SecureStack B2 Stackable Switches Configuration Guide Firmware Version 1.01.
Notice Enterasys Networks reserves the right to make changes in specifications and other information contained in this document and its web site without prior notice. The reader should in all cases consult Enterasys Networks to determine whether any such changes have been made. The hardware, firmware, or software described in this document is subject to change without notice.
Notice Enterasys Networks, Inc. Firmware License Agreement BEFORE OPENING OR UTILIZING THE ENCLOSED PRODUCT, CAREFULLY READ THIS LICENSE AGREEMENT. This document is an agreement (“Agreement”) between the end user (“You”) and Enterasys Networks, Inc.
Notice 3. APPLICABLE LAW. This Agreement shall be interpreted and governed under the laws and in the state and federal courts of the Commonwealth of Massachusetts without regard to its conflicts of laws provisions. You accept the personal jurisdiction and venue of the Commonwealth of Massachusetts courts.
Notice 8. AUDIT RIGHTS. You hereby acknowledge that the intellectual property rights associated with the Program are of critical value to Enterasys and, accordingly, You hereby agree to maintain complete books, records and accounts showing (i) license fees due and paid, and (ii) the use, copying and deployment of the Program.
Contents Figures ......................................................................................................................................... xvii Tables............................................................................................................................................xix ABOUT THIS GUIDE Using This Guide...........................................................................................................xxi Structure of This Guide .................................
Contents 2.1.11 2.1.12 vi 2.1.10.4 show switch stack-ports ............................................. 2-20 2.1.10.5 set switch ................................................................... 2-21 2.1.10.6 set switch copy-sw ..................................................... 2-22 2.1.10.7 set switch description ................................................. 2-23 2.1.10.8 set switch movemanagement..................................... 2-24 2.1.10.9 set switch member ...........................
Contents 2.1.13 2.1.14 2.1.15 2.1.16 2.1.17 2.1.18 2.1.19 2.1.12.21 set logout ................................................................... 2-64 2.1.12.22 show console ............................................................. 2-65 2.1.12.23 set console baud ........................................................ 2-66 Configuring Power over Ethernet (PoE) ....................................... 2-67 2.1.13.1 show inlinepower........................................................ 2-68 2.1.
Contents 3 PORT CONFIGURATION 3.1 3.2 3.3 3.4 3.5 viii Port Configuration Summary........................................................................... 3-1 3.1.1 Port String Syntax Used in the CLI ................................................. 3-2 Process Overview: Port Configuration ............................................................ 3-3 Port Configuration Command Set ................................................................... 3-4 3.3.1 Reviewing Port Status..................
Contents 3.5.5 4 3.5.4.3 set lacp asyspri .......................................................... 3-41 3.5.4.4 set lacp aadminkey .................................................... 3-42 3.5.4.5 clear lacp.................................................................... 3-43 3.5.4.6 set lacp static ............................................................. 3-44 3.5.4.7 clear lacp static .......................................................... 3-45 3.5.4.8 show port lacp ......................
Contents 4.3.5 4.3.6 4.3.7 4.3.8 5 SPANNING TREE CONFIGURATION 5.1 5.2 x Configuring SNMP Target Parameters ......................................... 4-39 4.3.5.1 show snmp targetparams........................................... 4-40 4.3.5.2 set snmp targetparams .............................................. 4-43 4.3.5.3 clear snmp targetparams ........................................... 4-45 Configuring SNMP Target Addresses........................................... 4-46 4.3.6.
Contents 5.2.2 6 5.2.1.17 clear spantree priority................................................. 5-23 5.2.1.18 set spantree hello....................................................... 5-24 5.2.1.19 clear spantree hello.................................................... 5-25 5.2.1.20 set spantree maxage.................................................. 5-26 5.2.1.21 clear spantree maxage............................................... 5-27 5.2.1.22 set spantree fwddelay ................................
Contents 6.3.4 6.3.5 6.3.6 6.3.7 7 DIFFERENTIATED SERVICES CONFIGURATION 7.1 7.2 7.3 xii Configuring the VLAN Egress List ................................................ 6-20 6.3.4.1 show port egress........................................................ 6-22 6.3.4.2 set vlan forbidden....................................................... 6-23 6.3.4.3 set vlan egress ........................................................... 6-24 6.3.4.4 clear vlan egress .........................................
Contents 8 PORT PRIORITY AND RATE LIMITING CONFIGURATION 8.1 8.2 8.3 9 IGMP CONFIGURATION 9.1 9.2 9.3 9.4 10 Port Priority Configuration Summary............................................................... 8-1 Process Overview: Port Priority and Rate Limiting Configuration ................... 8-1 Port Priority and Rate Limiting Configuration Command Set .......................... 8-2 8.3.1 Configuring Port Priority.................................................................. 8-2 8.3.1.
Contents 10.2.2 10.2.3 10.2.4 10.2.5 xiv 10.2.1.4 show logging default .................................................. 10-7 10.2.1.5 set logging default ...................................................... 10-8 10.2.1.6 clear logging default ................................................... 10-9 10.2.1.7 show logging local.................................................... 10-10 10.2.1.8 set logging local ....................................................... 10-11 10.2.1.
Contents 11 SECURITY CONFIGURATION 11.1 11.2 11.3 Overview of Security Methods ...................................................................... 11-1 Process Overview: Security Configuration.................................................... 11-2 Security Configuration Command Set........................................................... 11-3 11.3.1 Configuring RADIUS ..................................................................... 11-3 11.3.1.1 show radius ...................................
Contents xvi SecureStack B2 Configuration Guide
Figures Figure 2-1 2-2 2-3 2-4 2-5 2-6 6-1 Page Sample CLI Default Description ...................................................................................... 2-5 SecureStack B2 Startup Screen...................................................................................... 2-9 Performing a Keyword Lookup ........................................................................................ 2-9 Performing a Partial Keyword Lookup.................................................................
Figures xviii SecureStack B2 Configuration Guide
Tables Table 2-1 2-2 2-3 2-4 2-5 2-6 2-7 3-1 3-2 3-3 3-4 4-1 4-2 4-3 4-4 4-5 4-6 4-7 4-8 4-9 4-10 4-11 5-1 6-1 6-2 6-3 6-4 7-1 8-1 10-1 10-2 10-3 11-1 11-2 11-3 11-4 11-5 Page Default Device Settings ............................................................................................... 2-1 Basic Line Editing Commands.................................................................................... 2-11 show system login Output Details .............................................................
Tables xx SecureStack B2 Configuration Guide
About This Guide Welcome to the Enterasys Networks SecureStack B2 Configuration Guide. This manual explains how to access the device’s Command Line Interface (CLI) and how to use it to configure SecureStack B2 switch devices. Important Notice Depending on the firmware version used in your device, some features described in this document may not be supported. Refer to the Release Notes shipped with your device to determine which features are supported.
Structure of This Guide STRUCTURE OF THIS GUIDE The guide is organized as follows: Chapter 1, Introduction, provides an overview of the tasks that can be accomplished using the CLI interface, an overview of local management requirements, and information about obtaining technical support.
Related Documents RELATED DOCUMENTS The following Enterasys Networks documents may help you to set up, control, and manage the SecureStack B2 device: • Ethernet Technology Guide • Cabling Guide • SecureStack B2 Installation Guide(s) • SecureStack B2 Redundant Power System Installation Guide Documents listed above, can be obtained from the World Wide Web in Adobe Acrobat Portable Document Format (PDF) at the following web site: http://www.enterasys.
Related Documents Caution: Contains information essential to avoid damage to the equipment. Precaución: Contiene información esencial para prevenir dañar el equipo. Achtung: Verweißt auf wichtige Informationen zum Schutz gegen Beschädigungen.
1 Introduction This chapter provides an overview of the SecureStack B2’s unique features and functionality, an overview of the tasks that may be accomplished using the CLI interface, an overview of ways to manage the device, and information on how to contact Enterasys Networks for technical support. Important Notice Depending on the firmware version you are using, some features described in this document may not be supported.
Device Management Methods • Configure ports to prioritize and assign a VLAN or Class of Service to incoming frames based on Layer 2, Layer 3, and Layer 4 information. • Configure the device to operate as a Generic Attribute Registration Protocol (GARP) device to dynamically create VLANs across a switched network. • Redirect frames according to a port or VLAN and transmit them on a preselected destination port. • Configure Spanning Trees. • Clear NVRAM. • Configure security methods, including 802.
Getting Help 1.3 GETTING HELP For additional support related to this device or document, contact Enterasys Networks using one of the following methods: World Wide Web Phone http://www.enterasys.com/ 1-800-872-8440 (toll-free in U.S. and Canada) Internet mail For the Enterasys Networks Support toll-free number in your country: http://www.enterasys.com/support/gtac-all.html support@enterasys.com To expedite your message, type [switching] in the subject line.
Getting Help 1-4 SecureStack B2 Configuration Guide
2 Startup and General Configuration This chapter describes factory default settings and the Startup and General Configuration set of commands. 2.1 STARTUP AND GENERAL CONFIGURATION SUMMARY At startup, the SecureStack B2 device is configured with many defaults and standard features. The following sections provide information on how to review and change factory defaults, and how to customize basic system settings to adapt to your work environment. 2.1.
Startup and General Configuration Summary Factory Default Settings Table 2-1 Default Device Settings (Continued) Device Feature Default Setting EAPOL authentication mode When enabled, set to auto for all ports. GARP timer Join timer set to 20 centiseconds; leave timer set to 60 centiseconds; leaveall timer set to 1000 centiseconds. GVRP Globally enabled. IGMP Disabled. When enabled, query interval is set to 260 seconds and response time is set to 10 seconds.
Startup and General Configuration Summary Factory Default Settings Table 2-1 Default Device Settings (Continued) Device Feature Default Setting Password aging Disabled. Password history No passwords are checked for duplication. Port auto-negotiation Enabled on all ports. Port advertised ability Maximum ability advertised on all ports.
Startup and General Configuration Summary Factory Default Settings Table 2-1 Default Device Settings (Continued) Device Feature Default Setting Spanning Tree edge port delay Enabled. Spanning Tree forward delay Set to 15 seconds. Spanning Tree hello interval Set to 2 seconds. Spanning Tree ID (SID) Set to 0. Spanning Tree maximum aging time Set to 20 seconds. Spanning Tree port priority All ports with bridge priority are set to 128 (medium priority).
Startup and General Configuration Summary CLI “Command Defaults” Descriptions 2.1.2 CLI “Command Defaults” Descriptions Each command description in this guide includes a section entitled “Command Defaults” which contains different information than the factory default settings on the device as described in Table 2-1. The command defaults section defines CLI behavior if the user enters a command without typing optional parameters (indicated by square brackets [ ]).
Startup and General Configuration Summary Using WebView 2.1.4 Using WebView By default WebView (Enterasys Networks’ embedded web server for device configuration and management tasks) is enabled on TCP port number 80 of the SecureStack B2 device. You can verify WebView status, and enable or disable WebView, as described in the following section. Displaying WebView status: To display WebView status, enter show webview at the CLI command prompt.
Startup and General Configuration Summary Starting and Navigating the Command Line Interface 2.1.6 2.1.6.1 Starting and Navigating the Command Line Interface Using a Console Port Connection NOTE: By default, the SecureStack B2 device is configured with three user login accounts: ro for Read-Only access; rw for Read-Write access; and admin for super-user access to all modifiable parameters. The default password is set to a blank string.
Startup and General Configuration Summary Starting and Navigating the Command Line Interface 2.1.6.3 Logging in with an Administratively Configured User Account If the device’s default user account settings have been changed, proceed as follows: 1. At the login prompt, enter your administratively-assigned user name and press ENTER. 2. At the Password prompt, enter your password and press ENTER. The notice of authorization and prompt displays as shown in Figure 2-2.
Startup and General Configuration Summary Getting Help with CLI Syntax Figure 2-2 SecureStack B2 Startup Screen login: admin Password: M A T R I X B2 Command Line Interface Enterasys Networks, Inc. 50 Minuteman Rd. Andover, MA 01810-1008 U.S.A. Phone: +1 978 684 1000 E-mail: support@enterasys.com WWW: http://www.enterasys.com (c) Copyright Enterasys Networks, Inc. 2005 Serial Number: 1234567 Firmware Revision: 01.00.25 B2(su)-> 2.1.
Startup and General Configuration Summary Getting Help with CLI Syntax Entering a question mark (?) without a space after a partial keyword will display a list of commands that begin with the partial keyword. Figure 2-4 shows how to use this function for all commands beginning with co: Figure 2-4 Performing a Partial Keyword Lookup B2(rw->co? configure B2(rw)->co copy NOTE: At the end of the lookup display, the system will repeat the command you entered without the ?. 2.1.7.
Startup and General Configuration Summary Abbreviating and Completing Commands 2.1.8 Abbreviating and Completing Commands The SecureStack B2 device allows you to abbreviate CLI commands and keywords down to the number of characters that will allow for a unique abbreviation. Figure 2-6 shows how to abbreviate the show netstat command to sh net.
Startup and General Configuration Summary Basic Line Editing Commands Table 2-2 Basic Line Editing Commands (Continued) Key Sequence Command Ctrl+N Scroll to next command in command history (use the CLI history command to display the history). Ctrl+P Scroll to previous command in command history. Ctr1+Q Resume the CLI process. Ctr1+S Pause the CLI process (for scrolling). Ctrl+T Transpose characters. Ctrl+U or Ctrl+X Delete all characters before cursor.
Startup and General Configuration Summary General Configuration Command Set 2.1.10 GENERAL CONFIGURATION COMMAND SET 2.1.10.1 Configuring Switches in a Stack About SecureStack B2 Switch Operation in a Stack The SecureStack B2 products are stackable switches that can be adapted and scaled to help meet your network needs. These switches provide a management platform and uplink to a network backbone for a stacked group of up to eight SecureStack B2 switches.
Startup and General Configuration Summary General Configuration Command Set 3. The management election process uses the following precedence to assign a management device: a. Previously assigned / elected management unit b. Management assigned priority (values 1-15) c. Hardware preference level d. Highest MAC Address Use the following recommended procedures when installing a new stackable system or adding a new unit to an existing stack.
Startup and General Configuration Summary General Configuration Command Set Installing a Previously-Configured System of Up to Eight Units If member units in a stack have been previous members of a different stack, you may need to configure the renumbering of the stack as follows: 1. Stack the units in the method desired, and connect the stack cables. 2. Power up only the unit you wish to be manager. 3.
Startup and General Configuration Summary General Configuration Command Set Considerations About Using Clear Config in a Stack When using the clear config command (as described in Section 2.1.19.2) to clear configuration parameters in a stack, it is important to remember the following: • Use clear config to clear config parameters without clearing stack unit IDs. This command WILL NOT clear stack parameters and avoids the process of re-numbering the stack.
Startup and General Configuration Summary General Configuration Command Set 2.1.10.2 show switch Use this command to display information about one or more units in the stack. show switch [status] [unit] Syntax Description status (Optional) Displays power and administrative status information for one or more units in the stack. unit (Optional) Specifies the unit(s) for which information will display.
Startup and General Configuration Summary General Configuration Command Set This example shows how to display information for switch unit 1 in the stack: B2(rw)->show switch 1 Switch............................ Management Status................. Hardware Management Preference.... Admin Management Preference....... Switch Type....................... Preconfigured Model Identifier.... Plugged-in Model Identifier....... Switch Status..................... Switch Description................
Startup and General Configuration Summary General Configuration Command Set 2.1.10.3 show switch switchtype Use this command to display information about supported switch types in the stack. show switch switchtype Syntax Description None. Command Defaults None. Command Mode Read-Only.
Startup and General Configuration Summary General Configuration Command Set 2.1.10.4 show switch stack-ports Use this command to display various data flow and error counters on stack ports. show switch stack-ports Syntax Description None. Command Defaults None. Command Mode Read-Only.
Startup and General Configuration Summary General Configuration Command Set 2.1.10.5 set switch Use this command to assign a switch ID, to set a switch’s priority for becoming the management switch if the previous management switch fails, or to change the switch unit ID for a switch in the stack. set switch {unit [priority value | renumber newunit]} Syntax Description unit Specifies a unit number for the switch. priority value Specifies a priority value for the unit.
Startup and General Configuration Summary General Configuration Command Set 2.1.10.6 set switch copy-sw Use this command to replicate the code image file from the management switch to other switch(es) in the stack. set switch copy-sw [destination-system unit] Syntax Description destination-system unit (Optional) Specifies the unit number of unit on which to copy the management image file.
Startup and General Configuration Summary General Configuration Command Set 2.1.10.7 set switch description Use this command to assign a name to a switch in the stack. set switch description unit description Syntax Description unit Specifies a unit number for the switch. description Specifies a text description for the unit. Command Defaults None. Command Mode Read-Write.
Startup and General Configuration Summary General Configuration Command Set 2.1.10.8 set switch movemanagement Use this command to move management switch functionality from one switch to another. set switch movemanagement fromunit tounit Syntax Description fromunit Specifies the unit number of the current management switch. tounit Specifies the unit number of the newly-designated management switch. Command Defaults None. Command Mode Read-Write.
Startup and General Configuration Summary General Configuration Command Set 2.1.10.9 set switch member Use this command to specify a unit as a non-existent member of a future stack. set switch member unit switch-id Syntax Description unit Specifies a unit number for the switch. switch-id Specifies a switch ID number for the switch. Command Defaults None. Command Mode Read-Write.
Startup and General Configuration Summary General Configuration Command Set 2.1.10.10 clear switch member Use this command to remove a member entry from the stack. clear switch member unit Syntax Description unit Specifies the unit number of the switch. Command Defaults None. Command Mode Read-Write.
Startup and General Configuration Summary General Configuration Command Set 2.1.10.11 show snmp persistmode Use this command to display the configuration persistence mode setting. By default, the mode is set to “auto save,” which automatically saves configuration changes at the time they are applied. show snmp persistmode Syntax Description None. Command Defaults None. Command Mode Read-Only. Example This example shows how to display the configuration persistence mode setting.
Startup and General Configuration Summary General Configuration Command Set 2.1.10.12 set snmp persistmode Use this command to set the configuration persistence mode, which determines whether user-defined configuration changes are saved automatically, or require issuing the save config command. set snmp persistmode {auto | manual} Syntax Description auto Sets the configuration persistence mode to automatic. manual Sets the configuration persistence mode to manual.
Startup and General Configuration Summary General Configuration Command Set 2.1.10.13 save config Use this command to save the running configuration on all switch members in a stack. save config Syntax Description None. Command Defaults None. Command Mode Read-Write.
Startup and General Configuration Summary Setting User Accounts and Passwords 2.1.11 Setting User Accounts and Passwords Purpose To change the device’s default user login and password settings, and to add new user accounts and passwords. Commands The commands used to configure user accounts and passwords are listed below and described in the associated section as shown. • show system login (Section 2.1.11.1) • set system login (Section 2.1.11.2) • clear system login (Section 2.1.11.
Startup and General Configuration Summary Setting User Accounts and Passwords 2.1.11.1 show system login Use this command to display user login account information. show system login Syntax Description None. Command Defaults None. Command Mode Super User. Example This example shows how to display login account information.
Startup and General Configuration Summary Setting User Accounts and Passwords Table 2-3 2-32 show system login Output Details (Continued) Output What It Displays... Access Access assigned to this user account: super-user, read-write or read-only. State Whether this user account is enabled or disabled.
Startup and General Configuration Summary Setting User Accounts and Passwords 2.1.11.2 set system login Use this command to create a new user login account, or to disable or enable an existing account. The SecureStack B2 device supports up to 16 user accounts, including the admin account, which cannot be disabled or deleted. set system login username {super-user | read-write | read-only} {enable | disable} Syntax Description username Specifies a login name for a new or existing user.
Startup and General Configuration Summary Setting User Accounts and Passwords 2.1.11.3 clear system login Use this command to remove a local login user account. clear system login username Syntax Description username Specifies the login name of the account to be cleared. NOTE: The default admin (su) account cannot be deleted. Command Defaults None. Command Mode Super User.
Startup and General Configuration Summary Setting User Accounts and Passwords 2.1.11.4 set password Use this command to change system default passwords or to set a new login password on the CLI. set password [username] Syntax Description username (Only available to users with super-user access.) Specifies a system default or a user-configured login account name. By default, the SecureStack B2 device provides the following account names: • ro for Read-Only access, • rw for Read-Write access.
Startup and General Configuration Summary Setting User Accounts and Passwords 2.1.11.5 set system password length Use this command to set the minimum user login password length. set system password length characters Syntax Description characters Specifies the minimum number of characters for a user account password. Valid values are 0 to 40. Command Defaults None. Command Mode Super User.
Startup and General Configuration Summary Setting User Accounts and Passwords 2.1.11.6 set system password aging Use this command to set the number of days user passwords will remain valid before aging out, or to disable user account password aging. set system password aging {days | disable} Syntax Description days Specifies the number of days user passwords will remain valid before aging out. Valid values are 1 to 365. disable Disables password aging. Command Defaults None. Command Mode Super User.
Startup and General Configuration Summary Setting User Accounts and Passwords 2.1.11.7 set system password history Use this command to set the number of previously used user login passwords that will be checked for password duplication. This prevents duplicate passwords from being entered into the system with the set password command. set system password history size Syntax Description size Specifies the number of passwords checked for duplication. Valid values are 0 to 10. Command Defaults None.
Startup and General Configuration Summary Setting User Accounts and Passwords 2.1.11.8 show system lockout Use this command to display settings for locking out users after failed attempts to log in to the system. show system lockout Syntax Description None. Command Defaults None. Command Mode Super User. Example This example shows how to display user lockout settings. In this case, device defaults have not been changed: B2(su)->show system lockout Lockout attempts: 3 Lockout time: 15 minutes.
Startup and General Configuration Summary Setting User Accounts and Passwords 2.1.11.9 set system lockout Use this command to set the number of failed login attempts before locking out (disabling) a read-write or read-only user account, and the number of minutes to lockout the default admin super user account after maximum login attempts. Once a user account is locked out, it can only be re-enabled by a super user with the set system login command (Section 2.1.11.2).
Startup and General Configuration Summary Setting Basic Device Properties 2.1.12 Setting Basic Device Properties Purpose To display and set the system IP address and other basic system (device) properties, including time, contact name and version information. Commands The commands used to set basic system information are listed below and described in the associated section as shown. • show ip address (Section 2.1.12.1) • show ip protocol (Section 2.1.12.2) • set ip address (Section 2.1.12.
Startup and General Configuration Summary Setting Basic Device Properties • set logout (Section 2.1.12.21) • show console (Section 2.1.12.22) • set console baud (Section 2.1.12.
Startup and General Configuration Summary Setting Basic Device Properties 2.1.12.1 show ip address Use this command to display the system IP address and subnet mask. show ip address Syntax Description None. Command Defaults None. Command Mode Read-Only. Example This example shows how to display the system IP address and subnet mask: B2(rw)->show ip address Name Address ------------------------------host 10.42.13.20 Mask ---------------255.255.0.
Startup and General Configuration Summary Setting Basic Device Properties 2.1.12.2 show ip protocol Use this command to display the method used to acquire a network IP address for device management. show ip protocol Syntax Description None. Command Defaults None. Command Mode Read-Only.
Startup and General Configuration Summary Setting Basic Device Properties 2.1.12.3 set ip address Use this command to set the system IP address, subnet mask and default gateway. set ip address ip-address [mask ip-mask] [gateway ip-gateway] Syntax Description ip-address Sets the IP address for the system. For SecureStack B2 stackable systems, this is the IP address of the management switch as described in Section 2.1.10.1. mask ip-mask (Optional) Sets the system’s subnet mask.
Startup and General Configuration Summary Setting Basic Device Properties 2.1.12.4 show system Use this command to display system information, including contact information, power and fan tray status and uptime. show system Syntax Description None. Command Defaults None. Command Mode Read-Only.
Startup and General Configuration Summary Setting Basic Device Properties Table 2-5 show system Output Details Output What It Displays... System contact Contact person for the system. Default of a blank string can be changed with the set system contact command (Section 2.1.12.18). System location Where the system is located. Default of a blank string can be changed with the set system location command (Section 2.1.12.17). System name Name identifying the system.
Startup and General Configuration Summary Setting Basic Device Properties 2.1.12.5 show system hardware Use this command to display the system’s hardware configuration. show system hardware Syntax Description None. Command Defaults None. Command Mode Read-Only.
Startup and General Configuration Summary Setting Basic Device Properties 2.1.12.6 set system enhancedbuffermode Use this command to enable or disable enhanced buffer mode, which optimizes buffer distribution for non-stacking single CoS queue operation. set system enhancedbuffermode {enable | disable} Syntax Description enable | disable Enables or disables enhanced buffer mode. Command Defaults None. Command Mode Read-Write.
Startup and General Configuration Summary Setting Basic Device Properties 2.1.12.7 show time Use this command to display the current time of day in the system clock. show time Syntax Description None. Command Defaults None. Command Mode Read-Only. Example This example shows how to display the current time.
Startup and General Configuration Summary Setting Basic Device Properties 2.1.12.8 set time Use this command to change the time of day on the system clock. set time [mm/dd/yyyy] [hh:mm:ss] Syntax Description [mm/dd/yyyy] [hh:mm:ss] Sets the time in: • month, day, year and/or • 24-hour format At least one set of time parameters must be entered. Command Defaults None. Command Mode Read-Write. Example This example shows how to set the system clock to 7:50 a.
Startup and General Configuration Summary Setting Basic Device Properties 2.1.12.9 show summertime Use this command to display daylight savings time settings. show summertime Syntax Description None. Command Defaults None. Command Mode Read-Only.
Startup and General Configuration Summary Setting Basic Device Properties 2.1.12.10 set summertime Use this command to enable or disable the daylight savings time function. set summertime {enable | disable} [zone] Syntax Description enable | disable Enables or disables the daylight savings time function. zone (Optional) Applies a name to the daylight savings time settings. Command Defaults If a zone name is not specified, none will be applied. Command Mode Read-Only.
Startup and General Configuration Summary Setting Basic Device Properties 2.1.12.11 set summertime date Use this command to configure specific dates to start and stop daylight savings time. These settings will be non-recurring and will have to be reset annually set summertime date start_month start_date start_year start_hr_min end_month end_date end_year end_hr_min [offset_minutes] Syntax Description start_month Specifies the month of the year to start daylight savings time.
Startup and General Configuration Summary Setting Basic Device Properties 2.1.12.12 set summertime recurring Use this command to configure recurring daylight savings time settings. These settings will start and stop daylight savings time at the specified day of the month and hour each year and will not have to be reset annually.
Startup and General Configuration Summary Setting Basic Device Properties 2.1.12.13 clear summertime Use this command to clear the daylight savings time configuration. clear summertime Syntax Description None. Command Defaults None. Command Mode Read-Write.
Startup and General Configuration Summary Setting Basic Device Properties 2.1.12.14 set prompt Use this command to modify the command prompt. set prompt “prompt_string” Syntax Description prompt_string Specifies a text string for the command prompt. NOTE: A prompt string containing a space in the text must be enclosed in quotes as shown in the example below. Command Defaults None. Command Mode Read-Write.
Startup and General Configuration Summary Setting Basic Device Properties 2.1.12.15 show version Use this command to display hardware and firmware information. Refer to Section 2.1.14 for instructions on how to download a firmware image. show version Syntax Description None. Command Defaults None. Command Mode Read-Only. Example This example shows how to display version information: B2(rw)->show version Copyright (c) 2005 by Enterasys Networks, Inc.
Startup and General Configuration Summary Setting Basic Device Properties 2.1.12.16 set system name Use this command to configure a name for the system. set system name [string] Syntax Description string (Optional) Specifies a text string that identifies the system. NOTE: A name string containing a space in the text must be enclosed in quotes as shown in the example below. Command Defaults If string is not specified, the system name will be cleared. Command Mode Read-Write.
Startup and General Configuration Summary Setting Basic Device Properties 2.1.12.17 set system location Use this command to identify the location of the system. set system location [string] Syntax Description string (Optional) Specifies a text string that indicates where the system is located. NOTE: A location string containing a space in the text must be enclosed in quotes as shown in the example below. Command Defaults If string is not specified, the location name will be cleared.
Startup and General Configuration Summary Setting Basic Device Properties 2.1.12.18 set system contact Use this command to identify a contact person for the system. set system contact [string] Syntax Description string (Optional) Specifies a text string that contains the name of the person to contact for system administration. NOTE: A contact string containing a space in the text must be enclosed in quotes as shown in the example below.
Startup and General Configuration Summary Setting Basic Device Properties 2.1.12.19 set length Use this command to set the number of lines the CLI will display. set length screenlength Syntax Description screenlength Sets the number of lines in the CLI display. Valid values are 0, which disables the scrolling screen feature described in Section 2.1.7.2, and from 5 to 512. Command Defaults None. Command Mode Read-Write.
Startup and General Configuration Summary Setting Basic Device Properties 2.1.12.20 show logout Use this command to display the time (in seconds) an idle console or Telnet CLI session will remain connected before timing out. show logout Syntax Description None. Command Defaults None. Command Mode Read-Only. Example This example shows how to display the CLI logout setting: B2(rw)->show logout Logout currently set to: 10 minutes.
Startup and General Configuration Summary Setting Basic Device Properties 2.1.12.21 set logout Use this command to set the time (in minutes) an idle console or Telnet CLI session will remain connected before timing out. set logout timeout Syntax Description timeout Sets the number of minutes the system will remain idle before timing out. Command Defaults None. Command Mode Read-Write.
Startup and General Configuration Summary Setting Basic Device Properties 2.1.12.22 show console Use this command to display console settings. show console [baud] [bits] [flowcontrol] [parity] [stopbits] Syntax Description baud (Optional) Displays the input/output baud rate. bits (Optional) Displays the number of bits per character. flowcontrol (Optional) Displays the type of flow control. parity (Optional) Displays the type of parity. stopbits (Optional) Displays the number of stop bits.
Startup and General Configuration Summary Setting Basic Device Properties 2.1.12.23 set console baud Use this command to set the console port baud rate. set console baud rate Syntax Description rate Sets the console baud rate. Valid values are: 300, 600, 1200, 2400, 4800, 5760, 9600, 14400, 19200, 38400, and 115200. Command Defaults None. Command Mode Read-Write.
Startup and General Configuration Summary Configuring Power over Ethernet (PoE) 2.1.13 Configuring Power over Ethernet (PoE) Important Notice This section applies only to PoE-equipped SecureStack devices. Consult the Installation Guide shipped with your product to determine if it is PoE-equipped.
Startup and General Configuration Summary Configuring Power over Ethernet (PoE) 2.1.13.1 show inlinepower Use this command to display device‘ PoE properties. show inlinepower Syntax Description None. Command Defaults None. Command Mode Read-Only. Example This example shows how to display device PoE properties.
Startup and General Configuration Summary Configuring Power over Ethernet (PoE) 2.1.13.2 set inlinepower threshold Use this command to set the PoE usage threshold on a specified unit. set inlinepower threshold usage-threshold module-number Syntax Description usage-threshold Specifies a PoE threshold as a percentage of total system power usage. Valid values are 1 - 99. unit-number Specifies the unit on which to set the PoE threshold. Command Defaults None. Command Mode Read-Write.
Startup and General Configuration Summary Configuring Power over Ethernet (PoE) 2.1.13.3 set inlinepower trap Use this command to enable or disable the sending of an SNMP trap message for a unit whenever the status of its ports changes, or whenever the module’s PoE usage threshold is crossed. The unit’s PoE usage threshold must be set using the set inlinepower threshold command as described in Section 2.1.13.2.
Startup and General Configuration Summary Configuring Power over Ethernet (PoE) 2.1.13.4 show port inlinepower Use this command to display all ports supporting PoE. show port inlinepower [port-string] Syntax Description port-string (Optional) Displays information for specific PoE port(s). Command Defaults If not specified, information for all PoE ports will be displayed. Command Mode Read-Only. Example This example shows how to display PoE information for Fast Ethernet ports 1 through 6 on unit 1.
Startup and General Configuration Summary Configuring Power over Ethernet (PoE) 2.1.13.5 set port inlinepower Use this command to configure PoE parameters on one or more ports. set port inlinepower port-string {[admin {off | auto}] [priority {critical | high | low}] [type type]} Syntax Description port-string Specifies the port(s) on which to configure PoE. admin off | auto Sets the PoE administrative state to off (disabled) or auto (on).
Startup and General Configuration Summary Downloading a New Firmware Image 2.1.14 Downloading a New Firmware Image You can upgrade the operational firmware in the SecureStack B2 device without physically opening the device or being in the same location. There are two ways to download firmware to the device: • Via TFTP download. This procedure uses a TFTP server connected to the network and downloads the firmware using the TFTP protocol.
Startup and General Configuration Summary Downloading a New Firmware Image 2.1.14.2 Downloading via the Serial Port To download device firmware via the serial (console) port, proceed as follows: 1. With the console port connected, power up the device. The following message displays: Enterasys B2-Series Boot Code... SDRAM Circuit Test of 256MB 100% Version 1.0.13 6/14/2004 Computing MD5 Checksum of operational code... Select an option. If no selection in 10 seconds then operational code will start.
Startup and General Configuration Summary Downloading a New Firmware Image 3. Type 2. The following baud rate selection screen displays: 1 2 3 4 5 6 7 8 0 - 1200 2400 4800 9600 19200 38400 57600 115200 no change 4. Type 8 to set the device baud rate to 115200. The following message displays: Setting baud rate to 115200, you must change your terminal baud rate. 5. Set the terminal baud rate to 115200 and press ENTER. 6. From the boot menu options screen, type 4 to load new operational code using XMODEM.
Startup and General Configuration Summary Downloading a New Firmware Image The following Enterasys Header is in the image: MD5 Checksum....................fe967970996c4c8c43a10cd1cd7be99a Boot File Identifier............0x0517 Header Version..................0x0100 Image Type......................0x82 Image Offset....................0x004d Image length....................0x006053b3 Ident Strings Length............0x0028 Ident Strings...................
Startup and General Configuration Summary Downloading a New Firmware Image 2.1.14.3 show boot system Use this command to display the firmware image the switch loads at startup. show boot system Syntax Description None. Command Defaults None. Command Mode Read-Only.
Startup and General Configuration Summary Downloading a New Firmware Image 2.1.14.4 set boot system Use this command to set the firmware image the switch loads at startup. set boot system filename Syntax Description filename Specifies the name of the firmware image file. Command Defaults None. Command Mode Read-Write.
Startup and General Configuration Summary Starting and Configuring Telnet 2.1.15 Starting and Configuring Telnet Purpose To enable or disable Telnet. Commands The commands used to enable, start and configure Telnet are listed below and described in the associated section as shown. • show telnet (Section 2.1.15.1) • set telnet (Section 2.1.15.
Startup and General Configuration Summary Starting and Configuring Telnet 2.1.15.1 show telnet Use this command to display the status of Telnet on the device. show telnet Syntax Description None. Command Defaults None. Command Mode Read-only.
Startup and General Configuration Summary Starting and Configuring Telnet 2.1.15.2 set telnet Use this command to enable or disable Telnet on the device. set telnet {enable | disable}[inbound | outbound | all] Syntax Description enable | disable Enables or disables Telnet services. inbound | outbound | all (Optional)Specifies inbound service (the ability to Telnet to this device), outbound service (the ability to Telnet to other devices), or all (both inbound and outbound). Command Defaults None.
Startup and General Configuration Summary Managing Configuration and Image Files 2.1.16 Managing Configuration and Image Files Purpose To view, manage, and execute configuration files and to manage image files. Commands The commands used to view, manage, and execute configuration files and to manage image files are listed below and described in the associated section as shown. • dir (Section 2.1.16.1) • show config (Section 2.1.16.2) • configure (Section 2.1.16.3) • copy (Section 2.1.16.
Startup and General Configuration Summary Managing Configuration and Image Files 2.1.16.1 dir Use this command to list configuration files stored in the file system. dir [filename] Syntax Description filename (Optional) Specifies the file name or directory to list. Command Mode Read-Only. Command Defaults If filename is not specified, all files in the system will be displayed.
Startup and General Configuration Summary Managing Configuration and Image Files 2.1.16.2 show config Use this command to display the system configuration or write the configuration to a file. show config [all]{outfile}{configs/filename} Syntax Description all (Optional) Displays default and non-default configuration settings. outfile Specifies a file in which to store the configuration. Specifies that the current configuration will be written to a text file in the configs/ directory.
Startup and General Configuration Summary Managing Configuration and Image Files B2(rw)->show config ! #***** NON-DEFAULT CONFIGURATION ***** #console ! #diffserv ! #eapol ! #flowlimit ! #garp ! #gvrp ! #igmp ! #ip set ip protocol dhcp ! #length ! #logout ! #mac ! #mtu set port jumbo enable ge.3.
Startup and General Configuration Summary Managing Configuration and Image Files 2.1.16.3 configure Use this command to execute a previously downloaded configuration file stored on the device. configure filename [append] Syntax Description filename Specifies the path and file name of the configuration file to execute. append (Optional) Executes the configuration as an appendage to the current configuration.
Startup and General Configuration Summary Managing Configuration and Image Files 2.1.16.4 copy Use this command to upload or download an image or a CLI configuration file. co py source destination Syntax Description source Specifies location and name of the source file to copy. Options are a local file path in the configs directory , or the URL of aTFTP server. destination Specifies location and name of the destination where the file will be copied.
Startup and General Configuration Summary Managing Configuration and Image Files 2.1.16.5 delete Use this command to remove an image or a CLI configuration file from the SecureStack system. de le te filename NOTE: Use the show config command as described in Section 2.1.16.2 to display current image and configuration file names. Syntax Description filename Specifies the local path name to the file. Valid directories are /images and /slotN. Command Mode Read-Write. Command Defaults None.
Startup and General Configuration Summary Configuring CDP 2.1.17 Configuring CDP Purpose To review and configure the CDP discovery protocol. Commands The commands used to review and configure the CDP discovery protocol are listed below and described in the associated section as shown. • show cdp (Section 2.1.17.1) • set cdp state (Section 2.1.17.2) • set cdp auth (Section 2.1.17.3) • set cdp interval (Section 2.1.17.4) • set cdp hold-time (Section 2.1.17.5) • clear cdp (Section 2.1.17.
Startup and General Configuration Summary Configuring CDP 2.1.17.1 show cdp Use this command to display the status of the CDP discovery protocol and message interval on one or more ports. show cdp [port-string] Syntax Description port-string (Optional) Displays CDP status for a specific port. For a detailed description of possible port-string values, refer to Section 3.1.1. Command Defaults If port-string is not specified, CDP information for all ports will be displayed. Command Mode Read-Only.
Startup and General Configuration Summary Configuring CDP Table 2-7 show cdp Output Details Output What It Displays... CDP Global Status Whether CDP is globally auto-enabled, enabled or disabled. The default state of auto-enabled can be reset with the set cdp state command. For details, refer to Section 2.1.17.2. CDP Versions Supported CDP version number(s) supported by the device. CDP Hold Time Minimum time interval (in seconds) at which CDP configuration messages can be set.
Startup and General Configuration Summary Configuring CDP 2.1.17.2 set cdp state Use this command to enable or disable the CDP discovery protocol on one or more ports. set cdp state {auto | disable | enable} [port-string] Syntax Description auto | disable | enable Auto-enables, disables or enables the CDP protocol on the specified port(s). In auto-enable mode, which is the default mode for all ports, a port automatically becomes CDP-enabled upon receiving its first CDP message.
Startup and General Configuration Summary Configuring CDP 2.1.17.3 set cdp auth Use this command to set a global CDP authentication code. This value determines a device’s CDP domain. If two or more devices have the same CDP authentication code, they will be entered into each other's CDP neighbor tables. If they have different authentication codes, they are in different domains and will not be entered into each other’s CDP neighbor tables.
Startup and General Configuration Summary Configuring CDP 2.1.17.4 set cdp interval Use this command to set the message interval frequency (in seconds) of the CDP discovery protocol. set cdp interval frequency Syntax Description frequency Specifies the transmit frequency of CDP messages in seconds.Valid values are from 5 to 900 seconds. Command Defaults None. Command Mode Read-Write.
Startup and General Configuration Summary Configuring CDP 2.1.17.5 set cdp hold-time Use this command to set the hold time value for CDP discovery protocol configuration messages. set cdp hold-time hold-time Syntax Description hold-time Specifies the hold time value for CDP messages in seconds.Valid values are from 15 to 600. Command Defaults None. Command Mode Read-Write.
Startup and General Configuration Summary Configuring CDP 2.1.17.6 clear cdp Use this command to reset CDP discovery protocol settings to defaults. clear cdp {[state] [port-state port-string] [interval] [hold-time] [auth-code]} Syntax Description state (Optional) Resets the global CDP state to auto-enabled. port-state port-string (Optional) Resets the port state on specific port(s) to auto-enabled. interval (Optional) Resets the message frequency interval to 60 seconds.
Startup and General Configuration Summary Clearing and Closing the CLI 2.1.18 Clearing and Closing the CLI Purpose To clear the CLI screen or to close your CLI session. Commands The commands used to clear and close the CLI session are listed below and described in the associated sections as shown. • cls (Section 2.1.18.1) • exit (Section 2.1.18.
Startup and General Configuration Summary Clearing and Closing the CLI 2.1.18.1 cls (clear screen) Use this command to clear the screen for the current CLI session. cls Syntax Description None. Command Defaults None. Command Mode Read-Only.
Startup and General Configuration Summary Resetting the Device 2.1.18.2 exit Use either of these commands to leave a CLI session. exit NOTE: By default, device timeout occurs after 15 minutes of user inactivity, automatically closing your CLI session. Use the set logout command as described in Section 2.1.12.21 to change this default. Syntax Description None. Command Defaults None. Command Mode Read-Only. Example This example shows how to exit a CLI session: B2(rw)->exit 2.1.
Startup and General Configuration Summary Resetting the Device 2.1.19.1 reset Use this command to reset the device without losing any user-defined configuration settings, or to display information about device resets. reset [unit] NOTE: The reset button located on the rear panel of A SecureStack B2 device is used to reset administratively set passwords only, pushing the reset button will not cause the unit to reboot.
Startup and General Configuration Summary Resetting the Device 2.1.19.2 clear config Use this command to clear the user-defined configuration parameters. clear config [all] NOTES: When using the clear config command to clear configuration parameters in a stack, it is important to remember the following: • Use clear config to clear config parameters without clearing stack unit IDs. This command WILL NOT clear stack parameters and avoids the process of re-numbering the stack.
Startup and General Configuration Summary Resetting the Device 2-102 SecureStack B2 Configuration Guide
3 Port Configuration This chapter describes the Port Configuration set of commands and how to use them. Important Notice CLI examples in this guide illustrate a generic command prompt. Depending on which device you are using, your default command prompt and output may be different than the examples shown. 3.
Port Configuration Summary Port String Syntax Used in the CLI Important Notice About B2Gxxx-xx 10/100/100 and SFP Mini-GBIC Ports SFP Mini-GBIC uplink ports can be used in an either / or configuration with B2 RJ45 10/100/1000 Mbps 1000BASE-T Fast Ethernet copper ports. If all Mini-GBIC ports are used, four of the RJ45 ports will be disabled. The maximum number of active ports can be 24 on the B2G124-24, and 48 on the B2G124-48 and B2G124-48P, in any combination of RJ45’s and Mini-GBICs. 3.1.
Process Overview: Port Configuration Port String Syntax Used in the CLI This example shows the port-string syntax for specifying the 1-Gigabit Ethernet port 14 in unit 3 in the stack. ge.3.14 This example shows the port-string syntax for specifying all 1-Gigabit Ethernet ports in unit 3 in the stack. ge.3.* This example shows the port-string syntax for specifying all ports (of any interface type) in all units in the stack. *.*.* 3.
Port Configuration Command Set Reviewing Port Status 3.3 PORT CONFIGURATION COMMAND SET 3.3.1 Reviewing Port Status Purpose To display operating status, duplex mode, speed, port type, and statistical information about traffic received and transmitted through one or all switch ports on the device. Commands The commands used to review port status are listed below and described in the associated sections as shown. • show port (Section 3.3.1.1) • show port status (Section 3.3.1.
Port Configuration Command Set Reviewing Port Status 3.3.1.1 show port Use this command to display whether or not one or more ports are enabled for switching. show port [port-string] Syntax Description port-string (Optional) Displays operational status for specific port(s). For a detailed description of possible port-string values, refer to Section 3.1.1. Command Defaults If port-string is not specified, operational status information for all ports will be displayed. Command Mode Read-Only.
Port Configuration Command Set Reviewing Port Status 3.3.1.2 show port status Use this command to display operating and admin status, speed, duplex mode and port type for one or more ports on the device. show port status [port-string] Syntax Description port-string (Optional) Displays status for specific port(s). For a detailed description of possible port-string values, refer to Section 3.1.1. Command Defaults If port-string is not specified, status information for all ports will be displayed.
Port Configuration Command Set Reviewing Port Status Table 3-1 show port status Output Details (Continued) Output What It Displays... Admin Status Whether the specified port is enabled (up) or disabled (down). For details on using the set port disable command to change the default port status of enabled, refer to Section 3.3.2.1. For details on using the set port enable command to re-enable ports, refer to Section 3.3.2.2. Speed Operational speed in Mbps or Kbps of the specified port.
Port Configuration Command Set Reviewing Port Status 3.3.1.3 show port counters Use this command to display port counter statistics detailing traffic through the device and through all MIB2 network devices. show port counters [port-string] [switch | mib2] Syntax Description port-string (Optional) Displays counter statistics for specific port(s). For a detailed description of possible port-string values, refer to Section 3.1.1. switch | mib2 (Optional) Displays switch or MIB2 statistics.
Port Configuration Command Set Reviewing Port Status Examples This example shows how to display all counter statistics, including MIB2 network traffic and traffic through the device for fe.3.1: B2(rw)->show port counters fe.3.1 Port: fe.3.
Port Configuration Command Set Reviewing Port Status Table 3-2 3-10 show port counters Output Details Output What It Displays... Port Port designation. For a detailed description of possible port-string values, refer to Section 3.1.1. MIB2 Interface MIB2 interface designation. Bridge Port IEEE 802.1D bridge port designation. MIB2 Interface Counters MIB2 network traffic counts 802.1Q Switch Counters Counts of frames received, transmitted, and filtered.
Port Configuration Command Set Disabling / Enabling Ports 3.3.2 Disabling / Enabling Ports Purpose To disable and re-enable one or more ports. By default, all ports are enabled at device startup. You may want to disable ports for security or to troubleshoot network issues. Commands The commands used to enable and disable ports are listed below and described in the associated section as shown. • set port disable (Section 3.3.2.1) • set port enable (Section 3.3.2.
Port Configuration Command Set Disabling / Enabling Ports 3.3.2.1 set port disable Use this command to administratively disable one or more ports. set port disable port-string Syntax Description port-string Specifies the port(s) to disable. For a detailed description of possible port-string values, refer to Section 3.1.1. Command Defaults None. Command Mode Read-Write. Example This example shows how to disable fe.1.1: B2(rw)->set port disable fe.1.
Port Configuration Command Set Disabling / Enabling Ports 3.3.2.2 set port enable Use this command to administratively enable one or more ports. set port enable port-string Syntax Description port-string Specifies the port(s) to enable. For a detailed description of possible port-string values, refer to Section 3.1.1. Command Defaults None. Command Mode Read-Write. Example This example shows how to enable fe.1.3: B2(rw)->set port enable fe.1.
Port Configuration Command Set Disabling / Enabling Ports 3.3.2.3 show port trap Use this command to display whether the port is enabled for generating an SNMP trap message if its link state changes. show port trap [port-string] Syntax Description port-string (Optional) Displays link trap status for specific port(s). For a detailed description of possible port-string values, refer to Section 3.1.1. Command Defaults If port-string is not specified, the trap status for all ports will be displayed.
Port Configuration Command Set Setting Speed and Duplex Mode 3.3.3 Setting Speed and Duplex Mode Purpose To review and set the operational speed in Mbps and the default duplex mode: Half, for half duplex, or Full, for full duplex for one or more ports. NOTE: These settings only take effect on ports that have auto-negotiation disabled. Commands The commands used to review and set port speed and duplex mode are listed below and described in the associated section as shown. • show port speed (Section 3.3.
Port Configuration Command Set Setting Speed and Duplex Mode 3.3.3.1 show port speed Use this command to display the default speed setting on one or more ports. show port speed [port-string] Syntax Description port-string (Optional) Displays default speed setting(s) for specific port(s). For a detailed description of possible port-string values, refer to Section 3.1.1. Command Defaults If port-string is not specified, default speed settings for all ports will display. Command Mode Read-Only.
Port Configuration Command Set Setting Speed and Duplex Mode 3.3.3.2 set port speed Use this command to set the default speed of one or more ports. This setting only takes effect on ports that have auto-negotiation disabled. set port speed port-string {10 | 100 | 1000} Syntax Description port-string Specifies the port(s) for which to a speed value will be set. For a detailed description of possible port-string values, refer to Section 3.1.1. 10 | 100 | 1000 Specifies the port speed.
Port Configuration Command Set Setting Speed and Duplex Mode 3.3.3.3 show port duplex Use this command to display the default duplex setting (half or full) for one or more ports. show port duplex [port-string] Syntax Description port-string (Optional) Displays default duplex setting(s) for specific port(s). For a detailed description of possible port-string values, refer to Section 3.1.1. Command Defaults If port-string is not specified, default duplex settings for all ports will be displayed.
Port Configuration Command Set Setting Speed and Duplex Mode 3.3.3.4 set port duplex Use this command to set the default duplex type for one or more ports. set port duplex port-string {full | half} NOTE: This command will only take effect on ports that have auto-negotiation disabled. Syntax Description port-string Specifies the port(s) for which duplex type will be set. For a detailed description of possible port-string values, refer to Section 3.1.1.
Port Configuration Command Set Enabling / Disabling Jumbo Frame Support 3.3.4 Enabling / Disabling Jumbo Frame Support Purpose To review, enable, and disable jumbo frame support on one or more ports. This allows Gigabit Ethernet ports to transmit frames up to 10 KB in size. Commands The commands used to review, enable and disable jumbo frame support are listed below and described in the associated section as shown. • show port jumbo (Section 3.3.4.1) • set port jumbo (Section 3.3.4.
Port Configuration Command Set Enabling / Disabling Jumbo Frame Support 3.3.4.1 show port jumbo Use this command to display the status of jumbo frame support and maximum transmission units (MTU) on one or more ports. show port jumbo [port-string] Syntax Description port-string (Optional) Displays the status of jumbo frame support for specific port(s). For a detailed description of possible port-string values, refer to Section 3.1.1.
Port Configuration Command Set Enabling / Disabling Jumbo Frame Support 3.3.4.2 set port jumbo Use this command to enable or disable jumbo frame support on one or more ports. set port jumbo {enable | disable} [port-string] Syntax Description enable | disable Enables or disables jumbo frame support. port-string (Optional) Specifies the port(s) on which to disable or enable jumbo frame support. For a detailed description of possible port-string values, refer to Section 3.1.1.
Port Configuration Command Set Setting Auto-Negotiation 3.3.4.3 clear port jumbo Use this command to reset jumbo frame support status to enabled on one or more ports. clear port jumbo [port-string] Syntax Description port-string (Optional) Specifies the port(s) on which to reset jumbo frame support status to enabled. For a detailed description of possible port-string values, refer to Section 3.1.1. Command Defaults If port-string is not specified, jumbo frame support status will be reset on all ports.
Port Configuration Command Set Setting Auto-Negotiation 3.3.5.1 show port negotiation Use this command to display the status of auto-negotiation for one or more ports. show port negotiation [port-string] Syntax Description port-string (Optional) Displays auto-negotiation status for specific port(s). For a detailed description of possible port-string values, refer to Section 3.1.1. Command Defaults If port-string is not specified, auto-negotiation status for all ports will be displayed.
Port Configuration Command Set Setting Auto-Negotiation 3.3.5.2 set port negotiation Use this command to enable or disable auto-negotiation on one or more ports. set port negotiation port-string {enable | disable} Syntax Description port-string Specifies the port(s) for which to enable or disable auto-negotiation. For a detailed description of possible port-string values, refer to Section 3.1.1. enable | disable Enables or disables auto-negotiation. Command Defaults None. Command Mode Read-Write.
Port Configuration Command Set Setting Flow Control 3.3.6 Setting Flow Control Purpose To review, enable or disable port flow control. Flow control is used to manage the transmission between two devices as specified by IEEE 802.3x to prevent receiving ports from being overwhelmed by frames from transmitting devices. Commands The commands used to review and set port flow control are listed below and described in the associated section as shown. • show flowcontrol (Section 3.3.6.
Port Configuration Command Set Setting Flow Control 3.3.6.1 show flowcontrol Use this command to display the flow control state. show flowcontrol Syntax Description None. Command Defaults None. Command Mode Read-Only.
Port Configuration Command Set Setting Flow Control 3.3.6.3 set flowcontrol Use this command to enable or disable flow control. set flowcontrol {enable | disable} Syntax Description enable | disable Enables or disables flow control settings. Command Defaults None. Command Mode Read-Write.
Port Mirroring Mirroring Features 3.4 PORT MIRRORING CAUTION: Port mirroring configuration should be performed only by personnel who are knowledgeable about the effects of port mirroring and its impact on network operation. The SecureStack device allows you to mirror (or redirect) the traffic being switched on a port for the purposes of network traffic analysis and connection assurance. When port mirroring is enabled, one port becomes a monitor port for another port within the device. 3.4.
Port Mirroring Setting Port Mirroring 3.4.2.1 show port mirroring Use this command to display the source and target ports for mirroring, and whether mirroring is currently enabled or disabled for those ports. show port mirroring Syntax Description None. Command Defaults None. Command Mode Read-Only. Example This example shows how to display port mirroring information. In this case, fe.1.4 is configured as a source port and fe.1.
Port Mirroring Setting Port Mirroring 3.4.2.2 set port mirroring Use this command to create a new mirroring relationship or to enable or disable an existing mirroring relationship between two ports. NOTE: LAG ports and their underlying physical ports, as described in Section 3.5, cannot be mirrored. set port mirroring {create | disable | enable source destination Syntax Description create | disable | enable Creates, disables or enables mirroring settings on the specified ports.
Port Mirroring Setting Port Mirroring 3.4.2.3 clear port mirroring Use this command to clear a port mirroring relationship. clear port mirroring source destination Syntax Description source Specifies the source port of the mirroring configuration to be cleared. For a detailed description of possible port-string values, refer to Section 3.1.1. destination Specifies the target port of the mirroring configuration to be cleared. Command Defaults None. Command Mode Read-Write.
Link Aggregation Control Protocol (LACP) LACP Operation 3.5 LINK AGGREGATION CONTROL PROTOCOL (LACP) CAUTION: Link aggregation configuration should only be performed by personnel who are knowledgeable about Spanning Tree and Link Aggregation, and fully understand the ramifications of modifications beyond device defaults. Otherwise, the proper operation of the network could be at risk.
Link Aggregation Control Protocol (LACP) LACP Terminology • Uses information from the partner device’s link aggregation control entity to decide whether to aggregate ports. The operation of LACP involves the following activities: • Checking that candidate links can actually be aggregated. • Controlling the addition of a link to a LAG, and the creation of the group if necessary. • Monitoring the status of aggregated links to ensure that the aggregation is still valid.
Link Aggregation Control Protocol (LACP) SecureStack B2 Usage Considerations Table 3-3 LACP Terms and Definitions (Continued) Term Definition LACPDU Link Aggregation Control Protocol Data Unit. The protocol exchanges aggregation state/mode information by way of a port’s actor and partner operational states. LACPDUs sent by the first party (the actor) convey to the second party (the actor’s protocol partner) what the actor knows, both about its own state and that of its partner.
Link Aggregation Control Protocol (LACP) Configuring Link Aggregation of aggregations possible. If the switch is placed in a configuration with its peers not running the protocol, no dynamic link aggregations will be formed and the switch will function normally (that is, will block redundant paths). For information about building static aggregations, refer to set lacp static (Section 3.5.4.6). Each SecureStack B2 unit provides six virtual link aggregator ports, which are designated in the CLI as lag.0.
Link Aggregation Control Protocol (LACP) Configuring Link Aggregation Commands The commands used to review and configure LACP are listed below and described in the associated section as shown. • show lacp (Section 3.5.4.2) • set lacp asyspri (Section 3.5.4.3) • set lacp aadminkey (Section 3.5.4.4) • clear lacp (Section 3.5.4.5) • set lacp static (Section 3.5.4.6) • clear lacp static (Section 3.5.4.7) • show port lacp (Section 3.5.4.8) • set port lacp (Section 3.5.4.9) • clear port lacp (Section 3.5.4.
Link Aggregation Control Protocol (LACP) Configuring Link Aggregation 3.5.4.1 set lacp Use this command to disable or enable the Link Aggregation Control Protocol (LACP) on the device. set lacp {disable | enable} Syntax Description disable | enable Disables or enables LACP. Command Defaults None. Command Mode Read-Write.
Link Aggregation Control Protocol (LACP) Configuring Link Aggregation 3.5.4.2 show lacp Use this command to display information about one or more aggregator ports. Each SecureStack B2 unit provides 6 virtual link aggregator ports, which are designated in the CLI as lag.0.1 through lag.0.6. Once underlying physical ports (that is, fe.x.x, ge.x.x) are associated with an aggregator port, the resulting aggregation will be represented as one Link Aggregation Group (LAG) with a lag.x.x port designation.
Link Aggregation Control Protocol (LACP) Configuring Link Aggregation Table 3-4 3-40 show lacp Output Details Output What It Displays... Aggregator LAG port designation. Each SecureStack B2 unit provides 6 virtual link aggregator ports, which are designated in the CLI as lag.0.1 through lag.0.6. Once underlying physical ports (i.e.; fe.x.x, ge.x.x) are associated with an aggregator port, the resulting Link Aggregation Group (LAG) is represented with a lag.x.x port designation.
Link Aggregation Control Protocol (LACP) Configuring Link Aggregation 3.5.4.3 set lacp asyspri Use this command to set the LACP system priority. LACP uses this value to determine aggregation precedence. If there are two partner devices competing for the same aggregator, LACP compares the LAG IDs for each grouping of ports. The LAG with the lower LAG ID is given precedence and will be allowed to use the aggregator.
Link Aggregation Control Protocol (LACP) Configuring Link Aggregation 3.5.4.4 set lacp aadminkey Use this command to set the administratively assigned key for one or more aggregator ports. LACP will use this value to form an oper key. Only underlying physical ports with oper keys matching those of their aggregators will be allowed to aggregate. set lacp aadminkey port-string value Syntax Description port-string Specifies the LAG port(s) on which to assign an admin key.
Link Aggregation Control Protocol (LACP) Configuring Link Aggregation 3.5.4.5 clear lacp Use this command to clear LACP system priority or admin key settings. clear lacp {[asyspri] [aadminkey port-string]} Syntax Description asyspri Clears system priority. aadminkey port-string Clears admin keys for one or more ports. Command Defaults None. Command Mode Read-Write. Example This example shows how to clear the actor admin key for LAG port 6: B2(rw)->clear lacp aadminkey lag.0.
Link Aggregation Control Protocol (LACP) Configuring Link Aggregation 3.5.4.6 set lacp static Use this command to disable or enable static link aggregation, or to assign one or more underlying physical ports to a Link Aggregation Group (LAG). set lacp static {disable | enable} | lagportstring [key] port-string Syntax Description disable | enable Disables or enables static link aggregation. lagportstring Specifies the LAG aggregator port to which new ports will be assigned.
Link Aggregation Control Protocol (LACP) Configuring Link Aggregation 3.5.4.7 clear lacp static Use this command to remove specific ports from a Link Aggregation Group. clear lacp static lagportstring port-string Syntax Description lagportstring Specifies the LAG aggregator port from which ports will be removed. port-string Specifies the port(s) to remove from the LAG. For a detailed description of possible port-string values, refer to Section 3.1.1. Command Defaults None. Command Mode Read-Write.
Link Aggregation Control Protocol (LACP) Configuring Link Aggregation 3.5.4.8 show port lacp Use this command to display link aggregation information for one or more underlying physical ports. show port lacp port port-string {[status {detail | summary}] | [counters]} Syntax Description port port-string Displays LACP information for specific port(s). For a detailed description of possible port-string values, refer to Section 3.1.1.
Link Aggregation Control Protocol (LACP) Configuring Link Aggregation This example shows how to display summarized LACP status information for port fe.1.12: B2(rw)->show port lacp port fe.1.12 status summary Port Aggr Actor System Partner System Pri: System ID: Key: Pri: System ID: Key: fe.1.12 none [(32768,00e0639db587,32768),(32768,000000000000, 1411)] This example shows how to display LACP counters for port fe.1.12: B2(rw)->show port lacp port fe.1.12 counters Port Instance: fe.1.
Link Aggregation Control Protocol (LACP) Configuring Link Aggregation 3.5.4.9 set port lacp Use this command to set link aggregation parameters for one or more ports. These settings will determine the specified underlying physical ports’ ability to join a LAG, and their administrative state once aggregated.
Link Aggregation Control Protocol (LACP) Configuring Link Aggregation aportpri aportpri Sets the port’s actor port priority. Valid values are 0 65535, with lower values designating higher priority. asyspri asyspri Sets the port’s actor system priority. The LACP implementation on the SecureStack B2 device uses this value to determine aggregation precedence when there are two devices competing for the same aggregator. Valid values are 0 - 65535, with higher precedence given to lower values.
Link Aggregation Control Protocol (LACP) Configuring Link Aggregation Command Defaults • At least one parameter must be entered per port-string. • If e na ble or dis a ble are not specified, port(s) will be enabled with the LACP parameters entered. Example This example shows how to set the actor admin key to 3555 for port ge.3.16: B2(rw)->set port lacp ge.3.
Link Aggregation Control Protocol (LACP) Configuring Link Aggregation 3.5.4.10 clear port lacp Use this command to clear link aggregation settings for one or more ports.
Link Aggregation Control Protocol (LACP) Configuring Link Aggregation padminstate Clears the port’s specific partner admin state, or all lacpactive | partner admin state(s). lacptimeout | lacpagg | lacpsync | lacpcollect | lacpdist | lacpdef | lacpexpire | all Command Defaults None. Command Mode Read-Write. Example This example shows how to clear all link aggregation parameters for port ge.3.16: B2(rw)->clear port lacp port ge.3.
Link Aggregation Control Protocol (LACP) Configuring Broadcast Suppression 3.5.5 Configuring Broadcast Suppression Purpose To review and set the status of broadcast suppression on the device. This limits the amount of received broadcast frames that will be allowed to switch out to other devices. Broadcast suppression protects against broadcast storms, leaving more bandwidth available for critical data.
Link Aggregation Control Protocol (LACP) Configuring Broadcast Suppression 3.5.5.1 show broadcast Use this command to display the status of broadcast suppression. show broadcast Syntax Description None. Command Defaults None. Command Mode Read-Only.
Link Aggregation Control Protocol (LACP) Configuring Broadcast Suppression 3.5.5.2 set broadcast Use this command to enable or disable broadcast suppression on the device. When enabled, which is the default setting, broadcast packets will be limited to 14,880 per second on all device ports. set broadcast {enable | disable} Syntax Description enable | disable Enables or disables broadcast suppression. Command Defaults None. Command Mode Read-Write.
Link Aggregation Control Protocol (LACP) Configuring Broadcast Suppression 3-56 SecureStack B2 Configuration Guide
4 SNMP Configuration This chapter describes the Simple Network Management Protocol (SNMP) set of commands and how to use them. 4.1 SNMP CONFIGURATION SUMMARY SNMP is an application-layer protocol that facilitates the exchange of management information between network devices. SNMP enables network administrators to manage network performance, find and solve network problems, and plan for network growth.
SNMP Configuration Summary SNMPv3 4.1.2 SNMPv3 SNMPv3 is an interoperable standards-based protocol that provides secure access to devices by authenticating and encrypting frames over the network. The advanced security features provided in SNMPv3 are as follows: • Message integrity — Collects data securely without being tampered with or corrupted. • Authentication — Determines the message is from a valid source.
SNMP Configuration Summary About SNMP Security Models and Levels 4.1.3 About SNMP Security Models and Levels An SNMP security model is an authentication strategy that is set up for a user and the group in which the user resides. A security level is the permitted level of security within a security model. The three levels of SNMP security are: No authentication required (NoAuthNoPriv); authentication required (AuthNoPriv); and privacy (authPriv).
SNMP Configuration Summary Using SNMP Contexts to Access Specific MIBs 4.1.4 Using SNMP Contexts to Access Specific MIBs By default, when operating from the switch CLI, SecureStack B2 devices allow access to all SNMP MIBs or contexts. A context is a collection of MIB objects, often associated with a particular physical or logical device.
Process Overview: SNMP Configuration Using SNMP Contexts to Access Specific MIBs 4.2 PROCESS OVERVIEW: SNMP CONFIGURATION NOTE: Commands for configuring SNMP on the SecureStack B2 device are independent during the SNMP setup process. For instance, target parameters can be specified when setting up optional notification filters — even though these parameters have not yet been created with the set snmp targetparams command.
SNMP Configuration Command Set Reviewing SNMP Statistics 4.3 SNMP CONFIGURATION COMMAND SET 4.3.1 Reviewing SNMP Statistics Purpose To review SNMP statistics. Commands The commands used to review SNMP statistics are listed below and described in the associated section as shown. • show snmp engineid (Section 4.3.1.1) • show snmp counters (Section 4.3.1.
SNMP Configuration Command Set Reviewing SNMP Statistics 4.3.1.1 show snmp engineid Use this command to display the SNMP local engine ID. This is the SNMP v3 engine’s administratively unique identifier. show snmp engineid Syntax Description None. Command Defaults None. Command Mode Read-Only.
SNMP Configuration Command Set Reviewing SNMP Statistics 4.3.1.2 show snmp counters Use this command to display SNMP traffic counter values. show snmp counters Syntax Description None. Command Defaults None. Command Mode Read-Only.
SNMP Configuration Command Set Reviewing SNMP Statistics Example This example shows how to display SNMP counter values B2(rw)->show snmp counters --- mib2 SNMP group counters: snmpInPkts = 396601 snmpOutPkts = 396601 snmpInBadVersions = 0 snmpInBadCommunityNames = 0 snmpInBadCommunityUses = 0 snmpInASNParseErrs = 0 snmpInTooBigs = 0 snmpInNoSuchNames = 0 snmpInBadValues = 0 snmpInReadOnlys = 0 snmpInGenErrs = 0 snmpInTotalReqVars = 403661 snmpInTotalSetVars = 534 snmpInGetRequests = 290 snmpInGetNexts = 39
SNMP Configuration Command Set Reviewing SNMP Statistics Table 4-3 show snmp counters Output Details Output What It Displays... snmpInPkts Number of messages delivered to the SNMP entity from the transport service. snmpOutPkts Number of SNMP messages passed from the SNMP protocol entity to the transport service. snmpInBadVersions Number of SNMP messages delivered to the SNMP entity for an unsupported SNMP version.
SNMP Configuration Command Set Reviewing SNMP Statistics Table 4-3 show snmp counters Output Details (Continued) Output What It Displays... snmpInTotalReqVars Number of MIB objects retrieved successfully by the SNMP protocol entity as the result of receiving valid SNMP Get-Request and Get-Next PDUs. snmpInTotalSetVars Number of MIB objects altered successfully by the SNMP protocol entity as the result of receiving valid SNMP Set-Request PDUs.
SNMP Configuration Command Set Reviewing SNMP Statistics Table 4-3 show snmp counters Output Details (Continued) Output What It Displays... snmpOutGetNexts Number of SNMP Get-Next PDUs generated by the SNMP protocol entity. snmpOutSetRequests Number of SNMP Set-Request PDUs generated by the SNMP protocol entity. snmpOutGetResponses Number of SNMP Get-Response PDUs generated by the SNMP protocol entity. snmpOutTraps Number of SNMP Trap PDUs generated by the SNMP protocol entity.
SNMP Configuration Command Set Reviewing SNMP Statistics Table 4-3 show snmp counters Output Details (Continued) Output What It Displays... usmStatsWrongDigests Number of packets received by the SNMP engine that were dropped because they did not contain the expected digest value. usmStatsDecriptionErrors Number of packets received by the SNMP engine that were dropped because they could not be decrypted.
SNMP Configuration Command Set Configuring SNMP Users, Groups, and Communities 4.3.2 Configuring SNMP Users, Groups, and Communities Purpose To review and configure SNMP users, groups, and v1 and v2 communities. These are defined as follows: • User — A person registered in SNMPv3 to access SNMP management. • Group — A collection of users who share the same SNMP access privileges. • Community — A name used to authenticate SNMPv1 and v2 users.
SNMP Configuration Command Set Configuring SNMP Users, Groups, and Communities 4.3.2.1 show snmp user Use this command to display information about SNMP users. These are people registered to access SNMP management. show snmp user [list] | [user] | [remote remote ] [volatile | nonvolatile | read-only] Syntax Description list (Optional) Displays a list of registered SNMP user names. user (Optional) Displays information about a specific user.
SNMP Configuration Command Set Configuring SNMP Users, Groups, and Communities This example shows how to display information for the SNMP “guest” user: B2(rw)->show snmp user guest --- SNMP user information --EngineId: 00:00:00:63:00:00:00:a1:00:00:00:00 Username = Guest Auth protocol = usmNoAuthProtocol Privacy protocol = usmNoPrivProtocol Storage type = nonVolatile Row status = active Table 4-4 shows a detailed explanation of the command output.
SNMP Configuration Command Set Configuring SNMP Users, Groups, and Communities 4.3.2.2 set snmp user Use this command to create a new SNMPv3 user. set snmp user user [remote remoteid] [authentication {md5 | sha}] [authpassword] [privacy privpassword] [volatile | nonvolatile] Syntax Description user Specifies a name for the SNMPv3 user. remote remoteid (Optional) Registers the user on a specific remote SNMP engine.
SNMP Configuration Command Set Configuring SNMP Users, Groups, and Communities 4.3.2.3 clear snmp user Use this command to remove a user from the SNMPv3 security-model list. clear snmp user user [remote remote] Syntax Description user Specifies an SNMPv3 user to remove. remote remote (Optional) Removes the user from a specific remote SNMP engine. Command Defaults If remote is not specified, the user will be removed from the local SNMP engine. Command Mode Read-Write.
SNMP Configuration Command Set Configuring SNMP Users, Groups, and Communities 4.3.2.4 show snmp group Use this command to display an SNMP group configuration. An SNMP group is a collection of SNMPv3 users who share the same access privileges. show snmp group [groupname groupname] [user user] [security-model {v1 | v2c | usm}] [volatile | nonvolatile | read-only] Syntax Description groupname groupname (Optional) Displays information for a specific SNMP group.
SNMP Configuration Command Set Configuring SNMP Users, Groups, and Communities Example This example shows how to display SNMP group information: B2(rw)->show snmp group --- SNMP group information --Security model = SNMPv1 Security/user name = public Group name = Anyone Storage type = nonVolatile Row status = active Security model Security/user name Group name Storage type Row status = = = = = SNMPv1 public.router1 Anyone nonVolatile active Table 4-5 shows a detailed explanation of the command output.
SNMP Configuration Command Set Configuring SNMP Users, Groups, and Communities 4.3.2.5 set snmp group Use this command to create an SNMP group. This associates SNMPv3 users to a group that shares common access privileges. set snmp group groupname user user security-model {v1 | v2c | usm} [volatile | nonvolatile] Syntax Description groupname Specifies an SNMP group name to create. user user Specifies an SNMPv3 user name to assign to the group.
SNMP Configuration Command Set Configuring SNMP Users, Groups, and Communities 4.3.2.6 clear snmp group Use this command to clear SNMP group settings globally or for a specific SNMP group and user. clear snmp group groupname user [security-model {v1 | v2c | usm}] Syntax Description groupname Specifies the SNMP group to be cleared. user Specifies the SNMP user to be cleared. security-model v1 | (Optional) Clears the settings associated with a specific v2c | usm security model.
SNMP Configuration Command Set Configuring SNMP Users, Groups, and Communities 4.3.2.7 show snmp community Use this command to display SNMP community names and status. In SNMPv1 and v2, community names act as passwords to remote management. show snmp community [name] Syntax Description name (Optional) Displays SNMP information for a specific community name. Command Defaults If name is not specified, information will be displayed for all SNMP communities. Command Mode Read-Only.
SNMP Configuration Command Set Configuring SNMP Users, Groups, and Communities 4.3.2.8 set snmp community Use this command to configure an SNMP community group. set snmp community community [securityname securityname] [context context] [transport transport] [volatile | nonvolatile] Syntax Description community Specifies a community group name. securityname securityname (Optional)Specifies an SNMP security name to associate with this community.
SNMP Configuration Command Set Configuring SNMP Users, Groups, and Communities 4.3.2.9 clear snmp community Use this command to delete an SNMP community name. clear snmp community name Syntax Description name Specifies the SNMP community name to clear. Command Defaults None. Command Mode Read-Write. Example This example shows how to delete the community name “vip.
SNMP Configuration Command Set Configuring SNMP Access Rights 4.3.3 Configuring SNMP Access Rights Purpose To review and configure SNMP access rights, assigning viewing privileges and security levels to SNMP user groups. Commands The commands used to review and configure SNMP access are listed below and described in the associated section as shown. • show snmp access (Section 4.3.3.1) • set snmp access (Section 4.3.3.2) • clear snmp access (Section 4.3.3.
SNMP Configuration Command Set Configuring SNMP Access Rights 4.3.3.1 show snmp access Use this command to display access rights and security levels configured for SNMP one or more groups. show snmp access [groupname] [security-model {v1 | v2c | usm}] [noauthentication | authentication | privacy] [context context] [volatile | nonvolatile | read-only] Syntax Description groupname (Optional) Displays access information for a specific SNMPv3 group.
SNMP Configuration Command Set Configuring SNMP Access Rights Example This example shows how to display SNMP access information: B2(rw)->show snmp Group = Security model = Security level = Read View = Write View = Notify View = Context match = Storage type = Row status = access SystemAdmin USM noAuthNoPriv All Group Security model Security level Read View Write View Notify View Context match Storage type Row status NightOperator USM noAuthNoPriv All = = = = = = = = = All exact match nonVolatile active
SNMP Configuration Command Set Configuring SNMP Access Rights Table 4-6 show snmp access Output Details (Continued) Output What It Displays... Write View Name of the view that allows this group to configure the contents of the SNMP agent. Notify View Name of the view that allows this group to send an SNMP trap message. Context match Whether or not SNMP context match must be exact (full context name match) or a partial match with a given prefix.
SNMP Configuration Command Set Configuring SNMP Access Rights 4.3.3.2 set snmp access Use this command to set an SNMP access configuration. set snmp access groupname security-model {v1 | v2c | usm} [noauthentication | authentication | privacy] [context context] [exact | prefix] [read read] [write write] [notify notify] [volatile | nonvolatile] Syntax Description groupname Specifies a name for an SNMPv3 group. security-model v1 | Specifies SNMP version 1, 2c or 3 (usm).
SNMP Configuration Command Set Configuring SNMP Access Rights • If write view is not specified, none will be applied. • If no tify view is not specified, none will be applied. • If storage type is not specified, entries will be stored as permanent and will be held through device reboot. Command Mode Read-Write.
SNMP Configuration Command Set Configuring SNMP Access Rights 4.3.3.3 clear snmp access Use this command to clear the SNMP access entry of a specific group, including its set SNMP security-model, and level of security. clear snmp access groupname security-model {v1 | v2c | usm} [noauthentication | authentication | privacy] [context context] Syntax Description groupname Specifies the name of the SNMP group for which to clear access.
SNMP Configuration Command Set Configuring SNMP MIB Views 4.3.4 Configuring SNMP MIB Views Purpose To review and configure SNMP MIB views. SNMP views map SNMP objects to access rights. Commands The commands used to review and configure SNMP MIB views are listed below and described in the associated section as shown. • show snmp view (Section 4.3.4.1) • show snmp context (Section 4.3.4.2) • set snmp view (Section 4.3.4.3) • clear snmp view (Section 4.3.4.
SNMP Configuration Command Set Configuring SNMP MIB Views 4.3.4.1 show snmp view Use this command to display the MIB configuration for SNMPv3 view-based access (VACM). show snmp view [viewname] [subtree oid-or-mibobject] [volatile | nonvolatile | read-only] Syntax Description viewname (Optional) Displays information for a specific MIB view. subtree oid-or-mibobject (Optional) Displays information for a specific MIB subtree when viewname is specified.
SNMP Configuration Command Set Configuring SNMP MIB Views Example This example shows how to display SNMP MIB view configuration information: B2(rw)->show snmp view --- SNMP MIB View information --View Name = All Subtree OID = 1 Subtree mask = View Type = included Storage type = nonVolatile Row status = active View Name Subtree OID Subtree mask View Type Storage type Row status = = = = = = All 0.0 View Name Subtree OID Subtree mask View Type Storage type Row status = = = = = = Network 1.3.6.1.2.
SNMP Configuration Command Set Configuring SNMP MIB Views 4.3.4.2 show snmp context Use this command to display the context list configuration for SNMP’s view-based access control. An SNMP context is a collection of management information that can be accessed by an SNMP agent or entity. The default context allows all SNMP agents to access all management information (MIBs). When created using the set snmp access command (Section 4.3.3.
SNMP Configuration Command Set Configuring SNMP MIB Views 4.3.4.3 set snmp view Use this command to set a MIB configuration for SNMPv3 view-based access (VACM). set snmp view viewname viewname subtree subtree [mask mask] [included | excluded] [volatile | nonvolatile] Syntax Description viewname viewname Specifies a name for a MIB view. subtree subtree Specifies a MIB subtree name. mask mask (Optional) Specifies a bitmask for a subtree.
SNMP Configuration Command Set Configuring SNMP MIB Views 4.3.4.4 clear snmp view Use this command to delete an SNMPv3 MIB view. clear snmp view viewname subtree Syntax Description viewname Specifies the MIB view name to be deleted. subtree Specifies the subtree name of the MIB view to be deleted. Command Defaults None. Command Mode Read-Write. Example This example shows how to delete SNMP MIB view “public”: B2(rw)->clear snmp view public 1.3.6.
SNMP Configuration Command Set Configuring SNMP Target Parameters 4.3.5 Configuring SNMP Target Parameters Purpose To review and configure SNMP target parameters. This controls where and under what circumstances SNMP notifications will be sent. A target parameter entry can be bound to a target IP address allowed to receive SNMP notification messages with the set snmp targetaddr command (Section 4.3.6.
SNMP Configuration Command Set Configuring SNMP Target Parameters 4.3.5.1 show snmp targetparams Use this command to display SNMP parameters used to generate a message to a target. show snmp targetparams [targetParams] [volatile | nonvolatile | read-only] Syntax Description targetParams (Optional) Displays entries for a specific target parameter. volatile | nonvolatile | read-only (Optional) Displays target parameter entries for a specific storage type.
SNMP Configuration Command Set Configuring SNMP Target Parameters Example This example shows how to display SNMP target parameters information: B2(rw)->show snmp targetparams --- SNMP TargetParams information --Target Parameter Name = v1ExampleParams Security Name = public Message Proc. Model = SNMPv1 Security Level = noAuthNoPriv Storage type = nonVolatile Row status = active Target Parameter Name Security Name Message Proc.
SNMP Configuration Command Set Configuring SNMP Target Parameters Table 4-8 4-42 show snmp targetparams Output Details (Continued) Output What It Displays... Storage type Whether entry is stored in volatile, nonvolatile or read-only memory. Row status Status of this entry: active, notInService, or notReady.
SNMP Configuration Command Set Configuring SNMP Target Parameters 4.3.5.2 set snmp targetparams Use this command to set SNMP target parameters, a named set of security/authorization criteria used to generate a message to a target.
SNMP Configuration Command Set Configuring SNMP Target Parameters Example This example shows how to set SNMP target parameters named “v1ExampleParams” for a user named “fred” using version 3 security model and message processing, and authentication: B2(rw)->set snmp targetparams v1ExampleParams user fred security-model usm message-processing v3 authentication 4-44 SecureStack B2 Configuration Guide
SNMP Configuration Command Set Configuring SNMP Target Parameters 4.3.5.3 clear snmp targetparams Use this command to clear the SNMP target parameter configuration. clear snmp targetparams targetParams Syntax Description targetParams Specifies the name of the parameter in the SNMP target parameters table to be cleared. Command Defaults None. Command Mode Read-Write.
SNMP Configuration Command Set Configuring SNMP Target Addresses 4.3.6 Configuring SNMP Target Addresses Purpose To review and configure SNMP target addresses which will receive SNMP notification messages. An address configuration can be linked to optional SNMP transmit, or target, parameters (such as timeout, retry count, and UDP port) set with the set snmp targetparams command (Section 4.3.5.2).
SNMP Configuration Command Set Configuring SNMP Target Addresses 4.3.6.1 show snmp targetaddr Use this command to display SNMP target address information. show snmp targetaddr [targetAddr] [volatile | nonvolatile | read-only] Syntax Description targetAddr (Optional) Displays information for a specific target address name. volatile | nonvolatile | read-only (Optional) When target address is specified, displays target address information for a specific storage type.
SNMP Configuration Command Set Configuring SNMP Target Addresses Table 4-9 4-48 show snmp targetaddr Output Details Output What It Displays... Target Address Name Unique identifier in the snmpTargetAddressTable. Tag List Tags a location to the target address as a place to send notifications. IP Address Target IP address. UDP Port# Number of the UDP port of the target host to use. Target Mask Target IP address mask. Timeout Timeout setting for the target address.
SNMP Configuration Command Set Configuring SNMP Target Addresses 4.3.6.2 set snmp targetaddr Use this command to configure an SNMP target address. The target address is a unique identifier and a specific IP address that will receive SNMP notification messages and determine which community strings will be accepted. This address configuration can be linked to optional SNMP transmit parameters (such as timeout, retry count, and UDP port).
SNMP Configuration Command Set Configuring SNMP Target Addresses Command Defaults • If not specified, udpport will be set to 1 6 2 . • If not specified, mask will be set to 2 5 5 . 2 5 5 . 2 5 5 . 2 5 5 • If not specified, timeout will be set to 1 5 0 0 . • If not specified, number of retries will be set to 3 . • If ta g lis t is not specified, none will be set. • If not specified, storage type will be no nvo la tile . Command Mode Read-Write.
SNMP Configuration Command Set Configuring SNMP Target Addresses 4.3.6.3 clear snmp targetaddr Use this command to delete an SNMP target address entry. clear snmp targetaddr targetAddr Syntax Description targetAddr Specifies the target address entry to delete. Command Defaults None. Command Mode Read-Write.
SNMP Configuration Command Set Configuring SNMP Notification Parameters 4.3.7 Configuring SNMP Notification Parameters Purpose To configure SNMP notification parameters and optional filters. Notifications are entities which handle the generation of SNMP v1 and v2 “traps” or SNMP v3 “informs” messages to select management targets. Optional notification filters identify which targets should not receive notifications.
SNMP Configuration Command Set Configuring SNMP Notification Parameters 4.3.7.1 show snmp notify Use this command to display the SNMP notify configuration, which determines which management targets will receive SNMP notifications. show snmp notify [notify] [volatile | nonvolatile | read-only] Syntax Description notify (Optional) Displays notify entries for a specific notify name. volatile | nonvolatile | read-only (Optional) Displays notify entries for a specific storage type.
SNMP Configuration Command Set Configuring SNMP Notification Parameters Table 4-10 4-54 show snmp notify Output Details Output What It Displays... Notify name A unique identifier used to index the SNMP notify table. Notify Tag Name of the entry in the SNMP notify table. Notify Type Type of notification: SNMPv1 or v2 trap or SNMPv3 InformRequest message. Storage type Whether access entry is stored in volatile, nonvolatile or read-only memory.
SNMP Configuration Command Set Configuring SNMP Notification Parameters 4.3.7.2 set snmp notify Use this command to set the SNMP notify configuration. This creates an entry in the SNMP notify table, which is used to select management targets who should receive notification messages. This command’s tag parameter can be used to bind each entry to a target address using the set snmp targetaddr command (Section 4.3.6.2).
SNMP Configuration Command Set Configuring SNMP Notification Parameters 4.3.7.3 clear snmp notify Use this command to clear an SNMP notify configuration. clear snmp notify notify Syntax Description notify Specifies an SNMP notify name to clear. Command Defaults None. Command Mode Read-Write.
SNMP Configuration Command Set Configuring SNMP Notification Parameters 4.3.7.4 show snmp notifyfilter Use this command to display SNMP notify filter information, identifying which profiles will not receive SNMP notifications. show snmp notifyfilter [profile] [subtree oid-or-mibobject] [volatile | nonvolatile | read-only] Syntax Description profile (Optional) Displays a specific notify filter. subtree oid-or-mibobject (Optional) Displays a notify filter within a specific subtree.
SNMP Configuration Command Set Configuring SNMP Notification Parameters 4.3.7.5 set snmp notifyfilter Use this command to create an SNMP notify filter configuration. This identifies which management targets should NOT receive notification messages, which is useful for fine-tuning the amount of SNMP traffic generated. set snmp notifyfilter profile subtree oid-or-mibobject [mask mask] [included | excluded] [volatile | nonvolatile] Syntax Description profile Specifies an SNMP filter notify name.
SNMP Configuration Command Set Configuring SNMP Notification Parameters 4.3.7.6 clear snmp notifyfilter Use this command to delete an SNMP notify filter configuration. clear snmp notifyfilter profile subtree oid-or-mibobject Syntax Description profile Specifies an SNMP filter notify name to delete. subtree oid-or-mibobject Specifies a MIB subtree ID containing the filter to be deleted. Command Defaults None. Command Mode Read-Write.
SNMP Configuration Command Set Configuring SNMP Notification Parameters 4.3.7.7 show snmp notifyprofile Use this command to display SNMP notify profile information. This associates target parameters to an SNMP notify filter to determine who should not receive SNMP notifications. show snmp notifyprofile [profile] [targetparam targetparam] [volatile | nonvolatile | read-only] Syntax Description profile (Optional) Displays a specific notify profile.
SNMP Configuration Command Set Configuring SNMP Notification Parameters 4.3.7.8 set snmp notifyprofile Use this command to create an SNMP notify filter profile configuration. This associates a notification filter, created with the set snmp notifyfilter command (Section 4.3.7.5), to a set of SNMP target parameters to determine which management targets should not receive SNMP notifications.
SNMP Configuration Command Set Configuring SNMP Notification Parameters 4.3.7.9 clear snmp notifyprofile Use this command to delete an SNMP notify profile configuration. clear snmp notifyprofile profile targetparam targetparam Syntax Description profile Specifies an SNMP filter notify name to delete. targetparam targetparam Specifies an associated entry in the snmpTargetParamsTable. Command Defaults None. Command Mode Read-Write.
SNMP Configuration Command Set Creating a Basic SNMP Trap Configuration 4.3.8 Creating a Basic SNMP Trap Configuration Traps are notification messages sent by an SNMPv1 or v2 agent to a network management station, a console, or a terminal to indicate the occurrence of a significant event, such as when a port or device goes up or down, when there are authentication failures, and when power supply errors occur.
SNMP Configuration Command Set Creating a Basic SNMP Trap Configuration Table 4-11 Basic SNMP Trap Configuration Command Set (Continued) To do this... Use these commands... Create a new notification entry. set snmp notify (Section 4.3.7.2) Create a target address entry. set snmp targetaddr (Section 4.3.6.2) Example This example shows how to: • Create an SNMP community called mgmt • Configure a trap notification called TrapSink.
SNMP Configuration Command Set Creating a Basic SNMP Trap Configuration 4. Verifies that the v2ExampleParams description of how to step through the door is, in fact, there. The agent checks targetparams entries and determines this description was made with the set snmp targetparams command, which tells exactly which SNMP protocol to use and what community name to provide. In this case, the community name is mgmt. 5. Verifies that the mgmt community name is available.
SNMP Configuration Command Set Creating a Basic SNMP Trap Configuration 4-66 SecureStack B2 Configuration Guide
5 Spanning Tree Configuration This chapter describes the Spanning Tree Configuration set of commands and how to use them. 5.1 SPANNING TREE CONFIGURATION SUMMARY 5.1.1 Overview: Single, Rapid and Multiple Spanning Tree Protocols The IEEE 802.1D Spanning Tree Protocol (STP) resolves the problems of physical loops in a network by establishing one primary path between any two devices in a network.
Spanning Tree Configuration Summary Spanning Tree Features only if the forwarding link goes down. MSTP assigns each VLAN present on the network to a particular Spanning Tree instance, allowing each switch port to be in a distinct state for each such instance: blocking for one Spanning Tree while forwarding for another. Thus, traffic associated with one set of VLANs can traverse a particular inter-switch link, while traffic associated with another set of VLANs can be blocked on that link.
Spanning Tree Configuration Command Set Process Overview: Spanning Tree Configuration 5.1.3 Process Overview: Spanning Tree Configuration CAUTION: Spanning Tree configuration should be performed only by personnel who are very knowledgeable about Spanning Trees and the configuration of the Spanning Tree Algorithm. Otherwise, the proper operation of the network could be at risk. Use the following steps as a guide in the Spanning Tree configuration process: 1.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters • show spantree mstmap (Section 5.2.1.9) • set spantree mstmap (Section 5.2.1.10) • clear spantree mstmap (Section 5.2.1.11) • show spantree vlanlist (Section 5.2.1.12) • show spantree mstcfgid (Section 5.2.1.13) • set spantree mstcfgid (Section 5.2.1.14) • clear spantree mstcfgid (Section 5.2.1.15) • set spantree priority (Section 5.2.1.16) • clear spantree priority (Section 5.2.1.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.1 show spantree stats Use this command to display Spanning Tree information for one or more ports. show spantree stats [port port-string] [sid sid] [active] Syntax Description port port-string (Optional) Displays information for the specified port(s). For a detailed description of possible port--string values, refer to Section 3.1.1.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters Example This example shows how to display the device’s Spanning Tree configuration: B2(rw)->show spantree stats Spanning tree status Spanning tree instance Designated Root MacAddr Designated Root Priority Designated Root Cost Designated Root Port Root Max Age Root Hello Time Root Forward Delay Bridge ID MAC Address Bridge ID Priority Bridge Max Age Bridge Hello Time Bridge Forward Delay Topology Change Count Time
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters Table 5-1 show spantree Output Details (Continued) Output What It Displays... Root Forward Delay Amount of time (in seconds) the root device spends in listening or learning mode. Bridge ID MAC Address Unique bridge MAC address, recognized by all bridges in the network. Bridge ID Priority Bridge priority, which is a default value, or is assigned using the set spantree priority command.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.2 set spantree Use this command to globally enable or disable the Spanning Tree protocol on the switch. set spantree {disable | enable} Syntax Description disable | enable Globally disables or enables Spanning Tree. Command Defaults None. Command Mode Read-Write.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.3 show spantree version Use this command to display the current version of the Spanning Tree protocol running on the device. show spantree version Syntax Description None. Command Defaults None. Command Mode Read-Only.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.4 set spantree version Use this command to set the version of the Spanning Tree protocol to MSTP (Multiple Spanning Tree Protocol), RSTP (Rapid Spanning Tree Protocol) or to STP 802.1D-compatible. set spantree version {mstp | stpcompatible | rstp} NOTE: In most networks, Spanning Tree version should not be changed from its default setting of mstp (Multiple Spanning Tree Protocol) mode.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.5 clear spantree version Use this command to reset the Spanning Tree version to MSTP mode. clear spantree version Syntax Description None. Command Defaults None. Command Mode Read-Write.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.6 show spantree mstilist Use this command to display a list of Multiple Spanning Tree (MST) instances configured on the device. show spantree mstilist Syntax Description None. Command Defaults None. Command Mode Read-Only. Example This example shows how to display a list of MST instances.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.7 set spantree msti Use this command to create or delete a Multiple Spanning Tree instance. set spantree msti sid sid {create | delete} Syntax Description sid sid Sets the Multiple Spanning Tree ID. Valid values are 1 4094. NOTE: SecureStack B2 devices will support up to 4 MST instances. create | delete Creates or deletes an MST instance. Command Defaults None. Command Mode Read-Write.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.8 clear spantree msti Use this command to delete one or more Multiple Spanning Tree instances. clear spantree msti [sid sid] Syntax Description sid sid (Optional) Deletes a specific multiple Spanning Tree ID. Command Defaults If sid is not specified, all MST instances will be cleared. Command Mode Read-Write.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.9 show spantree mstmap Use this command to display the mapping of a filtering database ID (FID) to Spanning Trees. Since VLANs are mapped to FIDs, this shows to which SID a VLAN is mapped. show spantree mstmap [fid fid] Syntax Description fid fid (Optional) Displays information for specific FIDs. Command Defaults If fid is not specified, information for all assigned FIDs will be displayed.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.10 set spantree mstmap Use this command to map one or more filtering database IDs (FIDs) to a SID. Since VLANs are mapped to FIDs, this essentially maps one or more VLAN IDs to a Spanning Tree (SID). set spantree mstmap fid [sid sid] Syntax Description fid Specifies one or more FIDs to assign to the MST.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.11 clear spantree mstmap Use this command to map a FID back to SID 0. clear spantree mstmap fid Syntax Description fid Specifies one or more FIDs to reset to 0. Command Defaults If fid is not specified, all SID to FID mappings will be reset. Command Mode Read-Write.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.12 show spantree vlanlist Use this command to display the Spanning Tree ID(s) assigned to one or more VLANs. show spantree vlanlist [vlan-list] Syntax Description vlan-list (Optional) Displays SIDs assigned to specific VLAN(s). Command Defaults If not specified, SID assignment will be displayed for all VLANs. Command Mode Read-Only. Example This example shows how to display the SIDs mapped to VLAN 1.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.13 show spantree mstcfgid Use this command to display the MST configuration identifier elements, including format selector, configuration name, revision level, and configuration digest. show spantree mstcfgid Syntax Description None. Command Defaults None. Command Mode Read-Only. Example This example shows how to display the MST configuration identifier elements.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.14 set spantree mstcfgid Use this command to set the MST configuration name and/or revision level. set spantree mstcfgid {cfgname name | rev level} Syntax Description cfgname name Specifies an MST configuration name. rev level Specifies an MST revision level. Valid values are 0 65535. Command Defaults None. Command Mode Read-Write.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.15 clear spantree mstcfgid Use this command to reset the MST revision level to a default value of 0, and the configuration name to a default string representing the bridge MAC address. clear spantree mstcfgid Syntax Description None. Command Defaults None. Command Mode Read-Write.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.16 set spantree priority Use this command to set the device’s Spanning Tree priority. The device with the highest priority becomes the Spanning Tree root device. If all devices have the same priority, the device with the lowest MAC address will then become the root device. set spantree priority priority [sid] Syntax Description priority Specifies the priority of the bridge.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.17 clear spantree priority Use this command to reset the Spanning Tree priority to the default value of 32768. clear spantree priority [sid] Syntax Description sid (Optional) Resets the priority on a specific Spanning Tree. Valid values are 0 - 4094. If not specified, SID 0 is assumed. Command Defaults If sid is not specified, priority will be reset on Spanning Tree 0. Command Mode Read-Write.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.18 set spantree hello Use this command to set the device’s Spanning Tree hello time, This is the time interval (in seconds) the device will transmit BPDUs indicating it is active. set spantree hello interval Syntax Description interval Specifies the number of seconds the system waits before broadcasting a bridge hello message (a multicast message indicating that the system is active).
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.19 clear spantree hello Use this command to reset the Spanning Tree hello time to the default value of 2 seconds. clear spantree hello Syntax Description None. Command Defaults None. Command Mode Read-Write.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.20 set spantree maxage Use this command to set the bridge maximum aging time. This is the maximum time (in seconds) a device can wait without receiving a configuration message (bridge “hello”) before attempting to reconfigure. All device ports (except for designated ports) should receive configuration messages at regular intervals.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.21 clear spantree maxage Use this command to reset the maximum aging time for a Spanning Tree to the default value of 20 seconds. clear spantree maxage Syntax Description None. Command Defaults None. Command Mode Read-Write.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.22 set spantree fwddelay Use this command to set the Spanning Tree forward delay. This is the maximum time (in seconds) the root device will wait before changing states (i.e., listening to learning to forwarding). This delay is required because every device must receive information about topology changes before it starts to forward frames.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 5.2.1.23 clear spantree fwddelay Use this command to reset the Spanning Tree forward delay to the default setting of 15 seconds. clear spantree fwddelay Syntax Description None. Command Defaults None. Command Mode Read-Write.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Port Parameters 5.2.2 Reviewing and Setting Spanning Tree Port Parameters Purpose To display and set Spanning Tree port parameters. Commands The commands used to review and set Spanning Tree port parameters are listed below and described in the associated section as shown. • set spantree portadmin (Section 5.2.2.1) • clear spantree portadmin (Section 5.2.2.2) • show spantree portpri (Section 5.2.2.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Port Parameters 5.2.2.1 set spantree portadmin Use this command to disable or enable the Spanning Tree algorithm on one or more ports. set spantree portadmin port-string {disable | enable} Syntax Description port-string Specifies the port(s) for which to enable or disable Spanning Tree. For a detailed description of possible port-string values, refer to Section 3.1.1. disable | enable Disables or enables Spanning Tree.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Port Parameters 5.2.2.2 clear spantree portadmin Use this command to reset the default Spanning Tree admin status to enable on one or more ports. clear spantree portadmin port-string Syntax Description port-string Resets the default admin status on specific port(s). For a detailed description of possible port-string values, refer to Section 3.1.1. Command Defaults None. Command Mode Read-Write.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Port Parameters 5.2.2.3 show spantree portpri Use this command to show the Spanning Tree priority for one or more ports. Port priority is a component of the port ID, which is one element used in determining Spanning Tree port roles. show spantree portpri [port port-string] [sid sid] Syntax Description port port-string (Optional) Specifies the port(s) for which to display Spanning Tree priority.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Port Parameters 5.2.2.4 set spantree portpri Use this command to set a port’s Spanning Tree priority. set spantree portpri port-string priority [sid sid] Syntax Description port-string Specifies the port(s) for which to set Spanning Tree port priority. For a detailed description of possible port-string values, refer to Section 3.1.1. priority Specifies a number that represents the priority of a link in a Spanning Tree bridge.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Port Parameters 5.2.2.5 clear spantree portpri Use this command to reset the bridge priority of a Spanning Tree port to a default value of 128. clear spantree portpri port-string [sid sid] Syntax Description port-string Specifies the port(s) for which to set Spanning Tree port priority. For a detailed description of possible port-string values, refer to Section 3.1.1.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Port Parameters 5.2.2.6 show spantree adminpathcost Use this command to display the admin path cost for a port on one or more Spanning Trees. show spantree adminpathcost [port port-string] [sid sid] Syntax Description port port-string (Optional) Displays the admin path cost value for specific port(s). For a detailed description of possible port-string values, refer to Section 3.1.1.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Port Parameters 5.2.2.7 set spantree adminpathcost Use this command to set the administrative path cost on a port and one or more Spanning Trees. set spantree adminpathcost port-string cost [sid sid] Syntax Description port-string Specifies the port(s) on which to set an admin path cost. For a detailed description of possible port-string values, refer to Section 3.1.1. cost Specifies the port path cost.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Port Parameters 5.2.2.8 clear spantree adminpathcost Use this command to reset the Spanning Tree default value for port admin path cost to 0. clear spantree adminpathcost port-string [sid sid] Syntax Description port-string Specifies the port(s) for which to reset admin path cost. For a detailed description of possible port-string values, refer to Section 3.1.1.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Port Parameters 5.2.2.9 show spantree adminedge Use this command to display the edge port administrative status for a port. show spantree adminedge [port port-string] Syntax Description port-string (Optional) Displays edge port administrative status for specific port(s). For a detailed description of possible port-string values, refer to Section 3.1.1.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Port Parameters 5.2.2.10 set spantree adminedge Use this command to set the edge port administrative status on a Spanning Tree port. set spantree adminedge port-string {true | false} Syntax Description port-string Specifies the edge port. For a detailed description of possible port-string values, refer to Section 3.1.1. true | false Enables (true) or disables (false) the specified port as a Spanning Tree edge port.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Port Parameters 5.2.2.11 clear spantree adminedge Use this command to reset a Spanning Tree port to non-edge status. clear spantree adminedge port-string Syntax Description port-string Specifies port(s) on which to reset edge port status. For a detailed description of possible port-string values, refer to Section 3.1.1. Command Defaults None. Command Mode Read-Write. Example This example shows how to reset fe.1.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Port Parameters 5-42 SecureStack B2 Configuration Guide
6 802.1Q VLAN Configuration This chapter describes the SecureStack system’s capabilities to implement 802.1Q virtual LANs (VLANs). It documents how to: • Create, enable, disable and name a VLAN. • Review status and other information related to VLANs. • Assign ports to a VLAN and filter unwanted frames on one or more ports • Set VLAN constraints in order to control the filtering database to which VLANs are allowed to belong.
VLAN Configuration Summary Port Assignment Scheme 6.1 VLAN CONFIGURATION SUMMARY Virtual LANs allow the network administrator to partition network traffic into logical groups and control the flow of that traffic through the network. Once the traffic and, in effect, the users creating the traffic, are assigned to a VLAN, then broadcast and multicast traffic is contained within the VLAN and users can be allowed or denied access to any of the network’s resources.
Process Overview: 802.1Q VLAN Configuration Port String Syntax Used in the CLI 6.2 PROCESS OVERVIEW: 802.1Q VLAN CONFIGURATION Use the following steps as a guide to configure VLANs on the device (refer to the associated section in parentheses): 1. Review existing VLANs (Section 6.3.1) 2. Create and name VLANs (Section 6.3.2) 3. Assign port VLAN IDs and ingress filtering (Section 6.3.3) 4. Configure VLAN Egress (Section 6.3.4) 5. Setting the Host VLAN (Section 6.3.5) 6.
VLAN Configuration Command Set Reviewing Existing VLANs 6.3 VLAN CONFIGURATION COMMAND SET 6.3.1 Reviewing Existing VLANs Purpose To display a list of VLANs currently configured on the device, to determine how one or more VLANs were created, the ports allowed and disallowed to transmit traffic belonging to VLAN(s), and if those ports will transmit the traffic with a VLAN tag included. Command The command needed to review existing VLANs is listed below and described in the associated section as shown.
VLAN Configuration Command Set Reviewing Existing VLANs 6.3.1.1 show vlan Use this command to display all information related to one or more VLANs. show vlan [static] [vlan-list] [portinfo [vlan vlan-list | vlan-name] [port port-string]] Syntax Description static (Optional) Displays information related to static VLANs. Static VLANs are manually created using the set vlan command (Section 6.3.2.1), SNMP MIBs, or the WebView management application.
VLAN Configuration Command Set Reviewing Existing VLANs are listed as untagged ports. There are no forbidden ports (prevented from transmitted frames) on VLAN 1: B2(rw)->show vlan 1 VLAN: 1 NAME: DEFAULT VLAN VLAN Type: Permanent Egress Ports host.0.1, fe.1.1-10, ge.2.1-4, fe.3.1-7, Forbidden Egress Ports None. Untagged Ports host.0.1, fe.1.1-10, ge.2.1-4, fe.3.1-7, Status: Enabled Table 6-1 provides an explanation of the command output. Table 6-1 6-6 show vlan Output Details Output What It Displays.
VLAN Configuration Command Set Creating and Naming Static VLANs 6.3.2 Creating and Naming Static VLANs Purpose To create a new static VLAN, or to enable or disable existing VLAN(s). Commands The commands used to create and name static VLANs are listed below and described in the associated section as shown. • set vlan (Section 6.3.2.1) • set vlan name (Section 6.3.2.2) • clear vlan (Section 6.3.2.3) • clear vlan name (Section 6.3.2.
VLAN Configuration Command Set Creating and Naming Static VLANs 6.3.2.1 set vlan Use this command to create a new static IEEE 802.1Q VLAN, or to enable or disable an existing VLAN. Once a VLAN is created, you can assign it a name using the set vlan name command described in Section 6.3.2.2. NOTES: Each VLAN ID must be unique. If a duplicate VLAN ID is entered, the device assumes that the Administrator intends to modify the existing VLAN. Enter the VLAN ID using a unique number between 2 and 4093.
VLAN Configuration Command Set Creating and Naming Static VLANs 6.3.2.2 set vlan name Use this command to set or change the ASCII name for a new or existing VLAN. set vlan name vlan-list vlan-name Syntax Description vlan-list Specifies the VLAN ID of the VLAN(s) to be named. vlan-name Specifies the string used as the name of the VLAN (1 to 32 characters). Command Defaults None. Command Mode Read-Write.
VLAN Configuration Command Set Creating and Naming Static VLANs 6.3.2.3 clear vlan Use this command to remove a static VLAN from the list of VLANs recognized by the device. clear vlan vlan-list Syntax Description vlan-list Specifies the VLAN ID of the VLAN(s) to be removed. Command Defaults None. Command Mode Read-Write.
VLAN Configuration Command Set Creating and Naming Static VLANs 6.3.2.4 clear vlan name Use this command to remove the name of a VLAN from the VLAN list. clear vlan name vlan-list Syntax Description vlan-list Specifies the VLAN ID of the VLAN(s) for which the name will be cleared. Command Defaults None. Command Mode Read-Write.
VLAN Configuration Command Set Assigning Port VLAN IDs (PVIDs) and Ingress Filtering 6.3.3 Assigning Port VLAN IDs (PVIDs) and Ingress Filtering Purpose To assign default VLAN IDs to untagged frames on one or more ports, to configure VLAN ingress filtering and constraints, and to set the frame discard mode. Commands The commands used to configure port VLAN IDs and ingress filtering are listed below and described in the associated section as shown. • show port vlan (Section 6.3.3.
VLAN Configuration Command Set Assigning Port VLAN IDs (PVIDs) and Ingress Filtering 6.3.3.1 show port vlan Use this command to display port VLAN identifier (PVID) information. PVID determines the VLAN to which all untagged frames received on one or more ports will be classified. show port vlan [port-string] Syntax Description port-string (Optional) Displays PVID information for specific port(s). For a detailed description of possible port-string values, refer to Section 3.1.1.
VLAN Configuration Command Set Assigning Port VLAN IDs (PVIDs) and Ingress Filtering 6.3.3.2 set port vlan Use this command to configure the PVID (port VLAN identifier) for one or more ports. The PVID is used to classify untagged frames as they ingress into a given port. If the specified VLAN has not already been created, this command will create it, add the VLAN to the port’s egress list as untagged, and remove the default VLAN from the port’s egress list.
VLAN Configuration Command Set Assigning Port VLAN IDs (PVIDs) and Ingress Filtering 6.3.3.3 clear port vlan Use this command to reset a port’s 802.1Q port VLAN ID (PVID) to the host VLAN ID 1. clear port vlan port-string Syntax Description port-string Specifies the port(s) to be reset to the host VLAN ID 1. For a detailed description of possible port-string values, refer to Section 3.1.1. Command Defaults None. Command Mode Read-Write.
VLAN Configuration Command Set Assigning Port VLAN IDs (PVIDs) and Ingress Filtering 6.3.3.4 show port ingress filter Use this command to show all ports that are enabled for port ingress filtering, which limits incoming VLAN ID frames according to a port VLAN egress list. If the VLAN ID specified in the received frame is not on the port’s VLAN egress list, then that frame is dropped and not forwarded.
VLAN Configuration Command Set Assigning Port VLAN IDs (PVIDs) and Ingress Filtering 6.3.3.5 set port ingress filter Use this command to discard all frames received with a VLAN ID that don’t match the port’s VLAN egress list. When ingress filtering is enabled on a port, the VLAN IDs of incoming frames are compared to the port’s egress list. If the received VLAN ID does not match a VLAN ID on the port’s egress list, then the frame is dropped. Ingress filtering is implemented according to the IEEE 802.
VLAN Configuration Command Set Assigning Port VLAN IDs (PVIDs) and Ingress Filtering 6.3.3.6 show port discard Use this command to display the frame discard mode for one or more ports. Ports can be set to discard frames based on whether or not they contain a VLAN tag. They can also be set to discard both frame types or none of the frames received. show port discard [port-string] Syntax Description port-string (Optional) Displays the frame discard mode for specific port(s).
VLAN Configuration Command Set Assigning Port VLAN IDs (PVIDs) and Ingress Filtering 6.3.3.7 set port discard Use this command to set the frame discard mode on one or more ports. set port discard port-string {untagged | none} Syntax Description port-string Specifies the port(s) for which to set frame discard mode. For a detailed description of possible port-string values, refer to Section 3.1.1. untagged | both Sets the port(s) to discard untagged frames or both types of frames.
VLAN Configuration Command Set Configuring the VLAN Egress List 6.3.3.8 clear port discard Use this command to reset the frame discard mode to the factory default setting (none). clear port discard port-string Syntax Description port-string Specifies the port(s) for which to reset frame discard mode. For a detailed description of possible port-string values, refer to Section 3.1.1. Command Defaults None. Command Mode Read-Write. Example This example shows how to reset fe.2.
VLAN Configuration Command Set Configuring the VLAN Egress List Commands The commands used to configure VLAN egress and dynamic VLAN egress are listed below and described in the associated section as shown. • show port egress (Section 6.3.4.1) • set vlan forbidden (Section 6.3.4.2) • set vlan egress (Section 6.3.4.3) • clear vlan egress (Section 6.3.4.
VLAN Configuration Command Set Configuring the VLAN Egress List 6.3.4.1 show port egress Use this command to display the VLAN membership for one or more ports. show port egress [port-string] Syntax Description port-string (Optional) Displays VLAN membership for specific port(s). For a detailed description of possible port-string values, refer to Section 3.1.1. Command Defaults If port-string is not specified, VLAN membership will be displayed for all ports. Command Mode Read-Write.
VLAN Configuration Command Set Configuring the VLAN Egress List 6.3.4.2 set vlan forbidden Use this command to prevent one or more ports from participating in a VLAN. This setting instructs the device to ignore dynamic requests (either through GVRP or dynamic egress) for the port to join the VLAN. set vlan forbidden vlan-id port-string Syntax Description vlan-id Specifies the VLAN for which to set forbidden port(s). port-string Specifies the port(s) to set as forbidden for the specified vlan-id.
VLAN Configuration Command Set Configuring the VLAN Egress List 6.3.4.3 set vlan egress Use this command to add ports to the VLAN egress list for the device, or to prevent one or more ports from participating in a VLAN. This determines which ports will transmit frames for a particular VLAN. set vlan egress vlan-list port-string [untagged | forbidden | tagged] Syntax Description vlan-list Specifies the VLAN where a port(s) will be added to the egress list.
VLAN Configuration Command Set Configuring the VLAN Egress List This example shows how to forbid Fast Ethernet ports 13 through 15 in unit 1 from joining VLAN 7 and disallow egress on those ports: B2(rw)->set vlan egress 7 fe.1.13-15 forbidden This example shows how to allow Fast Ethernet port 2 in unit 1 to transmit VLAN 7 frames as untagged: B2(rw)->set vlan egress 7 fe.1.
VLAN Configuration Command Set Configuring the VLAN Egress List 6.3.4.4 clear vlan egress Use this command to remove ports from a VLAN’s egress list. clear vlan egress vlan-list port-string [forbidden] Syntax Description vlan-list Specifies the number of the VLAN from which a port(s) will be removed from the egress list. port-string Specifies one or more ports to be removed from the VLAN egress list of the specified vlan-list.
VLAN Configuration Command Set Setting the Host VLAN 6.3.5 Setting the Host VLAN Purpose To configure a host VLAN that only select devices are allowed to access. This secures the host port for management-only tasks. NOTE: The host port is the management entity of the device. Commands The commands needed to configure host VLANs are listed below and described in the associated section as shown. • show host vlan (Section 6.3.5.1) • set host vlan (Section 6.3.5.2) • clear host vlan (Section 6.3.5.
VLAN Configuration Command Set Setting the Host VLAN 6.3.5.1 show host vlan Use this command to display the current host VLAN. s ho w ho s t vla n Syntax Description None. Command Defaults None. Command Mode Read-Only. Example This example shows how to display the host VLAN: B2(rw)->show host vlan Host vlan is 7.
VLAN Configuration Command Set Setting the Host VLAN 6.3.5.2 set host vlan Use this command to assign host status to a VLAN. The host VLAN should be a secure VLAN where only designated users are allowed access. For example, a host VLAN could be specifically created for device management. This would allow a management station connected to the management VLAN to manage all ports on the device and make management secure by preventing management via ports assigned to other VLANs.
VLAN Configuration Command Set Setting the Host VLAN 6.3.5.3 clear host vlan Use this command to reset the host VLAN to the default setting of 1. clear host vlan Syntax Description None. Command Defaults None. Command Mode Read-Write.
VLAN Configuration Command Set Creating a Secure Management VLAN 6.3.6 Creating a Secure Management VLAN If the SecureStack B2 device is to be configured for multiple VLAN’s, it may be desirable to configure a management-only VLAN. This allows a station connected to the management VLAN to manage the device. It also makes management secure by preventing configuration via ports assigned to other VLANs. To create a secure management VLAN, you must: 1. Create a new VLAN. (Section 6.3.2.1) 2.
VLAN Configuration Command Set Enabling/Disabling GVRP (GARP VLAN Registration Protocol) Table 6-2 Command Set for Creating a Secure Management VLAN (Continued) To do this... Use these commands... Set a private community name and access policy and confirm settings. set snmp community private (Section 4.3.2.8) 6.3.7 (Optional) show snmp community (Section 4.3.2.7) Enabling/Disabling GVRP (GARP VLAN Registration Protocol) Purpose To dynamically create VLANs across a switched network.
VLAN Configuration Command Set Enabling/Disabling GVRP (GARP VLAN Registration Protocol) Figure 6-1 Example of VLAN Propagation via GVRP Switch 3 Switch 2 1H152-51 1H152-51 2 4 6 8 10 12 14 16 18 20 22 24 26 28 30 32 34 36 38 40 42 44 46 48 1 3 5 7 9 11 13 15 17 19 21 23 25 27 29 31 33 35 37 39 41 43 45 47 2 4 6 8 1 3 5 7 10 12 14 16 18 20 22 24 26 28 30 32 34 36 38 40 42 44 46 48 9 11 13 15 17 19 21 23 25 27 29 31
VLAN Configuration Command Set Enabling/Disabling GVRP (GARP VLAN Registration Protocol) Commands The commands used to configure GVRP are listed below and described in the associated section as shown. • show gvrp (Section 6.3.7.1) • show garp timer (Section 6.3.7.2) • set gvrp (Section 6.3.7.3) • clear gvrp (Section 6.3.7.4) • set garp timer (Section 6.3.7.
VLAN Configuration Command Set Enabling/Disabling GVRP (GARP VLAN Registration Protocol) 6.3.7.1 show gvrp Use this command to display GVRP configuration information. show gvrp [port-string] Syntax Description port-string (Optional) Displays GVRP configuration information for specific port(s). For a detailed description of possible port-string values, refer to Section 3.1.1. Command Defaults If port-string is not specified, GVRP configuration information will be displayed for all ports and the device.
VLAN Configuration Command Set Enabling/Disabling GVRP (GARP VLAN Registration Protocol) 6.3.7.2 show garp timer Use this command to display GARP timer values for one or more ports. show garp timer [port-string] Syntax Description port-string (Optional) Displays GARP timer information for specific port(s). For a detailed description of possible port-string values, refer to Section 3.1.1. Command Defaults If port-string is not specified, GARP timer information will be displayed for all ports.
VLAN Configuration Command Set Enabling/Disabling GVRP (GARP VLAN Registration Protocol) Table 6-4 provides an explanation of the command output. For details on using the set gvrp command to enable or disable GVRP, refer to Section 6.3.7.3. For details on using the set garp timer command to change default timer values, refer to Section 6.3.7.5. Table 6-4 show gvrp configuration Output Details Output What It Displays... Port Number Port designation.
VLAN Configuration Command Set Enabling/Disabling GVRP (GARP VLAN Registration Protocol) 6.3.7.3 set gvrp Use this command to enable or disable GVRP globally on the device or on one or more ports. set gvrp {enable | disable} [port-string] Syntax Description disable | enable Disables or enables GVRP on the device. port-string (Optional) Disables or enables GVRP on specific port(s). For a detailed description of possible port-string values, refer to Section 3.1.1.
VLAN Configuration Command Set Enabling/Disabling GVRP (GARP VLAN Registration Protocol) 6.3.7.4 clear gvrp Use this command to clear GVRP status or on one or more ports. clear gvrp [port-string] Syntax Description port-string (Optional) Clears GVRP status on specific port(s). For a detailed description of possible port-string values, refer to Section 3.1.1. Command Defaults If port-string is not specified, GVRP status will be cleared for all ports. Command Mode Read-Write.
VLAN Configuration Command Set Enabling/Disabling GVRP (GARP VLAN Registration Protocol) 6.3.7.5 set garp timer Use this command to adjust the values of the join, leave, and leaveall timers. set garp timer {[join timer-value] [leave timer-value] [leaveall timer-value]} port-string NOTE: The setting of these timers is critical and should only be changed by personnel familiar with the 802.1Q standards documentation, which is not supplied with this device.
7 Differentiated Services Configuration This chapter describes the Differentiated Services (Diffserv) set of commands and how to use them. 7.1 DIFFERENTIATED SERVICES CONFIGURATION SUMMARY SecureStack B2 devices support Diffserv policy profile-based provisioning of network resources by allowing IT administrators to: • Create, change or remove Diffserv user profiles based on business-specific use of network services. • Prioritize and police traffic according to assigned policy profiles and conditions.
Differentiated Services Configuration Command Set Globally Enabling or Disabling Diffserv 7.3 DIFFERENTIATED SERVICES CONFIGURATION COMMAND SET 7.3.1 Globally Enabling or Disabling Diffserv Purpose To globally enable or disable Diffserv on the device. Command The command used to globally enable or disable Diffserv on the device is listed below and described in the associated section as shown. • set diffserv adminmode (Section 7.3.
Differentiated Services Configuration Command Set Globally Enabling or Disabling Diffserv 7.3.1.1 set diffserv adminmode Use this command to globally enable or disable Diffserv on the device. By default, this function is disabled at device startup. set diffserv adminmode {enable | disable} Syntax Description enable | disable Enables or disables Diffserv. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
Differentiated Services Configuration Command Set Creating Diffserv Classes and Matching Conditions 7.3.2 Creating Diffserv Classes and Matching Conditions Purpose To review, create, and configure Diffserv classes and matching conditions. Commands The commands used to review, create, and configure Diffserv classes and matching conditions are listed below and described in the associated section as shown. • show diffserv info (Section 7.3.2.1) • show diffserv class (Section 7.3.2.
Differentiated Services Configuration Command Set Creating Diffserv Classes and Matching Conditions 7.3.2.1 show diffserv info Use this command to display general Diffserv status information. show diffserv info Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only. Example This example shows how to display general Diffserv status information: B2(rw)->show diffserv info DiffServ Admin Mode............................ Class Table Size Current/Max...............
Differentiated Services Configuration Command Set Creating Diffserv Classes and Matching Conditions 7.3.2.2 show diffserv class Use this command to display information about Diffserv classes. show diffserv class {summary | detailed classname} Syntax Description summary Displays a summary of Diffserv class information. detailed classname Displays detailed Diffserv information for a specific class. Command Defaults None. Command Type Switch command. Command Mode Read-Only.
Differentiated Services Configuration Command Set Creating Diffserv Classes and Matching Conditions 7.3.2.3 set class create Use this command to create a new Diffserv class. set diffserv class create {all classname} Syntax Description all Specifies that all match conditions must be met before the associated policy is executed. classname Specifies a class name for this new Diffserv class. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
Differentiated Services Configuration Command Set Creating Diffserv Classes and Matching Conditions 7.3.2.4 set diffserv class delete Use this command to delete a Diffserv class and remove any match assigned to the class. NOTE: You cannot use this command to delete a class that has been assigned to a policy. Before deleting a class with an assigned policy and service port(s), you must first: • Remove the service port(s) assigned to the policy using the set diffserv service remove command (Section 7.3.4.
Differentiated Services Configuration Command Set Creating Diffserv Classes and Matching Conditions 7.3.2.5 set diffserv class match Use this command to match a Diffserv class to a service condition based on layer 2, 3 and 4 packet parameters. Any policy that is applied must be composed of rules that come from only one of the following four groups.
Differentiated Services Configuration Command Set Creating Diffserv Classes and Matching Conditions Class matches of layer 4 destination or source must be sequenced before the corresponding protocol match, as illustrated in the third example below. You can only add classes of the same category to a policy.
Differentiated Services Configuration Command Set Creating Diffserv Classes and Matching Conditions ipprecedence Matches to a specific class based on the value of the IP classname precedence field. Valid precedencenumber values are: precedencenumber 0 - 7. iptos classname tosbits tosmask Matches to a specific class based on the value of the IP type of service (TOS) field. Valid tosbits values are 0 255.
Differentiated Services Configuration Command Set Creating Diffserv Classes and Matching Conditions Command Type Switch command. Command Mode Read-Write. Examples This example shows how to match the “admin” class to source IP address 130.10.0.32 and only that IP address type: B2(rw)->set diffserv class match srcip admin 130.10.0.32 255.255.255.
Differentiated Services Configuration Command Set Configuring Diffserv Policy Profiles and Assigning Classes 7.3.2.6 set diffserv class rename Use this command to change the name of a Diffserv class. set diffserv class rename classname newclassname Syntax Description classname Specifies the class name previously set for this new Diffserv class. newclassname Specifies a new class name. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
Differentiated Services Configuration Command Set Configuring Diffserv Policy Profiles and Assigning Classes • set diffserv policy mark (Section 7.3.3.5) • set diffserv policy police style simple (Section 7.3.3.6) • set diffserv policy rename (Section 7.3.3.
Differentiated Services Configuration Command Set Configuring Diffserv Policy Profiles and Assigning Classes 7.3.3.1 show diffserv policy Use this command to display information about Diffserv policies. show diffserv policy {summary | detailed policyname} Syntax Description summary Displays Diffserv policy summary information. detailed classname Displays detailed Diffserv information for a specific policy. Command Defaults None. Command Type Switch command. Command Mode Read-Only.
Differentiated Services Configuration Command Set Configuring Diffserv Policy Profiles and Assigning Classes 7.3.3.2 set diffserv policy create Use this command to create a new Diffserv policy. set diffserv policy create policyname {in} Syntax Description policyname Specifies a policy name. in Applies this policy to incoming packets. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
Differentiated Services Configuration Command Set Configuring Diffserv Policy Profiles and Assigning Classes 7.3.3.3 set diffserv policy delete Use this command to delete a Diffserv policy. Y NOTE: In order to delete a policy you must first remove the service port(s) assigned to the policy using the set diffserv service remove command as described in Section 7.3.4.3. set diffserv policy delete policyname Syntax Description policyname Specifies a policy name to be deleted. Command Defaults None.
Differentiated Services Configuration Command Set Configuring Diffserv Policy Profiles and Assigning Classes 7.3.3.4 set diffserv policy class Use this command to add or remove a Diffserv class to a specified policy. Once added, policy profile(s) will be active for the specified class. NOTE: Class must be added to a policy using this command before policy profile parameters, such as bandwidth, marking and policing, can be configured.
Differentiated Services Configuration Command Set Configuring Diffserv Policy Profiles and Assigning Classes 7.3.3.5 set diffserv policy mark Use this command to mark all packets for the associated Diffserv traffic stream with a specific IP DSCP or IP precedence value. set diffserv policy mark {ipdscp | ipprecedence policyname classname value} Syntax Description ipdscp | ipprecedence Specifies that packets will be marked with either an IP DSCP or precedence value.
Differentiated Services Configuration Command Set Configuring Diffserv Policy Profiles and Assigning Classes 7.3.3.6 set diffserv policy police style simple Use this command to establish the policing style for a Diffserv policy based only on bandwidth for the specified class. set diffserv policy police style simple policyname classname bandwidth burstsize} Syntax Description policyname Specifies the policy name being configured. classname Specifies a Diffserv class to associate to this policy.
Differentiated Services Configuration Command Set Configuring Diffserv Policy Profiles and Assigning Classes 7.3.3.7 set diffserv policy rename Use this command to change the name of a Diffserv policy. set diffserv policy rename policyname newpolicyname Syntax Description policyname Specifies the policy name previously set for this new Diffserv class. newpolicyname Specifies a new policy name. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
Differentiated Services Configuration Command Set Assigning Policy Profiles to Service Ports 7.3.4 Assigning Policy Profiles to Service Ports Purpose To review and assign Diffserv policy profiles and their associated classes to service ports. Commands The commands used to review and assign Diffserv policy profiles to service ports are listed below and described in the associated section as shown. • show diffserv service info (Section 7.3.4.1) • show diffserv service stats (Section 7.3.4.
Differentiated Services Configuration Command Set Assigning Policy Profiles to Service Ports 7.3.4.1 show diffserv service info Use this command to display information about Diffserv service ports. show diffserv service info {summary | detailed port-string} {in} Syntax Description summary Displays Diffserv service port summary information. detailed port-string Displays detailed information for a specific port(s). in Displays information about incoming traffic. Command Defaults None.
Differentiated Services Configuration Command Set Assigning Policy Profiles to Service Ports 7.3.4.2 show diffserv service stats Use this command to display Diffserv policy service statistics. show diffserv service stats {summary | detailed port-string} {in } Syntax Description summary Displays Diffserv a summary of service statistics. detailed port-string Displays detailed statistics for a specific port. in Displays information about incoming traffic. Command Defaults None.
Differentiated Services Configuration Command Set Assigning Policy Profiles to Service Ports 7.3.4.3 set diffserv service Use this command to add or remove a Diffserv policy to incoming traffic on one or more ports. set diffserv service {add | remove} {in } port-string policyname Syntax Description add | remove Adds or removes the specified policy. in Adds or removes the specified policy to incoming traffic. port-string Specifies the port(s) to which this policy configuration will be applied.
Differentiated Services Configuration Command Set Assigning Policy Profiles to Service Ports 7-26 SecureStack B2 Configuration Guide
8 Port Priority and Rate Limiting Configuration This chapter describes the Port Priority and Rate Limiting set of commands and how to use them. 8.1 PORT PRIORITY CONFIGURATION SUMMARY The SecureStack B2 device supports Class of Service (CoS), which allows you to assign mission-critical data to higher priority through the device by delaying less critical traffic during periods of congestion. The higher priority traffic through the device is serviced first before lower priority traffic.
Port Priority and Rate Limiting Configuration Command Set Configuring Port Priority 8.3 PORT PRIORITY AND RATE LIMITING CONFIGURATION COMMAND SET 8.3.1 Configuring Port Priority Purpose To view or configure port priority characteristics as follows: • Display or change the port default Class-of Service (CoS) transmit priority (0 through 7) of each port for frames that are received (ingress) without priority information in their tag header.
Port Priority and Rate Limiting Configuration Command Set Configuring Port Priority 8.3.1.1 show port priority Use this command to display the 802.1D priority for one or more ports. s ho w po rt prio rity [port-string] Syntax Description port-string (Optional) Displays priority information for a specific port. For a detailed description of possible port-string values, refer to Section 3.1.1. Command Defaults If port-string is not specified, priority for all ports will be displayed.
Port Priority and Rate Limiting Configuration Command Set Configuring Port Priority 8.3.1.2 set port priority Use this command to set the 802.1D (802.1p) Class-of-Service transmit queue priority (0 through 7) on each port. A port receiving a frame without priority information in its tag header is assigned a priority according to the priority setting on the port.
Port Priority and Rate Limiting Configuration Command Set Configuring Port Priority 8.3.1.3 clear port priority Use this command to reset the current CoS port priority setting to 0. This will cause all frames received without a priority value in its header to be set to priority 0. cle a r po rt prio rity port-string Syntax Description port-string Specifies the port for which to clear priority. For a detailed description of possible port-string values, refer to Section 3.1.1. Command Defaults None.
Port Priority and Rate Limiting Configuration Command Set Configuring Priority to Transmit Queue Mapping 8.3.2 Configuring Priority to Transmit Queue Mapping Purpose To perform the following: • View the current priority to transmit queue mapping of each port, which includes both physical and virtual ports. • Configure each port to either transmit frames according to the port priority transmit queues (set using the set port priority command described back in Section 8.3.1.
Port Priority and Rate Limiting Configuration Command Set Configuring Priority to Transmit Queue Mapping 8.3.2.1 show port priority-queue Use this command to display the port priority levels (0 through 7, with 0 as the lowest level) associated with the current transmit queue (0 - 15 depending on port type, with 0 being the lowest priority) for each priority of the selected port.
Port Priority and Rate Limiting Configuration Command Set Configuring Priority to Transmit Queue Mapping 8.3.2.2 set port priority-queue Use this command to map 802.1D (802.1p) priorities to transmit queues. This enables you to change the priority queue (0-7, depending on port type, with 0 being the lowest priority queue) for each port priority of the selected port. You can apply the new settings to one or more ports.
Port Priority and Rate Limiting Configuration Command Set Configuring Priority to Transmit Queue Mapping 8.3.2.3 clear port priority-queue Use this command to reset port priority queue settings back to defaults for one or more ports. clear port priority-queue port-string Syntax Description port-string Specifies the port for which to clear priority queue. For a detailed description of possible port-string values, refer to Section 3.1.1. Command Defaults None. Command Mode Read-Write.
Port Priority and Rate Limiting Configuration Command Set Configuring Port Traffic Rate Limiting 8.3.3 Configuring Port Traffic Rate Limiting Purpose To limit the rate of inbound traffic on the SecureStack B2 device on a per port/priority basis. The allowable range for the rate limiting is 64 kilobytes per second minimum up to the maximum transmission rate allowable on the interface type. Rate limit is configured for a given port and list of priorities.
Port Priority and Rate Limiting Configuration Command Set Configuring Port Traffic Rate Limiting 8.3.3.1 show port ratelimit Use this command to show the traffic rate limiting configuration on one or more ports. s ho w po rt ra te lim it [port-string] Syntax Description port-string (Optional) Displays rate limiting information for specific port(s). For a detailed description of possible port-string values, refer to Section 3.1.1.
Port Priority and Rate Limiting Configuration Command Set Configuring Port Traffic Rate Limiting Table 8-1 8-12 show port ratelimit Output Details Output What It Displays... Port Number Port designation. For a detailed description of possible port-string values, refer to Section 3.1.1. Index Resource index for this port. Threshold (kB/s) Port rate limiting threshold in kilobytes per second. Action Whether or not frames not conforming to rate limiting will be discarded.
Port Priority and Rate Limiting Configuration Command Set Configuring Port Traffic Rate Limiting 8.3.3.2 set port ratelimit Use this command to configure the traffic rate limiting status and threshold (in kilobytes per second) for one or more ports.
Port Priority and Rate Limiting Configuration Command Set Configuring Port Traffic Rate Limiting Example This example shows how to: • globally enable rate limiting • configure rate limiting for inbound traffic on port fe.2.1, index 1, priority 5, to a threshold of 125 KBps: B2(rw)->set port ratelimit enable B2(rw)->set port ratelimit fe.2.
Port Priority and Rate Limiting Configuration Command Set Configuring Port Traffic Rate Limiting 8.3.3.3 clear port ratelimit Use this command to clear rate limiting parameters for one or more ports. clear port ratelimit port-string [index] Syntax Description port-string Specifies the port(s) on which to clear rate limiting. For a detailed description of possible port-string values, refer to Section 3.1.1. index (Optional) Specifies the associated resource index to be reset.
Port Priority and Rate Limiting Configuration Command Set Configuring Port Traffic Rate Limiting 8-16 SecureStack B2 Configuration Guide
9 IGMP Configuration This chapter describes the IGMP Configuration set of commands and how to use them. 9.1 ABOUT IP MULTICAST GROUP MANAGEMENT The Internet Group Management Protocol (IGMP) runs between hosts and their immediately neighboring multicast switch device. The protocol’s mechanisms allow a host to inform its local switch device that it wants to receive transmissions addressed to a specific multicast group.
IGMP Configuration Summary Enabling / Disabling IGMP The purpose of IP multicast group management is to optimize a switched network’s performance so multicast packets will only be forwarded to those ports containing multicast group hosts or multicast switch devices instead of flooding to all ports in the subnet (VLAN). 9.2 IGMP CONFIGURATION SUMMARY Multicasting is used to support real-time applications such as video conferences or streaming audio.
IGMP Configuration Command Set Enabling / Disabling IGMP 9.4.1.1 show igmpsnooping Use this command to display IGMP snooping information. Configured information is displayed whether or not IGMP snooping is enabled. Status information is displayed only when the function is enabled. For information on enabling IGMP on the system, refer to Section 9.4.1.2. For information on enabling IGMP on one or more ports, refer to Section 9.4.1.3. show igmpsnooping Syntax Description None. Command Defaults None.
IGMP Configuration Command Set Enabling / Disabling IGMP 9.4.1.2 set igmpsnooping adminmode Use this command to enable or disable IGMP on the system. NOTE: In order for IGMP snooping to be enabled on one or all ports, it must be globally enabled on the device with this command, and then enabled on a port(s) using the set igmpsnooping interface mode command as described in Section 9.4.1.3.
IGMP Configuration Command Set Enabling / Disabling IGMP 9.4.1.3 set igmpsnooping interfacemode Use this command to enable or disable IGMP on one or all ports. NOTE: In order for IGMP snooping to be enabled on one or all ports, it must be globally enabled on the device using the set igmpsnooping adminmode command as described in Section 9.4.1.2, and then enabled on a port(s) using this command.
IGMP Configuration Command Set Configuring IGMP 9.4.2 Configuring IGMP Purpose To display and set IGMP configuration parameters, including query interval and response time settings. Commands The commands used to configure IGMP are listed below and described in the associated sections as shown. • set igmpsnooping groupmembershipinterval (Section 9.4.2.1) • set igmpsnooping maxresponse (Section 9.4.2.2) • set igmpsnooping mcrtrexpiretime (Section 9.4.2.3) • show igmpsnooping mfdb (Section 9.4.2.
IGMP Configuration Command Set Configuring IGMP 9.4.2.1 set igmpsnooping groupmembershipinterval Use this command to configure the IGMP group membership interval time for the system. This value sets the frequency of host-query frame transmissions and must be greater than the IGMP maximum response time as described in Section 9.4.2.2. set igmpsnooping groupmembershipinterval time Syntax Description time Specifies the IGMP group membership interval. Valid values are 2 - 3600 seconds.
IGMP Configuration Command Set Configuring IGMP 9.4.2.2 set igmpsnooping maxresponse Use this command to configure the IGMP query maximum response time for the system. This value must be less than the IGMP maximum response time as described in Section 9.4.2.1. set igmpsnooping maxresponse time Syntax Description time Specifies the IGMP maximum query response time. Valid values are 100 - 255 seconds.
IGMP Configuration Command Set Configuring IGMP 9.4.2.3 set igmpsnooping mcrtrexpiretime Use this command to configure the IGMP multicast router expiration time for the system. This timer is for expiring the switch from the multicast database. If the timer expires, and the only address left is the multicast switch, then the entry will be removed. set igmpsnooping mcrtrexpire time Syntax Description time Specifies the IGMP multicast router expiration time. Valid values are 0 - 3600 seconds.
IGMP Configuration Command Set Configuring IGMP 9.4.2.4 show igmpsnooping mfdb Use this command to display multicast forwarding database (MFDB) information. show igmpsnooping mfdb [stats] Syntax Description stats (Optional) Displays MFDB statistics. Command Defaults If stats is not specified, all MFDB table entries will be displayed. Command Mode Read-Only.
IGMP Configuration Command Set Configuring IGMP 9.4.2.5 clear igmpsnooping Use this command to clear all IGMP snooping entries. clear igmpsnooping Syntax Description None. Command Defaults None. Command Mode Read-Write.
IGMP Configuration Command Set Configuring IGMP 9-12 SecureStack B2 Configuration Guide
10 Logging and Network Management This chapter describes switch-related logging and network management commands and how to use them. 10.1 PROCESS OVERVIEW: NETWORK MANAGEMENT Switch-related network management tasks include the following: • Configuring System Logging (Section 10.2.1) • Monitoring Network Events and Status (Section 10.2.2) • Managing Network Addresses and Routes (Section 10.2.3) • Configuring SNTP (Section 10.2.4) • Configuring Node Aliases (Section 10.2.
Logging And Network Management Command Set Configuring System Logging 10.2 LOGGING AND NETWORK MANAGEMENT COMMAND SET 10.2.1 Configuring System Logging Purpose To display and configure system logging, including Syslog server settings, logging severity levels for various applications, Syslog default settings, and the logging buffer. Commands Commands to configure system logging are listed below and described in the associated section as shown. • show logging server (Section 10.2.1.
Logging And Network Management Command Set Configuring System Logging 10.2.1.1 show logging server Use this command to display the Syslog configuration for a particular server. show logging server [index] Syntax Description index (Optional) Displays Syslog information pertaining to a specific server table entry. Valid values are 1-8. Command Defaults If index is not specified, all Syslog server information will be displayed. Command Type Switch command. Command Mode Read-Only.
Logging And Network Management Command Set Configuring System Logging 10.2.1.2 set logging server Use this command to configure a Syslog server. set logging server index [ip-addr ip-addr] [facility facility] [severity severity] [descr descr] [port port] [state {enable | disable}] Syntax Description index Specifies the server table index number for this server. Valid values are 1 - 8. ip-addr ip-addr (Optional) Specifies the Syslog message server’s IP address.
Logging And Network Management Command Set Configuring System Logging Command Defaults • If ip- a ddr is not specified, an entry in the Syslog server table will be created with the specified index number and the system loopback address, 127.0.0.1, will be used. • If not specified, fa cility, severity and port will be set to defaults configured with the se t lo g g ing de fa ult command (Section 10.2.1.5). • If s ta te is not specified, the server will not be enabled or disabled.
Logging And Network Management Command Set Configuring System Logging 10.2.1.3 clear logging server Use this command to remove a server from the Syslog server table. clear logging server index Syntax Description index Specifies the server table index number for the server to be removed. Valid values are 1 - 8. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
Logging And Network Management Command Set Configuring System Logging 10.2.1.4 show logging default Use this command to display the Syslog server default values. show logging default Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only. Example This command shows how to display the Syslog server default values. For an explanation of the command output, refer back to Table 10-1.
Logging And Network Management Command Set Configuring System Logging 10.2.1.5 set logging default Use this command to set logging default values. set logging default {[facility facility] [severity severity] port port]} Syntax Description facility facility Specifies the default facility name. Valid values are: local0 to local7. severity severity Specifies the default logging severity level.
Logging And Network Management Command Set Configuring System Logging 10.2.1.6 clear logging default Use this command to reset logging default values. clear logging default{[facility] [severity] [port]} Syntax Description facility (Optional) Resets the default facility name to local4. severity (Optional) Resets the default logging severity level to 6 (notifications of significant conditions). port (Optional) Resets the default UDP port the client uses to send to the server to 514.
Logging And Network Management Command Set Configuring System Logging 10.2.1.7 show logging local Use this command to display the state of message logging to the console and a persistent file. show logging local Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only. Example This example shows how to display the state of message logging. In this case, logging to the console is enabled and logging to a persistent file is disabled.
Logging And Network Management Command Set Configuring System Logging 10.2.1.8 set logging local Use this command to configure log messages to the console and a persistent file. set logging local console {enable | disable} file {enable | disable} Syntax Description console enable | disable Enables or disables logging to the console. file enable | disable Enables or disables logging to a persistent file. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
Logging And Network Management Command Set Configuring System Logging 10.2.1.9 clear logging local Use this command to clear the console and persistent store logging for the local session. clear logging local Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
Logging And Network Management Command Set Configuring System Logging 10.2.1.10 show logging buffer Use this command to display the last 256 messages logged. show logging buffer Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only. Example This example shows a portion of the information displayed with the show logging buffer command: B2(rw)->show logging buffer <165>Sep 4 07:43:09 10.42.71.13 CLI[5]User:rw logged in from 10.2.1.
Logging And Network Management Command Set Monitoring Network Events and Status 10.2.2 Monitoring Network Events and Status Purpose To display switch events and command history, to set the size of the history buffer, and to display and disconnect current user sessions. Commands Commands to monitor switch network events and status are listed below and described in the associated section as shown. • history (Section 10.2.2.1) • show history (Section 10.2.2.2) • set history (Section 10.2.2.
Logging And Network Management Command Set Monitoring Network Events and Status 10.2.2.1 history Use this command to display the contents of the command history buffer. The command history buffer includes all the switch commands entered up to a maximum of 100, as specified in the set history command (Section 10.2.2.3). history Syntax Description None. Command Defaults None. Command Mode Read-Only. Example This example shows how to display the contents of the command history buffer.
Logging And Network Management Command Set Monitoring Network Events and Status 10.2.2.2 show history Use this command to display the size (in lines) of the history buffer. show history Syntax Description None. Command Defaults None. Command Mode Read-Only.
Logging And Network Management Command Set Monitoring Network Events and Status 10.2.2.3 set history Use this command to set the size of the history buffer. set history size Syntax Description size Specifies the size of the history buffer in lines. Valid values are 1 to 100. Command Defaults None. Command Mode Read-Write.
Logging And Network Management Command Set Monitoring Network Events and Status 10.2.2.4 ping Use this command to send ICMP echo-request packets to another node on the network from the switch CLI. ping host Syntax Description host Specifies the IP address of the device to which the ping will be sent. Command Defaults None. Command Mode Read-Write. Examples This example shows how to ping IP address 134.141.89.29. In this case, this host is alive: B2(rw)->ping 134.141.89.29 134.141.89.
Logging And Network Management Command Set Monitoring Network Events and Status This example shows how to ping IP address 134.141.89.29 with 10 packets: B2(rw)->ping 134.141.89.29 10 PING 134.141.89.29: 56 data bytes 64 bytes from 134.141.89.29: icmp-seq=0. time=0. ms 64 bytes from 134.141.89.29: icmp-seq=1. time=0. ms 64 bytes from 134.141.89.29: icmp-seq=2. time=0. ms 64 bytes from 134.141.89.29: icmp-seq=3. time=0. ms 64 bytes from 134.141.89.29: icmp-seq=4. time=0. ms 64 bytes from 134.141.89.
Logging And Network Management Command Set Monitoring Network Events and Status 10.2.2.5 show users Use this command to display information about the active console port or Telnet session(s) logged in to the switch. show users Syntax Description None. Command Defaults None. Command Mode Read-Only. Example This example shows how to use the show users command. In this output, there are two Telnet users logged in with Read-Write access privileges from IP addresses 134.141.192.119 and 134.141.192.
Logging And Network Management Command Set Monitoring Network Events and Status 10.2.2.6 disconnect Use this command to close an active console port or Telnet session from the switch CLI. disconnect {ip-addr | console} Syntax Description ip-addr Specifies the IP address of the Telnet session to be disconnected. This address is displayed in the output shown in Section 10.2.2.5. console Closes an active console port. Command Defaults None. Command Mode Read-Write.
Logging And Network Management Command Set Managing Switch Network Addresses and Routes 10.2.3 Managing Switch Network Addresses and Routes Purpose To display or delete switch ARP table entries, and to display MAC address information. Commands Commands to manage switch network addresses and routes are listed below and described in the associated section as shown. • show arp (Section 10.2.3.1) • clear arp (Section 10.2.3.2) • show mac (Section 10.2.3.3) • show mac agetime (Section 10.2.3.
Logging And Network Management Command Set Managing Switch Network Addresses and Routes 10.2.3.1 show arp Use this command to display the switch’s ARP table. show arp Syntax Description None. Command Defaults None. Command Mode Read-Only. Example This example shows how to display the ARP table: B2(rw)->show arp LINK LEVEL ARP TABLE IP Address Phys Address Flags Interface ----------------------------------------------------10.20.1.1 00-00-5e-00-01-1 S host 134.142.21.194 00-00-5e-00-01-1 S host 134.142.
Logging And Network Management Command Set Managing Switch Network Addresses and Routes 10.2.3.2 clear arp Use this command to delete a specific entry or all entries from the switch’s ARP table. clear arp {ip | all} Syntax Description ip | all Specifies the IP address in the ARP table to be cleared, or clears all ARP entries. Command Defaults None. Command Mode Read-Write. Example This example shows how to delete entry 10.1.10.10 from the ARP table: B2(rw)->clear arp 10.1.10.
Logging And Network Management Command Set Managing Switch Network Addresses and Routes 10.2.3.3 show mac Use this command to display MAC addresses in the switch’s filtering database. These are addresses learned on a port through the switching process. show mac [address mac-address] [fid fid] [port port-string] [type {other | invalid | learned | self | mgmt} Syntax Description address mac-address (Optional) Displays a specific MAC address (if it is known by the device).
Logging And Network Management Command Set Managing Switch Network Addresses and Routes Example This example shows how to display MAC address information for ge.2.4: B2(rw)->show mac port ge.2.
Logging And Network Management Command Set Managing Switch Network Addresses and Routes 10.2.3.4 show mac agetime Use this command to display the timeout period for aging learned MAC entries. show mac agetime Syntax Description None. Command Defaults None. Command Mode Read-Only.
Logging And Network Management Command Set Configuring Simple Network Time Protocol (SNTP) 10.2.4 Configuring Simple Network Time Protocol (SNTP) Purpose To configure the Simple Network Time Protocol (SNTP), which synchronizes device clocks in a network. Commands Commands to configure SNTP are listed below and described in the associated section as shown. • show sntp (Section 10.2.4.1) • set sntp client (Section 10.2.4.2) • clear sntp client (Section 10.2.4.3) • set sntp server (Section 10.2.4.
Logging And Network Management Command Set Configuring Simple Network Time Protocol (SNTP) 10.2.4.1 show sntp Use this command to display SNTP client settings. show sntp Syntax Description None. Command Defaults None. Command Mode Read-Only.
Logging And Network Management Command Set Configuring Simple Network Time Protocol (SNTP) Table 10-3 show sntp Output Details Output What It Displays... SNTP Version SNTP version number. Current Time Current time on the system clock. Timezone Time zone name and amount it is offset from UTC (Universal Time). Client Mode Whether SNTP client is operating in unicast or broadcast mode. Set using set sntp client command (Section 10.2.4.2). Broadcast Delay Round trip delay for SNTP broadcast frames.
Logging And Network Management Command Set Configuring Simple Network Time Protocol (SNTP) 10.2.4.2 set sntp client Use this command to set the SNTP operation mode. set sntp client {broadcast | unicast | disable} Syntax Description broadcast Enables SNTP in broadcast client mode. unicast Enables SNTP in unicast (point-to-point) client mode. In this mode, the client must supply the IP address from which to retrieve the current time. disable Disables SNTP. Command Defaults None.
Logging And Network Management Command Set Configuring Simple Network Time Protocol (SNTP) 10.2.4.3 clear sntp client Use this command to clear the SNTP client’s operational mode. clear sntp client Syntax Description None. Command Defaults None. Command Mode Read-Write.
Logging And Network Management Command Set Configuring Simple Network Time Protocol (SNTP) 10.2.4.4 set sntp server Use this command to add a server from which the SNTP client will retrieve the current time when operating in unicast mode. Up to 10 servers can be set as SNTP servers. set sntp server ip-address [precedence] Syntax Description ip-address Specifies the SNTP server’s IP address. precedence (Optional) Specifies this SNTP server’s precedence in relation to its peers.
Logging And Network Management Command Set Configuring Simple Network Time Protocol (SNTP) 10.2.4.5 clear sntp server Use this command to remove one or all servers from the SNTP server list. clear sntp server {ip-address | all} Syntax Description ip-address Specifies the IP address of a server to remove from the SNTP server list. all Removes all servers from the SNTP server list. Command Defaults None. Command Mode Read-Write. Example This example shows how to remove the server at IP address 10.21.1.
Logging And Network Management Command Set Configuring Simple Network Time Protocol (SNTP) 10.2.4.6 set sntp broadcastdelay Use this command to set the round trip delay, in microseconds, for SNTP broadcast frames. set sntp broadcastdelay time Syntax Description time Specifies broadcast delay time in microseconds. Valid values are 1 to 999999. Default value is 3000. Command Defaults None. Command Mode Read-Write.
Logging And Network Management Command Set Configuring Simple Network Time Protocol (SNTP) 10.2.4.7 clear sntp broadcastdelay Use this command to clear the round trip delay time for SNTP broadcast frames. clear sntp broadcastdelay Syntax Description None. Command Defaults None. Command Mode Read-Write.
Logging And Network Management Command Set Configuring Simple Network Time Protocol (SNTP) 10.2.4.8 set sntp poll-interval Use this command to set the poll interval between SNTP unicast requests. set sntp poll-interval interval Syntax Description interval Specifies the poll interval in seconds. Valid values are 16 to 16284. Command Defaults None. Command Mode Read-Write.
Logging And Network Management Command Set Configuring Simple Network Time Protocol (SNTP) 10.2.4.9 clear sntp poll-interval Use this command to clear the poll interval between unicast SNTP requests. clear sntp poll-interval Syntax Description None. Command Defaults None. Command Mode Read-Write.
Logging And Network Management Command Set Configuring Simple Network Time Protocol (SNTP) 10.2.4.10 set sntp poll-retry Use this command to set the number of poll retries to a unicast SNTP server. set sntp poll-retry retry Syntax Description retry Specifies the number of retries. Valid values are 0 to 10. Command Defaults None. Command Mode Read-Write.
Logging And Network Management Command Set Configuring Simple Network Time Protocol (SNTP) 10.2.4.11 clear sntp poll-retry Use this command to clear the number of poll retries to a unicast SNTP server. clear sntp poll-retry Syntax Description None. Command Defaults None. Command Mode Read-Write.
Logging And Network Management Command Set Configuring Simple Network Time Protocol (SNTP) 10.2.4.12 set sntp poll-timeout Use this command to set the poll timeout (in seconds) for a response to a unicast SNTP request. set sntp poll-timeout timeout Syntax Description timeout Specifies the poll timeout in seconds. Valid values are 1 to 30. Command Defaults None. Command Mode Read-Write.
Logging And Network Management Command Set Configuring Simple Network Time Protocol (SNTP) 10.2.4.13 clear sntp poll-timeout Use this command to clear the SNTP poll timeout. clear sntp poll-timeout Syntax Description None. Command Defaults None. Command Mode Read-Write.
Logging And Network Management Command Set Configuring Node Aliases 10.2.5 Configuring Node Aliases Purpose To review, configure, disable and re-enable node (port) alias functionality, which determines what network protocols are running on one or more ports. Commands Commands to configure node aliases are listed below and described in the associated section as shown. • show nodealias config (Section 10.2.5.1) • set nodealias (Section 10.2.5.2) • clear nodealias config (Section 10.2.5.
Logging And Network Management Command Set Configuring Node Aliases 10.2.5.1 show nodealias config Use this command to display node alias properties for one or more ports. show nodealias config [port-string] Syntax Description port-string (Optional) Displays node alias properties for specific port(s). For a detailed description of possible port-string values, refer to Section 3.1.1. Command Defaults If port-string is not specified, node alias properties will be displayed for all ports.
Logging And Network Management Command Set Configuring Node Aliases 10.2.5.2 set nodealias Use this command to enable or disable a node alias agent on one or more ports. Upon packet reception, node aliases are dynamically assigned to ports enabled with an alias agent, which is the default setting on SecureStack B2 devices. Node aliases cannot be statically created, but can be deleted using the clear node alias config command as described in Section 10.2.5.3.
Logging And Network Management Command Set Configuring Node Aliases 10.2.5.3 clear nodealias config Use this command to reset node alias state to enabled. clear nodealias config port-string Syntax Description port-string Specifies the port(s) on which to reset the node alias configuration. For a detailed description of possible port-string values, refer to Section 3.1.1. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
11 Security Configuration This chapter describes the Security Configuration set of commands and how to use them. 11.1 OVERVIEW OF SECURITY METHODS The following security methods are available for controlling which users are allowed to access, monitor, and manage the device. • Login user accounts and passwords – used to log in to the CLI via a Telnet connection or local COM port connection. For details, refer to Section 2.1.11.
Process Overview: Security Configuration • MAC Locking – locks a port to one or more MAC addresses, preventing connection of unauthorized devices via the port. For details, refer to Section 11.3.4 • Secure Shell (SSH) – provides secure Telnet. For details, refer to Section 11.3.5. 11.2 PROCESS OVERVIEW: SECURITY CONFIGURATION Use the following steps as a guide to configuring security methods on the device: 1. Configuring RADIUS (Section 11.3.1) 2. Configuring 802.1X Authentication (Section 11.3.2) 3.
Security Configuration Command Set Configuring RADIUS 11.3 SECURITY CONFIGURATION COMMAND SET 11.3.1 Configuring RADIUS Purpose To perform the following: • Review the RADIUS client/server configuration on the device. • Enable or disable the RADIUS client. • Set local and remote login options. • Set primary and secondary server parameters, including IP address, timeout period, and number of user login attempts allowed. • Reset RADIUS server settings to default values.
Security Configuration Command Set Configuring RADIUS 11.3.1.1 show radius Use this command to display the current RADIUS client/server configuration. show radius [status | retries | timeout | server [index | all]] Syntax Description status (Optional) Displays the RADIUS server’s enable status. retries (Optional) Displays the number of retry attempts before the RADIUS server times out. server (Optional) Displays RADIUS server configuration information.
Security Configuration Command Set Configuring RADIUS Table 11-1 show radius Output Details Output What It Displays... RADIUS status Whether RADIUS is enabled or disabled. RADIUS retries Number of retry attempts before the RADIUS server times out. The default value of 3 can be reset using the set radius command as described in Section 11.3.1.2. RADIUS timeout Maximum amount of time (in seconds) to establish contact with the RADIUS server before retry attempts begin.
Security Configuration Command Set Configuring RADIUS 11.3.1.2 set radius Use this command to enable, disable, or configure RADIUS authentication. set radius {[enable | disable] [retries number-of-retries] [timeout timeout] [server {indexip-address port [secret-value]} NOTE: The RADIUS client can only be enabled on the switch once a RADIUS server is online, and its IP address(es) has been configured with the same password the RADIUS client will use.
Security Configuration Command Set Configuring RADIUS This example shows how to set the RADIUS timeout to 5 seconds: B2(rw)->set radius timeout 5 This example shows how to set RADIUS retries to 10: B2(rw)->set radius retries 10 SecureStack B2 Configuration Guide 11-7
Security Configuration Command Set Configuring RADIUS 11.3.1.3 clear radius Use this command to clear RADIUS server settings. clear radius [retries] [timeout] [server [index | all] Syntax Description retries (Optional) Resets the maximum number of attempts a user can contact the RADIUS server before timing out to 3. timeout (Optional) Resets the maximum amount of time to establish contact with the RADIUS server before timing out to 20 seconds. server (Optional) Deletes server settings.
Security Configuration Command Set Configuring RADIUS 11.3.1.4 show radius accounting Use this command to display the RADIUS accounting configuration. This transmits accounting information between a network access server and a shared accounting server. show radius accounting [server | counter ip-address | retries | timeout] Syntax Description server (Optional) Displays one or all RADIUS accounting server configurations. counter ip-address (Optional) Displays counters for a RADIUS accounting server.
Security Configuration Command Set Configuring RADIUS 11.3.1.5 set radius accounting Use this command to configure RADIUS accounting. set radius accounting {[enable] [disable] [retries retries] [timeout timeout] [server ip_address port [server-secret] Syntax Description enable | disable Enables or disables the RADIUS accounting client. retries retries Sets the maximum number of attempts to contact a specified RADIUS accounting server before timing out. Valid retry values are 1 - 2147483647.
Security Configuration Command Set Configuring RADIUS Examples This example shows how to enable the RADIUS accounting client for authenticating with the accounting server at IP address 10.2.4.12, UDP authentication port 1800. As previously noted, the “server secret” password entered here must match that already configured as the Read-Write (rw) password on the RADIUS accounting server: B2(rw)->set radius accounting server 10.2.4.
Security Configuration Command Set Configuring RADIUS 11.3.1.6 clear radius accounting Use this command to clear RADIUS accounting configuration settings. clear radius accounting {server ip-address | retries | timeout | counter} Syntax Description server ip-address Clears the configuration on one or more accounting servers. retries Resets the retries to the default value of 2. timeout Resets the timeout to 5 seconds. counter Clears counters. Command Mode Read-Write. Command Defaults None.
Security Configuration Command Set Configuring 802.1X Authentication 11.3.2 Configuring 802.1X Authentication Purpose To review and configure 802.1X authentication for one or more ports using EAPOL (Extensible Authentication Protocol). 802.1X controls network access by enforcing user authorization on selected ports, which results in allowing or denying network access according to RADIUS server configuration. NOTE: One user per EAPOL-configured port can be authenticated on SecureStack B2 devices.
Security Configuration Command Set Configuring 802.1X Authentication 11.3.2.1 show dot1x Use this command to display 802.1X status, diagnostics, statistics, and reauthentication or initialization control information for one or more ports. show dot1x [auth-config] [auth-diag] [auth-stats] [port [init | reauth]] [port-string] Syntax Description auth-diag (Optional) Displays authentication diagnostics information. auth-stats (Optional) Displays authentication statistics.
Security Configuration Command Set Configuring 802.1X Authentication This example shows how to display authentication diagnostics information for fe.1.1: B2(rw)->show dot1x auth-diag fe.1.
Security Configuration Command Set Configuring 802.1X Authentication This example shows how to display the status of port reauthentication control for fe.1.1 through fe.1.6: B2(rw)->show dot1x port reauth fe.1.
Security Configuration Command Set Configuring 802.1X Authentication 11.3.2.2 show dot1x auth-config Use this command to display 802.1X authentication configuration settings for one or more ports.
Security Configuration Command Set Configuring 802.1X Authentication Command Mode Read-Only. Command Defaults • If no parameters are specified, all 802.1X settings will be displayed. • If port-string is not specified, information for all ports will be displayed. Examples This example shows how to display the EAPOL port control mode for fe.1.1: B2(rw)->show dot1x auth-config authcontrolled-portcontrol fe.1.1 Port 1: Auth controlled port control: Auto This example shows how to display the 802.
Security Configuration Command Set Configuring 802.1X Authentication 11.3.2.3 set dot1x Use this command to enable or disable 802.1X authentication, to reauthenticate one or more access entities, or to reinitialize one or more supplicants. set dot1x port {[enable | disable] [init | reauth {true | false} [port-string]]} Syntax Description enable | disable Enables or disables 802.1X. init | reauth Reinitializes one or more access entities or reauthenticates one or more supplicants.
Security Configuration Command Set Configuring 802.1X Authentication 11.3.2.4 set dot1x auth-config Use this command to configure 802.1X authentication.
Security Configuration Command Set Configuring 802.1X Authentication reauthenabled false | true Enables (true) or disables (false) reauthentication control of the reauthentication timer state machine. reauthperiod value Specifies the time lapse (in seconds) between attempts by the reauthentication timer state machine to reauthenticate a port. Valid values are 0 - 65535.
Security Configuration Command Set Configuring 802.1X Authentication 11.3.2.5 clear dot1x auth-config Use this command to reset 802.1X authentication parameters to default values on one or more ports. clear dot1x auth-config [authcontrolled-portcontrol] [keytxenabled] [maxreq] [quietperiod] [reauthenabled] [reauthperiod] [servertimeout] [supptimeout] [txperiod] [port-string] Syntax Description authcontrolledportcontrol (Optional) Resets the 802.1X port control mode to auto.
Security Configuration Command Set Configuring 802.1X Authentication Examples This example shows how to reset the 802.1X port control mode to auto on all ports: B2(rw)->clear dot1x auth-config authcontrolled-portcontrol This example shows how to reset reauthentication control to disabled on ports fe.1.1-3: B2(rw)->clear dot1x auth-config reauthenabled fe.1.1-3 This example shows how to reset the 802.1X quiet period to 60 seconds on ports fe.1.1-3: B2(rw)->clear dot1x auth-config quietperiod fe.1.
Security Configuration Command Set Configuring 802.1X Authentication 11.3.2.6 show eapol Use this command to display EAPOL status or settings for one or more ports. s ho w e a po l [port_string] Syntax Description port_string (Optional) Displays EAPOL status for specific port(s). For a detailed description of possible port_string values, refer to Section 3.1.1. Command Mode Read-Only. Command Defaults If port_string is not specified, only EAPOL enable status will be displayed.
Security Configuration Command Set Configuring 802.1X Authentication Table 11-2 show eapol Output Details (Continued) Output What It Displays... Authentication State Current EAPOL authentication state for each port. Possible internal states for the authenticator (switch) are: • initialized: A port is in the initialize state when: • • • • • • • • a. authentication is disabled, b. authentication is enabled and the port is not linked, or c. authentication is enabled and the port is linked.
Security Configuration Command Set Configuring 802.1X Authentication Table 11-2 11-26 show eapol Output Details (Continued) Output What It Displays... Authentication Mode Mode enabling network access for each port. Modes include: • Auto: Frames are forwarded according to the authentication state of each port. • Forced Authorized Mode: Meant to disable authentication on a port. It is intended for ports that support ISLs and devices that cannot authenticate, such as printers and file servers.
Security Configuration Command Set Configuring 802.1X Authentication 11.3.2.7 set eapol Use this command to enable or disable EAPOL port-based user authentication with the RADIUS server and to set the authentication mode for one or more ports. set eapol [enable | disable | auth-mode {auto | forced-authorized | forced-auth | forced-unauthorized | forced-unauth} port-string Syntax Description enable | disable Enables or disables EAPOL.
Security Configuration Command Set Configuring 802.1X Authentication 11.3.2.8 clear eapol Use this command to globally clear the EAPOL authentication mode, or to clear settings for one or more ports. clear eapol [auth-mode] [port-string] Syntax Description auth-mode (Optional) Globally clears the EAPOL authentication mode. port_string (Optional) Specifies the port(s) on which to clear EAPOL parameters. For a detailed description of possible port_string values, refer to Section 3.1.1.
Security Configuration Command Set Configuring VLAN Authorization (RFC 3580) 11.3.3 Configuring VLAN Authorization (RFC 3580) Purpose Please see section 3-31 of RFC 3580 for details on configuring a RADIUS server to return the desired tunnel attributes. From RFC 3580, “... it may be desirable to allow a port to be placed into a particular Virtual LAN (VLAN), defined in [IEEE8021Q], based on the result of the authentication ..
Security Configuration Command Set Configuring VLAN Authorization (RFC 3580) 11.3.3.1 set vlanauthorization Enable or disable the use of the radius vlan tunnel attribute to put a port into a particular vlan as the result of an authentication. If no port string is entered, the action will be a global setting.
Security Configuration Command Set Configuring VLAN Authorization (RFC 3580) 11.3.3.2 set vlanauthorization egress Controls the modification of the current vlan egresslist of 802.1x authenticated port for the vlan(s) returned in the RADIUS authorization filter id string. set vlanauthorization egress [ none | tagged | untagged ] [port_str] Syntax Description none No egress manipulation will be made. tagged The authenticating port will be added to the current egress for the VLAN-ID returned.
Security Configuration Command Set Configuring VLAN Authorization (RFC 3580) 11.3.3.3 clear vlanauthorization Return port(s) to default configuration (vlanauthrization disabled, egress untagged). clear vlanauthorization [port_str] Syntax Description port_str (optional) Specifies which ports are to be restored to default configuration. If no port string is entered, the the action will be a global setting. For a detailed description of possible port-string values, refer to Section 3.1.1.
Security Configuration Command Set Configuring VLAN Authorization (RFC 3580) 11.3.3.4 show vlanauthorization Displays the vlan authentication status and configuration information for the specified ports. show vlanauthorization [port_str] Syntax Description port_str (Optional) Displays vlan authentication status for the specified ports. If no port string is entered, then the global status of the setting is displayed. For a detailed description of possible port-string values, refer to Section 3.1.1.
Security Configuration Command Set Configuring VLAN Authorization (RFC 3580) Table 11-3 11-34 show vlanauthorization Output Details Output What It Displays... operational egress If authentication has succeeded, displays the vlan id assigned for egress. vlan id If authentication has succeeded, displays the assigned VLAN id for ingress.
Security Configuration Command Set Configuring MAC Locking 11.3.4 Configuring MAC Locking Purpose To review, disable, enable and configure MAC locking. This locks a MAC address to one or more ports, preventing connection of unauthorized devices via the port(s). When source MAC addresses are received on specified ports, the switch discards all subsequent frames not containing the configured source addresses.
Security Configuration Command Set Configuring MAC Locking 11.3.4.1 show maclock Use this command to display the status of MAC locking on one or more ports. show maclock [port_string] Syntax Description port_string (Optional) Displays MAC locking status for specified port(s). For a detailed description of possible port_string values, refer to Section 3.1.1. Command Defaults If port_string is not specified, MAC locking status will be displayed for all ports. Command Mode Read-Only.
Security Configuration Command Set Configuring MAC Locking Table 11-4 show maclock Output Details Output What It Displays... Port Number Port designation. For a detailed description of possible port_string values, refer to Section 3.1.1. Port Status Whether MAC locking is enabled or disabled on the port. MAC locking is globally disabled by default. For details on using set maclock to enable it on the device and on one or more ports, refer to Section 11.3.4.3.
Security Configuration Command Set Configuring MAC Locking 11.3.4.2 show maclock stations Use this command to display MAC locking information about end stations connected to the device. show maclock stations [port-string] Syntax Description port_string (Optional) Displays end station information for specified port(s). For a detailed description of possible port_string values, refer to Section 3.1.1.
Security Configuration Command Set Configuring MAC Locking Table 11-5 show maclock stations Output Details Output What It Displays... Port Number Port designation. For a detailed description of possible port_string values, refer to Section 3.1.1. MAC address MAC address of the end station(s) locked to the port. Status Whether the end stations are active or inactive. State Whether the end station locked to the port is a first learned or first arrival connection.
Security Configuration Command Set Configuring MAC Locking 11.3.4.3 set maclock enable Use this command to enable MAC locking on one or more ports. When enabled and configured for a specific MAC address and port string, this locks a port so that only one end station address is allowed to participate in frame relay. set maclock enable [port_string] Syntax Description port_string (Optional) Enables MAC locking on specific port(s).
Security Configuration Command Set Configuring MAC Locking 11.3.4.4 set maclock disable Use this command to disable MAC locking on one or more ports. set maclock disable [port_string] Syntax Description port_string (Optional) Disables MAC locking on specific port(s). For a detailed description of possible port_string values, refer to Section 3.1.1. Command Defaults If port_string is not specified, MAC locking will be disabled on all ports. Command Mode Read-Write.
Security Configuration Command Set Configuring MAC Locking 11.3.4.5 set maclock firstarrival Use this command to restrict MAC locking on a port to a maximum number of end station addresses first connected to that port. set maclock firstarrival port_string value Syntax Description port_string Specifies the port on which to limit MAC locking. For a detailed description of possible port_string values, refer to Section 3.1.1.
Security Configuration Command Set Configuring MAC Locking 11.3.4.6 clear maclock firstarrival Use this command to reset the number of first arrival MAC addresses allowed per port to the default value of 600. clear maclock firstarrival port-string Syntax Description port_string Specifies the port on which to reset the first arrival value. For a detailed description of possible port_string values, refer to Section 3.1.1. Command Defaults None. Command Mode Read-Write.
Security Configuration Command Set Configuring MAC Locking 11.3.4.7 set maclock trap Use this command to enable or disable MAC lock trap messaging. When enabled, this authorizes the device to send an SNMP trap message if an end station is connected that exceeds the maximum value configured using the set maclock firstarrival command. Violating MAC addresses are dropped from the device’s routing table.
Security Configuration Command Set Configuring Secure Shell (SSH) 11.3.5 Configuring Secure Shell (SSH) Purpose To review, enable, disable, and configure the Secure Shell (SSH) protocol, which provides secure Telnet. Commands The commands used to review and configure SSH are listed below and described in the associated section as shown: • show ssh status (Section 11.3.5.1) • set ssh (Section 11.3.5.2) • set ssh hostkey (Section 11.3.5.
Security Configuration Command Set Configuring Secure Shell (SSH) 11.3.5.1 show ssh status Use this command to display the current status of SSH on the device. show ssh status Syntax Description None. Command Mode Read-Only. Command Defaults None. Example This example shows how to display SSH status on the device: B2(rw)->show ssh status SSH Server status: Disabled.
Security Configuration Command Set Configuring Secure Shell (SSH) 11.3.5.2 set ssh Use this command to enable, disable or reinitialize SSH server on the device. set ssh {enable | disable | reinitialize} Syntax Description enable | disable Enables or disables SSH, or reinitializes the SSH server. reinitialize Reinitializes the SSH server. Command Mode Read-Write. Command Defaults None.
Security Configuration Command Set Configuring Secure Shell (SSH) 11.3.5.3 set ssh hostkey Use this command to set or reinitialize new SSH authentication keys. set ssh hostkey [reinitialize] Syntax Description reinitialize (Optional) Reinitializes the server host authentication keys. Command Mode Read-Write. Command Defaults If re initia lize is not specified, the user must supply SSH authentication key values.
Index Numerics 802.1D 5-1 802.1Q 6-1 802.1s 5-1 802.1w 5-1 802.1x 11-6, 11-27 A Advertised Ability 3-23 Alias node 10-43 Authentication EAPOL 11-27 RADIUS server 11-6, 11-10 SSH 11-48 Auto-negotiation 3-23 B Baud Rate 2-66 Broadcast suppression, enabling on ports 3-53 C CDP Discovery Protocol 2-89 Class of Service 8-1 Classification Policies 7-1 Clearing NVRAM 2-101 CLI closing 2-97 scrolling screens 2-10 starting 2-7 Command History Buffer 10-15, 10-16 Command Line Interface.
Index F L Flow Control 3-26 Forbidden VLAN port 6-23 Line Editing Commands 2-11 Link Aggregation (LACP) 3-36 Lockout set system 2-39 Logging 10-2 Login administratively configured 2-8 default 2-7 setting accounts 2-30 via Telnet 2-8 G Getting Help 1-3 GVRP enabling and disabling 6-38 purpose of 6-32 timer 6-40 H Hardware show system 2-48, 2-58 Help keyword lookups 2-9 Host VLAN 6-27 I ICMP 10-18 IGMP 9-1 configuration summary 9-2 configuring parameters 9-6 displaying snooping information 9-3 enabling
Index Port Mirroring 3-29 Port Priority configuring 8-2 Port String syntax used in the CLI 3-2 Port(s) assignment scheme 3-2 auto-negotiation and advertised ability 3-23 broadcast suppression 3-53 counters, reviewing statistics 3-8 duplex mode, setting 3-15 flow control 3-26 MAC lock 11-40 mirroring 3-29 priority, configuring 8-2 speed, setting 3-15 status, reviewing 3-4 Power over Ethernet, configuring 2-67 Priority to Transmit Queue Mapping 8-6 Prompt set 2-57 R RADIUS 11-3 RADIUS server 11-6, 11-10 Rap
Index V Version Information 2-58 VLANs assigning ingress filtering 6-17 assigning port VLAN IDs 6-12 authentication 11-29 to 11-33 configuring for IP routing 6-3 creating static 6-7 egress lists 6-20, 11-31 enabling GVRP 6-32 forbidden ports 6-23 host, setting 6-27 ingress filtering 6-12 naming 6-9 RADIUS 11-29 reviewing existing 6-4 secure management, creating 6-31 W WebView 1-2, 2-6 Index-4 SecureStack B2 Configuration Guide
