Specifications

ManualsBrandsEnterasys ManualsComputer equipmentEnterasys Matrix DFE-Gold Series

Enterasys Matrix™

DFE-Gold Series

Configuration Guide

Firmware Version 5.35.xx

P/N 9033933-10

Summary of content (1286 pages)

PAGE 1
Enterasys Matrix™ DFE-Gold Series Configuration Guide Firmware Version 5.35.
PAGE 2
PAGE 3
Notice Enterasys Networks reserves the right to make changes in specifications and other information contained in this document and its web site without prior notice. The reader should in all cases consult Enterasys Networks to determine whether any such changes have been made. The hardware, firmware, or software described in this document is subject to change without notice.
PAGE 4
ENTERASYS NETWORKS, INC. FIRMWARE LICENSE AGREEMENT BEFORE OPENING OR UTILIZING THE ENCLOSED PRODUCT, CAREFULLY READ THIS LICENSE AGREEMENT. This document is an agreement (“Agreement”) between the end user (“You”) and Enterasys Networks, Inc.
PAGE 5
3. APPLICABLE LAW. This Agreement shall be interpreted and governed under the laws and in the state and federal courts of the Commonwealth of Massachusetts without regard to its conflicts of laws provisions. You accept the personal jurisdiction and venue of the Commonwealth of Massachusetts courts.
PAGE 6
8. AUDIT RIGHTS. You hereby acknowledge that the intellectual property rights associated with the Program are of critical value to Enterasys and, accordingly, You hereby agree to maintain complete books, records and accounts showing (i) license fees due and paid, and (ii) the use, copying and deployment of the Program.
PAGE 7
Contents Figures ............................................................................................................................................xi Tables............................................................................................................................................ xiii ABOUT THIS GUIDE Using This Guide.......................................................................................................... xvii Structure of This Guide ..............................
PAGE 8
Contents 2.2 2.3 3 PORT CONFIGURATION 3.1 3.2 3.3 3.4 3.5 vi General Configuration Command Set ........................................................... 2-23 2.2.1 Setting User Accounts and Passwords......................................... 2-23 2.2.2 Managing the Management Authentication Notification MIB ........ 2-35 2.2.3 Setting Basic Device Properties.................................................... 2-41 2.2.4 Activating Licensed Features....................................................
PAGE 9
Contents 4 SNMP CONFIGURATION 4.1 4.2 4.3 5 SPANNING TREE CONFIGURATION 5.1 5.2 6 SNMP Configuration Summary ....................................................................... 4-1 4.1.1 SNMPv1 and SNMPv2c.................................................................. 4-1 4.1.2 SNMPv3.......................................................................................... 4-2 4.1.3 About SNMP Security Models and Levels ...................................... 4-2 4.1.
PAGE 10
Contents 7 POLICY CLASSIFICATION CONFIGURATION 7.1 7.2 7.3 8 PORT PRIORITY AND RATE LIMITING CONFIGURATION 8.1 8.2 8.3 9 About IP Multicast Group Management .......................................................... 9-1 IGMP Configuration Summary ........................................................................ 9-2 Process Overview: IGMP Configuration.......................................................... 9-2 IGMP Configuration Command Set.....................................................
PAGE 11
Contents 11 IP CONFIGURATION 11.1 11.2 12 ROUTING PROTOCOL CONFIGURATION 12.1 12.2 13 Process Overview: Internet Protocol (IP) Configuration................................ 11-1 IP Configuration Command Set .................................................................... 11-2 11.2.1 Configuring Routing Interface Settings ......................................... 11-2 11.2.2 Managing Router Configuration Files ......................................... 11-12 11.2.
PAGE 12
Contents 13.3.12 13.3.13 13.3.14 13.3.15 Configuring Access Lists........................................................... 13-150 Configuring Policy-Based Routing ............................................ 13-161 Configuring Denial of Service (DoS) Prevention....................... 13-174 Configuring Flow Setup Throttling (FST) ..................................
PAGE 13
Figures Figure 2-1 2-2 2-3 2-4 2-5 2-6 2-7 2-8 6-1 11-1 Page Sample CLI Default Description ...................................................................................... 2-8 Matrix DFE-Gold Startup Screen................................................................................... 2-13 Performing a Keyword Lookup ...................................................................................... 2-14 Performing a Partial Keyword Lookup......................................................
PAGE 14
Figures xii Matrix DFE-Gold Series Configuration Guide
PAGE 15
Tables Table 2-1 2-2 2-3 2-4 2-5 2-6 2-7 2-8 2-9 2-10 2-11 2-12 2-13 2-14 3-1 3-2 3-3 3-4 3-5 3-6 3-7 3-8 3-9 4-1 4-2 4-3 4-4 4-5 4-6 4-7 4-8 4-9 4-10 4-11 5-1 Page Default Device Settings for Basic Switch Operation ..................................................... 2-1 Default Device Settings for Router Mode Operation .................................................... 2-6 Basic Line Editing Emacs & vi Commands.................................................................
PAGE 16
Tables 6-1 6-2 6-3 6-4 6-5 7-1 7-2 7-3 7-4 7-5 8-1 9-1 10-1 10-2 10-3 10-4 10-5 10-6 10-7 10-8 10-9 10-10 10-11 10-12 10-13 10-14 10-15 10-16 11-1 11-2 11-3 11-4 11-5 11-6 11-7 11-8 11-9 11-10 11-11 11-12 11-13 12-1 12-2 xiv show vlan Output Details .............................................................................................. 6-5 show vlan interface Output Details .............................................................................
PAGE 17
Tables 12-3 12-4 12-5 12-6 13-1 13-2 13-3 13-4 13-5 13-6 13-7 13-8 show ip ospf database Output Details ...................................................................... 12-64 show ip ospf interface Output Details ....................................................................... 12-67 show ip ospf neighbor Output Details ....................................................................... 12-70 show ip ospf virtual links Output Details ........................................................
PAGE 18
Tables xvi Matrix DFE-Gold Series Configuration Guide
PAGE 19
About This Guide Welcome to the Enterasys Networks Matrix DFE-Gold Series Configuration Guide. This manual explains how to access the device’s Command Line Interface (CLI) and how to use it to configure Matrix DFE-Gold Series switch/router devices. Important Notice Depending on the firmware version used in your Matrix Series device, some features described in this document may not be supported. Refer to the Release Notes shipped with your Matrix Series device to determine which features are supported.
PAGE 20
Structure of This Guide STRUCTURE OF THIS GUIDE The guide is organized as follows: Chapter 1, Introduction, provides an overview of the tasks that can be accomplished using the CLI interface, an overview of local management requirements, and information about obtaining technical support.
PAGE 21
Related Documents Chapter 9, IGMP Configuration, describes how to configure Internet Group Management Protocol (IGMP) settings for multicast filtering, including IGMP query count, IGMP report delay and IGMP group status.
PAGE 22
Document Conventions DOCUMENT CONVENTIONS This guide uses the following conventions: bold type Bold type indicates required user input, including command keywords, that must be entered as shown for the command to execute. italic type When used in general text, italic type indicates complete document titles. When used in CLI command syntax, italic type indicates a user-supplied parameter, either required or optional, to be entered after the command keyword(s). n.
PAGE 23
1 Introduction This chapter provides an overview of the Matrix Series’ unique features and functionality, an overview of the tasks that may be accomplished using the CLI interface, an overview of ways to manage the device, and information on how to contact Enterasys Networks for technical support. Important Notice Depending on the Matrix Series firmware version you are using, some features described in this document may not be supported.
PAGE 24
Matrix Series CLI Overview 1.2 MATRIX SERIES CLI OVERVIEW Enterasys Networks’ Matrix Series CLI interface allows you to perform a variety of network management tasks, including the following: • Assign IP address and subnet mask. • Select a default gateway. • Assign a login password to the device for additional security. • Download a new firmware image. • Designate which network management workstations receive SNMP traps from the device. • View device, interface, and RMON statistics.
PAGE 25
Device Management Methods 1.3 DEVICE MANAGEMENT METHODS The Matrix Series device can be managed using the following methods: • Locally using a VT type terminal connected to the console port. • Remotely using a VT type terminal connected through a modem. • Remotely using an SNMP management station. • In-band through a Telnet connection. • In-band using Enterasys Networks’ NetSight® management application. • Remotely using WebView™, Enterasys Networks’ embedded web server application.
PAGE 26
Getting Help Before calling Enterasys Networks, have the following information ready: • Your Enterasys Networks service contract number • A description of the failure • A description of any action(s) already taken to resolve the problem (e.g., changing mode switches, rebooting the unit, etc.) • The serial and revision numbers of all involved Enterasys Networks products in the network • A description of your network environment (layout, cable type, etc.
PAGE 27
2 Startup and General Configuration This chapter describes factory default settings and the Startup and General Configuration set of commands. 2.1 STARTUP AND GENERAL CONFIGURATION SUMMARY At startup, the Matrix Series device is configured with many defaults and standard features. The following sections provide information on how to review and change factory defaults, how to customize basic system settings to adapt to your work environment, and how to prepare to run the device in router mode. 2.1.
PAGE 28
Startup and General Configuration Summary Factory Default Settings Table 2-1 Default Device Settings for Basic Switch Operation (Continued) Device Feature Default Setting Community name Public. Convergence End Points phone detection Disabled globally and on all ports EAPOL Disabled. EAPOL authentication mode When enabled, set to auto for all ports. GARP timer Join timer set to 20 centiseconds; leave timer set to 60 centiseconds; leaveall timer set to 1000 centiseconds. GVRP Globally enabled.
PAGE 29
Startup and General Configuration Summary Factory Default Settings Table 2-1 Default Device Settings for Basic Switch Operation (Continued) Device Feature Default Setting MAC aging time Set to 300 seconds. MAC locking Disabled (globally and on all ports). Management Authentication Notification Enabled MTU discovery protocol Enabled. Passwords Set to an empty string for all default user accounts. User must press ENTER at the password prompt to access CLI. Password aging Disabled.
PAGE 30
Startup and General Configuration Summary Factory Default Settings Table 2-1 Default Device Settings for Basic Switch Operation (Continued) Device Feature Default Setting RADIUS last resort action When the client is enabled, set to Challenge. RADIUS retries When the client is enabled, set to 3. RADIUS timeout When the client is enabled, set to 20 seconds. Rate limiting Disabled (globally and on all ports). SNMP Enabled. SNTP Disabled.
PAGE 31
Startup and General Configuration Summary Factory Default Settings Table 2-1 Default Device Settings for Basic Switch Operation (Continued) Device Feature Default Setting Spanning Tree priority Bridge priority is set to 32768. Spanning Tree topology change trap suppression Enabled. Spanning Tree transmit hold count Set to 3. Spanning Tree version Set to mstp (Multiple Spanning Tree Protocol). SSH Disabled. System baud rate Set to 9600 baud. System contact Set to empty string.
PAGE 32
Startup and General Configuration Summary Factory Default Settings Table 2-2 Default Device Settings for Router Mode Operation Device Feature Default Setting Access groups (IP security) None configured. Access lists (IP security) None configured. Area authentication (OSPF) Disabled. Area default cost (OSPF) Set to 1. Area NSSA (OSPF) None configured. Area range (OSPF) None configured. ARP table No permanent entries configured. ARP timeout Set to 14,400 seconds.
PAGE 33
Startup and General Configuration Summary Factory Default Settings Table 2-2 Default Device Settings for Router Mode Operation (Continued) Device Feature Default Setting IP-directed broadcasts Disabled. IP forward-protocol Enabled with no port specified. IP interfaces Disabled with no IP addresses specified. IRDP Disabled on all interfaces.
PAGE 34
Startup and General Configuration Summary CLI “Command Defaults” Descriptions Table 2-2 Default Device Settings for Router Mode Operation (Continued) Device Feature Default Setting RIP offset No value applied. SNMP Enabled. Split horizon Enabled for RIP packets without poison reverse. Stub area (OSPF) None configured. Telnet Enabled. Telnet port (IP) Set to port number 23. Timers (OSPF) SPF delay set to 5 seconds. SPF holdtime set to 10 seconds. Transmit delay (OSPF) Set to 1 second.
PAGE 35
Startup and General Configuration Summary Using WebView Read-Write access will be able to modify all modifiable parameters in set and show commands, as well as view Read-Only commands. Administrators or Super Users will be allowed all Read-Write and Read-Only privileges, and will be able to modify local user accounts.
PAGE 36
Startup and General Configuration Summary Process Overview: CLI Startup and General Configuration 2.1.5 Process Overview: CLI Startup and General Configuration Use the following steps as a guide to the startup and general configuration process: 1. Starting and navigating the Command Line Interface (CLI) (Section 2.1.6) 2. Configuring the Line Editor (Section 2.1.7) 3. Setting user accounts and passwords (Section 2.2.1) 4. Enabling or disabling of the management authentication notification MIB (Section 2.
PAGE 37
Startup and General Configuration Summary Starting and Navigating the Command Line Interface 2.1.6 2.1.6.1 Starting and Navigating the Command Line Interface Using a Console Port Connection NOTE: By default, the Matrix Series device is configured with three user login accounts: ro for Read-Only access; rw for Read-Write access; and admin for super-user access to all modifiable parameters. The default password is set to a blank string. For information on changing these default settings, refer to Section 2.
PAGE 38
Startup and General Configuration Summary Starting and Navigating the Command Line Interface 2.1.6.3 Logging in with Administratively Configured Account If the device’s default user account settings have been changed, proceed as follows: 1. At the login prompt, enter your administratively-assigned user name and press ENTER. 2. At the Password prompt, enter your password and press ENTER. The notice of authorization and the Matrix prompt displays as shown in Figure 2-2.
PAGE 39
Startup and General Configuration Summary Starting and Navigating the Command Line Interface Figure 2-2 Matrix DFE-Gold Startup Screen login: admin Password: M A T R I X DFE GOLD Command Line Interface Enterasys Networks, Inc. 50 Minuteman Rd. Andover, MA 01810-1008 U.S.A. Phone: +1 978 684 1000 E-mail: support@enterasys.com WWW: http://www.enterasys.com (c) Copyright Enterasys Networks, Inc. 2005 Module Serial Number: 1234567 Module Firmware Revision: 05.11.00 Matrix DFE Gold(su)-> 2.1.6.
PAGE 40
Startup and General Configuration Summary Starting and Navigating the Command Line Interface 2.1.6.7 Performing Keyword Lookups Entering a space and a question mark (?) after a keyword will display all commands beginning with the keyword. Figure 2-3 shows how to perform a keyword lookup for the show snmp command. In this case, 13 additional keywords are used by the show snmp command.
PAGE 41
Startup and General Configuration Summary Starting and Navigating the Command Line Interface NOTE: At the end of the lookup display, the system will repeat the command you entered without the ?. 2.1.6.8 Displaying Scrolling Screens If the CLI screen length has been set using the set length command as described in Section 2.2.3.30, CLI output requiring more than one screen will display --More-- to indicate continuing screens.
PAGE 42
Startup and General Configuration Summary Starting and Navigating the Command Line Interface 2.1.6.9 Abbreviating and Completing Commands The Matrix Series device allows you to abbreviate CLI commands and keywords down to the number of characters that will allow for a unique abbreviation. Figure 2-6 shows how to abbreviate the show netstat command to sh net.
PAGE 43
Startup and General Configuration Summary Configuring the Line Editor 2.1.7 Configuring the Line Editor The command line editor determines which key sequences can be used in the CLI. Example: Ctrl+A will move the cursor to beginning of the command line when in Emacs mode. The CLI supports both vi and Emacs-like line editing commands. By default, the “default” line-editing mode is configured, with no special key sequences. See Table 2-3 lists some commonly used Emacs and vi commands.
PAGE 44
Startup and General Configuration Summary Configuring the Line Editor Table 2-3 Basic Line Editing Emacs & vi Commands (Continued) Key Sequence Emacs Command Ctrl+W Delete word to the left of cursor. Ctrl+Y Restore the most recently deleted item.
PAGE 45
Startup and General Configuration Summary Configuring the Line Editor Key Sequence vi Command d SPACE Delete character dl Delete character dw Delete word dd Delete entire line d$ Delete everything from cursor to end of line D Same as “d$” p Put last deletion after the cursor P Put last deletion before the cursor u Undo last command ~ Toggle case, lower to upper or vice versa Commands The commands used to configure the line-editor are listed below and described in the associated sectio
PAGE 46
Startup and General Configuration Summary Configuring the Line Editor 2.1.7.1 show line-editor Use this command to show current and default line-editor mode and Delete character mode. show line-editor Command Defaults None. Command Type Switch command.
PAGE 47
Startup and General Configuration Summary Configuring the Line Editor 2.1.7.2 set line-editor Use this command to set the current and default line editing mode or the way the Delete character is treated by the line editor. You can also set the persistence of your line editing selections. set line-editor {emacs | vi | default | delete {backspace | delete}} [default] Syntax Description emacs Selects emacs command line editing mode. See Table 2-3 for some commonly used emacs commands.
PAGE 48
Startup and General Configuration Summary Configuring the Line Editor This example sets the default line-editor to emacs mode and sets the selection to persist for future sessions: Matrix(rw)->set line-editor emacs default 2-22 Matrix DFE-Gold Series Configuration Guide
PAGE 49
General Configuration Command Set Setting User Accounts and Passwords 2.2 2.2.1 GENERAL CONFIGURATION COMMAND SET Setting User Accounts and Passwords Purpose To change the device’s default user login and password settings, and to add new user accounts and passwords. Commands The commands used to configure user accounts and passwords are listed below and described in the associated section as shown. • show system login (Section 2.2.1.1) • set system login (Section 2.2.1.
PAGE 50
General Configuration Command Set Setting User Accounts and Passwords 2.2.1.1 show system login Use this command to display user login account information. show system login Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Super User. Example This example shows how to display login account information.
PAGE 51
General Configuration Command Set Setting User Accounts and Passwords Table 2-4 show system login Output Details Output What It Displays... Password history size Number of previously used user login passwords that will be checked for duplication when the set password command is executed. Configured with set system password history (Section 2.2.1.7). Password aging Number of days user passwords will remain valid before aging out. Configured with set system password aging (Section 2.2.1.6).
PAGE 52
General Configuration Command Set Setting User Accounts and Passwords 2.2.1.2 set system login Use this command to create a new user login account, or to disable or enable an existing account. The Matrix Series device supports up to 16 user accounts, including the admin account, which cannot be disabled or deleted. set system login username {super-user | read-write | read-only} {enable | disable} Syntax Description username Specifies a login name for a new or existing user.
PAGE 53
General Configuration Command Set Setting User Accounts and Passwords 2.2.1.3 clear system login Use this command to remove a local login user account. clear system login username Syntax Description username Specifies the login name of the account to be cleared. NOTE: The default admin (su) account cannot be deleted. Command Defaults None. Command Type Switch command. Command Mode Super User.
PAGE 54
General Configuration Command Set Setting User Accounts and Passwords 2.2.1.4 set password Use this command to change system default passwords or to set a new login password on the CLI. set password [username] NOTES: Only users with admin (su) access privileges can change any password on the system. Users with Read-Write (rw) access privileges can change their own passwords, but cannot enter or modify other system passwords. Passwords must be a minimum of 8 characters and a maximum of 40 characters.
PAGE 55
General Configuration Command Set Setting User Accounts and Passwords Examples This example shows how a super-user would change the Read-Write password from the system default (blank string): Matrix(su)->set password rw Please enter new password: ******** Please re-enter new password: ******** Password changed.
PAGE 56
General Configuration Command Set Setting User Accounts and Passwords 2.2.1.5 set system password length Use this command to set the minimum user login password length. set system password length characters Syntax Description characters Specifies the minimum number of characters for a user account password. Valid values are 0 to 40. Command Defaults None. Command Type Switch command. Command Mode Super User.
PAGE 57
General Configuration Command Set Setting User Accounts and Passwords 2.2.1.6 set system password aging Use this command to set the number of days user passwords will remain valid before aging out, or to disable user account password aging. set system password aging {days | disable} Syntax Description days Specifies the number of days user passwords will remain valid before aging out. Valid values are 1 to 365. disable Disables password aging. Command Defaults None. Command Type Switch command.
PAGE 58
General Configuration Command Set Setting User Accounts and Passwords 2.2.1.7 set system password history Use this command to set the number of previously used user login passwords that will be checked for password duplication. This prevents duplicate passwords from being entered into the system with the set password command. set system password history size Syntax Description size Specifies the number of passwords checked for duplication. Valid values are 0 to 10. Command Defaults None.
PAGE 59
General Configuration Command Set Setting User Accounts and Passwords 2.2.1.8 show system lockout Use this command to display settings for locking out users after failed attempts to log in to the system. show system lockout Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Super User. Example This example shows how to display user lockout settings.
PAGE 60
General Configuration Command Set Setting User Accounts and Passwords 2.2.1.9 set system lockout Use this command to set the number of failed login attempts before locking out (disabling) a read-write or read-only user account, and the number of minutes to lockout the default admin super user account after maximum login attempts. Once a user account is locked out, it can only be re-enabled by a super user with the set system login command (Section 2.2.1.2).
PAGE 61
General Configuration Command Set Managing the Management Authentication Notification MIB 2.2.2 Managing the Management Authentication Notification MIB Purpose This MIB provides controls for enabling/disabling the sending of SNMP notifications when a user login authentication event occurs for various management access types. The types of access currently supported by the MIB include console, telnet, ssh, and web.
PAGE 62
General Configuration Command Set Managing the Management Authentication Notification MIB 2.2.2.1 show mgmt-auth-notify Use this command to display the current setting for the Management Authentication Notification MIB. show mgmt-auth-notify Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only. Example This example shows how to display the current information for the Management Authentication Notification.
PAGE 63
General Configuration Command Set Managing the Management Authentication Notification MIB 2.2.2.2 set mgmt-auth-notify Use this command to either enable or disable the Management Authentication Notification MIB. By selecting the optional Management access type, a user can specifically enable or disable a single access type, multiple access types or all of the access types. The default setting is that all Management Authentication Notification types are enabled.
PAGE 64
General Configuration Command Set Managing the Management Authentication Notification MIB Examples This example shows how to set all the authentication types to be disabled on the Management Authentication Notification MIB.
PAGE 65
General Configuration Command Set Managing the Management Authentication Notification MIB 2.2.2.3 clear mgmt-auth-notify Use this command to set the current setting for the Management Authentication Notification access types to the default setting of enabled. clear mgmt-auth-notify NOTE: Ensure that SNMP is correctly configured on the DFE in order to send these notifications. Refer to Chapter 4 for SNMP configuration information. Syntax Description None. Command Defaults None.
PAGE 66
General Configuration Command Set Managing the Management Authentication Notification MIB Example This example displays the state of Management Authentication Notification access types prior to using the clear command, then displays the same information after using the clear command: Matrix(su)->show mgmt-auth-notify Management Type --------------console ssh telnet web Status -------enabled disabled enabled disabled Matrix(su)->clear mgmt-auth-notify Matrix(su)->show mgmt-auth-notify Management Type ----
PAGE 67
General Configuration Command Set Setting Basic Device Properties 2.2.3 Setting Basic Device Properties Purpose To display and set the system IP address and other basic system (device) properties, including time, contact name and alias, physical asset IDs for modules, terminal output, timeout, and version information. Commands The commands used to set basic system information are listed below and described in the associated section as shown. • show ip address (Section 2.2.3.
PAGE 68
General Configuration Command Set Setting Basic Device Properties • set cli completion (Section 2.2.3.20) • loop (Section 2.2.3.21) • show banner motd (Section 2.2.3.22) • set banner motd (Section 2.2.3.23) • clear banner motd (Section 2.2.3.24) • show version (Section 2.2.3.25) • set system name (Section 2.2.3.26) • set system location (Section 2.2.3.27) • set system contact (Section 2.2.3.28) • set width (Section 2.2.3.29) • set length (Section 2.2.3.30) • show logout (Section 2.2.3.
PAGE 69
General Configuration Command Set Setting Basic Device Properties 2.2.3.1 show ip address Use this command to display the system IP address and subnet mask. show ip address Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only. Example This example shows how to display the system IP address and subnet mask: Matrix(rw)->show ip address Name Address ------------------------------host 10.42.13.20 Mask ---------------255.255.0.
PAGE 70
General Configuration Command Set Setting Basic Device Properties 2.2.3.2 set ip address Use this command to set the system IP address, subnet mask and default gateway. set ip address ip-address [mask ip-mask] [gateway ip-gateway] Syntax Description ip-address Sets the IP address for the system. mask ip-mask (Optional) Sets the system’s subnet mask. gateway ip-gateway (Optional) Sets the system’s default gateway (next-hop device).
PAGE 71
General Configuration Command Set Setting Basic Device Properties 2.2.3.3 clear ip address Use this command to clear the system IP address. clear ip address Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 72
General Configuration Command Set Setting Basic Device Properties 2.2.3.4 show ip gratuitous-arp Use this command to display the gratuitous ARP processing behavior. show ip gratuitous-arp Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only. Example This example shows how to display the IP gratuitous-arp process for both requests and replies. Matrix(rw)->show ip gratuitous-arp Processing gratuitous ARP requests and replies.
PAGE 73
General Configuration Command Set Setting Basic Device Properties 2.2.3.5 set ip gratuitous-arp Use this command to control the gratuitous ARP processing behavior. set ip gratuitous-arp [request] [reply] [both]] Syntax Description request Process only gratuitous ARP requests. reply Process only gratuitous ARP replies. both Process both requests and replies. Command Defaults Disabled by default Command Type Switch command. Command Mode Read-Write.
PAGE 74
General Configuration Command Set Setting Basic Device Properties 2.2.3.6 clear ip gratuitous-arp Use this command to stop all gratuitous ARP processing. clear ip gratuitous-arp Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 75
General Configuration Command Set Setting Basic Device Properties 2.2.3.7 show system Use this command to display system information, including contact information, power and fan tray status and uptime. show system Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only.
PAGE 76
General Configuration Command Set Setting Basic Device Properties Table 2-6 show system Output Details Output What It Displays... System contact Contact person for the system. Default of a blank string can be changed with the set system contact command (Section 2.2.3.28). System location Where the system is located. Default of a blank string can be changed with the set system location command (Section 2.2.3.27). System name Name identifying the system.
PAGE 77
General Configuration Command Set Setting Basic Device Properties 2.2.3.8 show system hardware Use this command to display the system’s hardware configuration. show system hardware Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only. Example The example on the following page shows a portion of the information displayed with the show system hardware command.
PAGE 78
General Configuration Command Set Setting Basic Device Properties Matrix(rw)->show system hardware CHASSIS HARDWARE INFORMATION ---------------------------Chassis Type: Chassis Serial Number: Power Supply 1: Power Supply 2: Chassis Fan: Matrix N7 0001a300611b Not Installed Installed & Operating, AC, Not Redundant Installed & Operating SLOT HARDWARE INFORMATION ------------------------SLOT 1 Model: Serial Number: Part Number: Vendor ID: Base MAC Address: Router MAC Address: Hardware Version: Firmware Versi
PAGE 79
General Configuration Command Set Setting Basic Device Properties 2.2.3.9 show system utilization Use this command to display system resource utilization information. show system utilization [cpu | process | storage] [slot slot] Syntax Description cpu | process | storage (Optional) Displays total CPU, individual process, or storage resource utilization only. slot slot (Optional) Displays system resource utilization for a specific module.
PAGE 80
General Configuration Command Set Setting Basic Device Properties ** Output continued from previous page ** Process Utilization: Slot: 1 CPU: 1 Name ProcID 5 sec 1 min 5 min -----------------------------------------------------------CLI 1 0.0% 0.0% 0.0% Chassis Data Synchronization 2 0.0% 0.0% 0.0% Connection Maintenance 3 1.0% 0.5% 0.5% Hardware Maintenece 4 0.0% 0.0% 0.0% Image & Config Management 5 0.0% 0.0% 0.0% Persistent Data Management 6 0.0% 0.0% 0.0% Runtime Diagnostics 7 0.0% 0.0% 0.0% SNMP 8 0.
PAGE 81
General Configuration Command Set Setting Basic Device Properties ** Output continued from previous page ** Name ProcID 5 sec 1 min 5 min -----------------------------------------------------------Switch Web Server 34 1.4% 1.4% 1.4% Router Misc. 35 0.0% 0.0% 0.0% Router Multicast 36 0.0% 0.0% 0.0% Router Control Plane 37 0.0% 0.0% 0.0% Router IP 38 0.0% 0.0% 0.0% Router DHCPS 39 0.0% 0.0% 0.0% Router OSPF 40 0.0% 0.0% 0.0% Router RIP 41 0.0% 0.0% 0.0% Router VRRP 42 0.0% 0.0% 0.0% Router DVMRP 43 0.0% 0.
PAGE 82
General Configuration Command Set Setting Basic Device Properties 2.2.3.10 set system utilization threshold Use this command to set the threshold for sending CPU utilization notification messages. The value range is [1..1000] and represents the % of system utilization to use as the trap threshold. set system utilization threshold threshold Syntax Description threshold Specifies a threshold value (in 1/10 of a percent).Valid range is 1 - 1000. A value of 0 will disable utilization notification messages.
PAGE 83
General Configuration Command Set Setting Basic Device Properties 2.2.3.11 clear system utilization Use this command to clear the threshold for sending CPU utilization notification messages. clear system utilization Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 84
General Configuration Command Set Setting Basic Device Properties 2.2.3.12 show time Use this command to display the current time of day in the system clock. show time Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only. Example This example shows how to display the current time.
PAGE 85
General Configuration Command Set Setting Basic Device Properties 2.2.3.13 set time Use this command to change the time of day on the system clock. set time [mm/dd/yyyy] [hh:mm:ss] Syntax Description [mm/dd/yyyy] [hh:mm:ss] Sets the time in: • month, day, year and/or • 24-hour format At least one set of time parameters must be entered. Command Defaults None. Command Type Switch command. Command Mode Read-Write. Example This example shows how to set the system clock to 7:50 a.
PAGE 86
General Configuration Command Set Setting Basic Device Properties 2.2.3.14 show summertime Use this command to display daylight savings time settings. show summertime Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only.
PAGE 87
General Configuration Command Set Setting Basic Device Properties 2.2.3.15 set summertime Use this command to enable or disable the daylight savings time function. set summertime {enable | disable} [zone] Syntax Description enable | disable Enables or disables the daylight savings time function. zone (Optional) Applies a name to the daylight savings time settings. Command Defaults If a zone name is not specified, none will be applied. Command Type Switch command. Command Mode Read-Write.
PAGE 88
General Configuration Command Set Setting Basic Device Properties 2.2.3.16 set summertime date Use this command to configure specific dates to start and stop daylight savings time. These settings will be non-recurring and will have to be reset annually. set summertime date start_month start_date start_year start_hr_min end_month end_date end_year end_hr_min [offset_minutes] Syntax Description start_month Specifies the month of the year to start daylight savings time.
PAGE 89
General Configuration Command Set Setting Basic Device Properties Example This example shows how to set a daylight savings time start date of April 4, 2004 at 2 a.m. and an ending date of October 31, 2004 at 2 a.m.
PAGE 90
General Configuration Command Set Setting Basic Device Properties 2.2.3.17 set summertime recurring Use this command to configure recurring daylight savings time settings. These settings will start and stop daylight savings time at the specified day of the month and hour each year and will not have to be reset annually.
PAGE 91
General Configuration Command Set Setting Basic Device Properties Example This example shows how set daylight savings time to recur start date of April 4, 2004 at 2 a.m. and an ending date of October 31, 2004 at 2 a.m.
PAGE 92
General Configuration Command Set Setting Basic Device Properties 2.2.3.18 clear summertime Use this command to clear the daylight savings time configuration. clear summertime Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 93
General Configuration Command Set Setting Basic Device Properties 2.2.3.19 set prompt Use this command to modify the command prompt. set prompt “prompt_string” Syntax Description prompt_string Specifies a text string for the command prompt. NOTE: A prompt string containing a space in the text must be enclosed in quotes as shown in the example below. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 94
General Configuration Command Set Setting Basic Device Properties 2.2.3.20 set cli completion Use this command to enable or disable the CLI command completion function. When enabled, this allows you to complete a unique CLI command fragment using the keyboard spacebar. set cli completion {enable | disable} [default] Syntax Description enable | disable Enables or disables the CLI command completion function. default (Optional) Maintains the status for all future sessions.
PAGE 95
General Configuration Command Set Setting Basic Device Properties 2.2.3.21 loop Use this command to execute a command loop. loop count [delay] [-r] Syntax Description count Specifies the number of times to loop. A value of 0 will make the command loop forever. delay (Optional) Specifies the number of seconds to delay between executions. -r (Optional) Refreshes the cursor to the home position on the screen. Command Defaults • If a delay is not specified, none will be set.
PAGE 96
General Configuration Command Set Setting Basic Device Properties 2.2.3.22 show banner motd Use this command to show the banner message of the day that will display at session login. show banner motd Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only. Example This example shows how to display the banner message of the day: Matrix(rw)->show banner motd Not one hundred percent efficient, of course ... but nothing ever is.
PAGE 97
General Configuration Command Set Setting Basic Device Properties 2.2.3.23 set banner motd Use this command to set the banner message of the day displayed at session login. set banner motd message Syntax Description message Specifies a message of the day. This is a text string that can be formatted with tabs (\t) and new line escape (\n) characters. The \t tabs will be converted into 8 spaces in the banner output. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 98
General Configuration Command Set Setting Basic Device Properties 2.2.3.24 clear banner motd Use this command to clear the banner message of the day displayed at session login to a blank string. clear banner motd Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 99
General Configuration Command Set Setting Basic Device Properties 2.2.3.25 show version Use this command to display hardware and firmware information. Refer to Section 2.2.6 for instructions on how to download a firmware image. show version Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only. Example This example shows how to display version information: Matrix(rw)->show version Copyright (c) 2004 by Enterasys Networks, Inc.
PAGE 100
General Configuration Command Set Setting Basic Device Properties Table 2-7 show version Output Details (Continued) Output What It Displays... Serial # Device’s serial number of the device. Versions • Hw: Hardware version number. • Bp: BootPROM version • Fw: Current firmware version number.
PAGE 101
General Configuration Command Set Setting Basic Device Properties 2.2.3.26 set system name Use this command to configure a name for the system. set system name [string] Syntax Description string (Optional) Specifies a text string that identifies the system. NOTE: A name string containing a space in the text must be enclosed in quotes as shown in the example below. Command Defaults If string is not specified, the system name will be cleared. Command Type Switch command. Command Mode Read-Write.
PAGE 102
General Configuration Command Set Setting Basic Device Properties 2.2.3.27 set system location Use this command to identify the location of the system. set system location [string] Syntax Description string (Optional) Specifies a text string that indicates where the system is located. NOTE: A location string containing a space in the text must be enclosed in quotes as shown in the example below. Command Defaults If string is not specified, the location name will be cleared. Command Type Switch command.
PAGE 103
General Configuration Command Set Setting Basic Device Properties 2.2.3.28 set system contact Use this command to identify a contact person for the system. set system contact [string] Syntax Description string (Optional) Specifies a text string that contains the name of the person to contact for system administration. NOTE: A contact string containing a space in the text must be enclosed in quotes as shown in the example below.
PAGE 104
General Configuration Command Set Setting Basic Device Properties 2.2.3.29 set width Use this command to set the number of columns for the terminal connected to the device’s console port. The length of the CLI is set using the set length command as described in Section 2.2.3.30. set width screenwidth Syntax Description screenwidth Sets the number of terminal columns. Valid values are 50 to 150. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 105
General Configuration Command Set Setting Basic Device Properties 2.2.3.30 set length Use this command to set the number of lines the CLI will display. set length screenlength Syntax Description screenlength Sets the number of lines in the CLI display. Valid values are 0, which disables the scrolling screen feature described in Section 2.1.6.8, and from 5 to 512. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 106
General Configuration Command Set Setting Basic Device Properties 2.2.3.31 show logout Use this command to display the time (in seconds) an idle console or Telnet CLI session will remain connected before timing out. show logout Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only. Example This example shows how to display the CLI logout setting: Matrix(rw)->show logout Logout currently set to: 10 minutes.
PAGE 107
General Configuration Command Set Setting Basic Device Properties 2.2.3.32 set logout Use this command to set the time (in minutes) an idle console or Telnet CLI session will remain connected before timing out. set logout timeout Syntax Description timeout Sets the number of minutes the system will remain idle before timing out. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 108
General Configuration Command Set Setting Basic Device Properties 2.2.3.33 show physical alias Use this command to display the alias, a text name, for one or more physical objects. show physical alias [chassis] | [slot slot] | [backplane backplane] | [module module] | [powersupply powersupply] | [powersupply-slot powersupply-slot] | [fan] | [fan-slot] | [port-string port-string] Syntax Description chassis (Optional) Displays the alias set for the chassis.
PAGE 109
General Configuration Command Set Setting Basic Device Properties Example This example shows how to display physical alias information for the chassis.
PAGE 110
General Configuration Command Set Setting Basic Device Properties 2.2.3.34 set physical alias Use this command to set the alias, a text name, for a physical object. set physical alias {[chassis] [slot slot] [backplane backplane] [module module] [powersupply powersupply] [powersupply-slot powersupply-slot] [fan] [fan-slot] [port-string port-string]} [string] Syntax Description chassis Sets an alias for the chassis. slot slot Sets an alias for a specific slot in the chassis.
PAGE 111
General Configuration Command Set Setting Basic Device Properties Example This example shows how to set the alias for the chassis to “chassisone”: Matrix(rw)->set physical alias chassis chassisone Matrix DFE-Gold Series Configuration Guide 2-85
PAGE 112
General Configuration Command Set Setting Basic Device Properties 2.2.3.35 clear physical alias Use this command to reset the alias for a physical object to a zero-length string. clear physical alias {[chassis] [slot slot] [backplane backplane] [module module] [powersupply powersupply] [powersupply-slot powersupply-slot] [fan] [fan-slot] [port-string port-string]} Syntax Description chassis Clears the chassis alias. slot slot Clears and alias for a specific slot.
PAGE 113
General Configuration Command Set Setting Basic Device Properties 2.2.3.36 show physical assetid Use this command to display the asset ID for a module. show physical assetid module module Syntax Description module module Specifies the module for which to display an asset ID. Command Defaults None. Command Type Switch command. Command Mode Read-Only. Example This example shows how to display asset ID information for module 1.
PAGE 114
General Configuration Command Set Setting Basic Device Properties 2.2.3.37 set physical assetid Use this command to set the asset ID for a module. set physical assetid module module string Syntax Description module module Sets an asset ID for a specific module. string Specifies the asset ID. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 115
General Configuration Command Set Setting Basic Device Properties 2.2.3.38 clear physical assetid Use this command to reset the asset ID for a module to a zero-length string. clear physical assetid module module Syntax Description module module Specifies the module for which to clear the asset ID. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 116
General Configuration Command Set Activating Licensed Features 2.2.4 Activating Licensed Features In order to enable advanced features, such as redundant management, routing protocols, and extended ACLs on a Matrix Series device, you must purchase and activate a license key. If you have purchased a license, you can proceed to activate your license as described in this section. If you wish to purchase a license, contact Enterasys Networks Sales.
PAGE 117
General Configuration Command Set Activating Licensed Features 2.2.4.1 set license When an advanced license is available, use this command to activate licensed features. If this is available on your Matrix Series device, a unique license key will display in the show license command output. set license {advanced | redundancy} license-key [slot slot] Syntax Description advanced Activates advanced routing features. redundancy Activates management module redundancy.
PAGE 118
General Configuration Command Set Activating Licensed Features 2.2.4.2 show license When available and activated, use this command to display your license key. show license Syntax Description None. Command Type Switch command. Command Mode Read-Write. Command Defaults None.
PAGE 119
General Configuration Command Set Activating Licensed Features 2.2.4.3 clear license Use this command to clear license key settings. clear license {advanced | redundancy} [slot slot] Syntax Description advanced Clears the advanced routing license setting. redundancy Clears the management module redundancy license setting. slot slot (Optional) Specifies a module from which the license setting will be cleared. Command Type Switch command. Command Mode Read-Write.
PAGE 120
General Configuration Command Set Configuring Power over Ethernet (PoE) 2.2.5 Configuring Power over Ethernet (PoE) Important Notice This section applies only to PoE-equipped Matrix devices. Consult the Installation Guide shipped with your product to determine if it is PoE-equipped.
PAGE 121
General Configuration Command Set Configuring Power over Ethernet (PoE) • set port inlinepower (Section 2.2.5.17) • clear port inlinepower (Section 2.2.5.
PAGE 122
General Configuration Command Set Configuring Power over Ethernet (PoE) 2.2.5.1 show inlinepower Use this command to display device PoE properties. show inlinepower Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only.
PAGE 123
General Configuration Command Set Configuring Power over Ethernet (PoE) Example This example shows how to display device PoE properties.
PAGE 124
General Configuration Command Set Configuring Power over Ethernet (PoE) 2.2.5.2 set inlinepower mode Use this command to set the chassis power allocation mode. set inlinepower mode {auto | manual} Syntax Description auto Assigns automatic mode to chassis power allocation. manual Assigns manual mode to chassis power allocation. This setting allows the values configured with the set inlinepower assigned command (Section 2.2.5.8) to be applied to PoE modules. Command Defaults None.
PAGE 125
General Configuration Command Set Configuring Power over Ethernet (PoE) 2.2.5.3 clear inlinepower mode Use this command to reset chassis power allocation to the default mode of auto. clear inlinepower mode Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 126
General Configuration Command Set Configuring Power over Ethernet (PoE) 2.2.5.4 set inlinepower available Use this command to set the percentage of total power available that a chassis can withdraw from the total power detected. set inlinepower available max-percentage NOTE: If the total power wattage value set with the set inlinepower assigned command (Section 2.2.5.8) is greater that the maximum power percentage specified with this command, a warning will display.
PAGE 127
General Configuration Command Set Configuring Power over Ethernet (PoE) 2.2.5.5 clear inlinepower available Use this command to reset the percentage of the total power available to a chassis to the default value of 100. clear inlinepower available Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 128
General Configuration Command Set Configuring Power over Ethernet (PoE) 2.2.5.6 set inlinepower powertrap Use this command to disable or enable the sending of an SNMP trap message whenever the status of the chassis PoE power supplies or the PoE system redundancy changes. set inlinepower powertrap {disable | enable} Syntax Description disable | enable Disables or enables a chassis power supplies trap messaging. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 129
General Configuration Command Set Configuring Power over Ethernet (PoE) 2.2.5.7 clear inlinepower powertrap Use this command to reset chassis power trap messaging back to the default state of disabled. clear inlinepower powertrap Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 130
General Configuration Command Set Configuring Power over Ethernet (PoE) 2.2.5.8 set inlinepower assigned Use this command to manually assign Power Sourcing Equipment (PSE) power to a module in the chassis. set inlinepower assigned power-value slot-number NOTE: If the total power wattage value set with this command is greater that the maximum power percentage specified with the set inlinepower available command (Section 2.2.5.4), a warning will display.
PAGE 131
General Configuration Command Set Configuring Power over Ethernet (PoE) 2.2.5.9 clear inlinepower assigned Use this command to clear the power value manually assigned to one or more modules. clear inlinepower assigned [slot-number] Syntax Description slot-number (Optional) Clears the power assignment from a specific module. Command Defaults If slot-number is not specified, power value assignments will be cleared from all modules. Command Type Switch command. Command Mode Read-Write.
PAGE 132
General Configuration Command Set Configuring Power over Ethernet (PoE) 2.2.5.10 set inlinepower threshold Use this command to set the PoE usage threshold on a specified module. set inlinepower threshold usage-threshold module-number Syntax Description usage-threshold Specifies a PoE threshold as a percentage of total system power usage. Valid values are 1 - 99. module-number Specifies the module on which to set the PoE threshold. Command Defaults None. Command Type Switch command.
PAGE 133
General Configuration Command Set Configuring Power over Ethernet (PoE) 2.2.5.11 clear inlinepower threshold Use this command to reset the PoE usage threshold on a specified module to the default value of 75 percent. clear inlinepower threshold module-number Syntax Description module-number Specifies the module on which to reset the PoE threshold. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 134
General Configuration Command Set Configuring Power over Ethernet (PoE) 2.2.5.12 set inlinepower management Use this command to set the PoE management mode on a specified module. set inlinepower management {realtime | class} module-number Syntax Description realtime Manages power based on the actual power consumption of the ports. class Manages power based on the IEEE 802.3af definition of the class upper limit, except classes 0 and 4, for which the actual power consumption is used.
PAGE 135
General Configuration Command Set Configuring Power over Ethernet (PoE) 2.2.5.13 clear inlinepower management Use this command to reset the PoE management mode on a specified module back to the default setting of “realtime”. clear inlinepower management module-number Syntax Description module-number Specifies the module on which to reset the PoE management mode. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 136
General Configuration Command Set Configuring Power over Ethernet (PoE) 2.2.5.14 set inlinepower psetrap Use this command to enable or disable the sending of an SNMP trap message for a module whenever the status of its ports changes, or whenever the module’s PoE usage threshold is crossed. The module’s PoE usage threshold must be set using the set inlinepower threshold command as described in Section 2.2.5.10.
PAGE 137
General Configuration Command Set Configuring Power over Ethernet (PoE) 2.2.5.15 clear inlinepower psetrap Use this command to reset PoE trap messaging for a module back to default state of disabled. clear inlinepower psetrap module-number Syntax Description module-number Specifies the module on which to clear PoE trap messaging. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 138
General Configuration Command Set Configuring Power over Ethernet (PoE) 2.2.5.16 show port inlinepower Use this command to display all ports supporting PoE. show port inlinepower [port-string] Syntax Description port-string (Optional) Displays information for specific PoE port(s). Command Defaults If not specified, information for all PoE ports will be displayed. Command Type Switch command. Command Mode Read-Only.
PAGE 139
General Configuration Command Set Configuring Power over Ethernet (PoE) 2.2.5.17 set port inlinepower Use this command to configure PoE parameters on one or more ports. set port inlinepower port-string {[admin {off | auto}] [priority {critical | high | low}] [type type] [powerlimit powerlimit]} Syntax Description port-string Specifies the port(s) on which to configure PoE. admin off | auto Sets the PoE administrative state to off (disabled) or auto (on).
PAGE 140
General Configuration Command Set Configuring Power over Ethernet (PoE) 2.2.5.18 clear port inlinepower Use this command to reset PoE parameters on one or more ports to default values. clear port inlinepower port-string {[admin] [priority] [type] [powerlimit]} Syntax Description port-string Specifies the port(s) on which to reset PoE. admin Resets the PoE administrative state to auto (on). priority Resets the port(s) priority for the PoE allocation algorithm to low.
PAGE 141
General Configuration Command Set Downloading a New Firmware Image 2.2.6 Downloading a New Firmware Image You can upgrade the operational firmware in the Matrix Series device without physically opening the device or being in the same location. There are three ways to download firmware to the device: • Via FTP download. This procedure uses an FTP server connected to the network and downloads the firmware using the FTP protocol. It is the most robust downloading mechanism.
PAGE 142
General Configuration Command Set Downloading a New Firmware Image 2.2.6.1 Downloading from an FTP or TFTP Server To perform an FTP or TFTP download, proceed as follows: 1. If you have not already done so, set the device’s IP address using the set ip address command as detailed in Section 2.2.3.2. 2. Download a new image file using the copy command as detailed in Section 2.2.9.5. You can now set the device to load the new image file at startup using the set boot system command as described in Section 2.
PAGE 143
General Configuration Command Set Downloading a New Firmware Image 3. Type 2. The following baud rate selection screen displays: 1 2 3 4 5 6 7 8 0 - 1200 2400 4800 9600 19200 38400 57600 115200 no change 4. Type 8 to set the device baud rate to 115200. The following message displays: Setting baud rate to 115200, you must change your terminal baud rate. 5. Set the terminal baud rate to 115200 and press ENTER. 6. Type download to start the ZMODEM receive process. 7.
PAGE 144
General Configuration Command Set Reviewing and Selecting a Boot Firmware Image 11.Type boot to reboot the device. The following message indicates the downloaded image booted successfully: [System Image Loader]: boot /flash0/ - Volume is OK Loading myimage... DONE. NOTE: If you reboot without specifying the image to boot with setboot as described above, the device will attempt to load whatever image is currently stored in the bootstring via the set boot system command (Section 2.2.7.2).
PAGE 145
General Configuration Command Set Reviewing and Selecting a Boot Firmware Image 2.2.7.1 show boot system Use this command to display the firmware image the system will load at the next system reset. The system must be reset by software for the new boot image to take effect at startup. If the chassis is powered OFF and then back ON, the current active image will just reload at startup. The dir command, as described in Section 2.2.9.1, displays additional information about boot image files.
PAGE 146
General Configuration Command Set Reviewing and Selecting a Boot Firmware Image 2.2.7.2 set boot system Use this command to set the firmware image the switch loads at startup. This is the image that will be loaded automatically after the system has been reset. Although it is not necessary to choose to reset the system and activate the new boot image immediately, the CLI will prompt you whether or not you want to do so.
PAGE 147
General Configuration Command Set Starting and Configuring Telnet 2.2.8 Starting and Configuring Telnet Purpose To enable or disable Telnet, and to start a Telnet session to a remote host. The Matrix Series device allows a total of four inbound and / or outbound Telnet session to run simultaneously. Commands The commands used to enable, start and configure Telnet are listed below and described in the associated section as shown. • show telnet (Section 2.2.8.1) • set telnet (Section 2.2.8.
PAGE 148
General Configuration Command Set Starting and Configuring Telnet 2.2.8.1 show telnet Use this command to display the status of Telnet on the device. show telnet Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only.
PAGE 149
General Configuration Command Set Starting and Configuring Telnet 2.2.8.2 set telnet Use this command to enable or disable Telnet on the device. set telnet {enable | disable}{inbound | outbound | all} Syntax Description enable | disable Enables or disables Telnet services. inbound | outbound | all Specifies inbound service (the ability to Telnet to this device), outbound service (the ability to Telnet to other devices), or all (both inbound and outbound). Command Defaults None.
PAGE 150
General Configuration Command Set Starting and Configuring Telnet 2.2.8.3 telnet Use this command to start a Telnet connection to a remote host. The Matrix Series device allows a total of four inbound and / or outbound Telnet session to run simultaneously. telnet host [port] Syntax Description host Specifies the name or IP address of the remote host. port (Optional) Specifies the server port number. Command Defaults If not specified, the default port number 23 will be used.
PAGE 151
General Configuration Command Set Starting and Configuring Telnet 2.2.8.4 show router telnet Use this command to display the state of Telnet service to the router. show router telnet Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only.
PAGE 152
General Configuration Command Set Starting and Configuring Telnet 2.2.8.5 set router telnet Use this command to enable or disable Telnet service to the router interface IP address. set router telnet {enable | disable} Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 153
General Configuration Command Set Starting and Configuring Telnet 2.2.8.6 clear router telnet Use this command to reset Telnet service to the router to the default state of disabled. clear router telnet Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 154
General Configuration Command Set Managing Configuration and Image Files 2.2.9 Managing Configuration and Image Files Matrix Series devices provide a single configuration interface which allows you to perform both switch and router configuration with the same command set. The device also provides redundant, distributed copies of each image file in the event that DFE modules are added or removed from the Matrix chassis.
PAGE 155
General Configuration Command Set Managing Configuration and Image Files • dir (Section 2.2.9.1) • show file (Section 2.2.9.2) • show config (Section 2.2.9.3) • configure (Section 2.2.9.4) • copy (Section 2.2.9.5) • delete (Section 2.2.9.6) • script (Section 2.2.9.
PAGE 156
General Configuration Command Set Managing Configuration and Image Files 2.2.9.1 dir Use this command to list files stored in the file system. dir [filename] Syntax Description filename (Optional) Specifies the file name or directory to list. Command Type Switch. Command Mode Read-Only. Command Defaults If filename is not specified, all files in the system will be displayed.
PAGE 157
General Configuration Command Set Managing Configuration and Image Files Matrix(rw)->dir Images: ========================================================= Filename: ets-mtxe7-msi Version: 01.02.00 Size: 3263043 (bytes) Date: MON FEB 24 14:07:08 2003 CheckSum: 6a2398391ba885531f96f19e161b096b Location: slot3, slot4, slot5, slot6 Compatibility: 4H4282-49, 4H4283-49, 4H4203-72 Filename: Version: Size: Date: CheckSum: Location: Compatibility: 01_02_00 (Active) (Boot) 01.03.
PAGE 158
General Configuration Command Set Managing Configuration and Image Files Table 2-8 dir Output Details (Continued) Output What It Displays... Version Firmware version of the image. Size Size of image file in the local file system. Date Date of image file in the local file system. CheckSum MD5 checksum calculated across the entire image file, used for image identity and verification. Location Modules on which this image resides.
PAGE 159
General Configuration Command Set Managing Configuration and Image Files 2.2.9.2 show file Use this command to display the contents of an image or configuration file. show file filename Syntax Description filename Specifies the filename to display. Command Type Switch. Command Mode Read-Only. Command Defaults None. Example This example (an excerpt of the complete output) shows how to display the contents of the sample.
PAGE 160
General Configuration Command Set Managing Configuration and Image Files Matrix(rw)->show file slot4/sample.
PAGE 161
General Configuration Command Set Managing Configuration and Image Files 2.2.9.3 show config Use this command to display the system configuration or write the configuration to a file. show config [all] [facility] [outfile outfile] Syntax Description all (Optional) Displays default and non-default configuration settings. facility (Optional) Displays the configuration for a specific facility. outfile outfile (Optional) Specifies a file in which to store the configuration. Command Type Switch.
PAGE 162
General Configuration Command Set Managing Configuration and Image Files Example This example shows how to display the current non-default device configuration: Matrix(rw)->show config This command shows non-default configurations only. Use 'show config all' to show both default and non-default configurations. ........ .. begin ! # ***** NON-DEFAULT CONFIGURATION ***** ! ! # cli ! # console ! # length ! # logging ! # port set port disable fe.1.2-6 set port duplex fe.1.16 half set port negotiation fe.2.
PAGE 163
General Configuration Command Set Managing Configuration and Image Files 2.2.9.4 configure Use this command to execute a previously downloaded configuration file stored on the device. configure filename [append] Syntax Description filename Specifies the path and file name of the configuration file to execute. append (Optional) Executes the configuration as an appendage to the current configuration.
PAGE 164
General Configuration Command Set Managing Configuration and Image Files 2.2.9.5 copy Use this command to upload or download an image or a CLI configuration file. copy source destination NOTE: The Matrix module to which a configuration file is downloaded must have the same hardware configuration as the Matrix module from which it was uploaded. Syntax Description source Specifies location and name of the source file to copy.
PAGE 165
General Configuration Command Set Managing Configuration and Image Files This example shows how to download a configuration file via TFTP to the slot 3 directory: Matrix(rw)->copy tftp://134.141.89.34/myconfig slot3/myconfig This example shows how to upload a configuration file via Anonymous FTP from the module in slot 3: Matrix(rw)->copy slot3/myconfig ftp://134.141.89.
PAGE 166
General Configuration Command Set Managing Configuration and Image Files 2.2.9.6 delete Use this command to remove an image or a CLI configuration file from the Matrix system. delete filename NOTE: Use the show config command as described in Section 2.2.9.3 to display current image and configuration file names. Syntax Description filename Specifies the local path name to the file. Valid directories are /images and /slotN. Command Type Switch. Command Mode Read-Write. Command Defaults None.
PAGE 167
General Configuration Command Set Managing Configuration and Image Files 2.2.9.7 script Use this command to execute a script file. The script file must first be created on a PC and copied to the Matrix device using the copy command (Section 2.2.9.5) before the script can be executed. The file can contain any number of switch commands, up to a maximum file size of 128 kilobytes. Router commands cannot be included in the file. Scripts cannot be nested within the file.
PAGE 168
General Configuration Command Set Managing Configuration and Image Files When the script command parses the file and performs the command line argument substitution, the commands are converted to the following: set set set set set port port port port port alias fe.1.1 script_set_port vlan fe.1.1 100 modify-egress jumbo enable fe.1.1 disable fe.1.1 lacp port fe.1.1 disabled The converted strings are then executed by the CLI engine and the script command returns.
PAGE 169
General Configuration Command Set Configuring CDP and Cisco Discovery Protocol 2.2.10 Configuring CDP and Cisco Discovery Protocol Purpose To enable and configure the Enterasys (CDP) and Cisco Discovery Protocol. These protocols are used to discover network topology. When enabled, they allow Enterasys and Cisco devices to send periodic PDUs about themselves to neighboring devices.
PAGE 170
General Configuration Command Set Configuring CDP and Cisco Discovery Protocol 2.2.10.1 show neighbors Use this command to display Network Neighbor Discovery information from either CDP or Cisco Discovery Porotocol. show neighbors [port-string] Syntax Description port-string (Optional) Displays Network Neighbor Discovery information for a specific port. For a detailed description of possible port-string values, refer to Section 3.1.1.
PAGE 171
General Configuration Command Set Configuring CDP and Cisco Discovery Protocol 2.2.10.2 show cdp Use this command to display the status of the CDP discovery protocol and message interval on one or more ports. show cdp [port-string] Syntax Description port-string (Optional) Displays CDP status for a specific port. For a detailed description of possible port-string values, refer to Section 3.1.1. Command Defaults If port-string is not specified, all CDP information will be displayed.
PAGE 172
General Configuration Command Set Configuring CDP and Cisco Discovery Protocol Table 2-9 provides an explanation of the command output. Table 2-9 show cdp Output Details Output What It Displays... CDP Global Status Whether CDP is globally auto-enabled, enabled or disabled. The default state of auto-enabled can be reset with the set cdp state command. For details, refer to Section 2.2.10.3. CDP Versions Supported CDP version number(s) supported by the device.
PAGE 173
General Configuration Command Set Configuring CDP and Cisco Discovery Protocol 2.2.10.3 set cdp state Use this command to enable or disable the CDP discovery protocol on one or more ports. set cdp state {auto | disable | enable} [port-string] Syntax Description auto | disable | enable Auto-enables, disables or enables the CDP protocol on the specified port(s). In auto-enable mode, which is the default mode for all ports, a port automatically becomes CDP-enabled upon receiving its first CDP message.
PAGE 174
General Configuration Command Set Configuring CDP and Cisco Discovery Protocol 2.2.10.4 set cdp auth Use this command to set a global CDP authentication code. This value determines a device’s CDP domain. If two or more devices have the same CDP authentication code, they will be entered into each other's CDP neighbor tables. If they have different authentication codes, they are in different domains and will not be entered into each other’s CDP neighbor tables.
PAGE 175
General Configuration Command Set Configuring CDP and Cisco Discovery Protocol 2.2.10.5 set cdp interval Use this command to set the message interval frequency (in seconds) of the CDP discovery protocol. set cdp interval frequency Syntax Description frequency Specifies the transmit frequency of CDP messages in seconds.Valid values are from 5 to 900 seconds. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 176
General Configuration Command Set Configuring CDP and Cisco Discovery Protocol 2.2.10.6 set cdp hold-time Use this command to set the hold time value for CDP discovery protocol configuration messages. set cdp hold-time hold-time Syntax Description hold-time Specifies the hold time value for CDP messages in seconds.Valid values are from 15 to 600. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 177
General Configuration Command Set Configuring CDP and Cisco Discovery Protocol 2.2.10.7 clear cdp Use this command to reset CDP discovery protocol settings to defaults. clear cdp {[state] [port-state port-string] [interval] [hold-time] [auth-code]} Syntax Description state (Optional) Resets the global CDP state to auto-enabled. port-state port-string (Optional) Resets the port state on specific port(s) to auto-enabled. interval (Optional) Resets the message frequency interval to 60 seconds.
PAGE 178
General Configuration Command Set Configuring CDP and Cisco Discovery Protocol 2.2.10.8 show ciscodp Use this command to display global Cisco Discovery Protocol information. show ciscodp Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only. Example This example shows how to display Cisco Discovery Protocol information.
PAGE 179
General Configuration Command Set Configuring CDP and Cisco Discovery Protocol Table 2-10 show ciscodp Output Details Output What It Displays... CiscoDP Whether Cisco Discovery Protocol is disabled or enabled globally. Auto indicates that Cisco DP will be globally enabled only if Cisco DP PDUs are received. Default setting of auto can be changed with the set ciscodp status command as described in Section 2.2.10.10. Timer Number of seconds between Cisco Discovery Protocol PDU transmissions.
PAGE 180
General Configuration Command Set Configuring CDP and Cisco Discovery Protocol 2.2.10.9 show ciscodp port info Use this command to display summary information about the Cisco Discovery Protocol on one or more ports. show ciscodp port info [port-string] Syntax Description port-string (Optional) Displays information about specific port(s). For a detailed description of possible port-string values, refer to Section 3.1.1.
PAGE 181
General Configuration Command Set Configuring CDP and Cisco Discovery Protocol Table 2-11 show port ciscodp info Output Details Output What It Displays... Port Port designation. State Whether CiscoDP is enabled or disabled on this port. Default state of enabled can be changed using the set ciscodp port command (Section 2.2.10.13). VVID Whether a Voice VLAN ID has been set on this port. Default of none can changed using the set ciscodp port command (Section 2.2.10.13).
PAGE 182
General Configuration Command Set Configuring CDP and Cisco Discovery Protocol 2.2.10.10 set ciscodp status Use this command to enable or disable Cisco Discovery Protocol globally on the device. set ciscodp status {auto | enable | disable} Syntax Description auto Globally enable only if CiscoDP PDUs are received enable Globally enables Cisco Discovery Protocol disable Globally disables Cisco Discovery Protocol Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 183
General Configuration Command Set Configuring CDP and Cisco Discovery Protocol 2.2.10.11 set ciscodp timer Use this command to set the number of seconds between Cisco Discovery Protocol PDU transmissions. set ciscodp time time Syntax Description time Specifies the number of seconds between CiscoDP PDU transmissions. Valid values are 5 - 254. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 184
General Configuration Command Set Configuring CDP and Cisco Discovery Protocol 2.2.10.12 set ciscodp holdtime Use this command to set the time to live (TTL) for Cisco Discovery Protocol PDUs. This is the amount of time (in seconds) neighboring devices will hold PDU transmissions from the sending device. set ciscodp holdtime time Syntax Description time Specifies the time to live for CiscoDP PDUs. Valid values are 10 - 255. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 185
General Configuration Command Set Configuring CDP and Cisco Discovery Protocol 2.2.10.13 set ciscodp port Use this command to set the status, voice VLAN, extended trust mode, and CoS priority for untrusted traffic for the Cisco Discovery Protocol on one or more ports. The following points describe how the Cisco DP extended trust settings work on the Matrix device.
PAGE 186
General Configuration Command Set Configuring CDP and Cisco Discovery Protocol Syntax Description status Set the CiscoDP port operational status disable Do not transmit or process CiscoDP PDUs enable Transmit and process CiscoDP PDUs vvid Set the port voice VLAN for CiscoDP PDU transmission Specify the VLAN ID, range 1-4094. none No voice VLAN will be used in CiscoDP PDUs dot1p Instruct attached phone to send 802.
PAGE 187
General Configuration Command Set Configuring CDP and Cisco Discovery Protocol Examples This example shows how to set the Cisco DP port voice VLAN ID to 3 on port fe.1.6 and enable the port operational state: Matrix>set ciscodp port status enable vvid 3 fe.1.6 This example shows how to set the Cisco DP extended trust mode to untrusted on port fe.1.5 and set the CoS priority to 1: Matrix>set ciscodp port trust-ext untrusted cos-ext 1 fe.1.
PAGE 188
General Configuration Command Set Configuring CDP and Cisco Discovery Protocol 2.2.10.14 clear ciscodp Use this command to clear the Cisco Discovery Protocol back to the default values. clear ciscodp { [status | timer | holdtime | port {status | vvid | trust-ext | cos-ext}] } Syntax Description status Clear global CiscoDP enable status to default of auto. timer Clear the time between CiscoDP PDU transmissions to default of 60 seconds.
PAGE 189
General Configuration Command Set Configuring CDP and Cisco Discovery Protocol This example shows how to clear the Cisco DP port status on port fe.1.5: Matrix>clear ciscodp port status fe.1.
PAGE 190
General Configuration Command Set Enabling or Disabling the Path MTU Discovery Protocol 2.2.11 Enabling or Disabling the Path MTU Discovery Protocol Purpose To enable or disable the path MTU (Maximum Transmission Unit) discovery protocol on the device. Because ports with transmission speeds higher than 100 Mbps are capable of transmitting frames up to a maximum of 10,239 bytes, it is necessary to have the path MTU discovery protocol enabled if jumbo frames are allowed in the network.
PAGE 191
General Configuration Command Set Enabling or Disabling the Path MTU Discovery Protocol 2.2.11.1 show mtu Use this command to display the status of the path MTU discovery protocol on the device. show mtu Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only.
PAGE 192
General Configuration Command Set Enabling or Disabling the Path MTU Discovery Protocol 2.2.11.2 set mtu Use this command to disable or re-enable path MTU discovery protocol on the device. set mtu {enable | disable} Syntax Description enable | disable Enables or disables path MTU discovery protocol. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 193
General Configuration Command Set Enabling or Disabling the Path MTU Discovery Protocol 2.2.11.3 clear mtu Use this command to reset the state of the path MTU discovery protocol back to enabled. clear mtu Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 194
General Configuration Command Set Pausing, Clearing and Closing the CLI 2.2.12 Pausing, Clearing and Closing the CLI Purpose To clear the CLI screen or to close your CLI session. Commands The commands used to clear and close the CLI session are listed below and described in the associated sections as shown. • cls (Section 2.2.12.1) • exit | quit (Section 2.2.12.
PAGE 195
General Configuration Command Set Pausing, Clearing and Closing the CLI 2.2.12.1 cls (clear screen) Use this command to clear the screen for the current CLI session. cls Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only.
PAGE 196
General Configuration Command Set Pausing, Clearing and Closing the CLI 2.2.12.2 exit | quit Use either of these commands to leave a CLI session. exit quit NOTE: By default, device timeout occurs after 15 minutes of user inactivity, automatically closing your CLI session. Use the set logout command as described in Section 2.2.3.32 to change this default. When operating in router mode, the exit command jumps to a lower configuration level.
PAGE 197
General Configuration Command Set Resetting the Device 2.2.13 Resetting the Device Purpose To reset one or more device modules, to clear the user-defined switch and router configuration parameters, or to schedule a system reset in order to load a new boot image. Commands The commands used to reset the device and clear the configuration are listed below and described in the associated sections as shown. • show reset (Section 2.2.13.1) • reset (Section 2.2.13.2) • reset at (Section 2.2.13.
PAGE 198
General Configuration Command Set Resetting the Device 2.2.13.1 show reset Use this command to display information about scheduled device resets. show reset Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only. Example This command shows how to display reset information Matrix(rw)->show reset Reset scheduled for Fri Jan 21 2000, 23:00:00 (in 3 days 12 hours 56 minutes 57 seconds).
PAGE 199
General Configuration Command Set Resetting the Device 2.2.13.2 reset Use this command to reset the device without losing any user-defined configuration settings reset {[mod | system] [cancel]} NOTE: A Matrix Series device can also be reset with the RESET button located on its front panel. For information on how to do this, refer to the Matrix Installation Guide shipped with your device. Syntax Description mod Specifies a module to be reset. system Resets the system.
PAGE 200
General Configuration Command Set Resetting the Device 2.2.13.3 reset at Use this command to schedule a system reset at a specific future time. This feature is useful for loading a new boot image. reset at hh:mm [mm/dd] [reason] Syntax Description hh:mm Schedules the hour and minute of the reset (using the 24-hour system). mm/dd (Optional) Schedules the month and day of the reset. reason (Optional) Specifies a reason for the reset.
PAGE 201
General Configuration Command Set Resetting the Device 2.2.13.4 reset in Use this command to schedule a system reset after a specific time. This feature is useful for loading a new boot image. reset in hh:mm [reason] Syntax Description hh:mm Specifies the number of hours and minutes into the future to perform a reset. reason (Optional) Specifies a reason for the reset Command Defaults If a reason is not specified, none will be applied. Command Type Switch command. Command Mode Read-Write.
PAGE 202
General Configuration Command Set Resetting the Device 2.2.13.5 clear config Use this command to clear the user-defined switch and router configuration parameters for one or more modules. Executing clear config on one Matrix module resets that module back to its factory defaults. If that module is in a chassis with other active modules, it will inherit system settings from the system. For a list of factory device default settings, refer to Section 2.1.1.
PAGE 203
General Configuration Command Set Gathering Technical Support Information 2.2.14 Gathering Technical Support Information Purpose To gather common technical support information. Command The command used to display technical support-related information is listed below and described in the associated section as shown. • show support (Section 2.2.14.
PAGE 204
General Configuration Command Set Gathering Technical Support Information 2.2.14.1 show support Use this command to display output for technical support-related commands. show support [filename] Syntax Description filename (Optional) Filename (slotN/name) to save output. Command Defaults The following commands are executed: • show version (Section 2.2.3.25) • show system hardware (Section 2.2.3.8) • show vlan (Section 6.3.1.1) • show vlan static (Section 6.3.1.1) • show logging all (Section 10.2.1.
PAGE 205
General Configuration Command Set Gathering Technical Support Information Example This example shows how to execute the show support command and save the results to slot 1 as a support3.txt file: Matrix(su)->show support slot1/support3.txt Writing output to file.................. Writing 'show config' output..... Writing Message Log output....... Matrix(su)-> There is no display example as the list of commands is quite lengthy.
PAGE 206
Preparing the Device for Router Mode Pre-Routing Configuration Tasks 2.3 PREPARING THE DEVICE FOR ROUTER MODE Important Notice Startup and general configuration of the Matrix Series device must occur from the switch CLI. For details on how to start the device and configure general platform settings, refer to Section 2.1 and Section 2.2.1. Once startup and general device settings are complete, IP configuration and other router-specific commands can be executed when the device is in router mode.
PAGE 207
Preparing the Device for Router Mode Pre-Routing Configuration Tasks Table 2-12 Enabling the Switch for Routing To do this task... Type this command... At this prompt... For details, see... Configure a routing module. set router module Switch: Matrix (rw)-> Section 2.3.2.2 Enable router mode. router module Switch: Matrix (rw)-> Section 2.3.2.4 enable Router: Matrix>Router1> Section 2.3.3 Step 3 Enable router Privileged EXEC mode. configure terminal Router: Matrix>Router1# Section 2.3.
PAGE 208
Preparing the Device for Router Mode Reviewing and Configuring Routing Modules Figure 2-8 Enabling the Switch for Routing Matrix(rw)->set router 1 Matrix(rw)->router 1 Matrix>Router1>enable Matrix>Router1#configure terminal Enter configuration commands: Matrix>Router1(config)#interface vlan 1 Matrix>Router1(config-if(Vlan 1))#ip address 182.127.63.1 255.255.255.0 Matrix>Router1(config-if(Vlan 1))#no shutdown 2.3.
PAGE 209
Preparing the Device for Router Mode Reviewing and Configuring Routing Modules 2.3.2.1 show router Use this command to display which modules are configured for routing. show router Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Write. Example This example shows how to display which modules are configured for routing: Matrix(rw)->show router Module VID IP Address Mask -----------------------------------------------------------RUNNING :: 3 100 168.192.100.
PAGE 210
Preparing the Device for Router Mode Reviewing and Configuring Routing Modules 2.3.2.2 set router Use this command to configure routing on a module. set router module Syntax Description module Specifies the module to configure for routing. In the Matrix DFE-Gold Series chassis and N standalone devices, routing must be configured on module 1. If a redundancy license is available, routing redundancy must be configured on module 2. Command Defaults None. Command Type Switch command.
PAGE 211
Preparing the Device for Router Mode Reviewing and Configuring Routing Modules 2.3.2.3 clear router Use this command to disable routing on a module. clear router module Syntax Description module Specifies the routing module to disable for routing. Entering a value of 0 will disable all modules for routing. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 212
Preparing the Device for Router Mode Reviewing and Configuring Routing Modules 2.3.2.4 router Use this command to enable routing mode on a module. This must be a module previously configured for routing using the set router command as described in Section 2.3.2.2. Routing may be configured on one or two modules. In the Matrix DFE-Gold Series chassis and N standalone devices, routing must be configured on module 1. If a redundancy license is available, routing redundancy must be configured on module 2.
PAGE 213
Preparing the Device for Router Mode Enabling Router Configuration Modes 2.3.3 Enabling Router Configuration Modes The Matrix CLI provides different modes of router operation for issuing a subset of commands from each mode. Table 2-14 describes these modes of operation. NOTE: The command prompts used as examples in Table 2-14 and throughout this guide show switch operation for a user in Read-Write (rw) access mode, and a system where module 1 and VLAN 1 have been configured for routing.
PAGE 214
Preparing the Device for Router Mode Enabling Router Configuration Modes Table 2-14 Router CLI Configuration Modes (Continued) Use this mode... To... Access method... Resulting Prompt... Router Configuration Mode Set IP protocol parameters. Type router and the protocol name (and, for OSPF, the instance ID) from Global or Interface Configuration mode. Matrix>Router1 (config-router)# Key Chain Configuration Mode Set protocol (RIP) authentication key parameters.
PAGE 215
Preparing the Device for Router Mode Enabling Router Configuration Modes Table 2-14 Router CLI Configuration Modes (Continued) Use this mode... To... Access method... Resulting Prompt... Server Load Balancing (SLB) Real Server Configuration Mode Configure an LSNAT real server. Type real and the real server IP address from SLB Server Farm Configuration Mode. Matrix>Router1 (config-slb-real)# Server Load Balancing (SLB) Virtual Server Configuration Mode Configure an LSNAT virtual server.
PAGE 216
Preparing the Device for Router Mode Enabling Router Configuration Modes Table 2-14 Router CLI Configuration Modes (Continued) Use this mode... To... Access method... Resulting Prompt... DHCP Host Configuration Mode Configure DHCP host parameters. Type client-identifier and the identifier, or hardware-address and an address from any DHCP configuration mode. Matrix>Router1 (config-dhcp-host)# NOTE: To jump to a lower configuration mode, type exit at the command prompt.
PAGE 217
3 Port Configuration This chapter describes the Port Configuration set of commands and how to use them. Important Notice CLI examples in this guide illustrate a generic Matrix command prompt and chassis-based / modular port designations. Depending on which Matrix Series device you are using, your default command prompt and output may be different than the examples shown. 3.
PAGE 218
Port Configuration Summary Port String Syntax Used in the CLI 3.1.1 Port String Syntax Used in the CLI Commands requiring a port-string parameter use the following syntax to designate port type, slot location, and port number: port type.slot location.port number Where port type can be: fe for 100-Mbps Ethernet ge for 1-Gbps Ethernet tg for 10-Gbps Ethernet com for COM (console) port host for the host port vlan for vlan interfaces lag for IEEE802.
PAGE 219
Port Configuration Summary Port String Syntax Used in the CLI Examples NOTE: You can use a wildcard (*) to indicate all of an item. For example, fe.3.* would represent all 100Mbps Ethernet (fe) ports in the module in slot 3. This example shows the port-string syntax for specifying the 100-Mbps Ethernet ports 1 through 10 in the module in chassis slot 1. fe.1.1-10 This example shows the port-string syntax for specifying the 1-Gigabit Ethernet port 14 in the module in chassis slot 3. ge.3.
PAGE 220
Port Configuration Summary Port String Syntax Used in the CLI This example shows the port-string syntax for specifying all ports (of any interface type) in all modules in the chassis *.*.
PAGE 221
Process Overview: Port Configuration Port String Syntax Used in the CLI 3.2 PROCESS OVERVIEW: PORT CONFIGURATION Use the following steps as a guide to configuring console and switch ports on the device: 1. Reviewing and setting console port properties (Section 3.3.1) 2. Reviewing switch port status (Section 3.3.2) 3. Disabling / enabling and naming switch ports (Section 3.3.3) 4. Setting switch port speed and duplex mode (Section 3.3.4) 5. Enabling / disabling jumbo frame support (Section 3.3.5) 6.
PAGE 222
Port Configuration Command Set Port String Syntax Used in the CLI 3.3 3.3.1 PORT CONFIGURATION COMMAND SET Setting Console Port Properties Purpose To review and set parameters for one or more of the device’s console ports, including baud rate, auto baud detection, stopbits and parity. Commands The commands used to review and configure console port settings are listed below and described in the associated section as shown. • show console (Section 3.3.1.1) • clear console (Section 3.3.1.
PAGE 223
Port Configuration Command Set Port String Syntax Used in the CLI 3.3.1.1 show console Use this command to display properties set for one or more console ports. show console [port-string] Syntax Description port-string (Optional) Displays properties for specific console port(s) Command Defaults If port-string is not specified, properties for all console ports will be displayed. Command Type Switch command. Command Mode Read-Only.
PAGE 224
Port Configuration Command Set Port String Syntax Used in the CLI 3.3.1.2 clear console Use this command to clear the properties set for one or more console ports. clear console [port-string] Syntax Description port-string (Optional) Clears properties for specific console port(s). Command Defaults If port-string is not specified, properties for all console ports will be cleared. Command Type Switch command. Command Mode Read-Only. Example This example shows how to clear properties for console port com.
PAGE 225
Port Configuration Command Set Port String Syntax Used in the CLI 3.3.1.3 show console baud Use this command to display the baud rate for one or more console ports. show console baud [port-string] Syntax Description port-string (Optional) Displays baud rate for specific console port(s). Command Defaults If port-string is not specified, baud rate for all console ports will be displayed. Command Type Switch command. Command Mode Read-Only.
PAGE 226
Port Configuration Command Set Port String Syntax Used in the CLI 3.3.1.4 set console baud Use this command to set the baud rate for one or more console ports. set console baud rate [port-string] Syntax Description rate Sets the console baud rate. Valid values are: 300, 600, 1200, 2400, 4800, 5760, 9600, 14400, 19200, 38400, and 115200. port-string (Optional) Sets baud rate for specific port(s). Command Defaults If port-string is not specified, baud rate will be set for all console ports.
PAGE 227
Port Configuration Command Set Port String Syntax Used in the CLI 3.3.1.5 clear console baud Use this command to clear the baud rate for one or more console ports. clear console baud [port-string] Syntax Description port-string (Optional) Clears baud rate for specific port(s). Command Defaults If port-string is not specified, baud rate will be cleared for all console ports. Command Type Switch command. Command Mode Read-Write. Example This example shows how to clear the baud rate on console port com.1.
PAGE 228
Port Configuration Command Set Port String Syntax Used in the CLI 3.3.1.6 show console flowcontrol Use this command to display the type of flow control setting for one or more console ports. show console flowcontrol [port-string] Syntax Description port-string (Optional) Displays the flow control setting for specific console port(s). Command Defaults If port-string is not specified, the flow control setting for all console ports will be displayed. Command Type Switch command. Command Mode Read-Only.
PAGE 229
Port Configuration Command Set Port String Syntax Used in the CLI 3.3.1.7 set console flowcontrol Use this command to set the type of flow control for one or more console ports. set console flowcontrol {none | ctsrts | dsrdtr} [port-string] Syntax Description none Disables all hardware flow control. ctsrts Enables CTS/RTS (Clear to Send/Request to Send) hardware flow control. dsrdtr Enables DSR/DTR (Data Set Ready/Data Terminal Ready) hardware flow control.
PAGE 230
Port Configuration Command Set Port String Syntax Used in the CLI 3.3.1.8 clear console flowcontrol Use this command to clear the type of flow control for one or more console ports. clear console flowcontrol [port-string] Syntax Description port-string (Optional) Clears flow control for specific console port(s). Command Defaults If port-string is not specified, flow control will be cleared for all console ports. Command Type Switch command. Command Mode Read-Write.
PAGE 231
Port Configuration Command Set Port String Syntax Used in the CLI 3.3.1.9 show console bits Use this command to display the number of bits per character set for one or more console ports. show console bits [port-string] Syntax Description port-string (Optional) Displays the bits per character setting for specific console port(s). Command Defaults If port-string is not specified, the bits per character setting for all console ports will be displayed. Command Type Switch command. Command Mode Read-Only.
PAGE 232
Port Configuration Command Set Port String Syntax Used in the CLI 3.3.1.10 set console bits Use this command to set the number of bits per character for one or more console ports. set console bits num-bits [port-string] Syntax Description num-bits Specifies the number of bits per character. Valid values are 5, 6, 7, and 8. port-string (Optional) Sets bits per character for specific console port(s). Command Defaults If port-string is not specified, bits per character will be set for all console ports.
PAGE 233
Port Configuration Command Set Port String Syntax Used in the CLI 3.3.1.11 clear console bits Use this command to clear the number of bits per character for one or more console ports. clear console bits [port-string] Syntax Description port-string (Optional) Clears bits per character for specific console port(s). Command Defaults If port-string is not specified, bits per character will be cleared for all console ports. Command Type Switch command. Command Mode Read-Write.
PAGE 234
Port Configuration Command Set Port String Syntax Used in the CLI 3.3.1.12 show console stopbits Use this command to display the console port stop bits per character. show console stopbits [port-string] Syntax Description port-string (Optional) Displays stop bits for specific console port(s). Command Defaults If port-string is not specified, stop bits per character will be displayed for all console ports. Command Type Switch command. Command Mode Read-Write.
PAGE 235
Port Configuration Command Set Port String Syntax Used in the CLI 3.3.1.13 set console stopbits Use this command to set the stop bits per character for one or more console ports. set console stopbits {one | oneandhalf | two} [port-string] Syntax Description one | oneandhalf | two Sets stop bits per character to 1, 1.5 or 2. port-string (Optional) Sets stop bits for specific console port(s). Command Defaults If port-string is not specified, stop bits per character will be set for all console ports.
PAGE 236
Port Configuration Command Set Port String Syntax Used in the CLI 3.3.1.14 clear console stopbits Use this command to clear the stop bits per character for one or more console ports. clear console stopbits [port-string] Syntax Description port-string (Optional) Clears stop bits for specific console port(s). Command Defaults If port-string is not specified, stop bits per character will be cleared for all console ports. Command Type Switch command. Command Mode Read-Write.
PAGE 237
Port Configuration Command Set Port String Syntax Used in the CLI 3.3.1.15 show console parity Use this command to display the type of parity checking set for one or more console ports. show console parity [port-string] Syntax Description port-string (Optional) Displays parity type for specific console port(s). Command Defaults If port-string is not specified, parity type for all console ports will be displayed. Command Type Switch command. Command Mode Read-Only.
PAGE 238
Port Configuration Command Set Port String Syntax Used in the CLI 3.3.1.16 set console parity Use this command to set the parity type for one or more console ports. set console parity {none | odd | even | mark | space} [port-string] Syntax Description none Specifies that no parity checking will be performed. odd Enables odd parity checking. even Enables even parity checking. mark Enables mark parity checking. space Enables space parity checking.
PAGE 239
Port Configuration Command Set Port String Syntax Used in the CLI 3.3.1.17 clear console parity Use this command to clear the parity type for one or more console ports. clear console parity [port-string] Syntax Description port-string (Optional) Clears the parity type for specific console port(s). Command Defaults If port-string is not specified, parity type will be cleared for all console ports. Command Type Switch command. Command Mode Read-Write.
PAGE 240
Port Configuration Command Set Reviewing Port Status 3.3.2 Reviewing Port Status Purpose To display operating status, duplex mode, speed, port type, and statistical information about traffic received and transmitted through one or all switch ports on the device. Commands The commands used to review port status are listed below and described in the associated sections as shown. • show port (Section 3.3.2.1) • show port status (Section 3.3.2.2) • show port counters (Section 3.3.2.
PAGE 241
Port Configuration Command Set Reviewing Port Status 3.3.2.1 show port Use this command to display whether or not one or more ports are enabled for switching. show port [port-string] Syntax Description port-string (Optional) Displays operational status for specific port(s). For a detailed description of possible port-string values, refer to Section 3.1.1. Command Defaults If port-string is not specified, operational status information for all ports will be displayed. Command Type Switch command.
PAGE 242
Port Configuration Command Set Reviewing Port Status 3.3.2.2 show port status Use this command to display operating and admin status, speed, duplex mode and port type for one or more ports on the device. show port status [port-string] [-interesting] Syntax Description port-string (Optional) Displays status for specific port(s). For a detailed description of possible port-string values, refer to Section 3.1.1. -interesting (Optional) Displays only ports with an operational status of up or dormant.
PAGE 243
Port Configuration Command Set Reviewing Port Status Table 3-1 provides an explanation of the command output. Table 3-1 show port status Output Details Output What It Displays... Port Port designation. For a detailed description of possible port-string values, refer to Section 3.1.1. Alias (truncated) Alias configured for the port. For details on using the set port alias command, refer to Section 3.3.3.3. Oper Status Operating status (up or down).
PAGE 244
Port Configuration Command Set Reviewing Port Status 3.3.2.3 show port counters Use this command to display port counter statistics detailing traffic through the device and through all MIB2 network devices. show port counters [port-string] [switch | mib2] Syntax Description port-string (Optional) Displays counter statistics for specific port(s). For a detailed description of possible port-string values, refer to Section 3.1.1. switch | mib2 (Optional) Displays switch or MIB2 statistics.
PAGE 245
Port Configuration Command Set Reviewing Port Status Examples This example shows how to display all counter statistics, including MIB2 network traffic and traffic through the device for fe.3.1: Matrix(rw)->show port counters fe.3.1 Port: fe.3.
PAGE 246
Port Configuration Command Set Reviewing Port Status Table 3-2 provides an explanation of the command output. Table 3-2 show port counters Output Details Output What It Displays... Port Port designation. For a detailed description of possible port-string values, refer to Section 3.1.1. MIB2 Interface MIB2 interface designation. Bridge Port IEEE 802.1D bridge port designation. MIB2 Interface Counters MIB2 network traffic counts 802.
PAGE 247
Port Configuration Command Set Reviewing Port Status 3.3.2.4 show port operstatuscause Use this command to display the causes configured to place operating status to a down or dormant state for one or more ports. show port operstatuscause [port-string] [any] [modifiable][admin] [linkloss] [linkflap] [self] [init] [flowlimit] [policy] [cos] [dot1x] [lag] Syntax Description port-string (Optional) Displays causes for specific port(s).
PAGE 248
Port Configuration Command Set Reviewing Port Status lag (Optional) Displays ports dormant due to Link Aggregation Group (LAG) membership. For more information on configuring LAG, refer to Section 3.3.8. Command Defaults If no options are specified, causes for all ports will be displayed. Command Type Switch command. Command Mode Read-Only. Example This example shows how to display operation status causes for ports ge.1.1 through 6. In this case, port ge.1.
PAGE 249
Port Configuration Command Set Reviewing Port Status 3.3.2.5 clear port operstatuscause Use this command to override the causes configured to place operating status to a down or dormant state for one or more ports. clear port operstatuscause [port-string] [admin] [linkflap] [flowlimit] [policy] [cos][all] Syntax Description port-string (Optional) Overrides causes for specific port(s). For a detailed description of possible port-string values, refer to Section 3.1.1.
PAGE 250
Port Configuration Command Set Disabling / Enabling and Naming Ports 3.3.3 Disabling / Enabling and Naming Ports Purpose To disable and re-enable one or more ports, and to assign an alias to a port. By default, all ports are enabled at device startup. You may want to disable ports for security or to troubleshoot network issues. Commands The commands used to enable and disable ports are listed below and described in the associated section as shown. • set port disable (Section 3.3.3.
PAGE 251
Port Configuration Command Set Disabling / Enabling and Naming Ports 3.3.3.1 set port disable Use this command to administratively disable one or more ports. set port disable port-string Syntax Description port-string Specifies the port(s) to disable. For a detailed description of possible port-string values, refer to Section 3.1.1. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 252
Port Configuration Command Set Disabling / Enabling and Naming Ports 3.3.3.2 set port enable Use this command to administratively enable one or more ports. set port enable port-string Syntax Description port-string Specifies the port(s) to enable. For a detailed description of possible port-string values, refer to Section 3.1.1. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 253
Port Configuration Command Set Disabling / Enabling and Naming Ports 3.3.3.3 show port alias Use this command to display alias name(s assigned to one or more ports. show port alias [port-string] Syntax Description port-string (Optional) Displays alias name(s) for specific port(s). For a detailed description of possible port-string values, refer to Section 3.1.1. Command Defaults If port-string is not specified, aliases for all ports will be displayed. Command Type Switch command.
PAGE 254
Port Configuration Command Set Disabling / Enabling and Naming Ports 3.3.3.4 set port alias Use this command to assign an alias name to a port. set port alias port-string [string] Syntax Description port-string Specifies the port to which an alias will be assigned. For a detailed description of possible port-string values, refer to Section 3.1.1. string (Optional) Assigns a text string name to the port. Command Defaults If string is not specified, the alias assigned to the port will be cleared.
PAGE 255
Port Configuration Command Set Disabling / Enabling and Naming Ports 3.3.3.5 show forcelinkdown Use this command to display the status of the force link down function. show forcelinkdown Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only.
PAGE 256
Port Configuration Command Set Disabling / Enabling and Naming Ports 3.3.3.6 set forcelinkdown Use this command to enable or disable the force link down function. When enabled, this forces ports in the “operstatus down” state to become disabled. set forcelinkdown {enable | disable} Syntax Description enable | disable Enables or disables the force link down function on all ports. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 257
Port Configuration Command Set Disabling / Enabling and Naming Ports 3.3.3.7 clear forcelinkdown Use this command to resets the force link down function to the default state of disabled. clear forcelinkdown Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 258
Port Configuration Command Set Setting Speed and Duplex Mode 3.3.4 Setting Speed and Duplex Mode Purpose To review and set the operational speed in Mbps and the default duplex mode: Half, for half duplex, or Full, for full duplex for one or more ports. NOTE: These settings only take effect on ports that have auto-negotiation disabled. Commands The commands used to review and set port speed and duplex mode are listed below and described in the associated section as shown. • show port speed (Section 3.
PAGE 259
Port Configuration Command Set Setting Speed and Duplex Mode 3.3.4.1 show port speed Use this command to display the default speed setting on one or more ports. show port speed [port-string] Syntax Description port-string (Optional) Displays default speed setting(s) for specific port(s). For a detailed description of possible port-string values, refer to Section 3.1.1. Command Defaults If port-string is not specified, default speed settings for all ports will display. Command Type Switch command.
PAGE 260
Port Configuration Command Set Setting Speed and Duplex Mode 3.3.4.2 set port speed Use this command to set the default speed of one or more ports. This setting only takes effect on ports that have auto-negotiation disabled. set port speed port-string {10 | 100 | 1000} Syntax Description port-string Specifies the port(s) for which to a speed value will be set. For a detailed description of possible port-string values, refer to Section 3.1.1. 10 | 100 | 1000 Specifies the port speed.
PAGE 261
Port Configuration Command Set Setting Speed and Duplex Mode 3.3.4.3 show port duplex Use this command to display the default duplex setting (half or full) for one or more ports. show port duplex [port-string] Syntax Description port-string (Optional) Displays default duplex setting(s) for specific port(s). For a detailed description of possible port-string values, refer to Section 3.1.1. Command Defaults If port-string is not specified, default duplex settings for all ports will be displayed.
PAGE 262
Port Configuration Command Set Setting Speed and Duplex Mode 3.3.4.4 set port duplex Use this command to set the default duplex type for one or more ports. set port duplex port-string {full | half} NOTE: This command will only take effect on ports that have auto-negotiation disabled. Syntax Description port-string Specifies the port(s) for which duplex type will be set. For a detailed description of possible port-string values, refer to Section 3.1.1.
PAGE 263
Port Configuration Command Set Enabling / Disabling Jumbo Frame Support 3.3.5 Enabling / Disabling Jumbo Frame Support Purpose To review, enable, and disable jumbo frame support on one or more ports. This allows Gigabit Ethernet ports to transmit frames up to 10 KB in size. Commands The commands used to review, enable and disable jumbo frame support are listed below and described in the associated section as shown. • show port jumbo (Section 3.3.5.1) • set port jumbo (Section 3.3.5.
PAGE 264
Port Configuration Command Set Enabling / Disabling Jumbo Frame Support 3.3.5.1 show port jumbo Use this command to display the status of jumbo frame support and maximum transmission units (MTU) on one or more ports. show port jumbo [port-string] Syntax Description port-string (Optional) Displays the status of jumbo frame support for specific port(s). For a detailed description of possible port-string values, refer to Section 3.1.1.
PAGE 265
Port Configuration Command Set Enabling / Disabling Jumbo Frame Support 3.3.5.2 set port jumbo Use this command to enable or disable jumbo frame support on one or more ports. set port jumbo {enable | disable} [port-string] NOTE: By default, jumbo frame support is disabled on all ports and path MTU discovery is enabled. When jumbo frame support is enabled, path MTU discovery should not be disabled. For details on setting the path MTU state, refer to Section 2.2.11.2.
PAGE 266
Port Configuration Command Set Enabling / Disabling Jumbo Frame Support 3.3.5.3 clear port jumbo Use this command to reset jumbo frame support status to enabled on one or more ports. clear port jumbo [port-string] Syntax Description port-string (Optional) Specifies the port(s) on which to reset jumbo frame support status to enabled. For a detailed description of possible port-string values, refer to Section 3.1.1.
PAGE 267
Port Configuration Command Set Setting Auto-Negotiation and Advertised Ability 3.3.6 Setting Auto-Negotiation and Advertised Ability Purpose To review, disable or enable auto-negotiation, and to review or set a port’s advertised mode of operation. During auto-negotiation and advertised ability, the port “tells” the device at the other end of the segment what its capabilities and mode of operation are.
PAGE 268
Port Configuration Command Set Setting Auto-Negotiation and Advertised Ability 3.3.6.1 show port negotiation Use this command to display the status of auto-negotiation for one or more ports. show port negotiation [port-string] Syntax Description port-string (Optional) Displays auto-negotiation status for specific port(s). For a detailed description of possible port-string values, refer to Section 3.1.1.
PAGE 269
Port Configuration Command Set Setting Auto-Negotiation and Advertised Ability 3.3.6.2 set port negotiation Use this command to enable or disable auto-negotiation on one or more ports. set port negotiation port-string {enable | disable} Syntax Description port-string Specifies the port(s) for which to enable or disable auto-negotiation. For a detailed description of possible port-string values, refer to Section 3.1.1. enable | disable Enables or disables auto-negotiation. Command Defaults None.
PAGE 270
Port Configuration Command Set Setting Auto-Negotiation and Advertised Ability 3.3.6.3 show port mdix Use this command to display the MDI/MDIX mode on one or more ports. This function detects and adapts to straight through (MDI) or cross-over (MDIX) Ethernet cabling on switch ports. show port mdix [port-string] {all | auto | mdi | mdix} Syntax Description port-string (Optional) Displays mode for specific port(s). For a detailed description of possible port-string values, refer to Section 3.1.1.
PAGE 271
Port Configuration Command Set Setting Auto-Negotiation and Advertised Ability 3.3.6.4 set port mdix Use this command to set MDI/MDIX mode on one or more ports. set port mdix [port-string] {auto | mdi | mdix} Syntax Description port-string (Optional) Sets mode for specific port(s). For a detailed description of possible port-string values, refer to Section 3.1.1. auto Sets port(s) to automatically determine MDI/MDIX. mdi Forces port(s) to MDI configuration.
PAGE 272
Port Configuration Command Set Setting Auto-Negotiation and Advertised Ability 3.3.6.5 clear port mdix Use this command to reset MDIX mode to the default setting of auto on one or more ports. clear port mdix [port-string] Syntax Description port-string (Optional) Resets mode for specific port(s). For a detailed description of possible port-string values, refer to Section 3.1.1. Command Defaults If port-string is not specified, mode will be reset for all ports. Command Type Switch command.
PAGE 273
Port Configuration Command Set Setting Auto-Negotiation and Advertised Ability 3.3.6.6 show port advertise Use this command to display the advertised ability on one or more ports. show port advertise [port-string] Syntax Description port-string (Optional) Displays advertised ability for specific port(s). For a detailed description of possible port-string values, refer to Section 3.1.1. Command Defaults If port-string is not specified, advertised ability for all ports will be displayed.
PAGE 274
Port Configuration Command Set Setting Auto-Negotiation and Advertised Ability Table 3-3 show port advertise Output Details Output What It Displays...
PAGE 275
Port Configuration Command Set Setting Auto-Negotiation and Advertised Ability 3.3.6.7 set port advertise Use this command to enable or disable and to configure the advertised ability on one or more ports. set port advertise port-string [10t] [10tfd] [100tx] [100txfd] [1000x] [1000xfd] [1000t] [1000tfd] [pause] [apause] [spause] [bpause] Syntax Description port-string Specifies the port(s) for which to set advertised ability. For a detailed description of possible port-string values, refer to Section 3.
PAGE 276
Port Configuration Command Set Setting Auto-Negotiation and Advertised Ability Command Mode Read-Write. Example This example shows how to set fe.3.4 to advertise 100BASE-TX full duplex operation: Matrix(rw)->set port advertise fe.3.
PAGE 277
Port Configuration Command Set Setting Auto-Negotiation and Advertised Ability 3.3.6.8 clear port advertise Use this command to reset advertised ability to the default setting on one or more ports. clear port advertise port-string [10t | 10tfd | 100tx | 100txfd | 1000x | 1000txfd | 1000t | 1000tfd | pause | apause | spause | bpause] Syntax Description port-string Specifies port(s) for which advertised ability will be reset. For a detailed description of possible port-string values, refer to Section 3.1.
PAGE 278
Port Configuration Command Set Setting Auto-Negotiation and Advertised Ability Command Defaults If not specified, all modes of advertised ability will be cleared. Command Type Switch command. Command Mode Read-Write. Example This example shows how to reset all advertised ability to default settings on fe.3.4: Matrix(rw)->clear port advertise fe.3.
PAGE 279
Port Configuration Command Set Setting Flow Control 3.3.7 Setting Flow Control Purpose To review, enable or disable port flow control. Flow control is used to manage the transmission between two devices as specified by IEEE 802.3x to prevent receiving ports from being overwhelmed by frames from transmitting devices. Commands The commands used to review and set port flow control are listed below and described in the associated section as shown. • show port flowcontrol (Section 3.3.7.
PAGE 280
Port Configuration Command Set Setting Flow Control 3.3.7.1 show port flowcontrol Use this command to display the flow control state for one or more ports. show port flowcontrol [port-string] Syntax Description port-string (Optional) Displays flow control state for specific port(s). For a detailed description of possible port-string values, refer to Section 3.1.1. Command Defaults If port-string is not specified, flow control information for all ports will be displayed. Command Mode Read-Only.
PAGE 281
Port Configuration Command Set Setting Flow Control Table 3-4 show port flow control Output Details (Continued) Output What It Displays... TX Oper Whether or not the port is operationally enabled or disabled for sending flow control frames. RX Admin Whether or not the port is administratively enabled or disabled for acknowledging received flow control frames. RX Oper Whether or not the port is operationally enabled or disabled for acknowledging received flow control frames.
PAGE 282
Port Configuration Command Set Setting Flow Control 3.3.7.2 set port flowcontrol Use this command to enable or disable flow control settings for one or more ports. set port flowcontrol port-string {receive | send | both}{enable | disable} Syntax Description port-string Specifies port(s) for which to enable or disable flow control. For a detailed description of possible port-string values, refer to Section 3.1.1.
PAGE 283
Port Configuration Command Set Configuring Link Traps and Link Flap Detection 3.3.8 Configuring Link Traps and Link Flap Detection Purpose To disable or re-enable link traps and to configure the link flapping detection function. By default, all ports are enabled to send SNMP trap messages indicating changes in their link status (up or down).
PAGE 284
Port Configuration Command Set Configuring Link Traps and Link Flap Detection 3.3.8.1 show port trap Use this command to display whether the port is enabled for generating an SNMP trap message if its link state changes. show port trap [port-string] Syntax Description port-string (Optional) Displays link trap status for specific port(s). For a detailed description of possible port-string values, refer to Section 3.1.1.
PAGE 285
Port Configuration Command Set Configuring Link Traps and Link Flap Detection 3.3.8.2 set port trap Use this command to enable or disable ports for sending SNMP trap messages when their link status changes. set port trap port-string {enable | disable} Syntax Description port-string Specifies the port(s) for which to enable or disable link trap messages. For a detailed description of possible port-string values, refer to Section 3.1.1. enable | disable Enables or disables link traps.
PAGE 286
Port Configuration Command Set Configuring Link Traps and Link Flap Detection 3.3.8.3 show linkflap Use this command to display link flap detection state and configuration information.
PAGE 287
Port Configuration Command Set Configuring Link Traps and Link Flap Detection violations Displays the number of link flap violations since the last reset. port-string (Optional) Displays information for specific port(s). For a detailed description of possible port-string values, refer to Section 3.1.1. Command Defaults • If not specified, information about all link flap detection settings will be displayed. • If port-string is not specified, information for all ports will be displayed.
PAGE 288
Port Configuration Command Set Configuring Link Traps and Link Flap Detection Table 3-5 provides an explanation of the show linkflap parameters command output. Table 3-5 show linkflap parameters Output Details Output What It Displays... Port Port designation. For a detailed description of possible port-string values, refer to Section 3.1.1. LF Status Link flap enabled state. Actions Actions to be taken if the port violates allowed link flap behavior.
PAGE 289
Port Configuration Command Set Configuring Link Traps and Link Flap Detection Table 3-6 show linkflap metrics Output Details (Continued) Output What It Displays... TimeElapsed Time (in seconds) since the last link down event. Violations Number of link flap violations on listed ports since system start.
PAGE 290
Port Configuration Command Set Configuring Link Traps and Link Flap Detection 3.3.8.4 set linkflap globalstate Use this command to globally enable or disable the link flap detection function. By default, the function is disabled globally and on all ports. If disabled globally after per-port settings have been configured using the commands later in this chapter, per-port settings will be retained.
PAGE 291
Port Configuration Command Set Configuring Link Traps and Link Flap Detection 3.3.8.5 set linkflap Use this command to enable or disable link flap monitoring on one or more ports. set linkflap portstate {disable | enable} [port-string] Syntax Description disable | enable Disables or enables the link flap detection function. port-string (Optional) Specifies the port(s) on which to disable or enable monitoring. For a detailed description of possible port-string values, refer to Section 3.1.1.
PAGE 292
Port Configuration Command Set Configuring Link Traps and Link Flap Detection 3.3.8.6 set linkflap interval Use this command to set the time interval (in seconds) for accumulating link down transitions. set linkflap interval port-string interval_value Syntax Description port-string Specifies the port(s) on which to set the link flap interval. For a detailed description of possible port-string values, refer to Section 3.1.1. interval_value Specifies an interval in seconds.
PAGE 293
Port Configuration Command Set Configuring Link Traps and Link Flap Detection 3.3.8.7 set linkflap action Use this command to set reactions to a link flap violation. set linkflap action port-string {disableInterface | gensyslogentry | gentrap | all} Syntax Description port-string Specifies the port(s) on which to set the link flap action. For a detailed description of possible port-string values, refer to Section 3.1.1.
PAGE 294
Port Configuration Command Set Configuring Link Traps and Link Flap Detection 3.3.8.8 clear linkflap action Use this command to clear reactions to a link flap violation. clear linkflap action [port-string} {disableInterface | gensyslogentry | gentrap | all} Syntax Description port-string (Optional) Specifies the port(s) on which to clear the link flap action. For a detailed description of possible port-string values, refer to Section 3.1.1.
PAGE 295
Port Configuration Command Set Configuring Link Traps and Link Flap Detection 3.3.8.9 set linkflap threshold Use this command to set the link flap action trigger count. set linkflap threshold port-string threshold_value Syntax Description port-string Specifies the port(s) on which to set the link flap action trigger count. For a detailed description of possible port-string values, refer to Section 3.1.1.
PAGE 296
Port Configuration Command Set Configuring Link Traps and Link Flap Detection 3.3.8.10 set linkflap downtime Use this command to set the time interval (in seconds) one or more ports will be held down after a link flap violation. set linkflap downtime port-string downtime_value Syntax Description port-string Specifies the port(s) on which to set the link flap downtime. For a detailed description of possible port-string values, refer to Section 3.1.1. downtime_value Specifies a downtime in seconds.
PAGE 297
Port Configuration Command Set Configuring Link Traps and Link Flap Detection 3.3.8.11 clear linkflap down Use this command to toggle link flap disabled ports to operational. clear linkflap down [port-string] Syntax Description port-string Specifies the port(s) to make operational. For a detailed description of possible port-string values, refer to Section 3.1.1. Command Defaults If port-string is not specified, all ports disabled by a link flap violation will be made operational.
PAGE 298
Port Configuration Command Set Configuring Link Traps and Link Flap Detection 3.3.8.12 clear linkflap Use this command to clear all link flap options and / or statistics on one or more ports. clear linkflap {all | stats [port-string] | parameter port-string {threshold | interval | downtime | all} Syntax Description all | stats Clears all options and statistics, or clears only statistics. parameter Clears link flap parameters.
PAGE 299
Port Configuration Command Set Configuring Broadcast Suppression 3.3.9 Configuring Broadcast Suppression Purpose To review, disable or set the broadcast thresholds on one or more ports. This limits the amount of received broadcast frames that the specified port will be allowed to switch out to other ports. Broadcast suppression protects against broadcast storms, leaving more bandwidth available for critical data.
PAGE 300
Port Configuration Command Set Configuring Broadcast Suppression 3.3.9.1 show port broadcast Use this command to display port broadcast suppression information for one or more ports. show port broadcast [port-string] Syntax Description port-string (Optional) Displays broadcast status for specific port(s). For a detailed description of possible port-string values, refer to Section 3.1.1. Command Defaults If port-string is not specified, broadcast status of all ports will be displayed.
PAGE 301
Port Configuration Command Set Configuring Broadcast Suppression Table 3-7 show port broadcast Output Details (Continued) Output What It Displays... Peak Rate (pkts/s) Peak rate of broadcast transmission received on this port in packets per second. Peak Rate Time (ddd:hh:mm:ss) Time (in day, hours, minutes and seconds) the peak rate was reached on this port.
PAGE 302
Port Configuration Command Set Configuring Broadcast Suppression 3.3.9.2 set port broadcast Use this command to set the broadcast suppression limit, in packets per second, on one or more ports. This sets a threshold on the broadcast traffic that is received and switched out to other ports. set port broadcast port-string threshold-val Syntax Description port-string Specifies the port(s) for which to set broadcast suppression. For a detailed description of possible port-string values, refer to Section 3.
PAGE 303
Port Configuration Command Set Configuring Broadcast Suppression 3.3.9.3 clear port broadcast Use this command to reset the broadcast threshold and/or clear the peak rate and peak time values on one or switch more ports. clear port broadcast port-string [threshold] [peak] Syntax Description port-string Specifies the port(s) on which broadcast settings will be cleared. For a detailed description of possible port-string values, refer to Section 3.1.1.
PAGE 304
Overview: Port Mirroring Configuring Broadcast Suppression 3.4 OVERVIEW: PORT MIRRORING CAUTION: Port mirroring configuration should be performed only by personnel who are knowledgeable about the effects of port mirroring and its impact on network operation. The Matrix device allows you to mirror (or redirect) the traffic being switched on a port for the purposes of network traffic analysis and connection assurance.
PAGE 305
Overview: Port Mirroring Configuring Broadcast Suppression 3.4.3.1 show port mirroring Use this command to display the source and target ports for mirroring, and whether mirroring is currently enabled or disabled for those ports. show port mirroring Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only. Example This example shows how to display port mirroring information. In this case, fe.1.4 is configured as a source port and fe.1.
PAGE 306
Overview: Port Mirroring Configuring Broadcast Suppression 3.4.3.2 set port mirroring Use this command to create a new mirroring relationship or to enable or disable an existing mirroring relationship between two ports. set port mirroring {create | disable | enable} | igmp-mcast {enable | disable}source destination [both | rx | tx] Syntax Description create | disable | enable Creates, disables or enables mirroring settings on the specified ports.
PAGE 307
Overview: Port Mirroring Configuring Broadcast Suppression 3.4.3.3 clear port mirroring Use this command to clear a port mirroring relationship. clear port mirroring {igmp-mcast | source destination} Syntax Description igmp-mcast Clears IGMP multicast mirroring. source Specifies the source port of the mirroring configuration to be cleared. For a detailed description of possible port-string values, refer to Section 3.1.1.
PAGE 308
Overview: Link Aggregation Control Protocol (LACP) Configuring Broadcast Suppression 3.5 OVERVIEW: LINK AGGREGATION CONTROL PROTOCOL (LACP) CAUTION: Link aggregation configuration should only be performed by personnel who are knowledgeable about Spanning Tree and Link Aggregation, and fully understand the ramifications of modifications beyond device defaults. Otherwise, the proper operation of the network could be at risk.
PAGE 309
Overview: Link Aggregation Control Protocol (LACP) LACP Operation 3.5.1 LACP Operation For each aggregatable port in the device, LACP: • Maintains configuration information (reflecting the inherent properties of the individual links as well as those established by management) to control aggregation. • Exchanges configuration information with other devices to allocate the link to a Link Aggregation Group (LAG). NOTE: A given link is allocated to, at most, one Link Aggregation Group (LAG) at a time.
PAGE 310
Overview: Link Aggregation Control Protocol (LACP) LACP Terminology 3.5.2 LACP Terminology Table 3-8 defines key terminology used in LACP configuration. Table 3-8 LACP Terms and Definitions Term Definition Aggregator Virtual port that controls link aggregation for underlying physical ports. Each Matrix Series module provides aggregator ports, which are designated in the CLI as lag.0.1 through lag.0.4. LAG Link Aggregation Group. Once underlying physical ports (i.e.; fe.x.x, or ge.x.
PAGE 311
Overview: Link Aggregation Control Protocol (LACP) Matrix Series Usage Considerations 3.5.3 Matrix Series Usage Considerations In normal usage (and typical implementations) there is no need to modify any of the default LACP parameters on the Matrix Series device. The default values will result in the maximum number of aggregations possible.
PAGE 312
Overview: Link Aggregation Control Protocol (LACP) Configuring Link Aggregation 3.5.4 Configuring Link Aggregation Purpose To disable and re-enable the Link Aggregation Control Protocol (LACP), to display and configure LACP settings for one or more aggregator ports, and to display and configure the LACP settings for underlying physical ports that are potential members of a link aggregation.
PAGE 313
Overview: Link Aggregation Control Protocol (LACP) Configuring Link Aggregation 3.5.4.1 show lacp Use this command to display the global LACP enable state, or to display information about one or more aggregator ports. Each Matrix Series module provides 4 virtual link aggregator ports, which are designated in the CLI as lag.0.1 through lag.0.4. Once underlying physical ports (i.e.; fe.x.x, ge.x.
PAGE 314
Overview: Link Aggregation Control Protocol (LACP) Configuring Link Aggregation Table 3-9 show lacp Output Details Output What It Displays... Aggregator LAG port designation. Each Matrix Series module provides 4 virtual link aggregator ports, which are designated in the CLI as lag.0.1 through lag.0.4. Once underlying physical ports (i.e.; fe.x.x, ge.x.x) are associated with an aggregator port, the resulting Link Aggregation Group (LAG) is represented with a lag.x.x port designation.
PAGE 315
Overview: Link Aggregation Control Protocol (LACP) Configuring Link Aggregation 3.5.4.2 set lacp Use this command to disable or enable the Link Aggregation Control Protocol (LACP) on the device. LACP is enabled by default. set lacp {disable | enable} Syntax Description disable | enable Disables or enables LACP. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 316
Overview: Link Aggregation Control Protocol (LACP) Configuring Link Aggregation 3.5.4.3 clear lacp state Use this command to reset LACP to the default state of enabled. clear lacp state Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 317
Overview: Link Aggregation Control Protocol (LACP) Configuring Link Aggregation 3.5.4.4 set lacp asyspri Use this command to set the LACP system priority. LACP uses this value to determine aggregation precedence. If there are two partner devices competing for the same aggregator, LACP compares the LAG IDs for each grouping of ports. The LAG with the lower LAG ID is given precedence and will be allowed to use the aggregator.
PAGE 318
Overview: Link Aggregation Control Protocol (LACP) Configuring Link Aggregation 3.5.4.5 set lacp aadminkey Use this command to set the administratively assigned key for one or more aggregator ports. LACP will use this value to form an oper key. Only underlying physical ports with oper keys matching those of their aggregators will be allowed to aggregate. set lacp aadminkey port-string value Syntax Description port-string Specifies the LAG port(s) on which to assign an admin key.
PAGE 319
Overview: Link Aggregation Control Protocol (LACP) Configuring Link Aggregation 3.5.4.6 clear lacp Use this command to clear LACP system priority or admin key settings. clear lacp {[asyspri] [aadminkey port-string]} Syntax Description asyspri Clears system priority. aadminkey port-string Clears admin keys for one or more ports. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 320
Overview: Link Aggregation Control Protocol (LACP) Configuring Link Aggregation 3.5.4.7 set lacp static Use this command to assign one or more underlying physical ports to a Link Aggregation Group (LAG). Matrix DFE-Gold Series devices allow for up to four ports per aggregator. NOTES: At least two ports need to be assigned to a LAG port for a Link Aggregation Group to form and attach to the specified LAG port. The same usage considerations for dynamic LAGs discussed in Section 3.5.
PAGE 321
Overview: Link Aggregation Control Protocol (LACP) Configuring Link Aggregation Example This example shows how to add port fe.1.6 to the LAG of aggregator port 4: Matrix(rw)->set lacp static lag.0.4 fe.1.
PAGE 322
Overview: Link Aggregation Control Protocol (LACP) Configuring Link Aggregation 3.5.4.8 clear lacp static Use this command to remove specific ports from a Link Aggregation Group. clear lacp static lagportstring port-string Syntax Description lagportstring Specifies the LAG aggregator port from which ports will be removed. port-string Specifies the port(s) to remove from the LAG. For a detailed description of possible port-string values, refer to Section 3.1.1. Command Defaults None.
PAGE 323
Overview: Link Aggregation Control Protocol (LACP) Configuring Link Aggregation 3.5.4.9 show lacp singleportlag Use this command to display the status of the single port LAG function. show lacp singleportlag Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only.
PAGE 324
Overview: Link Aggregation Control Protocol (LACP) Configuring Link Aggregation 3.5.4.10 set singleportlag Use this command to enable or disable the formation of single port LAGs. When enabled, this maintains LAGs when only one port is receiving protocol transmissions from a partner. set lacp singleportlag {enable | disable} Syntax Description enable | disable Enables or disables the formation of single port LAGs. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 325
Overview: Link Aggregation Control Protocol (LACP) Configuring Link Aggregation 3.5.4.11 clear singleportlag Use this command to reset the single port LAG function back to the default state of disabled. clear lacp singleportlag Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 326
Overview: Link Aggregation Control Protocol (LACP) Configuring Link Aggregation 3.5.4.12 show port lacp Use this command to display link aggregation information for one or more underlying physical ports. show port lacp port port-string {[status {detail | summary}] | [counters]} [sort {port | lag}] Syntax Description port port-string Displays LACP information for specific port(s). For a detailed description of possible port-string values, refer to Section 3.1.1.
PAGE 327
Overview: Link Aggregation Control Protocol (LACP) Configuring Link Aggregation Examples This example shows how to display detailed LACP status information for port fe.1.12: Matrix(rw)-> show port lacp port fe.1.12 status detail Port Instance: fe.1.
PAGE 328
Overview: Link Aggregation Control Protocol (LACP) Configuring Link Aggregation This example shows how to display LACP counters for port fe.1.12: Matrix(rw)->show port lacp port fe.1.12 counters Port Instance: fe.1.
PAGE 329
Overview: Link Aggregation Control Protocol (LACP) Configuring Link Aggregation 3.5.4.13 set port lacp Use this command to set link aggregation parameters for one or more ports. These settings will determine the specified underlying physical ports’ ability to join a LAG, and their administrative state once aggregated.
PAGE 330
Overview: Link Aggregation Control Protocol (LACP) Configuring Link Aggregation asyspri asyspri Sets the port’s actor system priority. The LACP implementation on the Matrix Series device uses this value to determine aggregation precedence when there are two devices competing for the same aggregator. Valid values are 0 - 65535, with higher precedence given to lower values.
PAGE 331
Overview: Link Aggregation Control Protocol (LACP) Configuring Link Aggregation padminstate Sets a port’s partner LACP administrative state. See lacpactive | aadminstate for valid options. lacptimeout | lacpagg | lacpsync | lacpcollect | lacpdist | lacpdef | lacpexpire enable (Optional) Enables LACPDU processing on this port. disable (Optional) Disables LACPDU processing on this port. Command Defaults • At least one parameter must be entered per port-string.
PAGE 332
Overview: Link Aggregation Control Protocol (LACP) Configuring Link Aggregation 3.5.4.14 clear port lacp Use this command to clear link aggregation settings for one or more ports.
PAGE 333
Overview: Link Aggregation Control Protocol (LACP) Configuring Link Aggregation padminstate Clears the port’s specific partner admin state, or all lacpactive | partner admin state(s). lacptimeout | lacpagg | lacpsync | lacpcollect | lacpdist | lacpdef | lacpexpire | all Command Defaults None. Command Type Switch command. Command Mode Read-Write. Example This example shows how to clear all link aggregation parameters for port ge.3.16: Matrix(rw)->clear port lacp port ge.3.
PAGE 334
Overview: Link Aggregation Control Protocol (LACP) Configuring Link Aggregation 3.5.4.15 show lacp flowRegeneration Use this command to display the LACP flow regeneration state. show lacp flowRegeneration Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only.
PAGE 335
Overview: Link Aggregation Control Protocol (LACP) Configuring Link Aggregation 3.5.4.16 set lacp flowRegeneration Use this command to enable or disable LACP flow regeneration. When enabled and a new port joins a link aggregation group (LAG), LACP will redistribute all existing flows over the LAG. It will also attempt to load balance existing flows to take advantage of ports added to the LAG.
PAGE 336
Overview: Link Aggregation Control Protocol (LACP) Configuring Link Aggregation 3.5.4.17 clear lacp flowRegeneration Use this command to reset LACP flow regeneration to its default state (disabled). clear lacp flowRegeneration Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 337
Overview: Link Aggregation Control Protocol (LACP) Configuring Link Aggregation 3.5.4.18 show lacp outportAlgorithm Use this command to display the current LACP outport algorithm. show lacp outportAlgorithm Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only.
PAGE 338
Overview: Link Aggregation Control Protocol (LACP) Configuring Link Aggregation 3.5.4.19 set lacp outportAlgorithm Use this command to set the algorithm LACP will use for outport determination. set lacp outportAlgorithm {dip-sip | da-sa | round-robin} Syntax Description dip-sip Specifies that destination and source IP addresses will determine the LACP outport. da-sa Specifies that destination and source MAC addresses will determine the LACP outport.
PAGE 339
Overview: Link Aggregation Control Protocol (LACP) Configuring Link Aggregation 3.5.4.20 clear lacp outportAlgorithm Use this command to reset LACP to DIP-SIP, its default outport algorithm. clear lacp outportAlgorithm Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 340
Overview: Link Aggregation Control Protocol (LACP) Configuring Link Aggregation 3-124 Matrix DFE-Gold Series Configuration Guide
PAGE 341
4 SNMP Configuration This chapter describes the Simple Network Management Protocol (SNMP) set of commands and how to use them. 4.1 SNMP CONFIGURATION SUMMARY SNMP is an application-layer protocol that facilitates the exchange of management information between network devices. SNMP enables network administrators to manage network performance, find and solve network problems, and plan for network growth.
PAGE 342
SNMP Configuration Summary SNMPv3 4.1.2 SNMPv3 SNMPv3 is an interoperable standards-based protocol that provides secure access to devices by authenticating and encrypting frames over the network. The advanced security features provided in SNMPv3 are as follows: • Message integrity — Collects data securely without being tampered with or corrupted. • Authentication — Determines the message is from a valid source.
PAGE 343
SNMP Configuration Summary Using SNMP Contexts to Access Specific MIBs or Routing Modules Table 4-1 SNMP Security Levels Model Security Level Authentication Encryption How It Works v1 NoAuthNoPriv Community string None Uses a community string match for authentication. v2c NoAuthNoPriv Community string None Uses a community string match for authentication. v3 NoAuthNoPriv User name None Uses a user name match for authentication.
PAGE 344
SNMP Configuration Summary Using SNMP Contexts to Access Specific MIBs or Routing Modules All SNMP contexts known to the device can be displayed using the show snmp context command as described in Section 4.3.4.2.
PAGE 345
Process Overview: SNMP Configuration Reviewing SNMP Statistics 4.2 PROCESS OVERVIEW: SNMP CONFIGURATION NOTE: Commands for configuring SNMP on the Matrix Series device are independent during the SNMP setup process. For instance, target parameters can be specified when setting up optional notification filters — even though these parameters have not yet been created with the set snmp targetparams command.
PAGE 346
SNMP Configuration Command Set Reviewing SNMP Statistics 4.3.1.1 show snmp engineid Use this command to display the SNMP local engine ID. This is the SNMP v3 engine’s administratively unique identifier. show snmp engineid Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only.
PAGE 347
SNMP Configuration Command Set Reviewing SNMP Statistics 4.3.1.2 show snmp counters Use this command to display SNMP traffic counter values. show snmp counters Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only.
PAGE 348
SNMP Configuration Command Set Reviewing SNMP Statistics Example This example shows how to display SNMP counter values Matrix(rw)->show snmp counters --- mib2 SNMP group counters: snmpInPkts = 396601 snmpOutPkts = 396601 snmpInBadVersions = 0 snmpInBadCommunityNames = 0 snmpInBadCommunityUses = 0 snmpInASNParseErrs = 0 snmpInTooBigs = 0 snmpInNoSuchNames = 0 snmpInBadValues = 0 snmpInReadOnlys = 0 snmpInGenErrs = 0 snmpInTotalReqVars = 403661 snmpInTotalSetVars = 534 snmpInGetRequests = 290 snmpInGetNexts
PAGE 349
SNMP Configuration Command Set Reviewing SNMP Statistics Table 4-3 show snmp counters Output Details Output What It Displays... snmpInPkts Number of messages delivered to the SNMP entity from the transport service. snmpOutPkts Number of SNMP messages passed from the SNMP protocol entity to the transport service. snmpInBadVersions Number of SNMP messages delivered to the SNMP entity for an unsupported SNMP version.
PAGE 350
SNMP Configuration Command Set Reviewing SNMP Statistics Table 4-3 show snmp counters Output Details (Continued) Output What It Displays... snmpInTotalReqVars Number of MIB objects retrieved successfully by the SNMP protocol entity as the result of receiving valid SNMP Get-Request and Get-Next PDUs. snmpInTotalSetVars Number of MIB objects altered successfully by the SNMP protocol entity as the result of receiving valid SNMP Set-Request PDUs.
PAGE 351
SNMP Configuration Command Set Reviewing SNMP Statistics Table 4-3 show snmp counters Output Details (Continued) Output What It Displays... snmpOutGetNexts Number of SNMP Get-Next PDUs generated by the SNMP protocol entity. snmpOutSetRequests Number of SNMP Set-Request PDUs generated by the SNMP protocol entity. snmpOutGetResponses Number of SNMP Get-Response PDUs generated by the SNMP protocol entity. snmpOutTraps Number of SNMP Trap PDUs generated by the SNMP protocol entity.
PAGE 352
SNMP Configuration Command Set Reviewing SNMP Statistics Table 4-3 show snmp counters Output Details (Continued) Output What It Displays... usmStatsWrongDigests Number of packets received by the SNMP engine that were dropped because they did not contain the expected digest value. usmStatsDecriptionErrors Number of packets received by the SNMP engine that were dropped because they could not be decrypted.
PAGE 353
SNMP Configuration Command Set Configuring SNMP Users, Groups and Communities 4.3.2 Configuring SNMP Users, Groups and Communities Purpose To review and configure SNMP users, groups and v1 and v2 communities. These are defined as follows: • User — A person registered in SNMPv3 to access SNMP management. • Group — A collection of users who share the same SNMP access privileges. • Community — A name used to authenticate SNMPv1 and v2 users.
PAGE 354
SNMP Configuration Command Set Configuring SNMP Users, Groups and Communities 4.3.2.1 show snmp user Use this command to display information about SNMP users. These are people registered to access SNMP management. show snmp user [list] | [user] | [remote remote ] [volatile | nonvolatile | read-only] Syntax Description list (Optional) Displays a list of registered SNMP user names. user (Optional) Displays information about a specific user.
PAGE 355
SNMP Configuration Command Set Configuring SNMP Users, Groups and Communities Examples This example shows how to display an SNMP user list: Matrix(rw)->show snmp user list --- SNMP user information ----- List of registered users: Guest admin1 admin2 netops This example shows how to display information for the SNMP “guest” user: Matrix(rw)->show snmp user guest --- SNMP user information --EngineId: 00:00:00:63:00:00:00:a1:00:00:00:00 Username = Guest Auth protocol = usmNoAuthProtocol Privacy protocol = usm
PAGE 356
SNMP Configuration Command Set Configuring SNMP Users, Groups and Communities 4.3.2.2 set snmp user Use this command to create a new SNMPv3 user. set snmp user user [remote remoteid] [authentication {md5 | sha}] [authpassword] [privacy privpassword] [volatile | nonvolatile] Syntax Description user Specifies a name for the SNMPv3 user. remote remoteid (Optional) Registers the user on a specific remote SNMP engine.
PAGE 357
SNMP Configuration Command Set Configuring SNMP Users, Groups and Communities 4.3.2.3 clear snmp user Use this command to remove a user from the SNMPv3 security-model list. clear snmp user user [remote remote] Syntax Description user Specifies an SNMPv3 user to remove. remote remote (Optional) Removes the user from a specific remote SNMP engine. Command Defaults If remote is not specified, the user will be removed from the local SNMP engine. Command Type Switch command. Command Mode Read-Write.
PAGE 358
SNMP Configuration Command Set Configuring SNMP Users, Groups and Communities 4.3.2.4 show snmp group Use this command to display an SNMP group configuration. An SNMP group is a collection of SNMPv3 users who share the same access privileges. show snmp group [groupname groupname] [user user] [security-model {v1 | v2c | usm}] [volatile | nonvolatile | read-only] Syntax Description groupname groupname (Optional) Displays information for a specific SNMP group.
PAGE 359
SNMP Configuration Command Set Configuring SNMP Users, Groups and Communities Example This example shows how to display SNMP group information: Matrix(rw)->show snmp group --- SNMP group information --Security model = SNMPv1 Security/user name = public Group name = Anyone Storage type = nonVolatile Row status = active Security model Security/user name Group name Storage type Row status = = = = = SNMPv1 public.router1 Anyone nonVolatile active Table 4-5 shows a detailed explanation of the command output.
PAGE 360
SNMP Configuration Command Set Configuring SNMP Users, Groups and Communities 4.3.2.5 set snmp group Use this command to create an SNMP group. This associates SNMPv3 users to a group that shares common access privileges. set snmp group groupname user user security-model {v1 | v2c | usm} [volatile | nonvolatile] Syntax Description groupname Specifies an SNMP group name to create. user user Specifies an SNMPv3 user name to assign to the group.
PAGE 361
SNMP Configuration Command Set Configuring SNMP Users, Groups and Communities 4.3.2.6 clear snmp group Use this command to clear SNMP group settings globally or for a specific SNMP group and user. clear snmp group groupname user [security-model {v1 | v2c | usm}] Syntax Description groupname Specifies the SNMP group to be cleared. user Specifies the SNMP user to be cleared. security-model v1 | (Optional) Clears the settings associated with a specific v2c | usm security model.
PAGE 362
SNMP Configuration Command Set Configuring SNMP Users, Groups and Communities 4.3.2.7 show snmp community Use this command to display SNMP community names and status. In SNMPv1 and v2, community names act as passwords to remote management. show snmp community [name] Syntax Description name (Optional) Displays SNMP information for a specific community name. Command Defaults If name is not specified, information will be displayed for all SNMP communities. Command Type Switch command.
PAGE 363
SNMP Configuration Command Set Configuring SNMP Users, Groups and Communities 4.3.2.8 set snmp community Use this command to configure an SNMP community group. set snmp community community [securityname securityname] [context context] [transport transport] [volatile | nonvolatile] Syntax Description community Specifies a community group name. securityname securityname (Optional) Specifies an SNMP security name to associate with this community.
PAGE 364
SNMP Configuration Command Set Configuring SNMP Users, Groups and Communities Command Mode Read-Write.
PAGE 365
SNMP Configuration Command Set Configuring SNMP Users, Groups and Communities 4.3.2.9 clear snmp community Use this command to delete an SNMP community name. clear snmp community name Syntax Description name Specifies the SNMP community name to clear. Command Defaults None. Command Type Switch command. Command Mode Read-Write. Example This example shows how to delete the community name “vip.
PAGE 366
SNMP Configuration Command Set Configuring SNMP Access Rights 4.3.3 Configuring SNMP Access Rights Purpose To review and configure SNMP access rights, assigning viewing privileges and security levels to SNMP user groups. Commands The commands used to review and configure SNMP access are listed below and described in the associated section as shown. • show snmp access (Section 4.3.3.1) • set snmp access (Section 4.3.3.2) • clear snmp access (Section 4.3.3.
PAGE 367
SNMP Configuration Command Set Configuring SNMP Access Rights 4.3.3.1 show snmp access Use this command to display access rights and security levels configured for SNMP one or more groups. show snmp access [groupname] [security-model {v1 | v2c | usm}] [noauthentication | authentication | privacy] [context context] [volatile | nonvolatile | read-only] Syntax Description groupname (Optional) Displays access information for a specific SNMPv3 group.
PAGE 368
SNMP Configuration Command Set Configuring SNMP Access Rights Command Mode Read-Only.
PAGE 369
SNMP Configuration Command Set Configuring SNMP Access Rights Table 4-6 show snmp access Output Details (Continued) Output What It Displays... Security level Security level applied to this group. Valid levels are: • noAuthNoPrivacy (no authentication required) • AuthNoPrivacy (authentication required) • authPriv (privacy -- most secure level) Read View Name of the view that allows this group to view SNMP MIB objects.
PAGE 370
SNMP Configuration Command Set Configuring SNMP Access Rights 4.3.3.2 set snmp access Use this command to set an SNMP access configuration. set snmp access groupname security-model {v1 | v2c | usm} [noauthentication | authentication | privacy] [context context] [exact | prefix] [read read] [write write] [notify notify] [volatile | nonvolatile] Syntax Description groupname Specifies a name for an SNMPv3 group. security-model v1 | Specifies SNMP version 1, 2c or 3 (usm).
PAGE 371
SNMP Configuration Command Set Configuring SNMP Access Rights Command Defaults • If security level is not specified, no authentication will be applied. • If context is not specified, access will be enabled for the default context. If context is specified without a context match, exact match will be applied. • If read view is not specified none will be applied. • If write view is not specified, none will be applied. • If notify view is not specified, none will be applied.
PAGE 372
SNMP Configuration Command Set Configuring SNMP Access Rights 4.3.3.3 clear snmp access Use this command to clear the SNMP access entry of a specific group, including its set SNMP security-model, and level of security. clear snmp access groupname security-model {v1 | v2c | usm} [noauthentication | authentication | privacy] [context context] Syntax Description groupname Specifies the name of the SNMP group for which to clear access.
PAGE 373
SNMP Configuration Command Set Configuring SNMP MIB Views 4.3.4 Configuring SNMP MIB Views Purpose To review and configure SNMP MIB views. SNMP views map SNMP objects to access rights. Commands The commands used to review and configure SNMP MIB views are listed below and described in the associated section as shown. • show snmp view (Section 4.3.4.1) • show snmp context (Section 4.3.4.2) • set snmp view (Section 4.3.4.3) • clear snmp view (Section 4.3.4.
PAGE 374
SNMP Configuration Command Set Configuring SNMP MIB Views 4.3.4.1 show snmp view Use this command to display the MIB configuration for SNMPv3 view-based access (VACM). show snmp view [viewname] [subtree oid-or-mibobject] [volatile | nonvolatile | read-only] Syntax Description viewname (Optional) Displays information for a specific MIB view. subtree oid-or-mibobject (Optional) Displays information for a specific MIB subtree when viewname is specified.
PAGE 375
SNMP Configuration Command Set Configuring SNMP MIB Views Example This example shows how to display SNMP MIB view configuration information: Matrix(rw)->show snmp view --- SNMP MIB View information --View Name = All Subtree OID = 1 Subtree mask = View Type = included Storage type = nonVolatile Row status = active View Name Subtree OID Subtree mask View Type Storage type Row status = = = = = = All 0.0 View Name Subtree OID Subtree mask View Type Storage type Row status = = = = = = Network 1.3.6.1.2.
PAGE 376
SNMP Configuration Command Set Configuring SNMP MIB Views 4.3.4.2 show snmp context Use this command to display the context list configuration for SNMP’s view-based access control. An SNMP context is a collection of management information that can be accessed by an SNMP agent or entity. The default context allows all SNMP agents to access all management information (MIBs). When created using the set snmp access command (Section 4.3.3.
PAGE 377
SNMP Configuration Command Set Configuring SNMP MIB Views 4.3.4.3 set snmp view Use this command to set a MIB configuration for SNMPv3 view-based access (VACM). set snmp view viewname viewname subtree subtree [mask mask] [included | excluded] [volatile | nonvolatile] Syntax Description viewname viewname Specifies a name for a MIB view. subtree subtree Specifies a MIB subtree name. mask mask (Optional) Specifies a bitmask for a subtree.
PAGE 378
SNMP Configuration Command Set Configuring SNMP MIB Views 4.3.4.4 clear snmp view Use this command to delete an SNMPv3 MIB view. clear snmp view viewname subtree Syntax Description viewname Specifies the MIB view name to be deleted. subtree Specifies the subtree name of the MIB view to be deleted. Command Defaults None. Command Type Switch command. Command Mode Read-Write. Example This example shows how to delete SNMP MIB view “public”: Matrix(rw)->clear snmp view public 1.3.6.
PAGE 379
SNMP Configuration Command Set Configuring SNMP Target Parameters 4.3.5 Configuring SNMP Target Parameters Purpose To review and configure SNMP target parameters. This controls where and under what circumstances SNMP notifications will be sent. A target parameter entry can be bound to a target IP address allowed to receive SNMP notification messages with the set snmp targetaddr command (Section 4.3.6.
PAGE 380
SNMP Configuration Command Set Configuring SNMP Target Parameters 4.3.5.1 show snmp targetparams Use this command to display SNMP parameters used to generate a message to a target. show snmp targetparams [targetParams] [volatile | nonvolatile | read-only] Syntax Description targetParams (Optional) Displays entries for a specific target parameter. volatile | nonvolatile | read-only (Optional) Displays target parameter entries for a specific storage type.
PAGE 381
SNMP Configuration Command Set Configuring SNMP Target Parameters Example This example shows how to display SNMP target parameters information: Matrix(rw)->show snmp targetparams --- SNMP TargetParams information --Target Parameter Name = v1ExampleParams Security Name = public Message Proc. Model = SNMPv1 Security Level = noAuthNoPriv Storage type = nonVolatile Row status = active Target Parameter Name Security Name Message Proc.
PAGE 382
SNMP Configuration Command Set Configuring SNMP Target Parameters Table 4-8 show snmp targetparams Output Details (Continued) Output What It Displays... Storage type Whether entry is stored in volatile, nonvolatile or read-only memory. Row status Status of this entry: active, notInService, or notReady.
PAGE 383
SNMP Configuration Command Set Configuring SNMP Target Parameters 4.3.5.2 set snmp targetparams Use this command to set SNMP target parameters, a named set of security/authorization criteria used to generate a message to a target.
PAGE 384
SNMP Configuration Command Set Configuring SNMP Target Parameters Example This example shows how to set SNMP target parameters named “v1ExampleParams” for a user named “fred” using version 3 security model and message processing, and authentication: Matrix(rw)->set snmp targetparams v1ExampleParams user fred security-model usm message-processing v3 authentication 4-44 Matrix DFE-Gold Series Configuration Guide
PAGE 385
SNMP Configuration Command Set Configuring SNMP Target Parameters 4.3.5.3 clear snmp targetparams Use this command to clear the SNMP target parameter configuration. clear snmp targetparams targetParams Syntax Description targetParams Specifies the name of the parameter in the SNMP target parameters table to be cleared. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 386
SNMP Configuration Command Set Configuring SNMP Target Addresses 4.3.6 Configuring SNMP Target Addresses Purpose To review and configure SNMP target addresses which will receive SNMP notification messages. An address configuration can be linked to optional SNMP transmit, or target, parameters (such as timeout, retry count, and UDP port) set with the set snmp targetparams command (Section 4.3.5.2).
PAGE 387
SNMP Configuration Command Set Configuring SNMP Target Addresses 4.3.6.1 show snmp targetaddr Use this command to display SNMP target address information. show snmp targetaddr [targetAddr] [volatile | nonvolatile | read-only] Syntax Description targetAddr (Optional) Displays information for a specific target address name. volatile | nonvolatile | read-only (Optional) When target address is specified, displays target address information for a specific storage type.
PAGE 388
SNMP Configuration Command Set Configuring SNMP Target Addresses Table 4-9 show snmp targetaddr Output Details Output What It Displays... Target Address Name Unique identifier in the snmpTargetAddressTable. Tag List Tags a location to the target address as a place to send notifications. IP Address Target IP address. UDP Port# Number of the UDP port of the target host to use. Target Mask Target IP address mask. Timeout Timeout setting for the target address.
PAGE 389
SNMP Configuration Command Set Configuring SNMP Target Addresses 4.3.6.2 set snmp targetaddr Use this command to configure an SNMP target address. The target address is a unique identifier and a specific IP address that will receive SNMP notification messages and determine which community strings will be accepted. This address configuration can be linked to optional SNMP transmit parameters (such as timeout, retry count, and UDP port).
PAGE 390
SNMP Configuration Command Set Configuring SNMP Target Addresses Command Defaults • If not specified, udpport will be set to 162. • If not specified, mask will be set to 255.255.255.255 • If not specified, timeout will be set to 1500. • If not specified, number of retries will be set to 3. • If taglist is not specified, none will be set. • If not specified, storage type will be nonvolatile. Command Type Switch command. Command Mode Read-Write.
PAGE 391
SNMP Configuration Command Set Configuring SNMP Target Addresses 4.3.6.3 clear snmp targetaddr Use this command to delete an SNMP target address entry. clear snmp targetaddr targetAddr Syntax Description targetAddr Specifies the target address entry to delete. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 392
SNMP Configuration Command Set Configuring SNMP Notification Parameters 4.3.7 Configuring SNMP Notification Parameters Purpose To configure SNMP notification parameters and optional filters. Notifications are entities which handle the generation of SNMP v1 and v2 “traps” or SNMP v3 “informs” messages to select management targets. Optional notification filters identify which targets should not receive notifications.
PAGE 393
SNMP Configuration Command Set Configuring SNMP Notification Parameters 4.3.7.1 show snmp notify Use this command to display the SNMP notify configuration, which determines which management targets will receive SNMP notifications. show snmp notify [notify] [volatile | nonvolatile | read-only] Syntax Description notify (Optional) Displays notify entries for a specific notify name. volatile | nonvolatile | read-only (Optional) Displays notify entries for a specific storage type.
PAGE 394
SNMP Configuration Command Set Configuring SNMP Notification Parameters Table 4-10 shows a detailed explanation of the command output. Table 4-10 show snmp notify Output Details Output What It Displays... Notify name A unique identifier used to index the SNMP notify table. Notify Tag Name of the entry in the SNMP notify table. Notify Type Type of notification: SNMPv1 or v2 trap or SNMPv3 InformRequest message.
PAGE 395
SNMP Configuration Command Set Configuring SNMP Notification Parameters 4.3.7.2 set snmp notify Use this command to set the SNMP notify configuration. This creates an entry in the SNMP notify table, which is used to select management targets who should receive notification messages. This command’s tag parameter can be used to bind each entry to a target address using the set snmp targetaddr command (Section 4.3.6.2).
PAGE 396
SNMP Configuration Command Set Configuring SNMP Notification Parameters 4.3.7.3 clear snmp notify Use this command to clear an SNMP notify configuration. clear snmp notify notify Syntax Description notify Specifies an SNMP notify name to clear. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 397
SNMP Configuration Command Set Configuring SNMP Notification Parameters About SNMP Notify Filters Profiles indicating which targets should not receive SNMP notification messages are kept in the NotifyFilter table. If this table is empty, meaning that no filtering is associated with any SNMP target, then no filtering will take place. “Traps” or “informs” notifications will be sent to all destinations in the SNMP targetAddrTable that have tags matching those found in the NotifyTable.
PAGE 398
SNMP Configuration Command Set Configuring SNMP Notification Parameters 4.3.7.4 show snmp notifyfilter Use this command to display SNMP notify filter information, identifying which profiles will not receive SNMP notifications. show snmp notifyfilter [profile] [subtree oid-or-mibobject] [volatile | nonvolatile | read-only] Syntax Description profile (Optional) Displays a specific notify filter. subtree oid-or-mibobject (Optional) Displays a notify filter within a specific subtree.
PAGE 399
SNMP Configuration Command Set Configuring SNMP Notification Parameters 4.3.7.5 set snmp notifyfilter Use this command to create an SNMP notify filter configuration. This identifies which management targets should NOT receive notification messages, which is useful for fine-tuning the amount of SNMP traffic generated. set snmp notifyfilter profile subtree oid-or-mibobject [mask mask] [included | excluded] [volatile | nonvolatile] Syntax Description profile Specifies an SNMP filter notify name.
PAGE 400
SNMP Configuration Command Set Configuring SNMP Notification Parameters 4.3.7.6 clear snmp notifyfilter Use this command to delete an SNMP notify filter configuration. clear snmp notifyfilter profile subtree oid-or-mibobject Syntax Description profile Specifies an SNMP filter notify name to delete. subtree oid-or-mibobject Specifies a MIB subtree ID containing the filter to be deleted. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 401
SNMP Configuration Command Set Configuring SNMP Notification Parameters 4.3.7.7 show snmp notifyprofile Use this command to display SNMP notify profile information. This associates target parameters to an SNMP notify filter to determine who should not receive SNMP notifications. show snmp notifyprofile [profile] [targetparam targetparam] [volatile | nonvolatile | read-only] Syntax Description profile (Optional) Displays a specific notify profile.
PAGE 402
SNMP Configuration Command Set Configuring SNMP Notification Parameters 4.3.7.8 set snmp notifyprofile Use this command to create an SNMP notify filter profile configuration. This associates a notification filter, created with the set snmp notifyfilter command (Section 4.3.7.5), to a set of SNMP target parameters to determine which management targets should not receive SNMP notifications.
PAGE 403
SNMP Configuration Command Set Configuring SNMP Notification Parameters 4.3.7.9 clear snmp notifyprofile Use this command to delete an SNMP notify profile configuration. clear snmp notifyprofile profile targetparam targetparam Syntax Description profile Specifies an SNMP filter notify name to delete. targetparam targetparam Specifies an associated entry in the snmpTargetParamsTable. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 404
SNMP Configuration Command Set Creating a Basic SNMP Trap Configuration 4.3.8 Creating a Basic SNMP Trap Configuration Traps are notification messages sent by an SNMPv1 or v2 agent to a network management station, a console, or a terminal to indicate the occurrence of a significant event, such as when a port or device goes up or down, when there are authentication failures, and when power supply errors occur.
PAGE 405
SNMP Configuration Command Set Creating a Basic SNMP Trap Configuration Table 4-11 Basic SNMP Trap Configuration Command Set (Continued) To do this... Use these commands... Create a new notification entry. set snmp notify (Section 4.3.7.2) Create a target address entry. set snmp targetaddr (Section 4.3.6.
PAGE 406
SNMP Configuration Command Set Creating a Basic SNMP Trap Configuration 4. Verifies that the v2ExampleParams description of how to step through the door is, in fact, there. The agent checks targetparams entries and determines this description was made with the set snmp targetparams command, which tells exactly which SNMP protocol to use and what community name to provide. In this case, the community name is mgmt. 5. Verifies that the mgmt community name is available.
PAGE 407
5 Spanning Tree Configuration This chapter describes the Spanning Tree Configuration set of commands and how to use them. 5.1 SPANNING TREE CONFIGURATION SUMMARY 5.1.1 Overview: Single, Rapid and Multiple Spanning Tree Protocols The IEEE 802.1D Spanning Tree Protocol (STP) resolves the problems of physical loops in a network by establishing one primary path between any two devices in a network.
PAGE 408
Spanning Tree Configuration Summary Spanning Tree Features only if the forwarding link goes down. MSTP assigns each VLAN present on the network to a particular Spanning Tree instance, allowing each switch port to be in a distinct state for each such instance: blocking for one Spanning Tree while forwarding for another. Thus, traffic associated with one set of VLANs can traverse a particular inter-switch link, while traffic associated with another set of VLANs can be blocked on that link.
PAGE 409
Spanning Tree Configuration Command Set Process Overview: Spanning Tree Configuration 5.1.3 Process Overview: Spanning Tree Configuration CAUTION: Spanning Tree configuration should be performed only by personnel who are very knowledgeable about Spanning Trees and the configuration of the Spanning Tree Algorithm. Otherwise, the proper operation of the network could be at risk. Use the following steps as a guide in the Spanning Tree configuration process: 1.
PAGE 410
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters • set spantree maxconfigurablestps (Section 5.2.1.9) • clear spantree maxconfigurablestps (Section 5.2.1.10) • show spantree mstilist (Section 5.2.1.11) • set spantree msti (Section 5.2.1.12) • clear spantree msti (Section 5.2.1.13) • show spantree mstmap (Section 5.2.1.14) • set spantree mstmap (Section 5.2.1.15) • clear spantree mstmap (Section 5.2.1.16) • show spantree vlanlist (Section 5.2.1.
PAGE 411
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters • show spantree fwddelay (Section 5.2.1.36) • set spantree fwddelay (Section 5.2.1.37) • clear spantree fwddelay (Section 5.2.1.38) • show spantree autoedge (Section 5.2.1.39) • set spantree autoedge (Section 5.2.1.40) • clear spantree autoedge (Section 5.2.1.41) • show spantree legacypathcost (Section 5.2.1.42) • set spantree legacypathcost (Section 5.2.1.43) • clear spantree legacypathcost (Section 5.2.1.
PAGE 412
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters • set spantree spanguardtrapenable (Section 5.2.1.63) • clear spantree spanguardtrapenable (Section 5.2.1.64) • show spantree backuproot (Section 5.2.1.65) • set spantree backuproot (Section 5.2.1.66) • clear spantree backuproot (Section 5.2.1.67) • show spantree backuproottrapendable (Section 5.2.1.68) • set spantree backuproottrapenable (Section 5.2.1.69) • clear spantree backuproottrapenable (Section 5.2.1.
PAGE 413
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.1 show spantree stats Use this command to display Spanning Tree information for one or more ports. show spantree stats [port port-string] [sid sid] [active] Syntax Description port port-string (Optional) Displays information for the specified port(s). For a detailed description of possible port--string values, refer to Section 3.1.1.
PAGE 414
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters Example This example shows how to display the device’s Spanning Tree configuration: Matrix(rw)->show spantree stats Spanning tree status Spanning tree instance Designated Root MacAddr Designated Root Priority Designated Root Cost Designated Root Port Root Max Age Root Hello Time Root Forward Delay Bridge ID MAC Address Bridge ID Priority Bridge Max Age Bridge Hello Time Bridge Forward Delay Topology Change Count T
PAGE 415
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters Table 5-1 show spantree Output Details (Continued) Output What It Displays... Root Forward Delay Amount of time (in seconds) the root device spends in listening or learning mode. Bridge ID MAC Address Unique bridge MAC address, recognized by all bridges in the network. Bridge ID Priority Bridge priority, which is a default value, or is assigned using the set spantree priority command.
PAGE 416
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.2 show spantree version Use this command to display the current version of the Spanning Tree protocol running on the device. show spantree version Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only.
PAGE 417
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.3 set spantree version Use this command to set the version of the Spanning Tree protocol to MSTP (Multiple Spanning Tree Protocol), RSTP (Rapid Spanning Tree Protocol) or to STP 802.1D-compatible. set spantree version {mstp | stpcompatible | rstp} NOTE: In most networks, Spanning Tree version should not be changed from its default setting of mstp (Multiple Spanning Tree Protocol) mode.
PAGE 418
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.4 clear spantree version Use this command to reset the Spanning Tree version to MSTP mode. clear spantree version Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 419
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.5 show spantree stpmode Use this command to display the Spanning Tree Protocol (STP) mode setting. show spantree stpmode Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only.
PAGE 420
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.6 set spantree stpmode Use this command to globally enable or disable the Spanning Tree Protocol (STP) mode. set spantree stpmode {none | ieee8021} Syntax Description none Disables Spanning Tree. ieee8021 Enables 802.1 Spanning Tree mode. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 421
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.7 clear spantree stpmode Use this command to reset the Spanning Tree protocol mode to the default setting of IEEE802.1. This re-enables Spanning Tree. clear spantree stpmode Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Write. Example This example shows how to reset the STP mode to IEEE 802.
PAGE 422
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.8 show spantree maxconfigurablestps Use this command to display the setting for the maximum number of user configurable Spanning Tree instances. show spantree maxconfigurablestps Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only. Example This example shows how to display the STP maximum configs setting.
PAGE 423
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.9 set spantree maxconfigurablestps Use this command to set the maximum number of user configurable Spanning Tree instances. set spantree maxconfigurablestps numstps Syntax Description numstps • Specifies the maximum number of user configured STPs to be allowed on this bridge. Valid values are 1 9. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 424
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.10 clear spantree maxconfigurablestps Use this command to clear the setting for the maximum number of user configurable Spanning Tree instances. clear spantree maxconfigurablestps Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 425
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.11 show spantree mstilist Use this command to display a list of Multiple Spanning Tree (MST) instances configured on the device. show spantree mstilist Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only. Example This example shows how to display a list of MST instances.
PAGE 426
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.12 set spantree msti Use this command to create or delete a Multiple Spanning Tree instance. set spantree msti sid sid {create | delete} Syntax Description sid sid Sets the Multiple Spanning Tree ID. Valid values are 1 4094. NOTE: Matrix Series devices will support up to 9 MST instances. create | delete Creates or deletes an MST instance. Command Defaults None. Command Type Switch command.
PAGE 427
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.13 clear spantree msti Use this command to delete one or more Multiple Spanning Tree instances. clear spantree msti sid Syntax Description sid Specifies a multiple Spanning Tree ID to be deleted. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 428
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.14 show spantree mstmap Use this command to display the mapping of a filtering database ID (FID) to a Spanning Trees. Since VLANs are mapped to FIDs, this shows to which SID a VLAN is mapped. show spantree mstmap [fid fid] Syntax Description fid fid (Optional) Displays information for specific FIDs. Command Defaults If fid is not specified, information for all assigned FIDs will be displayed.
PAGE 429
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.15 set spantree mstmap Use this command to map one or more filtering database IDs (FIDs) to a SID. Since VLANs are mapped to FIDs, this essentially maps one or more VLAN IDs to a Spanning Tree (SID). set spantree mstmap fid [sid sid] Syntax Description fid Specifies one or more FIDs to assign to the MST.
PAGE 430
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.16 clear spantree mstmap Use this command to map a FID back to SID 0. clear spantree mstmap fid Syntax Description fid Specifies one or more FIDs to reset to 0. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 431
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.17 show spantree vlanlist Use this command to display the VLAN ID(s) assigned to one or more Spanning Trees. show spantree vlanlist [vlan-list] Syntax Description vlan-list (Optional) Displays information for specific VLAN(s). Command Defaults If not specified, SID assignment will be displayed only for VLANs assigned to any SID other than SID 0. Command Type Switch command. Command Mode Read-Only.
PAGE 432
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.18 show spantree mstcfgid Use this command to display the MST configuration identifier elements, including format selector, configuration name, revision level, and configuration digest. show spantree mstcfgid Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only. Example This example shows how to display the MST configuration identifier elements.
PAGE 433
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.19 set spantree mstcfgid Use this command to set the MST configuration name and/or revision level. set spantree mstcfgid {cfgname name | rev level} Syntax Description cfgname name Specifies an MST configuration name. rev level Specifies an MST revision level. Valid values are 0 65535. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 434
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.20 clear spantree mstcfgid Use this command to reset the MST revision level to a default value of 0, and the configuration name to a default string representing the bridge MAC address. clear spantree mstcfgid Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 435
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.21 show spantree bridgeprioritymode Use this command to display the Spanning Tree bridge priority mode setting. show spantree bridgeprioritymode Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only.
PAGE 436
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.22 set spantree bridgeprioritymode Use this command to set the Spanning Tree bridge priority mode to 802.1D (legacy) or 802.1t. This will affect the range of priority values used to determine which device is selected as the Spanning Tree root as described in set spantree priority (Section 5.2.1.25).
PAGE 437
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.23 clear spantree bridgeprioritymode Use this command to reset the Spanning Tree bridge priority mode to the default setting of 802.1t. clear spantree bridgeprioritymode Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Write. Example This example shows how to reset the bridge priority mode to 802.
PAGE 438
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.24 show spantree priority Use this command to display the Spanning Tree bridge priority. show spantree priority [sid] Syntax Description sid (Optional) Displays the priority for a specific Spanning Tree. Valid values are 0 - 4094. If not specified, SID 0 is assumed. Command Defaults If sid is not specified, priority will be shown for Spanning Tree 0. Command Type Switch command. Command Mode Read-Only.
PAGE 439
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.25 set spantree priority Use this command to set the device’s Spanning Tree priority. The device with the highest priority (lowest numerical value) becomes the Spanning Tree root device. If all devices have the same priority, the device with the lowest MAC address will then become the root device. Depending on the set bridgepriority mode setting as described in Section 5.2.1.
PAGE 440
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters This example shows how to set the bridge priority to 15 on all SIDs with 8021t priority mode enabled: Matrix(rw)->set spantree priority 15 Bride Priority has been translated to incremental step of 61440 This example shows how to set the bridge priority to 4000 on all SIDs with 8021t priority mode enabled: Matrix(rw)->set spantree priority 4000 Bride Priority has been rounded up to 4096 from 4000 This example sho
PAGE 441
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.26 clear spantree priority Use this command to reset the Spanning Tree priority to the default value of 32768. clear spantree priority [sid] Syntax Description sid (Optional) Resets the priority on a specific Spanning Tree. Valid values are 0 - 4094. If not specified, SID 0 is assumed. Command Defaults If sid is not specified, priority will be reset on Spanning Tree 0. Command Type Switch command.
PAGE 442
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.27 show spantree bridgehellomode Use this command to display the status of bridge hello mode on the device. When enabled, a single bridge administrative hello time is being used. When disabled, per-port administrative hello times are being used. show spantree bridgehellomode Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only.
PAGE 443
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.28 set spantree bridgehellomode Use this command to enable or disable bridge hello mode on the device. set spantree bridgehellomode {enable | disable} Syntax Description enable Enables single Spanning Tree bridge hello mode. disable Disables single Spanning Tree bridge hello mode, allowing for the configuration of per-port hello times. Command Defaults None. Command Type Switch command.
PAGE 444
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.29 clear spantree bridgehellomode Use this command to reset the Spanning Tree administrative hello mode to enabled. clear spantree bridgehellomode Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 445
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.30 show spantree hello Use this command to display the Spanning Tree hello time. show spantree hello Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only.
PAGE 446
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.31 set spantree hello Use this command to set the device’s Spanning Tree hello time, This is the time interval (in seconds) the device will transmit BPDUs indicating it is active. set spantree hello interval Syntax Description interval Specifies the number of seconds the system waits before broadcasting a bridge hello message (a multicast message indicating that the system is active).
PAGE 447
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.32 clear spantree hello Use this command to reset the Spanning Tree hello time to the default value of 2 seconds. clear spantree hello Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 448
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.33 show spantree maxage Use this command to display the Spanning Tree maximum aging time. show spantree maxage Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only.
PAGE 449
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.34 set spantree maxage Use this command to set the bridge maximum aging time. This is the maximum time (in seconds) a device can wait without receiving a configuration message (bridge “hello”) before attempting to reconfigure. All device ports (except for designated ports) should receive configuration messages at regular intervals.
PAGE 450
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.35 clear spantree maxage Use this command to reset the maximum aging time for a Spanning Tree to the default value of 20 seconds. clear spantree maxage Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 451
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.36 show spantree fwddelay Use this command to display the Spanning Tree forward delay time. show spantree fwddelay Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only.
PAGE 452
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.37 set spantree fwddelay Use this command to set the Spanning Tree forward delay. This is the maximum time (in seconds) the root device will wait before changing states (i.e., listening to learning to forwarding). This delay is required because every device must receive information about topology changes before it starts to forward frames.
PAGE 453
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.38 clear spantree fwddelay Use this command to reset the Spanning Tree forward delay to the default setting of 15 seconds. clear spantree fwddelay Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 454
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.39 show spantree autoedge Use this command to display the status of automatic edge port detection. show spantree autoedge Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only. Example This example shows how to display the status of the automatic edge port detection function: Matrix(rw)->show spantree autoedge autoEdge is currently enabled.
PAGE 455
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.40 set spantree autoedge Use this command to enable or disable the automatic edge port detection function. set spantree autoedge {disable | enable} Syntax Description disable | enable Disables or enables automatic edge port detection. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 456
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.41 clear spantree autoedge Use this command to reset automatic edge port detection to the default state of enabled. clear spantree autoedge Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 457
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.42 show spantree legacypathcost Use this command to display the default Spanning Tree path cost setting. show spantree legacypathcost Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only.
PAGE 458
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.43 set spantree legacypathcost Use this command to enable or disable legacy (802.1D) path cost values. set spantree legacypathcost {disable | enable} NOTE: By default, legacy path cost is disabled. Enabling the device to calculate legacy path costs affects the range of valid values that can be entered in the set spantree adminpathcost command (Section 5.2.2.17).
PAGE 459
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.44 clear spantree legacypathcost Use this command to set the Spanning Tree default value for legacy path cost to 802.1t values. clear spantree legacypathcost Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Write. Example This example shows how to set the default path cost values to 802.
PAGE 460
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.45 show spantree tctrapsuppress Use this command to display the status of topology change trap suppression on Rapid Spanning Tree edge ports. show spantree tctrapsuppress Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only.
PAGE 461
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.46 set spantree tctrapsuppress Use this command to disable or enable topology change trap suppression on Rapid Spanning Tree edge ports. By default, RSTP non-edge (bridge) ports that transition to forwarding or blocking cause the switch to issue a topology change trap.
PAGE 462
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.47 clear spantree tctrapsuppress Use this command to clear topology change trap suppression settings. clear spantree tctrapsuppress Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 463
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.48 show spantree txholdcount Use this command to display the maximum BPDU transmission rate. show spantree txholdcount Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only. Example This example shows how to display the transmit hold count setting: Matrix(rw)->show spantree txholdcount Tx hold count = 3.
PAGE 464
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.49 set spantree txholdcount Use this command to set the maximum BPDU transmission rate. This is the number of BPDUs which will be transmitted before transmissions are subject to a one-second timer. set spantree txholdcount txholdcount Syntax Description txholdcount Specifies the maximum number of BPDUs to be transmitted before transmissions are subject to a one-second timer. Valid values are 1 - 10.
PAGE 465
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.50 clear spantree txholdcount Use this command to reset the transmit hold count to the default value of 6. clear spantree txholdcount Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 466
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.51 show spantree maxhops Use this command to display the Spanning Tree maximum hop count. show spantree maxhops Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only.
PAGE 467
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.52 set spantree maxhops Use this command to set the Spanning Tree maximum hop count. This is the maximum number of hops that the information for a particular Spanning Tree instance may traverse (via relay of BPDUs within the applicable MST region) before being discarded. set spantree maxhops max_hop_count Syntax Description max_hop_count Specifies the maximum number of hops allowed.
PAGE 468
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.53 clear spantree maxhops Use this command to reset the maximum hop count to the default value of 20. clear spantree maxhops Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 469
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.54 show spantree spanguard Use this command to display the status of the Spanning Tree span guard function. show spantree spanguard Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only. Example This example shows how to display the span guard function status: Matrix(rw)->show spantree spanguard spanguard is currently disabled.
PAGE 470
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.55 set spantree spanguard Use this command to enable or disable the Spanning Tree span guard function. When enabled, this prevents an unauthorized bridge from becoming part of the active Spanning Tree topology. It does this by disabling a port that receives a BPDU when that port has been defined as an edge (user) port (as described in Section 5.2.2.20).
PAGE 471
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.56 clear spantree spanguard Use this command to resets the status of the Spanning Tree span guard function to disabled. clear spantree spanguard Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 472
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.57 show spantree spanguardtimeout Use this command to display the Spanning Tree span guard timeout setting. show spantree spanguardtimeout Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only. Example This example shows how to display the span guard timeout setting: Matrix(rw)->show spantree spanguardtimeout spanguard timeout is set at 300 seconds.
PAGE 473
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.58 set spantree spanguardtimeout Use this command to set the amount of time (in seconds) an edge port will remain locked by the span guard function. set spantree spanguardtimeout timeout Syntax Description timeout Specifies a timeout value in seconds. Valid values are 0 (forever) to 65535. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 474
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.59 clear spantree spanguardtimeout Use this command to reset the Spanning Tree span guard timeout to the default value of 300 seconds. clear spantree spanguardtimeout Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 475
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.60 show spantree spanguardlock Use this command to display the span guard lock status of one or more ports. show spantree spanguardlock port-string Syntax Description port-string Specifies the port(s) for which to show span guard lock status. For a detailed description of possible port-string values, refer to Section 3.1.1. Command Defaults None. Command Type Switch command. Command Mode Read-Only.
PAGE 476
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.61 clear / set spantree spanguardlock Use either of these commands to unlock one or more ports locked by the Spanning Tree span guard function. When span guard is enabled, it locks ports that receive BPDUs when those ports have been defined as edge (user) ports (as described in Section 5.2.2.20).
PAGE 477
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.62 show spantree spanguardtrapenable Use this command to displays the state of the Spanning Tree span guard trap function. show spantree spanguardtrapenable Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only.
PAGE 478
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.63 set spantree spanguardtrapenable Use this command to enable or disable the sending of an SNMP trap message when span guard detects that an unauthorized port has tried to join the Spanning Tree. set spantree spanguardtrapenable {disable | enable} Syntax Description disable | enable Disables or enables the span guard trap function. Command Defaults None. Command Type Switch command.
PAGE 479
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.64 clear spantree spanguardtrap enable Use this command to reset the Spanning Tree span guard trap function back to the default state of enabled. clear spantree spanguardtrapenable Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 480
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.65 show spantree backuproot Use this command to display the state of the Spanning Tree backup root function. show spantree backuproot [sid] Syntax Description sid (Optional) Displays status for a specific Spanning Tree. Valid values are 0 - 4094. If not specified, SID 0 is assumed. Command Defaults If sid is not specified, status will be shown for Spanning Tree 0. Command Type Switch command.
PAGE 481
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.66 set spantree backuproot Use this command to enable or disable the Spanning Tree backup root function. Enabled by default on bridge(s) directly connected to the root bridge, this prevents stale Spanning Tree information from circulating in the event the root bridge is lost.
PAGE 482
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.67 clear spantree backuproot Use this command to reset the Spanning Tree backup root function to the default state of disabled. clear spantree backuproot sid Syntax Description sid Specifies the Spanning Tree on which to reset the backup root function. Valid values are 0 - 4094. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 483
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.68 show spantree backuproottrapendable Use this command to display the state of the Spanning Tree backup root trap function. show spantree backuproottrapenable Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only.
PAGE 484
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.69 set spantree backuproottrapenable Use this command to enable or disable the Spanning Tree backup root trap function. When SNMP trap messageing is configured, this sends a trap message when the back up root function makes a Spanning Tree the new root of the network. set spantree backuproottrapenable {enable | disable} Syntax Description enable | disable Enables or disables the backup root trap function.
PAGE 485
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.70 clear spantree backuproottrapenable Use this command to resets the Spanning Tree backup root trap function to the default state of disabled. clear spantree backuproottrapenable. Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 486
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.71 show spantree newroottrapendable Use this command to display the state of the Spanning Tree new root trap function. show spantree newroottrapenable Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only.
PAGE 487
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.72 set spantree newroottrapenable Use this command to enable or disable the Spanning Tree new root trap function. When SNMP trap messaging is configured, this sends a trap message when a Spanning Tree becomes the new root of the network. set spantree newroottrapenable {enable | disable} Syntax Description enable | disable Enables or disables the backup root trap function. Command Defaults None.
PAGE 488
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.73 clear spantree newroottrapenable Use this command to reset the Spanning Tree new root trap function back to the default state of enabled. clear spantree newroottrapenable Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 489
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.74 clear spantree default Use this command to restore default values to a Spanning Tree. clear spantree default [sid] Syntax Description sid (Optional) Restores defaults on a specific Spanning Tree. Valid values are 0 - 4094. If not specified, SID 0 is assumed. Command Defaults If sid is not specified, defaults will be restored on Spanning Tree 0. Command Type Switch command. Command Mode Read-Write.
PAGE 490
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.75 show spantree debug Use this command to display Spanning Tree debug counters for one or more ports. show spantree debug [port port-string] [sid sid] [active] Syntax Description port port-string (Optional) Displays debug counters for specific port(s). For a detailed description of possible port-string values, refer to Section 3.1.1.
PAGE 491
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters Example This example shows how to display Spanning Tree debug counters for link aggregation port 3, SID 0: Matrix(rw)->show spantree debug port lag.0.
PAGE 492
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.76 clear spantree debug Use this command to clear Spanning Tree debug counters. clear spantree debug Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 493
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Port Parameters 5.2.
PAGE 494
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Port Parameters • show spantree adminedge (Section 5.2.2.19) • set spantree adminedge (Section 5.2.2.20) • clear spantree adminedge (Section 5.2.2.21) • show spantree operedge (Section 5.2.2.22) • show spantree adminpoint (Section 5.2.2.23) • show spantree operpoint (Section 5.2.2.24) • set spantree adminpoint (Section 5.2.2.25) • clear spantree adminpoint (Section 5.2.2.
PAGE 495
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Port Parameters 5.2.2.1 show spantree portenable Use this command to display the port status on one or more Spanning Tree ports. show spantree portenable [port port-string] Syntax Description port port-string (Optional) Displays status for specific port(s). For a detailed description of possible port-string values, refer to Section 3.1.1. Command Defaults If port-string is not specified, status will be displayed for all ports.
PAGE 496
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Port Parameters 5.2.2.2 set spantree portenable Use this command to set the port status on one or more Spanning Tree ports. set spantree portenable port-string {enable | disable} Syntax Description port-string Specifies the port(s) to enable or disable. For a detailed description of possible port-string values, refer to Section 3.1.1. enable | disable Enables or disables the Spanning Tree port. Command Defaults None.
PAGE 497
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Port Parameters 5.2.2.3 clear spantree portenable Use this command to reset the default value for one or more Spanning Tree ports to enabled. clear spantree portenable port-string Syntax Description port-string Specifies port(s) to reset. For a detailed description of possible port-string values, refer to Section 3.1.1. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 498
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Port Parameters 5.2.2.4 show spantree portadmin Use this command to display the status of the Spanning Tree algorithm on one or more ports. show spantree portadmin [port port-string] Syntax Description port port-string (Optional) Displays status for specific port(s). For a detailed description of possible port-string values, refer to Section 3.1.1.
PAGE 499
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Port Parameters 5.2.2.5 set spantree portadmin Use this command to disable or enable the Spanning Tree algorithm on one or more ports. set spantree portadmin port-string {disable | enable} Syntax Description port-string Specifies the port(s) for which to enable or disable Spanning Tree. For a detailed description of possible port-string values, refer to Section 3.1.1. disable | enable Disables or enables Spanning Tree.
PAGE 500
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Port Parameters 5.2.2.6 clear spantree portadmin Use this command to reset the default Spanning Tree admin status to enable on one or more ports. clear spantree portadmin port-string Syntax Description port-string Resets the default admin status on specific port(s). For a detailed description of possible port-string values, refer to Section 3.1.1. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 501
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Port Parameters 5.2.2.7 set spantree protomigration Use this command to reset the protocol state migration machine for one or more Spanning Tree ports. When operating in RSTP mode, this forces a port to transmit MSTP BPDUs. set spantree protomigration port-string true Syntax Description port-string Specifies the port(s) for which protocol migration mode will be enabled.
PAGE 502
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Port Parameters 5.2.2.8 show spantree portstate Use this command to display the state (blocking, forwarding, etc.) for a port on one or more Spanning Trees. show spantree portstate [port port-string] [sid sid] Syntax Description port port-string (Optional) Displays the Spanning Tree state for specific Spanning Tree port(s). For a detailed description of possible port-string values, refer to Section 3.1.1.
PAGE 503
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Port Parameters 5.2.2.9 show spantree blockedports Use this command to display the blocked ports in a Spanning Tree. A port in this state does not participate in the transmission of frames, thus preventing duplication arising through multiple paths existing in the active topology of the bridged LAN. It receives Spanning Tree configuration messages, but does not forward packets.
PAGE 504
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Port Parameters 5.2.2.10 show spantree portpri Use this command to show the Spanning Tree priority for one or more ports. Port priority is a component of the port ID, which is one element used in determining Spanning Tree port roles. show spantree portpri [port port-string] [sid sid] Syntax Description port port-string (Optional) Specifies the port(s) for which to display Spanning Tree priority.
PAGE 505
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Port Parameters 5.2.2.11 set spantree portpri Use this command to set a port’s Spanning Tree priority. set spantree portpri port-string priority [sid sid] Syntax Description port-string Specifies the port(s) for which to set Spanning Tree port priority. For a detailed description of possible port-string values, refer to Section 3.1.1. priority Specifies a number that represents the priority of a link in a Spanning Tree bridge.
PAGE 506
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Port Parameters 5.2.2.12 clear spantree portpri Use this command to reset the bridge priority of a Spanning Tree port to a default value of 128. clear spantree portpri port-string [sid sid] Syntax Description port-string Specifies the port(s) for which to set Spanning Tree port priority. For a detailed description of possible port-string values, refer to Section 3.1.1.
PAGE 507
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Port Parameters 5.2.2.13 set spantree porthello Use this command to set the hello time for one or more Spanning Tree ports. This is the time interval (in seconds) the port(s) will transmit BPDUs. set spantree porthello port-string interval NOTE: This command can be executed only if bridge hello mode is disabled. For information on using the set spantree bridgehellomode command, refer to Section 5.2.1.28.
PAGE 508
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Port Parameters 5.2.2.14 clear spantree porthello Use this command to reset the hello time for one or more Spanning Tree ports to the default of 2 seconds. clear spantree porthello port-string Syntax Description port-string Specifies the port(s) for which to reset hello time. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 509
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Port Parameters 5.2.2.15 show spantree portcost Use this command to display cost values assigned to one or more Spanning Tree ports. show spantree portcost [port port-string] [sid sid] Syntax Description port port-string (Optional) Displays cost values for specific port(s). For a detailed description of possible port-string values, refer to Section 3.1.1.
PAGE 510
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Port Parameters 5.2.2.16 show spantree adminpathcost Use this command to display the admin path cost for a port on one or more Spanning Trees. show spantree adminpathcost [port port-string] [sid sid] Syntax Description port port-string (Optional) Displays the admin path cost value for specific port(s). For a detailed description of possible port-string values, refer to Section 3.1.1.
PAGE 511
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Port Parameters 5.2.2.17 set spantree adminpathcost Use this command to set the administrative path cost on a port and one or more Spanning Trees. set spantree adminpathcost port-string cost [sid sid] NOTE: By default, this value is set to 0, which forces the port to recalculate Spanning Tree path cost based on the speed of the port and whether or not legacy path cost is enabled.
PAGE 512
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Port Parameters 5.2.2.18 clear spantree adminpathcost Use this command to reset the Spanning Tree default value for port admin path cost to 0. clear spantree adminpathcost port-string [sid sid] Syntax Description port-string Specifies the port(s) for which to reset admin path cost. For a detailed description of possible port-string values, refer to Section 3.1.1.
PAGE 513
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Port Parameters 5.2.2.19 show spantree adminedge Use this command to display the edge port administrative status for a port. show spantree adminedge [port port-string] Syntax Description port-string (Optional) Displays edge port administrative status for specific port(s). For a detailed description of possible port-string values, refer to Section 3.1.1.
PAGE 514
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Port Parameters 5.2.2.20 set spantree adminedge Use this command to set the edge port administrative status on a Spanning Tree port. set spantree adminedge port-string {true | false} Syntax Description port-string Specifies the edge port. For a detailed description of possible port-string values, refer to Section 3.1.1. true | false Enables (true) or disables (false) the specified port as a Spanning Tree edge port.
PAGE 515
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Port Parameters 5.2.2.21 clear spantree adminedge Use this command to reset a Spanning Tree port to non-edge status. clear spantree adminedge port-string Syntax Description port-string Specifies port(s) on which to reset edge port status. For a detailed description of possible port-string values, refer to Section 3.1.1. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 516
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Port Parameters 5.2.2.22 show spantree operedge Use this command to display the Spanning Tree edge port operating status for a port. show spantree operedge [port port-string] Syntax Description port port-string (Optional) Displays edge port operating status for specific port(s). For a detailed description of possible port-string values, refer to Section 3.1.1.
PAGE 517
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Port Parameters 5.2.2.23 show spantree adminpoint Use this command to display the administrative point-to-point status of the LAN segment attached to a Spanning Tree port. show spantree adminpoint [port port-string] Syntax Description port port-string (Optional) Displays point-to-point status for specific port(s). For a detailed description of possible port-string values, refer to Section 3.1.1.
PAGE 518
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Port Parameters 5.2.2.24 show spantree operpoint Use this command to display the operating point-to-point status of the LAN segment attached to a port. show spantree operpoint [port port-string] Syntax Description port port-string (Optional) Displays point-to-point operating status for specific port(s). For a detailed description of possible port-string values, refer to Section 3.1.1.
PAGE 519
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Port Parameters 5.2.2.25 set spantree adminpoint Use this command to set the administrative point-to-point status of the LAN segment attached to a Spanning Tree port. set spantree adminpoint port-string {true | false | auto} Syntax Description port-string Specifies the port on which to set point-to-point protocol status. For a detailed description of possible port-string values, refer to Section 3.1.1.
PAGE 520
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Port Parameters 5.2.2.26 clear spantree adminpoint Use this command to reset the administrative point-to-point status of the LAN segment attached to a Spanning Tree port to auto mode. clear spantree adminpoint port-string Syntax Description port-string Specifies port(s) on which to reset point-to-point protocol status. For a detailed description of possible port-string values, refer to Section 3.1.1. Command Defaults None.
PAGE 521
6 802.1Q VLAN Configuration This chapter describes the Matrix system’s capabilities to implement 802.1Q virtual LANs (VLANs). It documents how to: • Create, enable, disable and name a VLAN. • Review status and other information related to VLANs. • Assign ports to a VLAN and filter unwanted frames on one or more ports • Assign a VLAN to a MIB-II interface in order to view statistics for the VLAN • Use GVRP (GARP VLAN Registration Protocol) to control and propagate VLAN knowledge through the network.
PAGE 522
Process Overview: 802.1Q VLAN Configuration Port String Syntax Used in the CLI 6.1.2 Port String Syntax Used in the CLI For information on how to designate port numbers in the CLI syntax, refer to Section 3.1.1. 6.2 PROCESS OVERVIEW: 802.1Q VLAN CONFIGURATION Use the following steps as a guide to configure VLANs on the device (refer to the associated section in parentheses): 1. Review existing VLANs (Section 6.3.1) 2. Create and name VLANs (Section 6.3.2) 3.
PAGE 523
VLAN Configuration Command Set Reviewing Existing VLANs 6.3 6.3.1 VLAN CONFIGURATION COMMAND SET Reviewing Existing VLANs Purpose To display a list of VLANs currently configured on the device, to determine how one or more VLANs were created, the ports allowed and disallowed to transmit traffic belonging to VLAN(s), and if those ports will transmit the traffic with a VLAN tag included. Command The command needed to review existing VLANs is listed below and described in the associated section as shown.
PAGE 524
VLAN Configuration Command Set Reviewing Existing VLANs 6.3.1.1 show vlan Use this command to display all information related to one or more VLANs. show vlan [static] [vlan-list] Syntax Description static (Optional) Displays information related to static VLANs. Static VLANs are manually created using the set vlan command (Section 6.3.2.1), SNMP MIBs, or the WebView management application. The default VLAN, VLAN 1, is always statically configured and can’t be deleted.
PAGE 525
VLAN Configuration Command Set Reviewing Existing VLANs Example This example shows how to display information for VLAN 1. In this case, VLAN 1 is named “DEFAULT VLAN” and it is enabled to operate. Ports allowed to transmit frames belonging to VLAN 1 are listed as egress ports. Ports that won’t include a VLAN tag in their transmitted frames are listed as untagged ports.
PAGE 526
VLAN Configuration Command Set Creating and Naming Static VLANs 6.3.2 Creating and Naming Static VLANs Purpose To create a new static VLAN, or to enable or disable existing VLAN(s). Commands The commands used to create and name static VLANs are listed below and described in the associated section as shown. • set vlan (Section 6.3.2.1) • set vlan name (Section 6.3.2.2) • clear vlan (Section 6.3.2.3) • clear vlan name (Section 6.3.2.
PAGE 527
VLAN Configuration Command Set Creating and Naming Static VLANs 6.3.2.1 set vlan Use this command to create a new static IEEE 802.1Q VLAN, or to enable or disable an existing VLAN. Once a VLAN is created, you can assign it a name using the set vlan name command described in Section 6.3.2.2. NOTES: Each VLAN ID must be unique. If a duplicate VLAN ID is entered, the device assumes that the Administrator intends to modify the existing VLAN. Enter the VLAN ID using a unique number between 2 and 4094.
PAGE 528
VLAN Configuration Command Set Creating and Naming Static VLANs 6.3.2.2 set vlan name Use this command to set or change the ASCII name for a new or existing VLAN. set vlan name vlan-list vlan-name Syntax Description vlan-list Specifies the VLAN ID of the VLAN(s) to be named. vlan-name Specifies the string used as the name of the VLAN (1 to 32 characters). Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 529
VLAN Configuration Command Set Creating and Naming Static VLANs 6.3.2.3 clear vlan Use this command to remove a static VLAN from the list of VLANs recognized by the device. clear vlan vlan-list Syntax Description vlan-list Specifies the VLAN ID of the VLAN(s) to be removed. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 530
VLAN Configuration Command Set Creating and Naming Static VLANs 6.3.2.4 clear vlan name Use this command to remove the name of a VLAN from the VLAN list. clear vlan name vlan-list Syntax Description vlan-list Specifies the VLAN ID of the VLAN(s) for which the name will be cleared. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 531
VLAN Configuration Command Set Assigning Port VLAN IDs (PVIDs) and Ingress Filtering 6.3.3 Assigning Port VLAN IDs (PVIDs) and Ingress Filtering About PVIDs and Policy Classification to a VLAN Port VLAN IDs (PVIDs) assign VLAN IDs to untagged frames on one or more ports. Using the set port vlan command as described in Section 6.3.3.2, you can, for example, assign ports 1, 5, 8, and 9 to VLAN 3. Untagged frames received on those ports will be assigned to VLAN 3.
PAGE 532
VLAN Configuration Command Set Assigning Port VLAN IDs (PVIDs) and Ingress Filtering • show port discard (Section 6.3.3.9) • set port discard (Section 6.3.3.10) • clear port discard (Section 6.3.3.
PAGE 533
VLAN Configuration Command Set Assigning Port VLAN IDs (PVIDs) and Ingress Filtering 6.3.3.1 show port vlan Use this command to display port VLAN identifier (PVID) information. PVID determines the VLAN to which all untagged frames received on one or more ports will be classified. show port vlan [port-string] Syntax Description port-string (Optional) Displays PVID information for specific port(s). For a detailed description of possible port-string values, refer to Section 3.1.1.
PAGE 534
VLAN Configuration Command Set Assigning Port VLAN IDs (PVIDs) and Ingress Filtering 6.3.3.2 set port vlan Use this command to configure the PVID (port VLAN identifier) for one or more ports. The PVID is used to classify untagged frames as they ingress into a given port. If the specified VLAN has not already been created, this command will create it. It will prompt the user to add the VLAN to the port’s egress list as untagged, and remove the default VLAN from the port’s egress list.
PAGE 535
VLAN Configuration Command Set Assigning Port VLAN IDs (PVIDs) and Ingress Filtering Example This example shows how to add fe.1.10 to the port VLAN list of VLAN 4 (PVID 4). Since VLAN 4 is a new VLAN, it is created. Then port fe.1.10 is added to VLAN 4’s untagged egress list, and is cleared from the egress list of VLAN 1 (the default VLAN): Matrix(rw)->set port vlan fe.1.10 4 Matrix(rw)->set vlan 4 create Matrix(rw)->set vlan egress 4 fe.1.10 untagged Matrix(rw)->clear vlan egress 1 fe.1.
PAGE 536
VLAN Configuration Command Set Assigning Port VLAN IDs (PVIDs) and Ingress Filtering 6.3.3.3 clear port vlan Use this command to reset a port’s 802.1Q port VLAN ID (PVID) to the host VLAN ID 1. clear port vlan port-string Syntax Description port-string Specifies the port(s) to be reset to the host VLAN ID 1. For a detailed description of possible port-string values, refer to Section 3.1.1. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 537
VLAN Configuration Command Set Assigning Port VLAN IDs (PVIDs) and Ingress Filtering 6.3.3.4 show vlan interface Use this command to display the MIB-II interface entry mapped to a VLAN. show vlan interface [vlan-list] Syntax Description vlan-list Displays the MIB2 interface entry for specific VLAN(s). Command Defaults If vlan-list is not specified, MIB2 interface entries will be displayed for all VLANs. Command Type Switch command. Command Mode Read-Only.
PAGE 538
VLAN Configuration Command Set Assigning Port VLAN IDs (PVIDs) and Ingress Filtering 6.3.3.5 set vlan interface Use this command to create, disable or enables a MIB-II interface mapped to a VLAN. set vlan interface vlan-list {create | disable | enable} [volatile] Syntax Description vlan-list Specifies the VLAN(s) for which an interface entry will be created, disabled or enabled. create | disable | enable Creates, disables or enables an interface entry.
PAGE 539
VLAN Configuration Command Set Assigning Port VLAN IDs (PVIDs) and Ingress Filtering 6.3.3.6 clear vlan interface Use this command to clear the MIB-II interface entry mapped to a VLAN. clear vlan interface vlan-list Syntax Description vlan-list Specifies the VLAN(s) for which an interface entry will be cleared. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 540
VLAN Configuration Command Set Assigning Port VLAN IDs (PVIDs) and Ingress Filtering 6.3.3.7 show port ingress filter Use this command to show all ports that are enabled for port ingress filtering, which limits incoming VLAN ID frames according to a port VLAN egress list. If the VLAN ID specified in the received frame is not on the port’s VLAN egress list, then that frame is dropped and not forwarded.
PAGE 541
VLAN Configuration Command Set Assigning Port VLAN IDs (PVIDs) and Ingress Filtering 6.3.3.8 set port ingress filter Use this command to discard all frames received with a VLAN ID that don’t match the port’s VLAN egress list. When ingress filtering is enabled on a port, the VLAN IDs of incoming frames are compared to the port’s egress list. If the received VLAN ID does not match a VLAN ID on the port’s egress list, then the frame is dropped. Ingress filtering is implemented according to the IEEE 802.
PAGE 542
VLAN Configuration Command Set Assigning Port VLAN IDs (PVIDs) and Ingress Filtering 6.3.3.9 show port discard Use this command to display the frame discard mode for one or more ports. Ports can be set to discard frames based on whether or not they contain a VLAN tag. They can also be set to discard both frame types or none of the frames received. show port discard [port-string] Syntax Description port-string (Optional) Displays the frame discard mode for specific port(s).
PAGE 543
VLAN Configuration Command Set Assigning Port VLAN IDs (PVIDs) and Ingress Filtering 6.3.3.10 set port discard Use this command to set the frame discard mode on one or more ports. set port discard port-string {tagged | untagged | none | both} Syntax Description port-string Specifies the port(s) for which to set frame discard mode. For a detailed description of possible port-string values, refer to Section 3.1.1.
PAGE 544
VLAN Configuration Command Set Assigning Port VLAN IDs (PVIDs) and Ingress Filtering 6.3.3.11 clear port discard Use this command to reset the frame discard mode to the factory default setting (none). clear port discard port-string Syntax Description port-string Specifies the port(s) for which to reset frame discard mode. For a detailed description of possible port-string values, refer to Section 3.1.1. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 545
VLAN Configuration Command Set Configuring the VLAN Egress List 6.3.4 Configuring the VLAN Egress List Purpose To assign or remove ports on the egress list of a particular VLAN. This determines which ports will be eligible to transmit frames for a particular VLAN. For example, ports 1, 5, 9, 8 could be assigned to transmit frames belonging to VLAN 5 (VLAN ID=5). The port egress type for all ports defaults to tagging transmitted frames, but can be changed to forbidden or untagged.
PAGE 546
VLAN Configuration Command Set Configuring the VLAN Egress List 6.3.4.1 show port egress Use this command to display the VLAN membership for one or more ports. show port egress [port-string] Syntax Description port-string (Optional) Displays VLAN membership for specific port(s). For a detailed description of possible port-string values, refer to Section 3.1.1. Command Defaults If port-string is not specified, VLAN membership will be displayed for all ports. Command Type Switch command.
PAGE 547
VLAN Configuration Command Set Configuring the VLAN Egress List 6.3.4.2 set vlan egress Use this command to add ports to the VLAN egress list for the device, or to prevent one or more ports from participating in a VLAN. This determines which ports will transmit frames for a particular VLAN. set vlan egress vlan-list port-string [untagged | forbidden | tagged] Syntax Description vlan-list Specifies the VLAN where a port(s) will be added to the egress list.
PAGE 548
VLAN Configuration Command Set Configuring the VLAN Egress List This example shows how to forbid Fast Ethernet ports 13 through 15 in module 1 from joining VLAN 7 and disallow egress on those ports: Matrix(rw)->set vlan egress 7 fe.1.13-15 forbidden This example shows how to allow Fast Ethernet port 2 in module 1 to transmit VLAN 7 frames as untagged: Matrix(rw)->set vlan egress 7 fe.1.
PAGE 549
VLAN Configuration Command Set Configuring the VLAN Egress List 6.3.4.3 clear vlan egress Use this command to remove ports from a VLAN’s egress list. clear vlan egress vlan-list port-string [forbidden] Syntax Description vlan-list Specifies the number of the VLAN from which a port(s) will be removed from the egress list. port-string Specifies one or more ports to be removed from the VLAN egress list of the specified vlan-list.
PAGE 550
VLAN Configuration Command Set Configuring the VLAN Egress List 6.3.4.4 show vlan dynamic egress Use this command to display which VLANs are currently enabled for VLAN dynamic egress. show vlan dynamicegress [vlan-list] Syntax Description vlan-list (Optional) Displays dynamic egress status for specific VLAN(s). Command Defaults If vlan-list is not specified, status for all VLANs where dynamic egress is enabled will be displayed. Command Type Switch command. Command Mode Read-Only.
PAGE 551
VLAN Configuration Command Set Configuring the VLAN Egress List 6.3.4.5 set vlan dynamicegress Use this command to set the administrative status of one or more VLANs’ dynamic egress capability. If VLAN dynamic egress is enabled, the device will add the port receiving a tagged frame to the VLAN egress list of the port according to the frame VLAN ID.
PAGE 552
VLAN Configuration Command Set Creating a Secure Management VLAN 6.3.5 Creating a Secure Management VLAN If the Matrix Series device is to be configured for multiple VLAN’s, it may be desirable to configure a management-only VLAN. This allows a station connected to the management VLAN to manage the device. It also makes management secure by preventing configuration via ports assigned to other VLANs. To create a secure management VLAN, you must: 1. Create a new VLAN. (Section 6.3.2.1) 2.
PAGE 553
VLAN Configuration Command Set Enabling/Disabling GVRP (GARP VLAN Registration Protocol) Table 6-3 Command Set for Creating a Secure Management VLAN (Continued) To do this... Use these commands... Set a private community name and access policy and confirm settings. set snmp community private (Section 4.3.2.8) 6.3.6 (Optional) show snmp community (Section 4.3.2.7) Enabling/Disabling GVRP (GARP VLAN Registration Protocol) Purpose To dynamically create VLANs across a switched network.
PAGE 554
VLAN Configuration Command Set Enabling/Disabling GVRP (GARP VLAN Registration Protocol) Figure 6-1 Example of VLAN Propagation via GVRP Switch 3 Switch 2 1H152-51 1H152-51 2 4 6 8 10 12 14 16 18 20 22 24 26 28 30 32 34 36 38 40 42 44 46 48 1 3 5 7 9 11 13 15 17 19 21 23 25 27 29 31 33 35 37 39 41 43 45 47 2 4 6 8 10 12 14 16 18 20 22 24 26 28 30 32 34 36 38 40 42 44 46 48 1 3 5 7 9 11 13 15 17 19 21 23 25 27 29 31
PAGE 555
VLAN Configuration Command Set Enabling/Disabling GVRP (GARP VLAN Registration Protocol) Commands The commands used to configure GVRP are listed below and described in the associated section as shown. • show gvrp (Section 6.3.6.1) • show garp timer (Section 6.3.6.2) • set gvrp (Section 6.3.6.3) • clear gvrp (Section 6.3.6.4) • set garp timer (Section 6.3.6.5) • clear garp timer (Section 6.3.6.
PAGE 556
VLAN Configuration Command Set Enabling/Disabling GVRP (GARP VLAN Registration Protocol) 6.3.6.1 show gvrp Use this command to display GVRP configuration information. show gvrp [port-string] Syntax Description port-string (Optional) Displays GVRP configuration information for specific port(s). For a detailed description of possible port-string values, refer to Section 3.1.1. Command Defaults If port-string is not specified, GVRP configuration information will be displayed for all ports and the device.
PAGE 557
VLAN Configuration Command Set Enabling/Disabling GVRP (GARP VLAN Registration Protocol) Table 6-4 show gvrp Output Details (Continued) Output What It Displays... GVRP status Whether GVRP is enabled or disabled on the port. Last PDU Origin MAC address of the last GVRP frame received on the port.
PAGE 558
VLAN Configuration Command Set Enabling/Disabling GVRP (GARP VLAN Registration Protocol) 6.3.6.2 show garp timer Use this command to display GARP timer values for one or more ports. show garp timer [port-string] Syntax Description port-string (Optional) Displays GARP timer information for specific port(s). For a detailed description of possible port-string values, refer to Section 3.1.1. Command Defaults If port-string is not specified, GARP timer information will be displayed for all ports.
PAGE 559
VLAN Configuration Command Set Enabling/Disabling GVRP (GARP VLAN Registration Protocol) Matrix(rw)->show garp timer fe.1.1-10 Port based GARP Configuration: (Timer units are centiseconds) Port Number Join Leave Leaveall ----------- ---------- ---------- ---------fe.1.1 20 60 1000 fe.1.2 20 60 1000 fe.1.3 20 60 1000 fe.1.4 20 60 1000 fe.1.5 20 60 1000 fe.1.6 20 60 1000 fe.1.7 20 60 1000 fe.1.8 20 60 1000 fe.1.9 20 60 1000 fe.1.10 20 60 1000 Table 6-5 provides an explanation of the command output.
PAGE 560
VLAN Configuration Command Set Enabling/Disabling GVRP (GARP VLAN Registration Protocol) 6.3.6.3 set gvrp Use this command to enable or disable GVRP globally on the device or on one or more ports. set gvrp {enable | disable} [port-string] Syntax Description disable | enable Disables or enables GVRP on the device. port-string (Optional) Disables or enables GVRP on specific port(s). For a detailed description of possible port-string values, refer to Section 3.1.1.
PAGE 561
VLAN Configuration Command Set Enabling/Disabling GVRP (GARP VLAN Registration Protocol) 6.3.6.4 clear gvrp Use this command to clear GVRP status or on one or more ports. clear gvrp [port-string] Syntax Description port-string (Optional) Clears GVRP status on specific port(s). For a detailed description of possible port-string values, refer to Section 3.1.1. Command Defaults If port-string is not specified, GVRP status will be cleared for all ports. Command Type Switch command. Command Mode Read-Write.
PAGE 562
VLAN Configuration Command Set Enabling/Disabling GVRP (GARP VLAN Registration Protocol) 6.3.6.5 set garp timer Use this command to adjust the values of the join, leave, and leaveall timers. set garp timer {[join timer-value] [leave timer-value] [leaveall timer-value]} port-string NOTE: The setting of these timers is critical and should only be changed by personnel familiar with the 802.1Q standards documentation, which is not supplied with this device.
PAGE 563
VLAN Configuration Command Set Enabling/Disabling GVRP (GARP VLAN Registration Protocol) This example shows how to set the leaveall timer value to 20000 centiseconds for all ports: Matrix(rw)->set garp timer leaveall 20000 *.*.
PAGE 564
VLAN Configuration Command Set Enabling/Disabling GVRP (GARP VLAN Registration Protocol) 6.3.6.6 clear garp timer Use this command to reset GARP timers back to default values. clear garp timer {[join] [leave] [leaveall]} port-string Syntax Description join (Optional) Resets the join timer to 20 centiseconds. leave (Optional) Resets the leave timer to 60 centiseconds. leaveall (Optional) Resets the leaveall timer to 1000 centiseconds.
PAGE 565
7 Policy Classification Configuration This chapter describes the Policy Classification set of commands and how to use them. NOTE: It is recommended that you use Enterasys Networks NetSight Atlas Policy Manager as an alternative to CLI for configuring policy classification on the Matrix Series devices. 7.
PAGE 566
Process Overview: Policy Classification Configuration Configuring Policy Profiles 7.2 PROCESS OVERVIEW: POLICY CLASSIFICATION CONFIGURATION Use the following steps as a guide to configure policy classification on the device: 1. Configuring policy profiles (Section 7.3.1) 2. Assigning classification rules to policy profiles (Section 7.3.2) 3. Configuring policy-based Class of Service (CoS) (Section 7.3.3) 7.3 7.3.
PAGE 567
Policy Classification Configuration Command Set Configuring Policy Profiles 7.3.1.1 show policy profile Use this command to display policy profile information. show policy profile {all | profile-index [consecutive-pids] [-verbose]} Syntax Description all | profile-index Displays policy information for all profile indexes or a specific profile index. consecutive-pids (Optional) Displays information for specified consecutive profile indexes. -verbose (Optional) Displays detailed information.
PAGE 568
Policy Classification Configuration Command Set Configuring Policy Profiles Table 7-1 provides an explanation of the command output. Table 7-1 show policy profile Output Details Output What It Displays... Profile Index Number of the prolicy profile. Profile Name User-supplied name assigned to this policy profile. Row Status Whether or not the policy profile is enabled (active) or disabled. Port VID Status Whether or not PVID override is enabled or disabled for this policy profile.
PAGE 569
Policy Classification Configuration Command Set Configuring Policy Profiles 7.3.1.2 set policy profile Use this command to create a policy profile entry. set policy profile profile-index [name name] [pvid-status {enable | disable}] [pvid pvid] [cos-status {enable | disable}] [cos cos] [egress-vlans egress-vlans] [forbidden-vlans forbidden-vlans] [untagged-vlans untagged-vlans] [append] [clear] Syntax Description profile-index Specifies an index number for the policy profile. Valid values are 1 - 1023.
PAGE 570
Policy Classification Configuration Command Set Configuring Policy Profiles untagged-vlans untagged-vlans (Optional) Specifies that the port to which this policy profile is applied should be added to the egress list of the VLANs defined by untagged-vlans. Packets will be formatted as untagged. append (Optional) Appends this policy profile setting to settings previously specified for this policy profile by the egress-vlans, forbidden-vlans, or untagged-vlans parameters.
PAGE 571
Policy Classification Configuration Command Set Configuring Policy Profiles 7.3.1.3 clear policy profile Use this command to delete a policy profile entry. clear policy profile profile-index Syntax Description profile-index Specifies the index number of the policy profile entry to be deleted. Valid values are 1 to 1023. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 572
Policy Classification Configuration Command Set Configuring Policy Profiles 7.3.1.4 show policy invalid Displays information about the action the device will apply on an invalid or unknown policy. show policy invalid {action | count | all} Syntax Description action | count | all Shows the action the device should take if asked to apply an invalid or unknown policy, or the number of times the device has detected an invalid/unknown policy, or both action and count information. Command Defaults None.
PAGE 573
Policy Classification Configuration Command Set Configuring Policy Profiles 7.3.1.5 set policy invalid action Use this command to assign the action the device will apply to an invalid or unknown policy. set policy invalid action {default-policy | drop | forward} Syntax Description default-policy Instructs the device to ignore this result and search for the next policy assignment rule. drop Instructs the device to block traffic.
PAGE 574
Policy Classification Configuration Command Set Configuring Policy Profiles 7.3.1.6 clear policy invalid action Use this command to reset the action the device will apply to an invalid or unknown policy to the default action of applying the default policy. clear policy invalid action Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 575
Policy Classification Configuration Command Set Assigning Classification Rules to Policy Profiles 7.3.2 Assigning Classification Rules to Policy Profiles Purpose To review, assign and unassign classification and admin rules. Classification rules map policy profiles to protocol-based frame filtering policies configured for a particular VLAN or Class of Service (CoS). Admin rules assign policy profiles to incoming traffic.
PAGE 576
Policy Classification Configuration Command Set Assigning Classification Rules to Policy Profiles 7.3.2.1 show policy rule Use this command to display policy classification and admin rule information.
PAGE 577
Policy Classification Configuration Command Set Assigning Classification Rules to Policy Profiles data (Not required for ipfrag classification.) Displays rules for a predefined classifier. This value is dependent on the classification type entered. Refer to Table 7-3 for valid values for each classification type. mask mask (Optional) Displays rules for a specific data mask. Refer to Table 7-3 for valid values for each classification type and data value.
PAGE 578
Policy Classification Configuration Command Set Assigning Classification Rules to Policy Profiles Examples This example shows how to display policy classification information for Ethernet type 2 rules: Matrix(rw)->show policy rule ether |PID |Rule Type |Rule Data | 1 |Ether |32923 (0x809B) | 1 |Ether |33011 (0x80F3) | 1 |Ether |33079 (0x8137) | 1 |Ether |33080 (0x8138) | 1 |Ether |33276 (0x81FC) | 2 |Ether |32923 (0x809B) | 2 |Ether |33011 (0x80F3) | 2 |Ether |33079 (0x8137) |Mk|PortStr |16|All |16|All |1
PAGE 579
Policy Classification Configuration Command Set Assigning Classification Rules to Policy Profiles Table 7-2 show policy rule Output Details (Continued) Output What It Displays... PortStr Ingress port(s) to which this rule applies. RS Whether or not the status of this rule is active (A), not in service or not ready. ST Whether or not this rule’s storage type is non-volatile (NV) or volatile (V).
PAGE 580
Policy Classification Configuration Command Set Assigning Classification Rules to Policy Profiles 7.3.2.2 show policy capability Use this command to display all policy classification capabilities supported by your Matrix Series device. The output of this command shows a table listing classifiable traffic attributes and the type of actions, by rule type, that can be executed relative to each attribute. Above the table is a list of all the actions possible on this device.
PAGE 581
Policy Classification Configuration Command Set Assigning Classification Rules to Policy Profiles Matrix(rw)->show policy capability The following supports related to policy are supported in this device: VLAN Forwarding Priority Permit Deny TCI Overwrite Rule-Use Notification Rules Table Rule-Use Accounting Longest Prefix Rules Port Disable Action ============================================================= | | D | | | | | F | | | D | | | Y | | | | | O | S | | I | | | N | A | | | | R | Y | | S | | | A | D
PAGE 582
Policy Classification Configuration Command Set Assigning Classification Rules to Policy Profiles 7.3.2.3 set policy classify Use this command to assign incoming untagged frames to a specific policy profile, classification and to VLAN or Class-of-Service classification rules.
PAGE 583
Policy Classification Configuration Command Set Assigning Classification Rules to Policy Profiles tcpportsource TCP port source - (0 - 65535) tcpportdest TCP port destination - (0 - 65535) macsource Classifies based on MAC source address. macdest Classifies based on MAC destination address. ipfrag Classifies based on IP fragmentation value. port Classifies based on port-string.
PAGE 584
Policy Classification Configuration Command Set Assigning Classification Rules to Policy Profiles 7.3.2.4 set policy rule Use this command to assign incoming untagged frames to a specific policy profile and to VLAN or Class-of-Service classification rules.
PAGE 585
Policy Classification Configuration Command Set Assigning Classification Rules to Policy Profiles tcpsourceport Classifies based on TCP source port . udpdestport Classifies based on UDP destination port . udpsourceport Classifies based on UDP source port . data (Not required for ipfrag classification.) Specifies the code for a predefined classifier. This value is dependent on the classification type entered. Refer to Table 7-3 for valid values for each classification type.
PAGE 586
Policy Classification Configuration Command Set Assigning Classification Rules to Policy Profiles • If port-string is not specified, rule will be scoped to all ports. Command Type Switch command. Command Mode Read-Write. Examples This example shows how to use Table 7-3 to create (and enable) a classification rule to associate with policy number 1.
PAGE 587
Policy Classification Configuration Command Set Assigning Classification Rules to Policy Profiles Table 7-3 Valid Values for Policy Classification Rules (Continued) Classification Rule Parameter data value mask bits ipfrag Not applicable. Not applicable.
PAGE 588
Policy Classification Configuration Command Set Assigning Classification Rules to Policy Profiles 7.3.2.5 clear policy rule Use this command to delete one or all policy classification rule entries.
PAGE 589
Policy Classification Configuration Command Set Assigning Classification Rules to Policy Profiles all-traffic-entries | data (Optional) Deletes all entries associated with this traffic rule or a specific data value entry. Refer to Table 7-3 for valid values for each classification type. mask mask (Optional) Deletes associated data mask. Refer to Table 7-3 for valid values for each classification type and data value.
PAGE 590
Policy Classification Configuration Command Set Assigning Classification Rules to Policy Profiles 7.3.2.6 clear policy all-rules Use this command to remove all admin and classification rules. clear policy all-rules Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 591
Policy Classification Configuration Command Set Assigning Classification Rules to Policy Profiles 7.3.2.7 set policy port Use this command to assign an administrative rule to a port. NOTE: The set policy rule command (Section 7.3.2.4) used with the admin-profile parameter will associate a classification rule with a policy profile index number, thus making an administrative rule.
PAGE 592
Policy Classification Configuration Command Set Assigning Classification Rules to Policy Profiles 7.3.2.8 show policy allowed-type Use this command to display a list of currently supported traffic rules applied to the admininstrative profile for one or more ports. show policy allowed-type port-string [-verbose] Syntax Description port-string Specifies port(s) for which to display traffic rules. -verbose (Optional) Displays detailed information.
PAGE 593
Policy Classification Configuration Command Set Assigning Classification Rules to Policy Profiles Example This example shows how to show information about policies allowed on port ge.1.5: Matrix(rw)->show policy allowed-type ge.1.
PAGE 594
Policy Classification Configuration Command Set Assigning Classification Rules to Policy Profiles 7.3.2.9 set policy allowed-type Use this command to assign a list of traffic rules that can be applied to the admin profile for one or more ports. set policy allowed-type port-string traffic-rule rule-list [append | clear] Syntax Description port-string Specifies port(s) on which to apply traffic rules. traffic-rule rule-list Specifies traffic rules to be allowed.
PAGE 595
Policy Classification Configuration Command Set Assigning Classification Rules to Policy Profiles 7.3.2.10 clear policy allowed-type Use this command to clear the list of traffic rules currently assigned to the admin profile for one or more ports. This will reassign the default setting, which is all rules are allowed. clear policy allowed-type port-string Syntax Description port-string Specifies port(s) on which to clear traffic rules. Command Defaults None. Command Type Switch command.
PAGE 596
Policy Classification Configuration Command Set Assigning Classification Rules to Policy Profiles 7.3.2.11 clear policy port-hit Use this command to clear rule port hit indications on one or more ports. clear policy port-hit {all | port-list port-list} Syntax Description all | port-list port-list Clears port hit indications on all ports or on one or more specified ports. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 597
Policy Classification Configuration Command Set Configuring Policy Class of Service (CoS) 7.3.3 Configuring Policy Class of Service (CoS) Using Port-Based or Policy-Based CoS Settings NOTE: It is recommended that you use Enterasys Networks NetSight Atlas Policy Manager as an alternative to CLI for configuring policy-based CoS on the Matrix Series devices.
PAGE 598
Policy Classification Configuration Command Set Configuring Policy Class of Service (CoS) You can add to these default configurations by defining new port groupings, and assigning inbound rate limiters or transmit queues and priorities. Whether you are specifying IRL or TXQ parameters, the process for user-defined CoS configuration involves the following steps and associated commands listed in Table 7-4.
PAGE 599
Policy Classification Configuration Command Set Configuring Policy Class of Service (CoS) • show cos unit (Section 7.3.3.4) • show cos port-config (Section 7.3.3.5) • set cos port-config irl (Section 7.3.3.6) • clear cos port-config irl (Section 7.3.3.7) • set cos port-config txq (Section 7.3.3.8) • clear cos port-config txq (Section 7.3.3.9) • show cos port-resource (Section 7.3.3.10) • set cos port-resource irl (Section 7.3.3.11) • clear cos port-resource irl (Section 7.3.3.
PAGE 600
Policy Classification Configuration Command Set Configuring Policy Class of Service (CoS) 7.3.3.1 show cos state Use this command to display the Class of Service enable state. show cos state Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only.
PAGE 601
Policy Classification Configuration Command Set Configuring Policy Class of Service (CoS) 7.3.3.2 set cos state Use this command to enable or disable Class of Service. set cos state{enable | disable} Syntax Description enable | disable Enables or disables Class of Servic.e Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 602
Policy Classification Configuration Command Set Configuring Policy Class of Service (CoS) 7.3.3.3 show cos port-type Use this command to display Class of Service port type configurations. The Matrix Series CoS implementation provides two default port type groupings for designating available rate limiting and transmit queue resources on device modules. Port type 0, which is available only on Matrix DFE-Platinum Series chassis-based modules, designates the DFE Platinum 7G4270-12 module.
PAGE 603
Policy Classification Configuration Command Set Configuring Policy Class of Service (CoS) Example This example shows how to display all Class of Service port type information.
PAGE 604
Policy Classification Configuration Command Set Configuring Policy Class of Service (CoS) Table 7-5 provides an explanation of the command output. Numb Table 7-5 show cos port-type Output Details Output What It Displays... Index Port type index. Port type 0 designates the Matrix Platinum Series 7G4270-12 module, and port type 1 designates all other modules. Port type description Resource-specific text description of the port type.
PAGE 605
Policy Classification Configuration Command Set Configuring Policy Class of Service (CoS) 7.3.3.4 show cos unit Use this command to display Class of Service units of measure information, including rate type, minimum and maximum limits of the port groups, and their respective granularity. show cos unit [irl | txq] [port-type index] Syntax Description irl | txq (Optional) Displays inbound rate limiting or transmit queue information.
PAGE 606
Policy Classification Configuration Command Set Configuring Policy Class of Service (CoS) 7.3.3.5 show cos port-config Use this command to display Class of Service port group configurations. show cos port-config [irl | txq] [group-type-index] Syntax Description irl | txq (Optional) Displays inbound rate limiting or transmit queue information. group-type-index (Optional) Displays information for a specific port group/type index. Valid entries are in the form of group.type.
PAGE 607
Policy Classification Configuration Command Set Configuring Policy Class of Service (CoS) Example This example shows how to show all Class of Service port group configuration information: Matrix(rw)->show cos port-config * Percentage/queue (if any) are approximations based on [(slices/queue) / total number of slices] Transmit Queue Port Configuration Entries ---------------------------------------------------------------------Port Group Name :DFE-P 16Q Port Group :0 Port Type :0 Assigned Ports :ge.1.
PAGE 608
Policy Classification Configuration Command Set Configuring Policy Class of Service (CoS) 7.3.3.6 set cos port-config irl Use this command to set the Class of Service inbound rate limiting port group configuration: set cos port-config irl group-type-index [name name] [ports port-list] [append] | [clear] Syntax Description group-type-index Specifies an inbound rate limiting port group/type index for this entry. Valid entries are in the form of group.type.
PAGE 609
Policy Classification Configuration Command Set Configuring Policy Class of Service (CoS) Example This example shows how to create a CoS inbound rate limiting port group entry named “test irl” with a port group ID of 1 and a port type ID of 1: Matrix(rw)->set cos port-config irl 1.
PAGE 610
Policy Classification Configuration Command Set Configuring Policy Class of Service (CoS) 7.3.3.7 clear cos port-config irl Use this command to clear a non-default Class of Service inbound rate limiting port group configuration: clear cos port-config irl all | group-type-index {[entry] | [name] | [ports]} Syntax Description all | group-type-index Clears all inbound rate limiting non-default configurations, or those for a specific user-defined port group index.
PAGE 611
Policy Classification Configuration Command Set Configuring Policy Class of Service (CoS) 7.3.3.8 set cos port-config txq Use this command to set the Class of Service transmit queue port group configuration: set cos port-config txq group-type-index [name name] [ports port-list] [append] | [clear] Syntax Description group-type-index Specifies a transmit queue port group/type index for this entry. Valid entries are in the form of group.type.
PAGE 612
Policy Classification Configuration Command Set Configuring Policy Class of Service (CoS) Example This example shows how to create a CoS transmit queue port group entry named “test txq” with a port group ID of 2 and a port type ID of 1: Matrix(rw)->set cos port-config txq 2.
PAGE 613
Policy Classification Configuration Command Set Configuring Policy Class of Service (CoS) 7.3.3.9 clear cos port-config txq Use this command to clear one or all non-default Class of Service transmit queue port group configurations: clear cos port-config txq all | group-type-index {entry | name | ports } Syntax Description all | group-type-index Clears all transmit queue port config entries or a specific entry. entry Clears all non-default transmit queue entries.
PAGE 614
Policy Classification Configuration Command Set Configuring Policy Class of Service (CoS) 7.3.3.10 show cos port-resource Use this command to display Class of Service port resource configuration information. show cos port-resource irl group-type-index [resource] [violators] Syntax Description irl | txq (Optional) Displays inbound rate limiting or transmit queue information. group-type-index (Optional) Displays information for a specific port group/type entry.
PAGE 615
Policy Classification Configuration Command Set Configuring Policy Class of Service (CoS) Example This example shows how to show all inbound rate limiting port resource configuration information for port group 0.1: Matrix(rw)->show cos port-resource irl 0.1 '?' after the rate value indicates an invalid rate value Group Index ----------0.1 0.1 0.1 0.1 0.1 0.1 0.1 0.
PAGE 616
Policy Classification Configuration Command Set Configuring Policy Class of Service (CoS) 7.3.3.11 set cos port-resource irl Use this command to configure a Class of Service inbound rate limiting port resource entry.
PAGE 617
Policy Classification Configuration Command Set Configuring Policy Class of Service (CoS) Command Type Switch command. Command Mode Read-Write. Example This example shows how to configure Class of Service port resource IRL entry 0 for port group 0.1 assigning an inbound rate limit of 512 kilobits per second This entry will trigger a Syslog and an SNMP trap message if this rate is exceeded: Matrix(rw)->set cos port-resource irl 0.
PAGE 618
Policy Classification Configuration Command Set Configuring Policy Class of Service (CoS) 7.3.3.12 clear cos port-resource irl Use this command to clear one or all Class of Service inbound rate limiting port resource configurations: clear cos port-resource irl all | group-type-index resource [unit] [rate] [type] [syslog] [trap] [disable-port] [violators port-list] Syntax Description all | group-type-index Clears all inbound rate limiting port resource entries or a specific entry.
PAGE 619
Policy Classification Configuration Command Set Configuring Policy Class of Service (CoS) 7.3.3.13 set cos port-resource txq Use this command to configure a Class of Service transmit queue port resource entry. set cos port-resource txq group-type-index transmit-queue {[unit {percentage | kbps | mbps | gbps}] [rate rate] [algorithm {tail-drop}]} Syntax Description group-type-index Specifies a transmit queue port group/type index for this entry. Valid entries are in the form of group.type.
PAGE 620
Policy Classification Configuration Command Set Configuring Policy Class of Service (CoS) Example This example shows how to configure a Class of Service port resource entry for port group 0.1 assigning 50 percent of the total available inbound bandwidth to transmit queue 7: Matrix(rw)->set cos port-resource txq 0.
PAGE 621
Policy Classification Configuration Command Set Configuring Policy Class of Service (CoS) 7.3.3.14 clear cos port-resource txq Use this command to clear one or all Class of Service transmit queue port resource entry. clear cos port-resource txq all | group-type-index resource[unit] [rate] [algorithm] Syntax Description all | group-type-index Clears all transmit queue port resource entries or a specific entry. resource Specifies a resource entry to be cleared.
PAGE 622
Policy Classification Configuration Command Set Configuring Policy Class of Service (CoS) 7.3.3.15 show cos reference Use this command to display Class of Service port reference information. show cos reference [txq | irl group-type-index [reference]] Syntax Description irl | txq (Optional) Displays inbound rate limiting or transmit queue reference information. group-type-index (Optional) Displays information for a specific port group/type entry.
PAGE 623
Policy Classification Configuration Command Set Configuring Policy Class of Service (CoS) Example This example shows how to show all transmit queue reference configuration information for port group 0.1: Matrix(rw)->show cos reference txq 0.1 Group Index Reference Type Queue ----------- --------- ---- -----------0.1 0 txq 0 0.1 1 txq 0 0.1 2 txq 0 0.1 3 txq 0 0.1 4 txq 1 0.1 5 txq 1 0.1 6 txq 1 0.1 7 txq 1 0.1 8 txq 2 0.1 9 txq 2 0.1 10 txq 2 0.1 11 txq 2 0.1 12 txq 3 0.1 13 txq 3 0.1 14 txq 3 0.
PAGE 624
Policy Classification Configuration Command Set Configuring Policy Class of Service (CoS) 7.3.3.16 set cos reference irl Use this command to set a Class of Service inbound rate limiting reference configuration. set cos reference irl group-type-index reference rate-limit number Syntax Description group-type-index Specifies an inbound rate limiting port group/type index for this entry. Valid entries are in the form of group.type.
PAGE 625
Policy Classification Configuration Command Set Configuring Policy Class of Service (CoS) 7.3.3.17 clear cos reference irl Use this command to clear one or all Class of Service inbound rate limiting reference configurations. clear cos reference irl {all | group-type-index reference} Syntax Description all | group-type-index Clears all non-default inbound rate limiting reference entries or a specific entry. reference Specifies a reference number of the entry to be cleared. Command Defaults None.
PAGE 626
Policy Classification Configuration Command Set Configuring Policy Class of Service (CoS) 7.3.3.18 set cos reference txq Use this command to set a Class of Service inbound rate limiting reference configuration. set cos reference txq group-type-index reference queue number Syntax Description group-type-index Specifies a transmit queue port group/type index for this entry. Valid entries are in the form of group.type.
PAGE 627
Policy Classification Configuration Command Set Configuring Policy Class of Service (CoS) 7.3.3.19 clear cos reference txq Use this command to clear one or all non-default Class of Service transmit queue reference configurations. clear cos reference txq {all | group-type-index reference} Syntax Description all | group-type-index Clears all non-default transmit queue reference entries or a specific entry. reference Specifies a reference number of the entry to be cleared. Command Defaults None.
PAGE 628
Policy Classification Configuration Command Set Configuring Policy Class of Service (CoS) 7.3.3.20 show cos settings Use this command to display Class of Service parameters. show cos settings [cos-list] Syntax Description cos-list (Optional) Specifies a Class of Service entry to display. Command Defaults If not specified, all CoS entries will be displayed. Command Type Switch command. Command Mode Read-Only.
PAGE 629
Policy Classification Configuration Command Set Configuring Policy Class of Service (CoS) 7.3.3.21 set cos settings Use this command to configure a Class of Service entry. set cos settings cos-list [priority priority] [tos-value tos-value] [txq-reference txq-reference] [irl-reference irl-reference] Syntax Description cos-list Specifies a Class of Service entry. Valid values are 0 255. priority priority (Optional) Specifies a CoS priority value. Valid values are 0 - 7, with 0 being the lowest priority.
PAGE 630
Policy Classification Configuration Command Set Configuring Policy Class of Service (CoS) 7.3.3.22 clear cos settings Use this command to clear Class of Service entry settings. clear cos settings cos-list {[all] | [priority] [tos-value] [txq-reference] [irl-reference]} Syntax Description cos-list Specifies a Class of Service entry to clear. all Clears all settings associated with this entry. priority Clears the priority value associated with this entry.
PAGE 631
Policy Classification Configuration Command Set Configuring Policy Class of Service (CoS) 7.3.3.23 show cos violation irl Use this command to display Class of Service violation configurations. show cos violation irl [violation-index] Syntax Description violation-index (Optional) Displays information for a specific violation index. Valid entries are in the form of port-list:irl-list, or *.*.*:* for all entries.
PAGE 632
Policy Classification Configuration Command Set Configuring Policy Class of Service (CoS) 7.3.3.24 clear cos violation irl Use this command to clear Class of Service inbound rate limiting violation configurations. clear cos violation irl {all | disabled-ports | violation-index} {both | status | counter} Syntax Description all Clears all inbound rate limiting violation entries. disabled-ports Clears the list of ports that are disabled because of violating an inbound rate limiter.
PAGE 633
Policy Classification Configuration Command Set Configuring Policy Class of Service (CoS) 7.3.3.25 clear cos all-entries Use this command to clears all Class of Service entries except priority settings 0 - 7. clear cos all-entries Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 634
Policy Classification Configuration Command Set Configuring Policy Class of Service (CoS) 7-70 Matrix DFE-Gold Series Configuration Guide
PAGE 635
8 Port Priority and Rate Limiting Configuration This chapter describes the Port Priority and Rate Limiting set of commands and how to use them. 8.1 PORT PRIORITY CONFIGURATION SUMMARY The Matrix Series device supports Class of Service (CoS), which allows you to assign mission-critical data to higher priority through the device by delaying less critical traffic during periods of congestion. The higher priority traffic through the device is serviced first before lower priority traffic.
PAGE 636
Process Overview: Port Priority and Rate Limiting Configuration Configuring Port Priority NOTE: When CoS override is enabled using the set policy profile command as described in Section 7.3.1.2, CoS-based classification rules will take precedence over priority settings configured with the set port priority command described in this section. 8.
PAGE 637
Port Priority and Rate Limiting Configuration Command Set Configuring Port Priority 8.3.1.1 show port priority Use this command to display the 802.1D priority for one or more ports. show port priority [port-string] Syntax Description port-string (Optional) Displays priority information for a specific port. For a detailed description of possible port-string values, refer to Section 3.1.1. Command Defaults If port-string is not specified, priority for all ports will be displayed.
PAGE 638
Port Priority and Rate Limiting Configuration Command Set Configuring Port Priority 8.3.1.2 set port priority Use this command to set the 802.1D (802.1p) Class-of-Service transmit queue priority (0 through 7) on each port. A port receiving a frame without priority information in its tag header is assigned a priority according to the priority setting on the port.
PAGE 639
Port Priority and Rate Limiting Configuration Command Set Configuring Port Priority 8.3.1.3 clear port priority Use this command to reset the current CoS port priority setting to 0. This will cause all frames received without a priority value in its header to be set to priority 0. clear port priority port-string Syntax Description port-string Specifies the port for which to clear priority. For a detailed description of possible port-string values, refer to Section 3.1.1. Command Defaults None.
PAGE 640
Port Priority and Rate Limiting Configuration Command Set Configuring Priority to Transmit Queue Mapping 8.3.2 Configuring Priority to Transmit Queue Mapping Purpose To perform the following: • View the current priority to transmit queue mapping of each port, which includes both physical and virtual ports. • Configure each port to either transmit frames according to the port priority transmit queues (set using the set port priority command described back in Section 8.3.1.
PAGE 641
Port Priority and Rate Limiting Configuration Command Set Configuring Priority to Transmit Queue Mapping 8.3.2.1 show port priority-queue Use this command to display the port priority levels (0 through 7, with 0 as the lowest level) associated with the current transmit queue (0 - 15 depending on port type, with 0 being the lowest priority) for each priority of the selected port.
PAGE 642
Port Priority and Rate Limiting Configuration Command Set Configuring Priority to Transmit Queue Mapping This example shows how to display the transmit queues associated with priority 3. Matrix(rw)->show port priority-queue 3 fe.1.7 Priority TxQueue ---------- -------- ------3 1 fe.1.8 Priority TxQueue ---------- -------- ------3 1 fe.1.
PAGE 643
Port Priority and Rate Limiting Configuration Command Set Configuring Priority to Transmit Queue Mapping 8.3.2.2 set port priority-queue Use this command to map 802.1D (802.1p) priorities to transmit queues. This enables you to change the priority queue (0-7, depending on port type, with 0 being the lowest priority queue) for each port priority of the selected port. You can apply the new settings to one or more ports.
PAGE 644
Port Priority and Rate Limiting Configuration Command Set Configuring Priority to Transmit Queue Mapping 8.3.2.3 clear port priority-queue Use this command to reset port priority queue settings back to defaults for one or more ports. clear port priority-queue port-string Syntax Description port-string Specifies the port for which to clear priority queue. For a detailed description of possible port-string values, refer to Section 3.1.1. Command Defaults None. Command Type Switch command.
PAGE 645
Port Priority and Rate Limiting Configuration Command Set Configuring Port Traffic Rate Limiting 8.3.3 Configuring Port Traffic Rate Limiting Purpose To limit the rate of inbound traffic on the Matrix Series device on a per port/priority basis. The allowable range for the rate limiting is 125 kilobytes per second minimum up to the maximum transmission rate allowable on the interface type. Rate limit is configured for a given port and list of priorities.
PAGE 646
Port Priority and Rate Limiting Configuration Command Set Configuring Port Traffic Rate Limiting 8.3.3.1 show port ratelimit Use this command to show the traffic rate limiting configuration on one or more ports. show port ratelimit [port-string] Syntax Description port-string (Optional) Displays rate limiting information for specific port(s). For a detailed description of possible port-string values, refer to Section 3.1.1.
PAGE 647
Port Priority and Rate Limiting Configuration Command Set Configuring Port Traffic Rate Limiting Table 8-1 shows a detailed explanation of the command output. Table 8-1 show port ratelimit Output Details Output What It Displays... Port Number Port designation. For a detailed description of possible port-string values, refer to Section 3.1.1. Index Resource index for this port. Threshold (kB/s) Port rate limiting threshold in kilobytes per second.
PAGE 648
Port Priority and Rate Limiting Configuration Command Set Configuring Port Traffic Rate Limiting 8.3.3.2 set port ratelimit Use this command to configure the traffic rate limiting status and threshold (in kilobytes per second) for one or more ports. set port ratelimit {disable | enable} | port-string priority threshold {disable | enable} [inbound] [index] Syntax Description disable | enable When entered without a port-string, globally disables or enables the port rate limiting function.
PAGE 649
Port Priority and Rate Limiting Configuration Command Set Configuring Port Traffic Rate Limiting Command Mode Read-Write. Example This example shows how to: • globally enable rate limiting • configure rate limiting for inbound traffic on port fe.2.1, index 1, priority 5, to a threshold of 125 KBps: Matrix(rw)->set port ratelimit enable Matrix(rw)->set port ratelimit fe.2.
PAGE 650
Port Priority and Rate Limiting Configuration Command Set Configuring Port Traffic Rate Limiting 8.3.3.3 clear port ratelimit Use this command to clear rate limiting parameters for one or more ports. clear port ratelimit port-string [index] Syntax Description port-string Specifies the port(s) on which to clear rate limiting. For a detailed description of possible port-string values, refer to Section 3.1.1. index (Optional) Specifies the associated resource index to be reset.
PAGE 651
9 IGMP Configuration This chapter describes the IGMP Configuration set of commands and how to use them. 9.1 ABOUT IP MULTICAST GROUP MANAGEMENT The Internet Group Management Protocol (IGMP) runs between hosts and their immediately neighboring multicast switch device. The protocol’s mechanisms allow a host to inform its local switch device that it wants to receive transmissions addressed to a specific multicast group.
PAGE 652
IGMP Configuration Summary In addition to passively monitoring IGMP query and report messages, the Matrix Series device can also actively send IGMP query messages to learn locations of multicast switches and member hosts in multicast groups within each VLAN. However, note that IGMP neither alters nor routes any IP multicast packets.
PAGE 653
IGMP Configuration Command Set Enabling / Disabling IGMP 9.4 9.4.1 IGMP CONFIGURATION COMMAND SET Enabling / Disabling IGMP Purpose To display IGMP information and to enable or disable IGMP snooping on the device. Commands The commands used to display, enable and disable IGMP are listed below and described in the associated sections as shown. • show igmp enable (Section 9.4.1.1) • set igmp enable (Section 9.4.1.2) • set igmp disable (Section 9.4.1.
PAGE 654
IGMP Configuration Command Set Enabling / Disabling IGMP 9.4.1.1 show igmp enable Use this command to display the status of IGMP on one or more VLAN(s). show igmp enable vlan-list Syntax Description vlan-list Specifies the VLAN(s) for which to display IGMP status. Command Defaults None. Command Type Switch command. Command Mode Read-Only.
PAGE 655
IGMP Configuration Command Set Enabling / Disabling IGMP 9.4.1.2 set igmp enable Use this command to enable IGMP on one or more VLANs. set igmp enable vlan-list Syntax Description vlan-list Specifies the VLAN(s) on which to enable IGMP. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 656
IGMP Configuration Command Set Enabling / Disabling IGMP 9.4.1.3 set igmp disable Use this command to disable IGMP on one or more VLANs. set igmp enable vlan-list Syntax Description vlan-list Specifies the VLAN(s) on which to enable IGMP. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 657
IGMP Configuration Command Set Configuring IGMP 9.4.2 Configuring IGMP Purpose To display and set IGMP configuration parameters, including query interval and response time settings, and to create and configure static IGMP entries. Commands The commands used to configure IGMP are listed below and described in the associated sections as shown. • show igmp query (Section 9.4.2.1) • set igmp query-enable (Section 9.4.2.2) • set igmp query-disable (Section 9.4.2.3) • show igmp grp-full-action (Section 9.4.
PAGE 658
IGMP Configuration Command Set Configuring IGMP 9.4.2.1 show igmp query Use this command to display the IGMP query status of one or more VLANs. show igmp query vlan-list Syntax Description vlan-list Specifies the VLAN(s) for which to display IGMP query state. Command Defaults None. Command Type Switch command. Command Mode Read-Only.
PAGE 659
IGMP Configuration Command Set Configuring IGMP 9.4.2.2 set igmp query-enable Use this command to enable IGMP querying on one or more VLANs. set igmp query-enable vlan-list Syntax Description vlan-list Specifies the VLAN(s) on which to enable IGMP querying. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 660
IGMP Configuration Command Set Configuring IGMP 9.4.2.3 set igmp query-disable Use this command to disable IGMP querying on one or more VLANs. set igmp query-disable vlan-list Syntax Description vlan-list Specifies the VLAN(s) on which to disable IGMP querying. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 661
IGMP Configuration Command Set Configuring IGMP 9.4.2.4 show igmp grp-full-action Use this command to show what action to take with multicast frames when the multicast IGMP group table is full show igmp grp-full-action Command Defaults None. Command Type Switch command. Command Mode Read-Only.
PAGE 662
IGMP Configuration Command Set Configuring IGMP 9.4.2.5 set igmp grp-full-action Use this command to determine what action to take with multicast frames when the multicast group table is full. set igmp grp-full-action action Syntax Description action Specifies the action to take when the multicast Group Table is full. The options are: • 1-send multicast frames to Routers • 2-flood multicast frames to the VLAN Command Defaults Flood multicast frames to the Vlan Command Type Switch command.
PAGE 663
IGMP Configuration Command Set Configuring IGMP 9.4.2.6 show igmp config Use this command to display IGMP configuration information for one or more VLANs. show igmp config vlan-list Syntax Description vlan-list Specifies the VLAN(s) for which to display IGMP configuration information. Command Defaults None. Command Type Switch command. Command Mode Read-Only.
PAGE 664
IGMP Configuration Command Set Configuring IGMP Table 9-1 show igmp config Output Details Output What It Displays... VlanQueryInterval Frequency (in seconds) of host-query frame transmissions. VlanStatus Whether or not VLAN configuration is Active or Not in Service. Vlan IGMP Version Whether or not IGMP version is 1 or 2. VlanQuerier IP address of the IGMP querier. VlanQueryMaxResponse Time Maximum query response time (in tenths of a second).
PAGE 665
IGMP Configuration Command Set Configuring IGMP 9.4.2.7 set igmp config Use this command to configure IGMP settings on one or more VLANs. set igmp config vlan-list {[query-interval query-interval] [igmp-version igmp-version] [max-resp-time max-resp-time] [robustness robustness] [last-mem-int last-mem-int]} Syntax Description vlan-list Specifies the VLAN(s) on which to configure IGMP. query-interval query-interval (Optional) Specifies the frequency of host-query frame transmissions.
PAGE 666
IGMP Configuration Command Set Configuring IGMP Example This example shows how to set the IGMP query interval time to 250 seconds on VLAN 1: Matrix(rw)->set igmp config 1 query-interval 250 9-16 Matrix DFE-Gold Series Configuration Guide
PAGE 667
IGMP Configuration Command Set Configuring IGMP 9.4.2.8 set igmp delete Use this command to remove IGMP configuration settings for one or more VLANs. set igmp delete vlan-list Syntax Description vlan-list Specifies the VLAN(s) on which configuration settings will be cleared. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 668
IGMP Configuration Command Set Configuring IGMP 9.4.2.9 show igmp groups Use this command to display information about IGMP groups known to one or more VLANs. show igmp groups [group ] [vlan-list ] [sip ] [-verbose] Syntax Description group Group IP address (Entering no IP address shows all groups) vlan-list Specifies the VLAN(s) for which to display IGMP group information.
PAGE 669
IGMP Configuration Command Set Configuring IGMP 9.4.2.10 show igmp static Use this command to display static IGMP ports for one or more VLANs or IGMP groups. show igmp static vlan-list [group group] Syntax Description vlan-list Specifies the VLAN(s) for which to display static IGMP information. group group (Optional) Displays information for a specific IGMP group (IP address). Command Defaults If not specified, static IGMP information will be displayed for all groups. Command Type Switch command.
PAGE 670
IGMP Configuration Command Set Configuring IGMP 9.4.2.11 set igmp add-static Use this command to create a new static IGMP entry, or to add one or more new ports to an existing entry. set igmp add-static group vlan-list [modify] [include-ports] [exclude-ports] Syntax Description group Specifies a group IP address for the entry. vlan-list Specifies the VLAN(s) on which to configure the entry. modify Adds new ports to an existing entry.
PAGE 671
IGMP Configuration Command Set Configuring IGMP 9.4.2.12 set igmp remove-static Use this command to delete a static IGMP entry, or to remove one or more ports from an existing entry. set igmp remove-static group vlan-list [modify] [include-ports] [exclude-ports] Syntax Description group Specifies a group IP address for the entry. vlan-list Specifies the VLAN(s) on which to configure the entry. modify Adds new ports to an existing entry.
PAGE 672
IGMP Configuration Command Set Configuring IGMP 9.4.2.13 show igmp protocols Use this command to display the binding of IP protocol id to IGMP classification show igmp protocols Command Defaults None. Command Type Switch command. Command Mode Read-Only.
PAGE 673
IGMP Configuration Command Set Configuring IGMP 9.4.2.14 set igmp protocols Use this command to changes the IGMP classification of received IP frames set igmp protocols [classification classification] [protocol-id protocol-id] [modify] Syntax Description classification classification Specifies the classification. Options are: • 1-multicast data • 2-routing protocol • 3-ignore protocol-id protocol-id The protocol ids to change(0-255). modify Add to existing classifications.
PAGE 674
IGMP Configuration Command Set Configuring IGMP 9.4.2.15 clear igmp protocols Use this command to clear the binding of IP protocol id to IGMP classification clear igmp protocols [protocol-id protocol-id] Syntax Description protocol-id protocol-id The protocol ids to change(0-255). Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 675
IGMP Configuration Command Set Configuring IGMP 9.4.2.16 show igmp vlan Use this command to display IGMP information for a specific VLAN. show igmp vlan [vlan-list] Syntax Description vlan vlan-list Show IGMP info for the given VLAN. Command Defaults None Command Type Switch command. Command Mode Read-Only. Example This example shows how to display igmp information for vlan 12: Matrix(rw)->show igmp vlan 12 IGMP Vlan 12 Info IGMP query state : Enabled QueryInterval(sec.
PAGE 676
IGMP Configuration Command Set Configuring IGMP 9.4.2.17 show igmp reporters Use this command to display IGMP reporter information. show igmp reporters [portlist portlist] [group group] [vlan-list vlan-list] [sip sip] Syntax Description [portlist portlist] portlist - Port or range of ports.
PAGE 677
IGMP Configuration Command Set Configuring IGMP 9.4.2.18 show igmp flow Use this command to display IGMP flow information. show igmp flows [portlist portlist] [group group] [vlan-list vlan-list] [sip sip] Syntax Description [portlist portlist] portlist - Port or range of ports. [group group] group - group IP address (none means show all groups) [vlan-list vlan-list] vlan-list - VLAN ID or range of IDs (1-4094) [sip sip] sip - source IP address (none means show all sips) Command Defaults None.
PAGE 678
IGMP Configuration Command Set Configuring IGMP 9.4.2.19 show igmp counters Use this command to display IGMP counter information. show igmp counters Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only.
PAGE 679
IGMP Configuration Command Set Configuring IGMP 9.4.2.20 show igmp number-groups Use this command to display the number of multicast groups supported by the Matrix device. The command displays both the currently active number of groups and the configured number that will take effect at the next reboot. show igmp number-groups Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-write.
PAGE 680
IGMP Configuration Command Set Configuring IGMP 9-30 Matrix DFE-Gold Series Configuration Guide
PAGE 681
10 Logging and Network Management This chapter describes switch-related logging and network management commands and how to use them. NOTE: The commands in this section pertain to network management of the Matrix Series device from the switch CLI only. For information on router-related network management tasks, including reviewing router ARP tables and IP traffic, refer to Chapter 11. 10.
PAGE 682
Logging And Network Management Command Set Configuring System Logging 10.2 LOGGING AND NETWORK MANAGEMENT COMMAND SET 10.2.1 Configuring System Logging Purpose To display and configure system logging, including Syslog server settings, logging severity levels for various applications, Syslog default settings, and the logging buffer. Commands Commands to configure system logging are listed below and described in the associated section as shown. • show logging all (Section 10.2.1.
PAGE 683
Logging And Network Management Command Set Configuring System Logging 10.2.1.1 show logging all Use this command to display all configuration information for system logging. show logging all Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only.
PAGE 684
Logging And Network Management Command Set Configuring System Logging Example This example shows how to display all system logging information: Matrix(rw)->show logging all Application Current Severity Level Server List ---------------------------------------------------------88 RtrAcl 6 1-8 89 CLI 6 1-8 90 SNMP 6 1-8 91 Webview 6 1-8 93 System 6 1-8 95 RtrFe 6 1-8 96 Trace 6 1-8 105 RtrLSNat 6 1-8 111 FlowLimt 6 1-8 112 UPN 6 1-8 117 AAA 6 1-8 118 Router 6 1-8 140 AddrNtfy 6 1-8 141 OSPF 6 1-8 142 VRRP 6
PAGE 685
Logging And Network Management Command Set Configuring System Logging Table 10-1 show logging all Output Details Output What It Displays... Application A mnemonic abbreviation of the textual description for applications being logged. Current Severity Level Severity level (1 - 8) at which the server is logging messages for the listed application. For details on setting this value using the set logging application command, refer to Section 10.2.1.9.
PAGE 686
Logging And Network Management Command Set Configuring System Logging 10.2.1.2 show logging server Use this command to display the Syslog configuration for a particular server. show logging server [index] Syntax Description index (Optional) Displays Syslog information pertaining to a specific server table entry. Valid values are 1-8. Command Defaults If index is not specified, all Syslog server information will be displayed. Command Type Switch command. Command Mode Read-Only.
PAGE 687
Logging And Network Management Command Set Configuring System Logging 10.2.1.3 set logging server Use this command to configure a Syslog server. set logging server index [ip-addr ip-addr] [facility facility] [severity severity] [descr descr] [port port] [state {enable | disable}] Syntax Description index Specifies the server table index number for this server. Valid values are 1 - 8. ip-addr ip-addr (Optional) Specifies the Syslog message server’s IP address.
PAGE 688
Logging And Network Management Command Set Configuring System Logging Command Defaults • If ip-addr is not specified, an entry in the Syslog server table will be created with the specified index number and a message will display indicating that no IP address has been assigned. • If not specified, facility, severity and port will be set to defaults configured with the set logging default command (Section 10.2.1.6.). • If state is not specified, the server will not be enabled or disabled.
PAGE 689
Logging And Network Management Command Set Configuring System Logging 10.2.1.4 clear logging server Use this command to remove a server from the Syslog server table. clear logging server index Syntax Description index Specifies the server table index number for the server to be removed. Valid values are 1 - 8. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 690
Logging And Network Management Command Set Configuring System Logging 10.2.1.5 show logging default Use this command to display the Syslog server default values. show logging default Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only. Example This command shows how to display the Syslog server default values. For an explanation of the command output, refer back to Table 10-1.
PAGE 691
Logging And Network Management Command Set Configuring System Logging 10.2.1.6 set logging default Use this command to set logging default values. set logging default {[facility facility] [severity severity] port port]} Syntax Description facility facility Specifies the default facility name. Valid values are: local0 to local7. severity severity Specifies the default logging severity level.
PAGE 692
Logging And Network Management Command Set Configuring System Logging 10.2.1.7 clear logging default Use this command to reset logging default values. clear logging default{[facility] [severity] [port]} Syntax Description facility (Optional) Resets the default facility name to local4. severity (Optional) Resets the default logging severity level to 6 (notifications of significant conditions). port (Optional) Resets the default UDP port the client uses to send to the server to 514.
PAGE 693
Logging And Network Management Command Set Configuring System Logging 10.2.1.8 show logging application Use this command to display the severity level of Syslog messages for one or all applications configured for logging on your system. show logging application [mnemonic | all] Syntax Description mnemonic | all (Optional) Displays severity level for one or all applications configured for logging. Mnemonics will vary depending on the number and types of applications running on your system.
PAGE 694
Logging And Network Management Command Set Configuring System Logging Example This example shows how to display system logging information pertaining to the all supported applications.
PAGE 695
Logging And Network Management Command Set Configuring System Logging Table 10-2 show logging application Output Details Output What It Displays... Application A mnemonic abbreviation of the textual description for applications being logged. Current Severity Level Severity level at which the server is logging messages for the listed application. This range (from 1 to 8) and its associated severity list is shown in the CLI output.
PAGE 696
Logging And Network Management Command Set Configuring System Logging 10.2.1.9 set logging application Use this command to set the severity level of log messages and the server(s) to which messages will be sent for one or all applications. set logging application {[mnemonic | all]} [level level] [servers servers] Syntax Description mnemonic Specifies a case sensitive mnemonic abbreviation of an application to be logged.
PAGE 697
Logging And Network Management Command Set Configuring System Logging Table 10-3 Sample Mnemonic Values for Logging Applications Mnemonic Application AAA Authentication, Authorization, & Accounting AddrNtfy Address Add and Move Notification CLI Command Line Interface FlowLimit Flow Limiting LACP Link Aggregation Control Protocol OSPF Open Shortest Path First Routing Protocol Router Router RtrAcl Router Access Control List RtrFE Router Forwarding Engine RtrArpProc Router Arp Process
PAGE 698
Logging And Network Management Command Set Configuring System Logging Command Mode Read-Write.
PAGE 699
Logging And Network Management Command Set Configuring System Logging 10.2.1.10 clear logging application Use this command to reset the logging severity level for one or all applications to the default value of 6 (notifications of significant conditions). clear logging application {mnemonic | all} Syntax Description mnemonic | all (Optional) Resets the severity level for a specific application or for all applications. Valid mnemonic values and their corresponding applications are listed in Table 10-3.
PAGE 700
Logging And Network Management Command Set Configuring System Logging 10.2.1.11 show logging local Use this command to display the state of message logging to the console and a persistent file. show logging local Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only. Example This example shows how to display the state of message logging. In this case, logging to the console is enabled and logging to a persistent file is disabled.
PAGE 701
Logging And Network Management Command Set Configuring System Logging 10.2.1.12 set logging local Use this command to configure log messages to the console and a persistent file. set logging local console {enable | disable} file {enable | disable} Syntax Description console enable | disable Enables or disables logging to the console. file enable | disable Enables or disables logging to a persistent file. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 702
Logging And Network Management Command Set Configuring System Logging 10.2.1.13 clear logging local Use this command to clear the console and persistent store logging for the local session. clear logging local Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 703
Logging And Network Management Command Set Configuring System Logging 10.2.1.14 set logging here Use this command to enable or disable the current CLI session as a Syslog destination. The effect of this command will be temporary if the current CLI session is using Telnet or SSH, but persistent on the console. set logging here {enable | disable} Syntax Description enable | disable Enables or disables display of logging messages for the current CLI session. Command Defaults None.
PAGE 704
Logging And Network Management Command Set Configuring System Logging 10.2.1.15 clear logging here Use this command to clear the logging state for the current CLI session. clear logging here Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 705
Logging And Network Management Command Set Configuring System Logging 10.2.1.16 show logging buffer Use this command to display the last 256 messages logged. show logging buffer Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only. Example This example shows a portion of the information displayed with the show logging buffer command Matrix(rw)->show logging buffer <165>Sep 4 07:43:09 10.42.71.13 CLI[5]User:rw logged in from 10.2.1.
PAGE 706
Logging And Network Management Command Set Monitoring Network Events and Status 10.2.2 Monitoring Network Events and Status Purpose To display switch events and command history, to set the size of the history buffer, and to display and disconnect current user sessions. Commands Commands to monitor switch network events and status are listed below and described in the associated section as shown. • history (Section 10.2.2.1) • show history (Section 10.2.2.2) • set history (Section 10.2.2.
PAGE 707
Logging And Network Management Command Set Monitoring Network Events and Status 10.2.2.1 history Use this command to display the contents of the command history buffer. The command history buffer includes all the switch commands entered up to a maximum of 50, as specified in the set history command (Section 10.2.2.3). history Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only.
PAGE 708
Logging And Network Management Command Set Monitoring Network Events and Status 10.2.2.2 show history Use this command to display the size (in lines) of the history buffer. show history Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only.
PAGE 709
Logging And Network Management Command Set Monitoring Network Events and Status 10.2.2.3 set history Use this command to set the size of the history buffer. set history size [default] Syntax Description size Specifies the size of the history buffer in lines. Valid values are 1 to 100. default (Optional) Makes this setting persist for all future sessions. Command Defaults If default is not specified, the history setting will not be persistent. Command Type Switch command. Command Mode Read-Write.
PAGE 710
Logging And Network Management Command Set Monitoring Network Events and Status 10.2.2.4 show netstat Use this command to display statistics for the switch’s active network connections. show netstat [icmp | ip | routes | stats | tcp | udp] Syntax Description icmp (Optional) Shows Internet Control Message Protocol (ICMP) statistics. ip (Optional) Shows Internet Protocol (IP) statistics. routes (Optional) Shows the IP routing table. stats (Optional) Shows all statistics for TCP, UDP, IP, and ICMP.
PAGE 711
Logging And Network Management Command Set Monitoring Network Events and Status Table 10-4 provides an explanation of the command output. Table 10-4 show netstat Output Details Output What It Displays... PCB Protocol Control Block designation. Proto Type of protocol running on the connection. Recv-Q Number of queries received over the connection. Send-Q Number of queries sent over the connection. Local Address IP address of the connection’s local host.
PAGE 712
Logging And Network Management Command Set Monitoring Network Events and Status 10.2.2.5 ping Use this command to send ICMP echo-request packets to another node on the network from the switch CLI. ping [-s] host [count] Syntax Description -s (Optional) Causes a continuous ping, sending one datagram per second and printing one line of output for every response received, until the user enters Ctrl+C. host Specifies the IP address of the device to which the ping will be sent.
PAGE 713
Logging And Network Management Command Set Monitoring Network Events and Status This example shows how to ping IP address 134.141.89.29 with 10 packets: Matrix(rw)->ping 134.141.89.29 10 PING 134.141.89.29: 56 data bytes 64 bytes from 134.141.89.29: icmp-seq=0. time=0. ms 64 bytes from 134.141.89.29: icmp-seq=1. time=0. ms 64 bytes from 134.141.89.29: icmp-seq=2. time=0. ms 64 bytes from 134.141.89.29: icmp-seq=3. time=0. ms 64 bytes from 134.141.89.29: icmp-seq=4. time=0. ms 64 bytes from 134.141.89.
PAGE 714
Logging And Network Management Command Set Monitoring Network Events and Status 10.2.2.6 show users Use this command to display information about the active console port or Telnet session(s) logged in to the switch. show users Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only. Example This example shows how to use the show users command. In this output, there are two Telnet users logged in with Read-Write access privileges from IP addresses 134.141.192.
PAGE 715
Logging And Network Management Command Set Monitoring Network Events and Status 10.2.2.7 tell Use this command to send a message to one or all users. tell {dest | all} message Syntax Description dest Specifies the user to which this message will be sent. Valid syntax is user@location. all Sends a broadcast message to all users. message Text message. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 716
Logging And Network Management Command Set Monitoring Network Events and Status 10.2.2.8 disconnect Use this command to close an active console port or Telnet session from the switch CLI. disconnect {ip-addr | console} Syntax Description ip-addr Specifies the IP address of the Telnet session to be disconnected. This address is displayed in the output shown in Section 10.2.2.6. console Closes an active console port. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 717
Logging And Network Management Command Set Configuring SMON 10.2.3 Configuring SMON Purpose To configure SMON (Switched Network Monitoring) on the device. Commands Commands to configure SMON are listed below and described in the associated section as shown. • show smon priority (Section 10.2.3.1) • set smon priority (Section 10.2.3.2) • clear smon priority (Section 10.2.3.3) • show smon vlan (Section 10.2.3.4) • set smon vlan (Section 10.2.3.5) • clear smon vlan (Section 10.2.3.
PAGE 718
Logging And Network Management Command Set Configuring SMON 10.2.3.1 show smon priority Use this command to display SMON user priority statistics. SMON generates aggregated statistics for IEEE 802.1Q VLAN environments. show smon priority [port-string] [priority priority] Syntax Description port-string (Optional) Displays SMON priority statistics being collected by specific port(s). For a detailed description of possible port-string values, refer to Section 3.1.1.
PAGE 719
Logging And Network Management Command Set Configuring SMON 10.2.3.2 set smon priority Use this command to create, start, or stop priority-encoded SMON user statistics counting. set smon priority {create | enable | disable} port-string [owner] Syntax Description create | enable | disable Creates, enables, or disables SMON priority statistics counting. Create automatically enables (starts) counters. port-string Specifies one or more source ports on which to collect statistics.
PAGE 720
Logging And Network Management Command Set Configuring SMON 10.2.3.3 clear smon priority Clears priority-encoded user statistics on one or more ports. clear smon priority [port-string] Syntax Description port-string (Optional) Clears statistics for specific port(s). For a detailed description of possible port-string values, refer to Section 3.1.1. Command Defaults If port-string is not specified, priority statistics will be cleared on all ports. Command Type Switch command. Command Mode Read-Write.
PAGE 721
Logging And Network Management Command Set Configuring SMON 10.2.3.4 show smon vlan Use this command to display SMON (Switched Network Monitoring) VLAN statistics. show smon vlan [port-string] [vlan vlan-id] Syntax Description port-string (Optional) Displays SMON VLAN statistics being collected by specific port(s). For a detailed description of possible port-string values, refer to Section 3.1.1. vlan vlan-id (Optional) Displays SMON statistics associated with a specific VLAN.
PAGE 722
Logging And Network Management Command Set Configuring SMON 10.2.3.5 set smon vlan Use this command to create, start, or stop SNMP VLAN-related statistics counting. set smon vlan {create | enable | disable} port-string [owner] Syntax Description create | enable | disable Creates, enables, or disables SMON VLAN statistics counting. Create automatically enables (starts) counters. port-string Specifies one or more source ports on which to collect statistics.
PAGE 723
Logging And Network Management Command Set Configuring SMON 10.2.3.6 clear smon vlan Use this command to delete an SMON VLAN statistics counting configuration. clear smon vlan [port-string] Syntax Description port-string (Optional) Clears statistics counting configuration(s) for specific port(s). For a detailed description of possible port-string values, refer to Section 3.1.1. Command Defaults If port-string is not specified, VLAN statistics counting configurations will be cleared for all ports.
PAGE 724
Logging And Network Management Command Set Configuring RMON 10.2.4 Configuring RMON RMON Monitoring Group Functions and Commands RMON (Remote Network Monitoring) provides comprehensive network fault diagnosis, planning, and performance tuning information and allows for interoperability between SNMP management stations and monitoring agents. RMON extends the SNMP MIB capability by defining additional MIBs that generate a much richer set of data about network usage.
PAGE 725
Logging And Network Management Command Set Configuring RMON Table 10-5 RMON Group Alarm Event RMON Monitoring Group Functions and Commands (Continued) What It Does... What It Monitors... CLI Command(s) Periodically gathers statistical samples from variables in the probe and compares them with previously configured thresholds. If the monitored variable crosses a threshold, an event is generated. Alarm type, interval, starting threshold, stop threshold. show rmon alarm (Section 10.2.4.
PAGE 726
Logging And Network Management Command Set Configuring RMON Table 10-5 RMON Group Host TopN Matrix RMON Monitoring Group Functions and Commands (Continued) What It Does... What It Monitors... CLI Command(s) Generates tables that describe hosts that top a list ordered by one of their statistics. These rate based statistics are samples of one of their base statistics over an interval specified by the management station. Statistics, top host(s), sample stop and start period, rate base and duration.
PAGE 727
Logging And Network Management Command Set Configuring RMON Table 10-5 RMON Group Filter RMON Monitoring Group Functions and Commands (Continued) What It Does... What It Monitors... CLI Command(s) Allows packets to be matched by a filter equation. These matched packets form a data stream or “channel” that may be captured or may generate events. Packets matching the filter configuration. show rmon channel (Section 10.2.4.27) set rmon channel (Section 10.2.4.28) clear rmon channel (Section 10.2.4.
PAGE 728
Logging And Network Management Command Set Configuring RMON 10.2.4.1 show rmon stats Use this command to display RMON statistics measured for one or more ports. show rmon stats [port-string] [wide] [bysize] Syntax Description port-string (Optional) Displays RMON statistics for specific port(s). For a detailed description of possible port-string values, refer to Section 3.1.1. wide (Optional) Display most important stats, one line per entry. bysize (Optional) Display counters by packet length.
PAGE 729
Logging And Network Management Command Set Configuring RMON Table 10-6 provides an explanation of the command output. Table 10-6 show rmon stats Output Details Output What It Displays... Port Port designation. Owner Name of the entity that configured this entry. Monitor is default. Data Source Data source of the statistics being displayed. Drop Events Total number of times that the switch was forced to discard frames due to lack of available switch device resources.
PAGE 730
Logging And Network Management Command Set Configuring RMON Table 10-6 show rmon stats Output Details (Continued) Output What It Displays... Fragments Number of received frames that are not the minimum number of bytes in length, or received frames that had a bad or missing Frame Check Sequence (FCS), were less than 64 bytes in length (excluding framing bits, but including FCS bytes) and had an invalid CRC.
PAGE 731
Logging And Network Management Command Set Configuring RMON 10.2.4.2 set rmon stats Use this command to configure an RMON statistics entry. set rmon stats index port-string [owner] Syntax Description index Specifies an index for this statistics entry. port-string Specifies port(s) to which this entry will be assigned. For a detailed description of possible port-string values, refer to Section 3.1.1. owner (Optional) Assigns an owner for this entry.
PAGE 732
Logging And Network Management Command Set Configuring RMON 10.2.4.3 clear rmon stats Use this command to delete one or more RMON statistics entries. clear rmon stats {index-list | to-defaults} Syntax Description index-list Specifies one or more stats entries to be deleted, causing them to disappear from any future RMON queries. to-defaults Resets all history entries to default values. This will cause entries to reappear in RMON queries. Command Defaults None. Command Type Switch command.
PAGE 733
Logging And Network Management Command Set Configuring RMON 10.2.4.4 show rmon history Use this command to display RMON history properties and statistics. The RMON history group records periodic statistical samples from a network. show rmon history [port-string] [wide] [interval] Syntax Description port-string (Optional) Displays RMON history entries for specific port(s). wide (Optional) Display most important stats, one line per entry. interval (Optional) Summarize history over a fixed interval.
PAGE 734
Logging And Network Management Command Set Configuring RMON Matrix(rw)->show rmon history fe.3.14 Port: fe.3.14 --------------------------------------Index 1001 Status = 1 valid Owner = monitor Data Source = 1.3.6.1.2.1.2.2.1.1.
PAGE 735
Logging And Network Management Command Set Configuring RMON 10.2.4.5 set rmon history Use this command to configure an RMON history entry. set rmon history index [port-string] [buckets buckets] [interval interval] [owner owner] Syntax Description index-list Specifies an index number for this entry. port-string (Optional) Assigns this entry to a specific port. buckets buckets (Optional) Specifies the maximum number of entries to maintain.
PAGE 736
Logging And Network Management Command Set Configuring RMON 10.2.4.6 clear rmon history Use this command to delete one or more RMON history entries or reset one or more entries to default values. For specific values, refer to Section 10.2.4.5. clear rmon history {index-list | to-defaults} Syntax Description index-list Specifies one or more history entries to be deleted, causing them to disappear from any future RMON queries. to-defaults Resets all history entries to default values.
PAGE 737
Logging And Network Management Command Set Configuring RMON 10.2.4.7 show rmon alarm Use this command to display RMON alarm entries. The RMON alarm group periodically takes statistical samples from RMON variables and compares them with previously configured thresholds. If the monitored variable crosses a threshold an RMON event is generated. show rmon alarm [index] Syntax Description index (Optional) Displays RMON alarm entries for a specific entry index ID.
PAGE 738
Logging And Network Management Command Set Configuring RMON Table 10-7 show rmon alarm Output Details Output What It Displays... Index Index number for this alarm entry. Owner Text string identifying who configured this entry. Status Whether this event entry is enabled (valid) or disabled. Variable MIB object to be monitored. Sample Type Whether the monitoring method is an absolute or a delta sampling.
PAGE 739
Logging And Network Management Command Set Configuring RMON 10.2.4.8 set rmon alarm properties Use this command to configure an RMON alarm entry, or to create a new alarm entry with an unused alarm index number. set rmon alarm properties index [interval interval] [object object] [type {absolute | delta}] [startup {rising | falling | either}] [rthresh rthresh] [fthresh fthresh] [revent revent] [fevent fevent] [owner owner] Syntax Description index Specifies an index number for this entry.
PAGE 740
Logging And Network Management Command Set Configuring RMON revent revent Specifies the index number of the RMON event to be triggered when the rising threshold is crossed. fevent fevent Specifies the index number of the RMON event to be triggered when the falling threshold is crossed. owner owner (Optional) Specifies the name of the entity that configured this alarm entry.
PAGE 741
Logging And Network Management Command Set Configuring RMON 10.2.4.9 set rmon alarm status Use this command to enable an RMON alarm entry. An alarm is a notification that a statistical sample of a monitored variable has crossed a configured threshold. set rmon alarm status index enable NOTE: An RMON alarm entry can be created using this command, configured using the set rmon alarm properties command (Section 10.2.4.8), then enabled using this command.
PAGE 742
Logging And Network Management Command Set Configuring RMON 10.2.4.10 clear rmon alarm Use this command to delete an RMON alarm entry. clear rmon alarm index Syntax Description index Specifies the index number of entry to be cleared. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 743
Logging And Network Management Command Set Configuring RMON 10.2.4.11 show rmon event Use this command to display RMON event entry properties. show rmon event [index] Syntax Description index (Optional) Displays RMON properties and log entries for a specific entry index ID. Command Defaults If index is not specified, information about all RMON entries will be displayed. Command Type Switch command. Command Mode Read-Only.
PAGE 744
Logging And Network Management Command Set Configuring RMON Table 10-8 show rmon event Output Details (Continued) Output What It Displays... Description Text string description of this event. Type Whether the event notification will be a log entry, and SNMP trap, both, or none. Community SNMP community name if message type is set to trap. Last Time Sent When an event notification matching this entry was sent.
PAGE 745
Logging And Network Management Command Set Configuring RMON 10.2.4.12 set rmon event properties Use this command to configure an RMON event entry, or to create a new event entry with an unused event index number. set rmon event properties index [description description] [type {none | log | trap | both}] [community community] [owner owner] Syntax Description index Specifies an index number for this entry. Maximum number of entries is 100. Maximum value is 65535.
PAGE 746
Logging And Network Management Command Set Configuring RMON Example This example shows how to create and enable an RMON event entry called “STP topology change” that will send both a log entry and an SNMP trap message to the “public” community: Matrix(rw)->set rmon event properties 2 description “STP topology change" type both community public owner Manager 10-66 Matrix DFE-Gold Series Configuration Guide
PAGE 747
Logging And Network Management Command Set Configuring RMON 10.2.4.13 set rmon event status Use this command to enable an RMON event entry. An event entry describes the parameters of an RMON event that can be triggered. Events can be fired by RMON alarms and can be configured to create a log entry, generate a trap, or both. set rmon event status index enable NOTE: An RMON event entry can be created using this command, configured using the set rmon event properties command (Section 10.2.4.
PAGE 748
Logging And Network Management Command Set Configuring RMON 10.2.4.14 clear rmon event Use this command to delete an RMON event entry and any associated log entries. clear rmon event index Syntax Description index Specifies the index number of the entry to be cleared. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 749
Logging And Network Management Command Set Configuring RMON 10.2.4.15 show rmon host Use this command to display RMON properties and statistics associated with each host discovered on the network. show rmon host [port-string] [address | creation] Syntax Description port-string (Optional) Displays RMON properties and statistics for specific port(s). address | creation (Optional) Sorts the display by MAC address or creation time of the entry.
PAGE 750
Logging And Network Management Command Set Configuring RMON Example This example shows how to display RMON host properties and statistics. A control entry displays first, followed by actual entries corresponding to the control entry.
PAGE 751
Logging And Network Management Command Set Configuring RMON 10.2.4.16 set rmon host properties Use this command to configure an RMON host entry. set rmon host properties index port-string [owner] Syntax Description index Specifies an index number for this entry. An entry will automatically be created if an unused index number is chosen. Maximum number of entries is 5. Maximum value is 65535. port-string Configures RMON host monitoring on a specific port.
PAGE 752
Logging And Network Management Command Set Configuring RMON 10.2.4.17 set rmon host status Use this command to enable an RMON host entry. set rmon host status index enable Syntax Description index Specifies an index number for this entry. Maximum number of entries is 5. Maximum value is 65535. enable Enables this host entry. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 753
Logging And Network Management Command Set Configuring RMON 10.2.4.18 clear rmon host Use this command to delete an RMON host entry. clear rmon host index Syntax Description index Specifies the index number of the entry to be cleared. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 754
Logging And Network Management Command Set Configuring RMON 10.2.4.19 show rmon topN Use this command to displays RMON TopN properties and statistics. TopN monitoring prepares tables that describe the hosts topping a list ordered by one of their statistics. TopN lists are samples of one of the hosts base statistics over a specific interval. set rmon topN [index] Syntax Description index (Optional) Displays RMON properties and statistics for a specific entry index ID.
PAGE 755
Logging And Network Management Command Set Configuring RMON Table 10-9 provides an explanation of the command output. Properties are set using the set rmon topN properties command as described in Section 10.2.4.20. Table 10-9 show rmon topN Output Details Output What It Displays... Index Index number for this event entry. Each entry defines one top N report prepared for one interface. Status Whether this event entry is enabled (valid) or disabled.
PAGE 756
Logging And Network Management Command Set Configuring RMON 10.2.4.20 set rmon topN properties Use this command to configure an RMON topN entry (report). set rmon topn properties index [hindex hindex] [rate {inpackets | outpackets | inoctets | outoctets | errors | bcast | mcast}] [duration duration] [size size] [owner owner] Syntax Description index Specifies an index number for this entry. An entry will automatically be created if an unused index number is chosen. Maximum number of entries is 10.
PAGE 757
Logging And Network Management Command Set Configuring RMON Command Mode Read-Write.
PAGE 758
Logging And Network Management Command Set Configuring RMON 10.2.4.21 set rmon topN status Use this command to enable an RMON topN entry. set rmon topN status index enable | Syntax Description index Specifies an index number for this entry. Maximum number of entries is 10. Maximum value is 65535. enable Enables this TopN entry. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 759
Logging And Network Management Command Set Configuring RMON 10.2.4.22 clear rmon topN Use this command to delete an RMON TopN entry. clear rmon topN index Syntax Description index Specifies the index number of the entry to be cleared. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 760
Logging And Network Management Command Set Configuring RMON 10.2.4.23 show rmon matrix Use this command to display RMON matrix properties and statistics. The RMON matrix stores statistics for conversations between sets of two addresses. show rmon matrix [port-string] [source | dest] Syntax Description port-string (Optional) Displays RMON properties and statistics for a specific port(s). source | dest (Optional) Sorts the display by source or destination address.
PAGE 761
Logging And Network Management Command Set Configuring RMON Table 10-10 provides an explanation of the command output. Properties are set using the set rmon matrix properties command as described in Section 10.2.4.24. Table 10-10 show rmon matrix Output Details Output What It Displays... Matrix Index Index number for this RMON matrix entry. Interface Interface for which host monitoring is being conducted. Table size Number of entries in the matrix table for this interface.
PAGE 762
Logging And Network Management Command Set Configuring RMON 10.2.4.24 set rmon matrix properties Use this command to configure an RMON matrix entry. set rmon matrix properties index port-string [owner] Syntax Description index Specifies an index number for this entry. An entry will automatically be created if an unused index number is chosen. Maximum number of entries is 2. Maximum value is 65535. port-string Specifies port(s) on which to monitors statistics.
PAGE 763
Logging And Network Management Command Set Configuring RMON 10.2.4.25 set rmon matrix status Use this command to enable an RMON matrix entry. set rmon matrix status index enable Syntax Description index Specifies an index number for this entry. Maximum number of entries is 2. Maximum value is 65535. enable Enables or disables this matrix entry. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 764
Logging And Network Management Command Set Configuring RMON 10.2.4.26 clear rmon matrix Use this command to delete an RMON matrix entry. clear rmon matrix index Syntax Description index Specifies the index number of the entry to be cleared. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 765
Logging And Network Management Command Set Configuring RMON 10.2.4.27 show rmon channel Use this command to display RMON channel entries for one or more ports. show rmon channel [port-string] Syntax Description port-string (Optional) Displays RMON channel entries for a specific port(s). Command Defaults If port-string is not specified, information about all channels will be displayed. Command Type Switch command. Command Mode Read-Only.
PAGE 766
Logging And Network Management Command Set Configuring RMON 10.2.4.28 set rmon channel Use this command to configure an RMON channel entry. set rmon channel index port-string [accept {matched | failed}] [control {on | off}] [onevent onevent] [offevent offevent] [event event] [estatus {ready | fired | always}] [description description] [owner owner] Syntax Description index Specifies an index number for this entry. An entry will automatically be created if an unused index number is chosen.
PAGE 767
Logging And Network Management Command Set Configuring RMON Command Defaults • If an action is not specified, packets will be accepted on filter matches. • If not specified, control will be set to off. • If onevent and offevent are not specified, none will be applied. • If event status is not specified, ready will be applied. • If a description is not specified, none will be applied. • If owner is not specified, it will be set to monitor. Command Type Switch command. Command Mode Read-Write.
PAGE 768
Logging And Network Management Command Set Configuring RMON 10.2.4.29 clear rmon channel Use this command to clear an RMON channel entry. clear rmon channel index Syntax Description index Specifies the channel entry to be cleared. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 769
Logging And Network Management Command Set Configuring RMON 10.2.4.30 show rmon filter Use this command to display one or more RMON filter entries. show rmon filter [index index | channel channel] Syntax Description index index | channel channel (Optional) Displays information about a specific filter entry, or about all filters which belong to a specific channel. Command Defaults If no options are specified, information for all filter entries will be displayed. Command Type Switch command.
PAGE 770
Logging And Network Management Command Set Configuring RMON 10.2.4.31 set rmon filter Use this command to configure an RMON filter entry. set rmon filter index channel_index [offset offset] [status status] [smask smask] [snotmask snotmask] [data data] [dmask dmask] [dnotmask dnotmask] [owner owner] Syntax Description index Specifies an index number for this entry. An entry will automatically be created if an unused index number is chosen. Maximum number of entries is 10. Maximum value is 65535.
PAGE 771
Logging And Network Management Command Set Configuring RMON Command Mode Read-Write.
PAGE 772
Logging And Network Management Command Set Configuring RMON 10.2.4.32 clear rmon filter Use this command to clear an RMON filter entry. clear rmon filter {index index | channel channel} Syntax Description index index | channel channel Clears a specific filter entry, or all entries belonging to a specific channel. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 773
Logging And Network Management Command Set Configuring RMON 10.2.4.33 show rmon capture Use this command to display RMON capture entries and associated buffer control entries. show rmon capture [index] [nodata] Syntax Description index (Optional) Displays the specified buffer control entry and all captured packets associated with that entry. nodata (Optional) Displays only the buffer control entry specified by index.
PAGE 774
Logging And Network Management Command Set Configuring RMON Example This example shows how to display RMON capture entries and associated buffer entries: Matrix(rw)->show rmon capture Buf.
PAGE 775
Logging And Network Management Command Set Configuring RMON 10.2.4.34 set rmon capture Use this command to configure an RMON capture entry, or to enable or disable an existing entry. set rmon capture index {channel [action {lock | wrap}] [slice slice] [loadsize loadsize] [offset offset] [asksize asksize] [owner owner]} | {enable | disable} Syntax Description index Specifies a buffer control entry. channel Specifies the channel to which this capture entry will be applied.
PAGE 776
Logging And Network Management Command Set Configuring RMON Command Type Switch command. Command Mode Read-Write.
PAGE 777
Logging And Network Management Command Set Configuring RMON 10.2.4.35 clear rmon capture Use this command to clears an RMON capture entry. clear rmon capture index Syntax Description index Specifies the capture entry to be cleared. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 778
Logging And Network Management Command Set Managing Switch Network Addresses and Routes 10.2.5 Managing Switch Network Addresses and Routes Purpose To display, add or delete switch ARP table entries, to enable or disable RAD (Runtime Address Discovery) protocol, to display, add or delete IP routing table addresses, and to display MAC address information. Commands Commands to manage switch network addresses and routes are listed below and described in the associated section as shown.
PAGE 779
Logging And Network Management Command Set Managing Switch Network Addresses and Routes 10.2.5.1 show arp Use this command to display the switch’s ARP table. show arp Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only. Example This example shows how to display the ARP table: Matrix(rw)->show arp LINK LEVEL ARP TABLE IP Address Phys Address Flags Interface ----------------------------------------------------10.20.1.1 00-00-5e-00-01-1 S host0 134.142.21.
PAGE 780
Logging And Network Management Command Set Managing Switch Network Addresses and Routes 10.2.5.2 set arp Use this command to add mapping entries to the switch’s ARP table. set arp ip-address mac-address [{temp | pub | trail}] Syntax Description ip-address Specifies the IP address to map to the MAC address and add to the ARP table. mac-address Specifies the MAC address to map to the IP address and add to the ARP table. temp (Optional) Sets the ARP entry as not permanent.
PAGE 781
Logging And Network Management Command Set Managing Switch Network Addresses and Routes 10.2.5.3 clear arp Use this command to delete a specific entry or all entries from the switch’s ARP table. clear arp {ip | all} Syntax Description ip | all Specifies the IP address in the ARP table to be cleared, or clears all ARP entries. Command Defaults None. Command Type Switch command. Command Mode Read-Write. Example This example shows how to delete entry 10.1.10.
PAGE 782
Logging And Network Management Command Set Managing Switch Network Addresses and Routes 10.2.5.4 show rad Use this command to display the status of the RAD (Runtime Address Discovery) protocol on the switch. show rad Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only. Example This example shows how to display RAD status: Matrix(rw)->show rad RAD is currently enabled.
PAGE 783
Logging And Network Management Command Set Managing Switch Network Addresses and Routes 10.2.5.5 set rad Use this command to enable or disable RAD (Runtime Address Discovery) protocol. The Matrix Series device uses BOOTP/DHCP to obtain an IP address if one hasn’t been configured. RAD can also be used to retrieve a text configuration file from the network. NOTES: In order for RAD to retrieve a text configuration file, the file must be specified in the BootP tab.
PAGE 784
Logging And Network Management Command Set Managing Switch Network Addresses and Routes 10.2.5.6 show ip route Use this command to display the switch’s IP routing table entries. show ip route Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only.
PAGE 785
Logging And Network Management Command Set Managing Switch Network Addresses and Routes Table 10-12 show ip route Output Details (Continued) Output What It Displays... Flags Route status.
PAGE 786
Logging And Network Management Command Set Managing Switch Network Addresses and Routes 10.2.5.7 traceroute Use this command to display a hop-by-hop path through an IP network from the device to a specific destination host. Three UDP or ICMP probes will be transmitted for each hop between the source and the traceroute destination.
PAGE 787
Logging And Network Management Command Set Managing Switch Network Addresses and Routes -x (Optional) Prevents traceroute from calculating checksums. host Specifies the host to which the route of an IP packet will be traced. packetlen (Optional) Specifies the length of the probe packet. Command Defaults • If not specified, waittime will be set to 5 seconds. • If not specified, first-ttl will be set to 1 second. • If not specified, max-ttl will be set to 30 seconds.
PAGE 788
Logging And Network Management Command Set Managing Switch Network Addresses and Routes Example This example shows how to use traceroute to display a round trip path to host 192.167.252.17. In this case, hop 1 is the Matrix Series switch, hop 2 is 14.1.0.45, and hop 3 is back to the host IP address. Round trip times for each of the three UDP probes are displayed next to each hop: Matrix(rw)->traceroute 192.167.252.17 traceroute to 192.167.252.17 (192.167.252.17), 30 hops max, 40 byte packets 1 matrix.
PAGE 789
Logging And Network Management Command Set Managing Switch Network Addresses and Routes 10.2.5.8 set ip route Use this command to add a route to the switch’s IP routing table. set ip route {destination | default} gateway Syntax Description destination Specifies the IP address of the network or host to be added. default Sets the default gateway. gateway Specifies the IP address of the next-hop device. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 790
Logging And Network Management Command Set Managing Switch Network Addresses and Routes 10.2.5.9 clear ip route Use this command to delete switch IP routing table entries. clear ip route destination | default Syntax Description destination Specifies the IP address of the network or host to be cleared. default Clears the default gateway. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 791
Logging And Network Management Command Set Managing Switch Network Addresses and Routes 10.2.5.10 show port mac Use this command to display the MAC address(es) for one or more ports. These are port MAC addresses programmed into the device during manufacturing. To show the MAC addresses learned on a port through the switching process, use the show mac command as described in Section 10.2.5.11. show port mac [port-string] Syntax Description port-string (Optional) Displays MAC addresses for specific port(s).
PAGE 792
Logging And Network Management Command Set Managing Switch Network Addresses and Routes 10.2.5.11 show mac Use this command to display the timeout period for aging learned MAC addresses, and to show MAC addresses in the switch’s filtering database. These are addresses learned on a port through the switching process or statically entered. To show port MAC addresses programmed into the device during manufacturing, use the show port mac command as described in Section 10.2.5.10.
PAGE 793
Logging And Network Management Command Set Managing Switch Network Addresses and Routes Examples This example shows how to display the MAC address timeout period: Matrix(rw)->show mac agetime Aging time: 300 seconds This example shows how to display MAC address information for Fast Ethernet port 3 in module 1: Matrix(rw)->show mac port-string fe.1.3 MAC Address ----------------00-01-F4-32-88-C5 00-00-1D-12-11-88 FID ---0 3 Port ------------fe.1.3 fe.1.
PAGE 794
Logging And Network Management Command Set Managing Switch Network Addresses and Routes 10.2.5.12 set mac Use this command to set the timeout period for aging learned MAC entries, to define what ports a multicast address can be dynamically learned on or flooded to, and to make a static entry into the filtering database(s).
PAGE 795
Logging And Network Management Command Set Managing Switch Network Addresses and Routes 10.2.5.13 clear mac Use this command to reset the timeout period for aging learned MAC entries to the default value of 300 seconds, or to clear MAC addresses out of the filtering database(s). clear mac {[all] | [address address] [fid fid] | [vlan-id vlan-id] | [port-string port-string] [type {learned | mgmt}]} | [agetime] Syntax Description all Clear all MAC address entries. This will even clear permanent entries.
PAGE 796
Logging And Network Management Command Set Managing Switch Network Addresses and Routes This example shows how to clear all the MAC addresses associated with port fe.1.3: Matrix(rw)->clear mac port-string fe.1.
PAGE 797
Logging And Network Management Command Set Managing Switch Network Addresses and Routes 10.2.5.14 show newaddrtraps Use this command to display the status of MAC address traps on one or more ports. show newaddrtrap [port-string] Syntax Description port-string (Optional) Displays MAC address traps for specific port(s). For a detailed description of possible port-string values, refer to Section 3.1.1. Command Defaults If port-string is not specified, MAC address traps for all ports will be displayed.
PAGE 798
Logging And Network Management Command Set Managing Switch Network Addresses and Routes 10.2.5.15 set newaddrtraps Use this command to enable or disable SNMP trap messaging, globally or on one or more ports, when new source MAC addresses are detected. set newaddrtrap [port-string] {enable | disable} Syntax Description port-string (Optional) Specifies the port(s) on which to enable or disable MAC address traps. For a detailed description of possible port-string values, refer to Section 3.1.1.
PAGE 799
Logging And Network Management Command Set Managing Switch Network Addresses and Routes 10.2.5.16 show movedaddrtrap Use this command to display the status of moved MAC address traps on one or more ports. show movedaddrtrap [port-string] Syntax Description port-string (Optional) Displays MAC address traps for specific port(s). For a detailed description of possible port-string values, refer to Section 3.1.1.
PAGE 800
Logging And Network Management Command Set Managing Switch Network Addresses and Routes 10.2.5.17 set movedaddrtrap Use this command to enable or disable SNMP trap messaging, globally or on one or more ports, when moved source MAC addresses are detected. set movedaddrtrap [port-string] {enable | disable} Syntax Description port-string (Optional) Specifies the port(s) on which to enable or disable MAC address traps. For a detailed description of possible port-string values, refer to Section 3.1.1.
PAGE 801
Logging And Network Management Command Set Configuring Simple Network Time Protocol (SNTP) 10.2.6 Configuring Simple Network Time Protocol (SNTP) Purpose To configure the Simple Network Time Protocol (SNTP), which synchronizes device clocks in a network. Commands Commands to configure SNTP are listed below and described in the associated section as shown. • show sntp (Section 10.2.6.1) • set sntp client (Section 10.2.6.2) • clear sntp client (Section 10.2.6.3) • set sntp server (Section 10.2.6.
PAGE 802
Logging And Network Management Command Set Configuring Simple Network Time Protocol (SNTP) 10.2.6.1 show sntp Use this command to display SNTP client settings. show sntp Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only.
PAGE 803
Logging And Network Management Command Set Configuring Simple Network Time Protocol (SNTP) Table 10-14 show sntp Output Details Output What It Displays... SNTP Version SNTP version number. Current Time Current time on the system clock. Timezone Time zone name and amount it is offset from UTC (Universal Time). Set using set timezone command (Section 10.2.6.15). Client Mode Whether SNTP client is operating in unicast or broadcast mode. Set using set sntp client command (Section 10.2.6.2).
PAGE 804
Logging And Network Management Command Set Configuring Simple Network Time Protocol (SNTP) 10.2.6.2 set sntp client Use this command to set the SNTP operation mode. set sntp client {broadcast | unicast | disable} Syntax Description broadcast Enables SNTP in broadcast client mode. unicast Enables SNTP in unicast (point-to-point) client mode. In this mode, the client must supply the IP address from which to retrieve the current time. disable Disables SNTP. Command Defaults None.
PAGE 805
Logging And Network Management Command Set Configuring Simple Network Time Protocol (SNTP) 10.2.6.3 clear sntp client Use this command to clear the SNTP client’s operational mode. clear sntp client Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 806
Logging And Network Management Command Set Configuring Simple Network Time Protocol (SNTP) 10.2.6.4 set sntp server Use this command to add a server from which the SNTP client will retrieve the current time when operating in unicast mode. Up to 10 servers can be set as SNTP servers. set sntp server ip-address [precedence] Syntax Description ip-address Specifies the SNTP server’s IP address. precedence (Optional) Specifies this SNTP server’s precedence in relation to its peers.
PAGE 807
Logging And Network Management Command Set Configuring Simple Network Time Protocol (SNTP) 10.2.6.5 clear sntp server Use this command to remove one or all servers from the SNTP server list. clear sntp server {ip-address | all} Syntax Description ip-address Specifies the IP address of a server to remove from the SNTP server list. all Removes all servers from the SNTP server list. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 808
Logging And Network Management Command Set Configuring Simple Network Time Protocol (SNTP) 10.2.6.6 set sntp broadcastdelay Use this command to set the round trip delay, in microseconds, for SNTP broadcast frames. set sntp broadcastdelay time Syntax Description time Specifies broadcast delay time in microseconds. Valid values are 1 to 999999. Default value is 3000. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 809
Logging And Network Management Command Set Configuring Simple Network Time Protocol (SNTP) 10.2.6.7 clear sntp broadcast delay Use this command to clear the round trip delay time for SNTP broadcast frames. clear sntp broadcastdelay Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 810
Logging And Network Management Command Set Configuring Simple Network Time Protocol (SNTP) 10.2.6.8 set sntp poll-interval Use this command to set the poll interval between SNTP unicast requests. set sntp poll-interval interval Syntax Description interval Specifies the poll interval in seconds. Valid values are 16 to 16284. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 811
Logging And Network Management Command Set Configuring Simple Network Time Protocol (SNTP) 10.2.6.9 clear sntp poll-interval Use this command to clear the poll interval between unicast SNTP requests. clear sntp poll-interval Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 812
Logging And Network Management Command Set Configuring Simple Network Time Protocol (SNTP) 10.2.6.10 set sntp poll-retry Use this command to set the number of poll retries to a unicast SNTP server. set sntp poll-retry retry Syntax Description retry Specifies the number of retries. Valid values are 0 to 10. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 813
Logging And Network Management Command Set Configuring Simple Network Time Protocol (SNTP) 10.2.6.11 clear sntp poll-retry Use this command to clear the number of poll retries to a unicast SNTP server. clear sntp poll-retry Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 814
Logging And Network Management Command Set Configuring Simple Network Time Protocol (SNTP) 10.2.6.12 set sntp poll-timeout Use this command to set the poll timeout (in seconds) for a response to a unicast SNTP request. set sntp poll-timeout timeout Syntax Description timeout Specifies the poll timeout in seconds. Valid values are 1 to 30. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 815
Logging And Network Management Command Set Configuring Simple Network Time Protocol (SNTP) 10.2.6.13 clear sntp poll-timeout Use this command to clear the SNTP poll timeout. clear sntp poll-timeout Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 816
Logging And Network Management Command Set Configuring Simple Network Time Protocol (SNTP) 10.2.6.14 show timezone Use this command to display SNTP time zone settings. show timezone Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only.
PAGE 817
Logging And Network Management Command Set Configuring Simple Network Time Protocol (SNTP) 10.2.6.15 set timezone Use this command to set the SNTP time zone name and the hours and minutes it is offset from Coordinated Universal Time (UTC). set timezone name [hours] [minutes] Syntax Description name Specifies the time zone name. hours (Optional) Specifies the number of hours this timezone will be offset from UTC. Valid values are minus 12 (-12) to 12.
PAGE 818
Logging And Network Management Command Set Configuring Simple Network Time Protocol (SNTP) 10.2.6.16 clear timezone Use this command to remove SNTP time zone adjustment values. clear timezone Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 819
Logging And Network Management Command Set Configuring Node Aliases 10.2.7 Configuring Node Aliases Purpose To review, configure, disable and re-enable node (port) alias functionality, which determines what network protocols are running on one or more ports. Commands Commands to configure node aliases are listed below and described in the associated section as shown. • show nodealias (Section 10.2.7.1) • show nodealias mac (Section 10.2.7.2) • show nodealias protocol (Section 10.2.7.
PAGE 820
Logging And Network Management Command Set Configuring Node Aliases 10.2.7.1 show nodealias Use this command to display node alias properties for one or more ports. show nodealias [port-string] Syntax Description port-string (Optional) Displays node alias properties for specific port(s). For a detailed description of possible port-string values, refer to Section 3.1.1. Command Defaults If port-string is not specified, node alias properties will be displayed for all ports. Command Mode Read-Only.
PAGE 821
Logging And Network Management Command Set Configuring Node Aliases Table 10-15 show nodealias Output Details (Continued) Output What It Displays... Vlan ID VLAN ID associated with this alias. MAC Address MAC address associated with this alias. Protocol Networking protocol running on this port. Address / Source IP When applicable, a protocol-specific address associated with this alias.
PAGE 822
Logging And Network Management Command Set Configuring Node Aliases 10.2.7.2 show nodealias mac Use this command to display node alias entries based on MAC address and protocol. show nodealias mac mac_address [ip | apl | mac | hsrp | dhcps | dhcpc | bootps | bootpc | ospf | vrrp | ipx | xrip | xsap | ipx20 | rtmp | netBios | nbt | bgp | rip | igrp | dec | bpdu | udp] [port-string] Syntax Description mac_address Specifies a MAC address for which to display node alias entries.
PAGE 823
Logging And Network Management Command Set Configuring Node Aliases Command Defaults • If protocol is not specified, node alias entries for all protocols will be displayed. • If port-string is not specified, node alias entries will be displayed for all ports. Command Mode Read-Only. Example This example shows how to display node alias entries for BPDU traffic on MAC addresses beginning with 00-e0. Refer back to Table 10-15 for a description of the command output.
PAGE 824
Logging And Network Management Command Set Configuring Node Aliases 10.2.7.3 show nodealias protocol Use this command to display node alias entries based on protocol and protocol address.
PAGE 825
Logging And Network Management Command Set Configuring Node Aliases Example This example shows how to display node alias entries for IP traffic on ge.3.16. Refer back to Table 10-15 for a description of the command output. Matrix(rw)->show nodealias protocol ip ge.3.16 Port: ge.3.16 Time: 1 days 03 hrs 33 mins 47 secs -------------------------------------------------------Alias ID = 1533917141 Active = true Vlan ID = 1 MAC Address = 00-e0-63-04-7b-00 Protocol = ip Source IP = 199.45.62.
PAGE 826
Logging And Network Management Command Set Configuring Node Aliases 10.2.7.4 show nodealias config Use this command to display node alias configuration settings on one or more ports. show nodealias config [port-string] Syntax Description port-string (Optional) Displays node alias configuration settings for specific port(s). For a detailed description of possible port-string values, refer to Section 3.1.1.
PAGE 827
Logging And Network Management Command Set Configuring Node Aliases Table 10-16 show nodealias config Output Details Output What It Displays... Port Number Port designation. Max Entries Maximum number of alias entries configured for this port. Set using the set nodealias maxentries command (Section 10.2.7.6). Used Entries Number of alias entries (out of the maximum amount configured) already used by this port.
PAGE 828
Logging And Network Management Command Set Configuring Node Aliases 10.2.7.5 set nodealias Use this command to enable or disable a node alias agent on one or more ports. Upon packet reception, node aliases are dynamically assigned to ports enabled with an alias agent, which is the default setting on Matrix Series devices. Node aliases cannot be statically created, but can be deleted using the clear node alias command as described in Section 10.2.7.7.
PAGE 829
Logging And Network Management Command Set Configuring Node Aliases 10.2.7.6 set nodealias maxentries Use this command to set the maximum number of node alias entries allowed for one or more ports. set nodealias maxentries val port-string Syntax Description val Specifies the maximum number of alias entries. port-string Specifies the port(s) on which to set the maximum entry value. For a detailed description of possible port-string values, refer to Section 3.1.1. Command Defaults None.
PAGE 830
Logging And Network Management Command Set Configuring Node Aliases 10.2.7.7 clear nodealias Use this command to remove one or more node alias entries. clear nodealias {port-string port-string | alias-id alias-id} Syntax Description port-string port-string Specifies the port(s) on which to remove all node alias entries. For a detailed description of possible port-string values, refer to Section 3.1.1. alias-id alias-id Specifies the ID of the node alias to remove.
PAGE 831
Logging And Network Management Command Set Configuring Node Aliases 10.2.7.8 clear nodealias config Use this command to reset node alias state to enabled and clear the maximum entries value. clear nodealias config port-string Syntax Description port-string Specifies the port(s) on which to reset the node alias configuration. For a detailed description of possible port-string values, refer to Section 3.1.1. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 832
Logging And Network Management Command Set Configuring NetFlow 10.2.8 Configuring NetFlow Purpose Netflow is a software feature and also the name of an open (but proprietary) Cisco protocol for collecting IP traffic information. Devices with NetFlow enabled generate netflow records, which are exported from the device in UDP packets and collected using a NetFlow collector. Commands Commands to configure NetFlow are listed below and described in the associated section as shown. • show netflow (Section 10.
PAGE 833
Logging And Network Management Command Set Configuring NetFlow 10.2.8.1 show netflow Use this command to display NetFlow configuration and statistics. show netflow [config] [statistics {export}] Syntax Description config (Optional) Show the NetFlow configuration. statistics (Optional) Show the NetFlow statistics. export export - Show the Netflow export statistics. Command Defaults If no parameters are entered, both NetFlow configuration and statistics are displayed. Command Type Switch command.
PAGE 834
Logging And Network Management Command Set Configuring NetFlow Example This example shows how to display both Netflow configuration and statistics: Matrix(rw)->show netflow Matrix N-SA Platinum(su)->show netflow Cache Status: Destination IP: Destination UDP Port: Export Version: Export Interval: Number of Entries: Inactive Timer: enabled 10.10.1.1 2055 5 30 (min) 196607 40 (sec) Enabled Ports: ----------------ge.1.11,23 Disabled Ports: ----------------lag.0.1-48 ge.1.
PAGE 835
Logging And Network Management Command Set Configuring NetFlow 10.2.8.2 set netflow Use this command to configure NetFlow. set netflow [cache {enable | disable}] [export-destination ip-address [udp-port]] [export-interval interval] [port port-string {enable | disable}] Syntax Description cache enable | disable Enable or disable the collection for a NetFlow cache exportdestination ip-address udp-port Sets the destination IP address of NetFlow collector.
PAGE 836
Logging And Network Management Command Set Configuring NetFlow 10.2.8.3 clear netflow Use this command to clear NetFlow parameters to factory defaults. clear netflow [cache] [all] [export-destination ip-address [udp-port]] [export-interval] [port port-string] Syntax Description cache Clears the collection status for a NetFlow cache. all Clears all NetFlow configuration back to factory defaults. exportdestination ip-address udp-port Clears the collector with specified address.
PAGE 837
11 IP Configuration This chapter describes the Internet Protocol (IP) configuration set of commands and how to use them. ROUTER: Unless otherwise noted, the commands covered in this chapter can be executed only when the device is in router mode. For details on how to enable router configuration modes, refer to Section 2.3.3. 11.1 PROCESS OVERVIEW: INTERNET PROTOCOL (IP) CONFIGURATION Use the following steps as a guide to configuring IP on the device: 1. Configuring routing interface settings (Section 11.2.
PAGE 838
IP Configuration Command Set Configuring Routing Interface Settings 11.2 IP CONFIGURATION COMMAND SET 11.2.1 Configuring Routing Interface Settings About Loopback vs. VLAN Interfaces Loopback interfaces are different from VLAN routing interfaces because they allow you to disconnect the operation of routing protocols from network hardware operation, improving the reliability of IP connections. A loopback interface is always reachable.
PAGE 839
IP Configuration Command Set Configuring Routing Interface Settings Purpose To enable routing interface configuration mode on the device, to create VLAN or loopback routing interfaces, to review the usability status of interfaces configured for IP, to set IP addresses for interfaces, and to enable interfaces for IP routing at device startup.
PAGE 840
IP Configuration Command Set Configuring Routing Interface Settings 11.2.1.1 show interface Use this command to display information about one or more interfaces (VLANs or loopbacks) configured on the router. show interface [vlan vlan-id | loopback loopback-id | lo local-id] Syntax Description vlan vlan-id | loopback loopback-id | lo local-id (Optional) Displays interface information for a specific VLAN, loopback, or local interface.
PAGE 841
IP Configuration Command Set Configuring Routing Interface Settings Example This example shows how to display information for all interfaces configured on the router. In this case, one loopback interface has been configured for routing. For a detailed description of this output, refer to Table 11-2: Matrix>Router1#show interface Vlan 1 is Administratively DOWN Vlan 1 is Operationally DOWN Mac Address is: 0001.f4da.
PAGE 842
IP Configuration Command Set Configuring Routing Interface Settings 11.2.1.2 interface Use this command to configure interfaces for IP routing. This command enables interface configuration mode from global configuration mode, and, if the interface has not previously been created, this command creates a new routing interface. For details on configuration modes supported by the Matrix Series device and their uses, refer to Table 2-14 in Section 2.3.3.
PAGE 843
IP Configuration Command Set Configuring Routing Interface Settings 11.2.1.3 ip ecm-forwarding-algorithm Use this command to enable ECM (Equal Cost Multipath) for forwarding IP packets on routing interfaces. ip ecm-forwarding-algorithm [hash-thold | round-robin] Syntax Description hash-thold | round-robin (Optional) Sets the ECM forwarding algorithm as hash threshold or round-robin. Command Syntax of the “no” Form The “no” form of this command disables ECM mode.
PAGE 844
IP Configuration Command Set Configuring Routing Interface Settings 11.2.1.4 show ip interface Use this command to display information, including administrative status, IP address, MTU (Maximum Transmission Unit) size and bandwidth, and ACL configurations, for interfaces configured for IP.
PAGE 845
IP Configuration Command Set Configuring Routing Interface Settings Table 11-2 provides an explanation of the command output. Table 11-2 show ip interface Output Details Output What It Displays... Vlan | Lpbk | Lo N Whether the interface is administratively and operationally up or down. IP Address Interface’s IP address and mask. Set using the ip address command as described in Section 11.2.1.5. Frame Type Encapsulation type used by this interface.
PAGE 846
IP Configuration Command Set Configuring Routing Interface Settings 11.2.1.5 ip address Use this command to set, remove, or disable a primary or secondary IP address for an interface. Each Matrix Series routing module or standalone device supports up to 96 routing interfaces, with up to 50 secondary addresses (200 maximum per router) allowed for each primary IP address.
PAGE 847
IP Configuration Command Set Configuring Routing Interface Settings 11.2.1.6 no shutdown Use this command to enable an interface for IP routing and to allow the interface to automatically be enabled at device startup. no shutdown Syntax Description None. NOTE: The shutdown form of this command disables an interface for IP routing. Command Type Router command. Command Mode Interface configuration: Matrix>Router1(config-if(Vlan 1))# Command Defaults None.
PAGE 848
IP Configuration Command Set Managing Router Configuration Files 11.2.2 Managing Router Configuration Files Each Matrix Series device provides a single configuration interface which allows you to perform both switch and router configuration with the same command set. When a redundancy license is available and has been activated, the device also provides redundant, distributed copies of each router configuration in the event that DFE modules are added or removed from the Matrix chassis.
PAGE 849
IP Configuration Command Set Managing Router Configuration Files 11.2.2.1 show running-config Use this command to display the non-default, user-supplied commands entered while configuring the device. show running-config Syntax Description None. Command Type Router command. Command Mode Any router mode. Command Defaults None. Example This example shows how to display the current router operating configuration: Matrix>Router1#show running-config ! router id 192.168.100.
PAGE 850
IP Configuration Command Set Managing Router Configuration Files 11.2.2.2 write Use this command to save or delete the router running configuration, or to display it to output devices. write [erase | file [filename config-file] | terminal] NOTE: The write file command must be executed in order to save the router configuration to NVRAM. If this command is not executed, router configuration changes will not be saved upon reboot. Syntax Description erase (Optional) Deletes the router-specific file.
PAGE 851
IP Configuration Command Set Managing Router Configuration Files Example This example shows how to display the router-specific configuration to the terminal: Matrix>Router1#write terminal Enable Config t interface vlan 1 iP Address 182.127.63.1 255.255.255.0 no shutdown interface vlan 2 iP Address 182.127.62.1 255.255.255.0 no shutdown exit router rip network 182.127.0.
PAGE 852
IP Configuration Command Set Managing Router Configuration Files 11.2.2.3 no ip routing Use this command to disable IP routing on the device and remove the routing configuration. By default, IP routing is enabled when interfaces are configured for it as described in Section 11.2.1. no ip routing Syntax Description None. Command Type Router command. Command Mode Global configuration: Matrix>Router1(config)# Command Defaults None.
PAGE 853
IP Configuration Command Set Performing a Basic Router Configuration 11.2.3 Performing a Basic Router Configuration 11.2.3.1 Using Router-Only Config Files Although the Matrix Series’ single configuration interface provides one set of commands to perform both switch and router configuration, it is still possible to use router-only commands to configure the router. To do so, you need to add router config wrappers to your existing router config files, as shown in Figure 11-1.
PAGE 854
IP Configuration Command Set Performing a Basic Router Configuration 11.2.3.3 Configuring the Router You can configure the router using either of the following methods. Using a downloaded file... 1. Download a router config file to the standalone or chassis using the copy command as described in Section 2.2.9.5. 2. Run the configure command using the downloaded config file as described in Section 2.2.9.4. Creating and saving a custom file... 1.
PAGE 855
IP Configuration Command Set Reviewing and Configuring the ARP Table 11.2.3.4 Moving a Config File from Another Routing Module To copy a router configuration from one module to another, proceed as follows: 1. From the routing module in which you wish to copy a config file, perform a show config on the file as described in Section 2.2.9.3. 2. Copy the config file to a place where it can be edited with a file editing program. 3.
PAGE 856
IP Configuration Command Set Reviewing and Configuring the ARP Table 11.2.4.1 show ip arp Use this command to display entries in the ARP (Address Resolution Protocol) table. ARP converts an IP address into a physical address. show ip arp [ip-address] [vlan vlan-id] [output-modifier] Syntax Description ip-address (Optional) Displays ARP entries related to a specific IP address. vlan vlan-id (Optional) Displays only ARP entries learned through a specific VLAN interface.
PAGE 857
IP Configuration Command Set Reviewing and Configuring the ARP Table Example This example shows how to use the show ip arp command: Matrix>Router1#show ip arp Protocol Address Age (min) Hardware Addr Type Interface -----------------------------------------------------------------------------Internet 134.141.235.251 0 0003.4712.7a99 ARPA Vlan1 Internet 134.141.235.165 - 0002.1664.a5b3 ARPA Vlan1 Internet 134.141.235.167 4 00d0.cf00.4b74 ARPA Vlan2 Matrix>Router1#show ip arp 134.141.
PAGE 858
IP Configuration Command Set Reviewing and Configuring the ARP Table 11.2.4.2 arp Use this command to add or remove permanent (static) ARP table entries. Up to 1,000 static ARP entries are supported per Matrix Series routing module or standalone device. A multicast MAC address can be used in a static ARP entry. arp ip-address mac-address arpa Syntax Description ip-address Specifies the IP address of a device on the network. Valid values are IP addresses in dotted decimal notation.
PAGE 859
IP Configuration Command Set Reviewing and Configuring the ARP Table 11.2.4.3 ip gratuitous-arp Use this command to override the normal ARP updating process, that occurs by default. ip gratuitous-arp {ignore | reply | request} Syntax Description ignore Ignore all gratuitous ARP frames, no updates will occur. This option will also prevent any new learning from gratuitous arps, if the command ip gratuitous-arp-learning was used.(Section 11.2.4.4). reply Update from gratuitous arp reply only.
PAGE 860
IP Configuration Command Set Reviewing and Configuring the ARP Table 11.2.4.4 ip gratuitous-arp-learning Use this command to allow an interface to learn new ARP bindings using gratuitous ARP. This command will be in effect if the ip gratuitous-arp ignore command (Section 11.2.4.3) is used. There will be no learning from gratuitous ARP frames, even with the ip gratuitous-arp-learning command enabled.
PAGE 861
IP Configuration Command Set Reviewing and Configuring the ARP Table 11.2.4.5 ip proxy-arp Use this command to enable proxy ARP on an interface. This variation of the ARP protocol allows the routing module to send an ARP response on behalf of an end node to the requesting host. Proxy ARP can lessen bandwidth use on slow-speed WAN links. It is enabled by default. ip proxy-arp Syntax Description None.
PAGE 862
IP Configuration Command Set Reviewing and Configuring the ARP Table 11.2.4.6 ip mac-address Use this command to set a MAC address on an interface. ip mac-address address NOTE: By default, every routing interface uses the same MAC address. If the user needs interfaces to use different MAC addresses, this command will allow it.
PAGE 863
IP Configuration Command Set Reviewing and Configuring the ARP Table 11.2.4.7 arp timeout Use this command to set the duration (in seconds) for entries to stay in the ARP table before expiring. The device can support up to 2000 outstanding unresolved ARP entries. arp timeout seconds Syntax Description seconds Specifies the time in seconds that an entry remains in the ARP cache. Valid values are 0 - 65535. A value of 0 specifies that ARP entries will never be aged out.
PAGE 864
IP Configuration Command Set Reviewing and Configuring the ARP Table 11.2.4.8 clear arp-cache Use this command to delete all nonstatic (dynamic) entries from the ARP table. clear arp-cache Syntax Description None. Configuration Mode Privileged EXEC: Matrix>Router1# Command Defaults None.
PAGE 865
IP Configuration Command Set Configuring Broadcast Settings 11.2.5 Configuring Broadcast Settings Purpose To configure IP broadcast settings. Commands The commands used to configure IP broadcast settings are listed below and described in the associated section as shown: • ip directed-broadcast (Section 11.2.5.1) • ip forward-protocol (Section 11.2.5.2) • ip helper-address (Section 11.2.5.
PAGE 866
IP Configuration Command Set Configuring Broadcast Settings 11.2.5.1 ip directed-broadcast Use this command to enable or disable IP directed broadcasts on an interface. ip directed-broadcast Syntax Description None. Command Syntax of the “no” Form The “no” form of this command disables IP directed broadcast globally: no ip directed-broadcast Command Type Router command. Command Mode Interface configuration: Matrix>Router1(config-if(Vlan 1))# Command Defaults None.
PAGE 867
IP Configuration Command Set Configuring Broadcast Settings 11.2.5.2 ip forward-protocol Use this command to enable UDP broadcast forwarding and specify which protocols will be forwarded. This command works in conjunction with the ip helper-address command to configure UDP broadcast forwarding. For information on specifying a new destination for UDP broadcasts, refer to Section 11.2.5.3. ip forward-protocol {udp [port]} Syntax Description udp Specifies UDP as the IP forwarding protocol.
PAGE 868
IP Configuration Command Set Configuring Broadcast Settings Command Defaults If port is not specified, default forwarding services will be performed as listed above. Example This example shows how to enable forwarding of Domain Naming System UDP datagrams (port 53): Matrix>Router(config)#ip forward-protocol udp 53 About DHCP/BOOTP Relay DHCP/BOOTP relay functionality is applied with the help of IP broadcast forwarding.
PAGE 869
IP Configuration Command Set Configuring Broadcast Settings 11.2.5.3 ip helper-address Use this command to enable DHCP/BOOTP relay and the forwarding of local UDP broadcasts specifying a new destination address. This command works in conjunction with the ip forward-protocol command (Section 11.2.5.2), which defines the forward protocol and port number. You can use this command to add more than one helper address per interface.
PAGE 870
IP Configuration Command Set Configuring Broadcast Settings Command Syntax of the “no” Form The “no” form of this command disables the forwarding of UDP datagrams to the specified address: no ip helper-address address Command Type Router command. Command Mode Interface configuration: Matrix>Router(config-if(Vlan ))# Command Defaults None. Example This example shows how to permit UDP broadcasts from hosts on networks 191.168.1.255 and 192.24.1.
PAGE 871
IP Configuration Command Set Reviewing IP Traffic and Configuring Routes 11.2.6 Reviewing IP Traffic and Configuring Routes Purpose To review IP protocol information about the device, to review IP traffic and configure routes, to enable and send router ICMP (ping) messages, and to execute traceroute. Commands The commands used to review IP traffic and configure routes are listed below and described in the associated section as shown: • show ip protocols (Section 11.2.6.1) • show ip traffic (Section 11.2.
PAGE 872
IP Configuration Command Set Reviewing IP Traffic and Configuring Routes 11.2.6.1 show ip protocols Use this command to display information about IP protocols running on the device. show ip protocols NOTE: Enabling CIDR for RIP on the Matrix Series device requires using the no auto-summary command (as described in Section 12.2.2.16) to disable automatic route summarization. Syntax Description None. Command Type Router command. Command Mode Any router mode. Command Defaults None.
PAGE 873
IP Configuration Command Set Reviewing IP Traffic and Configuring Routes 11.2.6.2 show ip traffic Use this command to display IP traffic statistics. show ip traffic [softpath] Syntax Description softpath (Optional) Displays IP protocol softpath statistics. This option is used for debugging. Command Type Router command. Command Mode Any router mode. Command Defaults If softpath is not specified, general IP traffic statistics will be displayed.
PAGE 874
IP Configuration Command Set Reviewing IP Traffic and Configuring Routes Example This example shows how to display IP traffic statistics: Matrix>Router1#show ip traffic IP Statistics: Rcvd: 10 total, 6 local destination 0 header errors 0 unknown protocol, 0 security failures Frags: 0 reassembled, 0 timeouts 0 couldn't reassemble 0 fragmented, 0 couldn't fragment Bcast: 1 received, 8 sent Mcast: 0 received, 16 sent Sent: 24 generated, 0 forwarded 0 no route ICMP Statistics: Rcvd: 4 total, 0 checksum errors,
PAGE 875
IP Configuration Command Set Reviewing IP Traffic and Configuring Routes 11.2.6.3 clear ip stats Use this command to clear all IP traffic counters (IP, ICMP, UDP, TCP, IGMP, and ARP). clear ip stats Syntax Description None. Configuration Mode Privileged EXEC: Matrix>Router1# Command Defaults None.
PAGE 876
IP Configuration Command Set Reviewing IP Traffic and Configuring Routes 11.2.6.4 show ip route Use this command to display information about IP routes. show ip route [destination prefix destination prefix mask longer-prefixes | connected | ospf | rip | static | summary] NOTES: When there is more than one routing module configured in a Matrix chassis, each module will create and maintain its own route tables.
PAGE 877
IP Configuration Command Set Reviewing IP Traffic and Configuring Routes Command Defaults If no parameters are specified, all IP route information will be displayed. Example This example shows how to display all IP route information. In this case, there are routes directly connected to VLANs 1 and 2, two static routes connected to VLAN 1 (one indirectly, and one via another network IP), and one RIP route.
PAGE 878
IP Configuration Command Set Reviewing IP Traffic and Configuring Routes 11.2.6.5 ip route Use this command to add or remove a static IP route. ip route prefix mask {forward-addr | vlan vlan-id} [distance] [permanent] [tag value] Syntax Description prefix Specifies a destination IP address prefix. mask Specifies a destination prefix mask. forward-addr | vlan vlan-id Specifies a forwarding (gateway) IP address or routing (VLAN) interface ID.
PAGE 879
IP Configuration Command Set Reviewing IP Traffic and Configuring Routes Examples This example shows how to set IP address 10.1.2.3 as the next hop gateway to destination address 10.0.0.0. The route is assigned a tag of 1: Matrix>Router1(config)#ip route 10.0.0.0 255.0.0.0 10.1.2.3 1 This example shows how to set IP address 10.1.2.3 as the next hop gateway to destination address 10.0.0.0. The route is set as permanent and assigned a tag of 20: Matrix>Router1(config)#ip route 10.0.0.0 255.0.0.0 10.1.2.
PAGE 880
IP Configuration Command Set Reviewing IP Traffic and Configuring Routes 11.2.6.6 ip icmp Use this command to re-enable the Internet Control Message Protocol (ICMP), allowing a router to reply to IP ping requests. By default, ICMP messaging is enabled on a routing interface for both echo-reply and mask-reply modes. If, for security reasons, ICMP has been disabled using no ip icmp, this command will re-enable it on the routing interface.
PAGE 881
IP Configuration Command Set Reviewing IP Traffic and Configuring Routes 11.2.6.7 ping Use this command to test routing network connectivity by sending IP ping requests. The ping utility (IP ping only) transmits a maximum of five echo requests, with a packet size of 100. The application stops when the response has been received, or after the maximum number of requests has been sent. ping ip-address Syntax Description ip-address Specifies the IP address of the system to ping.
PAGE 882
IP Configuration Command Set Reviewing IP Traffic and Configuring Routes 11.2.6.8 traceroute Use this command to display a hop-by-hop path through an IP network from the device to a specific destination host. Three ICMP probes will be transmitted for each hop between the source and the traceroute destination. traceroute host Syntax Description host Specifies a host to which the route of an IP packet will be traced. Command Type Router command.
PAGE 883
IP Configuration Command Set Configuring PIM 11.2.7 Configuring PIM * Advanced License Required * PIM is an advanced routing feature that must be enabled with a license key. If you have purchased an advanced license key, and have enabled routing on the device, you must activate your license as described back in Section 2.2.4 in order to enable the PIM command set. If you wish to purchase an advanced routing license, contact Enterasys Networks Sales.
PAGE 884
IP Configuration Command Set Configuring PIM 11.2.7.1 ip pim sparse mode Use this command to enable Protocol Independent Multicast (PIM) Sparse Mode (SM) on a routing interface. ip pim sparse-mode Syntax Description None. Command Syntax of the “no” Form The no form of this command disables PIM on an interface: no ip pim sparse-mode Command Type Router command. Command Mode Interface configuration: Matrix>Router1(config-if(Vlan 1))# Command Defaults None.
PAGE 885
IP Configuration Command Set Configuring PIM 11.2.7.2 ip pim bsr-candidate Use this command to enable the router to announce its candidacy as a BootStrap Router (BSR). ip pim bsr-candidate pim-interface [hash-mask-length] [priority]] Syntax Description pim-interface Interface of the BSR candidate. This interface must be enabled with PIM as described in Section 11.2.7.1. hash-mask-length (Optional) Length of a mask to be added with the group address before the hash function is called.
PAGE 886
IP Configuration Command Set Configuring PIM Example This example sets the hash mask length to 30 and DR priority to 77 on VLAN 1: Matrix>Router1(config)#interface vlan 1 Matrix>Router1(config-if(Vlan 1))#ip pim bsr-candidate vlan 1 priority 77 11-50 Matrix DFE-Gold Series Configuration Guide
PAGE 887
IP Configuration Command Set Configuring PIM 11.2.7.3 ip pim dr-priority Use this command to set the priority for which a router will be elected as the designated router (DR). ip pim dr-priority priority Syntax Description priority Specifies a priority value for designated router selection. Valid values are 0 - 4294967294. Default is 1. Command Syntax of the “no” Form The no form of this command disables the DR functionality: no ip dr-priority Command Type Router command.
PAGE 888
IP Configuration Command Set Configuring PIM 11.2.7.4 ip pim rp-address Use this command to set a static rendezvous point (RP) for a multicast group. ip pim rp-address rp-address group-address group-mask [priority priority] Syntax Description rp-address Specifies the IP address of the PIM RP router. group-address Specifies the multicast group address. group-mask Specifies the multicast group mask. priority priority (Optional) Specifies an RP priority value, ranging from 0 255.
PAGE 889
IP Configuration Command Set Configuring PIM 11.2.7.5 ip pim rp-candidate Use this command to enable the router to advertise itself as a PIM candidate rendezvous point (RP) to the BSR. Only one RP candidate can be configured per routing module or standalone device. ip pim rp-candidate pim-interface group-address group-mask [priority priority] Syntax Description pim-interface Interface to advertise as an RP candidate. This interface must be enabled with PIM as described in Section 11.2.7.1.
PAGE 890
IP Configuration Command Set Configuring PIM 11.2.7.6 show ip pim bsr Use this command to display BootStrap Router (BSR) information. show ip pim bsr Syntax Description None. Command Type Router command. Command Mode Privileged EXEC: Matrix>Router1# Command Defaults None. Example This example shows how to display BootStrap Router (BSR) information: Matrix>Router1#show ip pim bsr PIMv2 Elected Bootstrap Router Information: BSR Address: 10.0.0.
PAGE 891
IP Configuration Command Set Configuring PIM Table 11-4 show ip pim bsr Output Details (Continued) Output What It Displays... BSR Hash Mask Length Length of a mask (32 bits maximum) that is to be added with the group address before the hash function is called. This value is configured by the ip pim bsr-candidate command. BSR Uptime Interval that this router has been up (in hours:minutes:seconds). After 24 hours, format will change into days:hours and, after a week, will change into weeks:days.
PAGE 892
IP Configuration Command Set Configuring PIM 11.2.7.7 show ip pim interface Use this command to display information about PIM interfaces that are currently up (not shutdown). show ip pim interface [interface] Syntax Description interface (Optional) Displays information about a specific PIM interface. This interface must be enabled with PIM as described in Section 11.2.7.1. Command Type Router command.
PAGE 893
IP Configuration Command Set Configuring PIM Table 11-5 show ip pim interface Output Details (Continued) Output What It Displays... Nbr-Count Total number of PIM neighbors on the interface, discovered by receiving PIM hello messages from other PIM routers on the interface. Query-Intvl Interval between Hello messages. Default is 30 seconds. DR-Prior Designated router priority value on the interface. Set with the ip pim dr-priority command (Section 11.2.7.3).
PAGE 894
IP Configuration Command Set Configuring PIM 11.2.7.8 show ip pim neighbor Use this command to display information about discovered PIM neighbors. show ip pim neighbor [interface] Syntax Description interface (Optional) Displays information about a specific PIM interface. This interface must be enabled with PIM as described in Section 11.2.7.1. Command Type Router command.
PAGE 895
IP Configuration Command Set Configuring PIM Table 11-6 show ip pim neighbor Output Details (Continued) Output What It Displays... Expires Interval in hours, minutes, and seconds until the entry will be removed from the IP multicast routing table. Mode Mode in which the interface is operating. (DR) Indicates that this neighbor is a designated router on the LAN.
PAGE 896
IP Configuration Command Set Configuring PIM 11.2.7.9 show ip pim rp Use this command to display the active rendezvous points (RPs) that are cached with associated multicast routing entries. show ip pim rp [group | mapping | multicast group address] Syntax Description group (Optional) Displays active RPs for any existing multicast group(s). mapping (Optional) Displays all RP mappings. multicast group address (Optional) Displays RP information for a specific multicast group IP address.
PAGE 897
IP Configuration Command Set Configuring PIM Table 11-7 provides an explanation of the command output. Table 11-7 show ip pim rp Output Details Output What It Displays... Group(s) Address of the multicast group(s) about which to display RP data. RP Address of the RP for that group. Priority RP priority value. Expiry Period (in hours:minutes:seconds) in which the next bootstrap message is due from this BSR. Uptime Interval that this router has been up in hours:minutes:seconds.
PAGE 898
IP Configuration Command Set Configuring PIM 11.2.7.10 show ip pim rp-hash Use this command to display the rendezvous point (RP) that is being selected for a specified group. show ip pim rp-hash group-address Syntax Description group-address Displays information about a specific group address. Command Type Router command. Command Mode Privileged EXEC: Matrix>Router1# Command Defaults None. Example This example shows how to display RP hash information: Matrix>Router1#show ip pim rp-hash RP 192.168.41.
PAGE 899
IP Configuration Command Set Configuring PIM 11.2.7.11 show ip mroute Use this command to display the IP multicast routing table. This table shows how a multicast routing protocol, such as PIM and DVMRP, will forward a multicast packet. Information in the table includes source network/mask and upstream neighbors. For more information on configuring DVMRP, refer to Section 12.2.4.
PAGE 900
IP Configuration Command Set Configuring PIM Example This example shows a portion of the IP multicast routing table display. In this case, it shows there are nine source PIM sparse mode (PIMSM) multicast networks.
PAGE 901
IP Configuration Command Set Configuring PIM 11.2.7.12 show ip mforward Use this command to display the IP multicast forwarding table. This table shows what multicast routes have actually been programmed into the Matrix hardware. Although redundant to the show ip mroute display (Section 11.2.7.11), it is a useful debugging tool if there are discrepancies between the multicast routing table and the multicast forwarding table.
PAGE 902
IP Configuration Command Set Configuring Load Sharing Network Address Translation (LSNAT) 11.2.8 Configuring Load Sharing Network Address Translation (LSNAT) * Advanced License Required * LSNAT is an advanced routing feature that must be enabled with a license key. If you have purchased an advanced license key, and have enabled routing on the device, you must activate your license as described back in Section 2.2.4 in order to enable the LSNAT command set.
PAGE 903
IP Configuration Command Set Configuring Load Sharing Network Address Translation (LSNAT) • The virtual port used by the virtual server (configured with the virtual command, Section 11.2.8.15) should match the real port used by the real server (configured with the real command, Section 11.2.8.4) in conjunction with the same virtual server, except when configuring sticky persistence. (See “Sticky Persistence Configuration Considerations” on page 11-68.
PAGE 904
IP Configuration Command Set Configuring Load Sharing Network Address Translation (LSNAT) • Sticky persistence — a binding is determined by matching the source and destination IP addresses only. This allows all requests from a client to the same virtual address to be directed to the same load balancing server. For example, both HTTP and HTTPS requests from the client address 134.141.176.10 to the virtual destination address 207.135.89.
PAGE 905
IP Configuration Command Set Configuring Load Sharing Network Address Translation (LSNAT) If you also want to provide direct client access to real servers configured as part of a server farm group, there are two mechanisms that can provide direct client access.
PAGE 906
IP Configuration Command Set Configuring Load Sharing Network Address Translation (LSNAT) Table 11-8 LSNAT Configuration Task List and Commands (Continued) Task Use these commands... • Specify a real server as a member of the server real (Section 11.2.8.4) farm. • (Optional) Specify a load balancing algorithm. predictor (Section 11.2.8.5) • (Optional) Configure this server farm to use sticky (Section 11.2.8.6) sticky session persistence.
PAGE 907
IP Configuration Command Set Configuring Load Sharing Network Address Translation (LSNAT) Table 11-8 LSNAT Configuration Task List and Commands (Continued) Task Use these commands... • (Optional) Specify the type of session persistence level (Section 11.2.8.18) persistence and timeout. Default is TCP. (See “Session Persistence” on page 11-67 for more information.) • (Optional) Allow specific clients direct access allow accessservers (Section 11.2.8.19) to a real server without using LSNAT.
PAGE 908
IP Configuration Command Set Configuring Load Sharing Network Address Translation (LSNAT) 11.2.8.1 show ip slb serverfarms Use this command to display server load balancing server farm information. show ip slb serverfarms [detail | serverfarmname [detail]] Syntax Description detail (Optional) Displays detailed output for a specific server farm or for all configured server farms. serverfarmname Specifies a server farm name for which to display information. Command Type Router command.
PAGE 909
IP Configuration Command Set Configuring Load Sharing Network Address Translation (LSNAT) 11.2.8.2 ip slb ftpctrlport Use this command to specify an FTP control port for load balancing functionality. By default, this is port 21. ip slb ftpctrlport port-number Syntax Description port-number Specifies an FTP port number Command Syntax of the “no” Form The “no” form of this command resets the FTP control port to 21: no ip slb ftpctrlport Command Type Router command.
PAGE 910
IP Configuration Command Set Configuring Load Sharing Network Address Translation (LSNAT) 11.2.8.3 ip slb serverfarm Use this command to identify an LSNAT server farm and enable server load balancing (SLB) server farm configuration mode. ip slb serverfarm serverfarmname Syntax Description serverfarmname Specifies a server farm name.
PAGE 911
IP Configuration Command Set Configuring Load Sharing Network Address Translation (LSNAT) 11.2.8.4 real Use this command to add a real LSNAT server to a server farm and to enable LSNAT real server configuration mode. real ip-address port number Syntax Description ip-address Specifies a server IP address. port number Specifies a port number for this server. Note that all real servers in the same server farm should be configured to use the same port.
PAGE 912
IP Configuration Command Set Configuring Load Sharing Network Address Translation (LSNAT) 11.2.8.5 predictor Use this command to specify which load balancing algorithm to use for selecting a real server in an LSNAT server farm. predictor [roundrobin | leastconns] Syntax Description roundrobin | leastconns (Optional) Specifies Round Robin or Least Connections as the selection algorithm.
PAGE 913
IP Configuration Command Set Configuring Load Sharing Network Address Translation (LSNAT) 11.2.8.6 sticky Use this command to configure sticky session persistence for this server farm. See “Sticky Persistence Configuration Considerations” on page 11-68 for more information. This command is used in conjunction with the persistence level sticky command described in Section 11.2.8.18.
PAGE 914
IP Configuration Command Set Configuring Load Sharing Network Address Translation (LSNAT) 11.2.8.7 show ip slb reals Use this command to display information about the real servers. show ip slb reals [detail | serverfarm serverfarmname [detail]] Syntax Description detail (Optional) Displays detailed output for a specific server farm or for all configured server farms. serverfarm serverfarmname Specifies a server farm name for which to display information. Command Type Router command.
PAGE 915
IP Configuration Command Set Configuring Load Sharing Network Address Translation (LSNAT) Matrix Router1(config)#>Router1>show ip slb reals serverfarm ten detail Server Farm : ten Real Server IP : 10.3.0.3 Real Server Port : 80 Fail Detect Ping Retries:4 Ping Interval : 200 Fail Detect App Retries:4 App Interval : 15 Fail Detect Type : ping Current Connections on this real server: 0 Current state of this real server: UP Maximum Connections : Unlimited Real Server Weight : 3 InService Real Server IP : 10.3.
PAGE 916
IP Configuration Command Set Configuring Load Sharing Network Address Translation (LSNAT) Table 11-9 show ip slb reals Output Details Output What It Displays... Server Farm Name of the server farm associated with this server. Assigned using the ip slb serverfarm command as described in Section 11.2.8.3. Real Server IP Address of the real server(s) assigned to this server farm. Assigned using the real command as described in Section 11.2.8.4. Real Server Port Port number assigned to this server.
PAGE 917
IP Configuration Command Set Configuring Load Sharing Network Address Translation (LSNAT) 11.2.8.8 inservice (real server) Use this command to enable a real LSNAT server. inservice Syntax Description None. Command Syntax of the “no” Form The “no” form of this command removes the real server from service: no inservice Command Type Router command. Command Mode SLB Real Server Configuration mode: Matrix>Router1(config-slb-real)# Command Defaults None.
PAGE 918
IP Configuration Command Set Configuring Load Sharing Network Address Translation (LSNAT) 11.2.8.9 faildetect (real server) Use this command to configure which method (type) is used to detect whether an LSNAT server is up or down. faildetect {ping-int seconds ping-retries number | app-int seconds app-retries number | type [both | ping | app]} Syntax Description ping-int seconds Specifies an ICMP ping failure detection interval in seconds. Valid values are 1 - 200. Default is 5 seconds.
PAGE 919
IP Configuration Command Set Configuring Load Sharing Network Address Translation (LSNAT) Example This example shows how to set the ping interval to 10 seconds and the retry number to 6 for the real server at IP 10.1.2.3 in the “httpserver” server farm: Matrix>Router1(config)#ip slb serverfarm httpserver Matrix>Router1(config-slb-sfarm)#real 10.1.2.
PAGE 920
IP Configuration Command Set Configuring Load Sharing Network Address Translation (LSNAT) 11.2.8.10 maxconns Use this command to limit the number of connections to a real LSNAT server. maxconns maximum-number Syntax Description maximum-number Specifies the maximum number of connections allowed. The default condition is unlimited number of connections. Command Syntax of the “no” Form The “no” form of this command removes the limit of connections to the server: no maxconns Command Type Router command.
PAGE 921
IP Configuration Command Set Configuring Load Sharing Network Address Translation (LSNAT) 11.2.8.11 weight Use this command to specify the weight load number of a real server that is a member of an LSNAT server farm. weight weight-number Syntax Description weight-number Specifies the weight load number. Valid values are 1-255. Command Syntax of the “no” Form The “no” form of this command resets the weight load number to the default value of 1: no weight weight-number Command Type Router command.
PAGE 922
IP Configuration Command Set Configuring Load Sharing Network Address Translation (LSNAT) 11.2.8.12 show ip slb vservers Use this command to display server load balancing virtual server information. show ip slb vservers [detail | virtserver-name [detail]] Syntax Description detail (Optional) Displays detailed output for a specific virtual server or for all configured virtual servers. virtserver-name (Optional) Specifies a virtual server name for which to display information.
PAGE 923
IP Configuration Command Set Configuring Load Sharing Network Address Translation (LSNAT) This example shows how to display detailed information about the “test” virtual server: Matrix Router1(config)#>show ip slb vservers test detail Virtual Server : test Virtual Server IP : 192.168.2.
PAGE 924
IP Configuration Command Set Configuring Load Sharing Network Address Translation (LSNAT) Table 11-10 show ip slb vservers Output Details (Continued) Output What It Displays... In Service Whether or not this virtual server is enabled (using the inservice command as described in Section 11.2.8.16). Service Name Whether or not the service named can also be accessed through this virtual server IP address. Configured using the virtual command as described in Section 11.2.8.15.
PAGE 925
IP Configuration Command Set Configuring Load Sharing Network Address Translation (LSNAT) 11.2.8.13 ip slb vserver Use this command to identify an LSNAT virtual server and to access or enable the virtual server load balance (SLB) configuration mode. ip slb vserver vserver-name Syntax Description vserver-name Specifies a virtual server name.
PAGE 926
IP Configuration Command Set Configuring Load Sharing Network Address Translation (LSNAT) 11.2.8.14 serverfarm Use this command to associate a virtual server with an LSNAT server farm. serverfarm serverfarm-name Syntax Description serverfarm-name Specifies a server farm name. Must be previously configured with the ip slb serverfarm command as described in Section 11.2.8.3.
PAGE 927
IP Configuration Command Set Configuring Load Sharing Network Address Translation (LSNAT) 11.2.8.15 virtual Use this command to configure a virtual server IP address. virtual ip-address {tcp | udp} port [service service-name] Syntax Description ip-address Specifies an IP address for the virtual server. tcp | udp Specifies TCP or UDP as the protocol used by the virtual server. port Specifies a TCP or UDP port number (0 through 65535) or port name to be used by this virtual server.
PAGE 928
IP Configuration Command Set Configuring Load Sharing Network Address Translation (LSNAT) Command Mode SLB Virtual Server Configuration mode: Matrix>Router1(config-slb-vserver)# Command Defaults If a TCP service name is not specified, none will be applied. Example This example shows how to set the IP address and TCP port for the “virtual-http” virtual server: Matrix>Router1(config)#ip slb serverfarm httpserver Matrix>Router1(config-slb-sfarm)#real 10.1.2.
PAGE 929
IP Configuration Command Set Configuring Load Sharing Network Address Translation (LSNAT) 11.2.8.16 inservice (virtual server) Use this command to enable a virtual LSNAT server. inservice Syntax Description None. Command Syntax of the “no” Form The “no” form of this command removes the virtual server from service: no inservice Command Type Router command. Command Mode SLB Virtual Server Configuration mode: Matrix>Router1(config-slb-vserver)# Command Defaults None.
PAGE 930
IP Configuration Command Set Configuring Load Sharing Network Address Translation (LSNAT) 11.2.8.17 client Use this command to allow a specific client to use a virtual server. If no clients are specified with this command, all clients will be allowed to use a virtual server. client ip-address network-mask Syntax Description ip-address Specifies a client’s IP address. network-mask Specifies a client’s network mask.
PAGE 931
IP Configuration Command Set Configuring Load Sharing Network Address Translation (LSNAT) 11.2.8.18 persistence level Use this command to set the type of binding used and the time limit to allow clients to remain bound to an LSNAT virtual server. See “Session Persistence” on page 11-67 for more information. persistence level [tcp | ssl | sticky] timeperiod Syntax Description tcp | ssl | sticky (Optional) Specifies the type of binding that is used to connect a client to a server. TCP is the default.
PAGE 932
IP Configuration Command Set Configuring Load Sharing Network Address Translation (LSNAT) Command Defaults If not specified, persistence level is set to TCP. Examples This example shows how to set the TCP session persistence timeout to 360 seconds on the virtual server named “virtual-http”: Matrix>Router1(config)#ip slb serverfarm httpserver Matrix>Router1(config-slb-sfarm)#real 10.1.2.
PAGE 933
IP Configuration Command Set Configuring Load Sharing Network Address Translation (LSNAT) 11.2.8.19 allow accessservers Use this command to allow specific clients to access the load balancing real servers in a particular LSNAT server farm without address translation. Specified clients can set up connections directly to the real servers’ IP addresses, as well as to the virtual server IP address (VIP).
PAGE 934
IP Configuration Command Set Configuring Load Sharing Network Address Translation (LSNAT) 11.2.8.20 ip slb allowaccess_all Use this command to allow all clients to directly access all services provided by real servers EXCEPT FOR those services configured for server load balancing. The real servers are still protected from direct client access for configured services only.
PAGE 935
IP Configuration Command Set Configuring Load Sharing Network Address Translation (LSNAT) Matrix>Router1(config)#ip slb allowaccess_all Matrix>Router1(config)#ip slb serverfarm httpserver Matrix>Router1(config-slb-sfarm)#real 10.1.2.1 port 80 Matrix>Router1(config-slb-real)#inservice Matrix>Router1(config-slb-real)#exit Matrix>Router1(config-slb-sfarm)#real 10.1.2.
PAGE 936
IP Configuration Command Set Configuring Load Sharing Network Address Translation (LSNAT) 11.2.8.21 show ip slb conns Use this command to display active server load balancing connections. show ip slb conns [detail | vserver virtualserver [detail] | client client-ip [detail]] Syntax Description detail (Optional) Displays detailed output for a specific virtual server, a specific client, or for all configured virtual servers and clients.
PAGE 937
IP Configuration Command Set Configuring Load Sharing Network Address Translation (LSNAT) This example shows how to display detailed information about active server load balancing connections: Matrix>Router1#show ip slb conns detail Connection Flow ID : 3 Real Server IP : 172.17.1.2 Client IP : 169.225.1.50 Real Server Port : 1003 Client Port : 1113 Protocol : TCP Created Time stamp : 2004/3/24 14:34:17 Connection State : outgoing server reply state Connection Flow ID : 2 Real Server IP : 172.17.1.
PAGE 938
IP Configuration Command Set Configuring Load Sharing Network Address Translation (LSNAT) 11.2.8.22 show ip slb stats Use this command to display load server balancing statistics. show ip slb stats Syntax Description None. Command Type Router command. Command Mode Any router mode. Command Defaults None.
PAGE 939
IP Configuration Command Set Configuring Load Sharing Network Address Translation (LSNAT) 11.2.8.23 show ip slb sticky Use this command to display server load balancing active sticky connections. show ip slb sticky [client ip-address] Syntax Description client ip-address (Optional) Display sticky connections for a particular client. Command Type Router command. Command Mode Any router mode. Command Defaults If client is not specified, all server load balancing active sticky connections are displayed.
PAGE 940
IP Configuration Command Set Configuring Load Sharing Network Address Translation (LSNAT) 11.2.8.24 clear ip slb Use this command to clear server load balancing counters or to remove server load balancing connections. clear ip slb {[counters] [connections {all | flowid flowid | serverfarm serverfarm | vserver vserver}]} Syntax Description counters Clears all server load balancing counters.
PAGE 941
IP Configuration Command Set Configuring Load Sharing Network Address Translation (LSNAT) 11.2.8.25 show router limits Use this command to display LSNAT router limits. show router limits [lsnat-bindings] | [lsnat-cache] | [lsnat-configs] NOTE: This command must be executed from the switch CLI. Syntax Description lsnat-bindings (Optional) Displays the LSNAT maximum bindings limit. lsnat-cache (Optional) Displays the LSNAT cache size limit.
PAGE 942
IP Configuration Command Set Configuring Load Sharing Network Address Translation (LSNAT) 11.2.8.26 set router limits Use this command to set LSNAT router limits. set router limits [lsnat-bindings lsnat-bindings] | [lsnat-cache lsnat-cache] | [lsnat-configs lsnat-configs] NOTE: This command must be executed from the switch CLI. Syntax Description lsnat-bindings lsnat-bindings (Optional) Sets the LSNAT maximum bindings limit. lsnat-cache lsnat-cache (Optional) Sets the LSNAT cache size limit.
PAGE 943
IP Configuration Command Set Configuring Load Sharing Network Address Translation (LSNAT) configured, and up to 500 real servers and 500 client access entries can be configured. Example This example shows how to set the LSNAT configuration limit to 25. This means that up to 25 server farms, 25 virtual servers, and 25 direct access entries can be configured, and up to 250 real servers and 250 client access entries can be configured.
PAGE 944
IP Configuration Command Set Configuring Load Sharing Network Address Translation (LSNAT) 11.2.8.27 clear router limits Use this command to reset chassis-based LSNAT limits to default values. clear router limits [lsnat-bindings] | [lsnat-cache] | [lsnat-configs] NOTE: This command must be executed from the switch CLI. Syntax Description lsnat-bindings (Optional) Resets the LSNAT maximum bindings limit to the default value of 5000.
PAGE 945
IP Configuration Command Set Configuring Dynamic Host Configuration Protocol (DHCP) 11.2.9 Configuring Dynamic Host Configuration Protocol (DHCP) DHCP Overview The Dynamic Host Configuration Protocol (DHCP) provides services for allocating and delivering IP addresses and other configuration parameters to Internet hosts. DHCP consists of two components: a protocol for delivering host-specific configuration parameters from a DHCP server to a host, and a mechanism for allocating network addresses to hosts.
PAGE 946
IP Configuration Command Set Configuring Dynamic Host Configuration Protocol (DHCP) DHCP Task List The CLI commands for DHCP Server provide functionality for: 1. Configuring a DHCP local pool for a subnet (required) 2. Excluding IP addresses not to be assigned to the clients by the DHCP server (optional) 3. Configuring a DHCP pool (required) 4. Configuring manual bindings of IP addresses and client hardware addresses (optional) 5. Configuring a DHCP server boot file (optional) 6.
PAGE 947
IP Configuration Command Set Configuring Dynamic Host Configuration Protocol (DHCP) Table 11-12 DHCP Command Modes (Continued) Mode Usage Access Method Resulting Prompt DHCP Host Configuration Mode Configure DHCP host parameters. Type client-identifier and the identifier, or hardware-address and an address from any DHCP configuration mode.
PAGE 948
IP Configuration Command Set Configuring Dynamic Host Configuration Protocol (DHCP) • client-class (Section 11.2.9.17) • client-identifier (Section 11.2.9.18) • client-name (Section 11.2.9.19) • hardware-address (Section 11.2.9.20) • show ip dhcp binding (Section 11.2.9.21) • clear ip dhcp binding (Section 11.2.9.22) • show ip dhcp server statistics (Section 11.2.9.23) • clear ip dhcp server statistics (Section 11.2.9.
PAGE 949
IP Configuration Command Set Configuring Dynamic Host Configuration Protocol (DHCP) 11.2.9.1 ip dhcp server Use this command to enable DHCP server features on a routing interface. ip dhcp server Syntax Description None. Command Syntax of the “no” Form The “no” form of this command disables DHCP server features on one or all routing interfaces: no ip dhcp Command Type Router command. Command Mode Interface configuration: Matrix>Router1(config-if(Vlan 1))# Command Defaults None.
PAGE 950
IP Configuration Command Set Configuring Dynamic Host Configuration Protocol (DHCP) 11.2.9.2 ip local pool Use this command to configure a local address pool to use as a DHCP subnet. This defines the range of IP addresses to be used by DHCP server and enables IP local pool configuration mode. ip local pool name subnet mask Syntax Description name Specifies a name for the local address pool. subnet Specifies an IP subnet for the local address pool.
PAGE 951
IP Configuration Command Set Configuring Dynamic Host Configuration Protocol (DHCP) 11.2.9.3 exclude Use this command to exclude one or more addresses from a DHCP local address pool. exclude ip-address number Syntax Description ip-address Specifies the starting IP address to be excluded from this pool. number Specifies the number of addresses to be excluded. Valid values are 1 - 65535.
PAGE 952
IP Configuration Command Set Configuring Dynamic Host Configuration Protocol (DHCP) 11.2.9.4 ip dhcp ping packets Use this command to specify the number of packets a DHCP server sends to an IP address before assigning the address to a requesting client. ip dhcp ping packets number Syntax Description number Specifies the number of ping packets to be sent. Valid values are 0 - 10. Default is 2.
PAGE 953
IP Configuration Command Set Configuring Dynamic Host Configuration Protocol (DHCP) 11.2.9.5 ip dhcp ping timeout Use this command to specify the amount of time the DHCP server will wait for a ping reply from an IP address before timing out. ip dhcp ping timeout milliseconds Syntax Description number Specifies the ping timeout in milliseconds. Valid values are 100 to 10000.
PAGE 954
IP Configuration Command Set Configuring Dynamic Host Configuration Protocol (DHCP) 11.2.9.6 ip dhcp pool Use this command to assign a name to a DHCP server pool of addresses, and to enable DHCP address pool configuration mode. ip dhcp pool name Syntax Description name Specifies a DHCP address pool name. NOTE: This must match the previously configured name assigned with the ip local pool command as described in Section 11.2.9.2.
PAGE 955
IP Configuration Command Set Configuring Dynamic Host Configuration Protocol (DHCP) 11.2.9.7 domain-name Use this command to assign a domain name to a DHCP client. domain-name domain Syntax Description domain Specifies a domain name string. Command Syntax of the “no” Form The “no” form of this command deletes a DHCP domain name: no ip dhcp domain-name domain Command Type Router command. Command Mode Any DHCP configuration mode. Command Defaults None.
PAGE 956
IP Configuration Command Set Configuring Dynamic Host Configuration Protocol (DHCP) 11.2.9.8 dns-server Use this command to assign one or more DNS servers to DHCP clients. dns-server address [address2...address8] Syntax Description address Specifies the IP address of a DNS server. address2... address8 (Optional) Specifies, in order of preference, up to 7 additional DNS server IP address(es).
PAGE 957
IP Configuration Command Set Configuring Dynamic Host Configuration Protocol (DHCP) 11.2.9.9 netbios-name-server Use this command to assign one or more NetBIOS WINS servers to DHCP clients. netbios-name-server address [address2...address8] Syntax Description address Specifies the IP address of a NetBIOS WINS server. address2... address8 (Optional) Specifies, in order of preference, up to 7 additional NetBIOS WINS server IP address(es).
PAGE 958
IP Configuration Command Set Configuring Dynamic Host Configuration Protocol (DHCP) 11.2.9.10 netbios-node-type Use this command to assign a NetBIOS node (server) type to DHCP clients. netbios-node-type type Syntax Description type Specifies the NetBIOS node type.
PAGE 959
IP Configuration Command Set Configuring Dynamic Host Configuration Protocol (DHCP) 11.2.9.11 default-router Use this command to assign a default router list to DHCP clients. default-router address [address2...address8] Syntax Description address Specifies the IP address of a default router. address2... address8 (Optional) Specifies, in order of preference, up to 7 additional default router IP address(es).
PAGE 960
IP Configuration Command Set Configuring Dynamic Host Configuration Protocol (DHCP) 11.2.9.12 bootfile Use this command to specify the default boot image for a DHCP client. bootfile filename Syntax Description filename Specifies the boot image file name. Command Syntax of the “no” Form The “no” form of this command deletes the boot image association: no bootfile Command Type Router command. Command Mode Any DHCP configuration mode. Command Defaults None.
PAGE 961
IP Configuration Command Set Configuring Dynamic Host Configuration Protocol (DHCP) 11.2.9.13 next-server Use this command to specify the next server in the DHCP server boot process. The next server is the server the client will contact for the boot file if the primary server is not able to supply it.
PAGE 962
IP Configuration Command Set Configuring Dynamic Host Configuration Protocol (DHCP) 11.2.9.14 option Use this command to configure DHCP options. These configuration parameters and other control information are carried in tagged data items that are stored in the options field of the DHCP message to network hosts. For a current list of DHCP options, refer to RFC 2132.
PAGE 963
IP Configuration Command Set Configuring Dynamic Host Configuration Protocol (DHCP) This example shows how to configure DHCP option 72, which assigns one or more Web servers for DHCP clients. In this case, two Web server addresses are configured: Matrix>Router1(config)#ip dhcp pool localpool Matrix>Router1(config-dhcp-pool)#option 72 ip 168.24.3.252 168.24.3.
PAGE 964
IP Configuration Command Set Configuring Dynamic Host Configuration Protocol (DHCP) 11.2.9.15 lease Use this command to specify the duration of the lease for an IP address assigned by a DHCP server to a client. lease {days [hours] [minutes] | infinite} Syntax Description days Specifies the number of days an address lease will remain valid. hours (Optional) When a days value has been assigned, specifies the number of hour an address lease will remain valid.
PAGE 965
IP Configuration Command Set Configuring Dynamic Host Configuration Protocol (DHCP) 11.2.9.16 host Use this command to specify an IP address and network mask for manual DHCP binding. host address [mask | prefix-length] Syntax Description address Specifies the IP address of the DHCP client. mask | prefix-length (Optional) Specifies a network mask or prefix for the IP address. Command Syntax of the “no” Form The “no” form of this command removes the client IP address: no host Command Type Router command.
PAGE 966
IP Configuration Command Set Configuring Dynamic Host Configuration Protocol (DHCP) 11.2.9.17 client-class Use this command to identify an DHCP client class. Using this command to give a set of client class properties a name, allows you to assign properties to all DHCP clients within the class rather than configuring each client separately. This command also enables DHCP class configuration mode. client-class name Syntax Description name Specifies a name for a DHCP client class.
PAGE 967
IP Configuration Command Set Configuring Dynamic Host Configuration Protocol (DHCP) 11.2.9.18 client-identifier Use this command to enable DHCP host configuration mode and associate a client class with a DHCP client. client-identifier mac-address [client-class name] Syntax Description mac-address Specifies the client’s MAC address. client-class name (Optional) Specifies the class to which this client will be assigned. Must be configured using the client-class name as described in Section 11.2.9.17.
PAGE 968
IP Configuration Command Set Configuring Dynamic Host Configuration Protocol (DHCP) 11.2.9.19 client-name Use this command to assign a name to a DHCP client. client-name name [client-class name] Syntax Description name Specifies a name for a DHCP client. NOTE: The client name should not include the domain name. client-class name (Optional) Specifies the class to which this client will be assigned. Must be configured using the client-class name as described in Section 11.2.9.17.
PAGE 969
IP Configuration Command Set Configuring Dynamic Host Configuration Protocol (DHCP) 11.2.9.20 hardware-address Use this command to specify parameters for a new DHCP client address. This command also enables DHCP host configuration mode. hardware-address hardware-address [type] Syntax Description hardware-address Specifies the MAC address of the client’s hardware platform. type (Optional) Specifies a hardware protocol or client class name.
PAGE 970
IP Configuration Command Set Configuring Dynamic Host Configuration Protocol (DHCP) 11.2.9.21 show ip dhcp binding Use this command to display information about one or all DHCP address bindings. show ip dhcp binding [ip-address] Syntax Description ip-address (Optional) Displays bindings for a specific client IP address. Command Type Router command. Command Mode Any DHCP configuration mode. Command Defaults If ip-address is not specified, information about all address bindings will be shown.
PAGE 971
IP Configuration Command Set Configuring Dynamic Host Configuration Protocol (DHCP) 11.2.9.22 clear ip dhcp binding Use this command to delete one or all automatic DHCP address bindings. clear ip dhcp binding {address | *} Syntax Description address | * Specifies an automatic address binding to be deleted, or that all (*) automatic bindings will be deleted. Command Type Router command. Command Mode Privileged EXEC: Matrix>Router1# Command Defaults None.
PAGE 972
IP Configuration Command Set Configuring Dynamic Host Configuration Protocol (DHCP) 11.2.9.23 show ip dhcp server statistics Use this command to display DHCP server statistics. show ip dhcp server statistics Syntax Description None. Command Type Router command. Command Mode Any DHCP configuration mode. Command Defaults None.
PAGE 973
IP Configuration Command Set Configuring Dynamic Host Configuration Protocol (DHCP) Table 11-13 provides an explanation of the command output. Table 11-13 show ip dhcp server statistics Output Details Output What It Displays... Memory usage Bytes of RAM allocated by the DHCP server. Address pools Configured address pools in the DHCP database. Database agents Agents configured in the DHCP database.
PAGE 974
IP Configuration Command Set Configuring Dynamic Host Configuration Protocol (DHCP) 11.2.9.24 clear ip dhcp server statistics Use this command to reset all DHCP server counters. clear ip dhcp server statistics Syntax Description None. Command Type Router command. Command Mode Privileged EXEC: Matrix>Router1# Command Defaults None.
PAGE 975
12 Routing Protocol Configuration This chapter describes the Routing Protocol Configuration set of commands and how to use them. ROUTER: The commands covered in this chapter can be executed only when the device is in router mode. For details on how to enable router configuration modes, refer to Section 2.3.3. 12.1 PROCESS OVERVIEW: ROUTING PROTOCOL CONFIGURATION Use the following steps as a guide to configuring routing protocols on the device: 1. Activating advanced routing features (Section 12.2.1) 2.
PAGE 976
Routing Protocol Configuration Command Set Activating Advanced Routing Features 12.2 ROUTING PROTOCOL CONFIGURATION COMMAND SET 12.2.1 Activating Advanced Routing Features In order to enable advanced routing protocols, such as OSPF and extended ACLs, on a Matrix Series device, you must purchase and activate a license key. If you have purchased an advanced routing license, and have enabled routing on the device as described in previous chapters, you can activate your license as described back in Section 2.
PAGE 977
Routing Protocol Configuration Command Set Configuring RIP Table 12-1 RIP Configuration Task List and Commands (Continued) To do this... Use these commands... Specify a RIP version. ip rip send version (Section 12.2.2.7) ip rip receive version (Section 12.2.2.8) Configure RIP authentication. key chain (Section 12.2.2.9) key (Section 12.2.2.10) key-string (Section 12.2.2.11) accept-lifetime (Section 12.2.2.12) send-lifetime (Section 12.2.2.13) ip rip authentication keychain (Section 12.2.2.
PAGE 978
Routing Protocol Configuration Command Set Configuring RIP 12.2.2.1 router rip Use this command to enable or disable RIP configuration mode. router rip NOTE: You must execute the router rip command to enable the protocol before completing many RIP-specific configuration tasks. For details on enabling configuration modes, refer to Table 2-12 in Section 2.3.3. Syntax Description None. Command Syntax of the “no” Form The “no” form of this command disables RIP: no router rip Command Type Router command.
PAGE 979
Routing Protocol Configuration Command Set Configuring RIP 12.2.2.2 network Use this command to attach a network of directly connected networks to a RIP routing process, or to remove a network from a RIP routing process. network ip-address Syntax Description ip-address Specifies the IP address of a directly connected network that RIP will advertise to its neighboring routers.
PAGE 980
Routing Protocol Configuration Command Set Configuring RIP 12.2.2.3 neighbor Use this command to instruct the router to send unicast RIP information to an IP address. RIP is normally a broadcast protocol. In order for RIP routing updates to reach nonbroadcast networks, the neighbor’s IP address must be configured to permit the exchange of routing information.
PAGE 981
Routing Protocol Configuration Command Set Configuring RIP 12.2.2.4 distance Use this command to configure the administrative distance for RIP routes. If several routes (coming from different protocols) are presented to the Matrix Series Route Table Manager (RTM), the protocol with the lowest administrative distance will be chosen for route installation. By default, RIP administrative distance is set to 120.
PAGE 982
Routing Protocol Configuration Command Set Configuring RIP Example This example shows how to change the default administrative distance for RIP to 1001: Matrix>Router1(config)#router rip Matrix>Router1(config-router)#distance 100 12-8 Matrix DFE-Gold Series Configuration Guide
PAGE 983
Routing Protocol Configuration Command Set Configuring RIP 12.2.2.5 ip rip offset Use this command to add or remove an offset to the metric of an incoming or outgoing RIP route. Adding an offset on an interface is used for the purpose of making an interface a backup. ip rip offset {in | out} value Syntax Description in Applies the offset to incoming metrics. out Applies the offset to outgoing metrics. value Specifies a positive offset to be applied to routes learned via RIP.
PAGE 984
Routing Protocol Configuration Command Set Configuring RIP 12.2.2.6 timers Use this command to adjust RIP routing timers determining the frequency of routing updates, the length of time before a route becomes invalid, and the interval during which routing information regarding better paths is suppressed. timers basic update-seconds invalid-seconds holdown-seconds flush-seconds Syntax Description basic Specifies a basic configuration for RIP routing timers.
PAGE 985
Routing Protocol Configuration Command Set Configuring RIP 12.2.2.7 ip rip send version Use this command to set the RIP version(s) for update packets transmitted on an interface. ip rip send version {1 | 2 | r1compatible} Syntax Description 1 Specifies RIP version 1. 2 Specifies RIP version 2. r1compatible Specifies that packets be sent as version 2 packets, but transmits these as broadcast packets rather than multicast packets so that systems which only understand RIP version 1 can receive them.
PAGE 986
Routing Protocol Configuration Command Set Configuring RIP 12.2.2.8 ip rip receive version Use this command to set the RIP version(s) for update packets accepted on the interface. ip rip receive version {1 | 2 | 1 2 | none} Syntax Description 1 Specifies RIP version 1. 2 Specifies RIP version 2. 12 Specifies RIP versions 1 and 2. none Specifies that no RIP routes will be processed on this interface.
PAGE 987
Routing Protocol Configuration Command Set Configuring RIP About RIP Authentication The following tasks must be completed to configure RIP authentication on a Matrix Series routing module: 1. Create a key chain as described in Section 12.2.2.9. 2. Add a key to the chain as described in Section 12.2.2.10. 3. Specify an authentication string for the key as described in Section 12.2.2.11. 4. Set the time periods the authentication string can be received and sent as valid as described in Section 12.2.2.
PAGE 988
Routing Protocol Configuration Command Set Configuring RIP 12.2.2.9 key chain Creates or deletes a key chain used globally for RIP authentication. key chain name Syntax Description name Specifies a name for the key chain. Command Syntax of the “no” Form The “no” form of this command deletes the specified key chain: no key chain name Command Type Router command. Command Mode Global configuration: Matrix>Router1(config)# Command Defaults None.
PAGE 989
Routing Protocol Configuration Command Set Configuring RIP 12.2.2.10 key Use this command to identify a RIP authentication key on a key chain. key key-id NOTE: This release of the Matrix Series firmware supports only one key per key chain. Syntax Description key-id Specifies an authentication number for a key. Valid number are from 0 to 4294967295. Only one key is supported per key chain in this Matrix Series release.
PAGE 990
Routing Protocol Configuration Command Set Configuring RIP 12.2.2.11 key-string Use this command to specify a RIP authentication string for a key. Once configured, this string must be sent and received in RIP packets in order for them to be authenticated. key-string text Syntax Description text Specifies the authentication string that must be sent and received in RIP packets.
PAGE 991
Routing Protocol Configuration Command Set Configuring RIP 12.2.2.12 accept-lifetime Use this command to specify the time period during which an authentication key on a key chain is valid to be received. accept-lifetime start-time month date year {duration seconds | end-time | infinite} Syntax Description start-time Specifies the time of day the authentication key will begin to be valid to be received.
PAGE 992
Routing Protocol Configuration Command Set Configuring RIP Command Mode Key chain key configuration: Matrix>Router1(config-keychain-key)# Command Defaults None.
PAGE 993
Routing Protocol Configuration Command Set Configuring RIP 12.2.2.13 send-lifetime Use this command to specify the time period during which an authentication key on a key chain is valid to be sent. send-lifetime start-time month date year {duration seconds | end-time | infinite} Syntax Description start-time Specifies the time of day the authentication key will begin to be valid to be sent. Valid input is hours:minutes:seconds (hh:mm:ss).
PAGE 994
Routing Protocol Configuration Command Set Configuring RIP Command Defaults None.
PAGE 995
Routing Protocol Configuration Command Set Configuring RIP 12.2.2.14 ip rip authentication keychain Use this command to enable or disable a RIP authentication key chain for use on an interface. ip rip authentication keychain name NOTE: A RIP authentication keychain must be enabled with this command before the RIP authentication mode (Section 12.2.2.15) can be configured. Syntax Description name Specifies the key chain name to enable or disable for RIP authentication.
PAGE 996
Routing Protocol Configuration Command Set Configuring RIP 12.2.2.15 ip rip authentication mode Use this command to set the authentication mode when a key chain is present. ip rip authentication mode {text | md5} NOTE: The RIP authentication keychain must be enabled as described in Section 12.2.2.14 before RIP authentication mode can be configured. Syntax Description text Initiates text-only authentication. md5 Initiates MD5 authentication.
PAGE 997
Routing Protocol Configuration Command Set Configuring RIP 12.2.2.16 no auto-summary Use this command to disable automatic route summarization. By default, RIP version 2 supports automatic route summarization, which summarizes subprefixes to the classful network boundary when crossing network boundaries. Disabling automatic route summarization enables CIDR, allowing RIP to advertise all subnets and host routing information on the Matrix Series device.
PAGE 998
Routing Protocol Configuration Command Set Configuring RIP 12.2.2.17 ip rip disable-triggered-updates Use this command to prevent RIP from sending triggered updates. Triggered updates are sent when there is a change in the network and a new route with a lower metric is learned, or an old route is lost. This command stops or starts the interface from sending these triggered updates. By default triggered updates are enabled on a RIP interface. ip rip disable-triggered-updates Syntax Description None.
PAGE 999
Routing Protocol Configuration Command Set Configuring RIP 12.2.2.18 ip split-horizon poison Use this command to enable or disable split horizon poison-reverse mode for RIP packets. Split horizon prevents packets from exiting through the same interface on which they were received. Poison-reverse explicitly indicates that a network is unreachable, rather than implying it by not including the network in routing updates. ip split-horizon poison Syntax Description None.
PAGE 1000
Routing Protocol Configuration Command Set Configuring RIP 12.2.2.19 passive-interface Use this command to prevent RIP from transmitting update packets on an interface. passive-interface vlan vlan-id NOTE: This command does not prevent RIP from monitoring updates on the interface. Syntax Description vlan vlan-id Specifies the number of the VLAN to make a passive interface. This VLAN must be configured for IP routing as described in Section 2.3.1.
PAGE 1001
Routing Protocol Configuration Command Set Configuring RIP 12.2.2.20 receive-interface Use this command to allow RIP to receive update packets on an interface. This does not affect the sending of RIP updates on the specified interface. receive-interface vlan vlan-id Syntax Description vlan vlan-id Specifies the number of the VLAN to make a receive interface. This VLAN must be configured for IP routing as described in Section 2.3.1.
PAGE 1002
Routing Protocol Configuration Command Set Configuring RIP 12.2.2.21 distribute-list Use this command to filter networks received and to suppress networks from being advertised in RIP updates. distribute-list access-list-number {in vlan vlan-id | out vlan vlan-id} Syntax Description access-list-number Specifies the number of the IP access list. This list defines which networks are to be advertised and which are to be suppressed in routing updates.
PAGE 1003
Routing Protocol Configuration Command Set Configuring RIP 12.2.2.22 redistribute Use this command to allow routing information discovered through non-RIP protocols to be distributed in RIP update messages. redistribute {connected | ospf process-id | static} [metric metric value] [subnets] Syntax Description connected Specifies that non-RIP routing information discovered via directly connected interfaces will be redistributed. ospf Specifies that OSPF routing information will be redistributed in RIP.
PAGE 1004
Routing Protocol Configuration Command Set Configuring RIP Example This example shows how to redistribute routing information discovered through OSPF process ID 1 non-subnetted routes into RIP update messages: Matrix>Router1(config)#router rip Matrix>Router1(config-router)#redistribute ospf 1 12-30 Matrix DFE-Gold Series Configuration Guide
PAGE 1005
Routing Protocol Configuration Command Set Configuring OSPF 12.2.3 Configuring OSPF * Advanced License Required * OSPF is an advanced routing feature that must be enabled with a license key. If you have purchased an advanced license key, and have enabled routing on the device, you must activate your license as described back in Section 2.2.4 in order to enable the OSPF command set. If you wish to purchase an advanced routing license, contact Enterasys Networks Sales.
PAGE 1006
Routing Protocol Configuration Command Set Configuring OSPF Table 12-2 OSPF Configuration Task List and Commands (Continued) To do this... • Set a priority to help determine the Use these commands... ip ospf priority (Section 12.2.3.5) OSPF designated router for the network. • Adjust timers and message intervals. timers spf (Section 12.2.3.6) ip ospf retransmit-interval (Section 12.2.3.7) ip ospf transmit-delay (Section 12.2.3.8) ip ospf hello-interval (Section 12.2.3.
PAGE 1007
Routing Protocol Configuration Command Set Configuring OSPF Table 12-2 OSPF Configuration Task List and Commands (Continued) To do this... Use these commands... Limit link state database overflow. database-overflow (Section 12.2.3.22) Monitor and maintain OSPF. show ip ospf (Section 12.2.3.23) show ip ospf database (Section 12.2.3.24) show ip ospf border-routers (Section 12.2.3.25) show ip ospf interface (Section 12.2.3.26) show ip ospf neighbor (Section 12.2.3.
PAGE 1008
Routing Protocol Configuration Command Set Configuring OSPF 12.2.3.1 router ospf Use this command to enable or disable Open Shortest Path First (OSPF) configuration mode. router ospf process-id NOTES: You must execute the router ospf command to enable the protocol before completing many OSPF-specific configuration tasks. For details on enabling configuration modes, refer to Table 2-12 in Section 2.3.3. Only one OSPF process (process-id) is allowed per Matrix Series routing module or standalone device.
PAGE 1009
Routing Protocol Configuration Command Set Configuring OSPF 12.2.3.2 network Use this command to configure area IDs for OSPF interfaces. network ip-address wildcard-mask area area-id Syntax Description ip-address Specifies the IP address of an interface or a group of interfaces within the network address range. wildcard-mask Specifies the IP-address-type mask that includes “don't care” bits. area area-id Specifies the area-id to be associated with the OSPF address range.
PAGE 1010
Routing Protocol Configuration Command Set Configuring OSPF 12.2.3.3 router id Use this command to set the OSPF router ID for the device. The OSPF protocol uses the router ID as a tie-breaker for path selection. If not specified, this will be set to the lowest IP address of the interfaces configured for IP routing. router id ip-address Syntax Description ip-address Specifies the IP address that OSPF will use as the router ID.
PAGE 1011
Routing Protocol Configuration Command Set Configuring OSPF 12.2.3.4 ip ospf cost Use this command to set the cost of sending an OSPF packet on an interface. Each router interface that participates in OSPF routing is assigned a default cost. This command overwrites the default of 10. ip ospf cost cost Syntax Description cost Specifies the cost of sending a packet. Valid values range from 1 to 65535.
PAGE 1012
Routing Protocol Configuration Command Set Configuring OSPF 12.2.3.5 ip ospf priority Use this command to set the OSPF priority value for router interfaces. The priority value is communicated between routers by means of hello messages and influences the election of a designated router. ip ospf priority number Syntax Description number Specifies the router’s OSPF priority in a range from 0 to 255.
PAGE 1013
Routing Protocol Configuration Command Set Configuring OSPF 12.2.3.6 timers spf Use this command to change OSPF timer values to fine-tune the OSPF network. timers spf spf-delay spf-hold Syntax Description spf-delay Specifies the delay, in seconds, between the receipt of an update and the SPF execution. Valid values are 0 to 4294967295. spf-hold Specifies the minimum amount of time, in seconds, between two consecutive OSPF calculations. Valid values are 0 to 4294967295.
PAGE 1014
Routing Protocol Configuration Command Set Configuring OSPF 12.2.3.7 ip ospf retransmit-interval Use this command to set the amount of time between retransmissions of link state advertisements (LSAs) for adjacencies that belong to an interface. ip ospf retransmit-interval seconds Syntax Description seconds Specifies the retransmit time in seconds. Valid values are 1 to 65535.
PAGE 1015
Routing Protocol Configuration Command Set Configuring OSPF 12.2.3.8 ip ospf transmit-delay Use this command to set the amount of time required to transmit a link state update packet on an interface. ip ospf transmit-delay seconds Syntax Description seconds Specifies the transmit delay in seconds. Valid values are from 1 to 65535.
PAGE 1016
Routing Protocol Configuration Command Set Configuring OSPF 12.2.3.9 ip ospf hello-interval Use this command to set the number of seconds a router must wait before sending a hello packet to neighbor routers on an interface. Each Matrix Series routing module or standalone device can support communications between up to 60 neighboring routers. ip ospf hello-interval seconds Syntax Description seconds Specifies the hello interval in seconds.
PAGE 1017
Routing Protocol Configuration Command Set Configuring OSPF 12.2.3.10 ip ospf dead-interval Use this command to set the number of seconds a router must wait to receive a hello packet from its neighbor before determining that the neighbor is out of service. ip ospf dead-interval seconds Syntax Description seconds Specifies the number of seconds that a router must wait to receive a hello packet. Dead interval must be the same on neighboring routers (on a specific subnet), but can vary between subnets.
PAGE 1018
Routing Protocol Configuration Command Set Configuring OSPF 12.2.3.11 ip ospf authentication-key Use this command to assign a password to be used by neighboring routers using OSPF’s simple password authentication. This password is used as a “key” that is inserted directly into the OSPF header in routing protocol packets. A separate password can be assigned to each OSPF network on a per-interface basis.
PAGE 1019
Routing Protocol Configuration Command Set Configuring OSPF 12.2.3.12 ip ospf message digest key md5 Use this command to enable or disable OSPF MD5 authentication on an interface. This validates OSPF MD5 routing updates between neighboring routers. ip ospf message-digest-key keyid md5 key Syntax Description keyid Specifies the key identifier on the interface where MD5 authentication is enabled. Valid values are integers from 1 to 255.
PAGE 1020
Routing Protocol Configuration Command Set Configuring OSPF 12.2.3.13 distance ospf Use this command to configure the administrative distance for OSPF routes. If several routes (coming from different protocols) are presented to the Matrix Series Route Table Manager (RTM), the protocol with the lowest administrative distance will be chosen for route installation. By default, OSPF administrative distance is set to 110.
PAGE 1021
Routing Protocol Configuration Command Set Configuring OSPF Command Defaults If route type is not specified, the distance value will be applied to all OSPF routes.
PAGE 1022
Routing Protocol Configuration Command Set Configuring OSPF 12.2.3.14 area range Use this command to define the range of addresses to be used by Area Border Routers (ABRs) when they communicate routes to other areas. Each Matrix Series module or standalone device can support up to 6 OSPF areas and up to 256 OSPF interfaces running per Matrix chassis. area area-id range ip-address ip-mask Syntax Description area-id Specifies the area at the boundary of which routes are to be summarized.
PAGE 1023
Routing Protocol Configuration Command Set Configuring OSPF 12.2.3.15 area authentication Use this command to enable or disable authentication for an OSPF area. area area-id authentication {simple | message-digest} Syntax Description area-id Specifies the OSPF area in which to enable authentication. Valid values are decimal values or IP addresses. simple Enables simple text authentication. Simple password authentication allows a password (key) to be configured per area.
PAGE 1024
Routing Protocol Configuration Command Set Configuring OSPF 12.2.3.16 area stub Use this command to define an OSPF area as a stub area. This is an area that carries no external routes. area area-id stub [no-summary] Syntax Description area-id Specifies the stub area. Valid values are decimal values or ip addresses. no-summary (Optional) Prevents an Area Border Router (ABR) from sending Link State Advertisements (LSAs) into the stub area.
PAGE 1025
Routing Protocol Configuration Command Set Configuring OSPF 12.2.3.17 area default cost Use this command to set the cost value for the default route that is sent into a stub area by an Area Border Router (ABR). The use of this command is restricted to ABRs attached to stub areas. area area-id default-cost cost Syntax Description area-id Specifies the stub area. Valid values are decimal values or IP addresses. cost Specifies a cost value for the summary route that is sent into a stub area by default.
PAGE 1026
Routing Protocol Configuration Command Set Configuring OSPF 12.2.3.18 area nssa Use this command to configure an area as a not so stubby area (NSSA). An NSSA allows some external routes represented by external Link State Advertisements (LSAs) to be imported into it. This is in contrast to a stub area that does not allow any external routes. External routes that are not imported into an NSSA can be represented by means of a default route.
PAGE 1027
Routing Protocol Configuration Command Set Configuring OSPF 12.2.3.19 area virtual-link Use this command to define an OSPF virtual link, which represents a logical connection between the backbone and a non-backbone OSPF area.
PAGE 1028
Routing Protocol Configuration Command Set Configuring OSPF retransmitinterval seconds Specifies the number of seconds between successive retransmissions of the same LSAs. Valid values are greater than the expected amount of time required for the update packet to reach and return from the interface, and range from 1 to 8192. transmit-delay seconds Specifies the estimated number of seconds for a link state update packet on the interface to be transmitted. Valid values range from 1 to 8192.
PAGE 1029
Routing Protocol Configuration Command Set Configuring OSPF 12.2.3.20 passive-interface Use this command to enable passive OSPF on an interface. This allows an interface to be included in the OSPF route table, but turns off sending and receiving hellos for an interface. It also prevents OSPF adjacencies from being formed on an interface. passive-interface vlan vlan-id Syntax Description vlan vlan-id Specifies the interface on which to enable passive OSPF mode.
PAGE 1030
Routing Protocol Configuration Command Set Configuring OSPF 12.2.3.21 redistribute Use this command to allow routing information discovered through non-OSPF protocols to be distributed in OSPF update messages. redistribute {rip | static [metric metric value] [metric-type type-value] [subnets] [tag] | {connected [route-map id-namber] [metric metric value] [metric-type type-value] [subnets] [tag tag]} Syntax Description rip Specifies that RIP routing information will be redistributed in OSPF.
PAGE 1031
Routing Protocol Configuration Command Set Configuring OSPF Command Syntax of the “no” Form The “no” form of this command clears redistribution parameters: no redistribute {connected | rip | static} Command Mode Router configuration: Matrix>Router1(config-router)# Command Defaults • If metric value is not specified, 0 will be applied. Example • If type value is not specified, type 2 (external route) will be applied. • If subnets is not specified, only non-subnetted routes will be redistributed.
PAGE 1032
Routing Protocol Configuration Command Set Configuring OSPF 12.2.3.22 database-overflow Use this command to limit the size of OSPF link state database overflow, a condition where the router is unable to maintain the database in its entirety. Setting database overflow allows you to set a limit on the number of external LSAs. If the limit is exceeded, self-originated external LSAs will be removed so that OSPF can handle the large number of external LSAs coming from another router.
PAGE 1033
Routing Protocol Configuration Command Set Configuring OSPF Command Defaults None.
PAGE 1034
Routing Protocol Configuration Command Set Configuring OSPF 12.2.3.23 show ip ospf Use this command to display OSPF information. show ip ospf Syntax Description None. Command Type Router command. Command Mode Any router mode. Command Defaults None.
PAGE 1035
Routing Protocol Configuration Command Set Configuring OSPF Example This example shows how to display OSPF information: Matrix>Router1#show ip ospf Routing Process "ospf 20 " with ID 134.141.7.2 Supports only single TOS(TOS0) route It is an area border and autonomous system boundary router Summary Link update interval is 0 seconds. External Link update interval is 0 seconds.
PAGE 1036
Routing Protocol Configuration Command Set Configuring OSPF 12.2.3.24 show ip ospf database Use this command to display the OSPF link state database.
PAGE 1037
Routing Protocol Configuration Command Set Configuring OSPF database-summary Displays a numerical summary of the contents of the link state database. Command Type Router command. Command Mode Any router mode. Command Defaults If link-state-id is not specified, the specified type of database records will be displayed for all link state IDs. Example This example shows how to display all OSPF link state database information: Matrix>Router1#show ip ospf database OSPF Router with ID(182.127.64.
PAGE 1038
Routing Protocol Configuration Command Set Configuring OSPF Table 12-3 show ip ospf database Output Details Output What It Displays... Link ID Link ID, which varies as a function of the link state record type, as follows: • Net Link States - Shows the interface IP address of the designated router to the broadcast network. • Router Link States - Shows the ID of the router originating the record. • Summary Link States - Shows the summary network prefix.
PAGE 1039
Routing Protocol Configuration Command Set Configuring OSPF 12.2.3.25 show ip ospf border-routers Use this command to display information about OSPF internal entries to Area Border Routers (ABRs) and Autonomous System Boundary Routers (ASBRs). show ip ospf border-routers Syntax Description None. Command Type Router command. Command Mode Any router mode. Command Defaults None. Example This example shows how to display information about OSPF border routers.
PAGE 1040
Routing Protocol Configuration Command Set Configuring OSPF 12.2.3.26 show ip ospf interface Use this command to display OSPF interface related information, including network type, priority, cost, hello interval, and dead interval. show ip ospf interface [vlan vlan-id] Syntax Description vlan vlan-id (Optional) Displays OSPF information for a specific VLAN. This VLAN must be configured for IP routing as described in Section 2.3.1. Command Type Router command. Command Mode Any router mode.
PAGE 1041
Routing Protocol Configuration Command Set Configuring OSPF Table 12-4 show ip ospf interface Output Details Output What It Displays... Vlan Interface (VLAN) administrative status as up or down. Internet Address IP address and mask assigned to this interface. Router ID Router ID, which OSPF selects from IP addresses configured on this router. Network Type OSPF network type, for instance, broadcast. Cost OSPF interface cost, which is either default, or assigned with the ip ospf cost command.
PAGE 1042
Routing Protocol Configuration Command Set Configuring OSPF Table 12-4 show ip ospf interface Output Details (Continued) Output What It Displays... Adjacent neighbor Number of adjacent (FULL state) neighbors over this count interface. Adjacent with neighbor IP address of the adjacent neighbor.
PAGE 1043
Routing Protocol Configuration Command Set Configuring OSPF 12.2.3.27 show ip ospf neighbor Use this command to display the state of communication between an OSPF router and its neighbor routers.
PAGE 1044
Routing Protocol Configuration Command Set Configuring OSPF Table 12-5 provides an explanation of the command output. Table 12-5 show ip ospf neighbor Output Details Output What It Displays... ID Neighbor’s router ID of the OSPF neighbor. Pri Neighbor’s priority over this interface. State Neighbor’s OSPF communication state. Dead-Int Interval (in seconds) this router will wait without receiving a Hello packet from a neighbor before declaring the neighbor is down. Address Neighbor’s IP address.
PAGE 1045
Routing Protocol Configuration Command Set Configuring OSPF 12.2.3.28 show ip ospf virtual-links Use this command to display information about the virtual links configured on a router. A virtual link represents a logical connection between the backbone and a non-backbone OSPF area. show ip ospf virtual-links Syntax Description None. Command Type Router command. Command Mode Any router mode. Command Defaults None.
PAGE 1046
Routing Protocol Configuration Command Set Configuring OSPF Table 12-6 show ip ospf virtual links Output Details (Continued) Output What It Displays... Transit Delay Time (in seconds) added to the LSA (Link State Advertisement) age field when the LSA is transmitted through the virtual link. State Interface state assigned to a virtual link, which is point-to-point. Timer intervals configured Timer intervals configured for the virtual link, including Hello, Dead, Wait, and Retransmit intervals.
PAGE 1047
Routing Protocol Configuration Command Set Configuring OSPF 12.2.3.29 clear ip ospf process Use this command to reset the OSPF process. This will require adjacencies to be reestablished and routes to be reconverged. clear ip ospf process process-id Syntax Description process-id Specifies the process ID, an internally used identification number for each instance of the OSPF routing process run on a router. Valid values are 1 to 65535. Command Type Router command.
PAGE 1048
Routing Protocol Configuration Command Set Configuring OSPF 12.2.3.30 debug ip ospf Use this command to enable OSPF protocol debugging output. debug ip ospf {subsystem} Syntax Description subsystem Specifies the OSPF subsystem for which protocol debugging will be enabled.
PAGE 1049
Routing Protocol Configuration Command Set Configuring OSPF 12.2.3.31 rfc1583compatible Use this command to enable the OSPF router for RFC 1385 compatibility. rfc1583compatible Syntax Description None Command Syntax of the “no” Form The “no” form of this command removes OSPF RFC 1583 compatible: no rfc1583compatible Command Type Router command. Command Mode Router configuration: Matrix>Router1(config-router)# Command Defaults None.
PAGE 1050
Routing Protocol Configuration Command Set Configuring DVMRP 12.2.4 Configuring DVMRP Purpose To enable and configure the Distance Vector Multicast Routing Protocol (DVMRP) on an interface. DVMRP routes multicast traffic using a technique known as Reverse Path Forwarding. When a router receives a packet, it floods the packet out of all paths except the one that leads back to the packet’s source. Doing so allows a data stream to reach all VLANs (possibly multiple times).
PAGE 1051
Routing Protocol Configuration Command Set Configuring DVMRP 12.2.4.1 ip dvmrp Use this command to enable or disable DVMRP on an interface. ip dvmrp NOTE: IGMP must be enabled on all VLANs running DVMRP. To do this, use the set igmp enable command as described in Section 9.4.1.2. It is also recommended that IGMP querying be enabled on all VLANs running DVMRP. To do this, use the set igmp query-enable command as described in Section 9.4.2.2. Syntax Description None.
PAGE 1052
Routing Protocol Configuration Command Set Configuring DVMRP 12.2.4.2 ip dvmrp metric Use this command to configure the metric associated with a set of destinations for DVMRP reports. ip dvmrp metric metric Syntax Description metric Specifies a metric associated with a set of destinations for DVMRP reports. Valid values are from 0 to 31. Entering a 0 value will reset the metric back to the default value of 1. NOTE: To reset the DVMRP metric back to the default value of 1, enter ip dvmrp metric 0.
PAGE 1053
Routing Protocol Configuration Command Set Configuring DVMRP 12.2.4.3 show ip dvmrp route Use this command to display DVMRP routing information. show ip dvmrp route Syntax Description None. Command Type Router command. Command Mode Any router mode. Command Defaults None. Example This example shows how to display DVMRP routing table entries. In this case, the routing table has 5 entries. The first entry shows that the source network 60.1.1.0/24 can be reached via next-hop router 40.1.1.3.
PAGE 1054
Routing Protocol Configuration Command Set Configuring DVMRP minutes and 2 seconds and will expire in 2 minutes and 3 seconds. It supports flag messages for verifying neighbors, pruning, generation ID and netmask in prunes and grafts (VPGN): Matrix>Router1#show ip dvmrp route flag characters used: ------------V Neighbor is verified. P Neighbor supports pruning. G Neighbor supports generation ID. N Neighbor supports netmask in prunes and grafts. S Neighbor supports SNMP. M Neighbor supports mtrace.
PAGE 1055
Routing Protocol Configuration Command Set Configuring IRDP 12.2.5 Configuring IRDP Purpose To enable and configure the ICMP Router Discovery Protocol (IRDP) on an interface. This protocol enables a host to determine the address of a router it can use as a default gateway. Commands The commands used to enable and configure IRDP are listed below and described in the associated section as shown: • ip irdp (Section 12.2.5.1) • ip irdp maxadvertinterval (Section 12.2.5.
PAGE 1056
Routing Protocol Configuration Command Set Configuring IRDP 12.2.5.1 ip irdp Use this command to enable or disable IRDP on an interface. ip irdp Syntax Description None. Command Syntax of the “no” Form The “no” form of this command disables IRDP on an interface: no ip irdp Command Type Router command. Command Mode Interface configuration: Matrix>Router1(config-if(Vlan 1))# Command Defaults None.
PAGE 1057
Routing Protocol Configuration Command Set Configuring IRDP 12.2.5.2 ip irdp maxadvertinterval Use this command to set the maximum interval in seconds between IRDP advertisements. ip irdp maxadvertinterval interval Syntax Description interval Specifies a maximum advertisement interval in seconds. Valid values are 4 to 1800.
PAGE 1058
Routing Protocol Configuration Command Set Configuring IRDP 12.2.5.3 ip irdp minadvertinterval Use this command to set the minimum interval in seconds between IRDP advertisements. ip irdp minadvertinterval interval Syntax Description interval Specifies a minimum advertisement interval in seconds. Valid values are 3 to 1800.
PAGE 1059
Routing Protocol Configuration Command Set Configuring IRDP 12.2.5.4 ip irdp holdtime Use this command to set the length of time in seconds IRDP advertisements are held valid. ip irdp holdtime holdtime NOTE: Hold time is automatically set at three times the maxadvertinterval value when the maximum advertisement interval is set as described in Section 12.2.5.2 and the minimum advertisement interval is set as described in Section 12.2.5.3. Syntax Description holdtime Specifies the hold time in seconds.
PAGE 1060
Routing Protocol Configuration Command Set Configuring IRDP 12.2.5.5 ip irdp preference Use this command to set the IRDP preference value for an interface. This value is used by IRDP to determine the interface’s selection as a default gateway address. ip irdp preference preference Syntax Description preference Specifies the value to indicate the interface’s use as a default router address. Valid values are -2147483648 to 2147483647.
PAGE 1061
Routing Protocol Configuration Command Set Configuring IRDP 12.2.5.6 ip irdp address Use this command to add additional IP addresses for IRDP to advertise. ip irdp address ip-address preference Syntax Description ip-address Specifies an IP address to advertise. preference Specifies the value to indicate the address’ use as a default router address. Valid values are -2147483648 to 2147483647.
PAGE 1062
Routing Protocol Configuration Command Set Configuring IRDP 12.2.5.7 no ip irdp multicast Use this command to enable the router to send IRDP advertisements using broadcast rather than multicast transmissions. By default, the router sends IRDP advertisements via multicast. no ip irdp multicast Syntax Description None. Command Type Router command. Command Mode Interface configuration: Matrix>Router1(config-if(Vlan 1))# Command Defaults None.
PAGE 1063
Routing Protocol Configuration Command Set Configuring IRDP 12.2.5.8 show ip irdp Use this command to display IRDP information. show ip irdp [vlan vlan-id] Syntax Description vlan vlan-id (Optional) Displays IRDP information for a specific VLAN. This VLAN must be configured for IP routing as described in Section 2.3.1. Command Type Router command.
PAGE 1064
Routing Protocol Configuration Command Set Configuring VRRP 12.2.6 Configuring VRRP Purpose To enable and configure the Virtual Router Redundancy Protocol (VRRP). This protocol eliminates the single point of failure inherent in the static default routed environment by transferring the responsibility from one router to another if the original router goes down. VRRP-enabled routers decide who will become master and who will become backup in the event the master fails.
PAGE 1065
Routing Protocol Configuration Command Set Configuring VRRP 12.2.6.1 router vrrp Use this command to enable or disable VRRP configuration mode. router vrrp NOTE: You must execute the router vrrp command to enable the protocol before completing other VRRP-specific configuration tasks. For details on enabling configuration modes, refer to Table 2-12 in Section 2.3.3. Syntax Description None.
PAGE 1066
Routing Protocol Configuration Command Set Configuring VRRP 12.2.6.2 create Use this command to create a VRRP session. Each Matrix Series Gold routing module supports up to 128 VRRP sessions. Up to four VRIDs can be associated with an individual routing interface. create vlan vlan-id vrid NOTE: This command must be executed to create an instance of VRRP on a routing interface (VLAN) before any other VRRP settings can be configured.
PAGE 1067
Routing Protocol Configuration Command Set Configuring VRRP 12.2.6.3 address Use this command to configure a virtual router IP address. If the virtual router IP address is the same as the interface (VLAN) address owned by a VRRP router, then the router owning the address becomes the master. The master sends an advertisement to all other VRRP routers declaring its status and assumes responsibility for forwarding packets associated with its virtual router ID (VRID).
PAGE 1068
Routing Protocol Configuration Command Set Configuring VRRP Command Type Router command. Command Mode Router configuration: Matrix>Router1(config-router)# Command Defaults None. Examples This example shows how to configure a virtual router address of 182.127.62.1 on VLAN 1, VRID 1, and to set the router connected to the VLAN via this interface as the master: Matrix>Router1(config)#router vrrp Matrix>Router1(config-router)#address vlan 1 1 182.127.62.
PAGE 1069
Routing Protocol Configuration Command Set Configuring VRRP 12.2.6.4 priority Use this command to set a priority value for a VRRP router. priority vlan vlan-id vrid priority-value Syntax Description vlan vlan-id Specifies the number of the VLAN on which to configure VRRP priority. This VLAN must be configured for IP routing as described in Section 2.3.2. vrid Specifies a unique Virtual Router ID (VRID) associated with the routing interface. Valid values are from 1 to 255.
PAGE 1070
Routing Protocol Configuration Command Set Configuring VRRP 12.2.6.5 master-icmp-reply Use this command to enable ICMP replies for non-owner masters. This provides the ability for the virtual router master to respond to an ICMP echo even if it does not “own” the virtual IP address. Without this function, the virtual router can only respond to an ICMP echo when the virtual IP address matches the real IP address of the interface.
PAGE 1071
Routing Protocol Configuration Command Set Configuring VRRP 12.2.6.6 advertise-interval Use this command to set the interval in seconds between VRRP advertisements. These are sent by the master router to other routers participating in the VRRP master selection process, informing them of its configured values. Once the master is selected, then advertisements are sent every advertising interval to let other VRRP routers in this VLAN/VRID know the router is still acting as master of the VLAN/VRID.
PAGE 1072
Routing Protocol Configuration Command Set Configuring VRRP Example This example shows how set an advertise interval of 3 seconds on VLAN 1, VRID 1: Matrix>Router1(config)#router vrrp Matrix>Router1(config-router)#advertise-interval vlan 1 1 3 12-98 Matrix DFE-Gold Series Configuration Guide
PAGE 1073
Routing Protocol Configuration Command Set Configuring VRRP 12.2.6.7 critical-ip Use this command to set a critical IP address for VRRP routing. A critical IP address defines an interface — in addition to the interface between hosts and a first-hop router — that will prevent the master router from functioning properly if the interface were to fail.
PAGE 1074
Routing Protocol Configuration Command Set Configuring VRRP Example This example shows how to set IP address 182.127.62.3 as a critical IP address associated with VLAN 1, VRID 1: Matrix>Router1(config)#router vrrp Matrix>Router1(config-router)#critical-ip vlan 1 1 182.127.62.
PAGE 1075
Routing Protocol Configuration Command Set Configuring VRRP 12.2.6.8 preempt Use this command to enable or disable preempt mode on a VRRP router. Preempt is enabled on VRRP routers by default, which allows a higher priority backup router to preempt a lower priority master. preempt vlan-id vrid NOTE: The router that owns the virtual router IP address always preempts other routers, regardless of this setting. Syntax Description vlan vlan-id Specifies the number of the VLAN on which to set preempt mode.
PAGE 1076
Routing Protocol Configuration Command Set Configuring VRRP 12.2.6.9 preempt-delay Use this command to set a preempt delay time on a VRRP router. When preempt mode is enabled this specifies a delay (in seconds) that a higher priority backup router must wait to preempt a lower priority master. For more information on setting preempt status, refer back to Section 12.2.6.8. For more information on setting VRRP priority, refer back to Section 12.2.6.4.
PAGE 1077
Routing Protocol Configuration Command Set Configuring VRRP Example This example shows how to set the preempt delay to 60 seconds on VLAN 1, VRID 1: Matrix>Router1(config)#router vrrp Matrix>Router1(config-router)#preempt-delay vlan 1 1 60 Matrix DFE-Gold Series Configuration Guide 12-103
PAGE 1078
Routing Protocol Configuration Command Set Configuring VRRP 12.2.6.10 enable Use this command to enable VRRP on an interface. enable vlan vlan-id vrid NOTE: Before enabling VRRP, you must set the other options described in this section. Once enabled, you cannot make any configuration changes to VRRP without first disabling it using the no enable vlan command. Syntax Description vlan vlan-id Specifies the number of the VLAN on which to enable VRRP.
PAGE 1079
Routing Protocol Configuration Command Set Configuring VRRP 12.2.6.11 ip vrrp authentication-key Use this command to set a VRRP authentication password on an interface. ip vrrp authentication-key password Syntax Description password Specifies an authentication password. Text string can be 1 to 8 characters in length. Command Syntax of the “no” Form The “no” form of this command clears VRRP authentication: no ip vrrp authentication-key Command Type Router command.
PAGE 1080
Routing Protocol Configuration Command Set Configuring VRRP 12.2.6.12 ip vrrp message-digest-key Use this command to set a VRRP MD5 authentication password on an interface. ip vrrp message-digest-key vrid md5 password [hmac-96] Syntax Description vrid Specifies the Virtual Router ID (VRID). Valid values are from 1 to 255. md5 Specifies the authentication type as MD5. password Specifies an MD5 authentication password. Text string can be 1 to 16 characters in length.
PAGE 1081
Routing Protocol Configuration Command Set Configuring VRRP 12.2.6.13 show ip vrrp Use this command to display VRRP routing information. show ip vrrp Syntax Description None. Command Type Router command. Command Mode Any router mode. Command Defaults None. Example This example shows how to display VRRP information: Matrix>Router1(config)#show ip vrrp -----------VRRP CONFIGURATION----------Vlan Vrid State Owner AssocIpAddr 2 1 Init 0 25.25.2.1 Priority 100 VirtMacAddr 0000.05e0.
PAGE 1082
Routing Protocol Configuration Command Set Configuring VRRP 12-108 Matrix DFE-Gold Series Configuration Guide
PAGE 1083
13 Security Configuration This chapter describes the Security Configuration set of commands and how to use them. 13.1 OVERVIEW OF SECURITY METHODS The following security methods are available for controlling which users are allowed to access, monitor, and manage the device. • Local user credentials — used for local authentication and authorization of CLI and WebView management sessions. For details, refer to Section 2.2.1 and Section 13.3.1.
PAGE 1084
Overview of Security Methods • MAC Locking — locks a port to one or more MAC addresses, preventing connection of unauthorized devices via the port. For details, refer to Section 13.3.9. • Multiple User Multiple Authentication – allows multiple users on a given port to simultaneously authenticate using any or all of the supported protocols (MAC Authentication, PWA, 802.1X), and for each authenticated user to receive a unique level of network access. For details, refer to Section 13.3.10.
PAGE 1085
Overview of Security Methods RADIUS Filter-ID Attribute and Dynamic Policy Profile Assignment 13.1.1 RADIUS Filter-ID Attribute and Dynamic Policy Profile Assignment If you configure an authentication method that requires communication with a RADIUS server, you can use the RADIUS Filter-ID attribute to dynamically assign a policy profile and/or management level to authenticating users and/or devices.
PAGE 1086
Process Overview: Security Configuration RADIUS Filter-ID Attribute and Dynamic Policy Profile Assignment 13.2 PROCESS OVERVIEW: SECURITY CONFIGURATION Use the following steps as a guide to configuring security methods on the device: 1. Setting the Authentication Login Method (Section 13.3.1) 2. Configuring RADIUS (Section 13.3.2) 3. Configuring RFC 3580 Support (Section 13.3.4) 4. Configuring TACACS+ (Section 13.3.4) 5. Configuring 802.1X Authentication (Section 13.3.5) 6.
PAGE 1087
Security Configuration Command Set Setting the Authentication Login Method 13.3 SECURITY CONFIGURATION COMMAND SET 13.3.1 Setting the Authentication Login Method Purpose To configure the authentication login method. Commands The commands used to configure the authentication login method are listed below and described in the associated section as shown: • show authentication login (Section 13.3.1.1) • set authentication login (Section 13.3.1.2) • clear authentication login (Section 13.3.1.
PAGE 1088
Security Configuration Command Set Setting the Authentication Login Method 13.3.1.1 show authentication login Use this command to display the current authentication login method. show authentication login Syntax Description None. Command Type Switch command. Command Mode Read-Only. Command Defaults None.
PAGE 1089
Security Configuration Command Set Setting the Authentication Login Method 13.3.1.2 set authentication login Use this command to set the authentication login method. set authentication login {any | local | radius | tacacs} Syntax Description any Specifies that the authentication protocol will be selected using the following precedence order: • TACACS+ • RADIUS • Local local Specifies that the local network password settings will be used for authentication login.
PAGE 1090
Security Configuration Command Set Configuring RADIUS 13.3.1.3 clear authentication login Use this command to reset the authentication login method to the default setting of “any”. clear authentication login Syntax Description None. Command Type Switch command. Command Mode Read-Write. Command Defaults None. Example This example shows how to reset the authentication login method: Matrix(rw)->clear authentication login 13.3.
PAGE 1091
Security Configuration Command Set Configuring RADIUS Commands The commands used to review and configure RADIUS are listed below and described in the associated section as shown: • show radius (Section 13.3.2.1) • set radius (Section 13.3.2.2) • clear radius (Section 13.3.2.3) • show radius accounting (Section 13.3.2.4) • set radius accounting (Section 13.3.2.5) • clear radius accounting (Section 13.3.2.
PAGE 1092
Security Configuration Command Set Configuring RADIUS 13.3.2.1 show radius Use this command to display the current RADIUS client/server configuration. show radius [state | retries authtype || timeout | server [index | all]] Syntax Description state (Optional) Displays the RADIUS client’s enable status. retries (Optional) Displays the number of retry attempts before the RADIUS server times out. authtype (Optional) Displays the RADIUS server’s authentication type.
PAGE 1093
Security Configuration Command Set Configuring RADIUS Table 13-1 provides an explanation of the command output. Table 13-1 show radius Output Details Output What It Displays... RADIUS state Whether the RADIUS client is enabled or disabled. RADIUS retries Number of retry attempts before the RADIUS server times out. The default value of 3 can be reset using the set radius command as described in Section 13.3.2.2.
PAGE 1094
Security Configuration Command Set Configuring RADIUS 13.3.2.2 set radius Use this command to enable, disable, or configure RADIUS authentication.
PAGE 1095
Security Configuration Command Set Configuring RADIUS Command Defaults • If secret-value is not specified, none will be applied. • If realm is not specified, any authentication will be allowed. Examples This example shows how to enable the RADIUS client for authenticating with RADIUS server 1 at IP address 10.1.6.203, UDP authentication port 1812, and an authentication password of “pwsecret.
PAGE 1096
Security Configuration Command Set Configuring RADIUS 13.3.2.3 clear radius Use this command to clear RADIUS server settings. clear radius [state] [retries] [timeout] [server [index | all] [realm {index | all}] Syntax Description state (Optional) Resets the RADIUS client state to the default setting of disabled. retries (Optional) Resets the maximum number of attempts a user can contact the RADIUS server before timing out to 3.
PAGE 1097
Security Configuration Command Set Configuring RADIUS 13.3.2.4 show radius accounting Use this command to display the RADIUS accounting configuration. This transmits accounting information between a network access server and a shared accounting server.
PAGE 1098
Security Configuration Command Set Configuring RADIUS For details on enabling and configuring RADIUS accounting, refer to Section 13.3.2.5: Matrix(rw)->show radius accounting Accounting state: Enabled Accounting update interval: 1800 secs Accounting interval minimum: 600 secs Server Server Acct Index IP Port Retries Timeout Status ----------------------------------------------------------------1 1.1.1.
PAGE 1099
Security Configuration Command Set Configuring RADIUS 13.3.2.5 set radius accounting Use this command to configure RADIUS accounting. set radius accounting {[enable] [disable] [intervalminimum value] [updateinterval value] [retries retries] [timeout timeout] [server {index | all} ip_address port [server-secret] Syntax Description enable | disable Enables or disables the RADIUS accounting client. intervalminimum Sets the minimum interval at which RADIUS accounting value will send interim updates.
PAGE 1100
Security Configuration Command Set Configuring RADIUS Command Mode Read-Write. Command Defaults None. Examples This example shows how to enable the RADIUS accounting client for authenticating with the accounting server 1 at IP address 10.2.4.12, UDP authentication port 1800. As previously noted, the “server secret” password entered here must match that already configured as the Read-Write (rw) password on the RADIUS accounting server: Matrix(rw)->set radius accounting server 1 10.2.4.
PAGE 1101
Security Configuration Command Set Configuring RADIUS 13.3.2.6 clear radius accounting Use this command to clear RADIUS accounting configuration settings. clear radius accounting {[server{index | all}] [retries {index | all}] [timeout {index | all}] [intervalminimum] [updateinterval]} Syntax Description server index | all Clears the configuration on one or more accounting servers. retries index | all Resets the retries to the default value of 2 on one or more accounting servers.
PAGE 1102
Security Configuration Command Set Configuring RFC 3580 13.3.3 Configuring RFC 3580 About RFC 3580 RFC 3580 provides suggestions on how 802.1x Authenticators should leverage RADIUS as the backend AAA infrastructure. RFC 3580 is divided into several major sections: RADIUS Accounting, RADIUS Authentication, RC4 EAPOL-Key-Frame Discussions, and Security Considerations. Upon detection, End-Points (PCs, IP Phones, etc.
PAGE 1103
Security Configuration Command Set Configuring RFC 3580 13.3.3.1 show vlanauthorization Use this command to display the VLAN Authorization settings. show vlanauthorization [port-list] | [all] Syntax Description port-list (Optional) Displays the port(s) VLAN Authorization settings. all (Optional) Displays all port(s) VLAN Authorization settings. Command Type Switch command. Command Mode Read-Only.
PAGE 1104
Security Configuration Command Set Configuring RFC 3580 13.3.3.2 set vlanauthorization Use this command to set the VLAN Authorization attributes. set vlanauthorization enable | disable | port port-list {[enable | disable] none | tagged | untagged | dynamic} Syntax Description enable | disable enable - Enable VLAN Authorization. disable - Disable VLAN Authorization. port port-list (Optional) Set port(s) attributes for VLAN Authorization. enable | disable enable - Enable port VLAN Authorization.
PAGE 1105
Security Configuration Command Set Configuring RFC 3580 13.3.3.3 clear vlanauthorization Use this command to clear the VLAN Authorization attributes to the defaults. clear vlanauthorization port-list all Syntax Description port-list (Optional) Clear port(s) attributes for VLAN Authorization. all Clear all VLAN Authorization to the defaults. Command Type Switch command. Command Mode Read-Write. Command Defaults None.
PAGE 1106
Security Configuration Command Set Configuring TACACS+ 13.3.4 Configuring TACACS+ Purpose To perform the following: • Review the TACACS+ client/server configuration on the device. • Enable or disable the TACACS+ client. • Set local and remote login options. • Set server parameters, including IP address, timeout period, server port, and secret. • Reset TACACS+ client and server settings to default values.
PAGE 1107
Security Configuration Command Set Configuring TACACS+ 13.3.4.1 show tacacs Use this command to display the current TACACS+ client/server configuration. show tacacs [state || session {[accounting] | [authorization]} | [state] || command {[accounting] | [authorization]} | [state]|| single connection [state] || server {index | all}] Syntax Description state (Optional) Displays the TACACs client’s enable status.
PAGE 1108
Security Configuration Command Set Configuring TACACS+ Example This example shows how to display TACACS configuration information: Matrix E7 Platinum(su)->show tacacs TACACS+ state: enabled TACACS+ session accounting state: disabled TACACS+ command authorization state: disabled TACACS+ command accounting state: disabled TACACS+ single-connect state: disabled TACACS+ service: exec TACACS+ session authorization A-V pairs: access level attribute read-only 'priv-lvl' read-write 'priv-lvl' super-user 'priv-lvl'
PAGE 1109
Security Configuration Command Set Configuring TACACS+ Table 13-2 Output show Tacacs+ Output Details (Continued) What It Displays... TACACS+ session Value of the TACACS+ service attributes authorization on A-V pairs TACACS+ Server Displays the TACACS+ server, along with the it’s ip address, port, timeout, and status values.
PAGE 1110
Security Configuration Command Set Configuring TACACS+ 13.3.4.2 set tacacs Use this command to enable, disable, or configure TACACS+ authentication.
PAGE 1111
Security Configuration Command Set Configuring TACACS+ command {accounting | authorization {disable | enable}} Sets the TACACS+ command attributes Accounting, set session accounting attributes. Authorization, set session authorization attributes. Disable, disables the tacacs client. Enable, Enables the tacacs client. singleconnect Enable or disable ability to send multiple requests over a {disable | enable} single connection. Command Type Switch command. Command Mode Read-Write. Command Defaults None.
PAGE 1112
Security Configuration Command Set Configuring TACACS+ 13.3.4.3 clear tacacs Use this command to clear TACACS+ settings.
PAGE 1113
Security Configuration Command Set Configuring 802.1X Authentication 13.3.5 Configuring 802.1X Authentication About Multi-User Authentication Enterasys Networks’ enhanced version of the IEEE 802.1X-2001 specification decreases security vulnerabilities inherent with the standard implementation, and allows multiple devices and users — also known as “supplicants” — to be authenticated on a single port.
PAGE 1114
Security Configuration Command Set Configuring 802.1X Authentication Commands The commands used to review and configure 802.1X are listed below and described in the associated section as shown: • show dot1x (Section 13.3.5.1) • show dot1x auth-config (Section 13.3.5.2) • set dot1x (Section 13.3.5.3) • set dot1x auth-config (Section 13.3.5.4) • clear dot1x auth-config (Section 13.3.5.
PAGE 1115
Security Configuration Command Set Configuring 802.1X Authentication 13.3.5.1 show dot1x Use this command to display 802.1X status, diagnostics, statistics, and reauthentication or initialization control information for one or more ports.
PAGE 1116
Security Configuration Command Set Configuring 802.1X Authentication • If index is not specified, information for all access entities will be displayed. • If port-string is not specified, information for all ports will be displayed. Examples This example shows how to display 802.1X status: Matrix(rw)->show dot1x DOT1X is disabled. This example shows how to display authentication diagnostics information for fe.1.1: Matrix(rw)->show dot1x auth-diag fe.1.
PAGE 1117
Security Configuration Command Set Configuring 802.1X Authentication This example shows how to display authentication session statistics for fe.1.1: Matrix(rw)->show dot1x auth-session-stats fe.1.
PAGE 1118
Security Configuration Command Set Configuring 802.1X Authentication 13.3.5.2 show dot1x auth-config Use this command to display 802.1X authentication configuration settings for one or more ports.
PAGE 1119
Security Configuration Command Set Configuring 802.1X Authentication Command Type Switch command. Command Mode Read-Only. Command Defaults • If no parameters are specified, all 802.1X settings will be displayed. • If port-string is not specified, information for all ports will be displayed. Examples This example shows how to display the EAPOL port control mode for fe.1.1: Matrix(rw)->show dot1x auth-config authcontrolled-portcontrol fe.1.
PAGE 1120
Security Configuration Command Set Configuring 802.1X Authentication 13.3.5.3 set dot1x Use this command to enable or disable 802.1X authentication, to reauthenticate one or more access entities, or to reinitialize one or more supplicants. set dot1x {[enable | disable] [init | reauth [port-string] [index index-list]} Syntax Description enable | disable Enables or disables 802.1X. init | reauth Reinitializes one or more access entities or reauthenticates one or more supplicants.
PAGE 1121
Security Configuration Command Set Configuring 802.1X Authentication 13.3.5.4 set dot1x auth-config Use this command to configure 802.1X authentication.
PAGE 1122
Security Configuration Command Set Configuring 802.1X Authentication servertimeout timeout Specifies a timeout period (in seconds) for the authentication server, used by the backend authentication state machine. Valid values are 1 - 300. supptimeout timeout Specifies a timeout period (in seconds) for the authentication supplicant used by the backend authentication state machine. Valid values are 1 - 300.
PAGE 1123
Security Configuration Command Set Configuring 802.1X Authentication 13.3.5.5 clear dot1x auth-config Use this command to reset 802.1X authentication parameters to default values on one or more ports. clear dot1x auth-config [authcontrolled-portcontrol] [keytxenabled] [maxreq] [quietperiod] [reauthenabled] [reauthperiod] [servertimeout] [supptimeout] [txperiod] [port-string] Syntax Description authcontrolledportcontrol (Optional) Resets the 802.1X port control mode to auto.
PAGE 1124
Security Configuration Command Set Configuring 802.1X Authentication Examples This example shows how to reset the 802.1X port control mode to auto on all ports: Matrix(rw)->clear dot1x auth-config authcontrolled-portcontrol This example shows how to reset reauthentication control to disabled on ports fe.1.1-3: Matrix(rw)->clear dot1x auth-config reauthenabled fe.1.1-3 This example shows how to reset the 802.1X quiet period to 60 seconds on ports fe.1.
PAGE 1125
Security Configuration Command Set Configuring Port Web Authentication (PWA) 13.3.6 Configuring Port Web Authentication (PWA) About PWA PWA provides a way of authenticating users before allowing general access to the network. A PWA user’s access to the network is restricted until after the user successfully logs in via a web browser using the Enterasys Networks’ Matrix Series web-based security interface.
PAGE 1126
Security Configuration Command Set Configuring Port Web Authentication (PWA) Setting the port mode in this fashion will allow traffic to flow through the port without authentication according to its configuration. By default, this would allow all traffic to be forwarded. Conversely, you could configure the ports to drop all traffic, but this is not the most effective solution. Better yet would be to configure the port to provide only the minimal services and nothing more.
PAGE 1127
Security Configuration Command Set Configuring Port Web Authentication (PWA) Commands The commands needed to review and configure PWA are listed below and described in the associated section as shown: • show pwa (Section 13.3.6.1) • set pwa (Section 13.3.6.2) • set pwa hostname (Section 13.3.6.3) • clear pwa hostname (Section 13.3.6.4) • show pwa banner (Section 13.3.6.5) • set pwa banner (Section 13.3.6.6) • clear pwa banner (Section 13.3.6.7) • set pwa displaylogo (Section 13.3.6.
PAGE 1128
Security Configuration Command Set Configuring Port Web Authentication (PWA) 13.3.6.1 show pwa Use this command to display port web authentication information for one or more ports. show pwa [port-string] Syntax Description port-string (Optional) Displays PWA information for specific port(s). Command Defaults If port-string is not specified, PWA information will be displayed for all ports. Command Type Switch command. Command Mode Read-Only.
PAGE 1129
Security Configuration Command Set Configuring Port Web Authentication (PWA) Table 13-3 show pwa Output Details Output What It Displays... PWA Status Whether or not port web authentication is enabled or disabled. Default state of disabled can be changed using the set pwa command as described in Section 13.3.6.2. PWA IP Address IP address of the end station from which PWA will prevent network access until the user is authenticated. Set using the set pwa ipaddress command as described in Section 13.3.
PAGE 1130
Security Configuration Command Set Configuring Port Web Authentication (PWA) Table 13-3 show pwa Output Details (Continued) Output What It Displays... Mode PWA port control mode. Auth Status Whether or not the port state is disconnected, authenticating authenticated, or held (authentication has failed). Quiet Period Amount of time a port will be in the held state after a user unsuccessfully attempts to log on to the network.
PAGE 1131
Security Configuration Command Set Configuring Port Web Authentication (PWA) 13.3.6.2 set pwa Use this command to enable or disable port web authentication. set pwa {enable | disable} NOTE: Port Web Authentication cannot be enabled if either MAC authentication or EAPOL (802.1X) is enabled. For information on disabling 802.1X, refer to Section 13.3.5.3. For information on disabling MAC authentication, refer to Section 13.3.7.3.
PAGE 1132
Security Configuration Command Set Configuring Port Web Authentication (PWA) 13.3.6.3 set pwa hostname Use this command to set a port web authentication host name. This is a URL for accessing the PWA login page. set pwa hostname name Syntax Description name Specifies a name for accessing the PWA login page. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 1133
Security Configuration Command Set Configuring Port Web Authentication (PWA) 13.3.6.4 clear pwa hostname Use this command to clear the port web authentication host name. clear pwa hostname Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 1134
Security Configuration Command Set Configuring Port Web Authentication (PWA) 13.3.6.5 show pwa banner Use this command to display the port web authentication login banner string. show pwa banner Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only.
PAGE 1135
Security Configuration Command Set Configuring Port Web Authentication (PWA) 13.3.6.6 set pwa banner Use this command to configure a string to be displayed as the PWA login banner. set pwa banner string Syntax Description string Specifies the PWA login banner. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 1136
Security Configuration Command Set Configuring Port Web Authentication (PWA) 13.3.6.7 clear pwa banner Use this command to reset the PWA login banner to a blank string. clear pwa banner Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 1137
Security Configuration Command Set Configuring Port Web Authentication (PWA) 13.3.6.8 set pwa displaylogo Use this command to set the display options for the Enterasys Networks logo. set pwa displaylogo {display | hide} Syntax Description display | hide Displays or hides the Enterasys Networks logo when the PWA website displays. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 1138
Security Configuration Command Set Configuring Port Web Authentication (PWA) 13.3.6.9 set pwa redirecttime Use this command to set the PWA login success page redirect time. set pwa redirecttime time Syntax Description time Specifies the number of seconds before the user will be redirected to the PWA home page after successful login. Valid values are 0 - 120. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 1139
Security Configuration Command Set Configuring Port Web Authentication (PWA) 13.3.6.10 set pwa ipaddress Use this command to set the PWA IP address. This is the IP address of the end station from which PWA will prevent network access until the user is authenticated. set pwa ipaddress ip-address Syntax Description ip-address Specifies a globally unique IP address. This same value must be configured into every authenticating switch in the domain. Command Defaults None. Command Type Switch command.
PAGE 1140
Security Configuration Command Set Configuring Port Web Authentication (PWA) 13.3.6.11 set pwa protocol Use this command to set the port web authentication protocol. set pwa protocol {chap | pap} Syntax Description chap | pap Sets the PWA protocol to: • CHAP (PPP Challenge Handshake Protocol) encrypts the username and password between the end-station and the switch port. • PAP (Password Authentication Protocol- does not provide any encryption between the end-station the switch port.
PAGE 1141
Security Configuration Command Set Configuring Port Web Authentication (PWA) 13.3.6.12 set pwa enhancedmode Use this command to enable or disable PWA enhanced mode. When enabled, users on unauthenticated PWA ports can type any URL into a browser and be presented the PWA login page on their initial web access. They will also be granted guest networking privileges. set pwa enhancedmode {enable | disable} Syntax Description enable | disable Enables or disables PWA enhanced mode. Command Defaults None.
PAGE 1142
Security Configuration Command Set Configuring Port Web Authentication (PWA) 13.3.6.13 set pwa guestname Use this command to set a guest user name for PWA enhanced mode networking. When enhanced mode is enabled (as described in Section 13.3.6.12), PWA will use this name to grant network access to guests without established login names and passwords. set pwa guestname name Syntax Description name Specifies a guest user name. Command Type Switch command. Command Defaults None. Command Mode Read-Write.
PAGE 1143
Security Configuration Command Set Configuring Port Web Authentication (PWA) 13.3.6.14 clear pwa guestname Use this command to clear the PWA guest user name. clear pwa guestname Syntax Description None. Command Type Switch command. Command Defaults None. Command Mode Read-Write.
PAGE 1144
Security Configuration Command Set Configuring Port Web Authentication (PWA) 13.3.6.15 set pwa guestpassword Use this command to set the guest user password for PWA networking. When enhanced mode is enabled, (as described in Section 13.3.6.12) PWA will use this password and the guest user name to grant network access to guests without established login names and passwords. set pwa guestpassword Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 1145
Security Configuration Command Set Configuring Port Web Authentication (PWA) 13.3.6.16 set pwa gueststatus Use this command to enable or disable guest networking for port web authentication. When enhanced mode is enabled (as described in Section 13.3.6.12), PWA will use a guest password and guest user name to grant network access with default policy privileges to users without established login names and passwords.
PAGE 1146
Security Configuration Command Set Configuring Port Web Authentication (PWA) 13.3.6.17 set pwa initialize Use this command to initialize a PWA port to its default unauthenticated state. set pwa initialize [port-string] Syntax Description port-string (Optional) Initializes specific port(s). For a detailed description of possible port-string values, refer to Section 3.1.1. Command Type Switch command. Command Defaults If port-string is not specified, all ports will be initialized. Command Mode Read-Write.
PAGE 1147
Security Configuration Command Set Configuring Port Web Authentication (PWA) 13.3.6.18 set pwa quietperiod Use this command to set the amount of time a port will remain in the held state after a user unsuccessfully attempts to log on to the network. set pwa quietperiod time [port-string] Syntax Description time Specifies quiet time in seconds. port-string (Optional) Sets the quiet period for specific port(s). For a detailed description of possible port-string values, refer to Section 3.1.1.
PAGE 1148
Security Configuration Command Set Configuring Port Web Authentication (PWA) 13.3.6.19 set pwa maxrequests Use this command to set the maximum number of log on attempts allowed before transitioning the PWA port to a held state. set pwa maxrequests requests [port-string] Syntax Description maxrequests Specifies the maximum number of log on attempts. port-string (Optional) Sets the maximum requests for specific port(s). For a detailed description of possible port-string values, refer to Section 3.1.1.
PAGE 1149
Security Configuration Command Set Configuring Port Web Authentication (PWA) 13.3.6.20 set pwa portcontrol Use this command to set the PWA port control mode. set pwa portcontrol {auto | forceauthorized | forceunauthorized | promiscuousauto} [port-string] Syntax Description auto Sets the port to auto mode. In this mode, the port is filtering traffic. Login/Logout screens are available, as is the PWA IP. Spoofing (ARP, DNS, WINS and DHCP) will respond to requests.
PAGE 1150
Security Configuration Command Set Configuring Port Web Authentication (PWA) Example This example shows how to set the PWA control mode to auto for all ports: Matrix(rw)->set pwa portcontrol auto 13-68 Matrix DFE-Gold Series Configuration Guide
PAGE 1151
Security Configuration Command Set Configuring Port Web Authentication (PWA) 13.3.6.21 show pwa session Use this command to display information about current PWA sessions. show pwa session [port-string] Syntax Description port-string (Optional) Displays PWA session information for specific port(s). For a detailed description of possible port-string values, refer to Section 3.1.1. Command Type Switch command.
PAGE 1152
Security Configuration Command Set Configuring MAC Authentication 13.3.7 Configuring MAC Authentication Purpose To review, disable, enable and configure MAC authentication. This allows the device to authenticate source MAC addresses in an exchange with an authentication server. The authenticator (switch) selects a source MAC seen on a MAC-authentication enabled port, and submits it to a backend client for authentication.
PAGE 1153
Security Configuration Command Set Configuring MAC Authentication • clear macauthentication reauthperiod (Section 13.3.7.17) • set macauthentication quietperiod (Section 13.3.7.18) • clear macauthentication quietperiod (Section 13.3.7.
PAGE 1154
Security Configuration Command Set Configuring MAC Authentication 13.3.7.1 show macauthentication Use this command to display MAC authentication information for one or more ports. show macauthentication [port-string] Syntax Description port-string (Optional) Displays MAC authentication information for specific port(s). For a detailed description of possible port-string values, refer to Section 3.1.1. Command Type Switch command. Command Mode Read-Only.
PAGE 1155
Security Configuration Command Set Configuring MAC Authentication Table 13-4 show macauthentication Output Details Output What It Displays... MAC authentication Whether MAC authentication is globally enabled or disabled. Set using the set macauthentication command as described in Section 13.3.7.3. MAC user password User password associated with MAC authentication on the device. Set using the set macauthentication password command as described in Section 13.3.7.4.
PAGE 1156
Security Configuration Command Set Configuring MAC Authentication 13.3.7.2 show macauthentication session Use this command to display the active MAC authenticated sessions. show macauthentication session Syntax Description None. Command Type Switch command. Command Mode Read-Only. Command Defaults If port-string is not specified, MAC session information will be displayed for all MAC authentication ports.
PAGE 1157
Security Configuration Command Set Configuring MAC Authentication Table 13-5 show macauthentication session Output Details (Continued) Output What It Displays... Reauth Period Reauthentication period for this port, set using the set macauthentication reauthperiod command described in Section 13.3.7.16. Reauthentications Whether or not reauthentication is enabled or disabled on this port. Set using the set macauthentication reauthentication command described in Section 13.3.7.13.
PAGE 1158
Security Configuration Command Set Configuring MAC Authentication 13.3.7.3 set macauthentication Use this command to globally enable or disable MAC authentication. set macauthentication {enable | disable} Syntax Description enable | disable Globally enables or disables MAC authentication. Command Type Switch command. Command Mode Read-Write. Command Defaults None.
PAGE 1159
Security Configuration Command Set Configuring MAC Authentication 13.3.7.4 set macauthentication password Use this command to set a MAC authentication password. set macauthentication password password Syntax Description password Specifies a text string MAC authentication password. Command Type Switch command. Command Mode Read-Write. Command Defaults None.
PAGE 1160
Security Configuration Command Set Configuring MAC Authentication 13.3.7.5 clear macauthentication password Use this command to clear the MAC authentication password. clear macauthentication password Syntax Description None. Command Type Switch command. Command Mode Read-Write. Command Defaults None.
PAGE 1161
Security Configuration Command Set Configuring MAC Authentication 13.3.7.6 set macauthentication significant-bits Use this command to set the number of significant bits of the MAC address to use for authentication. set macauthentication significant-bits number Syntax Description number Specifies a number of significant bits. Command Type Switch command. Command Mode Read-Write. Command Defaults None.
PAGE 1162
Security Configuration Command Set Configuring MAC Authentication 13.3.7.7 clear macauthentication significant-bits Use this command to clear the MAC authentication significant bits setting. clear macauthentication significant-bits Syntax Description None. Command Type Switch command. Command Mode Read-Write. Command Defaults None.
PAGE 1163
Security Configuration Command Set Configuring MAC Authentication 13.3.7.8 set macauthentication port Use this command to enable or disable one or more ports for MAC authentication. set macauthentication port {enable | disable} port-string NOTE: Enabling port(s) for MAC authentication requires globally enabling MAC authentication on the device as described in Section 13.3.7.3, and then enabling it on a port-by-port basis. By default, MAC authentication is globally disabled and disabled on all ports.
PAGE 1164
Security Configuration Command Set Configuring MAC Authentication 13.3.7.9 set macauthentication authallocated Use this command to set the number of MAC authentication sessions allowed for one or more ports. set macauthentication authallocated number port-string Syntax Description number Specifies the number of authentication sessions allowed. port-string Specifies port(s) on which to set the number of authentication sessions.
PAGE 1165
Security Configuration Command Set Configuring MAC Authentication 13.3.7.10 clear macauthentication authallocated Use this command to clear the number of MAC authentication sessions allowed for one or more ports. clear macauthentication authallocated [port-string] Syntax Description port-string (Optional) Clears the number of authentication sessions allowed for specific port(s). For a detailed description of possible port-string values, refer to Section 3.1.1. Command Type Switch command.
PAGE 1166
Security Configuration Command Set Configuring MAC Authentication 13.3.7.11 set macauthentication portinitialize Use this command to force one or more MAC authentication ports to re-initialize and remove any currently active sessions on those ports. set macauthentication portinitialize port-string Syntax Description port-string Specifies the MAC authentication port(s) to re-initialize. For a detailed description of possible port-string values, refer to Section 3.1.1. Command Type Switch command.
PAGE 1167
Security Configuration Command Set Configuring MAC Authentication 13.3.7.12 set macauthentication macinitialize Use this command to force a current MAC authentication session to re-initialize and remove the session. set macauthentication macinitialize mac_addr Syntax Description mac_addr Specifies the MAC address of the session to re-initialize. Command Type Switch command. Command Mode Read-Write. Command Defaults None.
PAGE 1168
Security Configuration Command Set Configuring MAC Authentication 13.3.7.13 set macauthentication reauthentication Use this command to enable or disable reauthentication of all currently authenticated MAC addresses on one or more ports. set macauthentication reauthentication {enable | disable} port-string Syntax Description enable | disable Enables or disables MAC reauthentication. port-string Specifies port(s) on which to enable or disable MAC reauthentication.
PAGE 1169
Security Configuration Command Set Configuring MAC Authentication 13.3.7.14 set macauthentication portreauthenticate Use this command to force an immediate reauthentication of the currently active sessions on one or more MAC authentication ports. set macauthentication portreauthenticate port-string Syntax Description port-string Specifies MAC authentication port(s) to be reauthenticated. For a detailed description of possible port-string values, refer to Section 3.1.1. Command Type Switch command.
PAGE 1170
Security Configuration Command Set Configuring MAC Authentication 13.3.7.15 set macauthentication macreauthenticate Use this command to force an immediate reauthentication of a MAC address. set macauthentication macreauthenticate mac_addr Syntax Description mac_addr Specifies the MAC address of the session to reauthenticate. Command Type Switch command. Command Mode Read-Write. Command Defaults None.
PAGE 1171
Security Configuration Command Set Configuring MAC Authentication 13.3.7.16 set macauthentication reauthperiod Use this command to set the MAC reauthentication period (in seconds). This is the time lapse between attempts to reauthenticate any current MAC address authenticated to a port. set macauthentication reauthperiod time port-string Syntax Description time Specifies the number of seconds between reauthentication attempts. Valid values are 1 - 4294967295.
PAGE 1172
Security Configuration Command Set Configuring MAC Authentication 13.3.7.17 clear macauthentication reauthperiod Use this command to clear the MAC reauthentication period on one or more ports. clear macauthentication reauthperiod [port-string] Syntax Description port-string (Optional) Clears the MAC reauthentication period on specific port(s). For a detailed description of possible port-string values, refer to Section 3.1.1. Command Type Switch command. Command Mode Read-Write.
PAGE 1173
Security Configuration Command Set Configuring MAC Authentication 13.3.7.18 set macauthentication quietperiod Use this command to enable a reauthentication attempt for failed entries at the period specified in seconds. Default value is 0 (never). set macauthentication quietperiod time port-string Syntax Description time Specifies the number of seconds between reauthentication attempts. Valid values are 0 - 4294967295. port-string Specifies the port(s) on which to set the macauthentication quiet period.
PAGE 1174
Security Configuration Command Set Configuring MAC Authentication 13.3.7.19 clear macauthentication quietperiod Use this command to clear the macauthentication quiet period on one or more ports to the default value. The default value is 0 (never). clear macauthentication quietperiod [port-string] Syntax Description port-string (Optional) Clears the macauthentication quiet period on specific port(s). For a detailed description of possible port-string values, refer to Section 3.1.1.
PAGE 1175
Security Configuration Command Set Configuring Convergence End Points (CEP) Phone Detection 13.3.8 Configuring Convergence End Points (CEP) Phone Detection About CEP Phone Detection • Convergence is a method to detect a remote IP telephony or video device and apply a policy to the connection port based on the type of CEP device found. When a convergence end point (CEP) is found, the global policy for CEP detection is applied to the user on that port.
PAGE 1176
Security Configuration Command Set Configuring Convergence End Points (CEP) Phone Detection • show cep connections (Section 13.3.8.1) • show cep detection (Section 13.3.8.2) • show cep policy (Section 13.3.8.3) • show cep port (Section 13.3.8.4) • set cep (Section 13.3.8.5) • set cep port (Section 13.3.8.6) • set cep policy (Section 13.3.8.7) • set cep detection (Section 13.3.8.8) • set cep detection type (Section 13.3.8.9) • set cep detection address (Section 13.3.8.
PAGE 1177
Security Configuration Command Set Configuring Convergence End Points (CEP) Phone Detection 13.3.8.1 show cep connections Use this command to display all learned CEPs show cep connections Syntax Description port-string Displays CEP status for one or more ports. For a detailed description of possible port-string values, refer to Section 3.1.1. Command Defaults None Command Mode Read-Only. Example This example shows how to display CEP connections for port fe.1.
PAGE 1178
Security Configuration Command Set Configuring Convergence End Points (CEP) Phone Detection 13.3.8.2 show cep detection Use this command to display CEP phone detection parameters. show cep detection Syntax Description detection Show all CEP detection parameters or show CEP detection parameters, based on the CEP configuration group id. Command Defaults None Command Mode Read-Only.
PAGE 1179
Security Configuration Command Set Configuring Convergence End Points (CEP) Phone Detection 13.3.8.3 show cep policy Use this command to display the global policies of all supported CEP types. show cep policy Syntax Description Command Defaults None Command Mode Read-Only.
PAGE 1180
Security Configuration Command Set Configuring Convergence End Points (CEP) Phone Detection 13.3.8.4 show cep port Use this command to display enable status of all supported CEP types. show cep port Syntax Description port Displays CEP status for one or more ports. For a detailed description of possible port-string values, refer to Section 3.1.1. Command Defaults None Command Mode Read-Only. Examples This example shows how to display CEP status information for port fe.1.
PAGE 1181
Security Configuration Command Set Configuring Convergence End Points (CEP) Phone Detection 13.3.8.5 set cep Use this command to globally enable or disable CEP detection. set cep {enable | disable} Syntax Description enable | disable Globally enables or disables CEP detection. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 1182
Security Configuration Command Set Configuring Convergence End Points (CEP) Phone Detection 13.3.8.6 set cep port Use this command to enable or disable a CEP detection type on one or more ports. set cep port port-string {cisco | h323 | siemens | sip} {enable | disable} Syntax Description port-string Specifies the port(s) to enable or disable. For a detailed description of possible port-string values, refer to Section 3.1.1. cisco Set the Cisco detection status on the specified ports.
PAGE 1183
Security Configuration Command Set Configuring Convergence End Points (CEP) Phone Detection 13.3.8.7 set cep policy Use this command to set a global default policy for a CEP detection type. This is the policy that will be applied when a phone of the specified type is detected on a port. It must be configured using the policy management commands described in Chapter 7. set cep policy {cisco | h323 | siemens | sip} index Syntax Description cisco Set the Cisco global default policy index.
PAGE 1184
Security Configuration Command Set Configuring Convergence End Points (CEP) Phone Detection 13.3.8.8 set cep detection-id Use this command to create a new H.323, Siemens, or SIP phone detection configuration group, or enable, disable or remove an existing group. set cep detection-id id {create | delete | disable | enable} NOTE: This command applies only to Siemens, H.323, and SIP phone detection. Cisco detection uses CiscoDP as its discovery method.
PAGE 1185
Security Configuration Command Set Configuring Convergence End Points (CEP) Phone Detection 13.3.8.9 set cep detection-id type Use this command to specify whether a phone detection group will use H.323, Siemens or SIP as its phone discovery type. set cep detection-id id type {h323 | siemens | sip} NOTE: This command applies only to Siemens, H.323, and SIP phone detection. Cisco detection uses CiscoDP as its discovery method. NOTE: There are currently 3 manual detection types (Siemens, H323, SIP).
PAGE 1186
Security Configuration Command Set Configuring Convergence End Points (CEP) Phone Detection 13.3.8.10 set cep detection-id address Use this command to set an H.323, Siemens, or SIP phone detection group’s IP address or mask. By default, H.323 will use 224.0.1.41 as its IP address and Siemens will have no IP address configured. set cep detection-id id address { ip-address | unknown } mask {mask}| unknown } NOTE: This command applies only to Siemens, H.323, and SIP phone detection.
PAGE 1187
Security Configuration Command Set Configuring Convergence End Points (CEP) Phone Detection 13.3.8.11 set cep detection-id protocol Use this command to specify an IP protocol type for H.323, Siemens, or SIP convergence end points detection. If an IP address is not set for a phone detection group as described in Section 13.3.8.10, this will configure detection on UDP and/or TCP ports using a port range defined with the set cep detection-id porthigh | portlow command as described in Section 13.3.8.12.
PAGE 1188
Security Configuration Command Set Configuring Convergence End Points (CEP) Phone Detection 13.3.8.12 set cep detection-id porthigh | portlow Use this command to set the maximum and minimum ports used for TCP or UDP convergence end points detection. Once UDP and/or TCP phone detection has been specified using the set cep detection-id protocol command as described in Section 13.3.8.11, the protocols will use this port range for detection matching.
PAGE 1189
Security Configuration Command Set Configuring Convergence End Points (CEP) Phone Detection 13.3.8.13 set cep initialize Use this command to clear all existing CEP connections for one or more CEP-enabled ports. This command is similar to the clear cep users command. set cep initialize port-string Syntax Description port-string Specifies the CEP-enabled port(s) to clear existing CEP connections. This must be a port-string enabled for CEP using the set cep port command as described in Section 13.3.8.6.
PAGE 1190
Security Configuration Command Set Configuring Convergence End Points (CEP) Phone Detection 13.3.8.14 clear cep Use this command to clear convergence end points parameters. clear cep {[all | policy | detection | users ] [port port-string {all | cisco | h323 | siemens |sip}]} Syntax Description all Restores factory defaults to all CEP configuration information. policy Restore factory defaults to CEP policy configuration.
PAGE 1191
Security Configuration Command Set Configuring Convergence End Points (CEP) Phone Detection This example shows how to clear detection id 4 parameters Matrix>clear cep detection-id 4 This example shows how to clears ports fe.1.1-5 of Cisco phone detection parameters Matrix>clear cep ports fe.1.
PAGE 1192
Security Configuration Command Set Configuring MAC Locking 13.3.9 Configuring MAC Locking Purpose To review, disable, enable and configure MAC locking. This locks a MAC address to one or more ports, preventing connection of unauthorized devices via the port(s). When source MAC addresses are received on specified ports, the switch discards all subsequent frames not containing the configured source addresses.
PAGE 1193
Security Configuration Command Set Configuring MAC Locking 13.3.9.1 show maclock Use this command to display the status of MAC locking on one or more ports. show maclock [port_string] Syntax Description port_string (Optional) Displays MAC locking status for specified port(s). For a detailed description of possible port_string values, refer to Section 3.1.1. Command Defaults If port_string is not specified, MAC locking status will be displayed for all ports. Command Type Switch command.
PAGE 1194
Security Configuration Command Set Configuring MAC Locking Table 13-6 show maclock Output Details Output What It Displays... Port Number Port designation. For a detailed description of possible port_string values, refer to Section 3.1.1. Port Status Whether MAC locking is enabled or disabled on the port. MAC locking is globally disabled by default. For details on using set maclock commands to enable it on the device and on one or more ports, refer to Section 13.3.9.3 and Section 13.3.9.5.
PAGE 1195
Security Configuration Command Set Configuring MAC Locking 13.3.9.2 show maclock stations Use this command to display MAC locking information about end stations connected to the device. show maclock stations [firstarrival | static][port-string] Syntax Description firstarrival (Optional) Displays MAC locking information about end stations first connected to MAC locked ports. static (Optional) Displays MAC locking information about static (management defined) end stations connected to MAC locked ports.
PAGE 1196
Security Configuration Command Set Configuring MAC Locking Table 13-7 provides an explanation of the command output. Table 13-7 show maclock stations Output Details Output What It Displays... Port Number Port designation. For a detailed description of possible port_string values, refer to Section 3.1.1. MAC address MAC address of the end station(s) locked to the port. Status Whether the end stations are active or inactive.
PAGE 1197
Security Configuration Command Set Configuring MAC Locking 13.3.9.3 set maclock enable Use this command to enable MAC locking on one or more ports. When enabled and configured for a specific MAC address and port string, this locks a port so that only designated end station addresses are allowed to participate in frame relay. set maclock enable [port_string] NOTE: MAC locking is disabled by default at device startup.
PAGE 1198
Security Configuration Command Set Configuring MAC Locking 13.3.9.4 set maclock disable Use this command to disable MAC locking on one or more ports. set maclock disable [port_string] Syntax Description port_string (Optional) Disables MAC locking on specific port(s). For a detailed description of possible port_string values, refer to Section 3.1.1. Command Defaults If port_string is not specified, MAC locking will be disabled on all ports. Command Type Switch command. Command Mode Read-Write.
PAGE 1199
Security Configuration Command Set Configuring MAC Locking 13.3.9.5 set maclock Use this command to create a static MAC address and enable or disable MAC locking for the specific MAC address and port. When created and enabled, this allows only the end station designated by the MAC address to participate in frame relay.
PAGE 1200
Security Configuration Command Set Configuring MAC Locking 13.3.9.6 set maclock firstarrival Use this command to restrict MAC locking on a port to a maximum number of end station addresses first connected to that port. set maclock firstarrival port_string value Syntax Description port_string Specifies the port on which to limit MAC locking. For a detailed description of possible port_string values, refer to Section 3.1.1.
PAGE 1201
Security Configuration Command Set Configuring MAC Locking 13.3.9.7 set maclock move Use this command to move all current first arrival MACs to static entries. set maclock move port-string Syntax Description port-string Specifies the port where all current first arrival MACs will be moved to static entries. For a detailed description of possible port_string values, refer to Section 3.1.1. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 1202
Security Configuration Command Set Configuring MAC Locking 13.3.9.8 clear maclock firstarrival Use this command to reset the number of first arrival MAC addresses allowed per port to the default value of 600. clear maclock firstarrival port-string Syntax Description port_string Specifies the port on which to reset the first arrival value. For a detailed description of possible port_string values, refer to Section 3.1.1. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 1203
Security Configuration Command Set Configuring MAC Locking 13.3.9.9 set maclock static Use this command to restrict MAC locking on a port to a maximum number of static (management defined) MAC addresses for end stations connected to that port. set maclock static port_string value Syntax Description port_string Specifies the port on which to limit MAC locking. For a detailed description of possible port_string values, refer to Section 3.1.1.
PAGE 1204
Security Configuration Command Set Configuring MAC Locking 13.3.9.10 clear maclock static Use this command to reset the number of static MAC addresses allowed per port to the default value of 20. clear maclock static port_string Syntax Description port_string Specifies the port on which to reset the static MAC locking limit. For a detailed description of possible port_string values, refer to Section 3.1.1. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
PAGE 1205
Security Configuration Command Set Configuring MAC Locking 13.3.9.11 set maclock trap Use this command to enable or disable MAC lock trap messaging. When enabled, this authorizes the device to send an SNMP trap message if an end station is connected that exceeds the maximum values configured using the set maclock firstarrival and set maclock static commands. Violating MAC addresses are dropped from the device’s routing table.
PAGE 1206
Security Configuration Command Set Configuring MAC Locking 13.3.9.12 clear maclock Use this command to clear MAC locking from one or more static MAC addresses. clear maclock {all | mac-address port-string} Syntax Description all Clears all static MAC locking for one or more ports. mac_address Specifies the MAC address for which the MAC locking will be cleared. port_string Specifies the port on which to clear MAC locking. For a detailed description of possible port_string values, refer to Section 3.1.
PAGE 1207
Security Configuration Command Set Configuring Multiple Authentication 13.3.10 Configuring Multiple Authentication About Multiple Authentication When enabled, multiple authentication allows multiple users to authenticate using up to three methods on the same port, and receive a policy traffic profile based on the RADIUS configuration.
PAGE 1208
Security Configuration Command Set Configuring Multiple Authentication • set multiauth session-timeout(Section 13.3.10.15) • clear multiauth session-timeout(Section 13.3.10.
PAGE 1209
Security Configuration Command Set Configuring Multiple Authentication 13.3.10.1 set multiauth mode Use this command to set the system authentication mode to use multiple authenticators simultaneously or to strictly adhere to 802.1X. set multiauth mode {multi | strict} Syntax Description multi Allows the system to use multiple authenticators simultaneously. NOTE: This mode requires that MAC, PWA, and 802.
PAGE 1210
Security Configuration Command Set Configuring Multiple Authentication 13.3.10.2 clear multiauth mode Use this command to clear the system authentication mode. clear multiauth mode Syntax Description None. Command Type Switch command. Command Mode Read-Write. Command Defaults None.
PAGE 1211
Security Configuration Command Set Configuring Multiple Authentication 13.3.10.3 set multiauth precedence Use this command to set the system’s multiple authentication administrative precedence.When a user is successfully authenticated by more than one method at the same time, the precedence of the authentication methods will determine which RADIUS-returned filter ID will be processed and result in an applied traffic policy profile.
PAGE 1212
Security Configuration Command Set Configuring Multiple Authentication 13.3.10.4 clear multiauth precedence Use this command to clear the system’s multiple authentication administrative precedence. clear multiauth precedence Syntax Description None. Command Type Switch command. Command Mode Read-Write. Command Defaults None.
PAGE 1213
Security Configuration Command Set Configuring Multiple Authentication 13.3.10.5 show multiauth port Use this command to display multiple authentication properties for one or more ports. show multiauth port [port-string] Syntax Description port-string (Optional) Displays multiple authentication information for specific port(s). Command Type Switch command. Command Mode Read-Only. Command Defaults If port-string is not specified, multiple authentication information will be displayed for all ports.
PAGE 1214
Security Configuration Command Set Configuring Multiple Authentication 13.3.10.6 set multiauth port Use this command to set multiple authentication properties for one or more ports. set multiauth port mode {auth-opt | auth-reqd | force-auth | force-unauth} | numusers numusers port-string Syntax Description mode auth-opt | auth-reqd | force-auth | force-unauth Specifies the port(s)’ multiple authentication mode as: numusers numusers Specifies the number of users allowed authentication on port(s).
PAGE 1215
Security Configuration Command Set Configuring Multiple Authentication 13.3.10.7 clear multiauth port Use this command to clear multiple authentication properties for one or more ports. clear multiauth port {[mode] [numusers] port-string} Syntax Description mode Clears the port(s)’ multiple authentication mode. numusers Clears the value set for the number of users allowed authentication on port(s). port-string Specifies the port(s) on which to clear multiple authentication properties.
PAGE 1216
Security Configuration Command Set Configuring Multiple Authentication 13.3.10.8 show multiauth station Use this command to display multiple authentication station (end user) entries. show multiauth station [mac address] [port port-string] Syntax Description mac address (Optional) Displays multiple authentication station entries for specific MAC address(es). port port-string (Optional) Displays multiple authentication station entries for specific port(s). Command Type Switch command.
PAGE 1217
Security Configuration Command Set Configuring Multiple Authentication 13.3.10.9 clear multiauth station Use this command to clear one or more multiple authentication station entries. clear multiauth station [mac address] port port-string Syntax Description mac address (Optional) Clears multiple authentication station entries for specific MAC address(es). port port-string Specifies the port(s) for which to clear multiple authentication station entries. Command Type Switch command.
PAGE 1218
Security Configuration Command Set Configuring Multiple Authentication 13.3.10.10 show multiauth session Use this command to display multiple authentication session entries. show multiauth session [all] [agent {dot1x | mac | pwa | cep}] [mac address] [port port-string] Syntax Description all (Optional) Displays information about all sessions, including those with terminated status. agent | dot1x | mac | pwa | cep (Optional) Displays 802.1X, MAC, CEP, or port web authentication session information.
PAGE 1219
Security Configuration Command Set Configuring Multiple Authentication 13.3.10.11 show multiauth idle-timeout Use this command to display the multiple authentication timeout value for an idle session. This will display the idle-timeout vlaues, in seconds, for the following authentication types: dot1x, pwa, mac, and cep. show multiauth idle-timeout Syntax Description None Command Type Switch command. Command Mode Read-Only.
PAGE 1220
Security Configuration Command Set Configuring Multiple Authentication 13.3.10.12 set multiauth idle-timeout Use this command to set the multiple authentication timeout value for an idle session. This command can set the idle-timeout vlaues, in seconds, for the following authentication types: dot1x, pwa, mac, and cep.
PAGE 1221
Security Configuration Command Set Configuring Multiple Authentication 13.3.10.13 clear multiauth idle-timeout Use this command to clear multiple authentication idle-timeout values, for an idle session, back to the default values. This command can clear the idle-timeout values, in seconds, for the following authentication types: dot1x, pwa, mac, and cep.
PAGE 1222
Security Configuration Command Set Configuring Multiple Authentication 13.3.10.14 show multiauth session-timeout Use this command to display multiple authentication session-timeout values for an active session. This will display the session-timeout values, in seconds, for the following authentication types: dot1x, pwa, mac, and cep. show multiauth session-timeout Syntax Description None Command Type Switch command. Command Mode Read-Only.
PAGE 1223
Security Configuration Command Set Configuring Multiple Authentication 13.3.10.15 set multiauth session-timeout Use this command to set multiple authentication session-timeout values, for an active session. This command can set the session-timeout values, in seconds, for the following authentication types: dot1x, pwa, mac, and cep.
PAGE 1224
Security Configuration Command Set Configuring Multiple Authentication 13.3.10.16 clear multiauth session-timeout Use this command to clear multiple authentication session-timeout values, for an active session, back to the default values. This command can clear the session-timeout values, in seconds, for the following authentication types: dot1x, pwa, mac, and cep.
PAGE 1225
Security Configuration Command Set Configuring Secure Shell (SSH) 13.3.11 Configuring Secure Shell (SSH) Purpose To review, enable, disable, and configure the Secure Shell (SSH) protocol, which provides secure Telnet. Commands The commands used to review and configure SSH are listed below and described in the associated section as shown: • show ssh state (Section 13.3.11.1) • set ssh (Section 13.3.11.2) • set ssh hostkey (Section 13.3.11.3) • show router ssh (Section 13.3.11.
PAGE 1226
Security Configuration Command Set Configuring Secure Shell (SSH) 13.3.11.1 show ssh state Use this command to display the current status of SSH on the device. show ssh state Syntax Description None. Command Type Switch command. Command Mode Read-Only. Command Defaults None. Examples This example shows how to display SSH status on the device: Matrix(rw)->show ssh state SSH Server status: Disabled.
PAGE 1227
Security Configuration Command Set Configuring Secure Shell (SSH) 13.3.11.2 set ssh Use this command to enable, disable or reinitialize SSH server on the device. set ssh {enable | disable | reinitialize} Syntax Description enable | disable Enables or disables SSH, or reinitializes the SSH server. reinitialize Reinitializes the SSH server. Command Type Switch command. Command Mode Read-Write. Command Defaults None.
PAGE 1228
Security Configuration Command Set Configuring Secure Shell (SSH) 13.3.11.3 set ssh hostkey Use this command to set or reinitialize new SSH authentication keys. set ssh hostkey [reinitialize] Syntax Description reinitialize Reinitializes the server host authentication keys. Command Type Switch command. Command Mode Read-Write. Command Defaults None.
PAGE 1229
Security Configuration Command Set Configuring Secure Shell (SSH) 13.3.11.4 show router ssh Use this command to display the state of SSH service to the router. show router ssh Syntax Description None. Command Type Switch command. Command Mode Read-Only. Command Defaults None.
PAGE 1230
Security Configuration Command Set Configuring Secure Shell (SSH) 13.3.11.5 set router ssh Use this command to enables or disable SSH service to the router. set router ssh {enable | disable} Syntax Description enable | disable Enables or disable SSH service. Command Type Switch command. Command Mode Read-Write. Command Defaults None.
PAGE 1231
Security Configuration Command Set Configuring Secure Shell (SSH) 13.3.11.6 clear router ssh Use this command to reset SSH service to the router to the default state of disabled. clear router ssh Syntax Description None. Command Type Switch command. Command Mode Read-Write. Command Defaults None.
PAGE 1232
Security Configuration Command Set Configuring Access Lists 13.3.12 Configuring Access Lists ROUTER: These commands can be executed when the device is in router mode only. For details on how to enable router configuration modes, refer to Section 2.3.3. Purpose To review and configure security access control lists (ACLs), which permit or deny access to routing interfaces based on protocol and source IP address restrictions.
PAGE 1233
Security Configuration Command Set Configuring Access Lists 13.3.12.1 show access-lists Use this command to display configured IP access lists when operating in router mode. show access-lists [number] Syntax Description access-listnumber (Optional) Displays access list information for a specific access list number. Valid values are between 1 and 199. Command Type Router command. Command Mode Any router mode. Command Defaults If number is not specified, the entire table of access lists will be displayed.
PAGE 1234
Security Configuration Command Set Configuring Access Lists 13.3.12.2 access-list (standard) Use this command to define a standard IP access list by number when operating in router mode. Restrictions defined by an access list are applied by using the ip access-group command (Section 13.3.12.4).
PAGE 1235
Security Configuration Command Set Configuring Access Lists Syntax Description access-listnumber Specifies a standard access list number. Valid values are from 1 to 99. insert | replace entry (Optional) Inserts this new entry before a specified entry in an existing ACL, or replaces a specified entry with this new entry. log 1-5000 | all Enable syslog for ACL entry hits.
PAGE 1236
Security Configuration Command Set Configuring Access Lists Command Mode Global configuration: Matrix>Router1(config)# Command Defaults • If insert, replace or move are not specified, the new entry will be appended to the access list. • If source2 is not specified with move, only one entry will be moved. Examples This example shows how to allow access to only those hosts on the three specified networks. The wildcard bits apply to the host portions of the network addresses.
PAGE 1237
Security Configuration Command Set Configuring Access Lists 13.3.12.3 access-list (extended) * Advanced License Required * Configuring extended access control lists (ACLs) is an advanced routing feature that must be enabled with a license key. If you have purchased an advanced routing license and have enabled routing on the device, you must activate your license as described in Section 12.2.1 in order to enable the extended access list command set.
PAGE 1238
Security Configuration Command Set Configuring Access Lists Syntax Description access-list-number Specifies an extended access list number. Valid values are from 100 to 199. insert | replace entry (Optional) Inserts this new entry before a specified entry in an existing ACL, or replaces a specified entry with this new entry. log 1-5000 | all Enable syslog for ACL entry hits. Enable syslog for sequential numbers of ACL entries or for all ACL entries.
PAGE 1239
Security Configuration Command Set Configuring Access Lists destination Specifies the network or host to which the packet will be sent. Valid options for expressing destination are: • IP address (A.B.C.D) • any - Any destination host • host source - IP address of a single destination host destinationwildcard (Optional) Specifies the bits to ignore in the destination address. icmp-type (Optional) Filters ICMP frames by ICMP message type. The type is a number from 0 to 255.
PAGE 1240
Security Configuration Command Set Configuring Access Lists established (Optional) Applies TCP restrictions to established connections only. log (Optional) Enable the rule being configured for syslog. Command Syntax of the “no” Form The “no” form of this command removes the defined access list or entry: no access-list access-list-number [entry] Command Type Router command.
PAGE 1241
Security Configuration Command Set Configuring Access Lists This example shows how to define access list 101 to deny TCP packets transmitted from any IP source port with the precedence field set to a value of 3 and the tos field set to a value of 4. Matrix>Router1(config)#access-list 101 deny tcp any precedence 3 tos 4 This example shows how to define access list 102 to deny TCP packets transmitted from any IP source port with a the DiffServ value set to 55.
PAGE 1242
Security Configuration Command Set Configuring Access Lists 13.3.12.4 ip access-group Use this command to apply access restrictions to inbound or outbound frames on an interface when operating in router mode. ip access-group access-list-number {in | out} NOTE: ACLs must be applied per routing interface. An entry (rule) can either be applied to inbound or outbound frames. Syntax Description access-list-number Specifies the number of the access list to be applied to the access list.
PAGE 1243
Security Configuration Command Set Configuring Policy-Based Routing 13.3.13 Configuring Policy-Based Routing ROUTER: These commands can be executed when the device is in router mode only. For details on how to enable router configuration modes, refer to Section 2.3.3. About Policy-Based Routing Normally, IP packets are forwarded according to the route that has been selected by traditional routing protocols, such as RIP and OSPF, or by static routes.
PAGE 1244
Security Configuration Command Set Configuring Policy-Based Routing • ip policy pinger (Section 13.3.13.
PAGE 1245
Security Configuration Command Set Configuring Policy-Based Routing 13.3.13.1 show route-map Use this command to display a configured route map list for policy-based routing. show route-map id-number Syntax Description id-number Specifies the ID number for which to display a configured PBR route map list. Valid values for PBR are 100 - 199. Command Type Router command. Command Mode Global configuration: Matrix>Router1(config)# Command Defaults None.
PAGE 1246
Security Configuration Command Set Configuring Policy-Based Routing 13.3.13.2 route-map Use this command to create a route map for policy-based routing and to enable policy-based routing configuration mode. route-map id-number [permit | deny] [sequence-number] NOTE: Use this command to add a route map to an existing route map list by specifying the list’s id-number and a new sequence-number. Syntax Description id-number Specifies a route map list ID number to which this route map will be added.
PAGE 1247
Security Configuration Command Set Configuring Policy-Based Routing Command Defaults • If permit or deny is not specified, this command will enable route map or policy based routing configuration mode. • If sequence-number is not specified, 10 will be applied.
PAGE 1248
Security Configuration Command Set Configuring Policy-Based Routing 13.3.13.3 match ip address Use this command to match a packet source IP address against a PBR access list. Up to 5 access lists can be matched. match ip address access-list-number Syntax Description ip address Matches packet source IP addresses to the specified access list. access-list-number Specifies an access list to match to the packet source IP address. Valid values are 1 - 199.
PAGE 1249
Security Configuration Command Set Configuring Policy-Based Routing 13.3.13.4 set next hop Use this command to set one or more next hop IP address for packets matching an extended access list in a configured route map. Up to five next hops can be specified. set next hop {next-hop1}[next-hop2....next-hop5] Syntax Description next-hop Specifies a next hop IP address(es). Up to five can be configured.
PAGE 1250
Security Configuration Command Set Configuring Policy-Based Routing 13.3.13.5 show ip policy Use this command to display the policy applied to a routing interface. show ip policy Syntax Description None. Command Type Router command. Command Mode Global configuration: Matrix>Router1(config)# Command Defaults None.
PAGE 1251
Security Configuration Command Set Configuring Policy-Based Routing Table 13-8 show ip policy Output Details (Continued) Output What It Displays... Pinger Whether PBR next hop pinging is on or off. Can be turned on and configured using the ip policy pinger command as described in Section 13.3.13.9. Interval PBR next hop ping interval (in seconds). Default of 3 can be reset using the ip policy pinger command as described in Section 13.3.13.9. Retries Number of PBR next hop ping retries.
PAGE 1252
Security Configuration Command Set Configuring Policy-Based Routing 13.3.13.6 ip policy route-map Use this command to assign a route map list to a routing interface. ip policy route-map id-number Syntax Description id-number Specifies a route map ID number. Valid values are 100 199, and must match a value previously set using the route-map command (Section 13.3.13.2). NOTE: Only one route map list is allowed per interface.
PAGE 1253
Security Configuration Command Set Configuring Policy-Based Routing 13.3.13.7 ip policy priority Use this command to prioritize PBR next hop behavior. ip policy priority {[only] [first] [last]} Syntax Description only | first | last Prioritizes use of the PBR configured policy — as opposed to doing a lookup in the FIB (Forward Information Base) route table for a next hop — as follows: • only - uses the PBR next hop, but if it is unavailable, drops the packet.
PAGE 1254
Security Configuration Command Set Configuring Policy-Based Routing 13.3.13.8 ip policy load-policy Use this command to configure PBR next hop behavior. When more than one next hop is configured (using the set next hop command as described in Section 13.3.13.4) the load policy specifies choosing one next hop from among the sequence of next hops in the map matching the current packet. A next hop is considered available by default unless a pinger task is running and has flagged it as unavailable.
PAGE 1255
Security Configuration Command Set Configuring Policy-Based Routing 13.3.13.9 ip policy pinger Use this command to configure behavior for pinging PBR next hops. ip policy pinger {off | on [interval interval] [retries retries} Syntax Description off Turns ping off so all next hops are available by default. on Starts pinging all next-hops in the route map list. interval interval (Optional) When ping is on, specifies the ping interval in seconds. Valid values are 1 - 30. Default is 3.
PAGE 1256
Security Configuration Command Set Configuring Denial of Service (DoS) Prevention 13.3.14 Configuring Denial of Service (DoS) Prevention ROUTER: These commands can be executed when the device is in router mode only. For details on how to enable router configuration modes, refer to Section 2.3.3. Purpose To configure Denial of Service (DoS) prevention, which will protect the router from attacks and notify administrators via Syslog.
PAGE 1257
Security Configuration Command Set Configuring Denial of Service (DoS) Prevention 13.3.14.1 show hostdos Use this command to display Denial of Service security status and counters. show hostdos NOTE: When fragmented ICMP packets protection is enabled, the Ping of Death counter will not be incremented. Ping of Death is a subset of the fragmented ICMP function. Syntax Description None, Command Type Router command. Command Mode Global configuration: Matrix>Router1(config)# Command Defaults None.
PAGE 1258
Security Configuration Command Set Configuring Denial of Service (DoS) Prevention 13.3.14.2 hostdos Use this command to enable or disable Denial of Service security features. hostdos {land | fragmicmp | largeicmp size | checkspoof | portscan} Syntax Description land Enables land attack protection and automatically discards illegal frames. This can be enabled globally, or per-interface. fragmicmp Enables fragmented ICMP and Ping of Death packets protection and automatically discards illegal frames.
PAGE 1259
Security Configuration Command Set Configuring Denial of Service (DoS) Prevention Examples This example shows how to globally enable land attack and large ICMP packets protection for packets larger than 2000 bytes: Matrix>Router1(config)#hostdos land Matrix>Router1(config)#hostdos largeicmp 2000 This example shows how to enable spoofed address checking on the VLAN 1 interface: Matrix>Router1(config)#interface vlan 1 Matrix>Router1(config-if(Vlan 1))#hostdos checkspoof Matrix DFE-Gold Series Configuration
PAGE 1260
Security Configuration Command Set Configuring Denial of Service (DoS) Prevention 13.3.14.3 clear hostdos-counters Use this command to clear Denial of Service security counters. clear hostdos-counters Syntax Description None. Command Type Router command. Command Mode Global configuration: Matrix>Router(config)# Command Defaults None.
PAGE 1261
Security Configuration Command Set Configuring Flow Setup Throttling (FST) 13.3.15 Configuring Flow Setup Throttling (FST) About FST Flow Setup Throttling (FST) is a proactive feature designed to mitigate DoS attacks before the virus can wreak havoc on the network. FST directly combats the effects of DoS attacks by limiting the number of new or established flows that can be programmed on any individual switch port.
PAGE 1262
Security Configuration Command Set Configuring Flow Setup Throttling (FST) • set flowlimit port (Section 13.3.15.8) • clear flowlimit port class (Section 13.3.15.9) • set flowlimit shutdown (Section 13.3.15.10) • set flowlimit notification (Section 13.3.15.11) • clear flowlimit notification interval (Section 13.3.15.12) • clear flowlimit stats (Section 13.3.15.
PAGE 1263
Security Configuration Command Set Configuring Flow Setup Throttling (FST) 13.3.15.1 show flowlimit Use this command to display flow setup throttling information. show flowlimit [port [port-string]] [stats [port-string]] Syntax Description port port-string (Optional) Displays flow limiting port settings for one or all ports. stats port-string (Optional) Displays flow limiting statistics for one or all ports. Command Type Switch command. Command Mode Read-Only.
PAGE 1264
Security Configuration Command Set Configuring Flow Setup Throttling (FST) 13.3.15.2 set flowlimit Use this command to globally enable or disable flow setup throttling. set flowlimit {enable | disable} Syntax Description enable | disable Globally enables or disables FST. Command Type Switch command. Command Mode Read-Write. Command Defaults None. Example This example shows how to enable FST on Fast Ethernet ports 1-5 in module 2: Matrix(rw)->set flowlimit fe.2.
PAGE 1265
Security Configuration Command Set Configuring Flow Setup Throttling (FST) 13.3.15.3 set flowlimit limit Use this command to set a flow limit that will trigger an action for a port user classification. Once configured, this limit can be: • associated with an action using the set flowlimit action command as described in Section 13.3.15.5. • assigned to one or more ports using the set flowlimit class command as described in Section 13.3.15.8.
PAGE 1266
Security Configuration Command Set Configuring Flow Setup Throttling (FST) Example This example shows how to set the flow limit 1 to 12 flows on ports classified as user ports: Matrix(rw)->set flowlimit limit1 12 userport 13-184 Matrix DFE-Gold Series Configuration Guide
PAGE 1267
Security Configuration Command Set Configuring Flow Setup Throttling (FST) 13.3.15.4 clear flowlimit limit Use this command to remove a flow limit configuration. clear flowlimit {limit1 | limit2} [userport | serverport | aggregateduser | interswitchlink | unspecified] Syntax Description limit1 | limit2 Specifies the configuration to be removed as limit 1 or 2.
PAGE 1268
Security Configuration Command Set Configuring Flow Setup Throttling (FST) 13.3.15.5 set flowlimit action Use this command to associate an action with a flow limit. This is the action that will occur once the associated flow limit is reached. set flowlimit {action1 | action2} [notify] [drop] [disable] [userport | serverport | aggregateduser | interswitchlink | unspecified] Syntax Description action1 | action2 Specifies this configuration as action 1 or 2.
PAGE 1269
Security Configuration Command Set Configuring Flow Setup Throttling (FST) Command Defaults • If action is not specified, no action will be applied. • If classification port type is not specified, none will be applied.
PAGE 1270
Security Configuration Command Set Configuring Flow Setup Throttling (FST) 13.3.15.6 clear flowlimit action Use this command to remove a flow limiting action configuration. clear flowlimit {action1 | action2} [notify] [drop] [disable] [userport | serverport | aggregateduser | interswitchlink | unspecified] Syntax Description action1 | action2 Specifies the configuration to be removed as action 1 or 2. notify (Optional) Removes the notify action. drop (Optional) Removes the drop action.
PAGE 1271
Security Configuration Command Set Configuring Flow Setup Throttling (FST) 13.3.15.7 show flowlimit class Use this command to display flow limiting classification configuration(s).
PAGE 1272
Security Configuration Command Set Configuring Flow Setup Throttling (FST) Example This example shows how to show flow limits and associated actions configured for the various port classifications: Matrix(rw)->show flowlimit class Flow setup throttling class configuration: Class Limit ------------------ ---------------------userPort limit1 :800 limit2 :1000 Action --------------------------action1 :notify action2 :disable,notify serverPort limit1 limit2 :5000 :6000 action1 action2 :notify :disable,no
PAGE 1273
Security Configuration Command Set Configuring Flow Setup Throttling (FST) 13.3.15.8 set flowlimit port Use this command to: • enable or disable flow limiting on one or more port(s), • assign a flow limiting user classification to one or more port(s). Once a classification is assigned, these ports will be subject to the flow limit configured (with the set flowlimit limit command as described in Section 13.3.15.3) and the action configured (with the set flowlimit action command as described in Section 13.
PAGE 1274
Security Configuration Command Set Configuring Flow Setup Throttling (FST) Example This example shows how to assign the user port classification type to Fast Ethernet ports 3-5 in module 2: Matrix(rw)->set flowlimit port class userport fe.2.
PAGE 1275
Security Configuration Command Set Configuring Flow Setup Throttling (FST) 13.3.15.9 clear flowlimit port class Use this command to remove flow limiting port classification properties. clear flowlimit port class [port-string] Syntax Description port-string (Optional) Specifies port(s) on which to remove flow limiting classification properties. Command Type Switch command. Command Mode Read-Write. Command Defaults If port-string is not specified, classifications will be removed from all ports.
PAGE 1276
Security Configuration Command Set Configuring Flow Setup Throttling (FST) 13.3.15.10 set flowlimit shutdown Use this command to enable or disable the flow limit shut down function. When enabled, this allows ports configured with a “disable” action to shut down. For information on using the set flowlimit limit command to configure set a disable action on a port, refer to Section 13.3.15.3.
PAGE 1277
Security Configuration Command Set Configuring Flow Setup Throttling (FST) 13.3.15.11 set flowlimit notification Use this command to enable or disable flow limit notification, or to set a notification interval. When enabled, this allows ports configured with a “trap” action to send an SNMP trap message when a specified flow limit is reached. For information on using the set flowlimit limit command to configure a trap action on a port, refer to Section 13.3.15.3.
PAGE 1278
Security Configuration Command Set Configuring Flow Setup Throttling (FST) 13.3.15.12 clear flowlimit notification interval Use this command to reset the SNMP flow limit notification interval to the default value of 120 seconds. clear flowlimit notification interval Syntax Description None. Command Type Switch command. Command Mode Read-Write. Command Defaults None.
PAGE 1279
Security Configuration Command Set Configuring Flow Setup Throttling (FST) 13.3.15.13 clear flowlimit stats Use this command to reset flow limiting statistics back to default values on one or more port(s). clear flowlimit stats [port-string] Syntax Description port-string (Optional) Resets flow limiting statistics on specific port(s). Command Type Switch command. Command Mode Read-Write. Command Defaults If port-string is not specified, statistics will be reset on all ports.
PAGE 1280
Security Configuration Command Set Configuring Flow Setup Throttling (FST) 13-198 Matrix DFE-Gold Series Configuration Guide
PAGE 1281
Index Numerics 802.1D 5-1 802.1Q 6-1 802.1w 5-1 802.
PAGE 1282
Index Convergence End Points (CEP) phone detection 13-93 Copying Configuration or Image Files 2-138 Cost area default 12-51 OSPF 12-37, 12-51 Spanning Tree port 5-108 D Debugging OSPF 12-74 Defaults CLI behavior, described 2-8 factory installed 2-1 DHCP Server 11-109 DHCP/BOOTP Relay 11-32 DoS prevention 13-174 DVMRP 12-76 Dynamic Egress 6-31 F Flow Control 3-63 Flow Setup Throttling (FST) 13-20, 13-179 G Getting Help 1-3 GVRP enabling and disabling 6-40 purpose of 6-33 timer 6-42 ICMP 10-32, 11-44 IGM
PAGE 1283
Index Lockout set system 2-33 Logging 10-2 Login administratively configured 2-12 default 2-11 setting accounts 2-23 via Telnet 2-12 Loopback Interfaces 11-2 LSNAT 11-66 M MAC Addresses age time 10-114 displaying 10-112 setting in routing mode 11-26 MAC Authentication 13-70 MAC Locking 13-110 Management VLAN 6-32 MD5 Authentication 12-45 Mirroring Ports 3-88 MTU Discovery Protocol 2-164 Multicast Filtering 9-1, 9-2 Multiple Authentication 13-125 Multiple Spanning Tree Protocol (MSTP) 5-1 N Name setting f
PAGE 1284
Index classifying to a VLAN or Class of Service 7-13, 7-21 profiles 7-2, 7-33 Port Mirroring 3-88 Port Priority configuring 8-2 Port String syntax used in the CLI 3-2 Port Trunking 3-92 Port(s) assignment scheme 3-2 auto-negotiation and advertised ability 3-51 broadcast suppression 3-83 counters, reviewing statistics 3-28 duplex mode, setting 3-42 enabling and disabling 3-34 flow control 3-63 MAC lock 13-115 mirroring 3-88 priority, configuring 8-2 speed, setting 3-42 status, reviewing 3-24 Priority OSPF 1
PAGE 1285
Index target addresses 4-46 target parameters 4-39 trap configuration example 4-64 users, groups and communities 4-13 SNTP 10-121 Spanning Tree bridge parameters 5-3 features 5-2 port parameters 5-87 Rapid Spanning Tree Protocol (RSTP) 5-1 Split Horizon 12-25 Stub Areas 12-50 Syslog 10-2 System Information displaying basic 2-49 setting basic 2-41 T Technical Support 1-3 Telnet disconnecting 10-36 enabling in switch mode 2-123 Terminal Settings 2-78 TFTP downloading firmware upgrades via 2-115 Timeout ARP
PAGE 1286
Index Index-6 Matrix DFE-Gold Series Configuration Guide