manualshive.com logo in svg

Enterasys Matrix N Standalone Series, Configuration Manual, Page: 1199 / 1372

Share
Download
Enterasys Matrix N Standalone Series Configuration Manual Download Page 1199

Security Configuration Command Set

Configuring 802.1X Authentication

Matrix NSA Series Configuration Guide

14-39

14.3.5 Configuring 802.1X Authentication

About Multi-User Authentication

Enterasys Networks’ enhanced version of the IEEE 802.1X-2001 specification decreases security 
vulnerabilities inherent with the standard implementation, and allows multiple devices and users, 
also known as “supplicants,” to be authenticated on a single port. The enhanced standard clearly 
distinguishes each network access port from its access “entities,” which maintain authentication 
instructions associated with each unique potential supplicant.

802.1X enhancements are backwards-compatible with existing 802.1X supplicants and 
configurations, and are designed to seamlessly integrate into Enterasys’ per-user policy 
management system; allowing much more granular control over user authorization.

The Enterasys multi-user 802.1X implementation includes the following components:

A Multi-Mode Enabled Matrix System—only when a system is set to operate in multiple 
authentication mode (as described in 

Section 14.3.10

) can the enhanced 802.1X feature be used. 

The system's ports intended for network access to authenticate and authorize supplicants will be 
allowed to simultaneously utilize more than one access entity.

Access Entities—responsible for maintaining state, counters, and statistics for an individual 
supplicant. An access entity is activated from a pool of configured access entities when a 
potential supplicant on a port needs to be authenticated. It becomes deactivated when the 
supplicant logs off, cannot be authenticated, or the Matrix device determines that the supplicant 
or associated policy settings are no longer valid.

Supplicants—devices or users that desire access to the network, such as workstations, printers, 
PDAs, or hard-wired or wireless phones. These will be identified by the system using a 
combination of connection port, MAC addresses, and allocated access entity index. Once a 
supplicant is successfully authenticated, the system is responsible for enforcing the degree to 
which the supplicant will be authorized to access the network, using information sent to it by the 
authentication server. 

Authentication Server—typically a RADIUS authority, where the Matrix system and server 
have mutually-configured knowledge of one another.

Purpose

To review and configure 802.1X authentication for one or more ports using EAPOL (Extensible 
Authentication Protocol). 802.1X controls network access by enforcing user authorization on 
selected ports, which results in allowing or denying network access according to RADIUS server 
configuration.

Summary of Contents for Matrix N Standalone Series

Page 1: ...Enterasys Matrix N Standalone NSA Series Configuration Guide Firmware Version 5 41 xx P N 9034073 08 Rev 0C ...

Page 2: ......

Page 3: ...EN IF ENTERASYS NETWORKS HAS BEEN ADVISED OF KNEW OF OR SHOULD HAVE KNOWN OF THE POSSIBILITY OF SUCH DAMAGES Enterasys Networks Inc 50 Minuteman Road Andover MA 01810 2008 Enterasys Networks Inc All rights reserved Part Number 9034073 08 Rev 0C July 2008 ENTERASYS ENTERASYS NETWORKS ENTERASYS MATRIX NETSIGHT WEBVIEW and any logos associated therewith are trademarks or registered trademarks of Ente...

Page 4: ...ROVISIONS THE LICENSE THE DISCLAIMER OF WARRANTY AND THE LIMITATION OF LIABILITY IF YOU DO NOT AGREE TO THE TERMS OF THIS AGREEMENT OR ARE NOT AUTHORIZED TO ENTER INTO THIS AGREEMENT ENTERASYS IS UNWILLING TO LICENSE THE PROGRAM TO YOU AND YOU AGREE TO RETURN THE UNOPENED PRODUCT TO ENTERASYS OR YOUR DEALER IF ANY WITHIN TEN 10 DAYS FOLLOWING THE DATE OF RECEIPT FOR A FULL REFUND IF YOU HAVE ANY Q...

Page 5: ...al security controls as identified on the U S Commerce Control List or iii if the direct product of the technology is a complete plant or any major component of a plant export to Country Groups D 1 or E 2 the direct product of the plant or a major component thereof if such foreign produced direct product is subject to national security controls as identified on the U S Commerce Control List or is ...

Page 6: ...edge and agree that any breach of Sections 2 4 or 9 of this Agreement by You may cause Enterasys irreparable damage for which recovery of money damages would be inadequate and that Enterasys may be entitled to seek timely injunctive relief to protect Enterasys rights under this Agreement in addition to any and all remedies available at law 11 ASSIGNMENT You may not assign transfer or sublicense th...

Page 7: ... 1 3 CLI Command Modes 2 9 2 1 4 Using WebView 2 10 2 1 5 Process Overview CLI Startup and General Configuration 2 11 2 1 6 Starting and Navigating the Command Line Interface 2 12 2 1 6 1 Using a Console Port Connection 2 12 2 1 6 2 Logging in with a Default User Account 2 12 2 1 6 3 Logging in with Administratively Configured Account 2 13 2 1 6 4 Using a Telnet Connection 2 13 2 1 6 5 Getting Hel...

Page 8: ...figuration Tasks 2 137 2 3 2 Reviewing and Configuring Routing 2 139 2 3 3 Enabling Router Configuration Modes 2 144 3 CONFIGURING DISCOVERY PROTOCOLS 3 1 Overview 3 1 3 2 Discovery Protocols Command Set 3 1 3 2 1 Displaying Neighbors 3 1 3 2 2 Enterasys Discovery Protocol 3 4 3 2 3 Cisco Discovery Protocol 3 12 3 2 4 Link Layer Discovery Protocol and LLDP MED 3 25 4 PORT CONFIGURATION 4 1 Port Co...

Page 9: ...5 3 SNMP Configuration Command Set 5 5 5 3 1 Reviewing SNMP Statistics 5 5 5 3 2 Configuring SNMP Users Groups and Communities 5 12 5 3 3 Configuring SNMP Access Rights 5 26 5 3 4 Configuring SNMP MIB Views 5 33 5 3 5 Configuring SNMP Target Parameters 5 39 5 3 6 Configuring SNMP Target Addresses 5 46 5 3 7 Configuring SNMP Notification Parameters 5 52 5 3 8 Creating a Basic SNMP Trap Configuratio...

Page 10: ...Classification Configuration 8 2 8 3 Policy Classification Configuration Command Set 8 2 8 3 1 Configuring Policy Profiles 8 2 8 3 2 Assigning Classification Rules to Policy Profiles 8 22 8 3 3 Configuring Policy Class of Service CoS 8 44 9 PORT PRIORITY AND RATE LIMITING CONFIGURATION 9 1 Port Priority Configuration Summary 9 1 9 2 Process Overview Port Priority and Rate Limiting Configuration 9 ...

Page 11: ...mand Set 12 2 12 2 1 Configuring Routing Interface Settings 12 2 12 2 2 Managing Router Configuration Files 12 12 12 2 3 Performing a Basic Router Configuration 12 17 12 2 4 Reviewing and Configuring the ARP Table 12 19 12 2 5 Configuring Broadcast Settings 12 29 12 2 6 Reviewing IP Traffic and Configuring Routes 12 34 12 2 7 Configuring PIM 12 47 12 2 8 Configuring Load Sharing Network Address Tr...

Page 12: ...580 14 20 14 3 4 Configuring TACACS 14 24 14 3 5 Configuring 802 1X Authentication 14 39 14 3 6 Configuring Port Web Authentication PWA 14 51 14 3 7 Configuring MAC Authentication 14 78 14 3 8 Configuring Convergence End Points CEP Phone Detection 14 101 14 3 9 Configuring MAC Locking 14 118 14 3 10 Configuring Multiple Authentication 14 133 14 3 11 Configuring Secure Shell SSH 14 152 14 3 12 Conf...

Page 13: ...2 14 2 3 Performing a Keyword Lookup 2 15 2 4 Performing a Partial Keyword Lookup 2 15 2 5 Scrolling Screen Output 2 16 2 6 Abbreviating a Command 2 17 2 7 Completing a Partial Command 2 17 2 8 Enabling the Switch for Routing 2 139 7 1 Example of VLAN Propagation via GVRP 7 34 12 1 Example of a Simple Matrix Series Router Config File 12 17 ...

Page 14: ...Figures xii Matrix NSA Series Configuration Guide ...

Page 15: ...ocal info Output Details 3 34 3 5 show lldp port remote info Output Display 3 39 4 1 show port status Output Details 4 26 4 2 show port counters Output Details 4 29 4 3 show port advertise Output Details 4 57 4 4 show port flow control Output Details 4 63 4 5 show linkflap parameters Output Details 4 71 4 6 show linkflap metrics Output Details 4 71 4 7 show port broadcast Output Details 4 83 4 8 L...

Page 16: ... netstat Output Details 11 31 11 5 RMON Monitoring Group Functions and Commands 11 44 11 6 show rmon stats Output Details 11 49 11 7 show rmon alarm Output Details 11 58 11 8 show rmon event Output Details 11 63 11 9 show rmon topN Output Details 11 75 11 10 show rmon matrix Output Details 11 81 11 11 show arp Output Details 11 99 11 12 show ip route Output Details 11 104 11 13 show mac Output Det...

Page 17: ...interface Output Details 13 67 13 5 show ip ospf neighbor Output Details 13 70 13 6 show ip ospf virtual links Output Details 13 71 14 1 show radius Output Details 14 11 14 2 show tacacs Output Details 14 26 14 3 show pwa Output Details 14 55 14 4 show macauthentication Output Details 14 81 14 5 show macauthentication session Output Details 14 82 14 6 show maclock Output Details 14 120 14 7 show m...

Page 18: ...Tables xvi Matrix NSA Series Configuration Guide ...

Page 19: ... network management and device configuration operations Establish and manage Virtual Local Area Networks VLANs Manage static and dynamically assigned user policies Establish and manage priority classification Configure IP routing and routing protocols including RIP versions 1 and 2 OSPF DVMRP IRDP and VRRP Configure security protocols including 802 1X and RADIUS SSHv2 MAC locking MAC authenticatio...

Page 20: ...mode auto negotiation flow control port mirroring link aggegation and broadcast suppression Chapter 5 SNMP Configuration describes how to configure SNMP users and user groups access rights target addresses and notification parameters Chapter 6 Spanning Tree Configuration describes how to review and set Spanning Tree bridge parameters for the device including bridge priority hello time maximum agin...

Page 21: ...ode aliases Chapter 12 IP Configuration describes how to enable IP routing for router mode operation how to configure IP interface settings how to review and configure the routing ARP table how to review and configure routing broadcasts how to configure PIM how to configure LSNAT and DHCP server and how to configure IP routes Chapter 13 Routing Protocol Configuration describes how to configure RIP...

Page 22: ...cimal Notation DDN e g 000 000 000 000 in an IP address x A lowercase italic x indicates the generic use of a letter e g xxx indicates any combination of three alphabetic characters n A lowercase italic n indicates the generic use of a number e g 19nn indicates a four digit number in which the last two digits are unknown Square brackets indicate optional parameters Braces indicate required paramet...

Page 23: ...e device and information on how to contact Enterasys Networks for technical support 1 1 MATRIX SERIES FEATURES Matrix Series devices support business driven networking with Advanced QoS and policy based frame classification and bandwidth management featuring rate limiting CoS priority queueing and link aggregation Customized single source management and control with SNMP port mirroring Syslog RMON...

Page 24: ...l the number of received broadcasts that are switched to the other interfaces Set flow control on a port by port basis Set port configurations and port based VLANs Configure ports to prioritize and assign a VLAN or Class of Service to incoming frames based on Layer 2 Layer 3 and Layer 4 information Configure the device to operate as a Generic Attribute Registration Protocol GARP device to dynamica...

Page 25: ...ontact Enterasys Networks using one of the following methods Before calling Enterasys Networks have the following information ready Your Enterasys Networks service contract number A description of the failure A description of any action s already taken to resolve the problem for example changing mode switches rebooting the unit The serial and revision numbers of all involved Enterasys Networks pro...

Page 26: ...n of your network environment for example layout cable type Network load and frame size at the time of trouble if known The device history for example have you returned the device before is this a recurring problem Any previous Return Material Authorization RMA numbers ...

Page 27: ...vironment and how to prepare to run the device in router mode 2 1 1 Factory Default Settings The following tables list factory default device settings available on the Matrix Series device Table 2 1 lists default settings for Matrix Series switch operation Table 2 2 lists default settings for router mode operation Table 2 1 Default Device Settings for Basic Switch Operation Device Feature Default ...

Page 28: ...terval is set to 125seconds and response time is set to 100 tenths of a second IP mask and gateway Subnet mask set to 255 0 0 0 default gateway set to 0 0 0 0 IP routes No static routes configured Jumbo frame support Disabled on all ports Link aggregation admin key Set to 32768 for all ports Link aggregation flow regeneration Disabled Link aggregation system priority Set to 32768 for all ports Lin...

Page 29: ...ficant conditions for all applications MAC aging time Set to 300 seconds MAC locking Disabled globally and on all ports Management Authentication Notification Enabled MTU discovery protocol Enabled NetFlow collection Disabled NetFlow export version Version 5 NetFlow Version 9 template refresh rate 20 packets NetFlow Version 9 template timeout 30 minutes Passwords Set to an empty string for all def...

Page 30: ... 10 Mbps except for 1000BASE X which is set to 1000 Mbps and 100BASE FX which is set to 100 Mbps Port trap All ports are enabled to send link traps Priority classification Classification rules are automatically enabled when created RADIUS client Disabled RADIUS last resort action When the client is enabled set to Challenge RADIUS retries When the client is enabled set to 3 RADIUS timeout When the ...

Page 31: ... point to point Set to auto for all Spanning Tree ports Spanning Tree port priority All ports with bridge priority are set to 128 medium priority Spanning Tree priority Bridge priority is set to 32768 Spanning Tree topology change trap suppression Enabled Spanning Tree transmit hold count Set to 3 Spanning Tree version Set to mstp Multiple Spanning Tree Protocol Spanning Tree Loop Protect Disabled...

Page 32: ...ud System contact Set to empty string System location Set to empty string System name Set to empty string Terminal CLI display set to 80 columns and 24 rows Timeout Set to 15 minutes User names Login accounts set to ro for Read Only access rw for Read Write access and admin for Super User access VLAN dynamic egress Disabled on all VLANs VLAN ID All ports use a VLAN identifier of 1 WebView HTTP Ena...

Page 33: ... range OSPF None configured ARP table No permanent entries configured ARP timeout Set to 14 400 seconds Authentication key RIP and OSPF None configured Authentication mode RIP and OSPF None configured Dead interval OSPF Set to 40 seconds Disable triggered updates RIP Triggered updates allowed Distribute list RIP No filters applied DoS prevention Disabled DVMRP Disabled Metric set to 1 Hello interv...

Page 34: ...nce is set to 0 MD5 authentication OSPF Disabled with no password set MTU size Set to 1500 bytes on all interfaces OSPF Disabled OSPF cost Set to 10 for all interfaces OSPF network None configured OSPF priority Set to 1 Passive interfaces RIP None configured Proxy ARP Enabled on all interfaces Receive interfaces RIP Enabled on all interfaces Retransmit delay OSPF Set to 1 second Retransmit interva...

Page 35: ...s an example Figure 2 1 Sample CLI Default Description 2 1 3 CLI Command Modes Each command description in this guide includes a section entitled Command Mode which states whether the command is executable in Admin Super User Read Write or Read Only mode Users with Read Only access will only be permitted to view Read Only show commands Users with Read Write access will be able to modify all modifi...

Page 36: ... WebView and reset the WebView port as described in the following section Displaying WebView status To display WebView status enter show webview at the CLI command prompt This example shows that WebView is enabled on TCP port 80 the default port number Enabling disabling WebView To enable or disable WebView enter set webview enable o disable at the CLI command prompt This example shows how to enab...

Page 37: ... 2 2 1 4 Enabling or disabling of the management authentication notification MIB Section 2 2 2 5 Setting basic device properties Section 2 2 3 6 Activating licensed features Section 2 2 4 7 Downloading a new firmware image Section 2 2 5 8 Reviewing and selecting the boot firmware image Section 2 2 6 9 Starting and configuring Telnet Section 2 2 7 10 Managing image and configuration files Section 2...

Page 38: ...ith a Default User Account If this is the first time your are logging in to the Matrix Series device or if the default user accounts have not been administratively changed proceed as follows 1 At the login prompt enter one of the following default user names ro for Read Only access rw for Read Write access admin for Super User access 2 Press ENTER The Password prompt displays 3 Leave this string b...

Page 39: ... Enter login user name and password information in one of the following ways If the device s default login and password settings have not been changed follow the steps listed in Section 2 1 6 2 or Enter an administratively configured user name and password The notice of authorization and the Matrix prompt displays as shown in Figure 2 2 For information about setting the IP address refer to Section...

Page 40: ...play usage and syntax information for that command This example shows how to display context sensitive help for the set length command login admin Password M A T R I X N S T A N D A L O N E P L A T I N U M Command Line Interface Enterasys Networks Inc 50 Minuteman Rd Andover MA 01810 1008 U S A Phone 1 978 684 1000 E mail support enterasys com WWW http www enterasys com c Copyright Enterasys Netwo...

Page 41: ...n for all commands beginning with co Figure 2 4 Performing a Partial Keyword Lookup Matrix rw show snmp access SNMP VACM access configuration community SNMP v1 v2c community name configuration context SNMP VACM context list counters SNMP counters engineid SNMP engine properties group SNMP VACM security to group configuration notify SNMP notify configuration notifyfilter SNMP notify filter configur...

Page 42: ...to advance the output one line at a time The example in Figure 2 5 shows how the show mac command indicates that output continues on more than one screen Figure 2 5 Scrolling Screen Output NOTE At the end of the lookup display the system will repeat the command you entered without the Matrix rw show mac MAC Address FID Port Type 00 00 1d 67 68 69 1 host 0 1 learned 00 00 02 00 00 00 1 fe 1 2 learn...

Page 43: ... 2 7 shows how when the function is enabled entering conf and pressing the spacebar would be completed as configure Figure 2 7 Completing a Partial Command 2 1 7 Configuring the Line Editor The command line editor determines which key sequences can be used in the CLI Example Ctrl A will move the cursor to beginning of the command line when in Emacs mode The CLI supports both vi and Emacs like line...

Page 44: ... character to left of cursor Ctrl I or TAB Complete word Ctrl K Delete all characters after cursor Ctrl L or Ctrl R Re display line Ctrl N Scroll to next command in command history use the CLI history command to display the history Ctrl P Scroll to previous command in command history Ctr1 Q Resume the CLI process Ctr1 S Pause the CLI process for scrolling Ctrl T Transpose characters Ctrl U or Ctrl...

Page 45: ...ge character cl Change character cw Change word cc Change entire line c Change everything from cursor to end of line i Insert I Insert at beginning of line R Type over characters nrc Replace the following n characters with c nx Delete n characters starting at cursor nX Delete n characters to the left of the cursor d SPACE Delete character dl Delete character dw Delete word dd Delete entire line d ...

Page 46: ...mands used to configure the line editor are listed below and described in the associated sections as shown show line editor Section 2 1 7 1 set line editor Section 2 1 7 2 p Put last deletion after the cursor P Put last deletion before the cursor u Undo last command Toggle case lower to upper or vice versa Key Sequence vi Command ...

Page 47: ... mode and Delete character mode show line editor Command Defaults None Command Type Switch command Command Mode Read Only Example This example shows how to view the current and default line editor mode and Delete mode Matrix rw show line editor Current Line Editor mode is set to EMACS Default Line Editor mode is set to Default Current DEL mode is set to delete System DEL mode is set to delete ...

Page 48: ... current session and will not persist for future sessions Command Type Switch command Command Mode Read Write Examples This example sets the current line editor to vi mode emacs Selects emacs command line editing mode See Table 2 3 for some commonly used emacs commands vi Selects vi command line editing mode default Selects default line editing mode delete backspace delete Sets the way the line ed...

Page 49: ...ion Summary Configuring the Line Editor Matrix NSA Series Configuration Guide 2 23 This example sets the default line editor to emacs mode and sets the selection to persist for future sessions Matrix rw set line editor emacs default ...

Page 50: ...accounts and passwords Commands The commands used to configure user accounts and passwords are listed below and described in the associated section as shown show system login Section 2 2 1 1 set system login Section 2 2 1 2 clear system login Section 2 2 1 3 set password Section 2 2 1 4 set system password length Section 2 2 1 5 set system password aging Section 2 2 1 6 set system password history...

Page 51: ...cription None Command Defaults None Command Type Switch command Command Mode Super User Example This example shows how to display login account information In this case device defaults have not been changed Table 2 4 provides an explanation of the command output Matrix su show system login Password history size 0 Password aging disabled Username Access State admin super user enabled ro read only e...

Page 52: ...swords that will be checked for duplication when the set password command is executed Configured with set system password history Section 2 2 1 7 Password aging Number of days user passwords will remain valid before aging out Configured with set system password aging Section 2 2 1 6 Username Login user names Access Access assigned to this user account super user read write or read only State Wheth...

Page 53: ...ption Command Defaults None Command Type Switch command Command Mode Super User Example This example shows how to enable a new user account with the login name netops with super user access privileges username Specifies a login name for a new or existing user This string can be a maximum of 80 characters although a maximum of 16 characters is recommended for proper viewing in the show system login...

Page 54: ...ve a local login user account clear system login username Syntax Description Command Defaults None Command Type Switch command Command Mode Super User Example This example shows how to remove the netops user account username Specifies the login name of the account to be cleared NOTE The default admin su account cannot be deleted Matrix su clear system login netops ...

Page 55: ...eir own passwords but cannot enter or modify other system passwords Passwords must be a minimum of 8 characters and a maximum of 40 characters IIf configured password length must conform to the minimum number of characters set with the set system password length command Section 2 2 1 5 The admin password can be reset by toggling dip switch 8 on the device as described in your Matrix Series Install...

Page 56: ... Read Write password from the system default blank string This example shows how a user with Read Write access would change his password Matrix su set password rw Please enter new password Please re enter new password Password changed Matrix su Matrix rw set password Please enter old password Please enter new password Please re enter new password Password changed Matrix rw ...

Page 57: ... login password length set system password length characters Syntax Description Command Defaults None Command Type Switch command Command Mode Super User Examples This example shows how to set the minimum system password length to 8 characters characters Specifies the minimum number of characters for a user account password Valid values are 0 to 40 Matrix su set system password length 8 ...

Page 58: ... out or to disable user account password aging set system password aging days disable Syntax Description Command Defaults None Command Type Switch command Command Mode Super User Example This example shows how to set the system password age time to 45 days days Specifies the number of days user passwords will remain valid before aging out Valid values are 1 to 365 disable Disables password aging M...

Page 59: ...ication This prevents duplicate passwords from being entered into the system with the set password command set system password history size Syntax Description Command Defaults None Command Type Switch command Command Mode Super User Example This example shows how to configure the system to check the last 10 passwords for duplication size Specifies the number of passwords checked for duplication Va...

Page 60: ...o display user lockout settings In this case device defaults have not been changed Table 2 5 provides an explanation of the command output These settings are configured with the set system lockout command Section 2 2 1 9 Matrix su show system lockout Lockout attempts 3 Lockout time 15 minutes Table 2 5 show system lockout Output Details Output What It Displays Lockout attempts Number of failed log...

Page 61: ...user with the set system login command Section 2 2 1 2 set system lockout attempts attempts time time Syntax Description Command Defaults None Command Type Switch command Command Mode Super User Examples This example shows how to set login attempts to 5 and lockout time to 30 minutes attempts attempts Specifies the number of failed login attempts allowed before a read write or read only user s acc...

Page 62: ...s for various management access types The types of access currently supported by the MIB include console telnet ssh and web Commands The CLI commands used to set the Management Authentication Notification are listed below and described in the associated section as shown show mgmt auth notify Section 2 2 3 1 set mgmt auth notify Section 2 2 3 2 clear mgmt auth notify Section 2 2 3 3 NOTE Ensure tha...

Page 63: ...t setting for the Management Authentication Notification MIB show mgmt auth notify Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Only Example This example shows how to display the current information for the Management Authentication Notification Matrix su show mgmt auth notify Management Type Status console enabled ssh enabled telnet enabled web enabl...

Page 64: ...nabled set mgmt auth notify enable disable console ssh telnet web Syntax Description Command Defaults If none of the optional Management Authentication Access types are entered than all authentications types listed above will either be enabled or disabled Command Type Switch command Command Mode Read Write NOTE Insure that SNMP is correctly configured on the DFE in order to send these notification...

Page 65: ...This example shows how to set only the console and telnet authentication access types to be enabled on the Management Authentication Notification MIB That information is then displayed with the show command Matrix su set mgmt auth notify disable Matrix su show mgmt auth notify Management Type Status console disabled ssh disabled telnet disabled web disabled Matrix su set mgmt auth notify enable co...

Page 66: ...set the current setting for the Management Authentication Notification access types to the default setting of enabled clear mgmt auth notify Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Write NOTE Ensure that SNMP is correctly configured on the DFE in order to send these notifications Refer to Chapter 5 for SNMP configuration information ...

Page 67: ...thentication Notification access types prior to using the clear command then displays the same information after using the clear command Matrix su show mgmt auth notify Management Type Status console enabled ssh disabled telnet enabled web disabled Matrix su clear mgmt auth notify Matrix su show mgmt auth notify Management Type Status console enabled ssh enabled telnet enabled web enabled ...

Page 68: ...3 3 show ip gratuitous arp Section 2 2 3 4 set ip gratuitous arp Section 2 2 3 5 clear ip gratuitous arp Section 2 2 3 6 show system Section 2 2 3 7 show system hardware Section 2 2 3 8 show system utilization Section 2 2 3 9 set system utilization threshold Section 2 2 3 10 clear system utilization Section 2 2 3 11 show time Section 2 2 3 12 set time Section 2 2 3 13 show summertime Section 2 2 3...

Page 69: ...set banner motd Section 2 2 3 23 clear banner motd Section 2 2 3 24 show version Section 2 2 3 25 set system name Section 2 2 3 26 set system location Section 2 2 3 27 set system contact Section 2 2 3 28 set width Section 2 2 3 29 set length Section 2 2 3 30 show logout Section 2 2 3 31 set logout Section 2 2 3 32 show physical alias Section 2 2 3 33 set physical alias Section 2 2 3 34 clear physi...

Page 70: ...s Use this command to display the system IP address and subnet mask show ip address Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Only Example This example shows how to display the system IP address and subnet mask Matrix rw show ip address Name Address Mask host 10 42 13 20 255 255 0 0 ...

Page 71: ...will be set to the natural mask of the ip address and ip gateway will be set to the ip address Command Type Switch command Command Mode Read Write Example This example shows how to set the system IP address to 10 1 10 1 with a mask of 255 255 128 0 and a default gateway of 10 1 0 1 ip address Sets the IP address for the system mask ip mask Optional Sets the system s subnet mask gateway ip gateway ...

Page 72: ...figuration Guide 2 2 3 3 clear ip address Use this command to clear the system IP address clear ip address Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to clear the system IP address Matrix rw clear ip address ...

Page 73: ...and to display the gratuitous ARP processing behavior show ip gratuitous arp Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Only Example This example shows how to display the IP gratuitous arp process for both requests and replies Matrix rw show ip gratuitous arp Processing gratuitous ARP requests and replies ...

Page 74: ...ssing behavior set ip gratuitous arp request reply both Syntax Description Command Defaults Disabled by default Command Type Switch command Command Mode Read Write Example This example sets both gratuitous ARP requests and replies request Process only gratuitous ARP requests reply Process only gratuitous ARP replies both Process both requests and replies Matrix rw set ip gratuitous arp both ...

Page 75: ... 2 3 6 clear ip gratuitous arp Use this command to stop all gratuitous ARP processing clear ip gratuitous arp Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to clear the gratuitous arp processing Matrix rw clear ip gratuitous arp ...

Page 76: ...me show system Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Only Example This example shows how to display system information Table 2 6 provides an explanation of the command output Matrix rw show system System contact System location System name PS1 Status PS2 Status ok not installed Fan1 Status ok Temp Alarm Uptime d h m s Logout off 0 19 40 00 10 m...

Page 77: ...7 System name Name identifying the system Default of a blank string can be changed with the set system name command Section 2 2 3 26 PS1 and PS2 Status Operational status for power supply 1 and if installed power supply 2 Fan Status Operational status of the fan tray Temp Alarm Whether or not the system temperature alarm is off within normal temperature range or on Uptime d h m s System uptime Log...

Page 78: ...s hardware configuration show system hardware Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Only Example The example on the following page shows a portion of the information displayed with the show system hardware command NOTE Depending on the hardware configuration of your Matrix system your output will vary from the example shown ...

Page 79: ...MAC Address 11 22 33 44 55 66 Router MAC Address 11 22 33 44 55 67 Hardware Version 5 Firmware Version 02 00 13 BootCode Version 01 00 07 CPU Version 8 PPC 740 750 UpLink Not Present SDRAM 128 MB NVRAM 8 KB Flash System 32 MB flash0 free space 11 MB flash1 free space 14 MB Dip Switch Bank 1 2 3 4 5 6 7 8 Position OFF OFF OFF OFF OFF OFF OFF OFF HOST CHIP Revision 1 0 FABRIC CHIP 0 1 Revision 1 0 1...

Page 80: ... If not specified information for all modules will be displayed Command Type Switch command Command Mode Read Only Example This example shows how to display all system utilization information for the module in slot 1 cpu process storage Optional Displays total CPU individual process or storage resource utilization only slot slot Optional Displays system resource utilization for a specific module M...

Page 81: ... 0 0 0 0 0 0 Switch Dot1x 12 0 0 0 0 0 0 Switch Filter Database 13 0 0 0 0 0 0 Switch GVRP 14 0 0 0 0 0 0 Switch Host IP 15 0 1 0 1 0 1 Switch IGMP 16 0 0 0 0 0 0 Switch LACP 17 0 0 0 0 0 0 Switch MAC Authentication 18 0 0 0 0 0 0 Switch MAC Locking 19 0 0 0 0 0 0 Switch MTU Discovery 20 0 0 0 0 0 0 Switch Node Alias 21 0 0 0 0 0 0 Switch Packet Processing 22 0 1 0 1 0 1 Switch POE 23 0 0 0 0 0 0 ...

Page 82: ...r IP 38 0 0 0 0 0 0 Router DHCPS 39 0 0 0 0 0 0 Router OSPF 40 0 0 0 0 0 0 Router RIP 41 0 0 0 0 0 0 Router VRRP 42 0 0 0 0 0 0 Router DVMRP 43 0 0 0 0 0 0 Router PIM 44 0 0 0 0 0 0 Router PIMDM 45 0 0 0 0 0 0 Router ARP 46 0 0 0 0 0 0 Router LSNAT 47 0 0 0 0 0 0 Interrupts 48 0 0 0 0 0 0 OTHER 49 0 0 0 0 0 0 IDLE 50 96 4 97 0 97 0 Storage Utilization Slot 1 Type Description Size Kb Available Kb R...

Page 83: ... represents the of system utilization to use as the trap threshold set system utilization threshold threshold Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to set the system utilization threshold to 100 threshold Specifies a threshold value in 1 10 of a percent Valid range is 1 1000 A value of 0 will disable utilization ...

Page 84: ...ilization Use this command to clear the threshold for sending CPU utilization notification messages clear system utilization Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to clear the system utilization threshold Matrix rw clear system utilization 1000 ...

Page 85: ... current time of day in the system clock show time Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Only Example This example shows how to display the current time The output shows the day of the week month day and the time of day in hours minutes and seconds and the year Matrix rw show time THU SEP 05 09 21 57 2002 ...

Page 86: ... day on the system clock set time mm dd yyyy hh mm ss Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to set the system clock to 7 50 a m mm dd yyyy hh mm ss Sets the time in month day year and or 24 hour format At least one set of time parameters must be entered Matrix rw set time 7 50 00 ...

Page 87: ...ption None Command Defaults None Command Type Switch command Command Mode Read Only Example This example shows how to display daylight savings time settings Matrix rw show summertime Summertime is disabled and set to Start SUN MAR 11 02 00 00 2007 End SUN NOV 04 02 00 00 2007 Offset 60 minutes 1 hours 0 minutes Recurring yes starting at 2 00 of the second Sunday of March and ending at 2 00 of the ...

Page 88: ...summertime enable disable zone Syntax Description Command Defaults If a zone name is not specified none will be applied Command Type Switch command Command Mode Read Write Example This example shows how to enable daylight savings time function enable disable Enables or disables the daylight savings time function zone Optional Applies a name to the daylight savings time settings Matrix rw set summe...

Page 89: ... Write start_month Specifies the month of the year to start daylight savings time start_date Specifies the day of the month to start daylight savings time start_year Specifies the year to start daylight savings time start_hr_min Specifies the time of day to start daylight savings time Format is hh mm end_month Specifies the month of the year to end daylight savings time end_date Specifies the day ...

Page 90: ...SA Series Configuration Guide Example This example shows how to set a daylight savings time start date of April 4 2004 at 2 a m and an ending date of October 31 2004 at 2 a m with an offset time of one hour Matrix rw set summertime date April 4 2004 02 00 October 31 2004 02 00 60 ...

Page 91: ...d none will be applied Command Type Switch command Command Mode Read Write start_week Specifies the week of the month to restart daylight savings time Valid values are first second third fourth and last start_day Specifies the day of the week to restart daylight savings time start_hr_min Specifies the time of day to restart daylight savings time Format is hh mm end_week Specifies the week of the m...

Page 92: ... Configuration Guide Example This example shows how set daylight savings time to recur start date of April 4 2004 at 2 a m and an ending date of October 31 2004 at 2 a m with an offset time of one hour Matrix rw set summertime recurring first Sunday April 02 00 last Sunday October 02 00 60 ...

Page 93: ... 2 3 18 clear summertime Use this command to clear the daylight savings time configuration clear summertime Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to clear the daylight savings time configuration Matrix rw clear summertime ...

Page 94: ...prompt_string Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to set the command prompt to Switch 1 prompt_string Specifies a text string for the command prompt NOTE A prompt string containing a space in the text must be enclosed in quotes as shown in the example below Matrix rw set prompt Switch 1 Switch 1 rw ...

Page 95: ...pacebar set cli completion enable disable default Syntax Description Command Defaults If not specified the status setting will not be maintained as the default Command Type Switch command Command Mode Read Write Example This example shows how to enable the CLI command completion function and maintain it as the default setting enable disable Enables or disables the CLI command completion function d...

Page 96: ...e will be set If not specified the cursor will not refresh Command Type Switch command Command Mode Read Write Example This example shows how to execute a command loop 10 times with a 30 second delay count Specifies the number of times to loop A value of 0 will make the command loop forever delay Optional Specifies the number of seconds to delay between executions r Optional Refreshes the cursor t...

Page 97: ...ner message of the day that will display at session login show banner motd Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Only Example This example shows how to display the banner message of the day Matrix rw show banner motd Not one hundred percent efficient of course but nothing ever is Kirk Metamorphosis stardate 3219 8 ...

Page 98: ...d Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to set the message of the day banner to read Change is the price of survival Winston Churchill message Specifies a message of the day This is a text string that can be formatted with tabs t and new line escape n characters The t tabs will be converted into 8 spaces in the banner output Matrix rw set ...

Page 99: ...td Use this command to clear the banner message of the day displayed at session login to a blank string clear banner motd Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to clear the message of the day banner to a blank string Matrix rw clear banner motd ...

Page 100: ...his example shows how to display version information Table 2 7 provides an explanation of the command output Matrix rw show version Copyright c 2004 by Enterasys Networks Inc Slot Model Serial Versions 1 2G4072 52 041405833244 Hw 0 Bp 01 00 15 Fw 05 01 57 Table 2 7 show version Output Details Output What It Displays Slot Slot port group location designation For details on how port groups are numbe...

Page 101: ...on Command Defaults If string is not specified the system name will be cleared Command Type Switch command Command Mode Read Write Example This example shows how to set the system name to Information Systems string Optional Specifies a text string that identifies the system NOTE A name string containing a space in the text must be enclosed in quotes as shown in the example below Matrix rw set syst...

Page 102: ... Command Defaults If string is not specified the location name will be cleared Command Type Switch command Command Mode Read Write Example This example shows how to set the system location string string Optional Specifies a text string that indicates where the system is located NOTE A location string containing a space in the text must be enclosed in quotes as shown in the example below Matrix rw ...

Page 103: ...nd Defaults If string is not specified the contact name will be cleared Command Type Switch command Command Mode Read Write Example This example shows how to set the system contact string string Optional Specifies a text string that contains the name of the person to contact for system administration NOTE A contact string containing a space in the text must be enclosed in quotes as shown in the ex...

Page 104: ...ed to the device s console port The length of the CLI is set using the set length command as described in Section 2 2 3 30 set width screenwidth Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to set the terminal columns to 50 screenwidth Sets the number of terminal columns Valid values are 50 to 150 Matrix rw set width 50...

Page 105: ...ill display set length screenlength Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to set the terminal length to 50 screenlength Sets the number of lines in the CLI display Valid values are 0 which disables the scrolling screen feature described in Section 2 1 6 8 and from 5 to 512 Matrix rw set length 50 ...

Page 106: ...mand to display the time in seconds an idle console or Telnet CLI session will remain connected before timing out show logout Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Only Example This example shows how to display the CLI logout setting Matrix rw show logout Logout currently set to 10 minutes ...

Page 107: ...utes an idle console or Telnet CLI session will remain connected before timing out set logout timeout Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to set the system timeout to 10 minutes timeout Sets the number of minutes the system will remain idle before timing out Matrix rw set logout 10 ...

Page 108: ...chassis slot slot Optional Displays the alias set for a specified slot in the chassis backplane backplane Optional Displays the alias set for the backplane Valid values are 1 for FTM 1 and 2 for FTM 2 module module Optional Displays the alias set for a specified module A maximum of one module alias per slot is allowed powersupply powersupply Optional Displays the alias set for a specified power su...

Page 109: ...eries Configuration Guide 2 83 Example This example shows how to display physical alias information for the chassis In this case the chassis entity is 1 and there is no alias currently set for the chassis Matrix rw show physical alias chassis chassis 1 alias empty string entity 1 ...

Page 110: ...sed N Series devices such as the N7 N5 N3 or N1 Executing commands in the NSA CLI with modular parameters not supported by the standalone will result in an error message chassis Sets an alias for the chassis slot slot Sets an alias for a specific slot in the chassis backplane backplane Sets an alias for the backplane Valid values are 1 for FTM 1 and 2 for FTM 2 module module Sets an alias for a sp...

Page 111: ...d Set Setting Basic Device Properties Matrix NSA Series Configuration Guide 2 85 Command Mode Read Write Example This example shows how to set the alias for the chassis to chassisone Matrix rw set physical alias chassis chassisone ...

Page 112: ... Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to set clear the alias set for the chassis chassis Clears the chassis alias slot slot Clears and alias for a specific slot backplane backplane Clears and alias for a specific backplane Valid values are 1 for FTM 1 and 2 for FTM 2 module module Clears an alias for a specific module powersupply ...

Page 113: ...le show physical assetid module module Syntax Description Command Defaults None Command Type Switch command Command Mode Read Only Example This example shows how to display asset ID information for module 1 In this case none has been configured module module Specifies the module for which to display an asset ID Matrix rw show physical assetid module 1 module 1 assetID empty string entity 71 ...

Page 114: ...ad Write Example This example shows how to set the asset ID information for module 1 to dfe1 NOTE Module slot and certain other hardware based parameters in the Matrix N Series Standalone NSA CLI support only chassis based N Series devices such as the N7 N5 N3 or N1 Executing commands in the NSA CLI with modular parameters not supported by the standalone will result in an error message module modu...

Page 115: ...s command to reset the asset ID for a moduleto a zero length string clear physical assetid module module Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to clear the asset ID module module Specifies the module for which to clear the asset ID Matrix rw clear physical assetid ...

Page 116: ... and activate a license key If you have purchased a license you can proceed to activate your license as described in this section If you wish to purchase a license contact Enterasys Networks Sales Purpose To activate and verify licensed features Commands The commands used to activate and verify licensed features are listed below and described in the associated section as shown set license Section ...

Page 117: ...d Write Command Defaults If not specified the license will be bound to all modules Example This example shows how to use license key abcdefg123456789 to activate advanced routing features advanced Activates advanced routing features license key Specifies your unique 16 digit hexadecimal advanced licensing key NOTE When available the licensing key will display at the top of the show running config ...

Page 118: ...how license When available and activated use this command to display your license key show license Syntax Description None Command Type Switch command Command Mode Read Write Command Defaults None Example This example shows how to display your license key information Matrix rw show license advanced abcdefg123456789 ...

Page 119: ...ription Command Type Switch command Command Mode Read Write Command Defaults If not specified the license settings will be cleared from all modules Example This example shows how to clear advanced license key settings advanced Clears the advanced routing license setting slot slot Optional Specifies a module from which the license setting will be cleared Matrix rw clear license advanced ...

Page 120: ...e serial console port This procedure is an out of band operation that copies the firmware through the serial port to the device It takes approximately five minutes and requires minimal configuration It should be used in cases when you cannot connect the device to perform the in band copy download procedure via FTP or TFTP Serial console download has been successfully tested with the following appl...

Page 121: ...ce firmware via the serial console port proceed as follows 1 With the console port connected power up the device The following message displays 2 Before the boot up completes press any key The following boot menu options screen displays Boot ROM Initialization Version 01 00 01 Copyright c 2004 Enterasys Networks Inc SDRAM size 128 MB Testing SDRAM PASSED Loading Boot Image 01 00 02 DONE Uncompress...

Page 122: ...pplication When the ZMODEM download is finished the following message displays 8 Set the device baud rate back to 9600 9 Set the terminal baud rate back to 9600 and press ENTER 10 Type setboot filename to set the device to boot to the new firmware image In this example the downloaded image file is named myimage The following message displays 1 1200 2 2400 3 4800 4 9600 5 19200 6 38400 7 57600 8 11...

Page 123: ... are listed below and described in the associated section as shown show boot system Section 2 2 6 1 set boot system Section 2 2 6 2 System Image Loader boot flash0 Volume is OK Loading myimage DONE NOTE If you reboot without specifying the image to boot with setboot as described above the device will attempt to load whatever image is currently stored in the bootstring via the set boot system comma...

Page 124: ... 2 2 8 1 displays additional information about boot image files Active indicates the image that is currently running and Boot means indicates the image that is currently scheduled to boot next The set boot system command Section 2 2 6 2 will move the boot designation from the current running image but will allow the active image to stay where it is until after the reset when that image has actuall...

Page 125: ...iately or choose No to load the new boot image at a later scheduled time by issuing one of the following commands clear config reset or configure The new boot setting will be remembered through resets and power downs and will not take effect until the clear config reset or configure command is given set boot system filename Syntax Description Command Defaults None Command Type Switch command Comma...

Page 126: ... host The Matrix Series device allows a total of four inbound and or outbound Telnet session to run simultaneously Commands The commands used to enable start and configure Telnet are listed below and described in the associated section as shown show telnet Section 2 2 7 1 set telnet Section 2 2 7 2 telnet Section 2 2 7 3 show router telnet Section 2 2 7 4 set router telnet Section 2 2 7 5 clear ro...

Page 127: ...lnet Use this command to display the status of Telnet on the device show telnet Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Only Example This example shows how to display Telnet status Matrix rw show telnet Telnet inbound is currently ENABLED Telnet outbound is currently ENABLED ...

Page 128: ...Command Mode Read Write Example This example shows how to disable inbound and outbound Telnet services enable disable Enables or disables Telnet services inbound outbound all Specifies inbound service the ability to Telnet to this device outbound service the ability to Telnet to other devices or all both inbound and outbound Matrix rw set telnet disable all Disconnect all telnet sessions and disab...

Page 129: ...inbound and or outbound Telnet session to run simultaneously telnet host port Syntax Description Command Defaults If not specified the default port number 23 will be used Command Type Switch command Command Mode Read Write Example This example shows how to start a Telnet session to a host at 10 21 42 13 host Specifies the name or IP address of the remote host port Optional Specifies the server por...

Page 130: ...lnet Use this command to display the state of Telnet service to the router show router telnet Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Only Example This example shows how to display the state of Telnet service to the router Matrix rw show router telnet Telnet to Router IP is enabled ...

Page 131: ...elnet Use this command to enable or disable Telnet service to the router interface IP address set router telnet enable disable Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to disable Telnet service to the router Matrix rw set router telnet disable ...

Page 132: ...uter telnet Use this command to reset Telnet service to the router to the default state of disabled clear router telnet Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to reset Telnet service to the router to disabled Matrix rw clear router telnet ...

Page 133: ...any other required arguments that you want the commands to operate on Refer to the script command Section 2 2 8 7 The following section describes the command set for managing both switch and router configuration For details on performing a basic routing configuration while operating in router mode refer to Section 12 2 3 For details on downloading a new firmware image refer to Section 2 2 5 For de...

Page 134: ...ut filename Optional Specifies the file name or directory to list Table 2 8 dir Output Details Output What It Displays Images Lists all the images resident in the chassis and information about each Filename Name of the image file stored in the local file system Various flags may be listed after the filename including active Indicates this image is currently running boot Indicates this image is sel...

Page 135: ...ch this image is qualified to run Attempting to run an incompatible image on a given module will not succeed Files User maintained files such as CLI configuration files For details on working with configuration files refer to show config Section 2 2 8 3 and configure Section 2 2 8 4 SlotN Lists user maintained files by slot location Table 2 8 dir Output Details Continued Output What It Displays ...

Page 136: ...his command to display the contents of an image or configuration file show file filename Syntax Description Command Type Switch Command Mode Read Only Command Defaults None Example This example an excerpt of the complete output shows how to display the contents of the sample cfg configuration file filename Specifies the filename to display ...

Page 137: ...ow config all facility outfile outfile Syntax Description Command Type Switch Command Mode Read Write Command Defaults If no parameters are specified only non default system configuration settings will be displayed all Optional Displays default and non default configuration settings facility Optional Displays the configuration for a specific facility outfile outfile Optional Specifies a file in wh...

Page 138: ...t device configuration Matrix rw show config This command shows non default configurations only Use show config all to show both default and non default configurations begin NON DEFAULT CONFIGURATION cli console length logging port set port disable fe 1 2 6 set port duplex fe 1 16 half set port negotiation fe 2 1 disable set port vlan fe 1 5 8 system set system location Office end ...

Page 139: ...nfiguration will be replaced with the contents of the configuration file which will require an automated reset of the chassis Example This example shows how to execute the myconfig file in the module in slot 1 filename Specifies the path and file name of the configuration file to execute append Optional Executes the configuration as an appendage to the current configuration This is equivalent to t...

Page 140: ... FTP with user credentials This example shows how to download a configuration file via TFTP to the slot 3 directory source Specifies location and name of the source file to copy Options are a local file path valid directories are images and slotN or the URL of an FTP or TFTP server destination Specifies location and name of the destination where the file will be copied Options are a slot location ...

Page 141: ...de 2 115 This example shows how to upload a configuration file via Anonymous FTP from the module in slot 3 This example shows how to copy a configuration file from the slot 3 directory to the slot 5 directory Matrix rw copy slot3 myconfig ftp 134 141 89 34 myconfig Matrix rw copy slot3 myconfig slot5 myconfig ...

Page 142: ...e Switch Command Mode Read Write Command Defaults None Examples This example shows how to delete the myconfig configuration file from slot 3 This example shows how to delete the 010300 image file NOTE Use the show config command as described in Section 2 2 8 3 to display current image and configuration file names filename Specifies the local path name to the file Valid directories are images and s...

Page 143: ...n Command Type Switch Command Mode Read Write Command Defaults None Example This example uses the copy command to copy the script file named setport scr from IP address 10 1 221 3 to slot 4 Next the contents of the file is displayed with the show file command The script file requires two arguments a port string 1 and a VLAN id 2 Finally the script is executed by specifying fe 1 1 as the first argu...

Page 144: ...file and performs the command line argument substitution the commands are converted to the following set port alias fe 1 1 script_set_port set port vlan fe 1 1 100 modify egress set port jumbo enable fe 1 1 set port disable fe 1 1 set port lacp port fe 1 1 disabled The converted strings are then executed by the CLI engine and the script command returns ...

Page 145: ...e allowed in the network If the system receives a frame larger than the destination port supports it will send an ICMP destination unreachable error message indicating to the transmitting station that it must fragment the frame Commands The commands used to disable or re enable the path MTU discovery protocol are listed below and described in the associated sections as shown show mtu Section 2 2 9...

Page 146: ...ide 2 2 9 1 show mtu Use this command to display the status of the path MTU discovery protocol on the device show mtu Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Only Example This example shows how to display path MTU discovery status Matrix rw show mtu MTU discovery status Enabled ...

Page 147: ... Use this command to disable or re enable path MTU discovery protocol on the device set mtu enable disable Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to disable path MTU discovery enable disable Enables or disables path MTU discovery protocol Matrix rw set mtu disable ...

Page 148: ...figuration Guide 2 2 9 3 clear mtu Use this command to reset the state of the path MTU discovery protocol back to enabled clear mtu Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to reset the state of MTU discovery Matrix rw clear mtu ...

Page 149: ... 2 10 Pausing Clearing and Closing the CLI Purpose To pause or clear the CLI screen or to close your CLI session Commands The commands used to pause clear and close the CLI session are listed below and described in the associated sections as shown wait Section 2 2 10 1 cls Section 2 2 10 2 exit quit Section 2 2 10 3 ...

Page 150: ...e the CLI for a specified number of seconds before executing the next command wait seconds Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to pause the CLI for 10 seconds seconds Sets the number of seconds for the CLI to pause before executing the next command Matrix rw wait 10 ...

Page 151: ...s Configuration Guide 2 125 2 2 10 2 cls clear screen Use this command to clear the screen for the current CLI session cls Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Only Example This example shows how to clear the CLI screen Matrix rw cls ...

Page 152: ...witch command Command Mode Read Only Example This example shows how to exit a CLI session NOTE By default device timeout occurs after 15 minutes of user inactivity automatically closing your CLI session Use the set logout command as described in Section 2 2 3 32 to change this default When operating in router mode the exit command jumps to a lower configuration level For details on enabling router...

Page 153: ... defined switch and router configuration parameters or to schedule a system reset in order to load a new boot image Commands The commands used to reset the device and clear the configuration are listed below and described in the associated sections as shown show reset Section 2 2 11 1 reset Section 2 2 11 2 reset at Section 2 2 11 3 reset in Section 2 2 11 4 clear config Section 2 2 11 5 ...

Page 154: ... information about scheduled device resets show reset Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Only Example This command shows how to display reset information Matrix rw show reset Reset scheduled for Fri Jan 21 2000 23 00 00 in 3 days 12 hours 56 minutes 57 seconds Reset reason Software upgrade ...

Page 155: ... For information on how to do this refer to the Matrix Installation Guide shipped with your device mod Specifies a module to be reset system Resets the system nemcpu mod nemcpu Resets the CPU on a Matrix Security Module or other processing NEM where mod specifies the DFE module in which the Matrix Security Module or processing NEM is installed and nemcpu specifies the location of the NEM Currently...

Page 156: ...This example shows how to cancel a scheduled system reset This example shows how to reset a Matrix Security Module installed on the DFE in slot 4 Matrix rw reset cancel Reset cancelled Matrix rw reset nemcpu 4 1 This command will reset NEM CPU 4 1 Do you want to continue y n n y Resetting NEM CPU 4 1 ...

Page 157: ...edule a reset at 8 p m on October 12 This example shows how to schedule a reset at a specific future time and include a reason for the reset hh mm Schedules the hour and minute of the reset using the 24 hour system mm dd Optional Schedules the month and day of the reset reason Optional Specifies a reason for the reset Matrix rw reset at 20 00 10 12 Reset scheduled at 20 00 00 Sat Oct 12 2002 Proce...

Page 158: ...ts If a reason is not specified none will be applied Command Type Switch command Command Mode Read Write Example This example shows how to schedule a device reset in 5 hours and 20 minutes hh mm Specifies the number of hours and minutes into the future to perform a reset reason Optional Specifies a reason for the reset Matrix rw reset in 5 20 Reset scheduled in 5 hours and 20 minutes Proceed with ...

Page 159: ...e Matrix module resets that module back to its factory defaults For a list of factory device default settings refer to Section 2 1 1 clear config mod num all Syntax Description Command Defaults None Command Mode Read Write Example This example shows how to clear configuration parameters in all modules NOTE This command will not affect the IP address mod num all Clears configuration parameters in a...

Page 160: ...ries Configuration Guide 2 2 12 Gathering Technical Support Information Purpose To gather common technical support information Command The command used to display technical support related information is listed below and described in the associated section as shown show support Section 2 2 12 1 ...

Page 161: ...rdware Section 2 2 3 8 show vlan Section 7 3 1 1 show vlan static Section 7 3 1 1 show logging all Section 11 2 1 1 show snmp counters Section 5 3 1 2 show port status Section 4 3 2 2 show spantree status Section 6 2 1 1 show spantree blockedports Section 6 2 2 9 show ip address Section 2 2 3 1 show ip route Section 11 2 5 6 show netstat Section 11 2 2 4 show arp Section 11 2 5 1 show system utili...

Page 162: ...t 1 as a support3 txt file There is no display example as the list of commands is quite lengthy Click on the hyper links in the Command Defaults section above which contains a list of the individual commands executed for more information and example outputs for the individual commands Matrix su show support slot1 support3 txt Writing output to file Writing show config output Writing Message Log ou...

Page 163: ...3 2 Important Notice Startup and general configuration of the Matrix Series device must occur from the switch CLI For details on how to start the device and configure general platform settings refer to Section 2 1 and Section 2 2 1 Once startup and general device settings are complete IP configuration and other router specific commands can be executed when the device is in router mode For details ...

Page 164: ...trix Router1 Section 2 3 3 Step 4 Enable global router configuration mode configure terminal Router Matrix Router1 Section 2 3 3 Step 5 Enable interface configuration mode using the interface of the routing module interface vlan vlan id loopback loopback id Router Matrix Router1 config Section 12 2 1 2 Step 6 Assign an IP address to the routing interface ip address ip address ip mask Router Matrix...

Page 165: ...gure routing Commands The commands used to review and configure routing are listed below and described in the associated sections as shown show router Section 2 3 2 1 set router Section 2 3 2 2 clear router Section 2 3 2 3 router Section 2 3 2 4 Matrix rw set router 1 Matrix rw router 1 Matrix Router1 enable Matrix Router1 configure terminal Enter configuration commands Matrix Router1 config inter...

Page 166: ...ch command Command Mode Read Write Example This example shows how to display which modules are configured for routing Table 2 10 provides an explanation of the command output Matrix rw show router Module VID IP Address Mask RUNNING 3 100 168 192 100 1 255 255 255 0 Table 2 10 show router Output Details Output What It Displays Module Number of the module configured for routing VID VLAN ID of the fi...

Page 167: ...ng on a module set router module Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to set module 1 as a routing module module Specifies the module to configure for routing In the Matrix DFE Gold Series chassis and N standalone devices routing must be configured on module 1 Matrix rw set router 1 ...

Page 168: ... to disable routing on a module clear router module Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to set disable routing on module 1 module Specifies the routing module to disable for routing Entering a value of 0 will disable all modules for routing Matrix rw clear router 1 ...

Page 169: ... set router command as described in Section 2 3 2 2 Routing may be configured on one or two modules In the Matrix DFE Gold Series chassis and N standalone devices routing must be configured on module 1 router module Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to enable routing on module 1 module Specifies the module on...

Page 170: ...urrent configuration mode the specific module and the interface types and numbers configured for routing on your system Table 2 11 Router CLI Configuration Modes Use this mode To Access method Resulting Prompt Privileged EXEC Mode Set system operating parameters Show configuration parameters Save copy configurations From the switch CLI 1 Type router module using a module number configured for rout...

Page 171: ...key chain Type key and the key id from Key Chain Configuration Mode Matrix Router1 config keychain key Route Map Configuration Mode Configure route maps 1 99 Type route map an id number and permit or deny from Global Configuration Mode Matrix Router1 config route map Policy Based Routing Configuration Mode Configure policy based routing for route maps 100 199 Type route map an id number and permit...

Page 172: ...al Configuration Mode Matrix Router1 ip local pool DHCP Pool Configuration Mode Configure a DHCP server address pool Type ip dhcp pool and the address pool name from Global Configuration Mode Matrix Router1 config dhcp pool DHCP Class Configuration Mode Configure a DHCP client class Type client class and the client class name from DHCP Pool or Host Configuration Mode Matrix Router1 config dhcp cla...

Page 173: ... Discovery Protocol on page 3 4 The Cisco Discovery Protocol described in Section 3 2 3 Cisco Discovery Protocol on page 3 12 The IEEE 802 1AB Link Layer Discovery Protocol LLDP and LLDP Media Endpoint Discovery Protcol LLDP MED described in Section 3 2 4 Link Layer Discovery Protocol and LLDP MED on page 3 25 3 2 DISCOVERY PROTOCOLS COMMAND SET 3 2 1 Displaying Neighbors Purpose The show neighbor...

Page 174: ...ort string Syntax Description Command Defaults If port string is not specified all Network Neighbor Discovery information will be displayed Command Type Switch command Command Mode Read Only Example This example shows how to display Network Neighbor Discovery information port string Optional Displays Network Neighbor Discovery information for a specific port For a detailed description of possible ...

Page 175: ... 22 1 ge 1 6 0001f45b601f 120 7 22 1 ciscodp 120 7 22 1 ge 3 1 00 01 f4 00 71 9c ge 1 25 lldp ge 3 2 00 01 f4 00 71 9c ge 1 26 lldp ge 3 5 00 01 f4 96 0f fd ge 3 1 lldp ge 3 6 00 01 f4 96 0f fd ge 3 2 lldp ge 3 7 0001f45b601f 120 7 22 1 ciscodp 120 7 22 1 ge 3 8 0001f45b601f 120 7 22 1 ciscodp 120 7 22 1 ge 4 1 00 01 f4 7f 16 39 ge 3 11 lldp ge 4 2 00 01 f4 5b 60 81 ge 1 7 lldp 1 12 2 2 ge 4 3 00 ...

Page 176: ...topology When enabled CDP allows Enterasys devices to send periodic PDUs about themselves to neighboring devices Commands The commands used to review and configure the CDP discovery protocol are listed below and described in the associated section as shown show cdp Section 3 2 2 1 set cdp state Section 3 2 2 2 set cdp auth Section 3 2 2 3 set cdp interval Section 3 2 2 4 set cdp hold time Section ...

Page 177: ...s example shows how to display CDP information for ports fe 1 1 through fe 1 9 port string Optional Displays CDP status for a specific port For a detailed description of possible port string values refer to Section 4 1 1 Matrix rw show cdp fe 1 1 9 CDP Global Status enabled CDP Versions Supported 0x0 0x38 CDP Hold Time 180 CDP Authentication Code 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0...

Page 178: ...onds at which CDP configuration messages can be set The default of 180 seconds can be reset with the set cdp hold time command For details refer to Section 3 2 2 5 CDP Authentication Code Authentication code for CDP discovery protocol The default of 00 00 00 00 00 00 00 00 can be reset using the set cdp auth command For details refer to Section 3 2 2 3 CDP Transmit Frequency Frequency in seconds a...

Page 179: ...e shows how to globally enable CDP This example shows how to enable the CDP for port fe 1 2 This example shows how to disable the CDP for port fe 1 2 auto disable enable Auto enables disables or enables the CDP protocol on the specified port s In auto enable mode which is the default mode for all ports a port automatically becomes CDP enabled upon receiving its first CDP message port string Option...

Page 180: ...t domains and will not be entered into each other s CDP neighbor tables A device with the default authentication code 16 null characters will recognize all devices no matter what their authentication code and enter them into its CDP neighbor table set cdp auth auth code Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to se...

Page 181: ...cy in seconds of the CDP discovery protocol set cdp interval frequency Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to set the CDP interval frequency to 15 seconds frequency Specifies the transmit frequency of CDP messages in seconds Valid values are from 5 to 900 seconds Matrix rw set cdp interval 15 ...

Page 182: ...lue for CDP discovery protocol configuration messages set cdp hold time hold time Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to set CDP hold time to 60 seconds hold time Specifies the hold time value for CDP messages in seconds Valid values are from 15 to 600 Matrix rw set cdp hold time 60 ...

Page 183: ...st be entered Command Type Switch command Command Mode Read Write Example This example shows how to reset the CDP state to auto enabled state Optional Resets the global CDP state to auto enabled port state port string Optional Resets the port state on specific port s to auto enabled interval Optional Resets the message frequency interval to 60 seconds hold time Optional Resets the hold time value ...

Page 184: ...ices The Cisco Discovery Protocol is also used to manage the Cisco module of the Convergence End Points CEP IP phone detection function described in Section 14 3 8 Commands The commands used to review and configure the Cisco Discovery Protocol are listed below and described in the associated section as shown show ciscodp Section 3 2 3 1 show ciscodp port info Section 3 2 3 2 set ciscodp status Sec...

Page 185: ...nation of the command output Matrix show ciscodp CiscoDP Auto Timer 60 Holdtime TTL 180 Device ID 00E06314BD57 Last Change WED FEB 08 01 07 45 2006 Table 3 2 show ciscodp Output Details Output What It Displays CiscoDP Whether Cisco Discovery Protocol is disabled or enabled globally Auto indicates that Cisco DP will be globally enabled only if Cisco DP PDUs are received Default setting of auto can ...

Page 186: ...devices will hold PDU transmissions from the sending device Default value of 180 can be changed with the set ciscodp holdtime command as described in Section 3 2 3 5 Device ID The MAC address of the switch Last Change The time that the last Cisco DP neighbor was discovered Table 3 2 show ciscodp Output Details Continued Output What It Displays ...

Page 187: ... Command Type Switch command Command Mode Read Only Example This example shows how to display Cisco Discovery Protocol information for ports fe 1 1 through fe 1 5 Table 3 3 provides an explanation of the command output port string Optional Displays information about specific port s For a detailed description of possible port string values refer to Section 4 1 1 Matrix su show ciscodp port info fe ...

Page 188: ...enabled can be changed using the set ciscodp port command Section 3 2 3 6 VVID Whether a Voice VLAN ID has been set on this port Default of none can changed using the set ciscodp port command Section 3 2 3 6 Trust The trust mode of the port Default of trusted can be changed using the set ciscodp port command Section 3 2 3 6 CoS The Class of Service priority value for untrusted traffic The default ...

Page 189: ... device set ciscodp status auto enable disable Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to enable Cisco Discovery Protocol on the device auto Globally enable only if CiscoDP PDUs are received enable Globally enables Cisco Discovery Protocol disable Globally disables Cisco Discovery Protocol Matrix set ciscodp status...

Page 190: ...tween Cisco Discovery Protocol PDU transmissions set ciscodp timer time Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to set the Cisco Discovery Protocol timer to 120 seconds time Specifies the number of seconds between CiscoDP PDU transmissions Valid values are 5 254 Matrix set ciscodp timer 120 ...

Page 191: ...the amount of time in seconds neighboring devices will hold PDU transmissions from the sending device set ciscodp holdtime time Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to set the Cisco Discovery Protocol hold time to 180 seconds time Specifies the time to live for CiscoDP PDUs Valid values are 10 255 Matrix set cis...

Page 192: ...d to the Cisco IP phone is unaffected by this setting If the switch port is configured to a Cisco DP trust state of trusted with the trust ext trusted parameter of this command this setting is communicated to the Cisco IP phone instructing it to allow the device connected to it to transmit traffic containing any CoS or Layer 2 802 1p marking If the switch port is configured to a Cisco DP trust sta...

Page 193: ...ust ext Set the extended trust mode on the port trusted Instruct attached phone to allow the device connected to it to transmit traffic containing any CoS or Layer 2 802 1p marking This is the default value untrusted Instruct attached phone to overwrite the 802 1p tag of traffic transmitted by the device connected to it to 0 by default or to the value configured with the cos ext parameter cos ext ...

Page 194: ...w to set the Cisco DP port voice VLAN ID to 3 on port fe 1 6 and enable the port operational state This example shows how to set the Cisco DP extended trust mode to untrusted on port fe 1 5 and set the CoS priority to 1 Matrix set ciscodp port status enable vvid 3 fe 1 6 Matrix set ciscodp port trust ext untrusted cos ext 1 fe 1 5 ...

Page 195: ...l CiscoDP enable status to default of auto timer Clear the time between CiscoDP PDU transmissions to default of 60 seconds holdtime Clear the time to live for CiscoDP PDU data to default of 180 seconds port Clear the CiscoDP port configuration status Clear the individual port operational status to the default of enabled vvid Clear the individual port voice VLAN for CiscoDP PDU transmission to 0 tr...

Page 196: ...very Protocols Command Set Cisco Discovery Protocol 3 24 Matrix NSA Series Configuration Guide This example shows how to clear the Cisco DP port status on port fe 1 5 Matrix clear ciscodp port status fe 1 5 ...

Page 197: ...ion databases and in the case of VoIP provision of E911 services Extended and automated power management of Power over Ethernet endpoints Inventory management allowing network administrators to track their network devices and to determine their characteristics such as manufacturer software and hardware versions and serial or asset numbers The information sent by an LLDP enabled device is extracted...

Page 198: ...rap Section 3 2 4 3 show lldp port tx tlv Section 3 2 4 4 show lldp port location info Section 3 2 4 5 Step Task Command s 1 Configure global system LLDP parameters set lldp tx interval set lldp hold multiplier set lldp trap interval set lldp med fast repeat clear lldp 2 Enable disable specific ports to Transmit and process received LLDPDUs Send LLDP traps Send LLDP MED traps set clear lldp port s...

Page 199: ... set lldp med fast repeat Section 3 2 4 12 set lldp port status Section 3 2 4 13 set lldp port trap Section 3 2 4 14 set lldp port med trap Section 3 2 4 15 set lldp port location info Section 3 2 4 16 set lldp port tx tlv Section 3 2 4 17 set lldp port network policy Section 3 2 4 18 clear lldp Section 3 2 4 19 clear lldp port status Section 3 2 4 20 clear lldp port trap Section 3 2 4 21 clear ll...

Page 200: ...shows how to display LLDP configuration information Matrix ro show lldp Message Tx Interval 30 Message Tx Hold Multiplier 4 Notification Tx Interval 5 MED Fast Start Count 3 Tx Enabled Ports ge 1 1 60 ge 2 1 24 ge 3 1 30 ge 4 1 12 ge 5 1 12 tg 6 1 2 fe 7 1 48 Rx Enabled Ports ge 1 1 60 ge 2 1 24 ge 3 1 30 ge 4 1 12 ge 5 1 12 tg 6 1 2 fe 7 1 48 Trap Enabled Ports ge 1 1 60 ge 2 1 24 ge 3 1 30 ge 4 ...

Page 201: ...lldp port status port string Syntax Description Command Defaults If port string is not specified LLDP status information will be displayed for all ports Command Type Switch command Command Mode Read Only Example This example shows how to display LLDP port status information for all ports port string Optional Displays LLDP status for one or a range of ports Matrix ro show lldp port status Tx Enable...

Page 202: ...ith the set lldp port trap command and to send LLDP MED notifications with the set lldp port med trap command show lldp port trap port string Syntax Description Command Defaults If port string is not specified LLDP port trap information will be displayed for all ports Command Type Switch command Command Mode Read Only Example This example shows how to display LLDP port trap information for all por...

Page 203: ...formation will be displayed for all ports Command Type Switch command Command Mode Read Only Example This example shows how to display transmit TLV information for three ports port string Optional Displays information about TLV configuration for one or a range of ports Matrix ro show lldp port tx tlv ge 1 1 3 Means TLV is supported and enabled on this port o Means TLV is supported on this port Mea...

Page 204: ... lldp port location info port string Syntax Description Command Defaults If port string is not specified port location configuration information will be displayed for all ports Command Type Switch command Command Mode Read Only Example This example shows how to display port location information for three ports port string Optional Displays port location information for one or a range of ports Matr...

Page 205: ...r all ports Command Type Switch command Command Mode Read Only Example This example shows how to display the local system information stored for port fe 4 1 Table 3 4 describes the output fields of this command port string Optional Displays local system information for one or a range of ports Matrix rw show lldp port local info fe 4 1 Local Port fe 4 1 Local Port Id fe 4 1 Port Desc 100BASE TX RJ2...

Page 206: ... 5 video conferencing tagged 10 3 5 streaming video tagged 10 3 5 video signaling tagged 10 3 5 ECS ELIN 1234567890123456789012345 PoE Device PSE device PoE Power Source primary PoE MDI Supported Enabled yes yes PoE Pair Controllable Used false spare PoE Power Class 2 PoE Power Limit mW 15400 PoE Power Priority high Table 3 4 show lldp port local info Output Details Output Field What it Displays L...

Page 207: ... Speed Duplex Type IEEE 802 3 Extensions MAC PHY Configuration Status TLV Lists the operational MAU type duplex and speed of the port If the received TLV indicates that auto negotiation is supported but not enabled these values will be used by the port Max Frame Size bytes IEEE 802 3 Extensions Maximum Frame Size TLV Value indicates maximum frame size capability of the device s MAC and PHY In norm...

Page 208: ...SE PoE Power Source LLDP MED Extensions Extended Power via MDI TLV Displayed only when a port has PoE capabilities Value can be primary or backup indicating whether the PSE is using its primary or backup power source PoE MDI Supported Enabled IEEE 802 3 Extensions Power via MDI TLV Displayed only when a port has PoE capabilities Indicates whether sending the Power via MDI TLV is supported enabled ...

Page 209: ...bilities Indicates the total power the port is capable of sourcing over a maximum length cable based on its current configuration in milli Watts PoE Power Priority LLDP MED Extensions Extended Power via MDI TLV Displayed only when a port has PoE capabilities Indicates the power priority configured on the port Value can be critical high or low Table 3 4 show lldp port local info Output Details Outp...

Page 210: ...e Read Only Example This example shows how to display the remote system information stored for port ge 3 1 The remote system information was received from an IP phone which is an LLDP MED enabled device Table 3 5 describes the output fields that are unique to the remote system information displayed for a MED enabled device port string Optional Displays remote system information for one or a range ...

Page 211: ...ble 3 5 show lldp port remote info Output Display Output Field What it Displays Remote Port Id Displays whatever port Id information received in the LLDPDU from the remote device In this case the port Id is MAC address of remote device Device Type Mandatory LLDP MED Capabilities TLV Displayed only when the port is connected to an LLDP MED capable endpoint device Hardware Revision LLDP MED Extensio...

Page 212: ...all values default and non default are displayed for the specified ports all Display information about all network policy applications voice Display information about only the voice application type voice signaling Display information about only the voice signaling application type guest voice Display information about only the guest voice application type guest voice signaling Display information...

Page 213: ...y information for ge 1 1 Matrix ro show lldp port network policy all ge 1 1 Ports Application State Tag Vlan Id Cos Dscp ge 1 1 voice enabled untagged 1 0 0 voice signaling enabled untagged 1 0 0 guest voice enabled untagged 1 0 0 guest voice signaling enabled untagged 1 0 0 softphone voice enabled untagged 1 0 0 video conferencing enabled untagged 1 0 0 streaming video enabled untagged 1 0 0 vide...

Page 214: ...ssions initiated by changes in the LLDP local system information set lldp tx interval frequency Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example sets the transmit interval to 20 seconds frequency Specifies the number of seconds between transmissions of LLDP frames Value can range from 5 to 32 768 seconds The default is 30 seconds Mat...

Page 215: ...alue set lldp hold multiplier multiplier val Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example sets the transmit interval to 20 seconds and the hold multiplier to 5 which will configure a time to live of 100 to be used in the TTL field in the LLDPDU header multiplier val Specifies the multiplier to apply to the transmit interval to de...

Page 216: ...tions are sent when a remote system change has been detected set lldp trap interval frequency Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example sets the minimum interval between LLDP traps to 10 seconds frequency Specifies the minimum time between LLDP trap transmissions in seconds The value can range from 5 to 3600 seconds The defaul...

Page 217: ...LLDP MED TLVs at a fast start rate on that port Use this command to set the number of successive LLDPDUs with LLDP MED TLVs to be sent for one complete fast start interval set lldp med fast repeat count Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example sets the number of fast start LLDPDUs to be sent to 4 count Specifies the number of...

Page 218: ...and Mode Read Write Example This example enables both transmitting LLDPDUs and receiving and processing LLDPDUs from remote systems on ports ge 1 1 through ge 1 6 tx enable Enable transmitting LLDPDUs on the specified ports rx enable Enable receiving and processing LLDPDUs from remote systems on the specified ports both Enable both transmitting and processing received LLDPDUs on the specified port...

Page 219: ...d set lldp port trap enable disable port string Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example enables transmitting LLDP traps on ports ge 1 1 through ge 1 6 enable Enable transmitting LLDP traps on the specified ports disable Disable transmitting LLDP traps on the specified ports port string Specifies the port or range of ports to...

Page 220: ...s been attached or removed from the port set lldp port med trap enable disable port string Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example enables transmitting LLDP MED traps on ports ge 1 1 through ge 1 6 enable Enable transmitting LLDP MED traps on the specified ports disable Disable transmitting LLDP MED traps on the specified po...

Page 221: ...and Command Mode Read Write Example After you configure a location information value you must also configure the port to send the Location Information TLV with the set lldp port tx tlv command This example configures the ELIN identifier 5551234567 on ports ge 1 1 through ge 1 6 and then configures the ports to send the Location Information TLV elin Specifies that the ECS ELIN data format is to be ...

Page 222: ...ue sent is the administratively assigned name for the system sys desc System Description optional basic LLDP TLV Value sent is sysDescr object defined in RFC 3418 sys cap System Capabilities optional basic LLDP TLV For a network connectivity device value sent can be bridge and or router mgmt addr Management Address optional basic LLDP TLV Value sent is IPv4 address of host interface vlan id Port V...

Page 223: ...nd PHY med cap LLDP MED Capabilities TLV Value sent indicates the capabilities whether the device supports location information network policy extended power via MDI and Device Type network connectivity device of the sending device med pol LLDP MED Network Policy TLV Values sent include application name VLAN type tagged or untagged VLAN ID and both Layer 2 and Layer 3 priorities associated with ap...

Page 224: ...Guide Command Defaults None Command Type Switch command Command Mode Read Write Example This example configures the management address MED capability MED network policy and MED location identification TLVs to be sent in LLDPDUs by port ge 1 1 Matrix rw set lldp port tx tlv mgmt addr med cap med pol med loc ge 1 1 ...

Page 225: ...his application will not be advertised if the voice application is configured with the same parameters guest voice Configure the guest voice application guest voice signaling Configure the guest voice signaling application This application will not be advertised if the guest voice application is configured with the same parameters softphone voice Configure the softphone voice application video con...

Page 226: ...gure the port to send the Network Policy TLV with the set lldp port tx tlv command vid vlan id dot1p Optional VLAN identifier for the port The value of vlan id can range from 1 to 4094 Use dot1p if the device is using priority tagged frames meaning that only the IEEE 802 1D priority level is significant and the default PVID of the ingress port is used cos cos value Optional Specifies the Layer 2 p...

Page 227: ...s Configuration Guide 3 55 Example This example configures the voice application TLV on port fe 2 1 and then configures the port to send the Network Policy TLV Matrix rw set lldp port network policy voice state enable tag tagged vlan dot1p fe 2 1 Matrix rw set lldp port tx tlv med pol fe 2 1 ...

Page 228: ...lue of 30 seconds all Return all LLDP configuration parameters to their default values including port LLDP configuration parameters tx interval Return the number of seconds between transmissions of LLDP frames to the default of 30 seconds hold multiplier Return the multiplier to apply to the transmit interval to determine the time to live value to the default value of 4 trap interval Return the mi...

Page 229: ...h both transmitting and processing received LLDPDUs are enabled clear lldp port status port string Syntax Description Command Defaults None Command Type Switch command Command Mode Read write Example This example returns port ge 1 1 to the default state of enabled for both transmitting and processing received LLDPDUs port string Specifies the port or range of ports to be affected Matrix rw clear l...

Page 230: ...rn the port LLDP trap setting to the default value of disabled clear lldp port trap port string Syntax Description Command Defaults None Command Type Switch command Command Mode Read write Example This example returns port ge 1 1 to the default LLDP trap state of disabled port string Specifies the port or range of ports to be affected Matrix rw clear lldp port trap ge 1 1 ...

Page 231: ... port LLDP MED trap setting to the default value of disabled clear lldp port med trap port string Syntax Description Command Defaults None Command Type Switch command Command Mode Read write Example This example returns port ge 1 1 to the default LLDP MED trap state of disabled port string Specifies the port or range of ports to be affected Matrix rw clear lldp port med trap ge 1 1 ...

Page 232: ...ull clear lldp port location info elin port string Syntax Description Command Defaults None Command Type Switch command Command Mode Read write Example This example returns the location information ELIN value on port ge 1 1 to the default value of null elin Specifies that the ECS ELIN location information value should be cleared port string Specifies the port or range of ports to be affected Matri...

Page 233: ...be applied to the guest voice application guest voice signaling Command will be applied to the guest voice signaling application softphone voice Command will be applied to the softphone voice application video conferencing Command will be applied to the video conferencing application streaming video Command will be applied to the streaming video application video signaling Command will be applied ...

Page 234: ...le This example returns all network policy values for all applications on port ge 1 1 to their default values dscp Optional Clear the DSCP value to be used to provide Diffserv node behavior for the application being configured to the default value of 0 A value of 0 represents use of the default DSCP value as defined in RFC 2475 port string Specifies the port or range of ports to be affected Matrix...

Page 235: ...TLV from being transmitted in LLDPDUs sys desc Disable the System Description optional basic LLDP TLV from being transmitted in LLDPDUs sys cap Disable the System Capabilities optional basic LLDP TLV from being transmitted in LLDPDUs mgmt addr Disable the Management Address optional basic LLDP TLV from being transmitted in LLDPDUs vlan id Disable the Port VLAN ID IEEE 802 1 Extensions TLV from bei...

Page 236: ...le the Link Aggregation IEEE 802 3 Extensions TLV from being transmitted in LLDPDUs max frame Disable the Maximum Frame Size IEEE 802 3 Extensions TLV from being transmitted in LLDPDUs med cap Disable the LLDP MED Capabilities TLV from being transmitted in LLDPDUs med pol Disable the LLDP MED Network Policy TLV from being transmitted in LLDPDUs med loc Disable the LLDP MED Location Identification ...

Page 237: ...xpansion module slots The numbering scheme used to identify the switch ports on the front panel and the expansion module s installed is interface type dependent N Series Standalone Switch Ports The N12G4072 52 standalone device provides the following types of switch port connections Forty eight fixed RJ45 10 100 1000 Mbps 1000BASE T Fast Ethernet copper ports Four SFP slots that provide the option...

Page 238: ...terfaces or lo for the local software loopback interface bp for FTM1 backplane ports pc for the internal ports which connect to the on board processor of an installed Matrix Security Module rtr for router interface Port group can be 1 for the lower fixed front panel ports 2 for the middle fixed front panel ports or 3 for the top fixed front panel ports and the Mini GBIC uplink ports Port number ca...

Page 239: ...rts 1 and 3 and Gigabit Ethernet port 11 in the module in chassis slot 1 This example shows the port string syntax for specifying Fast Ethernet ports 1 3 7 8 9 and 10 in the module in chassis slot 1 This example shows the port string syntax for specifying all 1 Gigabit Ethernet ports in the standalone device This example shows the port string syntax for specifying all ports of any interface type i...

Page 240: ...ng switch port status Section 4 3 2 7 Disabling enabling and naming switch ports Section 4 3 3 8 Setting switch port speed and duplex mode Section 4 3 4 9 Enabling disabling jumbo frame support Section 4 3 5 10 Setting auto negotiation and advertised ability Section 4 3 6 11 Setting flow control Section 4 3 7 12 Configuring link traps and link flap detection Section 4 3 8 13 Configuring broadcast ...

Page 241: ...iated section as shown show console Section 4 3 1 1 clear console Section 4 3 1 2 show console baud Section 4 3 1 3 set console baud Section 4 3 1 4 clear console baud Section 4 3 1 5 show console flowcontrol Section 4 3 1 6 set console flowcontrol Section 4 3 1 7 clear console flowcontrol Section 4 3 1 8 show console bits Section 4 3 1 9 set console bits Section 4 3 1 10 clear console bits Sectio...

Page 242: ...tax Description Command Defaults If port string is not specified properties for all console ports will be displayed Command Type Switch command Command Mode Read Only Example This example shows how to display properties for console port com 1 1 port string Optional Displays properties for specific console port s Matrix rw show console com 1 1 Port Baud Flow Bits StopBits Parity Autobaud com 1 1 38...

Page 243: ...ore console ports clear console port string Syntax Description Command Defaults If port string is not specified properties for all console ports will be cleared Command Type Switch command Command Mode Read Only Example This example shows how to clear properties for console port com 1 1 port string Optional Clears properties for specific console port s Matrix rw clear console com 1 1 ...

Page 244: ...how console baud port string Syntax Description Command Defaults If port string is not specified baud rate for all console ports will be displayed Command Type Switch command Command Mode Read Only Example This example shows how to display the baud rate for console port com 1 1 port string Optional Displays baud rate for specific console port s Matrix rw show console baud com 1 1 Port Baud com 1 1...

Page 245: ...ription Command Defaults If port string is not specified baud rate will be set for all console ports Command Type Switch command Command Mode Read Write Example This example shows how to set the baud rate to 19200 on console port com 1 1 rate Sets the console baud rate Valid values are 300 600 1200 2400 4800 5760 9600 14400 19200 38400 and 115200 port string Optional Sets baud rate for specific po...

Page 246: ...re console ports clear console baud port string Syntax Description Command Defaults If port string is not specified baud rate will be cleared for all console ports Command Type Switch command Command Mode Read Write Example This example shows how to clear the baud rate on console port com 1 1 port string Optional Clears baud rate for specific port s Matrix rw clear console baud com 1 1 ...

Page 247: ...wcontrol port string Syntax Description Command Defaults If port string is not specified the flow control setting for all console ports will be displayed Command Type Switch command Command Mode Read Only Example This example shows how to display the flow control setting for console port com 1 1 port string Optional Displays the flow control setting for specific console port s Matrix rw show conso...

Page 248: ...tring is not specified flow control will be set for all console ports Command Type Switch command Command Mode Read Write Example This example shows how to enable DSR DTR flow control for console port com 1 1 none Disables all hardware flow control ctsrts Enables CTS RTS Clear to Send Request to Send hardware flow control dsrdtr Enables DSR DTR Data Set Ready Data Terminal Ready hardware flow cont...

Page 249: ...nsole ports clear console flowcontrol port string Syntax Description Command Defaults If port string is not specified flow control will be cleared for all console ports Command Type Switch command Command Mode Read Write Example This example shows how to clear flow control for console port com 1 1 port string Optional Clears flow control for specific console port s Matrix rw clear console flowcont...

Page 250: ... port string Syntax Description Command Defaults If port string is not specified the bits per character setting for all console ports will be displayed Command Type Switch command Command Mode Read Only Example This example shows how to display the bits per character setting for console port com 1 1 port string Optional Displays the bits per character setting for specific console port s Matrix rw ...

Page 251: ...ing Syntax Description Command Defaults If port string is not specified bits per character will be set for all console ports Command Type Switch command Command Mode Read Write Example This example shows how to set bits per character to 5 for console port com 1 1 num bits Specifies the number of bits per character Valid values are 5 6 7 and 8 port string Optional Sets bits per character for specif...

Page 252: ...sole ports clear console bits port string Syntax Description Command Defaults If port string is not specified bits per character will be cleared for all console ports Command Type Switch command Command Mode Read Write Example This example shows how to clear bits per character for console port com 1 1 port string Optional Clears bits per character for specific console port s Matrix rw clear consol...

Page 253: ...ole stopbits port string Syntax Description Command Defaults If port string is not specified stop bits per character will be displayed for all console ports Command Type Switch command Command Mode Read Write Example This example shows how to show stop bits per character on com 1 1 port string Optional Displays stop bits for specific console port s Matrix rw show console stopbits com 1 1 Port Stop...

Page 254: ...f two port string Syntax Description Command Defaults If port string is not specified stop bits per character will be set for all console ports Command Type Switch command Command Mode Read Write Example This example shows how to set stop bits per character to 2 for console port com 1 1 one oneandhalf two Sets stop bits per character to 1 1 5 or 2 port string Optional Sets stop bits for specific c...

Page 255: ...ports clear console stopbits port string Syntax Description Command Defaults If port string is not specified stop bits per character will be cleared for all console ports Command Type Switch command Command Mode Read Write Example This example shows how to clear stop bits per character for console port com 1 1 port string Optional Clears stop bits for specific console port s Matrix rw clear consol...

Page 256: ...ports show console parity port string Syntax Description Command Defaults If port string is not specified parity type for all console ports will be displayed Command Type Switch command Command Mode Read Only Example This example shows how to display parity type for console port com 1 1 port string Optional Displays parity type for specific console port s Matrix rw show console parity com 1 1 Port...

Page 257: ...tring is not specified parity type will be set for all console ports Command Type Switch command Command Mode Read Write Example This example shows how to enable even parity checking on console port com 1 1 none Specifies that no parity checking will be performed odd Enables odd parity checking even Enables even parity checking mark Enables mark parity checking space Enables space parity checking ...

Page 258: ...ole ports clear console parity port string Syntax Description Command Defaults If port string is not specified parity type will be cleared for all console ports Command Type Switch command Command Mode Read Write Example This example shows how to clear parity type on console port com 1 1 port string Optional Clears the parity type for specific console port s Matrix rw clear console parity com 1 1 ...

Page 259: ...stical information about traffic received and transmitted through one or all switch ports on the device Commands The commands used to review port status are listed below and described in the associated sections as shown show port Section 4 3 2 1 show port status Section 4 3 2 2 show port counters Section 4 3 2 3 show port operstatuscause Section 4 3 2 4 clear port operstatuscause Section 4 3 2 5 ...

Page 260: ...ts If port string is not specified operational status information for all ports will be displayed Command Type Switch command Command Mode Read Only Examples This example shows how to display operational status information for 1 Gigabit Ethernet port 14 in 3 port string Optional Displays operational status for specific port s For a detailed description of possible port string values refer to Secti...

Page 261: ...orts will be displayed Command Type Switch command Command Mode Read Only Example This example shows how to display status information for port ge 3 1 through 4 Table 4 1 provides an explanation of the command output port string Optional Displays status for specific port s For a detailed description of possible port string values refer to Section 4 1 1 interesting Optional Displays only ports with...

Page 262: ...wn Admin Status Whether the specified port is enabled up or disabled down For details on using the set port disable command to change the default port status of enabled refer to Section 4 3 3 1 For details on using the set port enable command to re enable ports refer to Section 4 3 3 2 Speed Operational speed in Mbps or Kbps of the specified port For details on using the set port speed command to ...

Page 263: ...specified counter statistics will be displayed for all ports If mib2 or switch are not specified all counter statistics will be displayed for the specified port s Command Type Switch command Command Mode Read Only port string Optional Displays counter statistics for specific port s For a detailed description of possible port string values refer to Section 4 1 1 switch mib2 Optional Displays switch...

Page 264: ...ort fe 3 1 MIB2 Interface 1 Bridge Port 2 No counter discontinuity time MIB2 Interface Counters In Octets 0 In Unicast Pkts 0 In Multicast Pkts 0 In Broadcast Pkts 0 In Discards 0 In Errors 0 In Unknown Protocol 0 Out Octets 0 Out Unicasts Pkts 0 Out Multicast Pkts 0 Out Broadcast Pkts 0 Out Errors 0 Out Queue Length 256 802 1Q Switch Counters Frames Received 0 Frames Transmitted 0 Frames Filtered...

Page 265: ...ort counters Output Details Output What It Displays Port Port designation For a detailed description of possible port string values refer to Section 4 1 1 MIB2 Interface MIB2 interface designation Bridge Port IEEE 802 1D bridge port designation MIB2 Interface Counters MIB2 network traffic counts 802 1Q Switch Counters Counts of frames received transmitted and filtered ...

Page 266: ...ional Displays ports down due to link loss linkflap Optional Displays ports down due to link flap violation For more information on configuring the link flap function refer to Section 4 3 8 self Optional Displays ports down due to a hardware cause init Optional Displays ports in initialization phase flowlimit Optional Displays ports down due to a flow limiting constraint For more information on co...

Page 267: ...mple shows how to display operation status causes for ports ge 1 1 through 6 In this case port ge 1 6 is down due to a link loss lag Optional Displays ports dormant due to Link Aggregation Group LAG membership For more information on configuring LAG refer to Section 4 3 8 Matrix rw show port operstatuscause ge 1 1 6 A L L D D L F S I F O M O L E N L P C T L I S A L I O O O 1 A Port N S P F T W L S...

Page 268: ...erridden for all ports Command Type Switch command Command Mode Read Write Example This example shows how to override all operational causes on all ports port string Optional Overrides causes for specific port s For a detailed description of possible port string values refer to Section 4 1 1 admin Optional Resets adminStatus to up linkflap Optional Overrides link flap violation status flowlimit Op...

Page 269: ...re enabled at device startup You may want to disable ports for security or to troubleshoot network issues Commands The commands used to enable and disable ports are listed below and described in the associated section as shown set port disable Section 4 3 3 1 set port enable Section 4 3 3 2 show port alias Section 4 3 3 3 set port alias Section 4 3 3 4 show forcelinkdown Section 4 3 3 5 set forcel...

Page 270: ...e one or more ports set port disable port string Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to disable Fast Ethernet port 1 in port group 1 port string Specifies the port s to disable For a detailed description of possible port string values refer to Section 4 1 1 Matrix rw set port disable fe 1 1 ...

Page 271: ...le one or more ports set port enable port string Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to enable Fast Ethernet port 3 in port group 1 port string Specifies the port s to enable For a detailed description of possible port string values refer to Section 4 1 1 Matrix rw set port enable fe 1 3 ...

Page 272: ...d Defaults If port string is not specified aliases for all ports will be displayed Command Type Switch command Command Mode Read Only Example This example shows how to display alias information for fe 3 1 In this case an alias has not been assigned port string Optional Displays alias name s for specific port s For a detailed description of possible port string values refer to Section 4 1 1 Matrix ...

Page 273: ...faults If string is not specified the alias assigned to the port will be cleared Command Type Switch command Command Mode Read Write Example This example shows how to assign the alias management to fe 3 1 port string Specifies the port to which an alias will be assigned For a detailed description of possible port string values refer to Section 4 1 1 string Optional Assigns a text string name to th...

Page 274: ...e this command to display the status of the force link down function show forcelinkdown Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Only Example This example shows how to display the status of the force link down function Matrix rw show forcelinkdown ForceLinkDown feature is globally enabled ...

Page 275: ...function When enabled this forces ports in the operstatus down state to become disabled set forcelinkdown enable disable Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to enable the force link down function enable disable Enables or disables the force link down function on all ports Matrix rw set forcelinkdown enable ...

Page 276: ...celinkdown Use this command to resets the force link down function to the default state of disabled clear forcelinkdown Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to reset the force link down function to disabled Matrix rw clear forcelinkdown ...

Page 277: ...x mode Half for half duplex or Full for full duplex for one or more ports Commands The commands used to review and set port speed and duplex mode are listed below and described in the associated section as shown show port speed Section 4 3 4 1 set port speed Section 4 3 4 2 show port duplex Section 4 3 4 3 set port duplex Section 4 3 6 NOTE These settings only take effect on ports that have auto n...

Page 278: ...port string is not specified default speed settings for all ports will display Command Type Switch command Command Mode Read Only Example This example shows how to display the default speed setting for 1 Gigabit Ethernet port 14 in port group 3 port string Optional Displays default speed setting s for specific port s For a detailed description of possible port string values refer to Section 4 1 1 ...

Page 279: ... string 10 100 1000 Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to set Fast Ethernet port 3 in port group 3 to a port speed of 10 Mbps port string Specifies the port s for which to a speed value will be set For a detailed description of possible port string values refer to Section 4 1 1 10 100 1000 Specifies the port s...

Page 280: ... port string is not specified default duplex settings for all ports will be displayed Command Type Switch command Command Mode Read Only Example This example shows how to display the default duplex setting for 1 Gigabit Ethernet port 14 in port group 3 port string Optional Displays default duplex setting s for specific port s For a detailed description of possible port string values refer to Secti...

Page 281: ...ommand Type Switch command Command Mode Read Write Example This example shows how to set Fast Ethernet port 17 in port group 1 to full duplex NOTE This command will only take effect on ports that have auto negotiation disabled port string Specifies the port s for which duplex type will be set For a detailed description of possible port string values refer to Section 4 1 1 full half Sets the port s...

Page 282: ...ew enable and disable jumbo frame support on one or more ports This allows Gigabit Ethernet ports to transmit frames up to 10 KB in size Commands The commands used to review enable and disable jumbo frame support are listed below and described in the associated section as shown show port jumbo Section 4 3 5 1 set port jumbo Section 4 3 5 2 clear port jumbo Section 4 3 5 3 ...

Page 283: ...ults If port string is not specified jumbo frame support status for all ports will display Command Type Switch command Command Mode Read Only Example This example shows how to display the status of jumbo frame support for ge 1 1 port string Optional Displays the status of jumbo frame support for specific port s For a detailed description of possible port string values refer to Section 4 1 1 Matrix...

Page 284: ...support for 1 Gigabit Ethernet port 14 in port group 3 This example shows how to enable jumbo frame support for router in slot 2 router instance 1 NOTE By default jumbo frame support is disabled on all ports and path MTU discovery is enabled When jumbo frame support is enabled path MTU discovery should not be disabled For details on setting the path MTU state refer to Section 2 2 9 2 enable disabl...

Page 285: ...nd Defaults If port string is not specified jumbo frame support status will be reset on all ports Command Type Switch command Command Mode Read Write Example This example shows how to reset jumbo frame support status for 1 Gigabit Ethernet port 14 in port group 3 port string Optional Specifies the port s on which to reset jumbo frame support status to enabled For a detailed description of possible...

Page 286: ...rmal operation with all capabilities enabled advertised ability enables a port to advertise that it has the ability to operate in any mode The user may choose to configure a port so that only a portion of its capabilities are advertised and the others are disabled Commands The commands used to review and configure auto negotiation and advertised ability are listed below and described in the associ...

Page 287: ...faults If port string is not specified auto negotiation status for all ports will be displayed Command Type Switch command Command Mode Read Only Example This example shows how to display auto negotiation status for 1 Gigabit Ethernet port 14 in port group 3 port string Optional Displays auto negotiation status for specific port s For a detailed description of possible port string values refer to ...

Page 288: ... disable Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to disable auto negotiation on 1 Gigabit Ethernet port 3 in port group 14 port string Specifies the port s for which to enable or disable auto negotiation For a detailed description of possible port string values refer to Section 4 1 1 enable disable Enables or disab...

Page 289: ... specified the mode for all ports will be displayed Command Type Switch command Command Mode Read Only Example This example shows how to display MDI MDIX mode for 1 Gigabit Ethernet port 14 in port group 3 port string Optional Displays mode for specific port s For a detailed description of possible port string values refer to Section 4 1 1 all Displays port s MDI and MDIX admin status auto Display...

Page 290: ...t specified mode will be set for all ports Command Type Switch command Command Mode Read Write Example This example shows how to force 1 Gigabit Ethernet port 14 in port group 3 to MDIX configuration port string Optional Sets mode for specific port s For a detailed description of possible port string values refer to Section 4 1 1 auto Sets port s to automatically determine MDI MDIX mdi Forces port...

Page 291: ...dix port string Syntax Description Command Defaults If port string is not specified mode will be reset for all ports Command Type Switch command Command Mode Read Write Example This example shows how to reset 1 Gigabit Ethernet port 14 in port group 3 to auto MDI MDIX configuration port string Optional Resets mode for specific port s For a detailed description of possible port string values refer ...

Page 292: ...e Read Only Example This example shows how to display advertised ability fe 1 16 Table 4 3 provides an explanation of the command output port string Optional Displays advertised ability for specific port s For a detailed description of possible port string values refer to Section 4 1 1 Matrix rw show port advertise fe 1 16 fe 1 16 capability advertised remote 10BASE T yes yes no 10BASE TFD yes yes...

Page 293: ...00txfd 100BASE TX full duplex mode 1000x 1000BASE X LX SX CXhalfduplexmode 1000xfd 1000BASE X LX SX CX full duplex mode 1000t 1000BASE T half duplex mode 1000tfd 1000BASE T full duplex mode other Other modes pause PAUSE for full duplex links apause Asymmetric PAUSE for full duplex links spause Symmetric PAUSE for full duplex links bpause Asymmetric and Symmetric PAUSE for full duplex links adverti...

Page 294: ... of possible port string values refer to Section 4 1 1 10t Optional Advertises 10BASE T half duplex mode 10tfd Optional Advertises 10BASE T full duplex mode 100tx Optional Advertises 100BASE TX half duplex mode 100txfd Optional Advertises 100BASE TX full duplex mode 1000x Optional Advertises 1000BASE X LX SX CX half duplex mode 1000xfd Optional Advertises 1000BASE X LX SX CX full duplex mode 1000t...

Page 295: ...Auto Negotiation and Advertised Ability Matrix NSA Series Configuration Guide 4 59 Command Mode Read Write Example This example shows how to set fe 3 4 to advertise 100BASE TX full duplex operation Matrix rw set port advertise fe 3 4 100txfd ...

Page 296: ...lears 100BASE TX half duplex mode from the port s advertised ability 100txfd Optional Clears 100BASE TX full duplex mode from the port s advertised ability 1000x Optional Clears 1000BASE X LX SX CX half duplex mode from the port s advertised ability 1000xfd Optional Clears 1000BASE X LX SX CX full duplex mode from the port s advertised ability 1000t Optional Clears 1000BASE T half duplex mode from...

Page 297: ...ries Configuration Guide 4 61 Command Defaults If not specified all modes of advertised ability will be cleared Command Type Switch command Command Mode Read Write Example This example shows how to reset all advertised ability to default settings on fe 3 4 Matrix rw clear port advertise fe 3 4 ...

Page 298: ... control is used to manage the transmission between two devices as specified by IEEE 802 3x to prevent receiving ports from being overwhelmed by frames from transmitting devices Commands The commands used to review and set port flow control are listed below and described in the associated section as shown show port flowcontrol Section 4 3 7 1 set port flowcontrol Section 4 3 7 2 ...

Page 299: ...Displays flow control state for specific port s For a detailed description of possible port string values refer to Section 4 1 1 Matrix rw show port flowcontrol fe 1 1 5 Port TX Admin TX Oper RX Admin RX Oper TX Pause Count RX Pause Count fe 1 1 enabled disabled enabled disabled 0 0 fe 1 2 enabled disabled enabled disabled 0 0 fe 1 3 enabled enabled enabled enabled 0 0 fe 1 4 enabled disabled enab...

Page 300: ... Whether or not the port is administratively enabled or disabled for acknowledging received flow control frames RX Oper Whether or not the port is operationally enabled or disabled for acknowledging received flow control frames TX Pause Count Number of Pause frames transmitted RX Pause Count Number of Pause frames received Table 4 4 show port flow control Output Details Continued Output What It Di...

Page 301: ...nd Type Switch command Command Mode Read Write Example This example shows how to enable ports fe 3 1 through 5 to send and receive flow control packets port string Specifies port s for which to enable or disable flow control For a detailed description of possible port string values refer to Section 4 1 1 receive send both Enables or disables the port s to receive send or receive and send flow cont...

Page 302: ...ally send notification trap to stop such a condition If left unresolved the link flapping condition can be detrimental to network stability because it can trigger Spanning Tree and routing table recalculation Commands The commands used to configure link flap detection are listed below and described in the associated section as shown show port trap Section 4 3 8 1 set port trap Section 4 3 8 2 show...

Page 303: ...f port string is not specified the trap status for all ports will be displayed Command Type Switch command Command Mode Read Write Example This example shows how to display link trap status for fe 3 1 through 4 port string Optional Displays link trap status for specific port s For a detailed description of possible port string values refer to Section 4 1 1 Matrix rw show port trap fe 3 1 4 Link tr...

Page 304: ... port string enable disable Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to disable link traps for Fast Ethernet port 3 in port group 3 port string Specifies the port s for which to enable or disable link trap messages For a detailed description of possible port string values refer to Section 4 1 1 enable disable Enable...

Page 305: ...ics portsupported Displays ports which can support the link flap detection function actsupported Displays link flap detection actions supported by system hardware maximum Displays the maximum allowed linkdowns per 10 seconds supported by system hardware downports Displays ports disabled by link flap detection due to a violation action Displays linkflap actions taken on violating port s operstatus ...

Page 306: ...lap detection due to a violation This example shows how to display the link flap parameters table violations Displays the number of link flap violations since the last reset port string Optional Displays information for specific port s For a detailed description of possible port string values refer to Section 4 1 1 Matrix rw show linkflap globalstate Linkflap feature globally disabled Matrix rw sh...

Page 307: ... S Syslog entry will be generated T SNMP trap will be generated Threshold Number of link down transitions necessary to trigger the link flap action Interval Time interval in seconds for accumulating link down transitions Downtime Interval in seconds port s will be held down after a link flap violation Matrix rw show linkflap metrics Port LinkStatus CurrentCount TotalCount TimeElapsed Violations ge...

Page 308: ...Detection 4 72 Matrix NSA Series Configuration Guide TimeElapsed Time in seconds since the last link down event Violations Number of link flap violations on listed ports since system start Table 4 6 show linkflap metrics Output Details Continued Output What It Displays ...

Page 309: ...all ports If disabled globally after per port settings have been configured using the commands later in this chapter per port settings will be retained set linkflap globalstate disable enable Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Examples This example shows how to globally enable the link trap detection function disable enable Globally disable...

Page 310: ...n Command Defaults If port string is not specified all ports will be disabled or enabled Command Type Switch command Command Mode Read Write Example This example shows how to enable the link trap monitoring on all ports disable enable Disables or enables the link flap detection function port string Optional Specifies the port s on which to disable or enable monitoring For a detailed description of...

Page 311: ...al_value Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Examples This example shows how to set the link flap interval on port fe 1 4 to 1000 seconds port string Specifies the port s on which to set the link flap interval For a detailed description of possible port string values refer to Section 4 1 1 interval_value Specifies an interval in seconds A va...

Page 312: ...and Type Switch command Command Mode Read Write Examples This example shows how to set the link flap violation action on port fe 1 4 to generating a Syslog entry port string Specifies the port s on which to set the link flap action For a detailed description of possible port string values refer to Section 4 1 1 disableInterface gensyslogentry gentrap all Sets the reaction as Disabling the interfac...

Page 313: ...pecified actions will be cleared on all ports Command Type Switch command Command Mode Read Write Examples This example shows how to clear all link flap violation actions on all ports port string Optional Specifies the port s on which to clear the link flap action For a detailed description of possible port string values refer to Section 4 1 1 disableInterface gensyslogentry gentrap all Clears the...

Page 314: ...ription Command Defaults None Command Type Switch command Command Mode Read Write Examples This example shows how to set the link flap threshold on port fe 1 4 to 5 port string Specifies the port s on which to set the link flap action trigger count For a detailed description of possible port string values refer to Section 4 1 1 threshold_value Specifies the number of link down transitions necessar...

Page 315: ...string downtime_value Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Examples This example shows how to set the link flap downtime on port fe 1 4 to 5000 seconds port string Specifies the port s on which to set the link flap downtime For a detailed description of possible port string values refer to Section 4 1 1 downtime_value Specifies a downtime in ...

Page 316: ...t string Syntax Description Command Defaults If port string is not specified all ports disabled by a link flap violation will be made operational Command Type Switch command Command Mode Read Write Examples This example shows how to make disabled port fe 1 4 operational port string Specifies the port s to make operational For a detailed description of possible port string values refer to Section 4...

Page 317: ...gs and or statistics will be cleared on all ports Command Type Switch command Command Mode Read Write Examples This example shows how to clear all link flap options on port fe 1 4 all stats Clears all options and statistics or clears only statistics parameter Clears link flap parameters threshold interval downtime all Clears link flap threshold interval downtime or all parameters port string Optio...

Page 318: ... received broadcast frames that the specified port will be allowed to switch out to other ports Broadcast suppression protects against broadcast storms leaving more bandwidth available for critical data Commands The commands used to review and configure port broadcast suppression are listed below and described in the associated section as shown show port broadcast Section 4 3 9 1 set port broadcas...

Page 319: ...n port group 2 Table 4 7 provides an explanation of the command output port string Optional Displays broadcast status for specific port s For a detailed description of possible port string values refer to Section 4 1 1 Matrix rw show port broadcast fe 2 2 Port Total BC Threshold Peak Rate Peak Rate Time Packets pkts s pkts s ddd hh mm ss fe 2 2 165 148810 8 000 05 57 37 Table 4 7 show port broadca...

Page 320: ...guration Guide Peak Rate pkts s Peak rate of broadcast transmission received on this port in packets per second Peak Rate Time ddd hh mm ss Time in day hours minutes and seconds the peak rate was reached on this port Table 4 7 show port broadcast Output Details Continued Output What It Displays ...

Page 321: ...mand Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to set broadcast suppression to 800 packets per second on Fast Ethernet ports 1 through 5 in port group 1 port string Specifies the port s for which to set broadcast suppression For a detailed description of possible port string values refer to Section 4 1 1 threshold val Sets the packets per seco...

Page 322: ...ified both threshold and peak settings will be cleared Command Type Switch command Command Mode Read Write Example This example shows how to clear all broadcast suppression settings on Fast Ethernet ports 1 through 5 in port group 1 port string Specifies the port s on which broadcast settings will be cleared For a detailed description of possible port string values refer to Section 4 1 1 threshold...

Page 323: ...upported Mirrors The following types of ports can participate in mirroring on the Matrix Series device Physical ports including front panel and FTM 1 ports Virtual ports including Link Aggregation Group LAG and host ports For details on configuring ports for link aggregation refer to Section 4 5 VLAN ports For details on configuring 802 1Q VLANs refer to Chapter 7 IDS Intrusion Detection System po...

Page 324: ... also be used for IP traffic Port failure or link recovery in a LAG will cause an automatic re distribution of the DIP SIP conversations 4 4 3 Active Destination Port Configurations The Matrix NSA device supports 64 mirroring destination ports Each Matrix DFE Platinum Series device supports 16 mirroring destination ports These ports can be a mixed variety of port VLAN and IDS combinations Any or a...

Page 325: ...t Mirroring Purpose To review and configure port mirroring on the device Commands The commands used to review and configure port mirroring are listed below and described in the associated section as shown show port mirroring Section 4 4 4 1 set port mirroring Section 4 4 4 2 clear port mirroring Section 4 4 4 3 ...

Page 326: ...ts show port mirroring Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Only Example This example shows how to display port mirroring information In this case fe 1 4 is configured as a source port and fe 1 11 is a target but mirroring is not currently enabled between the ports Matrix rw show port mirroring Port Mirroring Source Port fe 1 4 Target Port fe ...

Page 327: ...able Enables or disables the mirroring of IGMP multicast frames source Specifies the source port designation This is the port on which the traffic will be monitored For a description of port types that can participate in mirroring refer to Section 4 4 1 For a detailed description of possible port string values refer to Section 4 1 1 destination Specifies the target port designation This is the por...

Page 328: ...4 92 Matrix NSA Series Configuration Guide Example This example shows how to enable port mirroring of transmitted and received frames with fe 1 4 as the source port and fe 1 11 as the target port Matrix rw set port mirroring enable fe 1 4 fe 1 11 both ...

Page 329: ...Type Switch command Command Mode Read Write Example This example shows how to clear port mirroring between source port fe 1 4 and target port fe 1 11 igmp mcast Clears IGMP multicast mirroring source Specifies the source port of the mirroring configuration to be cleared For a detailed description of possible port string values refer to Section 4 1 1 destination Specifies the target port of the mir...

Page 330: ...server or to a router 4 5 1 LACP Operation For each aggregatable port in the device LACP Maintains configuration information reflecting the inherent properties of the individual links as well as those established by management to control aggregation Exchanges configuration information with other devices to allocate the link to a Link Aggregation Group LAG Attaches the port to the aggregator used b...

Page 331: ...apabilities associated with each port and with each aggregator as understood by a given device A means of identifying a LAG and its associated aggregator 4 5 2 LACP Terminology Table 4 8 defines key terminology used in LACP configuration Table 4 8 LACP Terms and Definitions Term Definition Aggregator Virtual port that controls link aggregation for underlying physical ports Each Matrix Series modul...

Page 332: ...s allow only underlying ports with keys matching theirs to join their LAG Actor and Partner An actor is the local device sending LACPDUs Its protocol partner is the device on the other end of the link aggregation Each maintains current status of the other via LACPDUs containing information about their ports LACP status and operational state Admin Key Value assigned to aggregator ports and physical...

Page 333: ...re simply no available aggregators or if none of the aggregators have a matching admin key and system priority 802 1x authentication is enabled and ports that would otherwise aggregate are not 802 1X authorized The LACP implementation on the Matrix Series device will allow into a LAG The device with the lowest LAG ID determines which underlying physical ports are allowed into a LAG based on the po...

Page 334: ...ociated section as shown show lacp Section 4 5 4 1 set lacp Section 4 5 4 2 clear lacp state Section 4 5 4 3 set lacp asyspri Section 4 5 4 4 set lacp aadminkey Section 4 5 4 5 clear lacp Section 4 5 4 6 set lacp static Section 4 5 4 7 clear lacp static Section 4 5 4 8 show lacp singleportlag Section 4 5 4 9 set singleportlag Section 4 5 4 10 clear singleportlag Section 4 5 4 11 show port lacp Sec...

Page 335: ...Configuring LACP Configuring Link Aggregation Matrix NSA Series Configuration Guide 4 99 clear lacp outportAlgorithm Section 4 5 4 20 ...

Page 336: ...string Syntax Description Command Defaults If state is not specified aggregator information will be displayed for specified ports If port string is not specified link aggregation information for all ports will be displayed Command Type Switch command Command Mode Read Only Example This example shows how to display information for aggregator port 48 Table 4 9 provides an explanation of the command ...

Page 337: ...tor Local device participating in LACP negotiation Partner Remote device participating in LACP negotiation System Identifier MAC addresses for actor and partner System Priority System priority value which determines aggregation precedence Only one LACP system priority can be set on a Matrix Series device using either the set lacp asyspri command Section 4 5 4 4 or the set port lacp command Section...

Page 338: ...sable or enable the Link Aggregation Control Protocol LACP on the device LACP is enabled by default set lacp disable enable Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to disable LACP disable enable Disables or enables LACP Matrix rw set lacp disable ...

Page 339: ...03 4 5 4 3 clear lacp state Use this command to reset LACP to the default state of enabled clear lacp state Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to reset LACP to enabled Matrix rw clear lacp state ...

Page 340: ...ed to use the aggregator set lacp asyspri value Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to set the LACP system priority to 1000 NOTE Only one LACP system priority can be set on a Matrix Series device using either this command or the set port lacp command Section 4 5 4 13 asyspri Sets the system priority to be used ...

Page 341: ... ports with oper keys matching those of their aggregators will be allowed to aggregate set lacp aadminkey port string value Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to set the LACP admin key to 2000 for LAG port 48 port string Specifies the LAG port s on which to assign an admin key value Specifies an admin key valu...

Page 342: ...admin key settings clear lacp asyspri aadminkey port string Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to clear the actor admin key for LAG port 48 asyspri Clears system priority aadminkey port string Clears admin keys for one or more ports Matrix rw clear lacp aadminkey lag 0 48 ...

Page 343: ...cussed in Section 4 5 3 apply to statically created LAGs Static LAG configuration should be performed by personnel who are knowledgeable about Link Aggregation Misconfiguration can result in LAGs not being formed or in ports attaching to the wrong LAG port affecting proper network operation lagportstring Specifies the LAG aggregator port to which new ports will be assigned key Optional Specifies t...

Page 344: ...uring LACP Configuring Link Aggregation 4 108 Matrix NSA Series Configuration Guide Example This example shows how to add port fe 1 6 to the LAG of aggregator port 48 Matrix rw set lacp static lag 0 48 fe 1 6 ...

Page 345: ...n Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to remove Fast Ethernet port 6 in port group 1 from the LAG of aggregator port 48 lagportstring Specifies the LAG aggregator port from which ports will be removed port string Specifies the port s to remove from the LAG For a detailed description of possible port string values refer to Section...

Page 346: ...is command to display the status of the single port LAG function show lacp singleportlag Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Only Example This example shows how to display the status of the single port LAG function Matrix rw show lacp singleportlag Single Port LAGs enabled ...

Page 347: ...enabled this maintains LAGs when only one port is receiving protocol transmissions from a partner set lacp singleportlag enable disable Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to enable single port LAGs enable disable Enables or disables the formation of single port LAGs Matrix rw set lacp singleportlag enable ...

Page 348: ... command to reset the single port LAG function back to the default state of disabled clear lacp singleportlag Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to reset the single port LAG function back to disabled Matrix rw clear lacp singleportlag ...

Page 349: ...unters sort port lag Syntax Description Command Defaults None Command Type Switch command Command Mode Read Only port port string Displays LACP information for specific port s For a detailed description of possible port string values refer to Section 4 1 1 status detail summary Displays LACP status in detailed or summary information counters Displays LACP counter information sort port lag Optional...

Page 350: ... none PartnerAdminState DCSGlp AttachedAggID none PartnerOperState DC Glp MuxState Detached PartnerAdminSystemID 00 00 00 00 00 00 DebugRxState port Disabled PartnerOperSystemID 00 00 00 00 00 00 NOTES State definitions such as ActorAdminState and Partner AdminState are indicated with letter abbreviations If the show port lacp command displays one or more of the following letters it means the stat...

Page 351: ... 12 counters Port Instance fe 1 12 LACPDUsRx 0 MarkerPDUsRX 0 LACPDUsTx 0 MarkerPDUsTx 0 IllegalRx 0 MarkerResponsePDUsRx 0 UnknownRx 0 MarkerResponsePDUsTx 0 ActorSyncTransitionCount 0 PartnerSyncTransitionCount 0 ActorChangeCount 1 PartnerChangeCount 0 ActorChurnCount 0 PartnerChurnCount 0 ActorChurnState ChurnMonitor PartnerChurnState ChurnMonitor MuxState detached MuxReason BEGIN TRUE ...

Page 352: ...y set actor values Corresponding commands and parameters beginning with a p such as padminkey set corresponding partner values Actor refers to the local device participating in LACP negotiation while partner refers to its remote device partner at the other end of the negotiation Actors and partners maintain current status of the other via LACPDUs containing information about their ports LACP statu...

Page 353: ...y 1 sec vs 30 sec default lacpagg Aggregation on this port lacpsync Transition to synchronization state lacpcollect Transition to collection state lacpdist Transition to distribution state lacpdef Transition to defaulted state lacpexpire Transition to expired state padminsyspri padminsyspri Sets a default value to use as the port s partner priority Valid values are 0 65535 with lower values given ...

Page 354: ...and Type Switch command Command Mode Read Write Example This example shows how to set the actor admin key to 3555 for port ge 3 16 padminstate lacpactive lacptimeout lacpagg lacpsync lacpcollect lacpdist lacpdef lacpexpire Sets a port s partner LACP administrative state See aadminstate for valid options enable Optional Enables LACPDU processing on this port disable Optional Disables LACPDU process...

Page 355: ...ings will be cleared For a detailed description of possible port string values refer to Section 4 1 1 aadminkey Clears a port s actor admin key aportpri Clears a port s actor port priority asyspri Clears the port s actor system priority aadminstate lacpactive lacptimeout lacpagg lacpsync lacpcollect lacpdist lacpdef lacpexpire all Clears a port s specific actor admin state or all actor admin state...

Page 356: ... command Command Mode Read Write Example This example shows how to clear all link aggregation parameters for port ge 3 16 padminstate lacpactive lacptimeout lacpagg lacpsync lacpcollect lacpdist lacpdef lacpexpire all Clears the port s specific partner admin state or all partner admin state s Matrix rw clear port lacp port ge 3 16 ...

Page 357: ...eration Use this command to display the LACP flow regeneration state show lacp flowRegeneration Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Only Example This example shows how to display the current LACP flow regeneration state Matrix rw show lacp flowRegeneration disable ...

Page 358: ...e existing flows to take advantage of ports added to the LAG When flow regeneration is disabled and a new port joins a LAG LACP will only distribute new flows over the increased number of ports in the LAG and will leave existing flows intact set lacp flowRegeneration enable disable Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example sho...

Page 359: ...ation Use this command to reset LACP flow regeneration to its default state disabled clear lacp flowRegeneration Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to reset LACP flow regeneration to disabled Matrix rw clear lacp flowRegeneration ...

Page 360: ...Algorithm Use this command to display the current LACP outport algorithm show lacp outportAlgorithm Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Only Example This example shows how to display the current LACP outport algorithm Matrix rw show lacp outportAlgorithm dip sip ...

Page 361: ...scription Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to set the LACP outport algorithm to DA SA dip sip Specifies that destination and source IP addresses will determine the LACP outport da sa Specifies that destination and source MAC addresses will determine the LACP outport round robin Specifies that the round robin algorithm will det...

Page 362: ...gorithm Use this command to reset LACP to DIP SIP its default outport algorithm clear lacp outportAlgorithm Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to reset the LACP outport algorithm to DIP SIP Matrix rw clear lacp outportAlgorithm ...

Page 363: ... of functionality Version 2 SNMPv2c The second release of SNMP described in RFC 1907 has additions and enhancements to data types counter size and protocol operations Version 3 SNMPv3 This is the most recent version of SNMP and includes significant enhancements to administration and security SNMPv3 is fully described in RFC 2571 RFC 2572 RFC 2573 RFC 2574 and RFC 2575 5 1 1 SNMPv1 and SNMPv2c The ...

Page 364: ...ent accepts outgoing PDUs from the dispatcher and prepares them for transmission by wrapping them in a message header and returning them to the dispatcher The message processing subsystem also accepts incoming messages from the dispatcher processes each message header and returns the enclosed PDU to the dispatcher Security subsystem This component authenticates and encrypts messages Access control...

Page 365: ...ld either Permit or restrict the group s switch management access to the MIB s specified by the context MIB object ID value or Allow the group to have SNMP management access to one or more router modules when operating in router mode Table 5 1 SNMP Security Levels Model Security Level Authentication Encryption How It Works v1 NoAuthNoPriv Community string None Uses a community string match for aut...

Page 366: ...his example grants the powergroup SNMPv3 management access from all router modules when operating in router mode This example grants the powergroup SNMPv3 management access from the router running on module 1 when operating in router mode For information on preparing the device for router mode refer back to Section 2 3 Matrix rw set snmp access powergroup security model usm Matrix rw set snmp acce...

Page 367: ...5 3 7 8 Creating a basic SNMP trap notification Section 5 3 8 5 3 SNMP CONFIGURATION COMMAND SET 5 3 1 Reviewing SNMP Statistics Purpose To review SNMP statistics Commands The commands used to review SNMP statistics are listed below and described in the associated section as shown show snmp engineid Section 5 3 1 1 show snmp counters Section 5 3 1 2 NOTE Commands for configuring SNMP on the Matrix...

Page 368: ... Example This example shows how to display SNMP engine properties Table 5 2 shows a detailed explanation of the command output Matrix rw show snmp engineid EngineId 80 00 15 f8 03 00 e0 63 9d b5 87 Engine Boots 12 Engine Time 162181 Max Msg Size 2048 Table 5 2 show snmp engineid Output Details Output What It Displays EngineId String identifying the SNMP agent on the device Engine Boots Number of t...

Page 369: ...is example shows how to display SNMP counter values Matrix rw show snmp counters mib2 SNMP group counters snmpInPkts 396601 snmpOutPkts 396601 snmpInBadVersions 0 snmpInBadCommunityNames 0 snmpInBadCommunityUses 0 snmpInASNParseErrs 0 snmpInTooBigs 0 snmpInNoSuchNames 0 snmpInBadValues 0 snmpInReadOnlys 0 snmpInGenErrs 0 snmpInTotalReqVars 403661 snmpInTotalSetVars 534 snmpInGetRequests 290 snmpIn...

Page 370: ...s 0 usmStatsDecryptionErrors 0 Table 5 3 show snmp counters Output Details Output What It Displays snmpInPkts Number of messages delivered to the SNMP entity from the transport service snmpOutPkts Number of SNMP messages passed from the SNMP protocol entity to the transport service snmpInBadVersions Number of SNMP messages delivered to the SNMP entity for an unsupported SNMP version snmpInBadCommu...

Page 371: ...ivered to the SNMP protocol entity with the value of the error status field as readOnly snmpInGenErrs Number of SNMP PDUs delivered to the SNMP protocol entity with the value of the error status field as genErr snmpInTotalReqVars Number of MIB objects retrieved successfully by the SNMP protocol entity as the result of receiving valid SNMP Get Request and Get Next PDUs snmpInTotalSetVars Number of ...

Page 372: ...e of the error status field as badValue snmpOutGenErrs Number of SNMP PDUs generated by the SNMP protocol entity with the value of the error status field as genErr snmpOutGetRequests Number of SNMP Get Request PDUs generated by the SNMP protocol entity snmpOutGetNexts Number of SNMP Get Next PDUs generated by the SNMP protocol entity snmpOutSetRequests Number of SNMP Set Request PDUs generated by ...

Page 373: ...pped because they appeared outside of the authoritative SNMP engine s window usmStatsUnknownUserNames Number of packets received by the SNMP engine that were dropped because they referenced a user that was not known to the SNMP engine usmStatsUnknownEngineIDs Number of packets received by the SNMP engine that were dropped because they referenced an snmpEngineID that was not known to the SNMP engin...

Page 374: ... of users who share the same SNMP access privileges Community A name used to authenticate SNMPv1 and v2 users Commands The commands used to review and configure SNMP users groups and communities are listed below and described in the associated section as shown show snmp user Section 5 3 2 1 set snmp user Section 5 3 2 2 clear snmp user Section 5 3 2 3 show snmp group Section 5 3 2 4 set snmp group...

Page 375: ...n will be displayed If user is not specified information about all SNMP users will be displayed If remote is not specified user information about the local SNMP engine will be displayed If not specified user information for all storage types will be displayed Command Type Switch command Command Mode Read Only list Optional Displays a list of registered SNMP user names user Optional Displays inform...

Page 376: ... user information EngineId 00 00 00 63 00 00 00 a1 00 00 00 00 Username Guest Auth protocol usmNoAuthProtocol Privacy protocol usmNoPrivProtocol Storage type nonVolatile Row status active Table 5 4 show snmp user Output Details Output What It Displays EngineId SNMP local engine identifier Username SNMPv1 or v2 community name or SNMPv3 user name Auth protocol Type of authentication protocol applied...

Page 377: ...f privacy is not specified no encryption will be applied If storage type is not specified nonvolatile will be applied Command Type Switch command Command Mode Read Write user Specifies a name for the SNMPv3 user remote remoteid Optional Registers the user on a specific remote SNMP engine authenticationmd5 sha Optional Specifies the authentication type required for this user as MD5 or SHA authpassw...

Page 378: ... Configuration Guide Example This example shows how to create a new SNMP user named netops By default this user will be registered on the local SNMP engine without authentication and encryption Entries related to this user will be stored in permanent nonvolatile memory Matrix rw set snmp user netops ...

Page 379: ... clear snmp user user remote remote Syntax Description Command Defaults If remote is not specified the user will be removed from the local SNMP engine Command Type Switch command Command Mode Read Write Example This example shows how to remove the SNMP user named bill user Specifies an SNMPv3 user to remove remote remote Optional Removes the user from a specific remote SNMP engine Matrix rw clear ...

Page 380: ...roups will be displayed If user is not specified information about all SNMP users will be displayed If security model is not specified user information about all SNMP versions will be displayed If not specified information for all storage types will be displayed Command Type Switch command Command Mode Read Only groupname groupname Optional Displays information for a specific SNMP group user user ...

Page 381: ...me public Group name Anyone Storage type nonVolatile Row status active Security model SNMPv1 Security user name public router1 Group name Anyone Storage type nonVolatile Row status active Table 5 5 show snmp group Output Details Output What It Displays Security model SNMP version associated with this group Security user name User belonging to the SNMP group Group name Name of SNMP group Storage ty...

Page 382: ... is not specified nonvolatile storage will be applied Command Type Switch command Command Mode Read Write Example This example shows how to create an SNMP group called anyone assign a user named public and assign SNMPv3 security to the group groupname Specifies an SNMP group name to create user user Specifies an SNMPv3 user name to assign to the group security model v1 v2c usm Specifies an SNMP se...

Page 383: ...yntax Description Command Defaults If not specified settings related to all security models will be cleared Command Type Switch command Command Mode Read Write Example This example shows how to clear all settings assigned to the public user within the SNMP group anyone groupname Specifies the SNMP group to be cleared user Specifies the SNMP user to be cleared security model v1 v2c usm Optional Cle...

Page 384: ...faults If name is not specified information will be displayed for all SNMP communities Command Type Switch command Command Mode Read Only Example This example shows how to display information about the SNMP public community name For a description of this output refer to set snmp community Section 5 3 2 8 name Optional Displays SNMP information for a specific community name Matrix rw show snmp comm...

Page 385: ...ed Command Type Switch command community Specifies a community group name securityname securityname Optional Specifies an SNMP security name to associate with this community context context Optional Specifies a subset of management information this community will be allowed to access Valid values are full or partial context names To review all contexts configured for the device use the show snmp c...

Page 386: ...n Guide Command Mode Read Write Examples This example shows how to set an SNMP community name called vip This example shows how to grant SNMP management privileges to vip community from routing module 1 when operating in router mode Matrix rw set snmp community vip Matrix rw set snmp community vip context module1 ...

Page 387: ...ar snmp community Use this command to delete an SNMP community name clear snmp community name Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to delete the community name vip name Specifies the SNMP community name to clear Matrix rw clear snmp community vip ...

Page 388: ...rpose To review and configure SNMP access rights assigning viewing privileges and security levels to SNMP user groups Commands The commands used to review and configure SNMP access are listed below and described in the associated section as shown show snmp access Section 5 3 3 1 set snmp access Section 5 3 3 2 clear snmp access Section 5 3 3 3 ...

Page 389: ...tion or privacy are not specified access information for all security levels will be displayed If context is not specified all contexts will be displayed If volatile nonvolatile or read only are not specified all entries of all storage types will be displayed Command Type Switch command groupname Optional Displays access information for a specific SNMPv3 group security model v1 v2c usm Optional Di...

Page 390: ... USM Security level noAuthNoPriv Read View All Write View Notify View All Context match exact match Storage type nonVolatile Row status active Group NightOperator Security model USM Security level noAuthNoPriv Read View All Write View Notify View All Context match exact match Storage type nonVolatile Row status active Table 5 6 show snmp access Output Details Output What It Displays Group SNMP gro...

Page 391: ...B objects Write View Name of the view that allows this group to configure the contents of the SNMP agent Notify View Name of the view that allows this group to send an SNMP trap message Context match Whether or not SNMP context match must be exact full context name match or a partial match with a given prefix Storage type Whether access entries for this group are stored in volatile nonvolatile or ...

Page 392: ...nt on behalf of the user are protected from disclosure context context exact prefix Optional Sets the context for this access configuration and specifies that the match must be exact matching the whole context string or a prefix match only Context is a subset of management information this SNMP group will be allowed to access Valid values are full or partial context names To review all contexts co...

Page 393: ...ied If write view is not specified none will be applied If notify view is not specified none will be applied If storage type is not specified entries will be stored as permanent and will be held through device reboot Command Type Switch command Command Mode Read Write Examples This example permits the powergroup to manage all MIBs via SNMPv3 This example grants the powergroup SNMPv3 management acc...

Page 394: ... context is not specified none will be applied Command Type Switch command Command Mode Read Write Example This example shows how to clear SNMP version 3 access for the mis group via the authentication protocol groupname Specifies the name of the SNMP group for which to clear access security model v1 v2c usm Specifies the security model to be cleared for the SNMP access group noauthentication auth...

Page 395: ... To review and configure SNMP MIB views SNMP views map SNMP objects to access rights Commands The commands used to review and configure SNMP MIB views are listed below and described in the associated section as shown show snmp view Section 5 3 4 1 show snmp context Section 5 3 4 2 set snmp view Section 5 3 4 3 clear snmp view Section 5 3 4 4 ...

Page 396: ...tile nonvolatile read only Syntax Description Command Defaults If no parameters are specified all SNMP MIB view configuration information will be displayed Command Type Switch command Command Mode Read Only viewname Optional Displays information for a specific MIB view subtree oid or mibobject Optional Displays information for a specific MIB subtree when viewname is specified volatile nonvolatile ...

Page 397: ...e nonVolatile Row status active View Name All Subtree OID 0 0 Subtree mask View Type included Storage type nonVolatile Row status active View Name Network Subtree OID 1 3 6 1 2 1 Subtree mask View Type included Storage type nonVolatile Row status active Table 5 7 show snmp view Output Details Output What It Displays View Name Name assigned to a MIB view Subtree OID Name identifying a MIB subtree S...

Page 398: ...all SNMP agents to access all management information MIBs When created using the set snmp access command Section 5 3 3 2 other contexts can be applied to limit access to a subset of management information and to permit SNMP access from one or more routing modules show snmp context Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Only Example This example ...

Page 399: ...ll be included If storage type is not specified nonvolatile permanent will be applied Command Type Switch command Command Mode Read Write Example This example shows how to set an SNMP MIB view to public with a subtree name of 1 3 6 1 included viewname viewname Specifies a name for a MIB view subtree subtree Specifies a MIB subtree name mask mask Optional Specifies a bitmask for a subtree included ...

Page 400: ...MPv3 MIB view clear snmp view viewname subtree Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to delete SNMP MIB view public viewname Specifies the MIB view name to be deleted subtree Specifies the subtree name of the MIB view to be deleted Matrix rw clear snmp view public 1 3 6 1 ...

Page 401: ...ces SNMP notifications will be sent A target parameter entry can be bound to a target IP address allowed to receive SNMP notification messages with the set snmp targetaddr command Section 5 3 6 2 Commands The commands used to review and configure SNMP target parameters are listed below and described in the associated section as shown show snmp targetparams Section 5 3 5 1 set snmp targetparams Sec...

Page 402: ...rams volatile nonvolatile read only Syntax Description Command Defaults If targetParams is not specified entries associated with all target parameters will be displayed If not specified entries of all storage types will be displayed Command Type Switch command Command Mode Read Only targetParams Optional Displays entries for a specific target parameter volatile nonvolatile read only Optional Displ...

Page 403: ...urity Name public Message Proc Model SNMPv2c Security Level noAuthNoPriv Storage type nonVolatile Row status active Target Parameter Name v3ExampleParams Security Name CharlieDChief Message Proc Model USM Security Level authNoPriv Storage type nonVolatile Row status active Table 5 8 show snmp targetparams Output Details Output What It Displays Target Parameter Name Unique identifier for the parame...

Page 404: ... 42 Matrix NSA Series Configuration Guide Storage type Whether entry is stored in volatile nonvolatile or read only memory Row status Status of this entry active notInService or notReady Table 5 8 show snmp targetparams Output Details Continued Output What It Displays ...

Page 405: ...nd Mode Read Write paramsname Specifies a name identifying parameters used to generate SNMP messages to a particular target user user Specifies an SNMPv1 or v2 community name or an SNMPv3 user name Maximum length is 32 bytes security model v1 v2c usm Specifies the SNMP security model applied to this target parameter as version 1 2c or 3 usm message processing v1 v2c v3 Specifies the SNMP message p...

Page 406: ...ion Guide Example This example shows how to set SNMP target parameters named v1ExampleParams for a user named fred using version 3 security model and message processing and authentication Matrix rw set snmp targetparams v1ExampleParams user fred security model usm message processing v3 authentication ...

Page 407: ...arameter configuration clear snmp targetparams targetParams Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to clear SNMP target parameters named v1ExampleParams targetParams Specifies the name of the parameter in the SNMP target parameters table to be cleared Matrix rw clear snmp targetparams v1ExampleParams ...

Page 408: ...ssages An address configuration can be linked to optional SNMP transmit or target parameters such as timeout retry count and UDP port set with the set snmp targetparams command Section 5 3 5 2 Commands The commands used to review and configure SNMP target addresses are listed below and described in the associated section as shown show snmp targetaddr Section 5 3 6 1 set snmp targetaddr Section 5 3...

Page 409: ...r a target address Command Type Switch command Command Mode Read Only Example This example shows how to display SNMP target address information Table 5 9 shows a detailed explanation of the command output targetAddr Optional Displays information for a specific target address name volatile nonvolatile read only Optional When target address is specified displays target address information for a spec...

Page 410: ...tion to the target address as a place to send notifications IP Address Target IP address UDP Port Number of the UDP port of the target host to use Target Mask Target IP address mask Timeout Timeout setting for the target address Retry count Retry setting for the target address Parameters Entry in the snmpTargetParamsTable Storage type Whether entry is stored in volatile nonvolatile or read only me...

Page 411: ...paddr Specifies the IP address of the target param param Specifies an entry in the SNMP target parameters table which is used when generating a message to the target Maximum length is 32 bytes udpport udpport Optional Specifies which UDP port of the target host to use mask mask Optional Specifies the IP mask of the target timeout timeout Optional Specifies the maximum round trip time allowed to co...

Page 412: ...e set If not specified storage type will be nonvolatile Command Type Switch command Command Mode Read Write Example This example shows how to configure a trap notification called TrapSink This trap notification will be sent to the workstation 192 168 190 80 which is target address tr It will use security and authorization criteria contained in a target parameters entry called v2cExampleParams For ...

Page 413: ...se this command to delete an SNMP target address entry clear snmp targetaddr targetAddr Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to clear SNMP target address entry tr targetAddr Specifies the target address entry to delete Matrix rw clear snmp targetaddr tr ...

Page 414: ...p configuration showing how SNMP notification parameters are associated with security and authorization criteria target parameters and mapped to a management target address refer to Section 5 3 8 Commands The commands used to configure SNMP notification parameters and filters are listed below and described in the associated section as shown show snmp notify Section 5 3 7 1 set snmp notify Section ...

Page 415: ...yed If volatile nonvolatile or read only are not specified all storage type entries will be displayed Command Type Switch command Command Mode Read Only Example This example shows how to display the SNMP notify information notify Optional Displays notify entries for a specific notify name volatile nonvolatile read only Optional Displays notify entries for a specific storage type Matrix rw show snm...

Page 416: ...otify Output Details Output What It Displays Notify name A unique identifier used to index the SNMP notify table Notify Tag Name of the entry in the SNMP notify table Notify Type Type of notification SNMPv1 or v2 trap or SNMPv3 InformRequest message Storage type Whether access entry is stored in volatile nonvolatile or read only memory Row status Status of this entry active notInService or notRead...

Page 417: ... If not specified message type will be set to trap If not specified storage type will be set to nonvolatile Command Type Switch command Command Mode Read Write Example This example shows how to set an SNMP notify configuration with a notify name of hello and a notify tag of world Notifications will be sent as trap messages and storage type will automatically default to permanent notify Specifies a...

Page 418: ...tify Use this command to clear an SNMP notify configuration clear snmp notify notify Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to clear the SNMP notify configuration for hello notify Specifies an SNMP notify name to clear Matrix rw clear snmp notify hello ...

Page 419: ...is associated with any SNMP target then no filtering will take place Traps or informs notifications will be sent to all destinations in the SNMP targetAddrTable that have tags matching those found in the NotifyTable When the NotifyFilter table contains profile entries the SNMP agent will find any filter profile name that corresponds to the target parameter name contained in an outgoing notificatio...

Page 420: ...nformation will be displayed Command Type Switch command Command Mode Read Only Example This example shows how to display SNMP notify filter information In this case the notify profile pilot1 in subtree 1 3 6 will not receive SNMP notification messages profile Optional Displays a specific notify filter subtree oid or mibobject Optional Displays a notify filter within a specific subtree volatile no...

Page 421: ...cription Command Defaults If not specified mask is not set If not specified subtree will be included If storage type is not specified nonvolatile permanent will be applied Command Type Switch command Command Mode Read Write Example This example shows how to create an SNMP notify filter called pilot1 with a MIB subtree ID of 1 3 6 profile Specifies an SNMP filter notify name subtree oid or mibobjec...

Page 422: ...ar snmp notifyfilter profile subtree oid or mibobject Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to delete the SNMP notify filter pilot1 profile Specifies an SNMP filter notify name to delete subtree oid or mibobject Specifies a MIB subtree ID containing the filter to be deleted Matrix rw clear snmp notifyfilter pilot...

Page 423: ...nd Defaults If no parameters are specified all notify profile information will be displayed Command Type Switch command Command Mode Read Only Example This example shows how to display SNMP notify information for the profile named area51 profile Optional Displays a specific notify profile targetparam targetparam Optional Displays entries for a specific target parameter volatile nonvolatile read on...

Page 424: ...otifications set snmp notifyprofile profile targetparam targetparam volatile nonvolatile Syntax Description Command Defaults If storage type is not specified nonvolatile permanent will be applied Command Type Switch command Command Mode Read Write Example This example shows how to create an SNMP notify profile named area51 and associate a target parameters entry profile Specifies an SNMP filter no...

Page 425: ...snmp notifyprofile profile targetparam targetparam Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to delete SNMP notify profile area51 profile Specifies an SNMP filter notify name to delete targetparam targetparam Specifies an associated entry in the snmpTargetParamsTable Matrix rw clear snmp notifyprofile area51 targetpa...

Page 426: ... 3 Verify if any applicable SNMP notification entries exist or create a new one You will use this entry to send SNMP notification messages to the appropriate management targets created in Step 2 4 Create a target address entry to bind a management IP address to The notification entry and tag name created in Step 3 The target parameters entry created in Step 2 Table 5 11 shows the commands used to ...

Page 427: ... that SNMP is looking for is the notification entry created with the set snmp notify command which in this case is a key labeled entry1 2 Searches for the doors matching such a key For example the parameters set for the entry1 key shows that it opens only the door TrapSink 3 Verifies that the specified door TrapSink is in fact available In this case it was built using the set snmp targetaddr comma...

Page 428: ...here The agent checks targetparams entries and determines this description was made with the set snmp targetparams command which tells exactly which SNMP protocol to use and what community name to provide In this case the community name is mgmt 5 Verifies that the mgmt community name is available In this case it has been configured using the set snmp community command 6 Sends the trap notification...

Page 429: ...econfigure the network s active topology when physical topology or configuration parameter changes occur It selects one switch as the root of a Spanning Tree connected active topology and assigns port roles to individual ports on the switch depending on whether that port is part of the active topology RSTP provides rapid connectivity following the failure of a switch switch port or a LAN A new roo...

Page 430: ...wing functions Creating a single Spanning Tree from any arrangement of switching or bridging elements Compensating automatically for the failure removal or addition of any device in an active data path Achieving port changes in short time intervals which establishes a stable active topology quickly with minimal network disturbance Using a minimum amount of communications bandwidth to accomplish th...

Page 431: ...tion of agreement BPDUs Control of port forwarding state based on reception of disputed BPDUs Communicating port non forwarding status through traps and syslog messages Disabling a port based on frequency of failure events Port forwarding state in the designated port is gated by a timer that is set upon BPDU reception It is analogous to the rcvdInfoWhile timer the port uses when receiving root inf...

Page 432: ...e the port is forced into blocking and held there until it is manually unlocked via management 6 1 4 Process Overview Spanning Tree Configuration Use the following steps as a guide in the Spanning Tree configuration process 1 Reviewing and setting Spanning Tree bridge device parameters Section 6 2 1 2 Reviewing and setting Spanning Tree port parameters Section 6 2 2 3 Reviewing and setting Spannin...

Page 433: ...n as shown show spantree stats Section 6 2 1 1 show spantree version Section 6 2 1 2 set spantree version Section 6 2 1 3 clear spantree version Section 6 2 1 4 show spantree stpmode Section 6 2 1 6 set spantree stpmode Section 6 2 1 6 clear spantree stpmode Section 6 2 1 7 show spantree maxconfigurablestps Section 6 2 1 8 set spantree maxconfigurablestps Section 6 2 1 9 clear spantree maxconfigur...

Page 434: ...ree bridgehellomode Section 6 2 1 28 clear spantree bridgehellomode Section 6 2 1 29 show spantree hello Section 6 2 1 31 set spantree hello Section 6 2 1 31 clear spantree hello Section 6 2 1 32 show spantree maxage Section 6 2 1 33 set spantree maxage Section 6 2 1 34 clear spantree maxage Section 6 2 1 35 show spantree fwddelay Section 6 2 1 36 set spantree fwddelay Section 6 2 1 37 clear spant...

Page 435: ... 2 1 56 show spantree spanguardtimeout Section 6 2 1 57 set spantree spanguardtimeout Section 6 2 1 58 clear spantree spanguardtimeout Section 6 2 1 59 show spantree spanguardlock Section 6 2 1 60 clear set spantree spanguardlock Section 6 2 1 61 show spantree spanguardtrapenable Section 6 2 1 62 set spantree spanguardtrapenable Section 6 2 1 63 clear spantree spanguardtrapenable Section 6 2 1 64 ...

Page 436: ...iguring Spanning Tree Bridge Parameters 6 8 Matrix NSA Series Configuration Guide clear spantree newroottrapenable Section 6 2 1 73 clear spantree default Section 6 2 1 74 show spantree debug Section 6 2 1 75 clear spantree debug Section 6 2 1 76 ...

Page 437: ...yed If sid is not specified information for Spanning Tree 0 will be displayed If active is not specified information for all ports will be displayed regardless of whether or not they have received BPDUs Command Type Switch command Command Mode Read Only port port string Optional Displays information for the specified port s For a detailed description of possible port string values refer to Section...

Page 438: ... ID Priority 32768 Bridge Max Age 20 sec Bridge Hello Time 2 sec Bridge Forward Delay 15 sec Topology Change Count 7 Time Since Top Change 00 days 03 19 15 Max Hops 20 Table 6 1 show spantree Output Details Output What It Displays Spanning tree instance Spanning Tree ID Spanning tree status Whether Spanning Tree is enabled or disabled Designated Root MacAddr MAC address of the designated Spanning ...

Page 439: ... Bridge Hello Time Amount of time in seconds the bridge sends BPDUs This is a default value or is assigned using the set spantree hello command For details refer to Section 6 2 1 31 Bridge Forward Delay Amount of time in seconds the bridge spends in listening or learning mode This is a default value or is assigned using the set spantree fwddelay command For details refer to Section 6 2 1 37 Topolo...

Page 440: ...e0 63 93 79 0f Bridge ID Priority 0 Bridge Max Age 20 sec Bridge Hello Time 2 sec Bridge Forward Delay 15 sec Topology Change Count 5 Time Since Top Change 00 days 03 16 54 Max Hops 20 SID Port State Role Cost Priority 0 ge 1 1 Blocking Disabled 20000 128 Table 6 2 Port Specific show spantree stats Output Details Output Field What it Displays SID The Spanning Tree instance Port The port name State...

Page 441: ...ed by the Spanning Tree protocol and determines the behavior of the port either sending or receiving BPDUs and forwarding or blocking data traffic Cost The port cost Priority The priority of the link in a Spanning Tree bridge This value can be set with the set spantree portpri command Section 6 2 2 11 Table 6 2 Port Specific show spantree stats Output Details Output Field What it Displays ...

Page 442: ...e this command to display the current version of the Spanning Tree protocol running on the device show spantree version Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Only Example This example shows how to display Spanning Tree version information for the device Matrix rw show spantree version Force Version is mstp ...

Page 443: ...hows how to globally change the Spanning Tree version from the default of MSTP to RSTP NOTE In most networks Spanning Tree version should not be changed from its default setting of mstp Multiple Spanning Tree Protocol mode MSTP mode is fully compatible and interoperable with legacy STP 802 1D and Rapid Spanning Tree RSTP bridges Setting the version to stpcompatible mode will cause the bridge to tr...

Page 444: ... Guide 6 2 1 4 clear spantree version Use this command to reset the Spanning Tree version to MSTP mode clear spantree version Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to reset the Spanning Tree version Matrix rw clear spantree version ...

Page 445: ... show spantree stpmode Use this command to display the Spanning Tree Protocol STP mode setting show spantree stpmode Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Only Example This example shows how to display the STP mode Matrix rw show spantree stpmode Bridge Stp Mode is set to ieee8021 ...

Page 446: ...s command to globally enable or disable the Spanning Tree Protocol STP mode set spantree stpmode none ieee8021 Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to disable Spanning Tree none Disables Spanning Tree ieee8021 Enables 802 1 Spanning Tree mode Matrix rw set spantree stpmode none ...

Page 447: ...stpmode Use this command to reset the Spanning Tree protocol mode to the default setting of IEEE802 1 This re enables Spanning Tree clear spantree stpmode Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to reset the STP mode to IEEE 802 1 Matrix rw clear spantree stpmode ...

Page 448: ...and to display the setting for the maximum number of user configurable Spanning Tree instances show spantree maxconfigurablestps Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Only Example This example shows how to display the STP maximum configs setting Matrix rw show spantree maxconfigurablestps Max user configurable stps is set to 33 ...

Page 449: ...maxconfigurablestps Use this command to set the maximum number of user configurable Spanning Tree instances set spantree maxconfigurablestps numstps Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to set the STP max configs to 8 Matrix rw set spantree maxconfigurablestps 8 ...

Page 450: ...urablestps Use this command to clear the setting for the maximum number of user configurable Spanning Tree instances clear spantree maxconfigurablestps Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to clear the STP max configs setting Matrix rw clearspantree maxconfigurablestps ...

Page 451: ...isplay a list of Multiple Spanning Tree MST instances configured on the device show spantree mstilist Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Only Example This example shows how to display a list of MST instances In this case SID 2 has been configured Matrix rw show spantree mstilist Configured Multiple Spanning Tree instances 2 ...

Page 452: ...e instance set spantree msti sid sid create delete Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to create MST instance 2 sid sid Sets the Multiple Spanning Tree ID Valid values are 1 4094 NOTE Matrix Series devices will support up to MST instances create delete Creates or deletes an MST instance Matrix rw set spantree m...

Page 453: ...pantree msti Use this command to delete one or more Multiple Spanning Tree instances clear spantree msti sid Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to delete MST instance 1 sid Specifies a multiple Spanning Tree ID to be deleted Matrix rw clear spantree msti 1 ...

Page 454: ...FIDs this shows to which SID a VLAN is mapped show spantree mstmap fid fid Syntax Description Command Defaults If fid is not specified information for all assigned FIDs will be displayed Command Type Switch command Command Mode Read Only Example This example shows how to display SID to FID mapping information for FID 1 In this case no new mappings have been configured fid fid Optional Displays inf...

Page 455: ...n Command Defaults If sid is not specified FID s will be mapped to Spanning Tree 0 Command Type Switch command Command Mode Read Write Example This example shows how to map FID 3 to SID 2 fid Specifies one or more FIDs to assign to the MST Valid values are 1 4093 and must correspond to a VLAN ID created using the set vlan command as described in Section 7 3 2 1 sid sid Optional Specifies a Multipl...

Page 456: ... 2 1 16 clear spantree mstmap Use this command to map a FID back to SID 0 clear spantree mstmap fid Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to map FID 2 back to SID 0 fid Specifies one or more FIDs to reset to 0 Matrix rw clear spantree mstmap 2 ...

Page 457: ...on Command Defaults If not specified SID assignment will be displayed only for VLANs assigned to any SID other than SID 0 Command Type Switch command Command Mode Read Only Example This example shows how to display assignments for all VLANs assigned to any SID other than SID 0 vlan list Optional Displays information for specific VLAN s Matrix rw show spantree vlanlist Vlan 104 is mapped to Sid 104...

Page 458: ...nd Type Switch command Command Mode Read Only Example This example shows how to display the MST configuration identifier elements In this case the default revision level of 0 and the default configuration name a string representing the bridge MAC address have not been changed For information on using the set spantree mstcfgid command to change these settings refer to Section 6 2 1 19 Matrix rw sho...

Page 459: ...e and or revision level set spantree mstcfgid cfgname name rev level Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to set the MST configuration name to mstconfig cfgname name Specifies an MST configuration name rev level Specifies an MST revision level Valid values are 0 65535 Matrix rw set spantree mstconfigid cfgname m...

Page 460: ... the MST revision level to a default value of 0 and the configuration name to a default string representing the bridge MAC address clear spantree mstcfgid Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to reset the MST configuration identifier elements to default values Matrix rw clear spantree mstcfgid ...

Page 461: ...is command to display the Spanning Tree bridge priority mode setting show spantree bridgeprioritymode Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Only Example This example shows how to display the Spanning Tree bridge priority mode setting Matrix rw show spantree bridgeprioritymode Bridge Priority Mode is set to IEEE802 1t mode ...

Page 462: ...n set spantree priority Section 6 2 1 25 set spantree bridgeprioritymode 8021d 8021t Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to set the bridge priority mode to 802 1D 8021d Sets the bridge priority mode to use 802 1D legacy values of values which are 0 65535 8021t Sets the bridge priority mode to use 802 1t values ...

Page 463: ...rioritymode Use this command to reset the Spanning Tree bridge priority mode to the default setting of 802 1t clear spantree bridgeprioritymode Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to reset the bridge priority mode to 802 1t Matrix rw clear spantree bridgeprioritymode ...

Page 464: ...iority sid Syntax Description Command Defaults If sid is not specified priority will be shown for Spanning Tree 0 Command Type Switch command Command Mode Read Only Example This example shows how to show the bridge priority for Spanning Tree 0 sid Optional Displays the priority for a specific Spanning Tree Valid values are 0 4094 If not specified SID 0 is assumed Matrix rw show spantree priority B...

Page 465: ...yntax Description Command Defaults If sid is not specified priority will be set on Spanning Tree 0 Command Type Switch command Command Mode Read Write Examples This example shows how to set the bridge priority to 1 on all SIDs with 8021t priority mode enabled priority Specifies the priority of the bridge Valid values are from 0 to 65535 with the numerical value of 0 indicating highest priority and...

Page 466: ...to set the bridge priority to 10000 on all SIDs with 8021t priority mode enabled This example shows how to set the bridge priority to 1000 on all SIDs with 8021t priority mode enabled Matrix rw set spantree priority 15 Bride Priority has been translated to incremental step of 61440 Matrix rw set spantree priority 4000 Bride Priority has been rounded up to 4096 from 4000 Matrix rw set spantree prio...

Page 467: ...ault value of 32768 clear spantree priority sid Syntax Description Command Defaults If sid is not specified priority will be reset on Spanning Tree 0 Command Type Switch command Command Mode Read Write Example This example shows how to reset the bridge priority on SID 1 sid Optional Resets the priority on a specific Spanning Tree Valid values are 0 4094 If not specified SID 0 is assumed Matrix rw ...

Page 468: ...s being used When disabled per port administrative hello times are being used show spantree bridgehellomode Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Only Example This example shows how to display the Spanning Tree bridge hello mode In this case a single bridge hello mode has been enabled using the set spantree bridgehellomode command as described ...

Page 469: ...on Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to disable single Spanning Tree hello mode on the device Per port hello times can now be configured using the set spantree porthellomode command as described in Section 6 2 2 13 enable Enables single Spanning Tree bridge hello mode disable Disables single Spanning Tree bridge hello mode allo...

Page 470: ...bridgehellomode Use this command to reset the Spanning Tree administrative hello mode to enabled clear spantree bridgehellomode Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to reset the Spanning Tree bridge hello mode to enabled Matrix rw clear spantree bridgehellomode ...

Page 471: ...30 show spantree hello Use this command to display the Spanning Tree hello time show spantree hello Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Only Example This example shows how to display the Spanning Tree hello time Matrix rw show spantree hello Bridge Hello Time is set to 2 seconds ...

Page 472: ...will transmit BPDUs indicating it is active set spantree hello interval Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to globally set the Spanning Tree hello time to 10 seconds interval Specifies the number of seconds the system waits before broadcasting a bridge hello message a multicast message indicating that the syst...

Page 473: ...clear spantree hello Use this command to reset the Spanning Tree hello time to the default value of 2 seconds clear spantree hello Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to globally reset the Spanning Tree hello time Matrix rw clear spantree hello ...

Page 474: ...ntree maxage Use this command to display the Spanning Tree maximum aging time show spantree maxage Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Only Example This example shows how to display the Spanning Tree maximum aging time Matrix rw show spantree maxage Bridge Max Age Time is set to 20 seconds ...

Page 475: ... at regular intervals Any port that ages out STP information provided in the last configuration message becomes the designated port for the attached LAN If it is a root port a new root port is selected from among the device ports attached to the network set spantree maxage agingtime Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example sh...

Page 476: ...spantree maxage Use this command to reset the maximum aging time for a Spanning Tree to the default value of 20 seconds clear spantree maxage Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to globally reset the maximum aging time Matrix rw clear spantree maxage ...

Page 477: ...e fwddelay Use this command to display the Spanning Tree forward delay time show spantree fwddelay Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Only Example This example shows how to display the Spanning Tree forward delay time Matrix rw show spantree fwddelay Bridge Forward Delay is set to 15 seconds ...

Page 478: ...vice must receive information about topology changes before it starts to forward frames In addition each port needs time to listen for conflicting information that would make it return to a blocking state otherwise temporary data loops might result set spantree fwddelay delay Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how...

Page 479: ... spantree fwddelay Use this command to reset the Spanning Tree forward delay to the default setting of 15 seconds clear spantree fwddelay Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to globally reset the bridge forward delay Matrix rw clear spantree fwddelay ...

Page 480: ...dge Use this command to display the status of automatic edge port detection show spantree autoedge Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Only Example This example shows how to display the status of the automatic edge port detection function Matrix rw show spantree autoedge autoEdge is currently enabled ...

Page 481: ...nd to enable or disable the automatic edge port detection function set spantree autoedge disable enable Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to disable automatic edge port detection disable enable Disables or enables automatic edge port detection Matrix rw set spantree autoedge disable ...

Page 482: ... spantree autoedge Use this command to reset automatic edge port detection to the default state of enabled clear spantree autoedge Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to reset automatic edge port detection to enabled Matrix rw clear spantree autoedge ...

Page 483: ...athcost Use this command to display the default Spanning Tree path cost setting show spantree legacypathcost Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Only Example This example shows how to display the default Spanning Tree path cost setting Matrix rw show spantree legacypathcost Legacy Path Cost is disabled ...

Page 484: ... Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to set the default path cost values to 802 1D NOTE By default legacy path cost is disabled Enabling the device to calculate legacy path costs affects the range of valid values that can be entered in the set spantree adminpathcost command Section 6 2 2 17 disable enable Enables or d...

Page 485: ...legacypathcost Use this command to set the Spanning Tree default value for legacy path cost to 802 1t values clear spantree legacypathcost Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to set the default path cost values to 802 1t Matrix rw clear spantree legacypathcost ...

Page 486: ...ay the status of topology change trap suppression on Rapid Spanning Tree edge ports show spantree tctrapsuppress Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Only Example This example shows how to display the status of topology change trap suppression Matrix rw show spantree tctrapsuppress Topology change trap suppression is currently enabled ...

Page 487: ...m sending topology change traps This is because there is usually no need for network management to monitor edge port STP transition states such as when PCs are powered on When topology change trap suppression is disabled all ports including edge and bridge ports will transmit topology change traps set spantree tctrapsupress disable enable edgedisable Syntax Description Command Defaults None Comman...

Page 488: ... spantree tctrapsuppress Use this command to clear topology change trap suppression settings clear spantree tctrapsuppress Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to clear topology change trap suppression settings Matrix rw clear spantree tctrapsuppress ...

Page 489: ...show spantree txholdcount Use this command to display the maximum BPDU transmission rate show spantree txholdcount Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Only Example This example shows how to display the transmit hold count setting Matrix rw show spantree txholdcount Tx hold count 3 ...

Page 490: ...mitted before transmissions are subject to a one second timer set spantree txholdcount txholdcount Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to globally set the transmit hold count to 5 txholdcount Specifies the maximum number of BPDUs to be transmitted before transmissions are subject to a one second timer Valid val...

Page 491: ...1 50 clear spantree txholdcount Use this command to reset the transmit hold count to the default value of 6 clear spantree txholdcount Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to reset the transmit hold count Matrix rw clear spantree txholdcount ...

Page 492: ...spantree maxhops Use this command to display the Spanning Tree maximum hop count show spantree maxhops Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Only Example This example shows how to display the Spanning Tree maximum hop count Matrix rw show spantree maxhops Bridge Max Hop count is set to 20 ...

Page 493: ...mation for a particular Spanning Tree instance may traverse via relay of BPDUs within the applicable MST region before being discarded set spantree maxhops max_hop_count Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to set the maximum hop count to 40 max_hop_count Specifies the maximum number of hops allowed Valid values...

Page 494: ...6 2 1 53 clear spantree maxhops Use this command to reset the maximum hop count to the default value of 20 clear spantree maxhops Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to reset the maximum hop count to 20 Matrix rw clear spantree maxhops ...

Page 495: ... spanguard Use this command to display the status of the Spanning Tree span guard function show spantree spanguard Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Only Example This example shows how to display the span guard function status Matrix rw show spantree spanguard spanguard is currently disabled ...

Page 496: ...en that port has been defined as an edge user port as described in Section 6 2 2 20 This port will remain disabled until the amount of time defined by the set spantree spanguardtimeout Section 6 2 1 58 has passed since the last seen BPDU or the port is manually unlocked as described in Section 6 2 1 61 set spantree spanguard enable disable Syntax Description Command Defaults None Command Type Swit...

Page 497: ...e spanguard Use this command to resets the status of the Spanning Tree span guard function to disabled clear spantree spanguard Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to reset the status of the span guard function to disabled Matrix rw clear spantree spanguard ...

Page 498: ...imeout Use this command to display the Spanning Tree span guard timeout setting show spantree spanguardtimeout Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Only Example This example shows how to display the span guard timeout setting Matrix rw show spantree spanguardtimeout spanguard timeout is set at 300 seconds ...

Page 499: ...time in seconds an edge port will remain locked by the span guard function set spantree spanguardtimeout timeout Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to set the span guard timeout to 600 seconds timeout Specifies a timeout value in seconds Valid values are 0 forever to 65535 Matrix rw set spantree spanguardtimeo...

Page 500: ...ardtimeout Use this command to reset the Spanning Tree span guard timeout to the default value of 300 seconds clear spantree spanguardtimeout Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to reset the span guard timeout to 300 seconds Matrix rw clear spantree spanguardtimeout ...

Page 501: ...antree spanguardlock port string Syntax Description Command Defaults None Command Type Switch command Command Mode Read Only Example This example shows how to display the span guard lock status for ge 2 1 port string Specifies the port s for which to show span guard lock status For a detailed description of possible port string values refer to Section 4 1 1 Matrix rw show spantree spanguardlock ge...

Page 502: ...ks ports that receive BPDUs when those ports have been defined as edge user ports as described in Section 6 2 2 20 clear spantree spanguardlock port string set spantree spanguardlock port string Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to unlock port fe 1 16 port string Specifies port s to unlock For a detailed desc...

Page 503: ...e this command to displays the state of the Spanning Tree span guard trap function show spantree spanguardtrapenable Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Only Example This example shows how to display the state of the span guard trap function Matrix rw show spantree spanguardtrapenable Span Guard Trap is set to enable ...

Page 504: ...MP trap message when span guard detects that an unauthorized port has tried to join the Spanning Tree set spantree spanguardtrapenable disable enable Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to disable the span guard trap function disable enable Disables or enables the span guard trap function Matrix rw set spantree...

Page 505: ...able Use this command to reset the Spanning Tree span guard trap function back to the default state of enabled clear spantree spanguardtrapenable Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to reset the span guard trap function to enabled Matrix rw clear spantree spanguardtrapenable ...

Page 506: ...tree backuproot sid Syntax Description Command Defaults If sid is not specified status will be shown for Spanning Tree 0 Command Type Switch command Command Mode Read Only Example This example shows how to display the status of the backup root function on SID 0 sid Optional Displays status for a specific Spanning Tree Valid values are 0 4094 If not specified SID 0 is assumed Matrix rw show spantre...

Page 507: ...oot bridge is lost If this happens the backup root will dynamically lower its bridge priority so that it will be selected as the new root over the lost root bridge set spantree backuproot sid enable disable Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to enable the backup root function on SID 2 sid Specifies the Spannin...

Page 508: ...ree backup root function to the default state of disabled clear spantree backuproot sid Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to reset the backup root function to disabled on SID 2 sid Specifies the Spanning Tree on which to reset the backup root function Valid values are 0 4094 Matrix rw clear spantree backuproo...

Page 509: ...this command to display the state of the Spanning Tree backup root trap function show spantree backuproottrapenable Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Only Example This example shows how to display the status of the backup root trap function Matrix rw show spantree backuproottrapenable Backup Root Trap is set to enable ...

Page 510: ...rap messageing is configured this sends a trap message when the back up root function makes a Spanning Tree the new root of the network set spantree backuproottrapenable enable disable Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to enable the backup root trap function enable disable Enables or disables the backup root ...

Page 511: ...rapenable Use this command to resets the Spanning Tree backup root trap function to the default state of disabled clear spantree backuproottrapenable Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to reset the backup root trap function Matrix rw clear spantree backuproottrapenable ...

Page 512: ...e Use this command to display the state of the Spanning Tree new root trap function show spantree newroottrapenable Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Only Example This example shows how to display the status of the new root trap function Matrix rw show spantree newroottrapenable New Root Trap is set to enable ...

Page 513: ...on When SNMP trap messaging is configured this sends a trap message when a Spanning Tree becomes the new root of the network set spantree newroottrapenable enable disable Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to enable the new root trap function enable disable Enables or disables the backup root trap function Mat...

Page 514: ...penable Use this command to reset the Spanning Tree new root trap function back to the default state of enabled clear spantree newroottrapenable Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to reset the new root trap function to enabled Matrix rw clear spantree newroottrapenable ...

Page 515: ...g Tree clear spantree default sid Syntax Description Command Defaults If sid is not specified defaults will be restored on Spanning Tree 0 Command Type Switch command Command Mode Read Write Example This example shows how to restore Spanning Tree defaults on SID 1 sid Optional Restores defaults on a specific Spanning Tree Valid values are 0 4094 If not specified SID 0 is assumed Matrix rw clear sp...

Page 516: ...formation will be displayed If sid is not specified debug counters will be displayed for Spanning Tree 0 Command Type Switch command Command Mode Read Only port port string Optional Displays debug counters for specific port s For a detailed description of possible port string values refer to Section 4 1 1 sid sid Optional Displays the debug counters for a specific Spanning Tree identifier Valid va...

Page 517: ...BPDU Rx Count 0 STP TC BPDU Tx Count 0 RST BPDU Rx Count 81812 RST BPDU Tx Count 790319 RST TC BPDU Rx Count 2131 RST TC BPDU Tx Count 26623 MST BPDU Rx Count 0 MST BPDU Tx Count 0 MST CIST TC BPDU Rx Count 0 MST CIST TC BPDU Tx Count 0 STP Diagnostic Port Counters for Interface Number lag 0 3 Port Role RootPort Message Expiration Count 4 Invalid BPDU Count 0 STP BPDU Rx Count 0 STP BPDU Tx Count ...

Page 518: ...ration Guide 6 2 1 76 clear spantree debug Use this command to clear Spanning Tree debug counters clear spantree debug Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to clear Spanning Tree debug counters Matrix rw clear spantree debug ...

Page 519: ...e listed below and described in the associated section as shown show spantree portenable Section 6 2 2 1 set spantree portenable Section 6 2 2 2 clear spantree portenable Section 6 2 2 3 show spantree portadmin Section 6 2 2 4 set spantree portadmin Section 6 2 2 5 clear spantree portadmin Section 6 2 2 6 set spantree protomigration Section 6 2 2 7 show spantree portstate Section 6 2 2 8 show span...

Page 520: ...how spantree adminedge Section 6 2 2 19 set spantree adminedge Section 6 2 2 20 clear spantree adminedge Section 6 2 2 21 show spantree operedge Section 6 2 2 22 show spantree adminpoint Section 6 2 2 23 show spantree operpoint Section 6 2 2 24 set spantree adminpoint Section 6 2 2 25 clear spantree adminpoint Section 6 2 2 26 ...

Page 521: ...port string Syntax Description Command Defaults If port string is not specified status will be displayed for all ports Command Type Switch command Command Mode Read Only Example This example shows how to display status for port fe 1 12 port port string Optional Displays status for specific port s For a detailed description of possible port string values refer to Section 4 1 1 Matrix rw show spantr...

Page 522: ...ee portenable port string enable disable Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to enable Spanning Tree port fe 1 12 port string Specifies the port s to enable or disable For a detailed description of possible port string values refer to Section 4 1 1 enable disable Enables or disables the Spanning Tree port Matri...

Page 523: ...ing Tree ports to enabled clear spantree portenable port string Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to reset the default Spanning Tree port status value to enabled on fe 1 12 port string Specifies port s to reset For a detailed description of possible port string values refer to Section 4 1 1 Matrix rw clear sp...

Page 524: ...port port string Syntax Description Command Defaults If port string is not specified status will be displayed for all ports Command Type Switch command Command Mode Read Only Example This example shows how to display port admin status for fe 1 7 port port string Optional Displays status for specific port s For a detailed description of possible port string values refer to Section 4 1 1 Matrix rw s...

Page 525: ...ee portadmin port string disable enable Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to disable Spanning Tree on fe 1 5 port string Specifies the port s for which to enable or disable Spanning Tree For a detailed description of possible port string values refer to Section 4 1 1 disable enable Disables or enables Spannin...

Page 526: ...n one or more ports clear spantree portadmin port string Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to reset the default Spanning Tree admin state to enable on fe 1 12 port string Resets the default admin status on specific port s For a detailed description of possible port string values refer to Section 4 1 1 Matrix ...

Page 527: ...ort to transmit MSTP BPDUs set spantree protomigration port string true Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to reset the protocol state migration machine on fe 1 12 port string Specifies the port s for which protocol migration mode will be enabled For a detailed description of possible port string values refer ...

Page 528: ...g Tree ports If sid is not specified current port state will be displayed for Spanning Tree 0 Command Type Switch command Command Mode Read Only Example This example shows how to display the Spanning Tree state for fe 1 7 port port string Optional Displays the Spanning Tree state for specific Spanning Tree port s For a detailed description of possible port string values refer to Section 4 1 1 sid ...

Page 529: ...y of the bridged LAN It receives Spanning Tree configuration messages but does not forward packets show spantree blockedports sid Syntax Description Command Defaults If sid is not specified blocked ports will be displayed for Spanning Tree 0 Command Type Switch command Command Mode Read Only Example This example shows how to display blocked ports on SID 1 sid Optional Displays blocked ports on a s...

Page 530: ...ort priority will be displayed for all Spanning Tree ports If sid is not specified port priority will be displayed for Spanning Tree 0 Command Type Switch command Command Mode Read Only Example This example shows how to display the port priority for fe 2 7 port port string Optional Specifies the port s for which to display Spanning Tree priority For a detailed description of possible port string v...

Page 531: ...de Read Write Example This example shows how to set the priority of fe 1 3 to 240 on SID 1 port string Specifies the port s for which to set Spanning Tree port priority For a detailed description of possible port string values refer to Section 4 1 1 priority Specifies a number that represents the priority of a link in a Spanning Tree bridge Valid values are from 0 to 240 in increments of 16 with 0...

Page 532: ...s not specified port priority will be set for Spanning Tree 0 Command Type Switch command Command Mode Read Write Example This example shows how to reset the priority of fe 1 3 to 128 on SID 1 port string Specifies the port s for which to set Spanning Tree port priority For a detailed description of possible port string values refer to Section 4 1 1 sid sid Optional Resets the port priority for a ...

Page 533: ...scription Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to set the hello time to 3 seconds for port fe 1 4 NOTE This command can be executed only if bridge hello mode is disabled For information on using the set spantree bridgehellomode command refer to Section 6 2 1 28 port string Specifies the port s for which to set hello time interval ...

Page 534: ...ello time for one or more Spanning Tree ports to the default of 2 seconds clear spantree porthello port string Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to reset the hello time to 2 seconds for port fe 1 4 port string Specifies the port s for which to reset hello time Matrix rw clear spantree porthello fe 1 4 ...

Page 535: ...panning Tree ports If sid is not specified port cost will be displayed for all Spanning Trees Command Type Switch command Command Mode Read Only Example This example shows how to display the port cost for fe 2 5 port port string Optional Displays cost values for specific port s For a detailed description of possible port string values refer to Section 4 1 1 sid sid Optional Displays port cost for ...

Page 536: ...ed If sid is not specified admin path cost for Spanning Tree 0 will be displayed Command Type Switch command Command Mode Read Only Example This example shows how to display the admin path cost for fe 3 4 on SID 1 port port string Optional Displays the admin path cost value for specific port s For a detailed description of possible port string values refer to Section 4 1 1 sid sid Optional Display...

Page 537: ...D 1 NOTE By default this value is set to 0 which forces the port to recalculate Spanning Tree path cost based on the speed of the port and whether or not legacy path cost is enabled For details on using the set spantree legacypathcost command refer to Section 6 2 1 43 port string Specifies the port s on which to set an admin path cost For a detailed description of possible port string values refer...

Page 538: ... sid is not specified admin path cost will be reset for Spanning Tree 0 Command Type Switch command Command Mode Read Write Example This example shows how to reset the admin path cost to 0 for fe 3 2 on SID 1 port string Specifies the port s for which to reset admin path cost For a detailed description of possible port string values refer to Section 4 1 1 sid sid Optional Resets the admin path cos...

Page 539: ...d Defaults If port string is not specified edge port administrative status will be displayed for all Spanning Tree ports Command Type Switch command Command Mode Read Only Example This example shows how to display the edge port status for fe 3 2 port string Optional Displays edge port administrative status for specific port s For a detailed description of possible port string values refer to Secti...

Page 540: ...pantree adminedge port string true false Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to set fe 1 11 as an edge port port string Specifies the edge port For a detailed description of possible port string values refer to Section 4 1 1 true false Enables true or disables false the specified port as a Spanning Tree edge po...

Page 541: ...rt to non edge status clear spantree adminedge port string Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to reset fe 1 11 as a non edge port port string Specifies port s on which to reset edge port status For a detailed description of possible port string values refer to Section 4 1 1 Matrix rw clear spantree adminedge f...

Page 542: ... Command Defaults If port string is not specified edge port operating status will be displayed for all Spanning Tree ports Command Type Switch command Command Mode Read Only Example This example shows how to display the edge port status for fe 2 7 port port string Optional Displays edge port operating status for specific port s For a detailed description of possible port string values refer to Sec...

Page 543: ...x Description Command Defaults If port string is not specified status will be displayed for all Spanning Tree port s Command Type Switch command Command Mode Read Only Example This example shows how to display the point to point status of the LAN segment attached to fe 2 7 port port string Optional Displays point to point status for specific port s For a detailed description of possible port strin...

Page 544: ...ion Command Defaults If not specified status will be displayed for all ports Command Type Switch command Command Mode Read Only Example This example shows how to display the point to point status operating of the LAN segment attached to fe 2 7 port port string Optional Displays point to point operating status for specific port s For a detailed description of possible port string values refer to Se...

Page 545: ...ode Read Write Example This example shows how to set the LAN attached to fe 1 3 as a point to point segment port string Specifies the port on which to set point to point protocol status For a detailed description of possible port string values refer to Section 4 1 1 true false auto Specifies the point to point status of the LAN attached to the specified port true forces the port to be considered p...

Page 546: ...hed to a Spanning Tree port to auto mode clear spantree adminpoint port string Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to reset point to point status to auto on fe 2 3 port string Specifies port s on which to reset point to point protocol status For a detailed description of possible port string values refer to Sec...

Page 547: ...ers are listed below and described in the associated section as shown set spantree lp Section 6 2 3 1 show spantree lp Section 6 2 3 2 clear spantree lp Section 6 2 3 3 show spantree lplock Section 6 2 3 4 clear spantree lplock Section 6 2 3 5 set spantree lpcapablepartner Section 6 2 3 6 show spantree lpcapablepartner Section 6 2 3 7 clear spantree lpcapablepartner Section 6 2 3 8 set spantree lp...

Page 548: ... Protect Features 6 120 Matrix NSA Series Configuration Guide set spantree disputedbpduthreshold Section 6 2 3 18 show spantree disputedbpduthreshold Section 6 2 3 19 clear spantree disputedbpduthreshold Section 6 2 3 20 show spantree nonforwardingreason Section 6 2 3 21 ...

Page 549: ...r per port STP enable disable portAdmin Normally portAdmin disabled would cause a port to go immediately to forwarding If Loop Protect is enabled that port should go to listening and remain there Example This example shows how to enable Loop Protect on fe 2 3 port string Specifies port s on which to enable or disable the Loop Protect feature For a detailed description of possible port string value...

Page 550: ...no SID is specified SID 0 is assumed Command Type Switch command Command Mode Read Only Example This example shows how to display Loop Protect status on fe 2 3 port string Optional Specifies port s for which to display the Loop Protect feature status For a detailed description of possible port string values refer to Section 4 1 1 sid sid Optional Specifies the specific Spanning Tree s for which to...

Page 551: ...ts If no SID is specified SID 0 is assumed Command Type Switch command Command Mode Read Write Example This example shows how to return the Loop Protect state on fe 2 3 to disabled port string Specifies port s for which to clear the Loop Protect feature status For a detailed description of possible port string values refer to Section 4 1 1 sid sid Optional Specifies the specific Spanning Tree s fo...

Page 552: ... show spantree lplock port port string sid sid Syntax Description Command Defaults If no port string is specified status is displayed for all ports If no SID is specified SID 0 is assumed Command Type Switch command Command Mode Read Only Example This example shows how to display Loop Protect lock status on ge 1 1 port string Optional Specifies port s for which to display the Loop Protect lock sta...

Page 553: ... Read Only Example This example shows how to clear Loop Protect lock from ge 1 1 port string Specifies port s for which to clear the Loop Protect lock For a detailed description of possible port string values refer to Section 4 1 1 sid sid Optional Specifies the specific Spanning Tree s for which to clear the Loop Protect lock Valid values are 0 4094 If not specified SID 0 is assumed Matrix rw sho...

Page 554: ... the value is false then there is some ambiguity as to whether an Active Partner timeout is due to a loop protection event or is a normal situation due to the fact that the partner port does not transmit Alternate Agreement BPDUs Therefore a conservative approach is taken in that designated ports will not be allowed to forward unless receiving agreements from a port with root role This type of tim...

Page 555: ...Set Configuring Spanning Tree Loop Protect Features Matrix NSA Series Configuration Guide 6 127 Example This example shows how to set the Loop Protect capable partner to true for ge 1 1 Matrix rw set spantree lpcapablepartner ge 1 1 true ...

Page 556: ...aults If no port string is specified Loop Protect capability for link partners is displayed for all ports Command Type Switch command Command Mode Read Only Example This example shows how to display the Loop Protect partner capability for ge 1 1 port string Optional Specifies port s for which to display Loop Protect capability for its link partner For a detailed description of possible port string...

Page 557: ... of false clear spantree lpcapablepartner port string Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to reset the Loop Protect partner capability for ge 1 1 port string Specifies port s for which to clear their link partners Loop Protect capability reset to false For a detailed description of possible port string values r...

Page 558: ...teger variable that provides protection in the case of intermittent failures The default value is 3 If the event counter reaches the threshold within a given period the event window then the port for the given SID becomes locked that is held indefinitely in the blocking state If the threshold is 0 the ports are never locked Example This example shows how to set the Loop Protect threshold value to ...

Page 559: ...ld Use this command to display the current value of the Loop Protect event threshold show spantree lpthreshold Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Only Example This example shows how to display the current Loop Protect threshold value Matrix rw show spantree lpthreshold LoopProtect event threshold is set to 4 ...

Page 560: ...ee lpthreshold Use this command to return the Loop Protect event threshold to its default value of 3 clear spantree lpthreshold Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to reset the Loop Protect event threshold to the default of 3 Matrix rw clear spantree lpthreshold ...

Page 561: ...t Window is a timer value in seconds that defines a period during which Loop Protect events are counted The default value is 180 seconds If the timer is set to 0 the event counter is not reset until the Loop Protect event threshold is reached If the threshold is reached that constitutes a loop protection event Example This example shows how to set the Loop Protect event window to 120 seconds value...

Page 562: ...window Use this command to display the current Loop Protect event window value show spantree lpwindow Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Only Example This example shows how to display the current Loop Protect window value Matrix rw show spantree lpwindow LoopProtect event window is set to 120 seconds ...

Page 563: ... lpwindow Use this command to reset the Loop Protect event window to the default value of 180 seconds clear spantree lpwindow Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to reset the Loop Protect event window to the default of 180 seconds Matrix rw clear spantree lpwindow ...

Page 564: ...Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Usage Loop Protect traps are sent when a Loop Protect event occurs that is when a port goes to listening due to not receiving BPDUs The trap indicates port SID and loop protection status Example This example shows how to enable sending of Loop Protect traps enable disable Enable or disable the sending of L...

Page 565: ...se this command to display the current status of Loop Protect event notification show spantree lptrapenable Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Only Example This example shows how to display the current Loop Protect event notification status Matrix rw show spantree lptrapenable LoopProtect event traps are enabled ...

Page 566: ...e this command to return the Loop Protect event notification state to its default state of disabled clear spantree lptrapenable Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to reset the Loop Protect event notification state to the default of disabled Matrix rw clear spantree lptrapenable ...

Page 567: ...to the listening state Refer to the 802 1Q 2005 standard IEEE Standard for Local and Metropolitan Area Networks Virtual Bridged Local Area Networks for a full description of the dispute mechanism which prevents looping in cases of one way communication The disputed BPDU threshold is an integer variable that represents the number of disputed BPDUs that must be received on a given port SID until a d...

Page 568: ... Command Set Configuring Spanning Tree Loop Protect Features 6 140 Matrix NSA Series Configuration Guide Example This example shows how to set the disputed BPDU threshold value to 5 Matrix rw set spantree disputedbpduthreshold 5 ...

Page 569: ...hold Use this command to display the current value of the disputed BPDU threshold show spantree disputedbpduthreshold Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Only Example This example shows how to display the current disputed BPDU threshold Matrix rw show spantree disputedbpduthreshold Disputed BPDU threshold is set to 0 ...

Page 570: ...mmand to return the disputed BPDU threshold to its default value of 0 meaning that disputed BPDU traps should not be sent clear spantree disputedbpduthreshold Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to reset the disputed BPDU threshold to the default of 0 Matrix rw clear spantree disputedbpduthreshold ...

Page 571: ... Mode Read Only Usage Exceptional conditions causing a port to be placed in listening or blocking state include a Loop Protect event receipt of disputed BPDUs and loopback detection Example This example shows how to display the non forwarding reason on ge 1 1 port string Optional Specifies port s for which to display the non forwarding reason For a detailed description of possible port string valu...

Page 572: ...Spanning Tree Configuration Command Set Configuring Spanning Tree Loop Protect Features 6 144 Matrix NSA Series Configuration Guide ...

Page 573: ...into logical groups and control the flow of that traffic through the network Once the traffic and in effect the users creating the traffic are assigned to a VLAN then broadcast and multicast traffic is contained within the VLAN and users can be allowed or denied access to any of the network s resources Also some or all of the ports on the device can be configured as GVRP ports which enable frames ...

Page 574: ...nd name VLANs Section 7 3 2 3 Assign port VLAN IDs and ingress filtering Section 7 3 3 4 Configure VLAN Egress Section 7 3 4 5 Create a secure management VLAN Section 7 3 5 6 Enable Disable GVRP GARP VLAN Registration Protocol Section 7 3 6 Preparing for VLAN Configuration A little forethought and planning is essential to a good VLAN implementation Before attempting to configure a single device fo...

Page 575: ...a list of VLANs currently configured on the device to determine how one or more VLANs were created the ports allowed and disallowed to transmit traffic belonging to VLAN s and if those ports will transmit the traffic with a VLAN tag included Command The command needed to review existing VLANs is listed below and described in the associated section as shown show vlan Section 7 3 1 1 ...

Page 576: ...ic and dynamic VLANs will be displayed Command Type Switch command Command Mode Read Only static Optional Displays information related to static VLANs Static VLANs are manually created using the set vlan command Section 7 3 2 1 SNMP MIBs or the WebView management application The default VLAN VLAN 1 is always statically configured and can t be deleted Only ports that use a specified VLAN as their d...

Page 577: ...AULT VLAN Status Enabled VLAN Type Permanent FID 1 Creation Time 4 days 9 hours 4 minutes 50 seconds ago Egress Ports host 0 1 fe 1 1 10 ge 2 1 4 fe 3 1 7 lag 0 1 32 Forbidden Egress Ports None Untagged Ports host 0 1 fe 1 1 10 ge 2 1 4 fe 3 1 7 lag 0 1 32 Table 7 1 show vlan Output Details Output What It Displays VLAN VLAN ID NAME Name assigned to the VLAN Status Whether it is enabled or disabled...

Page 578: ...ng Static VLANs Purpose To create a new static VLAN or to enable or disable existing VLAN s Commands The commands used to create and name static VLANs are listed below and described in the associated section as shown set vlan Section 7 3 2 1 set vlan name Section 7 3 2 2 clear vlan Section 7 3 2 3 clear vlan name Section 7 3 2 4 ...

Page 579: ...Command Type Switch command Command Mode Read Write Examples This example shows how to create VLAN 3 This example shows how to disable VLAN 3 NOTES Each VLAN ID must be unique If a duplicate VLAN ID is entered the device assumes that the Administrator intends to modify the existing VLAN Enter the VLAN ID using a unique number between 2 and 4094 The VLAN IDs of 0 1 and 4094 and higher may not be us...

Page 580: ... new or existing VLAN set vlan name vlan list vlan name Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to set the name for VLAN 7 to green vlan list Specifies the VLAN ID of the VLAN s to be named vlan name Specifies the string used as the name of the VLAN 1 to 32 characters Matrix rw set vlan name 7 green ...

Page 581: ...move a static VLAN from the list of VLANs recognized by the device clear vlan vlan list Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to remove a static VLAN 9 from the device s VLAN list vlan list Specifies the VLAN ID of the VLAN s to be removed Matrix rw clear vlan 9 ...

Page 582: ...ommand to remove the name of a VLAN from the VLAN list clear vlan name vlan list Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to clear the name for VLAN 9 vlan list Specifies the VLAN ID of the VLAN s for which the name will be cleared Matrix rw clear vlan name 9 ...

Page 583: ... PVID override has been enabled for a policy profile and assigned to port s associated with the PVID as described in Section 8 3 1 2 For more information about configuring user policy profiles including PVID override protocol based policy classification a VLAN or Class of Service and assigning ports to policy profiles refer to Chapter 8 Purpose To assign default VLAN IDs to untagged frames on one ...

Page 584: ...tion Command Set Assigning Port VLAN IDs PVIDs and Ingress Filtering 7 12 Matrix NSA Series Configuration Guide show port discard Section 7 3 3 9 set port discard Section 7 3 3 10 clear port discard Section 7 3 3 11 ...

Page 585: ...t specified port VLAN information for all ports will be displayed Command Type Switch command Command Mode Read Only Example This example shows how to display PVIDs assigned to Fast Ethernet ports 1 through 6 in port group 2 In this case untagged frames received on these ports will be classified to VLAN 1 port string Optional Displays PVID information for specific port s For a detailed description...

Page 586: ...g pvid modify egress no modify egress Syntax Description Command Defaults If not specified the egress list will be modified Command Type Switch command Command Mode Read Write NOTE For information on how to configure protocol based policy classification to a VLAN including how to configure a VLAN policy to override PVID refer to Chapter 8 port string Specifies the port s for which to configure a V...

Page 587: ... add fe 1 10 to the port VLAN list of VLAN 4 PVID 4 Since VLAN 4 is a new VLAN it is created Then port fe 1 10 is added to VLAN 4 s untagged egress list and is cleared from the egress list of VLAN 1 the default VLAN Matrix rw set port vlan fe 1 10 4 Matrix rw set vlan 4 create Matrix rw set vlan egress 4 fe 1 10 untagged Matrix rw clear vlan egress 1 fe 1 10 ...

Page 588: ...D 1 clear port vlan port string Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to reset the Fast Ethernet ports 3 and 11 in port group 1 to a VLAN ID of 1 Host VLAN port string Specifies the port s to be reset to the host VLAN ID 1 For a detailed description of possible port string values refer to Section 4 1 1 Matrix rw ...

Page 589: ... Command Mode Read Only Example This example shows how to display the interface entry for VLAN 1 Table 7 2 provides an explanation of the command output vlan list Displays the MIB2 interface entry for specific VLAN s Matrix rw show vlan interface 1 VLAN Port Storage Type 1 vlan 0 1 non volatile Table 7 2 show vlan interface Output Details Output What It Displays VLAN VLAN ID Port Port string desig...

Page 590: ...e created as nonvolatile Command Type Switch command Command Mode Read Write Example This example shows how to create a volatile interface entry mapped to VLAN 1 vlan list Specifies the VLAN s for which an interface entry will be created disabled or enabled create disable enable Creates disables or enables an interface entry volatile Optional When the create keyword is used stores the entry as a v...

Page 591: ...mmand to clear the MIB II interface entry mapped to a VLAN clear vlan interface vlan list Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to clear the interface entry mapped to VLAN 1 vlan list Specifies the VLAN s for which an interface entry will be cleared Matrix rw clear vlan interface 1 ...

Page 592: ...ax Description Command Defaults If port string is not specified ingress filtering status for all ports will be displayed Command Type Switch command Command Mode Read Only Example This example shows how to display the port ingress filter status for Fast Ethernet ports 10 through 15 in port group 1 In this case the ports are disabled for ingress filtering port string Optional Specifies the port s f...

Page 593: ...n the port s egress list then the frame is dropped Ingress filtering is implemented according to the IEEE 802 1Q standard set port ingress filter port string disable enable Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to enable port ingress filtering on Fast Ethernet port 3 in port group 1 port string Specifies the port...

Page 594: ...how port discard port string Syntax Description Command Defaults If port string is not specified frame discarded mode will be displayed for all ports Command Type Switch command Command Mode Read Only Example This example shows how to display the frame discard mode for Fast Ethernet port 7 in port group 2 In this case the port has been set to discard all tagged frames port string Optional Displays...

Page 595: ... Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to set Fast Ethernet port 7 in port group 2 to discard both tagged and untagged frames port string Specifies the port s for which to set frame discard mode For a detailed description of possible port string values refer to Section 4 1 1 tagged untagged none both Sets the port s to discard tagg...

Page 596: ...none clear port discard port string Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to reset Fast Ethernet port 7 in module port group 2 to the default discard mode of none port string Specifies the port s for which to reset frame discard mode For a detailed description of possible port string values refer to Section 4 1 1...

Page 597: ...ough dynamic mechanisms i e GVRP policy classification or Enterasys dynamic egress Setting a port to forbidden prevents it from participating in the specified VLAN and ensures that any dynamic requests either through GVRP or dynamic egress for the port to join the VLAN will be ignored Setting a port to untagged allows it to transmit frames without a tag header This setting is usually used to confi...

Page 598: ...mple shows you how to show VLAN egress information for Fast Ethernet ports 1 through 3 in port group 1 In this case all three ports are allowed to transmit VLAN 1 frames as tagged and VLAN 10 frames as untagged Both are static VLANs port string Optional Displays VLAN membership for specific port s For a detailed description of possible port string values refer to Section 4 1 1 Matrix rw show port ...

Page 599: ...ows how to add Fast Ethernet ports 5 through 10 in port group 1 to the egress list of VLAN 7 This means that these ports will transmit VLAN 7 frames as tagged vlan list Specifies the VLAN where a port s will be added to the egress list port string Specifies one or more ports to add to the VLAN egress list of the specified vlan list For a detailed description of possible port string values refer to...

Page 600: ...hows how to forbid Fast Ethernet ports 13 through 15 in port group 1 from joining VLAN 7 and disallow egress on those ports This example shows how to allow Fast Ethernet port 2 in port group 1 to transmit VLAN 7 frames as untagged Matrix rw set vlan egress 7 fe 1 13 15 forbidden Matrix rw set vlan egress 7 fe 1 2 untagged ...

Page 601: ...t group 3 from the egress list of VLAN 9 This example shows how to remove all Fast Ethernet ports in port group 2 from the egress list of VLAN 4 vlan list Specifies the number of the VLAN from which a port s will be removed from the egress list port string Specifies one or more ports to be removed from the VLAN egress list of the specified vlan list For a detailed description of possible port stri...

Page 602: ...ist Syntax Description Command Defaults If vlan list is not specified status for all VLANs where dynamic egress is enabled will be displayed Command Type Switch command Command Mode Read Only Example This example shows how to display which VLANs are enabled for dynamic egress vlan list Optional Displays dynamic egress status for specific VLAN s Matrix rw show vlan dynamicegress VLAN 1 is enabled V...

Page 603: ... receiving a tagged frame to the VLAN egress list of the port according to the frame VLAN ID set vlan dynamicegress vlan list enable disable Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to enable the dynamic egress function on VLAN 7 vlan list Specifies the number of the VLAN s where dynamic egress will be enabled or di...

Page 604: ... and described in the associated sections as shown This example assumes the management station is attached to fe 1 1 and wants untagged frames The process described in this section would be repeated on every device that is connected in the network to ensure that each device has a secure management VLAN NOTES By default at device startup there is one VLAN configured on the Matrix Series device It i...

Page 605: ...s transmitted out GVRP configured ports on the device in a GARP formatted frame using the GVRP multicast MAC address A switch router that receives this frame examines the frame and extracts the VLAN IDs GVRP then creates the VLANs and adds the receiving port to its tagged member list for the extracted VLAN ID s The information is then transmitted out the other GVRP configured ports of the device F...

Page 606: ...r of VLAN Blue Port declaring VLAN Blue D R 3680_77 1 1 2 3 D R D Switch 1 1 R R 3 Switch 2 1 2 D R D 2 1 4 6 8 10 12 14 16 3 5 7 9 11 13 15 18 17 20 22 24 26 28 30 32 19 21 23 25 27 29 31 34 33 36 38 40 42 44 46 48 35 37 39 41 43 45 47 Reset Console PWR CPU 1H152 51 Switch 3 1 R 2 1 4 6 8 10 12 14 16 3 5 7 9 11 13 15 18 17 20 22 24 26 28 30 32 19 21 23 25 27 29 31 34 33 36 38 40 42 44 46 48 35 37...

Page 607: ...de 7 35 Commands The commands used to configure GVRP are listed below and described in the associated section as shown show gvrp Section 7 3 6 1 show garp timer Section 7 3 6 2 set gvrp Section 7 3 6 3 clear gvrp Section 7 3 6 4 set garp timer Section 7 3 6 5 clear garp timer Section 7 3 6 6 ...

Page 608: ...ple shows how to display GVRP status for the device and for Fast Ethernet port 1 in port group 2 Table 7 4 provides an explanation of the command output port string Optional Displays GVRP configuration information for specific port s For a detailed description of possible port string values refer to Section 4 1 1 Matrix rw show gvrp fe 2 1 Global GVRP status is enabled Port Number GVRP status Last...

Page 609: ...g GVRP Matrix NSA Series Configuration Guide 7 37 GVRP status Whether GVRP is enabled or disabled on the port Last PDU Origin MAC address of the last GVRP frame received on the port Table 7 4 show gvrp Output Details Continued Output What It Displays ...

Page 610: ... be displayed for all ports Command Type Switch command Command Mode Read Only Example This example shows how to display GARP timer information on Fast Ethernet ports 1 through 10 in port group 1 port string Optional Displays GARP timer information for specific port s For a detailed description of possible port string values refer to Section 4 1 1 NOTE For a functional description of the terms joi...

Page 611: ... show garp timer fe 1 1 10 Port based GARP Configuration Timer units are centiseconds Port Number Join Leave Leaveall fe 1 1 20 60 1000 fe 1 2 20 60 1000 fe 1 3 20 60 1000 fe 1 4 20 60 1000 fe 1 5 20 60 1000 fe 1 6 20 60 1000 fe 1 7 20 60 1000 fe 1 8 20 60 1000 fe 1 9 20 60 1000 fe 1 10 20 60 1000 Table 7 5 show gvrp configuration Output Details Output What It Displays Port Number Port designation...

Page 612: ...orts Command Type Switch command Command Mode Read Write Examples This example shows how to enable GVRP globally on the device This example shows how to disable GVRP globally on the device This example shows how to enable GVRP on Fast Ethernet port 3 in port group 1 disable enable Disables or enables GVRP on the device port string Optional Disables or enables GVRP on specific port s For a detailed...

Page 613: ...ng Syntax Description Command Defaults If port string is not specified GVRP status will be cleared for all ports Command Type Switch command Command Mode Read Write Examples This example shows how to clear GVRP status globally on the device port string Optional Clears GVRP status on specific port s For a detailed description of possible port string values refer to Section 4 1 1 Matrix rw clear gvr...

Page 614: ...leave timer value to 300 centiseconds for all ports NOTE The setting of these timers is critical and should only be changed by personnel familiar with the 802 1Q standards documentation which is not supplied with this device join timer value Sets the GARP join timer in centiseconds Refer to 802 1Q standard leave timer value Sets the GARP leave timer in centiseconds Refer to 802 1Q standard leaveal...

Page 615: ...ation Command Set Enabling Disabling GVRP Matrix NSA Series Configuration Guide 7 43 This example shows how to set the leaveall timer value to 20000 centiseconds for all ports Matrix rw set garp timer leaveall 20000 ...

Page 616: ... Type Switch command Command Mode Read Write Example This example shows how to reset the GARP leave timer to 60 centiseconds on Fast Ethernet port 5 in port group 2 join Optional Resets the join timer to 20 centiseconds leave Optional Resets the leave timer to 60 centiseconds leaveall Optional Resets the leaveall timer to 1000 centiseconds port string Specifies the port s on which to reset GARP ti...

Page 617: ...iltering policies configured for a particular VLAN or Class of Service CoS Assign or unassign ports to policy profiles so that only ports activated for a profile will be allowed to transmit frames accordingly Configure CoS to automatically assign policy based inbound rate limiters and transmit queues Set the status of dynamically assigned policy profiles NOTE It is recommended that you use Enteras...

Page 618: ...SSIFICATION CONFIGURATION COMMAND SET 8 3 1 Configuring Policy Profiles Purpose To review create change and remove policy profiles for managing network resources Commands The commands used to review and configure policy profiles are listed below and described in the associated section as shown show policy profile Section 8 3 1 1 set policy profile Section 8 3 1 2 clear policy profile Section 8 3 1...

Page 619: ...ofiles Matrix NSA Series Configuration Guide 8 3 show policy syslog Section 8 3 1 11 set policy syslog Section 8 3 1 12 clear policy syslog Section 8 3 1 13 set policy maptable Section 8 3 1 14 show policy maptable Section 8 3 1 15 clear policy maptable Section 8 3 1 16 ...

Page 620: ...ly Example This example shows how to display policy information for policy profile 11 all profile index Displays policy information for all profile indexes or a specific profile index consecutive pids Optional Displays information for specified consecutive profile indexes verbose Optional Displays detailed information Matrix rw show policy profile 11 Profile Index 11 Profile Name MacAuth1 Row Stat...

Page 621: ...d CoS Status Whether or not Class of Service override is enabled or disabled for this profile If all the classification rules associated with this profile are missed then this parameter if specified determines default behavior CoS The CoS priority value to assign to packets if CoS override is enabled Tagged Egress VLAN List VLAN s that ports to which the policy profile is assigned can use for tagg...

Page 622: ... determines default behavior pvid pvid Optional Specifies the PVID to assign to packets if PVID override is enabled and invoked as the default behavior cos status enable disable Optional Enables or disables Class of Service override for this policy profile If all the classification rules associated with this profile are missed then this parameter if specified determines default behavior cos cos Op...

Page 623: ...al Specifies that the port to which this policy profile is applied should be added to the egress list of the VLANs defined by untagged vlans Packets will be formatted as untagged append Optional Appends this policy profile setting to settings previously specified for this policy profile by the egress vlans forbidden vlans or untagged vlans parameters If append is not used previous VLAN settings ar...

Page 624: ...d to delete a policy profile entry clear policy profile profile index Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to delete policy profile 8 profile index Specifies the index number of the policy profile entry to be deleted Valid values are 1 to 1023 Matrix rw clear policy profile 8 ...

Page 625: ...efaults None Command Type Switch command Command Mode Read Only Example This example shows how to display invalid policy action and count information action count all Shows the action the device should take if asked to apply an invalid or unknown policy or the number of times the device has detected an invalid unknown policy or both action and count information Matrix rw show policy invalid all Cu...

Page 626: ...on default policy drop forward Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to assign a drop action to invalid policies default policy Instructs the device to ignore this result and search for the next policy assignment rule drop Instructs the device to block traffic forward Instructs the device to forward traffic as if...

Page 627: ... command to reset the action the device will apply to an invalid or unknown policy to the default action of applying the default policy clear policy invalid action Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to reset the invalid policy action Matrix rw clear policy invalid action ...

Page 628: ...N tag s TCI field It will also overwrite ingressing frames tagged to a port VLAN and policy assignment if a policy has not already been assigned set port tcioverwrite port string enable disable Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to enable TCI overwrite on port fe 1 3 port string Specifies port s on which to en...

Page 629: ...accounting Use this command to display the status of policy accounting show policy accounting Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Only Example This example shows how to display the status of policy accounting Matrix rw show policy accounting Accounting Enable control status is ENABLED ...

Page 630: ...nting which controls the collection of classification rule statistics This function is enabled by default set policy accounting enable disable Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to disable policy accounting enable disable Enables or disables the policy accounting function Matrix rw set policy accounting disabl...

Page 631: ...1 10 clear policy accounting Use this command to restore policy accounting to its default state of enabled clear policy accounting Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to re enable policy accounting Matrix rw clear policy accounting ...

Page 632: ...able or human readable show policy syslog machine readable Syntax Description Command Defaults None Command Type Switch command Command Mode Read Only Example This example shows how to display the device formatting of rule usage messages machine readable Show the control for device formatting of rule usage messages The format is either machine readable or human readable Matrix rw show policy syslo...

Page 633: ...Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to set the device formatting of rule usage messages as machine readable machine readable Set the formatting of rule usage messages The format is either machine readable or human readable enable disable enable Formats the rule usage messages so that they might be processed by a machine scripting backend...

Page 634: ...able clear policy syslog machine readable Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to clear the machine readable formatting of rule usage messages to the default setting of human readable machine readable Clear the machine readable formatting of rule usage messages to its default which is human readable disabled Mat...

Page 635: ...Read Write Example This example shows how to set the Policy Profile mappings table for VLAN 3 and for Policy ID 8 This example shows how to use both tunnel and policy attributes in the RADIUS response for the Policy Profile mappings vlan list VLAN ID or range of IDs 1 to 4094 profile index Policy ID 1 to 1023 response tunnel policy both Indicates which attributes to use from RADIUS response tunnel...

Page 636: ...cy maptable vlan list Syntax Description Command Defaults None Command Type Switch command Command Mode Read Example This example shows the Policy Profile mappings table for all configured VLANs vlan list VLAN ID or range of IDs 1 to 4094 Matrix rw show policy maptable Policy map response policy Policy map last change 0 days 0 00 00 00 Policy Mappings VLAN ID Policy Profile 1 22 Engineering User 2...

Page 637: ... clear the VLAN ID Policy Profile mappings table clear policy maptable vlan list response Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example clears the Policy Profile mappings table vlan list VLAN ID or range of IDs 1 to 4094 response Applied the filter id attribute Matrix rw clear policy maptable response ...

Page 638: ... rules assign policy profiles to incoming traffic Commands The commands used to review assign and unassign classification rules to policy profiles and ports are listed below and described in the associated section as shown show policy rule Section 8 3 2 1 show policy capability Section 8 3 2 2 set policy classify set policy rule Section 8 3 2 4 clear policy rule Section 8 3 2 5 clear policy all ru...

Page 639: ...ription attribute Displays the attributes of the specified rules all admin profile profile index Displays all admin and classification rules rules for the admin profile or for a specific profile index number Valid index values are 1 1023 ether Displays Ethernet type II rules ipdest Displays IP destination address rules ipfrag Displays IP fragmentation rules ipproto Displays IP protocol field in IP...

Page 640: ...cific data mask Refer to Table 8 3 for valid values for each classification type and data value port string port string Optional Displays rules related to a specific ingress port rule status active not in service not ready Optional Displays rules related to a specific rules status storage type non volatile volatile Optional Displays rules configured for either non volatile or volatile storage vlan...

Page 641: ... 33011 0x80F3 16 All A NV Y Y 105 2 Ether 33079 0x8137 16 All A NV Y Y 101 Matrix rw show policy rule admin pid 1 Admin Rule Type Rule Data Mk PortStr RS ST S T D dPID aPID U admin Port fe 1 1 16 fe 1 1 A NV 1 admin Port fe 1 2 16 fe 1 2 A NV 1 admin Port fe 1 3 16 fe 1 3 A NV 1 admin Port fe 1 4 16 fe 1 4 A NV 1 admin Port fe 1 5 16 fe 1 5 A NV 1 admin Port fe 1 6 16 fe 1 6 A NV 1 Table 8 2 show ...

Page 642: ...t in service or not ready ST Whether or not this rule s storage type is non volatile NV or volatile V Vlan VLAN ID to which this rule applies and whether or not matching packets will be dropped or forwarded CoS Class of Service value to which this rule applies dPID Whether or not this is a dynamic profile ID aPID Whether or not this is an administrative profile index ID Table 8 2 show policy rule ...

Page 643: ...ffic attributes The next two columns from the left indicate how policy profiles may be assigned either administratively or dynamically The next four columns from the left indicate the actions that may be performed The last three columns indicate auditing options An x in an action column for a traffic attribute row indicates that your system has the capability to perform that action for traffic cla...

Page 644: ...ess X X X X X X X X X IPX destination address X X X X X X X X X IPX source socket X X X X X X X X X IPX destination socket X X X X X X X X X IPX transmission control X X X X X X X X X IPX type field X X X X X X X X X IPv6 source address IPv6 destination address IPv6 flow label IP source address X X X X X X X X X IP destination address X X X X X X X X X IP fragmentation X X X X X X X X X UDP port s...

Page 645: ...bled when created profile index Specifies that this is an administrative rule or associates this classification rule with a policy profile index configured with the set policy profile command Section 8 3 1 2 Valid profile index values are 1 1023 classify index Policy Classification Index 1 65535 vlan Specifies Vlan Classification Rule cos Specifies Class Of Service Classification Rule classify val...

Page 646: ...able a VLAN classification rule to policy 2 classification 65 to drop packets from a source IP address of 172 16 1 2 tcpportsource TCP port source 0 65535 tcpportdest TCP port destination 0 65535 macsource Classifies based on MAC source address macdest Classifies based on MAC destination address ipfrag Classifies based on IP fragmentation value port Classifies based on port string class data val D...

Page 647: ... that this is an administrative rule or associates this classification rule with a policy profile index configured with the set policy profile command Section 8 3 1 2 Valid profile index values are 1 1023 NOTE Admin profiles can be assigned to a specific ingress port by specifying port string and admin pid values as described below ether Classifies based on type field in Ethernet II packet ipdest ...

Page 648: ...on type and data value port string port string Optional If admin profile is specified applies this administratively assigned rule to a specific ingress port NOTE Matrix Series devices with firmware versions 3 00 xx and higher also support this alternative command to administratively assign a profile rule to a port set policy port port string admin id storage type non volatile volatile Adds or remo...

Page 649: ...ce port 45 will be filtered to VLAN 7 This example shows how to configure classification rule 2 as an administrative profile and assign it to ingress port fe 1 1 Table 8 3 provides the set policy rule data values that can be entered for a particular classification type and the mask bits that can be entered for each classifier associated with that parameter hen there Matrix rw set policy rule 1 eth...

Page 650: ...AP CTRL field in llc a b c ab 1 40 Destination or Source MAC macdest macsource MAC Address 00 00 00 00 00 00 1 48 port Port string Eg fe 1 1 1 16 Destination or Source TCP port tcpdestport tcpsourceport TCP Port Number ab 0 65535 1 1 1 1 or 0 0xFFFF 1 1 1 1 1 48 Destination or Source UDP port udpsourceport udpdestport UDP Port Number ab 0 65535 1 1 1 1 or 0 0xFFFF 1 1 1 1 1 48 Table 8 3 Valid Valu...

Page 651: ...pecified policy profile index ID ether Deletes associated Ethernet II classification rule ipdest Deletes associated IP destination classification rule ipfrag Deletes associated IP fragmentation classification rule ipproto Deletes associated IP protocol classification rule ipsource Deletes associated IP source classification rule iptos Deletes associated IP Type of Service classification rule llcDs...

Page 652: ...o delete all classification rule entries associated with policy profile 1 from all ports all traffic entries data Optional Deletes all entries associated with this traffic rule or a specific data value entry Refer to Table 8 3 for valid values for each classification type mask mask Optional Deletes associated data mask Refer to Table 8 3 for valid values for each classification type and data value...

Page 653: ... 8 37 8 3 2 6 clear policy all rules Use this command to remove all admin and classification rules clear policy all rules Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to remove all administrative and classification rules Matrix rw clear policy all rules ...

Page 654: ...ple This example shows how to assign an administrative rule with an index of 20 to port fe 1 3 NOTE The set policy rule command Section 8 3 2 4 used with the admin profile parameter will associate a classification rule with a policy profile index number thus making an administrative rule port name Specifies the port s on which to set assign an administrative rule For a detailed description of poss...

Page 655: ...t of currently supported traffic rules applied to the admininstrative profile for one or more ports show policy allowed type port string verbose Syntax Description Command Defaults If verbose is not specified summary information will be displayed Command Type Switch command Command Mode Read Only port string Specifies port s for which to display traffic rules verbose Optional Displays detailed inf...

Page 656: ...LLOWED TRAFFIC RULE TYPES o Means Traffic Rule Type is supported on this bridge port Means Traffic Rule Type is supported and allowed on this bridge port TRAFFIC RULE TYPES MAC IPX IPv6 IP UDP TCP IP S D E S S T F F I T N V P S D S D O O C Y S D L S D R S D S D C T T Y E L L T O R S R S C C O P R S O C S A R S R S M T O P T L A C R C T C T K K S E C T W R T G C T C T P L S E 2 C N I T 1 1 1 1 1 1 ...

Page 657: ...ype 1 source MAC address classification to be applied to the admin profile for port ge 1 5 This example shows how to clear only rule type 27 VLAN classification from the allowed rule type list on port ge 1 5 Any other allowed rule types on the port will still remain assigned to that port port string Specifies port s on which to apply traffic rules traffic rule rule list Specifies traffic rules to ...

Page 658: ...y assigned to the admin profile for one or more ports This will reassign the default setting which is all rules are allowed clear policy allowed type port string Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to clear the allowed rule list from port ge 1 5 port string Specifies port s on which to clear traffic rules Matri...

Page 659: ...rule port hit indications on one or more ports clear policy port hit all port list port list Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to clear rule port hit indications on all ports all port list port list Clears port hit indications on all ports or on one or more specified ports Matrix rw clear policy port hit all ...

Page 660: ...s and transmit queues as described in this section Configuring transmit queueing and rate limiting on a per port basis as described in Chapter 9 By defult policy based CoS is disabled on the device and default or user assigned port based 802 1D 802 1p settings are used to determine transmit queues and traffic rate limiting When policy based CoS is enabled the default and user assigned settings wil...

Page 661: ... 3 2 show cos port type Section 8 3 3 3 CoS CLI Displays on Matrix DFE Gold or NSA Systems Some of the CLI output in this section shows examples of CoS configurations on a Matrix DFE Platinum chassis based system If you are using a Matrix DFE Gold or Matrix NSA standalone system port designations and other output may be different Table 8 4 Configuring User Defined CoS To do this Use these commands...

Page 662: ... 10 set cos port resource irl Section 8 3 3 11 clear cos port resource irl Section 8 3 3 12 set cos port resource txq Section 8 3 3 13 clear cos port resource txq Section 8 3 3 14 show cos reference Section 8 3 3 15 set cos reference irl Section 8 3 3 16 clear cos reference irl Section 8 3 3 17 set cos reference txq Section 8 3 3 18 clear cos reference txq Section 8 3 3 19 show cos settings Sectio...

Page 663: ... 3 3 1 show cos state Use this command to display the Class of Service enable state show cos state Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Only Example This example shows how to show the Class of Service enable state Matrix rw show cos state Class of Service application is enabled ...

Page 664: ...3 2 set cos state Use this command to enable or disable Class of Service set cos state enable disable Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to enable Class of Service enable disable Enables or disables Class of Servic e Matrix rw set cos state enable ...

Page 665: ... available only on Matrix DFE Platinum Series chassis based modules designates the DFE Platinum 7G4270 12 module Port type 1 designates all other modules including Gold DFE and NSA modules Other port groupings can be configured using the commands in this section show cos port type irl txq index list Syntax Description Command Defaults If not specified all rate limiting information for all port typ...

Page 666: ...r second Mbps megabits per second Gbps gigabits per second Tbps terabits per second Number of slices Port type Number of Supported Eligible Unselected Index description queues rate type ports ports 0 DFE P 16Q 64 16 perc ge 1 1 12 ge 1 1 12 Kbps Mbps Gbps 1 DFE P 4Q 32 4 perc ge 2 1 30 ge 2 1 30 Kbps ge 3 1 30 ge 3 1 30 Mbps ge 4 1 30 ge 4 1 30 Gbps fe 6 1 48 fe 6 1 48 ge 6 1 6 ge 6 1 6 fe 7 1 72 ...

Page 667: ... DFE P or DFE G 8 IRL for port type 1 IRL Number of slices Number of queues The total number of slices of transmit resources that can be divided among port queues and the total number of queues available Default port type 0 the Matrix Platinum Series 7G4270 12 module allows 64 slices for 16 queues Default port type 1 all other modules allows 32 slices for 4 queues Number of limiters Maximum number...

Page 668: ...nits of measure will be displayed Command Type Switch command Command Mode Read Only Example This example shows how to show all Class of Service IRL unit of measure information irl txq Optional Displays inbound rate limiting or transmit queue information port type index Optional Displays information for a specific port type percentage kbps mbps gbps Displays the unit of measure as percentage of to...

Page 669: ...te limiting information for all port types will be displayed Command Type Switch command Command Mode Read Only irl txq Optional Displays inbound rate limiting or transmit queue information group type index Optional Displays information for a specific port group type index Valid entries are in the form of group type Group can be 0 7 with 0 designating the default group and 1 7 reserved for user de...

Page 670: ...0 0 Q 1 0 Q 2 0 Q 3 0 Q 4 0 Q 5 0 Q 6 0 Q 7 0 Q 8 0 Q 9 0 Q 10 0 Q 11 0 Q 12 0 Q 13 0 Q 14 0 Q 15 64 Percentage queue Q 0 0 Q 1 0 Q 2 0 Q 3 0 Q 4 0 Q 5 0 Q 6 0 Q 7 0 Q 8 0 Q 9 0 Q 10 0 Q 11 0 Q 12 0 Q 13 0 Q 14 0 Q 15 100 Port Group Name DFE P 4Q Port Group 0 Port Type 1 Assigned Ports ge 2 1 30 ge 3 1 30 ge 4 1 30 fe 6 1 48 ge 6 1 6 fe 7 1 72 Arbiter Mode Strict Slices queue Q 0 0 Q 1 0 Q 2 0 Q 3...

Page 671: ...witch command Command Mode Read Write Example This example shows how to create a CoS inbound rate limiting port group entry named test irl with a port group ID of 1 and a port type ID of 1 group type index Specifies an inbound rate limiting port group type index for this entry Valid entries are in the form of group type Group can be 0 7 with 0 designating the default group and 1 7 reserved for use...

Page 672: ...index entry name ports Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to delete the CoS inbound rate limiting port group entry 1 1 all group type index Clears all inbound rate limiting non default configurations or those for a specific user defined port group index entry name ports Deletes a specific entry or name or clea...

Page 673: ...e appended to the specified port grouping If arb slice or arb percentage values are not specified default allocations will be applied Command Type Switch command Command Mode Read Write group type index Specifies a transmit queue port group type index for this entry Valid entries are in the form of group type Group can be 0 7 with 0 designating the default group and 1 7 reserved for user defined g...

Page 674: ...licy Class of Service CoS 8 58 Matrix NSA Series Configuration Guide Example This example shows how to create a CoS transmit queue port group entry named test txq with a port group ID of 2 and a port type ID of 1 Matrix rw set cos port config txq 2 1 name test txq ...

Page 675: ... type index entry name ports Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to clear all non default CoS transmit queue port group entries all group type index Clears all transmit queue port config entries or a specific entry entry Clears all non default transmit queue entries name Clears the name associated with this tra...

Page 676: ...ors Syntax Description Command Defaults If no options are specified all rate limiting information for all port types will be displayed Command Type Switch command Command Mode Read Only irl txq Optional Displays inbound rate limiting or transmit queue information group type index Optional Displays information for a specific port group type entry resource Optional Displays rate limiters or transmit...

Page 677: ... information for port group 0 1 Matrix rw show cos port resource irl 0 1 after the rate value indicates an invalid rate value Group Index Resource Type Unit Rate Rate Limit Type Action 0 1 0 irl perc none drop none 0 1 1 irl perc none drop none 0 1 2 irl perc none drop none 0 1 3 irl perc none drop none 0 1 4 irl perc none drop none 0 1 5 irl perc none drop none 0 1 6 irl perc none drop none 0 1 7...

Page 678: ...of group type Group can be 0 7 with 0 designating the default group and 1 7 reserved for user defined groups Default port type values cannot be changed and are 0 for the Matrix DFE Platinum 7G4270 12 module and 1 for all other modules irl number Specifies an inbound rate limiter ID to be associated with this entry unit percentage kbps mbps gbps Specifies the unit of measure as percentage of total ...

Page 679: ...and Command Mode Read Write Example This example shows how to configure Class of Service port resource IRL entry 0 for port group 0 1 assigning an inbound rate limit of 512 kilobits per second This entry will trigger a Syslog and an SNMP trap message if this rate is exceeded Matrix rw set cos port resource irl 0 1 0 unit kbps 512 syslog enable trap enable ...

Page 680: ...te limiter Command Type Switch command Command Mode Read Write Example This example shows how to clear all inbound rate limiting settings associated with port group 0 1 resource entry 0 all group type index Clears all inbound rate limiting port resource entries or a specific entry resource Specifies a resource entry to be cleared unit Optional Clears the unit of measure setting rate Optional Clear...

Page 681: ...dex Specifies a transmit queue port group type index for this entry Valid entries are in the form of group type Group can be 0 7 with 0 designating the default group and 1 7 reserved for user defined groups Default port type values cannot be changed and are 0 for the Matrix DFE Platinum 7G4270 12 module and 1 for all other modules transmit queue Specifies a transmit queue to be associated with thi...

Page 682: ... 8 66 Matrix NSA Series Configuration Guide Example This example shows how to configure a Class of Service port resource entry for port group 0 1 assigning 50 percent of the total available inbound bandwidth to transmit queue 7 Matrix rw set cos port resource txq 0 1 7 unit percentage 50 ...

Page 683: ...options are specified all associated non default settings will be cleared Command Type Switch command Command Mode Read Write Example This example shows how to clear all port resource settings associated with Class of Service transmit queue 1 in port group 0 1 all group type index Clears all transmit queue port resource entries or a specific entry resource Specifies a resource entry to be cleared ...

Page 684: ...q irl group type index reference Syntax Description Command Defaults If no options are specified all reference information for all port types will be displayed Command Type Switch command Command Mode Read Only irl txq Optional Displays inbound rate limiting or transmit queue reference information group type index Optional Displays information for a specific port group type entry reference Optiona...

Page 685: ...ws how to show all transmit queue reference configuration information for port group 0 1 Matrix rw show cos reference txq 0 1 Group Index Reference Type Queue 0 1 0 txq 0 0 1 1 txq 0 0 1 2 txq 0 0 1 3 txq 0 0 1 4 txq 1 0 1 5 txq 1 0 1 6 txq 1 0 1 7 txq 1 0 1 8 txq 2 0 1 9 txq 2 0 1 10 txq 2 0 1 11 txq 2 0 1 12 txq 3 0 1 13 txq 3 0 1 14 txq 3 0 1 15 txq 3 ...

Page 686: ...nd rate limiting reference entry 0 for port group 0 1 referencing resources defined by IRL resource entry 0 group type index Specifies an inbound rate limiting port group type index for this entry Valid entries are in the form of group type Group can be 0 7 with 0 designating the default group and 1 7 reserved for user defined groups Default port type values cannot be changed and are 0 for the Mat...

Page 687: ...ions clear cos reference irl all group type index reference Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to clear all Class of Service inbound rate limiting reference entries all group type index Clears all non default inbound rate limiting reference entries or a specific entry reference Specifies a reference number of ...

Page 688: ... inbound rate limiting reference entry 0 for port group 0 1 referencing resources defined by TXQ resource entry 0 group type index Specifies a transmit queue port group type index for this entry Valid entries are in the form of group type Group can be 0 7 with 0 designating the default group and 1 7 reserved for user defined groups Default port type values cannot be changed and are 0 for the Matri...

Page 689: ...configurations clear cos reference txq all group type index reference Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to clear all Class of Service transmit queue reference entries all group type index Clears all non default transmit queue reference entries or a specific entry reference Specifies a reference number of the ...

Page 690: ...settings cos list Syntax Description Command Defaults If not specified all CoS entries will be displayed Command Type Switch command Command Mode Read Only Example This example shows how to show all CoS settings cos list Optional Specifies a Class of Service entry to display Matrix rw show cos settings Means attribute has not been configured CoS Index Priority ToS TxQ IRL 0 0 0 1 1 2 2 2 4 3 3 6 4...

Page 691: ...mple shows how to create CoS entry 2 with a priority value of 3 and bind it to transmit queue reference ID 5 cos list Specifies a Class of Service entry Valid values are 0 255 priority priority Optional Specifies a CoS priority value Valid values are 0 7 with 0 being the lowest priority tos value tos value Optional Specifies a Type of Service value with mask in the format of 0 255 0 255 or 0 0xFF ...

Page 692: ...d Mode Read Write Example This example shows how to clear the priority and transmit queue reference values for CoS entry 2 cos list Specifies a Class of Service entry to clear all Clears all settings associated with this entry priority Clears the priority value associated with this entry tos value Clears the Type of Service value associated with this entry txq reference Clears the transmit queue r...

Page 693: ...cription Command Defaults If no options are specified all inbound rate limiting violation information will be displayed Command Type Switch command Command Mode Read Only Example This example shows how to show any CoS inbound rate limiting violations violation index Optional Displays information for a specific violation index Valid entries are in the form of port list irl list or for all entries M...

Page 694: ...specified all information for all types of CoS violations will be displayed Command Type Switch command Command Mode Read Write Example This example shows how to clear both status and counters from all CoS inbound rate limiting violation entries all Clears all inbound rate limiting violation entries disabled ports Clears the list of ports that are disabled because of violating an inbound rate limi...

Page 695: ...os all entries Use this command to clears all Class of Service entries except priority settings 0 7 clear cos all entries Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to clear all Class of Service entries except priority settings 0 7 Matrix rw clear cos all entries ...

Page 696: ...Policy Classification Configuration Command Set Configuring Policy Class of Service CoS 8 80 Matrix NSA Series Configuration Guide ...

Page 697: ...es 0 15 of traffic for each port A priority 0 through 7 can be set on each port with 0 being the lowest priority A port receiving a frame without priority information in its tag header is assigned a priority according to the default priority setting on the port For example if the priority of a port is set to 4 the frames received through that port without a priority indicated in their tag header a...

Page 698: ... or change the port default Class of Service CoS transmit priority 0 through 7 of each port for frames that are received ingress without priority information in their tag header Display the current traffic class mapping to priority of each port Set each port to transmit frames according to 802 1D 802 1p priority transmit queues set in the frame header Commands The commands to configure port priori...

Page 699: ...f port string is not specified priority for all ports will be displayed Command Type Switch command Command Mode Read Only Example This example shows how to display the port priority for the fe 2 1 through 5 port string Optional Displays priority information for a specific port For a detailed description of possible port string values refer to Section 4 1 1 Matrix rw show port priority fe 2 1 5 fe...

Page 700: ... Switch command Command Mode Read Write Example This example shows how to set a default priority of 6 on fe 1 3 Frames received by this port without priority information in their frame header are set to the default setting of 6 NOTES For information on how to configure protocol based policy classification to a Class of Service including how to configure a CoS policy to override port transmit queue...

Page 701: ...es received without a priority value in its header to be set to priority 0 clear port priority port string Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to reset fe 1 11 to the default priority port string Specifies the port for which to clear priority For a detailed description of possible port string values refer to Se...

Page 702: ...rames according to the port priority transmit queues set using the set port priority command described back in Section 9 3 1 2 or according to a priority based on a percentage of port transmission capacity set using the set priority queue command described in Section 9 3 2 2 Clear current port priority queue settings for one or more ports Commands The commands used in configuring transmit priority...

Page 703: ...ueue priority Syntax Description Command Defaults If priority is not specified all priority queue information will be displayed Command Type Switch command Command Mode Read Only Examples This example shows how to display priority queue information for fe 1 7 In this case the frames shown with a priority of 0 or 3 are transmitted according to the transmit priority queue of 1 the second lowest tran...

Page 704: ...ority to Transmit Queue Mapping 9 8 Matrix NSA Series Configuration Guide This example shows how to display the transmit queues associated with priority 3 Matrix rw show port priority queue 3 fe 1 7 Priority TxQueue 3 1 fe 1 8 Priority TxQueue 3 1 fe 1 9 Priority TxQueue 3 1 ...

Page 705: ... 0 set port priority queue port string priority queue Syntax Description Command Defaults None Command Mode Read Write Example This example shows how to set priority 5 frames received on fe 2 12 to transmit at the lowest priority queue of 0 port string Specifies the port s for which to set priority queue For a detailed description of possible port string values refer to Section 4 1 1 priority Spec...

Page 706: ...back to defaults for one or more ports clear port priority queue port string Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to clear the priority queue settings on fe 2 12 port string Specifies the port for which to clear priority queue For a detailed description of possible port string values refer to Section 4 1 1 Matri...

Page 707: ... Rate limit is configured for a given port and list of priorities The list of priorities can include one some or all of the eight 802 1p priority levels Once configured the rate of all traffic entering or leaving the port with the priorities configured to that port is not allowed to exceed the programmed limit If the rate exceeds the programmed limit frames are dropped until the rate falls below t...

Page 708: ...r fe 2 1 port string Optional Displays rate limiting information for specific port s For a detailed description of possible port string values refer to Section 4 1 1 Matrix rw show port ratelimit fe 2 1 Global Ratelimiting status is disabled Port Threshold Priority Number Index kB s Action Direction List Status fe 2 1 1 discard inbound 0 disabled fe 2 1 2 discard inbound 0 disabled fe 2 1 3 discar...

Page 709: ...t Details Output What It Displays Port Number Port designation For a detailed description of possible port string values refer to Section 4 1 1 Index Resource index for this port Threshold kB s Port rate limiting threshold in kilobytes per second Action Whether or not frames not conforming to rate limiting will be discarded Direction Priority List 802 1D 802 1p port priority level Status Whether o...

Page 710: ...ring globally disables or enables the port rate limiting function When entered with a port string disables or enables rate limiting on specific port s when the global function is enabled port string Specifies a port on which to set the rate limiting threshold and other parameters For a detailed description of possible port string values refer to Section 4 1 1 priority Specifies the 802 1D 802 1p p...

Page 711: ...es Configuration Guide 9 15 Command Mode Read Write Example This example shows how to globally enable rate limiting configure rate limiting for inbound traffic on port fe 2 1 index 1 priority 5 to a threshold of 125 KBps Matrix rw set port ratelimit enable Matrix rw set port ratelimit fe 2 1 5 125 enable inbound ...

Page 712: ...index Syntax Description Command Defaults If not specified all index entries will be reset Command Type Switch command Command Mode Read Write Example This example shows how to clear all rate limiting parameters on port fe 2 1 port string Specifies the port s on which to clear rate limiting For a detailed description of possible port string values refer to Section 4 1 1 index Optional Specifies th...

Page 713: ...can determine which if any multicast traffic needs to be forwarded to each of its ports At Layer 3 multicast switch devices use this information along with a multicast routing protocol to support IP multicasting across the Internet IGMP provides the final step in an IP multicast packet delivery service since it is only concerned with forwarding multicast traffic from the local switch device to gro...

Page 714: ...casts its service to the network and any hosts that want to receive the multicast register with their local multicast switch router Although this approach reduces the network overhead required by a multicast server the broadcast traffic must be carefully pruned at every multicast switch router it passes through to ensure that traffic is only passed to the hosts that subscribed to this service The ...

Page 715: ...Enabling Disabling IGMP Purpose To display IGMP information and to enable or disable IGMP snooping on the device Commands The commands used to display enable and disable IGMP are listed below and described in the associated sections as shown show igmp enable Section 10 4 1 1 set igmp enable Section 10 4 1 2 set igmp disable Section 10 4 1 3 ...

Page 716: ...us of IGMP on one or more VLAN s show igmp enable vlan list Syntax Description Command Defaults None Command Type Switch command Command Mode Read Only Example This example shows how to display the IGMP status for VLAN 104 vlan list Specifies the VLAN s for which to display IGMP status Matrix rw show igmp enable 104 IGMP Default State for vlan 104 is Disabled ...

Page 717: ...able Use this command to enable IGMP on one or more VLANs set igmp enable vlan list Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to enable IGMP on VLAN 104 vlan list Specifies the VLAN s on which to enable IGMP Matrix rw set igmp enable 104 ...

Page 718: ...ble Use this command to disable IGMP on one or more VLANs set igmp enable vlan list Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to disable IGMP on VLAN 104 vlan list Specifies the VLAN s on which to enable IGMP Matrix rw set igmp disable 104 ...

Page 719: ...mp query disable Section 10 4 2 3 show igmp grp full action Section 10 4 2 4 set igmp grp full action Section 10 4 2 5 show igmp config Section 10 4 2 6 set igmp config Section 10 4 2 7 set igmp delete Section 10 4 2 8 show igmp groups Section 10 4 2 9 show igmp static Section 10 4 2 10 set igmp add static Section 10 4 2 11 set igmp remove static Section 10 4 2 12 show igmp protocols Section 10 4 ...

Page 720: ...ery status of one or more VLANs show igmp query vlan list Syntax Description Command Defaults None Command Type Switch command Command Mode Read Only Example This example shows how to display the IGMP query state for VLAN 1 vlan list Specifies the VLAN s for which to display IGMP query state Matrix rw show igmp query 1 IGMP querying on vlan 1 is Disabled ...

Page 721: ...d to enable IGMP querying on one or more VLANs set igmp query enable vlan list Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to enable IGMP querying on VLAN 104 vlan list Specifies the VLAN s on which to enable IGMP querying Matrix rw set igmp query enable 104 ...

Page 722: ... to disable IGMP querying on one or more VLANs set igmp query disable vlan list Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to disable IGMP querying on VLAN 104 vlan list Specifies the VLAN s on which to disable IGMP querying Matrix rw set igmp query disable 104 ...

Page 723: ...on to take with multicast frames when the multicast IGMP group table is full show igmp grp full action Command Defaults None Command Type Switch command Command Mode Read Only Example This example shows how to display the action taken for multicast frames when the IGMP group table is full Matrix rw show igmp grp full action Group Table Full Action Flood to Vlan ...

Page 724: ... full action action Syntax Description Command Defaults Flood multicast frames to the Vlan Command Type Switch command Command Mode Read Write Example This example shows how to flood multicast frames to the VLAN when the multicast group table is full action Specifies the action to take when the multicast Group Table is full The options are 1 send multicast frames to Routers 2 flood multicast frame...

Page 725: ...e shows how to display IGMP configuration information for VLAN 1 Table 10 1 shows a detailed explanation of command output For details on using the set igmp config command to set these parameters refer to Section 10 4 2 7 vlan list Specifies the VLAN s for which to display IGMP configuration information Matrix rw show igmp config 1 IGMP config for vlan 1 VlanQueryInterval 125 VlanStatus Active Vla...

Page 726: ... IGMP Version Whether or not IGMP version is 1 or 2 VlanQuerier IP address of the IGMP querier VlanQueryMaxResponse Time Maximum query response time in tenths of a second VlanRobustness Robustness value VlanLastMemberQueryIntvl Last member query interval This is the maximum response time inserted into group specific queries which are sent in response to Leave Group messages It is also the amount o...

Page 727: ... are from 1 to 65535 seconds This value works together with max resp time to remove ports from an IGMP group igmp version igmp version Optional Specifies the IGMP version Valid values are 1 IGMP V1 2 IGMP V2 max resp time max resp time Optional Specifies the maximum query response time Valid values are 1 to 25 seconds This value works together with query interval to remove ports from an IGMP group...

Page 728: ...tion Command Set Configuring IGMP 10 16 Matrix NSA Series Configuration Guide Example This example shows how to set the IGMP query interval time to 250 seconds on VLAN 1 Matrix rw set igmp config 1 query interval 250 ...

Page 729: ...nfiguration settings for one or more VLANs set igmp delete vlan list Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to remove IGMP configuration settings for VLAN 104 vlan list Specifies the VLAN s on which configuration settings will be cleared Matrix rw set igmp delete 104 ...

Page 730: ...ows how to display IGMP group information for VLAN 105 In this example the device knows to forward all multicast traffic for IP group address 224 0 0 2 VLAN 105 to Fast Ethernet port 2 in port group 2 and 1 Gigabit Ethernet port 14 in port group 3 group Group IP address Entering no IP address shows all groups vlan list Specifies the VLAN s for which to display IGMP group information sip Source IP ...

Page 731: ...MP information will be displayed for all groups Command Type Switch command Command Mode Read Only Example This example shows how to display static IGMP information for VLAN 105 The display is similar to the show igmp groups display vlan list Specifies the VLAN s for which to display static IGMP information group group Optional Displays information for a specific IGMP group IP address Matrix rw sh...

Page 732: ...mand Defaults If not specified the static entry will be created and not modified Command Type Switch command Command Mode Read Write Example This example shows how to add port fe 1 3 to the IGMP group at 224 0 2 VLAN 105 group Specifies a group IP address for the entry vlan list Specifies the VLAN s on which to configure the entry modify Adds new ports to an existing entry include ports Port or ra...

Page 733: ...d Defaults If not specified the static entry will be removed and not modified Command Type Switch command Command Mode Read Write Example This example shows how to remove port fe 1 3 from the IGMP group at 224 0 2 VLAN 105 group Specifies a group IP address for the entry vlan list Specifies the VLAN s on which to configure the entry modify Adds new ports to an existing entry include ports Port or ...

Page 734: ...d Defaults None Command Type Switch command Command Mode Read Only Example This example shows how to display the binding of IP protocol id to IGMP classification Matrix rw show igmp protocols Protocol Classifications Protocol Ids set to Mcast Data 17 Protocol Ids set to routing Protocol 3 7 9 42 43 45 47 48 85 86 88 89 91 92 100 103 112 Protocol Ids set to Ignore 0 4 6 10 16 18 41 44 46 49 84 87 9...

Page 735: ...ription Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to change IGMP routing protocols to a protocol id of 3 classification classification Specifies the classification Options are 1 multicast data 2 routing protocol 3 ignore protocol id protocol id The protocol ids to change 0 255 modify Add to existing classifications If not used protocol...

Page 736: ...ding of IP protocol id to IGMP classification clear igmp protocols protocol id protocol id Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to clear IGMP protocols for protocol id 3 protocol id protocol id The protocol ids to change 0 255 Matrix rw clear igmp protocols protocol id 3 ...

Page 737: ...mand Type Switch command Command Mode Read Only Example This example shows how to display igmp information for vlan 12 vlan vlan list Show IGMP info for the given VLAN Matrix rw show igmp vlan 12 IGMP Vlan 12 Info IGMP query state Enabled QueryInterval sec 125 Status Active IGMP Version 2 Querier 2 25 0 1 QueryMaxResponseTime sec 10 Robustness 2 LastMemberQueryIntvl sec 10 QuerierUpTime 4 D 23 H 8...

Page 738: ...GMP reporter information portlist portlist portlist Port or range of ports group group group group IP address none means show all groups vlan list vlan list vlan list VLAN ID or range of IDs 1 4094 sip sip sip source IP address none means show all sips Matrix rw show igmp reporters IGMP Reporters Port Group Address Vlan Source IP ExpireTime Sec Flags lag 0 2 224 0 0 251 1 Any 252 DYNAMIC lag 0 2 2...

Page 739: ...nd Type Switch command Command Mode Read Only Example This example shows how to display all the IGMP flow information portlist portlist portlist Port or range of ports group group group group IP address none means show all groups vlan list vlan list vlan list VLAN ID or range of IDs 1 4094 sip sip sip source IP address none means show all sips Matrix rw show igmp counters Multicast Flows Src Port ...

Page 740: ...ead Only Example This example shows how to display the IGMP counters Matrix rw show igmp counters Igmp Counters Igmp Group Table is Full false Igmp Version 1 Queries transmitted 0 Igmp Version 2 Queries transmitted 1016368 Igmp Version 3 Queries transmitted 0 Igmp Group Specific Queries transmitted 0 Igmp Queries received 776482 Igmp Version 1 Joins received 0 Igmp Version 2 Joins received 1024 Ig...

Page 741: ...both the currently active number of groups and the configured number that will take effect at the next reboot show igmp number groups Syntax Description None Command Defaults None Command Type Switch command Command Mode Read write Example This example shows how to display the number of multicast groups supported by the device Matrix rw show igmp number groups IGMP current max number of groups 409...

Page 742: ...IGMP Configuration Command Set Configuring IGMP 10 30 Matrix NSA Series Configuration Guide ...

Page 743: ...onitoring Network Events and Status Section 11 2 2 Configuring SMON Section 11 2 3 Configuring RMON Section 11 2 4 Managing Network Addresses and Routes Section 11 2 5 Configuring SNTP Section 11 2 6 Configuring Node Aliases Section 11 2 7 Configuring NetFlow Section 11 2 8 NOTE The commands in this section pertain to network management of the Matrix Series device from the switch CLI only For info...

Page 744: ...ibed in the associated section as shown show logging all Section 11 2 1 1 show logging server Section 11 2 1 2 set logging server Section 11 2 1 3 clear logging server Section 11 2 1 4 show logging default Section 11 2 1 5 set logging default Section 11 2 1 6 clear logging default Section 11 2 1 7 show logging application Section 11 2 1 8 set logging application Section 11 2 1 9 clear logging appl...

Page 745: ...gging Matrix NSA Series Configuration Guide 11 3 11 2 1 1 show logging all Use this command to display all configuration information for system logging show logging all Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Only ...

Page 746: ...1 8 90 SNMP 6 1 8 91 Webview 6 1 8 93 System 6 1 8 95 RtrFe 6 1 8 96 Trace 6 1 8 105 RtrLSNat 6 1 8 111 FlowLimt 6 1 8 112 UPN 6 1 8 117 AAA 6 1 8 118 Router 6 1 8 140 AddrNtfy 6 1 8 141 OSPF 6 1 8 142 VRRP 6 1 8 145 RtrArpProc 6 1 8 147 LACP 6 1 8 1 emergencies 2 alerts 3 critical 4 errors 5 warnings 6 notifications 7 information 8 debugging IP Address Facility Severity Description Port Status 1 ...

Page 747: ...Defaults Default facility name severity level and UDP port designation as described below For details on setting this value using the set logging defaults command refer to Section 11 2 1 6 IP Address Syslog server s IP address For details on setting this using the set logging server command refer to Section 11 2 1 3 Facility Syslog facility that will be encoded in messages sent to this server Vali...

Page 748: ...information will be displayed Command Type Switch command Command Mode Read Only Example This example shows how to display Syslog server configuration information For an explanation of the command output refer back to Table 11 1 index Optional Displays Syslog information pertaining to a specific server table entry Valid values are 1 8 Matrix rw show logging server IP Address Facility Severity Desc...

Page 749: ...acility Optional Specifies the server s facility name Valid values are local0 to local7 severity severity Optional Specifies the severity level at which the server will log messages Valid values and corresponding levels are 1 emergencies system is unusable 2 alerts immediate action required 3 critical conditions 4 error conditions 5 warning conditions 6 notifications significant conditions 7 infor...

Page 750: ...ned If not specified facility severity and port will be set to defaults configured with the set logging default command Section 11 2 1 6 If state is not specified the server will not be enabled or disabled Command Type Switch command Command Mode Read Write Example This command shows how to enable a Syslog server configuration for index 1 IP address 134 141 89 113 facility local4 severity level 3 ...

Page 751: ...rver from the Syslog server table clear logging server index Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This command shows how to remove the Syslog server with index 1 from the server table index Specifies the server table index number for the server to be removed Valid values are 1 8 Matrix rw clear logging server 1 ...

Page 752: ...he Syslog server default values show logging default Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Only Example This command shows how to display the Syslog server default values For an explanation of the command output refer back to Table 11 1 Matrix rw show logging default Facility Severity Port Defaults local4 warning 5 514 ...

Page 753: ...acility name to local2 and the severity level to 4 error logging facility facility Specifies the default facility name Valid values are local0 to local7 severity severity Specifies the default logging severity level Valid values and corresponding levels are 1 emergencies system is unusable 2 alerts immediate action required 3 critical conditions 4 error conditions 5 warning conditions 6 notificati...

Page 754: ...entered All three optional keywords must be entered to reset all logging values to defaults Command Type Switch command Command Mode Read Write Example This example shows how to reset the Syslog default severity level to 6 facility Optional Resets the default facility name to local4 severity Optional Resets the default logging severity level to 6 notifications of significant conditions port Option...

Page 755: ...pecified information for all applications will be displayed Command Type Switch command Command Mode Read Only mnemonic all Optional Displays severity level for one or all applications configured for logging Mnemonics will vary depending on the number and types of applications running on your system To display a complete list use the show logging application command as described in Section 11 2 1 ...

Page 756: ...n Application Current Severity Level Server List 88 RtrAcl 6 1 8 89 CLI 6 1 8 90 SNMP 6 1 8 91 Webview 6 1 8 93 System 6 1 8 95 RtrFe 6 1 8 96 Trace 6 1 8 105 RtrLSNat 6 1 8 111 FlowLimt 6 1 8 112 UPN 6 1 8 117 AAA 6 1 8 118 Router 6 1 8 140 AddrNtfy 6 1 8 141 OSPF 6 1 8 142 VRRP 6 1 8 145 RtrArpProc 6 1 8 147 LACP 6 1 8 1 emergencies 2 alerts 3 critical 4 errors 5 warnings 6 notifications 7 infor...

Page 757: ...ion of the textual description for applications being logged Current Severity Level Severity level at which the server is logging messages for the listed application This range from 1 to 8 and its associated severity list is shown in the CLI output For a description of these entries which are set using the set logging application command refer to Section 11 2 1 9 Server List Servers to which log m...

Page 758: ... command as described in Section 11 2 1 8 Sample values and their corresponding applications are listed in Table 11 3 all Sets the logging severity level for all applications level level Optional Specifies the severity level at which the server will log messages for applications Valid values and corresponding levels are 1 emergencies system is unusable 2 alerts immediate action required 3 critical...

Page 759: ...nting AddrNtfy Address Add and Move Notification CLI Command Line Interface FlowLimit Flow Limiting LACP Link Aggregation Control Protocol OSPF Open Shortest Path First Routing Protocol Router Router RtrAcl Router Access Control List RtrFE Router Forwarding Engine RtrArpProc Router Arp Process RtrLSNat Router Load Sharing Network Address Translation SNMP Simple Network Management Protocol System N...

Page 760: ...x NSA Series Configuration Guide Command Mode Read Write Example This example shows how to set the severity level for SSH Secure Shell to 4 so that error conditions will be logged for that application and sent to Syslog server 1 Matrix rw set logging application SSH level 4 server 1 ...

Page 761: ...ications of significant conditions clear logging application mnemonic all Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to reset the logging severity level for SSH mnemonic all Optional Resets the severity level for a specific application or for all applications Valid mnemonic values and their corresponding applications ...

Page 762: ...o the console and a persistent file show logging local Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Only Example This example shows how to display the state of message logging In this case logging to the console is enabled and logging to a persistent file is disabled Matrix rw show logging local Syslog Console Logging enabled Syslog File Logging disab...

Page 763: ...ocal console enable disable file enable disable Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This command shows how to enable logging to the console and disable logging to a persistent file console enable disable Enables or disables logging to the console file enable disable Enables or disables logging to a persistent file Matrix rw set loggi...

Page 764: ... 2 1 13 clear logging local Use this command to clear the console and persistent store logging for the local session clear logging local Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to clear local logging Matrix rw clear logging local ...

Page 765: ...and will be temporary if the current CLI session is using Telnet or SSH but persistent on the console set logging here enable disable Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This command shows how to enable the display of logging messages to the current CLI session enable disable Enables or disables display of logging messages for the cu...

Page 766: ...5 clear logging here Use this command to clear the logging state for the current CLI session clear logging here Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Write Example This command shows how to clear the logging state for the current CLI session Matrix rw clear logging here ...

Page 767: ... logging buffer Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Only Example This example shows a portion of the information displayed with the show logging buffer command Matrix rw show logging buffer 165 Sep 4 07 43 09 10 42 71 13 CLI 5 User rw logged in from 10 2 1 122 telnet 165 Sep 4 07 43 24 10 42 71 13 CLI 5 User debug failed login from 10 4 1 100...

Page 768: ...et the size of the history buffer and to display and disconnect current user sessions Commands Commands to monitor switch network events and status are listed below and described in the associated section as shown history Section 11 2 2 1 show history Section 11 2 2 2 set history Section 11 2 2 3 show netstat Section 11 2 2 4 ping Section 11 2 2 5 show users Section 11 2 2 6 tell Section 11 2 2 7 ...

Page 769: ...er includes all the switch commands entered up to a maximum of 50 as specified in the set history command Section 11 2 2 3 history Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Only Example This example shows how to display the contents of the command history buffer It shows there are five commands in the buffer Matrix rw history 1 hist 2 show gvrp 3 s...

Page 770: ...ide 11 2 2 2 show history Use this command to display the size in lines of the history buffer show history Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Only Example This example shows how to display the size of the history buffer Matrix rw show history History buffer size 20 ...

Page 771: ...n Command Defaults If default is not specified the history setting will not be persistent Command Type Switch command Command Mode Read Write Example This example shows how to set the size of the command history buffer to 3 lines and make this the default setting size Specifies the size of the history buffer in lines Valid values are 1 to 100 default Optional Makes this setting persist for all fut...

Page 772: ...tatistics for all the current active network connections icmp Optional Shows Internet Control Message Protocol ICMP statistics ip Optional Shows Internet Protocol IP statistics routes Optional Shows the IP routing table stats Optional Shows all statistics for TCP UDP IP and ICMP tcp Optional Shows Transmission Control Protocol TCP statistics udp Optional Shows User Datagram Protocol UDP statistics...

Page 773: ...etails Output What It Displays PCB Protocol Control Block designation Proto Type of protocol running on the connection Recv Q Number of queries received over the connection Send Q Number of queries sent over the connection Local Address IP address of the connection s local host Foreign Address IP address of the connection s foreign host state Communications mode of the connection listening learnin...

Page 774: ...d Command Mode Read Write Examples This example shows how to ping IP address 134 141 89 29 In this case this host is alive In this example the host at IP address is not responding s Optional Causes a continuous ping sending one datagram per second and printing one line of output for every response received until the user enters Ctrl C host Specifies the IP address of the device to which the ping w...

Page 775: ...141 89 29 icmp seq 6 time 0 ms 64 bytes from 134 141 89 29 icmp seq 7 time 0 ms 64 bytes from 134 141 89 29 icmp seq 8 time 0 ms 64 bytes from 134 141 89 29 icmp seq 9 time 0 ms 134 141 89 29 PING Sta tistics 10 packets transmitted 10 packets received 0 packet loss round trip ms min avg max 0 0 0 Matrix rw ping s 134 141 89 29 PING 134 141 89 29 56 data bytes 64 bytes from 134 141 89 29 icmp seq 0...

Page 776: ...on s logged in to the switch show users Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Only Example This example shows how to use the show users command In this output there are two Telnet users logged in with Read Write access privileges from IP addresses 134 141 192 119 and 134 141 192 18 Matrix rw show users Session User Location telnet rw 134 141 19...

Page 777: ...tell dest all message Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to tell all users about a system reset dest Specifies the user to which this message will be sent Valid syntax is user location all Sends a broadcast message to all users message Text message Matrix rw tell all system reset scheduled for 1 p m today ...

Page 778: ...scription Command Defaults None Command Type Switch command Command Mode Read Write Examples This example shows how to close a Telnet session to host 134 141 192 119 This example shows how to close the current console session ip addr Specifies the IP address of the Telnet session to be disconnected This address is displayed in the output shown in Section 11 2 2 6 console Closes an active console p...

Page 779: ...MON Switched Network Monitoring on the device Commands Commands to configure SMON are listed below and described in the associated section as shown show smon priority Section 11 2 3 1 set smon priority Section 11 2 3 2 clear smon priority Section 11 2 3 3 show smon vlan Section 11 2 3 4 set smon vlan Section 11 2 3 5 clear smon vlan Section 11 2 3 6 ...

Page 780: ... queues will be displayed Command Type Switch command Command Mode Read Only Example This example shows how to display SMON priority 0 statistics for 1 Gigabit Ethernet port 14 in port group 3 port string Optional Displays SMON priority statistics being collected by specific port s For a detailed description of possible port string values refer to Section 4 1 1 priority priority Optional Displays ...

Page 781: ...itch command Command Mode Read Write Example This example shows how set the device to gather SMON priority statistics from 1 Gigabit Ethernet port 14 in port group 3 create enable disable Creates enables or disables SMON priority statistics counting Create automatically enables starts counters port string Specifies one or more source ports on which to collect statistics For a detailed description ...

Page 782: ...n Command Defaults If port string is not specified priority statistics will be cleared on all ports Command Type Switch command Command Mode Read Write Example This example shows how clear SMON priority statistics on 1 Gigabit Ethernet source port 14 in port group 3 port string Optional Clears statistics for specific port s For a detailed description of possible port string values refer to Section...

Page 783: ... Switch command Command Mode Read Only Example This example shows how to display SMON VLAN 1 statistics for 1 Gigabit Ethernet port 14 in port group 3 port string Optional Displays SMON VLAN statistics being collected by specific port s For a detailed description of possible port string values refer to Section 4 1 1 vlan vlan id Optional Displays SMON statistics associated with a specific VLAN Mat...

Page 784: ...ommand Command Mode Read Write Example This example shows how set the device to gather SMON VLAN related statistics from 1 Gigabit Ethernet port 14 in port group 3 create enable disable Creates enables or disables SMON VLAN statistics counting Create automatically enables starts counters port string Specifies one or more source ports on which to collect statistics For a detailed description of pos...

Page 785: ...ing is not specified VLAN statistics counting configurations will be cleared for all ports Command Type Switch command Command Mode Read Write Example This example shows how clear an SMON VLAN statistics counting configuration from 1 Gigabit Ethernet source port 14 in port group 3 port string Optional Clears statistics counting configuration s for specific port s For a detailed description of poss...

Page 786: ...ring groups supported on Matrix Series devices each group s function and the elements it monitors and the associated configuration commands needed Table 11 5 RMON Monitoring Group Functions and Commands RMON Group What It Does What It Monitors CLI Command s Statistics Records statistics measured by the RMON probe for each monitored interface on the device Packets dropped packets sent bytes sent oc...

Page 787: ...t Controls the generation and notification of events from the device Event type description last time event was sent show rmon event Section 11 2 4 11 set rmon event properties Section 11 2 4 12 set rmon event status Section 11 2 4 13 clear rmon event Section 11 2 4 14 Host Records statistics associated with each host discovered on the network Host address packets and bytes received and transmitte...

Page 788: ... 11 2 4 19 set rmon topN properties Section 11 2 4 20 set rmon topN status Section 11 2 4 21 clear rmon topN Section 11 2 4 22 Matrix Records statistics for conversations between two IP addresses As the device detects a new conversation it creates a new matrix entry Source and destination address pairs and packets bytes and errors for each pair show rmon matrix Section 11 2 4 23 set rmon matrix pr...

Page 789: ...n 11 2 4 27 set rmon channel Section 11 2 4 28 clear rmon channel Section 11 2 4 29 show rmon filter Section 11 2 4 30 set rmon filter Section 11 2 4 31 clear rmon filter Section 11 2 4 32 Packet Capture Allows packets to be captured upon a filter match Packets matching the filter configuration show rmon capture Section 11 2 4 33 set rmon capture Section 11 2 4 34 clear rmon capture Section 11 2 4...

Page 790: ...cs for Fast Ethernet port 20 in port group 1 port string Optional Displays RMON statistics for specific port s For a detailed description of possible port string values refer to Section 4 1 1 wide Optional Display most important stats one line per entry bysize Optional Display counters by packet length Matrix rw show rmon stats fe 1 20 Port fe 1 20 Index 1011 Owner monitor Data Source 1 3 6 1 2 1 ...

Page 791: ...e greater than 1518 bytes and had either a bad FCS or a bad CRC Packets Total number of frames including bad frames broadcast frames and multicast frames received on this interface Broadcast Pkts Total number of good frames that were directed to the broadcast address This value does not include multicast frames Multicast Pkts Total number of good frames that were directed to the multicast address ...

Page 792: ... length excluding framing bits but including FCS bytes 65 127 Octets Total number of frames including bad frames received that were between 65 and 127 bytes in length excluding framing bits but including FCS bytes 128 255 Octets Total number of frames including bad frames received that were between 128 and 255 bytes in length excluding framing bits but including FCS bytes 256 511 Octets Total numb...

Page 793: ...f owner is not specified monitor will be applied Command Type Switch command Command Mode Read Write Example This example shows how to configure RMON statistics entry 2 for fe 1 20 index Specifies an index for this statistics entry port string Specifies port s to which this entry will be assigned For a detailed description of possible port string values refer to Section 4 1 1 owner Optional Assign...

Page 794: ...to defaults Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to delete RMON statistics entry 2 index list Specifies one or more stats entries to be deleted causing them to disappear from any future RMON queries to defaults Resets all history entries to default values This will cause entries to reappear in RMON queries Matri...

Page 795: ...nd Command Mode Read Only Example This example shows how to display RMON history entries for Fast Ethernet port 14 in port group 3 A control entry displays first followed by actual entries corresponding to the control entry In this case the default settings for entry owner sampling interval and maximum number of entries buckets have not been changed from their default values as described in Sectio...

Page 796: ...x 1001 Status 1 valid Owner monitor Data Source 1 3 6 1 2 1 2 2 1 1 11001 Interval 30 Buckets Requested 50 Buckets Granted 50 Sample 2304 Interval Start 0 days 19 hours 11 minutes 35 seconds Drop Events 0 Undersize Pkts 0 Octets 0 Oversize Pkts 0 Packets 0 Fragments 0 Broadcast Pkts 0 Jabbers 0 Multicast Pkts 0 Collisions 0 CRC Align Errors 0 Utilization 0 ...

Page 797: ...terval will be set to 30 seconds If owner is not specified monitor will be applied Command Type Switch command Command Mode Read Write Example This example shows how configure RMON history entry 1 on port fe 2 1 to sample every 30 seconds index list Specifies an index number for this entry port string Optional Assigns this entry to a specific port buckets buckets Optional Specifies the maximum num...

Page 798: ...ection 11 2 4 5 clear rmon history index list to defaults Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to delete RMON history entry 1 index list Specifies one or more history entries to be deleted causing them to disappear from any future RMON queries to defaults Resets all history entries to default values This will ca...

Page 799: ... Syntax Description Command Defaults If index is not specified information about all RMON alarm entries will be displayed Command Type Switch command Command Mode Read Only Example This example shows how to display RMON alarm entry 3 Table 11 7 provides an explanation of the command output index Optional Displays RMON alarm entries for a specific entry index ID Matrix rw show rmon alarm 3 Index 3 ...

Page 800: ...pe Whether the monitoring method is an absolute or a delta sampling Startup Alarm Whether alarm generated when this entry is first enabled is rising falling or either Interval Interval in seconds at which RMON will conduct sample monitoring Rising Threshold Minimum threshold for causing a rising alarm Falling Threshold Maximum threshold for causing a falling alarm Rising Event Index Index number o...

Page 801: ... be monitored NOTE This parameter is not mandatory for executing the command but must be specified in order to enable the alarm entry configuration type absolute delta Optional Specifies the monitoring method as sampling the absolute value of the object or the difference delta between object samples startup rising falling either Optional Specifies the type of alarm generated when this event is fir...

Page 802: ...N alarm This entry will conduct monitoring of the delta between samples every 30 seconds revent revent Specifies the index number of the RMON event to be triggered when the rising threshold is crossed fevent fevent Specifies the index number of the RMON event to be triggered when the falling threshold is crossed owner owner Optional Specifies the name of the entity that configured this alarm entry...

Page 803: ...mand Type Switch command Command Mode Read Write Example This example shows how to enable RMON alarm entry 3 NOTE An RMON alarm entry can be created using this command configured using the set rmon alarm properties command Section 11 2 4 8 then enabled using this command An RMON alarm entry can be created and configured at the same time by specifying an unused index with the set properties command...

Page 804: ...r rmon alarm Use this command to delete an RMON alarm entry clear rmon alarm index Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to clear RMON alarm entry 1 index Specifies the index number of entry to be cleared Matrix rw clear rmon alarm 1 ...

Page 805: ...mple shows how to display RMON event entry 3 Table 11 8 provides an explanation of the command output index Optional Displays RMON properties and log entries for a specific entry index ID Matrix rw show rmon event 3 Index 3 Owner Manager Status valid Description STP Topology change Type log and trap Community public Last Time Sent 0 days 0 hours 0 minutes 37 seconds Table 11 8 show rmon event Outp...

Page 806: ...string description of this event Type Whether the event notification will be a log entry and SNMP trap both or none Community SNMP community name if message type is set to trap Last Time Sent When an event notification matching this entry was sent Table 11 8 show rmon event Output Details Continued Output What It Displays ...

Page 807: ...owner is not specified monitor will be applied Command Type Switch command Command Mode Read Write index Specifies an index number for this entry Maximum number of entries is 100 Maximum value is 65535 description description Optional Specifies a text string description of this event type none log trap both Optional Specifies the type of RMON event notification as none a log table entry an SNMP tr...

Page 808: ...n Guide Example This example shows how to create and enable an RMON event entry called STP topology change that will send both a log entry and an SNMP trap message to the public community Matrix rw set rmon event properties 2 description STP topology change type both community public owner Manager ...

Page 809: ...cription Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to enable RMON event entry 1 NOTE An RMON event entry can be created using this command configured using the set rmon event properties command Section 11 2 4 12 then enabled using this command An RMON event entry can be created and configured at the same time by specifying an unused in...

Page 810: ...se this command to delete an RMON event entry and any associated log entries clear rmon event index Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to clear RMON event 1 index Specifies the index number of the entry to be cleared Matrix rw clear rmon event 1 ...

Page 811: ...ow rmon host port string address creation Syntax Description Command Defaults If port string is not specified information about all ports will be displayed If address or creation are not specified entries will not be sorted Command Type Switch command Command Mode Read Only port string Optional Displays RMON properties and statistics for specific port s address creation Optional Sorts the display ...

Page 812: ...ng to the control entry For a description of the types of statistics shown refer to Table 11 6 Matrix rw show rmon host Host Index 1 Interface 21009 Table size 100 Last deletion 766048 Status 1 Owner monitor Host 00 00 5e 00 01 01 Creation Order 22 In Pkts 0 Out Pkts 1 In Octets 0 Out Octets 66 Broadcast Pkts 0 Multicast Pkts 0 Host 00 00 f6 00 86 6d Creation Order 74 In Pkts 0 Out Pkts 2 In Octet...

Page 813: ...pplied Command Type Switch command Command Mode Read Write Example This example shows how to configure RMON host entry 1 on Fast Ethernet port 5 in port group 1 index Specifies an index number for this entry An entry will automatically be created if an unused index number is chosen Maximum number of entries is 5 Maximum value is 65535 port string Configures RMON host monitoring on a specific port ...

Page 814: ...N host entry set rmon host status index enable Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to enable RMON host entry 1 index Specifies an index number for this entry Maximum number of entries is 5 Maximum value is 65535 enable Enables this host entry Matrix rw set rmon host status 1 enable ...

Page 815: ...ar rmon host Use this command to delete an RMON host entry clear rmon host index Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to clear RMON host entry 1 index Specifies the index number of the entry to be cleared Matrix rw clear rmon host 1 ...

Page 816: ...ption Command Defaults If index is not specified information about all entries will be displayed Command Type Switch command Command Mode Read Only Example This example shows how to display all RMON TopN properties and statistics A control entry displays first followed by actual entries corresponding to the control entry index Optional Displays RMON properties and statistics for a specific entry i...

Page 817: ...when this report was last started HostIndex Index number of the host table for which this top N report will be prepared Rate Base Type of counter and corresponding integer value activated with this entry as InPackets 1 OutPackets 2 InOctets 3 OutOctets 4 OutErrors 5 Broadcast packets 6 or Multicast packets 7 Duration Collection time in seconds for this report Time Remaining Collection time left fo...

Page 818: ...ner is not specified monitor will be applied Command Type Switch command index Specifies an index number for this entry An entry will automatically be created if an unused index number is chosen Maximum number of entries is 10 Maximum value is 65535 hindex hindex Optional Specifies an index number of the host table rate inpackets outpackets inoctets outoctets errors bcast mcast Optional Specifies ...

Page 819: ...x NSA Series Configuration Guide 11 77 Command Mode Read Write Example This example shows how to configure RMON TopN entry 1 for host 1 with a sampling interval of 60 seconds and a maximum number of entries of 20 Matrix rw set rmon topN properties 1 1 inpackets 60 20 ...

Page 820: ... topN entry set rmon topN status index enable Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to enable RMON TopN entry 1 index Specifies an index number for this entry Maximum number of entries is 10 Maximum value is 65535 enable Enables this TopN entry Matrix rw set rmon topN status 1 enable ...

Page 821: ...r rmon topN Use this command to delete an RMON TopN entry clear rmon topN index Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to delete RMON TopN entry 1 index Specifies the index number of the entry to be cleared Matrix rw clear rmon topN 1 ...

Page 822: ...ed information about source and destination addresses will be displayed Command Type Switch command Command Mode Read Only Example This example shows how to display RMON matrix properties and statistics A control entry displays first followed by actual entries corresponding to the control entry port string Optional Displays RMON properties and statistics for a specific port s source dest Optional ...

Page 823: ...for this interface Last deletion System up time when the last entry was deleted from the matrix table associated with this entry Status Whether this matrix entry is enabled valid or disabled Owner Text string identifying who configured this entry Source Source of the data from which this entry creates a traffic matrix Destination Destination of the data from which this entry creates a traffic matr...

Page 824: ...onitor will be applied Command Type Switch command Command Mode Read Write Example This example shows how to configure RMON matrix entry 1 for fe 1 1 index Specifies an index number for this entry An entry will automatically be created if an unused index number is chosen Maximum number of entries is 2 Maximum value is 65535 port string Specifies port s on which to monitors statistics owner Optiona...

Page 825: ...ntry set rmon matrix status index enable Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to enable RMON matrix entry 1 index Specifies an index number for this entry Maximum number of entries is 2 Maximum value is 65535 enable Enables or disables this matrix entry Matrix rw set rmon matrix status 1 enable ...

Page 826: ...n matrix Use this command to delete an RMON matrix entry clear rmon matrix index Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to delete RMON matrix entry 1 index Specifies the index number of the entry to be cleared Matrix rw clear rmon matrix 1 ...

Page 827: ...d information about all channels will be displayed Command Type Switch command Command Mode Read Only Example This example shows how to display RMON channel information for fe 2 12 port string Optional Displays RMON channel entries for a specific port s Matrix rw show rmon channel fe 2 12 Port fe 2 12 Channel index 628 EntryStatus valid Control off AcceptType matched OnEventIndex 0 OffEventIndex 0...

Page 828: ...of the filters on this channel as matched Packets will be accepted on filter matches failed Packets will be accepted if they fail a match control on off Optional Enables or disables control of the flow of data through the channel onevent onevent Optional Specifies the index of the RMON event that will turn this channel on offevent offevent Optional Specifies the index of the RMON event that will t...

Page 829: ... off If onevent and offevent are not specified none will be applied If event status is not specified ready will be applied If a description is not specified none will be applied If owner is not specified it will be set to monitor Command Type Switch command Command Mode Read Write Example This example shows how to create an RMON channel entry Matrix rw set rmon channel 54313 fe 2 12 accept failed ...

Page 830: ...r rmon channel Use this command to clear an RMON channel entry clear rmon channel index Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to clear RMON channel entry 2 index Specifies the channel entry to be cleared Matrix rw clear rmon channel 2 ...

Page 831: ... will be displayed Command Type Switch command Command Mode Read Only Example This example shows how to display all RMON filter entries and channel information index index channel channel Optional Displays information about a specific filter entry or about all filters which belong to a specific channel Matrix rw show rmon filter Index 55508 Channel Index 628 EntryStatus valid Data Offset 0 PktStat...

Page 832: ...mum number of entries is 10 Maximum value is 65535 channel_index Specifies the channel to which this filter will be applied offset offset Optional Specifies an offset from the beginning of the packet to look for matches status status Optional Specifies packet status bits that are to be matched smask smask Optional Specifies the mask applied to status to indicate which bits are significant snotmask...

Page 833: ... Set Configuring RMON Matrix NSA Series Configuration Guide 11 91 Command Mode Read Write Example This example shows how to create RMON filter 1 and apply it to channel 9 Matrix rw set rmon filter 1 10 offset 30 data 0a154305 dmask ffffffff ...

Page 834: ...n RMON filter entry clear rmon filter index index channel channel Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to clear RMON filter entry 1 index index channel channel Clears a specific filter entry or all entries belonging to a specific channel Matrix rw clear rmon filter index 1 ...

Page 835: ...ntries show rmon capture index nodata Syntax Description Command Defaults If no options are specified all buffer control entries and associated captured packets will be displayed Command Type Switch command Command Mode Read Only index Optional Displays the specified buffer control entry and all captured packets associated with that entry nodata Optional Displays only the buffer control entry spec...

Page 836: ... Download size 100 Download offset 0 Max Octet Requested 50000 Max Octet Granted 50000 Start time 1 days 0 hours 51 minutes 15 seconds Owner monitor captureEntry 1 Buff control 28062 Pkt ID 9 Pkt time 1 days 0 hours 51 minutes 15 seconds Pkt Length 93 Pkt status 0 Data 00 00 5e 00 01 01 00 01 f4 00 7d ce 08 00 45 00 00 4b b4 b9 00 00 40 11 32 5c 0a 15 43 05 86 8d bf e5 00 a1 0e 2b 00 37 cf ca 30 2...

Page 837: ... will be set to monitor index Specifies a buffer control entry channel Specifies the channel to which this capture entry will be applied action lock wrap Optional Specifies the action of the buffer when it is full as lock Packets will cease to be accepted wrap Oldest packets will be overwritten slice slice Optional Specifies the maximum octets from each packet to be saved in a buffer default 100 l...

Page 838: ...d Set Configuring RMON 11 96 Matrix NSA Series Configuration Guide Command Type Switch command Command Mode Read Write Example This example shows how to create RMON capture entry 1 to listen on channel 628 Matrix rw set rmon capture 1 628 ...

Page 839: ... rmon capture Use this command to clears an RMON capture entry clear rmon capture index Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to clear RMON capture entry 1 index Specifies the capture entry to be cleared Matrix rw clear rmon capture 1 ...

Page 840: ... manage switch network addresses and routes are listed below and described in the associated section as shown show arp Section 11 2 5 1 set arp Section 11 2 5 2 clear arp Section 11 2 5 3 show rad Section 11 2 5 4 set rad Section 11 2 5 5 show ip route Section 11 2 5 6 traceroute Section 11 2 5 7 set ip route Section 11 2 5 8 clear ip route Section 11 2 5 9 show port mac Section 11 2 5 10 show mac...

Page 841: ...ation of the command output Matrix rw show arp LINK LEVEL ARP TABLE IP Address Phys Address Flags Interface 10 20 1 1 00 00 5e 00 01 1 S host0 134 142 21 194 00 00 5e 00 01 1 S host0 134 142 191 192 00 00 5e 00 01 1 S host0 134 142 192 18 00 00 5e 00 01 1 S host0 134 142 192 119 00 00 5e 00 01 1 S host0 Table 11 11 show arp Output Details Output What It Displays IP Address IP address mapped to MAC...

Page 842: ...be sent to the host Command Type Switch command Command Mode Read Write Example This example shows how to map IP address 198 133 219 232 to MAC address 00 00 0c 40 0f bc ip address Specifies the IP address to map to the MAC address and add to the ARP table mac address Specifies the MAC address to map to the IP address and add to the ARP table temp Optional Sets the ARP entry as not permanent This ...

Page 843: ...delete a specific entry or all entries from the switch s ARP table clear arp ip all Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to delete entry 10 1 10 10 from the ARP table ip all Specifies the IP address in the ARP table to be cleared or clears all ARP entries Matrix rw clear arp 10 1 10 10 ...

Page 844: ...n Guide 11 2 5 4 show rad Use this command to display the status of the RAD Runtime Address Discovery protocol on the switch show rad Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Only Example This example shows how to display RAD status Matrix rw show rad RAD is currently enabled ...

Page 845: ...tion file from the network set rad enable disable Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to disable RAD NOTES In order for RAD to retrieve a text configuration file the file must be specified in the BootP tab RAD on DFE devices will only accept an address from a DHCP or BootP server if the lease time for the addre...

Page 846: ... This example shows how to display the IP routing table Table 11 12 provides an explanation of the command output Matrix rw show ip route ROUTE TABLE Destination Gateway Mask TOS Flags Refcnt Use Interface default 12 22 73 13 00000000 0 UC 0 0 host0 10 0 0 0 12 22 73 13 ff000000 0 UC 0 host0 127 0 0 1 127 0 0 1 00000000 0 UH 0 104 lo0 Table 11 12 show ip route Output Details Output What It Display...

Page 847: ...ry R host or net unreachable D created dynamically by redirect M modified dynamically by redirect d message confirmed C generate new routes on use X external daemon resolves name L generated by ARP S manually added static 1 protocol specific routing flag 2 protocol specific routing flag Refcnt Number of hosts referencing this address Use Number of packets forwarded via this route Interface Interfa...

Page 848: ...be packet m max ttl Optional Specifies the maximum time to live TTL used in outgoing probe packets p port Optional Specifies the base UDP port number used in probes q nqueries Optional Specifies the number of probe inquiries s src addr Optional Specifies the source IP address to use in outgoing probe packets r Optional Bypasses the normal host routing tables d Optional Sets the debug socket option...

Page 849: ...tables will be used If d is not specified the debug socket option will not be used If not specified tos will be set to 0 If F is not specified the don t fragment bit will not be applied If gateway is not specified none will be applied If I is not specified UDP datagrams will be used If v is not specified summary output will be displayed If x is not specified checksums will be calculated Command Ty...

Page 850: ...s the Matrix Series switch hop 2 is 14 1 0 45 and hop 3 is back to the host IP address Round trip times for each of the three UDP probes are displayed next to each hop Matrix rw traceroute 192 167 252 17 traceroute to 192 167 252 17 192 167 252 17 30 hops max 40 byte packets 1 matrix enterasys com 192 167 201 40 20 000 ms 20 000 ms 20 000 ms 2 14 1 0 45 14 1 0 45 40 000 ms 10 000 ms 20 000 ms 3 19...

Page 851: ...ination default gateway Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to add an IP route from 192 122 173 42 to 192 122 168 38 to the routing table destination Specifies the IP address of the network or host to be added default Sets the default gateway gateway Specifies the IP address of the next hop device Matrix rw set...

Page 852: ...d to delete switch IP routing table entries clear ip route destination default Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to clear the default gateway destination Specifies the IP address of the network or host to be cleared default Clears the default gateway Matrix rw clear ip route default ...

Page 853: ...switching process use the show mac command as described in Section 11 2 5 11 show port mac port string Syntax Description Command Defaults If port string is not specified MAC addresses for all ports will be displayed Command Mode Read Only Example This example shows how to display the MAC address for 1 Gigabit Ethernet port 4 in port group 2 port string Optional Displays MAC addresses for specific...

Page 854: ...ified all MAC addresses for the device will be displayed Command Mode Read Only agetime Optional Display the time in seconds that a learned MAC address will stay in the filtering database address mac address Optional Displays a specific MAC address if it is known by the device fid fid Optional Displays MAC addresses for a specific filter database identifier vlan id vlan id Optional Displays MAC ad...

Page 855: ... 3 fe 1 3 mgmt perm Table 11 13 show mac Output Details Output What It Displays MAC Address MAC addresses mapped to the port s shown FID Filter database identifier Port Port designation Type Address type Valid types are other entry is other than below invalid entry is no longer valid but has not been yet flushed out learned entry has been learned and is currently used self entry represents one of ...

Page 856: ...will be permanent Command Mode Read Write Example This example shows how to set the MAC timeout period to 600 seconds agetime time Specifies the timeout period in seconds for aging learned MAC addresses Valid values are 10 to 65535 multicast mac address vlan id port string append clear This command allows you to limit specific layer two multicast addresses mac address to specific ports port string...

Page 857: ...riod all Clear all MAC address entries This will even clear permanent entries address address MAC address to clear ex 00 01 F4 56 78 90 if not specified clear command shall be scoped to all MAC address fid fid Filtering database id to clear if not specified clear command shall be scoped to all filtering database ids vlan id vlan id Specify a VLAN ID from which to clear the MAC address for static m...

Page 858: ...ment Command Set Managing Switch Network Addresses and Routes 11 116 Matrix NSA Series Configuration Guide This example shows how to clear all the MAC addresses associated with port fe 1 3 Matrix rw clear mac port string fe 1 3 ...

Page 859: ...ommand Defaults If port string is not specified MAC address traps for all ports will be displayed Command Mode Read Only Example This example shows how to display the status of MAC address traps on ge 1 1 through 3 port string Optional Displays MAC address traps for specific port s For a detailed description of possible port string values refer to Section 4 1 1 Matrix rw show newaddrtrap New Addre...

Page 860: ...le disable Syntax Description Command Defaults If port string is not specified MAC address traps will be globally enabled or disabled Command Mode Read Write Example This example shows how to globally enable MAC address traps port string Optional Specifies the port s on which to enable or disable MAC address traps For a detailed description of possible port string values refer to Section 4 1 1 ena...

Page 861: ...ommand Defaults If port string is not specified MAC address traps for all ports will be displayed Command Mode Read Only Example This example shows how to display the status of MAC address traps on ge 1 1 through 3 port string Optional Displays MAC address traps for specific port s For a detailed description of possible port string values refer to Section 4 1 1 Matrix rw show movedaddrtrap ge 1 1 ...

Page 862: ...ble disable Syntax Description Command Defaults If port string is not specified MAC address traps will be globally enabled or disabled Command Mode Read Write Example This example shows how to globally enable MAC address traps port string Optional Specifies the port s on which to enable or disable MAC address traps For a detailed description of possible port string values refer to Section 4 1 1 en...

Page 863: ...shown show sntp Section 11 2 6 1 set sntp client Section 11 2 6 2 clear sntp client Section 11 2 6 3 set sntp server Section 11 2 6 4 clear sntp server Section 11 2 6 5 set sntp broadcastdelay Section 11 2 6 6 clear sntp broadcastdelay Section 11 2 6 7 set sntp poll interval Section 11 2 6 8 clear sntp poll interval Section 11 2 6 9 set sntp poll retry Section 11 2 6 10 clear sntp poll retry Secti...

Page 864: ...lay SNTP client settings Table 11 14 provides an explanation of the command output Matrix rw show sntp SNTP Version 3 Current Time TUE SEP 09 16 13 33 2003 Timezone EST offset from UTC is 4 hours and 0 minutes Client Mode unicast Broadcast Delay 3000 microseconds Broadcast Count 0 Poll Interval 512 seconds Poll Retry 1 Poll Timeout 5 seconds SNTP Poll Requests 1175 Last SNTP Update TUE SEP 09 16 0...

Page 865: ...ween SNTP unicast requests Default of 512 seconds can be reset using the set sntp poll interval command Section 11 2 6 8 Poll Retry Number of poll retries to a unicast SNTP server Default of 1 can be reset using the set sntp poll retry command Section 11 2 6 10 Poll Timeout Timeout for a response to a unicast SNTP request Default of 5 seconds can be reset using set sntp poll timeout command Sectio...

Page 866: ...st unicast disable Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to enable SNTP in broadcast mode broadcast Enables SNTP in broadcast client mode unicast Enables SNTP in unicast point to point client mode In this mode the client must supply the IP address from which to retrieve the current time disable Disables SNTP Matr...

Page 867: ...n Guide 11 125 11 2 6 3 clear sntp client Use this command to clear the SNTP client s operational mode clear sntp client Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to clear the SNTP client s operational mode Matrix rw clear sntp client ...

Page 868: ...be set as SNTP servers set sntp server ip address precedence Syntax Description Command Defaults If precedence is not specified 1 will be applied Command Type Switch command Command Mode Read Write Example This example shows how to set the server at IP address 10 21 1 100 as an SNTP server ip address Specifies the SNTP server s IP address precedence Optional Specifies this SNTP server s precedence...

Page 869: ...NTP server list clear sntp server ip address all Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to remove the server at IP address 10 21 1 100 from the SNTP server list ip address Specifies the IP address of a server to remove from the SNTP server list all Removes all servers from the SNTP server list Matrix rw clear sntp...

Page 870: ...trip delay in microseconds for SNTP broadcast frames set sntp broadcastdelay time Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to set the SNTP broadcast delay to 12000 microseconds time Specifies broadcast delay time in microseconds Valid values are 1 to 999999 Default value is 3000 Matrix rw set sntp broadcastdelay 120...

Page 871: ... 6 7 clear sntp broadcast delay Use this command to clear the round trip delay time for SNTP broadcast frames clear sntp broadcastdelay Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to clear the SNTP broadcast delay time Matrix rw clear sntp broadcastdelay ...

Page 872: ... command to set the poll interval between SNTP unicast requests set sntp poll interval interval Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to set the SNTP poll interval to 30 seconds interval Specifies the poll interval in seconds Valid values are 16 to 16284 Matrix rw set sntp poll interval 30 ...

Page 873: ...131 11 2 6 9 clear sntp poll interval Use this command to clear the poll interval between unicast SNTP requests clear sntp poll interval Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to clear the SNTP poll interval Matrix rw clear sntp poll interval ...

Page 874: ... Use this command to set the number of poll retries to a unicast SNTP server set sntp poll retry retry Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to set the number of SNTP poll retries to 5 retry Specifies the number of retries Valid values are 0 to 10 Matrix rw set sntp poll retry 5 ...

Page 875: ... 11 2 6 11 clear sntp poll retry Use this command to clear the number of poll retries to a unicast SNTP server clear sntp poll retry Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to clear the number of SNTP poll retries Matrix rw clear sntp poll retry ...

Page 876: ...nd to set the poll timeout in seconds for a response to a unicast SNTP request set sntp poll timeout timeout Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to set the SNTP poll timeout to 10 seconds timeout Specifies the poll timeout in seconds Valid values are 1 to 30 Matrix rw set sntp poll timeout 10 ...

Page 877: ...tion Guide 11 135 11 2 6 13 clear sntp poll timeout Use this command to clear the SNTP poll timeout clear sntp poll timeout Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to clear the SNTP poll timeout Matrix rw clear sntp poll timeout ...

Page 878: ...command to display SNTP time zone settings show timezone Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Only Example This example shows how to display SNTP time zone settings Matrix rw show timezone Admin Config timezone offset from UTC is 5 hours and 0 minutes Oper Config timezone offset from UTC is 5 hours and 0 minutes ...

Page 879: ...ption Command Defaults If offset hours or minutes are not specified none will be applied Command Type Switch command Command Mode Read Write Example This example shows how to set the time zone to EST with an offset of minus 5 hours name Specifies the time zone name hours Optional Specifies the number of hours this timezone will be offset from UTC Valid values are minus 12 12 to 12 minutes Optional...

Page 880: ...Configuration Guide 11 2 6 16 clear timezone Use this command to remove SNTP time zone adjustment values clear timezone Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to remove SNTP time zone adjustment values Matrix rw clear timezone ...

Page 881: ...work protocols are running on one or more ports Commands Commands to configure node aliases are listed below and described in the associated section as shown show nodealias Section 11 2 7 1 show nodealias mac Section 11 2 7 2 show nodealias protocol Section 11 2 7 3 show nodealias config Section 11 2 7 4 set nodealias Section 11 2 7 5 set nodealias maxentries Section 11 2 7 6 clear nodealias Secti...

Page 882: ...d output port string Optional Displays node alias properties for specific port s For a detailed description of possible port string values refer to Section 4 1 1 Matrix rw show nodealias ge 3 12 Alias ID 1533917044 Active true Vlan ID 1 MAC Address 00 e0 63 04 7b 00 Protocol ip Source IP 63 214 44 63 Table 11 15 show nodealias Output Details Output What It Displays Alias ID Alias dynamically assig...

Page 883: ...41 Vlan ID VLAN ID associated with this alias MAC Address MAC address associated with this alias Protocol Networking protocol running on this port Address Source IP When applicable a protocol specific address associated with this alias Table 11 15 show nodealias Output Details Continued Output What It Displays ...

Page 884: ...du udp Optional Displays node alias entries for one of the following protocols Internet Protocol Appletalk Media Access Control Hot Standby Routing Protocol Dynamic Host Control Protocol Server Dynamic Host Control Protocol Client Boot Protocol Server Boot Protocol Client Open Shortest Path First Virtual Router Redundancy Protocol Internet Packet Exchange IPX Routing Information Protocol IPX Servi...

Page 885: ...Refer back to Table 11 15 for a description of the command output Matrix rw show nodealias mac 00 e0 bpdu Port lag 0 1 Time 0 days 01 hrs 34 mins 53 secs Alias ID 306783575 Active true Vlan ID 1 MAC Address 00 e0 63 59 f4 3d Protocol bpdu Port lag 0 1 Time 0 days 01 hrs 34 mins 54 secs Alias ID 306783579 Active true Vlan ID 1 MAC Address 00 e0 63 59 f4 55 Protocol bpdu Port ge 3 14 Time 0 days 00 ...

Page 886: ...ated entries will be displayed from all source addresses If port string is not specified node alias entries will be displayed for all ports Command Mode Read Only ip apl mac hsrp dhcps dhcpc bootps bootpc ospf vrrp ipx xrip xsap ipx20 rtmp netBios nbt bgp rip igrp dec bpdu udp Specifies the protocol for which to display node alias entries Refer back show nodealias mac Section 11 2 7 2 for a detail...

Page 887: ...e shows how to display node alias entries for IP traffic on ge 3 16 Refer back to Table 11 15 for a description of the command output Matrix rw show nodealias protocol ip ge 3 16 Port ge 3 16 Time 1 days 03 hrs 33 mins 47 secs Alias ID 1533917141 Active true Vlan ID 1 MAC Address 00 e0 63 04 7b 00 Protocol ip Source IP 199 45 62 25 ...

Page 888: ...Read Only Example This example shows how to display node alias configuration settings for ports fe 2 1 through 9 Table 11 16 provides an explanation of the command output port string Optional Displays node alias configuration settings for specific port s For a detailed description of possible port string values refer to Section 4 1 1 Matrix rw show nodealias config fe 2 1 9 Port Number Max Entries...

Page 889: ...put What It Displays Port Number Port designation Max Entries Maximum number of alias entries configured for this port Set using the set nodealias maxentries command Section 11 2 7 6 Used Entries Number of alias entries out of the maximum amount configured already used by this port Status Whether or not a node alias agent is enabled default or disabled on this port ...

Page 890: ... cannot be statically created but can be deleted using the clear node alias command as described in Section 11 2 7 7 set nodealias enable disable port string Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to disable the node alias agent on fe 1 3 enable disable Enables or disables a node alias agent port string Specifies ...

Page 891: ...maxentries val port string Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to set the maximum node alias entries to 1000 on fe 1 3 val Specifies the maximum number of alias entries port string Specifies the port s on which to set the maximum entry value For a detailed description of possible port string values refer to Sec...

Page 892: ...ne Command Type Switch command Command Mode Read Write Example This example shows how to clear all node alias entries on fe 1 3 port string port string Specifies the port s on which to remove all node alias entries For a detailed description of possible port string values refer to Section 4 1 1 alias id alias id Specifies the ID of the node alias to remove This value can be viewed using the show n...

Page 893: ... entries value clear nodealias config port string Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to reset the node alias configuration on fe 1 3 port string Specifies the port s on which to reset the node alias configuration For a detailed description of possible port string values refer to Section 4 1 1 Matrix rw clear n...

Page 894: ...ath the frame takes through the switch Operation NetFlow can be enabled on all ports on a Matrix system including fixed front panel ports LAG ports NEM ports and FTM1 backplane ports Router interfaces which map to VLANs may not be enabled directly NetFlow records are generated only for flows for which a hardware connection has been established As long as the network connection exists and NetFlow i...

Page 895: ...port aggregation caches Provides 4 predefined templates The appropriate template is selected for each flow depending on whether the flow is routed or switched and whether it is a TCP UDP packet or not Version 9 templates are re transmitted when The timeout is reached The default is 30 minutes but is user configurable using the set netflow template timeout command Section 11 2 8 12 Templates are se...

Page 896: ...on as shown show netflow Section 11 2 8 1 set netflow cache Section 11 2 8 2 clear netflow cache Section 11 2 8 3 set netflow export destination Section 11 2 8 4 clear netflow export destination Section 11 2 8 5 set netflow export interval Section 11 2 8 6 clear netflow export interval Section 11 2 8 7 set netflow port Section 11 2 8 8 clear netflow port Section 11 2 8 9 set netflow export version...

Page 897: ...nd Type Switch command Command Mode Read Only Example This example shows how to display both Netflow configuration information and statistics config Optional Show the NetFlow configuration statistics Optional Show the NetFlow statistics export Optional Show the NetFlow export statistics Matrix rw show netflow Matrix N SA Platinum su show netflow Cache Status enabled Destination IP 10 10 1 1 Destin...

Page 898: ...onfiguring NetFlow 11 156 Matrix NSA Series Configuration Guide Disabled Ports lag 0 1 48 ge 1 1 10 12 22 24 52 Export Statistics Network Packets Sampled 232 Exported Packets 43 Exported Records 36 Export Packets Failed 0 Export Records Dropped 0 ...

Page 899: ...atrix system A NetFlow cache maintains NetFlow information for all active flows By default NetFlow caches are not created set netflow cache enable disable Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to enable or create a NetFlow cache on each DFE blade in the system enable disable Enable or disable the NetFlow cache Ma...

Page 900: ...he NetFlow caches on each DFE blade in the Matrix system When this command is executed NetFlow is effectively disabled on the system clear netflow cache Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to remove the NetFlow caches on the DFE blades and disable NetFlow Matrix rw clear netflow cache ...

Page 901: ...r destination per Matrix system can be configured set netflow export destination ip address udp port Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to set the IP address of the NetFlow collector ip address Specifies the IP address of the NetFlow collector udp port Optional Specifies the UDP port number used by the NetFlow...

Page 902: ...or address per Matrix system is supported entering the IP address and UDP port information is not required Executing this command without any parameters will return the collector address to Not Configured Command Type Switch command Command Mode Read Write Example This example shows how to clear the NetFlow collector address ip address Optional Specifies the IP address of the NetFlow collector to ...

Page 903: ...Read Write Usage Each DFE blade in the Matrix system will transmit a NetFlow packet when It has accumulated the maximum number of NetFlow records per packet which is 30 or It has accumulated fewer than 30 NetFlow records and the active flow timer has expired or The flow expires ages out or is invalidated Example This example shows how to set the NetFlow export interval to 10 minutes interval Set t...

Page 904: ...erval Use this command to clear NetFlow export interval to its default of 30 minutes clear netflow export interval Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to return the NetFlow export interval to its default value Matrix rw clear netflow export interval ...

Page 905: ...set netflow port port string enable disable Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to enable NetFlow collection on port ge 1 1 port string Specify the port or ports on which to enable or disable NetFlow collection enable disable Enable or disable NetFlow collection Matrix rw set netflow port ge 1 1 enable ...

Page 906: ...ort to the default NetFlow collection state of disabled clear netflow port port string Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to disable NetFlow collection on port ge 1 1 port string Specify the port or ports on which to disable NetFlow collection Matrix rw clear netflow port ge 1 1 ...

Page 907: ...ut NetFlow version support Use the show netflow config command Section 11 2 8 1 to display the current NetFlow version set netflow export version 5 9 Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to set the flow record format to Version 9 5 9 Specify the NetFlow flow record format to use when exporting NetFlow packets ei...

Page 908: ...cord format used to export data to the default of Version 5 Use the show netflow config command Section 11 2 8 1 to display the current NetFlow version clear netflow export version Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to return the flow record format to Version 5 Matrix rw clear netflow export version ...

Page 909: ...re retransmitted when either The packet refresh rate is reached or The template timeout is reached Template refresh based on the timeout period is only performed by the master DFE blade to avoid multiple copies being sent to the collector Since each DFE blade handles its own packet transmissions template refresh based on number of export packets sent is managed by each blade independently refresh ...

Page 910: ... of a 20 packet refresh rate and a 30 minute timeout may not be optimal for your environment For example a switch processing an extremely slow flow rate of say 20 packets per half hour would refresh the templates only every half hour using the default settings while a switch sending 300 flow report packets per second would refresh the templates 15 times per second Enterasys recommends that you con...

Page 911: ...ts At least one of the refresh rate or timeout parameters must be specified although both can be specified on one command line Command Type Switch command Command Mode Read Write Example This example shows how to return the Version 9 template packet refresh rate to 20 packets and the timeout value to 30 minutes refresh rate Clear the template packet refresh rate to the default value of 20 packets ...

Page 912: ...Logging And Network Management Command Set Configuring NetFlow 11 170 Matrix NSA Series Configuration Guide ...

Page 913: ...ng a basic router configuration Section 12 2 3 4 Reviewing and configuring the ARP table Section 12 2 4 5 Reviewing and configuring broadcast settings Section 12 2 5 6 Reviewing IP traffic and configuring routes Section 12 2 6 7 Configuring PIM Section 12 2 7 8 Configuring Load Sharing Network Address Translation LSNAT Section 12 2 8 9 Configuring Dynamic Host Configuration Protocol DHCP Section 1...

Page 914: ...cessed locally Routing interface configuration commands in this guide will configure either a VLAN or loopback interface depending on your choice of parameters as shown in Table 12 1 For details on how to enable all router CLI configuration modes refer back to Table 2 11 For details on configuring routing protocols refer to Chapter 13 Table 12 1 VLAN and Loopback Interface Configuration Modes For ...

Page 915: ... of interfaces configured for IP to set IP addresses for interfaces and to enable interfaces for IP routing at device startup Commands The commands used to review and configure interface settings are listed below and described in the associated section as shown show interface Section 12 2 1 1 interface Section 12 2 1 2 ip ecm forwarding algorithm Section 12 2 1 3 show ip interface Section 12 2 1 4...

Page 916: ... interface vlan vlan id loopback loopback id lo local id Syntax Description Command Type Router command Command Mode Any router mode Command Defaults If interface type is not specified information for all routing interfaces will be displayed vlan vlan id loopback loopback id lo local id Optional Displays interface information for a specific VLAN loopback or local interface This interface must be c...

Page 917: ... of this output refer to Table 12 2 Matrix Router1 show interface Vlan 1 is Administratively DOWN Vlan 1 is Operationally DOWN Mac Address is 0001 f4da 2cba The name of this device is Vlan 1 The MTU is 1500 bytes The bandwidth is 10000 Mb s Encapsulation ARPA Loopback not set ARP type ARPA ARP Timeout 14400 seconds lo is Administratively UP lo is Operationally UP Internet Address is 127 0 0 1 Subn...

Page 918: ...I before they can be configured for IP routing For details on creating VLANs and configuring them for IP refer to Section 2 3 2 Each VLAN or loopback interface must be configured for routing separately using the interface command To end configuration on one interface before configuring another type exit at the command prompt Enabling interface configuration mode is required for completing interfac...

Page 919: ...nd robin Syntax Description Command Syntax of the no Form The no form of this command disables ECM mode no ip ecm forwarding algorithm Command Type Router command Command Mode Global configuration Matrix Router1 config Command Defaults If algorithm is not specified hash threshold will be set Example This example shows how to enable ECM mode hash thold round robin Optional Sets the ECM forwarding a...

Page 920: ... all routing interfaces will be displayed Example This example shows how to display configuration information for VLAN 1 vlan vlan id loopback loopback id lo loopback id Optional Displays information for a specific VLAN loopback or local interface This interface must be configured for IP routing as described in Section 2 3 1 Matrix Router1 show ip interface vlan 1 Vlan 1 is Oper DOWN Frame Type AR...

Page 921: ... this interface using the commands described in Section 14 3 12 IP Helper Address Whether or not an IP address has been designated for forwarding UDP datagrams from this interface Set using the ip helper address command as described in Section 12 2 5 3 MTU Interface s Maximum Transmission Unit size ARP Timeout Duration for entries to stay in the ARP table before expiring Set using the arp timeout ...

Page 922: ...pecified IP address and disables the interface for IP processing no ip address ip address ip mask Command Type Router command Command Mode Interface configuration Matrix Router1 config if Vlan 1 Command Defaults If secondary is not specified the configured address will be the primary address for the interface Example This example sets the IP address to 192 168 1 1 and the network mask to 255 255 2...

Page 923: ...automatically be enabled at device startup no shutdown Syntax Description None Command Type Router command Command Mode Interface configuration Matrix Router1 config if Vlan 1 Command Defaults None Example This example shows how to enable VLAN 1 for IP routing NOTE The shutdown form of this command disables an interface for IP routing Matrix Router1 config interface vlan 1 Matrix Router1 config if...

Page 924: ...strates managing configuration files while operating in router mode only For a sample of how to use these commands interchangeably with the Matrix Series single configuration interface commands refer to Section 12 2 3 Purpose To review and save the current router configuration and to disable IP routing Commands The commands used to review and save the router configuration are listed below and desc...

Page 925: ...cription None Command Type Router command Command Mode Any router mode Command Defaults None Example This example shows how to display the current router operating configuration Matrix Router1 show running config router id 192 168 100 1 interface loopback 1 ip address 192 168 100 1 255 255 255 255 no shutdown interface vlan 10 ip address 99 99 2 10 255 255 255 0 no shutdown router ospf 1 network 9...

Page 926: ...faults If no parameters are specified the running configuration will be displayed to the terminal session NOTE The write file command must be executed in order to save the router configuration to NVRAM If this command is not executed router configuration changes will not be saved upon reboot erase Optional Deletes the router specific file file Optional Saves the router specific configuration to NV...

Page 927: ... This example shows how to display the router specific configuration to the terminal Matrix Router1 write terminal Enable Config t interface vlan 1 iP Address 182 127 63 1 255 255 255 0 no shutdown interface vlan 2 iP Address 182 127 62 1 255 255 255 0 no shutdown exit router rip network 182 127 0 0 exit disable exit ...

Page 928: ... and remove the routing configuration By default IP routing is enabled when interfaces are configured for it as described in Section 12 2 1 no ip routing Syntax Description None Command Type Router command Command Mode Global configuration Matrix Router1 config Command Defaults None Example This example shows how to disable IP routing on the device Matrix Router1 config no ip routing ...

Page 929: ...ssible to use router only commands to configure the router To do so you need to add router config wrappers to your existing router config files as shown in Figure 12 1 Figure 12 1 Example of a Simple Matrix Series Router Config File 12 2 3 2 Displaying or Writing the Current Config to a File The Matrix Series single configuration interface allows you use the show config command to display or write...

Page 930: ...ing the copy command as described in Section 2 2 8 5 2 Run the configure command using the downloaded config file as described in Section 2 2 8 4 Creating and saving a custom file 1 Configure a module for routing using the set router command as described in Section 2 3 2 2 2 Enable the router as described in Section 2 3 3 and configure it manually Refer back to Figure 12 1 for an example of a basi...

Page 931: ... an interface and to set a MAC address on an interface Commands The commands used to review and configure the ARP table are listed below and described in the associated section as shown show ip arp Section 12 2 4 1 arp Section 12 2 4 2 ip gratuitous arp Section 12 2 4 3 ip gratuitous arp learning Section 12 2 4 4 ip proxy arp Section 12 2 4 5 ip mac address Section 12 2 4 6 arp timeout Section 12 ...

Page 932: ...e specified all entries in the ARP cache will be displayed ip address Optional Displays ARP entries related to a specific IP address vlan vlan id Optional Displays only ARP entries learned through a specific VLAN interface This VLAN must be configured for IP routing as described in Section 2 3 1 output modifier Optional Displays ARP entries within a specific range Options are begin ip address Disp...

Page 933: ...rp 134 141 235 165 Protocol Address Age min Hardware Addr Type Interface Internet 134 141 235 165 0002 1664 a5b3 ARPA Vlan2 Matrix Router1 show ip arp vlan 2 Protocol Address Age min Hardware Addr Type Interface Internet 134 141 235 251 0 0003 4712 7a99 ARPA Vlan2 Table 12 3 show ip arp Output Details Output What It Displays Protocol ARP entry s type of network address Address Network address mapp...

Page 934: ...rm of this command removes the specified permanent ARP entry no arp ip address Command Type Router command Command Mode Global configuration Matrix Router1 config Command Defaults None Example This example shows how to add a permanent ARP entry for the IP address 130 2 3 1 and MAC address 0003 4712 7a99 ip address Specifies the IP address of a device on the network Valid values are IP addresses in...

Page 935: ...tous ARP reply or request no ip gratuitous arp Command Type Router command Command Mode Interface configuration Matrix Router1 config if Vlan 1 Command Defaults None Example This example shows how to enable ARP updating from gratuitous ARP requests on VLAN 1 ignore Ignore all gratuitous ARP frames no updates will occur This option will also prevent any new learning from gratuitous arps if the comm...

Page 936: ... enabled ip gratuitous arp learning both reply request Syntax Description Command Syntax of the no Form The no form of this command disables gratuitous ARP learning no ip gratuitous arp learning Command Type Router command Command Mode Interface configuration Matrix Router1 config if Vlan 1 Command Defaults None Example This example shows how to enable gratuitous ARP learning for both requests and...

Page 937: ...to the requesting host Proxy ARP can lessen bandwidth use on slow speed WAN links It is enabled by default ip proxy arp Syntax Description None Command Syntax of the no Form The no form of this command disables proxy ARP no ip proxy arp Command Type Router command Command Mode Interface configuration Matrix Router1 config if Vlan 1 Command Defaults None Example This example shows how to enable pro...

Page 938: ...ig if Vlan 1 Command Defaults None Example This example shows how to set an IP MAC address of 000A 000A 000B on VLAN 1 NOTE By default every routing interface uses the same MAC address If the user needs interfaces to use different MAC addresses this command will allow it It is the user s responsibility to select a MAC address that will not conflict with other devices on the VLAN since the Matrix S...

Page 939: ... Syntax Description Command Syntax of the no Form The no form of this command restores the default value of 14 400 seconds no arp timeout seconds Command Type Router command Command Mode Global configuration Matrix Router1 config Command Defaults None Example This example shows how to set the ARP timeout to 7200 seconds seconds Specifies the time in seconds that an entry remains in the ARP cache V...

Page 940: ... 4 8 clear arp cache Use this command to delete all nonstatic dynamic entries from the ARP table clear arp cache Syntax Description None Configuration Mode Privileged EXEC Matrix Router1 Command Defaults None Example This example shows how to delete all dynamic entries from the ARP table Matrix Router1 clear arp cache ...

Page 941: ...Configuring Broadcast Settings Purpose To configure IP broadcast settings Commands The commands used to configure IP broadcast settings are listed below and described in the associated section as shown ip directed broadcast Section 12 2 5 1 ip forward protocol Section 12 2 5 2 ip helper address Section 12 2 5 3 ...

Page 942: ...t Syntax Description None Command Syntax of the no Form The no form of this command disables IP directed broadcast globally no ip directed broadcast Command Type Router command Command Mode Interface configuration Matrix Router1 config if Vlan 1 Command Defaults None Example This example shows how to enable IP directed broadcasts on VLAN 1 Matrix Router1 config interface vlan 1 Matrix Router1 conf...

Page 943: ...nd Type Router command Command Mode Global configuration Matrix Router config udp Specifies UDP as the IP forwarding protocol port Optional Specifies a destination port that controls which UDP services are forwarded If not specified the forwarding protocols are forwarded on the default ports listed Trivial File Transfer Protocol TFTP port69 Domain Naming System port 53 Time service port 37 NetBIOS...

Page 944: ...segment A routing module can forward the DHCP request to a server located on another network if IP forward protocol is enabled for UDP as described in Section 12 2 5 2 and the address of the DHCP server is configured as a helper address on the receiving interface of the routing module forwarding the request as described in Section 12 2 5 3 The DHCP BOOTP relay function will detect the DHCP request...

Page 945: ...of the no Form The no form of this command disables the forwarding of UDP datagrams to the specified address no ip helper address address Command Type Router command Command Mode Interface configuration Matrix Router config if Vlan vlan_id Command Defaults None Example This example shows how to permit UDP broadcasts from hosts on networks 191 168 1 255 and 192 24 1 255 to reach servers on those ne...

Page 946: ...configure routes to enable and send router ICMP ping messages and to execute traceroute Commands The commands used to review IP traffic and configure routes are listed below and described in the associated section as shown show ip protocols Section 12 2 6 1 show ip traffic Section 12 2 6 2 clear ip stats Section 12 2 6 3 show ip route Section 12 2 6 4 ip route Section 12 2 6 5 ip icmp Section 12 2...

Page 947: ...nd to display information about IP protocols running on the device show ip protocols Syntax Description None Command Type Router command Command Mode Any router mode Command Defaults None NOTE Enabling CIDR for RIP on the Matrix Series device requires using the no auto summary command as described in Section 13 2 2 16 to disable automatic route summarization ...

Page 948: ...ers refer to Section 13 2 2 Matrix Router1 show ip protocols Routing Protocol is rip Sending updates every 30 seconds Next due in 19 seconds Invalid after 180 seconds hold down 120 flushed after 300 Incoming update filter list for all interfaces is not set Outgoing update filter list for all interfaces is not set Default Version Control Interface Send Recv Key chain Vlan 1 1 1 Vlan 2 1 1 Routing f...

Page 949: ...ic Use this command to display IP traffic statistics show ip traffic softpath Syntax Description Command Type Router command Command Mode Any router mode Command Defaults If softpath is not specified general IP traffic statistics will be displayed softpath Optional Displays IP protocol softpath statistics This option is used for debugging ...

Page 950: ...warded 0 no route ICMP Statistics Rcvd 4 total 0 checksum errors 0 redirects 0 unreachable 4 echo 0 echo reply 0 mask requests 0 quench 0 parameter 0 timestamp 0 time exceeded Sent 6 total 0 redirects 0 unreachable 0 echo 4 echo reply 0 mask requests 2 mask replies 0 quench 0 timestamp 0 info reply 0 time exceeded 0 parameter problem UDP Statistics Rcvd 1 total 0 checksum errors 1 no port Sent 6 t...

Page 951: ...12 39 12 2 6 3 clear ip stats Use this command to clear all IP traffic counters IP ICMP UDP TCP IGMP and ARP clear ip stats Syntax Description None Configuration Mode Privileged EXEC Matrix Router1 Command Defaults None Example This example shows how to clear all IP traffic counters Matrix Router1 clear ip stats ...

Page 952: ...ntains all the active static routes all the RIP routes and up to three best routes to each network as determined by OSPF The RTM selects up to three of the best routes to each network and installs these routes in the FIB Forwarding Information Base The routes in the FIB are destination prefix destination prefix mask longer prefixes Optional Converts the specified address and mask into a prefix and...

Page 953: ...tly connected to VLANs 1 and 2 two static routes connected to VLAN 1 one indirectly and one via another network IP and one RIP route Distance cost is displayed as x y Matrix Router1 show ip route Codes C connected S static R RIP O OSPF IA OSPF inter area N1 OSPF NSSA external type 1 N2 OSPF NSSA external type 2 E1 OSPF external type 1 E2 OSPF external type 2 candidate default U per user static rou...

Page 954: ...er1 config Command Defaults If distance is not specified the default value of 1 will be applied If permanent and tag are not specified the route will be set as non permanent with no tag assigned prefix Specifies a destination IP address prefix mask Specifies a destination prefix mask forward addr vlan vlan id Specifies a forwarding gateway IP address or routing VLAN interface ID distance Optional ...

Page 955: ...g of 1 This example shows how to set IP address 10 1 2 3 as the next hop gateway to destination address 10 0 0 0 The route is set as permanent and assigned a tag of 20 This example shows how to set VLAN 100 as the next hop interface to destination address 10 0 0 0 Matrix Router1 config ip route 10 0 0 0 255 0 0 0 10 1 2 3 1 Matrix Router1 config ip route 10 0 0 0 255 0 0 0 10 1 2 3 permanent tag 2...

Page 956: ...led using no ip icmp this command will re enable it on the routing interface ip icmp echo reply mask reply Syntax Description Command Syntax of the no Form The no form of this command disables ICMP no ip icmp echo reply mask reply Command Type Router command Command Mode Interface configuration Matrix Router1 config if Vlan 1 Command Defaults None Example This example shows how to enable ICMP in e...

Page 957: ...ommand Type Router command Command Mode Privileged EXEC Matrix Router1 Command Defaults None Examples This example shows output from a successful ping to IP address 182 127 63 23 This example shows output from an unsuccessful ping to IP address 182 127 63 24 ip address Specifies the IP address of the system to ping Matrix Router1 ping 182 127 63 23 Reply from 182 127 63 23 Reply from 182 127 63 23...

Page 958: ...ay a round trip path to host 192 167 252 46 In this case hop 1 is an unnamed router at 192 167 201 2 hop 2 is rtr10 at 192 4 9 10 hop 3 is rtr43 at 192 167 208 43 and hop 4 is back to the host IP address Round trip times for each of the three ICMP probes are displayed before each hop Probe time outs are indicated by an asterisk host Specifies a host to which the route of an IP packet will be trace...

Page 959: ...ction 12 2 7 5 show ip pim bsr Section 12 2 7 6 show ip pim interface Section 12 2 7 7 show ip pim neighbor Section 12 2 7 8 show ip pim rp Section 12 2 7 9 show ip pim rp hash Section 12 2 7 10 show ip mroute Section 12 2 7 11 show ip mforward Section 12 2 7 12 show ip rpf Section 12 2 7 13 Advanced License Required PIM is an advanced routing feature that must be enabled with a license key If you...

Page 960: ...e ip pim sparse mode Syntax Description None Command Syntax of the no Form The no form of this command disables PIM on an interface no ip pim sparse mode Command Type Router command Command Mode Interface configuration Matrix Router1 config if Vlan 1 Command Defaults None Example This example enables PIM sparse mode on VLAN 1 Matrix Router1 config interface vlan 1 Matrix Router1 config if Vlan 1 i...

Page 961: ...utomatically applied If priority is not specified 1 will be applied pim interface Interface of the BSR candidate This interface must be enabled with PIM as described in Section 12 2 7 1 hash mask length Optional Length of a mask to be added with the group address before the hash function is called All groups with the same seed hash correspond to the same Rendezvous Point RP This option provides on...

Page 962: ...PIM 12 50 Matrix NSA Series Configuration Guide Example This example sets the hash mask length to 30 and DR priority to 77 on VLAN 1 Matrix Router1 config interface vlan 1 Matrix Router1 config if Vlan 1 ip pim bsr candidate vlan 1 priority 77 ...

Page 963: ...ntax of the no Form The no form of this command disables the DR functionality no ip dr priority Command Type Router command Command Mode Interface configuration Matrix Router1 config if Vlan 1 Command Defaults None Example This example sets the DR priority to 20 on VLAN 1 priority Specifies a priority value for designated router selection Valid values are 0 4294967294 Default is 1 Matrix Router1 c...

Page 964: ...dress group mask Command Type Router command Command Mode Global configuration Matrix Router1 config Command Defaults If not specified a priority value of 192 will be assigned Example This example sets a static RP address at 10 0 0 1 for the multicast group at 235 0 0 255 0 0 rp address Specifies the IP address of the PIM RP router group address Specifies the multicast group address group mask Spe...

Page 965: ...p address group mask Command Type Router command Command Mode Global configuration Matrix Router1 config Command Defaults If not specified a DR priority value of 192 will be assigned Example This example enables the PIM interface at 35 0 0 224 0 0 240 0 0 to advertise itself as an RP candidate with a priority of 124 pim interface Interface to advertise as an RP candidate This interface must be ena...

Page 966: ...ootStrap Router BSR information Table 12 4 provides an explanation of the command output Matrix Router1 show ip pim bsr PIMv2 Elected Bootstrap Router Information BSR Address 10 0 0 1 Bsr Priority 77 Bsr Hash Mask Length 30 Bsr Uptime 00 01 10 Bsr Expiry 00 00 49 This Router is a Candidate Bootstrap Router CBSR Candidate BSR Address 10 0 0 1 Hash Mask Length 30 Priority 77 Table 12 4 show ip pim b...

Page 967: ...Interval that this router has been up in hours minutes seconds After 24 hours format will change into days hours and after a week will change into weeks days BSR Expiry Period in which the next bootstrap message is due from this BSR in hours minutes seconds After 24 hours format will change into days hours and after a week will change into weeks days Assigning a time value of 00 00 00 means this B...

Page 968: ...PIM interface information Table 12 5 provides an explanation of the command output interface Optional Displays information about a specific PIM interface This interface must be enabled with PIM as described in Section 12 2 7 1 Matrix Router1 show ip pim interface Address Vlan Ver Mode Nbr Count Query Intvl DR Prior DR 35 0 0 1 35 v2 S 1 30 1 35 0 0 2 23 0 0 1 23 v2 S 0 30 1 23 0 0 1 20 0 0 2 20 v2...

Page 969: ...PIM hello messages from other PIM routers on the interface Query Intvl Interval between Hello messages Default is 30 seconds DR Prior Designated router priority value on the interface Set with the ip pim dr priority command Section 12 2 7 3 DR IP address of the designated router on the LAN Table 12 5 show ip pim interface Output Details Continued Output What It Displays ...

Page 970: ...PIM neighbor information Table 12 6 provides an explanation of the command output interface Optional Displays information about a specific PIM interface This interface must be enabled with PIM as described in Section 12 2 7 1 Matrix Router1 show ip pim neighbor Neighbor Address Vlan DR Priority Uptime Expires Mode 10 0 0 2 10 1 00 03 34 00 01 40 PIMSM_MODE DR Table 12 6 show ip pim neighbor Output...

Page 971: ...Interval in hours minutes and seconds until the entry will be removed from the IP multicast routing table Mode Mode in which the interface is operating DR Indicates that this neighbor is a designated router on the LAN Table 12 6 show ip pim neighbor Output Details Continued Output What It Displays ...

Page 972: ... example shows how to display information about active RPs This example shows how to display RP mapping information group Optional Displays active RPs for any existing multicast group s mapping Optional Displays all RP mappings multicast group address Optional Displays RP information for a specific multicast group IP address Matrix Router1 show ip pim rp Group 225 1 2 3 RP 192 168 41 1 uptime 07 4...

Page 973: ...7 show ip pim rp Output Details Output What It Displays Group s Address of the multicast group s about which to display RP data RP Address of the RP for that group Priority RP priority value Expiry Period in hours minutes seconds in which the next bootstrap message is due from this BSR Uptime Interval that this router has been up in hours minutes seconds ...

Page 974: ... a specified group show ip pim rp hash group address Syntax Description Command Type Router command Command Mode Privileged EXEC Matrix Router1 Command Defaults None Example This example shows how to display RP hash information group address Displays information about a specific group address Matrix Router1 show ip pim rp hash RP 192 168 41 1 via Bootstrap Router uptime 07 50 10 expires 00 01 52 ...

Page 975: ...s For more information on configuring DVMRP refer to Section 13 2 4 show ip mroute unicast source address multicast group address summary Syntax Description Command Type Router command Command Mode Any router mode Command Defaults If no optional parameters are specified detailed information about all source and destination addresses will be displayed unicast source address multicast group address ...

Page 976: ...nd 920 Matrix Router1 show ip mroute IP Multicast Routing Table Flags D Dense S Sparse C Connected L Local P Pruned R RP bit set F Register flag T SPT bit set J Join SPT Timers Uptime Expires Interface state Interface Next Hop or VCD State Mode 1 of 9 PIMSM 225 1 2 3 01 52 43 00 02 33 RP 192 168 41 1 flags SC Incoming interface Vlan 999 RPF nbr 99 99 1 1 Outgoing interface list Vlan 410 Forward Sp...

Page 977: ...scription Command Type Router command Command Mode Any router mode Command Defaults If no optional parameters are specified detailed information about all source and destination addresses will be displayed Example This example shows a portion of the IP multicast forwarding table display unicast source address multicast group address Optional Displays information about a specific unicast source add...

Page 978: ...how ip rfp Syntax Description None Command Type Router command Command Mode Any router mode Command Defaults None Example This example shows the reverse path information for IP address 80 80 80 252 Matrix rw Router2 show ip rpf 80 80 80 252 RPF information for 80 80 80 252 RPF vlan interface 10 RPF route mask 192 168 1 0 255 255 255 0 RPF neighbor 192 168 1 25 Metric preference 110 Metric 10 ...

Page 979: ...ng considerations must be taken into account when configuring LSNAT on Matrix Series devices On chassis based systems only one router per chassis will be allowed to run LSNAT at a given time ALL modules in the chassis must have upgraded memory to 256 MB and must have an advanced license activated A server farm cannot be shared by different virtual servers When different virtual server IPs VIPs sha...

Page 980: ...or this client Subsequent packets from clients are compared to the list of bindings If there is a match the packet is sent to the same server previously selected for this client If there is not a match a new binding is created How the router determines the binding match for session persistence is configured with the persistence level command when the virtual server is created There are three confi...

Page 981: ...binding hardware resource instead of one per service per client In order to use sticky persistence the following configuration criteria are required Sticky persistence must be configured for the server farm group with the sticky command as well as for the virtual server with the persistence level command The real servers in this server farm are to be used for all services The servers are not allow...

Page 982: ...eal servers by means of the vserver http virtual server However clients can directly access realserver1 and realserver2 for any services other than HTTP If you combine the two mechanisms that is configure ip slb allowaccess_all at the Global configuration mode and also configure allow accessservers within a virtual server s configuration mode the clients identified with the allow accessservers com...

Page 983: ... to the real server maxconns Section 12 2 8 10 Optional Specify a weight load number for the real server weight Section 12 2 8 11 Configure a virtual server Optional Display the virtual server configuration show ip slb vservers Section 12 2 8 12 Specify a virtual server name ip slb vserver Section 12 2 8 13 Associate a virtual server with a server farm serverfarm Section 12 2 8 14 Configure a virt...

Page 984: ...splay or clear server load balancing connections and statistics Optional Display server load balancing connections and statistics show ip slb conns Section 12 2 8 21 show ip slb stats Section 12 2 8 22 Optional Display SLB active sticky persistence connections show ip slb sticky Section 12 2 8 23 Optional Clear server load balancing connections or statistics clear ip slb Section 12 2 8 24 Display ...

Page 985: ... Defaults If detail is not specified summary information about all configured server farms will be displayed Example This example shows how to display LSNAT server farm summary information detail Optional Displays detailed output for a specific server farm or for all configured server farms serverfarmname Specifies a server farm name for which to display information Matrix Router1 config show ip s...

Page 986: ...t 21 ip slb ftpctrlport port number Syntax Description Command Syntax of the no Form The no form of this command resets the FTP control port to 21 no ip slb ftpctrlport Command Type Router command Command Mode Global configuration mode Matrix Router1 config Command Defaults None Example This example shows how to specify port 46 as the FTP control port for server load balancing port number Specifie...

Page 987: ...escription Command Syntax of the no Form The no form of this command deletes the server farm from the LSNAT configuration no ip slb serverfarm serverfarmname Command Type Router command Command Mode Global configuration mode Matrix Router1 config Command Defaults None Example This example shows how to identify a server farm named httpserver and enable configuration mode for that server farm server...

Page 988: ...faults If not specified port 0 will be applied Example This example shows how to add a real server at 10 1 2 3 to the server farm named httpserver and to configure the port number to be used for the service provided by this server ip address Specifies a server IP address port number Specifies a port number for this server Note that all real servers in the same server farm should be configured to u...

Page 989: ...esets the selection algorithm to Round Robin no predictor Command Type Router command Command Mode SLB Server Farm Configuration mode Matrix Router1 config slb sfarm Command Defaults If not specified Round Robin will be used as the selection algorithm Example This example shows how to specify Least Connections as the server selection algorithm for the httpserver server farm roundrobin leastconns O...

Page 990: ... in conjunction with the persistence level sticky command described in Section 12 2 8 18 sticky Syntax Description None Command Syntax of the no Form The no form of this command removes this server farm using persistence sticky no sticky Command Type Router command Command Mode SLB Server Farm Configuration mode Matrix Router1 config slb sfarm Command Defaults None Example This example shows how t...

Page 991: ...how to display summary and detailed information about real servers in the ten server farm detail Optional Displays detailed output for a specific server farm or for all configured server farms serverfarm serverfarmname Specifies a server farm name for which to display information Matrix Router1 config Router1 show ip slb reals real serv ip port server farm type ins stat wgt maxcon conns 192 169 1 ...

Page 992: ...0 Current state of this real server UP Maximum Connections Unlimited Real Server Weight 3 InService Real Server IP 10 3 0 2 Real Server Port 80 Fail Detect Ping Retries 4 Ping Interval 200 Fail Detect App Retries 4 App Interval 15 Fail Detect Type ping Current Connections on this real server 0 Current state of this real server UP Maximum Connections 350 Real Server Weight 2 InService Real Server I...

Page 993: ...n error condition on this server Defaults can be changed using the faildetect command as described in Section 12 2 8 9 Fail Detect Type Whether or not the failure detection mechanism is ICMP ping TCP application both or none Assigned using the faildetect command as described in Section 12 2 8 9 Current Connections Number of active connections on this server Current State Operational state of this ...

Page 994: ...he no Form The no form of this command removes the real server from service no inservice Command Type Router command Command Mode SLB Real Server Configuration mode Matrix Router1 config slb real Command Defaults None Example This example shows how to enable the real server at IP 10 1 2 3 in the httpserver server farm Matrix Router1 config ip slb serverfarm httpserver Matrix Router1 config slb sfa...

Page 995: ... Server Configuration mode Matrix Router1 config slb real Command Defaults If not specified ping will be chosen as the fail detection type ping int seconds Specifies an ICMP ping failure detection interval in seconds Valid values are 1 200 Default is 5 seconds ping retries number Specifies the number of times an ICMP ping failure will result in a retrial Valid values are 1 200 Default is 4 app int...

Page 996: ...shows how to set the ping interval to 10 seconds and the retry number to 6 for the real server at IP 10 1 2 3 in the httpserver server farm Matrix Router1 config ip slb serverfarm httpserver Matrix Router1 config slb sfarm real 10 1 2 3 port 80 Matrix Router1 config slb real faildetect ping int 10 ping retries 6 Matrix Router1 config slb real inservice ...

Page 997: ...ommand Mode SLB Real Server Configuration mode Matrix Router1 config slb real Command Defaults None Example This example shows how to limit the number of connections to 20 on the real server at IP 10 1 2 3 in the httpserver server farm maximum number Specifies the maximum number of connections allowed The default condition is unlimited number of connections Matrix Router1 config ip slb serverfarm ...

Page 998: ...ber Command Type Router command Command Mode SLB Real Server Configuration mode Matrix Router1 config slb real Command Defaults None Example This example shows how to set the weight load number to 100 on the real server at IP 10 1 2 3 in the httpserver server farm weight number Specifies the weight load number Valid values are 1 255 Matrix Router1 config ip slb serverfarm httpserver Matrix Router1...

Page 999: ...ers will be displayed If detail is not specified summary information will be displayed Examples This example shows how to display summary information about all LSNAT virtual servers detail Optional Displays detailed output for a specific virtual server or for all configured virtual servers virtserver name Optional Specifies a virtual server name for which to display information Matrix Router1 conf...

Page 1000: ...the real server s Virtual Server test Start IP to End IP 169 254 1 1 to 169 254 1 9 Table 12 10 show ip slb vservers Output Details Output What It Displays Virtual Server Name of the virtual server Assigned using the ip slb vserver command as described in Section 12 2 8 13 Virtual Server IP Address of the virtual server Assigned with the virtual command as described in Section 12 2 8 15 Port TCP o...

Page 1001: ...dress Configured using the virtual command as described in Section 12 2 8 15 Note that currently only FTP is supported client s allowed to use the virtual server s Clients with permission to access this server Set with the client command as described in Section 12 2 8 17 client s allowed direct access to the real server s Clients with permission to access this server without LSNAT translation Set ...

Page 1002: ... config Command Defaults None Example This example shows how to identify a virtual server named virtual http and enable configuration mode for that virtual server Note that this example also includes the configuration of the server farm to which this virtual server will be associated vserver name Specifies a virtual server name Matrix Router1 config ip slb serverfarm httpserver Matrix Router1 conf...

Page 1003: ...efaults None Example This example shows how to associate the virtual server named virtual http to the httpserver server farm serverfarm name Specifies a server farm name Must be previously configured with the ip slb serverfarm command as described in Section 12 2 8 3 Matrix Router1 config ip slb serverfarm httpserver Matrix Router1 config slb sfarm real 10 1 2 1 port 80 Matrix Router1 config slb r...

Page 1004: ...l server port Specifies a TCP or UDP port number 0 through 65535 or port name to be used by this virtual server Specifying 0 indicates all ports can be used by this virtual server and should be used only with sticky session persistence configuration See Sticky Persistence Configuration Considerations on page 12 69 The following port name keywords may be used ftp File Transfer Protocol port 21 teln...

Page 1005: ... port for the virtual http virtual server Matrix Router1 config ip slb serverfarm httpserver Matrix Router1 config slb sfarm real 10 1 2 1 port 80 Matrix Router1 config slb real inservice Matrix Router1 config slb real exit Matrix Router1 config slb sfarm real 10 1 2 3 port 80 Matrix Router1 config slb real inservice Matrix Router1 config slb real exit Matrix Router1 config slb sfarm exit Matrix R...

Page 1006: ...lb vserver Command Defaults None Example This example shows how to enable virtual server named virtual http Matrix Router1 config ip slb serverfarm httpserver Matrix Router1 config slb sfarm real 10 1 2 1 port 80 Matrix Router1 config slb real inservice Matrix Router1 config slb real exit Matrix Router1 config slb sfarm real 10 1 2 3 port 80 Matrix Router1 config slb real inservice Matrix Router1 ...

Page 1007: ...orm The no form of this command removes permission for a client to use the virtual server no client ip address network mask Command Type Router command Command Mode SLB Virtual Server Configuration mode Matrix Router1 config slb vserver Command Defaults None Example This example shows how to allow a client at 100 12 22 42 255 255 255 0 to use the virtual server named virtual lsnat ip address Speci...

Page 1008: ... Router command Command Mode SLB Virtual Server Configuration mode Matrix Router1 config slb vserver tcp ssl sticky Optional Specifies the type of binding that is used to connect a client to a server TCP is the default TCP will bind based on four fields within the packets source IP address destination IP address source port and destination port SSL will bind based on source IP address destination ...

Page 1009: ...Matrix Router1 config slb sfarm exit Matrix Router1 config ip slb vserver virtual http Matrix Router1 config slb vserver serverfarm httpserver Matrix Router1 config slb vserver virtual 10 1 4 5 tcp www Matrix Router1 config slb vserver persistence level tcp 360 Matrix Router1 config slb vserver inservice Matrix Router1 config ip slb serverfarm lsnat Matrix Router1 config slb sfarm sticky Matrix Ro...

Page 1010: ... end Syntax Description Command Syntax of the no Form The no form of this command removes non LSNAT access permission from the specified clients no allow accessservers client ip start client ip end Command Type Router command Command Mode SLB Virtual Server Configuration mode Matrix Router1 config slb vserver Command Defaults None Example This example shows how to allow clients at 10 24 16 12 thro...

Page 1011: ...and Syntax of the no Form The no form of this command removes direct access for all clients no ip slb allowaccess_all Command Type Router command Command Mode Global configuration mode Matrix Router1 config Command Defaults None Examples This example shows how to allow all clients to have direct access to real servers for all services except those configured for server load balancing This example ...

Page 1012: ...r1 config slb real exit Matrix Router1 config slb sfarm real 10 1 2 3 port 80 Matrix Router1 config slb real inservice Matrix Router1 config slb real exit Matrix Router1 config slb sfarm exit Matrix Router1 config ip slb vserver virtual http Matrix Router1 config slb vserver serverfarm httpserver Matrix Router1 config slb vserver virtual 10 1 4 5 tcp www Matrix Router1 config slb vserver persisten...

Page 1013: ...splay summary information about active server load balancing connections detail Optional Displays detailed output for a specific virtual server a specific client or for all configured virtual servers and clients vserver virtualserver Optional Specifies a virtual server name for which to display information client client ip Optional Specifies a client IP for which to display information Matrix Rout...

Page 1014: ...te Connection Flow ID 2 Real Server IP 172 17 1 2 Client IP 169 225 1 50 Real Server Port 21 Client Port 1110 Protocol TCP Created Time stamp 2004 3 24 14 34 07 Connection State outgoing server reply state Table 12 11 show ip slb conns Output Details Output What It Displays Connection Flow ID Connection flow identifier Real Server IP Address of the real server Assigned using the real command as de...

Page 1015: ...tats Use this command to display load server balancing statistics show ip slb stats Syntax Description None Command Type Router command Command Mode Any router mode Command Defaults None Example This example shows how to display server load balancing connection statistics Matrix Router1 show ip slb stats created conns established conns deleted conns 3 2 1 ...

Page 1016: ...Description Command Type Router command Command Mode Any router mode Command Defaults If client is not specified all server load balancing active sticky connections are displayed Examples This example shows how to display all server load balancing active sticky connections client ip address Optional Display sticky connections for a particular client Matrix Router1 show ip slb sticky client ip real...

Page 1017: ...erfarm serverfarm vserver vserver Syntax Description Command Type Router command Command Mode Privileged EXEC Matrix Router1 Command Defaults None Example This example shows how to remove all server load balancing connections counters Clears all server load balancing counters connections all flowid flowid serverfarm serverfarm vserver vserver Removes all server load balancing connections or those ...

Page 1018: ... Type Switch command Command Mode Read Only Command Defaults If no options are specified all router limits will be displayed Example This example shows how to display the LSNAT cache size NOTE This command must be executed from the switch CLI lsnat bindings Optional Displays the LSNAT maximum bindings limit lsnat cache Optional Displays the LSNAT cache size limit lsnat configs Optional Displays th...

Page 1019: ...ximum configs will be set to the default value of 50 That is up to 50 server farms 50 virtual servers and 50 direct access entries can be NOTE This command must be executed from the switch CLI lsnat bindings lsnat bindings Optional Sets the LSNAT maximum bindings limit lsnat cache lsnat cache Optional Sets the LSNAT cache size limit lsnat configs lsnat configs Optional Sets the LSNAT configuration...

Page 1020: ... real servers and 500 client access entries can be configured Example This example shows how to set the LSNAT configuration limit to 25 This means that up to 25 server farms 25 virtual servers and 25 direct access entries can be configured and up to 250 real servers and 250 client access entries can be configured Matrix rw set router limits lsnat configs 25 ...

Page 1021: ...tch command Command Mode Read Write Command Defaults If no options are specified all LSNAT limits will be reset Example This example shows how to reset all chassis based LSNAT limits NOTE This command must be executed from the switch CLI lsnat bindings Optional Resets the LSNAT maximum bindings limit to the default value of 5000 lsnat cache Optional Resets the LSNAT cache size limit to the default...

Page 1022: ...od of time or until the client explicitly relinquishes the address Manual A client s IP address is assigned by the network administrator and DHCP is used simply to convey the assigned address to the client The amount of time that a particular IP address is valid for a system is called a lease The Matrix routing module or standalone device maintains a lease database which contains information about...

Page 1023: ...r clear and show commands most DHCP configuration commands can be executed in most of the DHCP command modes shown in Table 12 12 CLI examples in this section will show a command being executed in one of the appropriate DHCP configuration modes Table 12 12 DHCP Command Modes Mode Usage Access Method Resulting Prompt IP Local Pool Configuration Mode Configure a local address pool as a DHCP subnet T...

Page 1024: ...p dhcp pool Section 12 2 9 6 domain name Section 12 2 9 7 dns server Section 12 2 9 8 netbios name server Section 12 2 9 9 netbios node type Section 12 2 9 10 default router Section 12 2 9 11 bootfile Section 12 2 9 12 next server Section 12 2 9 13 option Section 12 2 9 14 lease Section 12 2 9 15 host Section 12 2 9 16 DHCP Host Configuration Mode Configure DHCP host parameters Type client identif...

Page 1025: ...de 12 113 client class Section 12 2 9 17 client identifier Section 12 2 9 18 client name Section 12 2 9 19 hardware address Section 12 2 9 20 show ip dhcp binding Section 12 2 9 21 clear ip dhcp binding Section 12 2 9 22 show ip dhcp server statistics Section 12 2 9 23 clear ip dhcp server statistics Section 12 2 9 24 ...

Page 1026: ... server Syntax Description None Command Syntax of the no Form The no form of this command disables DHCP server features on one or all routing interfaces no ip dhcp Command Type Router command Command Mode Interface configuration Matrix Router1 config if Vlan 1 Command Defaults None Example This example shows how to enable DHCP server on VLAN 1 Matrix Router1 config interface vlan 1 Matrix Router1 ...

Page 1027: ...no form of this command removes the local address pool no ip local pool name subnet mask Command Type Router command Command Mode Global configuration Matrix Router1 config Command Defaults None Example This example shows how to configure a local address pool called localpool on IP subnet 172 20 28 0 24 Mask can also be expressed as 255 255 255 0 name Specifies a name for the local address pool su...

Page 1028: ... of addresses excluded from the local pool no exclude ip address number Command Type Router command Command Mode IP Local Pool configuration Matrix Router1 ip local pool Command Defaults None Example This example shows how to exclude 2 IP addresses beginning with 172 20 28 254 from the localpool address pool ip address Specifies the starting IP address to be excluded from this pool number Specifie...

Page 1029: ...ent ip dhcp ping packets number Syntax Description Command Syntax of the no Form The no form of this command prevents the sever from pinging IP addresses no ip dhcp ping packets Command Type Router command Command Mode Global configuration Matrix Router1 config Command Defaults None Example This example shows how to set the number of DHCP ping attempts to 6 number Specifies the number of ping pack...

Page 1030: ... ping timeout milliseconds Syntax Description Command Syntax of the no Form The no form of this command resets the ping timeout to the default value of 500 no ip dhcp ping timeout Command Type Router command Command Mode Global configuration Matrix Router1 config Command Defaults None Example This example shows how to set the DHCP ping timeout to 900 milliseconds number Specifies the ping timeout ...

Page 1031: ... of this command deletes a DHCP address pool no ip dhcp pool name Command Type Router command Command Mode Global configuration Matrix Router1 config Command Defaults None Example This example shows how to assign the name localpool as a DHCP address pool and enable configuration mode for that address pool name Specifies a DHCP address pool name NOTE This must match the previously configured name a...

Page 1032: ...ommand Syntax of the no Form The no form of this command deletes a DHCP domain name no ip dhcp domain name domain Command Type Router command Command Mode Any DHCP configuration mode Command Defaults None Example This example shows how to assign the mycompany com domain name to the localpool address pool domain Specifies a domain name string Matrix Router1 config ip dhcp pool localpool Matrix Rout...

Page 1033: ...S server list no dns server Command Type Router command Command Mode Any DHCP configuration mode Command Defaults If address2 address8 is not specified no additional addresses will be configured Example This example shows how to assign a DNS server at 11 12 1 99 to the localpool address pool address Specifies the IP address of a DNS server address2 address8 Optional Specifies in order of preferenc...

Page 1034: ...ver list no netbios name server Command Type Router command Command Mode Any DHCP configuration mode Command Defaults If address2 address8 is not specified no additional addresses will be configured Example This example shows how to assign a NetBIOS WINS server at 13 12 1 90 to the localpool address pool address Specifies the IP address of a NetBIOS WINS server address2 address8 Optional Specifies...

Page 1035: ... command deletes the NetBIOS node type no netbios node type Command Type Router command Command Mode Any DHCP configuration mode Command Defaults None Example This example shows how to specify hybrid as the NetBIOS node type for the localpool address pool type Specifies the NetBIOS node type Valid values and their corresponding types are h node hybrid recommended b node broadcast p node peer to pe...

Page 1036: ...r list no netbios name server Command Type Router command Command Mode Any DHCP configuration mode Command Defaults If address2 address8 is not specified no additional addresses will be configured Example This example shows how to assign a default router at 14 12 1 99 to the localpool address pool address Specifies the IP address of a default router address2 address8 Optional Specifies in order of...

Page 1037: ...ription Command Syntax of the no Form The no form of this command deletes the boot image association no bootfile Command Type Router command Command Mode Any DHCP configuration mode Command Defaults None Example This example shows how to specify dhcpboot as the boot image file in the localpool address pool filename Specifies the boot image file name Matrix Router1 config ip dhcp pool localpool Mat...

Page 1038: ...to receive the TFTP server address when downloading a boot file image next server primary ip secondary ip Syntax Description Command Syntax of the no Form The no form of this command removes the secondary server no next server primary ip secondary ip Command Type Router command Command Mode Any DHCP configuration mode Command Defaults None Example This example shows how to specify 10 20 42 13 as p...

Page 1039: ...ns no option code instance number Command Type Router command Command Mode Any DHCP configuration mode Command Defaults If instance is not specified none 0 will be applied Examples This example shows how to configure DHCP option 19 which specifies whether the client should configure its IP layer for packet forwarding In this case IP forwarding is enabled with the 01 value code Specifies a DHCP opt...

Page 1040: ...Series Configuration Guide This example shows how to configure DHCP option 72 which assigns one or more Web servers for DHCP clients In this case two Web server addresses are configured Matrix Router1 config ip dhcp pool localpool Matrix Router1 config dhcp pool option 72 ip 168 24 3 252 168 24 3 253 ...

Page 1041: ...Command Mode Any DHCP configuration mode Command Defaults If hours or minutes are not specified no values will be configured Example This example shows how to set a one hour lease to the localpool address pool days Specifies the number of days an address lease will remain valid hours Optional When a days value has been assigned specifies the number of hour an address lease will remain valid minute...

Page 1042: ...dhcp pool Command Defaults If not specified DHCP server will examine its defined IP address pools for a mask or prefix length If no mask is found in the IP address pool database the Class A B or C natural mask will be used Example This example shows how to set 15 12 1 99 255 255 248 0 as the IP address and subnet mask of a client in the localpool address pool address Specifies the IP address of th...

Page 1043: ... client separately This command also enables DHCP class configuration mode client class name Syntax Description Command Syntax of the no Form The no form of this command deletes a client class name no client class name Command Type Router command Command Mode Any DHCP configuration mode Command Defaults None Example This example shows how to assign clientclass1 as a client class name in the localp...

Page 1044: ...lient identifier unique identifier Command Type Router command Command Mode Any DHCP configuration mode Command Defaults If client class is not specified none will be assigned Example This example shows how to assign client MAC address 00 01f4 0127 within clientclass1 mac address Specifies the client s MAC address client class name Optional Specifies the class to which this client will be assigned...

Page 1045: ...and Command Mode Any DHCP configuration mode Command Defaults If client class is not specified none will be assigned Example This example shows how to assign soho1 as a client name in clientclass1 name Specifies a name for a DHCP client NOTE The client name should not include the domain name client class name Optional Specifies the class to which this client will be assigned Must be configured usi...

Page 1046: ...command Command Mode Any DHCP configuration mode Command Defaults If type is not specified Ethernet will be applied Example This example shows how to specify 0001 f401 2710 as an Ethernet MAC address for the localpool address pool hardware address Specifies the MAC address of the client s hardware platform type Optional Specifies a hardware protocol or client class name Valid values and their corr...

Page 1047: ...lts If ip address is not specified information about all address bindings will be shown Example This example shows how to display the DHCP binding address parameters including an associated Ethernet MAC addresses lease expiration dates type of address assignments and whether the lease is active ip address Optional Displays bindings for a specific client IP address Matrix config dhcp pool show ip d...

Page 1048: ... bindings clear ip dhcp binding address Syntax Description Command Type Router command Command Mode Privileged EXEC Matrix Router1 Command Defaults None Example This example shows how to delete the address binding 18 12 22 99 from the DHCP server bindings database address Specifies an automatic address binding to be deleted or that all automatic bindings will be deleted Matrix Router1 clear ip dhc...

Page 1049: ...pe Router command Command Mode Any DHCP configuration mode Command Defaults None Example This example shows how to display DHCP server statistics Matrix Router1 show ip dhcp server statistics Memory usage 614874 Address pools 3 Database agents 0 Automatic bindings 1 Manual bindings 1 Expired bindings 1 Malformed messages 0 Message Received BOOTREQUEST 0 DHCPDISCOVER 0 DHCPREQUEST 646 DHCPDECLINE 0...

Page 1050: ... agents Agents configured in the DHCP database Automatic bindings IP addresses that have been automatically mapped to the Ethernet MAC addresses of hosts found in the DHCP database Manual bindings IP addresses that have been manually mapped to the Ethernet MAC addresses of hosts found in the DHCP database Expired bindings Number of expired leases Malformed messages Number of truncated or corrupted...

Page 1051: ...ar ip dhcp server statistics Use this command to reset all DHCP server counters clear ip dhcp server statistics Syntax Description None Command Type Router command Command Mode Privileged EXEC Matrix Router1 Command Defaults None Example This example shows how to reset all DHCP server counters Matrix Router1 clear ip dhcp server statistics ...

Page 1052: ...IP Configuration Command Set Configuring Dynamic Host Configuration Protocol DHCP 12 140 Matrix NSA Series Configuration Guide ...

Page 1053: ... Section 13 2 3 4 Configuring DVMRP Section 13 2 4 5 Configuring IRDP Section 13 2 5 6 Configuring VRRP Section 13 2 6 ROUTER The commands covered in this chapter can be executed only when the device is in router mode For details on how to enable router configuration modes refer to Section 2 3 3 NOTE The command prompts used in examples throughout this guide show a system where module or standalon...

Page 1054: ...onfiguring RIP Purpose To enable and configure the Routing Information Protocol RIP RIP Configuration Task List and Commands Table 13 1 lists the tasks and commands associated with RIP configuration Commands are described in the associated section as shown NOTE Enabling RIP with the router rip and network commands is required if you want to run RIP on the device All other tasks are optional Table ...

Page 1055: ...p rip authentication mode Section 13 2 2 15 Disable automatic route summarization necessary for enabling CIDR no auto summary Section 13 2 2 16 Disable triggered updates ip rip disable triggered updates Section 13 2 2 17 Disable or re enable split horizon poison reverse ip split horizon poison Section 13 2 2 18 Control the processing of routing updates passive interface Section 13 2 2 19 receive i...

Page 1056: ...disables RIP no router rip Command Type Router command Command Mode Global configuration Matrix Router1 config Command Defaults None Example This example shows how to enable RIP NOTE You must execute the router rip command to enable the protocol before completing many RIP specific configuration tasks For details on enabling configuration modes refer to Table 2 9 in Section 2 3 3 Matrix Router1 con...

Page 1057: ... of the no Form The no form of this command removes the network from the RIP routing process no network ip address Command Type Router command Command Mode Router configuration Matrix Router1 config router Command Defaults None Example This example shows how to attach network 192 168 1 0 to the RIP routing process ip address Specifies the IP address of a directly connected network that RIP will ad...

Page 1058: ...ormation neighbor ip address Syntax Description Command Syntax of the no Form The no form of this command disables point to point routing exchanges no neighbor ip address Command Type Router command Command Mode Router configuration Matrix Router1 config router Command Defaults None Example This example shows how to instruct the system to exchange routing information with neighbor 192 5 10 1 ip ad...

Page 1059: ...nistrative distance is set to 120 The distance command can be used to change this value resetting RIP s route preference in relation to other routes as shown in the table below distance weight Syntax Description Command Syntax of the no Form The no form of this command resets RIP administrative distance to the default value of 120 no distance weight Command Type Router command Command Mode Router ...

Page 1060: ...mand Set Configuring RIP 13 8 Matrix NSA Series Configuration Guide Example This example shows how to change the default administrative distance for RIP to 1001 Matrix Router1 config router rip Matrix Router1 config router distance 100 ...

Page 1061: ...form of this command removes an offset no ip rip offset in out Command Type Router command Command Mode Interface configuration Matrix Router1 config if Vlan 1 Command Defaults None Example The following example shows how to add an offset of 1 to incoming RIP metrics on VLAN 1 in Applies the offset to incoming metrics out Applies the offset to outgoing metrics value Specifies a positive offset to ...

Page 1062: ...ommand Defaults None Example This example shows how to set RIP timers to a 5 second update time a 10 second invalid interval a 20 second holdown time and a 60 second flush time basic Specifies a basic configuration for RIP routing timers update seconds Specifies the rate seconds between updates at which routing updates are sent Valid values are 0 to 4294967295 invalid seconds Specifies the interva...

Page 1063: ...e RIP module no ip rip send version Command Type Router command Command Mode Interface configuration Matrix Router1 config if Vlan 1 Command Defaults None Example This example shows how to set the RIP send version to 2 for packets transmitted on VLAN 1 1 Specifies RIP version 1 2 Specifies RIP version 2 r1compatible Specifies that packets be sent as version 2 packets but transmits these as broadca...

Page 1064: ... the RIP module update packets that are accepted on the interface no ip rip receive version Command Type Router command Command Mode Interface configuration Matrix Router1 config if Vlan 1 Command Defaults None Example This example shows how to set the RIP receive version to 2 for update packets received on VLAN 1 1 Specifies RIP version 1 2 Specifies RIP version 2 1 2 Specifies RIP versions 1 and...

Page 1065: ...s described in Section 13 2 2 9 2 Add a key to the chain as described in Section 13 2 2 10 3 Specify an authentication string for the key as described in Section 13 2 2 11 4 Set the time periods the authentication string can be received and sent as valid as described in Section 13 2 2 12 and Section 13 2 2 13 5 Enable a key chain for use on an interface as described in Section 13 2 2 14 6 Specify ...

Page 1066: ...name Syntax Description Command Syntax of the no Form The no form of this command deletes the specified key chain no key chain name Command Type Router command Command Mode Global configuration Matrix Router1 config Command Defaults None Example This example shows how to create a RIP authentication key chain called md5key name Specifies a name for the key chain Matrix Router1 config key chain md5k...

Page 1067: ...Type Router command Command Mode Key chain configuration Matrix Router1 config keychain Command Defaults None Example This example shows how to create authentication key 3 within the key chain called md5key NOTE This release of the Matrix Series firmware supports only one key per key chain key id Specifies an authentication number for a key Valid number are from 0 to 4294967295 Only one key is sup...

Page 1068: ...ng no key string text Command Type Router command Command Mode Key chain key configuration Matrix Router1 config keychain key Command Defaults None Example This example shows how to create an authentication string called password for key 3 in the md5key key chain text Specifies the authentication string that must be sent and received in RIP packets The string can contain from 1 to 16 uppercase and...

Page 1069: ...n to be valid to be received Valid input is hours minutes seconds hh mm ss month Specifies the month the authentication key will begin to be valid to be received Valid input is the first three letters of the month date Specifies the day of the month the authentication key will begin to be valid to be received Valid values depending on the length of the month are 1 31 year Specifies the year the au...

Page 1070: ...s This example shows how to allow the password authentication key to be received as valid on its RIP configured interface beginning at 2 30 on November 30 2002 with no ending time infinitely Matrix Router1 config router key chain md5key Matrix Router1 config keychain key 3 Matrix Router1 config keychain key key string password Matrix Router1 config keychain key accept lifetime 02 30 00 nov 30 2002...

Page 1071: ...y start time Specifies the time of day the authentication key will begin to be valid to be sent Valid input is hours minutes seconds hh mm ss month Specifies the month the authentication key will begin to be valid to be sent Valid input is the first three letters of the month date Specifies the day of the month the authentication key will begin to be valid to be sent Valid values depending on the ...

Page 1072: ...he password authentication key to be sent as valid on its RIP configured interface beginning at 2 30 on November 30 2002 with no ending time infinitely Matrix Router1 config router key chain md5key Matrix Router1 config keychain key 3 Matrix Router1 config keychain key key string password Matrix Router1 config keychain key send lifetime 02 30 00 nov 30 2002 infinite ...

Page 1073: ...tion no ip rip authentication keychain name Command Type Router command Command Mode Interface configuration Matrix Router1 config if Vlan 1 Command Defaults None Examples This example shows how to set the RIP authentication key chain to password on VLAN 1 NOTE A RIP authentication keychain must be enabled with this command before the RIP authentication mode Section 13 2 2 15 can be configured nam...

Page 1074: ...thentication no ip rip authentication mode Command Type Router command Command Mode Interface configuration Matrix Router1 config if Vlan 1 Command Defaults None Example This example shows how to set the authentication mode for VLAN 1 as text NOTE The RIP authentication keychain must be enabled as described in Section 13 2 2 14 before RIP authentication mode can be configured text Initiates text o...

Page 1075: ...nformation on the Matrix Series device To verify which routes are summarized for an interface use the show ip protocols command as described in Section 12 2 6 1 no auto summary Syntax Description None Syntax to Reverse Command This form of the command re enables automatic route summarization auto summary Command Type Router command Command Mode Router configuration Matrix Router1 config router Com...

Page 1076: ...gered updates By default triggered updates are enabled on a RIP interface ip rip disable triggered updates Syntax Description None Command Syntax of the no Form The no form of this command allows RIP to respond to a request for a triggered update no ip rip disable triggered updates Command Type Router command Command Mode Interface configuration Matrix Router1 config if Vlan 1 Command Defaults Non...

Page 1077: ...unreachable rather than implying it by not including the network in routing updates ip split horizon poison Syntax Description None Command Syntax of the no Form The no form of this command disables split horizon poison reverse no ip split horizon poison Command Type Router command Command Mode Interface configuration Matrix Router1 config if Vlan 1 Command Defaults None Example This example shows...

Page 1078: ...terface vlan vlan id Command Type Router command Command Mode Router configuration Matrix Router1 config router Command Defaults None Example This example shows how to set VLAN 2 as a passive interface No RIP updates will be transmitted on VLAN 2 NOTE This command does not prevent RIP from monitoring updates on the interface vlan vlan id Specifies the number of the VLAN to make a passive interface...

Page 1079: ...x of the no Form The no use of this command denies the reception of RIP updates no receive interface vlan vlan id Command Type Router command Command Mode Router configuration Matrix Router1 config router Command Defaults None Example This example shows how to deny the reception of RIP updates on VLAN 2 vlan vlan id Specifies the number of the VLAN to make a receive interface This VLAN must be con...

Page 1080: ... Router1 config router Command Defaults None Example This example shows how to suppress the network 192 5 34 0 from being advertised in outgoing routing updates access list number Specifies the number of the IP access list This list defines which networks are to be advertised and which are to be suppressed in routing updates For details on how to configure access lists refer to Section 14 3 12 in ...

Page 1081: ...bnetted routes will be redistributed connected Specifies that non RIP routing information discovered via directly connected interfaces will be redistributed ospf Specifies that OSPF routing information will be redistributed in RIP process id Specifies the process ID an internally used identification number for each instance of the OSPF routing process run on a router Valid values are 1 to 65535 st...

Page 1082: ...atrix NSA Series Configuration Guide Example This example shows how to redistribute routing information discovered through OSPF process ID 1 non subnetted routes into RIP update messages Matrix Router1 config router rip Matrix Router1 config router redistribute ospf 1 ...

Page 1083: ...ur license as described back in Section 2 2 4 in order to enable the OSPF command set If you wish to purchase an advanced routing license contact Enterasys Networks Sales NOTE Activating your advanced routing license and enabling OSPF with the router ospf and network commands are required if you want to run OSPF on the device All other tasks are optional Table 13 2 OSPF Configuration Task List and...

Page 1084: ...figure OSPF Areas Configure an administrative distance distance ospf Section 13 2 3 13 Define the range of addresses to be used by Area Boundary Routers ABRs area range Section 13 2 3 14 Enable area authentication area authentication Section 13 2 3 15 Define an area as a stub area area stub Section 13 2 3 16 Set the cost value for the default route that is sent into a stub area area default cost S...

Page 1085: ... ip ospf database Section 13 2 3 24 show ip ospf border routers Section 13 2 3 25 show ip ospf interface Section 13 2 3 26 show ip ospf neighbor Section 13 2 3 27 show ip ospf virtual links Section 13 2 3 28 clear ip ospf process Section 13 2 3 29 debug ip ospf Section 13 2 3 30 Enable RFC1583 compatibility rfc1583compatible Section 13 2 3 31 Table 13 2 OSPF Configuration Task List and Commands Co...

Page 1086: ...ults None Example This example shows how to enable routing for OSPF process 1 NOTES You must execute the router ospf command to enable the protocol before completing many OSPF specific configuration tasks For details on enabling configuration modes refer to Table 2 9 in Section 2 3 3 Only one OSPF process process id is allowed per Matrix Series routing module or standalone device process id Specif...

Page 1087: ...d Mode Router configuration Matrix Router1 config router Command Defaults None Example This example shows how to configure IP address 182 127 62 1 0 0 0 31 as OSPF area 0 ip address Specifies the IP address of an interface or a group of interfaces within the network address range wildcard mask Specifies the IP address type mask that includes don t care bits area area id Specifies the area id to be...

Page 1088: ...es configured for IP routing router id ip address Syntax Description Command Syntax of the no Form The no form of this command resets the router ID to the first interface configured for IP routing no router id Command Type Router command Command Mode Router configuration Matrix Router1 config router Command Defaults None Example This example shows how to set the OSPF router ID to IP address 182 12...

Page 1089: ...ault of 10 ip ospf cost cost Syntax Description Command Syntax of the no Form The no form of this command resets the OSPF cost to the default of 10 no ip ospf cost Command Type Router command Command Mode Interface configuration Matrix Router1 config if Vlan 1 Command Defaults None Example This example shows how to set the OSPF cost to 20 for VLAN 1 cost Specifies the cost of sending a packet Vali...

Page 1090: ...ted router ip ospf priority number Syntax Description Command Syntax of the no Form The no form of this command resets the value to the default of 1 no ip ospf priority Command Type Router command Command Mode Interface configuration Matrix Router1 config if Vlan 1 Command Defaults None Example This example shows how to set the OSPF priority to 20 for VLAN 1 number Specifies the router s OSPF prio...

Page 1091: ...ter command Command Mode Router configuration Matrix Router1 config router Command Defaults None Example This example shows how to set spf delay time to 7 seconds and hold time to 3 spf delay Specifies the delay in seconds between the receipt of an update and the SPF execution Valid values are 0 to 4294967295 spf hold Specifies the minimum amount of time in seconds between two consecutive OSPF cal...

Page 1092: ...tion Command Syntax of the no Form The no form of this command resets the retransmit interval value to the default 5 seconds no ip ospf retransmit interval Command Type Router command Command Mode Interface configuration Matrix Router1 config if Vlan 1 Command Defaults None Example This example shows how to set the OSPF retransmit interval for VLAN 1 to 20 seconds Specifies the retransmit time in ...

Page 1093: ... no form of this command resets the retransmit interval value to the default 1 second no ip ospf transmit delay Command Type Router command Command Mode Interface configuration Matrix Router1 config if Vlan 1 Command Defaults None Example This example shows how to set the time required to transmit a link state update packet on VLAN 1 at 20 seconds seconds Specifies the transmit delay in seconds Va...

Page 1094: ...s the hello interval value to the default 10 seconds for broadcast and point to point networks 30 seconds for non broadcast and point to multipoint networks no ip ospf hello interval Command Type Router command Command Mode Interface configuration Matrix Router1 config if Vlan 1 Command Defaults None Example This example shows how to set the hello interval to 5 for VLAN 1 seconds Specifies the hel...

Page 1095: ...e dead interval value to the default 40 seconds no ip ospf dead interval Command Type Router command Command Mode Interface configuration Matrix Router1 config if Vlan 1 Command Defaults None Example This example shows how to set the dead interval to 20 for VLAN 1 seconds Specifies the number of seconds that a router must wait to receive a hello packet Dead interval must be the same on neighboring...

Page 1096: ...hentication key Command Type Router command Command Mode Interface configuration Matrix Router1 config if Vlan 1 Command Defaults If password is not specified the password will be set to a blank string Example This example shows how to enables an OSPF authentication key on VLAN 1 with the password yourpass NOTES The password key set with this command will only be used when authentication is enable...

Page 1097: ...ip ospf message digest key keyid Command Type Router command Command Mode Interface configuration Matrix Router1 config if Vlan 1 Command Defaults None Example This example shows how to enable OSPF MD5 authentication on VLAN 1 set the key identifier to 20 and set the password to passone keyid Specifies the key identifier on the interface where MD5 authentication is enabled Valid values are integer...

Page 1098: ... shown in the table below distance ospf external inter area intra area weight Syntax Description Command Syntax of the no Form The no form of this command resets OSPF administrative distance to the default value of 110 no distance ospf external inter area intra area Command Type Router command Command Mode Router configuration Matrix Router1 config router Route Source Default Distance Connected 0 ...

Page 1099: ...7 Command Defaults If route type is not specified the distance value will be applied to all OSPF routes Example This example shows how to change the default administrative distance for external OSPF routes to 100 Matrix Router1 config router ospf 1 Matrix Router1 config router distance ospf external 100 ...

Page 1100: ...no Form The no form of this command stops the routes from being summarized no area area id range ip address ip mask Command Type Router command Command Mode Router configuration Matrix Router1 config router Command Defaults None Example This example shows how to define the address range as 172 16 0 0 16 for summarized routes communicated at the boundary of area 0 0 0 0 area id Specifies the area a...

Page 1101: ...ation Matrix Router1 config router Command Defaults None Example This example shows how to enable MD5 authentication on OSPF area 10 0 0 0 area id Specifies the OSPF area in which to enable authentication Valid values are decimal values or IP addresses simple Enables simple text authentication Simple password authentication allows a password key to be configured per area Routers in the same area t...

Page 1102: ...ommand Mode Router configuration Matrix Router1 config router Command Defaults If no summary is not specified the stub area will be able to receive LSAs Example The following example shows how to define OSPF area 10 as a stub area area id Specifies the stub area Valid values are decimal values or ip addresses no summary Optional Prevents an Area Border Router ABR from sending Link State Advertisem...

Page 1103: ...his command removes the cost value from the summary route that is sent into the stub area no area area id default cost Command Type Router command Command Mode Router configuration Matrix Router1 config router Command Defaults None Example This example shows how to set the cost value for stub area 10 to 99 area id Specifies the stub area Valid values are decimal values or IP addresses cost Specifi...

Page 1104: ...a area id nssa default information originate Syntax Description Command Syntax of the no Form The no form of this command changes the NSSA back to a plain area no area area id nssa default information originate Command Type Router command Command Mode Router configuration Matrix Router1 config router Command Defaults If default information originate is not specified no default type will be generat...

Page 1105: ...es or IP addresses A transit area is an area through which a virtual link is established ip address Specifies the IP address of the ABR A virtual link is established from the ABR where virtual link configuration is taking place authentication key key Specifies a password to be used by neighbor routers Valid values are alphanumeric strings of up to 8 bytes Neighbor routers on a network must have th...

Page 1106: ...nd Command Mode Router configuration Matrix Router1 config router Command Defaults None Example This example shows how to configure a virtual link between OSPF area 0 0 0 2 and ABR network 134 141 7 2 retransmit interval seconds Specifies the number of seconds between successive retransmissions of the same LSAs Valid values are greater than the expected amount of time required for the update packe...

Page 1107: ... from being formed on an interface passive interface vlan vlan id Syntax Description Command Syntax of the no Form The no form of this command disables passive OSPF mode no passive ospf vlan vlan id Command Type Router command Command Mode Router configuration Matrix Router config router Command Defaults None Example This example shows how to enable passive OSPF mode on VLAN 102 vlan vlan id Speci...

Page 1108: ...connected RIP or static redistribution route This value should be consistent with the designation protocol metric type type value Optional Specifies the external link type associated with the default connected RIP or static route advertised into the OSPF routing domain Valid values are 1 for type 1 external route and 2 for type 2 external route subnets Optional Specifies that connected RIP or stat...

Page 1109: ...efaults If metric value is not specified 0 will be applied If type value is not specified type 2 external route will be applied If subnets is not specified only non subnetted routes will be redistributed If route map is not specified none will be applied If tag is not specified none will be applied Example This example shows how to distribute external type 2 RIP routing information from non subnet...

Page 1110: ...stored database overflow external exit overflow interval interval limit limit warning level level Syntax Description Command Syntax of the no Form The no form of this command removes the database overflow limits no database overflow external exit overflow interval interval limit limit warning level level Command Type Router command Command Mode Router configuration Matrix Router config router exte...

Page 1111: ...database exit overflow interval to 240 seconds the overflow limit to 3800 LSAs and the warning level to 2500 LSAs Matrix Router1 config router ospf 1 Matrix Router1 config router database overflow external exit overflow interval 240 Matrix Router1 config router database overflow external limit 3800 Matrix Router1 config router database overflow external warning level 2500 ...

Page 1112: ...Configuring OSPF 13 60 Matrix NSA Series Configuration Guide 13 2 3 23 show ip ospf Use this command to display OSPF information show ip ospf Syntax Description None Command Type Router command Command Mode Any router mode Command Defaults None ...

Page 1113: ...faces in this area is 0 Area has no authentication SPF algorithm executed 65 times Area ranges are Link State Update Interval is 00 30 00 and due in 00 03 12 Link State Age Interval is 00 00 00 and due in 00 00 00 Area 0 0 0 3 Number of interfaces in this area is 1 Area has no authentication SPF algorithm executed 59 times Area ranges are Link State Update Interval is 00 30 00 and due in 00 02 28 ...

Page 1114: ...l Specifies the link state identifier Valid values are IP addresses router Displays router Type 1 link state records in their detailed format Router records are originated by all routers network Displays network Type 2 link state records in their detailed format Network records are originated by designated routers summary Displays summary Type 3 link state records in their original format Summary ...

Page 1115: ...e command output database summary Displays a numerical summary of the contents of the link state database Matrix Router1 show ip ospf database OSPF Router with ID 182 127 64 1 Displaying Net Link States Area 0 0 0 0 LinkID ADV Router Age Seq Checksum 182 127 63 1 182 127 62 1 956 0x80000001 0xb6ca Displaying Router Link States Area 0 0 0 0 LinkID ADV Router Age Seq Checksum LinkCount 182 127 64 1 ...

Page 1116: ...twork Router Link States Shows the ID of the router originating the record Summary Link States Shows the summary network prefix ADV Router Router ID of the router originating the link state record Age Age in seconds of the link state record Seq OSPF sequence number assigned to each link state record Checksum Field in the link state record used to verify the contents upon receipt by another router ...

Page 1117: ...shows that an intra area route has been established to destination border router 192 168 22 1 via neighboring router 192 168 11 1 on the VLAN 2 interface in area 0 The OSPF cost of this route is 64 and it carries an SPF calculation of 10 The destination router is an ABR Matrix Router1 show ip ospf border routers OSPF internal Codes i Intra area route I Inter area route i 192 168 22 1 64 via 192 16...

Page 1118: ...F related information for VLAN 1 Table 13 4 provides an explanation of the command output vlan vlan id Optional Displays OSPF information for a specific VLAN This VLAN must be configured for IP routing as described in Section 2 3 1 Matrix Router1 show ip ospf interface vlan 1 Vlan 1 is UP Internet Address 182 127 63 2 Mask 255 255 255 0 Area 0 0 0 0 Router ID 182 127 64 1 Network Type BROADCAST Co...

Page 1119: ...priority value which is either default or assigned with the ip ospf priority command For details refer to Section 13 2 3 5 Designated Router id The router ID of the designated router on this subnet if one exists Interface addr IP address of the designated router on this interface BackupDesignated Router id IP address of the backup designated router on this interface if one exists Timer intervals c...

Page 1120: ...8 Matrix NSA Series Configuration Guide Adjacent neighbor count Number of adjacent FULL state neighbors over this interface Adjacent with neighbor IP address of the adjacent neighbor Table 13 4 show ip ospf interface Output Details Continued Output What It Displays ...

Page 1121: ...n id is not specified OSPF neighbors will be displayed for all VLANs configured for routing Example This example shows how to use the show ospf neighbor command detail Optional Displays detailed information about the neighbors including the area in which they are neighbors who the designated router backup designated router is on the subnet if applicable and the decimal equivalent of the E bit valu...

Page 1122: ...f neighbor Output Details Output What It Displays ID Neighbor s router ID of the OSPF neighbor Pri Neighbor s priority over this interface State Neighbor s OSPF communication state Dead Int Interval in seconds this router will wait without receiving a Hello packet from a neighbor before declaring the neighbor is down Address Neighbor s IP address Interface Neighbor s interface VLAN ...

Page 1123: ...links information Table 13 6 provides an explanation of the command output Matrix Router1 show ip ospf virtual links Virtual Link to router 5 5 5 1 is UP Transit area 0 0 0 2 via interface Vlan 7 Cost of using 10 Transmit Delay is 1 sec s State POINT TO POINT Timer intervals configured Hello 10 Dead 40 Wait 40 Retransmit 5 Adjacency State FULL Table 13 6 show ip ospf virtual links Output Details O...

Page 1124: ...ed through the virtual link State Interface state assigned to a virtual link which is point to point Timer intervals configured Timer intervals configured for the virtual link including Hello Dead Wait and Retransmit intervals Adjacency State State of adjacency between this router and the virtual link neighbor of this router Table 13 6 show ip ospf virtual links Output Details Continued Output Wha...

Page 1125: ...d routes to be reconverged clear ip ospf process process id Syntax Description Command Type Router command Command Mode Privileged EXEC Matrix Router1 Command Defaults None Example This example shows how to reset OSPF process 1 process id Specifies the process ID an internally used identification number for each instance of the OSPF routing process run on a router Valid values are 1 to 65535 Matri...

Page 1126: ... Type Router command Command Mode Privileged EXEC Matrix Router1 Command Defaults None Example This example shows how to enable OSPF protocol debugging output to display information about Link State Advertisement generation subsystem Specifies the OSPF subsystem for which protocol debugging will be enabled Valid entries and their associated outputs are adj OSPF adjacency events flood OSPF flooding...

Page 1127: ...3compatible Syntax Description None Command Syntax of the no Form The no form of this command removes OSPF RFC 1583 compatible no rfc1583compatible Command Type Router command Command Mode Router configuration Matrix Router1 config router Command Defaults None Example This example shows how to configure RFC 1583 compatibility Matrix Router1 config router ospf 1 Matrix Router1 config router rfc1583...

Page 1128: ...m a particular multicast group the router can send a prune message back up the distribution tree to stop subsequent packets from traveling where there are no members DVMRP will periodically reflood in order to reach any new hosts that want to receive from a particular group Commands The commands used to enable and configure DVMRP are listed below and described in the associated section as shown ip...

Page 1129: ...mmand Command Mode Interface configuration Matrix Router1 config if Vlan 1 Command Defaults None Example This example shows how to enable DVMRP on VLAN 1 NOTE IGMP must be enabled on all VLANs running DVMRP To do this use the set igmp enable command as described in Section 10 4 1 2 It is also recommended that IGMP querying be enabled on all VLANs running DVMRP To do this use the set igmp query ena...

Page 1130: ...uter command Command Mode Interface configuration Matrix Router1 config if Vlan 1 Command Defaults None Example This example shows how to set a DVMRP of 16 on VLAN 1 metric Specifies a metric associated with a set of destinations for DVMRP reports Valid values are from 0 to 31 Entering a 0 value will reset the metric back to the default value of 1 NOTE To reset the DVMRP metric back to the default...

Page 1131: ...mmand Defaults None Example This example shows how to display DVMRP routing table entries In this case the routing table has 5 entries The first entry shows that the source network 60 1 1 0 24 can be reached via next hop router 40 1 1 3 This route has a metric of 2 It has been in the DVMRP routing table for 1 hour 24 minutes and 2 seconds and will expire in 2 minutes and 3 seconds It supports flag...

Page 1132: ...or supports SNMP M Neighbor supports mtrace DVMRP Routing Table 5 entries 60 1 1 0 24 2 uptime 1 24 2 expires 0 2 3 via neighbor 40 1 1 3 version 3 255 flags VPGN gen id 0x336ff052 50 50 50 0 24 2 uptime 1 24 18 expires 0 1 25 via neighbor 30 1 1 1 version 3 255 flags VPGN gen id 0xaa4ee1fa 40 40 40 0 24 2 uptime 1 24 2 expires 0 2 3 via neighbor 40 1 1 3 version 3 255 flags VPGN gen id 0x336ff052...

Page 1133: ...the address of a router it can use as a default gateway Commands The commands used to enable and configure IRDP are listed below and described in the associated section as shown ip irdp Section 13 2 5 1 ip irdp maxadvertinterval Section 13 2 5 2 ip irdp minadvertinterval Section 13 2 5 3 ip irdp holdtime Section 13 2 5 4 ip irdp preference Section 13 2 5 5 ip irdp address Section 13 2 5 6 no ip ir...

Page 1134: ...p irdp Syntax Description None Command Syntax of the no Form The no form of this command disables IRDP on an interface no ip irdp Command Type Router command Command Mode Interface configuration Matrix Router1 config if Vlan 1 Command Defaults None Example This example shows how to enable IRDP on VLAN 1 Matrix Router1 config interface vlan 1 Matrix Router1 config if Vlan 1 ip irdp ...

Page 1135: ... command resets the maximum advertisement interval to the default value of 600 seconds no irdp maxadvertinterval Command Type Router command Command Mode Interface configuration Matrix Router1 config if Vlan 1 Command Defaults None Example This example shows how to set the maximum IRDP advertisement interval to 1000 seconds on VLAN 1 interval Specifies a maximum advertisement interval in seconds V...

Page 1136: ...e setting and resets the minimum advertisement interval to the default value of three fourths of the maxadvertinterval value no irdp minadvertinterval Command Type Router command Command Mode Interface configuration Matrix Router1 config if Vlan 1 Command Defaults None Example This example shows how to set the minimum IRDP advertisement interval to 500 seconds on VLAN 1 interval Specifies a minimu...

Page 1137: ...p holdtime Command Type Router command Command Mode Interface configuration Matrix Router1 config if Vlan 1 Command Defaults None Example This example shows how to set the IRDP hold time to 4000 seconds on VLAN 1 NOTE Hold time is automatically set at three times the maxadvertinterval value when the maximum advertisement interval is set as described in Section 13 2 5 2 and the minimum advertisemen...

Page 1138: ...e value to the default of 0 no irdp preference Command Type Router command Command Mode Interface configuration Matrix Router1 config if Vlan 1 Command Defaults None Example This example shows how to set the IRDP preference value to 80000000 seconds on VLAN 1 preference Specifies the value to indicate the interface s use as a default router address Valid values are 2147483648 to 2147483647 The val...

Page 1139: ...ommand Mode Interface configuration Matrix Router1 config if Vlan 1 Command Defaults None Example This example shows how to advertise IP address 183 255 0 162 with a preference of 1 on VLAN 1 ip address Specifies an IP address to advertise preference Specifies the value to indicate the address use as a default router address Valid values are 2147483648 to 2147483647 The value of 80000000 indicates...

Page 1140: ...icast transmissions By default the router sends IRDP advertisements via multicast no ip irdp multicast Syntax Description None Command Type Router command Command Mode Interface configuration Matrix Router1 config if Vlan 1 Command Defaults None Example This example shows how to enable the router to send IRDP advertisements using broadcast Matrix Router1 config interface vlan 1 Matrix Router1 conf...

Page 1141: ...guration Matrix Router1 config if Vlan 1 Command Defaults If vlan vlan id is not specified IRDP information for all interfaces will be displayed Example This example shows how to display IRDP information for VLAN 1 vlan vlan id Optional Displays IRDP information for a specific VLAN This VLAN must be configured for IP routing as described in Section 2 3 1 Matrix Router1 config interface vlan 1 Matr...

Page 1142: ...ters decide who will become master and who will become backup in the event the master fails Commands The commands used to enable and configure VRRP are listed below and described in the associated section as shown router vrrp Section 13 2 6 1 create Section 13 2 6 2 address Section 13 2 6 3 priority Section 13 2 6 4 master icmp reply Section 13 2 6 5 advertise interval Section 13 2 6 6 critical ip...

Page 1143: ...rom the running configuration no router vrrp Command Type Router command Command Mode Global configuration Matrix Router1 config Command Defaults None Example This example shows how enable VRRP configuration mode NOTE You must execute the router vrrp command to enable the protocol before completing other VRRP specific configuration tasks For details on enabling configuration modes refer to Table 2...

Page 1144: ... Router command Command Mode Router configuration Matrix Router1 config router Command Defaults None Example This example shows how to create a VRRP session on VLAN 1 with a VRID of 1 NOTE This command must be executed to create an instance of VRRP on a routing interface VLAN before any other VRRP settings can be configured vlan vlan id Specifies the number of the VLAN on which to create a VRRP se...

Page 1145: ...ress can be either an address configured on the routing interface or an address that falls within the range of any networks configured on the routing interface All of the virtual router IP addresses associated with a single VRID must be designated as owner or non owner a mix of owner and non owner addresses on a single VRID is not allowed address vlan vlan id vrid ip address owner Syntax Descripti...

Page 1146: ...ce VLAN 1 VRID 1 All 5 addresses fall within the range of networks configured on the VLAN 1 routing interface because VLAN 1 has a primary IP address of 182 127 62 1 24 and secondary IP addresses of 10 1 1 1 24 and 10 2 2 1 24 All virtual addresses are non owners Matrix Router1 config router vrrp Matrix Router1 config router address vlan 1 1 182 127 62 1 1 Matrix Router1 config router vrrp Matrix ...

Page 1147: ...1 VRID 1 vlan vlan id Specifies the number of the VLAN on which to configure VRRP priority This VLAN must be configured for IP routing as described in Section 2 3 2 vrid Specifies a unique Virtual Router ID VRID associated with the routing interface Valid values are from 1 to 255 priority value Specifies the VRRP priority value to associate with the vrid Valid values are from 1 to 254 with the hig...

Page 1148: ...management stations that use ping to poll devices will be able to see that the virtual router is available when the backup router assumes the role of master master icmp reply vlan vlan id vrid Syntax Description Command Syntax of the no Form The no form of this command disables master ICMP replies no master icmp reply vlan vlan id vrid Command Type Router command Command Mode Router configuration ...

Page 1149: ...val Syntax Description Command Syntax of the no Form The no form of this command clears the VRRP advertise interval value no advertise interval vlan vlan id vrid interval Command Type Router command Command Mode Router configuration Matrix Router1 config router Command Defaults None NOTE All routers with the same VRID should be configured with the same advertisement interval vlan vlan id Specifies...

Page 1150: ...t Configuring VRRP 13 98 Matrix NSA Series Configuration Guide Example This example shows how set an advertise interval of 3 seconds on VLAN 1 VRID 1 Matrix Router1 config router vrrp Matrix Router1 config router advertise interval vlan 1 1 3 ...

Page 1151: ...ip vlan vlan id vrid ip address critical priority Syntax Description Command Syntax of the no Form The no form of this command clears the critical IP address no critical ip vlan vlan id vrid ip address Command Type Router command Command Mode Router configuration Matrix Router1 config router Command Defaults If not specified critical priority will be set to 10 vlan vlan id Specifies the number of ...

Page 1152: ...P 13 100 Matrix NSA Series Configuration Guide Example This example shows how to set IP address 182 127 62 3 as a critical IP address associated with VLAN 1 VRID 1 Matrix Router1 config router vrrp Matrix Router1 config router critical ip vlan 1 1 182 127 62 3 ...

Page 1153: ...id vrid Command Type Router command Command Mode Router configuration Matrix Router1 config router Command Defaults None Example This example shows how to disable preempt mode on VLAN 1 VRID 1 NOTE The router that owns the virtual router IP address always preempts other routers regardless of this setting vlan vlan id Specifies the number of the VLAN on which to set preempt mode This VLAN must be c...

Page 1154: ...tax of the no Form The no form of this command clears the preempt delay timer no preempt delay vlan id vrid Command Type Router command Command Mode Router configuration Matrix Router1 config router Command Defaults None NOTE The router that owns the virtual router IP address always preempts other routers regardless of this setting vlan vlan id Specifies the number of the VLAN on which to set a pr...

Page 1155: ...Set Configuring VRRP Matrix NSA Series Configuration Guide 13 103 Example This example shows how to set the preempt delay to 60 seconds on VLAN 1 VRID 1 Matrix Router1 config router vrrp Matrix Router1 config router preempt delay vlan 1 1 60 ...

Page 1156: ...ter Command Defaults None Example This example shows how to enable VRRP on VLAN 1 VRID 1 NOTE Before enabling VRRP you must set the other options described in this section Once enabled you cannot make any configuration changes to VRRP without first disabling it using the no enable vlan command vlan vlan id Specifies the number of the VLAN on which to enable VRRP This VLAN must be configured for IP...

Page 1157: ...rm The no form of this command clears VRRP authentication no ip vrrp authentication key Command Type Router command Command Mode Interface configuration Matrix Router1 config if Vlan 1 Command Defaults None Example This example shows how to set the VRRP authentication password to vrrpkey on VLAN 1 password Specifies an authentication password Text string can be 1 to 8 characters in length Matrix R...

Page 1158: ...efaults None Example This example shows how to set the VRRP MD5 authentication password to qwer on VLAN 1 VRID 1 vrid Specifies the Virtual Router ID VRID Valid values are from 1 to 255 md5 Specifies the authentication type as MD5 password Specifies an MD5 authentication password Text string can be 1 to 16 characters in length hmac 96 Optional If VRRP is running between Matrix N or Matrix E1 route...

Page 1159: ...play VRRP routing information show ip vrrp Syntax Description None Command Type Router command Command Mode Any router mode Command Defaults None Example This example shows how to display VRRP information Matrix Router1 config show ip vrrp VRRP CONFIGURATION Vlan Vrid State Owner AssocIpAddr Priority VirtMacAddr 2 1 Init 0 25 25 2 1 100 0000 05e0 0011 ...

Page 1160: ...Routing Protocol Configuration Command Set Configuring VRRP 13 108 Matrix NSA Series Configuration Guide ...

Page 1161: ...t for RADUIS RFC 3580 and TACACS can be found in the following sections Section 14 3 2 Section 14 3 3 and Section 14 3 4 SNMP user or community names used for authentication and authorization of all SNMP requests For details refer to Chapter 5 802 1X Network Access Control used for controlling access to network resources on a per port per user or per end station basis For more details refer to Sec...

Page 1162: ...er to Section 14 3 11 IP Access Lists ACLs permits or denies access to routing interfaces based on protocol and inbound and or outbound IP address restrictions configured in access lists For details refer to Section 14 3 12 Policy Based Routing permits or denies access to routing interfaces based on access lists in a route map applied to the interface For details refer to Section 14 3 13 Denial of...

Page 1163: ...a Filter ID matching a policy profile name configured on the switch the switch then dynamically applies the policy profile to the physical port the user device is authenticating on Filter ID Attribute Formats Enterasys Networks supports two Filter ID formats decorated and undecorated The decorated format has three forms To specify the policy profile to assign to the authenticating user network acc...

Page 1164: ...3 4 4 Configuring TACACS Section 14 3 4 5 Configuring 802 1X Authentication Section 14 3 5 6 Configuring Port Web Authentication PWA Section 14 3 6 7 Configuring MAC Authentication Section 14 3 7 8 Configuring Convergence End Point CEP Section 14 3 8 9 Configuring MAC Locking Section 14 3 9 10 Configuring Multiple Authentication Section 14 3 10 11 Configuring Secure Shell SSH Section 14 3 11 12 Co...

Page 1165: ...3 1 Setting the Authentication Login Method Purpose To configure the authentication login method Commands The commands used to configure the authentication login method are listed below and described in the associated section as shown show authentication login Section 14 3 1 1 set authentication login Section 14 3 1 2 clear authentication login Section 14 3 1 3 ...

Page 1166: ...ogin Use this command to display the current authentication login method show authentication login Syntax Description None Command Type Switch command Command Mode Read Only Command Defaults None Example This example shows how to display the current authentication login method Matrix rw show authentication login Current authentication login is any ...

Page 1167: ...Write Command Defaults None Example This example shows how to set the authentication login method to use the local password settings any Specifies that the authentication protocol will be selected using the following precedence order TACACS RADIUS Local local Specifies that the local network password settings will be used for authentication login radius Specifies that RADIUS will be used for authe...

Page 1168: ...entication login Use this command to reset the authentication login method to the default setting of any clear authentication login Syntax Description None Command Type Switch command Command Mode Read Write Command Defaults None Example This example shows how to reset the authentication login method Matrix rw clear authentication login ...

Page 1169: ...arameters including IP address timeout period authentication realm and number of user login attempts allowed Reset RADIUS server settings to default values Configure a RADIUS accounting server Commands The commands used to review and configure RADIUS are listed below and described in the associated section as shown show radius Section 14 3 2 1 set radius Section 14 3 2 2 clear radius Section 14 3 ...

Page 1170: ...formation state Optional Displays the RADIUS client s enable status retries Optional Displays the number of retry attempts before the RADIUS server times out authtype Optional Displays the RADIUS server s authentication type server Optional Displays RADIUS server configuration information timeout Optional Displays the maximum amount of time in seconds to establish contact with the RADIUS server be...

Page 1171: ...s before the RADIUS server times out The default value of 3 can be reset using the set radius command as described in Section 14 3 2 2 RADIUS timeout Maximum amount of time in seconds to establish contact with the RADIUS server before retry attempts begin The default value of 20 can be reset using the set radius command as described in Section 14 3 2 2 RADIUS Server IP address UDP authentication p...

Page 1172: ... RADIUS client retries number of retries Specifies the number of retry attempts before the RADIUS server times out Valid values are from 1 to 10 Default is 3 timeout timeout Specifies the maximum amount of time in seconds to establish contact with the RADIUS server before retry attempts begin Valid values are from 1 to 30 Default is 20 seconds server index ip_address port Specifies the index numbe...

Page 1173: ...n port 1812 and an authentication password of pwsecret As previously noted the server secret password entered here must match that already configured as the Read Write rw password on the RADIUS server This example shows how to restrict all RADIUS servers to authenticate management access only This example shows how to set the RADIUS timeout to 5 seconds This example shows how to set RADIUS retries...

Page 1174: ...his example shows how to clear all settings on all RADIUS servers This example shows how to reset the RADIUS timeout to the default value of 20 seconds state Optional Resets the RADIUS client state to the default setting of disabled retries Optional Resets the maximum number of attempts a user can contact the RADIUS server before timing out to 3 timeout Optional Resets the maximum amount of time t...

Page 1175: ...his example shows how to display RADIUS accounting configuration information In this case RADIUS accounting is enabled and global default settings have not been changed One server has been configured The Matrix Series device allows for up to 10 RADIUS accounting servers to be configured with up to 2 active at any given time updateinterval Optional Displays the number of seconds between each RADIUS...

Page 1176: ... For details on enabling and configuring RADIUS accounting refer to Section 14 3 2 5 Matrix rw show radius accounting Accounting state Enabled Accounting update interval 1800 secs Accounting interval minimum 600 secs Server Server Acct Index IP Port Retries Timeout Status 1 1 1 1 1 1236 2 5 Primary ...

Page 1177: ...ween each RADIUS accounting interim update when accumulated accounting data is sent to the server for a session Valid values are 180 2147483647 retries retries Sets the maximum number of attempts to contact a specified RADIUS accounting server before timing out Valid retry values are 1 2147483647 timeout timeout Sets the maximum amount of time in seconds to establish contact with a specified RADIU...

Page 1178: ...ecret password entered here must match that already configured as the Read Write rw password on the RADIUS accounting server This example shows how to set the RADIUS accounting timeout to 30 seconds on server 6 This example shows how to set RADIUS accounting retries to 10 on server 6 Matrix rw set radius accounting server 1 10 2 4 12 1800 Server Secret Retype Server Secret Make This Entry Active y...

Page 1179: ...and Mode Read Write Command Defaults None Example This example shows how to reset the RADIUS accounting timeout to 5 seconds on all servers server index all Clears the configuration on one or more accounting servers retries index all Resets the retries to the default value of 2 on one or more accounting servers timeout index all Resets the timeout to 5 seconds on one or more accounting servers int...

Page 1180: ...itself The AAA server will then describe the level of service which should be provided This may include authentication success session duration and class of service to be provided Enterasys Networks Layer 2 switches utilize two specific attributes to implement the provisioning of service in response to a successful authentication A proprietary Filter ID which describes a Policy Profile to be appli...

Page 1181: ...thorization configuration information will be displayed Example This example shows how to display VLAN Authorization configuration information for ports ge 1 1 3 port list Optional Displays the port s VLAN Authorization settings all Optional Displays all port s VLAN Authorization settings Matrix su show vlanauthorization ge 1 1 3 VLAN Authorization Global Status enabled VLAN Authorization Table Po...

Page 1182: ... Authorization This example shows how to enable VLAN Authorization for port ge 1 1 for tagged packets enable disable enable Enable VLAN Authorization disable Disable VLAN Authorization port port list Optional Set port s attributes for VLAN Authorization enable disable enable Enable port VLAN Authorization disable Disable port VLAN Authorization none tagged untagged dynamic none No egress change wi...

Page 1183: ...ion port list all Syntax Description Command Type Switch command Command Mode Read Write Command Defaults None Example This example shows how to clear VLAN Authorization This example shows how to clear VLAN Authorization for ports ge 1 1 4 port list Optional Clear port s attributes for VLAN Authorization all Clear all VLAN Authorization to the defaults Matrix su clear vlanauthorization Matrix su c...

Page 1184: ...nd server settings to default values Commands The commands used to review and configure TACACS are listed below and described in the associated section as shown show tacacs Section 14 3 4 1 set tacacs Section 14 3 4 2 show tacacs server Section 14 3 4 3 set tacacs server Section 14 3 4 4 clear tacacs server Section 14 3 4 5 show tacacs session Section 14 3 4 6 set tacacs session Section 14 3 4 7 c...

Page 1185: ...ample shows how to display all TACACS configuration information Table 14 2 provides an explanation of the command output state Optional Displays only the TACACS client status Matrix ro show tacacs TACACS state enabled TACACS session accounting state disabled TACACS command authorization state disabled TACACS command accounting state disabled TACACS single connect state disabled TACACS service exec...

Page 1186: ...r disabled TACACS singleconnect state Whether TACACS singleconnect is enabled or disabled When enabled the TACACS client sends multiple requests over a single TCP connection TACACS service The name of the service that is requested by the TACACS client for session authorization exec is the default service name TACACS session authorization A V pairs Displays the attribute value pairs that are mapped...

Page 1187: ... Defaults None Command Type Switch command Command Mode Read Write Usage The TACACS client can be enabled on the switch anytime with or without a TACACS server online If the TACACS server is offline and TACACS is enabled the login authentication is switched to RADIUS or local if enabled Examples This example shows how to enable the TACACS client enable disable Enables or disables the TACACS client...

Page 1188: ...Command Type Switch command Command Mode Read Only Example This example displays configuration information for all configured TACACS servers index Display the configuration of the TACACS server identified by index The value of index can range from 1 to 2 147 483 647 all Display the configuration for all configured TACACS servers Matrix ro show tacacs server all TACACS Server IP Address Port Timeou...

Page 1189: ...h command Command Mode Read Write Example This example configures TACACS server 1 The default timeout value of 10 seconds will be applied all Specify the timeout value for all configured TACACS servers index Configure the TACACS server identified by index The value of index can range from 1 to 2 147 483 647 timeout seconds Set the timeout value for the specified server s in seconds The value of se...

Page 1190: ... servers clear tacacs server all index timeout Syntax Description Command Defaults If timeout is not specified the affected TACACS servers will be removed Command Type Switch command Command Mode Read Write Example This example removes TACACS server 1 all Specifies that all configured TACACS servers should be affected index Specifies one TACACS server to be affected timeout Optional Return the tim...

Page 1191: ...e Switch command Command Mode Read Only Examples This example shows how to display client session authorization information This example shows how to display client session accounting state authorization Display client session authorization settings accounting Display client session accounting settings state Optional Display the client session accounting state Matrix ro show tacacs session authori...

Page 1192: ... name of the service that the TACACS client will request from the TACACS server The name specified here must match the name of a service configured on the server read only attribute value Specifies that the Matrix read only access privilege level should be matched to a privilege level configured on the TACACS server by means of an attribute value pair specified by attribute and value By default at...

Page 1193: ...x switch The parameter values must match a service and access level attribute value pairs configured on the server for the session to be authorized If the parameter values do not match the session will not be allowed The service name and attribute value pairs can be any character string and are determined by your TACACS server configuration Examples This example configures the service requested by...

Page 1194: ...le shows how to return all the session authorization parameters to their default values authorization Clears the TACACS session authorization parameters service Clears the TACACS session authorization service name to the default value of exec read only Clears the TACACS session authorization read only attribute value pair to their default values of priv lvl and 0 read write Clears the TACACS sessi...

Page 1195: ...g or authorization configuration parameters are displayed which at this time includes only the enabled disabled status Command Type Switch command Command Mode Read Write Example This example shows how to display the state of the TACACS client s command authorization accounting Display the status of TACACS accounting on a per command basis authorization Display the status of TACACS authorization o...

Page 1196: ... per command accounting is enabled the TACACS server will log accounting information such as start and stop times IP address of the client and so forth for each command executed during the session When per command authorization is enabled the TACACS server will check whether each command is permitted for that authorized session and return a success or fail If the authorization fails the command is...

Page 1197: ...ription Command Defaults If state is not specified all single connection configuration parameters are displayed which at this time includes only the enabled disabled state Command Type Switch command Command Mode Read Write Example This example shows how to display the state of the TACACS client s ability to send multiple requests over a single connection state Optional Specifies that only the sin...

Page 1198: ...abled the TACACS client will use a single TCP connection for all requests to a given TACACS server set tacacs singleconnect enable disable Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Examples This example shows how to disable sending multiple requests over a single connection enable disable Enable or disable the ability to send multiple requests ove...

Page 1199: ...pplicants will be allowed to simultaneously utilize more than one access entity Access Entities responsible for maintaining state counters and statistics for an individual supplicant An access entity is activated from a pool of configured access entities when a potential supplicant on a port needs to be authenticated It becomes deactivated when the supplicant logs off cannot be authenticated or th...

Page 1200: ...n Guide Commands The commands used to review and configure 802 1X are listed below and described in the associated section as shown show dot1x Section 14 3 5 1 show dot1x auth config Section 14 3 5 2 set dot1x Section 14 3 5 3 set dot1x auth config Section 14 3 5 4 clear dot1x auth config Section 14 3 5 5 ...

Page 1201: ...If index is not specified information for all access entities will be displayed auth config Optional Displays authentication configuration information access entity Optional Displays access entity information auth diag Optional Displays authentication diagnostics information auth session stats Optional Displays authentication session statistics auth stats Optional Displays authentication statistic...

Page 1202: ...rix rw show dot1x auth diag fe 1 1 Port 1 Auth Diag Enter Connecting 0 EAP Logoffs While Connecting 0 Enter Authenticating 0 Success While Authenticating 0 Timeouts While Authenticating 0 Fail While Authenticating 0 ReAuths While Authenticating 0 EAP Starts While Authenticating 0 EAP Logoff While Authenticating 0 ReAuths While Authenticated 0 EAP Starts While Authenticated 0 EAP Logoff While Authe...

Page 1203: ...ssion Octets Tx 0 Session Frames Rx 0 Session Frames Tx 0 Session Id 1 00 00 00 00 00 00 Session Authentic Method Remote Auth Server Session Time 0 secs Session Terminate Cause Port Failure Session UserName Matrix rw show dot1x auth stats fe 1 1 Port 1 Auth Stats EAPOL Frames Rx 0 EAPOL Frames Tx 0 EAPOL Start Frames Rx 0 EAPOL Logoff Frames Rx 0 EAPOL RespId Frames Rx 0 EAPOL Resp Frames Rx 0 EAP...

Page 1204: ...n state machine quietperiod Optional Displays the value set for quiet period currently in use by the authenticator PAE state machine reauthenabled Optional Displays the state of reauthentication control used by the Reauthentication Timer state machine reauthperiod Optional Displays the value in seconds set for the reauthentication period used by the reauthentication timer state machine servertimeo...

Page 1205: ...s how to display all 802 1X authentication configuration settings for fe 2 24 Matrix rw show dot1x auth config authcontrolled portcontrol fe 1 1 Port 1 Auth controlled port control Auto Matrix rw show dot1x auth config quietperiod fe 1 1 Port 1 Quiet period 30 Matrix rw show dot1x fe 2 24 Port fe 2 24 Auth Config PAE state Initialize Backend auth State Initialize Admin controlled directions Both O...

Page 1206: ...reinitialization or reauthentication setting will be applied to all ports If index is not specified all access entities will be affected Examples This example shows how to enable 802 1X This example shows how to reinitialize fe 2 24 enable disable Enables or disables 802 1X init reauth Reinitializes one or more access entities or reauthenticates one or more supplicants port string Optional Specifi...

Page 1207: ...cation on the port and allows all frames received on the port to be forwarded forced unauth Forced unauthorized mode which effectively disables 802 1X authentication on the port When 802 1X is the only active authentication agent on a given port this setting means all frames received will be dropped keytxenabled false true Enables true or disables false 802 1X key transmission by the authenticator...

Page 1208: ...fies a timeout period in seconds for the authentication server used by the backend authentication state machine Valid values are 1 300 supptimeout timeout Specifies a timeout period in seconds for the authentication supplicant used by the backend authentication state machine Valid values are 1 300 txperiod value Specifies the period in seconds which passes between authenticator PAE state machine E...

Page 1209: ...control Optional Resets the 802 1X port control mode to auto keytxenabled Optional Resets the 802 1X key transmission state to disabled false maxreq Optional Resets the maximum requests value to 2 quietperiod Optional Resets the quiet period value to 60 seconds reauthenabled Optional Resets the reauthentication control state to disabled false reauthperiod Optional Resets the reauthentication perio...

Page 1210: ...how to reset the 802 1X port control mode to auto on all ports This example shows how to reset reauthentication control to disabled on ports fe 1 1 3 This example shows how to reset the 802 1X quiet period to 60 seconds on ports fe 1 1 3 Matrix rw clear dot1x auth config authcontrolled portcontrol Matrix rw clear dot1x auth config reauthenabled fe 1 1 3 Matrix rw clear dot1x auth config quietperio...

Page 1211: ...te of the user a login page or a logout page will display When a user submits username and password the switch then authenticates the user via a preconfigured RADIUS server If the login is successful then the user will be granted full network access according to the user s policy configuration on the switch PWA Configuration Considerations In order to optimize PWA authentication on the Matrix Seri...

Page 1212: ...able the selective services required for PWA This rule will forward ARP requests allow access to a server at IP 1 2 3 4 that acts as both a DNS and DHCP server and be assigned as the default policy profile for all Fast Ethernet ports Also the PWA client must be configured statically or through DHCP to have routes to both the resolved URL a local route or an actual gateway and the PWA IP address DH...

Page 1213: ... 6 5 set pwa banner Section 14 3 6 6 clear pwa banner Section 14 3 6 7 set pwa displaylogo Section 14 3 6 8 set pwa redirecttime Section 14 3 6 9 set pwa ipaddress Section 14 3 6 10 set pwa protocol Section 14 3 6 11 set pwa enhancedmode Section 14 3 6 12 set pwa guestname Section 14 3 6 13 clear pwa guestname Section 14 3 6 14 set pwa guestpassword Section 14 3 6 15 set pwa gueststatus Section 14...

Page 1214: ...for all ports Command Type Switch command Command Mode Read Only Examples This example shows how to display PWA information for ge 2 1 Table 14 3 provides an explanation of the command output port string Optional Displays PWA information for specific port s Matrix rw show pwa ge 2 1 PWA Status enabled PWA IP Address 192 168 62 99 PWA Protocol PAP PWA Enhanced Mode N A PWA Logo enabled PWA Guest Ne...

Page 1215: ... command as described in Section 14 3 6 12 PWA Logo Whether the Enterasys Networks logo will be displayed or hidden at user login Default state of enabled displayed can be changed using the set pwa displaylogo command as described in Section 14 3 6 8 PWA Guest Networking Status Whether PWA guest user status is disabled or enabled with RADIUS or no authentication Default state of disabled can be ch...

Page 1216: ...ount of time a port will be in the held state after a user unsuccessfully attempts to log on to the network Default value of 60 can be changed using the set pwa quietperiod command as described in Section 14 3 6 18 MaxReq Maximum number of log on attempts allowed before transitioning the port to a held state Default value of 2 can be changed using the set pwa maxrequests command as described in Se...

Page 1217: ...faults None Command Type Switch command Command Mode Read Write Example This example shows how to enable port web authentication NOTE Port Web Authentication cannot be enabled if either MAC authentication or EAPOL 802 1X is enabled For information on disabling 802 1X refer to Section 14 3 5 3 For information on disabling MAC authentication refer to Section 14 3 7 3 enable disable Enables or disabl...

Page 1218: ... to set a port web authentication host name This is a URL for accessing the PWA login page set pwa hostname name Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to set the PWA host name to pwahost name Specifies a name for accessing the PWA login page Matrix rw set pwa hostname pwahost ...

Page 1219: ... Guide 14 59 14 3 6 4 clear pwa hostname Use this command to clear the port web authentication host name clear pwa hostname Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to clear the PWA host name Matrix rw clear pwa hostname ...

Page 1220: ... 5 show pwa banner Use this command to display the port web authentication login banner string show pwa banner Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Only Example This example shows how to display the PWA login banner Matrix rw show pwa banner Welcome to Enterasys Networks ...

Page 1221: ...to configure a string to be displayed as the PWA login banner set pwa banner string Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to set the PWA login banner to Welcome to Enterasys Networks string Specifies the PWA login banner Matrix rw set pwa banner Welcome to Enterasys Networks ...

Page 1222: ...uide 14 3 6 7 clear pwa banner Use this command to reset the PWA login banner to a blank string clear pwa banner Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to reset the PWA login banner to a blank string Matrix rw clear pwa banner ...

Page 1223: ...et the display options for the Enterasys Networks logo set pwa displaylogo display hide Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to hide the Enterasys Networks logo display hide Displays or hides the Enterasys Networks logo when the PWA website displays Matrix rw set pwa displaylogo hide ...

Page 1224: ...ccess page redirect time set pwa redirecttime time Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to set the PWA redirect time to 10 seconds time Specifies the number of seconds before the user will be redirected to the PWA home page after successful login Valid values are 0 120 Matrix rw set pwa redirecttime 10 ...

Page 1225: ...n from which PWA will prevent network access until the user is authenticated set pwa ipaddress ip address Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to set a PWA IP address of 1 2 3 4 ip address Specifies a globally unique IP address This same value must be configured into every authenticating switch in the domain Mat...

Page 1226: ...Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to set a the PWA protocol to CHAP chap pap Sets the PWA protocol to CHAP PPP Challenge Handshake Protocol encrypts the username and password between the end station and the switch port PAP Password Authentication Protocol does not provide any encryption between the end station the s...

Page 1227: ...ted PWA ports can type any URL into a browser and be presented the PWA login page on their initial web access They will also be granted guest networking privileges set pwa enhancedmode enable disable Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to enable PWA enhanced mode enable disable Enables or disables PWA enhanced ...

Page 1228: ...en enhanced mode is enabled as described in Section 14 3 6 12 PWA will use this name to grant network access to guests without established login names and passwords set pwa guestname name Syntax Description Command Type Switch command Command Defaults None Command Mode Read Write Example This example shows how to set the PWA guest user name to guestuser name Specifies a guest user name Matrix rw s...

Page 1229: ...on Guide 14 69 14 3 6 14 clear pwa guestname Use this command to clear the PWA guest user name clear pwa guestname Syntax Description None Command Type Switch command Command Defaults None Command Mode Read Write Example This example shows how to clear the PWA guest user name Matrix rw clear pwa guestname ...

Page 1230: ...e is enabled as described in Section 14 3 6 12 PWA will use this password and the guest user name to grant network access to guests without established login names and passwords set pwa guestpassword Syntax Description None Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to set the PWA guest user password name Matrix rw set pwa guestpasword ...

Page 1231: ...es to users without established login names and passwords set pwa gueststatus authnone authradius disable Syntax Description Command Type Switch command Command Defaults None Command Mode Read Write Example This example shows how to enable PWA guest networking with RADIUS authentication authnone Enables guest networking with no authentication method authradius Enables guest networking with RADIUS ...

Page 1232: ...ted state set pwa initialize port string Syntax Description Command Type Switch command Command Defaults If port string is not specified all ports will be initialized Command Mode Read Write Example This example shows how to initialize ports fe 1 5 7 port string Optional Initializes specific port s For a detailed description of possible port string values refer to Section 4 1 1 Matrix rw set pwa i...

Page 1233: ...uietperiod time port string Syntax Description Command Type Switch command Command Defaults If port string is not specified quiet period will be set for all ports Command Mode Read Write Example This example shows how to set the PWA quiet period to 30 seconds for ports fe 1 5 7 time Specifies quiet time in seconds port string Optional Sets the quiet period for specific port s For a detailed descri...

Page 1234: ...s port string Syntax Description Command Type Switch command Command Defaults If port string is not specified maximum requests will be set for all ports Command Mode Read Write Example This example shows how to set the PWA maximum requests to 3 for all ports maxrequests Specifies the maximum number of log on attempts port string Optional Sets the maximum requests for specific port s For a detailed...

Page 1235: ...ond to requests If a default policy exists on the port it will be ignored in the unauthenticated state NOTE In order for PWA enhanced mode to operate port control mode must be set to auto forceauthorized Sets the port to force authorized mode In this mode the port is transmitting and receiving traffic The Web server Login Logout screens are inaccessible as is the PWA IP Spoofing ARP DNS WINS or DH...

Page 1236: ...ration Command Set Configuring Port Web Authentication PWA 14 76 Matrix NSA Series Configuration Guide Example This example shows how to set the PWA control mode to auto for all ports Matrix rw set pwa portcontrol auto ...

Page 1237: ...nformation for all ports will be displayed Command Mode Read Only Example This example shows how to display PWA session information port string Optional Displays PWA session information for specific port s For a detailed description of possible port string values refer to Section 4 1 1 Matrix rw show pwa session Port MAC IP User Duration Status ge 2 19 00 c0 4f 20 05 4b 172 50 15 121 pwachap10 0 1...

Page 1238: ...Commands The commands needed to review enable disable and configure MAC authentication are listed below and described in the associated section as shown show macauthentication Section 14 3 7 1 show macauthentication session Section 14 3 7 2 set macauthentication Section 14 3 7 3 set macauthentication password Section 14 3 7 4 clear macauthentication password Section 14 3 7 5 set macauthentication ...

Page 1239: ... Configuring MAC Authentication Matrix NSA Series Configuration Guide 14 79 clear macauthentication reauthperiod Section 14 3 7 17 set macauthentication quietperiod Section 14 3 7 18 clear macauthentication quietperiod Section 14 3 7 19 ...

Page 1240: ...rovides an explanation of the command output port string Optional Displays MAC authentication information for specific port s For a detailed description of possible port string values refer to Section 4 1 1 Router3 su show macauthentication ge 1 1 8 MAC authentication disabled MAC user password NOPASSWORD Port username significant bits 48 Port Port Quiet Reauth Auth Auth Reauthentications State Pe...

Page 1241: ...ticate the full address i e authentication server timeout causes the next attempt to start once again with a full MAC authentication Default is 48 and cannot be reset Port Port designation For a detailed description of possible port string values refer to Section 4 1 1 Port State Whether or not MAC authentication is enabled or disabled on this port Quiet Period Enables a reauthentication attempt f...

Page 1242: ...ll be displayed for all MAC authentication ports Example This example shows how to display MAC session information Table 14 5 provides an explanation of the command output Matrix rw show macauthentication session Port MAC Address Duration Reauth Period Reauthentications ge 1 2 00 60 97 b5 4c 07 0 00 52 31 3600 disabled Table 14 5 show macauthentication session Output Details Output What It Display...

Page 1243: ...ort set using the set macauthentication reauthperiod command described in Section 14 3 7 16 Reauthentications Whether or not reauthentication is enabled or disabled on this port Set using the set macauthentication reauthentication command described in Section 14 3 7 13 Table 14 5 show macauthentication session Output Details Continued Output What It Displays ...

Page 1244: ...mand to globally enable or disable MAC authentication set macauthentication enable disable Syntax Description Command Type Switch command Command Mode Read Write Command Defaults None Examples This example shows how to globally enable MAC authentication enable disable Globally enables or disables MAC authentication Matrix rw set macauthentication enable ...

Page 1245: ...and to set a MAC authentication password set macauthentication password password Syntax Description Command Type Switch command Command Mode Read Write Command Defaults None Examples This example shows how to set the MAC authentication password to macauth password Specifies a text string MAC authentication password Matrix rw set macauthentication password macauth ...

Page 1246: ...cauthentication password Use this command to clear the MAC authentication password clear macauthentication password Syntax Description None Command Type Switch command Command Mode Read Write Command Defaults None Examples This example shows how to clear the MAC authentication password Matrix rw clear macauthentication password ...

Page 1247: ...ber of significant bits of the MAC address to use for authentication set macauthentication significant bits number Syntax Description Command Type Switch command Command Mode Read Write Command Defaults None Examples This example shows how to set the MAC authentication significant bits to 24 number Specifies a number of significant bits Matrix rw set macauthentication significant bits 24 ...

Page 1248: ...bits Use this command to clear the MAC authentication significant bits setting clear macauthentication significant bits Syntax Description None Command Type Switch command Command Mode Read Write Command Defaults None Example This example shows how to clear the MAC authentication significant bits setting Matrix rw clear macauthentication significant bits ...

Page 1249: ...ample shows how to enable MAC authentication on ge 2 1 though 5 NOTE Enabling port s for MAC authentication requires globally enabling MAC authentication on the device as described in Section 14 3 7 3 and then enabling it on a port by port basis By default MAC authentication is globally disabled and disabled on all ports enable disable Enables or disables MAC authentication port string Specifies p...

Page 1250: ...er port string Syntax Description Command Type Switch command Command Mode Read Write Command Defaults None Example This example shows how to set the number of allowed MAC authentication sessions to 4 on ge 2 1 number Specifies the number of authentication sessions allowed port string Specifies port s on which to set the number of authentication sessions For a detailed description of possible port...

Page 1251: ...escription Command Type Switch command Command Mode Read Write Command Defaults If port string is not specified the number of allowed authentication sessions will be cleared on all ports Example This example shows how to clear the number of allowed MAC authentication sessions on ge 2 1 port string Optional Clears the number of authentication sessions allowed for specific port s For a detailed desc...

Page 1252: ...rently active sessions on those ports set macauthentication portinitialize port string Syntax Description Command Type Switch command Command Mode Read Write Command Defaults None Example This example shows how to force ge 2 1 through 5 to initialize port string Specifies the MAC authentication port s to re initialize For a detailed description of possible port string values refer to Section 4 1 1...

Page 1253: ...re initialize and remove the session set macauthentication macinitialize mac_addr Syntax Description Command Type Switch command Command Mode Read Write Command Defaults None Example This example shows how to force the MAC authentication session for address 00 60 97 b5 4c 07 to re initialize mac_addr Specifies the MAC address of the session to re initialize Matrix rw set macauthentication maciniti...

Page 1254: ...n reauthentication enable disable port string Syntax Description Command Type Switch command Command Mode Read Write Command Defaults None Example This example shows how to enable MAC reauthentication on ge 4 1 though 5 enable disable Enables or disables MAC reauthentication port string Specifies port s on which to enable or disable MAC reauthentication For a detailed description of possible port ...

Page 1255: ...more MAC authentication ports set macauthentication portreauthenticate port string Syntax Description Command Type Switch command Command Mode Read Write Command Defaults None Example This example shows how to force ge 2 1 though 5 to reauthenticate port string Specifies MAC authentication port s to be reauthenticated For a detailed description of possible port string values refer to Section 4 1 1...

Page 1256: ...n of a MAC address set macauthentication macreauthenticate mac_addr Syntax Description Command Type Switch command Command Mode Read Write Command Defaults None Example This example shows how to force the MAC authentication session for address 00 60 97 b5 4c 07 to reauthenticate mac_addr Specifies the MAC address of the session to reauthenticate Matrix rw set macauthentication macreauthenticate 00...

Page 1257: ...uthperiod time port string Syntax Description Command Type Switch command Command Mode Read Write Command Defaults None Example This example shows how to set the MAC reauthentication period to 7200 seconds 2 hours on ge 2 1 through 5 time Specifies the number of seconds between reauthentication attempts Valid values are 1 4294967295 port string Specifies the port s on which to set the MAC reauthen...

Page 1258: ...ort string Syntax Description Command Type Switch command Command Mode Read Write Command Defaults If port string is not specified the reauthentication period will be cleared on all ports Example This example shows how to globally clear the MAC reauthentication period port string Optional Clears the MAC reauthentication period on specific port s For a detailed description of possible port string v...

Page 1259: ...ng Syntax Description Command Type Switch command Command Mode Read Write Command Defaults None Example This example shows how to set the macauthentication quiet period to 120 seconds 2 minutes on ge 2 1 through 5 time Specifies the number of seconds between reauthentication attempts Valid values are 0 4294967295 port string Specifies the port s on which to set the macauthentication quiet period F...

Page 1260: ...ault value is 0 never clear macauthentication quietperiod port string Syntax Description Command Type Switch command Command Mode Read Write Command Defaults None Example This example shows how to clear the macauthentication quietperiod for port ge 1 1 port string Optional Clears the macauthentication quiet period on specific port s For a detailed description of possible port string values refer t...

Page 1261: ...ddress or a UDP TCP port number for detection Default UDP ports are 1718 1719 1720 Default group address is 224 0 1 41 The commands in this section can be used to configure H 323 detection using new parameters A second default H 323 detection excludes the default group address SIP Phone Detection Uses either a UDP TCP port number with multicast group IP address or a UDP TCP port number for detecti...

Page 1262: ...licy Section 14 3 8 3 show cep port Section 14 3 8 4 set cep Section 14 3 8 5 set cep port Section 14 3 8 6 set cep policy Section 14 3 8 7 set cep detection Section 14 3 8 8 set cep detection type Section 14 3 8 9 set cep detection address Section 14 3 8 10 set cep detection protocol Section 14 3 8 11 set cep detection porthigh portlow Section 14 3 8 12 set cep initialize Section 14 3 8 13 clear ...

Page 1263: ...aults None Command Mode Read Only Example This example shows how to display CEP connections for port fe 1 21 port string Displays CEP status for one or more ports For a detailed description of possible port string values refer to Section 4 1 1 Matrix show cep connections fe 1 21 Connection Info for fe 1 21 Endpoint Type h323 Policy Index 3 Discovery Time MON FEB 06 02 31 42 2006 Firmware Version A...

Page 1264: ...aults If no detection id is specified all CEP detection parameters are displayed Command Mode Read Only Examples This example shows how to display CEP detection information detection id Optional Show CEP detection parameters based on the CEP configuration group id Matrix show cep detection Global CEP state enabled Detection Rules for Index 1 Endpoint Phone Type h323 Protocol tcp udp Port Low 1718 ...

Page 1265: ...ommand to display the global policies of all supported CEP types show cep policy Syntax Description None Command Defaults None Command Mode Read Only Examples This example shows how to display CEP policy information Matrix show cep policy CEP default policies CEP Type Policy Index Policy Name cisco 13 Cisco IP Phone siemens 9 IP Phone Siemens h323 3 IP Phone Avaya sip 0 ...

Page 1266: ...d CEP types show cep port port string Syntax Description Command Defaults None Command Mode Read Only Examples This example shows how to display CEP status information for port fe 1 21 port string Displays CEP status for one or more ports For a detailed description of possible port string values refer to Section 4 1 1 Matrix show cep port fe 1 21 Port H323 Siemens Cisco SIP fe 1 21 enabled enabled...

Page 1267: ...14 3 8 5 set cep Use this command to globally enable or disable CEP detection set cep enable disable Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to globally enable CEP detection enable disable Globally enables or disables CEP detection Matrix set cep enable ...

Page 1268: ...mand Mode Read Write Example This example shows how to enable Cisco phone detection on port fe 3 1 port string Specifies the port s to enable or disable For a detailed description of possible port string values refer to Section 4 1 1 cisco Set the Cisco detection status on the specified ports h323 Set the H323 detection status on the specified ports siemens Set the Siemens detection status on the ...

Page 1269: ...ed in Chapter 8 set cep policy cisco h323 siemens sip index Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to assign policy index 1 to all H 323 phones detected cisco Set the Cisco global default policy index h323 Set the H323global default policy index siemens Set the Siemens global default policy index sip Set the SIP g...

Page 1270: ...and Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to create CEP detection group 1 NOTE This command applies only to Siemens H 323 and SIP phone detection Cisco detection uses CiscoDP as its discovery method id Specifies a CEP configuration group value Valid values are 1 2147483647 create delete disable enable Creates a new convergence end points d...

Page 1271: ...l detection types Siemens H323 SIP Under manual detection configuration for each of the types the Endpoint Phone Type will be listed correctly However the high and low ports will not reflect default ports for the Endpoint Phone Types The user will have to configure the port low and high options to match their needs for the Endpoint Phone Type being configured as described in Section 14 3 8 12 Exam...

Page 1272: ...Type Switch command Command Mode Read Write Example This example shows how to set an IP address of 10 1 1 3 and mask for detection group 1 NOTE This command applies only to Siemens H 323 and SIP phone detection Cisco detection uses CiscoDP as its discovery method id Specifies a CEP configuration group ID This group must be created and enabled using the set cep detection id command as described in ...

Page 1273: ...n 14 3 8 12 set cep detection id id protocol tcp udp both none Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to enable both TCP and UDP convergence end points detection for CEP detection group 1 NOTE This command applies only to Siemens H 323 and SIP phone detection Cisco detection uses CiscoDP as its discovery method id...

Page 1274: ...d id porthigh portlow port Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to set port 65 as the minimum port to be used for convergence end points detection for CEP group 1 NOTE This command applies only to Siemens H 323 and SIP phone detection Cisco detection uses CiscoDP as its discovery method id Specifies a CEP config...

Page 1275: ...x Description Command Defaults If no port string is specified all existing CEP connections on all ports are cleared Command Type Switch command Command Mode Read Write Example This example shows how to re initialize CEP ports fe 1 3 5 port string Optional Specifies the CEP enabled port s to clear existing CEP connections This must be a port string enabled for CEP using the set cep port command as ...

Page 1276: ...nd Command Mode Read Write all Restores factory defaults to all CEP configuration information policy Restore factory defaults to CEP policy configuration detection detection id Restore factory defaults to CEP detection group configuration Optionally specify a particular CEP configuration group to clear with detection id Valid values are 1 2147483647 users port string Clear discovered Convergence E...

Page 1277: ...tion Guide 14 117 Examples This example shows how to clear all CEP policy parameters This example shows how to clear detection id 4 parameters This example shows how to clears ports fe 1 1 5 of Cisco phone detection parameters Matrix clear cep policy Matrix clear cep detection id 4 Matrix clear cep port fe 1 1 5 cisco ...

Page 1278: ... only frames forwarded on a locked port are those with the locked MAC address es for that port Commands The commands needed to configure MAC locking are listed below and described in the associated section as shown show maclock Section 14 3 9 1 show maclock stations Section 14 3 9 2 set maclock enable Section 14 3 9 3 set maclock disable Section 14 3 9 4 set maclock Section 14 3 9 5 set maclock fi...

Page 1279: ... information for ge 2 1 through 5 Table 14 6 provides an explanation of the command output port_string Optional Displays MAC locking status for specified port s For a detailed description of possible port_string values refer to Section 4 1 1 Matrix rw show maclock ge 2 1 5 MAC locking is globally enabled Port Port Trap Max Static Max FirstArrival Violating Number Status Status Allocated Allocated ...

Page 1280: ... 14 3 9 3 and Section 14 3 9 5 Trap Status Whether MAC lock trap messaging is enabled or disabled on the port For details on setting this status using the set maclock trap command refer to Section 14 3 9 11 Max Static Allocated The maximum static MAC addresses allowed locked to the port For details on setting this value using the set maclock static command refer to Section 14 3 9 9 Max FirstArriva...

Page 1281: ...odule 2 firstarrival Optional Displays MAC locking information about end stations first connected to MAC locked ports static Optional Displays MAC locking information about static management defined end stations connected to MAC locked ports port_string Optional Displays end station information for specified port s For a detailed description of possible port_string values refer to Section 4 1 1 Ma...

Page 1282: ...ock stations Output Details Output What It Displays Port Number Port designation For a detailed description of possible port_string values refer to Section 4 1 1 MAC address MAC address of the end station s locked to the port Status Whether the end stations are active or inactive State Whether the end station locked to the port is a first learned first arrival or static connection ...

Page 1283: ...ription Command Defaults If port_string is not specified MAC locking will be enabled on all ports Command Type Switch command Command Mode Read Write Example This example shows how to enable MAC locking on fe 2 3 NOTE MAC locking is disabled by default at device startup Configuring one or more ports for MAC locking requires globally enabling it on the device and then enabling it on the desired por...

Page 1284: ...port_string Syntax Description Command Defaults If port_string is not specified MAC locking will be disabled on all ports Command Type Switch command Command Mode Read Write Example This example shows how to disable MAC locking on fe 2 3 port_string Optional Disables MAC locking on specific port s For a detailed description of possible port_string values refer to Section 4 1 1 Matrix rw set macloc...

Page 1285: ... MAC address 00 a0 c9 0d 32 11 and port fe 2 3 NOTE Configuring one or more ports for MAC locking requires globally enabling it on the device first using the set maclock enable command as described in Section 14 3 9 3 mac_address Specifies the MAC address for which MAC locking will be created enabled or disabled port_string Specifies the port on which to create enable or disable MAC locking For a ...

Page 1286: ...value Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to restrict MAC locking to 6 MAC addresses on fe 2 3 port_string Specifies the port on which to limit MAC locking For a detailed description of possible port_string values refer to Section 4 1 1 value Specifies the number of first arrival end station MAC addresses to be...

Page 1287: ...ve port string Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to move all current first arrival MACs to static entries on fe 1 3 port string Specifies the port where all current first arrival MACs will be moved to static entries For a detailed description of possible port_string values refer to Section 4 1 1 Matrix rw set...

Page 1288: ...o the default value of 600 clear maclock firstarrival port string Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to reset MAC first arrivals on fe 2 3 port_string Specifies the port on which to reset the first arrival value For a detailed description of possible port_string values refer to Section 4 1 1 Matrix rw clear ma...

Page 1289: ... static port_string value Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to restrict MAC locking to 4 static addresses on fe 2 3 port_string Specifies the port on which to limit MAC locking For a detailed description of possible port_string values refer to Section 4 1 1 value Specifies the number of static MAC addresses t...

Page 1290: ... the default value of 20 clear maclock static port_string Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to reset static MAC locking on fe 2 3 port_string Specifies the port on which to reset the static MAC locking limit For a detailed description of possible port_string values refer to Section 4 1 1 Matrix rw clear maclo...

Page 1291: ...t maclock static commands Violating MAC addresses are dropped from the device s routing table set maclock trap port_string enable disable Syntax Description Command Defaults None Command Type Switch command Command Mode Read Write Example This example shows how to enable MAC lock trap messaging on fe 2 3 port_string Specifies the port on which MAC lock trap messaging will be enabled or disabled Fo...

Page 1292: ...e Command Type Switch command Command Mode Read Write Example This example shows how to clear MAC locking between MAC address 00 a0 c9 0d 32 11 and port fe 2 3 all Clears all static MAC locking for one or more ports mac_address Specifies the MAC address for which the MAC locking will be cleared port_string Specifies the port on which to clear MAC locking For a detailed description of possible port...

Page 1293: ...5 7H4382 49 7H4383 49 and 7H4385 49 Uplink modules defined as modular SFP 10 Gbps and 100 FX ports support up to 128 authenticated users per port Uplink modules include the following 7G4202 30 7G4270 12 7G4280 19 7H4284 49 and 7K4290 02 802 3 LAG ports support 128 users The network expansion modules 7G 6MGBIC A 7G 6MGBIC B and 7K 2XFP 6MGBIC support 128 users per port when installed in Platinum mo...

Page 1294: ...n 14 3 10 8 clear multiauth station Section 14 3 10 9 show multiauth session Section 14 3 10 10 show multiauth idle timeout Section 14 3 10 11 set multiauth idle timeout Section 14 3 10 12 clear multiauth idle timeout Section 14 3 10 13 show multiauth session timeout Section 14 3 10 14 set multiauth session timeout Section 14 3 10 15 clear multiauth session timeout Section 14 3 10 16 NOTE In order...

Page 1295: ...ax Description Command Type Switch command Command Mode Read Write Command Defaults None Examples This example shows how to enable multiple authentication multi Allows the system to use multiple authenticators simultaneously NOTE This mode requires that MAC PWA and 802 1X authentication be enabled globally and configured appropriately on the desired ports per its corresponding command set as descr...

Page 1296: ...ide 14 3 10 2 clear multiauth mode Use this command to clear the system authentication mode clear multiauth mode Syntax Description None Command Type Switch command Command Mode Read Write Command Defaults None Examples This example shows how to clear the system authentication mode Matrix rw clear multiauth mode ...

Page 1297: ...dence of the authentication methods will determine which RADIUS returned filter ID will be processed and result in an applied traffic policy profile set multiauth precedence dot1x mac pwa Syntax Description Command Type Switch command Command Mode Read Write Command Defaults None Examples This example shows how to set precedence for MAC authentication dot1x Sets precedence for 802 1X authenticatio...

Page 1298: ... precedence Use this command to clear the system s multiple authentication administrative precedence clear multiauth precedence Syntax Description None Command Type Switch command Command Mode Read Write Command Defaults None Examples This example shows how to clear the multiple authentication precedence Matrix rw clear multiauth precedence ...

Page 1299: ...ommand Mode Read Only Command Defaults If port string is not specified multiple authentication information will be displayed for all ports Example This example shows how to display multiple authentication information for ports fe 1 1 4 port string Optional Displays multiple authentication information for specific port s Matrix rw show multiauth port fe 1 1 4 Port Mode Max Allowed Current users use...

Page 1300: ...d Write Command Defaults None Examples This example shows how to set the port multiple authentication mode to required on ge 3 14 mode auth opt auth reqd force auth force unauth Specifies the port s multiple authentication mode as auth opt Authentication optional auth reqd Authentication required force auth Authentication considered force unauth Authentication disabled numusers numusers Specifies ...

Page 1301: ...tring Syntax Description Command Type Switch command Command Mode Read Write Command Defaults None Examples This example shows how to clear the port multiple authentication mode on all 1 Gigabit Ethernet ports mode Clears the port s multiple authentication mode numusers Clears the value set for the number of users allowed authentication on port s port string Specifies the port s on which to clear ...

Page 1302: ...ts If no options are specified multiple authentication station entries will be displayed for all MAC addresses and ports Example This example shows how to display multiple authentication station entries In this case two end user MAC addresses are shown mac address Optional Displays multiple authentication station entries for specific MAC address es port port string Optional Displays multiple authe...

Page 1303: ...d Type Switch command Command Mode Read Write Command Defaults If not specified multiple authentication station entries will be cleared for all MAC addresses Example This example shows how to clear the multiple authentication station entry associated with port fe 1 20 mac address Optional Clears multiple authentication station entries for specific MAC address es port port string Specifies the port...

Page 1304: ...ad Only Command Defaults If no options are specified multiple authentication session entries will be displayed for all sessions authentication types MAC addresses and ports all Optional Displays information about all sessions including those with terminated status agent dot1x mac pwa cep Optional Displays 802 1X MAC CEP or port web authentication session information mac address Optional Displays m...

Page 1305: ...w multiauth session Multiple authentication session entries Port fe 2 2 Station address 00 01 f4 2b 4f 8b Auth status success Last attempt MON MAY 08 14 34 42 2006 Agent type pwa Session applied true Server type radius VLAN Tunnel Attr None Policy index 0 Policy name No policy applied Session timeout 43200 Session duration 0 00 01 01 Idle timeout 300 Idle time 0 00 00 00 Termination time Not Termi...

Page 1306: ...will display the idle timeout vlaues in seconds for the following authentication types dot1x pwa mac and cep show multiauth idle timeout Syntax Description None Command Type Switch command Command Mode Read Only Command Defaults None Example This example shows how to display timeout values for an idle session for each of the authentication types Matrix rw show multiauth idle timeout Authentication...

Page 1307: ...ach of the multiple authentication types Examples This example shows how to set the idle timeout session for cep and mac authentication to 500 seconds This example shows how to set the idle timeout session for all the authentication types to 600 seconds cep dot1x mac pwa Specifies the authentication type cep Enterasys Convergence End Point Authentication dot1x IEEE 802 1X Port Based Network Access...

Page 1308: ...onds for all authentication types Command Type Switch command Command Mode Read Write Examples This example shows how to clear the idle timeout session values for cep and mac authentication types back to default value of 300 seconds This example shows how to clear the idle timeout session values for all authentication types back to the default value of 300 seconds cep dot1x mac pwa Optional Specif...

Page 1309: ... This will display the session timeout values in seconds for the following authentication types dot1x pwa mac and cep show multiauth session timeout Syntax Description None Command Type Switch command Command Mode Read Only Command Defaults None Example This example shows how to display multiple authentication session timeout values for an active session Matrix rw show multiauth session timeout Au...

Page 1310: ...o set the session timeout value for an active session for cep and mac authentication to 500 seconds This example shows how to set the session timeout value for an active session for all the authentication types to 600 seconds cep dot1x mac pwa Optional Specifies the authentication type cep Enterasys Convergence End Point Authentication dot1x IEEE 802 1X Port Based Network Access Control mac Entera...

Page 1311: ...e Switch command Command Mode Read Write Examples This example shows how to clear the session timeout values for an active session for cep and mac authentication types to the default value of 0 seconds This example shows how to clear the session timeout values for an active session for all authentication types to the default value of 0 seconds cep dot1x mac pwa Optional Specifies authentication ty...

Page 1312: ...configure the Secure Shell SSH protocol which provides secure Telnet Commands The commands used to review and configure SSH are listed below and described in the associated section as shown show ssh state Section 14 3 11 1 set ssh Section 14 3 11 2 set ssh hostkey Section 14 3 11 3 show router ssh Section 14 3 11 4 set router ssh Section 14 3 11 5 clear router ssh Section 14 3 11 6 ...

Page 1313: ... 1 show ssh state Use this command to display the current status of SSH on the device show ssh state Syntax Description None Command Type Switch command Command Mode Read Only Command Defaults None Examples This example shows how to display SSH status on the device Matrix rw show ssh state SSH Server status Disabled ...

Page 1314: ...able or reinitialize SSH server on the device set ssh enable disable reinitialize Syntax Description Command Type Switch command Command Mode Read Write Command Defaults None Example This example shows how to disable SSH enable disable Enables or disables SSH or reinitializes the SSH server reinitialize Reinitializes the SSH server Matrix rw set ssh disable ...

Page 1315: ...this command to set or reinitialize new SSH authentication keys set ssh hostkey reinitialize Syntax Description Command Type Switch command Command Mode Read Write Command Defaults None Example This example shows how to regenerate SSH keys reinitialize Reinitializes the server host authentication keys Matrix rw set ssh hostkey reinitialize ...

Page 1316: ... router ssh Use this command to display the state of SSH service to the router show router ssh Syntax Description None Command Type Switch command Command Mode Read Only Command Defaults None Example This example shows how to display the state of SSH service to the router Matrix rw show router ssh SSH Server status Enabled ...

Page 1317: ... Use this command to enables or disable SSH service to the router set router ssh enable disable Syntax Description Command Type Switch command Command Mode Read Write Command Defaults None Example This example shows how to disable SSH service to the router enable disable Enables or disable SSH service Matrix rw set router ssh disable ...

Page 1318: ...r ssh Use this command to reset SSH service to the router to the default state of disabled clear router ssh Syntax Description None Command Type Switch command Command Mode Read Write Command Defaults None Example This example shows how to reset SSH service to the router to the default state of disabled Matrix rw clear router ssh ...

Page 1319: ...d source IP address restrictions Commands The commands used to review and configure security access lists are listed below and described in the associated section as shown show access lists Section 14 3 12 1 access list standard Section 14 3 12 4 access list extended Section 14 3 12 3 ip access group Section 14 3 12 4 ROUTER These commands can be executed when the device is in router mode only For...

Page 1320: ...ch permits or denies ICMP UDP and IP frames based on restrictions configured with the one of the access list commands For details on configuring standard access lists refer to Section 14 3 12 4 For details on configuring extended access lists refer to Section 14 3 12 3 access list number Optional Displays access list information for a specific access list number Valid values are between 1 and 199 ...

Page 1321: ...s for standard ACLs are 1 to 99 For extended ACLs valid values are 100 to 199 access list number Specifies a standard access list number Valid values are from 1 to 99 insert replace entry Optional Inserts this new entry before a specified entry in an existing ACL or replaces a specified entry with this new entry log 1 5000 all Enable syslog for ACL entry hits Enable syslog for sequential number of...

Page 1322: ...s of the network addresses Any host with a source address that does not match the access list statements will be rejected protocol Specifies an IP protocol for which to deny or permit access Valid values and their corresponding protocols are ip Any Internet protocol icmp Internet Control Message Protocol udp User Datagram Protocol tcp Transmission Protocol source Specifies the network or host from...

Page 1323: ...curity Configuration Command Set Configuring Access Lists Matrix NSA Series Configuration Guide 14 163 This example moves entry 16 to the beginning of ACL 22 Matrix Router1 config access list 22 move 1 16 ...

Page 1324: ... access list access list number move destination source1 source2 To log entries within an ACL access list access list number log 1 5000 all To apply ACL restrictions to IP UDP TCP or ICMP packets access list access list number deny permit protocol source source wildcard operator port destination destination wildcard operator port tos extensions icmp type icmp code established log Advanced License ...

Page 1325: ...the range to be moved Source2 optional is the last entry number in the range to be moved If not specified only the source1 entry will be moved deny permit Denies or permits access if specified conditions are met protocol Specifies an IP protocol for which to deny or permit access Valid values and their corresponding protocols are 0 255 Any IP protocol number as listed in http www iana org assignme...

Page 1326: ...ible operands include lt port Match only packets with a lower port number gt port Match only packets with a greater port number eq port Match only packets on a given port number neq port Match only packets not on a given port number range min sport max sport Match only packets in the range of source ports range min dport max dport Match only packets in the range of destination ports tos extensions...

Page 1327: ...f operator and port are not specified access parameters will be applied to all TCP or UDP ports Examples This example shows how to define access list 101 to deny ICMP transmissions from any source and for any destination This example shows how to define access list 102 to deny TCP packets transmitted from IP source 10 1 2 1 with a port number of 42 to any destination This example shows how to defi...

Page 1328: ... Lists 14 168 Matrix NSA Series Configuration Guide This example shows how to define access list 102 to deny TCP packets transmitted from any IP source port with a the DiffServ value set to 55 Matrix Router1 config access list 102 deny tcp any any dscp 55 ...

Page 1329: ... Vlan vlan_id Command Defaults None Example This example shows how to apply access list 1 for all inbound frames on VLAN 1 Through the definition of access list 1 only frames with destination 192 5 34 0 will be routed All the frames with other destination received on VLAN 1 are dropped NOTE ACLs must be applied per routing interface An entry rule can either be applied to inbound or outbound frames...

Page 1330: ...the ACL check is exited and the map having the ACL matching the packet is checked for further routing instruction If the action of that map is permit and a next hop is specified policy based routing will forward the packet to the next hop specified in that map Otherwise it will forward the packet on the normal routing path using a route lookup One route map list is allowed per routing interface Pu...

Page 1331: ...Security Configuration Command Set Configuring Policy Based Routing Matrix NSA Series Configuration Guide 14 171 ip policy pinger Section 14 3 13 9 ...

Page 1332: ...esses matching ACL lists 2 3 4 8 or 110 will be forwarded to next hop 10 2 1 1 10 2 2 1 or 10 2 3 1 The route map list was created using the route map command Section 14 3 13 2 The packet source IP address was then matched to an ACL using the match ip address command Section 14 3 13 3 and the packet s next hops were defined using the set next hop command Section 14 3 13 4 id number Specifies the I...

Page 1333: ...ing route map list by specifying the list s id number and a new sequence number id number Specifies a route map list ID number to which this route map will be added If an unused ID number is specified a new route map list will be created Valid values are for policy based routing are 100 199 permit Optional Permits the packet to bypass route lookup and be forwarded to the next hop configured in the...

Page 1334: ... Command Defaults If permit or deny is not specified this command will enable route map or policy based routing configuration mode If sequence number is not specified 10 will be applied Example This example shows how to create route map 101 with a sequence order of 20 Matrix Router1 config route map 101 permit 20 ...

Page 1335: ... match between an access list and this route map no match ip address access list number Command Type Router command Command Modes Policy based routing configuration Matrix Router1 config route map pbr Command Defaults None Example This example shows how to match a packet source IP address to access list 1 ip address Matches packet source IP addresses to the specified access list access list number...

Page 1336: ...the no Form The no form of this command deletes next hop IP address es no set next hop next hop1 next hop2 next hop5 Command Type Router command Command Mode Policy based routing configuration Matrix Router1 config route map pbr Command Defaults None Example This example shows how to set IP address 10 2 3 4 as the next hop for packets matching ACL 1 next hop Specifies a next hop IP address es Up t...

Page 1337: ...mand output Matrix Router1 config show ip policy Interface Route map Priority Load policy Pinger Interval Retries 3 103 first first available off 3 3 2 102 only round robin on 10 4 Table 14 8 show ip policy Output Details Output What It Displays Interface Routing interface Route map Route map assigned to the routing interface using the ip policy route map command as described in Section 14 3 13 6 ...

Page 1338: ...olicy pinger command as described in Section 14 3 13 9 Interval PBR next hop ping interval in seconds Default of 3 can be reset using the ip policy pinger command as described in Section 14 3 13 9 Retries Number of PBR next hop ping retries Default of 3 can be reset using the ip policy pinger command as described in Section 14 3 13 9 Table 14 8 show ip policy Output Details Continued Output What I...

Page 1339: ...e map list no ip policy route map Command Type Router command Command Mode Interface configuration Matrix Router1 config if Vlan vlan_id Command Defaults None Example This example shows how to assign route map 101 to VLAN 1 id number Specifies a route map ID number Valid values are 100 199 and must match a value previously set using the route map command Section 14 3 13 2 NOTE Only one route map l...

Page 1340: ... Interface configuration Matrix Router1 config if Vlan vlan_id Command Defaults None Example This example shows how to set the IP policy priority on VLAN 1 to last only first last Prioritizes use of the PBR configured policy as opposed to doing a lookup in the FIB Forward Information Base route table for a next hop as follows only uses the PBR next hop but if it is unavailable drops the packet fir...

Page 1341: ...yntax of the no Form The no form of this command resets the next hop behavior to first available no ip policy load policy Command Type Router command Command Mode Interface configuration Matrix Router1 config if Vlan vlan_id Command Defaults If pinger is not specified none is configured Example This example shows how to set the load policy behavior on VLAN 1 to round robin first available round ro...

Page 1342: ...ts If not specified interval will be set to 3 seconds If not specified retries will be set to 3 Example This example shows how to configure the PBR ping interval to 5 and retries to 4 on VLAN 1 off Turns ping off so all next hops are available by default on Starts pinging all next hops in the route map list interval interval Optional When ping is on specifies the ping interval in seconds Valid val...

Page 1343: ...protect the router from attacks and notify administrators via Syslog Commands The commands used to configure DoS prevention are listed below and described in the associated section as shown show hostdos Section 14 3 14 1 hostdos Section 14 3 14 2 clear hostdos counters Section 14 3 14 3 ROUTER These commands can be executed when the device is in router mode only For details on how to enable router...

Page 1344: ...splay Denial of Service security status and counters For details on how to set these parameters refer to Section 14 3 14 2 NOTE When fragmented ICMP packets protection is enabled the Ping of Death counter will not be incremented Ping of Death is a subset of the fragmented ICMP function Matrix Router1 config show hostdos LANDd Attack Destination IP Source IP Disabled Spoofed Address Check Disabled ...

Page 1345: ...Vlan vlan_id Command Defaults None land Enables land attack protection and automatically discards illegal frames This can be enabled globally or per interface fragmicmp Enables fragmented ICMP and Ping of Death packets protection and automatically discards illegal frames This can only be enabled globally largeicmp size Enables large ICMP packets protection specifies the packet size above which the...

Page 1346: ...how to globally enable land attack and large ICMP packets protection for packets larger than 2000 bytes This example shows how to enable spoofed address checking on the VLAN 1 interface Matrix Router1 config hostdos land Matrix Router1 config hostdos largeicmp 2000 Matrix Router1 config interface vlan 1 Matrix Router1 config if Vlan 1 hostdos checkspoof ...

Page 1347: ...dos counters Use this command to clear Denial of Service security counters clear hostdos counters Syntax Description None Command Type Router command Command Mode Global configuration Matrix Router config Command Defaults None Example This example shows how to clear Denial of Service security counters Matrix Router config clear hostdos counters ...

Page 1348: ... Globally enable FST on the switch and on a port by port basis Configure the maximum flows allowed per user classification port type and the actions that will occur when flow limits are reached Assign a user classification to each interface Control the generation of SNMP notifications Control the time in seconds to wait before generating another notification of the same type on the same interface ...

Page 1349: ...onfiguration Guide 14 189 set flowlimit port Section 14 3 15 8 clear flowlimit port class Section 14 3 15 9 set flowlimit shutdown Section 14 3 15 10 set flowlimit notification Section 14 3 15 11 clear flowlimit notification interval Section 14 3 15 12 clear flowlimit stats Section 14 3 15 13 ...

Page 1350: ...tion will be displayed for all ports Example This example shows how to display flow limiting information for Fast Ethernet port 1 in port group 2 In this case it is enabled for FST with an unspecified port classification is currently operational and has no FST action assigned port port string Optional Displays flow limiting port settings for one or all ports stats port string Optional Displays flo...

Page 1351: ...mmand to globally enable or disable flow setup throttling set flowlimit enable disable Syntax Description Command Type Switch command Command Mode Read Write Command Defaults None Example This example shows how to enable FST on Fast Ethernet ports 1 5 in port group 2 enable disable Globally enables or disables FST Matrix rw set flowlimit fe 2 1 5 enable ...

Page 1352: ...rt aggregateduser interswitchlink unspecified Syntax Description Command Type Switch command Command Mode Read Write Command Defaults If classification port type is not specified none will be applied limit1 limit2 Specifies this configuration as limit 1 or 2 Two limits assigned to two actions describing what will occur when a certain flow limit is reached can be defined per user classification lim...

Page 1353: ... Set Configuring Flow Setup Throttling FST Matrix NSA Series Configuration Guide 14 193 Example This example shows how to set the flow limit 1 to 12 flows on ports classified as user ports Matrix rw set flowlimit limit1 12 userport ...

Page 1354: ...h command Command Mode Read Write Command Defaults If not specified the limit will be removed from all port classification types Example This example shows how to remove flow limit 1 from all port classifications limit1 limit2 Specifies the configuration to be removed as limit 1 or 2 userport serverport aggregateduser interswitchlink unspecified Optional Removes this limit configuration from the u...

Page 1355: ...ned per user classification Action number must correspond to a flow limit configured using the set flowlimit limit command as described in Section 14 3 15 3 notify Optional When flow limit is reached generates an SNMP trap notification if the set flowlimit notification function is enabled as described in Section 14 3 15 11 drop Optional When flow limit is reached drops excess flows and discard pac...

Page 1356: ...mmand Defaults If action is not specified no action will be applied If classification port type is not specified none will be applied Example This example shows how to set flow limiting action 1 to discard all flows exceeding flow limit 1 on ports classified as user ports Matrix rw set flowlimit action 1 discard userport ...

Page 1357: ...on types will be removed If not specified the action will be removed from all port classifications Example This example shows how to remove flow limiting action 1 from all port classifications action1 action2 Specifies the configuration to be removed as action 1 or 2 notify Optional Removes the notify action drop Optional Removes the drop action disable Optional Removes the disable action userport...

Page 1358: ...port aggregateduser interswitchlink unspecified Syntax Description Command Type Switch command Command Mode Read Only Command Defaults If port classification type is not specified information related to all classifications will be displayed userport serverport aggregateduser interswitchlink unspecified Optional Displays flow limiting information related to the following classification user port se...

Page 1359: ...how flowlimit class Flow setup throttling class configuration Class Limit Action userPort limit1 800 action1 notify limit2 1000 action2 disable notify serverPort limit1 5000 action1 notify limit2 6000 action2 disable notify aggregatedUserPort limit1 5000 action1 notify limit2 6000 action2 disable notify interSwitchLink limit1 14000 action1 notify limit2 16000 action2 disable notify unspecified lim...

Page 1360: ... previously disabled by a flow limiting action set flowlimit port enable disable class userport serverport aggregateduser interswitchlink unspecified status operational port string Syntax Description Command Type Switch command Command Mode Read Write Command Defaults If port string is not specified settings will apply to all ports enable disable Enables or disables flow limiting on specified port...

Page 1361: ...ing Flow Setup Throttling FST Matrix NSA Series Configuration Guide 14 201 Example This example shows how to assign the user port classification type to Fast Ethernet ports 3 5 in port group 2 Matrix rw set flowlimit port class userport fe 2 3 5 ...

Page 1362: ...ar flowlimit port class port string Syntax Description Command Type Switch command Command Mode Read Write Command Defaults If port string is not specified classifications will be removed from all ports Example This example shows how to clear port classifications from all Gigabit Ethernet ports port string Optional Specifies port s on which to remove flow limiting classification properties Matrix ...

Page 1363: ...a disable action to shut down For information on using the set flowlimit limit command to configure set a disable action on a port refer to Section 14 3 15 3 set flowlimit shutdown enable disable Syntax Description Command Type Switch command Command Mode Read Write Command Defaults None Example This example shows how to enable the flow limit shut down function enable disable Enables or disables t...

Page 1364: ... limit is reached For information on using the set flowlimit limit command to configure a trap action on a port refer to Section 14 3 15 3 set flowlimit notification disable enable interval Syntax Description Command Type Switch command Command Mode Read Write Command Defaults None Example This example shows how to enable the flow limit notification function disable enable Disables or enables SNMP...

Page 1365: ...se this command to reset the SNMP flow limit notification interval to the default value of 120 seconds clear flowlimit notification interval Syntax Description None Command Type Switch command Command Mode Read Write Command Defaults None Example This example shows how to reset the SNMP flow limit notification interval Matrix rw clear flowlimit notification interval ...

Page 1366: ...e port s clear flowlimit stats port string Syntax Description Command Type Switch command Command Mode Read Write Command Defaults If port string is not specified statistics will be reset on all ports Example This example shows how to reset flow limiting statistics back to default values on Fast Ethernet port 5 in port group 1 port string Optional Resets flow limiting statistics on specific port s...

Page 1367: ...le password 13 44 Port web 14 51 RADIUS server 14 12 14 17 14 27 RIP 13 13 SSH 14 155 VRRP 13 105 Auto negotiation 4 50 B Banner for Message of the Day 2 72 Baud Rate 4 9 Broadcast settings for IP routing 12 29 suppression enabling on ports 4 82 C CIDR 13 23 Cisco Discovery Protocol configuring 3 12 Class of Service 8 24 8 32 8 44 Classification Policies 8 1 Classification Rules 8 22 clear policy ...

Page 1368: ...up Throttling FST 14 20 14 188 G Getting Help 1 3 GVRP enabling and disabling 7 40 purpose of 7 33 timer 7 42 H H 323 detection 14 101 Hardware show system 2 52 2 74 Hello Packets 13 42 to 13 43 Help context sensitive 2 14 keyword lookups 2 15 I ICMP 11 32 12 44 IGMP 10 1 enabling and disabling 10 3 Image File copying 2 114 downloading 2 94 Ingress Filtering 7 11 7 21 Interface Configuration Mode ...

Page 1369: ...ry Protocol 2 119 Multicast Filtering 10 1 10 2 Multiple Authentication 14 133 Multiple Spanning Tree Protocol MSTP 6 1 N Name setting for a VLAN 7 8 setting for the system 2 75 Neighbors OSPF 13 69 RIP 13 6 NetFlow configuring 11 152 versions supported 11 153 Network Management addresses and routes 11 98 monitoring switch events and status 11 26 Network Statistics displaying for switch 11 30 RMON...

Page 1370: ...iewing statistics 4 27 duplex mode setting 4 41 enabling and disabling 4 33 flow control 4 62 MAC lock 14 123 mirroring 4 89 priority configuring 9 2 speed setting 4 41 status reviewing 4 23 Priority OSPF 13 38 VRRP 13 95 Priority to Transmit Queue Mapping 9 6 Prompt in router mode 2 144 set 2 68 2 69 PWA 14 51 R RAD 11 103 RADIUS 14 9 14 24 RADIUS server 14 12 14 17 14 27 Rapid Spanning Tree Prot...

Page 1371: ...s 6 5 features 6 2 Loop Protect feature 6 2 port parameters 6 91 Rapid Spanning Tree Protocol RSTP 6 1 Split Horizon 13 25 Stub Areas 13 50 Syslog 11 2 System Information displaying basic 2 50 setting basic 2 42 T Technical Support 1 3 Telnet disconnecting 11 36 enabling in switch mode 2 102 Terminal Settings 2 78 TFTP downloading firmware upgrades via 2 94 Timeout ARP 12 27 CLI system 2 81 RADIUS...

Page 1372: ...ngress filtering 7 11 naming 7 8 reviewing existing 7 3 secure management creating 7 32 VRRP authentication 13 105 configuration mode enabling 13 91 creating a session 13 92 critical IP 13 99 enabling on an interface 13 104 priority 13 95 virtual router address 13 93 W WebView 1 3 2 10 2 11 ...

Reviews:

No comments