1 Use a DB9 male null-modem (laplink) cable. sFlow 18-16 Configuring Network Monitoring. If no Filter-ID attributes are present, the default policy (if it exists) will be applied. Some of these steps are also covered in Chapter 1, Setting Up a Switch for the First Time. For PIM, you must also configure a unicast routing protocol, such as OSPF. When console-only access is configured, all TCP SYN packets and UDP packets are dropped, with the exception of UDP packets sent to the DHCP Server or DHCP Client ports. When flood control is enabled on a port, incoming traffic is monitored over one second intervals. 3. The final tie breaker is the receiving port ID. Configuring MSTP Defining Edge Port Status By default, edge port status is disabled on all ports. Disable Telnet inbound while leaving Telnet outbound enabled, and show the current state. Use the passive-interface command in router configuration command mode to configure an interface as passive or to set passive as the default mode of operation for all interfaces. and extract firmware to any folder your tftp server will use. Though it is possible to configure policy from the CLI, CLI policy configuration in even a small network can be prohibitively complex from an operational point of view. The console port on the manager switch remains active for out-of-band (local) switch management, but the console port on each member switch is deactivated. By default, Syslog server is globally enabled, with no IP addresses configured, at a severity level of 8. Display the status of edge port detection: show spantree autoedge 2. Enable or disable MAC authentication globally on the device. The Extreme switch does not use it and does not assert CTS. . Removing Units from an Existing Stack If the running stack uses a daisy chain topology, make the stack cable connections from the bottom of the stack to the new unit (that is, STACK DOWN port from the bottom unit of the running stack to the STACK UP port on the new unit). Table 26-11 on page 21 lists the commands to manage DHCP snooping. Using the all parameter will display all default and non-default configuration settings. 1. Configuring OSPF Interfaces OSPF is disabled by default and must be enabled on routing interfaces with the ip ospf enable command in interface configuration mode. . Spanning Tree Basics RSTP Operation RSTP optimizes convergence by significantly reducing the time to reconfigure the networks active topology when physical topology or configuration parameter changes occur. Do you want to continue (y/n) [n]? DHCP Configuration C5(su)->router(Config)#exit C5(su)->router#exit C5(su)->router>exit C5(su)->set dhcp enable C5(su)->set dhcp pool autopool2 network 6.6.0.0 255.255.0.0 Managing and Displaying DHCP Server Parameters Table 4-6 lists additional DHCP server tasks. set arpinspection vlan vlan-range [logging] 3. Syslog Components and Their Use Table 14-1 describes the Enterasys implementation of key Syslog components. Refer to page Policy Configuration Overview Identifying and restricting routing to legitimate routing IP addresses to prevent DoS, spoofing, data integrity and other routing related security issues. Optionally, choose to discard tagged or untagged, (or both) frames on selected ports. A6500-RC EMERSON16-Channel Output Relay, EMERSON, ACS880 frame size R8i inverter modules can be connected to the drive DC bus through a disconnector (or fuse-switch). Refer to page Configuring SNMP doorstep. Licensing Advanced Features When adding a new unit to an existing stack, the ports on a switch lacking a licensed feature that has been enabled on the master will not pass traffic until the license has been enabled on the added switch. A numeric and mnemonic value for each application is listed with the severity level at which logging has been configured and the server(s) to which messages will be sent. To connect to the console port: 1. Audited, designed, integrated, configured and tested LAN and WAN equipment such as Enterasys, juniper, alcatelvb switches, Routers. installation and programing guide and user manuals. set-request Stores a value in a specific variable. Set the primary, and optionally the secondary, IPv4 address for this interface, in interface configuration command mode. Configuring SNMP enterasys(su)->set snmp view viewname RW subtree 0.0 enterasys(su)->set snmp view viewname RW subtree 1.3.6.1.6.3.13.1 excluded enterasys(su)->set snmp targetparams TVv1public user public security-model v1 message processing v1 enterasys(su)->set snmp targetaddr TVTrap 10.42.1.10 param TVv1public taglist TVTrapTag enterasys(su)->set snmp notify TVTrap tag TVTrapTag Adding to or Modifying the Default Configuration By default, SNMPv1 is configured on Enterasys switches. Set the Tunnel-Private-Group-ID attribute parameters as follows: Type: Set to 81 for Tunnel-Private-Group-ID RADIUS attribute Length: Set to a value greater than or equal to 3. Type8tosettheswitchbaudrateto115200.Thefollowingmessagedisplays: Usethiscommandtodisplaythesystemconfigurationorwritetheconfigurationtoafile. Table 11-3 lists link aggregation parameters and their default values. 3. Understanding and Configuring Loop Protect Figure 15-15 Basic Loop Protect Scenario Figure 15-16 shows that, without Loop Protect, a failure could be as simple as someone accidentally disabling Spanning Tree on the port between Switch 2 and 3. Tabl e 268providesanexplanationofthecommandoutput. A code example follows the procedure. ARP poisoning is a tactic where an attacker injects false ARP packets into the subnet, normally by broadcasting ARP responses in which the attacker claims to be someone else. SSH Overview Configuring Telnet Procedure 4-8 Configuring Telnet Step Task Command(s) 1. By default, RIP version 2 supports automatic route summarization, which summarizes sub-prefixes to the classful network boundary when crossing network boundaries. A team player who has worked on-site in 6 different countries ranging from Saudi Arabia to Cuba. Enabling IGMP globally on the device and on the VLANs. Notice Enterasys Networks reserves the right to make changes in specifications and other information contained in this document and its web site without prior notice. Fiber ports always have a status of MDIX. User Manuals, Guides and Specications for your Enterasys C5K175-24 Switch. Policies will be applied dynamically at authentication using a RADIUS authentication server and the Filter-ID attribute. Managing IPv6 25-1 IPv6 Routing Configuration 25-3 IPv6 Neighbor Discovery 25-11 DHCPv6 Configuration 25-14 Managing IPv6 At the switch command level, you can: Enable or disable the IPv6 management function Configure the IPv6 host and default gateway addresses Monitor network connectivity By default, IPv6 management is disabled. Note: For security, you may wish to disable Telnet and only use SSH. Note: Priority mode and weight cannot be configured on LAGs, only on the physical ports that make up the LAG. The switch can enforce a password aging interval on a per-user basis (set system login aging). You can use the following commands to review and, if necessary, change the edge port detection status on the device and the edge port status of Spanning Tree ports. A stub area can be configured such that the ABR is prevented from sending type 3 summary LSAs into the stub area using the no-summary option. Weighted fair queuing assures that each queue will get at least the configured percentage of bandwidth time slices. 2. 1. To determine if all these elements are in place, the SNMP agent processes a device configuration as follows: 1. Optionally, enable the aging of first arrival MAC addresses on a port or ports. show mac [address mac-address] [fid fid] [port port-string] [type {other | learned | self | mgmt | mcast}] 2. This sets the port VLAN ID (PVID). Refer to the CLI Reference for your platform for command details. Configuring PIM-SM Figure 19-6 PIM-SM Configuration VLAN 9 172.2.2/24 Router R2 VLAN 3 VLAN 5 VLAN 7 VLAN 2 172.2.4/24 VLAN 8 172.1.2/24 Router R1 172.1.1/24 Router R4 172.4.4/24 172.3.4/24 172.1.3/24 VLAN 4 VLAN 6 Router R3 172.3.3/24 VLAN 10 Routers R1 and R4 Configuration On Router R1, at the switch level, IGMP snooping is enabled globally and on the ports connected to hosts. MAC Locking If a connected end station exceeds the maximum values configured with the set maclock firstarrival and set maclock static commands (a violation). User Authentication Overview Multi-User Authentication Multi-user authentication provides for the per-user or per-device provisioning of network resources when authenticating. MACs are unlocked as a result of: A link down event When MAC locking is disabled on a port When a MAC is aged out of the forwarding database when FirstArrival aging is enabled When properly configured, MAC locking is an excellent security tool as it prevents MAC spoofing on configured ports. For an IPv6 ACLs, the following protocols can be specified in a rule: Any IPv6 protocol Transmission Control Protocol (TCP) User Datagram Protocol (UDP) IPv6 Internet Control Message Protocol (ICMPv6) TCP and UDP rules can match specific source and destination ports. Configuration Procedures 22-20 Configuring OSPFv2. Example PoE Configuration A PoE-compliant G-Series device is configured as follows: One 400W power supply is installed. Port Traffic Rate Limiting When a CoS is configured with an inbound rate limiter (IRL), and that IRL CoS is configured as part of a policy profile using the set policy profile command, CoS-based inbound rate limiting will take precedence over port rate limits set with set port ratelimit. RMON Users You can display information about the active console port or Telnet session(s) logged in to the switch. Optionally, save the configuration to a backup file named myconfig in the configs directory and copy the file to your computer using TFTP. Administratively configuring a VLAN on an 802. Thefollowingtabledescribestheoutputofthiscommand. 1 Setting Up a Switch for the First Time This chapter describes how to configure an Enterasys stackable or standalone Fixed Switch received from the factory that has not been previously configured. The Class of Service capability of the device is implemented by a priority queueing mechanism. SpanGuard helps protect against Spanning Tree Denial of Service (DoS) SpanGuard attacks as well as unintentional or unauthorized connected bridges, by intercepting received BPDUs on configured ports and locking these ports so they do not process any received packets. Lockout is configured at the system level, not at the user account level. CoS Hardware Resource Configuration 1.0 4 irl none 1.0 5 irl none 1.0 6 irl none 1.0 7 irl none 1.0 8 irl none 1.0 9 irl none 1.0 10 irl none 1.0 95 irl none 1.0 96 irl none 1.0 97 irl none 1.0 98 irl none 1.0 99 irl none Use the show cos port-resource irl command to display the data rate and unit of the rate limiter for port 1.0: System(su)->show cos port-resource irl 1. In order to provide a default set of network resources to communicate over HTTP, policy must be set to only allow DHCP, ARP, DNS, and HTTP. Spanning TreeConfiguration Guide Supermicro L2/L3 Switches Configuration Guide 5 Spanning tree enabled switches exchange spanning tree protocol messages (BPDU) to form a loop-free topology. Configuring Syslog Displaying Current Application Severity Levels To display logging severity levels for one or all applications currently running on your device: show logging application {mnemonic|all} Example This example shows output from the show logging application all command. Switch (config-if)#ip address {your ip address} {mask} Switch (config-if)#no shutdown Configuration of default gateway takes place in the configuration mode and the command does not include the mask for the ip. Display current IPv6 management status. CoS Hardware Resource Configuration Figure 17-5 Rate Limiting Clipping Behavior Flood Control CoS-based flood control is a form of rate limiting that prevents configured ports from being disrupted by a traffic storm, by rate limiting specific types of packets through those ports. Create an SNMPv3 user and specify authentication, encryption, and security credentials. Therefore, a value of 7 is given the highest priority. Caution: Contains information essential to avoid damage to the equipment. On all switching devices, the default Spanning Tree version is set to MSTP (802.1s) mode. Enabling DVMRP globally on the device and on the VLANs. Configuring PIM-SM Table 19-8 DVMRP Show Commands Task Command Display DVMRP routing information, neighbor information, or DVMRP enable status. Table 26-3 show macauthentication Output Details. Creates a user policy profile that uses the user VLAN. As soon as a rule is matched, processing of the access list stops. If it is not, then the sending device proceeds no further. Frames will egress as tagged. 16 Configuring Policy This chapter provides an overview of Enterasys policy operation, describes policy terminology, and explains how to configure policy on Fixed Switch platforms using the CLI. Type "Show version" from the prompt. Determine an appropriate policy best suited for the use of that device on your network. Downloading Firmware via the Serial Port Boot Menu Version 06.61.xx 12-09-2011 Options available 1 - Start operational code 2 - Change baud rate 3 - Retrieve event log using XMODEM (64KB). Any router with a priority of 0 will opt out of the DR election process. When a Packet Flow Sample is generated, the sFlow Agent examines the list of counter sources and adds counters to the sample datagram, least recently sampled first. Configuring IRDP The following code example enables IRDP on VLAN 10, leaving all default values, and then shows the IRDP configuration on that VLAN. 1.6 IP-PBX Info x.x.x.x x.x.x.x x.x.x.x Info x.x.x.x x.x.x.x x.x.x.x x.x.x. Understanding and Configuring SpanGuard How Does It Operate? SSH Overview on page 4-24 Configure the Dynamic Host Configuration Protocol (DHCP) server. Table 3-1 Basic Line Editing Commands Key Sequence Command Ctrl+A Move cursor to beginning of line. Firewalls Fortigate, Netscreen and Stonegate configuration. Uses information from the partner devices link aggregation control entity to decide whether to aggregate ports. Configuring Link Aggregation The virtual link aggregation ports continue to be designated as lag.0.x, where x can range from 1 to 24, depending on the maximum number of LAGs configured. Advanced Configuration Overview Procedure 4-1 contains the steps to assign an IP address and configure basic system parameters. Database contains 1 Enterasys C5K175-24 Manuals (available for free online viewing or Page 1 Matrix V-Series V2H124-24P Fast Ethernet Switch Hardware . Systems incident management. Procedure 19-3 assumes VLANs have been configured and enabled with IP interfaces. Procedure 5-1 Creating a New Read-Write or Read-Only User Account Step Task Command(s) 1. Ctrl+F Move cursor forward one character. Spanning Tree Basics Spanning Tree Basics This section provides you with a more detailed understanding of how the Spanning Tree operates in a typical network environment. Set to 30 seconds for non-broadcast networks. Use the disconnect command to close a console or Telnet session. Testing Network Connectivity Configuring Static Routes Procedure 20-3 lists the commands to configure a static route. In the shared LAN example it may take over as designated port if the original designated port is disabled. SEVERABILITY. priority Sets which ports continue to receive power in a low power situation. show config [all | facility | memcard] Display the contents of a file located in the configs or logs directory. See Configuring OSPF Areas on page 22-8 for additional discussion of OSPF area configuration. Configuring SNMP Configuring SNMPv1/SNMPv2c Creating a New Configuration Procedure 12-1 shows how to create a new SNMPv1 or SNMPv2c configuration. To create and enable a port mirroring instance: 1. Supervise the activation of network interfaces on access switches, support the default . Policy Configuration Example A CoS of 8 Create a policy role that applies a CoS 8 to data VLAN 10 and configures it to rate-limit traffic to 200,000 kbps with a moderate priority of 5. 13 Configuring Neighbor Discovery This chapter describes how to configure the Link Layer Discovery Protocol (LLDP), the Enterasys Discovery Protocol, and the Cisco Discovery Protocol on Enterasys fixed stackable and standalone switches. Refer to the CLI Reference for your platform for details about the commands listed below. Policy Configuration Example Policy Configuration Example This section presents a college-based policy configuration example. 15 Configuring Spanning Tree This chapter provides the following information about configuring and monitoring the Spanning Tree protocol on Enterasys stackable and standalone fixed switches. Understanding and Configuring Loop Protect Communicating port non-forwarding status through traps and syslog messages Disabling a port based on frequency of failure events Port Modes and Event Triggers Ports work in two Loop Protect operational modes. Figure 16-1 displays an illustration of the policy configuration of a example infrastructure. 3. For multiple user 802.1x authentication or any non-802.1x authentication, set the system authentication mode to use multiple authenticators simultaneously. If the running stack uses a ring stack topology, break the ring and make the stack cable connections to the new unit to close the ring. The creation of additional port groups could be used to combine similar ports by their function for flexibility. After authentication succeeds, the user or device gains access to the network based upon the policy information returned by the authentication server in the form of the RADIUS Filter-ID attribute, or the static configuration on the switch. Configuring OSPF Areas injected into the stub area to enable other stub routers within the stub area to reach any external routes that are no longer inserted into the stub area. for me it was ge.1.x. Enabling the multicast protocol(s) on configured interfaces. set port discard port-string {tagged | untagged | none | both} 8. Refer to RFC 1157 for a full description of functionality. set mac agetime time 4. Using Multicast in Your Network 1. Table 11-2 show policy rule Output Details. Refer to the CLI Reference for your platform for details about the commands listed below. . Optionally, enable single port LAGs on the device. DHCP Configuration Table 4-7 Default DHCP Server Parameters Parameter Description Default Value Number of ping packets Specifies the number of ping packets the DHCP server sends to an IP address before assigning the address to a requesting client 2 packets Configuring DHCP IP Address Pools This section provides procedures for the basic configuration of automatic (dynamic) and manual (static) IP address pools, as well as a list of the commands to configure other optional pool parameters. Quality of Service (QoS) configuration on Enterasys switches is usually done via policies. Factory Default Settings Table 4-1 Default Settings for Basic Switch Operation (continued) Feature Default Setting Spanning Tree topology change trap suppression Enabled. After the stack has been configured, you can use the show switch unit command to physically identify each unit. Spanning Tree Basics string corresponding to the bridge MAC address. RSTP bridges receiving MSTP BPDUs interpret them as RSTP BPDUs. Stackable Switches Configuration Guide Firmware Version 1.1.xx P/N 9034314-05. i Notice Enterasys Networks reserves the right to make changes in specifications and other information contained in this document and its web site without prior notice. What stations (end users, servers, etc. Table 9-1 Default VLAN Parameters Parameter Description Default Value garp timers Configures the three GARP timers. VLAN Support on Enterasys Switches If a unicast untagged frame is received on Port 5, it would be classified for VLAN 50. MST region An MSTP group of devices configured together to form a logical region. Boot up the switch. then assign the ports you want in each vlan. To perform a TFTP or SFTP download: 1. The physical ports will initially retain admin key defaults. @ # $ % ^ & * () ? Per Port: Enabled. Create a new read-write or read-only user login account and enable it. Optionally, set the GARP join, leave, and leaveall timer values. Strong analytical and problem solving skills. Packets sent to 172.111.1.1/16 would go to Router R2. Basic OSPF Topology Configuration 1. Configuring IPv4 ACLs Procedure 24-1 describes how to configure IPv4 standard and extended ACLs. enterasys handles ingress and egress separately. Configuration Guide. IP Broadcast Settings specific network or subnet. For example: C5(su)->dir Images: ================================================================== Filename: c5-series_06.42.06.0008 Version: 06.42.06. The terminology associated with CoS configuration is introduced in Table 17-1.