 1 Switch IGMP 16 0 0 0 0 0 0 Switch LACP 17 0 0 0 0 0 0 S...

Page 82: ...0 0 Router IP 38 0 0 0 0 0 0 Router DHCPS 39 0 0 0 0 0 0 Router OSPF 40 0 0 0 0 0 0 Router RIP 41 0 0 0 0 0 0 Router VRRP 42 0 0 0 0 0 0 Router DVMRP 43 0 0 0 0 0 0 Router PIM 44 0 0 0 0 0 0 Router P...

Page 83: ...1 1000 and represents the of system utilization to use as the trap threshold set system utilization threshold threshold Syntax Description Command Defaults None Command Type Switch command Command Mod...

Page 84: ...system utilization Use this command to clear the threshold for sending CPU utilization notification messages clear system utilization Syntax Description None Command Defaults None Command Type Switch...

Page 85: ...isplay the current time of day in the system clock show time Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Only Example This example shows how to display...

Page 86: ...he time of day on the system clock set time mm dd yyyy hh mm ss Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to set the s...

Page 87: ...ax Description None Command Defaults None Command Type Switch command Command Mode Read Only Example This example shows how to display daylight savings time settings Matrix rw show summertime Summerti...

Page 88: ...tion set summertime enable disable zone Syntax Description Command Defaults If a zone name is not specified none will be applied Command Type Switch command Command Mode Read Write Example This exampl...

Page 89: ...Mode Read Write start_month Specifies the month of the year to start daylight savings time start_date Specifies the day of the month to start daylight savings time start_year Specifies the year to sta...

Page 90: ...and Diamond Series Configuration Guide Example This example shows how to set a daylight savings time start date of April 4 2004 at 2 a m and an ending date of October 31 2004 at 2 a m with an offset...

Page 91: ...t specified none will be applied Command Type Switch command Command Mode Read Write start_week Specifies the week of the month to restart daylight savings time Valid values are first second third fou...

Page 92: ...nd Series Configuration Guide Example This example shows how set daylight savings time to recur start date of April 4 2004 at 2 a m and an ending date of October 31 2004 at 2 a m with an offset time o...

Page 93: ...de 2 67 2 2 3 18 clear summertime Use this command to clear the daylight savings time configuration clear summertime Syntax Description None Command Defaults None Command Type Switch command Command M...

Page 94: ...et prompt prompt_string Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to set the command prompt to Switch 1 prompt_string...

Page 95: ...eyboard spacebar set cli completion enable disable default Syntax Description Command Defaults If not specified the status setting will not be maintained as the default Command Type Switch command Com...

Page 96: ...ified none will be set If not specified the cursor will not refresh Command Type Switch command Command Mode Read Write Example This example shows how to execute a command loop 10 times with a 30 seco...

Page 97: ...w the banner message of the day that will display at session login show banner motd Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Only Example This exampl...

Page 98: ...ion Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to set the message of the day banner to read Change is the price of survival Winston Church...

Page 99: ...banner motd Use this command to clear the banner message of the day displayed at session login to a blank string clear banner motd Syntax Description None Command Defaults None Command Type Switch com...

Page 100: ...nd Series Configuration Guide 2 2 3 25 show version Use this command to display hardware and firmware information Refer to Section 2 2 6 for instructions on how to download a firmware image show versi...

Page 101: ...GR A13 Hw 0 Bp 01 00 05 Fw 05 01 56 3 7G4202 30 gr a5 Hw 0 Bp 01 00 10 Fw 05 01 56 4 7G4202 30 GR R18 Hw 0 Bp 01 00 05 Fw 05 01 56 5 7K4290 02 040802623111 Hw 2 Bp 01 00 15 Fw 05 01 56 6 7H4382 49 TR...

Page 102: ...Description Command Defaults If string is not specified the system name will be cleared Command Type Switch command Command Mode Read Write Example This example shows how to set the system name to Inf...

Page 103: ...escription Command Defaults If string is not specified the location name will be cleared Command Type Switch command Command Mode Read Write Example This example shows how to set the system location s...

Page 104: ...ion Command Defaults If string is not specified the contact name will be cleared Command Type Switch command Command Mode Read Write Example This example shows how to set the system contact string str...

Page 105: ...l connected to the device s console port The length of the CLI is set using the set length command as described in Section 2 2 3 30 set width screenwidth Syntax Description Command Defaults None Comma...

Page 106: ...the CLI will display set length screenlength Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to set the terminal length to...

Page 107: ...this command to display the time in seconds an idle console or Telnet CLI session will remain connected before timing out show logout Syntax Description None Command Defaults None Command Type Switch...

Page 108: ...me in minutes an idle console or Telnet CLI session will remain connected before timing out set logout timeout Syntax Description Command Defaults None Command Type Switch command Command Mode Read Wr...

Page 109: ...t for the chassis slot slot Optional Displays the alias set for a specified slot in the chassis backplane backplane Optional Displays the alias set for the backplane Valid values are 1 for FTM 1 and 2...

Page 110: ...and Diamond Series Configuration Guide Example This example shows how to display physical alias information for the chassis In this case the chassis entity is 1 and there is no alias currently set fo...

Page 111: ...ype Switch command Command Mode Read Write chassis Sets an alias for the chassis slot slot Sets an alias for a specific slot in the chassis backplane backplane Sets an alias for the backplane Valid va...

Page 112: ...d Set Setting Basic Device Properties 2 86 Matrix DFE Platinum and Diamond Series Configuration Guide Example This example shows how to set the alias for the chassis to chassisone Matrix rw set physic...

Page 113: ...escription Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to set clear the alias set for the chassis chassis Clears the chassis alias slot slo...

Page 114: ...or a module show physical assetid module module Syntax Description Command Defaults None Command Type Switch command Command Mode Read Only Example This example shows how to display asset ID informati...

Page 115: ...o set the asset ID for a module set physical assetid module module string Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to...

Page 116: ...command to reset the asset ID for a module to a zero length string clear physical assetid module module Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Exa...

Page 117: ...Series device you must purchase and activate a license key If you have purchased a license you can proceed to activate your license as described in this section If you wish to purchase a license conta...

Page 118: ...will be bound to all modules Example This example shows how to use license key abcdefg123456789 to activate advanced routing features advanced Activates advanced routing features user capacity Activa...

Page 119: ...2 2 4 2 show license When available and activated use this command to display your license key show license Syntax Description None Command Type Switch command Command Mode Read Write Command Default...

Page 120: ...mand Type Switch command Command Mode Read Write Command Defaults If not specified the license settings will be cleared from all modules Example This example shows how to clear advanced license key se...

Page 121: ...e Section 2 2 5 2 clear inlinepower mode Section 2 2 5 3 set inlinepower available Section 2 2 5 4 clear inlinepower available Section 2 2 5 5 set inlinepower powertrap Section 2 2 5 6 clear inlinepow...

Page 122: ...l Configuration Command Set Configuring Power over Ethernet PoE 2 96 Matrix DFE Platinum and Diamond Series Configuration Guide set port inlinepower Section 2 2 5 17 clear port inlinepower Section 2 2...

Page 123: ...rnet PoE Matrix DFE Platinum and Diamond Series Configuration Guide 2 97 2 2 5 1 show inlinepower Use this command to display device PoE properties show inlinepower Syntax Description None Command Def...

Page 124: ...wer Available 1200 Watts 100 of Total Power Detected Total Power Assigned 0 Watts Power Allocation Mode auto Power Trap Status disabled Power Redundancy Status not redundant Power Supply 1 Status inst...

Page 125: ...Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to set the chassis power allocation mode to manual auto Assigns automatic m...

Page 126: ...3 clear inlinepower mode Use this command to reset chassis power allocation to the default mode of auto clear inlinepower mode Syntax Description None Command Defaults None Command Type Switch comman...

Page 127: ...Write Example This example shows how to set the maximum inline power available to the chassis to 70 percent NOTE If the total power wattage value set with the set inlinepower assigned command Section...

Page 128: ...this command to reset the percentage of the total power available to a chassis to the default value of 100 clear inlinepower available Syntax Description None Command Defaults None Command Type Switch...

Page 129: ...P trap message whenever the status of the chassis PoE power supplies or the PoE system redundancy changes set inlinepower powertrap disable enable Syntax Description Command Defaults None Command Type...

Page 130: ...epower powertrap Use this command to reset chassis power trap messaging back to the default state of disabled clear inlinepower powertrap Syntax Description None Command Defaults None Command Type Swi...

Page 131: ...e This example shows how to assign 200 watts of power to the module in slot 1 NOTE If the total power wattage value set with this command is greater that the maximum power percentage specified with th...

Page 132: ...one or more modules clear inlinepower assigned slot number Syntax Description Command Defaults If slot number is not specified power value assignments will be cleared from all modules Command Type Swi...

Page 133: ...set inlinepower threshold usage threshold module number Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to set the PoE thres...

Page 134: ...e PoE usage threshold on a specified module to the default value of 75 percent clear inlinepower threshold module number Syntax Description Command Defaults None Command Type Switch command Command Mo...

Page 135: ...iption Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to set the PoE management mode to class on module 1 realtime Manages power based on the...

Page 136: ...ment mode on a specified module back to the default setting of realtime clear inlinepower management module number Syntax Description Command Defaults None Command Type Switch command Command Mode Rea...

Page 137: ...E usage threshold is crossed The module s PoE usage threshold must be set using the set inlinepower threshold command as described in Section 2 2 5 10 set inlinepower psetrap disable enable module num...

Page 138: ...t PoE trap messaging for a module back to default state of disabled clear inlinepower psetrap module number Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write...

Page 139: ...ommand Type Switch command Command Mode Read Only Example This example shows how to display PoE information for Fast Ethernet ports 11 12 and 13 in module 1 port string Optional Displays information f...

Page 140: ...ommand Mode Read Write Example This example shows how to enable PoE on port fe 3 1 with critical priority port string Specifies the port s on which to configure PoE admin off auto Sets the PoE adminis...

Page 141: ...imit Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to rest the PoE priority on port fe 3 1 to low port string Specifies th...

Page 142: ...9 5 Via the serial console port This procedure is an out of band operation that copies the firmware through the serial port to the device It takes approximately five minutes and requires minimal confi...

Page 143: ...nload device firmware via the serial console port proceed as follows 1 With the console port connected power up the device The following message displays 2 Before the boot up completes press any key T...

Page 144: ...on your application When the ZMODEM download is finished the following message displays 8 Set the device baud rate back to 9600 9 Set the terminal baud rate back to 9600 and press ENTER 10 Type setbo...

Page 145: ...image file are listed below and described in the associated section as shown show boot system Section 2 2 7 1 set boot system Section 2 2 7 2 System Image Loader boot flash0 Volume is OK Loading myima...

Page 146: ...in Section 2 2 9 1 displays additional information about boot image files Active indicates the image that is currently running and Boot means indicates the image that is currently scheduled to boot ne...

Page 147: ...mage immediately or choose No to load the new boot image at a later scheduled time by issuing one of the following commands clear config reset or configure The new boot setting will be remembered thro...

Page 148: ...a remote host The Matrix Series device allows a total of four inbound and or outbound Telnet session to run simultaneously Commands The commands used to enable start and configure Telnet are listed b...

Page 149: ...1 show telnet Use this command to display the status of Telnet on the device show telnet Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Only Example This e...

Page 150: ...lts None Command Mode Read Write Example This example shows how to disable inbound and outbound Telnet services enable disable Enables or disables Telnet services inbound outbound all Specifies inboun...

Page 151: ...l of four inbound and or outbound Telnet session to run simultaneously telnet host port Syntax Description Command Defaults If not specified the default port number 23 will be used Command Type Switch...

Page 152: ...router telnet Use this command to display the state of Telnet service to the router show router telnet Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Only...

Page 153: ...t router telnet Use this command to enable or disable Telnet service to the router interface IP address set router telnet enable disable Syntax Description None Command Defaults None Command Type Swit...

Page 154: ...clear router telnet Use this command to reset Telnet service to the router to the default state of disabled clear router telnet Syntax Description None Command Defaults None Command Type Switch comma...

Page 155: ...script file containing CLI commands and at the time of execution enter optional arguments that modify the actions of the commands This feature is intended to simplify the configuration of ports and VL...

Page 156: ...Configuration and Image Files 2 130 Matrix DFE Platinum and Diamond Series Configuration Guide show file Section 2 2 9 2 show config Section 2 2 9 3 configure Section 2 2 9 4 copy Section 2 2 9 5 del...

Page 157: ...d Example This example shows how to list all the files in the system Table 2 8 provides an explanation of the command output filename Optional Specifies the file name or directory to list Matrix rw di...

Page 158: ...l file system Date Date of image file in the local file system CheckSum MD5 checksum calculated across the entire image file used for image identity and verification Location Modules on which this ima...

Page 159: ...file Use this command to display the contents of an image or configuration file show file filename Syntax Description Command Type Switch Command Mode Read Only Command Defaults None Example This exam...

Page 160: ...tion Guide Matrix rw show file slot4 sample cfg begin NON DEFAULT CONFIGURATION SLOT TYPE ___ ________________ 1 7G4270 12 2 3 7H4382 49 4 7H4382 49 5 7H4382 49 6 7H4382 49 7 7H4382 49 Router instance...

Page 161: ...a file show config all facility outfile outfile Syntax Description Command Type Switch Command Mode Read Write Command Defaults If no parameters are specified only non default system configuration se...

Page 162: ...on default device configuration Matrix rw show config This command shows non default configurations only Use show config all to show both default and non default configurations begin NON DEFAULT CONFI...

Page 163: ...running configuration will be replaced with the contents of the configuration file which will require an automated reset of the chassis Example This example shows how to execute the myconfig file in t...

Page 164: ...via FTP with user credentials NOTE The Matrix module to which a configuration file is downloaded must have the same hardware configuration as the Matrix module from which it was uploaded source Speci...

Page 165: ...via TFTP to the slot 3 directory This example shows how to upload a configuration file via Anonymous FTP from the module in slot 3 This example shows how to copy a configuration file from the slot 3...

Page 166: ...mmand Type Switch Command Mode Read Write Command Defaults None Examples This example shows how to delete the myconfig configuration file from slot 3 This example shows how to delete the 010300 image...

Page 167: ...escription Command Type Switch Command Mode Read Write Command Defaults None Example This example uses the copy command to copy the script file named setport scr from IP address 10 1 221 3 to slot 4 N...

Page 168: ...rses the file and performs the command line argument substitution the commands are converted to the following set port alias fe 1 1 script_set_port set port vlan fe 1 1 100 modify egress set port jumb...

Page 169: ...frames are allowed in the network If the system receives a frame larger than the destination port supports it will send an ICMP destination unreachable error message indicating to the transmitting sta...

Page 170: ...ration Guide 2 2 10 1 show mtu Use this command to display the status of the path MTU discovery protocol on the device show mtu Syntax Description None Command Defaults None Command Type Switch comman...

Page 171: ...2 set mtu Use this command to disable or re enable path MTU discovery protocol on the device set mtu enable disable Syntax Description Command Defaults None Command Type Switch command Command Mode R...

Page 172: ...eries Configuration Guide 2 2 10 3 clear mtu Use this command to reset the state of the path MTU discovery protocol back to enabled clear mtu Syntax Description None Command Defaults None Command Type...

Page 173: ...Configuration Guide 2 147 2 2 11 Pausing Clearing and Closing the CLI Purpose To clear the CLI screen or to close your CLI session Commands The commands used to clear and close the CLI session are li...

Page 174: ...nd Diamond Series Configuration Guide 2 2 11 1 cls clear screen Use this command to clear the screen for the current CLI session cls Syntax Description None Command Defaults None Command Type Switch c...

Page 175: ...nd Type Switch command Command Mode Read Only Example This example shows how to exit a CLI session NOTE By default device timeout occurs after 15 minutes of user inactivity automatically closing your...

Page 176: ...the user defined switch and router configuration parameters or to schedule a system reset in order to load a new boot image Commands The commands used to reset the device and clear the configuration...

Page 177: ...to display information about scheduled device resets show reset Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Only Example This command shows how to displ...

Page 178: ...on on how to do this refer to the Matrix Installation Guide shipped with your device mod Specifies a module to be reset system Resets the system nemcpu mod nemcpu Resets the CPU on a Matrix Security M...

Page 179: ...de 2 153 This example shows how to cancel a scheduled system reset This example shows how to reset a Matrix Security Module installed on the DFE in slot 4 Matrix rw reset cancel Reset cancelled Matrix...

Page 180: ...how to schedule a reset at 8 p m on October 12 This example shows how to schedule a reset at a specific future time and include a reason for the reset hh mm Schedules the hour and minute of the reset...

Page 181: ...nd Defaults If a reason is not specified none will be applied Command Type Switch command Command Mode Read Write Example This example shows how to schedule a device reset in 5 hours and 20 minutes hh...

Page 182: ...its factory defaults If that module is in a chassis with other active modules it will inherit system settings from the system For a list of factory device default settings refer to Section 2 1 1 clear...

Page 183: ...Series Configuration Guide 2 157 2 2 13 Gathering Technical Support Information Purpose To gather common technical support information Command The command used to display technical support related in...

Page 184: ...system hardware Section 2 2 3 8 show vlan Section 7 3 1 1 show vlan static Section 7 3 1 1 show logging all Section 11 2 1 1 show snmp counters Section 5 3 1 2 show port status Section 4 3 2 2 show sp...

Page 185: ...ts to slot 1 as a support3 txt file There is no display example as the list of commands is quite lengthy Click on the hyper links in the Command Defaults section above which contains a list of the ind...

Page 186: ...ection 2 3 2 Important Notice Startup and general configuration of the Matrix Series device must occur from the switch CLI For details on how to start the device and configure general platform setting...

Page 187: ...2 Step 2 Enable router mode router module Switch Matrix rw Section 2 3 2 4 Step 3 Enable router Privileged EXEC mode enable Router Matrix Router1 Section 2 3 3 Step 4 Enable global router configurati...

Page 188: ...commands used to review and configure routing modules are listed below and described in the associated sections as shown show router Section 2 3 2 1 set router Section 2 3 2 2 clear router Section 2...

Page 189: ...and Type Switch command Command Mode Read Write Example This example shows how to display which modules are configured for routing Table 2 10 provides an explanation of the command output Matrix rw sh...

Page 190: ...tion Guide 2 3 2 2 set router Use this command to configure routing on a module set router module Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example T...

Page 191: ...e this command to disable routing on a module clear router module Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to set dis...

Page 192: ...This must be a module previously configured for routing using the set router command as described in Section 2 3 2 2 Routing may be configured on one or two modules router module Syntax Description Co...

Page 193: ...on your current configuration mode the specific module and the interface types and numbers configured for routing on your system Table 2 11 Router CLI Configuration Modes Use this mode To Access metho...

Page 194: ...tication key chain Type key and the key id from Key Chain Configuration Mode Matrix Router1 config keychain key Route Map Configuration Mode Configure route maps 1 99 Type route map an id number and p...

Page 195: ...nfiguration Mode Matrix Router1 config slb vserver IP Local Pool Configuration Mode Configure a local address pool as a DHCP subnet Type ip local pool and the local pool name from Global Configuration...

Page 196: ...ters Type client identifier and the identifier or hardware address and an address from any DHCP configuration mode Matrix Router1 config dhcp host NOTE To jump to a lower configuration mode type exit...

Page 197: ...Enterasys Discovery Protocol on page 3 4 The Cisco Discovery Protocol described in Section 3 2 3 Cisco Discovery Protocol on page 3 12 The IEEE 802 1AB Link Layer Discovery Protocol LLDP and LLDP Med...

Page 198: ...ighbors port string Syntax Description Command Defaults If port string is not specified all Network Neighbor Discovery information will be displayed Command Type Switch command Command Mode Read Only...

Page 199: ...codp 120 7 22 1 ge 1 6 0001f45b601f 120 7 22 1 ciscodp 120 7 22 1 ge 3 1 00 01 f4 00 71 9c ge 1 25 lldp ge 3 2 00 01 f4 00 71 9c ge 1 26 lldp ge 3 5 00 01 f4 96 0f fd ge 3 1 lldp ge 3 6 00 01 f4 96 0f...

Page 200: ...r network topology When enabled CDP allows Enterasys devices to send periodic PDUs about themselves to neighboring devices Commands The commands used to review and configure the CDP discovery protocol...

Page 201: ...xample This example shows how to display CDP information for ports fe 1 1 through fe 1 9 port string Optional Displays CDP status for a specific port For a detailed description of possible port string...

Page 202: ...al in seconds at which CDP configuration messages can be set The default of 180 seconds can be reset with the set cdp hold time command For details refer to Section 3 2 2 5 CDP Authentication Code Aut...

Page 203: ...is example shows how to globally enable CDP This example shows how to enable the CDP for port fe 1 2 This example shows how to disable the CDP for port fe 1 2 auto disable enable Auto enables disables...

Page 204: ...different domains and will not be entered into each other s CDP neighbor tables A device with the default authentication code 16 null characters will recognize all devices no matter what their authen...

Page 205: ...al frequency in seconds of the CDP discovery protocol set cdp interval frequency Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows...

Page 206: ...ld time value for CDP discovery protocol configuration messages set cdp hold time hold time Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This ex...

Page 207: ...ameter must be entered Command Type Switch command Command Mode Read Write Example This example shows how to reset the CDP state to auto enabled state Optional Resets the global CDP state to auto enab...

Page 208: ...boring devices The Cisco Discovery Protocol is also used to manage the Cisco module of the Convergence End Points CEP IP phone detection function described in Section 14 3 8 Commands The commands used...

Page 209: ...an explanation of the command output Matrix show ciscodp CiscoDP Auto Timer 60 Holdtime TTL 180 Device ID 00E06314BD57 Last Change WED FEB 08 01 07 45 2006 Table 3 2 show ciscodp Output Details Outpu...

Page 210: ...ghboring devices will hold PDU transmissions from the sending device Default value of 180 can be changed with the set ciscodp holdtime command as described in Section 3 2 3 5 Device ID The MAC address...

Page 211: ...all ports Command Type Switch command Command Mode Read Only Example This example shows how to display Cisco Discovery Protocol information for ports fe 1 1 through fe 1 5 Table 3 3 provides an explan...

Page 212: ...state of enabled can be changed using the set ciscodp port command Section 3 2 3 6 VVID Whether a Voice VLAN ID has been set on this port Default of none can changed using the set ciscodp port comman...

Page 213: ...ly on the device set ciscodp status auto enable disable Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to enable Cisco Disc...

Page 214: ...seconds between Cisco Discovery Protocol PDU transmissions set ciscodp timer time Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example show...

Page 215: ...s This is the amount of time in seconds neighboring devices will hold PDU transmissions from the sending device set ciscodp holdtime time Syntax Description Command Defaults None Command Type Switch c...

Page 216: ...e connected to the Cisco IP phone is unaffected by this setting If the switch port is configured to a Cisco DP trust state of trusted with the trust ext trusted parameter of this command this setting...

Page 217: ...frames trust ext Set the extended trust mode on the port trusted Instruct attached phone to allow the device connected to it to transmit traffic containing any CoS or Layer 2 802 1p marking This is t...

Page 218: ...shows how to set the Cisco DP port voice VLAN ID to 3 on port fe 1 6 and enable the port operational state This example shows how to set the Cisco DP extended trust mode to untrusted on port fe 1 5 a...

Page 219: ...ear global CiscoDP enable status to default of auto timer Clear the time between CiscoDP PDU transmissions to default of 60 seconds holdtime Clear the time to live for CiscoDP PDU data to default of 1...

Page 220: ...ols Command Set Cisco Discovery Protocol 3 24 Matrix DFE Platinum and Diamond Series Configuration Guide This example shows how to clear the Cisco DP port status on port fe 1 5 Matrix clear ciscodp po...

Page 221: ...of location databases and in the case of VoIP provision of E911 services Extended and automated power management of Power over Ethernet endpoints Inventory management allowing network administrators...

Page 222: ...ldp port trap Section 3 2 4 3 show lldp port tx tlv Section 3 2 4 4 show lldp port location info Section 3 2 4 5 Step Task Command s 1 Configure global system LLDP parameters set lldp tx interval set...

Page 223: ...n 3 2 4 11 set lldp med fast repeat Section 3 2 4 12 set lldp port status Section 3 2 4 13 set lldp port trap Section 3 2 4 14 set lldp port med trap Section 3 2 4 15 set lldp port location info Secti...

Page 224: ...example shows how to display LLDP configuration information Matrix ro show lldp Message Tx Interval 30 Message Tx Hold Multiplier 4 Notification Tx Interval 5 MED Fast Start Count 3 Tx Enabled Ports...

Page 225: ...and show lldp port status port string Syntax Description Command Defaults If port string is not specified LLDP status information will be displayed for all ports Command Type Switch command Command Mo...

Page 226: ...ications with the set lldp port trap command and to send LLDP MED notifications with the set lldp port med trap command show lldp port trap port string Syntax Description Command Defaults If port stri...

Page 227: ...uration information will be displayed for all ports Command Type Switch command Command Mode Read Only Example This example shows how to display transmit TLV information for three ports port string Op...

Page 228: ...mand show lldp port location info port string Syntax Description Command Defaults If port string is not specified port location configuration information will be displayed for all ports Command Type S...

Page 229: ...played for all ports Command Type Switch command Command Mode Read Only Example This example shows how to display the local system information stored for port fe 4 1 Table 3 4 describes the output fie...

Page 230: ...gged 10 3 5 video conferencing tagged 10 3 5 streaming video tagged 10 3 5 video signaling tagged 10 3 5 ECS ELIN 1234567890123456789012345 PoE Device PSE device PoE Power Source primary PoE MDI Suppo...

Page 231: ...erational Speed Duplex Type IEEE 802 3 Extensions MAC PHY Configuration Status TLV Lists the operational MAU type duplex and speed of the port If the received TLV indicates that auto negotiation is su...

Page 232: ...g Entity PSE PoE Power Source LLDP MED Extensions Extended Power via MDI TLV Displayed only when a port has PoE capabilities Value can be primary or backup indicating whether the PSE is using its prim...

Page 233: ...PoE capabilities Indicates the total power the port is capable of sourcing over a maximum length cable based on its current configuration in milli Watts PoE Power Priority LLDP MED Extensions Extende...

Page 234: ...ommand Mode Read Only Example This example shows how to display the remote system information stored for port ge 3 1 The remote system information was received from an IP phone which is an LLDP MED en...

Page 235: ...er 4610 Table 3 5 show lldp port remote info Output Display Output Field What it Displays Remote Port Id Displays whatever port Id information received in the LLDPDU from the remote device In this cas...

Page 236: ...fied then all values default and non default are displayed for the specified ports all Display information about all network policy applications voice Display information about only the voice applicat...

Page 237: ...work policy information for ge 1 1 Matrix ro show lldp port network policy all ge 1 1 Ports Application State Tag Vlan Id Cos Dscp ge 1 1 voice enabled untagged 1 0 0 voice signaling enabled untagged...

Page 238: ...e transmissions initiated by changes in the LLDP local system information set lldp tx interval frequency Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Ex...

Page 239: ...tiplier value set lldp hold multiplier multiplier val Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example sets the transmit interval to 20...

Page 240: ...P notifications are sent when a remote system change has been detected set lldp trap interval frequency Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Exa...

Page 241: ...sending LLDP MED TLVs at a fast start rate on that port Use this command to set the number of successive LLDPDUs with LLDP MED TLVs to be sent for one complete fast start interval set lldp med fast r...

Page 242: ...mmand Command Mode Read Write Example This example enables both transmitting LLDPDUs and receiving and processing LLDPDUs from remote systems on ports ge 1 1 through ge 1 6 tx enable Enable transmitti...

Page 243: ...s detected set lldp port trap enable disable port string Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example enables transmitting LLDP tra...

Page 244: ...device has been attached or removed from the port set lldp port med trap enable disable port string Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example...

Page 245: ...witch command Command Mode Read Write Example After you configure a location information value you must also configure the port to send the Location Information TLV with the set lldp port tx tlv comma...

Page 246: ...DP TLV Value sent is the administratively assigned name for the system sys desc System Description optional basic LLDP TLV Value sent is sysDescr object defined in RFC 3418 sys cap System Capabilities...

Page 247: ...t s MAC and PHY med cap LLDP MED Capabilities TLV Value sent indicates the capabilities whether the device supports location information network policy extended power via MDI and Device Type network c...

Page 248: ...guration Guide Command Defaults None Command Type Switch command Command Mode Read Write Example This example configures the management address MED capability MED network policy and MED location ident...

Page 249: ...lication This application will not be advertised if the voice application is configured with the same parameters guest voice Configure the guest voice application guest voice signaling Configure the g...

Page 250: ...lso configure the port to send the Network Policy TLV with the set lldp port tx tlv command vid vlan id dot1p Optional VLAN identifier for the port The value of vlan id can range from 1 to 4094 Use do...

Page 251: ...mond Series Configuration Guide 3 55 Example This example configures the voice application TLV on port fe 2 1 and then configures the port to send the Network Policy TLV Matrix rw set lldp port networ...

Page 252: ...efault value of 30 seconds all Return all LLDP configuration parameters to their default values including port LLDP configuration parameters tx interval Return the number of seconds between transmissi...

Page 253: ...ue of both both transmitting and processing received LLDPDUs are enabled clear lldp port status port string Syntax Description Command Defaults None Command Type Switch command Command Mode Read write...

Page 254: ...d to return the port LLDP trap setting to the default value of disabled clear lldp port trap port string Syntax Description Command Defaults None Command Type Switch command Command Mode Read write Ex...

Page 255: ...eturn the port LLDP MED trap setting to the default value of disabled clear lldp port med trap port string Syntax Description Command Defaults None Command Type Switch command Command Mode Read write...

Page 256: ...alue of null clear lldp port location info elin port string Syntax Description Command Defaults None Command Type Switch command Command Mode Read write Example This example returns the location infor...

Page 257: ...mand will be applied to the guest voice application guest voice signaling Command will be applied to the guest voice signaling application softphone voice Command will be applied to the softphone voic...

Page 258: ...rite Example This example returns all network policy values for all applications on port ge 1 1 to their default values dscp Optional Clear the DSCP value to be used to provide Diffserv node behavior...

Page 259: ...sic LLDP TLV from being transmitted in LLDPDUs sys desc Disable the System Description optional basic LLDP TLV from being transmitted in LLDPDUs sys cap Disable the System Capabilities optional basic...

Page 260: ...ggr Disable the Link Aggregation IEEE 802 3 Extensions TLV from being transmitted in LLDPDUs max frame Disable the Maximum Frame Size IEEE 802 3 Extensions TLV from being transmitted in LLDPDUs med ca...

Page 261: ...on 4 3 1 Switch Ports The Matrix Series modules and standalone devices have fixed front panel switch ports and depending on the model optional expansion module slots The numbering scheme used to ident...

Page 262: ...nstalled in a Matrix N7 or E7 chassis can be 0 through 7 with 0 designating virtual system ports lag vlan host loopback and 1 designating the left most module slot in the chassis Slot location for mod...

Page 263: ...dule in chassis slot 1 This example shows the port string syntax for specifying Fast Ethernet ports 1 3 7 8 9 and 10 in the module in chassis slot 1 This example shows the port string syntax for speci...

Page 264: ...mary Port String Syntax Used in the CLI 4 4 Matrix DFE Platinum and Diamond Series Configuration Guide This example shows the port string syntax for specifying all ports of any interface type in all m...

Page 265: ...3 1 2 Reviewing switch port status Section 4 3 2 3 Disabling enabling and naming switch ports Section 4 3 3 4 Setting switch port speed and duplex mode Section 4 3 4 5 Enabling disabling jumbo frame s...

Page 266: ...the associated section as shown show console Section 4 3 1 1 clear console Section 4 3 1 2 show console baud Section 4 3 1 3 set console baud Section 4 3 1 4 clear console baud Section 4 3 1 5 show c...

Page 267: ...tring Syntax Description Command Defaults If port string is not specified properties for all console ports will be displayed Command Type Switch command Command Mode Read Only Example This example sho...

Page 268: ...one or more console ports clear console port string Syntax Description Command Defaults If port string is not specified properties for all console ports will be cleared Command Type Switch command Co...

Page 269: ...e ports show console baud port string Syntax Description Command Defaults If port string is not specified baud rate for all console ports will be displayed Command Type Switch command Command Mode Rea...

Page 270: ...yntax Description Command Defaults If port string is not specified baud rate will be set for all console ports Command Type Switch command Command Mode Read Write Example This example shows how to set...

Page 271: ...one or more console ports clear console baud port string Syntax Description Command Defaults If port string is not specified baud rate will be cleared for all console ports Command Type Switch command...

Page 272: ...onsole flowcontrol port string Syntax Description Command Defaults If port string is not specified the flow control setting for all console ports will be displayed Command Type Switch command Command...

Page 273: ...If port string is not specified flow control will be set for all console ports Command Type Switch command Command Mode Read Write Example This example shows how to enable DSR DTR flow control for con...

Page 274: ...r more console ports clear console flowcontrol port string Syntax Description Command Defaults If port string is not specified flow control will be cleared for all console ports Command Type Switch co...

Page 275: ...nsole bits port string Syntax Description Command Defaults If port string is not specified the bits per character setting for all console ports will be displayed Command Type Switch command Command Mo...

Page 276: ...s port string Syntax Description Command Defaults If port string is not specified bits per character will be set for all console ports Command Type Switch command Command Mode Read Write Example This...

Page 277: ...more console ports clear console bits port string Syntax Description Command Defaults If port string is not specified bits per character will be cleared for all console ports Command Type Switch comm...

Page 278: ...show console stopbits port string Syntax Description Command Defaults If port string is not specified stop bits per character will be displayed for all console ports Command Type Switch command Comma...

Page 279: ...oneandhalf two port string Syntax Description Command Defaults If port string is not specified stop bits per character will be set for all console ports Command Type Switch command Command Mode Read W...

Page 280: ...console ports clear console stopbits port string Syntax Description Command Defaults If port string is not specified stop bits per character will be cleared for all console ports Command Type Switch...

Page 281: ...e console ports show console parity port string Syntax Description Command Defaults If port string is not specified parity type for all console ports will be displayed Command Type Switch command Comm...

Page 282: ...If port string is not specified parity type will be set for all console ports Command Type Switch command Command Mode Read Write Example This example shows how to enable even parity checking on conso...

Page 283: ...more console ports clear console parity port string Syntax Description Command Defaults If port string is not specified parity type will be cleared for all console ports Command Type Switch command C...

Page 284: ...and statistical information about traffic received and transmitted through one or all switch ports on the device Commands The commands used to review port status are listed below and described in the...

Page 285: ...Defaults If port string is not specified operational status information for all ports will be displayed Command Type Switch command Command Mode Read Only Examples This example shows how to display op...

Page 286: ...les This example shows how to display status information for port ge 3 1 through 4 This example shows how to display status information for console ports port string Optional Displays status for speci...

Page 287: ...Oper Status Operating status up or down Admin Status Whether the specified port is enabled up or disabled down For details on using the set port disable command to change the default port status of en...

Page 288: ...g is not specified counter statistics will be displayed for all ports If mib2 or switch are not specified all counter statistics will be displayed for the specified port s Command Type Switch command...

Page 289: ...fe 3 1 Port fe 3 1 MIB2 Interface 1 Bridge Port 2 No counter discontinuity time MIB2 Interface Counters In Octets 0 In Unicast Pkts 0 In Multicast Pkts 0 In Broadcast Pkts 0 In Discards 0 In Errors 0...

Page 290: ...2 show port counters Output Details Output What It Displays Port Port designation For a detailed description of possible port string values refer to Section 4 1 1 MIB2 Interface MIB2 interface design...

Page 291: ...nkloss Optional Displays ports down due to link loss linkflap Optional Displays ports down due to link flap violation For more information on configuring the link flap function refer to Section 4 3 8...

Page 292: ...e This example shows how to display operation status causes for ports ge 1 1 through 6 In this case port ge 1 6 is down due to a link loss lag Optional Displays ports dormant due to Link Aggregation G...

Page 293: ...ill be overridden for all ports Command Type Switch command Command Mode Read Write Example This example shows how to override all operational causes on all ports port string Optional Overrides causes...

Page 294: ...ll ports are enabled at device startup You may want to disable ports for security or to troubleshoot network issues Commands The commands used to enable and disable ports are listed below and describe...

Page 295: ...ively disable one or more ports set port disable port string Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to disable Fast...

Page 296: ...atively enable one or more ports set port enable port string Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to enable Fast...

Page 297: ...ion Command Defaults If port string is not specified aliases for all ports will be displayed Command Type Switch command Command Mode Read Only Example This example shows how to display alias informat...

Page 298: ...ommand Defaults If string is not specified the alias assigned to the port will be cleared Command Type Switch command Command Mode Read Write Example This example shows how to assign the alias managem...

Page 299: ...inkdown Use this command to display the status of the force link down function show forcelinkdown Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Only Examp...

Page 300: ...link down function When enabled this forces ports in the operstatus down state to become disabled set forcelinkdown enable disable Syntax Description Command Defaults None Command Type Switch command...

Page 301: ...clear forcelinkdown Use this command to resets the force link down function to the default state of disabled clear forcelinkdown Syntax Description None Command Defaults None Command Type Switch comm...

Page 302: ...ult duplex mode Half for half duplex or Full for full duplex for one or more ports Commands The commands used to review and set port speed and duplex mode are listed below and described in the associa...

Page 303: ...Defaults If port string is not specified default speed settings for all ports will display Command Type Switch command Command Mode Read Only Example This example shows how to display the default spee...

Page 304: ...t speed port string 10 100 1000 Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to set Fast Ethernet port 3 in module3 to a...

Page 305: ...Defaults If port string is not specified default duplex settings for all ports will be displayed Command Type Switch command Command Mode Read Only Example This example shows how to display the defau...

Page 306: ...aults None Command Type Switch command Command Mode Read Write Example This example shows how to set Fast Ethernet port 17 in module 1 to full duplex NOTE This command will only take effect on ports t...

Page 307: ...se To review enable and disable jumbo frame support on one or more ports This allows Gigabit Ethernet ports to transmit frames up to 10 KB in size Commands The commands used to review enable and disab...

Page 308: ...mand Defaults If port string is not specified jumbo frame support status for all ports will display Command Type Switch command Command Mode Read Only Example This example shows how to display the sta...

Page 309: ...umbo frame support for 1 Gigabit Ethernet port 14 in module 3 This example shows how to enable jumbo frame support for router in slot 2 router instance 1 NOTE By default jumbo frame support is disable...

Page 310: ...iption Command Defaults If port string is not specified jumbo frame support status will be reset on all ports Command Type Switch command Command Mode Read Write Example This example shows how to rese...

Page 311: ...ands In normal operation with all capabilities enabled advertised ability enables a port to advertise that it has the ability to operate in any mode The user may choose to configure a port so that onl...

Page 312: ...n Command Defaults If port string is not specified auto negotiation status for all ports will be displayed Command Type Switch command Command Mode Read Only Example This example shows how to display...

Page 313: ...tring enable disable Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to disable auto negotiation on 1 Gigabit Ethernet port...

Page 314: ...tring is not specified the mode for all ports will be displayed Command Type Switch command Command Mode Read Only Example This example shows how to display MDI MDIX mode for 1 Gigabit Ethernet port 1...

Page 315: ...tring is not specified mode will be set for all ports Command Type Switch command Command Mode Read Write Example This example shows how to force 1 Gigabit Ethernet port 14 in module 3 to MDIX configu...

Page 316: ...lear port mdix port string Syntax Description Command Defaults If port string is not specified mode will be reset for all ports Command Type Switch command Command Mode Read Write Example This example...

Page 317: ...mmand Mode Read Only Example This example shows how to display advertised ability fe 1 16 Table 4 3 provides an explanation of the command output port string Optional Displays advertised ability for s...

Page 318: ...ex mode 100txfd 100BASE TX full duplex mode 1000x 1000BASE X LX SX CXhalfduplexmode 1000xfd 1000BASE X LX SX CX full duplex mode 1000t 1000BASE T half duplex mode 1000tfd 1000BASE T full duplex mode o...

Page 319: ...scription of possible port string values refer to Section 4 1 1 10t Optional Advertises 10BASE T half duplex mode 10tfd Optional Advertises 10BASE T full duplex mode 100tx Optional Advertises 100BASE...

Page 320: ...tion and Advertised Ability 4 60 Matrix DFE Platinum and Diamond Series Configuration Guide Command Mode Read Write Example This example shows how to set fe 3 4 to advertise 100BASE TX full duplex ope...

Page 321: ...Optional Clears 100BASE TX half duplex mode from the port s advertised ability 100txfd Optional Clears 100BASE TX full duplex mode from the port s advertised ability 1000x Optional Clears 1000BASE X L...

Page 322: ...and Diamond Series Configuration Guide Command Defaults If not specified all modes of advertised ability will be cleared Command Type Switch command Command Mode Read Write Example This example shows...

Page 323: ...ntrol Flow control is used to manage the transmission between two devices as specified by IEEE 802 3x to prevent receiving ports from being overwhelmed by frames from transmitting devices Commands The...

Page 324: ...Optional Displays flow control state for specific port s For a detailed description of possible port string values refer to Section 4 1 1 Matrix rw show port flowcontrol fe 1 1 5 Port TX Admin TX Ope...

Page 325: ...RX Admin Whether or not the port is administratively enabled or disabled for acknowledging received flow control frames RX Oper Whether or not the port is operationally enabled or disabled for acknow...

Page 326: ...one Command Type Switch command Command Mode Read Write Example This example shows how to enable ports fe 3 1 through 5 to send and receive flow control packets port string Specifies port s for which...

Page 327: ...and eventually send notification trap to stop such a condition If left unresolved the link flapping condition can be detrimental to network stability because it can trigger Spanning Tree and routing t...

Page 328: ...efaults If port string is not specified the trap status for all ports will be displayed Command Type Switch command Command Mode Read Write Example This example shows how to display link trap status f...

Page 329: ...et port trap port string enable disable Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to disable link traps for Fast Ether...

Page 330: ...ction metrics portsupported Displays ports which can support the link flap detection function actsupported Displays link flap detection actions supported by system hardware maximum Displays the maximu...

Page 331: ...by link flap detection due to a violation This example shows how to display the link flap parameters table violations Displays the number of link flap violations since the last reset port string Opti...

Page 332: ...disabled S Syslog entry will be generated T SNMP trap will be generated Threshold Number of link down transitions necessary to trigger the link flap action Interval Time interval in seconds for accum...

Page 333: ...atrix DFE Platinum and Diamond Series Configuration Guide 4 73 TimeElapsed Time in seconds since the last link down event Violations Number of link flap violations on listed ports since system start T...

Page 334: ...ly and on all ports If disabled globally after per port settings have been configured using the commands later in this chapter per port settings will be retained set linkflap globalstate disable enabl...

Page 335: ...escription Command Defaults If port string is not specified all ports will be disabled or enabled Command Type Switch command Command Mode Read Write Example This example shows how to enable the link...

Page 336: ...ng interval_value Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Examples This example shows how to set the link flap interval on port fe 1 4 to 1000 seco...

Page 337: ...None Command Type Switch command Command Mode Read Write Examples This example shows how to set the link flap violation action on port fe 1 4 to generating a Syslog entry port string Specifies the por...

Page 338: ...g is not specified actions will be cleared on all ports Command Type Switch command Command Mode Read Write Examples This example shows how to clear all link flap violation actions on all ports port s...

Page 339: ...ntax Description Command Defaults None Command Type Switch command Command Mode Read Write Examples This example shows how to set the link flap threshold on port fe 1 4 to 5 port string Specifies the...

Page 340: ...time port string downtime_value Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Examples This example shows how to set the link flap downtime on port fe 1...

Page 341: ...p down port string Syntax Description Command Defaults If port string is not specified all ports disabled by a link flap violation will be made operational Command Type Switch command Command Mode Rea...

Page 342: ...ied settings and or statistics will be cleared on all ports Command Type Switch command Command Mode Read Write Examples This example shows how to clear all link flap options on port fe 1 4 all stats...

Page 343: ...amount of received broadcast frames that the specified port will be allowed to switch out to other ports Broadcast suppression protects against broadcast storms leaving more bandwidth available for cr...

Page 344: ...net port 2 in module 2 Table 4 7 provides an explanation of the command output port string Optional Displays broadcast status for specific port s For a detailed description of possible port string val...

Page 345: ...onfiguration Guide 4 85 Peak Rate pkts s Peak rate of broadcast transmission received on this port in packets per second Peak Rate Time ddd hh mm ss Time in day hours minutes and seconds the peak rate...

Page 346: ...ription Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to set broadcast suppression to 800 packets per second on Fast Ethernet ports 1 through...

Page 347: ...If not specified both threshold and peak settings will be cleared Command Type Switch command Command Mode Read Write Example This example shows how to clear all broadcast suppression settings on Fas...

Page 348: ...e 4 4 1 Supported Mirrors The following types of ports can participate in mirroring on the Matrix Series device Physical ports including front panel and FTM 1 ports Virtual ports including Link Aggreg...

Page 349: ...port will also be used for IP traffic Port failure or link recovery in a LAG will cause an automatic re distribution of the DIP SIP conversations 4 4 3 Active Destination Port Configurations The Matri...

Page 350: ...tting Port Mirroring Purpose To review and configure port mirroring on the device Commands The commands used to review and configure port mirroring are listed below and described in the associated sec...

Page 351: ...those ports show port mirroring Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Only Example This example shows how to display port mirroring information In...

Page 352: ...nable disable Enables or disables the mirroring of IGMP multicast frames source Specifies the source port designation This is the port on which the traffic will be monitored For a description of port...

Page 353: ...Platinum and Diamond Series Configuration Guide 4 93 Example This example shows how to enable port mirroring of transmitted and received frames with fe 1 4 as the source port and fe 1 11 as the target...

Page 354: ...Command Type Switch command Command Mode Read Write Example This example shows how to clear port mirroring between source port fe 1 4 and target port fe 1 11 igmp mcast Clears IGMP multicast mirrorin...

Page 355: ...ers i e a server or to a router 4 5 1 LACP Operation For each aggregatable port in the device LACP Maintains configuration information reflecting the inherent properties of the individual links as wel...

Page 356: ...et of capabilities associated with each port and with each aggregator as understood by a given device A means of identifying a LAG and its associated aggregator 4 5 2 LACP Terminology Table 4 8 define...

Page 357: ...regator ports allow only underlying ports with keys matching theirs to join their LAG Actor and Partner An actor is the local device sending LACPDUs Its protocol partner is the device on the other end...

Page 358: ...simply no available aggregators or if none of the aggregators have a matching admin key and system priority 802 1x authentication is enabled and ports that would otherwise aggregate are not 802 1X aut...

Page 359: ...on as shown show lacp Section 4 5 4 1 set lacp Section 4 5 4 2 clear lacp state Section 4 5 4 3 set lacp asyspri Section 4 5 4 4 set lacp aadminkey Section 4 5 4 5 clear lacp Section 4 5 4 6 set lacp...

Page 360: ...state port string Syntax Description Command Defaults If state is not specified aggregator information will be displayed for specified ports If port string is not specified link aggregation informati...

Page 361: ...nation Actor Local device participating in LACP negotiation Partner Remote device participating in LACP negotiation System Identifier MAC addresses for actor and partner System Priority System priorit...

Page 362: ...mand to disable or enable the Link Aggregation Control Protocol LACP on the device LACP is enabled by default set lacp disable enable Syntax Description Command Defaults None Command Type Switch comma...

Page 363: ...Guide 4 103 4 5 4 3 clear lacp state Use this command to reset LACP to the default state of enabled clear lacp state Syntax Description None Command Defaults None Command Type Switch command Command...

Page 364: ...l be allowed to use the aggregator set lacp asyspri value Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to set the LACP sy...

Page 365: ...physical ports with oper keys matching those of their aggregators will be allowed to aggregate set lacp aadminkey port string value Syntax Description Command Defaults None Command Type Switch comman...

Page 366: ...ority or admin key settings clear lacp asyspri aadminkey port string Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to clea...

Page 367: ...c LAGs discussed in Section 4 5 3 apply to statically created LAGs Static LAG configuration should be performed by personnel who are knowledgeable about Link Aggregation Misconfiguration can result in...

Page 368: ...onfiguring Link Aggregation 4 108 Matrix DFE Platinum and Diamond Series Configuration Guide Example This example shows how to add port fe 1 6 to the LAG of aggregator port 48 Matrix rw set lacp stati...

Page 369: ...x Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to remove Fast Ethernet port 6 in module 1 from the LAG of aggregator port 48 lag...

Page 370: ...lag Use this command to display the status of the single port LAG function show lacp singleportlag Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Only Exam...

Page 371: ...LAGs When enabled this maintains LAGs when only one port is receiving protocol transmissions from a partner set lacp singleportlag enable disable Syntax Description Command Defaults None Command Type...

Page 372: ...g Use this command to reset the single port LAG function back to the default state of disabled clear lacp singleportlag Syntax Description None Command Defaults None Command Type Switch command Comman...

Page 373: ...summary counters sort port lag Syntax Description Command Defaults None Command Type Switch command Command Mode Read Only port port string Displays LACP information for specific port s For a detailed...

Page 374: ...ectedAggID none PartnerAdminState DCSGlp AttachedAggID none PartnerOperState DC Glp MuxState Detached PartnerAdminSystemID 00 00 00 00 00 00 DebugRxState port Disabled PartnerOperSystemID 00 00 00 00...

Page 375: ...port fe 1 12 counters Port Instance fe 1 12 LACPDUsRx 0 MarkerPDUsRX 0 LACPDUsTx 0 MarkerPDUsTx 0 IllegalRx 0 MarkerResponsePDUsRx 0 UnknownRx 0 MarkerResponsePDUsTx 0 ActorSyncTransitionCount 0 Partn...

Page 376: ...s aadminkey set actor values Corresponding commands and parameters beginning with a p such as padminkey set corresponding partner values Actor refers to the local device participating in LACP negotiat...

Page 377: ...PDUs every 1 sec vs 30 sec default lacpagg Aggregation on this port lacpsync Transition to synchronization state lacpcollect Transition to collection state lacpdist Transition to distribution state la...

Page 378: ...ered Command Type Switch command Command Mode Read Write Example This example shows how to set the actor admin key to 3555 for port ge 3 16 padminstate lacpactive lacptimeout lacpagg lacpsync lacpcoll...

Page 379: ...LACP settings will be cleared For a detailed description of possible port string values refer to Section 4 1 1 aadminkey Clears a port s actor admin key aportpri Clears a port s actor port priority a...

Page 380: ...ype Switch command Command Mode Read Write Example This example shows how to clear all link aggregation parameters for port ge 3 16 padminstate lacpactive lacptimeout lacpagg lacpsync lacpcollect lacp...

Page 381: ...flowRegeneration Use this command to display the LACP flow regeneration state show lacp flowRegeneration Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Onl...

Page 382: ...oad balance existing flows to take advantage of ports added to the LAG When flow regeneration is disabled and a new port joins a LAG LACP will only distribute new flows over the increased number of po...

Page 383: ...owRegeneration Use this command to reset LACP flow regeneration to its default state disabled clear lacp flowRegeneration Syntax Description None Command Defaults None Command Type Switch command Comm...

Page 384: ...p outportAlgorithm Use this command to display the current LACP outport algorithm show lacp outportAlgorithm Syntax Description None Command Defaults None Command Type Switch command Command Mode Read...

Page 385: ...Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to set the LACP outport algorithm to DA SA dip sip Specifies that destinati...

Page 386: ...outportAlgorithm Use this command to reset LACP to DIP SIP its default outport algorithm clear lacp outportAlgorithm Syntax Description None Command Defaults None Command Type Switch command Command M...

Page 387: ...escription of functionality Version 2 SNMPv2c The second release of SNMP described in RFC 1907 has additions and enhancements to data types counter size and protocol operations Version 3 SNMPv3 This i...

Page 388: ...his component accepts outgoing PDUs from the dispatcher and prepares them for transmission by wrapping them in a message header and returning them to the dispatcher The message processing subsystem al...

Page 389: ...access would either Permit or restrict the group s switch management access to the MIB s specified by the context MIB object ID value or Allow the group to have SNMP management access to one or more r...

Page 390: ...a SNMPv3 This example grants the powergroup SNMPv3 management access from all router modules when operating in router mode This example grants the powergroup SNMPv3 management access from the router r...

Page 391: ...Section 5 3 7 8 Creating a basic SNMP trap notification Section 5 3 8 5 3 SNMP CONFIGURATION COMMAND SET 5 3 1 Reviewing SNMP Statistics Purpose To review SNMP statistics Commands The commands used t...

Page 392: ...Read Only Example This example shows how to display SNMP engine properties Table 5 2 shows a detailed explanation of the command output Matrix rw show snmp engineid EngineId 80 00 15 f8 03 00 e0 63 9d...

Page 393: ...xample This example shows how to display SNMP counter values Matrix rw show snmp counters mib2 SNMP group counters snmpInPkts 396601 snmpOutPkts 396601 snmpInBadVersions 0 snmpInBadCommunityNames 0 sn...

Page 394: ...ongDigests 0 usmStatsDecryptionErrors 0 Table 5 3 show snmp counters Output Details Output What It Displays snmpInPkts Number of messages delivered to the SNMP entity from the transport service snmpOu...

Page 395: ...PDUs delivered to the SNMP protocol entity with the value of the error status field as readOnly snmpInGenErrs Number of SNMP PDUs delivered to the SNMP protocol entity with the value of the error sta...

Page 396: ...h the value of the error status field as badValue snmpOutGenErrs Number of SNMP PDUs generated by the SNMP protocol entity with the value of the error status field as genErr snmpOutGetRequests Number...

Page 397: ...were dropped because they appeared outside of the authoritative SNMP engine s window usmStatsUnknownUserNames Number of packets received by the SNMP engine that were dropped because they referenced a...

Page 398: ...collection of users who share the same SNMP access privileges Community A name used to authenticate SNMPv1 and v2 users Commands The commands used to review and configure SNMP users groups and communi...

Page 399: ...nformation will be displayed If user is not specified information about all SNMP users will be displayed If remote is not specified user information about the local SNMP engine will be displayed If no...

Page 400: ...guest SNMP user information EngineId 00 00 00 63 00 00 00 a1 00 00 00 00 Username Guest Auth protocol usmNoAuthProtocol Privacy protocol usmNoPrivProtocol Storage type nonVolatile Row status active Ta...

Page 401: ...applied If privacy is not specified no encryption will be applied If storage type is not specified nonvolatile will be applied Command Type Switch command Command Mode Read Write user Specifies a nam...

Page 402: ...ond Series Configuration Guide Example This example shows how to create a new SNMP user named netops By default this user will be registered on the local SNMP engine without authentication and encrypt...

Page 403: ...model list clear snmp user user remote remote Syntax Description Command Defaults If remote is not specified the user will be removed from the local SNMP engine Command Type Switch command Command Mod...

Page 404: ...all SNMP groups will be displayed If user is not specified information about all SNMP users will be displayed If security model is not specified user information about all SNMP versions will be displa...

Page 405: ...ty user name public Group name Anyone Storage type nonVolatile Row status active Security model SNMPv1 Security user name public router1 Group name Anyone Storage type nonVolatile Row status active Ta...

Page 406: ...rage type is not specified nonvolatile storage will be applied Command Type Switch command Command Mode Read Write Example This example shows how to create an SNMP group called anyone assign a user na...

Page 407: ...v2c usm Syntax Description Command Defaults If not specified settings related to all security models will be cleared Command Type Switch command Command Mode Read Write Example This example shows how...

Page 408: ...ommand Defaults If name is not specified information will be displayed for all SNMP communities Command Type Switch command Command Mode Read Only Example This example shows how to display information...

Page 409: ...l be applied Command Type Switch command community Specifies a community group name securityname securityname Optional Specifies an SNMP security name to associate with this community context context...

Page 410: ...figuration Guide Command Mode Read Write Examples This example shows how to set an SNMP community name called vip This example shows how to grant SNMP management privileges to vip community from routi...

Page 411: ...3 2 9 clear snmp community Use this command to delete an SNMP community name clear snmp community name Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Exam...

Page 412: ...Rights Purpose To review and configure SNMP access rights assigning viewing privileges and security levels to SNMP user groups Commands The commands used to review and configure SNMP access are liste...

Page 413: ...authentication or privacy are not specified access information for all security levels will be displayed If context is not specified all contexts will be displayed If volatile nonvolatile or read only...

Page 414: ...ity model USM Security level noAuthNoPriv Read View All Write View Notify View All Context match exact match Storage type nonVolatile Row status active Group NightOperator Security model USM Security...

Page 415: ...ew SNMP MIB objects Write View Name of the view that allows this group to configure the contents of the SNMP agent Notify View Name of the view that allows this group to send an SNMP trap message Cont...

Page 416: ...essages sent on behalf of the user are protected from disclosure context context exact prefix Optional Sets the context for this access configuration and specifies that the match must be exact matchin...

Page 417: ...l be applied If write view is not specified none will be applied If notify view is not specified none will be applied If storage type is not specified entries will be stored as permanent and will be h...

Page 418: ...cleared If context is not specified none will be applied Command Type Switch command Command Mode Read Write Example This example shows how to clear SNMP version 3 access for the mis group via the aut...

Page 419: ...s Purpose To review and configure SNMP MIB views SNMP views map SNMP objects to access rights Commands The commands used to review and configure SNMP MIB views are listed below and described in the as...

Page 420: ...ject volatile nonvolatile read only Syntax Description Command Defaults If no parameters are specified all SNMP MIB view configuration information will be displayed Command Type Switch command Command...

Page 421: ...torage type nonVolatile Row status active View Name All Subtree OID 0 0 Subtree mask View Type included Storage type nonVolatile Row status active View Name Network Subtree OID 1 3 6 1 2 1 Subtree mas...

Page 422: ...xt allows all SNMP agents to access all management information MIBs When created using the set snmp access command Section 5 3 3 2 other contexts can be applied to limit access to a subset of manageme...

Page 423: ...ee use will be included If storage type is not specified nonvolatile permanent will be applied Command Type Switch command Command Mode Read Write Example This example shows how to set an SNMP MIB vie...

Page 424: ...lete an SNMPv3 MIB view clear snmp view viewname subtree Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to delete SNMP MIB...

Page 425: ...ircumstances SNMP notifications will be sent A target parameter entry can be bound to a target IP address allowed to receive SNMP notification messages with the set snmp targetaddr command Section 5 3...

Page 426: ...targetParams volatile nonvolatile read only Syntax Description Command Defaults If targetParams is not specified entries associated with all target parameters will be displayed If not specified entri...

Page 427: ...arams Security Name public Message Proc Model SNMPv2c Security Level noAuthNoPriv Storage type nonVolatile Row status active Target Parameter Name v3ExampleParams Security Name CharlieDChief Message P...

Page 428: ...DFE Platinum and Diamond Series Configuration Guide Storage type Whether entry is stored in volatile nonvolatile or read only memory Row status Status of this entry active notInService or notReady Tab...

Page 429: ...mand Command Mode Read Write paramsname Specifies a name identifying parameters used to generate SNMP messages to a particular target user user Specifies an SNMPv1 or v2 community name or an SNMPv3 us...

Page 430: ...onfiguration Guide Example This example shows how to set SNMP target parameters named v1ExampleParams for a user named fred using version 3 security model and message processing and authentication Mat...

Page 431: ...target parameter configuration clear snmp targetparams targetParams Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to clea...

Page 432: ...ication messages An address configuration can be linked to optional SNMP transmit or target parameters such as timeout retry count and UDP port set with the set snmp targetparams command Section 5 3 5...

Page 433: ...played for a target address Command Type Switch command Command Mode Read Only Example This example shows how to display SNMP target address information Table 5 9 shows a detailed explanation of the c...

Page 434: ...gs a location to the target address as a place to send notifications IP Address Target IP address UDP Port Number of the UDP port of the target host to use Target Mask Target IP address mask Timeout T...

Page 435: ...32 bytes ipaddr Specifies the IP address of the target param param Specifies an entry in the SNMP target parameters table which is used when generating a message to the target Maximum length is 32 byt...

Page 436: ...ne will be set If not specified storage type will be nonvolatile Command Type Switch command Command Mode Read Write Example This example shows how to configure a trap notification called TrapSink Thi...

Page 437: ...rgetaddr Use this command to delete an SNMP target address entry clear snmp targetaddr targetAddr Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example T...

Page 438: ...SNMP trap configuration showing how SNMP notification parameters are associated with security and authorization criteria target parameters and mapped to a management target address refer to Section 5...

Page 439: ...be displayed If volatile nonvolatile or read only are not specified all storage type entries will be displayed Command Type Switch command Command Mode Read Only Example This example shows how to dis...

Page 440: ...ow snmp notify Output Details Output What It Displays Notify name A unique identifier used to index the SNMP notify table Notify Tag Name of the entry in the SNMP notify table Notify Type Type of noti...

Page 441: ...d Defaults If not specified message type will be set to trap If not specified storage type will be set to nonvolatile Command Type Switch command Command Mode Read Write Example This example shows how...

Page 442: ...ar snmp notify Use this command to clear an SNMP notify configuration clear snmp notify notify Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This...

Page 443: ...filtering is associated with any SNMP target then no filtering will take place Traps or informs notifications will be sent to all destinations in the SNMP targetAddrTable that have tags matching those...

Page 444: ...y filter information will be displayed Command Type Switch command Command Mode Read Only Example This example shows how to display SNMP notify filter information In this case the notify profile pilot...

Page 445: ...Syntax Description Command Defaults If not specified mask is not set If not specified subtree will be included If storage type is not specified nonvolatile permanent will be applied Command Type Switc...

Page 446: ...ation clear snmp notifyfilter profile subtree oid or mibobject Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to delete the...

Page 447: ...ion Command Defaults If no parameters are specified all notify profile information will be displayed Command Type Switch command Command Mode Read Only Example This example shows how to display SNMP n...

Page 448: ...ve SNMP notifications set snmp notifyprofile profile targetparam targetparam volatile nonvolatile Syntax Description Command Defaults If storage type is not specified nonvolatile permanent will be app...

Page 449: ...ion clear snmp notifyprofile profile targetparam targetparam Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to delete SNMP...

Page 450: ...in Step 1 3 Verify if any applicable SNMP notification entries exist or create a new one You will use this entry to send SNMP notification messages to the appropriate management targets created in St...

Page 451: ...ve the key that SNMP is looking for is the notification entry created with the set snmp notify command which in this case is a key labeled entry1 2 Searches for the doors matching such a key For examp...

Page 452: ...in fact there The agent checks targetparams entries and determines this description was made with the set snmp targetparams command which tells exactly which SNMP protocol to use and what community n...

Page 453: ...time to reconfigure the network s active topology when physical topology or configuration parameter changes occur It selects one switch as the root of a Spanning Tree connected active topology and as...

Page 454: ...the following functions Creating a single Spanning Tree from any arrangement of switching or bridging elements Compensating automatically for the failure removal or addition of any device in an activ...

Page 455: ...d on reception of agreement BPDUs Control of port forwarding state based on reception of disputed BPDUs Communicating port non forwarding status through traps and syslog messages Disabling a port base...

Page 456: ...ow of time the port is forced into blocking and held there until it is manually unlocked via management 6 1 4 Process Overview Spanning Tree Configuration Use the following steps as a guide in the Spa...

Page 457: ...ed section as shown show spantree stats Section 6 2 1 1 show spantree version Section 6 2 1 2 set spantree version Section 6 2 1 3 clear spantree version Section 6 2 1 4 show spantree stpmode Section...

Page 458: ...set spantree bridgehellomode Section 6 2 1 28 clear spantree bridgehellomode Section 6 2 1 29 show spantree hello Section 6 2 1 31 set spantree hello Section 6 2 1 31 clear spantree hello Section 6 2...

Page 459: ...Section 6 2 1 56 show spantree spanguardtimeout Section 6 2 1 57 set spantree spanguardtimeout Section 6 2 1 58 clear spantree spanguardtimeout Section 6 2 1 59 show spantree spanguardlock Section 6...

Page 460: ...ning Tree Bridge Parameters 6 8 Matrix DFE Platinum and Diamond Series Configuration Guide clear spantree newroottrapenable Section 6 2 1 73 clear spantree default Section 6 2 1 74 show spantree debug...

Page 461: ...be displayed If sid is not specified information for Spanning Tree 0 will be displayed If active is not specified information for all ports will be displayed regardless of whether or not they have re...

Page 462: ...3d Bridge ID Priority 32768 Bridge Max Age 20 sec Bridge Hello Time 2 sec Bridge Forward Delay 15 sec Topology Change Count 7 Time Since Top Change 00 days 03 19 15 Max Hops 20 Table 6 1 show spantre...

Page 463: ...n 6 2 1 34 Bridge Hello Time Amount of time in seconds the bridge sends BPDUs This is a default value or is assigned using the set spantree hello command For details refer to Section 6 2 1 31 Bridge F...

Page 464: ...dress 00 e0 63 93 79 0f Bridge ID Priority 0 Bridge Max Age 20 sec Bridge Hello Time 2 sec Bridge Forward Delay 15 sec Topology Change Count 5 Time Since Top Change 00 days 03 16 54 Max Hops 20 SID Po...

Page 465: ...is assigned by the Spanning Tree protocol and determines the behavior of the port either sending or receiving BPDUs and forwarding or blocking data traffic Cost The port cost Priority The priority of...

Page 466: ...ersion Use this command to display the current version of the Spanning Tree protocol running on the device show spantree version Syntax Description None Command Defaults None Command Type Switch comma...

Page 467: ...example shows how to globally change the Spanning Tree version from the default of MSTP to RSTP NOTE In most networks Spanning Tree version should not be changed from its default setting of mstp Mult...

Page 468: ...iguration Guide 6 2 1 4 clear spantree version Use this command to reset the Spanning Tree version to MSTP mode clear spantree version Syntax Description None Command Defaults None Command Type Switch...

Page 469: ...17 6 2 1 5 show spantree stpmode Use this command to display the Spanning Tree Protocol STP mode setting show spantree stpmode Syntax Description None Command Defaults None Command Type Switch command...

Page 470: ...e Use this command to globally enable or disable the Spanning Tree Protocol STP mode set spantree stpmode none ieee8021 Syntax Description Command Defaults None Command Type Switch command Command Mod...

Page 471: ...spantree stpmode Use this command to reset the Spanning Tree protocol mode to the default setting of IEEE802 1 This re enables Spanning Tree clear spantree stpmode Syntax Description None Command Defa...

Page 472: ...this command to display the setting for the maximum number of user configurable Spanning Tree instances show spantree maxconfigurablestps Syntax Description None Command Defaults None Command Type Sw...

Page 473: ...ree instances set spantree maxconfigurablestps numstps Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to set the STP max co...

Page 474: ...maxconfigurablestps Use this command to clear the setting for the maximum number of user configurable Spanning Tree instances clear spantree maxconfigurablestps Syntax Description None Command Defaul...

Page 475: ...mand to display a list of Multiple Spanning Tree MST instances configured on the device show spantree mstilist Syntax Description None Command Defaults None Command Type Switch command Command Mode Re...

Page 476: ...et spantree msti sid sid create delete Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to create MST instance 2 sid sid Sets...

Page 477: ...3 clear spantree msti Use this command to delete one or more Multiple Spanning Tree instances clear spantree msti sid Syntax Description Command Defaults None Command Type Switch command Command Mode...

Page 478: ...mapped to FIDs this shows to which SID a VLAN is mapped show spantree mstmap fid fid Syntax Description Command Defaults If fid is not specified information for all assigned FIDs will be displayed Com...

Page 479: ...escription Command Defaults If sid is not specified FID s will be mapped to Spanning Tree 0 Command Type Switch command Command Mode Read Write Example This example shows how to map FID 3 to SID 2 fid...

Page 480: ...on Guide 6 2 1 16 clear spantree mstmap Use this command to map a FID back to SID 0 clear spantree mstmap fid Syntax Description Command Defaults None Command Type Switch command Command Mode Read Wri...

Page 481: ...Description Command Defaults If not specified SID assignment will be displayed only for VLANs assigned to any SID other than SID 0 Command Type Switch command Command Mode Read Only Example This exam...

Page 482: ...None Command Type Switch command Command Mode Read Only Example This example shows how to display the MST configuration identifier elements In this case the default revision level of 0 and the default...

Page 483: ...ration name and or revision level set spantree mstcfgid cfgname name rev level Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows h...

Page 484: ...d to reset the MST revision level to a default value of 0 and the configuration name to a default string representing the bridge MAC address clear spantree mstcfgid Syntax Description None Command Def...

Page 485: ...de Use this command to display the Spanning Tree bridge priority mode setting show spantree bridgeprioritymode Syntax Description None Command Defaults None Command Type Switch command Command Mode Re...

Page 486: ...scribed in set spantree priority Section 6 2 1 25 set spantree bridgeprioritymode 8021d 8021t Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This...

Page 487: ...e bridgeprioritymode Use this command to reset the Spanning Tree bridge priority mode to the default setting of 802 1t clear spantree bridgeprioritymode Syntax Description None Command Defaults None C...

Page 488: ...pantree priority sid Syntax Description Command Defaults If sid is not specified priority will be shown for Spanning Tree 0 Command Type Switch command Command Mode Read Only Example This example show...

Page 489: ...rity sid Syntax Description Command Defaults If sid is not specified priority will be set on Spanning Tree 0 Command Type Switch command Command Mode Read Write Examples This example shows how to set...

Page 490: ...shows how to set the bridge priority to 10000 on all SIDs with 8021t priority mode enabled This example shows how to set the bridge priority to 1000 on all SIDs with 8021t priority mode enabled Matrix...

Page 491: ...o the default value of 32768 clear spantree priority sid Syntax Description Command Defaults If sid is not specified priority will be reset on Spanning Tree 0 Command Type Switch command Command Mode...

Page 492: ...lo time is being used When disabled per port administrative hello times are being used show spantree bridgehellomode Syntax Description None Command Defaults None Command Type Switch command Command M...

Page 493: ...Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to disable single Spanning Tree hello mode on the device Per port hello times can n...

Page 494: ...spantree bridgehellomode Use this command to reset the Spanning Tree administrative hello mode to enabled clear spantree bridgehellomode Syntax Description None Command Defaults None Command Type Swit...

Page 495: ...43 6 2 1 30 show spantree hello Use this command to display the Spanning Tree hello time show spantree hello Syntax Description None Command Defaults None Command Type Switch command Command Mode Read...

Page 496: ...he device will transmit BPDUs indicating it is active set spantree hello interval Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example show...

Page 497: ...6 2 1 32 clear spantree hello Use this command to reset the Spanning Tree hello time to the default value of 2 seconds clear spantree hello Syntax Description None Command Defaults None Command Type...

Page 498: ...show spantree maxage Use this command to display the Spanning Tree maximum aging time show spantree maxage Syntax Description None Command Defaults None Command Type Switch command Command Mode Read...

Page 499: ...messages at regular intervals Any port that ages out STP information provided in the last configuration message becomes the designated port for the attached LAN If it is a root port a new root port i...

Page 500: ...35 clear spantree maxage Use this command to reset the maximum aging time for a Spanning Tree to the default value of 20 seconds clear spantree maxage Syntax Description None Command Defaults None Co...

Page 501: ...ow spantree fwddelay Use this command to display the Spanning Tree forward delay time show spantree fwddelay Syntax Description None Command Defaults None Command Type Switch command Command Mode Read...

Page 502: ...e every device must receive information about topology changes before it starts to forward frames In addition each port needs time to listen for conflicting information that would make it return to a...

Page 503: ...38 clear spantree fwddelay Use this command to reset the Spanning Tree forward delay to the default setting of 15 seconds clear spantree fwddelay Syntax Description None Command Defaults None Command...

Page 504: ...ree autoedge Use this command to display the status of automatic edge port detection show spantree autoedge Syntax Description None Command Defaults None Command Type Switch command Command Mode Read...

Page 505: ...this command to enable or disable the automatic edge port detection function set spantree autoedge disable enable Syntax Description Command Defaults None Command Type Switch command Command Mode Read...

Page 506: ...41 clear spantree autoedge Use this command to reset automatic edge port detection to the default state of enabled clear spantree autoedge Syntax Description None Command Defaults None Command Type S...

Page 507: ...e legacypathcost Use this command to display the default Spanning Tree path cost setting show spantree legacypathcost Syntax Description None Command Defaults None Command Type Switch command Command...

Page 508: ...ble Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to set the default path cost values to 802 1D NOTE By default legacy pat...

Page 509: ...spantree legacypathcost Use this command to set the Spanning Tree default value for legacy path cost to 802 1t values clear spantree legacypathcost Syntax Description None Command Defaults None Comman...

Page 510: ...d to display the status of topology change trap suppression on Rapid Spanning Tree edge ports show spantree tctrapsuppress Syntax Description None Command Defaults None Command Type Switch command Com...

Page 511: ...ented from sending topology change traps This is because there is usually no need for network management to monitor edge port STP transition states such as when PCs are powered on When topology change...

Page 512: ...1 47 clear spantree tctrapsuppress Use this command to clear topology change trap suppression settings clear spantree tctrapsuppress Syntax Description None Command Defaults None Command Type Switch c...

Page 513: ...6 2 1 48 show spantree txholdcount Use this command to display the maximum BPDU transmission rate show spantree txholdcount Syntax Description None Command Defaults None Command Type Switch command C...

Page 514: ...l be transmitted before transmissions are subject to a one second timer set spantree txholdcount txholdcount Syntax Description Command Defaults None Command Type Switch command Command Mode Read Writ...

Page 515: ...6 63 6 2 1 50 clear spantree txholdcount Use this command to reset the transmit hold count to the default value of 6 clear spantree txholdcount Syntax Description None Command Defaults None Command Ty...

Page 516: ...51 show spantree maxhops Use this command to display the Spanning Tree maximum hop count show spantree maxhops Syntax Description None Command Defaults None Command Type Switch command Command Mode R...

Page 517: ...the information for a particular Spanning Tree instance may traverse via relay of BPDUs within the applicable MST region before being discarded set spantree maxhops max_hop_count Syntax Description C...

Page 518: ...ion Guide 6 2 1 53 clear spantree maxhops Use this command to reset the maximum hop count to the default value of 20 clear spantree maxhops Syntax Description None Command Defaults None Command Type S...

Page 519: ...w spantree spanguard Use this command to display the status of the Spanning Tree span guard function show spantree spanguard Syntax Description None Command Defaults None Command Type Switch command C...

Page 520: ...a BPDU when that port has been defined as an edge user port as described in Section 6 2 2 20 This port will remain disabled until the amount of time defined by the set spantree spanguardtimeout Secti...

Page 521: ...ar spantree spanguard Use this command to resets the status of the Spanning Tree span guard function to disabled clear spantree spanguard Syntax Description None Command Defaults None Command Type Swi...

Page 522: ...spanguardtimeout Use this command to display the Spanning Tree span guard timeout setting show spantree spanguardtimeout Syntax Description None Command Defaults None Command Type Switch command Comma...

Page 523: ...mount of time in seconds an edge port will remain locked by the span guard function set spantree spanguardtimeout timeout Syntax Description Command Defaults None Command Type Switch command Command M...

Page 524: ...ee spanguardtimeout Use this command to reset the Spanning Tree span guard timeout to the default value of 300 seconds clear spantree spanguardtimeout Syntax Description None Command Defaults None Com...

Page 525: ...s show spantree spanguardlock port string Syntax Description Command Defaults None Command Type Switch command Command Mode Read Only Example This example shows how to display the span guard lock stat...

Page 526: ...led it locks ports that receive BPDUs when those ports have been defined as edge user ports as described in Section 6 2 2 20 clear spantree spanguardlock port string set spantree spanguardlock port st...

Page 527: ...enable Use this command to displays the state of the Spanning Tree span guard trap function show spantree spanguardtrapenable Syntax Description None Command Defaults None Command Type Switch command...

Page 528: ...g of an SNMP trap message when span guard detects that an unauthorized port has tried to join the Spanning Tree set spantree spanguardtrapenable disable enable Syntax Description Command Defaults None...

Page 529: ...ardtrap enable Use this command to reset the Spanning Tree span guard trap function back to the default state of enabled clear spantree spanguardtrapenable Syntax Description None Command Defaults Non...

Page 530: ...show spantree backuproot sid Syntax Description Command Defaults If sid is not specified status will be shown for Spanning Tree 0 Command Type Switch command Command Mode Read Only Example This examp...

Page 531: ...vent the root bridge is lost If this happens the backup root will dynamically lower its bridge priority so that it will be selected as the new root over the lost root bridge set spantree backuproot si...

Page 532: ...Spanning Tree backup root function to the default state of disabled clear spantree backuproot sid Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example T...

Page 533: ...dable Use this command to display the state of the Spanning Tree backup root trap function show spantree backuproottrapenable Syntax Description None Command Defaults None Command Type Switch command...

Page 534: ...hen SNMP trap messageing is configured this sends a trap message when the back up root function makes a Spanning Tree the new root of the network set spantree backuproottrapenable enable disable Synta...

Page 535: ...ackuproottrapenable Use this command to resets the Spanning Tree backup root trap function to the default state of disabled clear spantree backuproottrapenable Syntax Description None Command Defaults...

Page 536: ...trapendable Use this command to display the state of the Spanning Tree new root trap function show spantree newroottrapenable Syntax Description None Command Defaults None Command Type Switch command...

Page 537: ...rap function When SNMP trap messaging is configured this sends a trap message when a Spanning Tree becomes the new root of the network set spantree newroottrapenable enable disable Syntax Description...

Page 538: ...ewroottrapenable Use this command to reset the Spanning Tree new root trap function back to the default state of enabled clear spantree newroottrapenable Syntax Description None Command Defaults None...

Page 539: ...a Spanning Tree clear spantree default sid Syntax Description Command Defaults If sid is not specified defaults will be restored on Spanning Tree 0 Command Type Switch command Command Mode Read Write...

Page 540: ...o port information will be displayed If sid is not specified debug counters will be displayed for Spanning Tree 0 Command Type Switch command Command Mode Read Only port port string Optional Displays...

Page 541: ...0 STP TC BPDU Rx Count 0 STP TC BPDU Tx Count 0 RST BPDU Rx Count 81812 RST BPDU Tx Count 790319 RST TC BPDU Rx Count 2131 RST TC BPDU Tx Count 26623 MST BPDU Rx Count 0 MST BPDU Tx Count 0 MST CIST T...

Page 542: ...s Configuration Guide 6 2 1 76 clear spantree debug Use this command to clear Spanning Tree debug counters clear spantree debug Syntax Description None Command Defaults None Command Type Switch comman...

Page 543: ...meters are listed below and described in the associated section as shown show spantree portenable Section 6 2 2 1 set spantree portenable Section 6 2 2 2 clear spantree portenable Section 6 2 2 3 show...

Page 544: ...n Guide show spantree adminedge Section 6 2 2 19 set spantree adminedge Section 6 2 2 20 clear spantree adminedge Section 6 2 2 21 show spantree operedge Section 6 2 2 22 show spantree adminpoint Sect...

Page 545: ...able port port string Syntax Description Command Defaults If port string is not specified status will be displayed for all ports Command Type Switch command Command Mode Read Only Example This example...

Page 546: ...set spantree portenable port string enable disable Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to enable Spanning Tree p...

Page 547: ...more Spanning Tree ports to enabled clear spantree portenable port string Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to...

Page 548: ...ortadmin port port string Syntax Description Command Defaults If port string is not specified status will be displayed for all ports Command Type Switch command Command Mode Read Only Example This exa...

Page 549: ...set spantree portadmin port string disable enable Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to disable Spanning Tree o...

Page 550: ...o enable on one or more ports clear spantree portadmin port string Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to reset...

Page 551: ...forces a port to transmit MSTP BPDUs set spantree protomigration port string true Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example show...

Page 552: ...l Spanning Tree ports If sid is not specified current port state will be displayed for Spanning Tree 0 Command Type Switch command Command Mode Read Only Example This example shows how to display the...

Page 553: ...e topology of the bridged LAN It receives Spanning Tree configuration messages but does not forward packets show spantree blockedports sid Syntax Description Command Defaults If sid is not specified b...

Page 554: ...pecified port priority will be displayed for all Spanning Tree ports If sid is not specified port priority will be displayed for Spanning Tree 0 Command Type Switch command Command Mode Read Only Exam...

Page 555: ...Command Mode Read Write Example This example shows how to set the priority of fe 1 3 to 240 on SID 1 port string Specifies the port s for which to set Spanning Tree port priority For a detailed descri...

Page 556: ...s If sid is not specified port priority will be set for Spanning Tree 0 Command Type Switch command Command Mode Read Write Example This example shows how to reset the priority of fe 1 3 to 128 on SID...

Page 557: ...Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to set the hello time to 3 seconds for port fe 1 4 NOTE This command can be...

Page 558: ...eset the hello time for one or more Spanning Tree ports to the default of 2 seconds clear spantree porthello port string Syntax Description Command Defaults None Command Type Switch command Command Mo...

Page 559: ...for all Spanning Tree ports If sid is not specified port cost will be displayed for all Spanning Trees Command Type Switch command Command Mode Read Only Example This example shows how to display the...

Page 560: ...be displayed If sid is not specified admin path cost for Spanning Tree 0 will be displayed Command Type Switch command Command Mode Read Only Example This example shows how to display the admin path c...

Page 561: ...3 2 on SID 1 NOTE By default this value is set to 0 which forces the port to recalculate Spanning Tree path cost based on the speed of the port and whether or not legacy path cost is enabled For deta...

Page 562: ...efaults If sid is not specified admin path cost will be reset for Spanning Tree 0 Command Type Switch command Command Mode Read Write Example This example shows how to reset the admin path cost to 0 f...

Page 563: ...ion Command Defaults If port string is not specified edge port administrative status will be displayed for all Spanning Tree ports Command Type Switch command Command Mode Read Only Example This examp...

Page 564: ...port set spantree adminedge port string true false Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to set fe 1 11 as an edge...

Page 565: ...g Tree port to non edge status clear spantree adminedge port string Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to reset...

Page 566: ...escription Command Defaults If port string is not specified edge port operating status will be displayed for all Spanning Tree ports Command Type Switch command Command Mode Read Only Example This exa...

Page 567: ...ing Syntax Description Command Defaults If port string is not specified status will be displayed for all Spanning Tree port s Command Type Switch command Command Mode Read Only Example This example sh...

Page 568: ...x Description Command Defaults If not specified status will be displayed for all ports Command Type Switch command Command Mode Read Only Example This example shows how to display the point to point s...

Page 569: ...Command Mode Read Write Example This example shows how to set the LAN attached to fe 1 3 as a point to point segment port string Specifies the port on which to set point to point protocol status For a...

Page 570: ...ment attached to a Spanning Tree port to auto mode clear spantree adminpoint port string Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This examp...

Page 571: ...ct parameters are listed below and described in the associated section as shown set spantree lp Section 6 2 3 1 show spantree lp Section 6 2 3 2 clear spantree lp Section 6 2 3 3 show spantree lplock...

Page 572: ...atures 6 120 Matrix DFE Platinum and Diamond Series Configuration Guide set spantree disputedbpduthreshold Section 6 2 3 18 show spantree disputedbpduthreshold Section 6 2 3 19 clear spantree disputed...

Page 573: ...dence over per port STP enable disable portAdmin Normally portAdmin disabled would cause a port to go immediately to forwarding If Loop Protect is enabled that port should go to listening and remain t...

Page 574: ...ports If no SID is specified SID 0 is assumed Command Type Switch command Command Mode Read Only Example This example shows how to display Loop Protect status on fe 2 3 port string Optional Specifies...

Page 575: ...and Defaults If no SID is specified SID 0 is assumed Command Type Switch command Command Mode Read Write Example This example shows how to return the Loop Protect state on fe 2 3 to disabled port stri...

Page 576: ...k command show spantree lplock port port string sid sid Syntax Description Command Defaults If no port string is specified status is displayed for all ports If no SID is specified SID 0 is assumed Com...

Page 577: ...mmand Mode Read Only Example This example shows how to clear Loop Protect lock from ge 1 1 port string Specifies port s for which to clear the Loop Protect lock For a detailed description of possible...

Page 578: ...s used If the value is false then there is some ambiguity as to whether an Active Partner timeout is due to a loop protection event or is a normal situation due to the fact that the partner port does...

Page 579: ...ring Spanning Tree Loop Protect Features Matrix DFE Platinum and Diamond Series Configuration Guide 6 127 Example This example shows how to set the Loop Protect capable partner to true for ge 1 1 Matr...

Page 580: ...ommand Defaults If no port string is specified Loop Protect capability for link partners is displayed for all ports Command Type Switch command Command Mode Read Only Example This example shows how to...

Page 581: ...ult state of false clear spantree lpcapablepartner port string Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to reset the...

Page 582: ...global integer variable that provides protection in the case of intermittent failures The default value is 3 If the event counter reaches the threshold within a given period the event window then the...

Page 583: ...lpthreshold Use this command to display the current value of the Loop Protect event threshold show spantree lpthreshold Syntax Description None Command Defaults None Command Type Switch command Comman...

Page 584: ...ar spantree lpthreshold Use this command to return the Loop Protect event threshold to its default value of 3 clear spantree lpthreshold Syntax Description None Command Defaults None Command Type Swit...

Page 585: ...op Protect Window is a timer value in seconds that defines a period during which Loop Protect events are counted The default value is 180 seconds If the timer is set to 0 the event counter is not rese...

Page 586: ...pantree lpwindow Use this command to display the current Loop Protect event window value show spantree lpwindow Syntax Description None Command Defaults None Command Type Switch command Command Mode R...

Page 587: ...spantree lpwindow Use this command to reset the Loop Protect event window to the default value of 180 seconds clear spantree lpwindow Syntax Description None Command Defaults None Command Type Switch...

Page 588: ...disable Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Usage Loop Protect traps are sent when a Loop Protect event occurs that is when a port goes to lis...

Page 589: ...apenable Use this command to display the current status of Loop Protect event notification show spantree lptrapenable Syntax Description None Command Defaults None Command Type Switch command Command...

Page 590: ...penable Use this command to return the Loop Protect event notification state to its default state of disabled clear spantree lptrapenable Syntax Description None Command Defaults None Command Type Swi...

Page 591: ...is forced to the listening state Refer to the 802 1Q 2005 standard IEEE Standard for Local and Metropolitan Area Networks Virtual Bridged Local Area Networks for a full description of the dispute mech...

Page 592: ...t Configuring Spanning Tree Loop Protect Features 6 140 Matrix DFE Platinum and Diamond Series Configuration Guide Example This example shows how to set the disputed BPDU threshold value to 5 Matrix r...

Page 593: ...bpduthreshold Use this command to display the current value of the disputed BPDU threshold show spantree disputedbpduthreshold Syntax Description None Command Defaults None Command Type Switch command...

Page 594: ...e this command to return the disputed BPDU threshold to its default value of 0 meaning that disputed BPDU traps should not be sent clear spantree disputedbpduthreshold Syntax Description None Command...

Page 595: ...nd Command Mode Read Only Usage Exceptional conditions causing a port to be placed in listening or blocking state include a Loop Protect event receipt of disputed BPDUs and loopback detection Example...

Page 596: ...Spanning Tree Configuration Command Set Configuring Spanning Tree Loop Protect Features 6 144 Matrix DFE Platinum and Diamond Series Configuration Guide...

Page 597: ...security 7 1 VLAN CONFIGURATION SUMMARY Virtual LANs allow the network administrator to partition network traffic into logical groups and control the flow of that traffic through the network Once the...

Page 598: ...entheses 1 Review existing VLANs Section 7 3 1 2 Create and name VLANs Section 7 3 2 3 Assign port VLAN IDs and ingress filtering Section 7 3 3 4 Configure VLAN Egress Section 7 3 4 5 Create a secure...

Page 599: ...o display a list of VLANs currently configured on the device to determine how one or more VLANs were created the ports allowed and disallowed to transmit traffic belonging to VLAN s and if those ports...

Page 600: ...ed to static and dynamic VLANs will be displayed Command Type Switch command Command Mode Read Only static Optional Displays information related to static VLANs Static VLANs are manually created using...

Page 601: ...1 NAME DEFAULT VLAN Status Enabled VLAN Type Permanent FID 1 Creation Time 4 days 9 hours 4 minutes 50 seconds ago Egress Ports host 0 1 fe 1 1 10 ge 2 1 4 fe 3 1 7 lag 0 1 32 Forbidden Egress Ports N...

Page 602: ...g and Naming Static VLANs Purpose To create a new static VLAN or to enable or disable existing VLAN s Commands The commands used to create and name static VLANs are listed below and described in the a...

Page 603: ...lts None Command Type Switch command Command Mode Read Write Examples This example shows how to create VLAN 3 This example shows how to disable VLAN 3 NOTES Each VLAN ID must be unique If a duplicate...

Page 604: ...ame for a new or existing VLAN set vlan name vlan list vlan name Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to set the...

Page 605: ...mand to remove a static VLAN from the list of VLANs recognized by the device clear vlan vlan list Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example T...

Page 606: ...Use this command to remove the name of a VLAN from the VLAN list clear vlan name vlan list Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This exa...

Page 607: ...d PVID override has been enabled for a policy profile and assigned to port s associated with the PVID as described in Section 8 3 1 2 For more information about configuring user policy profiles includ...

Page 608: ...7 12 Matrix DFE Platinum and Diamond Series Configuration Guide show vlan constraint Section 7 3 3 9 set vlan constraint Section 7 3 3 10 clear vlan constraint Section 7 3 3 11 show port discard Sect...

Page 609: ...string is not specified port VLAN information for all ports will be displayed Command Type Switch command Command Mode Read Only Example This example shows how to display PVIDs assigned to Fast Ethern...

Page 610: ...ort string pvid modify egress no modify egress Syntax Description Command Defaults If not specified the egress list will be modified Command Type Switch command Command Mode Read Write NOTE For inform...

Page 611: ...ows how to add fe 1 10 to the port VLAN list of VLAN 4 PVID 4 Since VLAN 4 is a new VLAN it is created Then port fe 1 10 is added to VLAN 4 s untagged egress list and is cleared from the egress list o...

Page 612: ...host VLAN ID 1 clear port vlan port string Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to reset the Fast Ethernet ports...

Page 613: ...ch command Command Mode Read Only Example This example shows how to display the interface entry for VLAN 1 Table 7 2 provides an explanation of the command output vlan list Displays the MIB2 interface...

Page 614: ...ies will be created as nonvolatile Command Type Switch command Command Mode Read Write Example This example shows how to create a volatile interface entry mapped to VLAN 1 vlan list Specifies the VLAN...

Page 615: ...e this command to clear the MIB II interface entry mapped to a VLAN clear vlan interface vlan list Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example...

Page 616: ...string Syntax Description Command Defaults If port string is not specified ingress filtering status for all ports will be displayed Command Type Switch command Command Mode Read Only Example This exa...

Page 617: ...a VLAN ID on the port s egress list then the frame is dropped Ingress filtering is implemented according to the IEEE 802 1Q standard set port ingress filter port string disable enable Syntax Descript...

Page 618: ...s If vlan list is not specified settings for all VLANs will be displayed Command Type Switch command Command Mode Read Only Example This example shows how to display the constraint settings for VLAN 1...

Page 619: ...nd Diamond Series Configuration Guide 7 23 VLAN SET Constraint set ID VLAN SET TYPE Whether or not this constraint is sharing the same filter database as other VLANs in this set or is using an indepen...

Page 620: ...VLAN constraint will be set to independent Command Type Switch command Command Mode Read Write Example This example shows how to apply a constraint 3 to VLAN 1 using an independent filtering database...

Page 621: ...to clear a constraint applied to a VLAN clear vlan constraint vlan list set num Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows...

Page 622: ...s received show port discard port string Syntax Description Command Defaults If port string is not specified frame discarded mode will be displayed for all ports Command Type Switch command Command Mo...

Page 623: ...Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to set Fast Ethernet port 7 in module2 to discard both tagged and untagged frames...

Page 624: ...ult setting none clear port discard port string Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to reset Fast Ethernet port...

Page 625: ...on or through dynamic mechanisms i e GVRP policy classification or Enterasys dynamic egress Setting a port to forbidden prevents it from participating in the specified VLAN and ensures that any dynami...

Page 626: ...ple This example shows you how to show VLAN egress information for Fast Ethernet ports 1 through 3 in module 1 In this case all three ports are allowed to transmit VLAN 1 frames as tagged and VLAN 10...

Page 627: ...example shows how to add Fast Ethernet ports 5 through 10 in module 1 to the egress list of VLAN 7 This means that these ports will transmit VLAN 7 frames as tagged vlan list Specifies the VLAN where...

Page 628: ...his example shows how to forbid Fast Ethernet ports 13 through 15 in module 1 from joining VLAN 7 and disallow egress on those ports This example shows how to allow Fast Ethernet port 2 in module 1 to...

Page 629: ...ort 14 in module 3 from the egress list of VLAN 9 This example shows how to remove all Fast Ethernet ports in module 2 from the egress list of VLAN 4 vlan list Specifies the number of the VLAN from wh...

Page 630: ...ss vlan list Syntax Description Command Defaults If vlan list is not specified status for all VLANs where dynamic egress is enabled will be displayed Command Type Switch command Command Mode Read Only...

Page 631: ...d the port receiving a tagged frame to the VLAN egress list of the port according to the frame VLAN ID set vlan dynamicegress vlan list enable disable Syntax Description Command Defaults None Command...

Page 632: ...Table 7 4 and described in the associated sections as shown This example assumes the management station is attached to fe 1 1 and wants untagged frames The process described in this section would be...

Page 633: ...rmation is transmitted out GVRP configured ports on the device in a GARP formatted frame using the GVRP multicast MAC address A switch router that receives this frame examines the frame and extracts t...

Page 634: ...as a member of VLAN Blue Port declaring VLAN Blue D R 3680_77 1 1 2 3 D R D Switch 1 1 R R 3 Switch 2 1 2 D R D 2 1 4 6 8 10 12 14 16 3 5 7 9 11 13 15 18 17 20 22 24 26 28 30 32 19 21 23 25 27 29 31 3...

Page 635: ...ation Guide 7 39 Commands The commands used to configure GVRP are listed below and described in the associated section as shown show gvrp Section 7 3 6 1 show garp timer Section 7 3 6 2 set gvrp Secti...

Page 636: ...e This example shows how to display GVRP status for the device and for Fast Ethernet port 1 in module 2 Table 7 5 provides an explanation of the command output port string Optional Displays GVRP confi...

Page 637: ...x DFE Platinum and Diamond Series Configuration Guide 7 41 GVRP status Whether GVRP is enabled or disabled on the port Last PDU Origin MAC address of the last GVRP frame received on the port Table 7 5...

Page 638: ...rmation will be displayed for all ports Command Type Switch command Command Mode Read Only Example This example shows how to display GARP timer information on Fast Ethernet ports 1 through 10 in modul...

Page 639: ...Matrix rw show garp timer fe 1 1 10 Port based GARP Configuration Timer units are centiseconds Port Number Join Leave Leaveall fe 1 1 20 60 1000 fe 1 2 20 60 1000 fe 1 3 20 60 1000 fe 1 4 20 60 1000 f...

Page 640: ...ed for all ports Command Type Switch command Command Mode Read Write Examples This example shows how to enable GVRP globally on the device This example shows how to disable GVRP globally on the device...

Page 641: ...port string Syntax Description Command Defaults If port string is not specified GVRP status will be cleared for all ports Command Type Switch command Command Mode Read Write Examples This example show...

Page 642: ...set the leave timer value to 300 centiseconds for all ports NOTE The setting of these timers is critical and should only be changed by personnel familiar with the 802 1Q standards documentation which...

Page 643: ...d Set Enabling Disabling GVRP Matrix DFE Platinum and Diamond Series Configuration Guide 7 47 This example shows how to set the leaveall timer value to 20000 centiseconds for all ports Matrix rw set g...

Page 644: ...red Command Type Switch command Command Mode Read Write Example This example shows how to reset the GARP leave timer to 60 centiseconds on Fast Ethernet port 5 in module 2 join Optional Resets the joi...

Page 645: ...d frame filtering policies configured for a particular VLAN or Class of Service CoS Assign or unassign ports to policy profiles so that only ports activated for a profile will be allowed to transmit f...

Page 646: ...3 POLICY CLASSIFICATION CONFIGURATION COMMAND SET 8 3 1 Configuring Policy Profiles Purpose To review create change and remove policy profiles for managing network resources Commands The commands used...

Page 647: ...ix DFE Platinum and Diamond Series Configuration Guide 8 3 show policy syslog Section 8 3 1 12 set policy syslog Section 8 3 1 13 clear policy syslog Section 8 3 1 14 set policy maptable Section 8 3 1...

Page 648: ...de Read Only Example This example shows how to display policy information for policy profile 11 all profile index Displays policy information for all profile indexes or a specific profile index consec...

Page 649: ...is enabled CoS Status Whether or not Class of Service override is enabled or disabled for this profile If all the classification rules associated with this profile are missed then this parameter if s...

Page 650: ...ssed then this parameter if specified determines default behavior pvid pvid Optional Specifies the PVID to assign to packets if PVID override is enabled and invoked as the default behavior cos status...

Page 651: ...d Optional Appends this policy profile setting to settings previously specified for this policy profile by the egress vlans forbidden vlans or untagged vlans parameters If append is not used previous...

Page 652: ...his command to delete a policy profile entry clear policy profile profile index Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows...

Page 653: ...Command Defaults None Command Type Switch command Command Mode Read Only Example This example shows how to display invalid policy action and count information action count all Shows the action the de...

Page 654: ...valid action default policy drop forward Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to assign a drop action to invalid...

Page 655: ...Use this command to reset the action the device will apply to an invalid or unknown policy to the default action of applying the default policy clear policy invalid action Syntax Description None Com...

Page 656: ...ules to overwrite all tagged TCI frames ingressing on those ports show port tcioverwrite port string Syntax Description Command Defaults If port string is not specified TCI overwrite status will be di...

Page 657: ...n the VLAN tag s TCI field It will also overwrite ingressing frames tagged to a port VLAN and policy assignment if a policy has not already been assigned set port tcioverwrite port string enable disab...

Page 658: ...w policy accounting Use this command to display the status of policy accounting show policy accounting Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Only...

Page 659: ...licy accounting which controls the collection of classification rule statistics This function is enabled by default set policy accounting enable disable Syntax Description Command Defaults None Comman...

Page 660: ...Guide 8 3 1 11 clear policy accounting Use this command to restore policy accounting to its default state of enabled clear policy accounting Syntax Description None Command Defaults None Command Type...

Page 661: ...chine readable or human readable show policy syslog machine readable Syntax Description Command Defaults None Command Type Switch command Command Mode Read Only Example This example shows how to displ...

Page 662: ...Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to set the device formatting of rule usage messages as machine readable machine readable Set t...

Page 663: ...uman readable clear policy syslog machine readable Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to clear the machine read...

Page 664: ...and Mode Read Write Example This example shows how to set the Policy Profile mappings table for VLAN 3 and for Policy ID 8 This example shows how to use both tunnel and policy attributes in the RADIUS...

Page 665: ...show policy maptable vlan list Syntax Description Command Defaults None Command Type Switch command Command Mode Read Example This example shows the Policy Profile mappings table for all configured V...

Page 666: ...command to clear the VLAN ID Policy Profile mappings table clear policy maptable vlan list response Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example...

Page 667: ...y profiles and ports are listed below and described in the associated section as shown show policy rule Section 8 3 2 1 show policy capability Section 8 3 2 2 set policy classify set policy rule Secti...

Page 668: ...pid admin pid syslog enable disable verbose trap enable disable disable port enable disable usage list display if used Syntax Description attribute Displays the attributes of the specified rules all...

Page 669: ...ort rules udpdestport Displays UDP destination port rules udpsourceportip Displays UDP source port rules vlantag Displays VLAN tag rules data Not required for ipfrag classification Displays rules for...

Page 670: ...d or forwarded dynamic pid dynamic pid Displays rules associated with a specific dynamic policy profile index ID cos cos Optional Displays rules for a Class of Service value admin pid admin pid Displa...

Page 671: ...5 2 Ether 33011 0x80F3 16 All A NV Y Y 105 2 Ether 33079 0x8137 16 All A NV Y Y 101 Matrix rw show policy rule admin pid 1 Admin Rule Type Rule Data Mk PortStr RS ST S T D dPID aPID U admin Port fe 1...

Page 672: ...t Syslog is enabled Y or disabled for this rule T Whether or not SNMP traps are enabled Y or disabled for this rule D Whether or not the port disable feature is enabled Y or disabled for this rule Vla...

Page 673: ...iable traffic attributes The next two columns from the left indicate how policy profiles may be assigned either administratively or dynamically The next four columns from the left indicate the actions...

Page 674: ...urce address X X X X X X X X X IPX destination address X X X X X X X X X IPX source socket X X X X X X X X X IPX destination socket X X X X X X X X X IPX transmission control X X X X X X X X X IPX typ...

Page 675: ...led when created profile index Specifies that this is an administrative rule or associates this classification rule with a policy profile index configured with the set policy profile command Section 8...

Page 676: ...ination IPX address udpportsource UDP port source 0 65535 udpportdest UDP port destination 0 65535 tcpportsource TCP port source 0 65535 tcpportdest TCP port destination 0 65535 ipxsourcesocket Classi...

Page 677: ...able port enable disable Syntax Description NOTE Classification rules are automatically enabled when created admin profile profile index Specifies that this is an administrative rule or associates thi...

Page 678: ...Information port Classifies based on port string tcpdestportip Classifies based on TCP destination port with optional post fix IP address tcpsourceportip Classifies based on TCP source port optional...

Page 679: ...e type non volatile volatile Adds or removes this entry from non volatile storage vlan vlan Classifies to a VLAN ID drop forward Specifies that packets within this classification will be dropped or fo...

Page 680: ...cation rule 2 as an administrative profile and assign it to ingress port fe 1 1 This example shows how to classify all Ethernet II Type 1526 frames to administrative policy profile 2 Table 8 3 provide...

Page 681: ...packet 0 255 1 8 ipxclass Transmission control Class of Service field in IPX 0 255 1 8 Destination or Source IPX Network ipxdest ipxsource IPX Address 0 0xffffffff 1 32 Destination or Source IPX Socke...

Page 682: ...portip TCP Port Number with optional post fix IP address ab c d e f 0 65535 1 1 1 1 or 0 0xFFFF 1 1 1 1 1 48 Destination or Source UDP port udpsourceportip udpdestportip UDP Port Number with optional...

Page 683: ...all pid entries Deletes all rules associated with the specified policy profile index ID ether Deletes associated Ethernet II classification rule icmptype Deletes associated ICMP classification rule i...

Page 684: ...port classification rule with optional post fix IP address tcpsourceportip Deletes associated TCP source port classification rule with optional post fix IP address udpdestportip Deletes associated UDP...

Page 685: ...fication Rules to Policy Profiles Matrix DFE Platinum and Diamond Series Configuration Guide 8 41 Example This example shows how to delete all classification rule entries associated with policy profil...

Page 686: ...guration Guide 8 3 2 6 clear policy all rules Use this command to remove all admin and classification rules clear policy all rules Syntax Description None Command Defaults None Command Type Switch com...

Page 687: ...Write Example This example shows how to assign an administrative rule with an index of 20 to port fe 1 3 NOTE The set policy rule command Section 8 3 2 4 used with the admin profile parameter will ass...

Page 688: ...play a list of currently supported traffic rules applied to the admininstrative profile for one or more ports show policy allowed type port string verbose Syntax Description Command Defaults If verbos...

Page 689: ...TED AND ALLOWED TRAFFIC RULE TYPES o Means Traffic Rule Type is supported on this bridge port Means Traffic Rule Type is supported and allowed on this bridge port TRAFFIC RULE TYPES MAC IPX IPv6 IP UD...

Page 690: ...ify Use this command to display a count of the number of times the device has dropped Syslog and or trap notifications of rule usage on ports show policy dropped notify Syntax Description None Command...

Page 691: ...nly rule type 1 source MAC address classification to be applied to the admin profile for port ge 1 5 This example shows how to clear only rule type 27 VLAN classification from the allowed rule type li...

Page 692: ...s currently assigned to the admin profile for one or more ports This will reassign the default setting which is all rules are allowed clear policy allowed type port string Syntax Description Command D...

Page 693: ...d rule This command is only in effect if the port disable function has been enabled using the set policy rule command as described in Section 8 3 2 4 show policy disabled ports Syntax Description None...

Page 694: ...on has been enabled using the set policy rule command as described in Section 8 3 2 4 To become active again disabled ports must also be removed from the policy usage list as described in Section 8 3...

Page 695: ...s those associated with an administrative profile rule or those associated with a specific profile rule Valid profile index values are 1 1023 ether Clears Ethernet II rule usage statistics icmptype Cl...

Page 696: ...usage statistics tci Clears Tag Control Information rule usage statistics tcpdestport Clears TCP destination port rule usage statistics tcpsourceport Clears TCP source port rule usage statistics udpd...

Page 697: ...se the auto clear function has not been configured all Displays all auto clear status information link Displays rule usage when a link s operating status of up is detected interval Displays the interv...

Page 698: ...how to clear the rule usage list when a rule assigning a profile is activated on all Fast Ethernet ports link Enables or disables autoclear when link operstatus up is detected interval interval Specif...

Page 699: ...all link interval profile ports Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to clear all policy auto clear settings all...

Page 700: ...to clear rule port hit indications on one or more ports clear policy port hit all port list port list Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Exam...

Page 701: ...ransmit queues as described in this section Configuring transmit queueing and rate limiting on a per port basis as described in Chapter 9 By defult policy based CoS is disabled on the device and defau...

Page 702: ...ction 8 3 3 2 show cos port type Section 8 3 3 3 CoS CLI Displays on Matrix DFE Gold or NSA Systems Some of the CLI output in this section shows examples of CoS configurations on a Matrix DFE Platinum...

Page 703: ...ion 8 3 3 10 set cos port resource irl Section 8 3 3 11 clear cos port resource irl Section 8 3 3 12 set cos port resource txq Section 8 3 3 13 clear cos port resource txq Section 8 3 3 14 show cos re...

Page 704: ...on Guide 8 3 3 1 show cos state Use this command to display the Class of Service enable state show cos state Syntax Description None Command Defaults None Command Type Switch command Command Mode Read...

Page 705: ...8 61 8 3 3 2 set cos state Use this command to enable or disable Class of Service set cos state enable disable Syntax Description Command Defaults None Command Type Switch command Command Mode Read W...

Page 706: ...which is available only on Matrix DFE Platinum Series chassis based modules designates the DFE Platinum 7G4270 12 module Port type 1 designates all other modules including Gold DFE and NSA modules Ot...

Page 707: ...Kbps kilobits per second Mbps megabits per second Gbps gigabits per second Tbps terabits per second Number of slices Port type Number of Supported Eligible Unselected Index description queues rate typ...

Page 708: ...E Platinum chassis based systems only DFE P or DFE G 8 IRL for port type 1 IRL Number of slices Number of queues The total number of slices of transmit resources that can be divided among port queues...

Page 709: ...CoS units of measure will be displayed Command Type Switch command Command Mode Read Only Example This example shows how to show all Class of Service IRL unit of measure information irl txq Optional...

Page 710: ...ed all rate limiting information for all port types will be displayed Command Type Switch command Command Mode Read Only irl txq Optional Displays inbound rate limiting or transmit queue information g...

Page 711: ...s queue Q 0 0 Q 1 0 Q 2 0 Q 3 0 Q 4 0 Q 5 0 Q 6 0 Q 7 0 Q 8 0 Q 9 0 Q 10 0 Q 11 0 Q 12 0 Q 13 0 Q 14 0 Q 15 64 Percentage queue Q 0 0 Q 1 0 Q 2 0 Q 3 0 Q 4 0 Q 5 0 Q 6 0 Q 7 0 Q 8 0 Q 9 0 Q 10 0 Q 11...

Page 712: ...nd Type Switch command Command Mode Read Write Example This example shows how to create a CoS inbound rate limiting port group entry named test irl with a port group ID of 1 and a port type ID of 1 gr...

Page 713: ...roup type index entry name ports Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to delete the CoS inbound rate limiting por...

Page 714: ...allocations will be applied Command Type Switch command group type index Specifies a transmit queue port group type index for this entry Valid entries are in the form of group type Group can be 0 7 w...

Page 715: ...S Matrix DFE Platinum and Diamond Series Configuration Guide 8 71 Command Mode Read Write Example This example shows how to create a CoS transmit queue port group entry named test txq with a port grou...

Page 716: ...b percentage Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to clear all non default CoS transmit queue port group entries...

Page 717: ...ce violators Syntax Description Command Defaults If no options are specified all rate limiting information for all port types will be displayed Command Type Switch command Command Mode Read Only irl t...

Page 718: ...figuration information for port group 0 1 Matrix rw show cos port resource irl 0 1 after the rate value indicates an invalid rate value Group Index Resource Type Unit Rate Rate Limit Type Action 0 1 0...

Page 719: ...of group type Group can be 0 7 with 0 designating the default group and 1 7 reserved for user defined groups Default port type values cannot be changed and are 0 for the Matrix DFE Platinum 7G4270 12...

Page 720: ...itch command Command Mode Read Write Example This example shows how to configure Class of Service port resource IRL entry 0 for port group 0 1 assigning an inbound rate limit of 512 kilobits per secon...

Page 721: ...ociated rate limiter Command Type Switch command Command Mode Read Write Example This example shows how to clear all inbound rate limiting settings associated with port group 0 1 resource entry 0 all...

Page 722: ...up type index Specifies a transmit queue port group type index for this entry Valid entries are in the form of group type Group can be 0 7 with 0 designating the default group and 1 7 reserved for use...

Page 723: ...Platinum and Diamond Series Configuration Guide 8 79 Example This example shows how to configure a Class of Service port resource entry for port group 0 1 assigning 50 percent of the total available...

Page 724: ...ts If no options are specified all associated non default settings will be cleared Command Type Switch command Command Mode Read Write Example This example shows how to clear all port resource setting...

Page 725: ...ference txq irl group type index reference Syntax Description Command Defaults If no options are specified all reference information for all port types will be displayed Command Type Switch command Co...

Page 726: ...xample shows how to show all transmit queue reference configuration information for port group 0 1 Matrix rw show cos reference txq 0 1 Group Index Reference Type Queue 0 1 0 txq 0 0 1 1 txq 0 0 1 2 t...

Page 727: ...gure inbound rate limiting reference entry 0 for port group 0 1 referencing resources defined by IRL resource entry 0 group type index Specifies an inbound rate limiting port group type index for this...

Page 728: ...configurations clear cos reference irl all group type index reference Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to cle...

Page 729: ...configure inbound rate limiting reference entry 0 for port group 0 1 referencing resources defined by TXQ resource entry 0 group type index Specifies a transmit queue port group type index for this en...

Page 730: ...eference configurations clear cos reference txq all group type index reference Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows h...

Page 731: ...show cos settings cos list Syntax Description Command Defaults If not specified all CoS entries will be displayed Command Type Switch command Command Mode Read Only Example This example shows how to s...

Page 732: ...e This example shows how to create CoS entry 2 with a priority value of 3 and bind it to transmit queue reference ID 5 cos list Specifies a Class of Service entry Valid values are 0 255 priority prior...

Page 733: ...nd Command Mode Read Write Example This example shows how to clear the priority and transmit queue reference values for CoS entry 2 cos list Specifies a Class of Service entry to clear all Clears all...

Page 734: ...ns are specified all inbound rate limiting violation information will be displayed Command Type Switch command Command Mode Read Only Example This example shows how to show any CoS inbound rate limiti...

Page 735: ...tions are specified all information for all types of CoS violations will be displayed Command Type Switch command Command Mode Read Write Example This example shows how to clear both status and counte...

Page 736: ...5 clear cos all entries Use this command to clears all Class of Service entries except priority settings 0 7 clear cos all entries Syntax Description None Command Defaults None Command Type Switch com...

Page 737: ...edge device as part of the authentication process This ID is then used by the device to place the port and its user into a predefined policy profile consisting of a set of rules and limitations to be...

Page 738: ...slog default trap default Syntax Description Command Defaults None Command Type Switch command Command Mode Read Only Example This example shows how to display the status of Syslog message sending whe...

Page 739: ...nable disable trap default enable disable Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to disable the sending of Syslog m...

Page 740: ...Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to reset the sending of Syslog messages when a dynamic rule is applied to enabled override Resets the s...

Page 741: ...nsmit queues 0 15 of traffic for each port A priority 0 through 7 can be set on each port with 0 being the lowest priority A port receiving a frame without priority information in its tag header is as...

Page 742: ...characteristics as follows Display or change the port default Class of Service CoS transmit priority 0 through 7 of each port for frames that are received ingress without priority information in thei...

Page 743: ...Defaults If port string is not specified priority for all ports will be displayed Command Type Switch command Command Mode Read Only Example This example shows how to display the port priority for the...

Page 744: ...mmand Type Switch command Command Mode Read Write Example This example shows how to set a default priority of 6 on fe 1 3 Frames received by this port without priority information in their frame heade...

Page 745: ...all frames received without a priority value in its header to be set to priority 0 clear port priority port string Syntax Description Command Defaults None Command Type Switch command Command Mode Re...

Page 746: ...ransmit frames according to the port priority transmit queues set using the set port priority command described back in Section 9 3 1 2 or according to a priority based on a percentage of port transmi...

Page 747: ...riority queue priority Syntax Description Command Defaults If priority is not specified all priority queue information will be displayed Command Type Switch command Command Mode Read Only Examples Thi...

Page 748: ...nsmit Queue Mapping 9 8 Matrix DFE Platinum and Diamond Series Configuration Guide This example shows how to display the transmit queues associated with priority 3 Matrix rw show port priority queue 3...

Page 749: ...2 through 0 set port priority queue port string priority queue Syntax Description Command Defaults None Command Mode Read Write Example This example shows how to set priority 5 frames received on fe...

Page 750: ...settings back to defaults for one or more ports clear port priority queue port string Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example...

Page 751: ...ion Guide 9 11 9 3 3 Configuring Quality of Service QoS Purpose To configure Layer 2 QoS transmit queues on one or more ports Command Descriptions The commands to configure the Quality of Service are...

Page 752: ...isplay the current algorithm and transmit queue weights configured on fe 2 1 through 5 port string Optional Specifies port s for which to display QoS settings For a detailed description of possible po...

Page 753: ...13 value14 value15 Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to change the arbitration values for the four transmit qu...

Page 754: ...clear port transmit queue values clear port txq port string Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to clear transmi...

Page 755: ...he interface type Rate limit is configured for a given port and list of priorities The list of priorities can include one some or all of the eight 802 1p priority levels Once configured the rate of al...

Page 756: ...port string Optional Displays rate limiting information for specific port s For a detailed description of possible port string values refer to Section 4 1 1 Matrix rw show port ratelimit fe 2 1 Global...

Page 757: ...t Displays Port Number Port designation For a detailed description of possible port string values refer to Section 4 1 1 Index Resource index for this port Threshold kB s Port rate limiting threshold...

Page 758: ...ring globally disables or enables the port rate limiting function When entered with a port string disables or enables rate limiting on specific port s when the global function is enabled port string S...

Page 759: ...onfiguration Guide 9 19 Command Type Switch command Command Mode Read Write Example This example shows how to globally enable rate limiting configure rate limiting for inbound traffic on port fe 2 1 i...

Page 760: ...t string index Syntax Description Command Defaults If not specified all index entries will be reset Command Type Switch command Command Mode Read Write Example This example shows how to clear all rate...

Page 761: ...ch device can determine which if any multicast traffic needs to be forwarded to each of its ports At Layer 3 multicast switch devices use this information along with a multicast routing protocol to su...

Page 762: ...ely broadcasts its service to the network and any hosts that want to receive the multicast register with their local multicast switch router Although this approach reduces the network overhead require...

Page 763: ...ET 10 4 1 Enabling Disabling IGMP Purpose To display IGMP information and to enable or disable IGMP snooping on the device Commands The commands used to display enable and disable IGMP are listed belo...

Page 764: ...y the status of IGMP on one or more VLAN s show igmp enable vlan list Syntax Description Command Defaults None Command Type Switch command Command Mode Read Only Example This example shows how to disp...

Page 765: ...et igmp enable Use this command to enable IGMP on one or more VLANs set igmp enable vlan list Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This...

Page 766: ...igmp disable Use this command to disable IGMP on one or more VLANs set igmp enable vlan list Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This...

Page 767: ...sable Section 10 4 2 3 show igmp grp full action Section 10 4 2 4 set igmp grp full action Section 10 4 2 5 show igmp config Section 10 4 2 6 set igmp config Section 10 4 2 7 set igmp delete Section 1...

Page 768: ...he IGMP query status of one or more VLANs show igmp query vlan list Syntax Description Command Defaults None Command Type Switch command Command Mode Read Only Example This example shows how to displa...

Page 769: ...his command to enable IGMP querying on one or more VLANs set igmp query enable vlan list Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This examp...

Page 770: ...s command to disable IGMP querying on one or more VLANs set igmp query disable vlan list Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This examp...

Page 771: ...what action to take with multicast frames when the multicast IGMP group table is full show igmp grp full action Command Defaults None Command Type Switch command Command Mode Read Only Example This ex...

Page 772: ...t igmp grp full action action Syntax Description Command Defaults Flood multicast frames to the Vlan Command Type Switch command Command Mode Read Write Example This example shows how to flood multica...

Page 773: ...his example shows how to display IGMP configuration information for VLAN 1 Table 10 1 shows a detailed explanation of command output For details on using the set igmp config command to set these param...

Page 774: ...vice Vlan IGMP Version Whether or not IGMP version is 1 or 2 VlanQuerier IP address of the IGMP querier VlanQueryMaxResponse Time Maximum query response time in tenths of a second VlanRobustness Robus...

Page 775: ...id values are from 1 to 65535 seconds This value works together with max resp time to remove ports from an IGMP group igmp version igmp version Optional Specifies the IGMP version Valid values are 1 I...

Page 776: ...Set Configuring IGMP 10 16 Matrix DFE Platinum and Diamond Series Configuration Guide Example This example shows how to set the IGMP query interval time to 250 seconds on VLAN 1 Matrix rw set igmp co...

Page 777: ...ve IGMP configuration settings for one or more VLANs set igmp delete vlan list Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows h...

Page 778: ...his example shows how to display IGMP group information for VLAN 105 In this example the device knows to forward all multicast traffic for IP group address 224 0 0 2 VLAN 105 to Fast Ethernet port 2 i...

Page 779: ...static IGMP information will be displayed for all groups Command Type Switch command Command Mode Read Only Example This example shows how to display static IGMP information for VLAN 105 The display...

Page 780: ...ption Command Defaults If not specified the static entry will be created and not modified Command Type Switch command Command Mode Read Write Example This example shows how to add port fe 1 3 to the I...

Page 781: ...ion Command Defaults If not specified the static entry will be removed and not modified Command Type Switch command Command Mode Read Write Example This example shows how to remove port fe 1 3 from th...

Page 782: ...ls Command Defaults None Command Type Switch command Command Mode Read Only Example This example shows how to display the binding of IP protocol id to IGMP classification Matrix rw show igmp protocols...

Page 783: ...ntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to change IGMP routing protocols to a protocol id of 3 classification classifi...

Page 784: ...r the binding of IP protocol id to IGMP classification clear igmp protocols protocol id protocol id Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example...

Page 785: ...None Command Type Switch command Command Mode Read Only Example This example shows how to display igmp information for vlan 12 vlan vlan list Show IGMP info for the given VLAN Matrix rw show igmp vla...

Page 786: ...the all IGMP reporter information portlist portlist portlist Port or range of ports group group group group IP address none means show all groups vlan list vlan list vlan list VLAN ID or range of IDs...

Page 787: ...one Command Type Switch command Command Mode Read Only Example This example shows how to display all the IGMP flow information portlist portlist portlist Port or range of ports group group group group...

Page 788: ...and Mode Read Only Example This example shows how to display the IGMP counters Matrix rw show igmp counters Igmp Counters Igmp Group Table is Full false Igmp Version 1 Queries transmitted 0 Igmp Versi...

Page 789: ...After executing this command the chassis must be reset in order for the new number of groups supported to take effect set igmp number groups number Syntax Description Command Defaults None Command Typ...

Page 790: ...displays both the currently active number of groups and the configured number that will take effect at the next reboot show igmp number groups Syntax Description None Command Defaults None Command Typ...

Page 791: ...11 2 1 Monitoring Network Events and Status Section 11 2 2 Configuring SMON Section 11 2 3 Configuring RMON Section 11 2 4 Managing Network Addresses and Routes Section 11 2 5 Configuring SNTP Sectio...

Page 792: ...and described in the associated section as shown show logging all Section 11 2 1 1 show logging server Section 11 2 1 2 set logging server Section 11 2 1 3 clear logging server Section 11 2 1 4 show l...

Page 793: ...x DFE Platinum and Diamond Series Configuration Guide 11 3 11 2 1 1 show logging all Use this command to display all configuration information for system logging show logging all Syntax Description No...

Page 794: ...89 CLI 6 1 8 90 SNMP 6 1 8 91 Webview 6 1 8 93 System 6 1 8 95 RtrFe 6 1 8 96 Trace 6 1 8 105 RtrLSNat 6 1 8 111 FlowLimt 6 1 8 112 UPN 6 1 8 117 AAA 6 1 8 118 Router 6 1 8 140 AddrNtfy 6 1 8 141 OSPF...

Page 795: ...11 2 1 9 Defaults Default facility name severity level and UDP port designation as described below For details on setting this value using the set logging defaults command refer to Section 11 2 1 6 IP...

Page 796: ...og server information will be displayed Command Type Switch command Command Mode Read Only Example This example shows how to display Syslog server configuration information For an explanation of the c...

Page 797: ...acility facility Optional Specifies the server s facility name Valid values are local0 to local7 severity severity Optional Specifies the severity level at which the server will log messages Valid val...

Page 798: ...been assigned If not specified facility severity and port will be set to defaults configured with the set logging default command Section 11 2 1 6 If state is not specified the server will not be enab...

Page 799: ...move a server from the Syslog server table clear logging server index Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This command shows how to rem...

Page 800: ...display the Syslog server default values show logging default Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Only Example This command shows how to displa...

Page 801: ...default facility name to local2 and the severity level to 4 error logging facility facility Specifies the default facility name Valid values are local0 to local7 severity severity Specifies the defau...

Page 802: ...r must be entered All three optional keywords must be entered to reset all logging values to defaults Command Type Switch command Command Mode Read Write Example This example shows how to reset the Sy...

Page 803: ...If not specified information for all applications will be displayed Command Type Switch command Command Mode Read Only mnemonic all Optional Displays severity level for one or all applications config...

Page 804: ...application Application Current Severity Level Server List 88 RtrAcl 6 1 8 89 CLI 6 1 8 90 SNMP 6 1 8 91 Webview 6 1 8 93 System 6 1 8 95 RtrFe 6 1 8 96 Trace 6 1 8 105 RtrLSNat 6 1 8 111 FlowLimt 6 1...

Page 805: ...abbreviation of the textual description for applications being logged Current Severity Level Severity level at which the server is logging messages for the listed application This range from 1 to 8 a...

Page 806: ...plication command as described in Section 11 2 1 8 Sample values and their corresponding applications are listed in Table 11 3 all Sets the logging severity level for all applications level level Opti...

Page 807: ...ion Accounting AddrNtfy Address Add and Move Notification CLI Command Line Interface FlowLimit Flow Limiting LACP Link Aggregation Control Protocol OSPF Open Shortest Path First Routing Protocol Route...

Page 808: ...um and Diamond Series Configuration Guide Command Mode Read Write Example This example shows how to set the severity level for SSH Secure Shell to 4 so that error conditions will be logged for that ap...

Page 809: ...f 6 notifications of significant conditions clear logging application mnemonic all Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example sho...

Page 810: ...logging to the console and a persistent file show logging local Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Only Example This example shows how to displ...

Page 811: ...logging local console enable disable file enable disable Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This command shows how to enable logging...

Page 812: ...Guide 11 2 1 13 clear logging local Use this command to clear the console and persistent store logging for the local session clear logging local Syntax Description None Command Defaults None Command...

Page 813: ...this command will be temporary if the current CLI session is using Telnet or SSH but persistent on the console set logging here enable disable Syntax Description Command Defaults None Command Type Sw...

Page 814: ...11 2 1 15 clear logging here Use this command to clear the logging state for the current CLI session clear logging here Syntax Description None Command Defaults None Command Type Switch command Comma...

Page 815: ...gged show logging buffer Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Only Example This example shows a portion of the information displayed with the sho...

Page 816: ...tory to set the size of the history buffer and to display and disconnect current user sessions Commands Commands to monitor switch network events and status are listed below and described in the assoc...

Page 817: ...tory buffer includes all the switch commands entered up to a maximum of 50 as specified in the set history command Section 11 2 2 3 history Syntax Description None Command Defaults None Command Type S...

Page 818: ...ration Guide 11 2 2 2 show history Use this command to display the size in lines of the history buffer show history Syntax Description None Command Defaults None Command Type Switch command Command Mo...

Page 819: ...escription Command Defaults If default is not specified the history setting will not be persistent Command Type Switch command Command Mode Read Write Example This example shows how to set the size of...

Page 820: ...display statistics for all the current active network connections icmp Optional Shows Internet Control Message Protocol ICMP statistics ip Optional Shows Internet Protocol IP statistics routes Option...

Page 821: ...Output Details Output What It Displays PCB Protocol Control Block designation Proto Type of protocol running on the connection Recv Q Number of queries received over the connection Send Q Number of q...

Page 822: ...ch command Command Mode Read Write Examples This example shows how to ping IP address 134 141 89 29 In this case this host is alive In this example the host at IP address is not responding s Optional...

Page 823: ...from 134 141 89 29 icmp seq 6 time 0 ms 64 bytes from 134 141 89 29 icmp seq 7 time 0 ms 64 bytes from 134 141 89 29 icmp seq 8 time 0 ms 64 bytes from 134 141 89 29 icmp seq 9 time 0 ms 134 141 89 2...

Page 824: ...lnet session s logged in to the switch show users Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Only Example This example shows how to use the show users...

Page 825: ...ll users tell dest all message Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to tell all users about a system reset dest S...

Page 826: ...Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Examples This example shows how to close a Telnet session to host 134 141 192 119 This example shows how to...

Page 827: ...onfigure SMON Switched Network Monitoring on the device Commands Commands to configure SMON are listed below and described in the associated section as shown show smon priority Section 11 2 3 1 set sm...

Page 828: ...ll priority queues will be displayed Command Type Switch command Command Mode Read Only Example This example shows how to display SMON priority 0 statistics for 1 Gigabit Ethernet port 14 in module 3...

Page 829: ...mand Type Switch command Command Mode Read Write Example This example shows how set the device to gather SMON priority statistics from 1 Gigabit Ethernet port 14 in module 3 create enable disable Crea...

Page 830: ...x Description Command Defaults If port string is not specified priority statistics will be cleared on all ports Command Type Switch command Command Mode Read Write Example This example shows how clear...

Page 831: ...ommand Type Switch command Command Mode Read Only Example This example shows how to display SMON VLAN 1 statistics for 1 Gigabit Ethernet port 14 in module 3 port string Optional Displays SMON VLAN st...

Page 832: ...pe Switch command Command Mode Read Write Example This example shows how set the device to gather SMON VLAN related statistics from 1 Gigabit Ethernet port 14 in module 3 create enable disable Creates...

Page 833: ...If port string is not specified VLAN statistics counting configurations will be cleared for all ports Command Type Switch command Command Mode Read Write Example This example shows how clear an SMON V...

Page 834: ...MON monitoring groups supported on Matrix Series devices each group s function and the elements it monitors and the associated configuration commands needed Table 11 5 RMON Monitoring Group Functions...

Page 835: ...4 10 Event Controls the generation and notification of events from the device Event type description last time event was sent show rmon event Section 11 2 4 11 set rmon event properties Section 11 2 4...

Page 836: ...pN Section 11 2 4 19 set rmon topN properties Section 11 2 4 20 set rmon topN status Section 11 2 4 21 clear rmon topN Section 11 2 4 22 Matrix Records statistics for conversations between two IP addr...

Page 837: ...nel Section 11 2 4 27 set rmon channel Section 11 2 4 28 clear rmon channel Section 11 2 4 29 show rmon filter Section 11 2 4 30 set rmon filter Section 11 2 4 31 clear rmon filter Section 11 2 4 32 P...

Page 838: ...MON statistics for Fast Ethernet port 20 in module 1 port string Optional Displays RMON statistics for specific port s For a detailed description of possible port string values refer to Section 4 1 1...

Page 839: ...that were greater than 1518 bytes and had either a bad FCS or a bad CRC Packets Total number of frames including bad frames broadcast frames and multicast frames received on this interface Broadcast...

Page 840: ...4 bytes in length excluding framing bits but including FCS bytes 65 127 Octets Total number of frames including bad frames received that were between 65 and 127 bytes in length excluding framing bits...

Page 841: ...Defaults If owner is not specified monitor will be applied Command Type Switch command Command Mode Read Write Example This example shows how to configure RMON statistics entry 2 for fe 1 20 index Spe...

Page 842: ...dex list to defaults Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to delete RMON statistics entry 2 index list Specifies...

Page 843: ...Switch command Command Mode Read Only Example This example shows how to display RMON history entries for Fast Ethernet port 14 in module 3 A control entry displays first followed by actual entries cor...

Page 844: ...3 14 Index 1001 Status 1 valid Owner monitor Data Source 1 3 6 1 2 1 2 2 1 1 11001 Interval 30 Buckets Requested 50 Buckets Granted 50 Sample 2304 Interval Start 0 days 19 hours 11 minutes 35 seconds...

Page 845: ...ecified interval will be set to 30 seconds If owner is not specified monitor will be applied Command Type Switch command Command Mode Read Write Example This example shows how configure RMON history e...

Page 846: ...refer to Section 11 2 4 5 clear rmon history index list to defaults Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to delet...

Page 847: ...arm index Syntax Description Command Defaults If index is not specified information about all RMON alarm entries will be displayed Command Type Switch command Command Mode Read Only Example This examp...

Page 848: ...Sample Type Whether the monitoring method is an absolute or a delta sampling Startup Alarm Whether alarm generated when this entry is first enabled is rising falling or either Interval Interval in sec...

Page 849: ...object to be monitored NOTE This parameter is not mandatory for executing the command but must be specified in order to enable the alarm entry configuration type absolute delta Optional Specifies the...

Page 850: ...rising RMON alarm This entry will conduct monitoring of the delta between samples every 30 seconds revent revent Specifies the index number of the RMON event to be triggered when the rising threshold...

Page 851: ...None Command Type Switch command Command Mode Read Write Example This example shows how to enable RMON alarm entry 3 NOTE An RMON alarm entry can be created using this command configured using the se...

Page 852: ...4 10 clear rmon alarm Use this command to delete an RMON alarm entry clear rmon alarm index Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This e...

Page 853: ...e This example shows how to display RMON event entry 3 Table 11 8 provides an explanation of the command output index Optional Displays RMON properties and log entries for a specific entry index ID Ma...

Page 854: ...ion Text string description of this event Type Whether the event notification will be a log entry and SNMP trap both or none Community SNMP community name if message type is set to trap Last Time Sent...

Page 855: ...pplied If owner is not specified monitor will be applied Command Type Switch command Command Mode Read Write index Specifies an index number for this entry Maximum number of entries is 100 Maximum val...

Page 856: ...figuration Guide Example This example shows how to create and enable an RMON event entry called STP topology change that will send both a log entry and an SNMP trap message to the public community Mat...

Page 857: ...Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to enable RMON event entry 1 NOTE An RMON event entry can be created using t...

Page 858: ...n event Use this command to delete an RMON event entry and any associated log entries clear rmon event index Syntax Description Command Defaults None Command Type Switch command Command Mode Read Writ...

Page 859: ...etwork show rmon host port string address creation Syntax Description Command Defaults If port string is not specified information about all ports will be displayed If address or creation are not spec...

Page 860: ...orresponding to the control entry For a description of the types of statistics shown refer to Table 11 6 Matrix rw show rmon host Host Index 1 Interface 21009 Table size 100 Last deletion 766048 Statu...

Page 861: ...r will be applied Command Type Switch command Command Mode Read Write Example This example shows how to configure RMON host entry 1 on Fast Ethernet port 5 in module 1 index Specifies an index number...

Page 862: ...le an RMON host entry set rmon host status index enable Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to enable RMON host...

Page 863: ...4 18 clear rmon host Use this command to delete an RMON host entry clear rmon host index Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This exam...

Page 864: ...ax Description Command Defaults If index is not specified information about all entries will be displayed Command Type Switch command Command Mode Read Only Example This example shows how to display a...

Page 865: ...up time when this report was last started HostIndex Index number of the host table for which this top N report will be prepared Rate Base Type of counter and corresponding integer value activated wit...

Page 866: ...lied If owner is not specified monitor will be applied Command Type Switch command index Specifies an index number for this entry An entry will automatically be created if an unused index number is ch...

Page 867: ...um and Diamond Series Configuration Guide 11 77 Command Mode Read Write Example This example shows how to configure RMON TopN entry 1 for host 1 with a sampling interval of 60 seconds and a maximum nu...

Page 868: ...le an RMON topN entry set rmon topN status index enable Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to enable RMON TopN...

Page 869: ...4 22 clear rmon topN Use this command to delete an RMON TopN entry clear rmon topN index Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This exam...

Page 870: ...t specified information about source and destination addresses will be displayed Command Type Switch command Command Mode Read Only Example This example shows how to display RMON matrix properties and...

Page 871: ...rix table for this interface Last deletion System up time when the last entry was deleted from the matrix table associated with this entry Status Whether this matrix entry is enabled valid or disabled...

Page 872: ...pecified monitor will be applied Command Type Switch command Command Mode Read Write Example This example shows how to configure RMON matrix entry 1 for fe 1 1 index Specifies an index number for this...

Page 873: ...matrix entry set rmon matrix status index enable Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to enable RMON matrix entr...

Page 874: ...clear rmon matrix Use this command to delete an RMON matrix entry clear rmon matrix index Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This exa...

Page 875: ...specified information about all channels will be displayed Command Type Switch command Command Mode Read Only Example This example shows how to display RMON channel information for fe 2 12 port strin...

Page 876: ...e action of the filters on this channel as matched Packets will be accepted on filter matches failed Packets will be accepted if they fail a match control on off Optional Enables or disables control o...

Page 877: ...be set to off If onevent and offevent are not specified none will be applied If event status is not specified ready will be applied If a description is not specified none will be applied If owner is...

Page 878: ...4 29 clear rmon channel Use this command to clear an RMON channel entry clear rmon channel index Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example Th...

Page 879: ...er entries will be displayed Command Type Switch command Command Mode Read Only Example This example shows how to display all RMON filter entries and channel information index index channel channel Op...

Page 880: ...hosen Maximum number of entries is 10 Maximum value is 65535 channel_index Specifies the channel to which this filter will be applied offset offset Optional Specifies an offset from the beginning of t...

Page 881: ...ring RMON Matrix DFE Platinum and Diamond Series Configuration Guide 11 91 Command Mode Read Write Example This example shows how to create RMON filter 1 and apply it to channel 9 Matrix rw set rmon f...

Page 882: ...to clear an RMON filter entry clear rmon filter index index channel channel Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how...

Page 883: ...control entries show rmon capture index nodata Syntax Description Command Defaults If no options are specified all buffer control entries and associated captured packets will be displayed Command Type...

Page 884: ...slice 128 Download size 100 Download offset 0 Max Octet Requested 50000 Max Octet Granted 50000 Start time 1 days 0 hours 51 minutes 15 seconds Owner monitor captureEntry 1 Buff control 28062 Pkt ID 9...

Page 885: ...ecified it will be set to monitor index Specifies a buffer control entry channel Specifies the channel to which this capture entry will be applied action lock wrap Optional Specifies the action of the...

Page 886: ...guring RMON 11 96 Matrix DFE Platinum and Diamond Series Configuration Guide Command Type Switch command Command Mode Read Write Example This example shows how to create RMON capture entry 1 to listen...

Page 887: ...4 35 clear rmon capture Use this command to clears an RMON capture entry clear rmon capture index Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example T...

Page 888: ...ommands to manage switch network addresses and routes are listed below and described in the associated section as shown show arp Section 11 2 5 1 set arp Section 11 2 5 2 clear arp Section 11 2 5 3 sh...

Page 889: ...an explanation of the command output Matrix rw show arp LINK LEVEL ARP TABLE IP Address Phys Address Flags Interface 10 20 1 1 00 00 5e 00 01 1 S host0 134 142 21 194 00 00 5e 00 01 1 S host0 134 142...

Page 890: ...will not be sent to the host Command Type Switch command Command Mode Read Write Example This example shows how to map IP address 198 133 219 232 to MAC address 00 00 0c 40 0f bc ip address Specifies...

Page 891: ...ommand to delete a specific entry or all entries from the switch s ARP table clear arp ip all Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This...

Page 892: ...figuration Guide 11 2 5 4 show rad Use this command to display the status of the RAD Runtime Address Discovery protocol on the switch show rad Syntax Description None Command Defaults None Command Typ...

Page 893: ...configuration file from the network set rad enable disable Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to disable RAD NO...

Page 894: ...ly Example This example shows how to display the IP routing table Table 11 12 provides an explanation of the command output Matrix rw show ip route ROUTE TABLE Destination Gateway Mask TOS Flags Refcn...

Page 895: ...outing entry R host or net unreachable D created dynamically by redirect M modified dynamically by redirect d message confirmed C generate new routes on use X external daemon resolves name L generated...

Page 896: ...going probe packet m max ttl Optional Specifies the maximum time to live TTL used in outgoing probe packets p port Optional Specifies the base UDP port number used in probes q nqueries Optional Specif...

Page 897: ...t routing tables will be used If d is not specified the debug socket option will not be used If not specified tos will be set to 0 If F is not specified the don t fragment bit will not be applied If g...

Page 898: ...e hop 1 is the Matrix Series switch hop 2 is 14 1 0 45 and hop 3 is back to the host IP address Round trip times for each of the three UDP probes are displayed next to each hop Matrix rw traceroute 19...

Page 899: ...oute destination default gateway Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to add an IP route from 192 122 173 42 to 1...

Page 900: ...his command to delete switch IP routing table entries clear ip route destination default Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This examp...

Page 901: ...hrough the switching process use the show mac command as described in Section 11 2 5 11 show port mac port string Syntax Description Command Defaults If port string is not specified MAC addresses for...

Page 902: ...are specified all MAC addresses for the device will be displayed Command Mode Read Only agetime Optional Display the time in seconds that a learned MAC address will stay in the filtering database add...

Page 903: ...12 11 88 3 fe 1 3 mgmt perm Table 11 13 show mac Output Details Output What It Displays MAC Address MAC addresses mapped to the port s shown FID Filter database identifier Port Port designation Type A...

Page 904: ...the entry will be permanent Command Mode Read Write Example This example shows how to set the MAC timeout period to 600 seconds agetime time Specifies the timeout period in seconds for aging learned M...

Page 905: ...imeout period all Clear all MAC address entries This will even clear permanent entries address address MAC address to clear ex 00 01 F4 56 78 90 if not specified clear command shall be scoped to all M...

Page 906: ...d Set Managing Switch Network Addresses and Routes 11 116 Matrix DFE Platinum and Diamond Series Configuration Guide This example shows how to clear all the MAC addresses associated with port fe 1 3 M...

Page 907: ...cription Command Defaults If port string is not specified MAC address traps for all ports will be displayed Command Mode Read Only Example This example shows how to display the status of MAC address t...

Page 908: ...tring enable disable Syntax Description Command Defaults If port string is not specified MAC address traps will be globally enabled or disabled Command Mode Read Write Example This example shows how t...

Page 909: ...cription Command Defaults If port string is not specified MAC address traps for all ports will be displayed Command Mode Read Only Example This example shows how to display the status of MAC address t...

Page 910: ...tring enable disable Syntax Description Command Defaults If port string is not specified MAC address traps will be globally enabled or disabled Command Mode Read Write Example This example shows how t...

Page 911: ...ction as shown show sntp Section 11 2 6 1 set sntp client Section 11 2 6 2 clear sntp client Section 11 2 6 3 set sntp server Section 11 2 6 4 clear sntp server Section 11 2 6 5 set sntp broadcastdela...

Page 912: ...ow to display SNTP client settings Table 11 14 provides an explanation of the command output Matrix rw show sntp SNTP Version 3 Current Time TUE SEP 09 16 13 33 2003 Timezone EST offset from UTC is 4...

Page 913: ...terval between SNTP unicast requests Default of 512 seconds can be reset using the set sntp poll interval command Section 11 2 6 8 Poll Retry Number of poll retries to a unicast SNTP server Default of...

Page 914: ...nt broadcast unicast disable Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to enable SNTP in broadcast mode broadcast Enab...

Page 915: ...figuration Guide 11 125 11 2 6 3 clear sntp client Use this command to clear the SNTP client s operational mode clear sntp client Syntax Description None Command Defaults None Command Type Switch comm...

Page 916: ...rvers can be set as SNTP servers set sntp server ip address precedence Syntax Description Command Defaults If precedence is not specified 1 will be applied Command Type Switch command Command Mode Rea...

Page 917: ...rom the SNTP server list clear sntp server ip address all Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to remove the serv...

Page 918: ...the round trip delay in microseconds for SNTP broadcast frames set sntp broadcastdelay time Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This ex...

Page 919: ...1 129 11 2 6 7 clear sntp broadcast delay Use this command to clear the round trip delay time for SNTP broadcast frames clear sntp broadcastdelay Syntax Description None Command Defaults None Command...

Page 920: ...Use this command to set the poll interval between SNTP unicast requests set sntp poll interval interval Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Ex...

Page 921: ...Guide 11 131 11 2 6 9 clear sntp poll interval Use this command to clear the poll interval between unicast SNTP requests clear sntp poll interval Syntax Description None Command Defaults None Command...

Page 922: ...oll retry Use this command to set the number of poll retries to a unicast SNTP server set sntp poll retry retry Syntax Description Command Defaults None Command Type Switch command Command Mode Read W...

Page 923: ...ide 11 133 11 2 6 11 clear sntp poll retry Use this command to clear the number of poll retries to a unicast SNTP server clear sntp poll retry Syntax Description None Command Defaults None Command Typ...

Page 924: ...this command to set the poll timeout in seconds for a response to a unicast SNTP request set sntp poll timeout timeout Syntax Description Command Defaults None Command Type Switch command Command Mode...

Page 925: ...Configuration Guide 11 135 11 2 6 13 clear sntp poll timeout Use this command to clear the SNTP poll timeout clear sntp poll timeout Syntax Description None Command Defaults None Command Type Switch...

Page 926: ...Use this command to display SNTP time zone settings show timezone Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Only Example This example shows how to di...

Page 927: ...tax Description Command Defaults If offset hours or minutes are not specified none will be applied Command Type Switch command Command Mode Read Write Example This example shows how to set the time zo...

Page 928: ...d Series Configuration Guide 11 2 6 16 clear timezone Use this command to remove SNTP time zone adjustment values clear timezone Syntax Description None Command Defaults None Command Type Switch comma...

Page 929: ...s what network protocols are running on one or more ports Commands Commands to configure node aliases are listed below and described in the associated section as shown show nodealias Section 11 2 7 1...

Page 930: ...the command output port string Optional Displays node alias properties for specific port s For a detailed description of possible port string values refer to Section 4 1 1 Matrix rw show nodealias ge...

Page 931: ...Guide 11 141 Vlan ID VLAN ID associated with this alias MAC Address MAC address associated with this alias Protocol Networking protocol running on this port Address Source IP When applicable a protoco...

Page 932: ...rp dec bpdu udp Optional Displays node alias entries for one of the following protocols Internet Protocol Appletalk Media Access Control Hot Standby Routing Protocol Dynamic Host Control Protocol Serv...

Page 933: ...ith 00 e0 Refer back to Table 11 15 for a description of the command output Matrix rw show nodealias mac 00 e0 bpdu Port lag 0 1 Time 0 days 01 hrs 34 mins 53 secs Alias ID 306783575 Active true Vlan...

Page 934: ...col IP related entries will be displayed from all source addresses If port string is not specified node alias entries will be displayed for all ports Command Mode Read Only ip apl mac hsrp dhcps dhcpc...

Page 935: ...his example shows how to display node alias entries for IP traffic on ge 3 16 Refer back to Table 11 15 for a description of the command output Matrix rw show nodealias protocol ip ge 3 16 Port ge 3 1...

Page 936: ...and Mode Read Only Example This example shows how to display node alias configuration settings for ports fe 2 1 through 9 Table 11 16 provides an explanation of the command output port string Optional...

Page 937: ...tails Output What It Displays Port Number Port designation Max Entries Maximum number of alias entries configured for this port Set using the set nodealias maxentries command Section 11 2 7 6 Used Ent...

Page 938: ...e aliases cannot be statically created but can be deleted using the clear node alias command as described in Section 11 2 7 7 set nodealias enable disable port string Syntax Description Command Defaul...

Page 939: ...nodealias maxentries val port string Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to set the maximum node alias entries t...

Page 940: ...faults None Command Type Switch command Command Mode Read Write Example This example shows how to clear all node alias entries on fe 1 3 port string port string Specifies the port s on which to remove...

Page 941: ...e maximum entries value clear nodealias config port string Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to reset the node...

Page 942: ...and the path the frame takes through the switch Operation NetFlow can be enabled on all ports on a Matrix system including fixed front panel ports LAG ports NEM ports and FTM1 backplane ports Router...

Page 943: ...es not support aggregation caches Provides 4 predefined templates The appropriate template is selected for each flow depending on whether the flow is routed or switched and whether it is a TCP UDP pac...

Page 944: ...ated section as shown show netflow Section 11 2 8 1 set netflow cache Section 11 2 8 2 clear netflow cache Section 11 2 8 3 set netflow export destination Section 11 2 8 4 clear netflow export destina...

Page 945: ...yed Command Type Switch command Command Mode Read Only Example This example shows how to display both Netflow configuration information and statistics config Optional Show the NetFlow configuration st...

Page 946: ...etFlow 11 156 Matrix DFE Platinum and Diamond Series Configuration Guide Disabled Ports lag 0 1 48 ge 1 1 10 12 22 24 52 Export Statistics Network Packets Sampled 232 Exported Packets 43 Exported Reco...

Page 947: ...in the Matrix system A NetFlow cache maintains NetFlow information for all active flows By default NetFlow caches are not created set netflow cache enable disable Syntax Description Command Defaults...

Page 948: ...free up the NetFlow caches on each DFE blade in the Matrix system When this command is executed NetFlow is effectively disabled on the system clear netflow cache Syntax Description None Command Defaul...

Page 949: ...collector destination per Matrix system can be configured set netflow export destination ip address udp port Syntax Description Command Defaults None Command Type Switch command Command Mode Read Wri...

Page 950: ...e collector address per Matrix system is supported entering the IP address and UDP port information is not required Executing this command without any parameters will return the collector address to N...

Page 951: ...mand Mode Read Write Usage Each DFE blade in the Matrix system will transmit a NetFlow packet when It has accumulated the maximum number of NetFlow records per packet which is 30 or It has accumulated...

Page 952: ...export interval Use this command to clear NetFlow export interval to its default of 30 minutes clear netflow export interval Syntax Description None Command Defaults None Command Type Switch command C...

Page 953: ...on a port set netflow port port string enable disable Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to enable NetFlow coll...

Page 954: ...eturn a port to the default NetFlow collection state of disabled clear netflow port port string Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example Thi...

Page 955: ...ation about NetFlow version support Use the show netflow config command Section 11 2 8 1 to display the current NetFlow version set netflow export version 5 9 Syntax Description Command Defaults None...

Page 956: ...ow flow record format used to export data to the default of Version 5 Use the show netflow config command Section 11 2 8 1 to display the current NetFlow version clear netflow export version Syntax De...

Page 957: ...emplates are retransmitted when either The packet refresh rate is reached or The template timeout is reached Template refresh based on the timeout period is only performed by the master DFE blade to a...

Page 958: ...settings of a 20 packet refresh rate and a 30 minute timeout may not be optimal for your environment For example a switch processing an extremely slow flow rate of say 20 packets per half hour would...

Page 959: ...and Defaults At least one of the refresh rate or timeout parameters must be specified although both can be specified on one command line Command Type Switch command Command Mode Read Write Example Thi...

Page 960: ...Logging And Network Management Command Set Configuring NetFlow 11 170 Matrix DFE Platinum and Diamond Series Configuration Guide...

Page 961: ...Performing a basic router configuration Section 12 2 3 4 Reviewing and configuring the ARP table Section 12 2 4 5 Reviewing and configuring broadcast settings Section 12 2 5 6 Reviewing IP traffic an...

Page 962: ...r and processed locally Routing interface configuration commands in this guide will configure either a VLAN or loopback interface depending on your choice of parameters as shown in Table 12 1 For deta...

Page 963: ...ity status of interfaces configured for IP to set IP addresses for interfaces and to enable interfaces for IP routing at device startup Commands The commands used to review and configure interface set...

Page 964: ...uter show interface vlan vlan id loopback loopback id lo local id Syntax Description Command Type Router command Command Mode Any router mode Command Defaults If interface type is not specified inform...

Page 965: ...escription of this output refer to Table 12 2 Matrix Router1 show interface Vlan 1 is Administratively DOWN Vlan 1 is Operationally DOWN Mac Address is 0001 f4da 2cba The name of this device is Vlan 1...

Page 966: ...itch CLI before they can be configured for IP routing For details on creating VLANs and configuring them for IP refer to Section 2 3 2 Each VLAN or loopback interface must be configured for routing se...

Page 967: ...thold round robin Syntax Description Command Syntax of the no Form The no form of this command disables ECM mode no ip ecm forwarding algorithm Command Type Router command Command Mode Global configu...

Page 968: ...ation for all routing interfaces will be displayed Example This example shows how to display configuration information for VLAN 1 vlan vlan id loopback loopback id lo loopback id Optional Displays inf...

Page 969: ...igured on this interface using the commands described in Section 14 3 12 IP Helper Address Whether or not an IP address has been designated for forwarding UDP datagrams from this interface Set using t...

Page 970: ...emoves the specified IP address and disables the interface for IP processing no ip address ip address ip mask Command Type Router command Command Mode Interface configuration Matrix Router1 config if...

Page 971: ...erface to automatically be enabled at device startup no shutdown Syntax Description None Command Type Router command Command Mode Interface configuration Matrix Router1 config if Vlan 1 Command Defaul...

Page 972: ...each router configuration in the event that DFE modules are added or removed from the Matrix chassis This section demonstrates managing configuration files while operating in router mode only For a sa...

Page 973: ...yntax Description None Command Type Router command Command Mode Any router mode Command Defaults None Example This example shows how to display the current router operating configuration Matrix Router...

Page 974: ...Command Defaults If no parameters are specified the running configuration will be displayed to the terminal session NOTE The write file command must be executed in order to save the router configurati...

Page 975: ...5 Example This example shows how to display the router specific configuration to the terminal Matrix Router1 write terminal Enable Config t interface vlan 1 iP Address 182 127 63 1 255 255 255 0 no sh...

Page 976: ...he device and remove the routing configuration By default IP routing is enabled when interfaces are configured for it as described in Section 12 2 1 no ip routing Syntax Description None Command Type...

Page 977: ...still possible to use router only commands to configure the router To do so you need to add router config wrappers to your existing router config files as shown in Figure 12 1 Figure 12 1 Example of...

Page 978: ...Figure 12 1 for an example of a basic config file 3 Save the configuration using the write file command as described in Section 12 2 2 2 12 2 3 4 Moving a Config File from Another Routing Module To c...

Page 979: ...xy ARP on an interface and to set a MAC address on an interface Commands The commands used to review and configure the ARP table are listed below and described in the associated section as shown show...

Page 980: ...meters are specified all entries in the ARP cache will be displayed ip address Optional Displays ARP entries related to a specific IP address vlan vlan id Optional Displays only ARP entries learned th...

Page 981: ...show ip arp 134 141 235 165 Protocol Address Age min Hardware Addr Type Interface Internet 134 141 235 165 0002 1664 a5b3 ARPA Vlan2 Matrix Router1 show ip arp vlan 2 Protocol Address Age min Hardware...

Page 982: ...The no form of this command removes the specified permanent ARP entry no arp ip address Command Type Router command Command Mode Global configuration Matrix Router1 config Command Defaults None Examp...

Page 983: ...r a gratuitous ARP reply or request no ip gratuitous arp Command Type Router command Command Mode Interface configuration Matrix Router1 config if Vlan 1 Command Defaults None Example This example sho...

Page 984: ...ng command enabled ip gratuitous arp learning both reply request Syntax Description Command Syntax of the no Form The no form of this command disables gratuitous ARP learning no ip gratuitous arp lear...

Page 985: ...end node to the requesting host Proxy ARP can lessen bandwidth use on slow speed WAN links It is enabled by default ip proxy arp Syntax Description None Command Syntax of the no Form The no form of th...

Page 986: ...ter1 config if Vlan 1 Command Defaults None Example This example shows how to set an IP MAC address of 000A 000A 000B on VLAN 1 NOTE By default every routing interface uses the same MAC address If the...

Page 987: ...t seconds Syntax Description Command Syntax of the no Form The no form of this command restores the default value of 14 400 seconds no arp timeout seconds Command Type Router command Command Mode Glob...

Page 988: ...uide 12 2 4 8 clear arp cache Use this command to delete all nonstatic dynamic entries from the ARP table clear arp cache Syntax Description None Configuration Mode Privileged EXEC Matrix Router1 Comm...

Page 989: ...29 12 2 5 Configuring Broadcast Settings Purpose To configure IP broadcast settings Commands The commands used to configure IP broadcast settings are listed below and described in the associated secti...

Page 990: ...broadcast Syntax Description None Command Syntax of the no Form The no form of this command disables IP directed broadcast globally no ip directed broadcast Command Type Router command Command Mode I...

Page 991: ...ort Command Type Router command Command Mode Global configuration Matrix Router config udp Specifies UDP as the IP forwarding protocol port Optional Specifies a destination port that controls which UD...

Page 992: ...d on that segment A routing module can forward the DHCP request to a server located on another network if IP forward protocol is enabled for UDP as described in Section 12 2 5 2 and the address of the...

Page 993: ...d Syntax of the no Form The no form of this command disables the forwarding of UDP datagrams to the specified address no ip helper address address Command Type Router command Command Mode Interface co...

Page 994: ...d to execute traceroute Commands The commands used to review IP traffic and configure routes are listed below and described in the associated section as shown show router limits route table Section 12...

Page 995: ...this command to display the chassis based router limit setting show router limits route table Syntax Description None Command Type Switch command Command Mode Read Only Command Defaults None Example T...

Page 996: ...s example shows how to set the route table limit to 17000 NOTE This command must be executed from the switch CLI route table Sets the route table limit Valid values are 1 25000 This parameter will als...

Page 997: ...Use this command to reset the chassis based route table limits to default value of 12000 clear router limits route table Syntax Description None Command Type Switch command Command Mode Read Write Co...

Page 998: ...nformation on configuring RIP parameters refer to Section 13 2 2 NOTE Enabling CIDR for RIP on the Matrix Series device requires using the no auto summary command as described in Section 13 2 2 16 to...

Page 999: ...w ip traffic Use this command to display IP traffic statistics show ip traffic softpath Syntax Description Command Type Router command Command Mode Any router mode Command Defaults If softpath is not...

Page 1000: ...ted 0 forwarded 0 no route ICMP Statistics Rcvd 4 total 0 checksum errors 0 redirects 0 unreachable 4 echo 0 echo reply 0 mask requests 0 quench 0 parameter 0 timestamp 0 time exceeded Sent 6 total 0...

Page 1001: ...on Guide 12 41 12 2 6 6 clear ip stats Use this command to clear all IP traffic counters IP ICMP UDP TCP IGMP and ARP clear ip stats Syntax Description None Configuration Mode Privileged EXEC Matrix R...

Page 1002: ...tabase contains all the active static routes all the RIP routes and up to three best routes to each network as determined by OSPF The RTM selects up to three of the best routes to each network and ins...

Page 1003: ...utes directly connected to VLANs 1 and 2 two static routes connected to VLAN 1 one indirectly and one via another network IP and one RIP route Distance cost is displayed as x y Matrix Router1 show ip...

Page 1004: ...atrix Router1 config Command Defaults If distance is not specified the default value of 1 will be applied If permanent and tag are not specified the route will be set as non permanent with no tag assi...

Page 1005: ...gned a tag of 1 This example shows how to set IP address 10 1 2 3 as the next hop gateway to destination address 10 0 0 0 The route is set as permanent and assigned a tag of 20 This example shows how...

Page 1006: ...een disabled using no ip icmp this command will re enable it on the routing interface ip icmp echo reply mask reply Syntax Description Command Syntax of the no Form The no form of this command disable...

Page 1007: ...cription Command Type Router command Command Mode Privileged EXEC Matrix Router1 Command Defaults None Examples This example shows output from a successful ping to IP address 182 127 63 23 This exampl...

Page 1008: ...e to display a round trip path to host 192 167 252 46 In this case hop 1 is an unnamed router at 192 167 201 2 hop 2 is rtr10 at 192 4 9 10 hop 3 is rtr43 at 192 167 208 43 and hop 4 is back to the ho...

Page 1009: ...ndidate Section 12 2 7 5 show ip pim bsr Section 12 2 7 6 show ip pim interface Section 12 2 7 7 show ip pim neighbor Section 12 2 7 8 show ip pim rp Section 12 2 7 9 show ip pim rp hash Section 12 2...

Page 1010: ...interface ip pim sparse mode Syntax Description None Command Syntax of the no Form The no form of this command disables PIM on an interface no ip pim sparse mode Command Type Router command Command M...

Page 1011: ...will be automatically applied If priority is not specified 1 will be applied pim interface Interface of the BSR candidate This interface must be enabled with PIM as described in Section 12 2 7 1 hash...

Page 1012: ...trix DFE Platinum and Diamond Series Configuration Guide Example This example sets the hash mask length to 30 and DR priority to 77 on VLAN 1 Matrix Router1 config interface vlan 1 Matrix Router1 conf...

Page 1013: ...ommand Syntax of the no Form The no form of this command disables the DR functionality no ip dr priority Command Type Router command Command Mode Interface configuration Matrix Router1 config if Vlan...

Page 1014: ...s group address group mask Command Type Router command Command Mode Global configuration Matrix Router1 config Command Defaults If not specified a priority value of 192 will be assigned Example This e...

Page 1015: ...face group address group mask Command Type Router command Command Mode Global configuration Matrix Router1 config Command Defaults If not specified a DR priority value of 192 will be assigned Example...

Page 1016: ...display BootStrap Router BSR information Table 12 4 provides an explanation of the command output Matrix Router1 show ip pim bsr PIMv2 Elected Bootstrap Router Information BSR Address 10 0 0 1 Bsr Pr...

Page 1017: ...SR Uptime Interval that this router has been up in hours minutes seconds After 24 hours format will change into days hours and after a week will change into weeks days BSR Expiry Period in which the n...

Page 1018: ...display PIM interface information Table 12 5 provides an explanation of the command output interface Optional Displays information about a specific PIM interface This interface must be enabled with P...

Page 1019: ...eceiving PIM hello messages from other PIM routers on the interface Query Intvl Interval between Hello messages Default is 30 seconds DR Prior Designated router priority value on the interface Set wit...

Page 1020: ...o display PIM neighbor information Table 12 6 provides an explanation of the command output interface Optional Displays information about a specific PIM interface This interface must be enabled with P...

Page 1021: ...1 Expires Interval in hours minutes and seconds until the entry will be removed from the IP multicast routing table Mode Mode in which the interface is operating DR Indicates that this neighbor is a d...

Page 1022: ...mples This example shows how to display information about active RPs This example shows how to display RP mapping information group Optional Displays active RPs for any existing multicast group s mapp...

Page 1023: ...Table 12 7 show ip pim rp Output Details Output What It Displays Group s Address of the multicast group s about which to display RP data RP Address of the RP for that group Priority RP priority value...

Page 1024: ...lected for a specified group show ip pim rp hash group address Syntax Description Command Type Router command Command Mode Privileged EXEC Matrix Router1 Command Defaults None Example This example sho...

Page 1025: ...m neighbors For more information on configuring DVMRP refer to Section 13 2 4 show ip mroute unicast source address multicast group address summary Syntax Description Command Type Router command Comma...

Page 1026: ...555 910 and 920 Matrix Router1 show ip mroute IP Multicast Routing Table Flags D Dense S Sparse C Connected L Local P Pruned R RP bit set F Register flag T SPT bit set J Join SPT Timers Uptime Expire...

Page 1027: ...Syntax Description Command Type Router command Command Mode Any router mode Command Defaults If no optional parameters are specified detailed information about all source and destination addresses wil...

Page 1028: ...t table show ip rfp Syntax Description None Command Type Router command Command Mode Any router mode Command Defaults None Example This example shows the reverse path information for IP address 80 80...

Page 1029: ...he following considerations must be taken into account when configuring LSNAT on Matrix Series devices On chassis based systems only one router per chassis will be allowed to run LSNAT at a given time...

Page 1030: ...selected for this client Subsequent packets from clients are compared to the list of bindings If there is a match the packet is sent to the same server previously selected for this client If there is...

Page 1031: ...e use one binding hardware resource instead of one per service per client In order to use sticky persistence the following configuration criteria are required Sticky persistence must be configured for...

Page 1032: ...on those real servers by means of the vserver http virtual server However clients can directly access realserver1 and realserver2 for any services other than HTTP If you combine the two mechanisms tha...

Page 1033: ...nnections to the real server maxconns Section 12 2 8 10 Optional Specify a weight load number for the real server weight Section 12 2 8 11 Configure a virtual server Optional Display the virtual serve...

Page 1034: ...2 8 20 Display or clear server load balancing connections and statistics Optional Display server load balancing connections and statistics show ip slb conns Section 12 2 8 21 show ip slb stats Section...

Page 1035: ...e Command Defaults If detail is not specified summary information about all configured server farms will be displayed Example This example shows how to display LSNAT server farm summary information de...

Page 1036: ...his is port 21 ip slb ftpctrlport port number Syntax Description Command Syntax of the no Form The no form of this command resets the FTP control port to 21 no ip slb ftpctrlport Command Type Router c...

Page 1037: ...Syntax Description Command Syntax of the no Form The no form of this command deletes the server farm from the LSNAT configuration no ip slb serverfarm serverfarmname Command Type Router command Comma...

Page 1038: ...ommand Defaults If not specified port 0 will be applied Example This example shows how to add a real server at 10 1 2 3 to the server farm named httpserver and to configure the port number to be used...

Page 1039: ...command resets the selection algorithm to Round Robin no predictor Command Type Router command Command Mode SLB Server Farm Configuration mode Matrix Router1 config slb sfarm Command Defaults If not s...

Page 1040: ...d is used in conjunction with the persistence level sticky command described in Section 12 2 8 18 sticky Syntax Description None Command Syntax of the no Form The no form of this command removes this...

Page 1041: ...les show how to display summary and detailed information about real servers in the ten server farm detail Optional Displays detailed output for a specific server farm or for all configured server farm...

Page 1042: ...l server 0 Current state of this real server UP Maximum Connections Unlimited Real Server Weight 3 InService Real Server IP 10 3 0 2 Real Server Port 80 Fail Detect Ping Retries 4 Ping Interval 200 Fa...

Page 1043: ...sult in an error condition on this server Defaults can be changed using the faildetect command as described in Section 12 2 8 9 Fail Detect Type Whether or not the failure detection mechanism is ICMP...

Page 1044: ...ntax of the no Form The no form of this command removes the real server from service no inservice Command Type Router command Command Mode SLB Real Server Configuration mode Matrix Router1 config slb...

Page 1045: ...SLB Real Server Configuration mode Matrix Router1 config slb real Command Defaults If not specified ping will be chosen as the fail detection type ping int seconds Specifies an ICMP ping failure dete...

Page 1046: ...s example shows how to set the ping interval to 10 seconds and the retry number to 6 for the real server at IP 10 1 2 3 in the httpserver server farm Matrix Router1 config ip slb serverfarm httpserver...

Page 1047: ...command Command Mode SLB Real Server Configuration mode Matrix Router1 config slb real Command Defaults None Example This example shows how to limit the number of connections to 20 on the real server...

Page 1048: ...eight number Command Type Router command Command Mode SLB Real Server Configuration mode Matrix Router1 config slb real Command Defaults None Example This example shows how to set the weight load numb...

Page 1049: ...tual servers will be displayed If detail is not specified summary information will be displayed Examples This example shows how to display summary information about all LSNAT virtual servers detail Op...

Page 1050: ...ccess to the real server s Virtual Server test Start IP to End IP 169 254 1 1 to 169 254 1 9 Table 12 10 show ip slb vservers Output Details Output What It Displays Virtual Server Name of the virtual...

Page 1051: ...rver IP address Configured using the virtual command as described in Section 12 2 8 15 Note that currently only FTP is supported client s allowed to use the virtual server s Clients with permission to...

Page 1052: ...ix Router1 config Command Defaults None Example This example shows how to identify a virtual server named virtual http and enable configuration mode for that virtual server Note that this example also...

Page 1053: ...Command Defaults None Example This example shows how to associate the virtual server named virtual http to the httpserver server farm serverfarm name Specifies a server farm name Must be previously co...

Page 1054: ...he virtual server port Specifies a TCP or UDP port number 0 through 65535 or port name to be used by this virtual server Specifying 0 indicates all ports can be used by this virtual server and should...

Page 1055: ...s and TCP port for the virtual http virtual server Matrix Router1 config ip slb serverfarm httpserver Matrix Router1 config slb sfarm real 10 1 2 1 port 80 Matrix Router1 config slb real inservice Mat...

Page 1056: ...config slb vserver Command Defaults None Example This example shows how to enable virtual server named virtual http Matrix Router1 config ip slb serverfarm httpserver Matrix Router1 config slb sfarm...

Page 1057: ...f the no Form The no form of this command removes permission for a client to use the virtual server no client ip address network mask Command Type Router command Command Mode SLB Virtual Server Config...

Page 1058: ...mmand Type Router command Command Mode SLB Virtual Server Configuration mode Matrix Router1 config slb vserver tcp ssl sticky Optional Specifies the type of binding that is used to connect a client to...

Page 1059: ...real exit Matrix Router1 config slb sfarm exit Matrix Router1 config ip slb vserver virtual http Matrix Router1 config slb vserver serverfarm httpserver Matrix Router1 config slb vserver virtual 10 1...

Page 1060: ...client ip end Syntax Description Command Syntax of the no Form The no form of this command removes non LSNAT access permission from the specified clients no allow accessservers client ip start client...

Page 1061: ...None Command Syntax of the no Form The no form of this command removes direct access for all clients no ip slb allowaccess_all Command Type Router command Command Mode Global configuration mode Matri...

Page 1062: ...rix Router1 config slb real exit Matrix Router1 config slb sfarm real 10 1 2 3 port 80 Matrix Router1 config slb real inservice Matrix Router1 config slb real exit Matrix Router1 config slb sfarm exit...

Page 1063: ...how to display summary information about active server load balancing connections detail Optional Displays detailed output for a specific virtual server a specific client or for all configured virtual...

Page 1064: ...reply state Connection Flow ID 2 Real Server IP 172 17 1 2 Client IP 169 225 1 50 Real Server Port 21 Client Port 1110 Protocol TCP Created Time stamp 2004 3 24 14 34 07 Connection State outgoing ser...

Page 1065: ...w ip slb stats Use this command to display load server balancing statistics show ip slb stats Syntax Description None Command Type Router command Command Mode Any router mode Command Defaults None Exa...

Page 1066: ...ss Syntax Description Command Type Router command Command Mode Any router mode Command Defaults If client is not specified all server load balancing active sticky connections are displayed Examples Th...

Page 1067: ...owid serverfarm serverfarm vserver vserver Syntax Description Command Type Router command Command Mode Privileged EXEC Matrix Router1 Command Defaults None Example This example shows how to remove all...

Page 1068: ...Mode Read Only Command Defaults If no options are specified all LSNAT router limits including the route table limit setting as shown in Section 12 2 6 1 will be displayed Example This example shows h...

Page 1069: ...ecified maximum configs will be set to the default value of 50 That is up to 50 server farms 50 virtual servers and 50 direct access entries can be NOTE This command must be executed from the switch C...

Page 1070: ...up to 500 real servers and 500 client access entries can be configured Example This example shows how to set the LSNAT configuration limit to 25 This means that up to 25 server farms 25 virtual server...

Page 1071: ...d Mode Read Write Command Defaults If no options are specified all LSNAT limits will be reset Example This example shows how to reset all chassis based LSNAT limits NOTE This command must be executed...

Page 1072: ...ited period of time or until the client explicitly relinquishes the address Manual A client s IP address is assigned by the network administrator and DHCP is used simply to convey the assigned address...

Page 1073: ...Except for clear and show commands most DHCP configuration commands can be executed in most of the DHCP command modes shown in Table 12 12 CLI examples in this section will show a command being execu...

Page 1074: ...2 2 9 5 ip dhcp pool Section 12 2 9 6 domain name Section 12 2 9 7 dns server Section 12 2 9 8 netbios name server Section 12 2 9 9 netbios node type Section 12 2 9 10 default router Section 12 2 9 11...

Page 1075: ...ation Guide 12 115 client class Section 12 2 9 17 client identifier Section 12 2 9 18 client name Section 12 2 9 19 hardware address Section 12 2 9 20 show ip dhcp binding Section 12 2 9 21 clear ip d...

Page 1076: ...e ip dhcp server Syntax Description None Command Syntax of the no Form The no form of this command disables DHCP server features on one or all routing interfaces no ip dhcp Command Type Router command...

Page 1077: ...Form The no form of this command removes the local address pool no ip local pool name subnet mask Command Type Router command Command Mode Global configuration Matrix Router1 config Command Defaults N...

Page 1078: ...m the list of addresses excluded from the local pool no exclude ip address number Command Type Router command Command Mode IP Local Pool configuration Matrix Router1 ip local pool Command Defaults Non...

Page 1079: ...sting client ip dhcp ping packets number Syntax Description Command Syntax of the no Form The no form of this command prevents the sever from pinging IP addresses no ip dhcp ping packets Command Type...

Page 1080: ...ut ip dhcp ping timeout milliseconds Syntax Description Command Syntax of the no Form The no form of this command resets the ping timeout to the default value of 500 no ip dhcp ping timeout Command Ty...

Page 1081: ...he no form of this command deletes a DHCP address pool no ip dhcp pool name Command Type Router command Command Mode Global configuration Matrix Router1 config Command Defaults None Example This examp...

Page 1082: ...cription Command Syntax of the no Form The no form of this command deletes a DHCP domain name no ip dhcp domain name domain Command Type Router command Command Mode Any DHCP configuration mode Command...

Page 1083: ...es the DNS server list no dns server Command Type Router command Command Mode Any DHCP configuration mode Command Defaults If address2 address8 is not specified no additional addresses will be configu...

Page 1084: ...S WINS server list no netbios name server Command Type Router command Command Mode Any DHCP configuration mode Command Defaults If address2 address8 is not specified no additional addresses will be co...

Page 1085: ...rm of this command deletes the NetBIOS node type no netbios node type Command Type Router command Command Mode Any DHCP configuration mode Command Defaults None Example This example shows how to speci...

Page 1086: ...ult router list no netbios name server Command Type Router command Command Mode Any DHCP configuration mode Command Defaults If address2 address8 is not specified no additional addresses will be confi...

Page 1087: ...ntax Description Command Syntax of the no Form The no form of this command deletes the boot image association no bootfile Command Type Router command Command Mode Any DHCP configuration mode Command D...

Page 1088: ...e client to receive the TFTP server address when downloading a boot file image next server primary ip secondary ip Syntax Description Command Syntax of the no Form The no form of this command removes...

Page 1089: ...HCP options no option code instance number Command Type Router command Command Mode Any DHCP configuration mode Command Defaults If instance is not specified none 0 will be applied Examples This examp...

Page 1090: ...d Diamond Series Configuration Guide This example shows how to configure DHCP option 72 which assigns one or more Web servers for DHCP clients In this case two Web server addresses are configured Matr...

Page 1091: ...command Command Mode Any DHCP configuration mode Command Defaults If hours or minutes are not specified no values will be configured Example This example shows how to set a one hour lease to the loca...

Page 1092: ...1 config dhcp pool Command Defaults If not specified DHCP server will examine its defined IP address pools for a mask or prefix length If no mask is found in the IP address pool database the Class A B...

Page 1093: ...uring each client separately This command also enables DHCP class configuration mode client class name Syntax Description Command Syntax of the no Form The no form of this command deletes a client cla...

Page 1094: ...ifier no client identifier unique identifier Command Type Router command Command Mode Any DHCP configuration mode Command Defaults If client class is not specified none will be assigned Example This e...

Page 1095: ...outer command Command Mode Any DHCP configuration mode Command Defaults If client class is not specified none will be assigned Example This example shows how to assign soho1 as a client name in client...

Page 1096: ...pe Router command Command Mode Any DHCP configuration mode Command Defaults If type is not specified Ethernet will be applied Example This example shows how to specify 0001 f401 2710 as an Ethernet MA...

Page 1097: ...mand Defaults If ip address is not specified information about all address bindings will be shown Example This example shows how to display the DHCP binding address parameters including an associated...

Page 1098: ...P address bindings clear ip dhcp binding address Syntax Description Command Type Router command Command Mode Privileged EXEC Matrix Router1 Command Defaults None Example This example shows how to dele...

Page 1099: ...ommand Type Router command Command Mode Any DHCP configuration mode Command Defaults None Example This example shows how to display DHCP server statistics Matrix Router1 show ip dhcp server statistics...

Page 1100: ...Database agents Agents configured in the DHCP database Automatic bindings IP addresses that have been automatically mapped to the Ethernet MAC addresses of hosts found in the DHCP database Manual bin...

Page 1101: ...2 9 24 clear ip dhcp server statistics Use this command to reset all DHCP server counters clear ip dhcp server statistics Syntax Description None Command Type Router command Command Mode Privileged EX...

Page 1102: ...IP Configuration Command Set Configuring Dynamic Host Configuration Protocol DHCP 12 142 Matrix DFE Platinum and Diamond Series Configuration Guide...

Page 1103: ...uring OSPF Section 13 2 3 4 Configuring DVMRP Section 13 2 4 5 Configuring IRDP Section 13 2 5 6 Configuring VRRP Section 13 2 6 ROUTER The commands covered in this chapter can be executed only when t...

Page 1104: ...s 13 2 2 Configuring RIP Purpose To enable and configure the Routing Information Protocol RIP RIP Configuration Task List and Commands Table 13 1 lists the tasks and commands associated with RIP confi...

Page 1105: ...3 2 2 14 ip rip authentication mode Section 13 2 2 15 Disable automatic route summarization necessary for enabling CIDR no auto summary Section 13 2 2 16 Disable triggered updates ip rip disable trigg...

Page 1106: ...s command disables RIP no router rip Command Type Router command Command Mode Global configuration Matrix Router1 config Command Defaults None Example This example shows how to enable RIP NOTE You mus...

Page 1107: ...nd Syntax of the no Form The no form of this command removes the network from the RIP routing process no network ip address Command Type Router command Command Mode Router configuration Matrix Router1...

Page 1108: ...uting information neighbor ip address Syntax Description Command Syntax of the no Form The no form of this command disables point to point routing exchanges no neighbor ip address Command Type Router...

Page 1109: ...RIP administrative distance is set to 120 The distance command can be used to change this value resetting RIP s route preference in relation to other routes as shown in the table below distance weigh...

Page 1110: ...nfiguring RIP 13 8 Matrix DFE Platinum and Diamond Series Configuration Guide Example This example shows how to change the default administrative distance for RIP to 1001 Matrix Router1 config router...

Page 1111: ...rm The no form of this command removes an offset no ip rip offset in out Command Type Router command Command Mode Interface configuration Matrix Router1 config if Vlan 1 Command Defaults None Example...

Page 1112: ...router Command Defaults None Example This example shows how to set RIP timers to a 5 second update time a 10 second invalid interval a 20 second holdown time and a 60 second flush time basic Specifie...

Page 1113: ...ted by the RIP module no ip rip send version Command Type Router command Command Mode Interface configuration Matrix Router1 config if Vlan 1 Command Defaults None Example This example shows how to se...

Page 1114: ...ersion of the RIP module update packets that are accepted on the interface no ip rip receive version Command Type Router command Command Mode Interface configuration Matrix Router1 config if Vlan 1 Co...

Page 1115: ...y chain as described in Section 13 2 2 9 2 Add a key to the chain as described in Section 13 2 2 10 3 Specify an authentication string for the key as described in Section 13 2 2 11 4 Set the time peri...

Page 1116: ...ey chain name Syntax Description Command Syntax of the no Form The no form of this command deletes the specified key chain no key chain name Command Type Router command Command Mode Global configurati...

Page 1117: ...Command Type Router command Command Mode Key chain configuration Matrix Router1 config keychain Command Defaults None Example This example shows how to create authentication key 3 within the key chai...

Page 1118: ...tion string no key string text Command Type Router command Command Mode Key chain key configuration Matrix Router1 config keychain key Command Defaults None Example This example shows how to create an...

Page 1119: ...will begin to be valid to be received Valid input is hours minutes seconds hh mm ss month Specifies the month the authentication key will begin to be valid to be received Valid input is the first thr...

Page 1120: ...ne Examples This example shows how to allow the password authentication key to be received as valid on its RIP configured interface beginning at 2 30 on November 30 2002 with no ending time infinitely...

Page 1121: ...ychain key start time Specifies the time of day the authentication key will begin to be valid to be sent Valid input is hours minutes seconds hh mm ss month Specifies the month the authentication key...

Page 1122: ...o allow the password authentication key to be sent as valid on its RIP configured interface beginning at 2 30 on November 30 2002 with no ending time infinitely Matrix Router1 config router key chain...

Page 1123: ...authentication no ip rip authentication keychain name Command Type Router command Command Mode Interface configuration Matrix Router1 config if Vlan 1 Command Defaults None Examples This example shows...

Page 1124: ...use of authentication no ip rip authentication mode Command Type Router command Command Mode Interface configuration Matrix Router1 config if Vlan 1 Command Defaults None Example This example shows h...

Page 1125: ...routing information on the Matrix Series device To verify which routes are summarized for an interface use the show ip protocols command as described in Section 12 2 6 4 no auto summary Syntax Descrip...

Page 1126: ...these triggered updates By default triggered updates are enabled on a RIP interface ip rip disable triggered updates Syntax Description None Command Syntax of the no Form The no form of this command a...

Page 1127: ...twork is unreachable rather than implying it by not including the network in routing updates ip split horizon poison Syntax Description None Command Syntax of the no Form The no form of this command d...

Page 1128: ...passive interface vlan vlan id Command Type Router command Command Mode Router configuration Matrix Router1 config router Command Defaults None Example This example shows how to set VLAN 2 as a passiv...

Page 1129: ...mand Syntax of the no Form The no use of this command denies the reception of RIP updates no receive interface vlan vlan id Command Type Router command Command Mode Router configuration Matrix Router1...

Page 1130: ...ion Matrix Router1 config router Command Defaults None Example This example shows how to suppress the network 192 5 34 0 from being advertised in outgoing routing updates access list number Specifies...

Page 1131: ...ly non subnetted routes will be redistributed connected Specifies that non RIP routing information discovered via directly connected interfaces will be redistributed ospf Specifies that OSPF routing i...

Page 1132: ...atinum and Diamond Series Configuration Guide Example This example shows how to redistribute routing information discovered through OSPF process ID 1 non subnetted routes into RIP update messages Matr...

Page 1133: ...ctivate your license as described back in Section 2 2 4 in order to enable the OSPF command set If you wish to purchase an advanced routing license contact Enterasys Networks Sales NOTE Activating you...

Page 1134: ...2 3 12 Configure OSPF Areas Configure an administrative distance distance ospf Section 13 2 3 13 Define the range of addresses to be used by Area Boundary Routers ABRs area range Section 13 2 3 14 Ena...

Page 1135: ...3 23 show ip ospf database Section 13 2 3 24 show ip ospf border routers Section 13 2 3 25 show ip ospf interface Section 13 2 3 26 show ip ospf neighbor Section 13 2 3 27 show ip ospf virtual links...

Page 1136: ...mand Defaults None Example This example shows how to enable routing for OSPF process 1 NOTES You must execute the router ospf command to enable the protocol before completing many OSPF specific config...

Page 1137: ...nd Command Mode Router configuration Matrix Router1 config router Command Defaults None Example This example shows how to configure IP address 182 127 62 1 0 0 0 31 as OSPF area 0 ip address Specifies...

Page 1138: ...interfaces configured for IP routing router id ip address Syntax Description Command Syntax of the no Form The no form of this command resets the router ID to the first interface configured for IP ro...

Page 1139: ...s the default of 10 ip ospf cost cost Syntax Description Command Syntax of the no Form The no form of this command resets the OSPF cost to the default of 10 no ip ospf cost Command Type Router command...

Page 1140: ...a designated router ip ospf priority number Syntax Description Command Syntax of the no Form The no form of this command resets the value to the default of 1 no ip ospf priority Command Type Router co...

Page 1141: ...d Type Router command Command Mode Router configuration Matrix Router1 config router Command Defaults None Example This example shows how to set spf delay time to 7 seconds and hold time to 3 spf dela...

Page 1142: ...ax Description Command Syntax of the no Form The no form of this command resets the retransmit interval value to the default 5 seconds no ip ospf retransmit interval Command Type Router command Comman...

Page 1143: ...o Form The no form of this command resets the retransmit interval value to the default 1 second no ip ospf transmit delay Command Type Router command Command Mode Interface configuration Matrix Router...

Page 1144: ...mmand sets the hello interval value to the default 10 seconds for broadcast and point to point networks 30 seconds for non broadcast and point to multipoint networks no ip ospf hello interval Command...

Page 1145: ...d sets the dead interval value to the default 40 seconds no ip ospf dead interval Command Type Router command Command Mode Interface configuration Matrix Router1 config if Vlan 1 Command Defaults None...

Page 1146: ...ospf authentication key Command Type Router command Command Mode Interface configuration Matrix Router1 config if Vlan 1 Command Defaults If password is not specified the password will be set to a bl...

Page 1147: ...rface no ip ospf message digest key keyid Command Type Router command Command Mode Interface configuration Matrix Router1 config if Vlan 1 Command Defaults None Example This example shows how to enabl...

Page 1148: ...routes as shown in the table below distance ospf external inter area intra area weight Syntax Description Command Syntax of the no Form The no form of this command resets OSPF administrative distance...

Page 1149: ...uide 13 47 Command Defaults If route type is not specified the distance value will be applied to all OSPF routes Example This example shows how to change the default administrative distance for extern...

Page 1150: ...x of the no Form The no form of this command stops the routes from being summarized no area area id range ip address ip mask Command Type Router command Command Mode Router configuration Matrix Router...

Page 1151: ...configuration Matrix Router1 config router Command Defaults None Example This example shows how to enable MD5 authentication on OSPF area 10 0 0 0 area id Specifies the OSPF area in which to enable a...

Page 1152: ...command Command Mode Router configuration Matrix Router1 config router Command Defaults If no summary is not specified the stub area will be able to receive LSAs Example The following example shows ho...

Page 1153: ...form of this command removes the cost value from the summary route that is sent into the stub area no area area id default cost Command Type Router command Command Mode Router configuration Matrix Ro...

Page 1154: ...omains area area id nssa default information originate Syntax Description Command Syntax of the no Form The no form of this command changes the NSSA back to a plain area no area area id nssa default i...

Page 1155: ...cimal values or IP addresses A transit area is an area through which a virtual link is established ip address Specifies the IP address of the ABR A virtual link is established from the ABR where virtu...

Page 1156: ...ter command Command Mode Router configuration Matrix Router1 config router Command Defaults None Example This example shows how to configure a virtual link between OSPF area 0 0 0 2 and ABR network 13...

Page 1157: ...jacencies from being formed on an interface passive interface vlan vlan id Syntax Description Command Syntax of the no Form The no form of this command disables passive OSPF mode no passive ospf vlan...

Page 1158: ...for the connected RIP or static redistribution route This value should be consistent with the designation protocol metric type type value Optional Specifies the external link type associated with the...

Page 1159: ...Command Defaults If metric value is not specified 0 will be applied If type value is not specified type 2 external route will be applied If subnets is not specified only non subnetted routes will be r...

Page 1160: ...will be restored database overflow external exit overflow interval interval limit limit warning level level Syntax Description Command Syntax of the no Form The no form of this command removes the dat...

Page 1161: ...the OSPF database exit overflow interval to 240 seconds the overflow limit to 3800 LSAs and the warning level to 2500 LSAs Matrix Router1 config router ospf 1 Matrix Router1 config router database ov...

Page 1162: ...OSPF 13 60 Matrix DFE Platinum and Diamond Series Configuration Guide 13 2 3 23 show ip ospf Use this command to display OSPF information show ip ospf Syntax Description None Command Type Router comm...

Page 1163: ...of interfaces in this area is 0 Area has no authentication SPF algorithm executed 65 times Area ranges are Link State Update Interval is 00 30 00 and due in 00 03 12 Link State Age Interval is 00 00...

Page 1164: ...id Optional Specifies the link state identifier Valid values are IP addresses router Displays router Type 1 link state records in their detailed format Router records are originated by all routers net...

Page 1165: ...ion of the command output database summary Displays a numerical summary of the contents of the link state database Matrix Router1 show ip ospf database OSPF Router with ID 182 127 64 1 Displaying Net...

Page 1166: ...oadcast network Router Link States Shows the ID of the router originating the record Summary Link States Shows the summary network prefix ADV Router Router ID of the router originating the link state...

Page 1167: ...s output shows that an intra area route has been established to destination border router 192 168 22 1 via neighboring router 192 168 11 1 on the VLAN 2 interface in area 0 The OSPF cost of this route...

Page 1168: ...y all OSPF related information for VLAN 1 Table 13 4 provides an explanation of the command output vlan vlan id Optional Displays OSPF information for a specific VLAN This VLAN must be configured for...

Page 1169: ...interface priority value which is either default or assigned with the ip ospf priority command For details refer to Section 13 2 3 5 Designated Router id The router ID of the designated router on this...

Page 1170: ...E Platinum and Diamond Series Configuration Guide Adjacent neighbor count Number of adjacent FULL state neighbors over this interface Adjacent with neighbor IP address of the adjacent neighbor Table 1...

Page 1171: ...ng If vlan id is not specified OSPF neighbors will be displayed for all VLANs configured for routing Example This example shows how to use the show ospf neighbor command detail Optional Displays detai...

Page 1172: ...how ip ospf neighbor Output Details Output What It Displays ID Neighbor s router ID of the OSPF neighbor Pri Neighbor s priority over this interface State Neighbor s OSPF communication state Dead Int...

Page 1173: ...F virtual links information Table 13 6 provides an explanation of the command output Matrix Router1 show ip ospf virtual links Virtual Link to router 5 5 5 1 is UP Transit area 0 0 0 2 via interface V...

Page 1174: ...transmitted through the virtual link State Interface state assigned to a virtual link which is point to point Timer intervals configured Timer intervals configured for the virtual link including Hello...

Page 1175: ...lished and routes to be reconverged clear ip ospf process process id Syntax Description Command Type Router command Command Mode Privileged EXEC Matrix Router1 Command Defaults None Example This examp...

Page 1176: ...em Command Type Router command Command Mode Privileged EXEC Matrix Router1 Command Defaults None Example This example shows how to enable OSPF protocol debugging output to display information about Li...

Page 1177: ...ty rfc1583compatible Syntax Description None Command Syntax of the no Form The no form of this command removes OSPF RFC 1583 compatible no rfc1583compatible Command Type Router command Command Mode Ro...

Page 1178: ...eceive from a particular multicast group the router can send a prune message back up the distribution tree to stop subsequent packets from traveling where there are no members DVMRP will periodically...

Page 1179: ...Router command Command Mode Interface configuration Matrix Router1 config if Vlan 1 Command Defaults None Example This example shows how to enable DVMRP on VLAN 1 NOTE IGMP must be enabled on all VLA...

Page 1180: ...d Type Router command Command Mode Interface configuration Matrix Router1 config if Vlan 1 Command Defaults None Example This example shows how to set a DVMRP of 16 on VLAN 1 metric Specifies a metric...

Page 1181: ...r mode Command Defaults None Example This example shows how to display DVMRP routing table entries In this case the routing table has 5 entries The first entry shows that the source network 60 1 1 0 2...

Page 1182: ...S Neighbor supports SNMP M Neighbor supports mtrace DVMRP Routing Table 5 entries 60 1 1 0 24 2 uptime 1 24 2 expires 0 2 3 via neighbor 40 1 1 3 version 3 255 flags VPGN gen id 0x336ff052 50 50 50 0...

Page 1183: ...determine the address of a router it can use as a default gateway Commands The commands used to enable and configure IRDP are listed below and described in the associated section as shown ip irdp Sect...

Page 1184: ...terface ip irdp Syntax Description None Command Syntax of the no Form The no form of this command disables IRDP on an interface no ip irdp Command Type Router command Command Mode Interface configurat...

Page 1185: ...rm of this command resets the maximum advertisement interval to the default value of 600 seconds no irdp maxadvertinterval Command Type Router command Command Mode Interface configuration Matrix Route...

Page 1186: ...m holdtime setting and resets the minimum advertisement interval to the default value of three fourths of the maxadvertinterval value no irdp minadvertinterval Command Type Router command Command Mode...

Page 1187: ...lue no irdp holdtime Command Type Router command Command Mode Interface configuration Matrix Router1 config if Vlan 1 Command Defaults None Example This example shows how to set the IRDP hold time to...

Page 1188: ...preference value to the default of 0 no irdp preference Command Type Router command Command Mode Interface configuration Matrix Router1 config if Vlan 1 Command Defaults None Example This example show...

Page 1189: ...command Command Mode Interface configuration Matrix Router1 config if Vlan 1 Command Defaults None Example This example shows how to advertise IP address 183 255 0 162 with a preference of 1 on VLAN...

Page 1190: ...than multicast transmissions By default the router sends IRDP advertisements via multicast no ip irdp multicast Syntax Description None Command Type Router command Command Mode Interface configuratio...

Page 1191: ...ace configuration Matrix Router1 config if Vlan 1 Command Defaults If vlan vlan id is not specified IRDP information for all interfaces will be displayed Example This example shows how to display IRDP...

Page 1192: ...nabled routers decide who will become master and who will become backup in the event the master fails Commands The commands used to enable and configure VRRP are listed below and described in the asso...

Page 1193: ...rations from the running configuration no router vrrp Command Type Router command Command Mode Global configuration Matrix Router1 config Command Defaults None Example This example shows how enable VR...

Page 1194: ...vrid Command Type Router command Command Mode Router configuration Matrix Router1 config router Command Defaults None Example This example shows how to create a VRRP session on VLAN 1 with a VRID of 1...

Page 1195: ...er IP address can be either an address configured on the routing interface or an address that falls within the range of any networks configured on the routing interface All of the virtual router IP ad...

Page 1196: ...e interface VLAN 1 VRID 1 All 5 addresses fall within the range of networks configured on the VLAN 1 routing interface because VLAN 1 has a primary IP address of 182 127 62 1 24 and secondary IP addre...

Page 1197: ...on VLAN 1 VRID 1 vlan vlan id Specifies the number of the VLAN on which to configure VRRP priority This VLAN must be configured for IP routing as described in Section 2 3 2 vrid Specifies a unique Vi...

Page 1198: ...enabled management stations that use ping to poll devices will be able to see that the virtual router is available when the backup router assumes the role of master master icmp reply vlan vlan id vri...

Page 1199: ...vrid interval Syntax Description Command Syntax of the no Form The no form of this command clears the VRRP advertise interval value no advertise interval vlan vlan id vrid interval Command Type Router...

Page 1200: ...ng VRRP 13 98 Matrix DFE Platinum and Diamond Series Configuration Guide Example This example shows how set an advertise interval of 3 seconds on VLAN 1 VRID 1 Matrix Router1 config router vrrp Matrix...

Page 1201: ...critical ip vlan vlan id vrid ip address critical priority Syntax Description Command Syntax of the no Form The no form of this command clears the critical IP address no critical ip vlan vlan id vrid...

Page 1202: ...rix DFE Platinum and Diamond Series Configuration Guide Example This example shows how to set IP address 182 127 62 3 as a critical IP address associated with VLAN 1 VRID 1 Matrix Router1 config route...

Page 1203: ...empt vlan id vrid Command Type Router command Command Mode Router configuration Matrix Router1 config router Command Defaults None Example This example shows how to disable preempt mode on VLAN 1 VRID...

Page 1204: ...ommand Syntax of the no Form The no form of this command clears the preempt delay timer no preempt delay vlan id vrid Command Type Router command Command Mode Router configuration Matrix Router1 confi...

Page 1205: ...ing VRRP Matrix DFE Platinum and Diamond Series Configuration Guide 13 103 Example This example shows how to set the preempt delay to 60 seconds on VLAN 1 VRID 1 Matrix Router1 config router vrrp Matr...

Page 1206: ...config router Command Defaults None Example This example shows how to enable VRRP on VLAN 1 VRID 1 NOTE Before enabling VRRP you must set the other options described in this section Once enabled you c...

Page 1207: ...the no Form The no form of this command clears VRRP authentication no ip vrrp authentication key Command Type Router command Command Mode Interface configuration Matrix Router1 config if Vlan 1 Comman...

Page 1208: ...Command Defaults None Example This example shows how to set the VRRP MD5 authentication password to qwer on VLAN 1 VRID 1 vrid Specifies the Virtual Router ID VRID Valid values are from 1 to 255 md5...

Page 1209: ...nd to display VRRP routing information show ip vrrp Syntax Description None Command Type Router command Command Mode Any router mode Command Defaults None Example This example shows how to display VRR...

Page 1210: ...Routing Protocol Configuration Command Set Configuring VRRP 13 108 Matrix DFE Platinum and Diamond Series Configuration Guide...

Page 1211: ...3 5 Support for RADUIS RFC 3580 and TACACS can be found in the following sections Section 14 3 2 Section 14 3 3 and Section 14 3 4 SNMP user or community names used for authentication and authorizatio...

Page 1212: ...etails refer to Section 14 3 11 IP Access Lists ACLs permits or denies access to routing interfaces based on protocol and inbound and or outbound IP address restrictions configured in access lists For...

Page 1213: ...includes a Filter ID matching a policy profile name configured on the switch the switch then dynamically applies the policy profile to the physical port the user device is authenticating on Filter ID...

Page 1214: ...ction 14 3 4 4 Configuring TACACS Section 14 3 4 5 Configuring 802 1X Authentication Section 14 3 5 6 Configuring Port Web Authentication PWA Section 14 3 6 7 Configuring MAC Authentication Section 14...

Page 1215: ...D SET 14 3 1 Setting the Authentication Login Method Purpose To configure the authentication login method Commands The commands used to configure the authentication login method are listed below and d...

Page 1216: ...tication login Use this command to display the current authentication login method show authentication login Syntax Description None Command Type Switch command Command Mode Read Only Command Defaults...

Page 1217: ...Mode Read Write Command Defaults None Example This example shows how to set the authentication login method to use the local password settings any Specifies that the authentication protocol will be se...

Page 1218: ...clear authentication login Use this command to reset the authentication login method to the default setting of any clear authentication login Syntax Description None Command Type Switch command Comman...

Page 1219: ...server parameters including IP address timeout period authentication realm and number of user login attempts allowed Reset RADIUS server settings to default values Configure a RADIUS accounting serve...

Page 1220: ...uration information state Optional Displays the RADIUS client s enable status retries Optional Displays the number of retry attempts before the RADIUS server times out authtype Optional Displays the R...

Page 1221: ...y attempts before the RADIUS server times out The default value of 3 can be reset using the set radius command as described in Section 14 3 2 2 RADIUS timeout Maximum amount of time in seconds to esta...

Page 1222: ...ables the RADIUS client retries number of retries Specifies the number of retry attempts before the RADIUS server times out Valid values are from 1 to 10 Default is 3 timeout timeout Specifies the max...

Page 1223: ...hentication port 1812 and an authentication password of pwsecret As previously noted the server secret password entered here must match that already configured as the Read Write rw password on the RAD...

Page 1224: ...Examples This example shows how to clear all settings on all RADIUS servers This example shows how to reset the RADIUS timeout to the default value of 20 seconds state Optional Resets the RADIUS clien...

Page 1225: ...Example This example shows how to display RADIUS accounting configuration information In this case RADIUS accounting is enabled and global default settings have not been changed One server has been co...

Page 1226: ...ion Guide For details on enabling and configuring RADIUS accounting refer to Section 14 3 2 5 Matrix rw show radius accounting Accounting state Enabled Accounting update interval 1800 secs Accounting...

Page 1227: ...conds between each RADIUS accounting interim update when accumulated accounting data is sent to the server for a session Valid values are 180 2147483647 retries retries Sets the maximum number of atte...

Page 1228: ...e server secret password entered here must match that already configured as the Read Write rw password on the RADIUS accounting server This example shows how to set the RADIUS accounting timeout to 30...

Page 1229: ...mand Command Mode Read Write Command Defaults None Example This example shows how to reset the RADIUS accounting timeout to 5 seconds on all servers server index all Clears the configuration on one or...

Page 1230: ...Point and itself The AAA server will then describe the level of service which should be provided This may include authentication success session duration and class of service to be provided Enterasys...

Page 1231: ...l VLAN Authorization configuration information will be displayed Example This example shows how to display VLAN Authorization configuration information for ports ge 1 1 3 port list Optional Displays t...

Page 1232: ...able VLAN Authorization This example shows how to enable VLAN Authorization for port ge 1 1 for tagged packets enable disable enable Enable VLAN Authorization disable Disable VLAN Authorization port p...

Page 1233: ...uthorization port list all Syntax Description Command Type Switch command Command Mode Read Write Command Defaults None Example This example shows how to clear VLAN Authorization This example shows ho...

Page 1234: ...client and server settings to default values Commands The commands used to review and configure TACACS are listed below and described in the associated section as shown show tacacs Section 14 3 4 1 s...

Page 1235: ...e This example shows how to display all TACACS configuration information Table 14 2 provides an explanation of the command output state Optional Displays only the TACACS client status Matrix ro show t...

Page 1236: ...enabled or disabled TACACS singleconnect state Whether TACACS singleconnect is enabled or disabled When enabled the TACACS client sends multiple requests over a single TCP connection TACACS service Th...

Page 1237: ...n Command Defaults None Command Type Switch command Command Mode Read Write Usage The TACACS client can be enabled on the switch anytime with or without a TACACS server online If the TACACS server is...

Page 1238: ...lts None Command Type Switch command Command Mode Read Only Example This example displays configuration information for all configured TACACS servers index Display the configuration of the TACACS serv...

Page 1239: ...Type Switch command Command Mode Read Write Example This example configures TACACS server 1 The default timeout value of 10 seconds will be applied all Specify the timeout value for all configured TAC...

Page 1240: ...ed TACACS servers clear tacacs server all index timeout Syntax Description Command Defaults If timeout is not specified the affected TACACS servers will be removed Command Type Switch command Command...

Page 1241: ...mmand Type Switch command Command Mode Read Only Examples This example shows how to display client session authorization information This example shows how to display client session accounting state a...

Page 1242: ...ifies the name of the service that the TACACS client will request from the TACACS server The name specified here must match the name of a service configured on the server read only attribute value Spe...

Page 1243: ...the Matrix switch The parameter values must match a service and access level attribute value pairs configured on the server for the session to be authorized If the parameter values do not match the s...

Page 1244: ...his example shows how to return all the session authorization parameters to their default values authorization Clears the TACACS session authorization parameters service Clears the TACACS session auth...

Page 1245: ...accounting or authorization configuration parameters are displayed which at this time includes only the enabled disabled status Command Type Switch command Command Mode Read Write Example This exampl...

Page 1246: ...sion When per command accounting is enabled the TACACS server will log accounting information such as start and stop times IP address of the client and so forth for each command executed during the se...

Page 1247: ...ntax Description Command Defaults If state is not specified all single connection configuration parameters are displayed which at this time includes only the enabled disabled state Command Type Switch...

Page 1248: ...n When enabled the TACACS client will use a single TCP connection for all requests to a given TACACS server set tacacs singleconnect enable disable Syntax Description Command Defaults None Command Typ...

Page 1249: ...thorize supplicants will be allowed to simultaneously utilize more than one access entity Access Entities responsible for maintaining state counters and statistics for an individual supplicant An acce...

Page 1250: ...nfiguration Guide Commands The commands used to review and configure 802 1X are listed below and described in the associated section as shown show dot1x Section 14 3 5 1 show dot1x auth config Section...

Page 1251: ...displayed If index is not specified information for all access entities will be displayed auth config Optional Displays authentication configuration information access entity Optional Displays access...

Page 1252: ...abled Matrix rw show dot1x auth diag fe 1 1 Port 1 Auth Diag Enter Connecting 0 EAP Logoffs While Connecting 0 Enter Authenticating 0 Success While Authenticating 0 Timeouts While Authenticating 0 Fai...

Page 1253: ...s Rx 0 Session Octets Tx 0 Session Frames Rx 0 Session Frames Tx 0 Session Id 1 00 00 00 00 00 00 Session Authentic Method Remote Auth Server Session Time 0 secs Session Terminate Cause Port Failure S...

Page 1254: ...hentication state machine quietperiod Optional Displays the value set for quiet period currently in use by the authenticator PAE state machine reauthenabled Optional Displays the state of reauthentica...

Page 1255: ...ample shows how to display all 802 1X authentication configuration settings for fe 2 24 Matrix rw show dot1x auth config authcontrolled portcontrol fe 1 1 Port 1 Auth controlled port control Auto Matr...

Page 1256: ...ified the reinitialization or reauthentication setting will be applied to all ports If index is not specified all access entities will be affected Examples This example shows how to enable 802 1X This...

Page 1257: ...authentication on the port and allows all frames received on the port to be forwarded forced unauth Forced unauthorized mode which effectively disables 802 1X authentication on the port When 802 1X i...

Page 1258: ...out Specifies a timeout period in seconds for the authentication server used by the backend authentication state machine Valid values are 1 300 supptimeout timeout Specifies a timeout period in second...

Page 1259: ...olled portcontrol Optional Resets the 802 1X port control mode to auto keytxenabled Optional Resets the 802 1X key transmission state to disabled false maxreq Optional Resets the maximum requests valu...

Page 1260: ...ple shows how to reset the 802 1X port control mode to auto on all ports This example shows how to reset reauthentication control to disabled on ports fe 1 1 3 This example shows how to reset the 802...

Page 1261: ...cated state of the user a login page or a logout page will display When a user submits username and password the switch then authenticates the user via a preconfigured RADIUS server If the login is su...

Page 1262: ...t will enable the selective services required for PWA This rule will forward ARP requests allow access to a server at IP 1 2 3 4 that acts as both a DNS and DHCP server and be assigned as the default...

Page 1263: ...tion 14 3 6 5 set pwa banner Section 14 3 6 6 clear pwa banner Section 14 3 6 7 set pwa displaylogo Section 14 3 6 8 set pwa redirecttime Section 14 3 6 9 set pwa ipaddress Section 14 3 6 10 set pwa p...

Page 1264: ...isplayed for all ports Command Type Switch command Command Mode Read Only Examples This example shows how to display PWA information for ge 2 1 Table 14 3 provides an explanation of the command output...

Page 1265: ...ancedmode command as described in Section 14 3 6 12 PWA Logo Whether the Enterasys Networks logo will be displayed or hidden at user login Default state of enabled displayed can be changed using the s...

Page 1266: ...Period Amount of time a port will be in the held state after a user unsuccessfully attempts to log on to the network Default value of 60 can be changed using the set pwa quietperiod command as describ...

Page 1267: ...Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to enable port web authentication NOTE Port Web Authentication cannot be enabled if either MAC...

Page 1268: ...is command to set a port web authentication host name This is a URL for accessing the PWA login page set pwa hostname name Syntax Description Command Defaults None Command Type Switch command Command...

Page 1269: ...iguration Guide 14 59 14 3 6 4 clear pwa hostname Use this command to clear the port web authentication host name clear pwa hostname Syntax Description None Command Defaults None Command Type Switch c...

Page 1270: ...ide 14 3 6 5 show pwa banner Use this command to display the port web authentication login banner string show pwa banner Syntax Description None Command Defaults None Command Type Switch command Comma...

Page 1271: ...s command to configure a string to be displayed as the PWA login banner set pwa banner string Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This...

Page 1272: ...uration Guide 14 3 6 7 clear pwa banner Use this command to reset the PWA login banner to a blank string clear pwa banner Syntax Description None Command Defaults None Command Type Switch command Comm...

Page 1273: ...mand to set the display options for the Enterasys Networks logo set pwa displaylogo display hide Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example Th...

Page 1274: ...A login success page redirect time set pwa redirecttime time Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to set the PWA...

Page 1275: ...nd station from which PWA will prevent network access until the user is authenticated set pwa ipaddress ip address Syntax Description Command Defaults None Command Type Switch command Command Mode Rea...

Page 1276: ...p Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to set a the PWA protocol to CHAP chap pap Sets the PWA protocol to CHAP P...

Page 1277: ...uthenticated PWA ports can type any URL into a browser and be presented the PWA login page on their initial web access They will also be granted guest networking privileges set pwa enhancedmode enable...

Page 1278: ...orking When enhanced mode is enabled as described in Section 14 3 6 12 PWA will use this name to grant network access to guests without established login names and passwords set pwa guestname name Syn...

Page 1279: ...nfiguration Guide 14 69 14 3 6 14 clear pwa guestname Use this command to clear the PWA guest user name clear pwa guestname Syntax Description None Command Type Switch command Command Defaults None Co...

Page 1280: ...hanced mode is enabled as described in Section 14 3 6 12 PWA will use this password and the guest user name to grant network access to guests without established login names and passwords set pwa gues...

Page 1281: ...y privileges to users without established login names and passwords set pwa gueststatus authnone authradius disable Syntax Description Command Type Switch command Command Defaults None Command Mode Re...

Page 1282: ...authenticated state set pwa initialize port string Syntax Description Command Type Switch command Command Defaults If port string is not specified all ports will be initialized Command Mode Read Write...

Page 1283: ...set pwa quietperiod time port string Syntax Description Command Type Switch command Command Defaults If port string is not specified quiet period will be set for all ports Command Mode Read Write Exa...

Page 1284: ...s requests port string Syntax Description Command Type Switch command Command Defaults If port string is not specified maximum requests will be set for all ports Command Mode Read Write Example This e...

Page 1285: ...will respond to requests If a default policy exists on the port it will be ignored in the unauthenticated state NOTE In order for PWA enhanced mode to operate port control mode must be set to auto fo...

Page 1286: ...nd Set Configuring Port Web Authentication PWA 14 76 Matrix DFE Platinum and Diamond Series Configuration Guide Example This example shows how to set the PWA control mode to auto for all ports Matrix...

Page 1287: ...session information for all ports will be displayed Command Mode Read Only Example This example shows how to display PWA session information port string Optional Displays PWA session information for...

Page 1288: ...Chapter 8 Commands The commands needed to review enable disable and configure MAC authentication are listed below and described in the associated section as shown show macauthentication Section 14 3 7...

Page 1289: ...MAC Authentication Matrix DFE Platinum and Diamond Series Configuration Guide 14 79 clear macauthentication reauthperiod Section 14 3 7 17 set macauthentication quietperiod Section 14 3 7 18 clear ma...

Page 1290: ...le 14 4 provides an explanation of the command output port string Optional Displays MAC authentication information for specific port s For a detailed description of possible port string values refer t...

Page 1291: ...to authenticate the full address i e authentication server timeout causes the next attempt to start once again with a full MAC authentication Default is 48 and cannot be reset Port Port designation F...

Page 1292: ...mation will be displayed for all MAC authentication ports Example This example shows how to display MAC session information Table 14 5 provides an explanation of the command output Matrix rw show maca...

Page 1293: ...or this port set using the set macauthentication reauthperiod command described in Section 14 3 7 16 Reauthentications Whether or not reauthentication is enabled or disabled on this port Set using the...

Page 1294: ...this command to globally enable or disable MAC authentication set macauthentication enable disable Syntax Description Command Type Switch command Command Mode Read Write Command Defaults None Example...

Page 1295: ...this command to set a MAC authentication password set macauthentication password password Syntax Description Command Type Switch command Command Mode Read Write Command Defaults None Examples This exa...

Page 1296: ...clear macauthentication password Use this command to clear the MAC authentication password clear macauthentication password Syntax Description None Command Type Switch command Command Mode Read Write...

Page 1297: ...et the number of significant bits of the MAC address to use for authentication set macauthentication significant bits number Syntax Description Command Type Switch command Command Mode Read Write Comm...

Page 1298: ...gnificant bits Use this command to clear the MAC authentication significant bits setting clear macauthentication significant bits Syntax Description None Command Type Switch command Command Mode Read...

Page 1299: ...le This example shows how to enable MAC authentication on ge 2 1 though 5 NOTE Enabling port s for MAC authentication requires globally enabling MAC authentication on the device as described in Sectio...

Page 1300: ...cated number port string Syntax Description Command Type Switch command Command Mode Read Write Command Defaults None Example This example shows how to set the number of allowed MAC authentication ses...

Page 1301: ...Syntax Description Command Type Switch command Command Mode Read Write Command Defaults If port string is not specified the number of allowed authentication sessions will be cleared on all ports Exam...

Page 1302: ...ve any currently active sessions on those ports set macauthentication portinitialize port string Syntax Description Command Type Switch command Command Mode Read Write Command Defaults None Example Th...

Page 1303: ...ession to re initialize and remove the session set macauthentication macinitialize mac_addr Syntax Description Command Type Switch command Command Mode Read Write Command Defaults None Example This ex...

Page 1304: ...hentication reauthentication enable disable port string Syntax Description Command Type Switch command Command Mode Read Write Command Defaults None Example This example shows how to enable MAC reauth...

Page 1305: ...n one or more MAC authentication ports set macauthentication portreauthenticate port string Syntax Description Command Type Switch command Command Mode Read Write Command Defaults None Example This ex...

Page 1306: ...hentication of a MAC address set macauthentication macreauthenticate mac_addr Syntax Description Command Type Switch command Command Mode Read Write Command Defaults None Example This example shows ho...

Page 1307: ...ation reauthperiod time port string Syntax Description Command Type Switch command Command Mode Read Write Command Defaults None Example This example shows how to set the MAC reauthentication period t...

Page 1308: ...thperiod port string Syntax Description Command Type Switch command Command Mode Read Write Command Defaults If port string is not specified the reauthentication period will be cleared on all ports Ex...

Page 1309: ...port string Syntax Description Command Type Switch command Command Mode Read Write Command Defaults None Example This example shows how to set the macauthentication quiet period to 120 seconds 2 minut...

Page 1310: ...ue The default value is 0 never clear macauthentication quietperiod port string Syntax Description Command Type Switch command Command Mode Read Write Command Defaults None Example This example shows...

Page 1311: ...group IP address or a UDP TCP port number for detection Default UDP ports are 1718 1719 1720 Default group address is 224 0 1 41 The commands in this section can be used to configure H 323 detection u...

Page 1312: ...how cep policy Section 14 3 8 3 show cep port Section 14 3 8 4 set cep Section 14 3 8 5 set cep port Section 14 3 8 6 set cep policy Section 14 3 8 7 set cep detection Section 14 3 8 8 set cep detecti...

Page 1313: ...ommand Defaults None Command Mode Read Only Example This example shows how to display CEP connections for port fe 1 21 port string Displays CEP status for one or more ports For a detailed description...

Page 1314: ...ommand Defaults If no detection id is specified all CEP detection parameters are displayed Command Mode Read Only Examples This example shows how to display CEP detection information detection id Opti...

Page 1315: ...se this command to display the global policies of all supported CEP types show cep policy Syntax Description None Command Defaults None Command Mode Read Only Examples This example shows how to displa...

Page 1316: ...supported CEP types show cep port port string Syntax Description Command Defaults None Command Mode Read Only Examples This example shows how to display CEP status information for port fe 1 21 port s...

Page 1317: ...e 14 107 14 3 8 5 set cep Use this command to globally enable or disable CEP detection set cep enable disable Syntax Description Command Defaults None Command Type Switch command Command Mode Read Wri...

Page 1318: ...ommand Command Mode Read Write Example This example shows how to enable Cisco phone detection on port fe 3 1 port string Specifies the port s to enable or disable For a detailed description of possibl...

Page 1319: ...s described in Chapter 8 set cep policy cisco h323 siemens sip index Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to assi...

Page 1320: ...tion Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to create CEP detection group 1 NOTE This command applies only to Siemens H 323 and SIP ph...

Page 1321: ...y 3 manual detection types Siemens H323 SIP Under manual detection configuration for each of the types the Endpoint Phone Type will be listed correctly However the high and low ports will not reflect...

Page 1322: ...e Command Type Switch command Command Mode Read Write Example This example shows how to set an IP address of 10 1 1 3 and mask for detection group 1 NOTE This command applies only to Siemens H 323 and...

Page 1323: ...in Section 14 3 8 12 set cep detection id id protocol tcp udp both none Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to...

Page 1324: ...tection id id porthigh portlow port Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to set port 65 as the minimum port to be...

Page 1325: ...ring Syntax Description Command Defaults If no port string is specified all existing CEP connections on all ports are cleared Command Type Switch command Command Mode Read Write Example This example s...

Page 1326: ...itch command Command Mode Read Write all Restores factory defaults to all CEP configuration information policy Restore factory defaults to CEP policy configuration detection detection id Restore facto...

Page 1327: ...Configuration Guide 14 117 Examples This example shows how to clear all CEP policy parameters This example shows how to clear detection id 4 parameters This example shows how to clears ports fe 1 1 5...

Page 1328: ...hose with the locked MAC address es for that port Commands The commands needed to configure MAC locking are listed below and described in the associated section as shown show maclock Section 14 3 9 1...

Page 1329: ...C locking information for ge 2 1 through 5 Table 14 6 provides an explanation of the command output port_string Optional Displays MAC locking status for specified port s For a detailed description of...

Page 1330: ...o Section 14 3 9 3 and Section 14 3 9 5 Trap Status Whether MAC lock trap messaging is enabled or disabled on the port For details on setting this status using the set maclock trap command refer to Se...

Page 1331: ...orts in module 2 firstarrival Optional Displays MAC locking information about end stations first connected to MAC locked ports static Optional Displays MAC locking information about static management...

Page 1332: ...show maclock stations Output Details Output What It Displays Port Number Port designation For a detailed description of possible port_string values refer to Section 4 1 1 MAC address MAC address of th...

Page 1333: ...yntax Description Command Defaults If port_string is not specified MAC locking will be enabled on all ports Command Type Switch command Command Mode Read Write Example This example shows how to enable...

Page 1334: ...disable port_string Syntax Description Command Defaults If port_string is not specified MAC locking will be disabled on all ports Command Type Switch command Command Mode Read Write Example This exam...

Page 1335: ...n between MAC address 00 a0 c9 0d 32 11 and port fe 2 3 NOTE Configuring one or more ports for MAC locking requires globally enabling it on the device first using the set maclock enable command as des...

Page 1336: ...t_string value Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to restrict MAC locking to 6 MAC addresses on fe 2 3 port_str...

Page 1337: ...aclock move port string Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to move all current first arrival MACs to static ent...

Page 1338: ...per port to the default value of 600 clear maclock firstarrival port string Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how...

Page 1339: ...t maclock static port_string value Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to restrict MAC locking to 4 static addre...

Page 1340: ...er port to the default value of 20 clear maclock static port_string Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to reset...

Page 1341: ...val and set maclock static commands Violating MAC addresses are dropped from the device s routing table set maclock trap port_string enable disable Syntax Description Command Defaults None Command Typ...

Page 1342: ...faults None Command Type Switch command Command Mode Read Write Example This example shows how to clear MAC locking between MAC address 00 a0 c9 0d 32 11 and port fe 2 3 all Clears all static MAC lock...

Page 1343: ...H4383 49 and 7H4385 49 Uplink modules defined as modular SFP 10 Gbps and 100 FX ports support up to 128 authenticated users per port Uplink modules include the following 7G4202 30 7G4270 12 7G4280 19...

Page 1344: ...lear multiauth station Section 14 3 10 9 show multiauth session Section 14 3 10 10 show multiauth idle timeout Section 14 3 10 11 set multiauth idle timeout Section 14 3 10 12 clear multiauth idle tim...

Page 1345: ...trict Syntax Description Command Type Switch command Command Mode Read Write Command Defaults None Examples This example shows how to enable multiple authentication multi Allows the system to use mult...

Page 1346: ...uration Guide 14 3 10 2 clear multiauth mode Use this command to clear the system authentication mode clear multiauth mode Syntax Description None Command Type Switch command Command Mode Read Write C...

Page 1347: ...the precedence of the authentication methods will determine which RADIUS returned filter ID will be processed and result in an applied traffic policy profile set multiauth precedence dot1x mac pwa Sy...

Page 1348: ...multiauth precedence Use this command to clear the system s multiple authentication administrative precedence clear multiauth precedence Syntax Description None Command Type Switch command Command Mo...

Page 1349: ...command Command Mode Read Only Command Defaults If port string is not specified multiple authentication information will be displayed for all ports Example This example shows how to display multiple...

Page 1350: ...Mode Read Write Command Defaults None Examples This example shows how to set the port multiple authentication mode to required on ge 3 14 mode auth opt auth reqd force auth force unauth Specifies the...

Page 1351: ...rs port string Syntax Description Command Type Switch command Command Mode Read Write Command Defaults None Examples This example shows how to clear the port multiple authentication mode on all 1 Giga...

Page 1352: ...nd Defaults If no options are specified multiple authentication station entries will be displayed for all MAC addresses and ports Example This example shows how to display multiple authentication stat...

Page 1353: ...on Command Type Switch command Command Mode Read Write Command Defaults If not specified multiple authentication station entries will be cleared for all MAC addresses Example This example shows how to...

Page 1354: ...d Mode Read Only Command Defaults If no options are specified multiple authentication session entries will be displayed for all sessions authentication types MAC addresses and ports all Optional Displ...

Page 1355: ...ix rw show multiauth session Multiple authentication session entries Port fe 2 2 Station address 00 01 f4 2b 4f 8b Auth status success Last attempt MON MAY 08 14 34 42 2006 Agent type pwa Session appl...

Page 1356: ...sion This will display the idle timeout vlaues in seconds for the following authentication types dot1x pwa mac and cep show multiauth idle timeout Syntax Description None Command Type Switch command C...

Page 1357: ...nds for each of the multiple authentication types Examples This example shows how to set the idle timeout session for cep and mac authentication to 500 seconds This example shows how to set the idle t...

Page 1358: ...o 300 seconds for all authentication types Command Type Switch command Command Mode Read Write Examples This example shows how to clear the idle timeout session values for cep and mac authentication t...

Page 1359: ...e session This will display the session timeout values in seconds for the following authentication types dot1x pwa mac and cep show multiauth session timeout Syntax Description None Command Type Switc...

Page 1360: ...ows how to set the session timeout value for an active session for cep and mac authentication to 500 seconds This example shows how to set the session timeout value for an active session for all the a...

Page 1361: ...ommand Type Switch command Command Mode Read Write Examples This example shows how to clear the session timeout values for an active session for cep and mac authentication types to the default value o...

Page 1362: ...sable and configure the Secure Shell SSH protocol which provides secure Telnet Commands The commands used to review and configure SSH are listed below and described in the associated section as shown...

Page 1363: ...53 14 3 11 1 show ssh state Use this command to display the current status of SSH on the device show ssh state Syntax Description None Command Type Switch command Command Mode Read Only Command Defaul...

Page 1364: ...nable disable or reinitialize SSH server on the device set ssh enable disable reinitialize Syntax Description Command Type Switch command Command Mode Read Write Command Defaults None Example This exa...

Page 1365: ...tkey Use this command to set or reinitialize new SSH authentication keys set ssh hostkey reinitialize Syntax Description Command Type Switch command Command Mode Read Write Command Defaults None Examp...

Page 1366: ...11 4 show router ssh Use this command to display the state of SSH service to the router show router ssh Syntax Description None Command Type Switch command Command Mode Read Only Command Defaults Non...

Page 1367: ...outer ssh Use this command to enables or disable SSH service to the router set router ssh enable disable Syntax Description Command Type Switch command Command Mode Read Write Command Defaults None Ex...

Page 1368: ...lear router ssh Use this command to reset SSH service to the router to the default state of disabled clear router ssh Syntax Description None Command Type Switch command Command Mode Read Write Comman...

Page 1369: ...rotocol and source IP address restrictions Commands The commands used to review and configure security access lists are listed below and described in the associated section as shown show access lists...

Page 1370: ...s list which permits or denies ICMP UDP and IP frames based on restrictions configured with the one of the access list commands For details on configuring standard access lists refer to Section 14 3 1...

Page 1371: ...st numbers for standard ACLs are 1 to 99 For extended ACLs valid values are 100 to 199 access list number Specifies a standard access list number Valid values are from 1 to 99 insert replace entry Opt...

Page 1372: ...st portions of the network addresses Any host with a source address that does not match the access list statements will be rejected protocol Specifies an IP protocol for which to deny or permit access...

Page 1373: ...guration Command Set Configuring Access Lists Matrix DFE Platinum and Diamond Series Configuration Guide 14 163 This example moves entry 16 to the beginning of ACL 22 Matrix Router1 config access list...

Page 1374: ...in an ACL access list access list number move destination source1 source2 To log entries within an ACL access list access list number log 1 5000 all To apply ACL restrictions to IP UDP TCP or ICMP pac...

Page 1375: ...umber in the range to be moved Source2 optional is the last entry number in the range to be moved If not specified only the source1 entry will be moved deny permit Denies or permits access if specifie...

Page 1376: ...bers Possible operands include lt port Match only packets with a lower port number gt port Match only packets with a greater port number eq port Match only packets on a given port number neq port Matc...

Page 1377: ...e types If operator and port are not specified access parameters will be applied to all TCP or UDP ports Examples This example shows how to define access list 101 to deny ICMP transmissions from any s...

Page 1378: ...8 Matrix DFE Platinum and Diamond Series Configuration Guide This example shows how to define access list 102 to deny TCP packets transmitted from any IP source port with a the DiffServ value set to 5...

Page 1379: ...config if Vlan vlan_id Command Defaults None Example This example shows how to apply access list 1 for all inbound frames on VLAN 1 Through the definition of access list 1 only frames with destinatio...

Page 1380: ...oes match the ACL check is exited and the map having the ACL matching the packet is checked for further routing instruction If the action of that map is permit and a next hop is specified policy based...

Page 1381: ...Security Configuration Command Set Configuring Policy Based Routing Matrix DFE Platinum and Diamond Series Configuration Guide 14 171 ip policy pinger Section 14 3 13 9...

Page 1382: ...e IP addresses matching ACL lists 2 3 4 8 or 110 will be forwarded to next hop 10 2 1 1 10 2 2 1 or 10 2 3 1 The route map list was created using the route map command Section 14 3 13 2 The packet sou...

Page 1383: ...an existing route map list by specifying the list s id number and a new sequence number id number Specifies a route map list ID number to which this route map will be added If an unused ID number is...

Page 1384: ...ion Guide Command Defaults If permit or deny is not specified this command will enable route map or policy based routing configuration mode If sequence number is not specified 10 will be applied Examp...

Page 1385: ...emoves the match between an access list and this route map no match ip address access list number Command Type Router command Command Modes Policy based routing configuration Matrix Router1 config rou...

Page 1386: ...yntax of the no Form The no form of this command deletes next hop IP address es no set next hop next hop1 next hop2 next hop5 Command Type Router command Command Mode Policy based routing configuratio...

Page 1387: ...of the command output Matrix Router1 config show ip policy Interface Route map Priority Load policy Pinger Interval Retries 3 103 first first available off 3 3 2 102 only round robin on 10 4 Table 14...

Page 1388: ...the ip policy pinger command as described in Section 14 3 13 9 Interval PBR next hop ping interval in seconds Default of 3 can be reset using the ip policy pinger command as described in Section 14 3...

Page 1389: ...ns a route map list no ip policy route map Command Type Router command Command Mode Interface configuration Matrix Router1 config if Vlan vlan_id Command Defaults None Example This example shows how t...

Page 1390: ...mand Mode Interface configuration Matrix Router1 config if Vlan vlan_id Command Defaults None Example This example shows how to set the IP policy priority on VLAN 1 to last only first last Prioritizes...

Page 1391: ...Command Syntax of the no Form The no form of this command resets the next hop behavior to first available no ip policy load policy Command Type Router command Command Mode Interface configuration Mat...

Page 1392: ...and Defaults If not specified interval will be set to 3 seconds If not specified retries will be set to 3 Example This example shows how to configure the PBR ping interval to 5 and retries to 4 on VLA...

Page 1393: ...hich will protect the router from attacks and notify administrators via Syslog Commands The commands used to configure DoS prevention are listed below and described in the associated section as shown...

Page 1394: ...how to display Denial of Service security status and counters For details on how to set these parameters refer to Section 14 3 14 2 NOTE When fragmented ICMP packets protection is enabled the Ping of...

Page 1395: ...onfig if Vlan vlan_id Command Defaults None land Enables land attack protection and automatically discards illegal frames This can be enabled globally or per interface fragmicmp Enables fragmented ICM...

Page 1396: ...le shows how to globally enable land attack and large ICMP packets protection for packets larger than 2000 bytes This example shows how to enable spoofed address checking on the VLAN 1 interface Matri...

Page 1397: ...clear hostdos counters Use this command to clear Denial of Service security counters clear hostdos counters Syntax Description None Command Type Router command Command Mode Global configuration Matrix...

Page 1398: ...trators to Globally enable FST on the switch and on a port by port basis Configure the maximum flows allowed per user classification port type and the actions that will occur when flow limits are reac...

Page 1399: ...d Series Configuration Guide 14 189 set flowlimit port Section 14 3 15 8 clear flowlimit port class Section 14 3 15 9 set flowlimit shutdown Section 14 3 15 10 set flowlimit notification Section 14 3...

Page 1400: ...ing information will be displayed for all ports Example This example shows how to display flow limiting information for Fast Ethernet port 1 in module 2 In this case it is enabled for FST with an unsp...

Page 1401: ...Use this command to globally enable or disable flow setup throttling set flowlimit enable disable Syntax Description Command Type Switch command Command Mode Read Write Command Defaults None Example T...

Page 1402: ...serverport aggregateduser interswitchlink unspecified Syntax Description Command Type Switch command Command Mode Read Write Command Defaults If classification port type is not specified none will be...

Page 1403: ...uring Flow Setup Throttling FST Matrix DFE Platinum and Diamond Series Configuration Guide 14 193 Example This example shows how to set the flow limit 1 to 12 flows on ports classified as user ports M...

Page 1404: ...Type Switch command Command Mode Read Write Command Defaults If not specified the limit will be removed from all port classification types Example This example shows how to remove flow limit 1 from al...

Page 1405: ...an be defined per user classification Action number must correspond to a flow limit configured using the set flowlimit limit command as described in Section 14 3 15 3 notify Optional When flow limit i...

Page 1406: ...Guide Command Defaults If action is not specified no action will be applied If classification port type is not specified none will be applied Example This example shows how to set flow limiting actio...

Page 1407: ...d all action types will be removed If not specified the action will be removed from all port classifications Example This example shows how to remove flow limiting action 1 from all port classificatio...

Page 1408: ...rt serverport aggregateduser interswitchlink unspecified Syntax Description Command Type Switch command Command Mode Read Only Command Defaults If port classification type is not specified information...

Page 1409: ...atrix rw show flowlimit class Flow setup throttling class configuration Class Limit Action userPort limit1 800 action1 notify limit2 1000 action2 disable notify serverPort limit1 5000 action1 notify l...

Page 1410: ...interface previously disabled by a flow limiting action set flowlimit port enable disable class userport serverport aggregateduser interswitchlink unspecified status operational port string Syntax De...

Page 1411: ...etup Throttling FST Matrix DFE Platinum and Diamond Series Configuration Guide 14 201 Example This example shows how to assign the user port classification type to Fast Ethernet ports 3 5 in module 2...

Page 1412: ...rties clear flowlimit port class port string Syntax Description Command Type Switch command Command Mode Read Write Command Defaults If port string is not specified classifications will be removed fro...

Page 1413: ...red with a disable action to shut down For information on using the set flowlimit limit command to configure set a disable action on a port refer to Section 14 3 15 3 set flowlimit shutdown enable dis...

Page 1414: ...ified flow limit is reached For information on using the set flowlimit limit command to configure a trap action on a port refer to Section 14 3 15 3 set flowlimit notification disable enable interval...

Page 1415: ...interval Use this command to reset the SNMP flow limit notification interval to the default value of 120 seconds clear flowlimit notification interval Syntax Description None Command Type Switch comma...

Page 1416: ...one or more port s clear flowlimit stats port string Syntax Description Command Type Switch command Command Mode Read Write Command Defaults If port string is not specified statistics will be reset o...

Page 1417: ...5 simple password 13 44 Port web 14 51 RADIUS server 14 12 14 17 14 27 RIP 13 13 SSH 14 155 VRRP 13 105 Auto negotiation 4 51 B Banner for Message of the Day 2 72 Baud Rate 4 10 Broadcast settings for...

Page 1418: ...ow Setup Throttling FST 14 20 14 188 G Getting Help 1 3 GVRP enabling and disabling 7 44 purpose of 7 37 timer 7 46 H H 323 detection 14 101 Hardware show system 2 52 2 74 Hello Packets 13 42 to 13 43...

Page 1419: ...iscovery Protocol 2 143 Multicast Filtering 10 1 10 2 Multiple Authentication 14 133 Multiple Spanning Tree Protocol MSTP 6 1 N Name setting for a VLAN 7 8 setting for the system 2 76 Neighbors OSPF 1...

Page 1420: ...unters reviewing statistics 4 28 duplex mode setting 4 42 enabling and disabling 4 34 flow control 4 63 MAC lock 14 123 mirroring 4 90 priority configuring 9 2 speed setting 4 42 status reviewing 4 24...

Page 1421: ...ameters 6 5 features 6 2 Loop Protect feature 6 2 port parameters 6 91 Rapid Spanning Tree Protocol RSTP 6 1 Split Horizon 13 25 Stub Areas 13 50 Syslog 11 2 System Information displaying basic 2 50 s...

Page 1422: ...RP 7 37 ingress filtering 7 11 naming 7 8 reviewing existing 7 3 secure management creating 7 36 VRRP authentication 13 105 configuration mode enabling 13 91 creating a session 13 92 critical IP 13 99...

Reviews:

No comments