Specifications

ManualsBrandsEnterasys ManualsComputer equipment2H23-50R

Matrix E1 Series

(1G58x-09 and 1H582-xx)

Configuration Guide

Firmware Version 3.07.xx

P/N 9033755-22

Summary of content (808 pages)

PAGE 1
Matrix E1 Series (1G58x-09 and 1H582-xx) Configuration Guide Firmware Version 3.07.
PAGE 2
PAGE 3
NOTICE Enterasys Networks reserves the right to make changes in specifications and other information contained in this document and its web site without prior notice. The reader should in all cases consult Enterasys Networks to determine whether any such changes have been made. The hardware, firmware, or software described in this document is subject to change without notice.
PAGE 4
ENTERASYS NETWORKS, INC. FIRMWARE LICENSE AGREEMENT BEFORE OPENING OR UTILIZING THE ENCLOSED PRODUCT, CAREFULLY READ THIS LICENSE AGREEMENT. This document is an agreement (“Agreement”) between the end user (“You”) and Enterasys Networks, Inc.
PAGE 5
3. APPLICABLE LAW. This Agreement shall be interpreted and governed under the laws and in the state and federal courts of the Commonwealth of Massachusetts without regard to its conflicts of laws provisions. You accept the personal jurisdiction and venue of the Commonwealth of Massachusetts courts. None of the 1980 United Nations Convention on the Limitation Period in the International Sale of Goods, and the Uniform Computer Information Transactions Act shall apply to this Agreement. 4. EXPORT RESTRICTIONS.
PAGE 6
8. AUDIT RIGHTS. You hereby acknowledge that the intellectual property rights associated with the Program are of critical value to Enterasys, and, accordingly, You hereby agree to maintain complete books, records and accounts showing (i) license fees due and paid, and (ii) the use, copying and deployment of the Program.
PAGE 7
Contents Figures .........................................................................................................................................xxv Tables......................................................................................................................................... xxvii ABOUT THIS GUIDE Using This Guide......................................................................................................... xxix Structure of This Guide ...................................
PAGE 8
Contents 3.1.6.3 3.2 vi Logging in With an Administratively Configured User Account ............................................................. 3-16 3.1.6.4 Using a Telnet Connection ........................................ 3-16 3.1.7 Getting Help with CLI Syntax ........................................................ 3-18 3.1.8 Displaying Scrolling Screens ........................................................ 3-19 3.1.9 Basic Line Editing Commands .................................................
PAGE 9
Contents 3.2.3 3.3 Downloading a Firmware Image ................................................... 3-50 3.2.3.1 Downloading via the Serial Port ................................ 3-50 3.2.3.2 Downloading via TFTP .............................................. 3-51 3.2.4 Configuring Telnet......................................................................... 3-54 3.2.4.1 show telnet ................................................................ 3-54 3.2.4.2 set telnet .................................
PAGE 10
Contents 4 PORT CONFIGURATION 4.1 4.2 4.3 viii Port Configuration Summary........................................................................... 4-1 4.1.1 Port Assignment Scheme ............................................................... 4-1 4.1.2 Port String Syntax Used in the CLI ................................................. 4-4 Process Overview: Port Configuration ............................................................ 4-6 Port Configuration Command Set .............................
PAGE 11
Contents 4.3.9 4.3.10 4.3.11 4.3.12 4.3.13 4.3.14 4.3.15 5 Setting Port Mirroring .................................................................... 4-43 4.3.9.1 show port mirroring.................................................... 4-43 4.3.9.2 set port mirroring ....................................................... 4-44 4.3.9.3 clear port mirroring .................................................... 4-45 Configuring Link Aggregation........................................................
PAGE 12
Contents 5.2.2 5.2.3 5.2.4 5.2.5 5.2.6 5.2.7 x 5.2.1.2 set snmp ...................................................................... 5-6 5.2.1.3 show snmp engineid.................................................... 5-6 5.2.1.4 show snmp counters.................................................... 5-7 Configuring SNMP Users, Groups and Communities ................... 5-14 5.2.2.1 show snmp user ........................................................ 5-15 5.2.2.2 set snmp user ....................
PAGE 13
Contents 5.2.8 6 5.2.7.9 show snmp notifyfilter ................................................ 5-56 5.2.7.10 set snmp notifyfilter.................................................... 5-57 5.2.7.11 clear snmp notifyfilter................................................. 5-58 5.2.7.12 show snmp notifyprofile ............................................. 5-59 5.2.7.13 set snmp notifyprofile................................................. 5-60 5.2.7.14 clear snmp notifyprofile.............................
PAGE 14
Contents 6.2.2 xii 6.2.1.28 set spantree autoedge............................................... 6-28 6.2.1.29 clear spantree autoedge............................................ 6-28 6.2.1.30 show spantree legacypathcost .................................. 6-29 6.2.1.31 set spantree legacypathcost...................................... 6-29 6.2.1.32 clear spantree legacypathcost................................... 6-30 6.2.1.33 show spantree tctrapsuppress................................... 6-30 6.2.1.
PAGE 15
Contents 7 802.1Q VLAN CONFIGURATION 7.1 7.2 7.3 VLAN Configuration Summary ........................................................................ 7-1 7.1.1 Port Assignment Scheme ............................................................... 7-1 7.1.2 Port String Syntax Used in the CLI ................................................. 7-1 Process Overview: 802.1Q VLAN Configuration............................................. 7-2 VLAN Configuration Command Set .......................................
PAGE 16
Contents 7.3.8 8 POLICY CLASSIFICATION CONFIGURATION 8.1 8.2 8.3 9 Policy Classification Configuration Summary.................................................. 8-1 Process Overview: Policy Classification Configuration ................................... 8-1 Policy Classification Configuration Command Set .......................................... 8-2 8.3.1 Configuring Policy Profiles .............................................................. 8-2 8.3.1.1 show policy profile ........................
PAGE 17
Contents 9.3 10 Port Priority and Classification Configuration Commands .............................. 9-4 9.3.1 Configuring Port Priority.................................................................. 9-4 9.3.1.1 show port priority ......................................................... 9-5 9.3.1.2 set port priority............................................................. 9-5 9.3.1.3 clear port priority.......................................................... 9-6 9.3.
PAGE 18
Contents 10.2.3 10.3 11 LOGGING AND SWITCH NETWORK MANAGEMENT 11.1 11.2 xvi Reviewing IGMP Groups .............................................................. 10-7 10.2.3.1 show igmp groups ..................................................... 10-7 10.2.4 Configuring IGMP VLAN Registration........................................... 10-9 10.2.4.1 show igmp mode ....................................................... 10-9 10.2.4.2 set igmp mode vlan .................................................
PAGE 19
Contents 11.2.4 11.2.5 11.2.6 11.2.3.2 set arp...................................................................... 11-35 11.2.3.3 clear arp................................................................... 11-36 11.2.3.4 show rad .................................................................. 11-37 11.2.3.5 set rad...................................................................... 11-38 11.2.3.6 show mac ................................................................ 11-38 11.2.3.7 set mac ...
PAGE 20
Contents 11.2.6.2 11.2.6.3 11.2.6.4 11.2.6.5 11.2.6.6 11.2.6.7 11.2.6.8 11.2.6.9 11.2.6.10 11.2.6.11 12 IP CONFIGURATION 12.1 12.2 xviii set cep ..................................................................... 11-76 set cep port.............................................................. 11-77 set cep policy........................................................... 11-77 set cep detection ..................................................... 11-78 set cep detection type.........................
PAGE 21
Contents 12.2.5.6 12.2.5.7 12.2.5.8 12.2.5.9 13 ip route..................................................................... 12-33 ip icmp ..................................................................... 12-34 ping.......................................................................... 12-35 traceroute ................................................................ 12-36 ROUTING PROTOCOL CONFIGURATION 13.1 Process Overview: Routing Protocol Configuration ......................................
PAGE 22
Contents 13.1.3 13.1.4 13.1.5 xx 13.1.2.12 ip ospf message digest key md5 ............................. 13-38 13.1.2.13 distance ospf ........................................................... 13-39 13.1.2.14 area range ............................................................... 13-40 13.1.2.15 area authentication .................................................. 13-41 13.1.2.16 area stub.................................................................. 13-42 13.1.2.17 area default cost .........
PAGE 23
Contents 14 SECURITY CONFIGURATION 14.1 14.2 14.3 Overview of Security Methods ...................................................................... 14-1 Process Overview: Security Configuration.................................................... 14-2 Security Configuration Command Set........................................................... 14-3 14.3.1 Configuring RADIUS ..................................................................... 14-3 14.3.1.1 show radius ...................................
PAGE 24
Contents 14.3.5 14.3.6 xxii 14.3.4.9 clear maclock static ................................................. 14-53 14.3.4.10 show maclock autostatic.......................................... 14-54 14.3.4.11 set maclock autostatic ............................................. 14-55 14.3.4.12 set maclock autostatic isl......................................... 14-56 14.3.4.13 set maclock autostatic publicvlan ............................ 14-57 14.3.4.14 set maclock autostatic publicmac .....................
PAGE 25
Contents 14.3.7 14.4 Configuring Access Lists............................................................. 14-89 14.3.7.1 show access-lists..................................................... 14-89 14.3.7.2 access-list (standard) .............................................. 14-90 14.3.7.3 access-list (extended).............................................. 14-92 14.3.7.4 ip access-group ....................................................... 14-96 14.3.8 Configuring Denial of Service Prevention ......
PAGE 26
Contents xxiv Matrix E1 Series (1G58x-09 and 1H582-xx) Configuration Guide
PAGE 27
Figures 2-1 2-2 2-3 3-1 3-2 3-3 3-4 3-5 3-6 3-7 4-1 4-2 4-3 4-4 5-1 7-1 9-1 Connecting an IBM PC or Compatible Device ........................................................................ 2-3 Connecting a VT Series Terminal ............................................................................................. 2-4 Connecting to a Modem.............................................................................................................. 2-6 Sample Command Default Description ...............
PAGE 28
Figures xxvi Matrix E1 Series (1G58x-09 and 1H582-xx) Configuration Guide
PAGE 29
Tables Table 3-1 3-2 3-3 3-4 3-5 3-6 3-7 3-8 3-9 3-10 4-1 4-2 4-3 4-4 4-5 4-6 4-7 4-8 5-1 5-2 5-3 5-4 5-5 5-6 5-7 5-8 5-9 5-10 5-11 5-12 5-13 6-1 7-1 7-2 7-3 Page Default Device Settings for Basic and Switch Mode Operation ........................................ 3-1 Default Device Settings for Router Mode Operation........................................................... 3-6 Basic Line Editing Commands..............................................................................................
PAGE 30
Tables 7-4 7-5 8-1 8-2 8-3 9-1 9-2 10-1 10-2 11-1 11-2 11-3 11-4 11-5 11-6 11-7 11-8 12-1 12-2 12-3 13-1 13-2 13-3 13-4 13-5 13-6 14-1 14-2 14-3 14-4 14-5 14-6 14-7 14-8 14-9 xxviii Command Set for Creating a Secure Management VLAN .............................................. 7-41 show gvrp configuration Output Details .............................................................................. 7-46 show policy profile Output Details....................................................................
PAGE 31
About This Guide Welcome to the Enterasys Networks Matrix E1 (1G58x-09 and 1H582-xx) Configuration Guide. This manual explains how to access the devices’ Command Line Interface (CLI) and how to use it to configure the Matrix E1 1G58x-09 and 1H582-xx switch/router devices. Important Notice Depending on the firmware version used in the Matrix E1 device, some features described in this document may not be supported.
PAGE 32
Structure of This Guide STRUCTURE OF THIS GUIDE The guide is organized as follows: Chapter 1, Introduction, provides an overview of the tasks that can be accomplished using the CLI interface, an overview of local management requirements, and information about obtaining technical support. Chapter 2, Management Terminal and Modem Setup Requirements, describes how to configure and connect a management terminal or a modem to the Matrix E1 device.
PAGE 33
Related Documents Chapter 9, Port Priority and Classification Configuration, describes how to set the transmit priority of each port, display the current traffic class mapping-to-priority of each port, set ports to either transmit frames according to selected priority transmit queues or percentage of port transmission capacity for each queue, assign transmit priorities according to protocol types, and configure a rate limit for a given port and list of priorities.
PAGE 34
Document Conventions DOCUMENT CONVENTIONS This guide uses the following conventions: ROUTER: Calls the reader’s attention to router-specific commands and information. NOTE: Calls the reader’s attention to any item of information that may be of special importance. CAUTION: Contains information essential to avoiding damage to the equipment and/or network connectivity problems.
PAGE 35
Typographical and Keystroke Conventions n.nn A period in numerals signals the decimal point indicator (e.g., 1.75 equals one and three fourths). Or, periods used in numerals signal the decimal point in Dotted Decimal Notation (DDN) (e.g., 000.000.000.000 in an IP address). x A lowercase italic x indicates the generic use of a letter (e.g., xxx indicates any combination of three alphabetic characters). n A lowercase italic n indicates the generic use of a number (e.g.
PAGE 36
Typographical and Keystroke Conventions xxxiv Matrix E1 Series (1G58x-09 and 1H582-xx) Configuration Guide
PAGE 37
1 Introduction This chapter provides an overview of the tasks that may be accomplished using the Matrix E1 1G58x-09 and 1H582-xx CLI interface, an introduction to in-band and out-of-band network management, and information on how to contact Enterasys Networks for technical support. Important Notice Depending on the firmware version used in the Matrix E1 1G58x-09 or 1H582-xx device, some features described in this document may not be supported.
PAGE 38
Overview • Clear NVRAM. • Set 802.1Q VLAN memberships and port configurations. • Redirect frames according to port or VLAN and transmit them on a preselected destination port. • Configure the device to operate as a Generic Attribute Registration Protocol (GARP) device to dynamically create VLANs across a switched network. • Configure the device to dynamically switch frames according to a characteristic rule and VLAN. • Configure Spanning Trees.
PAGE 39
Getting Help 1.2 GETTING HELP For additional support related to this device or document, contact Enterasys Networks using one of the following methods: World Wide Web Phone Internet mail www.enterasys.com/support/ 1-800-872-8440 (toll-free in U.S. and Canada) or 1-978-684-1000 For the Enterasys Networks Support toll-free number in your country: http://www.enterasys.com/services/support/contact support@enterasys.com To expedite your message, type [E-SERIES] in the subject line.
PAGE 40
Getting Help 1-4 Matrix E1 Series (1G58x-09 and 1H582-xx) Configuration Guide
PAGE 41
2 Management Terminal and Modem Setup Requirements This chapter provides information about connecting a terminal or modem to the device’s console port. NOTE: Illustrations and most of the examples in this guide are based on the Matrix E1 1H582-51. Configuration and CLI output for the Matrix E1 1H582-25, and the 1G58x-09, may be different. Unless noted, procedures and performance features are similar for both models. 2.
PAGE 42
Connecting to a Console Port for Local Management Connecting to an IBM or Compatible Device Using a UTP cable with RJ45 connectors and RJ45-to-DB9 adapter, you can connect products equipped with an RJ45 console port to an IBM or compatible PC running a VT series emulation software package.
PAGE 43
Connecting to a Console Port for Local Management Connecting to a VT Series Terminal Figure 2-1 Connecting an IBM PC or Compatible Device 1H582-51 2 CPU Reset Console PWR 1 Ã Á Â À 1 2 PC RJ45-to-DB9 PC Adapter 2.1.
PAGE 44
Connecting to a Console Port for Local Management Connecting to a Modem Parameter Setting Mode 7 Bit Control Transmit Transmit=9600 Bits Parity 8 Bits, No Parity Stop Bit 1 Stop Bit 5. When these parameters are set, the Matrix E1 startup screen will display. Figure 2-2 Connecting a VT Series Terminal 1H582-51 2 CPU Reset Console PWR 1 Á Â À 1 2 VT Series Terminal RJ45-to-DB25 VT Adapter 2.1.
PAGE 45
Connecting to a Console Port for Local Management Connecting to a Modem 3. Connect the RJ45-to-DB25 adapter to the communications port on the modem. 4. Turn on the modem and configure your VT emulation package with the following parameters: Parameter Setting Mode 7 Bit Control Transmit Transmit=9600 Bits Parity 8 Bits, No Parity Stop Bit 1 Stop Bit 5. When these parameters are set, the Matrix E1 startup screen will display. 2.1.4.
PAGE 46
Connecting to a Console Port for Local Management Connecting to a Modem Another solution, if the modem cannot be configured to completely suppress traffic to the console port at start-up, would be to configure the E1 lockout retry count to a higher value or disable it altogether. You would do this using the set system lockout attempts command as described in Section 3.2.1.8.
PAGE 47
Connecting to a Console Port for Local Management Adapter Wiring and Signal Assignments 2.1.
PAGE 48
Connecting to a Console Port for Local Management Adapter Wiring and Signal Assignments VT Series Port Adapter Wiring and Signal Diagram RJ45 DB25 Pin Conductor Pin Signal 4 Red 2 Transmit (TX) 1 Blue 3 Receive (RX) 6 Yellow 5 Clear to Send (CTS) 5 Green 7 Ground (GRD) 2 Orange 20 Data Terminal Ready 1 Pins 8 Pins 13 1 25 RJ45 Connector (Female) 14 DB25 Connector (Female) 045905 045906 Modem Port Adapter Wiring and Signal Diagram RJ45 DB25 Pin Conductor Pin Signal
PAGE 49
3 Startup and General Configuration This chapter describes factory default settings and the Startup and General Configuration set of commands. 3.1 STARTUP AND GENERAL CONFIGURATION SUMMARY At startup, the Matrix E1 device is configured with many defaults and standard features. The following sections provide information on how to review and change factory defaults, how to customize basic system settings to adapt to your work environment, and how to prepare to run the device in router mode. 3.1.
PAGE 50
Startup and General Configuration Summary Factory Default Settings Table 3-1 Default Device Settings for Basic and Switch Mode Operation (Continued) Device Feature Default Setting Convergence End Points phone detection Disabled globally and on all ports. EAPOL Disabled. EAPOL authentication mode When enabled, set to auto for all ports. Flow age time Set to 30 seconds Flow Setup Throttling (FST) Disabled. When enabled, the flow limit notification and shutdown functions are disabled.
PAGE 51
Startup and General Configuration Summary Factory Default Settings Table 3-1 Default Device Settings for Basic and Switch Mode Operation (Continued) Device Feature Default Setting MAC authentication Disabled (globally and on all ports). MAC locking Disabled (globally and on all ports). MAC reauthentication Disabled on all ports. When enabled, reauthentication period and quiet period are set to 30 seconds. Passwords Set to an empty string for all default user accounts.
PAGE 52
Startup and General Configuration Summary Factory Default Settings Table 3-1 Default Device Settings for Basic and Switch Mode Operation (Continued) Device Feature Default Setting QoS weight round-robin (WRR) Set to 25% for weighted queues (0 through 3). RAD Enabled. RADIUS client Disabled. RADIUS last resort action When the client is enabled, set to Challenge. RADIUS retries When the client is enabled, set to 3. RADIUS timeout When the client is enabled, set to 20 seconds.
PAGE 53
Startup and General Configuration Summary Factory Default Settings Table 3-1 Default Device Settings for Basic and Switch Mode Operation (Continued) Device Feature Default Setting Spanning Tree maximum aging time Set to 20 seconds. Spanning Tree path cost Set to 100 for Ethernet; 10 for Fast Ethernet; and 1 for Gigabit Ethernet. Spanning Tree point-to-point Set to auto for all Spanning Tree ports. Spanning Tree port priority All ports with bridge priority are set to 128 (medium priority).
PAGE 54
Startup and General Configuration Summary Factory Default Settings Table 3-1 Default Device Settings for Basic and Switch Mode Operation (Continued) Device Feature Default Setting Telnet Enabled (outbound and inbound). Listening port is set to 23. Maximum number of inbound, outbound, or SSH sessions allowed is set to 4. Terminal CLI display set to 79 columns and 23 rows. Timeout Set to 5 minutes.
PAGE 55
Startup and General Configuration Summary Factory Default Settings Table 3-2 Default Device Settings for Router Mode Operation (Continued) Device Feature Default Setting ARP table No permanent entries configured. ARP timeout Set to 1200 seconds (20 minutes). Authentication key (RIP and OSPF) None configured. Authentication mode (RIP and OSPF) None configured. Dead interval (OSPF) Set to 40 seconds. Disable triggered updates (RIP) Triggered updates allowed.
PAGE 56
Startup and General Configuration Summary Factory Default Settings Table 3-2 Default Device Settings for Router Mode Operation (Continued) Device Feature Default Setting MD5 authentication (OSPF) Disabled with no password set. MTU size Set to 1500 bytes on all interfaces. OSPF Disabled. OSPF cost When OSPF is enabled, set to 10 for all OSPF interfaces. OSPF network None configured. OSPF priority Set to 1. Passive interfaces (RIP) None configured. Proxy ARP Enabled on all interfaces.
PAGE 57
Startup and General Configuration Summary Factory Default Settings Table 3-2 Default Device Settings for Router Mode Operation (Continued) Device Feature Default Setting Telnet port (IP) Set to port number 23. TFTP server IP address Set to 0.0.0.0 Timers (OSPF) SPF delay set to 5 seconds. SPF holdtime set to 10 seconds. Transmit delay (OSPF) Set to 1 second. VRRP Disabled.
PAGE 58
Startup and General Configuration Summary Command Defaults Descriptions 3.1.2 Command Defaults Descriptions Each command description in this guide includes a section entitled “Command Defaults” which contains different information than the factory default settings on the device as described in Table 3-1 and Table 3-2. The command defaults section defines CLI behavior if the user enters a command without optional parameters (indicated by square brackets [ ]).
PAGE 59
Startup and General Configuration Summary CLI Command Modes 3.1.3 CLI Command Modes Each command description in this guide includes a section entitled “Command Mode” which states whether the command is executable in Admin (Super User), Read-Write or Read-Only mode. Users with Read-Only access will only be permitted to view Read-Only (show) commands. Users with Read-Write access will be able to modify all modifiable parameters in set and show commands, as well as view Read-Only commands.
PAGE 60
Startup and General Configuration Summary Using WebView 3.1.4 Using WebView NOTE: This guide describes configuring and managing the Matrix E1 device using CLI commands. For details on using WebView (Enterasys Networks’ embedded web server) for switch configuration and management tasks, refer to the Matrix E1 (IG582-09 and 1H582-51) WebView User’s Guide. WebView is not available as a router configuration tool. By default WebView is enabled on TCP port number 80 of the Matrix E1 device.
PAGE 61
Startup and General Configuration Summary Process Overview: CLI Startup and General Configuration 3.1.5 Process Overview: CLI Startup and General Configuration Use the following steps as a guide to the startup and general configuration process: 1. Starting and navigating the Command Line Interface (CLI) (Section 3.1.6) 2. Setting user accounts and passwords (Section 3.2.1) 3. Setting basic device properties (Section 3.2.2) 4. Downloading a new firmware image (Section 3.2.3) 5.
PAGE 62
Startup and General Configuration Summary Starting and Navigating the Command Line Interface (CLI) 3.1.6 Starting and Navigating the Command Line Interface (CLI) 3.1.6.1 Using a Console Port Connection NOTE: By default, the Matrix E1 Series device is configured with three user login accounts: ro for Read-Only access; rw for Read-Write access; and admin for super-user access to all modifiable parameters. The default password is set to a blank string (carriage return).
PAGE 63
Startup and General Configuration Summary Starting and Navigating the Command Line Interface (CLI) Figure 3-2 Console Port Initial Startup Screen Before User Authorization c)Copyright ENTERASYS Networks, Inc. 2002 Matrix 1G582-09 POST Version 01.01.00 Application image found in Flash memory. Loading functional image ... Application image loaded to CPU SDRAM. Start Application ... done. 1H582-51 Switch init start... Switch Budget init... Initializing hardware... Switch clear VLAN table...
PAGE 64
Startup and General Configuration Summary Starting and Navigating the Command Line Interface (CLI) 3.1.6.3 Logging in With an Administratively Configured User Account If the device’s default user account settings have been changed, proceed as follows: 1. At the Username login prompt, enter your administratively-assigned user name and press ENTER. 2. At the Password prompt, enter your password and press ENTER. The notice of authorization and the Matrix prompt displays as shown in Figure 3-3.
PAGE 65
Startup and General Configuration Summary Starting and Navigating the Command Line Interface (CLI) Figure 3-3 Startup Screen After User Authorization Username:rw Password: waiting for authorization...... **************************************** * * * Matrix 1G587-09 * * * * Enterasys Networks, Inc. * * 50 Minuteman Road * * Andover, MA 01810 USA * * * **************************************** Matrix> For information about setting the IP address, refer to Section 3.2.2.23.
PAGE 66
Startup and General Configuration Summary Getting Help with CLI Syntax 3.1.7 Getting Help with CLI Syntax Entering a space and a question mark (?) after a keyword will display all commands beginning with the keyword. Figure 3-4 shows how to perform a keyword lookup for set vlan. Entering a space and a question mark (?) after any of these parameters (such as set vlan classification) will display additional parameters nested within the syntax.
PAGE 67
Startup and General Configuration Summary Displaying Scrolling Screens 3.1.8 Displaying Scrolling Screens CLI output requiring more than one screen will display --More-- to indicate continuing screens. To display additional screen output: • Press ENTER to advance the output one line at a time. • Press M to advance the output to the next screen. The example in Figure 3-6 shows how the show mac command indicates that output continues on more than one screen.
PAGE 68
Startup and General Configuration Summary Basic Line Editing Commands 3.1.9 Basic Line Editing Commands The CLI supports EMACs-like line editing commands. Table 3-3 lists some commonly used commands. Table 3-3 Basic Line Editing Commands Key Sequence Command Ctrl+A Move cursor to beginning of line. Ctrl+B Move cursor back one character. Ctrl+C Abort command. Ctrl+D Delete character. Ctrl+E Move cursor to end of line. Ctrl+F Move cursor forward one character.
PAGE 69
General Configuration Command Set Setting User Accounts and Passwords 3.2 GENERAL CONFIGURATION COMMAND SET 3.2.1 Setting User Accounts and Passwords Purpose To change the device’s default user login and password settings, and to add new user accounts and passwords. Commands The commands needed to set user accounts and passwords are listed below and described in the associated section as shown. • show system login (Section 3.2.1.1) • set system login (Section 3.2.1.2) • clear system login (Section 3.
PAGE 70
General Configuration Command Set Setting User Accounts and Passwords Command Type Switch command. Command Mode Super User. Example This example shows how to display login account information.
PAGE 71
General Configuration Command Set Setting User Accounts and Passwords Table 3-4 3.2.1.2 show system login Output Details (Continued) Output What It Displays... Lockout time Number of minutes the admin user account will be locked out after the maximum number of failed attempts to log on to the switch. Configured with the set system lockout command (Section 3.2.1.9). Lockout attempts Number of failed login attempts before user lock out occurs.
PAGE 72
General Configuration Command Set Setting User Accounts and Passwords Command Mode Super User. Example This example shows how to enable a new user account with the login name “netops” with super user access privileges: Matrix>set system login netops su enable 3.2.1.3 clear system login Use this command to remove a local login user account. clear system login username Syntax Description username Specifies the login name of the account to be cleared.
PAGE 73
General Configuration Command Set Setting User Accounts and Passwords 3.2.1.4 set password Use this command to change system default passwords or to set a new login password on the CLI. set password username NOTES: Only users with admin (su) access privileges can change any password on the system. Users with Read-Write (rw) or Read-Only (ro) access privileges can change their own passwords, but cannot enter or modify other system passwords.
PAGE 74
General Configuration Command Set Setting User Accounts and Passwords Examples This example shows how a super-user would change the Read-Write password from the system default (blank string): Matrix>set password rw Please enter new password: ******** Please re-enter new password: ******** Password changed.
PAGE 75
General Configuration Command Set Setting User Accounts and Passwords 3.2.1.6 set system password aging Use this command to set the number of days user passwords will remain valid before aging out, or to disable user account password aging. set system password aging {days | disable} Syntax Description days Specifies the number of days user passwords will remain valid before aging out. Valid values are 1 to 365. disable Disables password aging. Command Defaults None. Command Type Switch command.
PAGE 76
General Configuration Command Set Setting User Accounts and Passwords Command Type Switch command. Command Mode Super User. Example This example shows how to configure the system to check the last 10 passwords for duplication Matrix>set system password history 10 3.2.1.8 set system lockout attempts Use this command to disable system lock out or to set the number of failed login attempts before user lock out occurs.
PAGE 77
General Configuration Command Set Setting User Accounts and Passwords Example This example shows how to set login attempts to 5: Matrix>set system lockout attempts 5 3.2.1.9 set system lockout Use this command to set the number of minutes the admin user account will be locked out after the maximum number of failed attempts to log on to the switch.
PAGE 78
General Configuration Command Set Setting Basic Device Properties 3.2.2 Setting Basic Device Properties Purpose To display and set the basic system (device) information, including password, system time, system prompt, contact name, terminal output, lockout time, timeout, console baud rate and version information, to display or set the system IP address, and to download a new firmware image to the device.
PAGE 79
General Configuration Command Set Setting Basic Device Properties 3.2.2.1 show system resources Use this command to display the CPU type, NVRAM installed and other resources installed in the system. show system resources Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only.
PAGE 80
General Configuration Command Set Setting Basic Device Properties 3.2.2.2 show system Use this command to display powers supply status, baud rate, timeout and other system information. show system Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only.
PAGE 81
General Configuration Command Set Setting Basic Device Properties 3.2.2.3 show time Use this command to display the current time of day in the system clock. show time Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only. Example This example shows how to display the current time. The output shows the day of the week, month, day, year, hour, minutes, and seconds: Matrix>show time Thu 11/06/2001 08:24:28 3.2.2.
PAGE 82
General Configuration Command Set Setting Basic Device Properties Command Mode Read-Write. Example This example shows how to set the system clock to Saturday, October 31, 2003, 7:50 a.m: Matrix>set time sat 10/31/2003 7:50 3.2.2.5 set prompt Use this command to modify the command prompt. set prompt “prompt_string” Syntax Description prompt_string Specifies a text string for the command prompt. A prompt string containing a space in the text must be enclosed in quotes as shown in the example below.
PAGE 83
General Configuration Command Set Setting Basic Device Properties 3.2.2.6 show banner motd Use this command to show the banner message of the day that will display at session login. show banner motd Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only. Example This example shows how to display the banner message of the day: Matrix>show banner motd Not one hundred percent efficient, of course ... but nothing ever is. -- Kirk, "Metamorphosis", stardate 3219.
PAGE 84
General Configuration Command Set Setting Basic Device Properties Command Mode Read-Write. Example This example shows how to set the message of the day banner to read “Change is the price of survival. -- Winston Churchill” : Matrix>set banner motd “Change is the price of survival.\\n-- Winston Churchill” 3.2.2.8 clear banner motd Use this command to clear the banner message of the day displayed at session login. clear banner motd Syntax Description None. Command Defaults None.
PAGE 85
General Configuration Command Set Setting Basic Device Properties 3.2.2.9 show version Use this command to display hardware and firmware information. Refer to Section 3.2.3 for instructions on how to download a firmware image. If a firmware image has been downloaded to the switch since the last reboot, a message will be displayed indicating that fact. If no download has taken place, no message will be displayed. show version Syntax Description None. Command Defaults None. Command Type Switch command.
PAGE 86
General Configuration Command Set Setting Basic Device Properties Table 3-5 show version Output Details Output What It Displays... Slot Fixed front panel or expansion module slot location designation. For details on how slots are numbered, refer to Section 4.1.2. Ports Number of ports in the fixed front panel or expansion module. Model Model number of the chassis or expansion module. Serial Number Serial number (if applicable) of the chassis or expansion module.
PAGE 87
General Configuration Command Set Setting Basic Device Properties Example This example shows how to set the system name to Information Systems: Matrix>set system name “Information Systems” 3.2.2.11 set system location Use this command to identify the location of the system. set system location [“location_string”] Syntax Description location_string (Optional) Specifies a text string that indicates where the system is located.
PAGE 88
General Configuration Command Set Setting Basic Device Properties 3.2.2.12 set system contact Use this command to identify a contact person for the system. set system contact [“contact_string”] Syntax Description contact_string (Optional) Specifies a text string that contains the name of the person to contact for system administration. A contact string containing a space in the text must be enclosed in quotes as shown in the example below.
PAGE 89
General Configuration Command Set Setting Basic Device Properties Command Mode Read-Write. Example This example shows how to show terminal information: Matrix>show terminal Terminal height set to 23. Terminal width set to 79. 3.2.2.14 set terminal Use this command to set the number of columns and rows for the terminal connected to the device’s console port. set terminal {rows num-rows [disable] | cols num-cols}[static] Syntax Description rows num_rows Specifies the number of terminal rows to be set.
PAGE 90
General Configuration Command Set Setting Basic Device Properties Example This example shows how to set the terminal columns to 50: Matrix>set terminal cols 50 3.2.2.15 set system timeout Use this command to set the time (in minutes) an idle local (console) or remote login session will remain connected before timing out. set system timeout timeout [console | remote] Syntax Description timeout Specifies the number of minutes the system will remain idle before timing out. Valid values are 1 to 60.
PAGE 91
General Configuration Command Set Setting Basic Device Properties Command Defaults None. Command Type Switch command. Command Mode Read-Only. Example This example shows how to display daylight savings time settings: Matrix>show summertime Summertime is disabled and set to '' Start : SUN APR 04 02:00:00 2004 End : SUN OCT 31 02:00:00 2004 Offset: 60 minutes (1 hours 0 minutes) Recurring: yes, starting at 2:00 of the first Sunday of April and ending at 2:00 of the last Sunday of October 3.2.2.
PAGE 92
General Configuration Command Set Setting Basic Device Properties Example This example shows how to enable daylight savings time function: Matrix> set summertime enable 3.2.2.18 set summertime date Use this command to configure specific dates to start and stop daylight savings time. These settings will be non-recurring and will have to be reset annually. Use the set summertime recurring command to configure recurring summertime that will not have to be reset annually.
PAGE 93
General Configuration Command Set Setting Basic Device Properties Command Type Switch command. Command Mode Read-Write. Example This example shows how to set a daylight savings time start date of April 4, 2004 at 2 a.m. and an ending date of October 31, 2004 at 2 a.m. with an offset time of one hour: Matrix>set summertime date April 4 2004 02:00 October 31 2004 02:00 60 3.2.2.19 set summertime recurring Use this command to configure recurring daylight savings time settings.
PAGE 94
General Configuration Command Set Setting Basic Device Properties Syntax Description start_week Specifies the week of the month to start daylight savings time. Valid values are: first, second, third, fourth, and last. start_day Specifies the day of the week to start daylight savings time. start_hr_min Specifies the time of day to start daylight savings time. Format is hh:mm. end_week Specifies the week of the month to end daylight savings time.
PAGE 95
General Configuration Command Set Setting Basic Device Properties 3.2.2.20 clear summertime Use this command to clear the daylight savings time configuration. clear summertime Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Write. Example This example shows how to clear the daylight savings time configuration: Matrix> clear summertime 3.2.2.21 set console baud Use this command to set the console port baud rate.
PAGE 96
General Configuration Command Set Setting Basic Device Properties Command Alternative (v3.00.xx and previous) set system baud rate Example This example shows how to set the console port baud rate to 19200: Matrix>set console baud 19200 3.2.2.22 show ip address Use this command to display the local host port IP address, system mask and default gateway. show ip address Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only.
PAGE 97
General Configuration Command Set Setting Basic Device Properties 3.2.2.23 set ip address Use this command to set the system IP address, subnet mask and default gateway. set ip address ip_address [mask ip_mask] [gateway ip_gateway] Syntax Description ip_address Specifies the IP address to set for the device. mask ip_mask (Optional) Specifies the IP mask of the local host. gateway ip_gateway (Optional) Specifies the default gateway of the local host.
PAGE 98
General Configuration Command Set Downloading a Firmware Image 3.2.3 Downloading a Firmware Image You can upgrade the operational firmware in the Matrix E1 without physically opening the device or being in the same location. The software storage sector in the flash memory of the device is reprogrammed, allowing you to easily download firmware feature enhancements and problem fixes to the device from a local or remote location. Firmware can be downloaded to the device in two ways: • Via TFTP download.
PAGE 99
General Configuration Command Set Downloading a Firmware Image 5. Press 1 to download the agent firmware. The following messages display: (D)ownload System Image or (S)tart Application: [S] Select the Firmware Type to Download (1)Runtime (2)POST [1]: Your Selection: Runtime Code Download code to FlashROM address 0xff200000 Change Baud Rate to 115200 and Press to Download. 6. Change your terminal baud rate to 115200 bps and press ENTER. 7.
PAGE 100
General Configuration Command Set Downloading a Firmware Image Syntax Description hostname | ip_address Specifies the host name or IP address of the TFTP server from which the new image file will be downloaded. filename Specifies the TFTP server path and file name of the new image. noreboot (Optional) Specifies that the device will not reboot after completing the download of an image file. The device will continue using the existing firmware image and will store the new image in FLASH memory.
PAGE 101
General Configuration Command Set Downloading a Firmware Image Example This example shows how to download a new firmware image via a TFTP server: Matrix>dload 172.101.50.87 d:\images\xfiles\010000.09 File downloaded successfully. Updating flashROM image at 0xFF200000 ... Image update successful. Updating flashROM image at 0xFF500000 ... Image update successful. Restarting system... Saving persistent data ++++++++++++++++++++++++++++++++++++++++++++++++++ (c)Copyright ENTERASYS Networks, Inc.
PAGE 102
General Configuration Command Set Configuring Telnet 3.2.4 Configuring Telnet To review, enable, disable and configure Telnet services to the device when operating in switch mode. Commands The commands needed to configure Telnet are listed below and described in the associated section as shown. • show telnet (Section 3.2.4.1) • set telnet (Section 3.2.4.2) 3.2.4.1 show telnet Use this command to display Telnet status and information. show telnet Syntax Description None. Command Defaults None.
PAGE 103
General Configuration Command Set Configuring Telnet Telnet sessions have not been changed from the default value of 4. For details on using the set telnet command to change default settings, refer to Section 3.2.4.2: Matrix>show telnet Inbound telnet is currently enabled on port 23. Outbound telnet is currently enabled. Maximum inbound telnet sessions = 4. Maximum outbound telnet sessions = 4. Maximum ssh telnet sessions = 4. 3.2.4.2 set telnet Use this command to configure Telnet on the device.
PAGE 104
General Configuration Command Set Configuring Telnet Command Mode Read-Write. Examples This example shows how to disable inbound and outbound Telnet services: Matrix>set telnet disable all Disconnect all telnet sessions and disable now (y/n)? [n]: y All telnet sessions have been terminated, telnet is now disabled.
PAGE 105
General Configuration Command Set Managing Switch Configuration Files 3.2.5 Managing Switch Configuration Files Purpose To view, manage, and execute configuration files when operating in switch mode. Commands The commands needed to view, manage, and execute switch configuration files are listed below and described in the associated section as shown. • dir (Section 3.2.5.1) • show config (Section 3.2.5.2) • configure (Section 3.2.5.3) • summaryconfig (Section 3.2.5.4) • copy (Section 3.2.5.
PAGE 106
General Configuration Command Set Managing Switch Configuration Files Example This example shows how to display contents of the NVDRIVE: file directory: Matrix>dir Filename Filesize -----------------------CLITXT.CFG 480 3.2.5.2 show config Use this command to display the contents of the CLI text configuration file. show config [filename [all | system] [facility]] Syntax Description filename (Optional) Displays a specific file. The filename extension must be .
PAGE 107
General Configuration Command Set Managing Switch Configuration Files Examples This example shows how to display system information in the clitxt.cfg file: Matrix>show config clitxt.cfg system clitxt.cfg set vlan 30 create set vlan 40 create set vlan 30 enable set vlan name 30 blue set vlan egress 30 fe.0.7 untagged set vlan classification enable set vlan classification 30 802.3-SAP 0X0020 create set vlan classification 30 802.3-SAP 0X0020 enable set port vlan fe.0.4-fe.0.7 30 set port broadcast fe.0.
PAGE 108
General Configuration Command Set Managing Switch Configuration Files This example shows how to regenerate the current set commands: Matrix>show config Creating CLI device configuration Set commands! ! ! cdp ! ! community ! ! dns ! ! garp ! ! gvrp ! ! history ! ! host vlan ! ! igmp set igmp enable ! ! ip set ip address 10.2.242.112 mask 255.255.240.0 gateway 10.2.240.1 --More-- 3.2.5.
PAGE 109
General Configuration Command Set Managing Switch Configuration Files Syntax Description filename Specifies the name of the configuration file to execute. append (Optional) Executes the configuration as an appendage (update) to the current configuration. at time (Optional) Schedules a configuration update at a specific time using a 24-hour system (hh:mm). in time (Optional) Schedules a configuration update after a specific time in hours and minutes using a 24-hour system (hh:mm).
PAGE 110
General Configuration Command Set Managing Switch Configuration Files This example shows how to schedule an NVRAM update by appending the clitxt.txt configuration file in two hours: Matrix>configure clitxt.txt append in 02:00 3.2.5.4 summaryconfig Use this command to display the Matrix E1 non-default configuration to the console, or, by entering the file keyword, write it to the swfile.cfg file. summaryconfig [file] Syntax Description file (Optional) Writes the configuration to the scfile.cfg.
PAGE 111
General Configuration Command Set Managing Switch Configuration Files Example This example shows a portion of the output created by the summaryconfig command: >show rad RAD is currently enabled. > >show RADIUS RADIUS RADIUS radius status: retries: timeout: RADIUS Server ------------0.0.0.0 0.0.0.0 Disabled. 3. 20 seconds Status -----Primary Secondary RADIUS last-resort-action ------------------------Local Remote > >show snmp SNMP is currently enabled.
PAGE 112
General Configuration Command Set Managing Switch Configuration Files 3.2.5.5 copy Use this command to upload or download a configuration file.
PAGE 113
General Configuration Command Set Managing Switch Configuration Files NOTES: There is an important distinction between specifying a filename and using the device-config option. When uploading, the filename specified in the destination pathname (the server) is created. When downloading, if the device-config keyword is entered, then the filename specified in the source pathname is downloaded and executed. This file will not be saved in NVRAM.
PAGE 114
General Configuration Command Set Managing Switch Configuration Files This example shows how to download and execute the clitxt.txt file. This command will reset the device: Matrix>copy tftp://10.1.129.3/config/clitxt.txt device-config This example shows how to download and execute the cliappend.txt file. This command will not reset the device: Matrix>copy tftp://10.1.29.3/config/cliappend.txt device-config append 3.2.5.
PAGE 115
General Configuration Command Set Managing Switch Configuration Files 3.2.5.7 delete Use this command to remove a configuration file from the Matrix E1 system. delete filename Syntax Description filename Specifies the configuration file to remove. Command Type Switch command. Command Mode Read-Write. Command Defaults None. Example This example shows how to delete the clitxt1.cfg configuration file: Matrix>delete clitxt1.
PAGE 116
General Configuration Command Set Configuring Enterasys and Cisco Discovery Protocols 3.2.6 Configuring Enterasys and Cisco Discovery Protocols Purpose To enable and configure the Enterasys (CDP) and Cisco discovery protocols. These protocols are used to discover network topology. When enabled, they allow Enterasys and Cisco devices to send periodic PDUs about themselves to neighboring devices.
PAGE 117
General Configuration Command Set Configuring Enterasys and Cisco Discovery Protocols 3.2.6.1 show cdp Use this command to display the status of the Enterasys (CDP) Discovery Protocol and message interval on one or more ports. show cdp [port-string] Syntax Description port-string (Optional) Displays Enterasys Discovery Protocol information for specific port(s). For a detailed description of possible port-string values, refer to Section 4.1.2.
PAGE 118
General Configuration Command Set Configuring Enterasys and Cisco Discovery Protocols Table 3-6 show cdp Output Details Output What It Displays... CDP Version Current Enterasys Discovery Protocol version number. Global CDP State Whether Enterasys Discovery Protocol is globally auto-enabled, enabled or disabled. Global Hold Time Transmit frequency (in seconds) of Enterasys Discovery Protocol messages.
PAGE 119
General Configuration Command Set Configuring Enterasys and Cisco Discovery Protocols Syntax Description auto Auto-enables the Enterasys Discovery Protocol on the device or on specified port(s). In auto-mode, which is the default mode for all ports, a port automatically becomes CDP-enabled upon receiving its first CDP message on any port. NOTE: Auto mode will only be operational for specific ports if the global CDP state has been set to auto as well.
PAGE 120
General Configuration Command Set Configuring Enterasys and Cisco Discovery Protocols This example shows how to disable Enterasys Discovery Protocol for Fast Ethernet expansion module 2, port 1: Matrix>set cdp disable fe.2.1 3.2.6.3 set cdp interval Use this command to set the message interval frequency of the Enterasys Discovery Protocol. set cdp interval frequency Syntax Description frequency Specifies the transmit frequency of Enterasys Discovery Protocol messages in seconds.
PAGE 121
General Configuration Command Set Configuring Enterasys and Cisco Discovery Protocols Command Type Switch command. Command Mode Read-Only. Examples This example shows how to display Cisco Discovery Protocol information. In this case, defaults have not been changed: Matrix>show ciscodp CiscoDP : Disabled Timer : 60 Holdtime (TTL) : 180 Platform : Matrix 1G587-09 Version : 03.02.00 Device ID : 0123456789 PopulateCDP : Disabled Table 3-7 provides an explanation of the command output.
PAGE 122
General Configuration Command Set Configuring Enterasys and Cisco Discovery Protocols Table 3-7 3.2.6.5 show ciscodp Output Details (Continued) Output What It Displays... Device ID Sending device’s serial number. PopulateCDP Whether the populate Enterasys (CDP) discovery protocol function is enabled or disabled. Default setting of disabled can be changed with the set ciscodp populatecdp command as described in Section 3.2.6.8.
PAGE 123
General Configuration Command Set Configuring Enterasys and Cisco Discovery Protocols Syntax Description time Specifies the number of seconds between PDU transmissions. Valid values are 5 - 254. Command Defaults None. Command Type Switch command. Command Mode Read-Write. Example This example shows how to set the Cisco Discovery Protocol timer to 120 seconds: Matrix>set ciscodp timer 120 3.2.6.7 set ciscodp holdtime Use this command to set the time to live (TTL) for Cisco Discovery Protocol PDUs.
PAGE 124
General Configuration Command Set Configuring Enterasys and Cisco Discovery Protocols Example This example shows how to set the Cisco Discovery Protocol hold time to 180 seconds: Matrix>set ciscodp holdtime 180 3.2.6.8 set ciscodp populatecdp Use this command to populate the Enterasys (CDP) Discovery Protocol MIB with Cisco information. When enabled, this function allows Cisco devices to appear in the Enterasys Discovery Protocol (CDP) MIB along with Enterasys devices.
PAGE 125
General Configuration Command Set Configuring Enterasys and Cisco Discovery Protocols Syntax Description port-string (Optional) Displays information about specific port(s). For a detailed description of possible port-string values, refer to Section 4.1.2. Command Defaults If port-string is not specified, Cisco DP information will be displayed for all ports. Command Type Switch command. Command Mode Read-Only.
PAGE 126
General Configuration Command Set Configuring Enterasys and Cisco Discovery Protocols Table 3-8 show port ciscodp info Output Details (Continued) Output What It Displays... VVID Whether a Voice VLAN ID has been set on this port. Default of none can changed using the set port ciscodp vvid command (Section 3.2.6.14). #Neigh Number of neighboring Cisco devices detected on this port. PDU-TX Number of Cisco DP PDUs transmitted on this port. PDU-RX Number of Cisco DP PDUs received on this port.
PAGE 127
General Configuration Command Set Configuring Enterasys and Cisco Discovery Protocols Command Mode Read-Only. Examples This example shows how to display a summary of information about neighboring Cisco devices detected on Matrix port ge.0.4. In this case, a device is connected at the neighboring device’s module 2, port 1 link: Matrix>show port ciscodp neighborinfo ge.0.4 Sysname Platform Port ID ---------------------------------------------------------------ge.0.4 ggismysysname WS-C6509 2/1 3.2.6.
PAGE 128
General Configuration Command Set Configuring Enterasys and Cisco Discovery Protocols Example This example shows how to enable the Cisco DP function on port ge.0.5: Matrix>set port ciscodp ge.0.5 enable 3.2.6.12 set port ciscodp trust-ext Use this command to set the trusted status of one or more switch ports connected to a Cisco IP phone. Note the following points describing how the Cisco DP trust settings work.
PAGE 129
General Configuration Command Set Configuring Enterasys and Cisco Discovery Protocols untrusted Tell the Cisco IP phone to overwrite the 802.1p tag of traffic transmitted by the device connected to it to 0, by default, or to the value configured with the set port ciscodp cos-ext command (Section 3.2.6.13). undefined No trust state setting is communicated to the Cisco IP phone. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 130
General Configuration Command Set Configuring Enterasys and Cisco Discovery Protocols Syntax Description port-string Specifies the port(s) on which to set a CoS value. For a detailed description of possible port-string values, refer to Section 4.1.2. classify-value Assigns a Class of Service to untrusted traffic. Valid values are 0 - 7, with 0 given the lowest priority. There is a one-to-one correlation between this classify-value and the 802.1p value assigned to ingressed traffic by the Cisco IP phone.
PAGE 131
General Configuration Command Set Configuring Enterasys and Cisco Discovery Protocols Syntax Description port-string Specifies the port(s) on which tagging will be set. For a detailed description of possible port-string values, refer to Section 4.1.2. vlan-id Instructs an attached Cisco IP phone to transmit to a specific VLAN. Valid values are 1 - 4094. For information on creating and configuring VLANs, refer to Chapter 7.
PAGE 132
General Configuration Command Set Pausing, Clearing and Closing the CLI 3.2.7 Pausing, Clearing and Closing the CLI Purpose To pause or clear the CLI screen or to close your CLI session. Commands The commands used to pause, clear and close the CLI session are listed below and described in the associated sections as shown. • wait (Section 3.2.7.1) • cls (Section 3.2.7.2) • exit (Section 3.2.7.3) 3.2.7.
PAGE 133
General Configuration Command Set Pausing, Clearing and Closing the CLI 3.2.7.2 cls (clear screen) Use this command to clear the screen for the current CLI session. cls Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only. Example This example shows how to clear the CLI screen: Matrix>cls 3.2.7.3 exit Use this command to leave a CLI session when operating in switch mode.
PAGE 134
General Configuration Command Set Pausing, Clearing and Closing the CLI Command Mode Read-Only.
PAGE 135
General Configuration Command Set Resetting the Device 3.2.8 Resetting the Device Purpose To reset the device without losing any user-defined switch and router configuration parameters, or to clear NVRAM (user-defined) config settings. Commands Commands to reset the device are listed below and described in the associated section as shown. • show reset (Section 3.2.8.1) • reset (Section 3.2.8.2) • reset at (Section 3.2.8.3) • reset in (Section 3.2.8.4) • clear config (Section 3.2.8.5) 3.2.8.
PAGE 136
General Configuration Command Set Resetting the Device Example This command shows how to display reset information Matrix>show reset Reset scheduled for Fri Jan 21 2004, 23:00:00 (in 3 days 12 hours 56 minutes 57 seconds). Reset reason: Software upgrade 3.2.8.2 reset Use this command to reset the device immediately, cancel, or display information about a scheduled reset. reset [system [cancel]] [show] Syntax Description system (Optional) Resets the system.
PAGE 137
General Configuration Command Set Resetting the Device This example shows how to cancel a scheduled system reset: Matrix>reset cancel Reset cancelled. 3.2.8.3 reset at Use this command to schedule a system reset at a specific future time. This feature is useful for loading a new boot image. reset at hh:mm [mm/dd] [reason reason] Syntax Description hh:mm Schedules the hour and minute of the reset (using the 24-hour system). mm/dd (Optional) Schedules the month and day of the reset.
PAGE 138
General Configuration Command Set Resetting the Device This example shows how to schedule a reset at a specific future time and include a reason for the reset: Matrix>reset at 20:00 10/12 reason “software upgrade to 6.1” 3.2.8.4 reset in Use this command to schedule a system reset after a specific time. This feature is useful for loading a new boot image. reset in hh:mm [reason reason] Syntax Description hh:mm Specifies the number of hours and minutes into the future to perform a reset.
PAGE 139
General Configuration Command Set Resetting the Device NOTE: Clear config will not clear user account settings, such as lockout attempts, login names and passwords, unless executed by a super user (admin). Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Write. Example This example shows how to clear the device’s NVRAM configuration parameters without clearing the IP address or SSH keys: Matrix>clear config This command will clear NVRAM.
PAGE 140
Preparing the Device for Router Mode Pre-Routing Configuration Tasks 3.3 PREPARING THE DEVICE FOR ROUTER MODE Important Notice Startup and general configuration of the Matrix E1 must occur when the device is in switch mode. For details on how to start the device and configure general platform settings, refer to Section 3.1 and Section 3.2. Once startup and general device settings are complete, IP configuration and other router-specific commands can be executed when the device is in router mode.
PAGE 141
Preparing the Device for Router Mode Configuring VLANs for IP Routing 3.3.2 Configuring VLANs for IP Routing Before you can use the Matrix E1 device for IP routing, you must dedicate two or more VLANs as IP routing uplinks. To do this, you must 1. Disable Spanning Tree on the ports to be dedicated as routing uplinks. 2. Create new VLANs from these dedicated ports. 3. Disable GVRP on the dedicated ports. 4.
PAGE 142
Preparing the Device for Router Mode Configuring VLANs for IP Routing Table 3-9 Command Set for Configuring VLANs for IP Routing (Continued) To do this task... Type this command... In this mode... set gvrp disable port-string Switch: (Matrix>) For details, see... Step 4 Disable GVRP on the dedicated routing port. Step 5 Repeat steps 1 through 4 to create additional VLAN(s). Step 6 Enable router mode. router Switch: (Matrix>) Section 3.3.3 Step 7 Enable global router configuration mode.
PAGE 143
Preparing the Device for Router Mode Configuring VLANs for IP Routing Figure 3-7 Configuring Two VLANs for IP Routing Matrix>set spantree portadmin fe.0.1 disable Matrix>set vlan create 10 Matrix>set port vlan fe.0.1 10 The PVID is used to classify untagged frames as they ingress into a given port.
PAGE 144
Preparing the Device for Router Mode Enabling Router Configuration Modes 3.3.3 Enabling Router Configuration Modes The Matrix E1 CLI provides different modes of router operation for issuing a subset of commands from each mode. Table 3-10 describes these modes of operation. NOTE: The command prompts used in examples throughout this guide show a system where VLAN 1 has been configured for routing.
PAGE 145
Preparing the Device for Router Mode Enabling Router Configuration Modes Table 3-10 Router CLI Configuration Modes (Continued) Use this mode... To... Access method... Prompt... Key Chain Configuration Mode Set protocol (RIP) authentication key parameters. Type key chain and the key chain name from Router (RIP) Configuration mode. Matrix>Router (config-keychain)# Key Chain Key Configuration Mode Configure a specific key within a RIP authentication key chain.
PAGE 146
Preparing the Device for Router Mode Enabling Router Configuration Modes 3-98 Matrix E1 Series (1G58x-09 and 1H582-xx) Configuration Guide
PAGE 147
4 Port Configuration This chapter describes the Port Configuration set of commands and how to use them. 4.1 PORT CONFIGURATION SUMMARY The Matrix E1 has fixed front panel ports at the bottom of the chassis and either one or three optional Ethernet expansion module slot(s) at the top of the chassis. Matrix E1 fixed front panels provide the following port configurations: • The 1H582-25 fixed front panel provides 24 RJ45 10/100 Mbps ports.
PAGE 148
Port Configuration Summary Port Assignment Scheme The device’s optional expansion module slot(s), numbered 1, or 1,2, and 3, can have one or more ports depending on the module installed. Figure 4-2 shows the Ethernet expansion modules available at the time of this printing, and the location of port 1 on each module. Table 4-1 indicates the port numbering scheme for each expansion module. In this numbering scheme, port 2 on the expansion module in slot 2 would be expressed as 2.2 in the CLI syntax.
PAGE 149
Port Configuration Summary Port Assignment Scheme Figure 4-2 Optional Ethernet Expansion Modules 1G-2GBIC 1H-16TX 1 1 1G-2MGBIC 1G-2TX 1 1 1H-8FX 1 Table 4-1 37552_27 Ethernet Expansion Module Interface Types and Port Numbering Ethernet expansion module Interface Type Port Numbering 1H-16TX Fast Ethernet 10/100BASE-TX Sixteen fixed RJ45 ports Fast Ethernet 1000BASE-TX Two fixed RJ45 ports Gigabit 1000BASE-SX/LX Two port slots for optional GBICs (GBICs have 1 SC connector) 1G-2TX 1G-2
PAGE 150
Port Configuration Summary Port String Syntax Used in the CLI Table 4-1 Ethernet Expansion Module Interface Types and Port Numbering (Continued) Ethernet expansion module Interface Type Port Numbering 1G-2MGBIC 1000BASE-SX Two slots for optional Mini-GBICs (Mini-GBICs have 1 MT-RJ connector) |1|2| 1H-8FX 100BASE-FX Eight fixed MT-RJ connectors |1|2|3|4|5|6|7|8| 4.1.
PAGE 151
Port Configuration Summary Port String Syntax Used in the CLI For example: The Matrix E1 1H582-51 has 48 front panel ports (group 0), and the number of ports in group 1, 2, or 3 is dependent on the expansion module installed in the slot. Examples This example shows the port-string syntax for specifying Fast Ethernet port 3 in the device’s fixed front panel. fe.0.3 This example shows the port-string syntax for specifying Fast Ethernet ports 1 through 10 in the device’s fixed front panel. fe.0.
PAGE 152
Process Overview: Port Configuration Port String Syntax Used in the CLI 4.2 PROCESS OVERVIEW: PORT CONFIGURATION Use the following steps as a guide to configuring ports on the device: 1. Reviewing port status (Section 4.3.1) 2. Disabling / enabling ports (Section 4.3.2) 3. Setting speed and duplex mode (Section 4.3.3) 4. Enabling / disabling jumbo frame support (Section 4.3.4) 5. Setting auto negotiation and advertised ability (Section 4.3.5) 6. Setting flow control and thresholds (Section 4.3.6) 7.
PAGE 153
Port Configuration Command Set Reviewing Port Status 4.3 PORT CONFIGURATION COMMAND SET 4.3.1 Reviewing Port Status Purpose To display port operating status, duplex mode, speed and port type, and statistical information about traffic received and transmitted through one port or all ports on the device. Commands The commands needed to review port status are listed below and described in the associated sections as shown. • show port status (Section 4.3.1.1) • show port counters (Section 4.3.1.
PAGE 154
Port Configuration Command Set Reviewing Port Status Example This example shows how to display status information for Fast Ethernet front panel ports 15 through 18: Matrix>show port status fe.0.15-18 Port Oper Admin Duplex Speed Flow Type Status Status Ctrl -----------------------------------------------------------fe.0.15 down up half 10 N/A 100base-TX fe.0.16 down up half 10 N/A 100base-TX fe.0.17 down up full 100 N/A 100base-TX fe.0.
PAGE 155
Port Configuration Command Set Reviewing Port Status Table 4-2 show port status Output Details Output What It Displays... Flow Ctrl Whether flow control status is enabled, disabled, or N/A (auto negotiation is enabled). Type Port type as: • • • • 4.3.1.2 10/100TX: 10Base-T/100Base-T 100FX: 100Base-FX 1000SX: 1000Base-SX 1000LX: 1000Base-LX show port counters Use this command to display counter statistics detailing traffic through the switch and through all MIB2 network devices.
PAGE 156
Port Configuration Command Set Reviewing Port Status Examples This example shows how to display all counter statistics, including MIB2 network traffic and traffic through the device for Fast Ethernet front panel port 1: Matrix>show port counters fe.0.1 Port: fe.0.
PAGE 157
Port Configuration Command Set Reviewing Port Status Table 4-3 4.3.1.3 show port counters Output Details Output What It Displays... Port Port designation. For a detailed description of possible port-string values, refer to Section 4.1.2. Bridge Port Spanning Tree bridge port designation. MIB2 Interface Counters MIB2 network traffic counts. 802.1Q Switch Counters Counts of frames received and transmitted.
PAGE 158
Port Configuration Command Set Disabling / Enabling Ports 4.3.2 Disabling / Enabling Ports Purpose To disable and re-enable one or more ports. By default, all ports are enabled at device startup. You may need to disable ports in the event of network problems or to put ports “off-line” during certain configuration procedures. Commands The commands needed to enable and disable ports are listed below and described in the associated section as shown. • set port disable (Section 4.3.2.
PAGE 159
Port Configuration Command Set Setting Speed and Duplex Mode 4.3.2.2 set port enable Use this command to administratively enable one or more ports. set port enable port-string Syntax Description port-string Specifies the port(s) to enable. For a detailed description of possible port-string values, refer to Section 4.1.2. Command Defaults None. Command Type Switch command. Command Mode Read-Write. Example This example shows how to enable Fast Ethernet front panel port 3: Matrix>set port enable fe.0.
PAGE 160
Port Configuration Command Set Setting Speed and Duplex Mode • set port speed (Section 4.3.3.2) • show port duplex (Section 4.3.3.3) • set port duplex (Section 4.3.3.4) 4.3.3.1 show port speed Use this command to display the configured port speed used when the port’s auto-negotiation state is disabled. Note that the configured speed may be different from the current assigned speed, if auto-negotiation is enabled.
PAGE 161
Port Configuration Command Set Setting Speed and Duplex Mode Example This example shows how to display configured port speed for front panel ports 10 through 16: E1-2>show port speed fe.0.10-16 When autonegotiation is disabled, the port speed setting is: port speed -------------------fe.0.10 10 fe.0.11 10 fe.0.12 10 fe.0.13 10 fe.0.14 10 fe.0.15 10 fe.0.16 10 4.3.3.2 set port speed Use this command to configure the default speed of a port interface.
PAGE 162
Port Configuration Command Set Setting Speed and Duplex Mode Example This example shows how to set Fast Ethernet expansion module 3, port 9, to a port speed of 10 Mbps: Matrix>set port speed fe.3.9 10 4.3.3.3 show port duplex Use this command to display the configured port duplex setting (half or full) for one or more ports used when the port’s auto-negotiation state is disabled. Note that the configured duplex setting may be different from the current assigned setting, if auto-negotiation is enabled.
PAGE 163
Port Configuration Command Set Setting Speed and Duplex Mode Example This example shows how to display configured port duplex setting for front panel ports 10 through 16: E1-2>show port duplex fe.0.10-16 When autonegotiation is disabled, the port duplex setting is: port duplex -------------------fe.0.10 half fe.0.11 half fe.0.12 half fe.0.13 half fe.0.14 half fe.0.15 half fe.0.16 full 4.3.3.4 set port duplex Use this command to configure the duplex type of one or more ports.
PAGE 164
Port Configuration Command Set Enabling / Disabling Jumbo Frame Support Example This example shows how to set Fast Ethernet front panel port 17 to full duplex: Matrix>set port duplex fe.0.17 full 4.3.4 Enabling / Disabling Jumbo Frame Support Purpose To review, enable, and disable jumbo frame support on all ports. This allows ports to transmit frames up to 6 KB in size.
PAGE 165
Port Configuration Command Set Enabling / Disabling Jumbo Frame Support Example This example shows how to display the status of jumbo frame support: Matrix>show port jumbo Port Number Jumbo Oper Status Jumbo Admin Status Jumbo MTU ----------------------------------------------------------------ge.0.1-6 disabled disabled 6144 4.3.4.2 set port jumbo Use this command to enable or disable jumbo frame support on all ports.
PAGE 166
Port Configuration Command Set Setting Port Auto-Negotiation and Advertised Ability 4.3.5 Setting Port Auto-Negotiation and Advertised Ability Purpose To determine whether auto-negotiation is enabled or disabled for the specific port and to set the state, and to display or set a port’s advertised mode of operation. During auto-negotiation and advertised ability, the port “tells” the device at the other end of the segment what its capabilities and mode of operation are.
PAGE 167
Port Configuration Command Set Setting Port Auto-Negotiation and Advertised Ability 4.3.5.1 show port negotiation Use this command to display the status of auto-negotiation for one or more ports. show port negotiation [port-string] Syntax Description port-string (Optional) Displays auto-negotiation status for specific port(s). For a detailed description of possible port-string values, refer to Section 4.1.2.
PAGE 168
Port Configuration Command Set Setting Port Auto-Negotiation and Advertised Ability 4.3.5.2 set port negotiation Use this command to enable or disable auto-negotiation on one or more ports. set port negotiation port-string {enable | disable} Syntax Description port-string Specifies the port(s) for which to enable or disable auto-negotiation. For a detailed description of possible port-string values, refer to Section 4.1.2. enable | disable | Enables or disables auto-negotiation.
PAGE 169
Port Configuration Command Set Setting Port Auto-Negotiation and Advertised Ability 4.3.5.3 show port advertised ability Use this command to display the advertised ability on one or more ports. show port advertised ability [port-string [verbose]] Syntax Description port-string (Optional) Displays advertised ability for specific port(s). For a detailed description of possible port-string values, refer to Section 4.1.2. verbose (Optional) Displays more detail about the port’s advertised ability.
PAGE 170
Port Configuration Command Set Setting Port Auto-Negotiation and Advertised Ability This command shows the verbose display of advertised ability for port fe.0.1 : Matrix>show port advertised ability fe.0.1 verbose fe.0.
PAGE 171
Port Configuration Command Set Setting Port Auto-Negotiation and Advertised Ability This example shows how to display advertised ability on all ports. Since this example does not display flow control, advertising flow control was not enabled with the set port advertised ability command. Matrix>show port advertised ability Port Advertised Ability ------------------------------------------------------fe.0.1 10half 10full 100half 100full fe.0.2 10half 10full 100half 100full fe.0.
PAGE 172
Port Configuration Command Set Setting Port Auto-Negotiation and Advertised Ability 4.3.5.4 set port advertised ability Use this command to enable or disable and to configure the advertised ability on one or more ports. set port advertised ability port-string {10 | 100 | 1000 | all} {half | full | all} {flowcontrol} {disable | enable} Syntax Description port-string Specifies the port(s) for which to enable, disable or configure advertised ability.
PAGE 173
Port Configuration Command Set Setting Flow Control and Thesholds 4.3.6 Setting Flow Control and Thesholds About Managing Oversubscribed Ports At times during normal switch operation, a burst of traffic could temporarily oversubscribe an egress port. Oversubscribed means more traffic is destined to a port than it can transmit. The two general approaches to handle this situation are flow control and Head of Line (HOL) Blocking Prevention.
PAGE 174
Port Configuration Command Set Setting Flow Control and Thesholds • show flow agetime (Section 4.3.6.5) • set flow agetime (Section 4.3.6.6) • clear flow agetime (Section 4.3.6.7) • show port holbp (Section 4.3.6.8) • set port holbp (Section 4.3.6.9) 4.3.6.1 show port flowcontrol Use this command to display the flow control state for one or more ports. show port flowcontrol [port-string] Syntax Description port-string (Optional) Displays flow control state for specific port(s).
PAGE 175
Port Configuration Command Set Setting Flow Control and Thesholds 4.3.6.2 set port flowcontrol Use this command to enable or disable flow control for one or more ports. Note that you cannot execute this command if auto-negotiation is enabled. set port flowcontrol port-string {disable | enable} Syntax Description port-string Specifies the port(s) for which to enable or disable flow control. For a detailed description of possible port-string values, refer to Section 4.1.2.
PAGE 176
Port Configuration Command Set Setting Flow Control and Thesholds 4.3.6.3 show port buffer threshold Use this command to display port buffer threshold settings. show port buffer threshold Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only. Example This example shows how to display port buffer threshold settings.
PAGE 177
Port Configuration Command Set Setting Flow Control and Thesholds 4.3.6.4 set port buffer threshold Use this command to configure buffer threshold settings for a group of ports. This command applies priority queue or buffer percentages to various types of ingress or egress thresholds, and can also be used to reset all thresholds back to default values. Ingress thresholds are used for buffer control at the point the frame enters the switch.
PAGE 178
Port Configuration Command Set Setting Flow Control and Thesholds threshold (Cont’d) • EgressGeneral - controls the buffer allocations for unicast frames destined to a single egress port, for multicast frames queued for egress per device, and for frames destined for routing ports. • ResetAll - resets all threshold types.
PAGE 179
Port Configuration Command Set Setting Flow Control and Thesholds xon-limit xoff-limit When the IngressRX threshold type is chosen, sets the Xon and Xoff limits. When this limit is reached, the receiving port sends flow control pause frames the sending port requesting that transmissions be “turned off”. Once the sending port responds to the request, the frames will empty until the Xon threshold is reached.
PAGE 180
Port Configuration Command Set Setting Flow Control and Thesholds This example shows how to set the receive buffer and the flow control on and off limit buffers within the IngressRX threshold for frames destined for Gigabit Ethernet ports: Matrix>set port buffer threshold ingressrx ge 30.0 20.0 25.0 This example shows how to reset all port threshold buffers to default values: Matrix>set port buffer threshold resetall 4.3.6.5 show flow agetime Use this command to display the flow age time setting.
PAGE 181
Port Configuration Command Set Setting Flow Control and Thesholds 4.3.6.6 set flow agetime Use this command to set the number of seconds flow control entries will remain active if no activity occurs on the flow. set flow agetime time Syntax Description time Specifies the number of seconds before flow limiting entries will age out. Valid values are 1 - 600. Command Type Switch command. Command Mode Read-Write. Command Defaults None.
PAGE 182
Port Configuration Command Set Setting Flow Control and Thesholds Command Defaults None. Example This example shows how to reset the flow limit age time to 30 seconds: Matrix>clear flow agetime 4.3.6.8 show port holbp Use this command to display Head of Line (HOL) Blocking Prevention settings for one or more ports. show port holbp port-string {ingress | egress} Syntax Description port-string Specifies the port(s) for which to display HOL Blocking Prevention settings.
PAGE 183
Port Configuration Command Set Setting Flow Control and Thesholds limits must be configured using the set port buffer threshold command as described in Section 4.3.6.4: Matrix>show port holbp ge.0.* egress Port Egress HOL Priority Queue 0 1 2 ge.0.1 enabled enabled enabled ge.0.2 enabled enabled enabled ge.0.3 enabled enabled enabled ge.0.4 enabled enabled enabled ge.0.5 enabled enabled enabled ge.0.6 enabled enabled enabled 4.3.6.
PAGE 184
Port Configuration Command Set Setting Flow Control and Thesholds Command Mode Read-Write. Example This example shows how to enable egress HOL Blocking Prevention on Fast Ethernet front panel port 2: Matrix>set port holbp fe.0.
PAGE 185
Port Configuration Command Set Setting Port Traps 4.3.7 Setting Port Traps Purpose To display the status, and to enable or disable an SNMP link trap on one or more ports. This operation is typically used to alert the system manager of a change in the link status of the port. Command The commands needed to display, enable or disable port traps are listed below and described in the associated section as shown. • show port trap (Section 4.3.7.1) • set port trap (Section 4.3.7.2) 4.3.7.
PAGE 186
Port Configuration Command Set Setting Port Traps Examples This example shows how to display SNMP link trap status for Fast Ethernet front panel ports 1 through 3: Matrix>show port trap fe.0.1-3 Port State --------- --------fe.0.1 enabled fe.0.2 enabled fe.0.3 enabled This example shows how to display SNMP link trap status for all ports: Matrix>show port trap Port State --------- --------fe.0.1 enabled fe.0.4 enabled fe.0.7 enabled fe.0.10 enabled fe.0.13 enabled fe.0.16 enabled fe.0.19 enabled fe.0.
PAGE 187
Port Configuration Command Set Setting Port Traps 4.3.7.2 set port trap Use this command to enable or disable an SNMP link trap on one or more ports. set port trap port-string {enable | disable} Syntax Description port-string Specifies the port(s) for which to enable or disable a trap. For a detailed description of possible port-string values, refer to Section 4.1.2. enable | disable Enables or disables a trap on the specified port. Command Defaults None. Command Type Switch command.
PAGE 188
Port Configuration Command Set Overview: Port Mirroring 4.3.8 Overview: Port Mirroring CAUTION: Port mirroring configuration should be performed only by personnel who are knowledgeable about the effects of port mirroring and its impact on network operation. The Matrix E1 allows you to mirror the traffic being switched on one or more ports for the purposes of network traffic analysis and connection assurance.
PAGE 189
Port Configuration Command Set Setting Port Mirroring 4.3.9 Setting Port Mirroring Purpose To display or set a source and target port for port mirroring on the device, or to clear a port mirroring relationship. Commands The commands needed to configure port mirroring are listed below and described in the associated section as shown. • show port mirroring (Section 4.3.9.1) • set port mirroring (Section 4.3.9.2) • clear port mirroring (Section 4.3.9.3) 4.3.9.
PAGE 190
Port Configuration Command Set Setting Port Mirroring Ethernet front panel port 4, and Fast Ethernet front panel port 23 is mirroring traffic from Fast Ethernet front panel port 19. Mirroring is currently disabled on the device: Matrix>show port mirroring Port Mirroring Status : Disabled =============================== Source Port = fe.0.4 Target Port = fe.0.11 =============================== Source Port = fe.0.19 Target Port = fe.0.23 4.3.9.
PAGE 191
Port Configuration Command Set Setting Port Mirroring Command Mode Read-Write. Examples This example shows how to set port mirroring with fe.0.4 as the source port and fe.0.11 as the target port: Matrix>set port mirroring fe.0.4 fe.0.11 This example shows how to disable port mirroring: Matrix>set port mirroring disable 4.3.9.3 clear port mirroring Use this command to clear a mirroring association between ports.
PAGE 192
Port Configuration Command Set Configuring Link Aggregation 4.3.10 Configuring Link Aggregation Link aggregation — using multiple links simultaneously — is a powerful feature for increasing the bandwidth of a network connection and for ensuring fault recovery. Matrix E1 devices support the following two methods of link aggregation: • Port Trunking — Statically grouping ports by creating and assigning ports to a “trunk”.
PAGE 193
Port Configuration Command Set Configuring Link Aggregation • None of the ports in a trunk or LAG should be configured as a mirror source port or mirror target port. If a port with an active LACP link is configured as a mirror source or target port, the LACP link will be brought down. Note that all eight ports in the same port group are affected—once one port in the group is mirrored, any other LACP ports in the same group will be removed from the trunk.
PAGE 194
Port Configuration Command Set Configuring Link Aggregation NOTE: This port grouping limitation does not apply to the Matrix E1 1G582-09 model or Gigabit Ethernet expansion modules. Figure 4-3 Port Grouping Designations for the Matrix E1 1H582-51 1 2 1 2 1.x 1 2 3.x 2.x 0.x 1 Figure 4-4 2 3 4 5 6 Port Grouping Designations for the Matrix E1 1H582-25 1 2 1.x 0.
PAGE 195
Port Configuration Command Set Configuring Link Aggregation Table 4-6 Port Grouping IDs for the 1H-16TX and 1H-8FX Expansion Modules Expansion Module Slot Location 1, 2 or 3 1H-16TX Group IDs Ports 1 1 thru 8 1H-8FX Group IDs Ports 2 9 thru 16 1 1 thru 8 For details on how to specify port designation in the CLI syntax, refer to Section 4.1.2.
PAGE 196
Port Configuration Command Set Configuring Static Port Trunking 4.3.11 Configuring Static Port Trunking The Matrix E1 allows you to configure up to 12 trunks on the device. Depending on the Matrix E1 model type and the expansion module(s) installed, each trunk can combine up to eight ports into an aggregate connection with up to 8 Gbps of bandwidth when operating at full duplex.
PAGE 197
Port Configuration Command Set Configuring Static Port Trunking 4.3.11.1 show trunk Use this command to display trunking information for the device. Output will vary depending on the link aggregation mode of the device, as shown in the examples below. show trunk [trunk_name] Syntax Description trunk_name (Optional, portTrunking mode only) Displays trunking information for a specific trunk. Command Defaults If trunk_name is not specified, information for all trunks will be displayed.
PAGE 198
Port Configuration Command Set Configuring Static Port Trunking This example shows how to display trunking information when the device is in port trunking mode: Matrix>show trunk Device is in portTrunking mode. Trunking algorithm is round robin.
PAGE 199
Port Configuration Command Set Configuring Static Port Trunking Table 4-7 show trunk Output Details (Continued) Output What It Displays... OKey (Displayed in 802.3ad mode only.) Operational key, which determines underlying physical ports’ ability to aggregate. For more details, refer to Section 4.3.13.2. ports (Displayed in 802.3ad mode only.) Physical ports belonging to the LAG.
PAGE 200
Port Configuration Command Set Configuring Static Port Trunking 4.3.11.2 set trunkmode Use this command to toggle the trunking mode on the device from the default (802.3ad) to port trunking, which allows the device to recognize statically created port trunks. set trunkmode {8023ad | porttrunking} Syntax Description 8023ad Enables 802.3ad link aggregation mode. porttrunking Enables manual port trunking mode. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 201
Port Configuration Command Set Configuring Static Port Trunking Command Type Switch command. Command Mode Read-Write. Example This example shows how to create a trunk named “blue”: Matrix>set trunk blue create 4.3.11.4 clear trunk Use this command to delete a trunk when the device is set to port trunking mode. clear trunk trunk_name Syntax Description trunk_name Specifies the name of the trunk to be deleted. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 202
Port Configuration Command Set Configuring Static Port Trunking 4.3.11.5 set trunk port Use this command to add one or more trunk ports to an existing trunk when the device is set to port trunking mode. set trunk port trunk_name port-string Syntax Description trunk_name Specifies the name of the trunk to which the trunk port will be added. port-string Specifies the designation of the port(s) to be added to the trunk. For a detailed description of possible port-string values, refer to Section 4.1.2.
PAGE 203
Port Configuration Command Set Configuring Static Port Trunking Syntax Description trunk_name Specifies the name of the trunk from which the port will be removed. port-string Specifies the designation of the port to be removed from the trunk. For a detailed description of possible port-string values, refer to Section 4.1.2. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 204
Port Configuration Command Set Configuring Static Port Trunking Command Mode Read-Write.
PAGE 205
Port Configuration Command Set Link Aggregation Control Protocol (LACP) 4.3.12 Link Aggregation Control Protocol (LACP) CAUTION: Link aggregation configuration should only be performed by personnel who are knowledgeable about Spanning Tree and Link Aggregation, and fully understand the ramifications of modifications beyond device defaults. Otherwise, the proper operation of the network could be at risk.
PAGE 206
Port Configuration Command Set Link Aggregation Control Protocol (LACP) • Controlling the addition of a link to a LAG, and the creation of the group if necessary. • Monitoring the status of aggregated links to ensure that the aggregation is still valid. • Removing a link from a LAG if its membership is no longer valid, and removing the group if it no longer has any member links.
PAGE 207
Port Configuration Command Set Link Aggregation Control Protocol (LACP) Table 4-8 LACP Terms and Definitions (Continued) Term Definition Actor and Partner An actor is the local device sending LACPDUs. Its protocol partner is the device on the other end of the link aggregation. Each maintains current status of the other via LACPDUs containing information about their ports’ LACP status and operational state.
PAGE 208
Port Configuration Command Set Link Aggregation Control Protocol (LACP) • Ethernet ports do not belong to the same port group. As described in Section 4.3.10.1, only one LAG is allowed per Ethernet port group. • There is no available aggregator for two or more ports with the same LAG ID. This can happen if there are simply no available aggregators, or if none of the aggregators have a matching admin key and system priority. • 802.1x authentication is enabled using the set eapol command (Section 14.3.2.
PAGE 209
Port Configuration Command Set Configuring Link Aggregation 4.3.13 Configuring Link Aggregation Purpose To disable and re-enable the Link Aggregation Control Protocol (LACP), to display and configure LACP settings for one or more aggregator ports, and to display and configure the LACP settings for underlying physical ports that are potential members of a link aggregation. NOTE: Commands with the keyword lacp can only be used when the device is in 802.3ad mode.
PAGE 210
Port Configuration Command Set Configuring Link Aggregation Command Mode Read-Write. Example This example shows how to disable LACP: Matrix>set lacp disable 4.3.13.2 set lacp static Use this command to assign one or more underlying physical ports to a Link Aggregation Group (LAG). This provides the ability to hard code LAG trunks, similar to forming trunks while the device is in port trunking mode.
PAGE 211
Port Configuration Command Set Configuring Link Aggregation Command Mode Read-Write. Example This example shows how to add Fast Ethernet front panel ports 1 through 4 to the LAG of aggregator port 1. As noted above, other ports cannot attach to lag.0.1 until this static LAG is cleared: Matrix>set lacp static lag.0.1 fe.0.1-4 4.3.13.3 clear lacp static Use this command to remove specific ports from a Link Aggregation Group.
PAGE 212
Port Configuration Command Set Configuring Link Aggregation 4.3.13.4 show port lacp Use this command to display link aggregation information for one or more underlying physical ports. show port lacp {[port-string] [counters port-string] [detail port-string]} Syntax Description port-string Displays LACP information for specific port(s). For a detailed description of possible port-string values, refer to Section 4.1.2. counters port-string Displays LACP counter information for one or more ports.
PAGE 213
Port Configuration Command Set Configuring Link Aggregation NOTES: State definitions, such as ActorAdminState and Partner AdminState, are indicated with letter abbreviations.
PAGE 214
Port Configuration Command Set Configuring Link Aggregation 4.3.13.5 set port lacp Use this command to set link aggregation parameters for one or more ports. These settings will determine the specified underlying physical ports’ ability to join a LAG, and their administrative state once aggregated.
PAGE 215
Port Configuration Command Set Configuring Link Aggregation Command Mode Read-Write. Examples This example shows how to place ports ge.0.1 and ge.0.2 in the same LAG by assigning both padminkey 1: Matrix>set port lacp padminkey ge.0.1 1 Matrix>set port lacp padminkey ge.0.2 1 This example shows how to clear the LAG created: Matrix>set port lacp padminkey ge.0.* default This example shows how to disable LACP processing on all Gigabit Ethernet front panel ports: Matrix>set port lacp disable ge.0.
PAGE 216
Port Configuration Command Set Configuring Port Broadcast Suppression 4.3.14 Configuring Port Broadcast Suppression Purpose To display, disable or set the broadcast thresholds on a per-port basis. This limits the amount of received broadcast frames that the specified port will be allowed to switch out to other ports. Broadcast suppression protects against broadcast storms, leaving more bandwidth available for critical data.
PAGE 217
Port Configuration Command Set Configuring Port Broadcast Suppression Example This example shows how to display broadcast information for Fast Ethernet front panel port 1, where broadcast suppression is enabled and set to 500 packets per second (pps): Matrix>show port broadcast fe.0.1 Broadcast Suppression enabled for port fe.0.1 at 500 pps 4.3.14.2 set port broadcast Use this command to set the broadcast suppression limit in packets per second on one or more ports.
PAGE 218
Port Configuration Command Set Configuring Port Broadcast Suppression This example shows how to set broadcast suppression to 2000 packets per second on Fast Ethernet front panel ports 10 through 13: Matrix>set port broadcast fe.0.
PAGE 219
Port Configuration Command Set Configuring Unknown Destination Address Suppression 4.3.15 Configuring Unknown Destination Address Suppression Purpose To display, enable or disable the unknown destination address suppression function on one or more ports. When enabled, this function prevents unknown unicast traffic from being transmitted out ports. It is intended for “static” configurations where all MAC addresses are known within the system and excess “flooding” of unlearned unicast traffic is not desired.
PAGE 220
Port Configuration Command Set Configuring Unknown Destination Address Suppression Command Mode Read-Only. Example This example shows how to display the status of unknown unicast traffic suppression on Fast Ethernet front panel port 1. In this case, the default state of disabled has not been changed: Matrix>show port unknowndestsuppress fe.0.1 Unknown Destination Forwarding Status Port: Status: ==================== fe.0.1 Disabled 4.3.15.
PAGE 221
Port Configuration Command Set Configuring Unknown Destination Address Suppression 4.3.15.3 clear port unknowndestsuppress Use this command to reset the suppression of unknown unicast traffic transmission from one or more ports to the default state of disabled. clear port unknowndestsuppress [port-string] Syntax Description port-string (Optional) Resets status for specific port(s).For a detailed description of possible port-string values, refer to Section 4.1.2.
PAGE 222
Port Configuration Command Set Configuring Unknown Destination Address Suppression 4-76 Matrix E1 Series (1G58x-09 and 1H582-xx) Configuration Guide
PAGE 223
5 SNMP Configuration This chapter describes the Simple Network Management Protocol (SNMP) set of commands and how to use them. 5.1 SNMP CONFIGURATION SUMMARY SNMP is an application-layer protocol that facilitates the exchange of management information between network devices. SNMP enables network administrators to manage network performance, find and solve network problems, and plan for network growth.
PAGE 224
SNMP Configuration Summary SNMPv3 5.1.2 SNMPv3 SNMPv3 is an interoperable standards-based protocol that provides secure access to devices by authenticating and encrypting frames over the network. The advanced security features provided in SNMPv3 are as follows: • Message integrity — Collects data securely without being tampered with or corrupted. • Authentication — Determines the message is from a valid source.
PAGE 225
SNMP Configuration Summary Process Overview: SNMP Configuration Table 5-1 SNMP Security Levels Model Security Level Authentication Encryption How It Works v1 NoAuthNoPriv Community string None Uses a community string match for authentication. v2 NoAuthNoPriv Community string None Uses a community string match for authentication. v3 NoAuthNoPriv User name None Uses a user name match for authentication. AuthNoPriv MD5 None Provides authentication based on the HMAC-MD5 algorithm.
PAGE 226
SNMP Configuration Summary Process Overview: SNMP Configuration 6. Configuring SNMP target addresses (Section 5.2.6) 7. Configuring SNMP notification parameters (Section 5.2.7) 8. Configuring a basic SNMP trap notification (Section 5.2.
PAGE 227
SNMP Command Set Disabling / Enabling and Reviewing SNMP Statistics 5.2 SNMP COMMAND SET 5.2.1 Disabling / Enabling and Reviewing SNMP Statistics Purpose To disable, re-enable SNMP and to review SNMP statistics. Commands The commands needed to disable or enable SNMP and review SNMP statistics are listed below and described in the associated section as shown. • show snmp (Section 5.2.1.1) • set snmp (Section 5.2.1.2) • show snmp engineid (Section 5.2.1.3) • show snmp counters (Section 5.2.1.4) 5.2.1.
PAGE 228
SNMP Command Set Disabling / Enabling and Reviewing SNMP Statistics Example This example shows how to display SNMP status: Matrix>show snmp SNMP is currently enabled. 5.2.1.2 set snmp Use this command to enable or disable SNMP management on the device. set snmp {enable | disable} Syntax Description enable | disable Enables or disables SNMP management. Command Defaults None. Command Type Switch command. Command Mode Read-Write. Example This example shows how to disable SNMP: Matrix>set snmp disable 5.
PAGE 229
SNMP Command Set Disabling / Enabling and Reviewing SNMP Statistics Command Type Switch command. Command Mode Read-Only. Example This example shows how to display SNMP engine properties: Matrix>show snmp engineid EngineId: 80:00:15:f8:03:00:e0:63:9d:b5:87 Engine Boots = 12 Engine Time = 162181 Max Msg Size = 2048 Table 5-2 shows a detailed explanation of the command output. Table 5-2 5.2.1.4 show snmp engineid Output Details Output What It Displays...
PAGE 230
SNMP Command Set Disabling / Enabling and Reviewing SNMP Statistics Command Type Switch command. Command Mode Read-Only.
PAGE 231
SNMP Command Set Disabling / Enabling and Reviewing SNMP Statistics Example This example shows how to display SNMP counter values Matrix>show snmp counters --- mib2 SNMP group counters: snmpInPkts = 396601 snmpOutPkts = 396601 snmpInBadVersions = 0 snmpInBadCommunityNames = 0 snmpInBadCommunityUses = 0 snmpInASNParseErrs = 0 snmpInTooBigs = 0 snmpInNoSuchNames = 0 snmpInBadValues = 0 snmpInReadOnlys = 0 snmpInGenErrs = 0 snmpInTotalReqVars = 403661 snmpInTotalSetVars = 534 snmpInGetRequests = 290 snmpInGet
PAGE 232
SNMP Command Set Disabling / Enabling and Reviewing SNMP Statistics Table 5-3 show snmp counters Output Details Output What It Displays... snmpInPkts Number of messages delivered to the SNMP entity from the transport service. snmpOutPkts Number of SNMP messages passed from the SNMP protocol entity to the transport service. snmpInBadVersions Number of SNMP messages delivered to the SNMP entity for an unsupported SNMP version.
PAGE 233
SNMP Command Set Disabling / Enabling and Reviewing SNMP Statistics Table 5-3 show snmp counters Output Details (Continued) Output What It Displays... snmpInTotalReqVars Number of MIB objects retrieved successfully by the SNMP protocol entity as the result of receiving valid SNMP Get-Request and Get-Next PDUs. snmpInTotalSetVars Number of MIB objects altered successfully by the SNMP protocol entity as the result of receiving valid SNMP Set-Request PDUs.
PAGE 234
SNMP Command Set Disabling / Enabling and Reviewing SNMP Statistics Table 5-3 show snmp counters Output Details (Continued) Output What It Displays... snmpOutGetNexts Number of SNMP Get-Next PDUs generated by the SNMP protocol entity. snmpOutSetRequests Number of SNMP Set-Request PDUs generated by the SNMP protocol entity. snmpOutGetResponses Number of SNMP Get-Response PDUs generated by the SNMP protocol entity. snmpOutTraps Number of SNMP Trap PDUs generated by the SNMP protocol entity.
PAGE 235
SNMP Command Set Disabling / Enabling and Reviewing SNMP Statistics Table 5-3 show snmp counters Output Details (Continued) Output What It Displays... usmStatsWrongDigests Number of packets received by the SNMP engine that were dropped because they did not contain the expected digest value. usmStatsDecriptionErrors Number of packets received by the SNMP engine that were dropped because they could not be decrypted.
PAGE 236
SNMP Command Set Configuring SNMP Users, Groups and Communities 5.2.2 Configuring SNMP Users, Groups and Communities Purpose To review and configure SNMP users, groups and communities. These are defined as follows: • User — A person registered in SNMPv3 to access SNMP management. • Group — A collection of users who share the same SNMP access privileges. • Community — A name used to authenticate SNMPv1 and v2 users.
PAGE 237
SNMP Command Set Configuring SNMP Users, Groups and Communities 5.2.2.1 show snmp user Use this command to display information about users. These are people registered to access SNMP management. show snmp user [user [remote remote]] Syntax Description user (Optional) Displays information about a specific user. remote remote (Optional) Displays information about users on a specific remote SNMP engine. Command Defaults • If user is not specified, information about all SNMP users will be displayed.
PAGE 238
SNMP Command Set Configuring SNMP Users, Groups and Communities Table 5-4 5.2.2.2 show snmp user Output Details Output What It Displays... EngineId SNMP local engine identifier. Username SNMPv1 or v2 community name or SNMPv3 user name. Auth protocol Type of authentication protocol applied to this user. Privacy protocol Whether a privacy protocol is applied when authentication protocol is in use.
PAGE 239
SNMP Command Set Configuring SNMP Users, Groups and Communities • If remote is not specified, the user will be registered for the local SNMP engine. • If storage type is not specified, nonvolatile will be applied. Command Type Switch command. Command Mode Read-Write.
PAGE 240
SNMP Command Set Configuring SNMP Users, Groups and Communities Example This example shows how to remove the SNMP user named “bill”: Matrix>clear snmp user bill 5.2.2.4 show snmp group Use this command to display an SNMP group configuration. An SNMP group is a collection of SNMPv3 users who share the same access privileges. show snmp group [groupname] [user user] [security-model {v1 | v2 | v3}] Syntax Description groupname groupname (Optional) Displays information for a specific SNMP group.
PAGE 241
SNMP Command Set Configuring SNMP Users, Groups and Communities Example This example shows how to display SNMP group information: Matrix>show snmp group --- SNMP group information --Security model = SNMPv1 Security/user name = public Group name = Anyone Storage type = nonVolatile Row status = active Security model Security/user name Group name Storage type Row status = = = = = SNMPv1 public.router1 Anyone nonVolatile active Table 5-5 shows a detailed explanation of the command output.
PAGE 242
SNMP Command Set Configuring SNMP Users, Groups and Communities 5.2.2.5 set snmp group Use this command to create an SNMP group. This associates SNMPv3 users to a group that shares common access privileges. set snmp group groupname user user security-model {v1 | v2 | v3} [volatile | nonvolatile] Syntax Description groupname Specifies an SNMP group name to create. user user Specifies an SNMPv3 user name to assign to the group.
PAGE 243
SNMP Command Set Configuring SNMP Users, Groups and Communities 5.2.2.6 clear snmp group Use this command to clear SNMP group settings globally or for a specific SNMP group or user. clear snmp group groupname user [security-model {v1 | v2 | v3}] Syntax Description groupname Specifies the SNMP group to be cleared. user Specifies the SNMP user to be cleared. security-model v1 | (Optional) Clears the settings associated with a specific v2 | v3 security model.
PAGE 244
SNMP Command Set Configuring SNMP Users, Groups and Communities 5.2.2.7 show community Use this command to display SNMPv1 and v3 community names and access policies. In SNMPv1 and v2, community names act as passwords to remote SNMP management. Access is controlled by enacting either of two levels of security authorization (Read-Only or Read-Write). show community Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only.
PAGE 245
SNMP Command Set Configuring SNMP Users, Groups and Communities 5.2.2.8 set community Use this command to set SNMPv1 and v2 community names and access policies. set community community_name access_ policy Syntax Description community_name Specifies the name through which a user will access SNMP management. Up to 5 community names can be set. access_ policy Specifies the access permission accorded each community name.
PAGE 246
SNMP Command Set Configuring SNMP Users, Groups and Communities 5.2.2.9 clear community Use this command to delete an SNMPv1 or v2 community name. clear community community_name Syntax Description community_name Specifies the SNMP management user access name to be deleted. Command Defaults None. Command Type Switch command. Command Mode Read-Write. Example This example shows how to delete the community name “green.” Matrix>clear community green 5.2.2.
PAGE 247
SNMP Command Set Configuring SNMP Users, Groups and Communities Command Mode Read-Only. Example This example shows how to display SNMPv3 information about the “public” community name: Matrix>show snmp community public Community Name: public Security User Name: initial-restricted SNMP Engine ID: 80:00:38:18:03:00:01:f4:d2:bc:80 Storage Type: nonvolatile Row Status: active 5.2.2.
PAGE 248
SNMP Command Set Configuring SNMP Users, Groups and Communities Example This example shows how to allow the SNMPv1 “green” community access to the “netops” user security policies: Matrix>set snmp community green netops 5.2.2.12 clear snmp community Use this command to remove a relationship between an SNMP v1 or v2 community name and an SNMPv3 access policy. clear snmp community name Syntax Description name Specifies the SNMPv1 or v2 community name for which the SNMPv3 relationship will be cleared.
PAGE 249
SNMP Command Set Configuring SNMP Access Rights 5.2.3 Configuring SNMP Access Rights Purpose To review and configure SNMP access rights, assigning viewing privileges and security levels to SNMP user groups. Commands The commands needed to review and configure SNMP access are listed below and described in the associated section as shown. • show snmp access (Section 5.2.3.1) • set snmp access (Section 5.2.3.2) • clear snmp access (Section 5.2.3.3) • show snmp authenticationtrap (Section 5.2.3.
PAGE 250
SNMP Command Set Configuring SNMP Access Rights • If security-model is not specified, access information for all SNMP versions will be displayed. • If access level is not specified, information for all levels will be displayed. Command Type Switch command. Command Mode Read-Only. Example This example shows how to display SNMP access information: Matrix>show snmp access Group Name: initial Security Model: SNMPv3 Security Level: No authentication.
PAGE 251
SNMP Command Set Configuring SNMP Access Rights Table 5-7 show snmp access Output Details (Continued) Output What It Displays... Security Level Security level applied to this group. Valid levels are: • noauth — No authentication or privacy protocol required. • auth — Authentication but no privacy protocol required. • authpriv — Authentication and privacy protocol required. 5.2.3.2 Storage Type Whether access entries for this group are stored in volatile, nonvolatile or read-only memory.
PAGE 252
SNMP Command Set Configuring SNMP Access Rights Syntax Description groupname Specifies a name for an SNMP group. security-model v1 | Applies SNMP version 1, 2c or 3. v2 | v3 noauth | auth | authpriv Applies an SNMPv3 security level as no authentication, authentication without privacy or authentication with privacy. Privacy specifies that messages sent on behalf of the user are protected from disclosure. read read (Optional) Applies read access view.
PAGE 253
SNMP Command Set Configuring SNMP Access Rights 5.2.3.3 clear snmp access Use this command to clear the SNMP access entry of a specific group, including its set SNMP security-model, and level of security. clear snmp access groupname security-model {v1 | v2 | v3 {noauth | auth | authpriv}} Syntax Description groupname Specifies the name of the SNMP group for which to clear access. security-model v1 | Specifies the security model to be cleared for the SNMP v2 | v3 access group.
PAGE 254
SNMP Command Set Configuring SNMP Access Rights Command Type Switch command. Command Mode Read-Only. Example This example shows how to display the status of the SNMP authentication trap function: Matrix>show snmp authenticatontrap authentication traps enabled 5.2.3.5 set snmp authentication trap Use this command to enable or disable the SNMP authentication trap function.
PAGE 255
SNMP Command Set Configuring SNMP MIB Views 5.2.4 Configuring SNMP MIB Views Purpose To review and configure SNMP MIB views. SNMP views map SNMP objects to access rights. Commands The commands needed to review and configure SNMP MIB views are listed below and described in the associated section as shown. • show snmp view (Section 5.2.4.1) • set snmp view (Section 5.2.4.2) • clear snmp view (Section 5.2.4.3) 5.2.4.
PAGE 256
SNMP Command Set Configuring SNMP MIB Views Example This example shows how to display configuration information for the SNMP MIB view “internet”: Matrix>show snmp view internet View Name: internet Subtree OID: 1 View Type: Included. Row Status: active Storage Type: nonvolatile Table 5-8 provides an explanation of the command output. For details on using the set snmp view command to assign variables, refer to Section 5.2.4.2. Table 5-8 5-34 show snmp view Output Details Output What It Displays...
PAGE 257
SNMP Command Set Configuring SNMP MIB Views 5.2.4.2 set snmp view Use this command to set a MIB configuration for SNMPv3 view-based access (VACM). set snmp view viewname subtree subtree [included | excluded] [volatile | nonvolatile] Syntax Description viewname Specifies a name for a MIB view subtree subtree Specifies a MIB subtree name. included | excluded (Optional) Specifies subtree use (default) or no subtree use.
PAGE 258
SNMP Command Set Configuring SNMP MIB Views Syntax Description viewname Specifies the MIB view name to be deleted. subtree subtree Specifies the subtree name of the MIB view to be deleted. Command Defaults None. Command Type Switch command. Command Mode Read-Write. Example This example shows how to delete SNMP MIB view “public”: Matrix>clear snmp view public subtree 1.3.6.
PAGE 259
SNMP Command Set Configuring SNMP Target Parameters 5.2.5 Configuring SNMP Target Parameters Purpose To review and configure SNMP target parameters. This controls where and under what circumstances SNMP notifications will be sent. A target parameter entry can be bound to a target IP address allowed to receive SNMP notification messages with the set snmp targetaddr command (Section 5.2.6.2).
PAGE 260
SNMP Command Set Configuring SNMP Target Parameters Example This example shows how to display SNMP target parameters information: Matrix>show snmp targetparams --- SNMP TargetParams information --Target Parameter Name = v1ExampleParams Security Name = public Message Proc. Model = SNMPv1 Security Level = noAuthNoPriv Storage type = nonVolatile Row status = active Target Parameter Name Security Name Message Proc.
PAGE 261
SNMP Command Set Configuring SNMP Target Parameters Table 5-9 show snmp targetparams Output Details (Continued) Output What It Displays... Security Level Type of security level. Valid levels are: • noauth — No authentication or privacy protocol required. • auth — Authentication but no privacy protocol required. • authpriv — Authentication and privacy protocol required. 5.2.5.2 Storage type Whether entry is stored in volatile, nonvolatile or read-only memory.
PAGE 262
SNMP Command Set Configuring SNMP Target Parameters Syntax Description paramsname Specifies a name identifying parameters used to generate SNMP messages to a particular target. user user Specifies an SNMPv1 or v2 community name or an SNMPv3 user name. Maximum length is 32 bytes. security-model v1 | Specifies the SNMP security model applied to this target v2 | v3 parameter as version 1, 2c or 3.
PAGE 263
SNMP Command Set Configuring SNMP Target Parameters 5.2.5.3 clear snmp targetparams Use this command to delete an SNMP target parameter configuration. clear snmp targetparams targetparams Syntax Description targetparams Specifies the name of the parameter in the SNMP target parameters table to be cleared. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 264
SNMP Command Set Configuring SNMP Target Addresses 5.2.6 Configuring SNMP Target Addresses Purpose To review and configure SNMP target addresses which will receive SNMP notification messages. An address configuration can be linked to optional SNMP transmit, or target, parameters (such as timeout, retry count, and UDP port) set with the set snmp targetparams command (Section 5.2.5.2).
PAGE 265
SNMP Command Set Configuring SNMP Target Addresses Example This example shows how to display SNMP target address information: Matrix>show snmp targetaddr --- SNMP targetaddr information --Target Address Name = 1 Tag List = Console IP Address = 127.0.0.1 UDP Port# = 0 Target Mask = 255.255.255.
PAGE 266
SNMP Command Set Configuring SNMP Target Addresses Table 5-10 5.2.6.2 show snmp targetaddr Output Details (Continued) Output What It Displays... Parameters Entry in the snmpTargetParamsTable. Storage type Whether entry is stored in volatile, nonvolatile or read-only memory. Row status Status of this entry: active, notInService, or notReady. set snmp targetaddr Use this command to set an SNMP target address configuration.
PAGE 267
SNMP Command Set Configuring SNMP Target Addresses Syntax Description targetaddr Specifies a unique identifier to index the snmpTargetAddrTable. Maximum length is 32 bytes. param param Specifies an entry in the SNMP target parameters table, which is used when generating a message to the target. Maximum length is 32 bytes. ipaddress ipaddr Specifies the IP address of the target. port udpport (Optional) Specifies which UDP port of the target host to use. Default value is 162.
PAGE 268
SNMP Command Set Configuring SNMP Target Addresses Example This example shows how to set an SNMP target address of “1” associated with a parameter called v1ExampleParams on IP address 127.0.0.1 and UDP port 160: Matrix>set snmp targetaddr 1 param v1ExampleParams ipaddress 127.0.0.1 udp 160 5.2.6.3 clear snmp targetaddr Use this command to delete an SNMP target address entry. clear snmp targetaddr targetAddr Syntax Description targetAddr Specifies the target address entry to delete.
PAGE 269
SNMP Command Set Configuring SNMP Notification Parameters 5.2.7 Configuring SNMP Notification Parameters Purpose To configure SNMP notification parameters and optional filters. Notifications are entities which handle the generation of SNMP v1 and v2 “traps” or SNMP v3 “informs” messages to select management targets. Optional notification filters identify which targets should not receive notifications.
PAGE 270
SNMP Command Set Configuring SNMP Notification Parameters 5.2.7.1 show trap Use this command to display SNMP trap configuration information. show trap Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only Example This example shows how to display the SNMP trap configuration. In this case, there are two SNMP traps enabled. One is assigned to the “orange” community at IP address 1.2.3.4. Another is assigned to the “blue” community at IP address 100.54.5.112.
PAGE 271
SNMP Command Set Configuring SNMP Notification Parameters 5.2.7.2 set trap Use this command to assign an SNMP trap to an IP address. Since the device is an SNMP compliant device, it can send messages to multiple network management stations to alert users of status changes. For details on the types of traps this device supports, refer to the appropriate Matrix E1 Release Notes.
PAGE 272
SNMP Command Set Configuring SNMP Notification Parameters Command Type Switch command. Command Mode Read-Write Example This example shows how to clear the trap assigned to IP address 172.29.65.123: Matrix>clear trap 172.29.65.123 5.2.7.4 show newaddrtrap Use this command to display the status of the SNMP new MAC addresses trap function on one or more ports.
PAGE 273
SNMP Command Set Configuring SNMP Notification Parameters Example This example shows how to display the status of the new MAC address trap function on all Gigabit Ethernet ports: Matrix>show newaddrtrap ge.*.* New Address Trap Globally disabled Port Enable State ------- ----------ge.0.1 disabled ge.0.2 disabled ge.0.3 disabled ge.0.4 disabled ge.0.5 disabled ge.0.6 disabled 5.2.7.
PAGE 274
SNMP Command Set Configuring SNMP Notification Parameters Command Mode Read-Write. Example This example shows how to enable the new MAC address trap function on port ge.0.3: Matrix>set newaddrtrap ge.0.3 enable 5.2.7.6 show snmp notify Use this command to display the SNMP notify configuration, which determines which management targets will receive SNMP notifications. show snmp notify [notify] Syntax Description notify (Optional) Displays notify entries for a specific notify name.
PAGE 275
SNMP Command Set Configuring SNMP Notification Parameters Example This example shows how to display the SNMP notify information: Matrix>show snmp notify --- SNMP notifyTable information --Notify name = 1 Notify Tag = Console Notify Type = trap Storage type = nonVolatile Row status = active Notify name Notify Tag Notify Type Storage type Row status = = = = = 2 TrapSink trap nonVolatile active Table 5-12 shows a detailed explanation of the command output.
PAGE 276
SNMP Command Set Configuring SNMP Notification Parameters 5.2.7.7 set snmp notify Use this command to set the SNMP notify configuration. This creates an entry in the SNMP notify table, which is used to select management targets who should receive notification messages. This command’s tag parameter can be used to bind each entry to a target address using the set snmp targetaddr command (Section 5.2.6.2).
PAGE 277
SNMP Command Set Configuring SNMP Notification Parameters 5.2.7.8 clear snmp notify Use this command to clear an SNMP notify configuration. set snmp notify notify Syntax Description notify Specifies an SNMP notify name to clear. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 278
SNMP Command Set Configuring SNMP Notification Parameters About SNMP Notify Filters Profiles indicating which targets should not receive SNMP notification messages are kept in the NotifyFilter table. If this table is empty, meaning that no filtering is associated with any SNMP target, then no filtering will take place. “Traps” or “informs” notifications will be sent to all destinations in the SNMP targetAddrTable that have tags matching those found in the NotifyTable.
PAGE 279
SNMP Command Set Configuring SNMP Notification Parameters Example This example shows how to display SNMP notify filter information. In this case, the notify profile “pilot1” in subtree 1.3.6 will receive SNMP notification messages: Matrix>show snmp notifyfilter --- SNMP notifyFilter information --Profile = pilot1 Subtree = 1.3.6 Filter type = included Storage type = nonVolatile Row status = active 5.2.7.10 set snmp notifyfilter Use this command to create an SNMP notify filter configuration.
PAGE 280
SNMP Command Set Configuring SNMP Notification Parameters Command Defaults • If not specified, mask is set to 255.255.255.255 • If not specified, subtree will be included. • If storage type is not specified, nonvolatile will be applied. Command Type Switch command. Command Mode Read-Write.
PAGE 281
SNMP Command Set Configuring SNMP Notification Parameters Command Mode Read-Write. Example This example shows how to delete the SNMP notify filter “pilot1”: Matrix>clear snmp notifyfilter pilot1 subtree 1.3.6 5.2.7.12 show snmp notifyprofile Use this command to display SNMP notify profile information. This associates target parameters to an SNMP notify filter to determine who should not receive SNMP notifications.
PAGE 282
SNMP Command Set Configuring SNMP Notification Parameters 5.2.7.13 set snmp notifyprofile Use this command to create an SNMP notify filter profile configuration. This associates a notification filter, created with the set snmp notifyfilter command (Section 5.2.7.10), to a set of SNMP target parameters to determine which management targets should not receive SNMP notifications.
PAGE 283
SNMP Command Set Configuring SNMP Notification Parameters Syntax Description profile Specifies an SNMP filter notify name to delete. targetparam targetparam Specifies an associated entry in the snmpTargetParamsTable. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 284
SNMP Command Set Basic SNMP Trap Configuration 5.2.8 Basic SNMP Trap Configuration Traps are notification messages sent by an SNMPv1 or v3 agent to a network management station, a console, or a terminal to indicate the occurrence of a significant event, such as when a port or module goes up or down, when there are authentication failures, and when power supply errors occur.
PAGE 285
SNMP Command Set Basic SNMP Trap Configuration Table 5-13 Basic SNMP Trap Configuration Command Set (Continued) To do this... Use these commands... Create a new notification entry. set snmp notify (Section 5.2.7.7) Create a target address entry. set snmp targetaddr (Section 5.2.6.2) Create an SNMP notify filter. set snmp notifyfilter (Section 5.2.7.10) Example The example in Figure 5-1 shows how to: • create an SNMP community called “mgmt” • configure a trap notification called “TrapSink”.
PAGE 286
SNMP Command Set Basic SNMP Trap Configuration 5-64 Matrix E1 Series (1G58x-09 and 1H582-xx) Configuration Guide
PAGE 287
6 Spanning Tree Configuration This chapter describes the Spanning Tree Configuration set of commands and how to use them. 6.1 SPANNING TREE CONFIGURATION SUMMARY 6.1.1 Overview: Single, Rapid and Multiple Spanning Tree Protocols The IEEE 802.1D Spanning Tree Protocol (STP) resolves the problems of physical loops in a network by establishing one primary path between any two devices in a network.
PAGE 288
Spanning Tree Configuration Summary Spanning Tree Features only if the forwarding link goes down. MSTP assigns each VLAN present on the network to a particular Spanning Tree instance, allowing each switch port to be in a distinct state for each such instance: blocking for one Spanning Tree while forwarding for another. Thus, traffic associated with one set of VLANs can traverse a particular inter-switch link, while traffic associated with another set of VLANs can be blocked on that link.
PAGE 289
Spanning Tree Configuration Summary Process Overview: Spanning Tree Configuration 6.1.3 Process Overview: Spanning Tree Configuration CAUTION: Spanning Tree configuration should be performed only by personnel who are very knowledgeable about Spanning Trees and the configuration of the Spanning Tree Algorithm. Otherwise, the proper operation of the network could be at risk. Use the following steps as a guide in the Spanning Tree configuration process: 1.
PAGE 290
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 6.2 SPANNING TREE CONFIGURATION COMMAND SET 6.2.1 Reviewing and Setting Spanning Tree Bridge Parameters Purpose To display and set Spanning Tree bridge parameters, including device priorities, hello time, maximum age time, forward delay, path cost, topology change trap suppression, maximum hop count, and transmit hold count.
PAGE 291
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters • set spantree bridgehellomode (Section 6.2.1.19) • clear spantree bridgehellomode (Section 6.2.1.20) • set spantree hello (Section 6.2.1.21) • clear spantree hello (Section 6.2.1.22) • set spantree maxage (Section 6.2.1.23) • clear spantree maxage (Section 6.2.1.24) • set spantree fwddelay (Section 6.2.1.25) • clear spantree fwddelay (Section 6.2.1.26) • show spantree autoedge (Section 6.2.1.
PAGE 292
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 6.2.1.1 show spantree stats Use this command to display Spanning Tree information for one or more ports or Spanning Trees. show spantree stats [sid sid] [port port-string] Syntax Description sid sid (Optional) Displays Spanning Tree information for a specific Spanning Tree. port port-string (Optional) Displays Spanning Tree information for specific port(s).
PAGE 293
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters Example This example shows how to display Spanning Tree information for Fast Ethernet front panel port 1: Matrix>show spantree stats port fe.0.
PAGE 294
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters Table 6-1 6-8 show spantree stats Output Details (Continued) Output What It Displays... Designated Root Cost Total path cost to reach the root. Designated Root Port Port through which the root bridge can be reached. Root Max Age Amount of time (in seconds) a BPDU packet should be considered valid.
PAGE 295
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters Table 6-1 6.2.1.2 show spantree stats Output Details (Continued) Output What It Displays... Max Hops Spanning Tree maximum hop count. Default of 20 can be changed using the set spantree maxhops command, as described in Section 6.2.1.39. SID Spanning Tree ID. Port Spanning Tree port designation. For a detailed description of possible port-string values, refer to Section 4.1.2.
PAGE 296
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters Example This example shows how to disable Spanning Tree on the device: Matrix>set spantree disable 6.2.1.3 show spantree version Use this command to display the current version of the Spanning Tree protocol running on the device. show spantree version Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only.
PAGE 297
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 6.2.1.4 set spantree version Use this command to set the version of the Spanning Tree protocol to RSTP (Rapid Spanning Tree Protocol) or to STP 802.1D-compatible. set spantree version {mstp | rstp | stpcompatible} NOTE: In most networks, Spanning Tree version should not be changed from its default setting of mstp (Multiple Spanning Tree Protocol) mode.
PAGE 298
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters Command Defaults None. Command Type Switch command. Command Mode Read-Write. Example This example shows how to reset the version of the Spanning Tree protocol to MSTP: Matrix>clear spantree version 6.2.1.6 show spantree mstilist Use this command to display a list of Multiple Spanning Tree (MST) instances configured on the device. show spantree mstilist Syntax Description None. Command Defaults None.
PAGE 299
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 6.2.1.7 set spantree msti Use this command to create or delete a Multiple Spanning Tree instance. set spantree msti sid {create | delete} Syntax Description sid Sets the Multiple Spanning Tree ID. Valid values are 1 4094. NOTE: Matrix E1 devices will support up to 16 MST instances. create | delete Creates or deletes an MST instance. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 300
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters Command Type Switch command. Command Mode Read-Write. Example This example shows how to delete all MST instances: Matrix>clear spantree msti 6.2.1.9 show spantree mstmap Use this command to display the mapping of a range of filtering database IDs (FIDs) to Spanning Trees. Since VLANs are mapped to FIDs, this shows to which SID a VLAN is mapped.
PAGE 301
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters Example This example shows how to display SID to FID mapping information for FIDs 1 through 8. In this case, no new mappings have been configured: Matrix>show spantree mstmap 1 8 FID: 1 2 3 4 5 6 7 8 SID: 0 0 0 0 0 0 0 0 6.2.1.10 set spantree mstmap Use this command to map a filtering database ID (FID) to a SID. Since VLANs are mapped to FIDs, this essentially maps a Spanning Tree SID to a VLAN ID.
PAGE 302
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters Example This example shows how to map FID 3 to SID 2. This effectively maps VLAN 3 to Spanning Tree 2: Matrix>set spantree mstmap 3 2 6.2.1.11 clear spantree mstmap Use this command to map a FID back to SID 0. clear spantree mstmap [fid_num] Syntax Description fid_num (Optional) Resets the mapping of a specific FID.
PAGE 303
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters Syntax Description sid Specifies a Multiple Spanning Tree ID. Valid values are 1 4094, and must correspond to a SID created using the set spantree msti command as described in Section 6.2.1.7. Command Defaults None. Command Type Switch command. Command Mode Read-Only. Example This example shows how to display the VLAN(s) mapped to Spanning Tree 1. In this case, VLANs 2, 16 and 42 are mapped to SID 1.
PAGE 304
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters Command Mode Read-Only. Example This example shows how to display the MST configuration identifier elements. In this case, the default revision level of 0, and the default configuration name (a string representing the bridge MAC address) have not been changed. For information on using the set spantree mstcfgid command to change these settings, refer to Section 6.2.1.
PAGE 305
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 6.2.1.15 clear spantree mstcfgid Use this command to reset the MST revision level to a default value of 0, and the configuration name to a default string representing the bridge MAC address. clear spantree mstcfgid Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 306
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters Command Type Switch command. Command Mode Read-Write. Example This example shows how to set the bridge priority for SID 6 to 4096: Matrix>set spantree priority 4096 6 6.2.1.17 clear spantree priority Use this command to reset the bridge priority to the default value of 32768. clear spantree priority [sid] Syntax Description sid (Optional) Resets the bridge priority for a specific Spanning Tree.
PAGE 307
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 6.2.1.18 show spantree bridgehellomode Use this command to display the status of bridge hello mode on the device. When enabled, a single bridge administrative hello time is being used. When disabled, per-port administrative hello times are being used. show spantree bridgehellomode Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only.
PAGE 308
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters Command Type Switch command. Command Mode Read-Write. Example This example shows how to disable single Spanning Tree hello mode on the device. Per-port hello times can now be configured using the set spantree hellomode command as described in Section 6.2.1.21: Matrix>set spantree bridgehellomode disable 6.2.1.
PAGE 309
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters Syntax Description interval Specifies the number of seconds the system waits before broadcasting a bridge hello message (a multicast message indicating that the system is active). Valid values are 1 - 10. port-string (Optional) Sets the hello time for specific port(s). NOTE: Port-string cannot be specified if bridge hello mode is enabled.
PAGE 310
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters Syntax Description port-string (Optional) Resets the hello time for specific port(s). NOTE: Port-string cannot be specified if bridge hello mode is enabled. For information on using the set spantree bridgehellomode command, refer to Section 6.2.1.19. Command Defaults If bridge mode is disabled, a port-string is required to reset all ports.
PAGE 311
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters Syntax Description agingtime Specifies the maximum number of seconds that the system retains the information received from other bridges through STP. Valid values are 6 - 40. Command Defaults None. Command Type Switch command. Command Mode Read-Write. Example This example shows how to set the maximum aging time to 25 seconds: Matrix>set spantree maxage 25 6.2.1.
PAGE 312
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters Example This example shows how to reset the bridge maximum aging time: Matrix>clear spantree maxage 6.2.1.25 set spantree fwddelay Use this command to set the Spanning Tree forward delay. This is the maximum time (in seconds) the root device will wait before changing states (i.e., listening to learning to forwarding).
PAGE 313
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters Command Defaults None. Command Type Switch command. Command Mode Read-Write. Example This example shows how to reset the bridge forward delay to 15 seconds: Matrix>clear spantree fwddelay 6.2.1.27 show spantree autoedge Use this command to display the status of automatic edge port detection. show spantree autoedge Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only.
PAGE 314
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 6.2.1.28 set spantree autoedge Use this command to enable or disable the automatic edge port detection function. set spantree autoedge {disable | enable} Syntax Description disable | enable Disables or enables automatic edge port detection. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 315
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters Example This example shows how to reset automatic edge port detection to enabled: Matrix>clear spantree autoedge 6.2.1.30 show spantree legacypathcost Use this command to display the status of the legacy (802.1D) path cost setting. show spantree legacypathcost Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only.
PAGE 316
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters Command Type Switch command. Command Mode Read-Write. Example This example shows how to set the default path cost values to 802.1D: Matrix>set spantree legacypathcost enable 6.2.1.32 clear spantree legacypathcost Use this command to reset path cost to 802.1D values. clear spantree legacypathcost Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 317
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only. Example This example shows how to display the status of topology change trap suppression: Matrix>show spantree tctrapsuppress Topology change trap suppression is currently enabled. 6.2.1.
PAGE 318
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters Command Mode Read-Write. Example This example shows how to allow Spanning Tree edge ports to transmit topology change traps: Matrix>set spantree tctrapsuppress disable 6.2.1.35 clear spantree tctrapsuppress Use this command to clear topology change trap suppression settings. clear spantree tctrapsuppress Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 319
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters Command Type Switch command. Command Mode Read-Only. Example This example shows how to display the transmit hold count setting: Matrix>show spantree txholdcount Tx hold count = 3. 6.2.1.37 set spantree txholdcount Use this command to set the maximum BPDU transmission rate. This is the number of BPDUs which will be transmitted before transmissions are subject to a one-second timer.
PAGE 320
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 6.2.1.38 clear spantree txholdcount Use this command to reset the transmit hold count to the default value of 3. clear spantree txholdcount Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Write. Example This example shows how to reset the transmit hold count to 3: Matrix>clear spantree txholdcount 6.2.1.
PAGE 321
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters Command Mode Read-Write. Example This example shows how to set the maximum hop count to 40: Matrix>set spantree maxhops 40 6.2.1.40 clear spantree maxhops Use this command to reset the maximum hop count to the default value of 20. clear spantree maxhops Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 322
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Port Parameters 6.2.2 Reviewing and Setting Spanning Tree Port Parameters Purpose To display and set Spanning Tree port parameters, including enabling or disabling the Spanning Tree algorithm on one or more ports, displaying blocked ports, displaying and setting Spanning Tree port priorities and costs, configuring edge port parameters, configuring the span guard function, and setting point-to-point protocol mode.
PAGE 323
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Port Parameters • clear spantree spanguardtimeout (Section 6.2.2.19) • show spantree spanguardlock (Section 6.2.2.20) • clear spantree spanguardlock (Section 6.2.2.21) • show spantree spanguardtrapenable (Section 6.2.2.22) • set spantree spanguardtrapenable (Section 6.2.2.23) • clear spantree spanguardtrapenable (Section 6.2.2.24) • show spantree adminpoint (Section 6.2.2.25) • set spantree adminpoint (Section 6.2.2.
PAGE 324
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Port Parameters Example This example shows how to show Spanning Tree status for all Gigabit Ethernet ports: Matrix>show spantree portadmin Port ge.0.1 has portadmin set Port ge.0.2 has portadmin set Port ge.0.3 has portadmin set Port ge.0.4 has portadmin set Port ge.0.5 has portadmin set Port ge.0.6 has portadmin set 6.2.2.2 ge.*.* to enabled. to enabled. to enabled. to enabled. to enabled. to enabled.
PAGE 325
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Port Parameters 6.2.2.3 clear spantree portadmin Use this command to reset the default Spanning Tree admin status to enable on one or more ports. clear spantree portadmin [port-string] Syntax Description port-string (Optional) Resets status to enable on specific port(s). For a detailed description of possible port-string values, refer to Section 4.1.2.
PAGE 326
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Port Parameters Command Type Switch command. Command Mode Read-Only. Example This example shows how to display the blocked ports in SID 1: Matrix>show spantree blockedports 1 Port ge.0.1 in Blocking State. Port ge.0.2 in Blocking State. Port ge.0.3 in Blocking State. Port ge.0.4 in Blocking State. Port ge.0.5 in Blocking State. Number of blocked ports in SID 1: 5 6.2.2.
PAGE 327
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Port Parameters Example This example shows how to display the port priority for Fast Ethernet front panel port 3: Matrix>show spantree portpri fe.0.3 port priority = 128 for port fe.0.3 6.2.2.6 set spantree portpri Use this command to set a port’s priority for use in the Spanning Tree algorithm (STA). set spantree portpri port-string priority [sid] NOTE: Path cost (set spantree portcost) takes precedence over port priority.
PAGE 328
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Port Parameters 6.2.2.7 clear spantree portpri Use this command to reset the bridge priority of a Spanning Tree port to the default value of 128. clear spantree portpri [port-string] [sid] Syntax Description port-string (Optional) Resets the priority for specific port(s). For a detailed description of possible port-string values, refer to Section 4.1.2. sid (Optional) Resets the port priority for a specific SID.
PAGE 329
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Port Parameters 6.2.2.8 show spantree portcost Use this command to display cost values assigned to one or more Spanning Tree ports. show spantree portcost port-string [sid] Syntax Description port-string Specifies the port(s) for which to display cost values. For a detailed description of possible port-string values, refer to Section 4.1.2. sid (Optional) Displays cost values for a specific SID.
PAGE 330
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Port Parameters Syntax Description port-string Specifies the port(s) to which to assign a cost value. For a detailed description of possible port-string values, refer to Section 4.1.2. cost Specifies a cost value. Ranges are: • 0 to 65535 with legacy path cost enabled. • 0 to 200000000 with legacy path cost disabled. NOTES: A cost value of 0 will allow a port’s default cost, which is based on link speed, to be used.
PAGE 331
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Port Parameters 6.2.2.10 clear spantree portcost Use this command to reset the path cost for a Spanning Tree or port to the default value of 0, allowing for path cost to be determined dynamically based on port speed. clear spantree portcost [port-string] [sid] Syntax Description port-string (Optional) Resets the path cost for specific port(s). For a detailed description of possible port-string values, refer to Section 4.1.2.
PAGE 332
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Port Parameters Syntax Description port-string Specifies the port(s) for which to display edge port administrative status. For a detailed description of possible port-string values, refer to Section 4.1.2. Command Defaults None. Command Type Switch command. Command Mode Read-Only. Example This example shows how to display the edge port status for Fast Ethernet front panel port 3: Matrix>show spantree adminedge fe.0.
PAGE 333
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Port Parameters Command Mode Read-Write. Example This example shows how to set Fast Ethernet front panel port 11 as an edge port: Matrix>set spantree adminedge fe.0.11 true 6.2.2.13 clear spantree adminedge Use this command to reset the edge port status for one or more Spanning Tree ports to the default value of false.
PAGE 334
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Port Parameters Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only. Example This example shows how to display the span guard function status: Matrix>show spantree spanguard spanguard is currently disabled. 6.2.2.15 set spantree spanguard Use this command to enable or disable the Spanning Tree span guard function.
PAGE 335
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Port Parameters Example This example shows how to enable the span guard function: Matrix>set spantree spanguard enable 6.2.2.16 clear spantree spanguard Use this command to resets the status of the Spanning Tree span guard function to disabled. clear spantree spanguard Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 336
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Port Parameters Command Mode Read-Only. Example This example shows how to display the span guard timeout setting: Matrix>show spantree spanguardtimeout spanguard timeout is set at 300 seconds. 6.2.2.18 set spantree spanguardtimeout Use this command to set the amount of time (in seconds) an edge port will remain locked by the span guard function.
PAGE 337
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Port Parameters Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Write. Example This example shows how to reset the span guard timeout to 300 seconds: Matrix>clear spantree spanguardtimeout 6.2.2.20 show spantree spanguardlock Use this command to display the span guard lock status of one or more ports.
PAGE 338
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Port Parameters Example This example shows how to display the span guard lock status for Gigabit Ethernet front panel port 1: Matrix>show spantree spanguardlock ge.0.1 spanguard status for port ge.0.1 is UNLOCKED. 6.2.2.21 clear spantree spanguardlock Use this command to unlock one or more ports locked by the Spanning Tree span guard function.
PAGE 339
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Port Parameters Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only. Example This example shows how to display the state of the span guard trap function: Matrix>show spantree spanguardtrapenable spanguard traps are enabled 6.2.2.
PAGE 340
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Port Parameters 6.2.2.24 clear spantree spanguardtrapenable Use this command to reset the Spanning Tree span guard trap function back to the default state of disabled. clear spantree spanguardtrapenable Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Write. Example This example shows how to reset the span guard trap function to disabled: Matrix>clear spantree spanguardtrapenable 6.2.
PAGE 341
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Port Parameters Command Mode Read-Only. Example This example shows how to display the point-to-point status of the LAN segment attached to Fast Ethernet front panel port 3: Matrix>show spantree adminpoint fe.0.3 admin point-to-point = AUTO for port fe.0.3 6.2.2.26 set spantree adminpoint Use this command to set the administrative point-to-point status of the LAN segment attached to a Spanning Tree port.
PAGE 342
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Port Parameters Example This example shows how to set the LAN attached to Fast Ethernet front panel port 3 as a point-to-point segment: Matrix>set spantree adminpoint fe.0.3 true 6.2.2.27 clear spantree adminpoint Use this command to resets the point-to-point admin status to “auto” on one or more ports.
PAGE 343
7 802.1Q VLAN Configuration This chapter describes the VLAN configuration capabilities of the Matrix E1 device and how to use them to determine status, to add, change, or delete VLANs; assign ports to those VLANs, to classify frames to VLANs, to create a secure management VLAN, and configure the device for GVRP operation. The device can support up to 1024 802.1Q VLANs. The allowable range for VLANs is 2 to 4094. As a default, all ports on the device are assigned to VLAN ID 1, untagged. 7.
PAGE 344
Process Overview: 802.1Q VLAN Configuration Port String Syntax Used in the CLI 7.2 PROCESS OVERVIEW: 802.1Q VLAN CONFIGURATION Use the following steps as a guide to configure VLANs on the device (refer to the associated section in parentheses): 1. Review existing VLANs (Section 7.3.1) 2. Create and name VLANs (Section 7.3.2) 3. Assign port VLAN IDs and Ingress Filtering (Section 7.3.3) 4. Configure VLAN Egress (Section 7.3.4) 5. Assign VLANs according to classification rules (Section 7.3.5) 6.
PAGE 345
VLAN Configuration Command Set Reviewing Existing VLANs 7.3 VLAN CONFIGURATION COMMAND SET 7.3.1 Reviewing Existing VLANs Purpose To see a list of the current VLANs configured on the device, their VLAN type, the VLAN attributes related to one or more ports, and the ports on a VLAN egress list. The device uses the VLAN egress list to keep track of all VLANs that it will recognize. Depending on the command used, you can see a list of all VLANs (dynamic and static) or just the static VLANs.
PAGE 346
VLAN Configuration Command Set Reviewing Existing VLANs Syntax Description detail (Optional) Displays detailed attributes of one or more VLANs. vlan-list | vlan-name (Optional) Displays information for specific VLAN(s). For VLAN name to display, it must first be set using the set vlan name command. For details, refer to Section 7.3.2.2. Command Defaults • If detail is not specified, summary information will be displayed.
PAGE 347
VLAN Configuration Command Set Reviewing Existing VLANs in VLAN 7 port egress list and are configured to transmit frames tagged as VLAN 7 frames. There are no VLAN 7 forbidden ports: Matrix>show vlan 7 VLAN: 7 Name: green Egress Ports fe.0.5-10, fe.0.12, fe.0.30 Forbidden Egress Ports None Untagged Ports None Status: enabled This example shows how to display detailed attributes of all VLANs known to the device.
PAGE 348
VLAN Configuration Command Set Reviewing Existing VLANs 7.3.1.2 show vlan static Use this command to display all information related to a specific static VLAN or all static VLANs known to the device. Static VLANs are those VLANs that you have manually created using this command set, SNMP MIBs, or the WebView management application. show vlan static [vlan-list | vlan-name] Syntax Description vlan-list | vlan-name (Optional) Displays specific VLAN(s).
PAGE 349
VLAN Configuration Command Set Reviewing Existing VLANs 7.3.1.3 show vlan portinfo Use this command to display VLAN attributes related to one or more ports. show vlan portinfo [vlan vlan-list | vlan-name] [port port-string] Syntax Description vlan vlan-list | vlan-name (Optional) Displays specific VLAN(s). For VLAN name to display, it must first be set using the set vlan name command. For details, refer to Section 7.3.2.2. port port-string (Optional) Displays the VLAN list for specific port(s).
PAGE 350
VLAN Configuration Command Set Reviewing Existing VLANs Example This example shows how to display VLAN information related to all Gigabit Ethernet ports. In this case, all six ports ge.0.1-5 are still assigned to VLAN 1, the default VLAN. Ingress filtering has not been enabled. Ports ge.0.1-5 are assigned to transmit untagged frames for the default VLAN only, while, port ge.0.6 is also configured to transmit tagged frames for VLANs 510, 520, 530, 4000 and 4094: Matrix>show vlan portinfo ge*.
PAGE 351
VLAN Configuration Command Set Creating and Naming Static VLANs 7.3.2 Creating and Naming Static VLANs Purpose To create a new static VLAN, or enable/disable the new or other existing static VLANs. Commands The commands needed to establish new or remove VLANs are listed below and described in the associated section as shown. • set vlan (Section 7.3.2.1) • set vlan name (Section 7.3.2.2) • clear vlan (Section 7.3.2.3) • clear vlan name (Section 7.3.2.4) 7.3.2.
PAGE 352
VLAN Configuration Command Set Creating and Naming Static VLANs Command Type Switch command. Command Mode Read-Write. Command Alternative (v2.05.xx and previous) set vlan vlan-list {create | enable | disable} Examples This example shows how to create VLAN 3: Matrix>set vlan create 3 This example shows how to disable VLAN 3: Matrix>set vlan disable 3 7.3.2.2 set vlan name Use this command to set the ASCII name for a new or existing VLAN.
PAGE 353
VLAN Configuration Command Set Creating and Naming Static VLANs Example This example shows how to set the name for VLAN 7 to green: Matrix>set vlan name 7 green 7.3.2.3 clear vlan Use this command to remove one or more static VLANs from the list of VLANs recognized by the device. clear vlan vlan-list Syntax Description vlan-list Specifies the VLAN(s) to be removed. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 354
VLAN Configuration Command Set Creating and Naming Static VLANs 7.3.2.4 clear vlan name Use this command to remove the name of a VLAN from the VLAN list. clear vlan name vlan-id Syntax Description vlan-id Specifies the number of the VLAN associated with the VLAN name to be cleared. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 355
VLAN Configuration Command Set Assigning Port VLAN IDs (PVIDs) and Ingress Filtering 7.3.3 Assigning Port VLAN IDs (PVIDs) and Ingress Filtering Purpose To assign default VLAN IDs to untagged frames on one or more ports. Using set port vlan you can, for example, assign ports 1, 5, 8, and 9 to VLAN 3. Untagged frames received on those ports will be assigned to VLAN 3. (By default, all ports are members of VLAN ID 1, the default VLAN.
PAGE 356
VLAN Configuration Command Set Assigning Port VLAN IDs (PVIDs) and Ingress Filtering Command Mode Read-Only. Example This example shows how to display port VLAN lists for Fast Ethernet front panel ports 1 through 5. It shows they are on the port VLAN list of VLAN 1: Matrix>show port Port fe.0.1 has Port fe.0.2 has Port fe.0.3 has Port fe.0.4 has Port fe.0.5 has 7.3.3.2 vlan fe.0.1-5 a port VLAN ID a port VLAN ID a port VLAN ID a port VLAN ID a port VLAN ID of of of of of 1. 1. 1. 1. 1.
PAGE 357
VLAN Configuration Command Set Assigning Port VLAN IDs (PVIDs) and Ingress Filtering Example This example shows how to add Fast Ethernet front panel port 10 to the port VLAN list of VLAN 4 (PVID 4). It also shows how port fe.0.10 is added to that VLAN’s untagged egress list: Matrix>set port vlan fe.0.10 4 The PVID is used to classify untagged frames as they ingress into a given port.
PAGE 358
VLAN Configuration Command Set Assigning Port VLAN IDs (PVIDs) and Ingress Filtering 7.3.3.4 show port ingress filter Use this command to show all ports that are enabled for port ingress filtering, which limits incoming VLAN ID frames according to a port VLAN egress list. If the port is not on the port VLAN egress list of the VLAN ID indicated in the incoming frame, then that frame is dropped and not forwarded.
PAGE 359
VLAN Configuration Command Set Assigning Port VLAN IDs (PVIDs) and Ingress Filtering 7.3.3.5 set port ingress filter Use this command to limit the forwarding of received VLAN tagged frames on a port to the frames with VLAN IDs that match that port’s membership on port VLAN egress lists. When ingress filtering on a port is enabled, the VLAN IDs of incoming frames on a received port are compared to the received ports on the egress list of that VLAN.
PAGE 360
VLAN Configuration Command Set Configuring the VLAN Egress List 7.3.4 Configuring the VLAN Egress List Purpose To assign or remove ports on the VLAN egress list for the device. This determines which ports will transmit frames of a particular VLAN. For example, ports 1, 5, 9, 8 could be assigned to transmit frames with VLAN ID=5. The port egress type for all ports defaults to tagging transmitted frames, but can be changed to forbidden or untagged.
PAGE 361
VLAN Configuration Command Set Configuring the VLAN Egress List Syntax Description vlan-id Specifies the VLAN for which to set forbidden port(s). port-string Specifies the port(s) to set as forbidden for the specified vlan-id. For a detailed description of possible port-string values, refer to Section 4.1.2. Command Defaults None. Command Type Switch command. Command Mode Read-Write. Example This example shows you how to set Fast Ethernet port 3 to forbidden for VLAN 6: Matrix>set vlan forbidden 6 fe.
PAGE 362
VLAN Configuration Command Set Configuring the VLAN Egress List Example This example shows you how to show VLAN egress information for front panel Fast Ethernet ports 1 through 3. In this case, all three ports are allowed to transmit VLAN 1 frames as tagged and VLAN 10 frames as untagged. Both are static VLANs: Matrix>show port egress fe.0.1-3 Port Vlan Egress Registration Number Id Status Status ------------------------------------------------------fe.0.1 1 tagged static fe.0.1 10 untagged static fe.0.
PAGE 363
VLAN Configuration Command Set Configuring the VLAN Egress List Command Mode Read-Write. Example This example shows how to add front panel Fast Ethernet ports 5 through 10 to the egress list of VLAN 7. This means that these ports will transmit VLAN 7 frames: Matrix>set vlan egress 7 fe.0.5-10 7.3.4.4 clear vlan egress Use this command to remove ports from one or more VLAN egress lists.
PAGE 364
VLAN Configuration Command Set Configuring the VLAN Egress List This example shows how to remove all Fast Ethernet ports on expansion module 2 from the egress list of VLAN 4: Matrix>clear vlan egress 4 fe.2.* 7.3.4.5 show vlan dynamic egress Use this command to display which VLANs are currently enabled for VLAN dynamic egress. show vlan dynamicegress [vlan-id | vlan-name] Syntax Description vlan-id | vlan-name (Optional) Displays dynamic egress status for a specific VLAN ID or VLAN name.
PAGE 365
VLAN Configuration Command Set Configuring the VLAN Egress List 7.3.4.6 set vlan dynamicegress Use this command to set the administrative status of the VLAN’s dynamic capability. If VLAN dynamic egress is enabled, the device will add the port receiving a tagged frame to the VLAN egress list of the port according to the frame VLAN ID. If the VLAN does not exist, it is created.
PAGE 366
VLAN Configuration Command Set Assigning VLANs According to Classification Rules 7.3.5 Assigning VLANs According to Classification Rules Important Notice In addition to the commands described in this section, Matrix E1 (1G58x-09 and 1H582-xx) devices with firmware versions 2.05.xx and higher also support policy profile-based classification to a VLAN or Class of Service.
PAGE 367
VLAN Configuration Command Set Assigning VLANs According to Classification Rules Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only. Command Alternative (v2.05.xx and higher) show policy class (Section 8.3.2.1) Example This example shows that the VLAN classification function is enabled, and that two VLAN classifications have been configured on the device: Matrix>show vlan classification VLAN Classification enabled.
PAGE 368
VLAN Configuration Command Set Assigning VLANs According to Classification Rules set vlan classification vlan-id data_meaning data_value [data_mask] {create | enable | disable} Syntax Description vlan-id Specifies the number of the VLAN on which to apply the classification rule. Valid values and associated actions are: • • • • 7-26 4095: permits these frames to forward on all VLANs. 0: denies and discards these frames for all VLANs. 1: classifies these frames the default VLAN.
PAGE 369
VLAN Configuration Command Set Assigning VLANs According to Classification Rules create | enable | disable create - Creates a new classification rule that will be applied to the vlan-id. enable - If a classification rule is not entered in this command, this entry enables the global classifier in the device so that VLAN classification rules may be implemented. NOTE: Classification rules are automatically enabled when created.
PAGE 370
VLAN Configuration Command Set Assigning VLANs According to Classification Rules Examples This example shows how to • enable the global classifier so that VLAN classification rules may be implemented, • use Table 7-1 to create (and enable) a classification rule for classifying Ethernet II Type IP frames to VLAN 7: Matrix>set vlan classification enable Matrix>set vlan classification 7 ethernet-II-type ip create This example shows how to use Table 7-2 to disable a VLAN 5 classification rule for filtering o
PAGE 371
VLAN Configuration Command Set Assigning VLANs According to Classification Rules Table 7-1 Valid Values for VLAN Classification data_meaning keywords Ethernet-II-Type data_value keywords (value applied) • • • • • • • 05F6 - FFFF (valid range) AppleTalk (809B) Banyan-Vines (0BAD) DECNET (6003) IP (0800 and 0806) IPX (8137) RARP (8035) data_ mask Not applicable. NOTES: The Matrix E1 allows the use of 3 user defined Ethernet II Type values for classification into a VLAN.
PAGE 372
VLAN Configuration Command Set Assigning VLANs According to Classification Rules Table 7-2 Valid Values for VLAN Frame Filtering (Continued) IP-Protocol-Type • • • • • • IPX-COS (Class of Service) Integer (0 - 255) Not applicable. IPX-Packet-Type • • • • • • 0 = Hello-or-SAP 1 = RIP 2 = Echo-Packet 3 = Error-Packet 4 = Netware-386-or-SAP 5 = Sequenced-PacketProtocol • 16 - 31 = Experimental Protocols • 17 = Netware-286 Not applicable.
PAGE 373
VLAN Configuration Command Set Assigning VLANs According to Classification Rules Table 7-2 Valid Values for VLAN Frame Filtering (Continued) UDP Port Group: Src-UDP-Port Dest-UDP-Port Bil-UDP-Port • • • • • • • • • • • • • • • • • • Integer (0 - 65535) BootP-Client BootP-Server DNS FTP FTP-Data HTTP IMAP2 IMAP3 Netbios-Datagram Netbios-Name-Server Netbios-Sess-Server POP3 RIP Smart-Voice-Gateway SMTP Telnet TFTP Not applicable.
PAGE 374
VLAN Configuration Command Set Assigning VLANs According to Classification Rules Table 7-2 Valid Values for VLAN Frame Filtering (Continued) MAC Address Group: Src-MAC-Address MAC Address: 00-00-00-00-00-00 Data mask bits Lower boundary of port range: (0 - 65535) Upper boundary of port range: (0 - 65535) Lower boundary of port range: 0 - 65535 Upper boundary of port range: 0 - 65535 Dest-MAC-Address Bil-MAC-Address UDP Range Group: Src-UDP-Range Dest-UDP-Range Bil-UDP-Range TCP Range Group: Src-TC
PAGE 375
VLAN Configuration Command Set Assigning VLANs According to Classification Rules Table 7-3 Classification Precedence Default Precedence Level Classification Type (IP) 802.
PAGE 376
VLAN Configuration Command Set Assigning VLANs According to Classification Rules Table 7-3 Classification Precedence (Continued) IPX Class of Service 8 IPX Type 9 Protocol Type (Ether Type or DSAP/SSAP) 10 Receive Port 11 7.3.5.5 clear vlan classification Use this command to clear a VLAN classification entry. clear vlan classification vlan-id data_meaning data _value [data_mask] Syntax Description vlan-id Specifies the number of the VLAN associated with the classification to be cleared.
PAGE 377
VLAN Configuration Command Set Assigning VLANs According to Classification Rules Command Alternative (v2.05.xx and higher) clear policy class (Section 8.3.2.4) Example This example shows how to clear the Ethernet II Type IP classification rule associated with VLAN 7: Matrix>clear vlan classification 7 ethernet-II-type ip 7.3.5.6 set vlan classification ingress Use this command to add ports to a VLAN classification rule. Ports added will now be active for this rule.
PAGE 378
VLAN Configuration Command Set Assigning VLANs According to Classification Rules Command Type Switch command. Command Mode Read-Write. Command Alternative (v2.05.xx and higher) set policy port (Section 8.3.3.2) Examples This example shows how to assign IP traffic received on Fast Ethernet front panel ports 5 through 15 to the IP VLAN (VLAN 7): Matrix>set vlan classification ingress 7 fe.0.
PAGE 379
VLAN Configuration Command Set Assigning VLANs According to Classification Rules Syntax Description vlan-id Specifies the number of the VLAN to remove from the classification rule. port-string Specifies the port(s) to remove from the classification rule. For a detailed description of possible port-string values, refer to Section 4.1.2. data_meaning Specifies the data_meaning for the parameter used to classify or filter frames.
PAGE 380
VLAN Configuration Command Set Setting the Host VLAN 7.3.6 Setting the Host VLAN Purpose To configure a host VLAN that only select devices are allowed to access. This secures the host port for management-only tasks. NOTE: The host port is the management entity of the device. Commands The commands needed to configure host VLANs are listed below and described in the associated section as shown. • show host vlan (Section 7.3.6.1) • set port vlan host (Section 7.3.6.2) • clear host vlan (Section 7.3.6.
PAGE 381
VLAN Configuration Command Set Setting the Host VLAN Example This example shows how to display the host VLAN: Matrix>show host vlan Host vlan is 7. 7.3.6.2 set port vlan host Use this command to assign host status to a VLAN. The host VLAN should be a secure VLAN where only designated users are allowed access. For example, a host VLAN could be specifically created for device management.
PAGE 382
VLAN Configuration Command Set Setting the Host VLAN Example This example shows how to set VLAN 7 as the host VLAN: Matrix>set port vlan host 7 7.3.6.3 clear host vlan Use this command to reset the host VLAN to the default setting of 1. clear host vlan Syntax Description None. Command Defaults None. Command Type Switch Command. Command Mode Read-Write.
PAGE 383
VLAN Configuration Command Set Creating a Secure Management VLAN 7.3.7 Creating a Secure Management VLAN If the Matrix E1 is to be configured for multiple VLANs, it may be desirable to configure a management-only VLAN. This allows a station connected to the management VLAN to manage all ports on the device. It also makes management secure by preventing configuration via ports assigned to other VLANs. To create a secure management VLAN, you must: 1. Create and name a new VLAN. (Section 7.3.2) 2.
PAGE 384
VLAN Configuration Command Set Enabling/Disabling GVRP (GARP VLAN Registration Protocol) 7.3.8 Enabling/Disabling GVRP (GARP VLAN Registration Protocol) Purpose To dynamically create VLANs across a switched network. The GVRP command set is used to display GVRP configuration information, the current global GVRP state setting, individual port settings (enable or disable) and timer settings. By default, GVRP is enabled on all ports.
PAGE 385
VLAN Configuration Command Set Enabling/Disabling GVRP (GARP VLAN Registration Protocol) Figure 7-1 Example of VLAN Propagation via GVRP Switch 3 Switch 2 1H152-51 1H152-51 2 4 6 8 10 12 14 16 18 20 22 24 26 28 30 32 34 36 38 40 42 44 46 48 1 3 5 7 9 11 13 15 17 19 21 23 25 27 29 31 33 35 37 39 41 43 45 47 2 4 6 8 10 12 14 16 18 20 22 24 26 28 30 32 34 36 38 40 42 44 46 48 1 3 5 7 9 11 13 15 17 19 21 23 25 27 29 31
PAGE 386
VLAN Configuration Command Set Enabling/Disabling GVRP (GARP VLAN Registration Protocol) • set gvrp (Section 7.3.8.3) • set garp timer (Section 7.3.8.4) 7.3.8.1 show gvrp Use this command to display GVRP status. show gvrp [port-string] Syntax Description port-string (Optional) Displays GVRP configuration information for specific port(s). For a detailed description of possible port-string values, refer to Section 4.1.2.
PAGE 387
VLAN Configuration Command Set Enabling/Disabling GVRP (GARP VLAN Registration Protocol) 7.3.8.2 show garp timer Use this command to display GARP timer values set for one or more ports. show garp timer [port-string] Syntax Description port-string (Optional) Displays GARP timer information for specific port(s). For a detailed description of possible port-string values, refer to Section 4.1.2. Command Defaults If port-string is not specified, GARP timer information will be displayed for all ports.
PAGE 388
VLAN Configuration Command Set Enabling/Disabling GVRP (GARP VLAN Registration Protocol) Matrix>show garp timer fe.0.1-10 Port based GARP Configuration: (Timer units are centiseconds) Port Number Join Leave Leaveall ----------- ---------- ---------- ---------fe.0.1 20 60 1000 fe.0.2 20 60 1000 fe.0.3 20 60 1000 fe.0.4 20 60 1000 fe.0.5 20 60 1000 fe.0.6 20 60 1000 fe.0.7 20 60 1000 fe.0.8 20 60 1000 fe.0.9 20 60 1000 fe.0.10 20 60 1000 Table 7-5 provides an explanation of the command output.
PAGE 389
VLAN Configuration Command Set Enabling/Disabling GVRP (GARP VLAN Registration Protocol) 7.3.8.3 set gvrp Use this command to enable or disable GVRP globally on the device or on one or more ports. set gvrp {disable | enable} [port-string] Syntax Description disable | enable Disables or enables GVRP on the device. port-string (Optional) Disables or enables GVRP on specific port(s). For a detailed description of possible port-string values, refer to Section 4.1.2.
PAGE 390
VLAN Configuration Command Set Enabling/Disabling GVRP (GARP VLAN Registration Protocol) 7.3.8.4 set garp timer Use this command to adjust the values of the join, leave, and leaveall timers. set garp timer {[join timer_value] [leave timer_value] [leaveall timer_value]} port-string NOTE: The setting of these timers is critical and should only be changed by personnel familiar with the 802.1Q standards documentation, which is not supplied with this device.
PAGE 391
VLAN Configuration Command Set Enabling/Disabling GVRP (GARP VLAN Registration Protocol) This example shows how to set the leave timer value to 300 centiseconds for all the ports on all the VLANs: Matrix>set garp timer leave 300 This example shows how to set the leaveall timer value to 20000 centiseconds for all the ports on all the VLANs: Matrix>set garp timer leaveall 20000 Matrix E1 Series (1G58x-09 and 1H582-xx) Configuration Guide 7-49
PAGE 392
VLAN Configuration Command Set Enabling/Disabling GVRP (GARP VLAN Registration Protocol) 7-50 Matrix E1 Series (1G58x-09 and 1H582-xx) Configuration Guide
PAGE 393
8 Policy Classification Configuration This chapter describes the Policy Classification set of commands and how to use them. NOTE: It is recommended that you use Enterasys Networks NetSight Atlas Policy Manager as an alternative to CLI for configuring policy classification on Matrix E1 Series devices. 8.
PAGE 394
Policy Classification Configuration Command Set Configuring Policy Profiles 8.3 POLICY CLASSIFICATION CONFIGURATION COMMAND SET 8.3.1 Configuring Policy Profiles Purpose To review, create, change and remove user profiles that relate to business-driven policies for managing network resources. Commands The commands used to review and configure policy profiles are listed below and described in the associated section as shown. • show policy profile (Section 8.3.1.1) • set policy profile (Section 8.3.1.
PAGE 395
Policy Classification Configuration Command Set Configuring Policy Profiles Command Mode Read-Only. Example This example shows how to display policy information for profile 1, which is named “netadmin”. This profile is currently active and has PVID and COS override functions disabled: Matrix>show policy Profile Index : Profile Name : Row Status : Port Vid Status : Port Vid : COS Status : COS : SummaryAdminId : SummaryOperId : profile 1 1 netadmin Active Enabled 1 Disabled 0 fe.0.1 fe.0.
PAGE 396
Policy Classification Configuration Command Set Configuring Policy Profiles 8.3.1.2 set policy profile Use this command to create a policy profile entry. set policy profile profile-index {[enable | disable] [name enable | disable vlan-id enable | disable cos]} Syntax Description profile-index Specifies an index number for the profile entry. Valid values are 1 to 65535. enable | disable Enables or disables the profile entry. name Specifies a name for the entry.
PAGE 397
Policy Classification Configuration Command Set Configuring Policy Profiles Example This example shows how to enable policy profile 1 named netadmin. VLAN classification is enabled for this policy on VLAN 1 and Class of Service classification is disabled for class 0: Matrix>set policy profile 1 enable netadmin enable 1 disable 0 8.3.1.3 clear policy profile Use this command to delete one or all policy profile entries.
PAGE 398
Policy Classification Configuration Command Set Configuring Policy Profiles Command Defaults None. Command Type Switch command. Command Mode Read-Only. Example This example shows how to display invalid policy action information: Matrix>show policy invalid action Current action on invalid/unknown profile is: Apply default policy Number of invalid/unknown profiles detected: 0 8.3.1.5 set policy invalid action Use this command to assign the action the device will apply to an invalid or unknown policy.
PAGE 399
Policy Classification Configuration Command Set Configuring Policy Profiles Example This example shows how to assign a drop action to invalid policies: Matrix>set policy invalid action drop 8.3.1.6 clear policy invalid action Use this command to reset the action the device will apply to an invalid or unknown policy to the default action of applying the default policy. clear policy invalid action Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 400
Policy Classification Configuration Command Set Assigning Classification Rules to Policy Profiles 8.3.2 Assigning Classification Rules to Policy Profiles Purpose To review, assign and unassign classification rules to user profiles. This maps users to specific policies provisioning business use of network resources. Commands The commands used to review, assign and unassign classification rules to user profiles are listed below and described in the associated section as shown.
PAGE 401
Policy Classification Configuration Command Set Assigning Classification Rules to Policy Profiles Command Type Switch command. Command Mode Read-Only. Example This example shows how to display policy classification information. In this case, there is a policy classification entry number 1 assigned to profile index 1. It classifies Ethernet II (0x600) Type frames to a Class of Service of 0. Currently, port fe.0.1 is active for this rule.
PAGE 402
Policy Classification Configuration Command Set Assigning Classification Rules to Policy Profiles Syntax Description profile-index Specifies a profile index number. Assigned to this classification rule with the set policy profile command (Section 8.3.1.2). Valid values are 1 to 65535. classify-index Specifies a number of the classification rule. Valid values are 1 to 65535. vlan | cos Specifies whether this rule will classify to a VLAN or Class-of-Service.
PAGE 403
Policy Classification Configuration Command Set Assigning Classification Rules to Policy Profiles ipxsource Classifies based on source IPX address. ipxsourcesocket Classifies based on source IPX socket. ipxtype Classifies based on IPX packet type. llc Classifies based on DSAP/SSAP pair in 802.3 type packet. macbil Classifies based on MAC bilateral address. macdest Classifies based on MAC destination address. macsource Classifies based on MAC source address.
PAGE 404
Policy Classification Configuration Command Set Assigning Classification Rules to Policy Profiles Command Mode Read-Write. Examples This example shows how to use Table 8-2 to create (and enable) classification rule number 1.
PAGE 405
Policy Classification Configuration Command Set Assigning Classification Rules to Policy Profiles Table 8-2 Valid Values for Policy Classification (Continued) Classification Parameter data_value data_mask IP Address (Bilateral, Source or Destination): IP Address in dotted decimal format: Data mask bits ipbil ipsource ipdest 000.000.000.
PAGE 406
Policy Classification Configuration Command Set Assigning Classification Rules to Policy Profiles Table 8-2 Valid Values for Policy Classification (Continued) Classification Parameter data_value data_mask MAC Address (Bilateral, Source or Destination): MAC Address: Data mask bits 00-00-00-00-00-00 macbil macsource macdest TCP Port (Bilateral, Source or Destination): TCP Port Number: Not applicable.
PAGE 407
Policy Classification Configuration Command Set Assigning Classification Rules to Policy Profiles 8.3.2.3 Classification Precedence Rules NOTE: It is important that you have a comprehensive understanding of the precedence concept before configuring the switch, as these rules can have a significant impact on the network operation.
PAGE 408
Policy Classification Configuration Command Set Assigning Classification Rules to Policy Profiles Table 8-3 Classification Precedence (Continued) Ethertype Field / DSAP/SSAP Fields 13 VLAN 14 Priority 15 8.3.2.4 clear policy class Use this command to delete one or all policy classification entries. clear policy class profile-index | all Syntax Description profile-index Specifies the profile index number of the policy classification to be deleted. Valid values are 1 to 65535.
PAGE 409
Policy Classification Configuration Command Set Assigning Classification Rules to Policy Profiles 8.3.2.5 show policy maptable Use this command to display policy-to-VLAN mapping information. When VLAN authorization is enabled both globally and for the authenticated port, the policy map table can be used to assign a policy using the VLAN provided in the VLAN tunnel attributes. show policy maptable Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only.
PAGE 410
Policy Classification Configuration Command Set Assigning Classification Rules to Policy Profiles 8.3.2.6 show vlanauthorization Use this command to displays the status of VLAN tunnel attribute processing during policy authentication. show vlanauthorization Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only. Example This example shows how to display the status of VLAN authorization. In this case, it is globally enabled, and enabled on all ports.
PAGE 411
Policy Classification Configuration Command Set Assigning Classification Rules to Policy Profiles 8.3.2.7 set vlanauthorization Use this command to enable or disable VLAN tunnel attribute processing during policy authentication. Disabling this attribute will prevent authenticated VLAN tunnel attributes from being applied, but will not prevent the port from being authenticated.
PAGE 412
Policy Classification Configuration Command Set Assigning Classification Rules to Policy Profiles 8.3.2.8 set policy maptable response Use this command to select which RADIUS attributes to use if both tunnel attributes and a profile filter ID are present. If only one attribute is present, it will be used regardless of this setting.
PAGE 413
Policy Classification Configuration Command Set Assigning Classification Rules to Policy Profiles Command Type Switch command. Command Mode Read-Write. Example This example shows how to clear the policy map table response configuration: Matrix>clear policy maptable response 8.3.2.10 set policy maptable Use this command to map returned VLAN tunnel attributes to a policy profile index. When VLAN authorization is enabled (globally and on ports being authenticated, as described in Section 8.3.2.
PAGE 414
Policy Classification Configuration Command Set Assigning Classification Rules to Policy Profiles Example This example shows how to configure policy profile 6 to authenticate for VLAN 10: Matrix>set policy maptable 10 6 8.3.2.11 clear policy maptable Use this command to clear policy profile mapping to one or more VLANs. clear policy maptable [vlan-list] Syntax Description vlan-list (Optional) Specifies the VLAN(s) for which policy to VLAN mapping will be cleared.
PAGE 415
Policy Classification Configuration Command Set Assigning Ports to Policy Profiles 8.3.3 Assigning Ports to Policy Profiles Purpose To assign and unassign ports to policy profiles, and to display policy information about one or more ports. Commands The commands used to assign ports to policy profiles are listed below and described in the associated section as shown. • show policy port (Section 8.3.3.1) • set policy port (Section 8.3.3.2) • clear policy port (Section 8.3.3.3) 8.3.3.
PAGE 416
Policy Classification Configuration Command Set Assigning Ports to Policy Profiles Example This example shows how to display policy information for Fast Ethernet front panel port 21. In this case, the port is allowed to transmit untagged frames to policy profile 1 based on the classification rules assigned to that policy: Matrix>show policy port fe.0.21 Port AdminId OperId -------------------------fe.0.21 1 1 8.3.3.2 set policy port Use this command to assign ports to a policy profile.
PAGE 417
Policy Classification Configuration Command Set Assigning Ports to Policy Profiles 8.3.3.3 clear policy port Use this command to delete one or all policy port entries. clear policy port port-string | all Syntax Description port-string Specifies the port(s) to remove from a policy profile. For a detailed description of possible port-string values, refer to Section 4.1.2. all Deletes all policy port entries. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 418
Policy Classification Configuration Command Set Assigning Ports to Policy Profiles 8-26 Matrix E1 Series (1G58x-09 and 1H582-xx) Configuration Guide
PAGE 419
9 Port Priority and Classification Configuration This chapter describes the Port Priority, Priority Classification, and Rate Limiting set of commands and how to use them. 9.1 9.1.1 PORT PRIORITY AND CLASSIFICATION CONFIGURATION SUMMARY Priority Important Notice In addition to the commands described in this section, Matrix E1 (1G58x-09 and 1H582-xx) devices with firmware versions 2.05.xx and higher also support policy profile-based classification to a Class of Service or VLAN.
PAGE 420
Port Priority and Classification Configuration Summary Priority Queueing Modes (Algorithms) 9.1.2 Priority Queueing Modes (Algorithms) The transmit queues for each port on the device can be configured with different queueing algorithms, as described in the following subsections. Strict Priority Queueing (SP) SP queueing provides higher priority queues with absolute preferential treatment over low priority queues, which minimizes the queueing delay of frames from the higher queues.
PAGE 421
Port Priority and Classification Configuration Summary Port Classification 9.1.3 Port Classification Port classification is another way to manage network traffic through the device. Port classification allows you to configure one or more device ports to prioritize and forward untagged frames according to a specific protocol type classification rule. By default, when a frame is received that already contains an 802.1Q frame tag, frame classification is not implemented.
PAGE 422
Process Overview: Priority, Classification, And Rate Limiting Configuration Configuring Port Priority 9.2 PROCESS OVERVIEW: PRIORITY, CLASSIFICATION, AND RATE LIMITING CONFIGURATION Use the following steps as a guide to the port priority, QoS, classification, and rate limiting configuration process: 1. Configuring Port Priority (Section 9.3.1) 2. Configuring Priority Queueing (Section 9.3.2) 3. Configuring Quality of Service (QoS) (Section 9.3.3) 4. Configuring Priority Classification (Section 9.3.4) 5.
PAGE 423
Port Priority and Classification Configuration Commands Configuring Port Priority 9.3.1.1 show port priority Use this command to display the 802.1p priority for one or more ports. show port priority [port-string] Syntax Description port-string (Optional) Displays priority information for specific port(s). For a detailed description of possible port-string values, refer to Section 4.1.2. Command Defaults If port-string is not specified, port priority for all ports will be displayed.
PAGE 424
Port Priority and Classification Configuration Commands Configuring Port Priority Syntax Description port-string Specifies the port for which to set priority. For a detailed description of possible port-string values, refer to Section 4.1.2. priority Specifies an 802.1D port priority. Valid values are 0 - 7, with 0 as the lowest priority. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 425
Port Priority and Classification Configuration Commands Configuring Priority to Transmit Queue Mapping Command Type Switch Command. Command Mode Read-Write. Example This example shows how to reset Fast Ethernet front panel port 11 to the default priority: Matrix>clear port priority fe.0.11 9.3.2 Configuring Priority to Transmit Queue Mapping Purpose To do the following: • View the current priority to transmit queue mapping of each port, which includes both physical and virtual ports.
PAGE 426
Port Priority and Classification Configuration Commands Configuring Priority to Transmit Queue Mapping Syntax Description priority (Optional) Displays mapping of transmit queues for a specific priority (0 - 7). Command Defaults If priority is not specified, all priority queue information will be displayed. Command Type Switch command. Command Mode Read-Only. Examples This example shows the type of information provided when you use the show priority queue command.
PAGE 427
Port Priority and Classification Configuration Commands Configuring Priority to Transmit Queue Mapping 9.3.2.2 set priority queue Use this command to map 802.1p priorities to transmit queues. This enables you to change the priority queue (0 -3, with 0 being the lowest priority queue) for each port priority of the selected port. You can apply the new settings to one or more ports.
PAGE 428
Port Priority and Classification Configuration Commands Configuring Priority to Transmit Queue Mapping Example This example shows how to use the set priority queue command to program the device so the priority 5 frames received are transmitted at the lowest transmit priority queue of 0: Matrix>set priority queue 5 0 9-10 Matrix E1 Series (1G58x-09 and 1H582-xx) Configuration Guide
PAGE 429
Port Priority and Classification Configuration Commands Configuring Quality of Service (QoS) 9.3.3 Configuring Quality of Service (QoS) Purpose To configure one or more ports with the following Layer 2 switching features: • Four priority queues on each port. • Programmable scheduling per transmit (Tx) port according to fixed priority, weighted round-robin (in percentage of traffic per queue), or hybrid algorithm.
PAGE 430
Port Priority and Classification Configuration Commands Configuring Quality of Service (QoS) Example This example shows how to display the current algorithm, and queue 1 through 4 weights configured on Fast Ethernet front panel ports 10 through 13: Matrix>show port qos fe.0.10-13 Queue 9.3.3.2 Queue 0 Queue 1 Queue 2 Weight Queue 3 Port Algorithm Weight Weight -------- --------- -------- -------- -------- -------- Weight fe.0.10 WRR 25% 25% 25% 25% fe.0.
PAGE 431
Port Priority and Classification Configuration Commands Configuring Quality of Service (QoS) 9.3.3.3 set port qos wrr Use this command to set the weighted round robin transmission queues for one or more ports. set port qos wrr port-string que0_weight que1_weight que2_weight que3_weight Syntax Description port-string Specifies the port(s) on which to set QoS weighted queues. For a detailed description of possible port-string values, refer to Section 4.1.2.
PAGE 432
Port Priority and Classification Configuration Commands Configuring Quality of Service (QoS) 9.3.3.4 set port qos hybrid Use this command to enable and configure one of two hybrid queuing modes, either applying 802.1p strict priority (SP) queuing to higher priority queues, or weighted round robin (WRR) queuing to lower priority queues.
PAGE 433
Port Priority and Classification Configuration Commands Configuring Quality of Service (QoS) Example, Mode 1 This example shows how to set hybrid Mode 1 and the transmission queues on Fast Ethernet front panel ports 1 through 3. In this example the hybrid queues 0, 1, and 2 are being set to 30, 40, and 30 percent, respectively. Queue 3 will automatically use the 802.1p strict priority algorithm to service the frames in Queue 3 first.
PAGE 434
Port Priority and Classification Configuration Commands Configuring Priority Classification 9.3.4 Configuring Priority Classification Purpose To perform the following functions: • Display the current priority, classification, and description entries of each classification rule. • Assign priorities according to classification rules. • Add/delete a priority and associated protocol entry. • Enable or disable the priority tag override feature.
PAGE 435
Port Priority and Classification Configuration Commands Configuring Priority Classification 9.3.4.1 show priority classification Use this command to display priority classification information. show priority classification Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only. Command Alternative (v2.05.xx and higher) show policy class (Section 8.3.2.
PAGE 436
Port Priority and Classification Configuration Commands Configuring Priority Classification 9.3.4.2 set priority classification Use this command to create a classification rule that will assign traffic to a priority based on Layer 2/3/4/ rules. set priority classification priority_value data_meaning data_value [data_mask] {create | disable | enable} Syntax Description priority_value Specifies a port priority number (0 through 7) to which the frame classification is applied.
PAGE 437
Port Priority and Classification Configuration Commands Configuring Priority Classification Examples This example shows how to enable or disable the priority classifier globally.
PAGE 438
Port Priority and Classification Configuration Commands Configuring Priority Classification Table 9-1 Valid Values for Priority Classification data_meaning keywords data_value keywords data_ mask Ethernet-II-Type • • • • • • • 05F6 - FFFF (valid range) AppleTalk (809B) Banyan-Vines (0BAD) DECNET (6003) IP (0800) IPX (8137) RARP (8035) Not applicable. 802.3-SAP • • • • • IPX-LLC (E0E0) IPX-RAW (FFFF) IPX-SNAP (AAAA) Netbios (F0F0) SNA (0000, 0404, 0808 and 0C0C) Not applicable.
PAGE 439
Port Priority and Classification Configuration Commands Configuring Priority Classification Table 9-1 Valid Values for Priority Classification (Continued) data_meaning keywords data_value keywords data_ mask IP Address Group: IP Address in dotted decimal format: 000.000.000.000 Data mask in dotted decimal format: 000.000.000.
PAGE 440
Port Priority and Classification Configuration Commands Configuring Priority Classification Table 9-1 Valid Values for Priority Classification (Continued) data_meaning keywords data_value keywords data_ mask TCP Port Group: Same selection as for UDP Port Group Not applicable. • • • • • • • • Not applicable.
PAGE 441
Port Priority and Classification Configuration Commands Configuring Priority Classification 9.3.4.4 clear priority classification Use this command to clear priority classification entries. clear priority classification priority_value data_meaning data_value [data_mask] Syntax Description priority_value Specifies a port priority (0 through 7) associated with the classification to be cleared. data_meaning Specifies the data_meaning of the classification to be cleared.
PAGE 442
Port Priority and Classification Configuration Commands Configuring Priority Classification About ToS The Type of Service (ToS) field [also known as the Differential Services (DF) field in RFC 2474] is an 8-bit field. It is located in the IP header and used by a device to indicate the precedence or priority of a given frame (see Table 9-1). Together with the 802.1p priotity and IP, ToS fields enable the ability to signal the frame priority from end to end as the frame makes its way through the network.
PAGE 443
Port Priority and Classification Configuration Commands Configuring Priority Classification Syntax Description tos_value Specifies an integer (0 - 255) to identify priority to the various switch devices and routers in the IP-based network. priority_value Specifies a port priority (0 through 7) associated with the classification to be set. data_meaning Specifies the data_meaning for the parameter used to classify frames.
PAGE 444
Port Priority and Classification Configuration Commands Configuring Priority Classification 9.3.4.6 set priority classification tosstatus Use this command to enable or disable the ToS value configured in the set priority classification tosstatus command. set priority classification tosstatus priority_value data_meaning data_value [data_mask] {enable | disable} Syntax Description priority_value Specifies a port priority (0 through 7) associated with the classification to be enabled or disabled.
PAGE 445
Port Priority and Classification Configuration Commands Configuring Priority Classification 9.3.4.7 show priority classification qtagoverride Use this command to display the status of the priority tag override feature on one or more ports. When enabled as described in Section 9.3.4.8, this feature lowers the precedence level of 802.1Q frame tags received on specified ports. show priority classification qtagoverride [port-string] Syntax Description port-string (Optional) Displays status of the 802.
PAGE 446
Port Priority and Classification Configuration Commands Classification Precedence Rules Syntax Description port-string Specifies the port(s) for which to enable or disable priority tag override. For a detailed description of possible port-string values, refer to Section 4.1.2. enable | disable Enables or disables priority tag override. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 447
Port Priority and Classification Configuration Commands Classification Precedence Rules NOTE: In Table 9-2, the following applies: - Exact Match indicates a match of an explicitly defined address. - Best Match indicates a match of an entire subnet, or range of addresses within a subnet. Table 9-2 Classification Precedence Precedence Level (Default) Classification Type (IP) With 802.1Q Priority Tag Override 802.
PAGE 448
Port Priority and Classification Configuration Commands Classification Precedence Rules Table 9-2 9-30 Classification Precedence (Continued) Source MAC Address Best Match 2 1 Destination MAC Address Best Match 3 2 Source IPX Network Number 4 3 Destination IPX Network Number 5 4 IPX Source Socket 6 5 IPX Destination Socket 7 6 IPX Class of Service 8 7 IPX Type 9 8 Protocol Type (Ether Type or DSAP/SSAP) 10 9 Receive Port 11 11 Matrix E1 Series (1G58x-09 and 1H582-xx) Configu
PAGE 449
Port Priority and Classification Configuration Commands Classification Precedence Rules 9.3.5.1 set priority classification ingress Use this command to add ports to a priority classification rule. These ports will then be active for this rule. set priority classification ingress priority_value port-string data_meaning data_value [data_mask] Syntax Description priority_value Specifies the number of the port priority (0 through 7) being associated with the priority ingress classification list.
PAGE 450
Port Priority and Classification Configuration Commands Classification Precedence Rules Example This example shows how to add Fast Ethernet front panel ports 30 through 33 to the Ethernet II Type IP classification rule: Matrix>set priority classification ingress 7 fe.0.30-33 ethernet-II-type IP 9.3.5.2 clear priority classification ingress Use this command to remove ports from a priority classification rule.
PAGE 451
Port Priority and Classification Configuration Commands Classification Precedence Rules Command Mode Read-Write. Example This example shows how to clear Fast Ethernet front panel ports 5 to 7 from the Src UDP Range 44 46 classification rule: Matrix>clear priority classification ingress 5 fe.0.
PAGE 452
Port Priority and Classification Configuration Commands Configuring Port Traffic Rate Limiting 9.3.6 Configuring Port Traffic Rate Limiting Purpose To limit the incoming rate of traffic entering the Matrix E1 on a per port/priority basis.
PAGE 453
Port Priority and Classification Configuration Commands Configuring Port Traffic Rate Limiting Command Type Switch command. Command Mode Read-Only. Example This example shows how to display the current rate limits set for Fast Ethernet front panel ports 1 and 2. In this case, rate limiting is globally disabled, and is disabled on these ports. The threshold on all priorities queues within these ports is set to the default value of 195000 bits per second.
PAGE 454
Port Priority and Classification Configuration Commands Configuring Port Traffic Rate Limiting 9.3.6.2 set port ratelimit Use this command to configure the traffic rate limiting status and threshold (in bits per second) for one or more ports. set port ratelimit {disable | enable port-string priority threshold {discard | marked}{disable | enable}} Syntax Description disable | enable Disables or enables rate limiting globally on the device.
PAGE 455
Port Priority and Classification Configuration Commands Configuring Port Traffic Rate Limiting Example This example shows how to: • globally enable rate limiting on the device, • configure rate limiting on port priority 5 for Fast Ethernet front panel ports 3 through 7 to a threshold of 20,000 bits per second, • discard all frames, and enable rate limiting with these parameters on the specified ports: Matrix>set port ratelimit enable Matrix>set port ratelimit fe.0.3-7 5 200000 discard enable 9.3.6.
PAGE 456
Port Priority and Classification Configuration Commands Configuring Port Traffic Rate Limiting Example This example shows how to reset rate limiting on port priority 5 for Fast Ethernet front panel ports 3 through 7: Matrix>clear port ratelimit fe.0.
PAGE 457
10 IGMP Configuration This chapter describes the IGMP Configuration set of commands and how to use them. 10.1 IGMP CONFIGURATION SUMMARY Multicasting is used to support real-time applications such as video conferences or streaming audio. A multicast server does not have to establish a separate connection with each client. It merely broadcasts its service to the network, and any hosts that want to receive the multicast register with their local multicast switch/router.
PAGE 458
IGMP Configuration Command Set Enabling / Disabling IGMP 10.2 IGMP CONFIGURATION COMMAND SET 10.2.1 Enabling / Disabling IGMP Purpose To display IGMP status and to enable or disable IGMP snooping on the device. Commands The commands needed to display, enable and disable IGMP are listed below and described in the associated sections as shown. • show igmp (Section 10.2.1.1) • set igmp (Section 10.2.1.2) 10.2.1.1 show igmp Use this command to display IGMP information.
PAGE 459
IGMP Configuration Command Set Enabling / Disabling IGMP Example This example shows how to display IGMP status: Matrix>show igmp IGMP Snooping is disabled. 10.2.1.2 set igmp Use this command to enable or disable IGMP snooping on the device. This allows a host to inform the device it wants to receive transmissions addressed to a specific multicast group. set igmp {enable | disable} Syntax Description enable | disable Enables or disables IGMP snooping on the device. Command Defaults None.
PAGE 460
IGMP Configuration Command Set Setting IGMP Query Interval and Response Time 10.2.2 Setting IGMP Query Interval and Response Time Purpose To display and set IGMP query interval and response time settings. These commands work together to remove ports from an IGMP group. Query interval specifies how often IGMP host queries are sent. Response time specifies the maximum query response time.
PAGE 461
IGMP Configuration Command Set Setting IGMP Query Interval and Response Time 10.2.2.2 set igmp query-interval Use this command to set the IGMP query interval as defined in RFC 2236, Section 8.2. set igmp query-interval intervaltime Syntax Description intervaltime Specifies the frequency of host-query frame transmissions. Valid values are from 30 to 600 seconds. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 462
IGMP Configuration Command Set Setting IGMP Query Interval and Response Time Example This example shows how to display the IGMP response time (in tenths of a second): Matrix>show igmp response-time IGMP response time is 100 .1 seconds. 10.2.2.4 set igmp response-time Use this command to set the maximum IGMP query response time as defined in RFC 2236, Section 8.3. set igmp response-time value Syntax Description value Specifies the maximum query response time. Valid values are 10 to 255 tenths of a second.
PAGE 463
IGMP Configuration Command Set Reviewing IGMP Groups 10.2.3 Reviewing IGMP Groups Purpose Use this command to display the status of IGMP groups on the device. This includes the VLAN port configured to transmit IGMP multicast transmissions, its VLAN ID, and the IP addresses of the ports asking to receive those transmissions as part of the IGMP group. Command The command used to display IGMP groups is listed below and described in the associated section as shown. • show igmp groups (Section 10.2.3.1) 10.
PAGE 464
IGMP Configuration Command Set Reviewing IGMP Groups Table 10-1 provides details of the command output. Table 10-1 show igmp groups Output Details Output What It Displays... Vlan ID VLAN segment configured for IGMP. Multicast IP IP address associated with the VLAN ID through which all multicast traffic is forwarded. Type Protocol type, which is IGMP. IGMP Port List Port designation(s) wishing to receive multicast transmissions.
PAGE 465
IGMP Configuration Command Set Configuring IGMP VLAN Registration 10.2.4 Configuring IGMP VLAN Registration Purpose Use these commands to configure IGMP VLAN Registration (IVR) on the device. IVR is designed for applications using wide-scale deployment of multicast traffic. It eliminates the need to duplicate multicast traffic for clients in each VLAN. Multicast traffic for all groups is only sent around the VLAN trunk once — only on the multicast VLAN. NOTE: IVR cannot be used when routing is enabled.
PAGE 466
IGMP Configuration Command Set Configuring IGMP VLAN Registration Command Type Switch command. Command Mode Read-Only. Example This example shows how to display IVR information for front panel Fast Ethernet ports 1 through 3: Matrix>show igmp mode fe.0.1-3 IGMP MODE VLAN: 1 IGMP MODE IP: 10.1.2.3 Port Mode Port Mode Port Mode -----------------------------------------------------------fe.0.1 open fe.0.2 open fe.0.3 open Table 10-2 provides details of the command output.
PAGE 467
IGMP Configuration Command Set Configuring IGMP VLAN Registration Syntax Description vlan_id Specifies the IGMP registered VLAN. Command Defaults None. Command Type Switch command. Command Mode Read-Write. Example This example shows how to set VLAN 1 as an IGMP registered VLAN: Matrix>set igmp mode vlan 1 10.2.4.3 set igmp mode ipaddress Use this command to set the virtual IP address through which multicast traffic will be forwarded to all subscribing, or “open” ports.
PAGE 468
IGMP Configuration Command Set Configuring IGMP VLAN Registration Example This example shows how to set the IGMP mode IP address to 10.1.2.3: Matrix>set igmp mode ipaddress 10.1.2.3 10.2.4.4 set igmp mode Use this command to configure IVR ports as open or secure. Open ports will scope multicast transmissions to the IGMP VLAN. These ports are user access ports subscribing to receive multicast streams via the IGMP registered VLAN specified in the set igmp mode vlan command (Section 10.2.4.2).
PAGE 469
About IGMP IGMP VLAN Registration 10.3 ABOUT IGMP The Internet Group Management Protocol (IGMP) runs between hosts and their immediately neighboring multicast switch device. The protocol’s mechanisms allow a host to inform its local switch device that it wants to receive transmissions addressed to a specific multicast group. A multicast-enabled switch device can periodically ask its hosts if they want to receive multicast traffic.
PAGE 470
About IGMP IGMP VLAN Registration multicast VLAN to be shared in the network while subscribers remain in separate VLANs. IVR provides the ability to continuously send multicast streams in the multicast VLAN, but to isolate the streams from the subscriber VLANs for bandwidth and security reasons. NOTE: IVR cannot be used when routing is enabled. IVR eliminates the need to duplicate multicast traffic for clients in each VLAN.
PAGE 471
11 Logging and Switch Network Management This chapter describes switch-related logging and network management commands and how to use them. NOTE: The commands in this section pertain to network management of the Matrix E1 device when it is in switch mode only. For information on router-related network management tasks, including reviewing router ARP tables and IP traffic, refer to Chapter 12. 11.
PAGE 472
Logging and Network Management Command Set Configuring System Logging 11.2 LOGGING AND NETWORK MANAGEMENT COMMAND SET 11.2.1 Configuring System Logging Purpose To display and configure system logging, including Syslog server settings, logging severity levels for various applications, and Syslog default settings. Commands Commands to configure system logging are listed below and described in the associated section as shown. • set logging (Section 11.2.1.1) • show logging all (Section 11.2.1.
PAGE 473
Logging and Network Management Command Set Configuring System Logging 11.2.1.1 set logging Use this command to globally disable or re-enable Syslog on the device. set logging {enable | disable} Syntax Description enable | disable Enables or disables Syslog. Command Defaults None. Command Type Switch command. Command Mode Read-Write. Example This command shows how to disable Syslog: Matrix>set logging disable 11.2.1.
PAGE 474
Logging and Network Management Command Set Configuring System Logging Command Type Switch command. Command Mode Read-Only.
PAGE 475
Logging and Network Management Command Set Configuring System Logging Example This example shows how to display all system logging information: Matrix>show logging all Global Logging State: Enabled Application Current Severity Level --------------------------------------------0 default 6 1 GARP 5 2 MSTP 5 3 IGMP 5 4 LAG 5 5 FilterDb 5 6 hostVx 5 7 CDP 5 8 RMON 5 9 Policy 5 10 Syslog 5 11 RatePol 5 12 rtrFE 6 13 RtrCfg 5 14 etsVlan 5 15 rtrACL 5 16 MII 5 17 Envoy 5 18 SSH 5 19 RtrDvmrp 5 20 RtrOspf 5 21 Eap
PAGE 476
Logging and Network Management Command Set Configuring System Logging Matrix>show logging all emergencies(1) errors(4) information(7) (Continued from previous page) alerts(2) warnings(5) debugging(8) critical(3) notifications(6) Minimum message level displayed on the console session: warnings(5) Defaults: Facility Severity Port ------------------------------------------------------------local0 emergencies(1) 514 IP Address Facility Severity Port Status ------------------------------------------------
PAGE 477
Logging and Network Management Command Set Configuring System Logging Table 11-1 show logging all Output Details (Continued) Output What It Displays... Facility Syslog facility that will be encoded in messages sent to this server. Valid values are: local0 to local7. Severity Severity level at which the server is logging messages. Description Text string description of this facility/server. Port UDP port the client uses to send to the server.
PAGE 478
Logging and Network Management Command Set Configuring System Logging 11.2.1.4 set logging console Use this command to set the severity level at which Syslog messages will display to the console, or prevent Syslog messages from displaying to the console. set logging console {severity | disable} Syntax Description severity Specifies the severity level at which log messages will display to the console.
PAGE 479
Logging and Network Management Command Set Configuring System Logging show logging server [index] Syntax Description index (Optional) Displays Syslog information pertaining to a specific server table entry. Valid values are 1-8. Command Defaults If index is not specified, all Syslog server information will be displayed. Command Type Switch command. Command Mode Read-Only. Example This command shows how to display Syslog server configuration information.
PAGE 480
Logging and Network Management Command Set Configuring System Logging 11.2.1.6 set logging server Use this command to configure a Syslog server. set logging server index {ip_addr ip_addr | facility facility | severity severity | descr descr | port port | state [enable | disable]} Syntax Description index Specifies the server table index number for this server. Valid values are 1 - 8. ip_addr ip_addr Specifies the Syslog message server’s IP address.
PAGE 481
Logging and Network Management Command Set Configuring System Logging Command Mode Read-Write. Example This command shows how to enable a Syslog server configuration for index 1, IP address 134.141.89.113, facility local4, severity level 8 (debugging) port 514: Matrix>set logging server 1 ip_addr 134.141.89.113 facility local4 severity 8 port 514 state enable 11.2.1.7 clear logging server Use this command to remove a server from the Syslog server table.
PAGE 482
Logging and Network Management Command Set Configuring System Logging Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only. Example This command shows how to display the Syslog server default values. For an explanation of the command output, refer back to Table 11-1.
PAGE 483
Logging and Network Management Command Set Configuring System Logging Syntax Description facility facility Specifies the default facility name. Valid values are: local0 to local7. severity severity Specifies the default logging severity level.
PAGE 484
Logging and Network Management Command Set Configuring System Logging 11.2.1.10clear logging default Use this command to reset logging default values. clear logging default [facility] [severity] [port] Syntax Description facility (Optional) Resets the default facility name to local7. severity (Optional) Resets the default logging severity level to 5 (warning conditions). port (Optional) Resets the default UDP port the client uses to send to the server to 514.
PAGE 485
Logging and Network Management Command Set Configuring System Logging Command Mode Read-Only. Example This command shows a portion of the information displayed with the show logging application command. For a full list of supported applications, refer to Table 11-3.
PAGE 486
Logging and Network Management Command Set Configuring System Logging Table 11-2 show logging application Output Details Output What It Displays... Application Mnemonic values for applications being logged. For details on setting this value using the set logging application command, refer to Section 11.2.1.12. For a list of valid values and their corresponding applications, refer to Table 11-3.
PAGE 487
Logging and Network Management Command Set Configuring System Logging Syntax Description mnemonic Specifies a case sensitive mnemonic value of an application to be logged. Valid values and their corresponding applications are listed in Table 11-3. all Resets the severity level for all applications. level Specifies the severity level at which the server will log messages for applications.
PAGE 488
Logging and Network Management Command Set Configuring System Logging Table 11-3 11-18 Mnemonic Values for Logging Applications Mnemonic Application default Applications not explicitly included in Matrix E1 device. GARP 802.1D Generic Attribute Resolution Protocol (GVR/GMRP) MSTP 802.1D Spanning Tree (802.1w/802.1s) BrdgMIB IETF Bridge MIB component IGMP Internet Group Management Protocol FilterDb 802.
PAGE 489
Logging and Network Management Command Set Configuring System Logging Table 11-3 Mnemonic Values for Logging Applications (Continued) Mnemonic Application Radius RADIUS client/server Trunking Port trunking MacAuth MAC authentication Alias Node and alias SNMP Simple Network Management Protocol sntp Simple Network Time Protocol CLI Command Line Interface Telnet Telnet server and client SysDownload System download PortMirroring Port mirroring (redirect) Webview Enterasys’ WebView mana
PAGE 490
Logging and Network Management Command Set Configuring System Logging 11.2.1.13clear logging application Use this command to reset the logging severity level for one or all applications to the default value of 5 (warning conditions). clear logging application {mnemonic | all} Syntax Description mnemonic Resets the severity level for a specific application. Valid mnemonic values and their corresponding applications are listed in Table 11-3. all Resets the severity level for all applications.
PAGE 491
Logging and Network Management Command Set Configuring System Logging Command Defaults If file is not specified, the latest 200 Syslog messages stored in the audit-trail log will be displayed. Command Type Switch command. Command Mode Super User. Example This example shows an excerpt of the output from the show logging audit-trail command: Matrix>show logging audit-trail 132 <5>Apr 7 14:14:07.48 10.1.130.14 rtrFE[HOST_DISP_](host)Bad Source Address detect from interface vlan 3 with a source address of 127.
PAGE 492
Logging and Network Management Command Set Monitoring Switch Network Events and Status Example This command shows how to copy the audit trail history buffer to msgs.log file on the Syslog server: Matrix>copy audit-trail tftp://172.43.10.77/msgs.log 11.2.2 Monitoring Switch Network Events and Status Purpose To display switch events and command history, to set the size of the history buffer, and to display network and RMON statistics.
PAGE 493
Logging and Network Management Command Set Monitoring Switch Network Events and Status Command Defaults None. Command Type Switch command. Command Mode Read-Only. Example This example shows how to use the show eventlog command: Matrix>show eventlog 07/01/2001 16:57:28- (Info 07/02/2001 08:29:13- (Info 07/04/2001 09:21:28- (Info ) system started ) system started ) system started 11.2.2.2 clear eventlog Use this command to delete all entries from the system event log.
PAGE 494
Logging and Network Management Command Set Monitoring Switch Network Events and Status 11.2.2.3 history Use this command to display the contents of the command history buffer. The command history buffer includes all the switch commands entered up to a maximum of 32, as specified in the set history command (Section 11.2.2.6). history Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only.
PAGE 495
Logging and Network Management Command Set Monitoring Switch Network Events and Status Syntax Description cmd_num (Optional) Specifies the number of the command from the history display. iterations (Optional) Specifies the number of times to re-execute the command. Valid values are 0 to 2147483647. Entering 0 causes the specified cmd_num to be repeated endlessly until the user enters Ctrl+C. Command Defaults If no parameters are specified, the last command will be repeated. Command Type Switch.
PAGE 496
Logging and Network Management Command Set Monitoring Switch Network Events and Status 11.2.2.5 show history Use this command to display the size (in lines) of the history buffer. show history Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only. Example This example shows how to display the size of the history buffer: Matrix>show history History buffer size: 3 11.2.2.6 set history Use this command to set the size of the history buffer.
PAGE 497
Logging and Network Management Command Set Monitoring Switch Network Events and Status Example This example shows how to set the size of the command history buffer to 3 lines: Matrix>set history 3 11.2.2.7 show netstat Use this command to display statistics for the switch’s active network connections. show netstat [icmp | interface | ip | routes | stats | tcp | udp] Syntax Description icmp (Optional) Displays Internet Control Message Protocol (ICMP) statistics.
PAGE 498
Logging and Network Management Command Set Monitoring Switch Network Events and Status Example This example shows how to display statistics for all the current active network connections: Matrix>show netstat Active Internet connections (including servers) PCB Proto Recv-Q Send-Q Local Address -------- ----- ------ ------ -----------------1cc6314 TCP 0 0 0.0.0.0.80 1cc6104 TCP 0 0 0.0.0.0.23 1cc6290 UDP 0 0 0.0.0.0.162 1cc620c UDP 0 0 0.0.0.0.161 Foreign Address -----------------0.0.0.0.0 0.0.0.0.0 0.0.0.
PAGE 499
Logging and Network Management Command Set Monitoring Switch Network Events and Status Syntax Description port-string (Optional) Displays RMON statistics for specific port(s). For a detailed description of possible port-string values, refer to Section 4.1.2. Command Defaults If port-string is not specified, RMON stats will be displayed for all ports. Command Type Switch command. Command Mode Read-Only.
PAGE 500
Logging and Network Management Command Set Monitoring Switch Network Events and Status Table 11-5 11-30 show rmon stats Output Details Output What It Displays... Index Current Ethernet interface for which statistics are being shown. The device has an embedded RMON agent that gathers statistics for each interface. Status Current operating status of the displayed interface. Owner Name of the entity that configured this entry. Data Source Data source of the statistics being displayed.
PAGE 501
Logging and Network Management Command Set Monitoring Switch Network Events and Status Table 11-5 show rmon stats Output Details (Continued) Output What It Displays... Fragments Number of received frames that are not the minimum number of bytes in length, or received frames that had a bad or missing Frame Check Sequence (FCS), were less than 64 bytes in length (excluding framing bits, but including FCS bytes) and had an invalid CRC.
PAGE 502
Logging and Network Management Command Set Monitoring Switch Network Events and Status show users Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only. Example This example shows how to use the show users command. In this output, there is one Telnet user at IP address 10.1.10.10: Matrix>show users Console Port -----------Active Number of telnet users: 1 Telnet Session Users -------------------10.1.10.
PAGE 503
Logging and Network Management Command Set Managing Switch Network Addresses 11.2.2.10disconnect Use this command to close an active console port or Telnet session when operating in switch mode. disconnect {ip_address | console} Syntax Description ip_address Specifies the IP address of the Telnet session to be disconnected. This address is displayed in the output shown in Section 11.2.2.9. console Closes an active console port. Command Defaults None. Command Type Switch command.
PAGE 504
Logging and Network Management Command Set Managing Switch Network Addresses Commands Commands to manage switch network addresses are listed below and described in the associated section as shown. • show arp (Section 11.2.3.1) • set arp (Section 11.2.3.2) • clear arp (Section 11.2.3.3) • show rad (Section 11.2.3.4) • set rad (Section 11.2.3.5) • show mac (Section 11.2.3.6) • set mac (Section 11.2.3.7) • clear mac (Section 11.2.3.8) • show mac agingtime (Section 11.2.3.9) • set mac agingtime (Section 11.2.
PAGE 505
Logging and Network Management Command Set Managing Switch Network Addresses 11.2.3.1 show arp Use this command to display the switch’s ARP table. show arp Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only. Example This example shows how to display the ARP table: Matrix>show arp LINK LEVEL ARP TABLE destination gateway flags Refcnt Use Interface -------------------------------------------------------------------------10.1.0.
PAGE 506
Logging and Network Management Command Set Managing Switch Network Addresses Syntax Description ip_address Specifies the IP address to map to the MAC address and add to the ARP table. mac_address Specifies the MAC address to map to the IP address and add to the ARP table. temp (Optional) Sets the ARP entry as not permanent. This allows the entry to time out. pub (Optional) Publishes the specified ARP entry.
PAGE 507
Logging and Network Management Command Set Managing Switch Network Addresses Syntax Description hostname | ip_address (Optional) Specifies the IP address in the ARP table to be cleared. An IP alias or host name that can be resolved through the DNS can be specified instead of an IP address. Command Defaults If hostname or ip_address are not specified, all ARP entries will be cleared. Command Mode Read-Write. Example This example shows how to delete entry 10.1.10.10 from the ARP table: Matrix>clear arp 10.
PAGE 508
Logging and Network Management Command Set Managing Switch Network Addresses 11.2.3.5 set rad Use this command to enable or disable RAD (Runtime Address Discovery) protocol. The Matrix E1 uses BOOTP/DHCP to obtain an IP address if one hasn’t been configured. RAD can also be used to retrieve a text configuration file from the network. NOTE: In order for RAD to retrieve a text configuration file, the file must be specified in the BootP tab.
PAGE 509
Logging and Network Management Command Set Managing Switch Network Addresses Syntax Description address mac address (Optional) Displays information for a specific MAC address (if it is known by the device). fid vlan_id (Optional) Displays MAC addresses for a specific filter database identifier. port port-string (Optional) Displays MAC addresses related to a specific port(s). For a detailed description of possible port-string values, refer to Section 4.1.2.
PAGE 510
Logging and Network Management Command Set Managing Switch Network Addresses Table 11-6 provides an explanation of the command output. Table 11-6 11-40 show mac Output Details Output What It Displays... Filter Database Algorithm Default MAC algorithm mode. Current Filter Database Algorithm Current MAC algorithm mode, which is set with the set mac algorithm command (Section 11.2.3.15). Aging Time Time in seconds to age out inactive MAC address entries.
PAGE 511
Logging and Network Management Command Set Managing Switch Network Addresses 11.2.3.7 set mac Use this command to add MAC addresses to the switch IP routing table. set mac mac_address vlan_id port-string {delete-on-reset | delete-on-timeout | permanent} Syntax Description mac_address Specifies the MAC address to set. vlan_id Specifies the number identifying the VLAN to which the MAC address belongs. port-string Specifies the port designation for the MAC addresses.
PAGE 512
Logging and Network Management Command Set Managing Switch Network Addresses 11.2.3.8 clear mac Use this command to clear dynamic MAC address information for the switch. clear mac [address mac_address vlan_id | port port-string | vid vlan_id port-string] Syntax Description address mac_address vlan_id (Optional) Removes all dynamic MAC address entries attached to the specified VLAN. port port-string (Optional) Removes all dynamic MAC address entries attached to the specified port(s).
PAGE 513
Logging and Network Management Command Set Managing Switch Network Addresses This example clears the scoping of the ingress MAC address 01:00:00:11:11:11 and VLAN 2 pair. Then, the show mac multicast command is executed, to confirm that the scoping has been cleared.
PAGE 514
Logging and Network Management Command Set Managing Switch Network Addresses 11.2.3.10set mac agingtime Use this command to set the time in seconds to age out inactive MAC address entries. set mac agingtime seconds Syntax Description seconds Specifies the number of seconds for MAC aging time. Valid values are 10 to 630. Command Defaults None. Command Type Switch command. Command Mode Read-Write. Example This example shows how to set the MAC aging time to 400: Matrix>set mac agingtime 400 11.2.3.
PAGE 515
Logging and Network Management Command Set Managing Switch Network Addresses Example This example shows how to reset the MAC aging time: Matrix>clear mac agingtime 11.2.3.12show port stopaging Use this command to display the status of the MAC address stop aging function on one or more ports. show port stopaging [port-string] Syntax Description port-string (Optional) Displays status for specified port(s). For a detailed description of possible port-string values, refer to Section 4.1.2.
PAGE 516
Logging and Network Management Command Set Managing Switch Network Addresses 11.2.3.13set port stopaging Use this command to enable or disable stopping the aging process of MAC address entries on one or more ports. When enabled, this will prevent addresses from aging out due to inactivity on configured ports. Addresses will, however, update properly if moved from port to port. NOTE: This command must be configured in groups of eight ports for Fast Ethernet ports.
PAGE 517
Logging and Network Management Command Set Managing Switch Network Addresses 11.2.3.14clear port stopaging Use this command to reset the stop aging function on one or more ports to the default state of disabled. clear port stopaging [port-string] Syntax Description port-string (Optional) Resets the stop aging function on specific port(s). For a detailed description of possible port-string values, refer to Section 4.1.2. Command Defaults If port-string is not specified, status for all ports will be reset.
PAGE 518
Logging and Network Management Command Set Managing Switch Network Addresses Syntax Description mac-random Sets the mode to MAC random algorithm, which is best used by networks having a single MAC per VLAN that do not need the VLAN ID to be used in Layer 2 lookups. When running in this mode, the filter database lookup algorithm is optimized for networks with MAC addresses that vary by vendor.
PAGE 519
Logging and Network Management Command Set Managing Switch Network Addresses Example This example shows how to set the MAC algorithm mode to mac-vid-sequential: Matrix>set mac algorithm mac-vid-sequential 11.2.3.16show dns Use this command to display DNS (Domain Name Service) settings. DNS translates domain names into IP addresses. show dns Syntax Description None. Command Defaults None. Command Mode Read-Only. Example This example shows how to display DNS settings.
PAGE 520
Logging and Network Management Command Set Managing Switch Network Addresses Syntax Description domain-name Specifies a DNS domain name. Command Defaults None. Command Type Switch command. Command Mode Read-Write. Example This example shows how to set the DNS domain name to “net.com”: Matrix>set dns domain net.com 11.2.3.18clear dns domain Use this command to clear the DNS domain name. clear dns domain Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 521
Logging and Network Management Command Set Managing Switch Network Addresses 11.2.3.19set dns server Use this command to add a server to the DNS server list. set dns server ip-address Syntax Description ip-address Specifies an IP address of a DNS server. Command Defaults None. Command Type Switch command. Command Mode Read-Write. Example This example shows how to add the server at IP address 134.141.92.37 to the DNS server list: Matrix>set dns server 134.141.92.37 11.2.3.
PAGE 522
Logging and Network Management Command Set Managing Switch Network Addresses Example This example shows how to remove the server at IP address 134.141.92.37 from the DNS server list: Matrix>set dns server 134.141.92.37 11.2.3.21clear dns Use this command to clear all DNS information. clear dns Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 523
Logging and Network Management Command Set Managing Switch Network Addresses 11.2.3.22ping Use this command to send ICMP echo-request packets to another node on the network while operating in switch mode. ping {[[-s] hostname | ip_address] [hostname | ip_address [packet-count]]} Syntax Description -s (Optional) Causes a continuous ping, sending one datagram per second and printing one line of output for every response received, until the user enters Ctrl+C.
PAGE 524
Logging and Network Management Command Set Managing Switch Network Addresses This example shows how to ping IP address 10.1.10.1 with 10 packets: Matrix>ping Reply from Reply from Reply from Reply from Reply from Reply from Reply from Reply from Reply from Reply from 10.1.10.1 10 10.1.10.1 10.1.10.1 10.1.10.1 10.1.10.1 10.1.10.1 10.1.10.1 10.1.10.1 10.1.10.1 10.1.10.1 10.1.10.1 ------ PING 10.1.10.
PAGE 525
Logging and Network Management Command Set Managing Switch Network Addresses 11.2.3.23traceroute Use this command to display a hop-by-hop path through an IP network from the device to a specific destination host when operating in switch mode. Three UDP or ICMP probes will be transmitted for each hop between the source and the traceroute destination.
PAGE 526
Logging and Network Management Command Set Managing Switch Network Addresses -x (Optional) Prevents traceroute from calculating checksums. host Specifies the host to which the route of an IP packet will be traced. packetlen (Optional) Specifies the length of the probe packet. Command Defaults • If not specified, waittime will be set to 5 seconds. • If not specified, first-ttl will be set to 1 second. • If not specified, max-ttl will be set to 30 seconds.
PAGE 527
Logging and Network Management Command Set Managing Switch Network Addresses Example This example shows how to use traceroute to display a round trip path to host 192.167.252.17. In this case, hop 1 is the Matrix E1 switch, hop 2 is 14.1.0.45, and hop 3 is back to the host IP address. Round trip times for each of the three UDP probes are displayed next to each hop: Matrix>traceroute 192.167.252.17 traceroute to 192.167.252.17 (192.167.252.17), 30 hops max, 40 byte packets 1 matrix.enterasys.com (192.167.
PAGE 528
Logging and Network Management Command Set Managing Switch Network Addresses Command Usage To allow certain load-balancing servers to function correctly, frames with a pre-defined multicast address are flooded and received by all load-balancing servers. These servers are preconfigured to decide who responds to these requests. The problem with this approach is that the multicast frames are flooded to all ports that are members of the VLAN that the frame was received on.
PAGE 529
Logging and Network Management Command Set Managing Switch Network Addresses This example sets a second MAC address – VLAN pair to egress on the same VLAN 3 ports. The same multicast MAC address, 01:00:00:11:11:11, is used, but it is associated with VLAN 5 in this example: Matrix> set mac multicast 01-00-00-11-11-11 5 3 This example deletes a scoping VLAN from a configured ingress MAC address – VLAN pair: Matrix> clear mac address 01-00-00-11-11-11 5 11.2.3.
PAGE 530
Logging and Network Management Command Set Configuring Simple Network Time Protocol (SNTP) 11.2.4 Configuring Simple Network Time Protocol (SNTP) Purpose To configure the Simple Network Time Protocol (SNTP), which synchronizes device clocks in a network. For other time-related commands, see Section 3.2.2, “Setting Basic Device Properties,” on page 3-30. Commands Commands to configure SNTP are listed below and described in the associated section as shown. • show sntp (Section 11.2.4.
PAGE 531
Logging and Network Management Command Set Configuring Simple Network Time Protocol (SNTP) Example This example shows how to display SNTP settings. In this case, SNTP is operating in unicast mode. Broadcast delay is set at the default of 3000 milliseconds and SNTP requests are being transmitted every 512 seconds. Two servers, one with IP address 10.21.1.
PAGE 532
Logging and Network Management Command Set Configuring Simple Network Time Protocol (SNTP) Command Mode Read-Write. Example This example shows how to enable SNTP in broadcast mode: Matrix>set sntp broadcast 11.2.4.3 set sntp broadcastdelay Use this command to set the SNTP time to wait for a response from an SNTP server, in milliseconds, when in broadcast mode. set sntp broadcastdelay time Syntax Description time Specifies broadcast delay time in milliseconds. Valid values are 1 to 999999.
PAGE 533
Logging and Network Management Command Set Configuring Simple Network Time Protocol (SNTP) Syntax Description interval Specifies the poll interval in seconds. Valid values are 16 to 16284. Command Defaults None. Command Type Switch command. Command Mode Read-Write. Example This example shows how to set the SNTP poll interval to 30 seconds: Matrix>set sntp poll-interval 30 11.2.4.
PAGE 534
Logging and Network Management Command Set Configuring Simple Network Time Protocol (SNTP) Example This example shows how to set the server at IP address 10.21.1.100 as an SNTP server: Matrix>set sntp server 10.21.1.100 11.2.4.6 clear sntp server Use this command to remove one or all servers from the SNTP server list. clear sntp server {all [ip-address | hostname]} Syntax Description all Removes all servers from the SNTP server list.
PAGE 535
Logging and Network Management Command Set Configuring Simple Network Time Protocol (SNTP) 11.2.4.7 set timezone Use this command to set the SNTP time zone name and hours and minutes it is offset from Coordinated Universal Time (UTC). set timezone name [hours] [minutes] Syntax Description name Specifies the time zone name. hours (Optional) Specifies the number of hours this timezone will be offset from UTC. Valid values are minus 13 (-13) to 14.
PAGE 536
Logging and Network Management Command Set Configuring Simple Network Time Protocol (SNTP) Command Type Switch command. Command Mode Read-Write.
PAGE 537
Logging and Network Management Command Set Configuring Node Aliases 11.2.5 Configuring Node Aliases Purpose To review, configure, disable and re-enable node (port) alias functionality, which determines what network protocols are running on one or more ports. Commands Commands to configure node aliases are listed below and described in the associated section as shown. • show nodealias (Section 11.2.5.1) • show nodealias config (Section 11.2.5.2) • set nodealias (Section 11.2.5.
PAGE 538
Logging and Network Management Command Set Configuring Node Aliases Example This example (a portion of the command output) shows how to display node alias properties for all ports: Matrix>show nodealias Alias ID = 24117248 Interface = ge.0.6 Vlan ID = 1 Protocol = bootpc(8) Address Text = Alias ID Interface Vlan ID Protocol Address Text = = = = = 17301504 ge.0.6 1 ip(1) 10.2.240.
PAGE 539
Logging and Network Management Command Set Configuring Node Aliases 11.2.5.2 show nodealias config Use this command to display node alias configuration settings on one or more ports. show nodealias config [port-string] Syntax Description port-string (Optional) Displays node alias configuration settings for specific port(s). For a detailed description of possible port-string values, refer to Section 4.1.2.
PAGE 540
Logging and Network Management Command Set Configuring Node Aliases Table 11-8 show nodealias config Output Details Output What It Displays... Total Control Entries Total aliases learned. Active Entries Number of Total Control Entries that are active (not marked for deletion). Purge Time Last time the node alias table was cleared. State Node alias is ready to learn new entries. Allocated Entries Number of entries that have been allocated to all the ports.
PAGE 541
Logging and Network Management Command Set Configuring Node Aliases Syntax Description enable | disable Enables or disables a node alias agent. port-string Specifies the port(s) on which to enable or disable a node alias agent. For a detailed description of possible port-string values, refer to Section 4.1.2. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 542
Logging and Network Management Command Set Configuring Node Aliases Command Type Switch command. Command Mode Read-Write. Example This example shows how to set the maximum node alias entries to 1000 on Fast Ethernet front panel port 3: Matrix>set nodealias maxentries 1000 fe.0.3 11.2.5.5 clear nodealias Use this command to remove one or more node alias entries.
PAGE 543
Logging and Network Management Command Set Configuring Node Aliases 11.2.5.6 clear nodealias config Use this command to reset node alias state to enabled and clear the maximum entries value. clear nodealias config Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 544
Logging and Network Management Command Set Configuring Convergence End Points (CEP) Phone Detection 11.2.6 Configuring Convergence End Points (CEP) Phone Detection About CEP Phone Detection Convergence is a way to detect a remote IP telephony or video device and apply a policy to the connection port based on the type of CEP device found. When a convergence end point (CEP) is found, the global policy for that CEP is applied to that port.
PAGE 545
Logging and Network Management Command Set Configuring Convergence End Points (CEP) Phone Detection • set cep (Section 11.2.6.2) • set cep port (Section 11.2.6.3) • set cep policy (Section 11.2.6.4) • set cep detection (Section 11.2.6.5) • set cep detection type (Section 11.2.6.6) • set cep detection address (Section 11.2.6.7) • set cep detection protocol (Section 11.2.6.8) • set cep detection porthigh (Section 11.2.6.9) • set cep initialize (Section 11.2.6.10) • clear cep (Section 11.2.6.11) 11.2.6.
PAGE 546
Logging and Network Management Command Set Configuring Convergence End Points (CEP) Phone Detection Examples This example shows how to display CEP status for each detection type on port ge.0.1. In this case the default state of disabled for each type has not been changed: Matrix>show cep port ge.0.1 CEP Detection: - disabled ge.0.1 H323 phone - disabled Siemens phone - disabled Cisco phone - disabled This example shows default CEP policy information.
PAGE 547
Logging and Network Management Command Set Configuring Convergence End Points (CEP) Phone Detection Example This example shows how to globally enable CEP detection: Matrix>set cep enable 11.2.6.3 set cep port Use this command to enable or disable a CEP detection type on one or more ports. set cep port port-string {cisco | h323 | siemens} {enable | disable} Syntax Description port-string Specifies the port(s) to enable or disable.
PAGE 548
Logging and Network Management Command Set Configuring Convergence End Points (CEP) Phone Detection Syntax Description cisco | h323 | siemens Specifies the default policy as Cisco, H.323 or Siemens phone detection. profile-id Specifies an ID for this CEP policy profile. This must be configured using the policy management commands described in Chapter 11. Valid values are 1 - 65535. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 549
Logging and Network Management Command Set Configuring Convergence End Points (CEP) Phone Detection Syntax Description detection-id Specifies a CEP discovery group ID. Valid values are 1 2147483647. create | delete | disable | enable Creates a new convergence end points detection configuration group, or removes, disables or enables an existing group. A group must first be created then enabled to become operational. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 550
Logging and Network Management Command Set Configuring Convergence End Points (CEP) Phone Detection Syntax Description detection-id Specifies a CEP discovery group ID. This group must be created and enabled using the set cep detection command as described in Section 11.2.6.5. Valid values are 1 2147483647. h323 | siemens Specifies the phone type to detect as H.323 or Siemens. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 551
Logging and Network Management Command Set Configuring Convergence End Points (CEP) Phone Detection Syntax Description detection-id Specifies a CEP discovery group ID. This group must be created and enabled using the set cep detection command as described in Section 11.2.6.5. Valid values are 1 2147483647. address Sets an IP address for the CEP discovery group. ipv4 ip-address | unknown Specifies an IPv4 address or an address of an unknown IP protocol type.
PAGE 552
Logging and Network Management Command Set Configuring Convergence End Points (CEP) Phone Detection Syntax Description detection-id Specifies a CEP discovery group ID. This group must be created and enabled using the set cep detection command as described in Section 11.2.6.5. Valid values are 1 2147483647. tcp | udp | both | none Sets the CEP IP protocol type as: • • • • TCP UDP Both UDP and TCP None Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 553
Logging and Network Management Command Set Configuring Convergence End Points (CEP) Phone Detection Syntax Description detection-id Specifies a CEP discovery group ID. This group must be created and enabled using the set cep detection command as described in Section 11.2.6.5. Valid values are 1 2147483647. porthigh | portlow port Specifies a maximum or minimum UDP or TCP port to be used for convergence end points detection.Valid values are 1 - 65535. Command Defaults None. Command Type Switch command.
PAGE 554
Logging and Network Management Command Set Configuring Convergence End Points (CEP) Phone Detection Syntax Description port-string Specifies the CEP-enabled port(s) to re-initialize. This must be a port-string enabled for CEP using the set cep port command as described in Section 11.2.6.3. For a detailed description of possible port-string values, refer to Section 4.1.2. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 555
Logging and Network Management Command Set Configuring Convergence End Points (CEP) Phone Detection Command Type Switch command. Command Mode Read-Write.
PAGE 556
Logging and Network Management Command Set Configuring Convergence End Points (CEP) Phone Detection 11-86 Matrix E1 Series (1G58x-09 and 1H582-xx) Configuration Guide
PAGE 557
12 IP Configuration This chapter describes the Internet Protocol (IP) configuration set of commands and how to use them. ROUTER: The commands covered in this chapter can be executed when the device is in router mode only. For details on how to enable router configuration modes, refer to Section 3.3.3. 12.1 PROCESS OVERVIEW: INTERNET PROTOCOL (IP) CONFIGURATION Use the following steps as a guide to configuring IP on the device: 1. Configuring routing interface settings (Section 12.2.3) 2.
PAGE 558
IP Configuration Command Set Configuring Routing Interface Settings 12.2 IP CONFIGURATION COMMAND SET 12.2.1 Configuring Routing Interface Settings Basic Routing Interface Properties The Matrix E1 firmware supports the following routing interface properties: • Maximum number of (VLAN) routing interfaces: 256 • Maximum number of loopback interfaces: 20 • Maximum number of IP helper addresses per interface: 20 • Maximum number of IP addresses per interface: 1 primary, 8 secondary About Loopback vs.
PAGE 559
IP Configuration Command Set Configuring Routing Interface Settings Table 12-1 VLAN and Loopback Interface Configuration Modes For Routing Interface Type... Enter (in Global Configuration Mode)... Resulting Prompt... VLAN vlan vlan-id Matrix>Router(config-if(Vlan 1))# Loopback loopback loopback-id Matrix>Router(config-if (Lpbk 1))# For details on how to enable all router CLI configuration modes, refer back to Table 3-10. For details on configuring routing protocols, refer to Chapter 13.
PAGE 560
IP Configuration Command Set Configuring Routing Interface Settings Syntax Description vlan vlan-id | loopback loopback-id (Optional) Displays interface information for a specific VLAN or loopback. This interface must be configured for IP routing as described in Section 3.3.2. Command Type Router command. Command Mode Privileged EXEC: Matrix>Router# Command Defaults If not specified, information for all interfaces will be displayed.
PAGE 561
IP Configuration Command Set Configuring Routing Interface Settings Example This example shows how to display information for all interfaces configured on the router: Matrix>Router#show interface Vlan 1 is Administratively UP Vlan 1 is Operationally UP Internet Address is 10.1.1.1, Subnet Mask is 255.0.0.0 Internet Address is 11.1.1.1, Subnet Mask is 255.0.0.0 Internet Address is 12.1.1.1, Subnet Mask is 255.0.0.0 Internet Address is 13.1.1.1, Subnet Mask is 255.0.0.0 Internet Address is 14.1.1.
PAGE 562
IP Configuration Command Set Configuring Routing Interface Settings 12.2.1.2 interface Use this command to enable interface configuration mode from global configuration mode. For details on configuration modes supported by the Matrix E1 device and their uses, refer to Table 3-10 in Section 3.3.3. interface vlan vlan_id | loopback loopback-id NOTES: VLANs must be created in switch mode before they can be configured for IP routing.
PAGE 563
IP Configuration Command Set Configuring Routing Interface Settings 12.2.1.3 show ip interface Use this command to display information, including administrative status, IP address, name, MTU size and bandwidth, for interfaces configured for IP. show ip interface [vlan vlan_id | loopback loopback-id] Syntax Description vlan vlan_id | loopback loopback-id (Optional) Displays interface information for a specific VLAN or loopback. This interface must be configured for IP routing as described in Section 3.3.2.
PAGE 564
IP Configuration Command Set Configuring Routing Interface Settings 12.2.1.4 ip address Use this command to set, remove, or disable a primary or secondary IP address for an interface. ip address ip_address ip_mask Syntax Description ip_address Specifies the IP address of the interface to be added or removed. ip_mask Specifies the mask for the associated IP subnet. Command Syntax of the “no” Form The “no” form of this command removes the specified IP address and disables the interface for IP processing.
PAGE 565
IP Configuration Command Set Reviewing and Saving the Routing Configuration Syntax Description None. NOTE: The shutdown form of this command disables an interface for IP routing. Command Type Router command. Command Mode Interface configuration: Matrix>Router(config-if(Vlan ))# Command Defaults None. Example The following example shows how to enable VLAN 1 for IP routing: Matrix>Router(config)#interface vlan 1 Matrix>Router(config-if(Vlan 1))#no shutdown 12.2.
PAGE 566
IP Configuration Command Set Reviewing and Saving the Routing Configuration 12.2.2.1 show running-config Use this command to display the current non-default router operating configuration. show running-config Syntax Description None. Command Type Router command. Command Mode Privileged EXEC: Matrix>Router# Command Defaults None. Example This example shows how to display the current router operating configuration: Matrix>Router#show running-config ! Router id 182.127.62.1 ! interface vlan 1 IP Address 182.
PAGE 567
IP Configuration Command Set Reviewing and Saving the Routing Configuration Table 12-2 show running-config Output Details Output What It Displays... Router id Router ID (IP address) used by the OSPF protocol for path selection. Unless configured by using the router id command as described in Section 13.1.2.3, this will default to the lowest IP address of interfaces configured for routing on the device. interface vlan VLANs configured for IP routing and their IP addresses.
PAGE 568
IP Configuration Command Set Reviewing and Saving the Routing Configuration Syntax Description erase (Optional) Deletes the router-specific file. file (Optional) Saves the router-specific configuration to NVRAM. filename config_file (Optional) Saves the router-specific configuration to a file. terminal (Optional) Displays the current router-specific configuration to the terminal session. Command Type Router command.
PAGE 569
IP Configuration Command Set Reviewing and Saving the Routing Configuration 12.2.2.3 no ip routing Use this command to disable IP routing on the device and remove the routing configuration. By default, IP routing is enabled when interfaces are configured for it as described in Section 12.2.1. no ip routing Syntax Description None. Command Type Router command. Command Mode Global configuration: Matrix>Router(config)# Command Defaults None.
PAGE 570
IP Configuration Command Set Reviewing and Configuring the ARP Table 12.2.3 Reviewing and Configuring the ARP Table Purpose To review and configure the routing ARP table, to enable proxy ARP on an interface, and to set a MAC address on an interface. Commands The commands needed to review and configure the ARP table are listed below and described in the associated section as shown: • show ip arp (Section 12.2.3.1) • arp (Section 12.2.3.2) • ip gratuitous-arp-learning (Section 12.2.3.
PAGE 571
IP Configuration Command Set Reviewing and Configuring the ARP Table Syntax Description ip_address (Optional) Displays ARP entries related to a specific IP address. vlan vlan_id (Optional) Displays only ARP entries learned through a specific VLAN interface. This VLAN must be configured for IP routing as described in Section 3.3.2. output-modifier (Optional) Displays ARP entries within a specific range.
PAGE 572
IP Configuration Command Set Reviewing and Configuring the ARP Table Example The following example shows how to use the show ip arp command: Matrix>Router#show ip arp Protocol Address Age (min) Hardware Addr Type Interface -----------------------------------------------------------------------------Internet 134.141.235.251 0 Internet 134.141.235.165 - Internet 134.141.235.167 4 0003.4712.7a99 ARPA Vlan1 0002.1664.a5b3 ARPA Vlan1/fe.0.1 00d0.cf00.
PAGE 573
IP Configuration Command Set Reviewing and Configuring the ARP Table 12.2.3.2 arp Use this command to add or remove permanent ARP table entries. arp ip_address mac_address arpa Syntax Description ip_address Specifies the IP address of a device on the network. Valid values are IP addresses in dotted decimal notation. mac_address Specifies the 48-bit hardware address corresponding to the ip_address expressed in hexadecimal notation. arpa Specifies ARPA as the type of ARP mapping.
PAGE 574
IP Configuration Command Set Reviewing and Configuring the ARP Table Syntax Description both | reply | request Allows learning from gratuitous ARP reply, ARP request, or both reply and request. Command Syntax of the “no” Form The “no” form of this command disables gratuitous ARP learning: no ip gratuitous-arp-learning Command Type Router command. Command Mode Global configuration: Matrix>Router1(config)# Command Defaults None.
PAGE 575
IP Configuration Command Set Reviewing and Configuring the ARP Table Command Type Router command. Command Mode Interface configuration: Matrix>Router(config-if(Vlan ))# Command Defaults None. Example The following example shows how to enable proxy ARP on VLAN 1: Matrix>Router(config)#interface vlan 1 Matrix>Router(config-if(Vlan 1))#ip proxy-arp 12.2.3.5 ip mac-address Use this command to set a MAC address on an interface.
PAGE 576
IP Configuration Command Set Reviewing and Configuring the ARP Table Example The following example shows how to set an IP MAC address of 000A.000A.000B. on VLAN 1: Matrix>Router(config)#interface vlan 1 Matrix>Router(config-if(Vlan 1))#ip mac-address 000A.000A.000B 12.2.3.6 arp timeout Use this command to set the duration (in seconds) for entries to stay in the ARP table before expiring. arp timeout seconds Syntax Description seconds Specifies the time in seconds that an entry remains in the ARP cache.
PAGE 577
IP Configuration Command Set Reviewing and Configuring the ARP Table Syntax Description None. Configuration Mode Privileged EXEC: Matrix>Router# Command Defaults None.
PAGE 578
IP Configuration Command Set Configuring Broadcast Settings 12.2.4 Configuring Broadcast Settings Purpose To configure IP broadcast settings. Commands The commands needed to configure IP broadcast settings are listed below and described in the associated section as shown: • ip directed-broadcast (Section 12.2.4.1) • ip helper-address (Section 12.2.4.3) • ip forward-protocol (Section 12.2.4.2) 12.2.4.1 ip directed-broadcast Use this command to enable or disable IP directed broadcasts on an interface.
PAGE 579
IP Configuration Command Set Configuring Broadcast Settings Example This example shows how to enable IP directed broadcasts on VLAN 1: Matrix>Router(config)#interface vlan 1 Matrix>Router(config-if(Vlan 1))#ip directed-broadcast 12.2.4.2 ip forward-protocol Use this command to enable UDP broadcast forwarding and specify which protocols will be forwarded. This command works in conjunction with the ip helper-address command to configure UDP broadcast forwarding.
PAGE 580
IP Configuration Command Set Configuring Broadcast Settings Syntax Description udp Specifies UDP as the IP forwarding protocol. port (Optional) Specifies a destination port number or name that controls which UDP services are forwarded. Valid services and their corresponding names and port numbers are as follows.
PAGE 581
IP Configuration Command Set Configuring Broadcast Settings Example This example shows how to enable forwarding of Domain Naming System UDP datagrams (port 53): Matrix>Router(config)#ip forward-protocol udp 53 About DHCP/BOOTP Relay DHCP/BOOTP relay functionality is applied with the help of IP broadcast forwarding. A typical situation occurs when a host requests an IP address with no DHCP server located on that segment.
PAGE 582
IP Configuration Command Set Configuring Broadcast Settings Command Type Router command. Command Mode Interface configuration: Matrix>Router(config-if(Vlan ))# Command Defaults None. Example This example shows how to permit UDP broadcasts from hosts on networks 191.168.1.255 and 192.24.1.255 to reach servers on those networks: Matrix>Router(config)#ip forward-protocol udp Matrix>Router(config)#interface vlan 1 Matrix>Router(config-if(Vlan 1))#ip helper-address 192.168.1.
PAGE 583
IP Configuration Command Set Reviewing IP Traffic and Configuring Routes 12.2.5 Reviewing IP Traffic and Configuring Routes Purpose To review IP protocol information about the device, to review IP traffic and configure routes, to enable and send router ICMP (ping) messages, and execute traceroute. Commands The commands needed to review IP traffic and configure routes are listed below and described in the associated section as shown: • show ip protocols (Section 12.2.5.1) • show limits (Section 12.2.5.
PAGE 584
IP Configuration Command Set Reviewing IP Traffic and Configuring Routes Example This example shows how to display IP protocol information. In this case, the routing protocol is RIP (Routing Information Protocol). For more information on configuring RIP parameters, refer to Section 13.1.
PAGE 585
IP Configuration Command Set Reviewing IP Traffic and Configuring Routes Example This example shows how to display memory usage information for IP protocols: Matrix>Router(config)#show limits | Entries ( 64MgB) Resource | Max-InUse=Avail ======== | ===== ===== ===== Dynamic ARPs | 8192 0 8192 Static ARPs | 512 0 512 ARP Requests | 64 0 64 Routing Table | 10000 0 10000 Static Routes | 512 0 512 IP Helper | 5520 0 5520 Router LSA(type 1) | 200 0 200 Network LSA(type 2) | 400 0 400 Summary LSA(type 3) | 2000
PAGE 586
IP Configuration Command Set Reviewing IP Traffic and Configuring Routes Command Defaults If softpath is not specified, general IP traffic statistics will be displayed.
PAGE 587
IP Configuration Command Set Reviewing IP Traffic and Configuring Routes 12.2.5.4 clear ip stats Use this command to clear all IP traffic counters (IP, ICMP, UDP, TCP, IGMP, and ARP). clear ip stats Syntax Description None. Configuration Mode Privileged EXEC: Matrix>Router# Command Defaults None. Example This example shows how to clear all IP traffic counters: Matrix>Router#clear ip stats 12.2.5.5 show ip route Use this command to display information about IP routes.
PAGE 588
IP Configuration Command Set Reviewing IP Traffic and Configuring Routes Syntax Description destination prefix destination prefix mask longer-prefixes (Optional) Converts the specified address and mask into a prefix and displays any routes that match the prefix. connected (Optional) Displays connected routes. ospf (Optional) Displays routes configured for the OSPF routing protocol. rip (Optional) Displays routes configured for the RIP routing protocol. static (Optional) Displays static routes.
PAGE 589
IP Configuration Command Set Reviewing IP Traffic and Configuring Routes 12.2.5.6 ip route Use this command to add or remove a static IP route. ip route prefix mask {forward-addr | vlan vlan-id} [distance] [permanent] [tag value] Syntax Description prefix Specifies a destination IP address prefix. mask Specifies a destination prefix mask. forward-addr | vlan vlan-id Specifies a forwarding (gateway) IP address or routing (VLAN) interface ID.
PAGE 590
IP Configuration Command Set Reviewing IP Traffic and Configuring Routes This example shows how to set IP address 10.1.2.3 as the next hop gateway to destination address 10.0.0.0. The route is set as permanent and assigned a tag of 20: Matrix>Router(config)#ip route 10.0.0.0 255.0.0.0 10.1.2.3 permanent tag 20 This example shows how to set VLAN 100 as the next hop interface to destination address 10.0.0.0: Matrix>Router(config)#ip route 10.0.0.0 255.0.0.0 vlan 100 12.2.5.
PAGE 591
IP Configuration Command Set Reviewing IP Traffic and Configuring Routes Command Mode Interface configuration: Matrix>Router(config-if(Vlan ))# Command Defaults None. Example This example shows how to enable ICMP in echo-reply mode on VLAN 1: Matrix>Router(config)#interface vlan 1 Matrix>Router(config-if(Vlan 1))#ip icmp echo-reply 12.2.5.8 ping Use this command to test routing network connectivity by sending IP ping requests.
PAGE 592
IP Configuration Command Set Reviewing IP Traffic and Configuring Routes Example This example shows output from a successful ping to IP address 182.127.63.23: Matrix>Router#ping 182.127.63.23 Reply from 182.127.63.23 Reply from 182.127.63.23 Reply from 182.127.63.23 ------ PING 182.127.63.23 : Statistics -----3 packets transmitted, 3 packets received, 0% packet loss This example shows output from an unsuccessful ping to IP address 182.127.63.24: Matrix>Router#ping 182.127.63.
PAGE 593
IP Configuration Command Set Reviewing IP Traffic and Configuring Routes Example This example shows how to use traceroute to display a round trip path to host 192.167.252.46. In this case, hop 1 is an unnamed router at 192.167.201.2, hop 2 is “rtr10” at 192.4.9.10, hop 3 is “rtr43” at 192.167.208.43, and hop 4 is back to the host IP address. Round trip times for each of the three ICMP probes are displayed before each hop. Probe time outs are indicated by an asterisk (*): Matrix>Router#traceroute 192.167.
PAGE 594
IP Configuration Command Set Reviewing IP Traffic and Configuring Routes 12-38 Matrix E1 Series (1G58x-09 and 1H582-xx) Configuration Guide
PAGE 595
13 Routing Protocol Configuration This chapter describes the Routing Protocol Configuration set of commands and how to use them. ROUTER: The commands covered in this chapter can be executed when the device is in router mode only. For details on how to enable router configuration modes, refer to Section 3.3.3. 13.1 PROCESS OVERVIEW: ROUTING PROTOCOL CONFIGURATION Use the following steps as a guide to configuring routing protocols on the device: 1. Configuring RIP (Section 13.1.1) 2.
PAGE 596
Process Overview: Routing Protocol Configuration Configuring RIP 13.1.1 Configuring RIP Purpose To enable and configure the Routing Information Protocol (RIP). RIP Configuration Task List and Commands Table 13-1 lists the tasks and commands associated with RIP configuration. Commands are described in the associated section as shown. NOTE: Enabling RIP with the router rip and network commands is required if you want to run RIP on the device. All other tasks are optional.
PAGE 597
Process Overview: Routing Protocol Configuration Configuring RIP Table 13-1 RIP Configuration Task List and Commands (Continued) To do this... Use these commands... Configure RIP authentication. key chain (Section 13.1.1.9) key (Section 13.1.1.10) key-string (Section 13.1.1.11) accept-lifetime (Section 13.1.1.12) send-lifetime (Section 13.1.1.13) ip rip authentication keychain (Section 13.1.1.14) ip rip authentication mode (Section 13.1.1.
PAGE 598
Process Overview: Routing Protocol Configuration Configuring RIP Syntax Description None. Command Syntax of the “no” Form The “no” form of this command disables RIP: no router rip Command Type Router command. Command Mode Global configuration: Matrix>Router(config)# Command Defaults None. Example This example shows how to enable RIP: Matrix>Router#configure terminal Matrix>Router(config)#router rip Matrix>Router(config-router)# 13.1.1.
PAGE 599
Process Overview: Routing Protocol Configuration Configuring RIP Command Type Router command. Command Mode Router configuration: Matrix>Router(config-router)# Command Defaults None. Example This example shows how to attach network 192.168.1.0 to the RIP routing process: Matrix>Router(config)#router rip Matrix>Router(config-router)#network 192.168.1.0 13.1.1.3 neighbor Use this command to instruct the router to send unicast RIP information to a specific IP address.
PAGE 600
Process Overview: Routing Protocol Configuration Configuring RIP Example This example shows how to instruct the system to send unicast RIP information to network 192.5.10.1: Matrix>Router(config)#router rip Matrix>Router(config-router)#neighbor 192.5.10.1 13.1.1.4 distance Use this command to configure the administrative distance for RIP routes.
PAGE 601
Process Overview: Routing Protocol Configuration Configuring RIP Command Mode Router configuration: Matrix>Router(config-router)# Command Defaults None. Example This example shows how to change the default administrative distance for RIP to 1001: Matrix>Router(config)#router rip Matrix>Router(config-router)#distance 100 13.1.1.5 ip rip offset Use this command to add or remove an offset to the metric of an incoming or outgoing RIP route.
PAGE 602
Process Overview: Routing Protocol Configuration Configuring RIP Command Mode Interface configuration: Matrix>Router(config-if(Vlan ))# Command Defaults None. Example The following example shows how to add an offset of 1 to incoming RIP metrics on VLAN 1: Matrix>Router(config)#vlan 1 Matrix>Router(config-if(Vlan 1))#ip rip offset in 1 13.1.1.
PAGE 603
Process Overview: Routing Protocol Configuration Configuring RIP Command Mode Router configuration: Matrix>Router(config-router)# Command Defaults None. Example This example shows how to set RIP timers to a 5 second update time, a 10 second invalid interval, a 20 second holdown time, and a 60 second flush time: Matrix>Router(config)#router rip Matrix>Router(config-router)#timers basic 5 10 20 60 13.1.1.
PAGE 604
Process Overview: Routing Protocol Configuration Configuring RIP Command Defaults None. Example This example shows how to set the RIP send version to 2 for packets transmitted on VLAN 1: Matrix>Router(config)#interface vlan 1 Matrix>Router(config-if(Vlan 1))#ip rip send version 2 13.1.1.8 ip rip receive version Use this command to set the RIP version(s) for update packets accepted on the interface. ip rip receive version {1 | 2 | 1 2 | none} Syntax Description 1 Specifies RIP version 1.
PAGE 605
Process Overview: Routing Protocol Configuration Configuring RIP Example This example shows how to set the RIP receive version to 2 for update packets received on VLAN 1: Matrix>Router(config)#interface vlan 1 Matrix>Router(config-if(Vlan 1))#ip rip receive version 2 About RIP Authentication The following tasks must be completed to configure RIP authentication on the Matrix E1 device: 1. Create a key chain as described in Section 13.1.1.9. 2. Add a key to the chain as described in Section 13.1.1.10. 3.
PAGE 606
Process Overview: Routing Protocol Configuration Configuring RIP Command Defaults None. Example This example shows how to create a RIP authentication key chain called “password”: Matrix>Router(config)#key chain password 13.1.1.10key Use this command to identify a RIP authentication key on a key chain. key key-id NOTE: This release of the Matrix E1 supports only one key per key chain. Syntax Description key-id Specifies an authentication number for a key. Valid number are from 0 to 4294967295.
PAGE 607
Process Overview: Routing Protocol Configuration Configuring RIP Example This example shows how to create authentication key 1 within the key chain called “password”: Matrix>Router(config-router)#key chain password Matrix>Router(config-keychain)#key 1 13.1.1.11key-string Use this command to specify an authentication string for a key. Once configured, this string must be sent and received in RIP packets in order for them to be authenticated.
PAGE 608
Process Overview: Routing Protocol Configuration Configuring RIP 13.1.1.12accept-lifetime Use this command to specify the time period during which an authentication key on a key chain is valid to be received. accept-lifetime start-time month date year {duration seconds | end-time | infinite} Syntax Description start-time Specifies the time of day the authentication key will begin to be valid to be received.
PAGE 609
Process Overview: Routing Protocol Configuration Configuring RIP Command Mode Key chain key configuration: Matrix>Router(config-keychain-key)# Command Defaults None.
PAGE 610
Process Overview: Routing Protocol Configuration Configuring RIP Syntax Description start-time Specifies the time of day the authentication key will begin to be valid to be sent. Valid input is hours:minutes:seconds (hh:mm:ss) month Specifies the month the authentication key will begin to be valid to be sent. Valid input is the first three letters of the month. date Specifies the day of the month the authentication key will begin to be valid to be sent.
PAGE 611
Process Overview: Routing Protocol Configuration Configuring RIP Example This example shows how to allow the “name” authentication key to be sent as valid on its RIP-configured interface beginning at 2:30 on November 30, 2002 with no ending time (infinitely): Matrix>Router(config-router)#key chain md5key Matrix>Router(config-keychain)#key 3 Matrix>Router(config-keychain-key)#key-string name Matrix>Router(config-keychain-key)#send-lifetime 02:30:00 nov 30 2002 infinite 13.1.1.
PAGE 612
Process Overview: Routing Protocol Configuration Configuring RIP Example This example shows how to set the RIP authentication key chain to password on VLAN 1: Matrix>Router(config)#interface vlan 1 Matrix>Router(config-if(Vlan 1))#ip rip authentication keychain password 13.1.1.15ip rip authentication mode Use this command to set the authentication mode when a key chain is present. ip rip authentication mode {text | md5} NOTE: The RIP authentication keychain must be enabled as described in Section 13.1.1.
PAGE 613
Process Overview: Routing Protocol Configuration Configuring RIP 13.1.1.16no auto-summary Use this command to disable automatic route summarization. By default, RIP version 2 supports automatic route summarization, which summarizes subprefixes to the classful network boundary when crossing network boundaries. Disabling automatic route summarization enables CIDR, allowing RIP to advertise all subnets and host routing information on the Matrix E1 Series device.
PAGE 614
Process Overview: Routing Protocol Configuration Configuring RIP 13.1.1.17ip rip disable-triggered-updates Use this command to prevent RIP from sending triggered updates. Triggered updates are sent when there is a change in the network and a new route with a lower metric is learned, or an old route is lost. This command stops or starts the interface from sending these triggered updates. By default triggered updates are enabled on a RIP interface. ip rip disable-triggered-updates Syntax Description None.
PAGE 615
Process Overview: Routing Protocol Configuration Configuring RIP Syntax Description poison (Optional) Specifies that split horizon be performed with poison-reverse. This explicitly indicates that a network is unreachable, rather than implying it by not including the network in routing updates. Command Syntax of the “no” Form The “no” form of this command resets the mode to split-horizon without poison reverse: no ip split-horizon poison Command Type Router command.
PAGE 616
Process Overview: Routing Protocol Configuration Configuring RIP Syntax Description vlan vlan_id Specifies the number of the VLAN to make a passive interface. This VLAN must be configured for IP routing as described in Section 3.3.2. Command Syntax of the “no” Form The “no” form of this command disables passive interface: no passive-interface vlan vlan_id Command Type Router command. Command Mode Router configuration: Matrix>Router(config-router)# Command Defaults None.
PAGE 617
Process Overview: Routing Protocol Configuration Configuring RIP no receive-interface vlan vlan_id Command Type Router command. Command Mode Router configuration: Matrix>Router(config-router)# Command Defaults None. Example This example shows how to deny the reception of RIP updates on VLAN 2: Matrix>Router(config)#router rip Matrix>Router(config-router)#no receive-interface vlan 2 13.1.1.
PAGE 618
Process Overview: Routing Protocol Configuration Configuring RIP Command Mode Router configuration: Matrix>Router(config-router)# Command Defaults None. Example This example shows how to suppress the network 192.5.34.0 from being advertised in outgoing routing updates: Matrix>Router(config)#access-list 1 deny 192.5.34.0 0.0.0.255 Matrix>Router(config)#router rip Matrix>Router(config-router)#distribute-list 1 out vlan 13.1.1.
PAGE 619
Process Overview: Routing Protocol Configuration Configuring RIP Syntax Description connected Specifies that non-RIP routing information discovered via directly connected interfaces will be redistributed. ospf Specifies that OSPF routing information will be redistributed in RIP. process-id Specifies the process ID, an internally used identification number for each instance of the OSPF routing process run on a router. Valid values are 1 to 65535.
PAGE 620
Process Overview: Routing Protocol Configuration Configuring OSPF 13.1.2 Configuring OSPF Purpose To enable and configure the Open Shortest Path First (OSPF) routing protocol. OSPF Configuration Task List and Commands Table 13-2 lists the tasks and commands associated with OSPF configuration. Commands are described in the associated section as shown. . NOTE: Enabling OSPF with the router ospf and network commands are required if you want to run OSPF on the device. All other tasks are optional.
PAGE 621
Process Overview: Routing Protocol Configuration Configuring OSPF Table 13-2 OSPF Configuration Task List and Commands (Continued) To do this... Use these commands... • Configure OSPF authentication. ip ospf authentication-key (Section 13.1.2.11) ip ospf message digest key md5 (Section 13.1.2.12) Configure OSPF Areas. • Configure an administrative distance ospf (Section 13.1.2.13) distance. • Define the range of addresses to be area range (Section 13.1.2.
PAGE 622
Process Overview: Routing Protocol Configuration Configuring OSPF Table 13-2 OSPF Configuration Task List and Commands (Continued) To do this... Use these commands... Monitor and maintain OSPF. show ip ospf (Section 13.1.2.23) show ip ospf database (Section 13.1.2.24) show ip ospf border-routers (Section 13.1.2.25) show ip ospf interface (Section 13.1.2.26) show ip ospf neighbor (Section 13.1.2.27) show ip ospf virtual-links (Section 13.1.2.28) clear ip ospf process (Section 13.1.2.29) 13.1.2.
PAGE 623
Process Overview: Routing Protocol Configuration Configuring OSPF Command Defaults None. Example This example shows how to enable routing for OSPF process 1: Matrix>Router#conf terminal Matrix>Router(config)#router ospf 1 Matrix>Router(config-router)# 13.1.2.2 network Use this command to configure area IDs for OSPF interfaces. network ip_address wildcard_mask area area-id Syntax Description ip_address Specifies the IP address of an interface or a group of interfaces within the network address range.
PAGE 624
Process Overview: Routing Protocol Configuration Configuring OSPF Example This example shows how to configure IP address 182.127.62.1 0.0.0.31 as OSPF area 0: Matrix>Router(config)#router ospf 1 Matrix>Router(config-router)#network 182.127.62.1 0.0.0.31 area 0 13.1.2.3 router id Use this command to set the OSPF router ID for the device. The OSPF protocol uses the router ID as a tie-breaker for path selection.
PAGE 625
Process Overview: Routing Protocol Configuration Configuring OSPF 13.1.2.4 ip ospf cost Use this command to set the cost of sending a packet on an interface. Each router interface that participates in OSPF routing is assigned a default cost. This command overwrites the default of 10. ip ospf cost cost Syntax Description cost Specifies the cost of sending a packet. Valid values range from 1 to 65535.
PAGE 626
Process Overview: Routing Protocol Configuration Configuring OSPF Syntax Description number Specifies the router’s OSPF priority in a range from 0 to 255. Command Syntax of the “no” Form The “no” form of this command resets the value to the default of 1: no ip ospf priority Command Type Router command. Command Mode Interface configuration: Matrix>Router(config-if(Vlan ))# Command Defaults None.
PAGE 627
Process Overview: Routing Protocol Configuration Configuring OSPF Syntax Description spf-delay Specifies the delay, in seconds, between the receipt of an update and the SPF execution. Valid values are 0 to 4294967295. spf-hold Specifies the minimum amount of time, in seconds, between two consecutive OSPF calculations. Valid values are 0 to 4294967295. A value of 0 means that two consecutive OSPF calculations are performed one immediately after the other.
PAGE 628
Process Overview: Routing Protocol Configuration Configuring OSPF Syntax Description seconds Specifies the retransmit time in seconds. Valid values are 1 to 3600. Command Syntax of the “no” Form The “no” form of this command resets the retransmit interval value to the default, 5 seconds: no ip ospf retransmit-interval Command Type Router command. Command Mode Interface configuration: Matrix>Router(config-if(Vlan ))# Command Defaults None.
PAGE 629
Process Overview: Routing Protocol Configuration Configuring OSPF no ip ospf transmit-delay Command Type Router command. Command Mode Interface configuration: Matrix>Router(config-if(Vlan ))# Command Defaults None. Example This example shows how to set the time required to transmit a link state update packet on VLAN 1 at 20 seconds: Matrix>Router(config)#interface vlan 1 Matrix>Router(config-if(Vlan 1))#ip ospf transmit-delay 20 13.1.2.
PAGE 630
Process Overview: Routing Protocol Configuration Configuring OSPF Command Mode Interface configuration: Matrix>Router(config-if(Vlan ))# Command Defaults None. Example This example shows how to set the hello interval to 5 for VLAN 1: Matrix>Router(config)#interface vlan 1 Matrix>Router(config-if(Vlan 1))#ip ospf hello-interval 5 13.1.2.
PAGE 631
Process Overview: Routing Protocol Configuration Configuring OSPF Example This example shows how to set the dead interval to 20 for VLAN 1: Matrix>Router(config)#interface vlan 1 Matrix>Router(config-if(Vlan 1))#ip ospf dead-interval 20 13.1.2.11ip ospf authentication-key Use this command to assign a password to be used by neighboring routers using OSPF’s simple password authentication. This password is used as a “key” that is inserted directly into the OSPF header in routing protocol packets.
PAGE 632
Process Overview: Routing Protocol Configuration Configuring OSPF Example This example shows how to enables an OSPF authentication key on VLAN 1 with the password “yourpass”: Matrix>Router(config)#interface vlan 1 Matrix>Router(config-if(Vlan 1))#ip ospf authentication-key yourpass 13.1.2.12ip ospf message digest key md5 Use this command to enable or disable OSPF MD5 authentication on an interface. This validates OSPF MD5 routing updates between neighboring routers.
PAGE 633
Process Overview: Routing Protocol Configuration Configuring OSPF Example This example shows how to enable OSPF MD5 authentication on VLAN 1, set the key identifier to 20, and set the password to “passone”: Matrix>Router(config)#interface vlan 1 Matrix>Router(config-if(Vlan 1))#ip ospf message-digest-key 20 md5 passone 13.1.2.13distance ospf Use this command to configure the administrative distance for OSPF routes.
PAGE 634
Process Overview: Routing Protocol Configuration Configuring OSPF Syntax Description external | inter-area | intra-area Applies the distance value to external (type 5 and type 7), to inter-area, or to intra-area routes. weight Specifies an adminstrative distance for OSPF routes. Valid values are 1 - 255. NOTE: The value for intra-area distance must be less than the value for inter-area distance, which must be less than the value for external distance.
PAGE 635
Process Overview: Routing Protocol Configuration Configuring OSPF Syntax Description area-id Specifies the area at the boundary of which routes are to be summarized. ip_address Specifies the common prefix of the summarized networks. ip_mask Specifies the length of the common prefix. Command Syntax of the “no” Form The “no” form of this command stops the routes from being summarized: no area area-id range ip_address ip_mask Command Type Router command.
PAGE 636
Process Overview: Routing Protocol Configuration Configuring OSPF Syntax Description area-id Specifies the OSPF area in which to enable authentication. Valid values are decimal values or IP addresses. simple Enables simple text authentication. Simple password authentication allows a password (key) to be configured per area. Routers in the same area that want to participate in the routing domain will have to be configured with the same key.
PAGE 637
Process Overview: Routing Protocol Configuration Configuring OSPF Syntax Description area-id Specifies the stub area. Valid values are decimal values or ip addresses. no-summary (Optional) Prevents an Area Border Router (ABR) from sending Link State Advertisements (LSAs) into the stub area. When this parameter is used, it means that all destinations outside of the stub area are represented by means of a default route.
PAGE 638
Process Overview: Routing Protocol Configuration Configuring OSPF Syntax Description area-id Specifies the stub area. Valid values are decimal values or IP addresses. cost Specifies a cost value for the summary route that is sent into a stub area by default. Valid values are 24-bit numbers, from 0 to 16777215.
PAGE 639
Process Overview: Routing Protocol Configuration Configuring OSPF Syntax Description area-id Specifies the NSSA area. Valid values are decimal values or IP addresses. defaultinformationoriginate (Optional) Generates a default of Type 7 into the NSSA. This is used when the router is an NSSA ABR. Command Syntax of the “no” Form The “no” form of this command changes the NSSA back to a plain area: no area area-id nssa [default-information-originate] Command Type Router command.
PAGE 640
Process Overview: Routing Protocol Configuration Configuring OSPF • area area_id virtual-link ip_address retransmit-interval seconds • area area_id virtual-link ip_address transmit-delay seconds Syntax Description area-id Specifies the transit area for the virtual link. Valid values are decimal values or IP addresses. A transit area is an area through which a virtual link is established. ip_address Specifies the IP address of the ABR.
PAGE 641
Process Overview: Routing Protocol Configuration Configuring OSPF no area area_id virtual-link ip_address dead-interval seconds no area area_id virtual-link ip_address hello-interval seconds no area area_id virtual-link ip_address retransmit-interval seconds no area area_id virtual-link ip_address transmit-delay seconds Command Type Router command. Command Mode Router configuration: Matrix>Router(config-router)# Command Defaults None.
PAGE 642
Process Overview: Routing Protocol Configuration Configuring OSPF Command Type Router command. Command Mode Router configuration: Matrix>Router(config-router)# Command Defaults None. Example This example shows how enable passive OSPF mode on VLAN 102: Matrix>Router(config)#router ospf 1 Matrix>Router(config-router)#passive-ospf vlan 102 13.1.2.21redistribute Use this command to allow routing information discovered through non-OSPF protocols to be distributed in OSPF update messages.
PAGE 643
Process Overview: Routing Protocol Configuration Configuring OSPF Syntax Description connected Specifies that non-OSPF information discovered via directly connected interfaces will be redistributed. These are routes not specified in the OSPF network command as described in Section 13.1.2.2. rip Specifies that RIP routing information will be redistributed in OSPF. static Specifies that non-OSPF information discovered via static routes will be redistributed.
PAGE 644
Process Overview: Routing Protocol Configuration Configuring OSPF Example This example shows how to distribute external type 2 RIP routing information from non-subnetted routes in OSPF updates: Matrix>Router(config)#router ospf Matrix>Router(config-router)#redistribute rip 13.1.2.22database-overflow Use this command to limit the size of OSPF link state database overflow, a condition where the router is unable to maintain the database in its entirety.
PAGE 645
Process Overview: Routing Protocol Configuration Configuring OSPF Command Syntax of the “no” Form The “no” form of this command removes the database overflow limits: no database-overflow external {[exit-overflow-interval interval] [limit limit] [warning-level level]} Command Type Router command. Command Mode Router configuration: Matrix->Router(config-router)# Command Defaults None.
PAGE 646
Process Overview: Routing Protocol Configuration Configuring OSPF Command Defaults None. Example This example shows how to display OSPF information: Matrix>Router#show ip ospf Routing Process "ospf 20 " with ID 134.141.7.2 Supports only single TOS(TOS0) route It is an area border and autonomous system boundary router Summary Link update interval is 0 seconds. External Link update interval is 0 seconds.
PAGE 647
Process Overview: Routing Protocol Configuration Configuring OSPF 13.1.2.24show ip ospf database Use this command to display the OSPF link state database.
PAGE 648
Process Overview: Routing Protocol Configuration Configuring OSPF Command Type Router command. Command Mode Privileged EXEC: Matrix>Router# Command Defaults If link-state-id is not specified, the specified type of database records will be displayed for all link state IDs. Example This example shows how to display all OSPF link state database information: Matrix>Router#show ip ospf database OSPF Router with ID(182.127.64.1) Displaying Net Link States(Area 0.0.0.0) LinkID ADV Router Age Seq# 182.127.63.
PAGE 649
Process Overview: Routing Protocol Configuration Configuring OSPF Table 13-3 show ip ospf database Output Details Output What It Displays... Link ID Link ID, which varies as a function of the link state record type, as follows: • Net Link States - Shows the interface IP address of the designated router to the broadcast network. • Router Link States - Shows the ID of the router originating the record. • Summary Link States - Shows the summary network prefix.
PAGE 650
Process Overview: Routing Protocol Configuration Configuring OSPF Example This example shows how to display information about OSPF border routers. The first line of this output shows that an intra-area route has been established to destination border router 192.168.22.1 via neighboring router 192.168.11.1 on the VLAN 2 interface in area 0. The OSPF cost of this route is 64, and it carries an SPF calculation of 10.
PAGE 651
Process Overview: Routing Protocol Configuration Configuring OSPF Example This example shows how to display all OSPF related information for VLAN 1: Matrix>Router#show ip ospf interface vlan 1 Vlan 1 is UP Internet Address 182.127.63.2 Mask 255.255.255.0,Area 0.0.0.0 Router ID 182.127.64.1,Network Type BROADCAST,Cost: 10 Transmit Delay is 1 sec,State BACKUPDR,Priority 1 Designated Router id 182.127.62.1, Interface addr 182.127.63.1 Backup Designated Router id 182.127.63.
PAGE 652
Process Overview: Routing Protocol Configuration Configuring OSPF Table 13-4 show ip ospf interface Output Details (Continued) Output What It Displays... Backup Designated IP address of the backup designated router on this interface, Router id if one exists. Timer intervals configured OSPF timer intervals. These are either default, or configured with the ip ospf retransmit-interval (Section 13.1.2.7), the ip ospf hello-interval (Section 13.1.2.9), and the ip ospf dead interval (Section 13.1.2.
PAGE 653
Process Overview: Routing Protocol Configuration Configuring OSPF Syntax Description detail (Optional) Displays detailed information about the neighbors, including the area in which they are neighbors, who the designated router/backup designated router is on the subnet, if applicable, and the decimal equivalent of the E-bit value from the hello packet options field. ip_address (Optional) Displays OSPF neighbors for a specific IP address.
PAGE 654
Process Overview: Routing Protocol Configuration Configuring OSPF Table 13-5 show ip ospf neighbor Output Details Output What It Displays... ID Neighbor’s router ID of the OSPF neighbor. Pri Neighbor’s priority over this interface. State Neighbor’s OSPF communication state. Dead-Int Interval (in seconds) this router will wait without receiving a Hello packet from a neighbor before declaring the neighbor is down. Address Neighbor’s IP address. Interface Neighbor’s interface (VLAN). 13.1.2.
PAGE 655
Process Overview: Routing Protocol Configuration Configuring OSPF Example This example shows how to display OSPF virtual links information: Matrix>Router#show ip ospf virtual-links Virtual Link to router 5.5.5.1, is UP Transit area 0.0.0.2,via interface Vlan 7, Cost of using 10 Transmit Delay is 1 sec(s), State POINT_TO_POINT Timer intervals configured: Hello 10, Dead 40, Wait 40, Retransmit 5 Adjacency State FULL Table 13-6 provides an explanation of the command output.
PAGE 656
Process Overview: Routing Protocol Configuration Configuring OSPF Syntax Description process-id Specifies the process ID, an internally used identification number for each instance of the OSPF routing process run on a router. Valid values are 1 to 65535. Command Type Router command. Command Mode Privileged EXEC: Matrix>Router# Command Defaults None.
PAGE 657
Process Overview: Routing Protocol Configuration Configuring DVMRP 13.1.3 Configuring DVMRP Purpose To enable and configure the Distance Vector Routing Protocol (DVMRP) on an interface. DVMRP routes multicast traffic using a technique known as Reverse Path Forwarding. When a router receives a packet, it floods the packet out of all paths except the one that leads back to the packet’s source. Doing so allows a data stream to reach all VLANs (possibly multiple times).
PAGE 658
Process Overview: Routing Protocol Configuration Configuring DVMRP Command Mode Interface configuration: Matrix>Router(config-if(Vlan ))# Command Defaults None. Example This example shows how to enable DVMRP on VLAN 1: Matrix>Router(config)#interface vlan 1 Matrix>Router(config-if(Vlan 1))#ip dvmrp 13.1.3.2 ip dvmrp metric Use this command to configure the metric associated with a set of destinations for DVMRP reports.
PAGE 659
Process Overview: Routing Protocol Configuration Configuring DVMRP Example This example shows how to set a DVMRP of 16 on VLAN 1: Matrix>Router(config-if(Vlan 1))#ip dvmrp metric 16 13.1.3.3 show ip dvmrp route Use this command to display DVMRP routing information. show ip dvmrp route Syntax Description None. Command Type Router command. Command Mode Privileged EXEC: Router# Command Defaults None.
PAGE 660
Process Overview: Routing Protocol Configuration Configuring DVMRP Example This example shows how to display DVMRP routing table entries. In this case, the routing table has 5 entries. The first entry shows that the source network 60.1.1.0/24 can be reached via next-hop router 40.1.1.3. This route has a metric of 2. It has been in the DVMRP routing table for 1 hour, 24 minutes and 2 seconds and will expire in 2 minutes and 3 seconds.
PAGE 661
Process Overview: Routing Protocol Configuration Configuring DVMRP Syntax Description None. Command Type Router command. Command Mode Privileged EXEC: Matrix>Router# Command Defaults None. Example This example shows how to display the multicast forwarding cache table. In this case, it shows there are two source multicast networks. The network at IP address 165.223.129.0 is in multicast group 224.2.164.189. It recognizes an upstream neighbor at 134.141.20.
PAGE 662
Process Overview: Routing Protocol Configuration Configuring IRDP 13.1.4 Configuring IRDP Purpose To enable and configure the ICMP Router Discovery Protocol (IRDP) on an interface. This protocol enables a host to determine the address of a router it can use as a default gateway. Commands The commands needed to enable and configure IRDP are listed below and described in the associated section as shown: • ip irdp (Section 13.1.4.1) • ip irdp maxadvertinterval (Section 13.1.4.
PAGE 663
Process Overview: Routing Protocol Configuration Configuring IRDP Command Mode Interface configuration: Matrix>Router(config-if(Vlan ))# Command Defaults None. Example This example shows how to enable IRDP on VLAN 1: Matrix>Router(config)#interface vlan 1 Matrix>Router(config-if(Vlan 1))#ip irdp 13.1.4.2 ip irdp maxadvertinterval Use this command to set the maximum interval in seconds between IRDP advertisements.
PAGE 664
Process Overview: Routing Protocol Configuration Configuring IRDP Example This example shows how to set the maximum IRDP advertisement interval to 1000 seconds on VLAN 1: Matrix>Router(config)#interface vlan 1 Matrix>Router(config-if(Vlan 1))#ip irdp maxadvertinterval 1000 13.1.4.3 ip irdp minadvertinterval Use this command to set the minimum interval in seconds between IRDP advertisements.
PAGE 665
Process Overview: Routing Protocol Configuration Configuring IRDP 13.1.4.4 ip irdp holdtime Use this command to set the length of time in seconds IRDP advertisements are held valid. ip irdp holdtime holdtime NOTE: Hold time is automatically set at three times the maxadvertinterval value when the maximum advertisement interval is set as described in Section 13.1.4.2 and the minimum advertisement interval is set as described in Section 13.1.4.3.
PAGE 666
Process Overview: Routing Protocol Configuration Configuring IRDP 13.1.4.5 ip irdp preference Use this command to set the IRDP preference value for an interface. This value is used by IRDP to determine the interface’s selection as a default gateway address. ip irdp preference preference Syntax Description preference Specifies the value to indicate the interface’s use as a default router address. Valid values are -2147483648 to 2147483647.
PAGE 667
Process Overview: Routing Protocol Configuration Configuring IRDP 13.1.4.6 ip irdp address Use this command to add additional IP addresses for IRDP to advertise. ip irdp address ip_address preference Syntax Description ip_address Specifies an IP address to advertise. preference Specifies the value to indicate the address’ use as a default router address. Valid values are -2147483648 to 2147483647.
PAGE 668
Process Overview: Routing Protocol Configuration Configuring IRDP Syntax Description None. Command Type Router command. Command Mode Interface configuration: Matrix>Router(config-if(Vlan ))# Command Defaults None. Example This example shows how to enable the router to send IRDP advertisements using broadcast: Matrix>Router(config)#interface vlan 1 Matrix>Router(config-if(Vlan 1))#no ip irdp multicast 13.1.4.8 show ip irdp Use this command to display IRDP information.
PAGE 669
Process Overview: Routing Protocol Configuration Configuring IRDP Example This example shows how to display IRDP information for VLAN 1: Matrix>Router(config)#interface vlan 1 Matrix>Router(config-if(vlan 1))#show ip irdp vlan 1 Interface 1 is not enabled Matrix E1 Series (1G58x-09 and 1H582-xx) Configuration Guide 13-75
PAGE 670
Process Overview: Routing Protocol Configuration Configuring VRRP 13.1.5 Configuring VRRP Purpose To enable and configure the Virtual Router Redundancy Protocol (VRRP). This protocol eliminates the single point of failure inherent in the static default routed environment by transferring the responsibility from one router to another if the original router goes down. VRRP-enabled routers decide who will become master and who will become backup in the event the master fails.
PAGE 671
Process Overview: Routing Protocol Configuration Configuring VRRP Syntax Description None. Command Syntax of the “no” Form The “no” form of this command removes all VRRP configurations from the running configuration: no router vrrp Command Type Router command. Command Mode Global configuration: Matrix>Router(config)# Command Defaults None. Example This example shows how enable VRRP configuration mode: Matrix>Router#configure terminal Matrix>Router(config)#router vrrp Matrix>Router(config-router)# 13.1.5.
PAGE 672
Process Overview: Routing Protocol Configuration Configuring VRRP Syntax Description vlan vlan_id Specifies the number of the VLAN on which to create a VRRP session. This VLAN must be configured for IP routing as described in Section 3.3.2. vrid Specifies a unique Virtual Router ID (VRID) to associate with the routing interface. Valid values are from 1 to 255.
PAGE 673
Process Overview: Routing Protocol Configuration Configuring VRRP Syntax Description vlan vlan_id Specifies the number of the VLAN on which to configure a virtual router address. This VLAN must be configured for IP routing as described in Section 3.3.2. vrid Specifies a unique Virtual Router ID (VRID) associated with the routing interface. Valid values are from 1 to 255. ip_address Specifies the virtual router IP address to associate with the router.
PAGE 674
Process Overview: Routing Protocol Configuration Configuring VRRP Syntax Description vlan vlan_id Specifies the number of the VLAN on which to configure VRRP priority. This VLAN must be configured for IP routing as described in Section 3.3.2. vrid Specifies a unique Virtual Router ID (VRID) associated with the routing interface. Valid values are from 1 to 255. priority_value Specifies the VRRP priority value to associate with the vrid.
PAGE 675
Process Overview: Routing Protocol Configuration Configuring VRRP 13.1.5.5 advertise-interval Use this command to set the interval in seconds between VRRP advertisements. These are sent by the master router to other routers participating in the VRRP master selection process, informing them of its configured values. Once the master is selected, then advertisements are sent every advertising interval to let other VRRP routers in this VLAN/VRID know the router is still acting as master of the VLAN/VRID.
PAGE 676
Process Overview: Routing Protocol Configuration Configuring VRRP Example This example shows how set an advertise interval of 3 seconds on VLAN 1, VRID 1: Matrix>Router(config)#router vrrp Matrix>Router(config-router)#advertise-interval vlan 1 1 3 13.1.5.6 critical-ip Use this command to set a critical IP address for VRRP routing.
PAGE 677
Process Overview: Routing Protocol Configuration Configuring VRRP Example This example shows how to set IP address 182.127.62.3 as a critical IP address associated with VLAN 1, VRID 1: Matrix>Router(config)#router vrrp Matrix>Router(config-router)#critical-ip vlan 1 1 182.127.62.3 13.1.5.7 preempt Use this command to enable or disable preempt mode on a VRRP router. Preempt is enabled on VRRP routers by default, which allows a higher priority backup router to preempt a lower priority master.
PAGE 678
Process Overview: Routing Protocol Configuration Configuring VRRP Example This example shows how to disable preempt mode on VLAN 1, VRID 1: Matrix>Router(config)#router vrrp Matrix>Router(config-router)#no preempt vlan 1 1 13.1.5.8 enable Use this command to enable VRRP on an interface. enable vlan vlan_id vrid NOTE: Before enabling VRRP, you must set the other options described in this section.
PAGE 679
Process Overview: Routing Protocol Configuration Configuring VRRP Example This example shows how to enable VRRP on VLAN 1, VRID 1: Matrix>Router(config)#router vrrp Matrix>Router(config-router)#enable vlan 1 1 13.1.5.9 ip vrrp authentication-key Use this command to set a VRRP authentication password on an interface. ip vrrp authentication-key password Syntax Description password Specifies an authentication password. Text string can be 1 to 8 characters in length.
PAGE 680
Process Overview: Routing Protocol Configuration Configuring VRRP Syntax Description md5 Specifies the authentication type as MD5. password Specifies an MD5 authentication password. Text string can be 1 to 16 characters in length. Command Syntax of the “no” Form The “no” form of this command clears VRRP MD5 authentication: no ip vrrp message-digest-key Command Type Router command. Command Mode Interface configuration: Matrix>Router1(config-if(Vlan 1))# Command Defaults None.
PAGE 681
Process Overview: Routing Protocol Configuration Configuring VRRP Command Defaults None. Example This example shows how to display VRRP information: Matrix>Router(config)#show ip vrrp -----------VRRP CONFIGURATION----------Vlan Vrid State Owner 1 1 Master 1 AssocIpAddr 182.127.63.
PAGE 682
Process Overview: Routing Protocol Configuration Configuring VRRP 13-88 Matrix E1 Series (1G58x-09 and 1H582-xx) Configuration Guide
PAGE 683
14 Security Configuration This chapter describes the Security Configuration set of commands and how to use them. 14.1 OVERVIEW OF SECURITY METHODS The following security methods are available for controlling which users are allowed to access, monitor, and manage the device. • Login Security Password – used to log in to the CLI via a Telnet connection or local COM port connection. For details, refer to Section 3.2.1. • SNMP – allows access to the Matrix E1 device via a network SNMP management application.
PAGE 684
Process Overview: Security Configuration • Port Web Authentication (PWA) – locks down a port a user is attached to until after the user logs in using a web browser to access the switch. The switch will pass all login information from the end station to a RADIUS server for authentication before turning the port on. PWA is an alternative to 802.1X and MAC authentication. For details, refer to Section 14.3.5.
PAGE 685
Security Configuration Command Set Configuring RADIUS 14.3 SECURITY CONFIGURATION COMMAND SET 14.3.1 Configuring RADIUS Purpose To perform the following: • Review the RADIUS client/server configuration on the device. • Enable or disable the RADIUS client. • Set local and remote login options. • Set primary and secondary server parameters, including IP address, timeout period, and number of user login attempts allowed. • Reset RADIUS server settings to default values.
PAGE 686
Security Configuration Command Set Configuring RADIUS 14.3.1.1 show radius Use this command to display the current RADIUS client/server configuration. show radius [last-resort-action] [retries] [server [index]] [timeout] Syntax Description last-resort-action (Optional) Displays last resort action settings. This is the action to be taken if the RADIUS server times out during local or remote login.
PAGE 687
Security Configuration Command Set Configuring RADIUS Example This example shows how to display RADIUS configuration information: Matrix>show radius RADIUS status: Disabled RADIUS retries: 3 RADIUS timeout: 20 seconds RADIUS mgmt-auth status: Disabled Server Server Index IP Auth-Port Status --------------------------------------------------100 1.2.100.
PAGE 688
Security Configuration Command Set Configuring RADIUS Table 14-1 show radius Output Details (Continued) Output What It Displays... Server IP IP address of the RADIUS server. Auth-Port RADIUS server’s UDP authentication port. Status Whether the server is the primary or secondary RADIUS server. RADIUS last-resort-action Last resort action to be taken if the RADIUS server times out during local or remote login.
PAGE 689
Security Configuration Command Set Configuring RADIUS retries number-of-retries Specifies the maximum number of attempts to contact the RADIUS server before timing out. Valid values are from 1 - 2147483647. Default is 3. server index ip_address port server-secret Specifies the server’s: timeout timeout_value Specifies the maximum amount of time (in seconds) to establish contact with the RADIUS server before timing out. Valid values are from 1 - 2147483647. Default is 20 seconds.
PAGE 690
Security Configuration Command Set Configuring RADIUS Examples This example shows how to enable the RADIUS client for authenticating with a RADIUS server 1 at IP address 10.1.6.203, UDP authentication port 1812. As previously noted, the “server secret” password entered here must match that already configured as the Read-Write (rw) password on the RADIUS server: Matrix>set radius server 1 10.1.6.
PAGE 691
Security Configuration Command Set Configuring RADIUS Command Mode Read-Write. Command Defaults If local or remote are not specified, all last resort actions will be reset.
PAGE 692
Security Configuration Command Set Configuring RADIUS 14.3.1.4 show radius accounting Use this command to display the RADIUS accounting configuration. This transmits accounting information between a network access server and a shared accounting server. show radius accounting [server [index] | counter [index] | retries [index] | timeout [index] | intervalminimum | updateinterval] Syntax Description server index (Optional) Displays one or all RADIUS accounting server configurations.
PAGE 693
Security Configuration Command Set Configuring RADIUS Example This example shows how to display RADIUS accounting configuration information. In this case, RADIUS accounting is not currently enabled and global default settings have not been changed. One server has been configured. The Matrix E1 Series device allows for up to 10 RADIUS accounting servers to be configured, with up to 2 active at any given time. For details on enabling and configuring RADIUS accounting, refer to Section 14.3.1.
PAGE 694
Security Configuration Command Set Configuring RADIUS 14.3.1.5 set radius accounting Use this command to configure RADIUS accounting. set radius accounting {[enable] [disable] [server index ip_address port server-secret] [retries retries index] [timeout timeout index] [intervalminimum value] [updateinterval value]} Syntax Description enable | disable Enables or disables the RADIUS accounting client.
PAGE 695
Security Configuration Command Set Configuring RADIUS Command Defaults None. Examples This example shows how to enable the RADIUS accounting client for authenticating with accounting server 1 at IP address 10.2.4.12, UDP authentication port 1800. As previously noted, the “server secret” password entered here must match that already configured as the Read-Write (rw) password on the RADIUS accounting server: Matrix>set radius accounting server 1 10.2.4.
PAGE 696
Security Configuration Command Set Configuring RADIUS 14.3.1.6 clear radius accounting Use this command to clear RADIUS accounting configuration settings. clear radius accounting {[server{index | all}] [counter{index | all}] [retries { index | all}] [timeout {index | all}] [intervalminimum] [updateinterval]} Syntax Description server index | all Clears the configuration on one or more accounting servers. counter index | all Clears counters on one or more accounting servers.
PAGE 697
Security Configuration Command Set Configuring 802.1X Authentication 14.3.2 Configuring 802.1X Authentication Purpose To review and configure 802.1X authentication for one or more ports using EAPOL (Extensible Authentication Protocol Over LANs). 802.1X controls network access by enforcing user authorization on selected ports, which results in allowing or denying network access according to user profiles on the RADIUS server. NOTES: When both 802.
PAGE 698
Security Configuration Command Set Configuring 802.1X Authentication 14.3.2.1 show dot1x Use this command to display 802.1X status, diagnostics, statistics, and reauthentication or initialization control information for one or more port access entity (PAE) ports. show dot1x [auth-diag] [auth-session-stats] [auth-stats] [port-string] Syntax Description auth-config (Optional) Displays authentication configuration information. auth-diag (Optional) Displays authentication diagnostics information.
PAGE 699
Security Configuration Command Set Configuring 802.1X Authentication This example shows how to display authentication diagnostics information for Fast Ethernet front panel port 1: Matrix>show dot1x auth-diag fe.0.
PAGE 700
Security Configuration Command Set Configuring 802.1X Authentication This example shows how to display authentication statistics for Fast Ethernet front panel port 1: Matrix>show dot1x auth-stats fe.0.
PAGE 701
Security Configuration Command Set Configuring 802.1X Authentication 14.3.2.2 show dot1x auth-config Use this command to display 802.1X authentication configuration settings for one or more ports. show dot1x auth-config [authcontrolled-portcontrol] [keytxenabled] [maxreq] [quietperiod] [reauthenabled] [reauthperiod] [servertimeout] [supptimeout] [txperiod] [port-string] Syntax Description authcontrolledportcontrol (Optional) Displays the EAPOL port control mode.
PAGE 702
Security Configuration Command Set Configuring 802.1X Authentication Examples This example shows how to display the EAPOL port control mode for Fast Ethernet front panel port 1: Matrix>show dot1x auth-config authcontrolled-portcontrol fe.0.1 Port 1: Auth controlled port control: Auto This example shows how to display the 802.1X quiet period settings for Fast Ethernet front panel port 1: Matrix>show dot1x auth-config quietperiod fe.0.1 Port 1: Quiet period: 30 14.3.2.
PAGE 703
Security Configuration Command Set Configuring 802.1X Authentication 14.3.2.4 set dot1x auth-config Use this command to configure 802.1X authentication.
PAGE 704
Security Configuration Command Set Configuring 802.1X Authentication supptimeout timeout Specifies a timeout period (in seconds) for the authentication supplicant. Valid values are 1 2147483647. txperiod value Specifies the period (in seconds) allowed for the transmission of 802.1X keys. Valid values are 1 2147483647. port-string Specifies the port(s) on which to configure authentication settings. For a detailed description of possible port-string values, refer to Section 4.1.2.
PAGE 705
Security Configuration Command Set Configuring 802.1X Authentication 14.3.2.5 set dot1x port Use this command to enable 802.1X reauthentication or initialization control on one or more ports. set dot1x port port-string [init | reauth] Syntax Description port-string Specifies the port(s) on which to enable reauthentication or reauthentication. For a detailed description of possible port-string values, refer to Section 4.1.2. init | reauth (Optional) Enables initialization control or reauthentication.
PAGE 706
Security Configuration Command Set Configuring 802.1X Authentication 14.3.2.6 clear dot1x auth-config Use this command to reset 802.1X authentication parameters to default values on one or more ports. clear dot1x auth-config [authcontrolled-portcontrol] [keytxenabled] [maxreq] [quietperiod] [reauthenabled] [reauthperiod] [servertimeout] [supptimeout] [txperiod] [port-string] Syntax Description authcontrolledportcontrol (Optional) Resets the 802.1X port control mode to auto.
PAGE 707
Security Configuration Command Set Configuring 802.1X Authentication Examples This example shows how to reset the 802.1X port control mode to auto on all ports: Matrix>clear dot1x auth-config authcontrolled-portcontrol This example shows how to reset reauthentication control to disabled on Fast Ethernet front panel ports 1-3: Matrix>clear dot1x auth-config reathenabled fe.0.1-3 This example shows how to reset the 802.
PAGE 708
Security Configuration Command Set Configuring 802.1X Authentication Command Defaults If port-string is not specified, EAPOL settings for all ports will be displayed. Example This example shows how to display EAPOL status for Fast Ethernet front panel ports 1-3: Matrix>show eapol fe.0.1-3 EAPOL is disabled. Port -------fe.0.1 fe.0.2 fe.0.
PAGE 709
Security Configuration Command Set Configuring 802.1X Authentication Table 14-2 show eapol Output Details (Continued) Output What It Displays... Authentication State Current EAPOL authentication state for each port. Possible internal states for the authenticator (switch) are: • initialized: A port is in the initialize state when: • • • • • • a. authentication is disabled, b. authentication is enabled and the port is not linked, or c. authentication is enabled and the port is linked.
PAGE 710
Security Configuration Command Set Configuring 802.1X Authentication Table 14-2 show eapol Output Details (Continued) Output What It Displays... Authentication State (Cont’d) • forceAuth: Management is allowing normal, unsecured Authentication Mode Mode enabling network access for each port. Modes include: switching on this port. • forceUnauth: Management is preventing any frames from being forwarded to or from this port.
PAGE 711
Security Configuration Command Set Configuring 802.1X Authentication 14.3.2.8 set eapol Use this command to enable or disable EAPOL port-based user authentication with the RADIUS server and to set the authentication mode for one or more ports. set eapol [enable | disable | auth-mode {auto | forced-authorized | forced-unauthorized} port-string Syntax Description enable | disable Enables or disables EAPOL. auth-mode auto | Specifies the authorization mode as: forced• auto - Auto authorization mode.
PAGE 712
Security Configuration Command Set Configuring MAC Authentication Examples This example shows how to enable EAPOL: Matrix>set eapol enable This example shows how to enable EAPOL with forced unauthorized mode on Fast Ethernet front panel port 1: Matrix>set eapol auth-mode forced-unauthorized fe.0.1 14.3.3 Configuring MAC Authentication Purpose To review, disable, enable and configure MAC authentication.
PAGE 713
Security Configuration Command Set Configuring MAC Authentication • set macauthentication password (Section 14.3.3.4) • set macauthentication port (Section 14.3.3.5) • set macauthentication portinitialize (Section 14.3.3.6) • set macauthentication macinitialize (Section 14.3.3.7) • set macauthentication reauthentication (Section 14.3.3.8) • set macauthentication portreauthenticate (Section 14.3.3.9) • set macauthentication macreauthenticate (Section 14.3.3.
PAGE 714
Security Configuration Command Set Configuring MAC Authentication Example This example shows how to display MAC authentication information for Fast Ethernet front panel ports 1 through 15: Matrix>show macauthentication fe.0.1-15 MAC authentication - disabled MAC user password - NOPASSWORD Port username significant bits - 48 Port ------fe.0.1 fe.0.2 fe.0.3 fe.0.4 fe.0.5 fe.0.6 fe.0.7 fe.0.8 fe.0.9 fe.0.10 fe.0.11 fe.0.12 fe.0.13 fe.0.14 fe.0.
PAGE 715
Security Configuration Command Set Configuring MAC Authentication Table 14-3 show macauthentication Output Details (Continued) Output What It Displays... Port username significant bits Number of significant bits in the MAC addresses to be used starting with the left-most bit of the vendor portion of the MAC address. The significant portion of the MAC address is sent as a user-name credential when the primary attempt to authenticate the full MAC address fails.
PAGE 716
Security Configuration Command Set Configuring MAC Authentication 14.3.3.2 show macauthentication session Use this command to display the active MAC authenticated sessions on one or more ports. show macauthentication session [port-string] Syntax Description port-string (Optional) Displays active MAC authenticated sessions for specific port(s). For a detailed description of possible port-string values, refer to Section 4.1.2. Command Type Switch command. Command Mode Read-Only.
PAGE 717
Security Configuration Command Set Configuring MAC Authentication Table 14-4 show macauthentication session Output Details (Continued) Output What It Displays... Reauth Period Reauthentication period for this port, set using the set macauthentication reauthperiod command described in Section 14.3.3.11. Reauthentications Whether or not reauthentication is enabled or disabled on this port. Set using the set macauthentication reauthentication command described in Section 14.3.3.8. 14.3.3.
PAGE 718
Security Configuration Command Set Configuring MAC Authentication 14.3.3.4 set macauthentication password Use this command to set a MAC authentication password. set macauthentication password password Syntax Description password Specifies a text string MAC authentication password. Command Type Switch command. Command Mode Read-Write. Command Defaults None.
PAGE 719
Security Configuration Command Set Configuring MAC Authentication 14.3.3.5 set macauthentication port Use this command to enable or disable one or more ports for MAC authentication. set macauthentication port {enable | disable}[port-string] NOTE: Enabling port(s) for MAC authentication requires globally enabling MAC authentication on the device as described in Section 14.3.3.3, and then enabling it on a port-by-port basis. By default, MAC authentication is globally disabled and disabled on all ports.
PAGE 720
Security Configuration Command Set Configuring MAC Authentication 14.3.3.6 set macauthentication portinitialize Use this command to force one or more MAC authentication ports to re-initialize and remove any currently active sessions on those ports. set macauthentication portinitialize [port-string] Syntax Description port-string (Optional) Re-initializes specific MAC authentication port(s). For a detailed description of possible port-string values, refer to Section 4.1.2. Command Type Switch command.
PAGE 721
Security Configuration Command Set Configuring MAC Authentication Command Defaults None. Example This example shows how to force the MAC authentication session for address 00-60-97-b5-4c-07 to re-initialize: Matrix>set macauthentication macinitialize 00-60-97-b5-4c-07 14.3.3.8 set macauthentication reauthentication Use this command to enable or disable reauthentication of all currently authenticated MAC addresses on one or more ports.
PAGE 722
Security Configuration Command Set Configuring MAC Authentication 14.3.3.9 set macauthentication portreauthenticate Use this command to force an immediate reauthentication of the currently active sessions on one or more MAC authentication ports. set macauthentication portreauthenticate [port-string] Syntax Description port-string (Optional) Forces reauthentication of specific MAC authentication port(s). For a detailed description of possible port-string values, refer to Section 4.1.2.
PAGE 723
Security Configuration Command Set Configuring MAC Authentication Command Defaults None. Example This example shows how to force the MAC authentication session for address 00-60-97-b5-4c-07 to reauthenticate: Matrix>set macauthentication macreauthenticate 00-60-97-b5-4c-07 14.3.3.11set macauthentication reauthperiod Use this command to set the MAC reauthentication period (in seconds). This is the time lapse between attempts to reauthenticate any current MAC address authenticated to a port.
PAGE 724
Security Configuration Command Set Configuring MAC Authentication 14.3.3.12set macauthentication quietperiod Use this command to set the time (in seconds) following a failed MAC authentication before another attempt can be made through a port. set macauthentication quietperiod time [port-string] Syntax Description time Specifies the number of seconds between reauthentication attempts. Valid values are 1 - 4294967295. Default is 30.
PAGE 725
Security Configuration Command Set Configuring MAC Locking 14.3.4 Configuring MAC Locking Purpose To review, disable, enable and configure MAC locking. This locks a port to one or more MAC addresses, preventing connection of unauthorized devices via the port(s). When source MAC addresses are received on specified ports, the switch discards all subsequent frames not containing the configured source addresses.
PAGE 726
Security Configuration Command Set Configuring MAC Locking • clear maclock autostatic (Section 14.3.4.16) • set maclock trap (Section 14.3.4.17) • clear maclock (Section 14.3.4.18) 14.3.4.1 show maclock Use this command to display the status of MAC locking on one or more ports. show maclock [port-string] Syntax Description port-string (Optional) Displays MAC locking status for specified port(s). For a detailed description of possible port-string values, refer to Section 4.1.2.
PAGE 727
Security Configuration Command Set Configuring MAC Locking Examples This example shows how to display global MAC locking information: Matrix>show maclock MAC Locking is globally enabled. Port Number -------fe.0.1 fe.0.2 fe.0.3 fe.0.4 fe.0.5 fe.0.6 fe.0.7 fe.0.8 fe.0.9 fe.0.10 fe.0.11 fe.0.12 fe.0.13 fe.0.14 fe.0.15 fe.0.
PAGE 728
Security Configuration Command Set Configuring MAC Locking Table 14-5 show maclock Output Details Output What It Displays... Port Number Port designation. For a detailed description of possible port-string values, refer to Section 4.1.2. Port Status Whether MAC locking is enabled or disabled on the port. MAC locking is globally disabled by default. For details on using set maclock commands to enable it on the device and on one or more ports, refer to Section 14.3.4.3 and Section 14.3.4.5.
PAGE 729
Security Configuration Command Set Configuring MAC Locking Syntax Description port-string (Optional) Displays end station information for specified port(s). For a detailed description of possible port-string values, refer to Section 4.1.2. firstarrival | firstarrival port-string (Optional) Displays MAC locking information about end stations first connected to all MAC locked ports, or about those first connected to specific port(s).
PAGE 730
Security Configuration Command Set Configuring MAC Locking This example shows how to display MAC locking information for the end stations connected to Fast Ethernet front panel port 8: Matrix>show maclock stations fe.0.8 Number of stations found: 3 Port Number -----------fe.0.8 fe.0.8 fe.0.
PAGE 731
Security Configuration Command Set Configuring MAC Locking Syntax Description port-string (Optional) Enables MAC locking on specific port(s). For a detailed description of possible port-string values, refer to Section 4.1.2. Command Defaults If port-string is not specified, MAC locking will be enabled on all ports. Command Type Switch command. Command Mode Read-Write. Example This example shows how to enable MAC locking on Fast Ethernet front panel port 3: Matrix>set maclock enable fe.0.3 14.3.4.
PAGE 732
Security Configuration Command Set Configuring MAC Locking Example This example shows how to disable MAC locking on Fast Ethernet front panel port 3: Matrix>set maclock disable fe.0.3 14.3.4.5 set maclock Use this command to create a static MAC address and enable or disable MAC locking for the specific MAC address and port. When created and enabled, this allows only the end station designated by the MAC address to participate in frame relay.
PAGE 733
Security Configuration Command Set Configuring MAC Locking Example This example shows how to create a MAC locking association between MAC address 00-a0-c9-0d-32-11 and Fast Ethernet front panel port 3: Matrix>set maclock 00-a0-c9-0d-32-11 fe.0.3 create 14.3.4.6 set maclock firstarrival Use this command to restrict MAC locking on a port to a maximum number of end station addresses first connected to that port.
PAGE 734
Security Configuration Command Set Configuring MAC Locking 14.3.4.7 set maclock static Use this command to restrict MAC locking on a port to a maximum number of static (management defined) MAC addresses for end stations connected to that port. set maclock static port-string value Syntax Description port-string Specifies the port on which to limit MAC locking. For a detailed description of possible port-string values, refer to Section 4.1.2.
PAGE 735
Security Configuration Command Set Configuring MAC Locking 14.3.4.8 set maclock move Use this command to move all current first arrival MACs to static entries. set maclock move port-string Syntax Description port-string Specifies the port where all current first arrival MACs will be moved to static entries. For a detailed description of possible port-string values, refer to Section 4.1.2. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 736
Security Configuration Command Set Configuring MAC Locking Command Type Switch command. Command Mode Read-Write. Example This example shows how to remove statically locked MACs from Fast Ethernet front panel port 3: Matrix>clear maclock static fe.0.3 14.3.4.10show maclock autostatic Use this command to display the status of the MAC locking autostatic function on one or more ports.
PAGE 737
Security Configuration Command Set Configuring MAC Locking Example This example shows how to display the status of the MAC locking autostatic function.
PAGE 738
Security Configuration Command Set Configuring MAC Locking Syntax Description port-string Specifies the port(s) on which to enable or disable the MAC locking autostatic function. For a detailed description of possible port-string values, refer to Section 4.1.2. enable | disable (Optional) Enables or disables the MAC locking autostatic function. Command Defaults If disable is not specified, the MAC locking autostatic function will be enabled. Command Type Switch command. Command Mode Read-Write.
PAGE 739
Security Configuration Command Set Configuring MAC Locking Syntax Description port-string Specifies the port(s) on which to enable or disable the auto learning function. For a detailed description of possible port-string values, refer to Section 4.1.2. enable | disable (Optional) Enables or disables the auto learning function. Command Defaults If disable is not specified, automatic learning will be enabled. Command Type Switch command. Command Mode Read-Write.
PAGE 740
Security Configuration Command Set Configuring MAC Locking Command Mode Read-Write. Example This example shows how to assign VLAN 3 as the public ingress VLAN for autostatic MAC locking: Matrix>set maclock autostatic publicvlan 3 ingress 14.3.4.14set maclock autostatic publicmac Use this command to set the public MAC address to which all ports communicate when MAC locking autostatic is enabled. set maclock autostatic publicmac mac-address Syntax Description mac-address Specifies a MAC address.
PAGE 741
Security Configuration Command Set Configuring MAC Locking 14.3.4.15set maclock autostatic passthroughmac Use this command to enable a received multicast destination MAC address to be scoped to VLAN egress lists other than that of the VLAN of which it is a member. set autostatic passthroughmac mac-address NOTE: For this command to work properly, both the public ingress and egress VLANs must be configured for autostatic MAC locking and described in Section 14.3.4.
PAGE 742
Security Configuration Command Set Configuring MAC Locking 14.3.4.16clear maclock autostatic Use this command to clear the MAC locking autostatic configuration(s) on one or more ports. clear maclock autostatic [port-string] | [isl port-string | publicmac | publicvlan {egress | ingress} | passthroughmac] Syntax Description isl port-string Resets autolearning of the autostatic public VLAN back to the default state of disabled for one or more ports.; ; or clears the public VLAN ID on specified ports.
PAGE 743
Security Configuration Command Set Configuring MAC Locking 14.3.4.17set maclock trap Use this command to enable or disable MAC lock trap messaging. When enabled, this authorizes the device to send an SNMP trap message if an end station is connected that exceeds the maximum values configured using the set maclock firstarrival and set maclock static commands. Violating MAC addresses are dropped from the device’s routing table.
PAGE 744
Security Configuration Command Set Configuring MAC Locking 14.3.4.18clear maclock Use this command to clear MAC locking from one or more static MAC addresses. clear maclock mac_address port-string Syntax Description mac_address Specifies the MAC address for which the MAC locking will be cleared. port-string Specifies the port on which to clear MAC locking. For a detailed description of possible port-string values, refer to Section 4.1.2. Command Defaults None. Command Type Switch command.
PAGE 745
Security Configuration Command Set Configuring Port Web Authentication (PWA) 14.3.5 Configuring Port Web Authentication (PWA) About PWA PWA provides a way of authenticating a user on a switch port before allowing the user general access to the network. PWA locks down a port a user is attached to until after the user successfully logs in via a web browser and Secure HarbourTM — Enterasys Networks’ web-based security interface — to access the Matrix E1 device.
PAGE 746
Security Configuration Command Set Configuring Port Web Authentication (PWA) • set pwa nameservices (Section 14.3.5.6) • set pwa ipaddress (Section 14.3.5.7) • set pwa protocol (Section 14.3.5.8) • set pwa enhancedmode (Section 14.3.5.9) • set pwa guestname (Section 14.3.5.10) • set pwa guestpassword (Section 14.3.5.11) • set pwa gueststatus (Section 14.3.5.12) • set pwa initialize (Section 14.3.5.13) • set pwa quietperiod (Section 14.3.5.14) • set pwa maxrequests (Section 14.3.5.
PAGE 747
Security Configuration Command Set Configuring Port Web Authentication (PWA) Example This example shows how to display PWA information: Matrix>show pwa PWA Status PWA Hostname PWA IP Address PWA Name Services PWA Protocol PWA Enhanced Mode PWA Logo PWA Guest Name PWA Guest Password PWA Guest Network Status PWA Refresh Time Port ------ge.0.1 ge.0.2 ge.0.3 ge.0.4 ge.0.5 ge.0.
PAGE 748
Security Configuration Command Set Configuring Port Web Authentication (PWA) Table 14-7 show pwa Output Details (Continued) Output What It Displays... PWA Name Services Status of DNS and WINS clients. Default state of disabled can be changed using the set pwa nameservices command as described in Section 14.3.5.6. PWA Protocol Whether PWA protocol is CHAP or PAP. Default setting of PAP can be changed using the set pwa protocol command as described in Section 14.3.5.8.
PAGE 749
Security Configuration Command Set Configuring Port Web Authentication (PWA) Table 14-7 show pwa Output Details (Continued) Output What It Displays... Quiet Period Amount of time a port will be in the held state after a user unsuccessfully attempts to log on to the network. Default value of 60 can be changed using the set pwa quietperiod command as described in Section 14.3.5.14. MaxReq Maximum number of log on attempts allowed before transitioning the port to a held state.
PAGE 750
Security Configuration Command Set Configuring Port Web Authentication (PWA) 14.3.5.3 set pwa hostname Use this command to set a port web authentication host name. This is a URL for accessing the PWA login page. set pwa hostname name Syntax Description name Specifies a name for accessing the PWA login page. Command Defaults None. Command Type Switch command. Command Mode Read-Write. Example This example shows how to set the PWA host name to pwahost: Matrix>set pwa hostname pwahost 14.3.5.
PAGE 751
Security Configuration Command Set Configuring Port Web Authentication (PWA) Command Mode Read-Write. Example This example shows how to hide the Enterasys Networks logo: Matrix>set pwa displaylogo hide 14.3.5.5 set pwa refreshtime Use this command to set the port web authentication screen refresh time. set pwa refreshtime time Syntax Description time Specifies the time interval in seconds at which the PWA screen will refresh. Valid values are 0 - 120. Command Defaults None. Command Type Switch command.
PAGE 752
Security Configuration Command Set Configuring Port Web Authentication (PWA) 14.3.5.6 set pwa nameservices Use this command to enable or disable Domain Name Service (DNS) and Windows Internet Naming Services (WINS) clients. When disabled, the device will not spoof DNS or WINS on an un-authenticated port. set pwa nameservices {enable | disable} Syntax Description enable | disable Enables or disables DNS and WINS. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 753
Security Configuration Command Set Configuring Port Web Authentication (PWA) Command Type Switch command. Command Mode Read-Write. Example This example shows how to set a PWA IP address for 1.2.3.4: Matrix>set pwa ipaddress 1.2.3.4 14.3.5.8 set pwa protocol Use this command to set the port web authentication protocol.
PAGE 754
Security Configuration Command Set Configuring Port Web Authentication (PWA) 14.3.5.9 set pwa enhancedmode Use this command to enable or disable PWA enhanced mode. When enabled, users on unauthenticated PWA ports can type any URL into a browser and be presented the PWA login page on their initial web access. They will also be granted guest networking privileges. NOTE: In order for PWA enhanced mode to operate, PWA port control mode must be set to auto as described in Section 14.3.5.16.
PAGE 755
Security Configuration Command Set Configuring Port Web Authentication (PWA) 14.3.5.10set pwa guestname Use this command to set a guest user name for PWA enhanced mode networking. When enhanced mode is enabled (as described in Section 14.3.5.9), PWA will use this name to grant network access to guests without established login names and passwords. set pwa guestname name Syntax Description name Specifies a guest user name. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 756
Security Configuration Command Set Configuring Port Web Authentication (PWA) Command Mode Read-Write. Example This example shows how to set the PWA guest user password name: Matrix>set pwa guestpassword Guest Password: ********* Retype Guest Password: ********* 14.3.5.12set pwa gueststatus Use this command to enable or disable guest networking for port web authentication. When enhanced mode is enabled (as described in Section 14.3.5.
PAGE 757
Security Configuration Command Set Configuring Port Web Authentication (PWA) 14.3.5.13set pwa initialize Use this command to initialize a PWA port to its default unauthenticated state. set pwa initialize [port-string] Syntax Description port-string (Optional) Initializes specific port(s). For a detailed description of possible port-string values, refer to Section 4.1.2. Command Defaults If port-string is not specified, all ports will be initialized. Command Type Switch command. Command Mode Read-Write.
PAGE 758
Security Configuration Command Set Configuring Port Web Authentication (PWA) Command Type Switch command. Command Mode Read-Write. Example This example shows how to set the PWA quiet period to 30 seconds for Fast Ethernet front panel ports 5-7: Matrix>set pwa quietperiod 30 fe.0.5-7 14.3.5.15set pwa maxrequests Use this command to set the maximum number of log on attempts allowed before transitioning the PWA port to a held state.
PAGE 759
Security Configuration Command Set Configuring Port Web Authentication (PWA) 14.3.5.16set pwa portcontrol Use this command to set the PWA port control mode. set pwa portcontrol {auto | forceauthorized | forceunauthorized | promiscuousauto} [port-string] Syntax Description auto Sets the port to auto mode. In this mode, the port is filtering traffic. Login/Logout screens are available, as is the Secure Harbour IP. Spoofing (ARP, DNS, WINS and DHCP) will respond to requests.
PAGE 760
Security Configuration Command Set Configuring Secure Shell (SSH) Example This example shows how to set the PWA control mode to auto for all ports: Matrix>set pwa portcontrol auto 14.3.6 Configuring Secure Shell (SSH) Purpose To review, enable, disable, and configure the Secure Shell (SSH) protocol. SSH provides a secure, remote connection to the device by permitting or denying access based on IP address, ciphers and MAC algorithms.
PAGE 761
Security Configuration Command Set Configuring Secure Shell (SSH) 14.3.6.1 show ssh Use this command to display the current status and configuration of SSH on the device. show ssh [ciphers] [config admin | oper] [mac] [sessions] Syntax Description ciphers (Optional) Displays server supported ciphers. config admin | oper (Optional) Displays SSH administration (admin) or operational (oper) configuration settings. mac (Optional) Displays all server supported MAC algorithms.
PAGE 762
Security Configuration Command Set Configuring Secure Shell (SSH) This example shows how to display SSH session information, including server and client version numbers, remote login name(s), supported MAC algorithms, authentication keys and encryption cipher: Matrix>show ssh sessions SSH Session: 1 inbound Server Version: SSH-2.0-3.0.4 SSH Secure Shell Username: rw Client Host: 10.0.0.2 Client Version: SSH-1.99-3.1.
PAGE 763
Security Configuration Command Set Configuring Secure Shell (SSH) Example This example shows how to disable SSH: Matrix>set ssh disable 14.3.6.3 ssh Use this command to configure a connection to an SSH server. ssh ipaddr login [port] Syntax Description ipaddr Specifies the IP address of the remote SSH server. login Specifies a login name for the remote SSH server. port (Optional) Specifies the remote SSH server’s TCP listening port. Valid values are 1 - 65535.
PAGE 764
Security Configuration Command Set Configuring Secure Shell (SSH) 14.3.6.4 set ssh ciphers Use this command to set the cipher name(s) used for SSH encryption. set ssh ciphers {all | anycipher | anystdcipher | ciphername} Syntax Description all Specifies that all supported ciphers will be allowed. anycipher Specifies that all server-supported ciphers will be allowed. anystdcipher Specifies that the subset of server and IETF-supported ciphers will be allowed. ciphername Specifies a user-named cipher.
PAGE 765
Security Configuration Command Set Configuring Secure Shell (SSH) 14.3.6.5 clear ssh ciphers Use this command to clear one or more cipher names used for SSH encryption. clear ssh ciphers {all | ciphername} Syntax Description all Resets the cipher name to the default: anycipher ciphername Specifies a user-named cipher to clear. Command Type Switch command. Command Mode Read-Write. Command Defaults None. Example This example shows how to rest SSH cipher names: Matrix>clear ssh cipher all 14.3.6.
PAGE 766
Security Configuration Command Set Configuring Secure Shell (SSH) Command Defaults None. Example This example shows how to set TCP port 4 as the SSH listening port: Matrix>set ssh port 4 14.3.6.7 set ssh mac Use this command to set the MAC algorithms supported by SSH. These algorithms provide integrity checking. set ssh mac {all | anymac | anystdmac | mac_name} Syntax Description all Specifies all server-supported MAC algorithms. anymac Specifies any server-supported MAC algorithms.
PAGE 767
Security Configuration Command Set Configuring Secure Shell (SSH) Example This example shows how to set the SSH MAC algorithm to “hmac md5”: Matrix>set ssh mac hmac-md5 14.3.6.8 clear ssh mac Use this command to clear one or more MAC algorithms supported by SSH. clear ssh mac {all | mac_name} Syntax Description all Specifies that all server-supported MAC algorithms will be cleared. mac_name Specifies a MAC algorithm name to be cleared. Command Type Switch command. Command Mode Read-Write.
PAGE 768
Security Configuration Command Set Configuring Secure Shell (SSH) 14.3.6.9 set ssh rekeyintervalseconds Use this command to set the number of seconds between SSH key exchanges. set ssh rekeyintervalseconds value Syntax Description value Specifies the interval (in seconds) between SSH key exchanges. Valid values are from 0 (which disables re-keying) to 86400. Default is 3600. Command Type Switch command. Command Mode Read-Write. Command Defaults None.
PAGE 769
Security Configuration Command Set Configuring Secure Shell (SSH) Command Mode Read-Write. Command Defaults None. Example This example shows how to set the number of SSH authentication attempts allowed to 1: Matrix>set ssh passwordguesses 1 14.3.6.11set ssh logingracetime Use this command to set the time interval for an SSH client to authenticate. set ssh logingracetime value Syntax Description value Specifies the number of seconds the client will be allowed to authenticate.
PAGE 770
Security Configuration Command Set Configuring Secure Shell (SSH) Syntax Description None. Command Type Switch command. Command Mode Read-Write. Command Defaults None. Example This example shows how to regenerate SSH keys: Matrix>clear ssh keys Generating 1024-bit dsa key pair Key generated. 1024-bit dsa Private key saved to sshdrv:/.ssh2/dsa Public key saved to sshdrv:/.ssh2/dsa.pub Generating 1024-bit rsa key pair Key generated.
PAGE 771
Security Configuration Command Set Configuring Access Lists Command Mode Read-Write. Command Defaults None. Example This example shows how to clear the SSH configuration: Matrix>clear ssh config 14.3.7 Configuring Access Lists Purpose To review and configure security access lists (ACLs), which permit or deny access to routing interfaces based on protocol and source IP address restrictions.
PAGE 772
Security Configuration Command Set Configuring Access Lists Syntax Description access-listnumber (Optional) Displays access list information for a specific access list number. Valid values are between 1 and 199. Command Type Router command. Command Mode Privileged EXEC: Matrix>Router# Command Defaults If number is not specified, the entire table of access lists will be displayed. Example This example shows how to display IP access list number 101.
PAGE 773
Security Configuration Command Set Configuring Access Lists To insert or replace an ACL entry: access-list access-list-number insert | replace entry To move entries within an ACL: access-list access-list-number move destination source1 [source2] NOTE: Valid access-list-numbers for standard ACLs are 1 to 99. For extended ACLs, valid values are 100 to 199. Syntax Description access-listnumber Specifies a standard access list number. Valid values are from 1 to 99.
PAGE 774
Security Configuration Command Set Configuring Access Lists Command Syntax of the “no” Form The “no” form of this command removes the defined access list or entry: no access-list access-list-number [entry] Command Type Router command. Command Mode Global configuration: Matrix>Router(config)# Command Defaults • If insert, replace or move are not specified, the new entry will be appended to the access list. • If source2 is not specified with move, only one entry will be moved.
PAGE 775
Security Configuration Command Set Configuring Access Lists ROUTER: These commands can be executed when the device is in router mode only. For details on how to enable router configuration modes, refer to Section 3.3.3.
PAGE 776
Security Configuration Command Set Configuring Access Lists protocol Specifies an IP protocol for which to deny or permit access. Valid values and their corresponding protocols are: • • • • source ip - Any Internet protocol icmp - Internet Control Message Protocol udp - User Datagram Protocol tcp - Transmission Protocol Specifies the network or host from which the packet will be sent. Valid options for expressing source are: • IP address or range of addresses (A.B.C.
PAGE 777
Security Configuration Command Set Configuring Access Lists operator port (Optional) Applies access rules to TCP or UDP source or destination port numbers. Possible operands include: • • • • lt port - Match only packets with a lower port number. gt port - Match only packets with a greater port number. eq port - Match only packets on a given port number. neq port - Match only packets not on a given port number.
PAGE 778
Security Configuration Command Set Configuring Access Lists Examples This example shows how to define access list 101 to deny ICMP transmissions from any source and for any destination: Matrix>Router(config)#access-list 101 deny ICMP any any This example shows how to define access list 102 to deny TCP packets transmitted from IP source 10.1.2.1 with a port number of 42 to any destination: Matrix>Router(config)#access-list 102 deny TCP host 10.1.2.1 eq 42 any 14.3.7.
PAGE 779
Security Configuration Command Set Configuring Denial of Service Prevention Command Defaults None. Example This example shows how to apply access list 1 for all inbound packets on VLAN 1. Through the definition of access list 1, only packets with destination 192.5.34.0 will be routed. All the packets with other destination received on VLAN 1 are dropped: Matrix>Router(config)#access-list 1 permit 192.5.34.0 0.0.0.
PAGE 780
Security Configuration Command Set Configuring Denial of Service Prevention 14.3.8.1 show HostDos Use this command to display Denial of Service security status and counters. show HostDos ROUTER: This command can be executed when the device is in router mode only. For details on how to enable router configuration modes, refer to Section 3.3.3. NOTE: When fragmented ICMP packets protection is enabled, the Ping of Death counter will not be incremented.
PAGE 781
Security Configuration Command Set Configuring Denial of Service Prevention Example This example shows how to display Denial of Service security status and counters. For details on how to set these parameters, refer to Section 14.3.8.
PAGE 782
Security Configuration Command Set Configuring Denial of Service Prevention Syntax Description land Enables land attack protection and automatically discards illegal frames. fragmicmp Enables fragmented ICMP and Ping of Death packets protection and automatically discards illegal frames. largeicmp size Enables large ICMP packets protection, specifies the packet size above which the protection starts, and automatically discards illegal frames. Valid packet size values are 1 to 65535.
PAGE 783
Security Configuration Command Set Configuring Denial of Service Prevention 14.3.8.3 clear hostdos-counters Use this command to clear Denial of Service security counters. clear hostdos-counters ROUTER: This command can be executed when the device is in router mode only. For details on how to enable router configuration modes, refer to Section 3.3.3. Syntax Description None. Command Type Router command. Command Mode Global configuration: Matrix>Router(config)# Command Defaults None.
PAGE 784
Security Configuration Command Set Configuring Flow Setup Throttling (FST) 14.3.9 Configuring Flow Setup Throttling (FST) About FST Flow Setup Throttling (FST) is a proactive feature designed to mitigate DoS attacks before the virus can wreak havoc on the network. FST directly combats the effects of DoS attacks by limiting the number of new or established flows that can be programmed on any individual switch port.
PAGE 785
Security Configuration Command Set Configuring Flow Setup Throttling (FST) • set flowlimit notification (Section 14.3.9.7) • set flowlimit clearstats (Section 14.3.9.8) 14.3.9.1 show flowlimit Use this command to display flow setup throttling information. show flowlimit [limit] [[port] [port-string]] [[stats] [port-string]] Syntax Description limit (Optional) Displays flow limits and actions. port port-string (Optional) Displays flow limiting port settings for one or all ports.
PAGE 786
Security Configuration Command Set Configuring Flow Setup Throttling (FST) Example This example shows how to display all flow limiting limits and actions: Matrix>show flowlimit limit Flow limit status Flow limit notifications Flow limit shutdown Flow limit notification interval Flow limit maximum flowcount Flow limit table ---------------Limit ---User port limit 1 1 limit 2 0 Server port limit 1 0 limit 2 0 Aggregation port limit 1 0 limit 2 0 Interswitch link limit 1 0 limit 2 0 Unspecified limit 1 0 limi
PAGE 787
Security Configuration Command Set Configuring Flow Setup Throttling (FST) Table 14-8 show flowlimit Output Details (Continued) Output What It Displays... Flow limit shutdown Whether flow limit shut down is enabled or disabled. Default state of disabled can be changed with the set flowlimit shutdown command (Section 14.3.9.6). Flow limit notification interval Interval in seconds at which an SNMP notification will be sent when a specified flow limit is reached.
PAGE 788
Security Configuration Command Set Configuring Flow Setup Throttling (FST) Command Defaults None. Example This example shows how to enable FST on Fast Ethernet front panel ports 1-5: Matrix>set flowlimit fe.0.1-5 enable 14.3.9.3 set flowlimit limit Use this command to set a flow limit and an action for a port user classification. Once configured, this action can be assigned to one or more ports using the set flowlimit class command as described in Section 14.3.9.4.
PAGE 789
Security Configuration Command Set Configuring Flow Setup Throttling (FST) discard | drop | trap | disable Specifies the action to be taken if flow limit is reached as: • Discarding excess flows. This causes a “discard flow” to be created. Packets are accepted to this flow but are discarded (not forwarded anywhere). This allows the flow counters to be updated (and possibly reach a second higher threshold action (for example: trap or disable, as described below). • Dropping excess flows.
PAGE 790
Security Configuration Command Set Configuring Flow Setup Throttling (FST) 14.3.9.4 set flowlimit class Use this command to assign a flow limiting user classification to one or more port(s). Once a classification is assigned, these ports will be subject to the flow limit and action configured with the set flowlimit limit command as described in Section 14.3.9.3.
PAGE 791
Security Configuration Command Set Configuring Flow Setup Throttling (FST) 14.3.9.5 clear flowlimit action Use this command to remove an existing flow limit action. clear flowlimit action {1 | 2}{aggregationport | interswitchlink | serverport | unspecified | userport} {discard | drop | trap | disable}} Syntax Description 1|2 Specifies that action 1 or 2 will be removed. aggregationport | Removes this action configuration from the specified user interswitchlink | classification port type.
PAGE 792
Security Configuration Command Set Configuring Flow Setup Throttling (FST) 14.3.9.6 set flowlimit shutdown Use this command to enable or disable the flow limit shut down function. When enabled, this allows ports configured with a “disable” action to shut down. For information on using the set flowlimit limit command to configure set a disable action on a port, refer to Section 14.3.9.3.
PAGE 793
Security Configuration Command Set Configuring Flow Setup Throttling (FST) 14.3.9.7 set flowlimit notification Use this command to enable or disable flow limit notification, or to set a notification interval. When enabled, this allows ports configured with a “trap” action to send an SNMP trap message when a specified flow limit is reached. For information on using the set flowlimit limit command to configure a trap action on a port, refer to Section 14.3.9.3.
PAGE 794
Security Configuration Command Set Configuring Flow Setup Throttling (FST) Command Mode Read-Write. Command Defaults None. Example This example shows how to reset flow limiting statistics back to default values on Fast Ethernet front panel port 5: Matrix>set flowlimit fe.0.
PAGE 795
Working with Security Configurations Host Access Control Authentication (HACA) 14.4 WORKING WITH SECURITY CONFIGURATIONS 14.4.1 Host Access Control Authentication (HACA) To use HACA, the embedded RADIUS client on the Matrix E1 device must be configured to communicate with the RADIUS server. A RADIUS server must be online and its IP address(es) must be configured with the same password as the RADIUS client. When using the set radius command (Section 14.3.1.
PAGE 796
Working with Security Configurations 802.1X Port Based Network Access Control Overview 14.4.2 802.1X Port Based Network Access Control Overview When using the physical access characteristics of IEEE 802 LAN infrastructures, the 802.1X standard provides a mechanism for administrators to securely authenticate and grant appropriate access to end user devices directly attached to Matrix E1 device ports.
PAGE 797
Working with Security Configurations MAC Authentication Overview 14.4.3.1 Authentication Method Sequence When MAC authentication is enabled on a port, the authentication of a specific MAC address commences immediately following the reception of any frame. The MAC address and a currently stored password for the port are used to perform a Password Authentication Protocol (PAP) authentication with one of the configured RADIUS servers.
PAGE 798
Working with Security Configurations MAC Authentication Overview If this situation, the switch immediately aborts MAC authentication. The 802.1X authentication then proceeds to completion. After the 802.1X login completes, the user has either succeeded and gained entry to the network, or failed and is denied access to the network. After the 802.1X login attempt, no new MAC authentication logins occur on this port until: • A link is toggled. • The user executes an 802.1X logout.
PAGE 799
Working with Security Configurations MAC Authentication Overview Table 14-9 MAC / 802.1X Precedence States (Continued) 802.1X Port Control (EAPOL) MAC Port Control Auto Enabled MAC Authenticated? Default Port Policy Exists? PAP Authorized Policy Exists? Action Yes Yes No • Hybrid authentication (both methods are active). • Frames are forwarded according to default policy. Auto Enabled Yes No No • Hybrid authentication (both methods active). • Frames are forwarded.
PAGE 800
Working with Security Configurations MAC Authentication Overview Table 14-9 802.1X Port Control (EAPOL) MAC / 802.1X Precedence States (Continued) Default Port Policy Exists? PAP Authorized Policy Exists? MAC Port Control MAC Authenticated? Force Unauthorization Enabled Yes Force Unauthorization Enabled Force Unauthorization Enabled Yes No No • MAC performs authentication. • Frames are forwarded. Force Unauthorization Enabled No Yes Don’t Care • MAC performs authentication.
PAGE 801
Working with Security Configurations MAC Authentication Control 14.4.4 MAC Authentication Control This global variable can be enabled or disabled using the set macauthentication command as described in Section 14.3.3.3. If enabled, then • MAC authentication is active on those ports individually enabled using the set macauthentication port command as described in Section 14.3.3.5. • All session and statistic information is reset to defaults. • Any MAC addresses currently locked to ports are unlocked.
PAGE 802
Working with Security Configurations RADIUS Filter-ID Attribute and Dynamic Policy Profile Assignment • To specify the policy profile to assign to the authenticating user (network access authentication): Enterasys:version=1:policy=string where string specifies the policy profile name. Policy profile names are case-sensitive. • To specify a management level (management access authentication): Enterasys:version=1:mgmt=level where level indicates the management level, either ro, rw, or su.
PAGE 803
Index Numerics VRRP 13-85 Auto-negotiation 4-20 802.1D 6-1 802.1Q 7-1 802.1s 6-1 802.1w 6-1 802.
PAGE 804
Index Copying Configuration Files 3-64 Cost area default 13-43 OSPF 13-31, 13-43 Spanning Tree port 6-43, 6-46 D Defaults command 3-10 factory installed 3-1 DHCP/BOOTP Relay 12-25 Discovery protocols (Cisco and Enterasys) 3-68 DNS 11-49 DoS 14-97 DVMRP 13-63 Dynamic Egress 7-23 E EAPOL 14-29 Event Log clearing 11-23 displaying 11-22 F Flash Configuration Files 3-64 Flow Control 4-27 Forbidden VLAN port 7-18 I ICMP 11-53, 12-34 IGMP 10-13 enabling and disabling 10-2 groups 10-7 setting query interval an
PAGE 805
Index O Log in accounts, creating 3-23 attempts before lockout 3-28 password 3-25 Logging Syslog, configuring 11-2 MAC Addresses setting in routing mode 12-19 setting in switch mode 11-41 MAC Algorithms in SSH 14-84 MAC Authentication 14-30 MAC Locking 14-43 Management VLAN 7-41 MD5 Authentication 13-38 Mirroring Ports 4-43 Modem connecting to a 2-4 Multiple Spanning Tree Protocol (MSTP) 6-1 Mutiple Spanning Tree Protocol (MSTP) 6-1 OSPF Area Border Routers (ABRs) 13-40, 13-55 areas, authentication 13-4
PAGE 806
Index Port Web Authentication 14-63 Port(s) assignment scheme 4-1 auto-negotiation and advertised ability 4-20 broadcast suppression 4-70 classification 9-3 counters, reviewing statistics 4-9 duplex mode, setting 4-13 enabling and disabling 4-12 flow control 4-27 grouping considerations 4-50 MAC lock 14-48 mirroring 4-43 priority, configuring 9-4 priority, setting 9-1 speed, setting 4-13 status, reviewing 4-7 thresholds 4-27 traps 4-39 Primary and Secondary Servers function of 14-113 Priority classificatio
PAGE 807
Index SNMP access 5-29 counters 5-7 notification parameters 5-47 security models and levels 5-2 target addresses 5-37, 5-42 target parameters 5-37 trap configuration 5-62 users, groups and communities 5-14 SNTP 11-60 Spanning Tree 6-1 bridge parameters 6-4 enabling 6-9 features 6-2 port parameters 6-36 Rapid Spanning Tree Protocol (RSTP) 6-1 Split Horizon 13-20 Strict Priority (SP) 9-2 Stub Areas 13-42 Syslog Configuration 11-2 System Information displaying basic 3-32 setting basic 3-30 T Technical Suppor
PAGE 808
Index W WebView 1-2, 3-12 Weighted Round Robin (WRR) 9-2 Index-6 Matrix E1 Series (1G58x-09 and 1H582-xx) Configuration Guide