Optionally, set the timeout period for aging learned MAC entries. show file directory/filename Delete a file. vii Enterasys Networks, Inc. Firmware License Agreement BEFORE OPENING OR UTILIZING THE ENCLOSED PRODUCT, . Getting Help The following icons are used in this guide: Note: Calls the readers attention to any item of information that may be of special importance. The port with the best path is selected as the root port. The information about Power over Ethernet (PoE) applies only to fixed switching platforms that provide PoE support. show mgmt-auth-notify 2. Optionally, configure a default distance, or preference, for static IPv6 routes that do not have a preference specified. Neighbor Discovery Overview Figure 13-3 Frame Format IEEE 802.3 LLDP frame format LLDP Ethertype Data + pad MAC address 88-CC LLDPDU FCS 6 octets 2 octets 1500 octets 4 octets DA SA LLDP_Multicast address 6 octets LLDPDU format Chassis ID TLV Port ID TLV (M) (M) Time to Live TLV (M) Optional TLV Configuring LLDP Maximum Frame Size Advertises the maximum supported 802.3 frame size of the sending station. User Authentication Overview password configured on the switch to the authentication server. Configuring VRRP then advertisements are sent every advertising interval to let other VRRP routers in this VRID know the router is still acting as master of the VRID. Firmware V ers ion . 0 advertisement address IP destination address for advertisements. Reset password settings to default values. Access Control Lists on the A4 A4(su)->router#configure Enter configuration commands: A4(su)->router(Config)#access-list 101 deny ip host 192.168.10.10 any A4(su)->router(Config)#access-list 101 deny ip host 164.108.20.20 host 164.20.40.40 A4(su)->router(Config)#access-list 101 ip permit host 148.12.111.1 any assignqueue 5 A4(su)->router(Config)#show access-lists 101 Extended IP access list 101 1: deny ip host 192.168.10.10 any 2: deny ip host 164.108.20.20 host 164.20.40.40 3: permit ip host 148.12.111. If no Filter-ID attributes are present, the default policy (if it exists) will be applied. Procedure 19-3 assumes VLANs have been configured and enabled with IP interfaces. IEEE 802. Port Configuration Overview Table 8-1 Displaying Port Status Task Command Display whether or not one or more ports are enabled for switching. 1 Use a DB9 male null-modem (laplink) cable. interface {vlan vlan-id | loopback loopbackid } 2. Neighbor Discovery Overview Figure 13-2 LLDP-MED LLDP-MED Network Connectivity Devices: Provide IEEE 802 network access to LLDP-MED endpoints (for example, L2/L3 switch) LLDP-MED Generic Endpoints (Class I): Basic participant endpoints in LLDP-MED (for example, IP communications controller) IP Network Infrastructure (IEEE 802 LAN) LLDP-MED Media Endpoints (Class ll): Supports IP media streams (for media gateways, conference bridges) LLDP-MED Communication Device Endpoints (Class III): Support IP comm. Refer to Procedure 4-3 on page 4-14 to configure the switch SNTP client for authentication. set linkflap threshold port-string threshold_value 5. 1.2 PC ge. You can also use the show commands described in Reviewing and Enabling Spanning Tree on page 15-20 to review information related to all Spanning Tree protocol activity. If privacy is not specified, no encryption will be applied. Policy Configuration Example Roles The example defines the following roles: guest Used as the default policy for all unauthenticated ports. Bridges A, B, C and D participate in VLAN 10. 20 IP Configuration This chapter provides general IPv4 routing configuration information. Review and define edge port status as follows: 1. User Authentication Overview Dynamic VLAN Assignment The RADIUS server may optionally include RADIUS tunnel attributes in a RADIUS Access-Accept message for dynamic VLAN assignment of the authenticated end system. Based on the exchanged BPDU information, the spanning tree algorithm selects one of the switches on the network as the root switch for the tree topology. This configuration requires a charging circuit to charge the DC capacitors of the modules in a controlled way. Functions and Features Supported on Enterasys Devices before their states are allowed to become forwarding. Revision Level Two octets in length. ipv6 route distance pref 3. Remote port mirroring involves configuration of the following port mirroring related parameters: 1. Managing Switch Configuration and Files Using an I-Series Memory Card The I3H-4FX-MEM and I3H-6TX-MEM IOMs provide a memory card slot where a small, separately-purchased memory card (I3H-MEM) may be inserted. Factory Default Settings Table 4-1 Default Settings for Basic Switch Operation (continued) Feature Default Setting Password history No passwords are checked for duplication. Add the virtual switch to the stack using the set switch member command. The process described in this section would be repeated on every device that is connected in the network to ensure that each device has a secure management VLAN. 9. The message is forwarded on all trusted interfaces in the VLAN. A feature exists to allow the creation of a single port LAG that is disabled by default. RIP is a distance-vector routing protocol for use in small networks it is not intended for complex networks. Attaches the port to the aggregator used by the LAG, and detaches the port from the aggregator when it is no longer used by the LAG. Configuring OSPF Areas Router 3(su)->router(Config-router)#area 0.0.0.1 stub no-summary Router 3(su)->router(Config-router)#area 0.0.0.1 default-cost 15 Router 5 Router 5(su)->router(Config)#router ospf 1 Router 5(su)->router(Config-router)#area 0.0.0.2 stub Router 5(su)->router(Config-router)#area 0.0.0.2 default-cost 15 Router 6 Router 6(su)->router(Config)#router ospf 1 Router 6(su)->router(Config-router)#area 0.0.0.2 stub Router 6(su)->router(Config-router)#area 0.0.0. P/N 9034174-01. . 4. To perform a TFTP or SFTP download: 1. sFlow Procedure Procedure 18-2 on page 18-14 provides the steps and commands to configure sFlow. This example assumes that you havent any preconfigured community names or access rights. Brand . set system power {redundant | nonredundant} redundant (default) The power available to the system equals the maximum output of the lowest rated supply (400W or 1200W). Configuration of static IGMP groups using the set igmpsnooping add-static on the fixed switches. 12 Configuring SNMP This chapter describes basic SNMP concepts, the SNMP support provided on Enterasys fixed stackable and standalone switches, and how to configure SNMP on the switches using CLI commands. set maclock agefirstarrival port-string enable Use either the set maclock agefirstarrival disable or clear maclock firstarrival commands to disable aging. To enable an interface, including VLAN, tunnel, and loopback interfaces, for IPv6 routing, in router interface configuration mode: Use the ipv6 address command to configure a global IPv6 address on an interface. Managing the Firmware Image Setting the Boot Firmware Use the show boot system command to display the image file currently configured to be loaded at startup. In the event any provision of this Agreement is found to be invalid, illegal or unenforceable, the validity, legality and enforceability of any of the remaining provisions shall not in any way be affected or impaired thereby, and that provision shall be reformed, construed and enforced to the maximum extent permissible. Boot up the switch. PIM-SM adopts RPF technology in the join/prune process. Security Mode Configuration Table 26-1 SNMP Commands Affected by Security Mode Settings (continued) Commands Access When Security Mode Setting Is: Normal C2 set/clear snmp targetaddr Read-Write Super User set/clear snmp notify Read-Write Super User set/clear snmp notifyfilter Read-Write Super User set/clear snmp notifyprofile Read-Write Super User Security Mode and User Authentication and Passwords The switch ensures that passwords are safeguarded during transit and while in storage using F. IPsec Configuration how to enable security audit logging. The console port on the manager switch remains active for out-of-band (local) switch management, but the console port on each member switch is deactivated. Ensuring that FTP/TFTP file transfers and firmware upgrades only originate from authorized file and configuration management servers. If you clear a license from a member unit in a stack while the master unit has a activated license, the status of the member will change to ConfigMismatch and its ports will be detached from the stack. Configuring MSTP Example 2: Configuring MSTP for Maximum Bandwidth Utilization This example illustrates the use of MSTP for maximum bandwidth utilization. 5. Each area has its own link-state database. A graft retransmission timer expires before a graft ACK is received. Router 4 is configured as an ASBR connected to a RIP autonomous system. (The ports are in the ConfigMismatch state.) Testing Network Connectivity Configuring Static Routes Procedure 20-3 lists the commands to configure a static route. Terms and Definitions 10-30 Configuring User Authentication. For example: A4(su)->show boot system Current system image to boot: a4-series_06.61.00.0026 Use the set boot system command to set the firmware image to be loaded at startup. Policy classification Classification rules are automatically enabled when created. The Filter-ID for that user is returned to the switch in the authentication response, and the authentication is validated for that user. If it is not a command issue you might want to check your tftp server. Configured channel, filter, and buffer information will be saved across resets, but not frames within the capture buffer. By default, all applications running on the Enterasys switch are allowed to forward Syslog messages generated at severity levels 6 through 1. Determines if the keys for trap doors do exist. Spanning Tree Basics string corresponding to the bridge MAC address. The policy VLAN will always be used unless an Ether type-to-VLAN classification rule exists and is hit. Refer to page. . Port Traffic Rate Limiting When a CoS is configured with an inbound rate limiter (IRL), and that IRL CoS is configured as part of a policy profile using the set policy profile command, CoS-based inbound rate limiting will take precedence over port rate limits set with set port ratelimit. Configuring Syslog Modifying Syslog Server Defaults Unless otherwise specified, the switch will use the default server settings listed in Table 14-4 for its configured Syslog servers: Table 14-4 Syslog Server Default Settings Parameter Default Setting facility local4 severity 8 (accepting all levels) descr no description applied port UDP port 514 Use the following commands to change these settings either during or after enabling a new server. . On I-Series only, display contents of memory card. Policies will be applied dynamically at authentication using a RADIUS authentication server and the Filter-ID attribute. This information is used to determine the module port type for port group. and extract firmware to any folder your tftp server will use. Understanding How VLANs Operate Shared Virtual Local Area Network (VLAN) Learning (SVL): Two or more VLANs are grouped to share common source address information. Untagged. provides a graphical interface to configure virtual machine policies Answer AB from COMPUTER E NETWORKS at Yildiz Teknik niversitesi Policy Configuration Overview Table 16-2 Policy Rule Traffic Descriptions/Classifications Traffic Classification Precedence Level Description macsource Classifies based on MAC source address. Optionally, enable single port LAGs on the device. [egress-vlans egressvlans] forbidden-vlans (Optional) Specifies the port to which this policy profile is applied should be added as forbidden to the egress list of the VLANs defined with this parameter. Up to 5 TACACS+ servers can be configured, with the index value of 1 having the highest priority. enable|disable EnablesordisablesClassofServiceontheswitch.Defaultstateis disabled. Note: You must be logged in to the Enterasys device with read-write access rights to use the commands shown in this procedure. Spanning Tree Basics Spanning Tree Basics This section provides you with a more detailed understanding of how the Spanning Tree operates in a typical network environment. Quality of Service Overview Additional port groups, up to eight (0 through 7) total, may be created by changing the port group value. Here is the Enterasys MST configs: C2 (rw)->show spantree mstilist Configured Multiple Spanning Tree Instances: 11 12 C2 (rw)->show spantree mstcfgid MST Configuration Identifier: Format Selector: 0 Configuration Name: LKS Revision Level: 1 Configuration Digest:c8:02:17:44:25:20:9e:ea:66:13:94:79:6a:f4:c5:96 C2 (rw)-> C2 (rw)->show spantree mstmap Policy Configuration Overview Examples This example assigns a rule to policy profile 3 that will filter Ethernet II Type 1526 frames to VLAN 7: C5(su)->set policy rule 3 ether 1526 vlan 7 This example assigns a rule to policy profile 5 that will forward UDP packets from source port 45: C5(su)->set policy rule 5 udpsourceport 45 forward This example assigns a rule to policy profile 1 that will drop IP source traffic from IP address 1.2.3.4, UDP port 123. The stackable fixed switch and standalone fixed switch devices support MAC-based authentication. Configuring IGMP Table 19-3 Layer 2 IGMP Configuration Commands Task Command Enable or disable IGMP on the system.