Enterasys SECURESTACK C3 Configuration Manual Download Page 526

Page: 526 / 872

Dynamic ARP Inspection Overview

17-16

DHCP Snooping and Dynamic ARP Inspection

intercepts

traffic

for

other

stations

poisoning

the

ARP

caches

its

unsuspecting

neighbors.

ARP

poisoning

tactic

where

attacker

injects

false

ARP

packets

into

the

subnet,

normally

broadcasting

ARP

responses

which

the

attacker

claims

someone

else.

poisoning

the

ARP

cache,

malicious

user

can

intercept

the

traffic

intended

for

other

hosts

the

network.

The

Dynamic

ARP

Inspection

application

performs

ARP

packet

validation.

When

DAI

enabled,

verifies

that

the

sender

MAC

address

and

the

source

address

are

valid

pair

the

DHCP

snooping

binding

database

and

drops

ARP

packets

whose

sender

MAC

address

and

sender

address

not

match

entry

the

database.

Additional

ARP

packet

validation

can

configured.

DHCP

snooping

disabled

the

ingress

VLAN

the

receive

interface

trusted

for

DHCP

snooping,

ARP

packets

are

dropped.

Functional Description

DAI

enabled

VLANs,

effectively

enabling

DAI

the

interfaces

(physical

ports

LAGs)

that

are

members

that

VLAN.

Individual

interfaces

are

configured

trusted

untrusted.

The

trust

configuration

for

DAI

independent

the

trust

configuration

for

DHCP

snooping.

trusted

port

the

network

administrator

does

not

consider

security

threat.

untrusted

port

one

which

could

potentially

used

launch

network

attack.

DAI

considers

all

physical

ports

and

LAGs

untrusted

default.

Static Mappings

Static

mappings

are

useful

when

hosts

configure

static

addresses,

DHCP

snooping

cannot

run,

other

switches

the

network

not

run

dynamic

ARP

inspection.

static

mapping

associates

address

MAC

address

VLAN.

DAI

consults

its

static

mappings

before

consults

DHCP

snooping

—

thus,

static

mappings

have

precedence

over

DHCP

snooping

bindings.

ARP

ACLs

are

used

define

static

mappings

for

DAI.

this

implementation,

only

the

subset

ARP

ACL

syntax

required

for

DAI

supported.

ARP

ACLs

are

completely

independent

ACLs

used

for

QoS.

maximum

100

ARP

ACLs

can

configured.

Within

ACL,

maximum

rules

can

configured.

Optional ARP Packet Validation

optional

ARP

packet

validation

has

been

configured,

DAI

verifies

that

the

sender

MAC

address

equals

the

source

MAC

address

the

Ethernet

header.

Additionally,

the

option

verify

that

the

target

MAC

address

equals

the

destination

MAC

address

the

Ethernet

header

can

configured.

This

check

only

applies

ARP

responses,

since

the

target

MAC

address

unspecified

ARP

requests.

You

can

also

enable

address

checking.

When

this

option

enabled,

DAI

drops

ARP

packets

with

invalid

address.

The

following

addresses

are

considered

invalid:

•

0.0.0.0

•

255.255.255.255

•

All

multicast

addresses

•

All

class

addresses

(240.0.0.0/4)

•

Loopback

addresses

(in

the

range

127.0.0.0/8)

Summary of Contents for SECURESTACK C3

Page 1: ...Enterasys SecureStack C3 Stackable Switches Configuration Guide Firmware Version 6 03 xx xxxx P N 9034313 07...

Page 2: ......

Page 3: ...BILITY OF SUCH DAMAGES Enterasys Networks Inc 50 Minuteman Road Andover MA 01810 2009 Enterasys Networks Inc All rights reserved Part Number 9034313 07 June 2009 ENTERASYS ENTERASYS NETWORKS ENTERASYS...

Page 4: ...and conditions of this Agreement 2 RESTRICTIONS Except as otherwise authorized in writing by Enterasys You may not nor may You permit any third party to a Reverse engineer decompile disassemble or mo...

Page 5: ...THE PROGRAM TO YOU 7 LIMITATION OF LIABILITY IN NO EVENT SHALL ENTERASYS OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING WITHOUT LIMITATION DAMAGES FOR LOSS OF BUSINESS PROFITS BUSINE...

Page 6: ...each of this Agreement 12 WAIVER A waiver by Enterasys of a breach of any of the terms and conditions of this Agreement must be in writing and will not be construed as a waiver of any subsequent breac...

Page 7: ...a Stack 2 3 Adding a New Unit to an Existing Stack 2 3 Creating a Virtual Switch Configuration 2 3 Considerations About Using Clear Config in a Stack 2 5 Issues Related to Mixed Type Stacks 2 5 Featu...

Page 8: ...me 3 21 set summertime 3 22 set summertime date 3 22 set summertime recurring 3 23 clear summertime 3 24 set prompt 3 24 show banner motd 3 25 set banner motd 3 25 clear banner motd 3 26 show version...

Page 9: ...50 Purpose 3 50 Commands 3 50 reset 3 50 clear config 3 51 Using and Configuring WebView 3 52 Purpose 3 52 Commands 3 52 show webview 3 52 set webview 3 53 show ssl 3 53 set ssl 3 54 Gathering Techni...

Page 10: ...et ciscodp timer 6 9 set ciscodp holdtime 6 10 set ciscodp port 6 10 clear ciscodp 6 12 Configuring Link Layer Discovery Protocol and LLDP MED 6 13 Overview 6 13 Purpose 6 13 Commands 6 14 Configurati...

Page 11: ...alias 7 9 set port alias 7 9 Setting Speed and Duplex Mode 7 11 Purpose 7 11 Commands 7 11 show port speed 7 11 set port speed 7 12 show port duplex 7 12 set port duplex 7 13 Enabling Disabling Jumbo...

Page 12: ...mands 7 38 show port mirroring 7 38 set port mirroring 7 39 clear port mirroring 7 40 set mirror vlan 7 40 clear mirror vlan 7 41 Link Aggregation Control Protocol LACP 7 42 LACP Operation 7 42 LACP T...

Page 13: ...ommunity 8 14 clear snmp community 8 15 Configuring SNMP Access Rights 8 15 Purpose 8 15 Commands 8 16 show snmp access 8 16 set snmp access 8 18 clear snmp access 8 19 Configuring SNMP MIB Views 8 19...

Page 14: ...Bridge Parameters 9 3 Purpose 9 3 Commands 9 4 show spantree stats 9 5 set spantree 9 7 show spantree version 9 7 set spantree version 9 8 clear spantree version 9 9 show spantree bpdu forwarding 9 9...

Page 15: ...autoedge 9 33 Configuring Spanning Tree Port Parameters 9 34 Purpose 9 34 Commands 9 34 set spantree portadmin 9 34 clear spantree portadmin 9 35 show spantree portadmin 9 35 show spantree portpri 9 3...

Page 16: ...name 10 7 Assigning Port VLAN IDs PVIDs and Ingress Filtering 10 8 Purpose 10 8 Commands 10 8 show port vlan 10 8 set port vlan 10 9 clear port vlan 10 9 show port ingress filter 10 10 set port ingres...

Page 17: ...ing Policy Class of Service CoS 11 17 About Policy Based CoS Configurations 11 17 About CoS Based Flood Control 11 19 Commands 11 20 set cos state 11 20 show cos state 11 21 clear cos state 11 21 set...

Page 18: ...13 4 set igmpsnooping groupmembershipinterval 13 4 set igmpsnooping maxresponse 13 5 set igmpsnooping mcrtrexpiretime 13 6 set igmpsnooping add static 13 6 set igmpsnooping remove static 13 7 show ig...

Page 19: ...t 14 17 show netstat 14 17 Managing Switch Network Addresses and Routes 14 19 Purpose 14 19 Commands 14 19 show arp 14 19 set arp 14 20 clear arp 14 21 traceroute 14 21 show mac 14 22 show mac agetime...

Page 20: ...15 6 Commands 15 6 show rmon history 15 6 set rmon history 15 7 clear rmon history 15 7 Alarm Group Commands 15 9 Purpose 15 9 Commands 15 9 show rmon alarm 15 9 set rmon alarm properties 15 10 set rm...

Page 21: ...clear dhcp pool network 16 15 set dhcp pool hardware address 16 15 clear dhcp pool hardware address 16 16 set dhcp pool host 16 16 clear dhcp pool host 16 17 set dhcp pool client identifier 16 17 cle...

Page 22: ...ics 17 14 clear dhcpsnooping database 17 14 clear dhcpsnooping limit 17 15 Dynamic ARP Inspection Overview 17 15 Functional Description 17 16 Basic Configuration 17 18 Example Configuration 17 19 Dyna...

Page 23: ...se 19 16 Commands 19 16 ip directed broadcast 19 16 ip forward protocol 19 17 ip helper address 19 18 Reviewing IP Traffic and Configuring Routes 19 19 Purpose 19 19 Commands 19 19 show ip route 19 19...

Page 24: ...area range 20 21 area stub 20 22 area default cost 20 23 area nssa 20 23 area virtual link 20 24 redistribute 20 25 show ip ospf 20 26 show ip ospf database 20 27 show ip ospf interface 20 28 show ip...

Page 25: ...show ip pimsm staticrp 20 58 show ip mroute 20 59 Chapter 21 IPv6 Management Purpose 21 1 Commands 21 1 show ipv6 status 21 1 set ipv6 21 2 set ipv6 address 21 3 show ipv6 address 21 4 clear ipv6 add...

Page 26: ...IPv6 Proxy Routing Overview 23 1 Limitations 23 2 Preparing a Mixed Stack for IPv6 Proxy Routing 23 2 Commands 23 3 ipv6 proxy routing 23 3 show ipv6 proxy routing 23 3 Chapter 24 DHCPv6 Configuration...

Page 27: ...ea nssa default info originate 25 12 area nssa no redistribute 25 12 area nssa no summary 25 13 area nssa translator role 25 14 area nssa translator stab intv 25 14 area range 25 15 area stub 25 16 ar...

Page 28: ...5 Configuring RADIUS 26 6 Purpose 26 6 Commands 26 6 show radius 26 6 set radius 26 7 clear radius 26 9 show radius accounting 26 10 set radius accounting 26 10 clear radius accounting 26 11 show rad...

Page 29: ...h station 26 43 show multiauth session 26 43 show multiauth idle timeout 26 44 set multiauth idle timeout 26 45 clear multiauth idle timeout 26 46 show multiauth session timeout 26 46 set multiauth se...

Page 30: ...equest 26 77 set pwa portcontrol 26 77 show pwa session 26 78 set pwa enhancedmode 26 79 Configuring Secure Shell SSH 26 80 Purpose 26 80 Commands 26 80 show ssh status 26 80 set ssh 26 80 set ssh hos...

Page 31: ...16 show sflow agent 28 17 Appendix A Policy and Authentication Capacities Policy Capacities A 1 Authentication Capacities A 2 Index Figures 1 1 SecureStack C3 Startup Screen 1 6 1 2 Sample CLI Default...

Page 32: ...8 11 3 Valid Values for Policy Classification Rules 11 12 14 1 show logging server Output Details 14 3 14 2 show logging application Output Details 14 7 14 3 Mnemonic Values for Logging Applications...

Page 33: ...nd Output Details 25 39 25 8 show ipv6 ospf interface stats Output Details 25 41 25 9 show ipv6 ospf neighbor Output Details 25 43 25 10 show ipv6 ospf neighbor routerid Output Details 25 44 25 11 sho...

Page 34: ...xxxii...

Page 35: ...including 802 1X and RADIUS SSHv2 PWA MAC locking and MAC authentication Configure access control lists ACLs Structure of This Guide The guide is organized as follows Chapter 1 Introduction provides a...

Page 36: ...er profiles to frame filtering policies how to classify frames to a VLAN or Class of Service CoS and how to assign or unassign ports to policy profiles so that only ports activated for a profile will...

Page 37: ...w to configure 802 1X authentication using EAPOL how to configure RADIUS server Secure Shell server MAC authentication MAC locking Port Web Authentication and IP access control lists ACLs Chapter 27 T...

Page 38: ...r optional Square brackets indicate an optional value Braces indicate required values One or more values may be required A vertical bar indicates a choice in values x y z Square brackets with a vertic...

Page 39: ...your network environment for example layout cable type Network load and frame size at the time of trouble if known The switch history for example have you returned the switch before is this a recurrin...

Page 40: ...Getting Help xxxviii About This Guide...

Page 41: ...e Assign IP address and subnet mask Select a default gateway Establish and manage Virtual Local Area Networks VLANs Establish and manage policy profiles and classifications Establish and manage priori...

Page 42: ...to 180 seconds CDP interval Transmit frequency of CDP messages set to 60 seconds Cisco discovery protocol Auto enabled on all ports Cisco DP hold time Set to 180 seconds Cisco DP interval timer Set to...

Page 43: ...ation Classification rules are automatically enabled when created Port auto negotiation Enabled on all ports Port advertised ability Maximum ability advertised on all ports Port broadcast suppression...

Page 44: ...t priority All ports with bridge priority are set to 128 medium priority Spanning Tree priority Bridge priority is set to 32768 Spanning Tree topology change trap suppression Enabled Spanning Tree ver...

Page 45: ...led IP forward protocol Enabled with no port specified IP interfaces Disabled with no IP addresses specified IRDP Disabled on all interfaces When enabled maximum advertisement interval is set to 600 s...

Page 46: ...r Account on page 1 7 Figure 1 1 SecureStack C3 Startup Screen Split horizon Enabled for RIP packets without poison reverse Stub area OSPF None configured Telnet Enabled Telnet port IP Set to port num...

Page 47: ...o all modifiable parameters The default password is set to a blank string For information on changing these default settings refer to Setting User Accounts and Passwords on page 3 2 Using a Default Us...

Page 48: ...Only access will only be permitted to view Read Only show commands Users with Read Write access will be able to modify all modifiable parameters in set and show commands as well as view Read Only com...

Page 49: ...Figure 1 5 shows how the show mac command indicates that output continues on more than one screen Figure 1 5 Scrolling Screen Output Abbreviating and Completing Commands The SecureStack C3 switch allo...

Page 50: ...123 Table 1 3 Basic Line Editing Commands Key Sequence Command Ctrl A Move cursor to beginning of line Ctrl B Move cursor back one character Ctrl D Delete a character Ctrl E Move cursor to end of lin...

Page 51: ...d as described in the SecureStack C3 Installation Guides the following occurs during initialization The switch that will manage the stack is automatically established This is known as the manager swit...

Page 52: ...Up to Eight Units Use the following procedure for installing a new stack of up to eight units out of the box 1 Before applying power make all physical connections with the stack cables as described i...

Page 53: ...all members have been renumbered in the order you desire 8 After the stack has been reconfigured you can use the show switch unit command show switch on page 2 6 to physically confirm the identity of...

Page 54: ...1 0xa08245 2 C2K122 24 1 0xa08245 3 C2G124 48 1 0xa08245 4 C2G124 48P 1 0xa08245 5 C2H124 48 1 0xa08245 6 C2H124 48P 1 0xa08245 7 C2G134 24P 1 0xa08245 8 C2G170 24 1 0xa08245 9 C3G124 24P 1 0xa08245...

Page 55: ...factory defaults option from the boot menu on switch startup This selection will leave stacking priorities on all other units Issues Related to Mixed Type Stacks Feature Support Because the SecureStac...

Page 56: ...been configured you can use this command to physically confirm the identity of each unit When you enter the command with a unit number the MGR LED of the specified switch will blink for 10 seconds The...

Page 57: ...ow switch 1 Switch 1 Management Status Management Switch Hardware Management Preference Unassigned Admin Management Preference Unassigned Switch Type C3G124 24 Preconfigured Model Identifier C3G124 24...

Page 58: ...C3G124 48P 1 0xa08245 11 C3G124 48 1 0xa08245 12 C3G124 24 1 0xa08245 13 C3K172 24 1 0xa08245 15 C3K122 24 1 0xa08245 17 C3K122 24P 1 0xa08245 This example shows how to display switch type informatio...

Page 59: ...s priority for becoming the management switch if the previous management switch fails or to change the switch unit ID for a switch in the stack Syntax set switch unit priority value renumber newunit P...

Page 60: ...the management image file will be replicated to all switches in the stack Mode Switch command read write Example This example shows how to replicate the management image file to all switches in the s...

Page 61: ...h 1 to switch 2 C3 su set switch movemenagement 1 2 Moving stack management will unconfigure entire stack including all interfaces Are you sure you want to move stack management y n y set switch membe...

Page 62: ...xample This example shows how to specify a switch as unit 1 with a switch ID of 1 C3 su set switch member 1 1 clear switch member Use this command to remove a member entry from the stack Syntax clear...

Page 63: ...mand For information about Refer to page Quick Start Setup Commands 3 1 Setting User Accounts and Passwords 3 2 Setting Basic Switch Properties 3 9 Downloading a Firmware Image 3 32 Reviewing and Sele...

Page 64: ...nk traps set port trap port string enable disable 7 25 Set the per port broadcast limit set port broadcast port string threshold value 7 34 Configure a VLAN set vlan create vlan id 10 5 set port vlan...

Page 65: ...read only enabled rw read write enabled Table 3 1 provides an explanation of the command output Table 3 1 show system login Output Details Output Field What It Displays Password history size Number of...

Page 66: ...out parameters If the admin user account has been locked out you must wait until the configured lockout time period has expired or you can power cycle the switch to reboot it which will re enable the...

Page 67: ...dmin can change any password on the system If you forget the password for the admin user account you can reset the password to the default password value by pressing the password reset button on the s...

Page 68: ...assword changed C3 su set system password length Use this command to set the minimum user login password length Syntax set system password length characters Parameters Defaults None Mode Switch comman...

Page 69: ...tem with the set password command Syntax set system password history size Parameters Defaults None Mode Switch command super user Example This example shows how to configure the system to check the la...

Page 70: ...s to lockout the default admin super user account after maximum login attempts Syntax set system lockout attempts attempts time time Parameters Defaults None Mode Switch command super user Table 3 3 s...

Page 71: ...ckout attempts 5 time 30 Setting Basic Switch Properties Purpose To display and set the system IP address and other basic system switch properties Commands For information about Refer to page show ip...

Page 72: ...play the system IP address and subnet mask C3 su show ip address Name Address Mask host 10 42 13 20 255 255 0 0 clear summertime 3 24 set prompt 3 24 show banner motd 3 25 set banner motd 3 25 clear b...

Page 73: ...ddress to 10 1 10 1 with a mask of 255 255 128 0 C3 su set ip address 10 1 10 1 mask 255 255 128 0 clear ip address Use this command to clear the system IP address Syntax clear ip address Parameters N...

Page 74: ...only Example This example shows how to display the method used to acquire a network IP address C3 su show ip protocol System IP address acquisition method dhcp set ip protocol Use this command to spec...

Page 75: ...power and fan tray status and uptime Syntax show system Parameters None Defaults None Mode Switch command read only Example This example shows how to display system information C3 su show system Syste...

Page 76: ...or each switch is displayed PS1 Status Operational status for the primary power supply PS2 Status Operational status for the secondary power supply if installed Fanx Status Operational status of the f...

Page 77: ...out the processor running on the switch or the overall memory usage of the Flash and SDRAM storage devices on the unit or the processes running on the switch Only the memory usage in the master unit o...

Page 78: ...0 0 40 eb74120 bcmRX 2 00 2 91 4 48 eb7fbc8 bcmLINK 0 0 40 0 22 0 32 f00c9a0 bcmTX 0 00 0 33 0 53 f027648 bcmCNTR 0 0 00 0 00 0 03 f034858 bcmL2X 0 0 00 0 02 0 04 set system utilization Use this comma...

Page 79: ...t C3 rw show system utilization cpu CPU Utilization Threshold Traps enable Threshold 75 0 Total CPU Utilization Switch CPU 5 sec 1 min 5 min 1 1 10 10 10 C3 rw clear system utilization C3 rw show syst...

Page 80: ...o the system prompts you to confirm whether you want to proceed Syntax set system enhancedbuffermode enable disable Parameters Defaults None Mode Switch command read write Example This example shows h...

Page 81: ...slog message will be logged and or an SNMP trap will be sent The values set with this command can be viewed with the show system command Example The following example enables sending SNMP traps and se...

Page 82: ...o their defaults C3 su clear system temperature show time Use this command to display the current time of day in the system clock Syntax show time Parameters None Defaults None Mode Switch command rea...

Page 83: ...None Defaults None Mode Switch command read only Example This example shows how to display daylight savings time settings C3 su show summertime Summertime is disabled and set to Start SUN APR 04 02 0...

Page 84: ...ot specified none will be applied enable disable Enables or disables the daylight savings time function zone Optional Applies a name to the daylight savings time settings start_month Specifies the mon...

Page 85: ...d Mode Switch command read write Example This example shows how set daylight savings time to recur starting on the first Sunday of April at 2 a m and ending the last Sunday of October at 2 a m with an...

Page 86: ...ngs time configuration C3 su clear summertime set prompt Use this command to modify the command prompt Syntax set prompt prompt_string Parameters Defaults None Mode Switch command read write Example T...

Page 87: ...command to set the banner message of the day displayed at session login Syntax set banner motd message Parameters Defaults None Mode Switch command read write Example This example shows how to set th...

Page 88: ...This example shows how to clear the message of the day banner to a blank string C3 rw clear banner motd show version Use this command to display hardware and firmware information Refer to Downloading...

Page 89: ...d write Example This example shows how to set the system name to Information Systems C3 su set system name Information Systems Table 3 5 show version Output Details Output Field What It Displays Model...

Page 90: ...mand to identify a contact person for the system Syntax set system contact string Parameters Defaults If string is not specified the contact name will be cleared Mode Switch command read write string...

Page 91: ...described in set length on page 3 29 Example This example shows how to set the terminal columns to 50 C3 su set width 50 set length Use this command to set the number of lines the CLI will display Th...

Page 92: ...ed before timing out Syntax show logout Parameters None Defaults None Mode Switch command read only Example This example shows how to display the CLI logout setting C3 su show logout Logout currently...

Page 93: ...mple This example shows how to display all console settings C3 su show console Baud Flow Bits StopBits Parity 9600 Disable 8 1 none set console baud Use this command to set the console port baud rate...

Page 94: ...in cases when you cannot connect the switch to perform the in band copy download procedure via TFTP Serial console download has been successfully tested with the following applications HyperTerminal C...

Page 95: ...sword Boot Menu 2 3 Type 2 The following baud rate selection screen displays 1 1200 2 2400 3 4800 4 9600 5 19200 6 38400 7 57600 8 115200 0 no change 4 Type 8 to set the switch baud rate to 115200 The...

Page 96: ...d to downgrade to a previous version of code you can do so by completing the following steps as described in this chapter 1 Save your running configuration with the save config command 2 Make a copy o...

Page 97: ...rtup image by using the commands described in this section Commands show boot system Use this command to display the firmware image the switch loads at startup Syntax show boot system Parameters None...

Page 98: ...used at the next reboot of the system by answering n to the prompt The dir command is then executed to display the Active and Boot images C3 su set boot system c3_06 03 03 0007 This command can option...

Page 99: ...show telnet Use this command to display the status of Telnet on the switch Syntax show telnet Parameters None Defaults None Mode Switch command read only Example This example shows how to display Teln...

Page 100: ...C3 switch allows a total of four inbound and or outbound Telnet session to run simultaneously Syntax telnet host port Parameters Defaults If not specified the default port number 23 will be used Mode...

Page 101: ...persistent You can change the persistence mode from auto to manual with the set snmp persistmode command If the persistence mode is set to manual configuration commands will not be automatically writ...

Page 102: ...ssued as described in Configuration Persistence Mode on page 3 39 Example This example shows how to display the configuration persistence mode setting In this case persistence mode is set to manual wh...

Page 103: ...config Parameters None Defaults None Mode Switch command read write Example This example shows how to save the running configuration C3 su save config dir Use this command to list configuration and im...

Page 104: ...tive Version 06 03 00 0029 Size 9411584 bytes Date Fri Aug 1 06 55 23 2008 CheckSum 6126a7aadfdf05150afb6eca51982302 Compatibility platform specific Filename c3 series_06 03 00 0030 Boot Version 06 03...

Page 105: ...ic security model v2c exact read All write All notify All nonvolatile 26 27 set snmp access public security model usm exact read All write All notify All nonvolatile 28 29 set snmp community xxxxxxxxx...

Page 106: ...on for the facility port C3 rw show config port This command shows non default configurations only Use show config all to show both default and non default configurations begin NON DEFAULT CONFIGURATI...

Page 107: ...cannot use SFTP or SCP to download images system image filename Specifies the path and file name of the configuration file to execute append Optional Appends the configuration file contents to the cur...

Page 108: ...an1_2009 cfg delete Use this command to remove an image or a CLI configuration file from the switch Syntax delete filename Parameters Defaults None Mode Switch command read write Usage Use the dir com...

Page 109: ...command to configure how long TFTP will wait for a reply of either an acknowledgement packet or a data packet during a data transfer Syntax set tftp timeout seconds Parameters Defaults None Mode Swit...

Page 110: ...et either an acknowledgement packet or a data packet Syntax set tftp retry retry Parameters Defaults None Mode Switch command read write Example This example sets the retry count to 3 C3 rw set tftp r...

Page 111: ...clear tftp retry Clearing and Closing the CLI Purpose To clear the CLI screen or to close your CLI session Commands cls clear screen Use this command to clear the screen for the current CLI session S...

Page 112: ...the set logout command page 3 30 to change this default Example This example shows how to exit a CLI session C3 su exit Resetting the Switch Purpose To reset one or more switches and to clear the user...

Page 113: ...stacking members Reloading all switches This example shows how to reset unit 1 C3 su reset 1 Are you sure you want to reload the switch y n y Reloading switch 1 This switch is manager of the stack STA...

Page 114: ...e This example shows how to clear configuration parameters including stacking parameters if applicable C3 su clear config all Using and Configuring WebView Purpose By default WebView The Enterasys Net...

Page 115: ...disable Parameters Defaults None Mode Switch command read write Usage It is good practice for security reasons to disable HTTP access on the switch when finished configuring with WebView and then to...

Page 116: ...switch This command can also be used to reinitialize the hostkey that is used for encryption Syntax set ssl enabled disabled reinitialize hostkey reinitialize Parameters Defaults None Mode Switch comm...

Page 117: ...initiates a number of show commands to easily gather basic information from an installed device To use this command set your console to capture the output to a file first before executing the command...

Page 118: ...ommands show system hostprotect Use this command to display the status of the hostprotect feature Syntax show system hostprotect Parameters None Defaults Hostprotect is enabled by default Mode Switch...

Page 119: ...iority queue command the set will fail and a warning message will be displayed At run time if more than two priority queue mappings exist and you attempt to enable hostprotect with this command the se...

Page 120: ...ect status to enabled the command will not complete and you will get a warning message Example This example attempts to return the hostprotect status to the default but the command cannot complete bec...

Page 121: ...not significant Expiration type indicates whether the license is a permanent or an evaluation license If the license is an evaluation license this field will contain the expiration date of the license...

Page 122: ...g Stack on page 2 3 3 Use the set license command to install and activate the new switch s license The new switch will then join the stack and its ports will be attached Alternatively you can install...

Page 123: ...to move a license from one hardware platform to another you must contact Enterasys Customer Support to arrange for re hosting of the license Example This example shows how to activate a permanent lic...

Page 124: ...as show config or clear config do not affect licenses Example This example shows how to display license key information for switch unit 1 in the stack C3 ro show license unit 1 unit 1 key INCREMENT a...

Page 125: ...clear license SecureStack C3 Configuration Guide 4 5 Example This example shows how to clear the advrouter licensed feature C3 rw clear license featureId advrouter...

Page 126: ...clear license 4 6 Activating Licensed Features...

Page 127: ...r port PoE settings Commands show inlinepower Use this command to display system power properties Syntax show inlinepower Parameters None Defaults None Mode Switch command read only Important Notice T...

Page 128: ...The detection mode can be configured with the command set inlinepower detectionmode page 5 3 Unit Number of PoE capable module Status Whether the PoE administrative state is off disabled or auto on Th...

Page 129: ...hreshold is crossed Syntax set inlinepower trap disable enable module number Parameters Defaults Sending of traps is disabled by default Mode Switch command read write Usage The module s or unit s pow...

Page 130: ...switch s PD detection mode to IEEE standard 802 3af only C3 su set inlinepower detectionmode ieee show port inlinepower Use this command to display all ports supporting PoE Syntax show port inlinepowe...

Page 131: ...low type type Parameters Defaults None Mode Switch command read write Example This example shows how to enable PoE on port ge 3 1 with critical priority C3 su set port inlinepower ge 3 1 admin auto pr...

Page 132: ...set port inlinepower 5 6 Configuring System Power and PoE...

Page 133: ...protocol This protocol is used to discover network topology When enabled this protocol allows Enterasys devices to send periodic PDUs about themselves to neighboring devices Commands The commands use...

Page 134: ...o enable ge 1 5 auto enable ge 1 6 auto enable ge 1 7 auto enable ge 1 8 auto enable ge 1 9 auto enable Table 6 1 provides an explanation of the command output port string Optional Displays CDP status...

Page 135: ...d For details refer to set cdp auth on page 6 4 CDP Transmit Frequency Frequency in seconds at which CDP messages can be transmitted The default of 60 seconds can be reset with the set cdp interval co...

Page 136: ...A switch with the default authentication code 16 null characters will recognize all switches no matter what their authentication code and enter them into its CDP neighbor table Example This example sh...

Page 137: ...command to reset CDP discovery protocol settings to defaults Syntax clear cdp state port state port string interval hold time auth code Parameters Defaults At least one optional parameter must be ent...

Page 138: ...the CDP and the Cisco DP protocols Example This example displays Neighbor Discovery information for all ports C3 su show neighbors Port Device ID Port ID Type Network Address ge 1 1 00036b8b1587 12 2...

Page 139: ...d can be queried by the network administrator Commands The commands used to review and configure the Cisco discovery protocol are listed below Refer also to show neighbors on page 6 6 show ciscodp Use...

Page 140: ...utput Table 6 2 show ciscodp Output Details Output Field What It Displays CiscoDP Whether Cisco DP is globally enabled or disabled Auto indicates that Cisco DP will be globally enabled only if Cisco D...

Page 141: ...t Port designation For a detailed description of possible port string values refer to Port String Syntax Used in the CLI on page 7 1 State Whether Cisco DP is enabled disabled or auto enabled on the p...

Page 142: ...Parameters Defaults None Mode Switch command read write Example This example shows how to set Cisco DP hold time to 180 seconds C3 su set ciscodp hold time 180 set ciscodp port Use this command to se...

Page 143: ...r Layer 2 802 1p marking status Sets the CiscoDP port operational status disable Does not transmit or process CiscoDP PDUs enable Transmits and processes CiscoDP PDUs vvid Sets the port voice VLAN for...

Page 144: ...rt trusted no cos 1 ge 1 5 clear ciscodp Use this command to clear the Cisco discovery protocol back to the default values Syntax clear ciscodp status timer holdtime port status vvid trust cos port st...

Page 145: ...ne their characteristics such as manufacturer software and hardware versions and serial or asset numbers The information sent by an LLDP enabled device is extracted and tabulated by its peers The comm...

Page 146: ...x tlv 6 17 show lldp port location info 6 17 show lldp port local info 6 18 show lldp port remote info 6 21 show lldp port network policy 6 22 set lldp tx interval 6 23 set lldp hold multiplier 6 24 s...

Page 147: ...60 ge 2 1 24 ge 3 1 30 ge 4 1 12 Step Task Command s 1 Configure global system LLDP parameters set lldp tx interval set lldp hold multiplier set lldp trap interval set lldp med fast repeat clear lldp...

Page 148: ...1 30 ge 4 1 12 Rx Enabled Ports ge 1 1 60 ge 2 1 24 ge 3 1 30 ge 4 1 12 show lldp port trap Use this command to display the ports that are enabled to send an LLDP notification when a remote system cha...

Page 149: ...xample This example shows how to display transmit TLV information for three ports C3 ro show lldp port tx tlv ge 1 1 3 Means TLV is supported and enabled on this port o Means TLV is supported on this...

Page 150: ...nformation to detect misconfigurations or incompatibilities between the local port and the attached endpoint device remote port Syntax show lldp port local info port string Parameters Defaults If port...

Page 151: ...rimary PoE MDI Supported Enabled yes yes PoE Pair Controllable Used false spare PoE Power Class 2 PoE Power Limit mW 15400 PoE Power Priority high Table 6 4 describes the information displayed by the...

Page 152: ...l applications enabled on the port to be transmitted in a TLV displays the application name VLAN type tagged or untagged VLAN Id and both the Layer 2 and Layer 3 priorities associated with the applica...

Page 153: ...t remote info ge 3 1 Local Port ge 3 1 Remote Port Id 00 09 6e 0e 14 3d Mgmt Addr 0 0 0 0 Chassis ID 0 0 0 0 Device Type Communication Device Endpoint class III Sys Name AVE0E143D Sys Cap Supported En...

Page 154: ...ield What it Displays Remote Port Id Displays whatever port Id information received in the LLDPDU from the remote device In this case the port Id is MAC address of remote device Device Type Mandatory...

Page 155: ...conferencing enabled untagged 1 0 0 streaming video enabled untagged 1 0 0 video signaling enabled untagged 1 0 0 set lldp tx interval Use this command to set the time in seconds between successive LL...

Page 156: ...rs Defaults None Mode Switch command read write Example This example sets the transmit interval to 20 seconds and the hold multiplier to 5 which will configure a time to live of 100 to be used in the...

Page 157: ...TLVs at a fast start rate on that port Use this command to set the number of successive LLDPDUs with LLDP MED TLVs to be sent for one complete fast start interval Syntax set lldp med fast repeat coun...

Page 158: ...e or disable sending LLDP notifications traps when a remote system change is detected Syntax set lldp port trap enable disable port string Parameters Defaults None tx enable Enables transmitting LLDPD...

Page 159: ...g LLDP MED traps on ports ge 1 1 through ge 1 6 C3 rw set lldp port med trap enable ge 1 1 6 set lldp port location info Use this command to configure LLDP MED location information on a port or range...

Page 160: ...e link aggr max frame med cap med pol med loc med poe port string Parameters all Adds all optional TLVs to transmitted LLDPDUs port desc Port Description optional basic LLDP TLV Value sent is ifDescr...

Page 161: ...is currently aggregated and if aggregated the aggregated port identifier max frame Maximum Frame Size IEEE 802 3 Extensions TLV Value sent indicates maximum frame size of the port s MAC and PHY med c...

Page 162: ...video conferencing Configures the video conferencing application streaming video Configures the streaming video application video signaling Configures the video signaling application This application...

Page 163: ...configures the voice application TLV on port ge 2 1 and then configures the port to send the Network Policy TLV C3 rw set lldp port network policy voice state enable tag tagged vlan dot1p ge 2 1 C3 rw...

Page 164: ...enabled Syntax clear lldp port status port string Parameters Defaults None Mode Switch command read write Example This example returns port ge 1 1 to the default state of enabled for both transmitting...

Page 165: ...ne Mode Switch command read write Example This example returns port ge 1 1 to the default LLDP MED trap state of disabled C3 rw clear lldp port med trap ge 1 1 clear lldp port location info Use this c...

Page 166: ...plication guest voice signaling Applies command to the guest voice signaling application softphone voice Applies command to the softphone voice application video conferencing Applies command to the vi...

Page 167: ...sables the System Capabilities optional basic LLDP TLV from being transmitted in LLDPDUs mgmt addr Disables the Management Address optional basic LLDP TLV from being transmitted in LLDPDUs vlan id Dis...

Page 168: ...PDUs by port ge 1 1 C3 rw clear lldp port tx tlv mgmt addr med cap med pol med loc ge 1 1 med pol Disables the LLDP MED Network Policy TLV from being transmitted in LLDPDUs med loc Disables the LLDP M...

Page 169: ...Gbps Ethernet host for the host port vlan for vlan interfaces lag for IEEE802 3 link aggregation ports Where unit_or_slotnumber can be 1 8 for switch units in a stack For information about Refer to p...

Page 170: ...ifying all 1 Gigabit Ethernet ports in slot unit 3 in the system ge 3 This example shows the port string syntax for specifying all ports of any interface type in the system Reviewing Port Status Purpo...

Page 171: ...duplex mode and port type for one or more ports on the device Syntax show port status port string Parameters Defaults If port string is not specified status information for all ports will be displayed...

Page 172: ...9 Oper Status Operating status up or down Admin Status Whether the specified port is enabled up or disabled down For details on using the set port disable command to change the default port status of...

Page 173: ...Frames Transmitted 0 This example shows how to display all ge 3 1 port counter statistics related to traffic through the device C3 su show port counters ge 3 1 switch Port ge 3 1 Bridge Port 2 802 1Q...

Page 174: ...J45 ports Syntax show port cablestatus port string Parameters Defaults If no port is specified information about all ports will be displayed Mode Switch command read only Usage For 1 Gigabit Ethernet...

Page 175: ...fault all ports are enabled at device startup You may want to disable ports for security or to troubleshoot network issues Ports may also be assigned an alias for convenience Commands Table 7 3 show p...

Page 176: ...e ge 1 1 C3 su set port disable ge 1 1 set port enable Use this command to administratively enable one or more ports Syntax set port enable port string Parameters Defaults None Mode Switch command rea...

Page 177: ...alias name to a port Syntax set port alias port string name Parameters Defaults If name is not specified the alias assigned to the port will be cleared Mode Switch command read write port string Optio...

Page 178: ...ias 7 10 Port Configuration Examples This example shows how to assign the alias Admin to ge 3 3 C3 rw set port alias ge 3 3 Admin This example shows how to clear the alias for ge 3 3 C3 rw set port al...

Page 179: ...ault speed settings for all ports will display Mode Switch command read only Example This example shows how to display the default speed setting for 1 Gigabit Ethernet port 14 in slot 3 C3 su show por...

Page 180: ...half or full for one or more ports Syntax show port duplex port string Parameters Defaults If port string is not specified default duplex settings for all ports will be displayed Mode Switch command...

Page 181: ...s command will only take effect on ports that have auto negotiation disabled Syntax set port duplex port string full half Parameters Defaults None Mode Switch command read write Example This example s...

Page 182: ...port string Parameters Defaults If port string is not specified jumbo frame support status for all ports will display Mode Switch command read only Example This example shows how to display the status...

Page 183: ...Syntax clear port jumbo port string Parameters Defaults If port string is not specified jumbo frame support status will be reset on all ports Mode Switch command read write Example This example shows...

Page 184: ...choose to configure a port so that only a portion of its capabilities are advertised and the others are disabled Commands show port negotiation Use this command to display the status of auto negotiat...

Page 185: ...rnet port 3 in slot 14 C3 su set port negotiation ge 3 14 disable show port advertise Use this command to display port capability and advertisement as far as speed and duplex for auto negotiation Synt...

Page 186: ...FD yes yes yes pause yes yes no set port advertise Use this command to configure what a port will advertise for speed duplex capabilities in auto negotiation Syntax set port advertise port string 10t...

Page 187: ...command read write Example This example shows how to configure port 1 to not advertise 10 MB capability for auto negotiation C3 su clear port advertise ge 1 1 10t 10tfd port string Clear advertisement...

Page 188: ...Mode ge 1 27 MDIX ge 1 28 MDIX set port mdix Use this command to configure cable connection type configuration mode for one or more ports Syntax set port mdix auto forced auto mdi mdix port string Par...

Page 189: ...DI or cross over MDIX required by the cable connected to the port You can configure ports to only use MDI or MDIX connections with this command This command only configures Ethernet ports and cannot b...

Page 190: ...owcontrol Use this command to display the flow control state Syntax show flowcontrol Parameters None Defaults None Mode Switch command read only Example This example shows how to display the port flow...

Page 191: ...set flowcontrol SecureStack C3 Configuration Guide 7 23 Defaults None Mode Switch command read write Example This example shows how to enable flow control C3 su set flowcontrol enable...

Page 192: ...ndition can be detrimental to network stability because it can trigger Spanning Tree and routing table recalculation Commands show port trap Use this command to display whether the port is enabled for...

Page 193: ...Parameters Defaults Sending traps when link status changes is enabled by default Mode Switch command read write Example The following example disables sending trap on ge 3 1 C3 su set port trap ge 3 1...

Page 194: ...orts disabled by link flap detection due to a violation action Displays linkflap actions taken on violating port s operstatus Displays whether linkflap has deactivated port s threshold Displays the nu...

Page 195: ...ap metrics Port LinkStatus CurrentCount TotalCount TimeElapsed Violations ge 1 1 operational 0 0 241437 0 ge 1 2 disabled 4 15 147 5 ge 1 3 operational 3 3 241402 0 Table 7 5 provides an explanation o...

Page 196: ...trap detection function C3 rw set linkflap globalstate enable set linkflap portstate Use this command to enable or disable link flap monitoring on one or more ports Syntax set linkflap portstate disa...

Page 197: ...port ge 1 4 to 1000 seconds C3 rw set linkflap interval ge 1 4 1000 set linkflap action Use this command to set reactions to a link flap violation Syntax set linkflap action port string disableInterf...

Page 198: ...ons will be cleared on all ports Mode Switch mode read write Example This example shows how to clear the link flap violation action on port ge 1 4 to generating a Syslog entry C3 rw clear linkflap act...

Page 199: ...ch mode read write Example This example shows how to set the link flap downtime on port ge 1 4 to 5000 seconds C3 rw set linkflap downtime ge 1 4 5000 clear linkflap down Use this command to toggle li...

Page 200: ...ort string threshold interval downtime all Parameters Defaults If port string is not specified settings and or statistics will be cleared on all ports Mode Switch mode read write Example This example...

Page 201: ...t string is not specified broadcast status of all ports will be displayed Mode Switch command read only Example This example shows how to display the broadcast suppression thresholds for ports 1 throu...

Page 202: ...f packets which can be received per second as listed in the parameters section above The default broadcast suppression threshold for all ports is set to 14881 Example This example configures ports 1 t...

Page 203: ...This example clears the broadcast threshold limit to 14881 pps for ports 1 through 5 C3 su clear port broadcast ge 1 1 5 threshold port string Select the ports for which to clear broadcast suppression...

Page 204: ...ed parameters 1 Configuration of normal port mirroring source ports and one destination port on all switches as described above 2 Configuration of a mirror VLAN which is a unique VLAN on which mirrore...

Page 205: ...enable a port mirroring instance 1 Open a MIB browser such as Netsight MIB Tools 2 In the MIB directory tree navigate to the portCopyEntry folder and expand it 3 Select the portCopyStatus MIB 4 Enter...

Page 206: ...option 6 destroy and perform an SNMP Set operation 3 Optional Use the CLI to verify the port mirroring instance has been deleted as shown in the following example C3 su show port mirroring No Port Mir...

Page 207: ...scribed in Link Aggregation Control Protocol LACP on page 7 42 cannot be mirrored Notes When a port mirror is created the mirror destination port is removed from VLAN 1 s egress list after a reboot MA...

Page 208: ...ge 1 4 and target port ge 1 11 C3 su clear port mirroring ge 1 4 ge 1 11 set mirror vlan Assigns a VLAN to be reserved for mirroring traffic If a mirrored VLAN is created all mirrored traffic will eg...

Page 209: ...mirroring with the show port mirror command C3 su set mirror vlan 2 C3 su show port mirroring Port Mirroring Source Port ge 1 1 Target Port ge 1 10 Frames Mirrored Rx and Tx Port Mirroring status enab...

Page 210: ...hes the port to the aggregator used by the LAG and detaches the port from the aggregator when it is no longer used by the LAG Uses information from the partner device s link aggregation control entity...

Page 211: ...ociated physical ports LACPDU Link Aggregation Control Protocol Data Unit The protocol exchanges aggregation state mode information by way of a port s actor and partner operational states LACPDUs sent...

Page 212: ...if there are simply no available aggregators or if none of the aggregators have a matching admin key and system priority 802 1x authentication is enabled using the set eapol command page 16 18 and por...

Page 213: ...as one Link Aggregation Group LAG with a lag x x port designation Example This example shows how to display lacp information for lag 0 1 The following table describes the output fields C3 su show lac...

Page 214: ...g physical ports for example fe x x are associated with an aggregator port the resulting Link Aggregation Group LAG is represented with a lag x x port designation Actor Local device participating in L...

Page 215: ...s example shows how to set the LACP system priority to 1000 C3 su set lacp asyspri 1000 set lacp aadminkey Use this command to set the administratively assigned key for one or more aggregator ports Sy...

Page 216: ...port string Parameters Defaults None Mode Switch command read write Example This example shows how to clear the actor admin key for LAG port 6 C3 su clear lacp aadminkey lag 0 6 set lacp static Use t...

Page 217: ...or port 6 C3 su clear lacp static lag 0 6 ge 1 6 key Optional Specifies the new member port and LAG port aggregator admin key value Only ports with matching keys are allowed to aggregate Valid values...

Page 218: ...a LAG This setting has no effect on existing LAGs created with multiple member ports It also does not prevent previously formed LAGs from coming up after they have gone down as long as any previous L...

Page 219: ...means the state is true for the associated actor or partner ports E Expired F Defaulted D Distributing tx enabled C Collecting rx enabled S Synchronized actor and partner agree G Aggregation allowed S...

Page 220: ...llegalRx 0 UnknownRx 0 MarkerPDUsRx 0 MarkerPDUsTx 0 MarkerResponsePDUsRx 0 MarkerResponsePDUsTx 374 set port lacp Use this command to set link aggregation parameters for one or more ports These setti...

Page 221: ...or the same aggregator Valid values are 0 65535 with higher precedence given to lower values Note Only one LACP system priority can be set on a SecureStack C3 device using either this command or the s...

Page 222: ...e lacptimeout lacpagg lacpsync lacpcollect lacpdist lacpdef lacpexpire all padminsyspri padminsysid padminkey padminportpri padminport padminstate lacpactive lacptimeout lacpagg lacpsync lacpcollect l...

Page 223: ...be added to the configuration If you unset the first command it will remove the second command automatically from the configuration file Example This example shows how to clear all link aggregation pa...

Page 224: ...they are in the same VLAN Unprotected ports can forward traffic to both protected and unprotected ports A port may belong to only one group of protected ports This feature only applies to ports within...

Page 225: ...information about all protected ports C3 ro show port protected Group id Port 1 ge 1 1 1 ge 1 2 1 ge 1 3 clear port protected Use this command to remove a port or group from protected mode Syntax cle...

Page 226: ...e Mode Switch command read write Example This example shows how to assign the name group1 to protected port group 1 C3 rw set port protected name 1 group1 show port protected name Use this command to...

Page 227: ...e 1 group1 clear port protected name Use this command to clear the name of a protected group Syntax clear port protected name group id Parameters Defaults None Mode Switch command read write Example T...

Page 228: ...clear port protected name 7 60 Port Configuration...

Page 229: ...enhancements to data types counter size and protocol operations Version 3 SNMPv3 This is the most recent version of SNMP and includes significant enhancements to administration and security SNMPv3 is...

Page 230: ...P engine and SNMP applications An SNMP engine consists of the following four components Dispatcher This component sends and receives messages Message processing subsystem This component accepts outgoi...

Page 231: ...IBs via SNMPv3 C3 su set snmp access powergroup security model usm Configuration Considerations Commands for configuring SNMP on the SecureStack C3 device are independent during the SNMP setup process...

Page 232: ...gineid EngineId 80 00 15 f8 03 00 e0 63 9d b5 87 Engine Boots 12 Engine Time 162181 Max Msg Size 2048 Table 8 2 provides an explanation of the command output For information about Refer to page show s...

Page 233: ...Names 0 snmpInBadCommunityUses 0 snmpInASNParseErrs 0 snmpInTooBigs 0 snmpInNoSuchNames 0 snmpInBadValues 0 snmpInReadOnlys 0 snmpInGenErrs 0 snmpInTotalReqVars 403661 snmpInTotalSetVars 534 snmpInGet...

Page 234: ...as noSuchName snmpInBadValues Number of SNMP PDUs delivered to the SNMP protocol entity with the value of the error status field as badValue snmpInReadOnlys Number of valid SNMP PDUs delivered to the...

Page 235: ...request error messages that were dropped because the reply was larger than the proxy target s maximum message size usmStatsUnsupportedSec Levels Number of packets received by the SNMP engine that wer...

Page 236: ...access SNMP management Syntax show snmp user list user remote remote volatile nonvolatile read only Parameters Defaults If list is not specified detailed SNMP information will be displayed For informa...

Page 237: ...00 00 00 00 Username Guest Auth protocol usmNoAuthProtocol Privacy protocol usmNoPrivProtocol Storage type nonVolatile Row status active Table 8 4 provides an explanation of the command output set snm...

Page 238: ...SNMP user named admin with DES encryption and MD5 authentication required The encryption password is admintest1 and the authentication password is admintest2 By default this user will be registered on...

Page 239: ...e nonvolatile read only Parameters Defaults If groupname is not specified information about all SNMP groups will be displayed If user is not specified information about all SNMP users will be displaye...

Page 240: ...p group groupname user user security model v1 v2c usm volatile nonvolatile Parameters Defaults If storage type is not specified nonvolatile storage will be applied Table 8 5 show snmp group Output Det...

Page 241: ...will be cleared Mode Switch command read write Example This example shows how to clear all settings assigned to the public user within the SNMP group anyone C3 su clear snmp group anyone public show s...

Page 242: ...ot specified the default NULL context is applied If transport tag is not specified none will be applied If storage type is not specified nonvolatile will be applied Mode Switch command read write comm...

Page 243: ...lled vip C3 su set snmp community vip The example shows how to set the context for SNMP community vip to the default NULL context C3 su set snmp community vip context clear snmp community Use this com...

Page 244: ...ot specified all contexts will be displayed If volatile nonvolatile or read only are not specified all entries of all storage types will be displayed Mode Switch command read only For information abou...

Page 245: ...ame Security model Security model applied to this group Valid types are SNMPv1 SNMPv2c and SNMPv3 User based USM Security level Security level applied to this group Valid levels are noAuthNoPrivacy no...

Page 246: ...C3 su set snmp access powergroup security model usm groupname Specifies a name for an SNMPv3 group security model v1 v2c usm Specifies SNMP version 1 2c or 3 usm noauthentication authentication privac...

Page 247: ...the mis group via the authentication protocol C3 su clear snmp access mis group security model usm authentication Configuring SNMP MIB Views Purpose To review and configure SNMP MIB views SNMP views m...

Page 248: ...OID 1 Subtree mask View Type included Storage type nonVolatile Row status active View Name All Subtree OID 0 0 Subtree mask View Type included Storage type nonVolatile Row status active View Name Netw...

Page 249: ...of management information Example This example shows how to display a list of all SNMP contexts known to the device C3 su show snmp context Configured contexts default context all mibs set snmp view U...

Page 250: ...and to delete an SNMPv3 MIB view Syntax clear snmp view viewname subtree Parameters Defaults None Mode Switch command read write Example This example shows how to delete SNMP MIB view public C3 su cle...

Page 251: ...ad only Parameters Defaults If targetParams is not specified entries associated with all target parameters will be displayed If not specified entries of all storage types will be displayed Mode Switch...

Page 252: ...ils Output Field What It Displays Target Parameter Name Unique identifier for the parameter in the SNMP target parameters table Maximum length is 32 bytes Security Name Security string definition Mess...

Page 253: ...is command to clear the SNMP target parameter configuration Syntax clear snmp targetparams targetParams Parameters Defaults None Mode Switch command read write Example This example shows how to clear...

Page 254: ...entries for all target address names will be displayed If not specified entries of all storage types will be displayed for a target address Mode Switch command read only Example This example shows ho...

Page 255: ...address UDP Port Number of the UDP port of the target host to use Target Mask Target IP address mask Timeout Timeout setting for the target address Retry count Retry setting for the target address Par...

Page 256: ...rget parameters entry called v2cExampleParams For more information on configuring a basic SNMP trap refer to Creating a Basic SNMP Trap Configuration on page 8 37 C3 su set snmp targetaddr tr 192 168...

Page 257: ...ing notification message It will then apply the appropriate subtree specific filter when generating notification messages Purpose To configure SNMP notification parameters and optional filters Notific...

Page 258: ...abled globally and per port Example This example displays the New Address Trap state for Gigabit Ethernet ports 1 through 5 in unit slot 1 C3 ro show newaddrtrap ge 1 1 5 New Address Traps Globally di...

Page 259: ...fy configuration which determines the management targets that will receive SNMP notifications Syntax show snmp notify notify volatile nonvolatile read only Parameters Defaults If a notify name is not...

Page 260: ...snmp targetaddr on page 8 27 Syntax set snmp notify notify tag tag trap inform volatile nonvolatile Parameters Defaults If not specified message type will be set to trap Table 8 10 show snmp notify Ou...

Page 261: ...notify hello tag world trap clear snmp notify Use this command to clear an SNMP notify configuration Syntax clear snmp notify notify Parameters Defaults None Mode Switch command read write Example Thi...

Page 262: ...Row status active set snmp notifyfilter Use this command to create an SNMP notify filter configuration This identifies which management targets should NOT receive notification messages which is usefu...

Page 263: ...C3 su set snmp notifyfilter pilot1 subtree 1 3 6 clear snmp notifyfilter Use this command to delete an SNMP notify filter configuration Syntax clear snmp notifyfilter profile subtree oid or mibobject...

Page 264: ...tifyprofile area51 SNMP notifyProfile information Notify Profile area51 TargetParam v3ExampleParams Storage type nonVolatile Row status active set snmp notifyprofile Use this command to create an SNMP...

Page 265: ...ample This example shows how to delete SNMP notify profile area51 C3 su clear snmp notifyprofile area51 targetparam v3ExampleParams Creating a Basic SNMP Trap Configuration Traps are notification mess...

Page 266: ...MP community called mgmt Configure a trap notification called TrapSink This trap notification will be sent with the community name mgmt to the workstation 192 168 190 80 which is target address tr It...

Page 267: ...lso specifies that this door leads to the management station 192 168 190 80 and the procedure targetparams to cross the doorstep is called v2ExampleParams 4 Verifies that the v2ExampleParams descripti...

Page 268: ...nt An interface must have an IP address assigned to it before it can be set by this command If no interface is specified then the IP address of the Host interface will be used If a non loopback interf...

Page 269: ...router exit C3 rw set snmp interface vlan 100 C3 rw show snmp interface vlan 100 192 168 10 1 clear snmp interface Use this command to clear the interface used for the source IP address of the SNMP ag...

Page 270: ...clear snmp interface 8 42 SNMP Configuration...

Page 271: ...g Tree connected active topology and assigns port roles to individual ports on the switch depending on whether that port is part of the active topology RSTP provides rapid connectivity following the f...

Page 272: ...arrangement of switching or bridging elements Compensating automatically for the failure removal or addition of any device in an active data path Achieving port changes in short time intervals which e...

Page 273: ...functional mode Otherwise the port operates in limited functional mode Connection to a Loop Protect switch guarantees that the alternate agreement mechanism is implemented This means the designated po...

Page 274: ...12 set spantree msti 9 12 clear spantree msti 9 13 show spantree mstmap 9 13 set spantree mstmap 9 14 clear spantree mstmap 9 14 show spantree vlanlist 9 15 show spantree mstcfgid 9 15 set spantree ms...

Page 275: ...9 27 set spantree spanguardtimeout 9 27 clear spantree spanguardtimeout 9 28 show spantree spanguardlock 9 28 clear set spantree spanguardlock 9 29 show spantree spanguardtrapenable 9 29 set spanstree...

Page 276: ...ted Root MacAddr MAC address of the designated Spanning Tree root bridge Designated Root Port Port through which the root bridge can be reached Designated Root Priority Priority of the designated root...

Page 277: ...ssigned using the set spantree hello command For details refer to set spantree hello on page 9 18 Bridge Forward Delay Amount of time in seconds the bridge spends in listening or learning mode This is...

Page 278: ...and read write Usage In most networks Spanning Tree version should not be changed from its default setting of mstp Multiple Spanning Tree Protocol mode MSTP mode is fully compatible and interoperable...

Page 279: ...ite Example This example shows how to reset the Spanning Tree version C3 su clear spantree version show spantree bpdu forwarding Use this command to display the Spanning Tree BPDU forwarding mode Synt...

Page 280: ...d set spantree disable for this feature to take effect Example This example shows how to enable BPDU forwarding C3 rw set spantree bpdu forwarding enable show spantree bridgeprioritymode Use this comm...

Page 281: ...to use 802 1t bridge priority mode Example This example shows how to set the bridge priority mode to 802 1D C3 rw set spantree bridgeprioritymode 8021d clear spantree bridgeprioritymode Use this comma...

Page 282: ...command read only Example This example shows how to display a list of MST instances In this case SID 2 has been configured C3 su show spantree mstilist Configured Multiple Spanning Tree instances 2 s...

Page 283: ...su clear spantree msti show spantree mstmap Use this command to display the mapping of a filtering database ID FID to a Spanning Trees Since VLANs are mapped to FIDs this shows to which SID a VLAN is...

Page 284: ...command to map a FID back to SID 0 Syntax clear spantree mstmap fid Parameters Defaults If fid is not specified all SID to FID mappings will be reset Mode Switch command read write Note Since any MST...

Page 285: ...2 are mapped to VLAN 1 For this information to display the SID instance must be created using the set spantree msti command as described in set spantree msti on page 9 12 and the FIDs must be mapped t...

Page 286: ...uration Digest ac 36 17 7f 50 28 3c d4 b8 38 21 d8 ab 26 de 62 set spantree mstcfgid Use this command to set the MST configuration name and or revision level Syntax set spantree mstcfgid cfgname name...

Page 287: ...ty the device with the lowest MAC address will then become the root device Depending on the bridge priority mode set with the set spantree bridgeprioritymode command described in set spantree bridgepr...

Page 288: ...yntax set spantree hello interval Parameters Defaults None Mode Switch command read write Example This example shows how to globally set the Spanning Tree hello time to 10 seconds C3 su set spantree h...

Page 289: ...ithout receiving a configuration message bridge hello before attempting to reconfigure All device ports except for designated ports should receive configuration messages at regular intervals Any port...

Page 290: ...elay delay Parameters Defaults None Mode Switch command read write Usage The forward delay is the maximum time in seconds the root device will wait before changing states i e listening to learning to...

Page 291: ...clear spantree fwddelay show spantree backuproot Use this command to display the backup root status for an MST instance Syntax show spantree backuproot sid Parameters Defaults If a SID is not specifi...

Page 292: ...bridge is lost the backup root will dynamically lower its bridge priority so that it will be selected as the new root over the lost root bridge Example This example shows how to enable the backup root...

Page 293: ...apsuppress Parameters None Defaults None Mode Switch command read only Example This example shows how to display the status of topology change trap suppression C3 rw show spantree tctrapsuppress Topol...

Page 294: ...traps C3 rw set spantree tctrapsuppress disable clear spantree tctrapsuppress Use this command to clear the status of topology change trap suppression on Rapid Spanning Tree edge ports to the default...

Page 295: ...the status of the Spanning Tree SpanGuard function Syntax show spantree spanguard Parameters None Defaults None Mode Switch command read only Example This example shows how to display the SpanGuard fu...

Page 296: ...l remain disabled until the amount of time defined by set spantree spanguardtimeout set spantree spanguardtimeout on page 9 27 has passed since the last seen BPDU the port is manually unlocked set or...

Page 297: ...panguardtimeout Spanguard timeout 300 set spantree spanguardtimeout Use this command to set the amount of time in seconds an edge port will remain locked by the SpanGuard function Syntax set spantree...

Page 298: ...antree spanguardlock Use this command to display the SpanGuard lock status of one or more ports Syntax show spantree spanguardlock port string Parameters Defaults If no port string is specified the Sp...

Page 299: ...rs Defaults None Mode Switch command read write Example This example shows how to unlock port ge 1 16 C3 rw clear spantree spanguardlock ge 1 16 show spantree spanguardtrapenable Use this command to d...

Page 300: ...w to disable the SpanGuard trap function C3 su set spantree spanguardtrapenable disable clear spantree spanguardtrapenable Use this command to reset the Spanning Tree SpanGuard trap function back to t...

Page 301: ...et spantree legacypathcost Use this command to enable or disable legacy 802 1D path cost values Syntax set spantree legacypathcost disable enable Parameters Defaults None Mode Switch command read writ...

Page 302: ...lues C3 rw clear spantree legacypathcost show spantree autoedge Use this command to display the status of automatic edge port detection Syntax show spantree autoedge Parameters None Defaults None Mode...

Page 303: ...antree autoedge disable clear spantree autoedge Use this command to reset automatic edge port detection to the default state of enabled Syntax clear spantree autoedge Parameters None Defaults None Mod...

Page 304: ...r to page set spantree portadmin 9 34 clear spantree portadmin 9 35 show spantree portadmin 9 35 show spantree portpri 9 36 set spantree portpri 9 36 clear spantree portpri 9 37 show spantree adminpat...

Page 305: ...n ge 1 12 C3 rw clear spantree portadmin ge 1 12 show spantree portadmin Use this command to display the status of the Spanning Tree algorithm on one or more ports Syntax show spantree portadmin port...

Page 306: ...Spanning Tree ports If sid is not specified port priority will be displayed for Spanning Tree 0 Mode Switch command read only Example This example shows how to display the port priority for ge 2 7 C3...

Page 307: ...su clear spantree portpri ge 1 3 sid 1 port string Specifies the port s for which to set Spanning Tree port priority For a detailed description of possible port string values refer to Port String Synt...

Page 308: ...ne or more Spanning Trees Syntax set spantree adminpathcost port string cost sid sid Parameters Defaults If sid is not specified admin path cost will be set for Spanning Tree 0 Mode Switch command rea...

Page 309: ...minpathcost ge 3 2 sid 1 show spantree adminedge Use this command to display the edge port administrative status for a port Syntax show spantree adminedge port port string Parameters Defaults If port...

Page 310: ...e edge port administrative status begins with the value set to false initially after the device is powered up If a Spanning Tree BDPU is not received on the port within a few seconds the status settin...

Page 311: ...tring Parameters Defaults If port string is not specified edge port operating status will be displayed for all Spanning Tree ports Mode Switch command read only Example This example shows how to displ...

Page 312: ...o page set spantree lp 9 43 show spantree lp 9 43 clear spantree lp 9 44 show spantree lplock 9 44 clear spantree lplock 9 45 set spantree lpcapablepartner 9 46 show spantree lpcapablepartner 9 46 cle...

Page 313: ...how to enable Loop Protect on ge 2 3 C3 su set spantree lp ge 1 11 enable show spantree lp Use this command to display the Loop Protect status per port and or per SID Syntax show spantree lp port port...

Page 314: ...This example shows how to return the Loop Protect state on ge 2 3 to disabled C3 rw clear spantree lp port ge 2 3 show spantree lplock Use this command to display the Loop Protect lock status per por...

Page 315: ...assumed Mode Switch command read only Example This example shows how to clear Loop Protect lock from ge 1 1 C3 rw show spantree lplock port ge 1 1 The LoopProtect lock status for port ge 1 1 SID 0 is...

Page 316: ...Therefore a conservative approach is taken in that designated ports will not be allowed to forward unless receiving agreements from a port with root role This type of timeout will not be considered a...

Page 317: ...tners to the default state of false Syntax clear spantree lpcapablepartner port string Parameters Defaults None Mode Switch command read write Example This example shows how to reset the Loop Protect...

Page 318: ...threshold is 0 the ports are never locked Example This example shows how to set the Loop Protect threshold value to 4 C3 rw set spantree lpthreshold 4 show spantree lpthreshold Use this command to dis...

Page 319: ...conds that defines a period during which Loop Protect events are counted The default value is 180 seconds If the timer is set to 0 the event counter is not reset until the Loop Protect event threshold...

Page 320: ...e Loop Protect event window to the default value of 180 seconds Syntax clear spantree lpwindow Parameters None Defaults None Mode Switch command read write Example This example shows how to reset the...

Page 321: ...ee lptrapenable enable show spantree lptrapenable Use this command to display the current status of Loop Protect event notification Syntax show spantree lptrapenable Parameters None Defaults None Mode...

Page 322: ...puted BPDU is received the port is forced to the listening state Refer to the 802 1Q 2005 standard IEEE Standard for Local and Metropolitan Area Networks Virtual Bridged Local Area Networks for a full...

Page 323: ...witch command read only Example This example shows how to display the current disputed BPDU threshold C3 rw show spantree disputedbpduthreshold The disputed BPDU threshold value is 0 clear spantree di...

Page 324: ...de Switch command read only Usage Exceptional conditions causing a port to be placed in listening or blocking state include a Loop Protect event receipt of disputed BPDUs and loopback detection Exampl...

Page 325: ...ports This keeps the traffic associated with a particular VLAN and protocol isolated from the other parts of the network Port String Syntax Used in the CLI For information on how to designate VLANs a...

Page 326: ...ure that each device has a secure management VLAN Step Task Refer to page 1 Create a new VLAN 10 5 2 Set the PVID for the desired switch port to the VLAN created in Step 1 10 9 3 Add the desired switc...

Page 327: ...ransmit frames belonging to VLAN 1 are listed as egress ports Ports that won t include a VLAN tag in their transmitted frames are listed as untagged ports There are no forbidden ports prevented from t...

Page 328: ...tput Table 10 2 show vlan Output Details Output Field What It Displays VLAN VLAN ID NAME Name assigned to the VLAN Status Whether it is enabled or disabled VLAN Type Whether it is permanent static or...

Page 329: ...sing the set vlan name command described in set vlan name on page 10 6 Each VLAN ID must be unique If a duplicate VLAN ID is entered the device assumes that the Administrator intends to modify the exi...

Page 330: ...et vlan name 7 green clear vlan Use this command to remove a static VLAN from the list of VLANs recognized by the device Syntax clear vlan vlan list Parameters Defaults None Mode Switch command read w...

Page 331: ...ove the name of a VLAN from the VLAN list Syntax clear vlan name vlan list Parameters Defaults None Mode Switch command read write Example This example shows how to clear the name for VLAN 9 C3 su cle...

Page 332: ...ing is not specified port VLAN information for all ports will be displayed Mode Switch command read only Example This example shows how to display PVIDs assigned to ge 2 1 through 6 In this case untag...

Page 333: ...ommand to reset a port s 802 1Q port VLAN ID PVID to the host VLAN ID 1 Syntax clear port vlan port string port string Specifies the port s for which to configure a VLAN identifier For a detailed desc...

Page 334: ...t string is not specified ingress filtering status for all ports will be displayed Mode Switch command read only Example This example shows how to display the port ingress filter status for ports 10 t...

Page 335: ...3 C3 su set port ingress filter ge 1 3 enable show port discard Use this command to display the frame discard mode for one or more ports Ports can be set to discard frames based on whether or not the...

Page 336: ...r essentially allow all traffic or both essentially discarding all traffic A common practice is to discard all tagged packet on user ports Typically an Administrator does not want the end users defini...

Page 337: ...rticipating in the specified VLAN and ensures that any dynamic requests either through GVRP or dynamic egress for the port to join the VLAN will be ignored Setting a port to untagged allows it to tran...

Page 338: ...tatic ge 1 2 10 untagged static ge 1 3 1 tagged static ge 1 3 10 untagged static set vlan forbidden Use this command to prevent one or more ports from participating in a VLAN This setting instructs th...

Page 339: ...e shows how to allow port 2 in slot 1 to transmit VLAN 7 frames as untagged C3 su set vlan egress 7 ge 1 2 untagged clear vlan egress Use this command to remove ports from a VLAN s egress list vlan li...

Page 340: ...sabled for one or more VLANs Syntax show vlan dynamicegress vlan list Parameters Defaults If vlan list is not specified the dynamic egress status for all VLANs will be displayed Mode Switch command re...

Page 341: ...s list Dynamic egress is disabled on the SecureStack C3 by default For example assume you have 20 AppleTalk users on your network who are mobile users that is use different ports every day but you wan...

Page 342: ...how host vlan Parameters None Defaults None Mode Switch command read only Example This example shows how to display the host VLAN C3 su show host vlan Host vlan is 7 set host vlan Use this command to...

Page 343: ...ng management via ports assigned to other VLANs Example This example shows how to set VLAN 7 as the host VLAN C3 su set host vlan 7 clear host vlan Use this command to reset the host VLAN to the defau...

Page 344: ...end station A would be propagated across a switch network How It Works In Figure 10 1 on page 10 21 Switch 4 port 1 is registered as being a member of VLAN Blue and then declares this fact out all its...

Page 345: ...t global GVRP state setting individual port settings enable or disable and timer settings By default GVRP is enabled globally on the device but disabled on all ports Commands End Station A Switch 4 Sw...

Page 346: ...tus ge 2 1 disabled show garp timer Use this command to display GARP timer values for one or more ports Syntax show garp timer port string Parameters Defaults If port string is not specified GARP time...

Page 347: ...Use this command to enable or disable GVRP globally on the device or on one or more ports Syntax set gvrp enable disable port string Parameters Defaults If port string is not specified GVRP will be di...

Page 348: ...atus will be cleared for all ports Mode Switch command read write Example This example shows how to clear GVRP status globally on the device C3 su clear gvrp set garp timer Use this command to adjust...

Page 349: ...ports C3 su set garp timer leaveall 20000 clear garp timer Use this command to reset GARP timers back to default values Syntax clear garp timer join leave leaveall port string Parameters Defaults At...

Page 350: ...clear garp timer 10 26 802 1Q VLAN Configuration Example The example shows how to reset the GARP leave timer to 60 centiseconds C3 su clear garp timer leave ge 1 1...

Page 351: ...d for a particular VLAN or Class of Service CoS Assign or unassign ports to policy profiles so that only ports activated for a profile will be allowed to transmit frames accordingly For information ab...

Page 352: ...how to display policy information for profile 11 C3 su show policy profile 11 Profile Index 11 Profile Name MacAuth1 Row Status active Port VID Status Enable Port VID Override 11 CoS 0 Note B3 C3 and...

Page 353: ...PVID override is enabled or disabled for this profile If all classification rules associated with this profile are missed then this parameter if specified determines default behavior Port VID Overrid...

Page 354: ...d cos cos Optional Specifies a CoS value to assign to packets if CoS override is enabled and invoked as default behavior Valid values are 0 to 7 egress vlans egress vlans Optional Specifies that the p...

Page 355: ...S 5 This profile can use VLAN 10 for untagged egress C3 su set policy profile 1 name netadmin pvid status enable pvid 10 cos status enable cos 5 untagged vlans 10 clear policy profile Use this command...

Page 356: ...d Parameters Note B3 C3 and G3 devices support profile based CoS traffic rate limiting only Policy rules specifying CoS will only rate limit on D2 C2 and B2 devices including when C2 and B2 devices ar...

Page 357: ...s for each classification type mask mask Optional Displays rules for a specific data mask Refer to Table 11 3 for valid values for each classification type and data value port string port string Optio...

Page 358: ...rule Output Details Output Field What It Displays PID Profile index number Assigned to this classification rule with the set policy profile command set policy profile on page 11 4 Rule Type Type of c...

Page 359: ...your system has the capability to perform that action for traffic classified by that attribute Example This example shows how to display the device s policy classification capabilities Refer to set p...

Page 360: ...ng a traffic classification rule Note Refer to Appendix A Policy and Authentication Capacities for information about limits on certain rule types for this platform Note Classification rules are automa...

Page 361: ...es that the rule should apply to traffic with the specified MAC source address tcpdestport Specifies that the rule should apply to traffic with the specified TCP destination port tcpsourceport Specifi...

Page 362: ...e mask bits that can be entered for each classifier associated with that parameter Examples This example shows how to use Table 11 3 to assign a rule to policy profile 3 that will filter Ethernet II T...

Page 363: ...d on VLAN tag specified by data Value of data can range from 1 to 4094 or 0xFFF mask mask Optional Specifies the number of significant bits to match dependent on the data value entered Value of mask c...

Page 364: ...file 1 from all ports C3 su clear policy rule 1 ether 1526 This example shows how to remove a rule from policy profile 5 that will forward UDP frames from source port 45 C3 su clear policy rule 5 udpp...

Page 365: ...su set policy port ge 1 5 15 1 Note Refer to Appendix A Policy and Authentication Capacities for information about policy limits for this platform For information about Refer to page set policy port...

Page 366: ...rt 21 in slot 1 C3 rw clear policy port ge 1 21 10 port string Specifies the port s from which to remove the policy profile For a detailed description of possible port string values refer to Port Stri...

Page 367: ...er to About CoS Based Flood Control on page 11 19 for more information About Policy Based CoS Configurations Once enabled using the set cos state command you can add to the policy based CoS function b...

Page 368: ...rate 10000 C3 su show cos port resource irl 1 0 1 Group Index Resource Type Unit Rate Rate Limit Type Action 1 0 1 irl kbps 512 drop none C3 su show cos port resource irl 2 0 1 Group Index Resource T...

Page 369: ...ng a one second interval the incoming traffic of a configured type reaches the traffic flood control rate configured on the port CoS based flood control drops the traffic until the interval ends Packe...

Page 370: ...2 clear cos settings 11 23 show cos settings 11 23 set cos port config 11 24 show cos port config 11 25 clear cos port config 11 26 set cos port resource irl 11 27 set cos port resource flood ctrl 11...

Page 371: ...ts None Mode Switch command read only Example This example shows how to show the Class of Service enable state C3 rw show cos state Class of Service application is enabled clear cos state Use this com...

Page 372: ...or the class of service CoS indexes 0 through 7 map directly to 802 1p priorities and cannot be changed as they exist for backward compatibility ToS This value can be set per class of service but is n...

Page 373: ...ity for CoS entry 8 C3 rw clear cos settings 8 priority show cos settings Use this command to display Class of Service parameters Syntax show cos settings cos list Parameters Defaults If not specified...

Page 374: ...s by default This default port group cannot be removed and all physical ports in the system are assigned to it Up to seven additional port groups 1 irl Specifies that this is an inbound rate limiting...

Page 375: ...associated assigned ports The command show cos port type displays the available inbound rate limiting resources for the port type Example This example configures two port groups one for user ports and...

Page 376: ...rts Syntax clear cos port config irl flood ctrl all group type index entry name ports Parameters Defaults None irl Clear an IRL port group configuration flood ctrl Clear a flood control port group con...

Page 377: ...entries are in the form of group port type Valid values for group can range from 0 to 7 Valid values for port type can range from 0 to 1 although only port type 0 is currently supported For example p...

Page 378: ...port group 2 0 to 10000 Kbps or 1 MB C3 su set cos port resource irl 2 0 1 unit kbps rate 10000 type drop set cos port resource flood ctrl Use this command to create a CoS based flood control port res...

Page 379: ...guration for all resources 0 99 for all configured port groups will be shown If a port group is not specified with the flood ctrl parameter flood control resources for all configured port groups will...

Page 380: ...eters Defaults None Mode Switch command read write Example This example clears the data rate to 0 for IRL resource index 1 for group 2 0 C3 su clear cos port resource irl 2 0 1 rate all Clear all IRL...

Page 381: ...s reference irl group type index reference rate limit irl index all Clear all flood control resources for all port groups group type index Specifies a port group type index Valid entries are in the fo...

Page 382: ...populated with limiters resources but can be configured by the user The IRL reference table can be displayed using the show cos reference command Example In the CoS IRL reference mapping table for por...

Page 383: ...rl none 1 0 97 irl none 1 0 98 irl none 1 0 99 irl none clear cos reference Use this command to clear the Class of Service inbound rate limiting reference configuration Syntax clear cos reference irl...

Page 384: ...miting C3 su show cos unit irl Type Unit irl inbound rate limiting Kbps Kilobits per second group type index Specifies an inbound rate limiting port group type index Valid entries are in the form of g...

Page 385: ...Class of Service entries except entries 0 7 Syntax clear cos all entries Parameters None Defaults None Mode Switch command read write Example This example shows how to clear the CoS configuration for...

Page 386: ...flood ctrl which indicates that this port type provides a maximum of 3 flood control resources per port group Examples This example shows inbound rate limiting information for port type 0 C3 su show c...

Page 387: ...802 1D 802 1p standard specification and allows you to define eight priorities 0 through 7 and assign them to transmit queues for each port A priority 0 through 7 can be set on each port with 0 being...

Page 388: ...his command to display the 802 1D priority for one or more ports Syntax show port priority port string Parameters Defaults If port string is not specified priority for all ports will be displayed Mode...

Page 389: ...on how untagged traffic will be prioritized as it passes internally through the device Example This example shows how to set a default priority of 6 on ge 1 3 Frames received by this port without pri...

Page 390: ...d to transmit queues using the set port txq command described in set port txq on page 12 8 Clear current port priority queue settings for one or more ports Commands show port priority queue Use this c...

Page 391: ...None Mode Switch command read write Usage This command enables you to change the transmit queue 0 to 5 with 0 being the lowest priority queue for each port priority of the selected port You can apply...

Page 392: ...queue settings back to defaults for one or more ports Syntax clear port priority queue port string Parameters Defaults None Mode Switch command read write Example This example shows how to clear the...

Page 393: ...on the switch Priority mode and weight cannot be configured on LAGs only on the physical ports that make up the LAG Commands show port txq Use this command to display QoS transmit queue information fo...

Page 394: ...o 100 percent Weights specified for queues 0 through 7 on any port must total 100 percent Examples This example shows how to change the arbitration values for the eight transmit queues belonging to ge...

Page 395: ...xample This example shows how to clear transmit queue values on ge 1 1 C3 su clear port txq ge 1 1 port string Clears transmit queue values on specific port s back to their default values For a detail...

Page 396: ...clear port txq 12 10 Port Priority Configuration...

Page 397: ...t packet delivery service since it is only concerned with forwarding multicast traffic from the local device to group members on a directly attached subnetwork or LAN segment This device supports IP m...

Page 398: ...eceive a specific multicast service The device looks up the IP Multicast Group used for this service and adds it to the egress list of the Level 3 interface It then propagates the service request on t...

Page 399: ...on enabling IGMP on one or more ports refer to set igmpsnooping interfacemode on page 13 4 Example This example shows how to display IGMP snooping information C3 su show igmpsnooping Admin Mode Enabl...

Page 400: ...le Parameters Defaults None Mode Switch command read write Usage In order for IGMP snooping to be enabled on one or all ports it must be globally enabled on the device using the set igmpsnooping admin...

Page 401: ...system Syntax set igmpsnooping maxresponse time Parameters Defaults None Mode Switch command read write Usage This value must be less than the IGMP maximum response time described in set igmpsnooping...

Page 402: ...e IGMP multicast router expiration time to infinity C3 su set igmpsnooping mcrtrexpiretime 0 set igmpsnooping add static This command creates a new static IGMP entry or adds one or more new ports to a...

Page 403: ...new ports from an existing entry Syntax set igmpsnooping remove static group vlan list modify port string Parameters Defaults If no ports are specified all ports are removed from the entry Mode Switc...

Page 404: ...splayed Mode Switch command read only Examples This example shows how to display multicast forwarding database entries C3 su show igmpsnooping mfdb MAC Address Type Description Interfaces 00 14 01 00...

Page 405: ...ear all IGMP snooping entries Syntax clear igmpsnooping Parameters None Defaults None Mode Switch command read write Example This example shows how to clear all IGMP snooping entries C3 su clear igmps...

Page 406: ...ig Router The commands covered in this section can be executed only when the device is in router mode For details on how to enable router configuration modes refer to Enabling Router Configuration Mod...

Page 407: ...ip igmp enable no ip igmp enable Parameters None Defaults None Usage Enabling IGMP on a routing interface requires both the ip igmp command page 13 10 which enables it on the router and the ip igmp en...

Page 408: ...VLANs configured for IGMP routing Mode Any router mode Example This example shows how to display IGMP routing information for VLAN 1 C3 su router show ip igmp interface vlan 1 Vlan 1 is Admin UP Vlan...

Page 409: ...imer 228 1 1 1 12 12 12 2 27 ip igmp query interval Use this command to set the IGMP query interval on a routing interface The no form of this command resets the IGMP query interval to the default val...

Page 410: ...cond on VLAN 1 C3 su router Config interface vlan 1 C3 su router Config if Vlan 1 ip igmp query max response time 200 ip igmp startup query interval Use this command to set the interval between genera...

Page 411: ...e Mode Interface configuration C3 su router Config if Vlan 1 Example This example shows how to set the IGMP startup query count to 10 onVLAN 1 C3 su router Config interface vlan 1 C3 su router Config...

Page 412: ...ount no ip igmp last member query count Parameters Defaults None Mode Interface configuration C3 su router Config if Vlan 1 Example This example shows how to set the IGMP last member query count to 10...

Page 413: ...times IGMP messages will be sent A higher number will mean that end stations will be more likely to see the packet After the robustness value is reached IGMP will assume there is no response to queri...

Page 414: ...ip igmp robustness 13 18 IGMP Configuration...

Page 415: ...rk management tasks including reviewing router ARP tables and IP traffic refer to Chapter 19 For information about Refer to page Configuring System Logging 14 1 Monitoring Network Events and Status 14...

Page 416: ...erity Description Port Status 1 132 140 82 111 local4 warning 5 default 514 enabled 2 132 140 90 84 local4 warning 5 default 514 enabled Table 14 1 provides an explanation of the command output clear...

Page 417: ...o the server Status Whether or not this Syslog configuration is currently enabled or disabled index Specifies the server table index number for this server Valid values are 1 8 ip addr ip addr Optiona...

Page 418: ...able a Syslog server configuration for index 1 IP address 134 141 89 113 facility local4 severity level 3 on port 514 C3 su set logging server 1 ip addr 134 141 89 113 facility local4 severity 3 port...

Page 419: ...x set logging default facility facility severity severity port port Parameters Defaults None Mode Switch command read write facility facility Specifies the default facility name Valid values are local...

Page 420: ...st be entered to reset all logging values to defaults Mode Switch command read write Example This example shows how to reset the Syslog default severity level to 6 C3 su clear logging default severity...

Page 421: ...isplays severity level for one application configured for logging Mnemonics will vary depending on the number and types of applications running on your system Sample mnemonics and their corresponding...

Page 422: ...s they appear in Table 14 3 all Sets the logging severity level for all applications level level Optional Specifies the severity level at which the server will log messages for applications Valid valu...

Page 423: ...logging application mnemonic all Parameters Defaults None Mode Switch command read write Example This example shows how to reset the logging severity level to 6 for SNMP C3 rw clear logging applicati...

Page 424: ...set logging local console enable disable file enable disable Parameters Defaults None Mode Switch command read write Example This command shows how to enable logging to the console and disable loggin...

Page 425: ...Defaults None Mode Switch command read only Example This example shows a portion of the information displayed with the show logging buffer command C3 su show logging buffer 165 Sep 4 07 43 09 10 42 7...

Page 426: ...d then the IP address of the Host interface will be used If a non loopback interface is configured with this command application packet egress is restricted to that interface if the server can be reac...

Page 427: ...s command to clear the interface used for the source IP address of the system logging back to the default of the Host interface Syntax clear logging interface Parameters None Defaults None Mode Switch...

Page 428: ...er includes all the switch commands entered up to a maximum of 100 as specified in the set history command set history on page 14 15 Syntax history Parameters None Defaults None Mode Switch command re...

Page 429: ...history buffer C3 su show history History buffer size 20 set history Use this command to set the size of the history buffer Syntax set history size default Parameters Defaults None Mode Switch command...

Page 430: ...ple the host at IP address is not responding C3 su ping 134 141 89 255 no answer from 134 141 89 255 show users Use this command to display information about the active console port or Telnet session...

Page 431: ...xamples This example shows how to close a Telnet session to host 134 141 192 119 C3 su disconnect 134 141 192 119 This example shows how to close the current console session C3 su disconnect console s...

Page 432: ...1 99 104 47718 ESTABLISHED UDP 0 0 0 0 17185 0 0 0 0 UDP 127 0 0 1 49152 127 0 0 1 17185 UDP 0 0 0 0 161 0 0 0 0 UDP 0 0 0 0 0 0 0 0 UDP 0 0 0 0 514 0 0 0 0 The following table describes the output of...

Page 433: ...y the switch s ARP table Syntax show arp Parameters None Defaults None Mode Switch command read only For information about Refer to page show arp 14 19 set arp 14 20 clear arp 14 21 traceroute 14 21 s...

Page 434: ...eters Defaults None Mode Switch command read write Example This example shows how to map IP address 192 168 219 232 to MAC address 00 00 0c 40 0f bc C3 su set arp 192 168 219 232 00 00 0c 40 0f bc Tab...

Page 435: ...route destination Syntax traceroute w waittime f first ttl m max ttl p port q nqueries r d n v host Parameters ip address all Specifies the IP address in the ARP table to be cleared or clears all ARP...

Page 436: ...aceroute to 192 167 252 17 192 167 252 17 30 hops max 40 byte packets 1 matrix enterasys com 192 167 201 40 20 000 ms 20 000 ms 20 000 ms 2 14 1 0 45 14 1 0 45 40 000 ms 10 000 ms 20 000 ms 3 192 167...

Page 437: ...command output show mac agetime Use this command to display the timeout period for aging learned MAC entries Syntax show mac agetime Parameters None Table 14 6 show mac Output Details Output Field Wh...

Page 438: ...ntax set mac agetime time Parameters Defaults None Mode Switch command read only Example This example shows how to set the MAC timeout period C3 su set mac agetime 250 clear mac agetime Use this comma...

Page 439: ...command read write Usage Each algorithm is optimized for a different spread of MAC addresses When changing this mode the switch will display a warning message and prompt you to restart the device The...

Page 440: ...bits Syntax clear mac algorithm Parameters None Defaults None Mode Switch command read write Example This example resets the MAC hashing algorithm to the default value C3 su clear mac algorithm set ma...

Page 441: ...d read write Example This example clears multicast MAC address 01 01 22 33 44 55 from VLAN 24 C3 su clear mac multicast 01 01 22 33 44 55 24 mac address Specifies the multicast MAC address The MAC add...

Page 442: ...ed flood is disabled set mac unreserved flood Use this command to enable or disable multicast flood protection When enabled this prevents policy profiles requiring a full 10 masks from being loaded Sy...

Page 443: ...nd to display SNTP client settings Syntax show sntp Note A management IP host routing interface or loopback address must be configured for SNTP to work For information about Refer to page show sntp 14...

Page 444: ...P version number Current Time Current time on the system clock Timezone Time zone name and amount it is offset from UTC Universal Time Set using the set timezone command set timezone on page 14 36 Cli...

Page 445: ...d time of most recent SNTP request Last SNTP Status Whether or not broadcast reception or unicast transmission and reception was successful SNTP Server IP address es of SNTP server s Precedence Preced...

Page 446: ...cedence is not specified 1 will be applied Mode Switch command read write Example This example shows how to set the server at IP address 10 21 1 100 as an SNTP server C3 su set sntp server 10 21 1 100...

Page 447: ...poll interval between SNTP unicast requests Syntax set sntp poll interval value Parameters Defaults None Mode Switch command read write Example This example shows how to set the SNTP poll interval to...

Page 448: ...cast SNTP server Syntax set sntp poll retry retry Parameters Defaults None Mode Switch command read write Example This example shows how to set the number of SNTP poll retries to 5 C3 su set sntp poll...

Page 449: ...meout timeout Parameters Defaults None Mode Switch command read write Example This example shows how to set the SNTP poll timeout to 10 seconds C3 su set sntp poll timeout 10 clear sntp poll timeout U...

Page 450: ...p www timeanddate com library abbreviations timezones Example The following example sets the timezone name to EST and the offset to North American Eastern Standard Time offset of 5 hours from UTC then...

Page 451: ...the IP address assigned to loopback interface 1 will be used as the source IP address of the SNTP client C3 rw show sntp interface loopback 1 192 168 10 1 set sntp interface Use this command to speci...

Page 452: ...are received on the configured interface If a loopback interface is configured and there are multiple paths to the application server the outgoing interface gateway is determined based on the best ro...

Page 453: ...figuration Guide 14 39 Example This command returns the interface used for the source IP address of the SNTP client back to the default of the Host interface C3 rw show sntp interface vlan 100 192 168...

Page 454: ...alias MIB table It s important to make sure that inter switch links are not learning node alias information as it would slow down searches by the NetSight Compass and ASM tools and give inaccurate res...

Page 455: ...th an alias agent which is the default setting on SecureStack C3 devices Node aliases cannot be statically created but can be deleted using the command clear nodealias config page 14 42 Table 14 8 sho...

Page 456: ...o disable the node alias agent on ge 1 3 C3 su set nodealias disable ge 1 3 clear nodealias config Use this command to reset node alias state to enabled and clear the maximum entries value Syntax clea...

Page 457: ...ed on SecureStack C3 devices each group s function and the elements it monitors and the associated configuration commands needed For information about Refer to page RMON Monitoring Group Functions 15...

Page 458: ...arm on page 15 12 Event Controls the generation and notification of events from the device Event type description last time event was sent show rmon event on page 15 13 set rmon event properties on pa...

Page 459: ...h indicates the application will capture as many packets as possible given its restrictions CaptureSliceSize can only be set to 1518 The Full Action element can only be set to lock since the device do...

Page 460: ...dex 1 Drop Events 0 Packets 0 Collisions 0 Octets 0 Jabbers 0 0 64 Octets 0 Broadcast Pkts 0 65 127 Octets 0 Multicast Pkts 0 128 255 Octets 0 CRC Errors 0 256 511 Octets 0 Undersize Pkts 0 512 1023 O...

Page 461: ...this command to delete one or more RMON statistics entries Syntax clear rmon stats index list to defaults Parameters Defaults None Mode Switch command read write Example This example shows how to del...

Page 462: ...how to display RMON history entries for Gigabit Ethernet port 1 in switch 1 A control entry displays first followed by actual entries corresponding to the control entry In this case the default setti...

Page 463: ...30 seconds If owner is not specified monitor will be applied Mode Switch command read write Example This example shows how configure RMON history entry 1 on port ge 2 1 to sample every 20 seconds C3 r...

Page 464: ...This example shows how to delete RMON history entry 1 C3 rw clear rmon history 1 index list Specifies one or more history entries to be deleted causing them to disappear from any future RMON queries t...

Page 465: ...f index is not specified information about all RMON alarm entries will be displayed Mode Switch command read only Example This example shows how to display RMON alarm entry 3 C3 rw show rmon alarm 3 I...

Page 466: ...rst enabled is rising falling or either Interval Interval in seconds at which RMON will conduct sample monitoring Rising Threshold Minimum threshold for causing a rising alarm Falling Threshold Maximu...

Page 467: ...ising falling either Optional Specifies the type of alarm generated when this event is first enabled as Rising Sends alarm when an RMON event reaches a maximum threshold condition is reached for examp...

Page 468: ...ed index with the set rmon alarm properties command Example This example shows how to enable RMON alarm entry 3 C3 rw set rmon alarm status 3 enable clear rmon alarm Use this command to delete an RMON...

Page 469: ...displayed Mode Switch command read only Example This example shows how to display RMON event entry 3 C3 rw show rmon event 3 Index 3 Owner Manager Status valid Description STP Topology change Type log...

Page 470: ...d or disabled Description Text string description of this event Type Whether the event notification will be a log entry and SNMP trap both or none Community SNMP community name if message type is set...

Page 471: ...us index enable Parameters Defaults None Mode Switch command read write Usage An RMON event entry can be created using this command configured using the set rmon event properties command set rmon even...

Page 472: ...clear rmon event 15 16 RMON Configuration Defaults None Mode Switch command read write Example This example shows how to clear RMON event 1 C3 rw clear rmon event 1...

Page 473: ...to three filters Configured channel filter and buffer control information will be saved across resets but captured frames within the buffer will not be saved This function cannot be used concurrently...

Page 474: ...ecified control will be set to off If a description is not specified none will be applied If owner is not specified it will be set to monitor Mode Switch command read write index Specifies an index nu...

Page 475: ...clear RMON channel entry 2 C3 rw clear rmon channel 2 show rmon filter Use this command to display one or more RMON filter entries Syntax show rmon filter index index channel channel Parameters Defau...

Page 476: ...ically be created if an unused index number is chosen Maximum number of entries is 10 Maximum value is 65535 channel index Specifies the channel to which this filter will be applied offset offset Opti...

Page 477: ...30 data 0a154305 dmask ffffffff clear rmon filter Use this command to clear an RMON filter entry Syntax clear rmon filter index index channel channel Parameters Defaults None Mode Switch command read...

Page 478: ...aptured packets will be displayed Mode Switch command read only Example This example shows how to display RMON capture entries and associated buffer entries C3 rw show rmon capture Buf control 28062 C...

Page 479: ...will request as many octets as possible If slice is not specified 1518 will be applied If loadsize is not specified 100 will be applied If owner is not specified it will be set to monitor index Specif...

Page 480: ...isten on channel 628 C3 rw set rmon capture 1 628 clear rmon capture Use this command to clears an RMON capture entry Syntax clear rmon capture index Parameters Defaults None Mode Switch command read...

Page 481: ...t be a VLAN which is configured with an IP address Refer to the ip helper address command ip helper address on page 19 18 for more information DHCP Server DHCP server functionality allows the SecureSt...

Page 482: ...ed with the system s host IP address This procedure would typically be used when the C3 system is NOT configured for routing 1 Configure the system stack host port IP address with the set ip address c...

Page 483: ...ol for dynamic address assignment with the set dhcp exclude command Up to 128 non overlapping address ranges can be excluded on the SecureStack C3 For example set dhcp exclude 192 0 0 1 192 0 0 10 Con...

Page 484: ...ault address allocation for BOOTP clients is disabled Refer to RFC 1534 Interoperation Between DHCP and BOOTP for more information Syntax set dhcp bootp enable disable Parameters clear dhcp conflict 1...

Page 485: ...ct logging command to disable conflict logging Syntax set dhcp conflict logging Parameters None Defaults None Mode Switch command read write Example This example enables DHCP conflict logging C3 rw se...

Page 486: ...26s clear dhcp conflict Use this command to clear conflict information for one or all addresses or to disable conflict logging Syntax clear dhcp conflict logging ip address Parameters Defaults None Mo...

Page 487: ...f the addresses that can be assigned by a DHCP server by excluding addresses 172 20 28 80 100 with the set dhcp exclude command C3 rw set dhcp pool auto1 network 172 20 28 0 24 C3 rw set dhcp exclude...

Page 488: ...ntax set dhcp ping packets number Parameters Defaults None Mode Switch command read write Example This example sets the number of ping packets sent to 3 C3 rw set dhcp ping packets 3 clear dhcp ping U...

Page 489: ...IP address Hardware Address Lease Expiration Type 192 0 0 6 00 33 44 56 22 39 00 11 02 Automatic 192 0 0 8 00 33 44 56 22 33 00 10 22 Automatic 192 0 0 10 00 33 44 56 22 34 00 09 11 Automatic 192 0 0...

Page 490: ...ntax show dhcp server statistics Parameters None Defaults None Mode Read only Example This example displays server statistics C3 ro show dhcp server statistics Automatic Bindings 36 Expired Bindings 6...

Page 491: ...p server statistics SecureStack C3 Configuration Guide 16 11 Parameters None Defaults None Mode Switch command read write Example This example clears all DHCP server counters C3 rw clear dhcp server s...

Page 492: ...he hardware address is not checked A hardware address and type Ethernet or IEEE 802 configured in a manual pool is checked only when a client identifier is not also configured for the pool and the inc...

Page 493: ...et dhcp pool next server 16 21 clear dhcp pool next server 16 21 set dhcp pool lease 16 22 clear dhcp pool lease 16 22 set dhcp pool default router 16 23 clear dhcp pool default router 16 23 set dhcp...

Page 494: ...fix length Parameters Defaults None Mode Switch command read write Usage Use this command to configure a set of IP addresses to be assigned by the DHCP server using the specified address pool In order...

Page 495: ...example deletes the network and mask from the address pool named auto1 C3 rw clear dhcp pool auto1 network set dhcp pool hardware address Use this command to configure the MAC address of the DHCP clie...

Page 496: ...manual binding address pool Syntax clear dhcp pool poolname hardware address Parameters Defaults None Mode Switch command read write Example This example deletes the client hardware address from the...

Page 497: ...ddress from a manual binding address pool Syntax clear dhcp pool poolname host Parameters Defaults None Mode Switch command read write Example This example deletes the host IP address from the address...

Page 498: ...set dhcp pool manual2 client identifier 01 00 01 22 33 44 55 C3 rw set dhcp pool manual2 host 10 12 1 10 255 255 255 0 clear dhcp pool client identifier Use this command to remove the unique identifie...

Page 499: ...255 255 255 0 C3 rw set dhcp pool manual2 client name appsvr1 clear dhcp pool client name Use this command to delete a DHCP client name from an address pool for manual binding Syntax clear dhcp pool p...

Page 500: ...cp pool auto1 bootfile image1 img clear dhcp pool bootfile Use this command to remove a default boot image from the address pool being configured Syntax clear dhcp pool poolname bootfile Parameters De...

Page 501: ...age1 img C3 rw set dhcp pool auto1 next server 10 1 1 10 clear dhcp pool next server Use this command to remove the boot image file server from the address pool being configured Syntax clear dhcp pool...

Page 502: ...the default lease time value of one day for the address pool being configured Syntax clear dhcp pool poolname lease Parameters Defaults Clears the lease time for this address pool to the default valu...

Page 503: ...Mode Switch command read write Example This example assigns a default router at 10 10 10 1 to the address pool named auto1 C3 rw set dhcp pool auto1 default router 10 10 10 1 clear dhcp pool default...

Page 504: ...de Switch command read write Example This example assigns a DNS server at 10 14 10 1 to the address pool auto1 C3 rw set dhcp pool auto1 dns server 10 14 10 1 clear dhcp pool dns server Use this comma...

Page 505: ...ode Switch command read write Example This example assigns the mycompany com domain name to the address pool auto1 C3 rw set dhcp pool auto1 domain name mycompany com clear dhcp pool domain name Use t...

Page 506: ...nd read write Example This example assigns a NetBIOS name server at 10 15 10 1 to the address pool being configured C3 rw set dhcp pool auto1 netbios name server 10 15 10 1 clear dhcp pool netbios nam...

Page 507: ...hybrid as the NetBIOS node type for the address pool auto1 C3 rw set dhcp pool auto1 netbios node type h node clear dhcp pool netbios node type Use this command to remove the NetBIOS node type from t...

Page 508: ...his case IP forwarding is enabled with the 01 value C3 rw set dhcp pool auto1 option 19 hex 01 This example configures DHCP option 72 which assigns one or more Web servers for DHCP clients In this cas...

Page 509: ...e this command to display configuration information for one or all address pools Syntax show dhcp pool configuration poolname all Parameters Defaults None Mode Read only Example This example displays...

Page 510: ...Default Routers 192 0 0 1 Pool static1 Pool Type Manual Client Name appsvr1 Client Identifier 01 00 01 f4 01 27 10 Host 10 1 1 1 255 0 0 0 Lease Time infinite Option 19 hex 01 Pool static2 Pool Type...

Page 511: ...ANs Ports within the VLANs must be configured as trusted or untrusted DHCP servers must be reached through trusted ports DHCP snooping enforces the following security rules DHCP packets from a DHCP se...

Page 512: ...r messages since they are forwarded in hardware Building and Maintaining the Database The DHCP snooping application uses DHCP messages to build and maintain the bindings database The bindings database...

Page 513: ...en the DCHP server can be remotely connected to a routing interface or running locally If the DHCP server is remotely connected then the use of an IP helper address is required and MAC address verific...

Page 514: ...ut Refer to page set dhcpsnooping 17 4 set dhcpsnooping vlan 17 5 set dhcpsnooping database write delay 17 5 set dhcpsnooping trust 17 6 set dhcpsnooping binding 17 7 set dhcpsnooping verify 17 7 set...

Page 515: ...et dhcpsnooping command and then enable it on specific VLANs with this command Example This example enables DHCP snooping on VLANS 10 through 20 C3 rw set dhcpsnooping vlan 10 20 enable set dhcpsnoopi...

Page 516: ...the ports within the VLANs have to be configured as trusted or untrusted On trusted ports DHCP client messages are forwarded directly by the hardware On untrusted ports client messages are given to t...

Page 517: ...will be removed in response to valid DECLINE RELEASE and NACK messages or when the absolute lease time of the entry expires You can add static entries to the bindings database with this command Examp...

Page 518: ...example disables source MAC address verification and logging C3 rw set dhcpsnooping verify mac address disable set dhcpsnooping log invalid Use this command to enable or disable logging of invalid DH...

Page 519: ...DHCP snooping is Disabled DHCP snooping source MAC verification is enabled DHCP snooping is enabled on the following VLANs 3 Interface Trusted Log Invalid Pkts ge 1 1 No Yes ge 1 2 No No ge 1 3 Yes N...

Page 520: ...psnooping limit ge 1 1 rate 20 burst interval 2 C3 rw show dhcpsnooping port ge 1 1 Interface Trust State Rate Limit Burst Interval pps seconds ge 1 1 No 20 2 show dhcpsnooping Use this command to dis...

Page 521: ...itch command read write Usage This command displays where the database file is stored locally and what the write delay value is Example This example shows the output of the show dhcpsnooping database...

Page 522: ...w dhcpsnooping binding dynamic static port port string vlan vlan id Parameters Defaults If no parameters are entered all bindings in the database are displayed Mode Switch command read write Usage Thi...

Page 523: ...logs the event if logging of invalid messages is enabled and drops the message If source MAC verification is enabled for valid client messages DHCP snooping compares the source MAC address to the DHCP...

Page 524: ...1 2 C3 su clear dhcpsnooping binding port ge 1 2 clear dhcpsnooping statistics Use this command to clear the DHCP snooping statistics counters Syntax clear dhcpsnooping statistics Parameters None Defa...

Page 525: ...ckets per second with a burst interval of 1 second Syntax clear dhcpsnooping limit port string Parameters Defaults None Mode Switch command read write Example This example resets the rate limit values...

Page 526: ...reat An untrusted port is one which could potentially be used to launch a network attack DAI considers all physical ports and LAGs untrusted by default Static Mappings Static mappings are useful when...

Page 527: ...le command to reenable the port You can configure both the rate and the burst interval The default rate is 15 pps on each untrusted interface with a range of 0 to 100 pps The default burst interval is...

Page 528: ...nected and optionally enable logging of invalid ARP packets set arpinspection vlan vlan range logging 3 Determine which ports are not security threats and configure them as DAI trusted ports set arpin...

Page 529: ...configured as a DHCP relay agent with the ip helper address command to forward client requests to the DHCP server Therefore MAC address verification is disabled with the set dhcpsnooping verify mac a...

Page 530: ...1 1 enable Dynamic ARP Inspection Commands set arpinspection vlan Use this command to enable dynamic ARP inspection on one or more VLANs and optionally enable logging of invalid ARP packets Syntax se...

Page 531: ...s are also logged Example This example enables DAI on VLANs 2 through 5 and also enables logging of invalid ARP packets on those VLANs C3 su set arpinspection vlan 2 5 logging set arpinspection trust...

Page 532: ...validate src mac dst mac ip Parameters Defaults All parameters are optional but at least one parameter must be specified Mode Switch command read write Usage This command adds additional validation of...

Page 533: ...ed with this command DAI disables the interface which effectively brings down the interface You can use the set port enable command to reenable the port You can configure both the rate and the burst i...

Page 534: ...e thus static mappings have precedence over DHCP snooping bindings Example This example creates an ACL named staticARP and creates a permit rule for IP address 192 168 1 10 Then the ACL is assigned to...

Page 535: ...c host 00 0A 11 22 33 66 show arpinspection ports Use this command to display the ARP configuration of one or more ports Syntax show arpinspection ports port string Parameters Defaults If a port strin...

Page 536: ...5 Disabled Enabled staticARP Enabled show arpinspection statistics Use this command to display ARP statistics for all DAI enabled VLANs or for specific VLANs Syntax show arpinspection statistics vlan...

Page 537: ...t at least one parameter must be specified Mode Switch command read write Usage This command removes previously configured additional validation of ARP packets by DAI beyond the basic validation that...

Page 538: ...and DAI you must enter this command twice Example This example first displays the DAI configuration for VLAN 5 then disables DAI on VLAN 5 then disables logging of invalid ARP packets on VLAN 5 C3 su...

Page 539: ...read write Usage You can use this command to Remove a configured ARP ACL from the switch or Remove a permit rule from a configured ARP ACL or Remove the association of an ARP ACL with a VLAN or VLANs...

Page 540: ...m the switch completely C3 su clear arpinspection filter staticARP clear arpinspection limit Use this command to return the DAI rate limiting values to their default values for a port or range of port...

Page 541: ...spection statistics Use this command to clear all dynamic ARP inspection statistics Syntax clear arpinspection statistics Parameters None Defaults None Mode Switch command read write Example This exam...

Page 542: ...clear arpinspection statistics 17 32 DHCP Snooping and Dynamic ARP Inspection...

Page 543: ...page 3 5 Configuring basic platform settings such as host name system clock and terminal display settings Setting Basic Switch Properties on page 3 9 Setting the system IP address set ip address on p...

Page 544: ...lobal router configuration mode configure Router C3 su router 4 Enable interface configuration mode using the routing VLAN or loopback id interface vlan vlan id loopback loop id Router C3 su router Co...

Page 545: ...ol name and for OSPF the instance ID from Global or Interface Configuration mode C3 su router Config router Note To jump to a lower configuration mode type exit at the command prompt To revert back to...

Page 546: ...Enabling Router Configuration Modes 18 4 Preparing for Router Mode...

Page 547: ...erwise noted the commands covered in this chapter can be executed only when the device is in router mode For details on how to enable router configuration modes refer to Enabling Router Configuration...

Page 548: ...name of this device is Vlan 1 The MTU is 1500 bytes The bandwidth is 10000 Mb s Encapsulation ARPA Loopback not set ARP type ARPA ARP Timeout 14400 seconds This example shows how to display informatio...

Page 549: ...xample of how these commands are used refer to Pre Routing Configuration Tasks on page 18 1 A loopback interface is always expected to be up This interface can provide the source address for sent pack...

Page 550: ...ce type is not specified status information for all routing interfaces will be displayed Mode Any router mode Example This example shows how to display configuration information for VLAN 1 C3 su route...

Page 551: ...address on page 19 5 Frame Type Encapsulation type used by this interface Set using the arp command as described in arp on page 19 13 MAC Address MAC address mapped to this interface Incoming Access L...

Page 552: ...e device Syntax show running config Parameters None Defaults None Mode Any router mode Example This example shows how to display the current router operating configuration C3 su router show running co...

Page 553: ...nfig interface vlan 1 C3 su router Config if Vlan 1 no shutdown no ip routing Use this command to disable IP routing on the device By default IP routing is enabled when interfaces are configured for i...

Page 554: ...ckets routed into the tunnel For information about configuring IPv6 parameters on tunnel interfaces such as an IPv6 address see Chapter 22 IPv6 Configuration Commands interface tunnel Use this command...

Page 555: ...mmand specifies the IPv4 source transport address of the tunnel Syntax tunnel source ipv4 addr interface vlan vlan id no tunnel source Parameters Defaults None Mode Router interface configuration C3 s...

Page 556: ...d Example The following example configures the destination IPv4 address for tunnel 1 C3 su router Config interface tunnel 1 C3 su router Config if Tnnl 1 C3 su router Config if Tnnl 1 tunnel destinati...

Page 557: ...ace tunnel tunnel id Parameters Defaults None Mode Router global configuration C3 su router Config Router privileged exec C3 su router Usage Use this command to display general interface information R...

Page 558: ...isplayed Mode Any router mode For information about Refer to page show ip arp 19 12 arp 19 13 ip proxy arp 19 14 arp timeout 19 15 clear arp cache 19 15 ip address Optional Displays ARP entries relate...

Page 559: ...le entries Up to 1 000 static ARP entries are supported per SecureStack C3 system A multicast MAC address can be used in a static ARP entry The no form of this command removes the specified permanent...

Page 560: ...712 7a99 ip proxy arp Use this command to enable proxy ARP on an interface The no form of this command disables proxy ARP Syntax ip proxy arp no ip proxy arp Parameters None Defaults Disabled Mode Int...

Page 561: ...uter Config Example This example shows how to set the ARP timeout to 7200 seconds C3 su router Config arp timeout 7200 clear arp cache Use this command to delete all nonstatic dynamic entries from the...

Page 562: ...oadcast is a packet sent to all hosts on a specific network or subnet The directed broadcast address includes the network or subnet fields with the binary bits of the host portion of the address set t...

Page 563: ...Name Server port 137 NetBIOS Datagram Server port 138 TACACS service port 49 EN 116 Name Service port 42 Mode Router command Global configuration C3 su router Config Router interface configuration C3...

Page 564: ...uration C3 su Router1 Config if Vlan 1 Usage Typically for DHCP BootP when a host requests an IP address it sends out a DHCP broadcast packet Normally the router drops all broadcast packets However by...

Page 565: ...ds show ip route Use this command to display information about IP routes Syntax show ip route destination prefix destination prefix match connected ospf rip static summary Parameters For information a...

Page 566: ...via 168 0 0 249 Vlan 3205 E2 11 11 24 24 32 150 20 via 168 0 0 249 Vlan 3205 O 11 11 25 25 32 8 20 via 168 0 0 249 Vlan 3205 C 11 11 26 26 32 0 0 directly connected Loopback 0 O 11 11 27 27 32 8 10 v...

Page 567: ...lt value of 1 will be applied Mode Global configuration C3 su router Config Example This example shows how to set IP address 10 1 2 3 as the next hop gateway to destination address 10 0 0 0 C3 su rout...

Page 568: ...ach hop between the source and the traceroute destination Syntax traceroute host Parameters Defaults None Mode Privileged EXEC C3 su router Usage There is also a traceroute command available in switch...

Page 569: ...redirect enable no ip icmp redirect enable Parameters None Defaults By default sending ICMP redirects to the CPU is enabled globally and on all interfaces Mode Router global configuration mode C3 su r...

Page 570: ...parameter information for all VLAN interfaces is displayed Mode Privileged EXEC mode C3 su router Router global configuration mode C3 su router Config Examples This example displays the global ICMP r...

Page 571: ...stack must have a valid license If you wish to purchase an advanced routing license contact Enterasys Networks Sales Router The commands covered in this chapter can be executed only when the device is...

Page 572: ...mode router rip on page 20 2 Enable RIP on an interface ip rip enable on page 20 3 Configure an administrative distance distance on page 20 3 Allow reception of a RIP version ip rip send version on p...

Page 573: ...outer ip rip enable Use this command to enable RIP on an interface The no form of this command disables RIP on an interface By default RIP is disabled on all interfaces Syntax ip rip enable no ip rip...

Page 574: ...to 1001 C3 su router Config router rip C3 su router Config router distance 100 ip rip send version Use this command to set the RIP version for RIP update packets transmitted out an interface The no v...

Page 575: ...1 2 none no ip rip receive version Parameters Mode Interface configuration C3 su router Config if Vlan 1 Defaults None Example This example shows how to set the RIP receive version to 2 for update pa...

Page 576: ...command prevents RIP from using authentication Syntax ip rip message digest key keyid md5 key no ip rip message digest key keyid Parameters Mode Interface configuration C3 su router Config if Vlan 1...

Page 577: ...e To verify which routes are summarized for an interface use the show ip route command as described in show ip route on page 19 19 The reverse of the command re enables automatic route summarization B...

Page 578: ...rom transmitting update packets on an interface The no form of this command disables passive interface Syntax passive interface vlan vlan id no passive interface vlan vlan id Parameters Defaults None...

Page 579: ...istribute Use this command to allow routing information discovered through non RIP protocols to be distributed in RIP update messages The no form of this command clears redistribution parameters Synta...

Page 580: ...into RIP update messages C3 su router Config router rip C3 su router Config router redistribute static static Specifies that non RIP routing information discovered via static routes will be redistribu...

Page 581: ...routing license See the Activating Licensed Features chapter Enable OSPF configuration mode router id on page 20 12 router ospf on page 20 13 Enable or disable RFC 1583 compatibility 1583compatibilit...

Page 582: ...ple shows how to set the OSPF router ID to IP address 182 127 62 1 C3 su router Config router router id 182 127 62 1 Define an area as a stub area area stub on page 20 22 Set the cost value for the de...

Page 583: ...s refer to Table 18 2 on page 18 2 Only one OSPF process process id is allowed per SecureStack C3 router Example This example shows how to enable routing for OSPF process 1 C3 su router conf terminal...

Page 584: ...rface configuration C3 su router Config if Vlan 1 Example This example shows how to enable OSPF on the VLAN 1 interface C3 su router Config interface vlan 1 C3 su router Config if Vlan 1 ip ospf enabl...

Page 585: ...ospf cost Parameters Defaults None Mode Interface configuration C3 su router Config if Vlan 1 Usage Each router interface that participates in OSPF routing is assigned a default cost This command ove...

Page 586: ...s 5 seconds for delay and 10 seconds for holdtime Syntax timers spf spf delay spf hold no timers spf Parameters Defaults None Mode Router configuration C3 su router Config router Example This example...

Page 587: ...ample shows how to set the OSPF retransmit interval for the VLAN 1 interface to 20 C3 su router Config interface vlan 1 C3 su router Config if Vlan 1 ip ospf retransmit interval 20 ip ospf transmit de...

Page 588: ...ults None Mode Interface configuration C3 su router Config if Vlan 1 Example This example shows how to set the hello interval to 5 for the VLAN 1 interface C3 su router Config interface vlan 1 C3 su r...

Page 589: ...de Interface configuration C3 su router Config if Vlan 1 Usage This password is used as a key that is inserted directly into the OSPF header in routing protocol packets A separate password can be assi...

Page 590: ...Interface configuration C3 su router Config if Vlan 1 Example This example shows how to enable OSPF MD5 authentication on the VLAN 1 interface set the key identifier to 20 and set the password to pas...

Page 591: ...uter ospf 1 C3 su router Config router distance ospf external 100 area range Use this command to define the range of addresses to be used by Area Border Routers ABRs when they communicate routes to ot...

Page 592: ...ummary no area area id stub no summary Parameters Mode Router configuration C3 su router Config router Defaults If no summary is not specified the stub area will be able to receive LSAs area id Specif...

Page 593: ...outer configuration C3 su router Config router Usage The use of this command is restricted to ABRs attached to stub and NSSA areas Example This example shows how to set the cost value for stub area 10...

Page 594: ...he backbone and a non backbone OSPF area The no form of this command removes the virtual link and or its associated settings Syntax area area id virtual link router id no area area id virtual link rou...

Page 595: ...to be used by the virtual link Valid values are alphanumeric strings of up to 8 characters Neighbor virtual link routers on a network must have the same password dead interval seconds Specifies the n...

Page 596: ...es that non OSPF information discovered via directly connected interfaces will be redistributed rip Specifies that RIP routing information will be redistributed in OSPF static Specifies that non OSPF...

Page 597: ...database Parameters None Defaults None Mode Any router mode Example This example shows how to display all OSPF link state database information This is a portion of the command output C3 su router sho...

Page 598: ...lay OSPF interface related information including network type priority cost hello interval and dead interval Syntax show ip ospf interface vlan vlan id Parameters Table 20 3 show ip ospf database Outp...

Page 599: ...p ospf cost command For details refer to ip ospf cost on page 20 15 Transmit Delay The number in seconds added to the LSA Link State Advertisement age field State The interface state versus the state...

Page 600: ...an explanation of the command output detail Optional Displays detailed information about the neighbors including the area in which they are neighbors who the designated router backup designated router...

Page 601: ...ides an explanation of the command output clear ip ospf process Use this command to reset the OSPF process This will require adjacencies to be reestablished and routes to be reconverged Syntax clear i...

Page 602: ...de Privileged EXEC C3 su router Example This example shows how to reset OSPF process 1 C3 su router clear ip ospf process 1 process id Specifies the process ID an internally used identification number...

Page 603: ...multicast routing table Enabling DVMRP on an Interface DVMRP is disabled by default both globally and on each interface Enabling DVMRP on a routed interface requires completing the steps listed in Tab...

Page 604: ...ess C3 su router Config ip dvmrp ip dvmrp enable Use this command to enable DVMRP on an interface The no form of this command disables DVMRP on an interface Syntax ip dvmrp enable no ip dvmrp enable P...

Page 605: ...faults None Mode Interface configuration C3 su router Config if Vlan 1 Usage To reset the DVMRP metric back to the default value of 1 enter ip dvmrp metric 1 Example This example shows how to set a DV...

Page 606: ...tatus information will be displayed Mode Any router mode Example This example shows how to display DVMRP status information C3 su router show ip dvmrp Vlan Id Metric Admin Status Oper Status 10 Enable...

Page 607: ...ace The no form of this command disables IRDP on an interface Syntax ip irdp enable no ip irdp enable Parameters None Defaults None Mode Interface configuration C3 su router Config if Vlan 1 Example T...

Page 608: ...ce C3 su router Config interface vlan 1 C3 su router Config if Vlan 1 ip irdp maxadvertinterval 1000 ip irdp minadvertinterval Use this command to set the minimum interval in seconds between IRDP adve...

Page 609: ...is example shows how to set the IRDP hold time to 4000 seconds on the VLAN 1 interface C3 su router Config interface vlan 1 C3 su router Config if Vlan 1 ip irdp holdtime 4000 ip irdp preference Use t...

Page 610: ...ip irdp broadcast Use this command to configure IRDP to use the limited broadcast address of 255 255 255 255 The default is multicast with address 224 0 0 1 The no form of this command resets IRDP to...

Page 611: ...VLAN 1 interface C3 su router Config interface vlan 1 C3 su router Config if vlan 1 show ip irdp vlan 1 Interface vlan 1 has router discovery enabled Advertisements will occur between 450 and 600 seco...

Page 612: ...s all VRRP configurations from the running configuration Syntax router vrrp no router vrrp Parameters None Defaults None Mode Global configuration C3 su router Config Advanced License Required VRRP is...

Page 613: ...the VRRP session Syntax create vlan vlan id vrid no create vlan vlan id vrid Parameters Defaults None Mode Router configuration C3 su router Config router Usage This command must be executed to create...

Page 614: ...es the master If priority values are the same then the VRRP router with the higher IP address is selected master For details on using the priority command refer to priority on page 20 45 Example This...

Page 615: ...d clears the VRRP advertise interval value Syntax advertise interval vlan vlan id vrid interval no advertise interval vlan vlan id vrid interval vlan vlan id Specifies the number of the VLAN on which...

Page 616: ...vlan 1 1 3 preempt Use this command to enable or disable preempt mode on a VRRP router The no form of this command disables preempt mode Syntax preempt vlan id vrid no preempt vlan id vrid Parameters...

Page 617: ...empt vlan 1 1 enable Use this command to enable VRRP on an interface The no form of this command disables VRRP on an interface Syntax enable vlan vlan id vrid no enable vlan vlan id vrid Parameters De...

Page 618: ...n 1 Example This example shows how to set the VRRP authentication key chain to password on the VLAN 1 interface C3 su router Config interface vlan 1 C3 su router Config if Vlan 1 ip vrrp authenticatio...

Page 619: ...e members are densely located and bandwidth is plentiful DVMRP would suffice see Configuring DVMRP on page 20 33 PIM SM determines the network topology using the underlying unicast routing protocol to...

Page 620: ...example shows how to globally enable and disable PIM C3 su router Config ip pimsm C3 su router Config no ip pimsm ip pimsm staticrp This command is used to create a manual Rendezvous Point IP address...

Page 621: ...nterface to enabled By default PIM is disabled on all IP interfaces The no form of this command disables PIM on the specific interface Syntax ip pimsm enable no ip pimsm enable Parameters None Default...

Page 622: ...Interface configuration C3 su router Config if Vlan 1 Example This example shows how to set the hello interval rate to 100 seconds C3 su router Config interface vlan 1 C3 su router Config if Vlan 1 ip...

Page 623: ...m componenttable Parameters None Defaults None Mode Any router mode Example This example shows how to display PIM router information C3 su router show ip pimsm componenttable Table 20 7 show ip pimsm...

Page 624: ...ation C3 su router show ip pimsm interface vlan 30 VLAN ID 30 IP Address 192 168 30 1 Subnet Mask 255 255 255 0 Mode enable Table 20 8 show ip pimsm componenettable Output Details Output Field What it...

Page 625: ...et Mask The Subnet Mask for the IP address of the PIM interface Mode Indicates whether PIM SM is enabled or disabled on the specified interface This is a configured value By default it is disabled Hel...

Page 626: ...all IP multicast groups or for a specific group address The information in the table is displayed for each IP multicast group Syntax show ip pimsm rp group address group mask all candidate Parameters...

Page 627: ...ddress 224 0 0 0 240 0 0 0 192 168 30 2 show ip pimsm rphash Displays the Rendezvous Point router that will be selected from the set of active RP routers The RP router for the group is selected by usi...

Page 628: ...ip pimsm staticrp Display the PIM SM static Rendezvous Point information Syntax show ip pimsm staticrp Parameters None Mode Any router mode Defaults None Example This example shows how to display PIM...

Page 629: ...C3 su router show ip mroute Active IP Multicast Sources Flags D Dense S Sparse C Connected L Local P Pruned R RP bit set F Register flag T SPT bit set Outgoing interface flags H Hardware switched Time...

Page 630: ...lans 8 Source Network 192 168 111 10 Source Mask 0 0 0 0 MultiCast Group 239 1 8 169 Uptime 6582 Upstream Neighbor 0 0 0 0 Upstream Vlan 111 Downstream Vlans 8 Source Network 192 168 111 10 Source Mas...

Page 631: ...the switch and to display IPv6 status information Commands show ipv6 status Use this command to display the status of the IPv6 management function Syntax show ipv6 status Parameters None For informat...

Page 632: ...management is disabled Mode Switch mode read write Usage When you enable IPv6 management on the switch the system automatically generates a link local host address for the switch from the host MAC ad...

Page 633: ...su set ipv6 address 2001 0db8 1234 5555 9876 2 64 C3 su show ipv6 address Name IPv6 Address host FE80 201 F4FF FE5C 2880 64 host 2001 DB8 1234 5555 9876 2 64 This example shows how to use the eui64 p...

Page 634: ...4 host 2001 DB8 1234 5555 201 F4FF FE5C 2880 64 gateway FE80 201 F4FF FE5D 1234 clear ipv6 address Use this command to clear IPv6 global addresses Syntax clear ipv6 address all ipv6 addr prefix length...

Page 635: ...555 9876 2 64 gateway FE80 201 F4FF FE5D 1234 C3 su clear ipv6 address all C3 su show ipv6 address Name IPv6 Address host FE80 201 F4FF FE5C 2880 64 gateway FE80 201 F4FF FE5D 1234 set ipv6 gateway Us...

Page 636: ...1234 clear ipv6 gateway Use this command to clear an IPv6 gateway address Syntax clear ipv6 gateway Parameters None Defaults None Mode Switch mode read write Example This example shows how to remove a...

Page 637: ...o display IPv6 netstat information Syntax show ipv6 netstat Parameters None Defaults None Mode Switch command read only Example This example shows the output of this command C3 su show ipv6 netstat Pr...

Page 638: ...ead write Usage This command is also available in router mode Examples This example shows output from a successful ping to IPv6 address 2001 0db8 1234 5555 1234 1 C3 su ping ipv6 2001 0db8 1234 5555 1...

Page 639: ...lso available in router mode Example This example shows how to use traceroute to display a round trip path to host 2001 0db8 1234 5555 C3 su router traceroute ipv6 2001 0db8 1234 5555 1 Traceroute to...

Page 640: ...traceroute ipv6 21 10 IPv6 Management...

Page 641: ...ecifies PDU options of two classes both of which are supported hop by hop options and destination options While new options can be defined in the future the following are currently supported routing f...

Page 642: ...are available including stateless stateful address configuration router and address lifetimes and Neighbor Discovery timer control Ping and traceroute applications for IPv6 are provided Management of...

Page 643: ...e no form of this command disables IPv6 forwarding on the router Example This example disables IPv6 forwarding C3 su router Config no ipv6 forwarding ipv6 hop limit This command sets the maximum numbe...

Page 644: ...next hop addr pref no ipv6 route ipv6 prefix prefix length interface tunnel tunnel id vlan vlan id next hop addr pref Parameters hops Specifies the maximum number of IPv6 hops used in IPv6 packets an...

Page 645: ...distance or preference for static IPv6 routes Syntax ipv6 route distance pref no ipv6 route distance Parameters Defaults Default preference or administrative distance is 1 Mode Router global configur...

Page 646: ...tance value to 3 C3 su router Config ipv6 route distance 3 ipv6 unicast routing This command enables disables forwarding of IPv6 unicast datagrams Syntax ipv6 unicast routing no ipv6 unicast routing P...

Page 647: ...from 2001 DB8 1234 5555 1234 1 Average round trip time 1 00 ms This example shows output from an unsuccessful ping to IPv6 address 2001 0db8 1234 5555 1234 1 C3 su ping ipv6 2001 0db8 1234 5555 1234 1...

Page 648: ...uter ping ipv6 interface vlan 6 link local address fe80 211 88ff fe55 4a7f Send count 3 Receive count 3 from fe80 211 88ff fe55 4a7f Average round trip time 1 00 ms traceroute ipv6 Use this command to...

Page 649: ...e shows how to use traceroute to display a round trip path to host 2001 0db8 1234 5555 1 C3 su router traceroute ipv6 2001 0db8 1234 5555 1 Traceroute to 2001 0db8 1234 5555 1 30 hops max 40 byte pack...

Page 650: ...efix and length and the SecureStack C3 generates the low order 64 bits The hexadecimal letters in the IPv6 addresses are not case sensitive For information about Refer to page ipv6 address 22 10 ipv6...

Page 651: ...led IPv6 Prefix is FE80 211 88FF FE55 4A7F 128 3FFE 501 FFFF 101 211 88FF FE55 4A7F 64 Routing Mode Enabled Interface Maximum Transmit Unit 1500 Router Duplicate Address Detection Transmits 1 Router A...

Page 652: ...1800 Router Advertisement Reachable Time 0 Router Advertisement Interval 600 Router Advertisement Managed Config Flag Disabled Router Advertisement Other Config Flag Disabled Router Advertisement Sup...

Page 653: ...ration Guide 22 13 Example This example sets the MTU value to 1500 bytes C3 su router Config if Vlan 1 ipv6 mtu 1500 Note All interfaces attached to the same physical medium must be configured with th...

Page 654: ...cific interface Syntax clear ipv6 neighbor vlan vlan id Parameters Defaults None Mode Router privileged exec C3 su router Usage To clear all dynamically learned Neighbor Cache entries use this command...

Page 655: ...gned to the interface Use this command to change the number of Neighbor Solicitation messages that can be sent for Duplicate Address Detection from the default value of 1 The no form of the command re...

Page 656: ...hability confirmation must be received from a neighbor for the neighbor to be considered reachable Syntax ipv6 nd reachable time msec no ipv6 nd reachable time Parameters Defaults By default a value o...

Page 657: ...hable time 60000 ipv6 nd other config flag This command sets the other stateful configuration flag in router advertisements sent on this interface to true Syntax ipv6 nd other config flag no ipv6 nd o...

Page 658: ...ipv6 nd ra interval 120 ipv6 nd ra lifetime This command sets the value in seconds that is placed in the Router Lifetime field of router advertisements sent from this interface Syntax ipv6 nd ra lifet...

Page 659: ...lts Suppression disabled Mode Router interface configuration C3 su router Config if Vlan 1 Usage By default transmission of router advertisements is enabled This command disables such transmissions Us...

Page 660: ...fix must be in the form documented in RFC 4291 with the address specified in hexadecimal using 16 bit values between colons The prefix length is a decimal number indicating the number of high order co...

Page 661: ...2 21 Example This example configures a prefix that can be used for both on link determination and autoconfiguration using the default values for valid lifetime and preferred lifetime C3 su router Conf...

Page 662: ...Example This example displays information about IPv6 modes C3 su router show ipv6 IPv6 Forwarding Mode Enabled IPv6 Unicast Routing Mode Enabled show ipv6 interface This command displays information...

Page 663: ...ter show ipv6 interface vlan 7 Vlan 7 Administrative Mode Enabled Vlan 7 IPv6 Routing Operational Mode Enabled IPv6 is Enabled IPv6 Prefix is FE80 211 88FF FE55 4A7F 128 3FFE 501 FFFF 101 211 88FF FE5...

Page 664: ...arameters None Defaults None Mode Router privileged execution C3 su router Usage Use this command to display the contents of the Neighbor Cache Example This example displays the neighbors in the cache...

Page 665: ...State of the cache entry Possible values are Incomplete Reachable Stale Delay Probe and Unknown Last Updated The system uptime when the information for the neighbor was last updated ipv6 addr Specifie...

Page 666: ...3FFE 501 FFFF 100 200 FF FE00 A1A1 Vlan 6 via FE80 200 FF FE00 A1A1 Vlan 6 Table 22 2 provides an explanation of the command output Table 22 2 show ipv6 route Output Details Output Field What It Disp...

Page 667: ...static route can be set with the ipv6 route command Example The following example shows the output of this command C3 su router show ipv6 route preferences Local 0 Static 1 OSPF Intra 8 OSPF Inter 10...

Page 668: ...ummary information displayed by this command C3 su router show ipv6 route summary all IPv6 Routing Table Summary 6 entries Connected Routes 3 Static Routes 3 OSPF Routes 0 Intra Area Routes 0 Inter Ar...

Page 669: ...d 116 Received Datagrams Discarded Due To Header Errors 0 Received Datagrams Discarded Due To MTU 0 Received Datagrams Discarded Due To No Route 0 Received Datagrams With Unknown Protocol 0 Received D...

Page 670: ...ICMPv6 Messages Transmitted 876 ICMPv6 Messages Not Transmitted Due To Error 0 ICMPv6 Destination Unreachable Messages Transmitted 0 ICMPv6 Messages Prohibited Administratively Transmitted 0 ICMPv6 Ti...

Page 671: ...arry enough data Received Datagrams Discarded Other Number of input IPv6 datagrams for which no problems were encountered to prevent their continue processing but which were discarded e g for lack of...

Page 672: ...interface which includes all those counted by ipv6IfIcmpInErrors Note that this interface is the interface to which the ICMP messages were addressed which may not be necessarily the input interface fo...

Page 673: ...ination Unreachable Messages Transmitted Number of ICMP Destination Unreachable messages sent by the interface ICMPv6 Messages Prohibited Administratively Transmitted Number of ICMP destination unreac...

Page 674: ...s example clears the statistics for VLAN 6 C3 su router clear ipv6 statistics vlan 6 ICMPv6 Group Membership Query Messages Transmitted Number of ICMPv6 Group Membership Query messages sent ICMPv6 Gro...

Page 675: ...he mixed stack All the C3 units in the mixed stack will independently perform hardware IPv6 routing tunneling The manager C3 unit will transparently do the hardware IPv6 routing tunneling for all the...

Page 676: ...acks on page 2 5 for additional information If you are adding the C3 switches to an existing C2 stack make one of the C3 switches the stack manager For example if the current stack manager is unit 1 a...

Page 677: ...bled with this command before the C2 switches in the stack will start redirecting routed IPv6 tunneling packets to the C3 proxy server Uses the no form of this command to disable IPv6 proxy routing Ex...

Page 678: ...3 4 IPv6 Proxy Routing Defaults None Mode Any routing mode Example This example shows the output of this command when IPv6 proxy routing is disabled c2 su router Config show ipv6 proxy routing IPv6 Pr...

Page 679: ...t only provides other networking information such as DNS NTP and or SIP information The stateless server behavior is described by RFC 3736 which simply contains descriptions of the portions of RFC 331...

Page 680: ...nment Default Conditions The following table lists the default DHCPv6 conditions Global Configuration Commands Purpose These router global configuration mode commands are used to enable DHCPv6 on the...

Page 681: ...yntax ipv6 dhcp relay agent info opt option Parameters Defaults The default value of the DHCPv6 Relay Agent Information Option is 32 Mode Router global configuration C3 su router Config Usage The DHCP...

Page 682: ...nt circuits and have mechanisms to identify the remote host end of the circuit Refer to RFC 3046 for more information Example This example sets the Relay Agent Remote ID sub option value to 2 C3 su ro...

Page 683: ...ter executing this command and entering pool configuration mode you can return to global configuration mode by executing the exit command Pool configuration commands are described in the section Addre...

Page 684: ...on mode C3 su router Config dhcp6s pool Usage A DNS domain name is configured for stateless server support A DHCPv6 pool can have up to 8 domain names configured for it The no form of this command wil...

Page 685: ...Pv6 server address from the DHCPv6 pool being configured Example This example configures a DNS server address for the pool named PoolA C3 su router Config ipv6 dhcp pool PoolA C3 su router Config dhcp...

Page 686: ...ion 2001 0db8 10 48 00 02 00 00 00 11 0A C0 89 D3 03 00 09 AA exit This command exits from DHCPv5 pool configuration mode and returns to global configuration mode Syntax exit Parameters None prefix pr...

Page 687: ...Guide 24 9 Defaults None Mode Router DHCPv6 pool configuration mode C3 su router Config dhcp6s pool Example This example illustrates how to exit DHCPv6 pool configuration mode C3 su router Config dhc...

Page 688: ...tion Commands on page 24 6 An interface can be configured as either a DHCPv6 server or a DHCPv6 relay agent but not both Use the no form of this command to remove DHCPv6 server functionality from an i...

Page 689: ...DHCPv6 relay agent functionality from an interface destination dest addr Specifies the IPv6 address of a DHCPv6 relay server This IPv6 address can be a global address a multicast address or a link loc...

Page 690: ...0 C3 su router Config interface vlan 8 C3 su router Config if Vlan 8 ipv6 dhcp relay destination 2001 0db8 1234 5555 122 10 64 This example configures interface VLAN 8 as a DHCPv6 relay agent by confi...

Page 691: ...if DHCPv6 is enabled the switch s DHCP unique identifier DUID Syntax show ipv6 dhcp Parameters None Defaults None Mode Router privileged execution C3 su router Example This example illustrates the ou...

Page 692: ...v6 configuration information about VLAN 80 which was configured as a DHCPv6 server C3 su router show ipv6 dhcp interface vlan 80 IPv6 Interface Vlan 80 Mode Server Pool Name newpool Server Preference...

Page 693: ...otal DHCPv6 Packets Transmitted 0 Table 24 2 provides an explanation of the command output Table 24 1 Output of show ipv6 dhcp interface Command Output What it displays IPv6 Interface Shows the interf...

Page 694: ...Packets Received 0 DHCPv6 Malformed Packets Received 0 Received DHCPv6 Packets Discarded 0 Total DHCPv6 Packets Received 0 DHCPv6 Advertisement Packets Transmitted 0 DHCPv6 Reply Packets Transmitted 0...

Page 695: ...DHCPv6 Relay reply Packets Received Number of relay reply received statistics DHCPv6 Malformed Packets Received Number of malformed packets statistics Received DHCPv6 Packets Discarded Number of DHCP...

Page 696: ...delegation C3 su router show ipv6 dhcp pool PoolA DHCPv6 Pool PoolA DNS Server 2001 db8 1234 5678 A Domain Name enterasys com This example displays the output for PoolB that was configured for prefix...

Page 697: ...with the IPv6 address FE80 111 FCF1 DEA5 10 C3 su router show ipv6 dhcp binding FE80 111 FCF1 DEA5 10 DHCP Client Address FE80 111 FCF1 DEA5 10 DUID 000300010002FCA5DC1C IA ID 0x00040001 T1 0 T2 0 Pre...

Page 698: ...show ipv6 dhcp binding 24 20 DHCPv6 Configuration...

Page 699: ...v3 views IPv6 over IPv4 tunnels as a point to point interface with a link local address and possibly a global unicast address OSPFv3 uses the reported MTU for tunnel interfaces OSPFv3 supports ECMP ro...

Page 700: ...reStack C3 Default Conditions The following table lists the default OSPFv3 conditions Condition Default Value IPv6 OSPF Disabled IPv6 OSPF cost 10 IPv6 OSPF dead interval 40 seconds IPv6 OSPF hello in...

Page 701: ...router Syntax ipv6 router id ip address Parameters Defaults None Mode Router global configuration C3 su router Config Usage Use this command to configure the OSPFv3 router ID Example This example ill...

Page 702: ...n originate This command is used to control the advertisement of default routes Syntax default information originate always metric value metric type type no default information originate metric metric...

Page 703: ...default metric for routes redistributed from another protocol into OSPFv3 Syntax default metric metric no default metric Parameters Defaults No default metric is configured Mode Router OSPFv3 configur...

Page 704: ...The following example set the intra area preference to 5 C3 su router Config router distance ospf intra 5 exit overflow interval This command configures the exit overflow interval for OSPFv3 Syntax ex...

Page 705: ...LSDB limit for OSPFv3 Syntax external lsdb limit limit no external lsdb limit Parameters Defaults The default value is 1 Mode Router OSPFv3 configuration C3 su router Config router Usage When the num...

Page 706: ...to allow redistribution of routes from the specified source protocol routers Syntax redistribute connected static metric value metric type type tag tag no redistribute connected static metric metric t...

Page 707: ...n C3 su router Config router Usage The no form of this command configures the OSPFv3 protocol to prohibit redistribution of routes from the specified source protocol routers Example This example confi...

Page 708: ...out Refer to page area default cost 25 10 area nssa 25 11 area nssa default info originate 25 12 area nssa no redistribute 25 12 area nssa no summary 25 13 area nssa translator role 25 14 area nssa tr...

Page 709: ...rea areaid nssa no area areaid nssa Parameters Defaults None Mode Router OSPFv3 configuration C3 su router Config router Usage An NSSA allows some external routes represented by external Link State Ad...

Page 710: ...command to prevent a default route to be advertised within the area Example This example configures NSSA area 20 to advertise a default route C3 su router Config router area 20 nssa default info origi...

Page 711: ...redistribute area nssa no summary This command configures the NSSA area border router to not advertise summary routes into the NSSA Syntax area areaid nssa no summary no area areaid nssa no summary P...

Page 712: ...e NSSA router will participate in the translator election process described in RFC 3101 The OSPF Not So Stubby Area NSSA Option Use the no form of this command to return the configured translator role...

Page 713: ...Area address ranges are not configured by default areaid Specifies the area ID in IP address format dotted quad or as a decimal value interval Specifies the stability interval in seconds The value of...

Page 714: ...saexternallink parameter You can configure multiple address ranges with this command Use the no form of this command to remove a configured address range Example This example configures an address ran...

Page 715: ...ort mode to the default for the specified stub area Example The example disables the import of summary LSAs into stub area 30 C3 su router Config router area 30 stub no summary area virtual link This...

Page 716: ...virtual link neighborid dead interval seconds no area areaid virtual link neighborid dead interval Parameters Defaults The default dead interval is 40 seconds Mode Router OSPFv3 configuration C3 su r...

Page 717: ...l 30 area virtual link retransmit interval This command configures the retransmit interval for the specified OSPFv3 virtual interface Syntax area areaid virtual link neighborid retransmit interval sec...

Page 718: ...irtual link neighborid transmit delay seconds no area areaid virtual link neighborid transmit delay Parameters Defaults The default transmit delay is 1 second Mode Router OSPFv3 configuration C3 su ro...

Page 719: ...n C3 su router Config if Vlan 1 Usage Use this command to enable OSPFv3 on a router VLAN interface or on a loopback interface Use the no form of this command to disable OSPFv3 on an interface For info...

Page 720: ...interface connects Assigning an area ID which does not exist on an interface causes the area to be created with default values Use the no form of this command to remove an area from the interface Exam...

Page 721: ...ce Syntax ipv6 ospf dead interval seconds no ipv6 ospf dead interval seconds Parameters Defaults The default dead interval value is 40 seconds Mode Router interface configuration C3 su router Config i...

Page 722: ...ts that OSPFv3 sends on the interface being configured The shorter the hello interval the faster topological changes will be detected but more routing traffic will ensue The hello interval must be the...

Page 723: ...detection on router interface VLAN 7 C3 su router Config interface vlan 7 C3 su router Config if Vlan 7 ipv6 ospf mtu ignore ipv6 ospf network This command changes the default OSPFv3 network type for...

Page 724: ...an 1 Usage When two routers on the same network attempt to become the designated router the one with the higher router priority takes precedence If there is a tie the router with the higher router ID...

Page 725: ...r interface VLAN 7 C3 su router Config interface vlan 7 C3 su router Config if Vlan 7 ipv6 ospf retransmit interval 10 ipv6 ospf transmit delay This command sets the OSPFv3 transmit delay for the rout...

Page 726: ...delay 25 28 OSPFv3 Configuration Example This example sets the transmit delay value to 4 seconds for router interface VLAN 7 C3 su router Config interface vlan 7 C3 su router Config if Vlan 7 ipv6 osp...

Page 727: ...su router Example This example shows how to display OSPFv3 router information C3 su router show ipv6 ospf Router ID 2 2 2 2 OSPF Admin Mode Enable ASBR Mode Enable For information about Refer to page...

Page 728: ...distribute routes learnt from other protocol The possible values for the ASBR status is enabled if the router is configured to re distribute routes learnt by other protocols or disabled if the router...

Page 729: ...metric for the advertised default routes If the metric is not configured this field is blank Metric Type Whether the routes are External Type 1 or External Type 2 Table 25 1 show ipv6 ospf Output Deta...

Page 730: ...uding the external LS type 5 link state advertisements Stub Mode Whether the specified area is a stub area or not The possible values are enabled and disabled This is a configured value Import Summary...

Page 731: ...xt Hop Intf Address of the next hop toward the destination Next Hop Intf The outgoing router interface to use when forwarding traffic to the next hop Table 25 3 show ipv6 ospf abr Output Details Conti...

Page 732: ...area ID is specified C3 su router show ipv6 ospf 10 database Inter Network States Area 0 0 0 10 areaid Optional Display database information about a specific area Enter the area ID in IP address form...

Page 733: ...0 Adv Router Link Id Age Sequence Csum Options Rtr Opt 2 2 2 2 0 1288 80000273 32A9 V6E R EB 3 3 3 3 0 1098 80000251 7D11 V6E RD network links States Area 0 0 0 0 Adv Router Link Id Age Sequence Csum...

Page 734: ...unction of the specified LSA LS Seq Number Number that represents which LSA is more recent Checksum Total number LSA checksum Lenght Size of the LSA in bytes Options Option bits in LSA header Refer to...

Page 735: ...Ext 0 Self Originated Type 5 Ext 0 Total 66 Table 25 6 provides an explanation of the database summary command output Table 25 6 show ipv6 ospf database database summary Output Details Output Field W...

Page 736: ...3 link state database Area Unknown Total number of area unknown LSAs in the OSPFv3 link state database AS Unknown Total number of as unknown LSAs in the OSPFv3 link state database Self Originated Type...

Page 737: ...e 25 7 provides an explanation of the command output Table 25 7 show ipv6 ospf interface Command Output Details Output Field What It Displays IPv6 Address The IPv6 address of the interface ifIndex The...

Page 738: ...ets 1053 Metric Cost The priority of the path Low costs have a higher priority than high costs OSPF MTU ignore Whether to ignore MTU mismatches in database descriptor packets sent from neighboring rou...

Page 739: ...abase excluding AS External LSAs IPv6 Address The IP address associated with this OSPFv3 interface OSPF Interface Events The number of times the specified OSPFv3 interface has changed its state or an...

Page 740: ...the interface has a neighbor Examples This example illustrates the summary information displayed when no neighbor is specified C3 su router show ipv6 ospf neighbor Router ID Priority Intf Interface S...

Page 741: ...information has been received from the neighbor Attempt no recent information has been received from the neighbor but a more concerted effort should be made to contact the neighbor Init a Hello packet...

Page 742: ...ted with the interface Options An integer value that indicates the optional OSPFv3 capabilities supported by the neighbor These are listed in its Hello packets This enables received Hello Packets to b...

Page 743: ...he area ID of the requested OSPFv3 area IPv6 Prefix Prefix Length An IPv6 prefix and length which represents a configured area range Lsdb Type The type of link advertisement associated with this area...

Page 744: ...ion of the command output areaid Specifies the area ID in IP address format dotted quad or as a decimal value neighborid Specifies the neighbor by its router ID specified in 32 bit dotted quad format...

Page 745: ...Metric The metric of this virtual link Neighbor State The state of the neighbor States are down loopback waiting point to point designated router and backup designated router Table 25 13 show ipv6 osp...

Page 746: ...show ipv6 ospf virtual link 25 48 OSPFv3 Configuration...

Page 747: ...cates user access of Telnet management console local management and WebView via a central RADIUS Client Server or For information about Refer to page Overview of Authentication and Authorization Metho...

Page 748: ...ication method Each user or device can be mapped to the same or different roles using Enterasys policy for access control VLAN authorization traffic rate limiting and quality of service This is the mo...

Page 749: ...Attribute and Dynamic Policy Profile Assignment If you configure an authentication method that requires communication with a RADIUS server you can use the RADIUS Filter ID attribute to dynamically ass...

Page 750: ...To configure the authentication login method to be used for management Commands The commands used to configure the authentication login method are listed below show authentication login Use this comm...

Page 751: ...login method to the default setting of any Syntax clear authentication login Parameters None Defaults None Mode Switch command Read Write Example This example shows how to reset the authentication log...

Page 752: ...pplication when generating RADIUS packets Commands show radius Use this command to display the current RADIUS client server configuration Syntax show radius status retries timeout server index all Par...

Page 753: ...all servers or a specific RADIUS server as defined by an index Table 26 1 show radius Output Details Output Field What It Displays RADIUS status Whether RADIUS is enabled or disabled RADIUS retries Nu...

Page 754: ...mes out Valid values are from 0 to 10 Default is 3 timeout timeout Specifies the maximum amount of time in seconds to establish contact with the RADIUS server before retry attempts begin Valid values...

Page 755: ...ut server index all realm index all Parameters Mode Switch command read write Defaults None Examples This example shows how to clear all settings on all RADIUS servers C3 su clear radius server all Th...

Page 756: ...counting refer to set radius accounting on page 26 10 C3 ro show radius accounting RADIUS accounting status Disabled RADIUS Acct Server IP Address Acct Port Retries Timeout Status 1 172 16 2 10 1856 3...

Page 757: ...10 C3 su set radius accounting retries 10 clear radius accounting Use this command to clear RADIUS accounting configuration settings Syntax clear radius accounting server ip address retries timeout co...

Page 758: ...s example displays the output of this command In this case the IP address assigned to loopback interface 1 will be used as the source IP address of the RADIUS application C3 rw show radius interface l...

Page 759: ...ed interface on which the packet egresses If loopback 0 has been configured the NAS IP will be set to the IP address of loopback 0 Otherwise the NAS IP will be zero Example This example configures an...

Page 760: ...horization Configuration Example This command returns the interface used for the source IP address of the RADIUS application back to the default of the Host interface C3 rw show radius interface vlan...

Page 761: ...fied 802 1X status will be displayed Note To configure EAP pass through which allows client authentication packets to be forwarded through the switch to an upstream device 802 1X authentication must b...

Page 762: ...Responses 0 Backend Access Challenges 0 Backend Others Requests To Supp 0 Backend NonNak Responses From 0 Backend Auth Successes 0 Backend Auth Fails 0 This example shows how to display authentication...

Page 763: ...d portcontrol Optional Displays the current value of the controlled Port control parameter for the port maxreq Optional Displays the value set for maximum requests currently in use by the backend auth...

Page 764: ...orts are specified the reinitialization or reauthentication setting will be applied to all ports Mode Switch command read write Usage Disabling 802 1X authentication globally by not entering a specifi...

Page 765: ...llowing a failed authentication before another attempt can be made by the authenticator PAE state machine Valid values are 0 65535 Default value is 60 seconds reauthenabled false true Enables true or...

Page 766: ...This example shows how to reset the 802 1X port control mode to auto on all ports C3 su clear dot1x auth config authcontrolled portcontrol This example shows how to reset reauthentication control to d...

Page 767: ...mmand read only Example This example shows how to display EAPOL status for ports ge 1 1 3 C3 su show eapol ge 1 1 3 EAPOL is disabled Port Authentication State Authentication Mode ge 1 1 Initialize Au...

Page 768: ...ompletes authenticated The port enters this state from authenticating state after the exchange completes with a favorable result It remains in this state until linkdown logoff or until a reauthenticat...

Page 769: ...nd to globally clear the EAPOL authentication mode or to clear settings for one or more ports Syntax clear eapol auth mode port string enable disable Enables or disables EAPOL auth mode auto forced au...

Page 770: ...all ports Mode Switch command read write Example This example shows how to clear the EAPOL authentication mode for port ge 1 3 C3 su clear eapol auth mode ge 1 3 auth mode Optional Globally clears th...

Page 771: ...thentication significant bits on page 26 35 The most common use of significant bit masks is for authentication of all MAC addresses for a specific vendor Commands show macauthentication Use this comma...

Page 772: ...page 7 1 Table 26 3 show macauthentication Output Details Output Field What It Displays MAC authentication Whether MAC authentication is globally enabled or disabled Set using the set macauthenticati...

Page 773: ...isabled Table 26 4 provides an explanation of the command output Reauth Period Reauthentication period for this port Default value of 30 can be changed using the set macauthentication reauthperiod com...

Page 774: ...password password Parameters Defaults None Mode Switch command read write Reauth Period Reauthentication period for this port set using the set macauthentication reauthperiod command described in set...

Page 775: ...write Example This example shows how to clear the MAC authentication password C3 su clear macauthentication password set macauthentication port Use this command to enable or disable one or more ports...

Page 776: ...on portinitialize port string Parameters Defaults None Mode Switch command read write Example This example shows how to force ge 2 1 through 5 to initialize C3 su set macauthentication portinitialize...

Page 777: ...string is not specified then all ports will be set to the default port quiet period Mode Switch command read write Example This example resets the default quiet period on port 1 C3 su clear macauthent...

Page 778: ...ication enable disable port string Parameters Defaults None Mode Switch command read write Example This example shows how to enable MAC reauthentication on ge 4 1 though 5 C3 su set macauthentication...

Page 779: ...ple This example shows how to force the MAC authentication session for address 00 60 97 b5 4c 07 to reauthenticate C3 su set macauthentication macreauthenticate 00 60 97 b5 4c 07 set macauthentication...

Page 780: ...ear macauthentication reauthperiod port string Parameters Defaults If port string is not specified the reauthentication period will be cleared on all ports Mode Switch command read write Example This...

Page 781: ...figured other than 48 with this command the switch will apply the mask and resend the masked address to the RADIUS server For example if a user with MAC address of 00 16 CF 12 34 56 is denied access a...

Page 782: ...significant bits 26 36 Authentication and Authorization Configuration Mode Switch command read write Example This example resets the MAC authentication significant bits to 48 C3 su clear macauthentic...

Page 783: ...all traffic on the port When multi user authentication is not implemented and more than one supplicant is connected to a port the firmware does not provision network resources on a per user or per dev...

Page 784: ...ation system configuration Supported types dot1x pwa mac Maximum number of users 768 Current number of users 2 System mode multi Default precedence dot1x pwa mac Admin precedence dot1x pwa mac Operati...

Page 785: ...mand sets described in this chapter Refer to Configuring 802 1X Authentication on page 26 15 and Configuring MAC Authentication on page 26 25 and Configuring Port Web Authentication PWA on page 26 68...

Page 786: ...cated by more than one method at the same time the precedence of the authentication methods will determine which RADIUS returned filter ID will be processed and result in an applied traffic policy pro...

Page 787: ...Mode Switch command read only Example This example shows how to display multiple authentication information for ports ge 3 1 4 The number of Max users shown by this command varies depending on the pl...

Page 788: ...t s multiple authentication mode as auth opt Authentication optional non strict behavior If a user does not attempt to authenticate using 802 1x or if 802 1x authentication fails the port will allow t...

Page 789: ...Defaults If no options are specified multiple authentication station entries will be displayed for all MAC addresses and ports Example This example shows how to display multiple authentication station...

Page 790: ...ype radius VLAN Tunnel Attr none Policy index 0 Policy name Administrator Session timeout 0 Session duration 0 00 00 25 Idle timeout 5 Idle time 0 00 00 00 Termination time Not Terminated show multiau...

Page 791: ...hat address for the specified idle timeout period A value of zero indicates that no idle timeout will be applied unless an idle timeout value is provided by the authenticating server For example if a...

Page 792: ...mple resets the idle timeout value for all authentication methods to 0 seconds C3 su clear multiauth idle timeout show multiauth session timeout Use this command to display the session timeout value i...

Page 793: ...e authenticating server For example if a session is authenticated by a RADIUS server that server may encode a Session Timeout Attribute in its authentication response Example This example sets the ses...

Page 794: ...y support multiple users per port The SecureStack C3 can support multiple users per port so the User IP phone application should only be used if you are integrating SecureStack C3s into a legacy deplo...

Page 795: ...red to as dynamic VLAN assignment Please see section 3 31 of RFC 3580 for details on configuring a RADIUS server to return the desired tunnel attributes As stated in RFC 3580 it may be desirable to al...

Page 796: ...authenticated ports for the VLANs returned in the RADIUS authorization filter id string Syntax set vlanauthorization egress none tagged untagged port string Parameters enable disable Enables or disabl...

Page 797: ...string Parameters Defaults If no port string is entered all ports a will be reset to default configuration with VLAN authorization disabled and egress frames untagged Mode Switch command read write E...

Page 798: ...n mode When the maptable response is set to tunnel mode the system will use the tunnel attributes in the RADIUS reply to apply a VLAN to the authenticating user and will ignore any Filter ID attribute...

Page 799: ...iption When Policy Maptable Response is Both Hybrid authentication mode uses both Filter ID attributes and tunnel attributes To enable hybrid authentication mode use the set policy maptable command an...

Page 800: ...and if VLAN authorization is enabled both globally and on the authenticating user s port If the tunnel attributes are present the specified VLAN will be applied to the authenticating user No VLAN to p...

Page 801: ...d also the switch s maptable response setting that is whether the switch is in tunnel mode policy mode or hybrid authentication mode Syntax set policy maptable vlan list policy index response both pol...

Page 802: ...page 26 49 Examples This example shows how to set the policy maptable response to both or hybrid authentication mode C3 rw set policy maptable response both This example shows how to configure a poli...

Page 803: ...onfigured with MAC locking enabled The value n is configured with the set maclock firstarrival command The static method is defined to be statically provisioning a MAC port lock using the set maclock...

Page 804: ...Static Max FirstArrival Last Violating Number Status Status Status Allocated Allocated MAC Address For information about Refer to page show maclock 26 58 show maclock stations 26 59 set maclock enabl...

Page 805: ...Status Whether MAC lock trap messaging is enabled or disabled on the port For details on setting this status refer to set maclock trap on page 26 67 Aging Status Whether aging of FirstArrival MAC addr...

Page 806: ...MAC locking defines which MAC addresses as well as how many MAC addresses are permitted to use specific port s Table 26 7 show maclock stations Output Details Output Field What It Displays Port Number...

Page 807: ...ample This example shows how to disable MAC locking on ge 2 3 C3 su set maclock disable ge 2 3 set maclock Use this command to create a static MAC address to port locking and to enable or disable MAC...

Page 808: ...d port ge 3 2 C3 rw set maclock 0e 03 ef d8 44 55 ge 3 2 create clear maclock Use this command to remove a static MAC address to port locking entry Syntax clear maclock mac address port string Paramet...

Page 809: ...communicate on port ge 3 2 C3 rw clear maclock 0e 03 ef d8 44 55 ge 3 2 set maclock static Use this command to set the maximum number of static MAC addresses allowed per port Static MACs are administr...

Page 810: ...he first arrival count will be reset every time a user moves to another port but will still protect against connecting multiple devices on a single port and will protect against MAC address spoofing p...

Page 811: ...his command to enable or disable the aging of first arrival MAC addresses When enabled first arrival MAC addresses that are aged out of the forwarding database will be removed from the associated port...

Page 812: ...e This example disables first arrival aging on port ge 1 1 C3 su clear maclock agefirstarrival ge 1 1 enable set maclock move Use this command to move all current first arrival MACs to static entries...

Page 813: ...lock trap Use this command to enable or disable MAC lock trap messaging Syntax set maclock trap port string enable disable Parameters Defaults None Mode Switch command read write Usage When enabled th...

Page 814: ...word the switch then authenticates the user via a preconfigured RADIUS server If the login is successful then the user will be granted full network access according to the user s policy configuration...

Page 815: ...mmand output port string Optional Displays PWA information for specific port s Table 26 8 show pwa Output Details Output Field What It Displays PWA Status Whether or not port web authentication is ena...

Page 816: ...n set pwa guestname on page 26 74 PWA Guest Password Guest user s password Default value of an empty string can be changed using the set pwa guestpassword command as described in set pwa guestpassword...

Page 817: ...shows how to display the PWA login banner C3 su show pwa banner Welcome to Enterasys Networks set pwa banner Use this command to configure a string to be displayed as the PWA login banner Syntax set p...

Page 818: ...hows how to reset the PWA login banner to a blank string C3 su clear pwa banner set pwa displaylogo Use this command to set the display options for the Enterasys Networks logo Syntax set pwa displaylo...

Page 819: ...ocol Use this command to set the port web authentication protocol Syntax set pwa protocol chap pap Parameters Defaults None Mode Switch command read write Example This example shows how to set a the P...

Page 820: ...pwa guestname name Parameters Defaults None Mode Switch command read write Example This example shows how to set the PWA guest user name to guestuser C3 su set pwa guestname guestuser clear pwa guestn...

Page 821: ...e shows how to set the PWA guest user password name C3 su set pwa guestpassword Guest Password Retype Guest Password set pwa gueststatus Use this command to enable or disable guest networking for port...

Page 822: ...ied all ports will be initialized Mode Switch command read write Example This example shows how to initialize ports ge 1 5 7 C3 su set pwa initialize ge 1 5 7 set pwa quietperiod Use this command to s...

Page 823: ...a maxrequests requests port string Parameters Defaults If port string is not specified maximum requests will be set for all ports Mode Switch command read write Example This example shows how to set t...

Page 824: ...mple This example shows how to display PWA session information C3 su show pwa session Port MAC IP User Duration Status ge 2 19 00 c0 4f 20 05 4b 172 50 15 121 pwachap10 0 14 46 55 active ge 2 19 00 c0...

Page 825: ...kets on port 80 from the end user and sends the end user a refresh page destined for the PWA IP Address configured Syntax set pwa enhancedmode enable disable Parameters Defaults None Mode Switch comma...

Page 826: ...atus of SSH on the switch Syntax show ssh status Parameters None Defaults None Mode Switch command read only Example This example shows how to display SSH status on the switch C3 su show ssh status SS...

Page 827: ...ommand to reinitialize new SSH authentication keys Syntax set ssh hostkey reinitialize Parameters Defaults None Mode Switch command read write Example This example shows how to regenerate SSH keys C3...

Page 828: ...nies ICMP UDP and IP frames based on restrictions configured with one of the access list commands For details on configuring standard access lists refer to access list standard on page 26 83 For detai...

Page 829: ...ccess list number entryno entryno To insert or replace an ACL entry access list access list number insert replace entryno deny permit source source wildcard To move entries within an ACL access list a...

Page 830: ...55 255 255 This example moves entry 16 to the beginning of ACL 22 C3 su router Config access list 22 move 1 16 access list extended Use this command to define an extended IP access list by number when...

Page 831: ...are IP address or range of addresses A B C D any Any source host host source IP address of a single source host source wildcard Optional Specifies the bits to ignore in the source address eq port Opti...

Page 832: ...at allows the host with IP address 88 255 255 254 to do an SSH remote login to any destination on TCP port 22 C3 su router Config access list 145 permit tcp host 88 255 255 254 any eq 22 This example...

Page 833: ...example shows how to apply access list 1 for all inbound frames on the VLAN 1 interface Through the definition of access list 1 only frames with a source address on the 192 5 34 0 24 network will be r...

Page 834: ...ip access group 26 88 Authentication and Authorization Configuration...

Page 835: ...n RFC 1492 TACACS is defined in an un published and expired Internet Draft draft grant tacacs 02 txt The TACACS Protocol Version 1 78 January 1997 For detailed information about using TACACS in your n...

Page 836: ...e connect state Disabled TACACS service exec TACACS session authorization A V pairs access level attribute value read only priv lvl 0 read write priv lvl 1 super user priv lvl 15 TACACS Server IP addr...

Page 837: ...x show tacacs server index all TACACS singleconnect state Whether TACACS singleconnect is enabled or disabled When enabled the TACACS client sends multiple requests over a single TCP connection TACACS...

Page 838: ...CS servers are configured by default When you do configure a TACACS server the default timeout value is 10 seconds index Display the configuration of the TACACS server identified by index The value of...

Page 839: ...packets coming in for that user Since a task ID is associated with each accounting session if there is a failover to a backup server the accounting information will still be associated with the corre...

Page 840: ...counting Parameters Defaults None Mode Switch command Read Only Examples This example shows how to display client session authorization information C3 ro show tacacs session authorization TACACS servi...

Page 841: ...e authorized If the parameter values do not match the session will not be allowed accounting Specifies that TACACS session accounting is being configured enable disable Enables or disables TACACS sess...

Page 842: ...orization settings to their default values Syntax clear tacacs session authorization service read only read write super user Parameters Defaults At least one of the session authorization parameters mu...

Page 843: ...s command Use this command to enable or disable TACACS accounting or authorization on a per command basis Syntax set tacacs command accounting authorization enable disable Parameters Defaults None Mod...

Page 844: ...ommand to display the current status of the TACACS client s ability to send multiple requests over a single TCP connection Syntax show tacacs singleconnect Parameters None Defaults None Mode Switch co...

Page 845: ...ace Parameters None Defaults None Mode Switch mode read only Example This example displays the output of this command In this case the IP address assigned to loopback interface 1 will be used as the s...

Page 846: ...e received on the configured interface If a loopback interface is configured and there are multiple paths to the application server the outgoing interface gateway is determined based on the best route...

Page 847: ...27 13 None Defaults None Mode Switch command read write Example This command returns the interface used for the source IP address of the TACACS client back to the default of the Host interface C3 rw...

Page 848: ...TACACS Configuration clear tacacs interface 27 14...

Page 849: ...ters Version 5 of sFlow is described in detail in the document entitled sFlow Version 5 available from sFlow org http www sflow org Using sFlow in Your Network The advantages of using sFlow include sF...

Page 850: ...acket flows and time based sampling of counters Table 28 1 sFlow Definitions Term Definition Data Source A Data Source refers to a location within a Network Device that can make traffic measurements P...

Page 851: ...The primary objective of the counter sampling is to in an efficient way periodically export counters associated with Data Sources A maximum sampling interval is assigned to each sFlow Instance associa...

Page 852: ...low receiver 1 owner enterasys timeout 180000 set sflow receiver 1 ip 192 168 16 91 configure packet sampling instances on ports 1 through 12 assign to sFlow Collector 1 set sflow port ge 1 1 12 sampl...

Page 853: ...he Collectors configured on the switch If you specify an individual Collector by its index number additional information is displayed for that Collector Examples This example displays the sFlow Receiv...

Page 854: ...with the set sflow receiver owner command Time Out The time remaining in seconds before the sampler or poller is released and stops sending samples to this receiver Collector The timeout value is conf...

Page 855: ...the samplers and pollers associated with this Collector expire and are removed from the switch s configuration In order to start sending sample data to the Collector again the Collector must be recon...

Page 856: ...ry 1 C3 su set sflow receiver 1 ip 10 10 10 10 set sflow receiver maxdatagram Use this command to set the maximum number of data bytes that can be sent in a single sample datagram Syntax set sflow rec...

Page 857: ...r sflow receiver Use this command to delete a receiver Collector from the sFlow Receivers Table or to return certain parameters to their default values for the specified Collector Syntax clear sflow r...

Page 858: ...nfigure poller instances on ports or data sources Syntax set sflow port port string poller index interval seconds Parameters Defaults The default interval value is 0 seconds which disables counter sam...

Page 859: ...cleared from the switch s configuration Example The following example configures poller instances on ports ge 1 1 through ge 1 8 and associates them with receiver 1 Then a polling interval of 240 seco...

Page 860: ...ifies that the polling interval should be cleared to 0 A value of 0 disables counter sampling port string Specifies the port or ports data sources on which the sampler instance is being configured ind...

Page 861: ...t receiver are also cleared from the switch s configuration A maximum of 32 sampler instances can be configured per switch or stack of switches Example The following example configures sampler instanc...

Page 862: ...nstance on port ge 1 1 C3 su clear sflow port ge 1 1 sampler set sflow interface Use this command to specify the interface used for the source IP address of the sFlow Agent when sending sampling datag...

Page 863: ...on the configured interface If a loopback interface is configured and there are multiple paths to the application server the outgoing interface gateway is determined based on the best route lookup Pa...

Page 864: ...3 rw show sflow interface loopback 1 192 168 10 1 clear sflow interface Use this command to clear the management interface used by the sFlow Agent back to the default of the Host VLAN Syntax clear sfl...

Page 865: ...Use this command to display information about the sFlow Agent Syntax show sflow agent Parameters None Defaults None Mode Switch command read only Example This example displays the output of this comma...

Page 866: ...sFlow Configuration show sflow agent 28 18...

Page 867: ...A 1 Policy Capacities Feature Capacity Maximum policy roles profiles per system 15 Maximum number of unique rules per system 768 Maximum number of ether type rules 128 Maximum number of MAC rules 128...

Page 868: ...be masked Table A 1 Policy Capacities Continued Feature Capacity Table A 2 Authentication Capacities Authentication Feature Capacity IEEE 802 1x dot1x authentication Supported MAC based authentication...

Page 869: ...panning Tree port 9 40 D Defaults CLI behavior described 1 8 factory installed 1 2 DES encryption protocol 8 10 DHCP server configuring 16 1 DHCP snooping basic configuration 17 3 database 17 2 overvi...

Page 870: ...s 20 30 networks 20 14 priority 20 15 redistribute 20 25 retransmit interval 20 17 timers 20 16 transmit delay 20 17 virtual links 20 24 20 31 OSPFv3 about 25 1 area configuration commands 25 10 confi...

Page 871: ...Stub Areas 20 22 Syslog 14 1 System Information displaying basic 3 13 setting basic 3 9 T TACACS configuration 27 1 Technical Support xxxvii Telnet disconnecting 14 17 enabling in switch mode 3 37 Ter...

Page 872: ...Index 4...

Search results

Summary of Contents for SECURESTACK C3

Reviews:

Related manuals for SECURESTACK C3

Brands by name

Popular brands

Enterasys SECURESTACK C3, Configuration Manual

Search results

Summary of Contents for SECURESTACK C3

Reviews:

Related manuals for SECURESTACK C3

Brands by name

Popular brands