Enterasys SECURESTACK C3 Скачать руководство пользователя страница 532

Страница: 532 / 872

set arpinspection validate

17-22

DHCP Snooping and Dynamic ARP Inspection

Usage

Individual

interfaces

are

configured

trusted

untrusted.

The

trust

configuration

for

DAI

independent

the

trust

configuration

for

DHCP

snooping.

trusted

port

the

network

administrator

does

not

consider

security

threat.

untrusted

port

one

which

could

potentially

used

launch

network

attack.

DAI

considers

all

physical

ports

and

LAGs

untrusted

default.

Packets

arriving

trusted

interfaces

bypass

all

DAI

validation

checks.

Example

This

example

enables

port

ge.1.1

trusted

for

DAI.

C3(su)->set arpinspection trust port ge.1.1 enable

set arpinspection validate

Use

this

command

configure

additional

optional

ARP

validation

parameters.

Syntax

set arpinspection validate

{[

src-mac

] [

dst-mac

] [

]}

Parameters

Defaults

All

parameters

are

optional,

but

least

one

parameter

must

specified.

Mode

Switch

command,

read

‐

write.

Usage

This

command

adds

additional

validation

ARP

packets

DAI,

beyond

the

basic

validation

that

the

ARP

packet’s

sender

MAC

address

and

sender

address

match

entry

the

DHCP

snooping

bindings

database.

src

‐

mac

Specifies

that

DAI

should

verify

that

the

sender

MAC

address

equals

the

source

MAC

address

the

Ethernet

header.

dst

‐

mac

Specifies

that

DAI

should

verify

that

the

target

MAC

address

equals

the

destination

MAC

address

the

Ethernet

header.

This

check

only

applies

ARP

responses,

since

the

target

MAC

address

unspecified

ARP

requests.

Specifies

that

DAI

should

check

the

address

and

drop

ARP

packets

with

invalid

address.

invalid

address

one

the

following:

•

0.0.0.0

•

255.255.255.255

•

All IP multicast addresses

•

All class E addresses (240.0.0.0/4)

•

Loopback addresses (in the range 127.0.0.0/8)

Содержание SECURESTACK C3

Страница 1: ...Enterasys SecureStack C3 Stackable Switches Configuration Guide Firmware Version 6 03 xx xxxx P N 9034313 07...

Страница 2: ......

Страница 3: ...BILITY OF SUCH DAMAGES Enterasys Networks Inc 50 Minuteman Road Andover MA 01810 2009 Enterasys Networks Inc All rights reserved Part Number 9034313 07 June 2009 ENTERASYS ENTERASYS NETWORKS ENTERASYS...

Страница 4: ...and conditions of this Agreement 2 RESTRICTIONS Except as otherwise authorized in writing by Enterasys You may not nor may You permit any third party to a Reverse engineer decompile disassemble or mo...

Страница 5: ...THE PROGRAM TO YOU 7 LIMITATION OF LIABILITY IN NO EVENT SHALL ENTERASYS OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING WITHOUT LIMITATION DAMAGES FOR LOSS OF BUSINESS PROFITS BUSINE...

Страница 6: ...each of this Agreement 12 WAIVER A waiver by Enterasys of a breach of any of the terms and conditions of this Agreement must be in writing and will not be construed as a waiver of any subsequent breac...

Страница 7: ...a Stack 2 3 Adding a New Unit to an Existing Stack 2 3 Creating a Virtual Switch Configuration 2 3 Considerations About Using Clear Config in a Stack 2 5 Issues Related to Mixed Type Stacks 2 5 Featu...

Страница 8: ...me 3 21 set summertime 3 22 set summertime date 3 22 set summertime recurring 3 23 clear summertime 3 24 set prompt 3 24 show banner motd 3 25 set banner motd 3 25 clear banner motd 3 26 show version...

Страница 9: ...50 Purpose 3 50 Commands 3 50 reset 3 50 clear config 3 51 Using and Configuring WebView 3 52 Purpose 3 52 Commands 3 52 show webview 3 52 set webview 3 53 show ssl 3 53 set ssl 3 54 Gathering Techni...

Страница 10: ...et ciscodp timer 6 9 set ciscodp holdtime 6 10 set ciscodp port 6 10 clear ciscodp 6 12 Configuring Link Layer Discovery Protocol and LLDP MED 6 13 Overview 6 13 Purpose 6 13 Commands 6 14 Configurati...

Страница 11: ...alias 7 9 set port alias 7 9 Setting Speed and Duplex Mode 7 11 Purpose 7 11 Commands 7 11 show port speed 7 11 set port speed 7 12 show port duplex 7 12 set port duplex 7 13 Enabling Disabling Jumbo...

Страница 12: ...mands 7 38 show port mirroring 7 38 set port mirroring 7 39 clear port mirroring 7 40 set mirror vlan 7 40 clear mirror vlan 7 41 Link Aggregation Control Protocol LACP 7 42 LACP Operation 7 42 LACP T...

Страница 13: ...ommunity 8 14 clear snmp community 8 15 Configuring SNMP Access Rights 8 15 Purpose 8 15 Commands 8 16 show snmp access 8 16 set snmp access 8 18 clear snmp access 8 19 Configuring SNMP MIB Views 8 19...

Страница 14: ...Bridge Parameters 9 3 Purpose 9 3 Commands 9 4 show spantree stats 9 5 set spantree 9 7 show spantree version 9 7 set spantree version 9 8 clear spantree version 9 9 show spantree bpdu forwarding 9 9...

Страница 15: ...autoedge 9 33 Configuring Spanning Tree Port Parameters 9 34 Purpose 9 34 Commands 9 34 set spantree portadmin 9 34 clear spantree portadmin 9 35 show spantree portadmin 9 35 show spantree portpri 9 3...

Страница 16: ...name 10 7 Assigning Port VLAN IDs PVIDs and Ingress Filtering 10 8 Purpose 10 8 Commands 10 8 show port vlan 10 8 set port vlan 10 9 clear port vlan 10 9 show port ingress filter 10 10 set port ingres...

Страница 17: ...ing Policy Class of Service CoS 11 17 About Policy Based CoS Configurations 11 17 About CoS Based Flood Control 11 19 Commands 11 20 set cos state 11 20 show cos state 11 21 clear cos state 11 21 set...

Страница 18: ...13 4 set igmpsnooping groupmembershipinterval 13 4 set igmpsnooping maxresponse 13 5 set igmpsnooping mcrtrexpiretime 13 6 set igmpsnooping add static 13 6 set igmpsnooping remove static 13 7 show ig...

Страница 19: ...t 14 17 show netstat 14 17 Managing Switch Network Addresses and Routes 14 19 Purpose 14 19 Commands 14 19 show arp 14 19 set arp 14 20 clear arp 14 21 traceroute 14 21 show mac 14 22 show mac agetime...

Страница 20: ...15 6 Commands 15 6 show rmon history 15 6 set rmon history 15 7 clear rmon history 15 7 Alarm Group Commands 15 9 Purpose 15 9 Commands 15 9 show rmon alarm 15 9 set rmon alarm properties 15 10 set rm...

Страница 21: ...clear dhcp pool network 16 15 set dhcp pool hardware address 16 15 clear dhcp pool hardware address 16 16 set dhcp pool host 16 16 clear dhcp pool host 16 17 set dhcp pool client identifier 16 17 cle...

Страница 22: ...ics 17 14 clear dhcpsnooping database 17 14 clear dhcpsnooping limit 17 15 Dynamic ARP Inspection Overview 17 15 Functional Description 17 16 Basic Configuration 17 18 Example Configuration 17 19 Dyna...

Страница 23: ...se 19 16 Commands 19 16 ip directed broadcast 19 16 ip forward protocol 19 17 ip helper address 19 18 Reviewing IP Traffic and Configuring Routes 19 19 Purpose 19 19 Commands 19 19 show ip route 19 19...

Страница 24: ...area range 20 21 area stub 20 22 area default cost 20 23 area nssa 20 23 area virtual link 20 24 redistribute 20 25 show ip ospf 20 26 show ip ospf database 20 27 show ip ospf interface 20 28 show ip...

Страница 25: ...show ip pimsm staticrp 20 58 show ip mroute 20 59 Chapter 21 IPv6 Management Purpose 21 1 Commands 21 1 show ipv6 status 21 1 set ipv6 21 2 set ipv6 address 21 3 show ipv6 address 21 4 clear ipv6 add...

Страница 26: ...IPv6 Proxy Routing Overview 23 1 Limitations 23 2 Preparing a Mixed Stack for IPv6 Proxy Routing 23 2 Commands 23 3 ipv6 proxy routing 23 3 show ipv6 proxy routing 23 3 Chapter 24 DHCPv6 Configuration...

Страница 27: ...ea nssa default info originate 25 12 area nssa no redistribute 25 12 area nssa no summary 25 13 area nssa translator role 25 14 area nssa translator stab intv 25 14 area range 25 15 area stub 25 16 ar...

Страница 28: ...5 Configuring RADIUS 26 6 Purpose 26 6 Commands 26 6 show radius 26 6 set radius 26 7 clear radius 26 9 show radius accounting 26 10 set radius accounting 26 10 clear radius accounting 26 11 show rad...

Страница 29: ...h station 26 43 show multiauth session 26 43 show multiauth idle timeout 26 44 set multiauth idle timeout 26 45 clear multiauth idle timeout 26 46 show multiauth session timeout 26 46 set multiauth se...

Страница 30: ...equest 26 77 set pwa portcontrol 26 77 show pwa session 26 78 set pwa enhancedmode 26 79 Configuring Secure Shell SSH 26 80 Purpose 26 80 Commands 26 80 show ssh status 26 80 set ssh 26 80 set ssh hos...

Страница 31: ...16 show sflow agent 28 17 Appendix A Policy and Authentication Capacities Policy Capacities A 1 Authentication Capacities A 2 Index Figures 1 1 SecureStack C3 Startup Screen 1 6 1 2 Sample CLI Default...

Страница 32: ...8 11 3 Valid Values for Policy Classification Rules 11 12 14 1 show logging server Output Details 14 3 14 2 show logging application Output Details 14 7 14 3 Mnemonic Values for Logging Applications...

Страница 33: ...nd Output Details 25 39 25 8 show ipv6 ospf interface stats Output Details 25 41 25 9 show ipv6 ospf neighbor Output Details 25 43 25 10 show ipv6 ospf neighbor routerid Output Details 25 44 25 11 sho...

Страница 34: ...xxxii...

Страница 35: ...including 802 1X and RADIUS SSHv2 PWA MAC locking and MAC authentication Configure access control lists ACLs Structure of This Guide The guide is organized as follows Chapter 1 Introduction provides a...

Страница 36: ...er profiles to frame filtering policies how to classify frames to a VLAN or Class of Service CoS and how to assign or unassign ports to policy profiles so that only ports activated for a profile will...

Страница 37: ...w to configure 802 1X authentication using EAPOL how to configure RADIUS server Secure Shell server MAC authentication MAC locking Port Web Authentication and IP access control lists ACLs Chapter 27 T...

Страница 38: ...r optional Square brackets indicate an optional value Braces indicate required values One or more values may be required A vertical bar indicates a choice in values x y z Square brackets with a vertic...

Страница 39: ...your network environment for example layout cable type Network load and frame size at the time of trouble if known The switch history for example have you returned the switch before is this a recurrin...

Страница 40: ...Getting Help xxxviii About This Guide...

Страница 41: ...e Assign IP address and subnet mask Select a default gateway Establish and manage Virtual Local Area Networks VLANs Establish and manage policy profiles and classifications Establish and manage priori...

Страница 42: ...to 180 seconds CDP interval Transmit frequency of CDP messages set to 60 seconds Cisco discovery protocol Auto enabled on all ports Cisco DP hold time Set to 180 seconds Cisco DP interval timer Set to...

Страница 43: ...ation Classification rules are automatically enabled when created Port auto negotiation Enabled on all ports Port advertised ability Maximum ability advertised on all ports Port broadcast suppression...

Страница 44: ...t priority All ports with bridge priority are set to 128 medium priority Spanning Tree priority Bridge priority is set to 32768 Spanning Tree topology change trap suppression Enabled Spanning Tree ver...

Страница 45: ...led IP forward protocol Enabled with no port specified IP interfaces Disabled with no IP addresses specified IRDP Disabled on all interfaces When enabled maximum advertisement interval is set to 600 s...

Страница 46: ...r Account on page 1 7 Figure 1 1 SecureStack C3 Startup Screen Split horizon Enabled for RIP packets without poison reverse Stub area OSPF None configured Telnet Enabled Telnet port IP Set to port num...

Страница 47: ...o all modifiable parameters The default password is set to a blank string For information on changing these default settings refer to Setting User Accounts and Passwords on page 3 2 Using a Default Us...

Страница 48: ...Only access will only be permitted to view Read Only show commands Users with Read Write access will be able to modify all modifiable parameters in set and show commands as well as view Read Only com...

Страница 49: ...Figure 1 5 shows how the show mac command indicates that output continues on more than one screen Figure 1 5 Scrolling Screen Output Abbreviating and Completing Commands The SecureStack C3 switch allo...

Страница 50: ...123 Table 1 3 Basic Line Editing Commands Key Sequence Command Ctrl A Move cursor to beginning of line Ctrl B Move cursor back one character Ctrl D Delete a character Ctrl E Move cursor to end of lin...

Страница 51: ...d as described in the SecureStack C3 Installation Guides the following occurs during initialization The switch that will manage the stack is automatically established This is known as the manager swit...

Страница 52: ...Up to Eight Units Use the following procedure for installing a new stack of up to eight units out of the box 1 Before applying power make all physical connections with the stack cables as described i...

Страница 53: ...all members have been renumbered in the order you desire 8 After the stack has been reconfigured you can use the show switch unit command show switch on page 2 6 to physically confirm the identity of...

Страница 54: ...1 0xa08245 2 C2K122 24 1 0xa08245 3 C2G124 48 1 0xa08245 4 C2G124 48P 1 0xa08245 5 C2H124 48 1 0xa08245 6 C2H124 48P 1 0xa08245 7 C2G134 24P 1 0xa08245 8 C2G170 24 1 0xa08245 9 C3G124 24P 1 0xa08245...

Страница 55: ...factory defaults option from the boot menu on switch startup This selection will leave stacking priorities on all other units Issues Related to Mixed Type Stacks Feature Support Because the SecureStac...

Страница 56: ...been configured you can use this command to physically confirm the identity of each unit When you enter the command with a unit number the MGR LED of the specified switch will blink for 10 seconds The...

Страница 57: ...ow switch 1 Switch 1 Management Status Management Switch Hardware Management Preference Unassigned Admin Management Preference Unassigned Switch Type C3G124 24 Preconfigured Model Identifier C3G124 24...

Страница 58: ...C3G124 48P 1 0xa08245 11 C3G124 48 1 0xa08245 12 C3G124 24 1 0xa08245 13 C3K172 24 1 0xa08245 15 C3K122 24 1 0xa08245 17 C3K122 24P 1 0xa08245 This example shows how to display switch type informatio...

Страница 59: ...s priority for becoming the management switch if the previous management switch fails or to change the switch unit ID for a switch in the stack Syntax set switch unit priority value renumber newunit P...

Страница 60: ...the management image file will be replicated to all switches in the stack Mode Switch command read write Example This example shows how to replicate the management image file to all switches in the s...

Страница 61: ...h 1 to switch 2 C3 su set switch movemenagement 1 2 Moving stack management will unconfigure entire stack including all interfaces Are you sure you want to move stack management y n y set switch membe...

Страница 62: ...xample This example shows how to specify a switch as unit 1 with a switch ID of 1 C3 su set switch member 1 1 clear switch member Use this command to remove a member entry from the stack Syntax clear...

Страница 63: ...mand For information about Refer to page Quick Start Setup Commands 3 1 Setting User Accounts and Passwords 3 2 Setting Basic Switch Properties 3 9 Downloading a Firmware Image 3 32 Reviewing and Sele...

Страница 64: ...nk traps set port trap port string enable disable 7 25 Set the per port broadcast limit set port broadcast port string threshold value 7 34 Configure a VLAN set vlan create vlan id 10 5 set port vlan...

Страница 65: ...read only enabled rw read write enabled Table 3 1 provides an explanation of the command output Table 3 1 show system login Output Details Output Field What It Displays Password history size Number of...

Страница 66: ...out parameters If the admin user account has been locked out you must wait until the configured lockout time period has expired or you can power cycle the switch to reboot it which will re enable the...

Страница 67: ...dmin can change any password on the system If you forget the password for the admin user account you can reset the password to the default password value by pressing the password reset button on the s...

Страница 68: ...assword changed C3 su set system password length Use this command to set the minimum user login password length Syntax set system password length characters Parameters Defaults None Mode Switch comman...

Страница 69: ...tem with the set password command Syntax set system password history size Parameters Defaults None Mode Switch command super user Example This example shows how to configure the system to check the la...

Страница 70: ...s to lockout the default admin super user account after maximum login attempts Syntax set system lockout attempts attempts time time Parameters Defaults None Mode Switch command super user Table 3 3 s...

Страница 71: ...ckout attempts 5 time 30 Setting Basic Switch Properties Purpose To display and set the system IP address and other basic system switch properties Commands For information about Refer to page show ip...

Страница 72: ...play the system IP address and subnet mask C3 su show ip address Name Address Mask host 10 42 13 20 255 255 0 0 clear summertime 3 24 set prompt 3 24 show banner motd 3 25 set banner motd 3 25 clear b...

Страница 73: ...ddress to 10 1 10 1 with a mask of 255 255 128 0 C3 su set ip address 10 1 10 1 mask 255 255 128 0 clear ip address Use this command to clear the system IP address Syntax clear ip address Parameters N...

Страница 74: ...only Example This example shows how to display the method used to acquire a network IP address C3 su show ip protocol System IP address acquisition method dhcp set ip protocol Use this command to spec...

Страница 75: ...power and fan tray status and uptime Syntax show system Parameters None Defaults None Mode Switch command read only Example This example shows how to display system information C3 su show system Syste...

Страница 76: ...or each switch is displayed PS1 Status Operational status for the primary power supply PS2 Status Operational status for the secondary power supply if installed Fanx Status Operational status of the f...

Страница 77: ...out the processor running on the switch or the overall memory usage of the Flash and SDRAM storage devices on the unit or the processes running on the switch Only the memory usage in the master unit o...

Страница 78: ...0 0 40 eb74120 bcmRX 2 00 2 91 4 48 eb7fbc8 bcmLINK 0 0 40 0 22 0 32 f00c9a0 bcmTX 0 00 0 33 0 53 f027648 bcmCNTR 0 0 00 0 00 0 03 f034858 bcmL2X 0 0 00 0 02 0 04 set system utilization Use this comma...

Страница 79: ...t C3 rw show system utilization cpu CPU Utilization Threshold Traps enable Threshold 75 0 Total CPU Utilization Switch CPU 5 sec 1 min 5 min 1 1 10 10 10 C3 rw clear system utilization C3 rw show syst...

Страница 80: ...o the system prompts you to confirm whether you want to proceed Syntax set system enhancedbuffermode enable disable Parameters Defaults None Mode Switch command read write Example This example shows h...

Страница 81: ...slog message will be logged and or an SNMP trap will be sent The values set with this command can be viewed with the show system command Example The following example enables sending SNMP traps and se...

Страница 82: ...o their defaults C3 su clear system temperature show time Use this command to display the current time of day in the system clock Syntax show time Parameters None Defaults None Mode Switch command rea...

Страница 83: ...None Defaults None Mode Switch command read only Example This example shows how to display daylight savings time settings C3 su show summertime Summertime is disabled and set to Start SUN APR 04 02 0...

Страница 84: ...ot specified none will be applied enable disable Enables or disables the daylight savings time function zone Optional Applies a name to the daylight savings time settings start_month Specifies the mon...

Страница 85: ...d Mode Switch command read write Example This example shows how set daylight savings time to recur starting on the first Sunday of April at 2 a m and ending the last Sunday of October at 2 a m with an...

Страница 86: ...ngs time configuration C3 su clear summertime set prompt Use this command to modify the command prompt Syntax set prompt prompt_string Parameters Defaults None Mode Switch command read write Example T...

Страница 87: ...command to set the banner message of the day displayed at session login Syntax set banner motd message Parameters Defaults None Mode Switch command read write Example This example shows how to set th...

Страница 88: ...This example shows how to clear the message of the day banner to a blank string C3 rw clear banner motd show version Use this command to display hardware and firmware information Refer to Downloading...

Страница 89: ...d write Example This example shows how to set the system name to Information Systems C3 su set system name Information Systems Table 3 5 show version Output Details Output Field What It Displays Model...

Страница 90: ...mand to identify a contact person for the system Syntax set system contact string Parameters Defaults If string is not specified the contact name will be cleared Mode Switch command read write string...

Страница 91: ...described in set length on page 3 29 Example This example shows how to set the terminal columns to 50 C3 su set width 50 set length Use this command to set the number of lines the CLI will display Th...

Страница 92: ...ed before timing out Syntax show logout Parameters None Defaults None Mode Switch command read only Example This example shows how to display the CLI logout setting C3 su show logout Logout currently...

Страница 93: ...mple This example shows how to display all console settings C3 su show console Baud Flow Bits StopBits Parity 9600 Disable 8 1 none set console baud Use this command to set the console port baud rate...

Страница 94: ...in cases when you cannot connect the switch to perform the in band copy download procedure via TFTP Serial console download has been successfully tested with the following applications HyperTerminal C...

Страница 95: ...sword Boot Menu 2 3 Type 2 The following baud rate selection screen displays 1 1200 2 2400 3 4800 4 9600 5 19200 6 38400 7 57600 8 115200 0 no change 4 Type 8 to set the switch baud rate to 115200 The...

Страница 96: ...d to downgrade to a previous version of code you can do so by completing the following steps as described in this chapter 1 Save your running configuration with the save config command 2 Make a copy o...

Страница 97: ...rtup image by using the commands described in this section Commands show boot system Use this command to display the firmware image the switch loads at startup Syntax show boot system Parameters None...

Страница 98: ...used at the next reboot of the system by answering n to the prompt The dir command is then executed to display the Active and Boot images C3 su set boot system c3_06 03 03 0007 This command can option...

Страница 99: ...show telnet Use this command to display the status of Telnet on the switch Syntax show telnet Parameters None Defaults None Mode Switch command read only Example This example shows how to display Teln...

Страница 100: ...C3 switch allows a total of four inbound and or outbound Telnet session to run simultaneously Syntax telnet host port Parameters Defaults If not specified the default port number 23 will be used Mode...

Страница 101: ...persistent You can change the persistence mode from auto to manual with the set snmp persistmode command If the persistence mode is set to manual configuration commands will not be automatically writ...

Страница 102: ...ssued as described in Configuration Persistence Mode on page 3 39 Example This example shows how to display the configuration persistence mode setting In this case persistence mode is set to manual wh...

Страница 103: ...config Parameters None Defaults None Mode Switch command read write Example This example shows how to save the running configuration C3 su save config dir Use this command to list configuration and im...

Страница 104: ...tive Version 06 03 00 0029 Size 9411584 bytes Date Fri Aug 1 06 55 23 2008 CheckSum 6126a7aadfdf05150afb6eca51982302 Compatibility platform specific Filename c3 series_06 03 00 0030 Boot Version 06 03...

Страница 105: ...ic security model v2c exact read All write All notify All nonvolatile 26 27 set snmp access public security model usm exact read All write All notify All nonvolatile 28 29 set snmp community xxxxxxxxx...

Страница 106: ...on for the facility port C3 rw show config port This command shows non default configurations only Use show config all to show both default and non default configurations begin NON DEFAULT CONFIGURATI...

Страница 107: ...cannot use SFTP or SCP to download images system image filename Specifies the path and file name of the configuration file to execute append Optional Appends the configuration file contents to the cur...

Страница 108: ...an1_2009 cfg delete Use this command to remove an image or a CLI configuration file from the switch Syntax delete filename Parameters Defaults None Mode Switch command read write Usage Use the dir com...

Страница 109: ...command to configure how long TFTP will wait for a reply of either an acknowledgement packet or a data packet during a data transfer Syntax set tftp timeout seconds Parameters Defaults None Mode Swit...

Страница 110: ...et either an acknowledgement packet or a data packet Syntax set tftp retry retry Parameters Defaults None Mode Switch command read write Example This example sets the retry count to 3 C3 rw set tftp r...

Страница 111: ...clear tftp retry Clearing and Closing the CLI Purpose To clear the CLI screen or to close your CLI session Commands cls clear screen Use this command to clear the screen for the current CLI session S...

Страница 112: ...the set logout command page 3 30 to change this default Example This example shows how to exit a CLI session C3 su exit Resetting the Switch Purpose To reset one or more switches and to clear the user...

Страница 113: ...stacking members Reloading all switches This example shows how to reset unit 1 C3 su reset 1 Are you sure you want to reload the switch y n y Reloading switch 1 This switch is manager of the stack STA...

Страница 114: ...e This example shows how to clear configuration parameters including stacking parameters if applicable C3 su clear config all Using and Configuring WebView Purpose By default WebView The Enterasys Net...

Страница 115: ...disable Parameters Defaults None Mode Switch command read write Usage It is good practice for security reasons to disable HTTP access on the switch when finished configuring with WebView and then to...

Страница 116: ...switch This command can also be used to reinitialize the hostkey that is used for encryption Syntax set ssl enabled disabled reinitialize hostkey reinitialize Parameters Defaults None Mode Switch comm...

Страница 117: ...initiates a number of show commands to easily gather basic information from an installed device To use this command set your console to capture the output to a file first before executing the command...

Страница 118: ...ommands show system hostprotect Use this command to display the status of the hostprotect feature Syntax show system hostprotect Parameters None Defaults Hostprotect is enabled by default Mode Switch...

Страница 119: ...iority queue command the set will fail and a warning message will be displayed At run time if more than two priority queue mappings exist and you attempt to enable hostprotect with this command the se...

Страница 120: ...ect status to enabled the command will not complete and you will get a warning message Example This example attempts to return the hostprotect status to the default but the command cannot complete bec...

Страница 121: ...not significant Expiration type indicates whether the license is a permanent or an evaluation license If the license is an evaluation license this field will contain the expiration date of the license...

Страница 122: ...g Stack on page 2 3 3 Use the set license command to install and activate the new switch s license The new switch will then join the stack and its ports will be attached Alternatively you can install...

Страница 123: ...to move a license from one hardware platform to another you must contact Enterasys Customer Support to arrange for re hosting of the license Example This example shows how to activate a permanent lic...

Страница 124: ...as show config or clear config do not affect licenses Example This example shows how to display license key information for switch unit 1 in the stack C3 ro show license unit 1 unit 1 key INCREMENT a...

Страница 125: ...clear license SecureStack C3 Configuration Guide 4 5 Example This example shows how to clear the advrouter licensed feature C3 rw clear license featureId advrouter...

Страница 126: ...clear license 4 6 Activating Licensed Features...

Страница 127: ...r port PoE settings Commands show inlinepower Use this command to display system power properties Syntax show inlinepower Parameters None Defaults None Mode Switch command read only Important Notice T...

Страница 128: ...The detection mode can be configured with the command set inlinepower detectionmode page 5 3 Unit Number of PoE capable module Status Whether the PoE administrative state is off disabled or auto on Th...

Страница 129: ...hreshold is crossed Syntax set inlinepower trap disable enable module number Parameters Defaults Sending of traps is disabled by default Mode Switch command read write Usage The module s or unit s pow...

Страница 130: ...switch s PD detection mode to IEEE standard 802 3af only C3 su set inlinepower detectionmode ieee show port inlinepower Use this command to display all ports supporting PoE Syntax show port inlinepowe...

Страница 131: ...low type type Parameters Defaults None Mode Switch command read write Example This example shows how to enable PoE on port ge 3 1 with critical priority C3 su set port inlinepower ge 3 1 admin auto pr...

Страница 132: ...set port inlinepower 5 6 Configuring System Power and PoE...

Страница 133: ...protocol This protocol is used to discover network topology When enabled this protocol allows Enterasys devices to send periodic PDUs about themselves to neighboring devices Commands The commands use...

Страница 134: ...o enable ge 1 5 auto enable ge 1 6 auto enable ge 1 7 auto enable ge 1 8 auto enable ge 1 9 auto enable Table 6 1 provides an explanation of the command output port string Optional Displays CDP status...

Страница 135: ...d For details refer to set cdp auth on page 6 4 CDP Transmit Frequency Frequency in seconds at which CDP messages can be transmitted The default of 60 seconds can be reset with the set cdp interval co...

Страница 136: ...A switch with the default authentication code 16 null characters will recognize all switches no matter what their authentication code and enter them into its CDP neighbor table Example This example sh...

Страница 137: ...command to reset CDP discovery protocol settings to defaults Syntax clear cdp state port state port string interval hold time auth code Parameters Defaults At least one optional parameter must be ent...

Страница 138: ...the CDP and the Cisco DP protocols Example This example displays Neighbor Discovery information for all ports C3 su show neighbors Port Device ID Port ID Type Network Address ge 1 1 00036b8b1587 12 2...

Страница 139: ...d can be queried by the network administrator Commands The commands used to review and configure the Cisco discovery protocol are listed below Refer also to show neighbors on page 6 6 show ciscodp Use...

Страница 140: ...utput Table 6 2 show ciscodp Output Details Output Field What It Displays CiscoDP Whether Cisco DP is globally enabled or disabled Auto indicates that Cisco DP will be globally enabled only if Cisco D...

Страница 141: ...t Port designation For a detailed description of possible port string values refer to Port String Syntax Used in the CLI on page 7 1 State Whether Cisco DP is enabled disabled or auto enabled on the p...

Страница 142: ...Parameters Defaults None Mode Switch command read write Example This example shows how to set Cisco DP hold time to 180 seconds C3 su set ciscodp hold time 180 set ciscodp port Use this command to se...

Страница 143: ...r Layer 2 802 1p marking status Sets the CiscoDP port operational status disable Does not transmit or process CiscoDP PDUs enable Transmits and processes CiscoDP PDUs vvid Sets the port voice VLAN for...

Страница 144: ...rt trusted no cos 1 ge 1 5 clear ciscodp Use this command to clear the Cisco discovery protocol back to the default values Syntax clear ciscodp status timer holdtime port status vvid trust cos port st...

Страница 145: ...ne their characteristics such as manufacturer software and hardware versions and serial or asset numbers The information sent by an LLDP enabled device is extracted and tabulated by its peers The comm...

Страница 146: ...x tlv 6 17 show lldp port location info 6 17 show lldp port local info 6 18 show lldp port remote info 6 21 show lldp port network policy 6 22 set lldp tx interval 6 23 set lldp hold multiplier 6 24 s...

Страница 147: ...60 ge 2 1 24 ge 3 1 30 ge 4 1 12 Step Task Command s 1 Configure global system LLDP parameters set lldp tx interval set lldp hold multiplier set lldp trap interval set lldp med fast repeat clear lldp...

Страница 148: ...1 30 ge 4 1 12 Rx Enabled Ports ge 1 1 60 ge 2 1 24 ge 3 1 30 ge 4 1 12 show lldp port trap Use this command to display the ports that are enabled to send an LLDP notification when a remote system cha...

Страница 149: ...xample This example shows how to display transmit TLV information for three ports C3 ro show lldp port tx tlv ge 1 1 3 Means TLV is supported and enabled on this port o Means TLV is supported on this...

Страница 150: ...nformation to detect misconfigurations or incompatibilities between the local port and the attached endpoint device remote port Syntax show lldp port local info port string Parameters Defaults If port...

Страница 151: ...rimary PoE MDI Supported Enabled yes yes PoE Pair Controllable Used false spare PoE Power Class 2 PoE Power Limit mW 15400 PoE Power Priority high Table 6 4 describes the information displayed by the...

Страница 152: ...l applications enabled on the port to be transmitted in a TLV displays the application name VLAN type tagged or untagged VLAN Id and both the Layer 2 and Layer 3 priorities associated with the applica...

Страница 153: ...t remote info ge 3 1 Local Port ge 3 1 Remote Port Id 00 09 6e 0e 14 3d Mgmt Addr 0 0 0 0 Chassis ID 0 0 0 0 Device Type Communication Device Endpoint class III Sys Name AVE0E143D Sys Cap Supported En...

Страница 154: ...ield What it Displays Remote Port Id Displays whatever port Id information received in the LLDPDU from the remote device In this case the port Id is MAC address of remote device Device Type Mandatory...

Страница 155: ...conferencing enabled untagged 1 0 0 streaming video enabled untagged 1 0 0 video signaling enabled untagged 1 0 0 set lldp tx interval Use this command to set the time in seconds between successive LL...

Страница 156: ...rs Defaults None Mode Switch command read write Example This example sets the transmit interval to 20 seconds and the hold multiplier to 5 which will configure a time to live of 100 to be used in the...

Страница 157: ...TLVs at a fast start rate on that port Use this command to set the number of successive LLDPDUs with LLDP MED TLVs to be sent for one complete fast start interval Syntax set lldp med fast repeat coun...

Страница 158: ...e or disable sending LLDP notifications traps when a remote system change is detected Syntax set lldp port trap enable disable port string Parameters Defaults None tx enable Enables transmitting LLDPD...

Страница 159: ...g LLDP MED traps on ports ge 1 1 through ge 1 6 C3 rw set lldp port med trap enable ge 1 1 6 set lldp port location info Use this command to configure LLDP MED location information on a port or range...

Страница 160: ...e link aggr max frame med cap med pol med loc med poe port string Parameters all Adds all optional TLVs to transmitted LLDPDUs port desc Port Description optional basic LLDP TLV Value sent is ifDescr...

Страница 161: ...is currently aggregated and if aggregated the aggregated port identifier max frame Maximum Frame Size IEEE 802 3 Extensions TLV Value sent indicates maximum frame size of the port s MAC and PHY med c...

Страница 162: ...video conferencing Configures the video conferencing application streaming video Configures the streaming video application video signaling Configures the video signaling application This application...

Страница 163: ...configures the voice application TLV on port ge 2 1 and then configures the port to send the Network Policy TLV C3 rw set lldp port network policy voice state enable tag tagged vlan dot1p ge 2 1 C3 rw...

Страница 164: ...enabled Syntax clear lldp port status port string Parameters Defaults None Mode Switch command read write Example This example returns port ge 1 1 to the default state of enabled for both transmitting...

Страница 165: ...ne Mode Switch command read write Example This example returns port ge 1 1 to the default LLDP MED trap state of disabled C3 rw clear lldp port med trap ge 1 1 clear lldp port location info Use this c...

Страница 166: ...plication guest voice signaling Applies command to the guest voice signaling application softphone voice Applies command to the softphone voice application video conferencing Applies command to the vi...

Страница 167: ...sables the System Capabilities optional basic LLDP TLV from being transmitted in LLDPDUs mgmt addr Disables the Management Address optional basic LLDP TLV from being transmitted in LLDPDUs vlan id Dis...

Страница 168: ...PDUs by port ge 1 1 C3 rw clear lldp port tx tlv mgmt addr med cap med pol med loc ge 1 1 med pol Disables the LLDP MED Network Policy TLV from being transmitted in LLDPDUs med loc Disables the LLDP M...

Страница 169: ...Gbps Ethernet host for the host port vlan for vlan interfaces lag for IEEE802 3 link aggregation ports Where unit_or_slotnumber can be 1 8 for switch units in a stack For information about Refer to p...

Страница 170: ...ifying all 1 Gigabit Ethernet ports in slot unit 3 in the system ge 3 This example shows the port string syntax for specifying all ports of any interface type in the system Reviewing Port Status Purpo...

Страница 171: ...duplex mode and port type for one or more ports on the device Syntax show port status port string Parameters Defaults If port string is not specified status information for all ports will be displayed...

Страница 172: ...9 Oper Status Operating status up or down Admin Status Whether the specified port is enabled up or disabled down For details on using the set port disable command to change the default port status of...

Страница 173: ...Frames Transmitted 0 This example shows how to display all ge 3 1 port counter statistics related to traffic through the device C3 su show port counters ge 3 1 switch Port ge 3 1 Bridge Port 2 802 1Q...

Страница 174: ...J45 ports Syntax show port cablestatus port string Parameters Defaults If no port is specified information about all ports will be displayed Mode Switch command read only Usage For 1 Gigabit Ethernet...

Страница 175: ...fault all ports are enabled at device startup You may want to disable ports for security or to troubleshoot network issues Ports may also be assigned an alias for convenience Commands Table 7 3 show p...

Страница 176: ...e ge 1 1 C3 su set port disable ge 1 1 set port enable Use this command to administratively enable one or more ports Syntax set port enable port string Parameters Defaults None Mode Switch command rea...

Страница 177: ...alias name to a port Syntax set port alias port string name Parameters Defaults If name is not specified the alias assigned to the port will be cleared Mode Switch command read write port string Optio...

Страница 178: ...ias 7 10 Port Configuration Examples This example shows how to assign the alias Admin to ge 3 3 C3 rw set port alias ge 3 3 Admin This example shows how to clear the alias for ge 3 3 C3 rw set port al...

Страница 179: ...ault speed settings for all ports will display Mode Switch command read only Example This example shows how to display the default speed setting for 1 Gigabit Ethernet port 14 in slot 3 C3 su show por...

Страница 180: ...half or full for one or more ports Syntax show port duplex port string Parameters Defaults If port string is not specified default duplex settings for all ports will be displayed Mode Switch command...

Страница 181: ...s command will only take effect on ports that have auto negotiation disabled Syntax set port duplex port string full half Parameters Defaults None Mode Switch command read write Example This example s...

Страница 182: ...port string Parameters Defaults If port string is not specified jumbo frame support status for all ports will display Mode Switch command read only Example This example shows how to display the status...

Страница 183: ...Syntax clear port jumbo port string Parameters Defaults If port string is not specified jumbo frame support status will be reset on all ports Mode Switch command read write Example This example shows...

Страница 184: ...choose to configure a port so that only a portion of its capabilities are advertised and the others are disabled Commands show port negotiation Use this command to display the status of auto negotiat...

Страница 185: ...rnet port 3 in slot 14 C3 su set port negotiation ge 3 14 disable show port advertise Use this command to display port capability and advertisement as far as speed and duplex for auto negotiation Synt...

Страница 186: ...FD yes yes yes pause yes yes no set port advertise Use this command to configure what a port will advertise for speed duplex capabilities in auto negotiation Syntax set port advertise port string 10t...

Страница 187: ...command read write Example This example shows how to configure port 1 to not advertise 10 MB capability for auto negotiation C3 su clear port advertise ge 1 1 10t 10tfd port string Clear advertisement...

Страница 188: ...Mode ge 1 27 MDIX ge 1 28 MDIX set port mdix Use this command to configure cable connection type configuration mode for one or more ports Syntax set port mdix auto forced auto mdi mdix port string Par...

Страница 189: ...DI or cross over MDIX required by the cable connected to the port You can configure ports to only use MDI or MDIX connections with this command This command only configures Ethernet ports and cannot b...

Страница 190: ...owcontrol Use this command to display the flow control state Syntax show flowcontrol Parameters None Defaults None Mode Switch command read only Example This example shows how to display the port flow...

Страница 191: ...set flowcontrol SecureStack C3 Configuration Guide 7 23 Defaults None Mode Switch command read write Example This example shows how to enable flow control C3 su set flowcontrol enable...

Страница 192: ...ndition can be detrimental to network stability because it can trigger Spanning Tree and routing table recalculation Commands show port trap Use this command to display whether the port is enabled for...

Страница 193: ...Parameters Defaults Sending traps when link status changes is enabled by default Mode Switch command read write Example The following example disables sending trap on ge 3 1 C3 su set port trap ge 3 1...

Страница 194: ...orts disabled by link flap detection due to a violation action Displays linkflap actions taken on violating port s operstatus Displays whether linkflap has deactivated port s threshold Displays the nu...

Страница 195: ...ap metrics Port LinkStatus CurrentCount TotalCount TimeElapsed Violations ge 1 1 operational 0 0 241437 0 ge 1 2 disabled 4 15 147 5 ge 1 3 operational 3 3 241402 0 Table 7 5 provides an explanation o...

Страница 196: ...trap detection function C3 rw set linkflap globalstate enable set linkflap portstate Use this command to enable or disable link flap monitoring on one or more ports Syntax set linkflap portstate disa...

Страница 197: ...port ge 1 4 to 1000 seconds C3 rw set linkflap interval ge 1 4 1000 set linkflap action Use this command to set reactions to a link flap violation Syntax set linkflap action port string disableInterf...

Страница 198: ...ons will be cleared on all ports Mode Switch mode read write Example This example shows how to clear the link flap violation action on port ge 1 4 to generating a Syslog entry C3 rw clear linkflap act...

Страница 199: ...ch mode read write Example This example shows how to set the link flap downtime on port ge 1 4 to 5000 seconds C3 rw set linkflap downtime ge 1 4 5000 clear linkflap down Use this command to toggle li...

Страница 200: ...ort string threshold interval downtime all Parameters Defaults If port string is not specified settings and or statistics will be cleared on all ports Mode Switch mode read write Example This example...

Страница 201: ...t string is not specified broadcast status of all ports will be displayed Mode Switch command read only Example This example shows how to display the broadcast suppression thresholds for ports 1 throu...

Страница 202: ...f packets which can be received per second as listed in the parameters section above The default broadcast suppression threshold for all ports is set to 14881 Example This example configures ports 1 t...

Страница 203: ...This example clears the broadcast threshold limit to 14881 pps for ports 1 through 5 C3 su clear port broadcast ge 1 1 5 threshold port string Select the ports for which to clear broadcast suppression...

Страница 204: ...ed parameters 1 Configuration of normal port mirroring source ports and one destination port on all switches as described above 2 Configuration of a mirror VLAN which is a unique VLAN on which mirrore...

Страница 205: ...enable a port mirroring instance 1 Open a MIB browser such as Netsight MIB Tools 2 In the MIB directory tree navigate to the portCopyEntry folder and expand it 3 Select the portCopyStatus MIB 4 Enter...

Страница 206: ...option 6 destroy and perform an SNMP Set operation 3 Optional Use the CLI to verify the port mirroring instance has been deleted as shown in the following example C3 su show port mirroring No Port Mir...

Страница 207: ...scribed in Link Aggregation Control Protocol LACP on page 7 42 cannot be mirrored Notes When a port mirror is created the mirror destination port is removed from VLAN 1 s egress list after a reboot MA...

Страница 208: ...ge 1 4 and target port ge 1 11 C3 su clear port mirroring ge 1 4 ge 1 11 set mirror vlan Assigns a VLAN to be reserved for mirroring traffic If a mirrored VLAN is created all mirrored traffic will eg...

Страница 209: ...mirroring with the show port mirror command C3 su set mirror vlan 2 C3 su show port mirroring Port Mirroring Source Port ge 1 1 Target Port ge 1 10 Frames Mirrored Rx and Tx Port Mirroring status enab...

Страница 210: ...hes the port to the aggregator used by the LAG and detaches the port from the aggregator when it is no longer used by the LAG Uses information from the partner device s link aggregation control entity...

Страница 211: ...ociated physical ports LACPDU Link Aggregation Control Protocol Data Unit The protocol exchanges aggregation state mode information by way of a port s actor and partner operational states LACPDUs sent...

Страница 212: ...if there are simply no available aggregators or if none of the aggregators have a matching admin key and system priority 802 1x authentication is enabled using the set eapol command page 16 18 and por...

Страница 213: ...as one Link Aggregation Group LAG with a lag x x port designation Example This example shows how to display lacp information for lag 0 1 The following table describes the output fields C3 su show lac...

Страница 214: ...g physical ports for example fe x x are associated with an aggregator port the resulting Link Aggregation Group LAG is represented with a lag x x port designation Actor Local device participating in L...

Страница 215: ...s example shows how to set the LACP system priority to 1000 C3 su set lacp asyspri 1000 set lacp aadminkey Use this command to set the administratively assigned key for one or more aggregator ports Sy...

Страница 216: ...port string Parameters Defaults None Mode Switch command read write Example This example shows how to clear the actor admin key for LAG port 6 C3 su clear lacp aadminkey lag 0 6 set lacp static Use t...

Страница 217: ...or port 6 C3 su clear lacp static lag 0 6 ge 1 6 key Optional Specifies the new member port and LAG port aggregator admin key value Only ports with matching keys are allowed to aggregate Valid values...

Страница 218: ...a LAG This setting has no effect on existing LAGs created with multiple member ports It also does not prevent previously formed LAGs from coming up after they have gone down as long as any previous L...

Страница 219: ...means the state is true for the associated actor or partner ports E Expired F Defaulted D Distributing tx enabled C Collecting rx enabled S Synchronized actor and partner agree G Aggregation allowed S...

Страница 220: ...llegalRx 0 UnknownRx 0 MarkerPDUsRx 0 MarkerPDUsTx 0 MarkerResponsePDUsRx 0 MarkerResponsePDUsTx 374 set port lacp Use this command to set link aggregation parameters for one or more ports These setti...

Страница 221: ...or the same aggregator Valid values are 0 65535 with higher precedence given to lower values Note Only one LACP system priority can be set on a SecureStack C3 device using either this command or the s...

Страница 222: ...e lacptimeout lacpagg lacpsync lacpcollect lacpdist lacpdef lacpexpire all padminsyspri padminsysid padminkey padminportpri padminport padminstate lacpactive lacptimeout lacpagg lacpsync lacpcollect l...

Страница 223: ...be added to the configuration If you unset the first command it will remove the second command automatically from the configuration file Example This example shows how to clear all link aggregation pa...

Страница 224: ...they are in the same VLAN Unprotected ports can forward traffic to both protected and unprotected ports A port may belong to only one group of protected ports This feature only applies to ports within...

Страница 225: ...information about all protected ports C3 ro show port protected Group id Port 1 ge 1 1 1 ge 1 2 1 ge 1 3 clear port protected Use this command to remove a port or group from protected mode Syntax cle...

Страница 226: ...e Mode Switch command read write Example This example shows how to assign the name group1 to protected port group 1 C3 rw set port protected name 1 group1 show port protected name Use this command to...

Страница 227: ...e 1 group1 clear port protected name Use this command to clear the name of a protected group Syntax clear port protected name group id Parameters Defaults None Mode Switch command read write Example T...

Страница 228: ...clear port protected name 7 60 Port Configuration...

Страница 229: ...enhancements to data types counter size and protocol operations Version 3 SNMPv3 This is the most recent version of SNMP and includes significant enhancements to administration and security SNMPv3 is...

Страница 230: ...P engine and SNMP applications An SNMP engine consists of the following four components Dispatcher This component sends and receives messages Message processing subsystem This component accepts outgoi...

Страница 231: ...IBs via SNMPv3 C3 su set snmp access powergroup security model usm Configuration Considerations Commands for configuring SNMP on the SecureStack C3 device are independent during the SNMP setup process...

Страница 232: ...gineid EngineId 80 00 15 f8 03 00 e0 63 9d b5 87 Engine Boots 12 Engine Time 162181 Max Msg Size 2048 Table 8 2 provides an explanation of the command output For information about Refer to page show s...

Страница 233: ...Names 0 snmpInBadCommunityUses 0 snmpInASNParseErrs 0 snmpInTooBigs 0 snmpInNoSuchNames 0 snmpInBadValues 0 snmpInReadOnlys 0 snmpInGenErrs 0 snmpInTotalReqVars 403661 snmpInTotalSetVars 534 snmpInGet...

Страница 234: ...as noSuchName snmpInBadValues Number of SNMP PDUs delivered to the SNMP protocol entity with the value of the error status field as badValue snmpInReadOnlys Number of valid SNMP PDUs delivered to the...

Страница 235: ...request error messages that were dropped because the reply was larger than the proxy target s maximum message size usmStatsUnsupportedSec Levels Number of packets received by the SNMP engine that wer...

Страница 236: ...access SNMP management Syntax show snmp user list user remote remote volatile nonvolatile read only Parameters Defaults If list is not specified detailed SNMP information will be displayed For informa...

Страница 237: ...00 00 00 00 Username Guest Auth protocol usmNoAuthProtocol Privacy protocol usmNoPrivProtocol Storage type nonVolatile Row status active Table 8 4 provides an explanation of the command output set snm...

Страница 238: ...SNMP user named admin with DES encryption and MD5 authentication required The encryption password is admintest1 and the authentication password is admintest2 By default this user will be registered on...

Страница 239: ...e nonvolatile read only Parameters Defaults If groupname is not specified information about all SNMP groups will be displayed If user is not specified information about all SNMP users will be displaye...

Страница 240: ...p group groupname user user security model v1 v2c usm volatile nonvolatile Parameters Defaults If storage type is not specified nonvolatile storage will be applied Table 8 5 show snmp group Output Det...

Страница 241: ...will be cleared Mode Switch command read write Example This example shows how to clear all settings assigned to the public user within the SNMP group anyone C3 su clear snmp group anyone public show s...

Страница 242: ...ot specified the default NULL context is applied If transport tag is not specified none will be applied If storage type is not specified nonvolatile will be applied Mode Switch command read write comm...

Страница 243: ...lled vip C3 su set snmp community vip The example shows how to set the context for SNMP community vip to the default NULL context C3 su set snmp community vip context clear snmp community Use this com...

Страница 244: ...ot specified all contexts will be displayed If volatile nonvolatile or read only are not specified all entries of all storage types will be displayed Mode Switch command read only For information abou...

Страница 245: ...ame Security model Security model applied to this group Valid types are SNMPv1 SNMPv2c and SNMPv3 User based USM Security level Security level applied to this group Valid levels are noAuthNoPrivacy no...

Страница 246: ...C3 su set snmp access powergroup security model usm groupname Specifies a name for an SNMPv3 group security model v1 v2c usm Specifies SNMP version 1 2c or 3 usm noauthentication authentication privac...

Страница 247: ...the mis group via the authentication protocol C3 su clear snmp access mis group security model usm authentication Configuring SNMP MIB Views Purpose To review and configure SNMP MIB views SNMP views m...

Страница 248: ...OID 1 Subtree mask View Type included Storage type nonVolatile Row status active View Name All Subtree OID 0 0 Subtree mask View Type included Storage type nonVolatile Row status active View Name Netw...

Страница 249: ...of management information Example This example shows how to display a list of all SNMP contexts known to the device C3 su show snmp context Configured contexts default context all mibs set snmp view U...

Страница 250: ...and to delete an SNMPv3 MIB view Syntax clear snmp view viewname subtree Parameters Defaults None Mode Switch command read write Example This example shows how to delete SNMP MIB view public C3 su cle...

Страница 251: ...ad only Parameters Defaults If targetParams is not specified entries associated with all target parameters will be displayed If not specified entries of all storage types will be displayed Mode Switch...

Страница 252: ...ils Output Field What It Displays Target Parameter Name Unique identifier for the parameter in the SNMP target parameters table Maximum length is 32 bytes Security Name Security string definition Mess...

Страница 253: ...is command to clear the SNMP target parameter configuration Syntax clear snmp targetparams targetParams Parameters Defaults None Mode Switch command read write Example This example shows how to clear...

Страница 254: ...entries for all target address names will be displayed If not specified entries of all storage types will be displayed for a target address Mode Switch command read only Example This example shows ho...

Страница 255: ...address UDP Port Number of the UDP port of the target host to use Target Mask Target IP address mask Timeout Timeout setting for the target address Retry count Retry setting for the target address Par...

Страница 256: ...rget parameters entry called v2cExampleParams For more information on configuring a basic SNMP trap refer to Creating a Basic SNMP Trap Configuration on page 8 37 C3 su set snmp targetaddr tr 192 168...

Страница 257: ...ing notification message It will then apply the appropriate subtree specific filter when generating notification messages Purpose To configure SNMP notification parameters and optional filters Notific...

Страница 258: ...abled globally and per port Example This example displays the New Address Trap state for Gigabit Ethernet ports 1 through 5 in unit slot 1 C3 ro show newaddrtrap ge 1 1 5 New Address Traps Globally di...

Страница 259: ...fy configuration which determines the management targets that will receive SNMP notifications Syntax show snmp notify notify volatile nonvolatile read only Parameters Defaults If a notify name is not...

Страница 260: ...snmp targetaddr on page 8 27 Syntax set snmp notify notify tag tag trap inform volatile nonvolatile Parameters Defaults If not specified message type will be set to trap Table 8 10 show snmp notify Ou...

Страница 261: ...notify hello tag world trap clear snmp notify Use this command to clear an SNMP notify configuration Syntax clear snmp notify notify Parameters Defaults None Mode Switch command read write Example Thi...

Страница 262: ...Row status active set snmp notifyfilter Use this command to create an SNMP notify filter configuration This identifies which management targets should NOT receive notification messages which is usefu...

Страница 263: ...C3 su set snmp notifyfilter pilot1 subtree 1 3 6 clear snmp notifyfilter Use this command to delete an SNMP notify filter configuration Syntax clear snmp notifyfilter profile subtree oid or mibobject...

Страница 264: ...tifyprofile area51 SNMP notifyProfile information Notify Profile area51 TargetParam v3ExampleParams Storage type nonVolatile Row status active set snmp notifyprofile Use this command to create an SNMP...

Страница 265: ...ample This example shows how to delete SNMP notify profile area51 C3 su clear snmp notifyprofile area51 targetparam v3ExampleParams Creating a Basic SNMP Trap Configuration Traps are notification mess...

Страница 266: ...MP community called mgmt Configure a trap notification called TrapSink This trap notification will be sent with the community name mgmt to the workstation 192 168 190 80 which is target address tr It...

Страница 267: ...lso specifies that this door leads to the management station 192 168 190 80 and the procedure targetparams to cross the doorstep is called v2ExampleParams 4 Verifies that the v2ExampleParams descripti...

Страница 268: ...nt An interface must have an IP address assigned to it before it can be set by this command If no interface is specified then the IP address of the Host interface will be used If a non loopback interf...

Страница 269: ...router exit C3 rw set snmp interface vlan 100 C3 rw show snmp interface vlan 100 192 168 10 1 clear snmp interface Use this command to clear the interface used for the source IP address of the SNMP ag...

Страница 270: ...clear snmp interface 8 42 SNMP Configuration...

Страница 271: ...g Tree connected active topology and assigns port roles to individual ports on the switch depending on whether that port is part of the active topology RSTP provides rapid connectivity following the f...

Страница 272: ...arrangement of switching or bridging elements Compensating automatically for the failure removal or addition of any device in an active data path Achieving port changes in short time intervals which e...

Страница 273: ...functional mode Otherwise the port operates in limited functional mode Connection to a Loop Protect switch guarantees that the alternate agreement mechanism is implemented This means the designated po...

Страница 274: ...12 set spantree msti 9 12 clear spantree msti 9 13 show spantree mstmap 9 13 set spantree mstmap 9 14 clear spantree mstmap 9 14 show spantree vlanlist 9 15 show spantree mstcfgid 9 15 set spantree ms...

Страница 275: ...9 27 set spantree spanguardtimeout 9 27 clear spantree spanguardtimeout 9 28 show spantree spanguardlock 9 28 clear set spantree spanguardlock 9 29 show spantree spanguardtrapenable 9 29 set spanstree...

Страница 276: ...ted Root MacAddr MAC address of the designated Spanning Tree root bridge Designated Root Port Port through which the root bridge can be reached Designated Root Priority Priority of the designated root...

Страница 277: ...ssigned using the set spantree hello command For details refer to set spantree hello on page 9 18 Bridge Forward Delay Amount of time in seconds the bridge spends in listening or learning mode This is...

Страница 278: ...and read write Usage In most networks Spanning Tree version should not be changed from its default setting of mstp Multiple Spanning Tree Protocol mode MSTP mode is fully compatible and interoperable...

Страница 279: ...ite Example This example shows how to reset the Spanning Tree version C3 su clear spantree version show spantree bpdu forwarding Use this command to display the Spanning Tree BPDU forwarding mode Synt...

Страница 280: ...d set spantree disable for this feature to take effect Example This example shows how to enable BPDU forwarding C3 rw set spantree bpdu forwarding enable show spantree bridgeprioritymode Use this comm...

Страница 281: ...to use 802 1t bridge priority mode Example This example shows how to set the bridge priority mode to 802 1D C3 rw set spantree bridgeprioritymode 8021d clear spantree bridgeprioritymode Use this comma...

Страница 282: ...command read only Example This example shows how to display a list of MST instances In this case SID 2 has been configured C3 su show spantree mstilist Configured Multiple Spanning Tree instances 2 s...

Страница 283: ...su clear spantree msti show spantree mstmap Use this command to display the mapping of a filtering database ID FID to a Spanning Trees Since VLANs are mapped to FIDs this shows to which SID a VLAN is...

Страница 284: ...command to map a FID back to SID 0 Syntax clear spantree mstmap fid Parameters Defaults If fid is not specified all SID to FID mappings will be reset Mode Switch command read write Note Since any MST...

Страница 285: ...2 are mapped to VLAN 1 For this information to display the SID instance must be created using the set spantree msti command as described in set spantree msti on page 9 12 and the FIDs must be mapped t...

Страница 286: ...uration Digest ac 36 17 7f 50 28 3c d4 b8 38 21 d8 ab 26 de 62 set spantree mstcfgid Use this command to set the MST configuration name and or revision level Syntax set spantree mstcfgid cfgname name...

Страница 287: ...ty the device with the lowest MAC address will then become the root device Depending on the bridge priority mode set with the set spantree bridgeprioritymode command described in set spantree bridgepr...

Страница 288: ...yntax set spantree hello interval Parameters Defaults None Mode Switch command read write Example This example shows how to globally set the Spanning Tree hello time to 10 seconds C3 su set spantree h...

Страница 289: ...ithout receiving a configuration message bridge hello before attempting to reconfigure All device ports except for designated ports should receive configuration messages at regular intervals Any port...

Страница 290: ...elay delay Parameters Defaults None Mode Switch command read write Usage The forward delay is the maximum time in seconds the root device will wait before changing states i e listening to learning to...

Страница 291: ...clear spantree fwddelay show spantree backuproot Use this command to display the backup root status for an MST instance Syntax show spantree backuproot sid Parameters Defaults If a SID is not specifi...

Страница 292: ...bridge is lost the backup root will dynamically lower its bridge priority so that it will be selected as the new root over the lost root bridge Example This example shows how to enable the backup root...

Страница 293: ...apsuppress Parameters None Defaults None Mode Switch command read only Example This example shows how to display the status of topology change trap suppression C3 rw show spantree tctrapsuppress Topol...

Страница 294: ...traps C3 rw set spantree tctrapsuppress disable clear spantree tctrapsuppress Use this command to clear the status of topology change trap suppression on Rapid Spanning Tree edge ports to the default...

Страница 295: ...the status of the Spanning Tree SpanGuard function Syntax show spantree spanguard Parameters None Defaults None Mode Switch command read only Example This example shows how to display the SpanGuard fu...

Страница 296: ...l remain disabled until the amount of time defined by set spantree spanguardtimeout set spantree spanguardtimeout on page 9 27 has passed since the last seen BPDU the port is manually unlocked set or...

Страница 297: ...panguardtimeout Spanguard timeout 300 set spantree spanguardtimeout Use this command to set the amount of time in seconds an edge port will remain locked by the SpanGuard function Syntax set spantree...

Страница 298: ...antree spanguardlock Use this command to display the SpanGuard lock status of one or more ports Syntax show spantree spanguardlock port string Parameters Defaults If no port string is specified the Sp...

Страница 299: ...rs Defaults None Mode Switch command read write Example This example shows how to unlock port ge 1 16 C3 rw clear spantree spanguardlock ge 1 16 show spantree spanguardtrapenable Use this command to d...

Страница 300: ...w to disable the SpanGuard trap function C3 su set spantree spanguardtrapenable disable clear spantree spanguardtrapenable Use this command to reset the Spanning Tree SpanGuard trap function back to t...

Страница 301: ...et spantree legacypathcost Use this command to enable or disable legacy 802 1D path cost values Syntax set spantree legacypathcost disable enable Parameters Defaults None Mode Switch command read writ...

Страница 302: ...lues C3 rw clear spantree legacypathcost show spantree autoedge Use this command to display the status of automatic edge port detection Syntax show spantree autoedge Parameters None Defaults None Mode...

Страница 303: ...antree autoedge disable clear spantree autoedge Use this command to reset automatic edge port detection to the default state of enabled Syntax clear spantree autoedge Parameters None Defaults None Mod...

Страница 304: ...r to page set spantree portadmin 9 34 clear spantree portadmin 9 35 show spantree portadmin 9 35 show spantree portpri 9 36 set spantree portpri 9 36 clear spantree portpri 9 37 show spantree adminpat...

Страница 305: ...n ge 1 12 C3 rw clear spantree portadmin ge 1 12 show spantree portadmin Use this command to display the status of the Spanning Tree algorithm on one or more ports Syntax show spantree portadmin port...

Страница 306: ...Spanning Tree ports If sid is not specified port priority will be displayed for Spanning Tree 0 Mode Switch command read only Example This example shows how to display the port priority for ge 2 7 C3...

Страница 307: ...su clear spantree portpri ge 1 3 sid 1 port string Specifies the port s for which to set Spanning Tree port priority For a detailed description of possible port string values refer to Port String Synt...

Страница 308: ...ne or more Spanning Trees Syntax set spantree adminpathcost port string cost sid sid Parameters Defaults If sid is not specified admin path cost will be set for Spanning Tree 0 Mode Switch command rea...

Страница 309: ...minpathcost ge 3 2 sid 1 show spantree adminedge Use this command to display the edge port administrative status for a port Syntax show spantree adminedge port port string Parameters Defaults If port...

Страница 310: ...e edge port administrative status begins with the value set to false initially after the device is powered up If a Spanning Tree BDPU is not received on the port within a few seconds the status settin...

Страница 311: ...tring Parameters Defaults If port string is not specified edge port operating status will be displayed for all Spanning Tree ports Mode Switch command read only Example This example shows how to displ...

Страница 312: ...o page set spantree lp 9 43 show spantree lp 9 43 clear spantree lp 9 44 show spantree lplock 9 44 clear spantree lplock 9 45 set spantree lpcapablepartner 9 46 show spantree lpcapablepartner 9 46 cle...

Страница 313: ...how to enable Loop Protect on ge 2 3 C3 su set spantree lp ge 1 11 enable show spantree lp Use this command to display the Loop Protect status per port and or per SID Syntax show spantree lp port port...

Страница 314: ...This example shows how to return the Loop Protect state on ge 2 3 to disabled C3 rw clear spantree lp port ge 2 3 show spantree lplock Use this command to display the Loop Protect lock status per por...

Страница 315: ...assumed Mode Switch command read only Example This example shows how to clear Loop Protect lock from ge 1 1 C3 rw show spantree lplock port ge 1 1 The LoopProtect lock status for port ge 1 1 SID 0 is...

Страница 316: ...Therefore a conservative approach is taken in that designated ports will not be allowed to forward unless receiving agreements from a port with root role This type of timeout will not be considered a...

Страница 317: ...tners to the default state of false Syntax clear spantree lpcapablepartner port string Parameters Defaults None Mode Switch command read write Example This example shows how to reset the Loop Protect...

Страница 318: ...threshold is 0 the ports are never locked Example This example shows how to set the Loop Protect threshold value to 4 C3 rw set spantree lpthreshold 4 show spantree lpthreshold Use this command to dis...

Страница 319: ...conds that defines a period during which Loop Protect events are counted The default value is 180 seconds If the timer is set to 0 the event counter is not reset until the Loop Protect event threshold...

Страница 320: ...e Loop Protect event window to the default value of 180 seconds Syntax clear spantree lpwindow Parameters None Defaults None Mode Switch command read write Example This example shows how to reset the...

Страница 321: ...ee lptrapenable enable show spantree lptrapenable Use this command to display the current status of Loop Protect event notification Syntax show spantree lptrapenable Parameters None Defaults None Mode...

Страница 322: ...puted BPDU is received the port is forced to the listening state Refer to the 802 1Q 2005 standard IEEE Standard for Local and Metropolitan Area Networks Virtual Bridged Local Area Networks for a full...

Страница 323: ...witch command read only Example This example shows how to display the current disputed BPDU threshold C3 rw show spantree disputedbpduthreshold The disputed BPDU threshold value is 0 clear spantree di...

Страница 324: ...de Switch command read only Usage Exceptional conditions causing a port to be placed in listening or blocking state include a Loop Protect event receipt of disputed BPDUs and loopback detection Exampl...

Страница 325: ...ports This keeps the traffic associated with a particular VLAN and protocol isolated from the other parts of the network Port String Syntax Used in the CLI For information on how to designate VLANs a...

Страница 326: ...ure that each device has a secure management VLAN Step Task Refer to page 1 Create a new VLAN 10 5 2 Set the PVID for the desired switch port to the VLAN created in Step 1 10 9 3 Add the desired switc...

Страница 327: ...ransmit frames belonging to VLAN 1 are listed as egress ports Ports that won t include a VLAN tag in their transmitted frames are listed as untagged ports There are no forbidden ports prevented from t...

Страница 328: ...tput Table 10 2 show vlan Output Details Output Field What It Displays VLAN VLAN ID NAME Name assigned to the VLAN Status Whether it is enabled or disabled VLAN Type Whether it is permanent static or...

Страница 329: ...sing the set vlan name command described in set vlan name on page 10 6 Each VLAN ID must be unique If a duplicate VLAN ID is entered the device assumes that the Administrator intends to modify the exi...

Страница 330: ...et vlan name 7 green clear vlan Use this command to remove a static VLAN from the list of VLANs recognized by the device Syntax clear vlan vlan list Parameters Defaults None Mode Switch command read w...

Страница 331: ...ove the name of a VLAN from the VLAN list Syntax clear vlan name vlan list Parameters Defaults None Mode Switch command read write Example This example shows how to clear the name for VLAN 9 C3 su cle...

Страница 332: ...ing is not specified port VLAN information for all ports will be displayed Mode Switch command read only Example This example shows how to display PVIDs assigned to ge 2 1 through 6 In this case untag...

Страница 333: ...ommand to reset a port s 802 1Q port VLAN ID PVID to the host VLAN ID 1 Syntax clear port vlan port string port string Specifies the port s for which to configure a VLAN identifier For a detailed desc...

Страница 334: ...t string is not specified ingress filtering status for all ports will be displayed Mode Switch command read only Example This example shows how to display the port ingress filter status for ports 10 t...

Страница 335: ...3 C3 su set port ingress filter ge 1 3 enable show port discard Use this command to display the frame discard mode for one or more ports Ports can be set to discard frames based on whether or not the...

Страница 336: ...r essentially allow all traffic or both essentially discarding all traffic A common practice is to discard all tagged packet on user ports Typically an Administrator does not want the end users defini...

Страница 337: ...rticipating in the specified VLAN and ensures that any dynamic requests either through GVRP or dynamic egress for the port to join the VLAN will be ignored Setting a port to untagged allows it to tran...

Страница 338: ...tatic ge 1 2 10 untagged static ge 1 3 1 tagged static ge 1 3 10 untagged static set vlan forbidden Use this command to prevent one or more ports from participating in a VLAN This setting instructs th...

Страница 339: ...e shows how to allow port 2 in slot 1 to transmit VLAN 7 frames as untagged C3 su set vlan egress 7 ge 1 2 untagged clear vlan egress Use this command to remove ports from a VLAN s egress list vlan li...

Страница 340: ...sabled for one or more VLANs Syntax show vlan dynamicegress vlan list Parameters Defaults If vlan list is not specified the dynamic egress status for all VLANs will be displayed Mode Switch command re...

Страница 341: ...s list Dynamic egress is disabled on the SecureStack C3 by default For example assume you have 20 AppleTalk users on your network who are mobile users that is use different ports every day but you wan...

Страница 342: ...how host vlan Parameters None Defaults None Mode Switch command read only Example This example shows how to display the host VLAN C3 su show host vlan Host vlan is 7 set host vlan Use this command to...

Страница 343: ...ng management via ports assigned to other VLANs Example This example shows how to set VLAN 7 as the host VLAN C3 su set host vlan 7 clear host vlan Use this command to reset the host VLAN to the defau...

Страница 344: ...end station A would be propagated across a switch network How It Works In Figure 10 1 on page 10 21 Switch 4 port 1 is registered as being a member of VLAN Blue and then declares this fact out all its...

Страница 345: ...t global GVRP state setting individual port settings enable or disable and timer settings By default GVRP is enabled globally on the device but disabled on all ports Commands End Station A Switch 4 Sw...

Страница 346: ...tus ge 2 1 disabled show garp timer Use this command to display GARP timer values for one or more ports Syntax show garp timer port string Parameters Defaults If port string is not specified GARP time...

Страница 347: ...Use this command to enable or disable GVRP globally on the device or on one or more ports Syntax set gvrp enable disable port string Parameters Defaults If port string is not specified GVRP will be di...

Страница 348: ...atus will be cleared for all ports Mode Switch command read write Example This example shows how to clear GVRP status globally on the device C3 su clear gvrp set garp timer Use this command to adjust...

Страница 349: ...ports C3 su set garp timer leaveall 20000 clear garp timer Use this command to reset GARP timers back to default values Syntax clear garp timer join leave leaveall port string Parameters Defaults At...

Страница 350: ...clear garp timer 10 26 802 1Q VLAN Configuration Example The example shows how to reset the GARP leave timer to 60 centiseconds C3 su clear garp timer leave ge 1 1...

Страница 351: ...d for a particular VLAN or Class of Service CoS Assign or unassign ports to policy profiles so that only ports activated for a profile will be allowed to transmit frames accordingly For information ab...

Страница 352: ...how to display policy information for profile 11 C3 su show policy profile 11 Profile Index 11 Profile Name MacAuth1 Row Status active Port VID Status Enable Port VID Override 11 CoS 0 Note B3 C3 and...

Страница 353: ...PVID override is enabled or disabled for this profile If all classification rules associated with this profile are missed then this parameter if specified determines default behavior Port VID Overrid...

Страница 354: ...d cos cos Optional Specifies a CoS value to assign to packets if CoS override is enabled and invoked as default behavior Valid values are 0 to 7 egress vlans egress vlans Optional Specifies that the p...

Страница 355: ...S 5 This profile can use VLAN 10 for untagged egress C3 su set policy profile 1 name netadmin pvid status enable pvid 10 cos status enable cos 5 untagged vlans 10 clear policy profile Use this command...

Страница 356: ...d Parameters Note B3 C3 and G3 devices support profile based CoS traffic rate limiting only Policy rules specifying CoS will only rate limit on D2 C2 and B2 devices including when C2 and B2 devices ar...

Страница 357: ...s for each classification type mask mask Optional Displays rules for a specific data mask Refer to Table 11 3 for valid values for each classification type and data value port string port string Optio...

Страница 358: ...rule Output Details Output Field What It Displays PID Profile index number Assigned to this classification rule with the set policy profile command set policy profile on page 11 4 Rule Type Type of c...

Страница 359: ...your system has the capability to perform that action for traffic classified by that attribute Example This example shows how to display the device s policy classification capabilities Refer to set p...

Страница 360: ...ng a traffic classification rule Note Refer to Appendix A Policy and Authentication Capacities for information about limits on certain rule types for this platform Note Classification rules are automa...

Страница 361: ...es that the rule should apply to traffic with the specified MAC source address tcpdestport Specifies that the rule should apply to traffic with the specified TCP destination port tcpsourceport Specifi...

Страница 362: ...e mask bits that can be entered for each classifier associated with that parameter Examples This example shows how to use Table 11 3 to assign a rule to policy profile 3 that will filter Ethernet II T...

Страница 363: ...d on VLAN tag specified by data Value of data can range from 1 to 4094 or 0xFFF mask mask Optional Specifies the number of significant bits to match dependent on the data value entered Value of mask c...

Страница 364: ...file 1 from all ports C3 su clear policy rule 1 ether 1526 This example shows how to remove a rule from policy profile 5 that will forward UDP frames from source port 45 C3 su clear policy rule 5 udpp...

Страница 365: ...su set policy port ge 1 5 15 1 Note Refer to Appendix A Policy and Authentication Capacities for information about policy limits for this platform For information about Refer to page set policy port...

Страница 366: ...rt 21 in slot 1 C3 rw clear policy port ge 1 21 10 port string Specifies the port s from which to remove the policy profile For a detailed description of possible port string values refer to Port Stri...

Страница 367: ...er to About CoS Based Flood Control on page 11 19 for more information About Policy Based CoS Configurations Once enabled using the set cos state command you can add to the policy based CoS function b...

Страница 368: ...rate 10000 C3 su show cos port resource irl 1 0 1 Group Index Resource Type Unit Rate Rate Limit Type Action 1 0 1 irl kbps 512 drop none C3 su show cos port resource irl 2 0 1 Group Index Resource T...

Страница 369: ...ng a one second interval the incoming traffic of a configured type reaches the traffic flood control rate configured on the port CoS based flood control drops the traffic until the interval ends Packe...

Страница 370: ...2 clear cos settings 11 23 show cos settings 11 23 set cos port config 11 24 show cos port config 11 25 clear cos port config 11 26 set cos port resource irl 11 27 set cos port resource flood ctrl 11...

Страница 371: ...ts None Mode Switch command read only Example This example shows how to show the Class of Service enable state C3 rw show cos state Class of Service application is enabled clear cos state Use this com...

Страница 372: ...or the class of service CoS indexes 0 through 7 map directly to 802 1p priorities and cannot be changed as they exist for backward compatibility ToS This value can be set per class of service but is n...

Страница 373: ...ity for CoS entry 8 C3 rw clear cos settings 8 priority show cos settings Use this command to display Class of Service parameters Syntax show cos settings cos list Parameters Defaults If not specified...

Страница 374: ...s by default This default port group cannot be removed and all physical ports in the system are assigned to it Up to seven additional port groups 1 irl Specifies that this is an inbound rate limiting...

Страница 375: ...associated assigned ports The command show cos port type displays the available inbound rate limiting resources for the port type Example This example configures two port groups one for user ports and...

Страница 376: ...rts Syntax clear cos port config irl flood ctrl all group type index entry name ports Parameters Defaults None irl Clear an IRL port group configuration flood ctrl Clear a flood control port group con...

Страница 377: ...entries are in the form of group port type Valid values for group can range from 0 to 7 Valid values for port type can range from 0 to 1 although only port type 0 is currently supported For example p...

Страница 378: ...port group 2 0 to 10000 Kbps or 1 MB C3 su set cos port resource irl 2 0 1 unit kbps rate 10000 type drop set cos port resource flood ctrl Use this command to create a CoS based flood control port res...

Страница 379: ...guration for all resources 0 99 for all configured port groups will be shown If a port group is not specified with the flood ctrl parameter flood control resources for all configured port groups will...

Страница 380: ...eters Defaults None Mode Switch command read write Example This example clears the data rate to 0 for IRL resource index 1 for group 2 0 C3 su clear cos port resource irl 2 0 1 rate all Clear all IRL...

Страница 381: ...s reference irl group type index reference rate limit irl index all Clear all flood control resources for all port groups group type index Specifies a port group type index Valid entries are in the fo...

Страница 382: ...populated with limiters resources but can be configured by the user The IRL reference table can be displayed using the show cos reference command Example In the CoS IRL reference mapping table for por...

Страница 383: ...rl none 1 0 97 irl none 1 0 98 irl none 1 0 99 irl none clear cos reference Use this command to clear the Class of Service inbound rate limiting reference configuration Syntax clear cos reference irl...

Страница 384: ...miting C3 su show cos unit irl Type Unit irl inbound rate limiting Kbps Kilobits per second group type index Specifies an inbound rate limiting port group type index Valid entries are in the form of g...

Страница 385: ...Class of Service entries except entries 0 7 Syntax clear cos all entries Parameters None Defaults None Mode Switch command read write Example This example shows how to clear the CoS configuration for...

Страница 386: ...flood ctrl which indicates that this port type provides a maximum of 3 flood control resources per port group Examples This example shows inbound rate limiting information for port type 0 C3 su show c...

Страница 387: ...802 1D 802 1p standard specification and allows you to define eight priorities 0 through 7 and assign them to transmit queues for each port A priority 0 through 7 can be set on each port with 0 being...

Страница 388: ...his command to display the 802 1D priority for one or more ports Syntax show port priority port string Parameters Defaults If port string is not specified priority for all ports will be displayed Mode...

Страница 389: ...on how untagged traffic will be prioritized as it passes internally through the device Example This example shows how to set a default priority of 6 on ge 1 3 Frames received by this port without pri...

Страница 390: ...d to transmit queues using the set port txq command described in set port txq on page 12 8 Clear current port priority queue settings for one or more ports Commands show port priority queue Use this c...

Страница 391: ...None Mode Switch command read write Usage This command enables you to change the transmit queue 0 to 5 with 0 being the lowest priority queue for each port priority of the selected port You can apply...

Страница 392: ...queue settings back to defaults for one or more ports Syntax clear port priority queue port string Parameters Defaults None Mode Switch command read write Example This example shows how to clear the...

Страница 393: ...on the switch Priority mode and weight cannot be configured on LAGs only on the physical ports that make up the LAG Commands show port txq Use this command to display QoS transmit queue information fo...

Страница 394: ...o 100 percent Weights specified for queues 0 through 7 on any port must total 100 percent Examples This example shows how to change the arbitration values for the eight transmit queues belonging to ge...

Страница 395: ...xample This example shows how to clear transmit queue values on ge 1 1 C3 su clear port txq ge 1 1 port string Clears transmit queue values on specific port s back to their default values For a detail...

Страница 396: ...clear port txq 12 10 Port Priority Configuration...

Страница 397: ...t packet delivery service since it is only concerned with forwarding multicast traffic from the local device to group members on a directly attached subnetwork or LAN segment This device supports IP m...

Страница 398: ...eceive a specific multicast service The device looks up the IP Multicast Group used for this service and adds it to the egress list of the Level 3 interface It then propagates the service request on t...

Страница 399: ...on enabling IGMP on one or more ports refer to set igmpsnooping interfacemode on page 13 4 Example This example shows how to display IGMP snooping information C3 su show igmpsnooping Admin Mode Enabl...

Страница 400: ...le Parameters Defaults None Mode Switch command read write Usage In order for IGMP snooping to be enabled on one or all ports it must be globally enabled on the device using the set igmpsnooping admin...

Страница 401: ...system Syntax set igmpsnooping maxresponse time Parameters Defaults None Mode Switch command read write Usage This value must be less than the IGMP maximum response time described in set igmpsnooping...

Страница 402: ...e IGMP multicast router expiration time to infinity C3 su set igmpsnooping mcrtrexpiretime 0 set igmpsnooping add static This command creates a new static IGMP entry or adds one or more new ports to a...

Страница 403: ...new ports from an existing entry Syntax set igmpsnooping remove static group vlan list modify port string Parameters Defaults If no ports are specified all ports are removed from the entry Mode Switc...

Страница 404: ...splayed Mode Switch command read only Examples This example shows how to display multicast forwarding database entries C3 su show igmpsnooping mfdb MAC Address Type Description Interfaces 00 14 01 00...

Страница 405: ...ear all IGMP snooping entries Syntax clear igmpsnooping Parameters None Defaults None Mode Switch command read write Example This example shows how to clear all IGMP snooping entries C3 su clear igmps...

Страница 406: ...ig Router The commands covered in this section can be executed only when the device is in router mode For details on how to enable router configuration modes refer to Enabling Router Configuration Mod...

Страница 407: ...ip igmp enable no ip igmp enable Parameters None Defaults None Usage Enabling IGMP on a routing interface requires both the ip igmp command page 13 10 which enables it on the router and the ip igmp en...

Страница 408: ...VLANs configured for IGMP routing Mode Any router mode Example This example shows how to display IGMP routing information for VLAN 1 C3 su router show ip igmp interface vlan 1 Vlan 1 is Admin UP Vlan...

Страница 409: ...imer 228 1 1 1 12 12 12 2 27 ip igmp query interval Use this command to set the IGMP query interval on a routing interface The no form of this command resets the IGMP query interval to the default val...

Страница 410: ...cond on VLAN 1 C3 su router Config interface vlan 1 C3 su router Config if Vlan 1 ip igmp query max response time 200 ip igmp startup query interval Use this command to set the interval between genera...

Страница 411: ...e Mode Interface configuration C3 su router Config if Vlan 1 Example This example shows how to set the IGMP startup query count to 10 onVLAN 1 C3 su router Config interface vlan 1 C3 su router Config...

Страница 412: ...ount no ip igmp last member query count Parameters Defaults None Mode Interface configuration C3 su router Config if Vlan 1 Example This example shows how to set the IGMP last member query count to 10...

Страница 413: ...times IGMP messages will be sent A higher number will mean that end stations will be more likely to see the packet After the robustness value is reached IGMP will assume there is no response to queri...

Страница 414: ...ip igmp robustness 13 18 IGMP Configuration...

Страница 415: ...rk management tasks including reviewing router ARP tables and IP traffic refer to Chapter 19 For information about Refer to page Configuring System Logging 14 1 Monitoring Network Events and Status 14...

Страница 416: ...erity Description Port Status 1 132 140 82 111 local4 warning 5 default 514 enabled 2 132 140 90 84 local4 warning 5 default 514 enabled Table 14 1 provides an explanation of the command output clear...

Страница 417: ...o the server Status Whether or not this Syslog configuration is currently enabled or disabled index Specifies the server table index number for this server Valid values are 1 8 ip addr ip addr Optiona...

Страница 418: ...able a Syslog server configuration for index 1 IP address 134 141 89 113 facility local4 severity level 3 on port 514 C3 su set logging server 1 ip addr 134 141 89 113 facility local4 severity 3 port...

Страница 419: ...x set logging default facility facility severity severity port port Parameters Defaults None Mode Switch command read write facility facility Specifies the default facility name Valid values are local...

Страница 420: ...st be entered to reset all logging values to defaults Mode Switch command read write Example This example shows how to reset the Syslog default severity level to 6 C3 su clear logging default severity...

Страница 421: ...isplays severity level for one application configured for logging Mnemonics will vary depending on the number and types of applications running on your system Sample mnemonics and their corresponding...

Страница 422: ...s they appear in Table 14 3 all Sets the logging severity level for all applications level level Optional Specifies the severity level at which the server will log messages for applications Valid valu...

Страница 423: ...logging application mnemonic all Parameters Defaults None Mode Switch command read write Example This example shows how to reset the logging severity level to 6 for SNMP C3 rw clear logging applicati...

Страница 424: ...set logging local console enable disable file enable disable Parameters Defaults None Mode Switch command read write Example This command shows how to enable logging to the console and disable loggin...

Страница 425: ...Defaults None Mode Switch command read only Example This example shows a portion of the information displayed with the show logging buffer command C3 su show logging buffer 165 Sep 4 07 43 09 10 42 7...

Страница 426: ...d then the IP address of the Host interface will be used If a non loopback interface is configured with this command application packet egress is restricted to that interface if the server can be reac...

Страница 427: ...s command to clear the interface used for the source IP address of the system logging back to the default of the Host interface Syntax clear logging interface Parameters None Defaults None Mode Switch...

Страница 428: ...er includes all the switch commands entered up to a maximum of 100 as specified in the set history command set history on page 14 15 Syntax history Parameters None Defaults None Mode Switch command re...

Страница 429: ...history buffer C3 su show history History buffer size 20 set history Use this command to set the size of the history buffer Syntax set history size default Parameters Defaults None Mode Switch command...

Страница 430: ...ple the host at IP address is not responding C3 su ping 134 141 89 255 no answer from 134 141 89 255 show users Use this command to display information about the active console port or Telnet session...

Страница 431: ...xamples This example shows how to close a Telnet session to host 134 141 192 119 C3 su disconnect 134 141 192 119 This example shows how to close the current console session C3 su disconnect console s...

Страница 432: ...1 99 104 47718 ESTABLISHED UDP 0 0 0 0 17185 0 0 0 0 UDP 127 0 0 1 49152 127 0 0 1 17185 UDP 0 0 0 0 161 0 0 0 0 UDP 0 0 0 0 0 0 0 0 UDP 0 0 0 0 514 0 0 0 0 The following table describes the output of...

Страница 433: ...y the switch s ARP table Syntax show arp Parameters None Defaults None Mode Switch command read only For information about Refer to page show arp 14 19 set arp 14 20 clear arp 14 21 traceroute 14 21 s...

Страница 434: ...eters Defaults None Mode Switch command read write Example This example shows how to map IP address 192 168 219 232 to MAC address 00 00 0c 40 0f bc C3 su set arp 192 168 219 232 00 00 0c 40 0f bc Tab...

Страница 435: ...route destination Syntax traceroute w waittime f first ttl m max ttl p port q nqueries r d n v host Parameters ip address all Specifies the IP address in the ARP table to be cleared or clears all ARP...

Страница 436: ...aceroute to 192 167 252 17 192 167 252 17 30 hops max 40 byte packets 1 matrix enterasys com 192 167 201 40 20 000 ms 20 000 ms 20 000 ms 2 14 1 0 45 14 1 0 45 40 000 ms 10 000 ms 20 000 ms 3 192 167...

Страница 437: ...command output show mac agetime Use this command to display the timeout period for aging learned MAC entries Syntax show mac agetime Parameters None Table 14 6 show mac Output Details Output Field Wh...

Страница 438: ...ntax set mac agetime time Parameters Defaults None Mode Switch command read only Example This example shows how to set the MAC timeout period C3 su set mac agetime 250 clear mac agetime Use this comma...

Страница 439: ...command read write Usage Each algorithm is optimized for a different spread of MAC addresses When changing this mode the switch will display a warning message and prompt you to restart the device The...

Страница 440: ...bits Syntax clear mac algorithm Parameters None Defaults None Mode Switch command read write Example This example resets the MAC hashing algorithm to the default value C3 su clear mac algorithm set ma...

Страница 441: ...d read write Example This example clears multicast MAC address 01 01 22 33 44 55 from VLAN 24 C3 su clear mac multicast 01 01 22 33 44 55 24 mac address Specifies the multicast MAC address The MAC add...

Страница 442: ...ed flood is disabled set mac unreserved flood Use this command to enable or disable multicast flood protection When enabled this prevents policy profiles requiring a full 10 masks from being loaded Sy...

Страница 443: ...nd to display SNTP client settings Syntax show sntp Note A management IP host routing interface or loopback address must be configured for SNTP to work For information about Refer to page show sntp 14...

Страница 444: ...P version number Current Time Current time on the system clock Timezone Time zone name and amount it is offset from UTC Universal Time Set using the set timezone command set timezone on page 14 36 Cli...

Страница 445: ...d time of most recent SNTP request Last SNTP Status Whether or not broadcast reception or unicast transmission and reception was successful SNTP Server IP address es of SNTP server s Precedence Preced...

Страница 446: ...cedence is not specified 1 will be applied Mode Switch command read write Example This example shows how to set the server at IP address 10 21 1 100 as an SNTP server C3 su set sntp server 10 21 1 100...

Страница 447: ...poll interval between SNTP unicast requests Syntax set sntp poll interval value Parameters Defaults None Mode Switch command read write Example This example shows how to set the SNTP poll interval to...

Страница 448: ...cast SNTP server Syntax set sntp poll retry retry Parameters Defaults None Mode Switch command read write Example This example shows how to set the number of SNTP poll retries to 5 C3 su set sntp poll...

Страница 449: ...meout timeout Parameters Defaults None Mode Switch command read write Example This example shows how to set the SNTP poll timeout to 10 seconds C3 su set sntp poll timeout 10 clear sntp poll timeout U...

Страница 450: ...p www timeanddate com library abbreviations timezones Example The following example sets the timezone name to EST and the offset to North American Eastern Standard Time offset of 5 hours from UTC then...

Страница 451: ...the IP address assigned to loopback interface 1 will be used as the source IP address of the SNTP client C3 rw show sntp interface loopback 1 192 168 10 1 set sntp interface Use this command to speci...

Страница 452: ...are received on the configured interface If a loopback interface is configured and there are multiple paths to the application server the outgoing interface gateway is determined based on the best ro...

Страница 453: ...figuration Guide 14 39 Example This command returns the interface used for the source IP address of the SNTP client back to the default of the Host interface C3 rw show sntp interface vlan 100 192 168...

Страница 454: ...alias MIB table It s important to make sure that inter switch links are not learning node alias information as it would slow down searches by the NetSight Compass and ASM tools and give inaccurate res...

Страница 455: ...th an alias agent which is the default setting on SecureStack C3 devices Node aliases cannot be statically created but can be deleted using the command clear nodealias config page 14 42 Table 14 8 sho...

Страница 456: ...o disable the node alias agent on ge 1 3 C3 su set nodealias disable ge 1 3 clear nodealias config Use this command to reset node alias state to enabled and clear the maximum entries value Syntax clea...

Страница 457: ...ed on SecureStack C3 devices each group s function and the elements it monitors and the associated configuration commands needed For information about Refer to page RMON Monitoring Group Functions 15...

Страница 458: ...arm on page 15 12 Event Controls the generation and notification of events from the device Event type description last time event was sent show rmon event on page 15 13 set rmon event properties on pa...

Страница 459: ...h indicates the application will capture as many packets as possible given its restrictions CaptureSliceSize can only be set to 1518 The Full Action element can only be set to lock since the device do...

Страница 460: ...dex 1 Drop Events 0 Packets 0 Collisions 0 Octets 0 Jabbers 0 0 64 Octets 0 Broadcast Pkts 0 65 127 Octets 0 Multicast Pkts 0 128 255 Octets 0 CRC Errors 0 256 511 Octets 0 Undersize Pkts 0 512 1023 O...

Страница 461: ...this command to delete one or more RMON statistics entries Syntax clear rmon stats index list to defaults Parameters Defaults None Mode Switch command read write Example This example shows how to del...

Страница 462: ...how to display RMON history entries for Gigabit Ethernet port 1 in switch 1 A control entry displays first followed by actual entries corresponding to the control entry In this case the default setti...

Страница 463: ...30 seconds If owner is not specified monitor will be applied Mode Switch command read write Example This example shows how configure RMON history entry 1 on port ge 2 1 to sample every 20 seconds C3 r...

Страница 464: ...This example shows how to delete RMON history entry 1 C3 rw clear rmon history 1 index list Specifies one or more history entries to be deleted causing them to disappear from any future RMON queries t...

Страница 465: ...f index is not specified information about all RMON alarm entries will be displayed Mode Switch command read only Example This example shows how to display RMON alarm entry 3 C3 rw show rmon alarm 3 I...

Страница 466: ...rst enabled is rising falling or either Interval Interval in seconds at which RMON will conduct sample monitoring Rising Threshold Minimum threshold for causing a rising alarm Falling Threshold Maximu...

Страница 467: ...ising falling either Optional Specifies the type of alarm generated when this event is first enabled as Rising Sends alarm when an RMON event reaches a maximum threshold condition is reached for examp...

Страница 468: ...ed index with the set rmon alarm properties command Example This example shows how to enable RMON alarm entry 3 C3 rw set rmon alarm status 3 enable clear rmon alarm Use this command to delete an RMON...

Страница 469: ...displayed Mode Switch command read only Example This example shows how to display RMON event entry 3 C3 rw show rmon event 3 Index 3 Owner Manager Status valid Description STP Topology change Type log...

Страница 470: ...d or disabled Description Text string description of this event Type Whether the event notification will be a log entry and SNMP trap both or none Community SNMP community name if message type is set...

Страница 471: ...us index enable Parameters Defaults None Mode Switch command read write Usage An RMON event entry can be created using this command configured using the set rmon event properties command set rmon even...

Страница 472: ...clear rmon event 15 16 RMON Configuration Defaults None Mode Switch command read write Example This example shows how to clear RMON event 1 C3 rw clear rmon event 1...

Страница 473: ...to three filters Configured channel filter and buffer control information will be saved across resets but captured frames within the buffer will not be saved This function cannot be used concurrently...

Страница 474: ...ecified control will be set to off If a description is not specified none will be applied If owner is not specified it will be set to monitor Mode Switch command read write index Specifies an index nu...

Страница 475: ...clear RMON channel entry 2 C3 rw clear rmon channel 2 show rmon filter Use this command to display one or more RMON filter entries Syntax show rmon filter index index channel channel Parameters Defau...

Страница 476: ...ically be created if an unused index number is chosen Maximum number of entries is 10 Maximum value is 65535 channel index Specifies the channel to which this filter will be applied offset offset Opti...

Страница 477: ...30 data 0a154305 dmask ffffffff clear rmon filter Use this command to clear an RMON filter entry Syntax clear rmon filter index index channel channel Parameters Defaults None Mode Switch command read...

Страница 478: ...aptured packets will be displayed Mode Switch command read only Example This example shows how to display RMON capture entries and associated buffer entries C3 rw show rmon capture Buf control 28062 C...

Страница 479: ...will request as many octets as possible If slice is not specified 1518 will be applied If loadsize is not specified 100 will be applied If owner is not specified it will be set to monitor index Specif...

Страница 480: ...isten on channel 628 C3 rw set rmon capture 1 628 clear rmon capture Use this command to clears an RMON capture entry Syntax clear rmon capture index Parameters Defaults None Mode Switch command read...

Страница 481: ...t be a VLAN which is configured with an IP address Refer to the ip helper address command ip helper address on page 19 18 for more information DHCP Server DHCP server functionality allows the SecureSt...

Страница 482: ...ed with the system s host IP address This procedure would typically be used when the C3 system is NOT configured for routing 1 Configure the system stack host port IP address with the set ip address c...

Страница 483: ...ol for dynamic address assignment with the set dhcp exclude command Up to 128 non overlapping address ranges can be excluded on the SecureStack C3 For example set dhcp exclude 192 0 0 1 192 0 0 10 Con...

Страница 484: ...ault address allocation for BOOTP clients is disabled Refer to RFC 1534 Interoperation Between DHCP and BOOTP for more information Syntax set dhcp bootp enable disable Parameters clear dhcp conflict 1...

Страница 485: ...ct logging command to disable conflict logging Syntax set dhcp conflict logging Parameters None Defaults None Mode Switch command read write Example This example enables DHCP conflict logging C3 rw se...

Страница 486: ...26s clear dhcp conflict Use this command to clear conflict information for one or all addresses or to disable conflict logging Syntax clear dhcp conflict logging ip address Parameters Defaults None Mo...

Страница 487: ...f the addresses that can be assigned by a DHCP server by excluding addresses 172 20 28 80 100 with the set dhcp exclude command C3 rw set dhcp pool auto1 network 172 20 28 0 24 C3 rw set dhcp exclude...

Страница 488: ...ntax set dhcp ping packets number Parameters Defaults None Mode Switch command read write Example This example sets the number of ping packets sent to 3 C3 rw set dhcp ping packets 3 clear dhcp ping U...

Страница 489: ...IP address Hardware Address Lease Expiration Type 192 0 0 6 00 33 44 56 22 39 00 11 02 Automatic 192 0 0 8 00 33 44 56 22 33 00 10 22 Automatic 192 0 0 10 00 33 44 56 22 34 00 09 11 Automatic 192 0 0...

Страница 490: ...ntax show dhcp server statistics Parameters None Defaults None Mode Read only Example This example displays server statistics C3 ro show dhcp server statistics Automatic Bindings 36 Expired Bindings 6...

Страница 491: ...p server statistics SecureStack C3 Configuration Guide 16 11 Parameters None Defaults None Mode Switch command read write Example This example clears all DHCP server counters C3 rw clear dhcp server s...

Страница 492: ...he hardware address is not checked A hardware address and type Ethernet or IEEE 802 configured in a manual pool is checked only when a client identifier is not also configured for the pool and the inc...

Страница 493: ...et dhcp pool next server 16 21 clear dhcp pool next server 16 21 set dhcp pool lease 16 22 clear dhcp pool lease 16 22 set dhcp pool default router 16 23 clear dhcp pool default router 16 23 set dhcp...

Страница 494: ...fix length Parameters Defaults None Mode Switch command read write Usage Use this command to configure a set of IP addresses to be assigned by the DHCP server using the specified address pool In order...

Страница 495: ...example deletes the network and mask from the address pool named auto1 C3 rw clear dhcp pool auto1 network set dhcp pool hardware address Use this command to configure the MAC address of the DHCP clie...

Страница 496: ...manual binding address pool Syntax clear dhcp pool poolname hardware address Parameters Defaults None Mode Switch command read write Example This example deletes the client hardware address from the...

Страница 497: ...ddress from a manual binding address pool Syntax clear dhcp pool poolname host Parameters Defaults None Mode Switch command read write Example This example deletes the host IP address from the address...

Страница 498: ...set dhcp pool manual2 client identifier 01 00 01 22 33 44 55 C3 rw set dhcp pool manual2 host 10 12 1 10 255 255 255 0 clear dhcp pool client identifier Use this command to remove the unique identifie...

Страница 499: ...255 255 255 0 C3 rw set dhcp pool manual2 client name appsvr1 clear dhcp pool client name Use this command to delete a DHCP client name from an address pool for manual binding Syntax clear dhcp pool p...

Страница 500: ...cp pool auto1 bootfile image1 img clear dhcp pool bootfile Use this command to remove a default boot image from the address pool being configured Syntax clear dhcp pool poolname bootfile Parameters De...

Страница 501: ...age1 img C3 rw set dhcp pool auto1 next server 10 1 1 10 clear dhcp pool next server Use this command to remove the boot image file server from the address pool being configured Syntax clear dhcp pool...

Страница 502: ...the default lease time value of one day for the address pool being configured Syntax clear dhcp pool poolname lease Parameters Defaults Clears the lease time for this address pool to the default valu...

Страница 503: ...Mode Switch command read write Example This example assigns a default router at 10 10 10 1 to the address pool named auto1 C3 rw set dhcp pool auto1 default router 10 10 10 1 clear dhcp pool default...

Страница 504: ...de Switch command read write Example This example assigns a DNS server at 10 14 10 1 to the address pool auto1 C3 rw set dhcp pool auto1 dns server 10 14 10 1 clear dhcp pool dns server Use this comma...

Страница 505: ...ode Switch command read write Example This example assigns the mycompany com domain name to the address pool auto1 C3 rw set dhcp pool auto1 domain name mycompany com clear dhcp pool domain name Use t...

Страница 506: ...nd read write Example This example assigns a NetBIOS name server at 10 15 10 1 to the address pool being configured C3 rw set dhcp pool auto1 netbios name server 10 15 10 1 clear dhcp pool netbios nam...

Страница 507: ...hybrid as the NetBIOS node type for the address pool auto1 C3 rw set dhcp pool auto1 netbios node type h node clear dhcp pool netbios node type Use this command to remove the NetBIOS node type from t...

Страница 508: ...his case IP forwarding is enabled with the 01 value C3 rw set dhcp pool auto1 option 19 hex 01 This example configures DHCP option 72 which assigns one or more Web servers for DHCP clients In this cas...

Страница 509: ...e this command to display configuration information for one or all address pools Syntax show dhcp pool configuration poolname all Parameters Defaults None Mode Read only Example This example displays...

Страница 510: ...Default Routers 192 0 0 1 Pool static1 Pool Type Manual Client Name appsvr1 Client Identifier 01 00 01 f4 01 27 10 Host 10 1 1 1 255 0 0 0 Lease Time infinite Option 19 hex 01 Pool static2 Pool Type...

Страница 511: ...ANs Ports within the VLANs must be configured as trusted or untrusted DHCP servers must be reached through trusted ports DHCP snooping enforces the following security rules DHCP packets from a DHCP se...

Страница 512: ...r messages since they are forwarded in hardware Building and Maintaining the Database The DHCP snooping application uses DHCP messages to build and maintain the bindings database The bindings database...

Страница 513: ...en the DCHP server can be remotely connected to a routing interface or running locally If the DHCP server is remotely connected then the use of an IP helper address is required and MAC address verific...

Страница 514: ...ut Refer to page set dhcpsnooping 17 4 set dhcpsnooping vlan 17 5 set dhcpsnooping database write delay 17 5 set dhcpsnooping trust 17 6 set dhcpsnooping binding 17 7 set dhcpsnooping verify 17 7 set...

Страница 515: ...et dhcpsnooping command and then enable it on specific VLANs with this command Example This example enables DHCP snooping on VLANS 10 through 20 C3 rw set dhcpsnooping vlan 10 20 enable set dhcpsnoopi...

Страница 516: ...the ports within the VLANs have to be configured as trusted or untrusted On trusted ports DHCP client messages are forwarded directly by the hardware On untrusted ports client messages are given to t...

Страница 517: ...will be removed in response to valid DECLINE RELEASE and NACK messages or when the absolute lease time of the entry expires You can add static entries to the bindings database with this command Examp...

Страница 518: ...example disables source MAC address verification and logging C3 rw set dhcpsnooping verify mac address disable set dhcpsnooping log invalid Use this command to enable or disable logging of invalid DH...

Страница 519: ...DHCP snooping is Disabled DHCP snooping source MAC verification is enabled DHCP snooping is enabled on the following VLANs 3 Interface Trusted Log Invalid Pkts ge 1 1 No Yes ge 1 2 No No ge 1 3 Yes N...

Страница 520: ...psnooping limit ge 1 1 rate 20 burst interval 2 C3 rw show dhcpsnooping port ge 1 1 Interface Trust State Rate Limit Burst Interval pps seconds ge 1 1 No 20 2 show dhcpsnooping Use this command to dis...

Страница 521: ...itch command read write Usage This command displays where the database file is stored locally and what the write delay value is Example This example shows the output of the show dhcpsnooping database...

Страница 522: ...w dhcpsnooping binding dynamic static port port string vlan vlan id Parameters Defaults If no parameters are entered all bindings in the database are displayed Mode Switch command read write Usage Thi...

Страница 523: ...logs the event if logging of invalid messages is enabled and drops the message If source MAC verification is enabled for valid client messages DHCP snooping compares the source MAC address to the DHCP...

Страница 524: ...1 2 C3 su clear dhcpsnooping binding port ge 1 2 clear dhcpsnooping statistics Use this command to clear the DHCP snooping statistics counters Syntax clear dhcpsnooping statistics Parameters None Defa...

Страница 525: ...ckets per second with a burst interval of 1 second Syntax clear dhcpsnooping limit port string Parameters Defaults None Mode Switch command read write Example This example resets the rate limit values...

Страница 526: ...reat An untrusted port is one which could potentially be used to launch a network attack DAI considers all physical ports and LAGs untrusted by default Static Mappings Static mappings are useful when...

Страница 527: ...le command to reenable the port You can configure both the rate and the burst interval The default rate is 15 pps on each untrusted interface with a range of 0 to 100 pps The default burst interval is...

Страница 528: ...nected and optionally enable logging of invalid ARP packets set arpinspection vlan vlan range logging 3 Determine which ports are not security threats and configure them as DAI trusted ports set arpin...

Страница 529: ...configured as a DHCP relay agent with the ip helper address command to forward client requests to the DHCP server Therefore MAC address verification is disabled with the set dhcpsnooping verify mac a...

Страница 530: ...1 1 enable Dynamic ARP Inspection Commands set arpinspection vlan Use this command to enable dynamic ARP inspection on one or more VLANs and optionally enable logging of invalid ARP packets Syntax se...

Страница 531: ...s are also logged Example This example enables DAI on VLANs 2 through 5 and also enables logging of invalid ARP packets on those VLANs C3 su set arpinspection vlan 2 5 logging set arpinspection trust...

Страница 532: ...validate src mac dst mac ip Parameters Defaults All parameters are optional but at least one parameter must be specified Mode Switch command read write Usage This command adds additional validation of...

Страница 533: ...ed with this command DAI disables the interface which effectively brings down the interface You can use the set port enable command to reenable the port You can configure both the rate and the burst i...

Страница 534: ...e thus static mappings have precedence over DHCP snooping bindings Example This example creates an ACL named staticARP and creates a permit rule for IP address 192 168 1 10 Then the ACL is assigned to...

Страница 535: ...c host 00 0A 11 22 33 66 show arpinspection ports Use this command to display the ARP configuration of one or more ports Syntax show arpinspection ports port string Parameters Defaults If a port strin...

Страница 536: ...5 Disabled Enabled staticARP Enabled show arpinspection statistics Use this command to display ARP statistics for all DAI enabled VLANs or for specific VLANs Syntax show arpinspection statistics vlan...

Страница 537: ...t at least one parameter must be specified Mode Switch command read write Usage This command removes previously configured additional validation of ARP packets by DAI beyond the basic validation that...

Страница 538: ...and DAI you must enter this command twice Example This example first displays the DAI configuration for VLAN 5 then disables DAI on VLAN 5 then disables logging of invalid ARP packets on VLAN 5 C3 su...

Страница 539: ...read write Usage You can use this command to Remove a configured ARP ACL from the switch or Remove a permit rule from a configured ARP ACL or Remove the association of an ARP ACL with a VLAN or VLANs...

Страница 540: ...m the switch completely C3 su clear arpinspection filter staticARP clear arpinspection limit Use this command to return the DAI rate limiting values to their default values for a port or range of port...

Страница 541: ...spection statistics Use this command to clear all dynamic ARP inspection statistics Syntax clear arpinspection statistics Parameters None Defaults None Mode Switch command read write Example This exam...

Страница 542: ...clear arpinspection statistics 17 32 DHCP Snooping and Dynamic ARP Inspection...

Страница 543: ...page 3 5 Configuring basic platform settings such as host name system clock and terminal display settings Setting Basic Switch Properties on page 3 9 Setting the system IP address set ip address on p...

Страница 544: ...lobal router configuration mode configure Router C3 su router 4 Enable interface configuration mode using the routing VLAN or loopback id interface vlan vlan id loopback loop id Router C3 su router Co...

Страница 545: ...ol name and for OSPF the instance ID from Global or Interface Configuration mode C3 su router Config router Note To jump to a lower configuration mode type exit at the command prompt To revert back to...

Страница 546: ...Enabling Router Configuration Modes 18 4 Preparing for Router Mode...

Страница 547: ...erwise noted the commands covered in this chapter can be executed only when the device is in router mode For details on how to enable router configuration modes refer to Enabling Router Configuration...

Страница 548: ...name of this device is Vlan 1 The MTU is 1500 bytes The bandwidth is 10000 Mb s Encapsulation ARPA Loopback not set ARP type ARPA ARP Timeout 14400 seconds This example shows how to display informatio...

Страница 549: ...xample of how these commands are used refer to Pre Routing Configuration Tasks on page 18 1 A loopback interface is always expected to be up This interface can provide the source address for sent pack...

Страница 550: ...ce type is not specified status information for all routing interfaces will be displayed Mode Any router mode Example This example shows how to display configuration information for VLAN 1 C3 su route...

Страница 551: ...address on page 19 5 Frame Type Encapsulation type used by this interface Set using the arp command as described in arp on page 19 13 MAC Address MAC address mapped to this interface Incoming Access L...

Страница 552: ...e device Syntax show running config Parameters None Defaults None Mode Any router mode Example This example shows how to display the current router operating configuration C3 su router show running co...

Страница 553: ...nfig interface vlan 1 C3 su router Config if Vlan 1 no shutdown no ip routing Use this command to disable IP routing on the device By default IP routing is enabled when interfaces are configured for i...

Страница 554: ...ckets routed into the tunnel For information about configuring IPv6 parameters on tunnel interfaces such as an IPv6 address see Chapter 22 IPv6 Configuration Commands interface tunnel Use this command...

Страница 555: ...mmand specifies the IPv4 source transport address of the tunnel Syntax tunnel source ipv4 addr interface vlan vlan id no tunnel source Parameters Defaults None Mode Router interface configuration C3 s...

Страница 556: ...d Example The following example configures the destination IPv4 address for tunnel 1 C3 su router Config interface tunnel 1 C3 su router Config if Tnnl 1 C3 su router Config if Tnnl 1 tunnel destinati...

Страница 557: ...ace tunnel tunnel id Parameters Defaults None Mode Router global configuration C3 su router Config Router privileged exec C3 su router Usage Use this command to display general interface information R...

Страница 558: ...isplayed Mode Any router mode For information about Refer to page show ip arp 19 12 arp 19 13 ip proxy arp 19 14 arp timeout 19 15 clear arp cache 19 15 ip address Optional Displays ARP entries relate...

Страница 559: ...le entries Up to 1 000 static ARP entries are supported per SecureStack C3 system A multicast MAC address can be used in a static ARP entry The no form of this command removes the specified permanent...

Страница 560: ...712 7a99 ip proxy arp Use this command to enable proxy ARP on an interface The no form of this command disables proxy ARP Syntax ip proxy arp no ip proxy arp Parameters None Defaults Disabled Mode Int...

Страница 561: ...uter Config Example This example shows how to set the ARP timeout to 7200 seconds C3 su router Config arp timeout 7200 clear arp cache Use this command to delete all nonstatic dynamic entries from the...

Страница 562: ...oadcast is a packet sent to all hosts on a specific network or subnet The directed broadcast address includes the network or subnet fields with the binary bits of the host portion of the address set t...

Страница 563: ...Name Server port 137 NetBIOS Datagram Server port 138 TACACS service port 49 EN 116 Name Service port 42 Mode Router command Global configuration C3 su router Config Router interface configuration C3...

Страница 564: ...uration C3 su Router1 Config if Vlan 1 Usage Typically for DHCP BootP when a host requests an IP address it sends out a DHCP broadcast packet Normally the router drops all broadcast packets However by...

Страница 565: ...ds show ip route Use this command to display information about IP routes Syntax show ip route destination prefix destination prefix match connected ospf rip static summary Parameters For information a...

Страница 566: ...via 168 0 0 249 Vlan 3205 E2 11 11 24 24 32 150 20 via 168 0 0 249 Vlan 3205 O 11 11 25 25 32 8 20 via 168 0 0 249 Vlan 3205 C 11 11 26 26 32 0 0 directly connected Loopback 0 O 11 11 27 27 32 8 10 v...

Страница 567: ...lt value of 1 will be applied Mode Global configuration C3 su router Config Example This example shows how to set IP address 10 1 2 3 as the next hop gateway to destination address 10 0 0 0 C3 su rout...

Страница 568: ...ach hop between the source and the traceroute destination Syntax traceroute host Parameters Defaults None Mode Privileged EXEC C3 su router Usage There is also a traceroute command available in switch...

Страница 569: ...redirect enable no ip icmp redirect enable Parameters None Defaults By default sending ICMP redirects to the CPU is enabled globally and on all interfaces Mode Router global configuration mode C3 su r...

Страница 570: ...parameter information for all VLAN interfaces is displayed Mode Privileged EXEC mode C3 su router Router global configuration mode C3 su router Config Examples This example displays the global ICMP r...

Страница 571: ...stack must have a valid license If you wish to purchase an advanced routing license contact Enterasys Networks Sales Router The commands covered in this chapter can be executed only when the device is...

Страница 572: ...mode router rip on page 20 2 Enable RIP on an interface ip rip enable on page 20 3 Configure an administrative distance distance on page 20 3 Allow reception of a RIP version ip rip send version on p...

Страница 573: ...outer ip rip enable Use this command to enable RIP on an interface The no form of this command disables RIP on an interface By default RIP is disabled on all interfaces Syntax ip rip enable no ip rip...

Страница 574: ...to 1001 C3 su router Config router rip C3 su router Config router distance 100 ip rip send version Use this command to set the RIP version for RIP update packets transmitted out an interface The no v...

Страница 575: ...1 2 none no ip rip receive version Parameters Mode Interface configuration C3 su router Config if Vlan 1 Defaults None Example This example shows how to set the RIP receive version to 2 for update pa...

Страница 576: ...command prevents RIP from using authentication Syntax ip rip message digest key keyid md5 key no ip rip message digest key keyid Parameters Mode Interface configuration C3 su router Config if Vlan 1...

Страница 577: ...e To verify which routes are summarized for an interface use the show ip route command as described in show ip route on page 19 19 The reverse of the command re enables automatic route summarization B...

Страница 578: ...rom transmitting update packets on an interface The no form of this command disables passive interface Syntax passive interface vlan vlan id no passive interface vlan vlan id Parameters Defaults None...

Страница 579: ...istribute Use this command to allow routing information discovered through non RIP protocols to be distributed in RIP update messages The no form of this command clears redistribution parameters Synta...

Страница 580: ...into RIP update messages C3 su router Config router rip C3 su router Config router redistribute static static Specifies that non RIP routing information discovered via static routes will be redistribu...

Страница 581: ...routing license See the Activating Licensed Features chapter Enable OSPF configuration mode router id on page 20 12 router ospf on page 20 13 Enable or disable RFC 1583 compatibility 1583compatibilit...

Страница 582: ...ple shows how to set the OSPF router ID to IP address 182 127 62 1 C3 su router Config router router id 182 127 62 1 Define an area as a stub area area stub on page 20 22 Set the cost value for the de...

Страница 583: ...s refer to Table 18 2 on page 18 2 Only one OSPF process process id is allowed per SecureStack C3 router Example This example shows how to enable routing for OSPF process 1 C3 su router conf terminal...

Страница 584: ...rface configuration C3 su router Config if Vlan 1 Example This example shows how to enable OSPF on the VLAN 1 interface C3 su router Config interface vlan 1 C3 su router Config if Vlan 1 ip ospf enabl...

Страница 585: ...ospf cost Parameters Defaults None Mode Interface configuration C3 su router Config if Vlan 1 Usage Each router interface that participates in OSPF routing is assigned a default cost This command ove...

Страница 586: ...s 5 seconds for delay and 10 seconds for holdtime Syntax timers spf spf delay spf hold no timers spf Parameters Defaults None Mode Router configuration C3 su router Config router Example This example...

Страница 587: ...ample shows how to set the OSPF retransmit interval for the VLAN 1 interface to 20 C3 su router Config interface vlan 1 C3 su router Config if Vlan 1 ip ospf retransmit interval 20 ip ospf transmit de...

Страница 588: ...ults None Mode Interface configuration C3 su router Config if Vlan 1 Example This example shows how to set the hello interval to 5 for the VLAN 1 interface C3 su router Config interface vlan 1 C3 su r...

Страница 589: ...de Interface configuration C3 su router Config if Vlan 1 Usage This password is used as a key that is inserted directly into the OSPF header in routing protocol packets A separate password can be assi...

Страница 590: ...Interface configuration C3 su router Config if Vlan 1 Example This example shows how to enable OSPF MD5 authentication on the VLAN 1 interface set the key identifier to 20 and set the password to pas...

Страница 591: ...uter ospf 1 C3 su router Config router distance ospf external 100 area range Use this command to define the range of addresses to be used by Area Border Routers ABRs when they communicate routes to ot...

Страница 592: ...ummary no area area id stub no summary Parameters Mode Router configuration C3 su router Config router Defaults If no summary is not specified the stub area will be able to receive LSAs area id Specif...

Страница 593: ...outer configuration C3 su router Config router Usage The use of this command is restricted to ABRs attached to stub and NSSA areas Example This example shows how to set the cost value for stub area 10...

Страница 594: ...he backbone and a non backbone OSPF area The no form of this command removes the virtual link and or its associated settings Syntax area area id virtual link router id no area area id virtual link rou...

Страница 595: ...to be used by the virtual link Valid values are alphanumeric strings of up to 8 characters Neighbor virtual link routers on a network must have the same password dead interval seconds Specifies the n...

Страница 596: ...es that non OSPF information discovered via directly connected interfaces will be redistributed rip Specifies that RIP routing information will be redistributed in OSPF static Specifies that non OSPF...

Страница 597: ...database Parameters None Defaults None Mode Any router mode Example This example shows how to display all OSPF link state database information This is a portion of the command output C3 su router sho...

Страница 598: ...lay OSPF interface related information including network type priority cost hello interval and dead interval Syntax show ip ospf interface vlan vlan id Parameters Table 20 3 show ip ospf database Outp...

Страница 599: ...p ospf cost command For details refer to ip ospf cost on page 20 15 Transmit Delay The number in seconds added to the LSA Link State Advertisement age field State The interface state versus the state...

Страница 600: ...an explanation of the command output detail Optional Displays detailed information about the neighbors including the area in which they are neighbors who the designated router backup designated router...

Страница 601: ...ides an explanation of the command output clear ip ospf process Use this command to reset the OSPF process This will require adjacencies to be reestablished and routes to be reconverged Syntax clear i...

Страница 602: ...de Privileged EXEC C3 su router Example This example shows how to reset OSPF process 1 C3 su router clear ip ospf process 1 process id Specifies the process ID an internally used identification number...

Страница 603: ...multicast routing table Enabling DVMRP on an Interface DVMRP is disabled by default both globally and on each interface Enabling DVMRP on a routed interface requires completing the steps listed in Tab...

Страница 604: ...ess C3 su router Config ip dvmrp ip dvmrp enable Use this command to enable DVMRP on an interface The no form of this command disables DVMRP on an interface Syntax ip dvmrp enable no ip dvmrp enable P...

Страница 605: ...faults None Mode Interface configuration C3 su router Config if Vlan 1 Usage To reset the DVMRP metric back to the default value of 1 enter ip dvmrp metric 1 Example This example shows how to set a DV...

Страница 606: ...tatus information will be displayed Mode Any router mode Example This example shows how to display DVMRP status information C3 su router show ip dvmrp Vlan Id Metric Admin Status Oper Status 10 Enable...

Страница 607: ...ace The no form of this command disables IRDP on an interface Syntax ip irdp enable no ip irdp enable Parameters None Defaults None Mode Interface configuration C3 su router Config if Vlan 1 Example T...

Страница 608: ...ce C3 su router Config interface vlan 1 C3 su router Config if Vlan 1 ip irdp maxadvertinterval 1000 ip irdp minadvertinterval Use this command to set the minimum interval in seconds between IRDP adve...

Страница 609: ...is example shows how to set the IRDP hold time to 4000 seconds on the VLAN 1 interface C3 su router Config interface vlan 1 C3 su router Config if Vlan 1 ip irdp holdtime 4000 ip irdp preference Use t...

Страница 610: ...ip irdp broadcast Use this command to configure IRDP to use the limited broadcast address of 255 255 255 255 The default is multicast with address 224 0 0 1 The no form of this command resets IRDP to...

Страница 611: ...VLAN 1 interface C3 su router Config interface vlan 1 C3 su router Config if vlan 1 show ip irdp vlan 1 Interface vlan 1 has router discovery enabled Advertisements will occur between 450 and 600 seco...

Страница 612: ...s all VRRP configurations from the running configuration Syntax router vrrp no router vrrp Parameters None Defaults None Mode Global configuration C3 su router Config Advanced License Required VRRP is...

Страница 613: ...the VRRP session Syntax create vlan vlan id vrid no create vlan vlan id vrid Parameters Defaults None Mode Router configuration C3 su router Config router Usage This command must be executed to create...

Страница 614: ...es the master If priority values are the same then the VRRP router with the higher IP address is selected master For details on using the priority command refer to priority on page 20 45 Example This...

Страница 615: ...d clears the VRRP advertise interval value Syntax advertise interval vlan vlan id vrid interval no advertise interval vlan vlan id vrid interval vlan vlan id Specifies the number of the VLAN on which...

Страница 616: ...vlan 1 1 3 preempt Use this command to enable or disable preempt mode on a VRRP router The no form of this command disables preempt mode Syntax preempt vlan id vrid no preempt vlan id vrid Parameters...

Страница 617: ...empt vlan 1 1 enable Use this command to enable VRRP on an interface The no form of this command disables VRRP on an interface Syntax enable vlan vlan id vrid no enable vlan vlan id vrid Parameters De...

Страница 618: ...n 1 Example This example shows how to set the VRRP authentication key chain to password on the VLAN 1 interface C3 su router Config interface vlan 1 C3 su router Config if Vlan 1 ip vrrp authenticatio...

Страница 619: ...e members are densely located and bandwidth is plentiful DVMRP would suffice see Configuring DVMRP on page 20 33 PIM SM determines the network topology using the underlying unicast routing protocol to...

Страница 620: ...example shows how to globally enable and disable PIM C3 su router Config ip pimsm C3 su router Config no ip pimsm ip pimsm staticrp This command is used to create a manual Rendezvous Point IP address...

Страница 621: ...nterface to enabled By default PIM is disabled on all IP interfaces The no form of this command disables PIM on the specific interface Syntax ip pimsm enable no ip pimsm enable Parameters None Default...

Страница 622: ...Interface configuration C3 su router Config if Vlan 1 Example This example shows how to set the hello interval rate to 100 seconds C3 su router Config interface vlan 1 C3 su router Config if Vlan 1 ip...

Страница 623: ...m componenttable Parameters None Defaults None Mode Any router mode Example This example shows how to display PIM router information C3 su router show ip pimsm componenttable Table 20 7 show ip pimsm...

Страница 624: ...ation C3 su router show ip pimsm interface vlan 30 VLAN ID 30 IP Address 192 168 30 1 Subnet Mask 255 255 255 0 Mode enable Table 20 8 show ip pimsm componenettable Output Details Output Field What it...

Страница 625: ...et Mask The Subnet Mask for the IP address of the PIM interface Mode Indicates whether PIM SM is enabled or disabled on the specified interface This is a configured value By default it is disabled Hel...

Страница 626: ...all IP multicast groups or for a specific group address The information in the table is displayed for each IP multicast group Syntax show ip pimsm rp group address group mask all candidate Parameters...

Страница 627: ...ddress 224 0 0 0 240 0 0 0 192 168 30 2 show ip pimsm rphash Displays the Rendezvous Point router that will be selected from the set of active RP routers The RP router for the group is selected by usi...

Страница 628: ...ip pimsm staticrp Display the PIM SM static Rendezvous Point information Syntax show ip pimsm staticrp Parameters None Mode Any router mode Defaults None Example This example shows how to display PIM...

Страница 629: ...C3 su router show ip mroute Active IP Multicast Sources Flags D Dense S Sparse C Connected L Local P Pruned R RP bit set F Register flag T SPT bit set Outgoing interface flags H Hardware switched Time...

Страница 630: ...lans 8 Source Network 192 168 111 10 Source Mask 0 0 0 0 MultiCast Group 239 1 8 169 Uptime 6582 Upstream Neighbor 0 0 0 0 Upstream Vlan 111 Downstream Vlans 8 Source Network 192 168 111 10 Source Mas...

Страница 631: ...the switch and to display IPv6 status information Commands show ipv6 status Use this command to display the status of the IPv6 management function Syntax show ipv6 status Parameters None For informat...

Страница 632: ...management is disabled Mode Switch mode read write Usage When you enable IPv6 management on the switch the system automatically generates a link local host address for the switch from the host MAC ad...

Страница 633: ...su set ipv6 address 2001 0db8 1234 5555 9876 2 64 C3 su show ipv6 address Name IPv6 Address host FE80 201 F4FF FE5C 2880 64 host 2001 DB8 1234 5555 9876 2 64 This example shows how to use the eui64 p...

Страница 634: ...4 host 2001 DB8 1234 5555 201 F4FF FE5C 2880 64 gateway FE80 201 F4FF FE5D 1234 clear ipv6 address Use this command to clear IPv6 global addresses Syntax clear ipv6 address all ipv6 addr prefix length...

Страница 635: ...555 9876 2 64 gateway FE80 201 F4FF FE5D 1234 C3 su clear ipv6 address all C3 su show ipv6 address Name IPv6 Address host FE80 201 F4FF FE5C 2880 64 gateway FE80 201 F4FF FE5D 1234 set ipv6 gateway Us...

Страница 636: ...1234 clear ipv6 gateway Use this command to clear an IPv6 gateway address Syntax clear ipv6 gateway Parameters None Defaults None Mode Switch mode read write Example This example shows how to remove a...

Страница 637: ...o display IPv6 netstat information Syntax show ipv6 netstat Parameters None Defaults None Mode Switch command read only Example This example shows the output of this command C3 su show ipv6 netstat Pr...

Страница 638: ...ead write Usage This command is also available in router mode Examples This example shows output from a successful ping to IPv6 address 2001 0db8 1234 5555 1234 1 C3 su ping ipv6 2001 0db8 1234 5555 1...

Страница 639: ...lso available in router mode Example This example shows how to use traceroute to display a round trip path to host 2001 0db8 1234 5555 C3 su router traceroute ipv6 2001 0db8 1234 5555 1 Traceroute to...

Страница 640: ...traceroute ipv6 21 10 IPv6 Management...

Страница 641: ...ecifies PDU options of two classes both of which are supported hop by hop options and destination options While new options can be defined in the future the following are currently supported routing f...

Страница 642: ...are available including stateless stateful address configuration router and address lifetimes and Neighbor Discovery timer control Ping and traceroute applications for IPv6 are provided Management of...

Страница 643: ...e no form of this command disables IPv6 forwarding on the router Example This example disables IPv6 forwarding C3 su router Config no ipv6 forwarding ipv6 hop limit This command sets the maximum numbe...

Страница 644: ...next hop addr pref no ipv6 route ipv6 prefix prefix length interface tunnel tunnel id vlan vlan id next hop addr pref Parameters hops Specifies the maximum number of IPv6 hops used in IPv6 packets an...

Страница 645: ...distance or preference for static IPv6 routes Syntax ipv6 route distance pref no ipv6 route distance Parameters Defaults Default preference or administrative distance is 1 Mode Router global configur...

Страница 646: ...tance value to 3 C3 su router Config ipv6 route distance 3 ipv6 unicast routing This command enables disables forwarding of IPv6 unicast datagrams Syntax ipv6 unicast routing no ipv6 unicast routing P...

Страница 647: ...from 2001 DB8 1234 5555 1234 1 Average round trip time 1 00 ms This example shows output from an unsuccessful ping to IPv6 address 2001 0db8 1234 5555 1234 1 C3 su ping ipv6 2001 0db8 1234 5555 1234 1...

Страница 648: ...uter ping ipv6 interface vlan 6 link local address fe80 211 88ff fe55 4a7f Send count 3 Receive count 3 from fe80 211 88ff fe55 4a7f Average round trip time 1 00 ms traceroute ipv6 Use this command to...

Страница 649: ...e shows how to use traceroute to display a round trip path to host 2001 0db8 1234 5555 1 C3 su router traceroute ipv6 2001 0db8 1234 5555 1 Traceroute to 2001 0db8 1234 5555 1 30 hops max 40 byte pack...

Страница 650: ...efix and length and the SecureStack C3 generates the low order 64 bits The hexadecimal letters in the IPv6 addresses are not case sensitive For information about Refer to page ipv6 address 22 10 ipv6...

Страница 651: ...led IPv6 Prefix is FE80 211 88FF FE55 4A7F 128 3FFE 501 FFFF 101 211 88FF FE55 4A7F 64 Routing Mode Enabled Interface Maximum Transmit Unit 1500 Router Duplicate Address Detection Transmits 1 Router A...

Страница 652: ...1800 Router Advertisement Reachable Time 0 Router Advertisement Interval 600 Router Advertisement Managed Config Flag Disabled Router Advertisement Other Config Flag Disabled Router Advertisement Sup...

Страница 653: ...ration Guide 22 13 Example This example sets the MTU value to 1500 bytes C3 su router Config if Vlan 1 ipv6 mtu 1500 Note All interfaces attached to the same physical medium must be configured with th...

Страница 654: ...cific interface Syntax clear ipv6 neighbor vlan vlan id Parameters Defaults None Mode Router privileged exec C3 su router Usage To clear all dynamically learned Neighbor Cache entries use this command...

Страница 655: ...gned to the interface Use this command to change the number of Neighbor Solicitation messages that can be sent for Duplicate Address Detection from the default value of 1 The no form of the command re...

Страница 656: ...hability confirmation must be received from a neighbor for the neighbor to be considered reachable Syntax ipv6 nd reachable time msec no ipv6 nd reachable time Parameters Defaults By default a value o...

Страница 657: ...hable time 60000 ipv6 nd other config flag This command sets the other stateful configuration flag in router advertisements sent on this interface to true Syntax ipv6 nd other config flag no ipv6 nd o...

Страница 658: ...ipv6 nd ra interval 120 ipv6 nd ra lifetime This command sets the value in seconds that is placed in the Router Lifetime field of router advertisements sent from this interface Syntax ipv6 nd ra lifet...

Страница 659: ...lts Suppression disabled Mode Router interface configuration C3 su router Config if Vlan 1 Usage By default transmission of router advertisements is enabled This command disables such transmissions Us...

Страница 660: ...fix must be in the form documented in RFC 4291 with the address specified in hexadecimal using 16 bit values between colons The prefix length is a decimal number indicating the number of high order co...

Страница 661: ...2 21 Example This example configures a prefix that can be used for both on link determination and autoconfiguration using the default values for valid lifetime and preferred lifetime C3 su router Conf...

Страница 662: ...Example This example displays information about IPv6 modes C3 su router show ipv6 IPv6 Forwarding Mode Enabled IPv6 Unicast Routing Mode Enabled show ipv6 interface This command displays information...

Страница 663: ...ter show ipv6 interface vlan 7 Vlan 7 Administrative Mode Enabled Vlan 7 IPv6 Routing Operational Mode Enabled IPv6 is Enabled IPv6 Prefix is FE80 211 88FF FE55 4A7F 128 3FFE 501 FFFF 101 211 88FF FE5...

Страница 664: ...arameters None Defaults None Mode Router privileged execution C3 su router Usage Use this command to display the contents of the Neighbor Cache Example This example displays the neighbors in the cache...

Страница 665: ...State of the cache entry Possible values are Incomplete Reachable Stale Delay Probe and Unknown Last Updated The system uptime when the information for the neighbor was last updated ipv6 addr Specifie...

Страница 666: ...3FFE 501 FFFF 100 200 FF FE00 A1A1 Vlan 6 via FE80 200 FF FE00 A1A1 Vlan 6 Table 22 2 provides an explanation of the command output Table 22 2 show ipv6 route Output Details Output Field What It Disp...

Страница 667: ...static route can be set with the ipv6 route command Example The following example shows the output of this command C3 su router show ipv6 route preferences Local 0 Static 1 OSPF Intra 8 OSPF Inter 10...

Страница 668: ...ummary information displayed by this command C3 su router show ipv6 route summary all IPv6 Routing Table Summary 6 entries Connected Routes 3 Static Routes 3 OSPF Routes 0 Intra Area Routes 0 Inter Ar...

Страница 669: ...d 116 Received Datagrams Discarded Due To Header Errors 0 Received Datagrams Discarded Due To MTU 0 Received Datagrams Discarded Due To No Route 0 Received Datagrams With Unknown Protocol 0 Received D...

Страница 670: ...ICMPv6 Messages Transmitted 876 ICMPv6 Messages Not Transmitted Due To Error 0 ICMPv6 Destination Unreachable Messages Transmitted 0 ICMPv6 Messages Prohibited Administratively Transmitted 0 ICMPv6 Ti...

Страница 671: ...arry enough data Received Datagrams Discarded Other Number of input IPv6 datagrams for which no problems were encountered to prevent their continue processing but which were discarded e g for lack of...

Страница 672: ...interface which includes all those counted by ipv6IfIcmpInErrors Note that this interface is the interface to which the ICMP messages were addressed which may not be necessarily the input interface fo...

Страница 673: ...ination Unreachable Messages Transmitted Number of ICMP Destination Unreachable messages sent by the interface ICMPv6 Messages Prohibited Administratively Transmitted Number of ICMP destination unreac...

Страница 674: ...s example clears the statistics for VLAN 6 C3 su router clear ipv6 statistics vlan 6 ICMPv6 Group Membership Query Messages Transmitted Number of ICMPv6 Group Membership Query messages sent ICMPv6 Gro...

Страница 675: ...he mixed stack All the C3 units in the mixed stack will independently perform hardware IPv6 routing tunneling The manager C3 unit will transparently do the hardware IPv6 routing tunneling for all the...

Страница 676: ...acks on page 2 5 for additional information If you are adding the C3 switches to an existing C2 stack make one of the C3 switches the stack manager For example if the current stack manager is unit 1 a...

Страница 677: ...bled with this command before the C2 switches in the stack will start redirecting routed IPv6 tunneling packets to the C3 proxy server Uses the no form of this command to disable IPv6 proxy routing Ex...

Страница 678: ...3 4 IPv6 Proxy Routing Defaults None Mode Any routing mode Example This example shows the output of this command when IPv6 proxy routing is disabled c2 su router Config show ipv6 proxy routing IPv6 Pr...

Страница 679: ...t only provides other networking information such as DNS NTP and or SIP information The stateless server behavior is described by RFC 3736 which simply contains descriptions of the portions of RFC 331...

Страница 680: ...nment Default Conditions The following table lists the default DHCPv6 conditions Global Configuration Commands Purpose These router global configuration mode commands are used to enable DHCPv6 on the...

Страница 681: ...yntax ipv6 dhcp relay agent info opt option Parameters Defaults The default value of the DHCPv6 Relay Agent Information Option is 32 Mode Router global configuration C3 su router Config Usage The DHCP...

Страница 682: ...nt circuits and have mechanisms to identify the remote host end of the circuit Refer to RFC 3046 for more information Example This example sets the Relay Agent Remote ID sub option value to 2 C3 su ro...

Страница 683: ...ter executing this command and entering pool configuration mode you can return to global configuration mode by executing the exit command Pool configuration commands are described in the section Addre...

Страница 684: ...on mode C3 su router Config dhcp6s pool Usage A DNS domain name is configured for stateless server support A DHCPv6 pool can have up to 8 domain names configured for it The no form of this command wil...

Страница 685: ...Pv6 server address from the DHCPv6 pool being configured Example This example configures a DNS server address for the pool named PoolA C3 su router Config ipv6 dhcp pool PoolA C3 su router Config dhcp...

Страница 686: ...ion 2001 0db8 10 48 00 02 00 00 00 11 0A C0 89 D3 03 00 09 AA exit This command exits from DHCPv5 pool configuration mode and returns to global configuration mode Syntax exit Parameters None prefix pr...

Страница 687: ...Guide 24 9 Defaults None Mode Router DHCPv6 pool configuration mode C3 su router Config dhcp6s pool Example This example illustrates how to exit DHCPv6 pool configuration mode C3 su router Config dhc...

Страница 688: ...tion Commands on page 24 6 An interface can be configured as either a DHCPv6 server or a DHCPv6 relay agent but not both Use the no form of this command to remove DHCPv6 server functionality from an i...

Страница 689: ...DHCPv6 relay agent functionality from an interface destination dest addr Specifies the IPv6 address of a DHCPv6 relay server This IPv6 address can be a global address a multicast address or a link loc...

Страница 690: ...0 C3 su router Config interface vlan 8 C3 su router Config if Vlan 8 ipv6 dhcp relay destination 2001 0db8 1234 5555 122 10 64 This example configures interface VLAN 8 as a DHCPv6 relay agent by confi...

Страница 691: ...if DHCPv6 is enabled the switch s DHCP unique identifier DUID Syntax show ipv6 dhcp Parameters None Defaults None Mode Router privileged execution C3 su router Example This example illustrates the ou...

Страница 692: ...v6 configuration information about VLAN 80 which was configured as a DHCPv6 server C3 su router show ipv6 dhcp interface vlan 80 IPv6 Interface Vlan 80 Mode Server Pool Name newpool Server Preference...

Страница 693: ...otal DHCPv6 Packets Transmitted 0 Table 24 2 provides an explanation of the command output Table 24 1 Output of show ipv6 dhcp interface Command Output What it displays IPv6 Interface Shows the interf...

Страница 694: ...Packets Received 0 DHCPv6 Malformed Packets Received 0 Received DHCPv6 Packets Discarded 0 Total DHCPv6 Packets Received 0 DHCPv6 Advertisement Packets Transmitted 0 DHCPv6 Reply Packets Transmitted 0...

Страница 695: ...DHCPv6 Relay reply Packets Received Number of relay reply received statistics DHCPv6 Malformed Packets Received Number of malformed packets statistics Received DHCPv6 Packets Discarded Number of DHCP...

Страница 696: ...delegation C3 su router show ipv6 dhcp pool PoolA DHCPv6 Pool PoolA DNS Server 2001 db8 1234 5678 A Domain Name enterasys com This example displays the output for PoolB that was configured for prefix...

Страница 697: ...with the IPv6 address FE80 111 FCF1 DEA5 10 C3 su router show ipv6 dhcp binding FE80 111 FCF1 DEA5 10 DHCP Client Address FE80 111 FCF1 DEA5 10 DUID 000300010002FCA5DC1C IA ID 0x00040001 T1 0 T2 0 Pre...

Страница 698: ...show ipv6 dhcp binding 24 20 DHCPv6 Configuration...

Страница 699: ...v3 views IPv6 over IPv4 tunnels as a point to point interface with a link local address and possibly a global unicast address OSPFv3 uses the reported MTU for tunnel interfaces OSPFv3 supports ECMP ro...

Страница 700: ...reStack C3 Default Conditions The following table lists the default OSPFv3 conditions Condition Default Value IPv6 OSPF Disabled IPv6 OSPF cost 10 IPv6 OSPF dead interval 40 seconds IPv6 OSPF hello in...

Страница 701: ...router Syntax ipv6 router id ip address Parameters Defaults None Mode Router global configuration C3 su router Config Usage Use this command to configure the OSPFv3 router ID Example This example ill...

Страница 702: ...n originate This command is used to control the advertisement of default routes Syntax default information originate always metric value metric type type no default information originate metric metric...

Страница 703: ...default metric for routes redistributed from another protocol into OSPFv3 Syntax default metric metric no default metric Parameters Defaults No default metric is configured Mode Router OSPFv3 configur...

Страница 704: ...The following example set the intra area preference to 5 C3 su router Config router distance ospf intra 5 exit overflow interval This command configures the exit overflow interval for OSPFv3 Syntax ex...

Страница 705: ...LSDB limit for OSPFv3 Syntax external lsdb limit limit no external lsdb limit Parameters Defaults The default value is 1 Mode Router OSPFv3 configuration C3 su router Config router Usage When the num...

Страница 706: ...to allow redistribution of routes from the specified source protocol routers Syntax redistribute connected static metric value metric type type tag tag no redistribute connected static metric metric t...

Страница 707: ...n C3 su router Config router Usage The no form of this command configures the OSPFv3 protocol to prohibit redistribution of routes from the specified source protocol routers Example This example confi...

Страница 708: ...out Refer to page area default cost 25 10 area nssa 25 11 area nssa default info originate 25 12 area nssa no redistribute 25 12 area nssa no summary 25 13 area nssa translator role 25 14 area nssa tr...

Страница 709: ...rea areaid nssa no area areaid nssa Parameters Defaults None Mode Router OSPFv3 configuration C3 su router Config router Usage An NSSA allows some external routes represented by external Link State Ad...

Страница 710: ...command to prevent a default route to be advertised within the area Example This example configures NSSA area 20 to advertise a default route C3 su router Config router area 20 nssa default info origi...

Страница 711: ...redistribute area nssa no summary This command configures the NSSA area border router to not advertise summary routes into the NSSA Syntax area areaid nssa no summary no area areaid nssa no summary P...

Страница 712: ...e NSSA router will participate in the translator election process described in RFC 3101 The OSPF Not So Stubby Area NSSA Option Use the no form of this command to return the configured translator role...

Страница 713: ...Area address ranges are not configured by default areaid Specifies the area ID in IP address format dotted quad or as a decimal value interval Specifies the stability interval in seconds The value of...

Страница 714: ...saexternallink parameter You can configure multiple address ranges with this command Use the no form of this command to remove a configured address range Example This example configures an address ran...

Страница 715: ...ort mode to the default for the specified stub area Example The example disables the import of summary LSAs into stub area 30 C3 su router Config router area 30 stub no summary area virtual link This...

Страница 716: ...virtual link neighborid dead interval seconds no area areaid virtual link neighborid dead interval Parameters Defaults The default dead interval is 40 seconds Mode Router OSPFv3 configuration C3 su r...

Страница 717: ...l 30 area virtual link retransmit interval This command configures the retransmit interval for the specified OSPFv3 virtual interface Syntax area areaid virtual link neighborid retransmit interval sec...

Страница 718: ...irtual link neighborid transmit delay seconds no area areaid virtual link neighborid transmit delay Parameters Defaults The default transmit delay is 1 second Mode Router OSPFv3 configuration C3 su ro...

Страница 719: ...n C3 su router Config if Vlan 1 Usage Use this command to enable OSPFv3 on a router VLAN interface or on a loopback interface Use the no form of this command to disable OSPFv3 on an interface For info...

Страница 720: ...interface connects Assigning an area ID which does not exist on an interface causes the area to be created with default values Use the no form of this command to remove an area from the interface Exam...

Страница 721: ...ce Syntax ipv6 ospf dead interval seconds no ipv6 ospf dead interval seconds Parameters Defaults The default dead interval value is 40 seconds Mode Router interface configuration C3 su router Config i...

Страница 722: ...ts that OSPFv3 sends on the interface being configured The shorter the hello interval the faster topological changes will be detected but more routing traffic will ensue The hello interval must be the...

Страница 723: ...detection on router interface VLAN 7 C3 su router Config interface vlan 7 C3 su router Config if Vlan 7 ipv6 ospf mtu ignore ipv6 ospf network This command changes the default OSPFv3 network type for...

Страница 724: ...an 1 Usage When two routers on the same network attempt to become the designated router the one with the higher router priority takes precedence If there is a tie the router with the higher router ID...

Страница 725: ...r interface VLAN 7 C3 su router Config interface vlan 7 C3 su router Config if Vlan 7 ipv6 ospf retransmit interval 10 ipv6 ospf transmit delay This command sets the OSPFv3 transmit delay for the rout...

Страница 726: ...delay 25 28 OSPFv3 Configuration Example This example sets the transmit delay value to 4 seconds for router interface VLAN 7 C3 su router Config interface vlan 7 C3 su router Config if Vlan 7 ipv6 osp...

Страница 727: ...su router Example This example shows how to display OSPFv3 router information C3 su router show ipv6 ospf Router ID 2 2 2 2 OSPF Admin Mode Enable ASBR Mode Enable For information about Refer to page...

Страница 728: ...distribute routes learnt from other protocol The possible values for the ASBR status is enabled if the router is configured to re distribute routes learnt by other protocols or disabled if the router...

Страница 729: ...metric for the advertised default routes If the metric is not configured this field is blank Metric Type Whether the routes are External Type 1 or External Type 2 Table 25 1 show ipv6 ospf Output Deta...

Страница 730: ...uding the external LS type 5 link state advertisements Stub Mode Whether the specified area is a stub area or not The possible values are enabled and disabled This is a configured value Import Summary...

Страница 731: ...xt Hop Intf Address of the next hop toward the destination Next Hop Intf The outgoing router interface to use when forwarding traffic to the next hop Table 25 3 show ipv6 ospf abr Output Details Conti...

Страница 732: ...area ID is specified C3 su router show ipv6 ospf 10 database Inter Network States Area 0 0 0 10 areaid Optional Display database information about a specific area Enter the area ID in IP address form...

Страница 733: ...0 Adv Router Link Id Age Sequence Csum Options Rtr Opt 2 2 2 2 0 1288 80000273 32A9 V6E R EB 3 3 3 3 0 1098 80000251 7D11 V6E RD network links States Area 0 0 0 0 Adv Router Link Id Age Sequence Csum...

Страница 734: ...unction of the specified LSA LS Seq Number Number that represents which LSA is more recent Checksum Total number LSA checksum Lenght Size of the LSA in bytes Options Option bits in LSA header Refer to...

Страница 735: ...Ext 0 Self Originated Type 5 Ext 0 Total 66 Table 25 6 provides an explanation of the database summary command output Table 25 6 show ipv6 ospf database database summary Output Details Output Field W...

Страница 736: ...3 link state database Area Unknown Total number of area unknown LSAs in the OSPFv3 link state database AS Unknown Total number of as unknown LSAs in the OSPFv3 link state database Self Originated Type...

Страница 737: ...e 25 7 provides an explanation of the command output Table 25 7 show ipv6 ospf interface Command Output Details Output Field What It Displays IPv6 Address The IPv6 address of the interface ifIndex The...

Страница 738: ...ets 1053 Metric Cost The priority of the path Low costs have a higher priority than high costs OSPF MTU ignore Whether to ignore MTU mismatches in database descriptor packets sent from neighboring rou...

Страница 739: ...abase excluding AS External LSAs IPv6 Address The IP address associated with this OSPFv3 interface OSPF Interface Events The number of times the specified OSPFv3 interface has changed its state or an...

Страница 740: ...the interface has a neighbor Examples This example illustrates the summary information displayed when no neighbor is specified C3 su router show ipv6 ospf neighbor Router ID Priority Intf Interface S...

Страница 741: ...information has been received from the neighbor Attempt no recent information has been received from the neighbor but a more concerted effort should be made to contact the neighbor Init a Hello packet...

Страница 742: ...ted with the interface Options An integer value that indicates the optional OSPFv3 capabilities supported by the neighbor These are listed in its Hello packets This enables received Hello Packets to b...

Страница 743: ...he area ID of the requested OSPFv3 area IPv6 Prefix Prefix Length An IPv6 prefix and length which represents a configured area range Lsdb Type The type of link advertisement associated with this area...

Страница 744: ...ion of the command output areaid Specifies the area ID in IP address format dotted quad or as a decimal value neighborid Specifies the neighbor by its router ID specified in 32 bit dotted quad format...

Страница 745: ...Metric The metric of this virtual link Neighbor State The state of the neighbor States are down loopback waiting point to point designated router and backup designated router Table 25 13 show ipv6 osp...

Страница 746: ...show ipv6 ospf virtual link 25 48 OSPFv3 Configuration...

Страница 747: ...cates user access of Telnet management console local management and WebView via a central RADIUS Client Server or For information about Refer to page Overview of Authentication and Authorization Metho...

Страница 748: ...ication method Each user or device can be mapped to the same or different roles using Enterasys policy for access control VLAN authorization traffic rate limiting and quality of service This is the mo...

Страница 749: ...Attribute and Dynamic Policy Profile Assignment If you configure an authentication method that requires communication with a RADIUS server you can use the RADIUS Filter ID attribute to dynamically ass...

Страница 750: ...To configure the authentication login method to be used for management Commands The commands used to configure the authentication login method are listed below show authentication login Use this comm...

Страница 751: ...login method to the default setting of any Syntax clear authentication login Parameters None Defaults None Mode Switch command Read Write Example This example shows how to reset the authentication log...

Страница 752: ...pplication when generating RADIUS packets Commands show radius Use this command to display the current RADIUS client server configuration Syntax show radius status retries timeout server index all Par...

Страница 753: ...all servers or a specific RADIUS server as defined by an index Table 26 1 show radius Output Details Output Field What It Displays RADIUS status Whether RADIUS is enabled or disabled RADIUS retries Nu...

Страница 754: ...mes out Valid values are from 0 to 10 Default is 3 timeout timeout Specifies the maximum amount of time in seconds to establish contact with the RADIUS server before retry attempts begin Valid values...

Страница 755: ...ut server index all realm index all Parameters Mode Switch command read write Defaults None Examples This example shows how to clear all settings on all RADIUS servers C3 su clear radius server all Th...

Страница 756: ...counting refer to set radius accounting on page 26 10 C3 ro show radius accounting RADIUS accounting status Disabled RADIUS Acct Server IP Address Acct Port Retries Timeout Status 1 172 16 2 10 1856 3...

Страница 757: ...10 C3 su set radius accounting retries 10 clear radius accounting Use this command to clear RADIUS accounting configuration settings Syntax clear radius accounting server ip address retries timeout co...

Страница 758: ...s example displays the output of this command In this case the IP address assigned to loopback interface 1 will be used as the source IP address of the RADIUS application C3 rw show radius interface l...

Страница 759: ...ed interface on which the packet egresses If loopback 0 has been configured the NAS IP will be set to the IP address of loopback 0 Otherwise the NAS IP will be zero Example This example configures an...

Страница 760: ...horization Configuration Example This command returns the interface used for the source IP address of the RADIUS application back to the default of the Host interface C3 rw show radius interface vlan...

Страница 761: ...fied 802 1X status will be displayed Note To configure EAP pass through which allows client authentication packets to be forwarded through the switch to an upstream device 802 1X authentication must b...

Страница 762: ...Responses 0 Backend Access Challenges 0 Backend Others Requests To Supp 0 Backend NonNak Responses From 0 Backend Auth Successes 0 Backend Auth Fails 0 This example shows how to display authentication...

Страница 763: ...d portcontrol Optional Displays the current value of the controlled Port control parameter for the port maxreq Optional Displays the value set for maximum requests currently in use by the backend auth...

Страница 764: ...orts are specified the reinitialization or reauthentication setting will be applied to all ports Mode Switch command read write Usage Disabling 802 1X authentication globally by not entering a specifi...

Страница 765: ...llowing a failed authentication before another attempt can be made by the authenticator PAE state machine Valid values are 0 65535 Default value is 60 seconds reauthenabled false true Enables true or...

Страница 766: ...This example shows how to reset the 802 1X port control mode to auto on all ports C3 su clear dot1x auth config authcontrolled portcontrol This example shows how to reset reauthentication control to d...

Страница 767: ...mmand read only Example This example shows how to display EAPOL status for ports ge 1 1 3 C3 su show eapol ge 1 1 3 EAPOL is disabled Port Authentication State Authentication Mode ge 1 1 Initialize Au...

Страница 768: ...ompletes authenticated The port enters this state from authenticating state after the exchange completes with a favorable result It remains in this state until linkdown logoff or until a reauthenticat...

Страница 769: ...nd to globally clear the EAPOL authentication mode or to clear settings for one or more ports Syntax clear eapol auth mode port string enable disable Enables or disables EAPOL auth mode auto forced au...

Страница 770: ...all ports Mode Switch command read write Example This example shows how to clear the EAPOL authentication mode for port ge 1 3 C3 su clear eapol auth mode ge 1 3 auth mode Optional Globally clears th...

Страница 771: ...thentication significant bits on page 26 35 The most common use of significant bit masks is for authentication of all MAC addresses for a specific vendor Commands show macauthentication Use this comma...

Страница 772: ...page 7 1 Table 26 3 show macauthentication Output Details Output Field What It Displays MAC authentication Whether MAC authentication is globally enabled or disabled Set using the set macauthenticati...

Страница 773: ...isabled Table 26 4 provides an explanation of the command output Reauth Period Reauthentication period for this port Default value of 30 can be changed using the set macauthentication reauthperiod com...

Страница 774: ...password password Parameters Defaults None Mode Switch command read write Reauth Period Reauthentication period for this port set using the set macauthentication reauthperiod command described in set...

Страница 775: ...write Example This example shows how to clear the MAC authentication password C3 su clear macauthentication password set macauthentication port Use this command to enable or disable one or more ports...

Страница 776: ...on portinitialize port string Parameters Defaults None Mode Switch command read write Example This example shows how to force ge 2 1 through 5 to initialize C3 su set macauthentication portinitialize...

Страница 777: ...string is not specified then all ports will be set to the default port quiet period Mode Switch command read write Example This example resets the default quiet period on port 1 C3 su clear macauthent...

Страница 778: ...ication enable disable port string Parameters Defaults None Mode Switch command read write Example This example shows how to enable MAC reauthentication on ge 4 1 though 5 C3 su set macauthentication...

Страница 779: ...ple This example shows how to force the MAC authentication session for address 00 60 97 b5 4c 07 to reauthenticate C3 su set macauthentication macreauthenticate 00 60 97 b5 4c 07 set macauthentication...

Страница 780: ...ear macauthentication reauthperiod port string Parameters Defaults If port string is not specified the reauthentication period will be cleared on all ports Mode Switch command read write Example This...

Страница 781: ...figured other than 48 with this command the switch will apply the mask and resend the masked address to the RADIUS server For example if a user with MAC address of 00 16 CF 12 34 56 is denied access a...

Страница 782: ...significant bits 26 36 Authentication and Authorization Configuration Mode Switch command read write Example This example resets the MAC authentication significant bits to 48 C3 su clear macauthentic...

Страница 783: ...all traffic on the port When multi user authentication is not implemented and more than one supplicant is connected to a port the firmware does not provision network resources on a per user or per dev...

Страница 784: ...ation system configuration Supported types dot1x pwa mac Maximum number of users 768 Current number of users 2 System mode multi Default precedence dot1x pwa mac Admin precedence dot1x pwa mac Operati...

Страница 785: ...mand sets described in this chapter Refer to Configuring 802 1X Authentication on page 26 15 and Configuring MAC Authentication on page 26 25 and Configuring Port Web Authentication PWA on page 26 68...

Страница 786: ...cated by more than one method at the same time the precedence of the authentication methods will determine which RADIUS returned filter ID will be processed and result in an applied traffic policy pro...

Страница 787: ...Mode Switch command read only Example This example shows how to display multiple authentication information for ports ge 3 1 4 The number of Max users shown by this command varies depending on the pl...

Страница 788: ...t s multiple authentication mode as auth opt Authentication optional non strict behavior If a user does not attempt to authenticate using 802 1x or if 802 1x authentication fails the port will allow t...

Страница 789: ...Defaults If no options are specified multiple authentication station entries will be displayed for all MAC addresses and ports Example This example shows how to display multiple authentication station...

Страница 790: ...ype radius VLAN Tunnel Attr none Policy index 0 Policy name Administrator Session timeout 0 Session duration 0 00 00 25 Idle timeout 5 Idle time 0 00 00 00 Termination time Not Terminated show multiau...

Страница 791: ...hat address for the specified idle timeout period A value of zero indicates that no idle timeout will be applied unless an idle timeout value is provided by the authenticating server For example if a...

Страница 792: ...mple resets the idle timeout value for all authentication methods to 0 seconds C3 su clear multiauth idle timeout show multiauth session timeout Use this command to display the session timeout value i...

Страница 793: ...e authenticating server For example if a session is authenticated by a RADIUS server that server may encode a Session Timeout Attribute in its authentication response Example This example sets the ses...

Страница 794: ...y support multiple users per port The SecureStack C3 can support multiple users per port so the User IP phone application should only be used if you are integrating SecureStack C3s into a legacy deplo...

Страница 795: ...red to as dynamic VLAN assignment Please see section 3 31 of RFC 3580 for details on configuring a RADIUS server to return the desired tunnel attributes As stated in RFC 3580 it may be desirable to al...

Страница 796: ...authenticated ports for the VLANs returned in the RADIUS authorization filter id string Syntax set vlanauthorization egress none tagged untagged port string Parameters enable disable Enables or disabl...

Страница 797: ...string Parameters Defaults If no port string is entered all ports a will be reset to default configuration with VLAN authorization disabled and egress frames untagged Mode Switch command read write E...

Страница 798: ...n mode When the maptable response is set to tunnel mode the system will use the tunnel attributes in the RADIUS reply to apply a VLAN to the authenticating user and will ignore any Filter ID attribute...

Страница 799: ...iption When Policy Maptable Response is Both Hybrid authentication mode uses both Filter ID attributes and tunnel attributes To enable hybrid authentication mode use the set policy maptable command an...

Страница 800: ...and if VLAN authorization is enabled both globally and on the authenticating user s port If the tunnel attributes are present the specified VLAN will be applied to the authenticating user No VLAN to p...

Страница 801: ...d also the switch s maptable response setting that is whether the switch is in tunnel mode policy mode or hybrid authentication mode Syntax set policy maptable vlan list policy index response both pol...

Страница 802: ...page 26 49 Examples This example shows how to set the policy maptable response to both or hybrid authentication mode C3 rw set policy maptable response both This example shows how to configure a poli...

Страница 803: ...onfigured with MAC locking enabled The value n is configured with the set maclock firstarrival command The static method is defined to be statically provisioning a MAC port lock using the set maclock...

Страница 804: ...Static Max FirstArrival Last Violating Number Status Status Status Allocated Allocated MAC Address For information about Refer to page show maclock 26 58 show maclock stations 26 59 set maclock enabl...

Страница 805: ...Status Whether MAC lock trap messaging is enabled or disabled on the port For details on setting this status refer to set maclock trap on page 26 67 Aging Status Whether aging of FirstArrival MAC addr...

Страница 806: ...MAC locking defines which MAC addresses as well as how many MAC addresses are permitted to use specific port s Table 26 7 show maclock stations Output Details Output Field What It Displays Port Number...

Страница 807: ...ample This example shows how to disable MAC locking on ge 2 3 C3 su set maclock disable ge 2 3 set maclock Use this command to create a static MAC address to port locking and to enable or disable MAC...

Страница 808: ...d port ge 3 2 C3 rw set maclock 0e 03 ef d8 44 55 ge 3 2 create clear maclock Use this command to remove a static MAC address to port locking entry Syntax clear maclock mac address port string Paramet...

Страница 809: ...communicate on port ge 3 2 C3 rw clear maclock 0e 03 ef d8 44 55 ge 3 2 set maclock static Use this command to set the maximum number of static MAC addresses allowed per port Static MACs are administr...

Страница 810: ...he first arrival count will be reset every time a user moves to another port but will still protect against connecting multiple devices on a single port and will protect against MAC address spoofing p...

Страница 811: ...his command to enable or disable the aging of first arrival MAC addresses When enabled first arrival MAC addresses that are aged out of the forwarding database will be removed from the associated port...

Страница 812: ...e This example disables first arrival aging on port ge 1 1 C3 su clear maclock agefirstarrival ge 1 1 enable set maclock move Use this command to move all current first arrival MACs to static entries...

Страница 813: ...lock trap Use this command to enable or disable MAC lock trap messaging Syntax set maclock trap port string enable disable Parameters Defaults None Mode Switch command read write Usage When enabled th...

Страница 814: ...word the switch then authenticates the user via a preconfigured RADIUS server If the login is successful then the user will be granted full network access according to the user s policy configuration...

Страница 815: ...mmand output port string Optional Displays PWA information for specific port s Table 26 8 show pwa Output Details Output Field What It Displays PWA Status Whether or not port web authentication is ena...

Страница 816: ...n set pwa guestname on page 26 74 PWA Guest Password Guest user s password Default value of an empty string can be changed using the set pwa guestpassword command as described in set pwa guestpassword...

Страница 817: ...shows how to display the PWA login banner C3 su show pwa banner Welcome to Enterasys Networks set pwa banner Use this command to configure a string to be displayed as the PWA login banner Syntax set p...

Страница 818: ...hows how to reset the PWA login banner to a blank string C3 su clear pwa banner set pwa displaylogo Use this command to set the display options for the Enterasys Networks logo Syntax set pwa displaylo...

Страница 819: ...ocol Use this command to set the port web authentication protocol Syntax set pwa protocol chap pap Parameters Defaults None Mode Switch command read write Example This example shows how to set a the P...

Страница 820: ...pwa guestname name Parameters Defaults None Mode Switch command read write Example This example shows how to set the PWA guest user name to guestuser C3 su set pwa guestname guestuser clear pwa guestn...

Страница 821: ...e shows how to set the PWA guest user password name C3 su set pwa guestpassword Guest Password Retype Guest Password set pwa gueststatus Use this command to enable or disable guest networking for port...

Страница 822: ...ied all ports will be initialized Mode Switch command read write Example This example shows how to initialize ports ge 1 5 7 C3 su set pwa initialize ge 1 5 7 set pwa quietperiod Use this command to s...

Страница 823: ...a maxrequests requests port string Parameters Defaults If port string is not specified maximum requests will be set for all ports Mode Switch command read write Example This example shows how to set t...

Страница 824: ...mple This example shows how to display PWA session information C3 su show pwa session Port MAC IP User Duration Status ge 2 19 00 c0 4f 20 05 4b 172 50 15 121 pwachap10 0 14 46 55 active ge 2 19 00 c0...

Страница 825: ...kets on port 80 from the end user and sends the end user a refresh page destined for the PWA IP Address configured Syntax set pwa enhancedmode enable disable Parameters Defaults None Mode Switch comma...

Страница 826: ...atus of SSH on the switch Syntax show ssh status Parameters None Defaults None Mode Switch command read only Example This example shows how to display SSH status on the switch C3 su show ssh status SS...

Страница 827: ...ommand to reinitialize new SSH authentication keys Syntax set ssh hostkey reinitialize Parameters Defaults None Mode Switch command read write Example This example shows how to regenerate SSH keys C3...

Страница 828: ...nies ICMP UDP and IP frames based on restrictions configured with one of the access list commands For details on configuring standard access lists refer to access list standard on page 26 83 For detai...

Страница 829: ...ccess list number entryno entryno To insert or replace an ACL entry access list access list number insert replace entryno deny permit source source wildcard To move entries within an ACL access list a...

Страница 830: ...55 255 255 This example moves entry 16 to the beginning of ACL 22 C3 su router Config access list 22 move 1 16 access list extended Use this command to define an extended IP access list by number when...

Страница 831: ...are IP address or range of addresses A B C D any Any source host host source IP address of a single source host source wildcard Optional Specifies the bits to ignore in the source address eq port Opti...

Страница 832: ...at allows the host with IP address 88 255 255 254 to do an SSH remote login to any destination on TCP port 22 C3 su router Config access list 145 permit tcp host 88 255 255 254 any eq 22 This example...

Страница 833: ...example shows how to apply access list 1 for all inbound frames on the VLAN 1 interface Through the definition of access list 1 only frames with a source address on the 192 5 34 0 24 network will be r...

Страница 834: ...ip access group 26 88 Authentication and Authorization Configuration...

Страница 835: ...n RFC 1492 TACACS is defined in an un published and expired Internet Draft draft grant tacacs 02 txt The TACACS Protocol Version 1 78 January 1997 For detailed information about using TACACS in your n...

Страница 836: ...e connect state Disabled TACACS service exec TACACS session authorization A V pairs access level attribute value read only priv lvl 0 read write priv lvl 1 super user priv lvl 15 TACACS Server IP addr...

Страница 837: ...x show tacacs server index all TACACS singleconnect state Whether TACACS singleconnect is enabled or disabled When enabled the TACACS client sends multiple requests over a single TCP connection TACACS...

Страница 838: ...CS servers are configured by default When you do configure a TACACS server the default timeout value is 10 seconds index Display the configuration of the TACACS server identified by index The value of...

Страница 839: ...packets coming in for that user Since a task ID is associated with each accounting session if there is a failover to a backup server the accounting information will still be associated with the corre...

Страница 840: ...counting Parameters Defaults None Mode Switch command Read Only Examples This example shows how to display client session authorization information C3 ro show tacacs session authorization TACACS servi...

Страница 841: ...e authorized If the parameter values do not match the session will not be allowed accounting Specifies that TACACS session accounting is being configured enable disable Enables or disables TACACS sess...

Страница 842: ...orization settings to their default values Syntax clear tacacs session authorization service read only read write super user Parameters Defaults At least one of the session authorization parameters mu...

Страница 843: ...s command Use this command to enable or disable TACACS accounting or authorization on a per command basis Syntax set tacacs command accounting authorization enable disable Parameters Defaults None Mod...

Страница 844: ...ommand to display the current status of the TACACS client s ability to send multiple requests over a single TCP connection Syntax show tacacs singleconnect Parameters None Defaults None Mode Switch co...

Страница 845: ...ace Parameters None Defaults None Mode Switch mode read only Example This example displays the output of this command In this case the IP address assigned to loopback interface 1 will be used as the s...

Страница 846: ...e received on the configured interface If a loopback interface is configured and there are multiple paths to the application server the outgoing interface gateway is determined based on the best route...

Страница 847: ...27 13 None Defaults None Mode Switch command read write Example This command returns the interface used for the source IP address of the TACACS client back to the default of the Host interface C3 rw...

Страница 848: ...TACACS Configuration clear tacacs interface 27 14...

Страница 849: ...ters Version 5 of sFlow is described in detail in the document entitled sFlow Version 5 available from sFlow org http www sflow org Using sFlow in Your Network The advantages of using sFlow include sF...

Страница 850: ...acket flows and time based sampling of counters Table 28 1 sFlow Definitions Term Definition Data Source A Data Source refers to a location within a Network Device that can make traffic measurements P...

Страница 851: ...The primary objective of the counter sampling is to in an efficient way periodically export counters associated with Data Sources A maximum sampling interval is assigned to each sFlow Instance associa...

Страница 852: ...low receiver 1 owner enterasys timeout 180000 set sflow receiver 1 ip 192 168 16 91 configure packet sampling instances on ports 1 through 12 assign to sFlow Collector 1 set sflow port ge 1 1 12 sampl...

Страница 853: ...he Collectors configured on the switch If you specify an individual Collector by its index number additional information is displayed for that Collector Examples This example displays the sFlow Receiv...

Страница 854: ...with the set sflow receiver owner command Time Out The time remaining in seconds before the sampler or poller is released and stops sending samples to this receiver Collector The timeout value is conf...

Страница 855: ...the samplers and pollers associated with this Collector expire and are removed from the switch s configuration In order to start sending sample data to the Collector again the Collector must be recon...

Страница 856: ...ry 1 C3 su set sflow receiver 1 ip 10 10 10 10 set sflow receiver maxdatagram Use this command to set the maximum number of data bytes that can be sent in a single sample datagram Syntax set sflow rec...

Страница 857: ...r sflow receiver Use this command to delete a receiver Collector from the sFlow Receivers Table or to return certain parameters to their default values for the specified Collector Syntax clear sflow r...

Страница 858: ...nfigure poller instances on ports or data sources Syntax set sflow port port string poller index interval seconds Parameters Defaults The default interval value is 0 seconds which disables counter sam...

Страница 859: ...cleared from the switch s configuration Example The following example configures poller instances on ports ge 1 1 through ge 1 8 and associates them with receiver 1 Then a polling interval of 240 seco...

Страница 860: ...ifies that the polling interval should be cleared to 0 A value of 0 disables counter sampling port string Specifies the port or ports data sources on which the sampler instance is being configured ind...

Страница 861: ...t receiver are also cleared from the switch s configuration A maximum of 32 sampler instances can be configured per switch or stack of switches Example The following example configures sampler instanc...

Страница 862: ...nstance on port ge 1 1 C3 su clear sflow port ge 1 1 sampler set sflow interface Use this command to specify the interface used for the source IP address of the sFlow Agent when sending sampling datag...

Страница 863: ...on the configured interface If a loopback interface is configured and there are multiple paths to the application server the outgoing interface gateway is determined based on the best route lookup Pa...

Страница 864: ...3 rw show sflow interface loopback 1 192 168 10 1 clear sflow interface Use this command to clear the management interface used by the sFlow Agent back to the default of the Host VLAN Syntax clear sfl...

Страница 865: ...Use this command to display information about the sFlow Agent Syntax show sflow agent Parameters None Defaults None Mode Switch command read only Example This example displays the output of this comma...

Страница 866: ...sFlow Configuration show sflow agent 28 18...

Страница 867: ...A 1 Policy Capacities Feature Capacity Maximum policy roles profiles per system 15 Maximum number of unique rules per system 768 Maximum number of ether type rules 128 Maximum number of MAC rules 128...

Страница 868: ...be masked Table A 1 Policy Capacities Continued Feature Capacity Table A 2 Authentication Capacities Authentication Feature Capacity IEEE 802 1x dot1x authentication Supported MAC based authentication...

Страница 869: ...panning Tree port 9 40 D Defaults CLI behavior described 1 8 factory installed 1 2 DES encryption protocol 8 10 DHCP server configuring 16 1 DHCP snooping basic configuration 17 3 database 17 2 overvi...

Страница 870: ...s 20 30 networks 20 14 priority 20 15 redistribute 20 25 retransmit interval 20 17 timers 20 16 transmit delay 20 17 virtual links 20 24 20 31 OSPFv3 about 25 1 area configuration commands 25 10 confi...

Страница 871: ...Stub Areas 20 22 Syslog 14 1 System Information displaying basic 3 13 setting basic 3 9 T TACACS configuration 27 1 Technical Support xxxvii Telnet disconnecting 14 17 enabling in switch mode 3 37 Ter...

Страница 872: ...Index 4...

Результаты поиска

Содержание SECURESTACK C3

Отзывы:

Enterasys SECURESTACK C3, Руководство по настройке, Страница: 532 / 872

Результаты поиска

Содержание SECURESTACK C3

Отзывы: