Matrix E1 Series (1G58x-09 and 1H582-xx) Configuration Guide Firmware Version 3.00.
NOTICE Enterasys Networks reserves the right to make changes in specifications and other information contained in this document and its web site without prior notice. The reader should in all cases consult Enterasys Networks to determine whether any such changes have been made. The hardware, firmware, or software described in this document is subject to change without notice.
ENTERASYS NETWORKS, INC. FIRMWARE LICENSE AGREEMENT BEFORE OPENING OR UTILIZING THE ENCLOSED PRODUCT, CAREFULLY READ THIS LICENSE AGREEMENT. This document is an agreement (“Agreement”) between the end user (“You”) and Enterasys Networks, Inc.
3. APPLICABLE LAW. This Agreement shall be interpreted and governed under the laws and in the state and federal courts of New Hampshire without regard to its conflicts of laws provisions. You accept the personal jurisdiction and venue of the New Hampshire courts.
8. AUDIT RIGHTS. You hereby acknowledge that the intellectual property rights associated with the Program are of critical value to Enterasys and, accordingly, You hereby agree to maintain complete books, records and accounts showing (i) license fees due and paid, and (ii) the use, copying and deployment of the Program.
Contents Figures ........................................................................................................................................ xxiii Tables...........................................................................................................................................xxv ABOUT THIS GUIDE Using This Guide........................................................................................................ xxvii Structure of This Guide ..................................
Contents 3.1.6 3.2 vi Starting and Navigating the Command Line Interface (CLI) ......... 3-11 3.1.6.1 Using a Console Port Connection ............................. 3-11 3.1.6.2 Logging in with a Default User Account..................... 3-11 3.1.6.3 Logging in With an Administratively Configured User Account ............................................................. 3-14 3.1.6.4 Using a Telnet Connection ........................................ 3-14 3.1.7 Getting Help with CLI Syntax ................
Contents 3.2.4 3.3 4 Configuring Telnet......................................................................... 3-56 3.2.4.1 show telnet ................................................................ 3-57 3.2.4.2 set telnet .................................................................... 3-58 3.2.5 Managing Switch Configuration Files............................................ 3-60 3.2.5.1 dir............................................................................... 3-61 3.2.5.2 show config.
Contents 4.2.2 4.3 4.4 viii Disabling / Enabling Ports............................................................. 4-14 4.2.2.1 set port disable .......................................................... 4-15 4.2.2.2 set port enable........................................................... 4-16 4.2.3 Setting Speed and Duplex Mode .................................................. 4-17 4.2.3.1 set port speed............................................................ 4-18 4.2.3.2 set port duplex .....
Contents 4.4.6 4.4.7 4.4.8 4.4.9 5 LACP Terminology........................................................................ 4-65 Matrix E1 LAG Usage Considerations .......................................... 4-66 Configuring Link Aggregation........................................................ 4-68 4.4.8.1 set lacp ...................................................................... 4-69 4.4.8.2 set lacp static............................................................. 4-70 4.4.8.
Contents 5.2.4 5.2.5 5.2.6 5.2.7 5.2.8 6 SPANNING TREE CONFIGURATION 6.1 6.2 x Configuring SNMP MIB Views ...................................................... 5-37 5.2.4.1 show snmp view ........................................................ 5-38 5.2.4.2 set snmp view............................................................ 5-40 5.2.4.3 clear snmp view......................................................... 5-41 Configuring SNMP Target Parameters .........................................
Contents 6.2.1 Reviewing and Setting Spanning Tree Bridge Parameters............. 6-3 6.2.1.1 show spantree stats..................................................... 6-6 6.2.1.2 set spantree............................................................... 6-10 6.2.1.3 show spantree version............................................... 6-11 6.2.1.4 set spantree version .................................................. 6-12 6.2.1.5 clear spantree version ...............................................
Contents 6.2.2 7 802.1Q VLAN CONFIGURATION 7.1 7.2 7.3 xii Reviewing and Setting Spanning Tree Port Parameters .............. 6-49 6.2.2.1 show spantree portadmin .......................................... 6-51 6.2.2.2 set spantree portadmin.............................................. 6-52 6.2.2.3 clear spantree portadmin........................................... 6-53 6.2.2.4 show spantree blocked ports..................................... 6-54 6.2.2.5 show spantree portpri ........................
Contents 7.3.3 7.3.4 7.3.5 7.3.6 7.3.7 7.3.8 8 Assigning Port VLAN IDs (PVIDs) and Ingress Filtering............... 7-14 7.3.3.1 show port vlan ........................................................... 7-15 7.3.3.2 set port vlan ............................................................... 7-16 7.3.3.3 clear port vlan ............................................................ 7-17 7.3.3.4 show port ingress filter............................................... 7-18 7.3.3.
Contents 8.3.2 8.3.3 9 PORT PRIORITY AND CLASSIFICATION CONFIGURATION 9.1 9.2 9.3 xiv Assigning Classification Rules to Policy Profiles ............................ 8-7 8.3.2.1 show policy class......................................................... 8-8 8.3.2.2 set policy classify......................................................... 8-9 8.3.2.3 Classification Precedence Rules ............................... 8-14 8.3.2.4 clear policy class .......................................................
Contents 9.3.6 10 IGMP CONFIGURATION 10.1 10.2 10.3 11 Configuring Port Traffic Rate Limiting ........................................... 9-39 9.3.6.1 show port ratelimit ..................................................... 9-40 9.3.6.2 set port ratelimit ......................................................... 9-42 9.3.6.3 clear port ratelimit ...................................................... 9-44 IGMP Configuration Summary .....................................................................
Contents 11.2.2 11.2.3 xvi 11.2.1.11 show logging application ......................................... 11-17 11.2.1.12 set logging application ............................................. 11-19 11.2.1.13 clear logging application .......................................... 11-22 11.2.1.14 show logging audit-trail............................................ 11-23 11.2.1.15 copy audit-trail ......................................................... 11-24 Monitoring Switch Network Events and Status .......
Contents 11.2.4 11.2.5 12 Configuring Simple Network Time Protocol (SNTP) ................... 11-67 11.2.4.1 show sntp ................................................................ 11-68 11.2.4.2 set sntp client........................................................... 11-69 11.2.4.3 set sntp broadcastdelay........................................... 11-70 11.2.4.4 set sntp poll-interval................................................. 11-71 11.2.4.5 set sntp server ..................................
Contents 12.2.5 13 ROUTING PROTOCOL CONFIGURATION 13.1 xviii Reviewing IP Traffic and Configuring Routes ............................. 12-27 12.2.5.1 show ip protocols..................................................... 12-28 12.2.5.2 show ip traffic........................................................... 12-29 12.2.5.3 clear ip stats ............................................................ 12-31 12.2.5.4 show ip route ........................................................... 12-32 12.2.5.
Contents 13.1.2 13.1.3 13.1.4 Configuring OSPF....................................................................... 13-30 13.1.2.1 router ospf ............................................................... 13-32 13.1.2.2 network .................................................................... 13-33 13.1.2.3 router id ................................................................... 13-34 13.1.2.4 ip ospf cost .............................................................. 13-35 13.1.2.
Contents 13.1.5 14 SECURITY CONFIGURATION 14.1 14.2 14.3 xx Configuring VRRP....................................................................... 13-85 13.1.5.1 router vrrp ................................................................ 13-86 13.1.5.2 create....................................................................... 13-87 13.1.5.3 address.................................................................... 13-88 13.1.5.4 priority............................................................
Contents 14.3.4 14.3.5 14.3.6 14.3.3.10 set macauthentication macreauthenticate ............... 14-46 14.3.3.11 set macauthentication reauthperiod ........................ 14-47 14.3.3.12 set macauthentication quietperiod........................... 14-48 Configuring MAC Locking ........................................................... 14-49 14.3.4.1 show maclock .......................................................... 14-50 14.3.4.2 show maclock stations.............................................
Contents 14.4 A 14.3.6.11 set ssh logingracetime............................................. 14-96 14.3.6.12 clear ssh keys.......................................................... 14-97 14.3.6.13 clear ssh config........................................................ 14-98 14.3.7 Configuring Access Lists............................................................. 14-99 14.3.7.1 show access-lists................................................... 14-100 14.3.7.2 access-list (standard) ...............
Figures Figure 2-1 2-2 2-3 3-1 3-2 3-3 3-4 3-5 3-6 3-7 4-1 4-2 4-3 4-4 5-1 7-1 9-1 Page Connecting an IBM PC or Compatible Device ................................................................ 2-3 Connecting a VT Series Terminal ................................................................................... 2-4 Connecting to a Modem .................................................................................................. 2-5 Sample Command Default Description ................................
Tables Table 3-1 3-2 3-3 3-4 3-5 3-6 3-7 3-8 4-1 4-2 4-3 4-4 4-5 4-6 4-7 5-1 5-2 5-3 5-4 5-5 5-6 5-7 5-8 5-9 5-10 5-11 5-12 5-13 6-1 7-1 7-2 7-3 7-4 7-5 8-1 Page Default Device Settings for Basic and Switch Mode Operation .................................... 3-1 Default Device Settings for Router Mode Operation .................................................... 3-6 Basic Line Editing Commands....................................................................................
Tables 8-2 8-3 9-1 9-2 10-1 10-2 11-1 11-2 11-3 11-4 11-5 11-6 11-7 11-8 12-1 12-2 12-3 13-1 13-2 13-3 13-4 13-5 13-6 14-1 14-2 14-3 14-4 14-5 14-6 14-7 14-8 xxvi Valid Values for Policy Classification.......................................................................... 8-11 Classification Precedence .......................................................................................... 8-14 Valid Values for Priority Classification .................................................................
About This Guide Welcome to the Enterasys Networks Matrix E1 (1G58x-09 and 1H582-xx) Configuration Guide. This manual explains how to access the devices’ Command Line Interface (CLI) and how to use it to configure the Matrix E1 1G58x-09 and 1H582-xx switch/router devices. Important Notice Depending on the firmware version used in the Matrix E1 device, some features described in this document may not be supported.
Structure of This Guide STRUCTURE OF THIS GUIDE The guide is organized as follows: Chapter 1, Introduction, provides an overview of the tasks that can be accomplished using the CLI interface, an overview of local management requirements, and information about obtaining technical support. Chapter 2, Management Terminal and Modem Setup Requirements, describes how to configure and connect a management terminal or a modem to the Matrix E1 device.
Related Documents Chapter 9, Port Priority and Classification Configuration, describes how to set the transmit priority of each port, display the current traffic class mapping-to-priority of each port, set ports to either transmit frames according to selected priority transmit queues or percentage of port transmission capacity for each queue, assign transmit priorities according to protocol types, and configure a rate limit for a given port and list of priorities.
Document Conventions DOCUMENT CONVENTIONS This guide uses the following conventions: ROUTER: Calls the reader’s attention to router-specific commands and information. NOTE: Calls the reader’s attention to any item of information that may be of special importance.
Typographical and Keystroke Conventions TYPOGRAPHICAL AND KEYSTROKE CONVENTIONS bold type Bold type indicates required user input, including command keywords, that must be entered as shown for the command to execute. RETURN Indicates either the ENTER or RETURN key, depending on your keyboard. ESC Indicates the keyboard Escape key. SPACE bar Indicates the keyboard space bar key. BACKSPACE Indicates the keyboard backspace key. arrow keys Refers to the four keyboard arrow keys.
1 Introduction This chapter provides an overview of the tasks that may be accomplished using the Matrix E1 1G58x-09 and 1H582-xx CLI interface, an introduction to in-band and out-of-band network management, and information on how to contact Enterasys Networks for technical support. Important Notice Depending on the firmware version used in the Matrix E1 1G58x-09 or 1H582-xx device, some features described in this document may not be supported.
Overview • Clear NVRAM. • Set 802.1Q VLAN memberships and port configurations. • Redirect frames according to port or VLAN and transmit them on a preselected destination port. • Configure the device to operate as a Generic Attribute Registration Protocol (GARP) device to dynamically create VLANs across a switched network. • Configure the device to dynamically switch frames according to a characteristic rule and VLAN. • Configure Spanning Trees. • Configure interfaces for IP routing.
Getting Help 1.2 GETTING HELP For additional support related to this device or document, contact Enterasys Networks using one of the following methods: World Wide Web Phone http://www.enterasys.com/ (603) 332-9400 1-800-872-8440 (toll-free in U.S. and Canada) For the Enterasys Networks Support toll-free number in your country: http://www.enterasys.com/support/gtac-all.html Internet mail support@enterasys.
2 Management Terminal and Modem Setup Requirements This chapter provides information about connecting a terminal or modem to the device’s console port. NOTE: Illustrations and most of the examples in this guide are based on the Matrix E1 1H582-51. Configuration and CLI output for the Matrix E1 1H582-25, and the 1G58x-09, may be different. Unless noted, procedures and performance features are similar for both models. 2.
Connecting to a Console Port for Local Management Connecting to an IBM or Compatible Device Using a UTP cable with RJ45 connectors and RJ45-to-DB9 adapter, you can connect products equipped with an RJ45 console port to an IBM or compatible PC running a VT series emulation software package.
Connecting to a Console Port for Local Management Connecting to a VT Series Terminal Figure 2-1 Connecting an IBM PC or Compatible Device 1H582-51 2 CPU Reset Console PWR 1 Ã Á À ➀ PC ➁ RJ45-to-DB9 PC Adapter 2.1.
Connecting to a Console Port for Local Management Connecting to a Modem Parameter Setting Mode 7 Bit Control Transmit Transmit=9600 Bits Parity 8 Bits, No Parity Stop Bit 1 Stop Bit 5. When these parameters are set, the Matrix E1 startup screen will display. Figure 2-2 Connecting a VT Series Terminal 1H582-51 2 CPU Reset Console PWR 1 Á Â À ➀ VT Series Terminal ➁ RJ45-to-DB25 VT Adapter 2.1.
Connecting to a Console Port for Local Management Connecting to a Modem 3. Connect the RJ45-to-DB25 adapter to the communications port on the modem. 4. Turn on the modem and configure your VT emulation package with the following parameters: Parameter Setting Mode 7 Bit Control Transmit Transmit=9600 Bits Parity 8 Bits, No Parity Stop Bit 1 Stop Bit 5. When these parameters are set, the Matrix E1 startup screen will display.
Connecting to a Console Port for Local Management Adapter Wiring and Signal Assignments 2.1.
Connecting to a Console Port for Local Management Adapter Wiring and Signal Assignments Modem Port Adapter Wiring and Signal Diagram RJ45 DB25 Pin Conductor Pin Signal 1 Blue 2 Transmit (TX) 2 Orange 8 Data Carrier Detect (DCD) 4 Red 3 Receive 5 Green 7 Ground (GRD) 6 Yellow 20 Data Terminal Ready (DTR) 8 Gray 22 Ring Indicator 1 Pins 8 RJ45 Connector (Female) 045905 Pins 1 14 13 DB25 Connector (Male) 25 045907 Matrix E1 Series (1G58x-09 and 1H582-xx) Configuration
3 Startup and General Configuration This chapter describes factory default settings and the Startup and General Configuration set of commands. 3.1 STARTUP AND GENERAL CONFIGURATION SUMMARY At startup, the Matrix E1 device is configured with many defaults and standard features. The following sections provide information on how to review and change factory defaults, how to customize basic system settings to adapt to your work environment, and how to prepare to run the device in router mode. 3.1.
Startup and General Configuration Summary Factory Default Settings Table 3-1 Default Device Settings for Basic and Switch Mode Operation (Continued) Device Feature Default Setting GARP timer Join timer set to 20 centiseconds; leave timer set to 60 centiseconds; leaveall timer set to 1000 centiseconds. GVRP Globally enabled. Host VLAN Assigned to default (VID 1) VLAN. IGMP Disabled. When enabled, query interval is set to 125 seconds and response time is set to 100 tenths of a second.
Startup and General Configuration Summary Factory Default Settings Table 3-1 Default Device Settings for Basic and Switch Mode Operation (Continued) Device Feature Default Setting Port advertised ability Enabled on all ports. Port broadcast suppression Disabled (no broadcast limit). Port duplex mode Set to half for 10BASE-T and 100BASE-TX; set to full for 1000BASE-X. Port enable/disable Enabled. Port priority Set to 1. Port rate limiting Disabled.
Startup and General Configuration Summary Factory Default Settings Table 3-1 Default Device Settings for Basic and Switch Mode Operation (Continued) Device Feature Default Setting SNTP Disabled. Spanning Tree Enabled (globally and on all ports). Spanning Tree edge port administrative status Disabled. Spanning Tree edge port delay Enabled. Spanning Tree forward delay Set to 15 seconds. Spanning Tree hello interval Set to 2 seconds. Spanning Tree ID (SID) Set to 1.
Startup and General Configuration Summary Factory Default Settings Table 3-1 Default Device Settings for Basic and Switch Mode Operation (Continued) Device Feature Default Setting Spanning Tree topology change trap suppression Enabled on edge ports. Spanning Tree transmit hold count Set to 3. Spanning Tree version Set to mstp (Multiple Spanning Tree). SSH (Secure Shell) Enabled with the following settings: Listening port: 22. Rekey interval: 3600 seconds. Login grace time: 60 seconds.
Startup and General Configuration Summary Factory Default Settings Table 3-1 Default Device Settings for Basic and Switch Mode Operation (Continued) Device Feature Default Setting VLAN classification Classification rules are automatically enabled when created. VLAN dynamic egress Disabled. VLAN ID All ports use a VLAN identifier of 1, and are included on the host VLAN ID 1 port VLAN list. WebView Enabled. WebView port Set at TCP port number 80.
Startup and General Configuration Summary Factory Default Settings Table 3-2 Default Device Settings for Router Mode Operation (Continued) Device Feature Default Setting Dead interval (OSPF) Set to 40 seconds. Disable triggered updates (RIP) Triggered updates allowed. Distribute list (RIP) No filters applied. DoS prevention Disabled. DVMRP Disabled. Metric set to 1. Hello interval (OSPF) Set to 10 seconds for broadcast and point-to-point networks.
Startup and General Configuration Summary Factory Default Settings Table 3-2 Default Device Settings for Router Mode Operation (Continued) Device Feature Default Setting OSPF network None configured. OSPF priority Set to 1. Passive interfaces (RIP) None configured. Proxy ARP Enabled on all interfaces. Receive interfaces (RIP) Enabled on all interfaces. Retransmit delay (OSPF) Set to 1 second. Retransmit interval (OSPF) Set to 5 seconds. RIP Enabled.
Startup and General Configuration Summary Command Defaults Descriptions 3.1.2 Command Defaults Descriptions Each command description in this guide includes a section entitled “Command Defaults” which contains different information than the factory default settings on the device as described in Table 3-1 and Table 3-2. The command defaults section defines CLI behavior if the user enters a command without optional parameters (indicated by square brackets [ ]).
Startup and General Configuration Summary Process Overview: CLI Startup and General Configuration Displaying WebView status: To display WebView status, enter show webview at the CLI command prompt. This example shows that WebView is enabled on TCP port 80, the default port number. Matrix>show webview Webview is currently enabled on port 80. Enabling / disabling WebView: To enable or disable WebView, enter set webview {enable | disable} at the CLI command prompt. This example shows how to enable WebView.
Startup and General Configuration Summary Starting and Navigating the Command Line Interface (CLI) 7. Configuring CDP (Section 3.2.6) 8. Pausing, clearing and closing the CLI (Section 3.2.7) 9. Resetting the device (Section 3.2.8) 10. Preparing the device for router mode (Section 3.3) 3.1.6 3.1.6.
Startup and General Configuration Summary Starting and Navigating the Command Line Interface (CLI) 3. Leave this string blank and press ENTER.The notice of authorization and the Matrix prompt displays as shown in Figure 3-3. NOTES: Display messages shown in Figure 3-2 about the device generating keys pertain to Secure Shell (SSH) authentication. These lines will only display on the startup screen the first time the device is powered on, or after NVRAM has been cleared.
Startup and General Configuration Summary Starting and Navigating the Command Line Interface (CLI) Figure 3-2 Console Port Initial Startup Screen Before User Authorization c)Copyright ENTERASYS Networks, Inc. 2002 Matrix 1G582-09 POST Version 01.01.00 Application image found in Flash memory. Loading functional image ... Application image loaded to CPU SDRAM. Start Application ... done. 1H582-51 Switch init start... Switch Budget init... Initializing hardware... Switch clear VLAN table...
Startup and General Configuration Summary Starting and Navigating the Command Line Interface (CLI) 3.1.6.3 Logging in With an Administratively Configured User Account If the device’s default user account settings have been changed, proceed as follows: 1. At the Username login prompt, enter your administratively-assigned user name and press ENTER. 2. At the Password prompt, enter your password and press ENTER. The notice of authorization and the Matrix prompt displays as shown in Figure 3-3.
Startup and General Configuration Summary Starting and Navigating the Command Line Interface (CLI) Figure 3-3 Startup Screen After User Authorization Username:rw Password: waiting for authorization...... **************************************** * * * Matrix 1G587-09 * * * * Enterasys Networks, Inc. * * 50 Minuteman Road * * Andover, MA 01810 USA * * * **************************************** Matrix> For information about setting the IP address, refer to Section 3.2.2.18.
Startup and General Configuration Summary Getting Help with CLI Syntax 3.1.7 Getting Help with CLI Syntax Entering a space and a question mark (?) after a keyword will display all commands beginning with the keyword. Figure 3-4 shows how to perform a keyword lookup for set vlan. Entering a space and a question mark (?) after any of these parameters (such as set vlan classification) will display additional parameters nested within the syntax.
Startup and General Configuration Summary Displaying Scrolling Screens 3.1.8 Displaying Scrolling Screens CLI output requiring more than one screen will display --More-- to indicate continuing screens. To display additional screen output: • Press ENTER to advance the output one line at a time. • Press M to advance the output to the next screen. The example in Figure 3-6 shows how the show mac command indicates that output continues on more than one screen.
Startup and General Configuration Summary Basic Line Editing Commands 3.1.9 Basic Line Editing Commands The CLI supports EMACs-like line editing commands. Table 3-3 lists some commonly used commands. Table 3-3 Basic Line Editing Commands Key Sequence Command Ctrl+A Move cursor to beginning of line. Ctrl+B Move cursor back one character. Ctrl+C Abort command. Ctrl+D Delete character. Ctrl+E Move cursor to end of line. Ctrl+F Move cursor forward one character.
General Configuration Command Set Setting User Accounts and Passwords 3.2 3.2.1 GENERAL CONFIGURATION COMMAND SET Setting User Accounts and Passwords Purpose To change the device’s default user login and password settings, and to add new user accounts and passwords. Commands The commands needed to set user accounts and passwords are listed below and described in the associated section as shown. • show system login (Section 3.2.1.1) • set system login (Section 3.2.1.2) • clear system login (Section 3.2.
General Configuration Command Set Setting User Accounts and Passwords 3.2.1.1 show system login Use this command to display user login account information. show system login Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Super User. Example This example shows how to display login account information.
General Configuration Command Set Setting User Accounts and Passwords Table 3-4 show system login Output Details Output What It Displays... Password history size Number of user login passwords that will be checked for duplication when the set password command is executed. Configured with the set system password history command (Section 3.2.1.7). Password aging Number of days user passwords will remain valid before aging out. Configured with the set system password aging command (Section 3.2.1.6).
General Configuration Command Set Setting User Accounts and Passwords 3.2.1.2 set system login Use this command to create a new user login account, or to disable or enable an existing account. The Matrix E1 Series device supports up to 16 user accounts, including the admin account, which cannot be disabled or deleted. set system login username {su | rw | ro} {enable | disable} Syntax Description username Specifies a login name for a new or existing user.
General Configuration Command Set Setting User Accounts and Passwords 3.2.1.3 clear system login Use this command to remove a local login user account. clear system login username Syntax Description username Specifies the login name of the account to be cleared. NOTE: The default admin (su) account cannot be deleted. Command Defaults None. Command Type Switch command. Command Mode Super User.
General Configuration Command Set Setting User Accounts and Passwords 3.2.1.4 set password Use this command to change system default passwords or to set a new login password on the CLI. set password username NOTES: Only users with admin (su) access privileges can change any password on the system. Users with Read-Write (rw) or Read-Only (ro) access privileges can change their own passwords, but cannot enter or modify other system passwords.
General Configuration Command Set Setting User Accounts and Passwords Examples This example shows how a super-user would change the Read-Write password from the system default (blank string): Matrix>set password rw Please enter new password: ******** Please re-enter new password: ******** Password changed.
General Configuration Command Set Setting User Accounts and Passwords 3.2.1.5 set system password length Use this command to set the minimum user login password length. set system password length characters Syntax Description characters Specifies the minimum number of characters for a user account password. Valid values are 0 to 32. Command Defaults None. Command Type Switch command. Command Mode Super User.
General Configuration Command Set Setting User Accounts and Passwords 3.2.1.6 set system password aging Use this command to set the number of days user passwords will remain valid before aging out, or to disable user account password aging. set system password aging {days | disable} Syntax Description days Specifies the number of days user passwords will remain valid before aging out. Valid values are 1 to 365. disable Disables password aging. Command Defaults None. Command Type Switch command.
General Configuration Command Set Setting User Accounts and Passwords 3.2.1.7 set system password history Use this command to set the number of user login passwords that will be checked for password duplication. This prevents duplicate passwords from being entered into the system with the set password command. set system password history size Syntax Description size Specifies the number of passwords checked for duplication. Valid values are 0 to 10. Command Defaults None. Command Type Switch command.
General Configuration Command Set Setting User Accounts and Passwords 3.2.1.8 set system lockout attempts Use this command to disable system lock out or to set the number of failed login attempts before user lock out occurs. When the number of attempts is reached, Read-Write and Read-Only user accounts will be disabled, and the admin account will be locked out for the number of minutes specified by the set system lockout command (Section 3.2.1.9).
General Configuration Command Set Setting User Accounts and Passwords 3.2.1.9 set system lockout Use this command to set the number of minutes the admin user account will be locked out after the maximum number of failed attempts to log on to the switch. set system lockout time Syntax Description time Specifies the number of minutes the default admin user account will be locked out after the maximum login attempts.Valid values are 0 to 60. Command Defaults None. Command Type Switch command.
General Configuration Command Set Setting Basic Device Properties 3.2.2 Setting Basic Device Properties Purpose To display and set the basic system (device) information, including password, system time, system prompt, contact name, terminal output, lockout time, timeout, baud rate and version information, to display or set the system IP address, and to download a new firmware image to the device.
General Configuration Command Set Setting Basic Device Properties 3.2.2.1 show system resources Use this command to display the CPU type, NVRAM installed and other resources installed in the system. show system resources Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only.
General Configuration Command Set Setting Basic Device Properties 3.2.2.2 show system Use this command to display powers supply status, baud rate, timeout and other system information. show system Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only.
General Configuration Command Set Setting Basic Device Properties 3.2.2.3 show time Use this command to display the current time of day in the system clock. show time Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only. Example This example shows how to display the current time.
General Configuration Command Set Setting Basic Device Properties 3.2.2.4 set time Use this command to change the time of day on the system clock. set time {[day_of_week][mm/dd/yyyy][hh:mm:ss]} Syntax Description day_of_week (Optional) Specifies the day of the week. mm/dd/yyyy (Optional) Specifies the month, day, and year. hh:mm:ss (Optional) Specifies the current time in 24-hour format. Command Defaults At least one of the three optional parameters must be specified. Command Type Switch command.
General Configuration Command Set Setting Basic Device Properties 3.2.2.5 set prompt Use this command to modify the command prompt. set prompt “prompt_string” Syntax Description prompt_string Specifies a text string for the command prompt. A prompt string containing a space in the text must be enclosed in quotes as shown in the example below. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
General Configuration Command Set Setting Basic Device Properties 3.2.2.6 show banner motd Use this command to show the banner message of the day that will display at session login. show banner motd Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only. Example This example shows how to display the banner message of the day: Matrix>show banner motd Not one hundred percent efficient, of course ... but nothing ever is. -- Kirk, "Metamorphosis", stardate 3219.
General Configuration Command Set Setting Basic Device Properties 3.2.2.7 set banner motd Use this command to set the banner message of the day displayed at session login. set banner motd message Syntax Description message Specifies a message of the day. This is a text string that can be formatted with a new line escape (\\n) character. A string containing a space in the text must be enclosed in quotes as shown in the example below. Command Defaults None. Command Type Switch command.
General Configuration Command Set Setting Basic Device Properties 3.2.2.8 clear banner motd Use this command to clear the banner message of the day displayed at session login. clear banner motd Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
General Configuration Command Set Setting Basic Device Properties 3.2.2.9 show version Use this command to display hardware and firmware information. Refer to Section 3.2.3 for instructions on how to download a firmware image. show version Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only.
General Configuration Command Set Setting Basic Device Properties Table 3-5 show version Output Details (Continued) Output What It Displays... Serial Number Serial number (if applicable) of the chassis or expansion module. HW Version Hardware version number (if applicable) of the chassis or expansion module. FW Version Current firmware version number (if applicable).
General Configuration Command Set Setting Basic Device Properties 3.2.2.10 set system name Use this command to configure a name for the system. set system name “name_string” Syntax Description name_string Specifies a text string that identifies the system. A name string containing a space in the text must be enclosed in quotes as shown in the example below. Command Defaults None. Command Type Switch command. Command Mode Read-Write. Usage Guidelines None.
General Configuration Command Set Setting Basic Device Properties 3.2.2.11 set system location Use this command to identify the location of the system. set system location “location_string” Syntax Description location_string Specifies a text string that indicates where the system is located. A location string containing a space in the text must be enclosed in quotes as shown in the example below. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
General Configuration Command Set Setting Basic Device Properties 3.2.2.12 set system contact Use this command to identify a contact person for the system. set system contact “contact_string” Syntax Description contact_string Specifies a text string that contains the name of the person to contact for system administration. A contact string containing a space in the text must be enclosed in quotes as shown in the example below. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
General Configuration Command Set Setting Basic Device Properties 3.2.2.13 show terminal Use this command to display the number of columns and rows for the terminal connected to the device’s console port. This information is used to control the output of the CLI itself. show terminal Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Write. Example This example shows how to show terminal information: Matrix>show terminal Terminal height set to 23.
General Configuration Command Set Setting Basic Device Properties 3.2.2.14 set terminal Use this command to set the number of columns and rows for the terminal connected to the device’s console port. set terminal {rows num-rows [disable] | cols num-cols}[static] Syntax Description rows num_rows Specifies the number of terminal rows to be set. Valid values are 2 to 200. disable Disables the --More-- line from displaying on scrolling screens as described in Section 3.1.8.
General Configuration Command Set Setting Basic Device Properties 3.2.2.15 set system timeout Use this command to set the time (in minutes) an idle local (console) or remote login session will remain connected before timing out. set system timeout timeout [console | remote] Syntax Description timeout Specifies the number of minutes the system will remain idle before timing out. Valid values are 1 to 60. console | remote (Optional) Sets the console or remote (Telnet) timeout.
General Configuration Command Set Setting Basic Device Properties 3.2.2.16 set system baud Use this command to set the console port baud rate. set system baud rate Syntax Description rate Specifies the console baud rate. Valid values are 38400, 19200, 9600, 4800, and 2400. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
General Configuration Command Set Setting Basic Device Properties 3.2.2.17 show ip address Use this command to display the local host port IP address, system mask and default gateway. show ip address Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only. Example This example shows how to display the system IP address, the system mask and the default gateway: Matrix>show ip address System IP - 10.1.10.1 System Mask - 255.255.128.0 Default Gateway - 0.0.0.
General Configuration Command Set Setting Basic Device Properties 3.2.2.18 set ip address Use this command to set the system IP address, subnet mask and default gateway. set ip address ip_address [mask ip_mask] [gateway ip_gateway] Syntax Description ip_address Specifies the IP address to set for the device. mask ip_mask (Optional) Specifies the IP mask of the local host. gateway ip_gateway (Optional) Specifies the default gateway of the local host.
General Configuration Command Set Downloading a Firmware Image 3.2.3 Downloading a Firmware Image You can upgrade the operational firmware in the Matrix E1 without physically opening the device or being in the same location. The software storage sector in the flash memory of the device is reprogrammed, allowing you to easily download firmware feature enhancements and problem fixes to the device from a local or remote location. Firmware can be downloaded to the device in two ways: • Via TFTP download.
General Configuration Command Set Downloading a Firmware Image 3.2.3.1 Downloading via the Serial Port A serial download is the easiest method to upgrade the device firmware, requiring the least amount of equipment and configuration. To download device firmware via the serial (console) port, proceed as follows: 1. With the console port connected, reset the device by powering the device off and then on. 2.
General Configuration Command Set Downloading a Firmware Image 9. Change your terminal baudrate back to 9600 and press ENTER. The following message displays: (D)ownload another Image or (S)tart Application: [S] 10. Press S to start the application.
General Configuration Command Set Downloading a Firmware Image 3.2.3.2 Downloading via TFTP To perform a TFTP download, you must first set the device’s IP address (as detailed in Section 3.2.2.18). You then use the dload command to enter the IP address of the TFTP server and the name of the image file. dload Use this command to download a new firmware image from a TFTP server to the device.
General Configuration Command Set Downloading a Firmware Image Example This example shows how to download a new firmware image via a TFTP server: Matrix>dload 172.101.50.87 d:\images\xfiles\010000.09 File downloaded successfully. Updating flashROM image at 0xFF200000 ... Image update successful. Updating flashROM image at 0xFF500000 ... Image update successful. Restarting system... Saving persistent data ++++++++++++++++++++++++++++++++++++++++++++++++++ (c)Copyright ENTERASYS Networks, Inc.
General Configuration Command Set Configuring Telnet 3.2.4 Configuring Telnet To review, enable, disable and configure Telnet services to the device when operating in switch mode. Commands The commands needed to configure Telnet are listed below and described in the associated section as shown. • show telnet (Section 3.2.4.1) • set telnet (Section 3.2.4.
General Configuration Command Set Configuring Telnet 3.2.4.1 show telnet Use this command to display Telnet status and information. show telnet Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-only. Example This example shows how to display Telnet status and information. In this case inbound and outbound service is enabled on the device and maximum number of inbound, outbound and SSH Telnet sessions have not been changed from the default value of 4.
General Configuration Command Set Configuring Telnet 3.2.4.2 set telnet Use this command to configure Telnet on the device. set telnet {[disable | enable] inbound | outbound | all} | port port | session {inbound | outbound | ssh}session} Syntax Description disable | enable Disables or enables Telnet services. inbound | outbound | all Disables or enables inbound service (the ability to Telnet to this device), outbound service (the ability to Telnet to other devices), or all (both inbound and outbound).
General Configuration Command Set Configuring Telnet This example shows how to set the maximum number of outbound Telnet sessions to 3 Matrix>set telnet session outbound 3 This example shows how to reset the Telnet port to 23: Matrix>set telnet port default Matrix E1 Series (1G58x-09 and 1H582-xx) Configuration Guide 3-59
General Configuration Command Set Managing Switch Configuration Files 3.2.5 Managing Switch Configuration Files Purpose To view, manage, and execute configuration files when operating in switch mode. Commands The commands needed to view, manage, and execute switch configuration files are listed below and described in the associated section as shown. • dir (Section 3.2.5.1) • show config (Section 3.2.5.2) • configure (Section 3.2.5.3) • summaryconfig (Section 3.2.5.4) • copy (Section 3.2.5.
General Configuration Command Set Managing Switch Configuration Files 3.2.5.1 dir Use this command to display CLI configuration files stored in NVRAM. dir [all] Syntax Description all (Optional) Displays all files in the NVDRIVE: file system. Command Type Switch command. Command Mode Read-only. Command Defaults If all is not specified, only configuration files stored in the NVDRIVE: file system will be displayed.
General Configuration Command Set Managing Switch Configuration Files 3.2.5.2 show config Use this command to display the contents of the CLI text configuration file. show config [filename [all | system]] Syntax Description filename (Optional) Displays a specific file. The filename extension must be .cfg all (Optional) Displays the entire configuration file. system (Optional) Displays only the CLI commands from the configuration file. Command Type Switch command. Command Mode Read-only.
General Configuration Command Set Managing Switch Configuration Files Examples This example shows how to display system information in the clitxt.cfg file: Matrix>show config clitxt.cfg system clitxt.cfg set vlan 30 create set vlan 40 create set vlan 30 enable set vlan name 30 blue set vlan egress 30 fe.0.7 untagged set vlan classification enable set vlan classification 30 802.3-SAP 0X0020 create set vlan classification 30 802.3-SAP 0X0020 enable set port vlan fe.0.4-fe.0.7 30 set port broadcast fe.0.
General Configuration Command Set Managing Switch Configuration Files 3.2.5.3 configure Use this command to execute a previously downloaded configuration file, schedule a configuration update for a later time, cancel a configuration update, or display scheduled configuration update information. configure {[filename [append] [at time] [in time] [reason reason] | show | cancel} Syntax Description filename Specifies the name of the configuration file to execute.
General Configuration Command Set Managing Switch Configuration Files Examples This example shows how to execute clitxt.txt and update NVRAM to reflect the new configuration: Matrix>configure clitxt.txt This example shows how to schedule an NVRAM update by appending the clitxt.txt configuration file in two hours: Matrix>configure clitxt.
General Configuration Command Set Managing Switch Configuration Files 3.2.5.4 summaryconfig Use this command to display the Matrix E1 non-default configuration to the console, or, by entering the file keyword, write it to the swfile.cfg file. summaryconfig [file] Syntax Description file (Optional) Writes the configuration to the scfile.cfg. This file can then be displayed using the show config command, or uploaded to a file or a server using the copy command. Command Type Switch command.
General Configuration Command Set Managing Switch Configuration Files Example This example shows a portion of the output created by the summaryconfig command: >show rad RAD is currently enabled. > >show RADIUS RADIUS RADIUS radius status: retries: timeout: RADIUS Server ------------0.0.0.0 0.0.0.0 Disabled. 3. 20 seconds Status -----Primary Secondary RADIUS last-resort-action ------------------------Local Remote > >show snmp SNMP is currently enabled.
General Configuration Command Set Managing Switch Configuration Files 3.2.5.5 copy Use this command to upload or download a configuration file.
General Configuration Command Set Managing Switch Configuration Files NOTES: There is an important distinction between specifying a filename and using the device-config option. When uploading, the filename specified in the destination pathname (the server) is created. When downloading, if the device-config keyword is entered, then the filename specified in the source pathname is downloaded and executed. This file will not be saved in NVRAM.
General Configuration Command Set Managing Switch Configuration Files This example shows how to download and execute the clitxt.txt file. This command will reset the device: Matrix>copy tftp://10.1.129.3/config/clitxt.txt device-config This example shows how to download and execute the cliappend.txt file. This command will not reset the device: Matrix>copy tftp://10.1.29.3/config/cliappend.
General Configuration Command Set Managing Switch Configuration Files 3.2.5.6 set system bootconfig Use this command to select the configuration file the device will load at startup. set system bootconfig {flash | network file-location} Syntax Description flash Loads the flash configuration file. network file-location Specifies a network file location from which to load the configuration file. Command Type Switch command. Command Mode Read-Write. Command Defaults None.
General Configuration Command Set Managing Switch Configuration Files 3.2.5.7 delete Use this command to remove a configuration file from the Matrix E1 system. delete filename Syntax Description filename Specifies the configuration file to remove. Command Type Switch command. Command Mode Read-Write. Command Defaults None. Example This example shows how to delete the clitxt1.cfg configuration file: Matrix>delete clitxt1.
General Configuration Command Set Configuring CDP 3.2.6 Configuring CDP Purpose To enable and configure the CDP discovery protocol. Commands The commands needed to configure the CDP discovery protocol are listed below and described in the associated section as shown. • show cdp (Section 3.2.6.1) • set cdp (Section 3.2.6.2) • set cdp interval (Section 3.2.6.
General Configuration Command Set Configuring CDP 3.2.6.1 show cdp Use this command to display the status of the CDP discovery protocol and message interval on one or more ports. show cdp [port-string] Syntax Description port-string (Optional) Displays CDP information for specific port(s). For a detailed description of possible port-string values, refer to Section 4.1.2. Command Defaults If port-string is not specified, the CDP state for all ports will be displayed. Command Type Switch command.
General Configuration Command Set Configuring CDP Examples This example shows how to display CDP information for all ports: Matrix>show cdp CDP Version : 6 Global CDP State : Global Hold Time : auto 180 Port State Port State Port State --------------------------------------------------------------fe.0.1 auto fe.0.2 auto fe.0.3 auto fe.0.4 auto fe.0.5 auto fe.0.6 auto fe.0.7 auto fe.0.8 auto fe.0.9 auto fe.0.10 auto fe.0.11 auto fe.0.12 auto fe.0.13 auto fe.0.14 auto fe.0.15 auto fe.0.16 auto fe.0.
General Configuration Command Set Configuring CDP Table 3-6 show cdp Output Details Output What It Displays... CDP Version Current CDP version number. Global CDP State Whether CDP is globally auto-enabled, enabled or disabled. Global Hold Time Transmit frequency (in seconds) of CDP messages. For details on using the set cdp interval command to change the default value of 60, refer to Section 3.2.6.2. 3-76 Port Port designation.
General Configuration Command Set Configuring CDP 3.2.6.2 set cdp Use this command to enable or disable the CDP discovery protocol on one or more ports. set cdp {auto | disable | enable} [port-string] Syntax Description auto | disable | enable Auto-enables, disables or enables the CDP protocol on the specified port(s). In auto-enable mode, which is the default mode for all ports, a port automatically becomes CDP-enabled upon receiving its first CDP message.
General Configuration Command Set Configuring CDP 3.2.6.3 set cdp interval Use this command to set the message interval frequency of the CDP discovery protocol. set cdp interval frequency Syntax Description frequency Specifies the transmit frequency of CDP messages in seconds.Valid values are from 5 to 900. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
General Configuration Command Set Pausing, Clearing and Closing the CLI 3.2.7 Pausing, Clearing and Closing the CLI Purpose To pause or clear the CLI screen or to close your CLI session. Commands The commands used to pause, clear and close the CLI session are listed below and described in the associated sections as shown. • wait (Section 3.2.7.1) • cls (Section 3.2.7.2) • exit (Section 3.2.7.
General Configuration Command Set Pausing, Clearing and Closing the CLI 3.2.7.1 wait Use this command to pause the CLI for a specified number of seconds before executing the next command. wait seconds Syntax Description seconds Specifies the number of seconds for the CLI to pause before executing the next command Command Defaults None. Command Type Switch command. Command Mode Read-Write. Example This example shows how to pause the CLI for 10 seconds: Matrix>wait 10 Wait for 10 seconds . . .
General Configuration Command Set Pausing, Clearing and Closing the CLI 3.2.7.2 cls (clear screen) Use this command to clear the screen for the current CLI session. cls Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only.
General Configuration Command Set Pausing, Clearing and Closing the CLI 3.2.7.3 exit Use this command to leave a CLI session when operating in switch mode. exit NOTE: Device timeout occurs after five minutes of user inactivity, automatically closing your CLI session. When operating in router mode, the exit command jumps to a lower configuration level. For details on enabling router configuration modes, refer to Section 3.3.3. Syntax Description None. Command Defaults None. Command Type Switch command.
General Configuration Command Set Resetting the Device 3.2.8 Resetting the Device Purpose To reset the device without losing any user-defined switch and router configuration parameters, or to clear NVRAM (user-defined) config settings. Commands Commands to reset the device are listed below and described in the associated section as shown. • show reset (Section 3.2.8.1) • reset (Section 3.2.8.2) • reset at (Section 3.2.8.3) • reset in (Section 3.2.8.4) • clear config (Section 3.2.8.
General Configuration Command Set Resetting the Device 3.2.8.1 show reset Use this command to display information about scheduled device resets. show reset Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only. Example This command shows how to display reset information Matrix>show reset Reset scheduled for Fri Jan 21 2004, 23:00:00 (in 3 days 12 hours 56 minutes 57 seconds).
General Configuration Command Set Resetting the Device 3.2.8.2 reset Use this command to reset the device immediately, cancel, or display information about a scheduled reset. reset [system [cancel]] [show] Syntax Description system (Optional) Resets the system. cancel (Optional) Cancels a reset scheduled using the reset at command as described in Section 3.2.8.3, or the reset in command as described in Section 3.2.8.4. show (Optional) Displays information about a scheduled reset.
General Configuration Command Set Resetting the Device 3.2.8.3 reset at Use this command to schedule a system reset at a specific future time. This feature is useful for loading a new boot image. reset at hh:mm [mm/dd] [reason reason] Syntax Description hh:mm Schedules the hour and minute of the reset (using the 24-hour system). mm/dd (Optional) Schedules the month and day of the reset. reason reason (Optional) Specifies a reason for the reset.
General Configuration Command Set Resetting the Device 3.2.8.4 reset in Use this command to schedule a system reset after a specific time. This feature is useful for loading a new boot image. reset in hh:mm [reason reason] Syntax Description hh:mm Specifies the number of hours and minutes into the future to perform a reset. reason reason (Optional) Specifies a reason for the reset. A string containing a space in the text must be enclosed in quotes.
General Configuration Command Set Resetting the Device 3.2.8.5 clear config Use this command to clear the user-defined switch configuration parameters stored in NVRAM. This resets the device back to its factory default settings, while giving you the option to maintain the system IP address and SSH (Secure Shell) host keys. For a list of default settings for this device, refer to Section 3.1.1.
Preparing the Device for Router Mode Pre-Routing Configuration Tasks 3.3 PREPARING THE DEVICE FOR ROUTER MODE Important Notice Startup and general configuration of the Matrix E1 must occur when the device is in switch mode. For details on how to start the device and configure general platform settings, refer to Section 3.1 and Section 3.2. Once startup and general device settings are complete, IP configuration and other router-specific commands can be executed when the device is in router mode.
Preparing the Device for Router Mode Configuring VLANs for IP Routing Table 3-7 Command Set for Configuring VLANs for IP Routing To do this task... Type this command... In this mode... For details, see... Step 1 Disable Spanning Tree on the dedicated routing port. set spantree portadmin port-string disable Switch: (Matrix>) Section 6.2.2.2 Step 2 Create a new IEEE 802.1Q VLAN or enable an existing VLAN on the dedicated routing port.
Preparing the Device for Router Mode Configuring VLANs for IP Routing Table 3-7 Command Set for Configuring VLANs for IP Routing (Continued) To do this task... Type this command... In this mode... For details, see... Step 9 Assign an IP address to the VLAN. ip address {ip_address ip_mask} Router: Matrix> Router(config-if (Vlan ))# Section 12.2.1.4 Step 10 Enable the VLAN for IP routing. no shutdown Router: Matrix> Router(config-if (Vlan 1))# Section 12.2.1.
Preparing the Device for Router Mode Configuring VLANs for IP Routing Figure 3-7 Configuring Two VLANs for IP Routing Matrix>set spantree portadmin fe.0.1 disable Matrix>set vlan create 10 Matrix>set port vlan fe.0.1 10 The PVID is used to classify untagged frames as they ingress into a given port.
Preparing the Device for Router Mode Enabling Router Configuration Modes 3.3.3 Enabling Router Configuration Modes The Matrix E1 CLI provides different modes of router operation for issuing a subset of commands from each mode. Table 3-8 describes these modes of operation. NOTE: The command prompts used in examples throughout this guide show a system where VLAN 1 has been configured for routing.
Preparing the Device for Router Mode Enabling Router Configuration Modes Table 3-8 Router CLI Configuration Modes (Continued) Use this mode... To... Access method... Prompt... Key Chain Configuration Mode Set protocol (RIP) authentication key parameters. Type key chain and the key chain name from Router (RIP) Configuration mode. Matrix>Router (config-keychain)# Key Chain Key Configuration Mode Configure a specific key within a RIP authentication key chain.
4 Port Configuration This chapter describes the Port Configuration set of commands and how to use them. 4.1 PORT CONFIGURATION SUMMARY The Matrix E1 has fixed front panel ports at the bottom of the chassis and either one or three optional Ethernet expansion module slot(s) at the top of the chassis. Matrix E1 fixed front panels provide the following port configurations: • The 1H582-25 fixed front panel provides 24 RJ45 10/100 Mbps ports.
Port Configuration Summary Port Assignment Scheme connections, and are designated as 0 for being fixed ports on the front panel. In this numbering scheme, front panel port 8 is expressed as 0.8 in the CLI syntax. The device’s optional expansion module slot(s), numbered 1, or 1,2, and 3, can have one or more ports depending on the module installed. Figure 4-2 shows the Ethernet expansion modules available at the time of this printing, and the location of port 1 on each module.
Port Configuration Summary Port Assignment Scheme Figure 4-2 Optional Ethernet Expansion Modules 1G-2GBIC 1H-16TX 1 1 1G-2MGBIC 1G-2TX 1 1 1H-8FX 1 Table 4-1 37552_27 Ethernet Expansion Module Interface Types and Port Numbering Ethernet expansion module Interface Type Port Numbering 1H-16TX Fast Ethernet 10/100BASE-TX Sixteen fixed RJ45 ports Fast Ethernet 1000BASE-TX Two fixed RJ45 ports Gigabit 1000BASE-SX/LX Two port slots for optional GBICs (GBICs have 1 SC connector) 1G-2TX 1G-2
Port Configuration Summary Port String Syntax Used in the CLI Table 4-1 Ethernet Expansion Module Interface Types and Port Numbering (Continued) Ethernet expansion module Interface Type Port Numbering 1G-2MGBIC 1000BASE-SX Two slots for optional Mini-GBICs (Mini-GBICs have 1 MT-RJ connector) |1|2| 1H-8FX 100BASE-FX Eight fixed MT-RJ connectors |1|2|3|4|5|6|7|8| 4.1.
Port Configuration Summary Port String Syntax Used in the CLI Examples This example shows the port-string syntax for specifying Fast Ethernet port 3 in the device’s fixed front panel. fe.0.3 This example shows the port-string syntax for specifying Fast Ethernet ports 1 through 10 in the device’s fixed front panel. fe.0.1-10 This example shows the port-string syntax for specifying Fast Ethernet ports 1, 3, 7, 8, 9 and 10 in the device’s left expansion module slot. fe.1.1,fe.1.3,fe.1.
Port Configuration Summary Process Overview: Port Configuration 4.1.3 Process Overview: Port Configuration Use the following steps as a guide to configuring ports on the device: 1. Reviewing port status (Section 4.2.1) 2. Disabling / enabling ports (Section 4.2.2) 3. Setting speed and duplex mode (Section 4.2.3) 4. Enabling / disabling jumbo frame support (Section 4.2.4) 5. Setting auto negotiation and advertised ability (Section 4.2.5) 6. Setting flow control and thresholds (Section 4.2.6) 7.
Port Configuration Command Set Reviewing Port Status 4.2 4.2.1 PORT CONFIGURATION COMMAND SET Reviewing Port Status Purpose To display port operating status, duplex mode, speed and port type, and statistical information about traffic received and transmitted through one port or all ports on the device. Commands The commands needed to review port status are listed below and described in the associated sections as shown. • show port status (Section 4.2.1.1) • show port counters (Section 4.2.1.
Port Configuration Command Set Reviewing Port Status 4.2.1.1 show port status Use this command to display duplex mode, speed and port type, and statistical information about traffic received and transmitted through one or more ports on the device. show port status [port-string] Syntax Description port-string (Optional) Displays status for specific port(s). For a detailed description of possible port-string values, refer to Section 4.1.2.
Port Configuration Command Set Reviewing Port Status Table 4-2 show port status Output Details Output What It Displays... Port Port designation. For a detailed description of possible port-string values, refer to Section 4.1.2. Oper Status Whether the specified port has a valid link. Oper status will be down until a link is established to an external device and the port is enabled. Admin Status Whether the specified port is enabled (up) or disabled (down).
Port Configuration Command Set Reviewing Port Status 4.2.1.2 show port counters Use this command to display counter statistics detailing traffic through the switch and through all MIB2 network devices. show port counters [port-string] [mib2 | switch] Syntax Description port-string (Optional) Displays counter statistics for specific port(s). For a detailed description of possible port-string values, refer to Section 4.1.2. mib2 | switch (Optional) Displays MIB2 or switch statistics.
Port Configuration Command Set Reviewing Port Status Examples This example shows how to display all counter statistics, including MIB2 network traffic and traffic through the device for Fast Ethernet front panel port 1: Matrix>show port counters fe.0.1 Port: fe.0.
Port Configuration Command Set Reviewing Port Status Table 4-3 4-12 show port counters Output Details Output What It Displays... Port Port designation. For a detailed description of possible port-string values, refer to Section 4.1.2. Bridge Port Spanning Tree bridge port designation. MIB2 Interface Counters MIB2 network traffic counts. 802.1Q Switch Counters Counts of frames received and transmitted.
Port Configuration Command Set Reviewing Port Status 4.2.1.3 clear port counters Use this command to clear port counter statistics for one or more ports. clear port counters [port-string] Syntax Description port-string (Optional) Clears counter statistics for specific port(s). For a detailed description of possible port-string values, refer to Section 4.1.2. Command Defaults If port-string is not specified, counter statistics will be cleared for all ports. Command Type Switch command.
Port Configuration Command Set Disabling / Enabling Ports 4.2.2 Disabling / Enabling Ports Purpose To disable and re-enable one or more ports. By default, all ports are enabled at device startup. You may need to disable ports in the event of network problems or to put ports “off-line” during certain configuration procedures. Commands The commands needed to enable and disable ports are listed below and described in the associated section as shown. • set port disable (Section 4.2.2.
Port Configuration Command Set Disabling / Enabling Ports 4.2.2.1 set port disable Use this command to administratively disable one or more ports. set port disable port-string Syntax Description port-string Specifies the port(s) to disable. For a detailed description of possible port-string values, refer to Section 4.1.2. Command Defaults None. Command Type Switch command. Command Mode Read-Write. Example This example shows how to disable Fast Ethernet front panel port 1: Matrix>set port disable fe.0.
Port Configuration Command Set Disabling / Enabling Ports 4.2.2.2 set port enable Use this command to administratively enable one or more ports. set port enable port-string Syntax Description port-string Specifies the port(s) to enable. For a detailed description of possible port-string values, refer to Section 4.1.2. Command Defaults None. Command Type Switch command. Command Mode Read-Write. Example This example shows how to enable Fast Ethernet front panel port 3: Matrix>set port enable fe.0.
Port Configuration Command Set Setting Speed and Duplex Mode 4.2.3 Setting Speed and Duplex Mode Purpose To set the current operational speed in Mbps and to set the default duplex mode: Half, for half duplex, or Full, for full duplex. NOTE: These settings only take effect on ports that have auto-negotiation disabled. Commands The commands needed to set port speed and duplex mode are listed below and described in the associated section as shown. • set port speed (Section 4.2.3.
Port Configuration Command Set Setting Speed and Duplex Mode 4.2.3.1 set port speed Use this command to configure the default speed of a port interface. This setting only takes effect on ports that have auto-negotiation disabled. set port speed port-string {10 | 100 | 1000} Syntax Description port-string Specifies the port(s) for which speed will be set. For a detailed description of possible port-string values, refer to Section 4.1.2. 10 | 100 | 1000 Specifies the port speed.
Port Configuration Command Set Setting Speed and Duplex Mode 4.2.3.2 set port duplex Use this command to configure the duplex type of one or more ports. set port duplex port-string {full | half} Syntax Description port-string Specifies the port(s) for which duplex type will be set. For a detailed description of possible port-string values, refer to Section 4.1.2. full | half Sets the port to full-duplex or half-duplex operation. Command Defaults None. Command Type Switch command.
Port Configuration Command Set Enabling / Disabling Jumbo Frame Support 4.2.4 Enabling / Disabling Jumbo Frame Support Purpose To review, enable, and disable jumbo frame support on all ports. This allows ports to transmit frames up to 6 KB in size. Commands The commands used to review, enable and disable jumbo frame support are listed below and described in the associated section as shown. • show port jumbo (Section 4.2.4.1) • set port jumbo (Section 4.2.4.
Port Configuration Command Set Enabling / Disabling Jumbo Frame Support 4.2.4.1 show port jumbo Use this command to display the status of jumbo frame support and maximum transmission units (MTU) on one or more ports. show port jumbo Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only.
Port Configuration Command Set Enabling / Disabling Jumbo Frame Support 4.2.4.2 set port jumbo Use this command to enable or disable jumbo frame support on all ports. set port jumbo {disable | enable} Syntax Description disable | enable Disables or enables jumbo frame support. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
Port Configuration Command Set Setting Port Auto-Negotiation and Advertised Ability 4.2.5 Setting Port Auto-Negotiation and Advertised Ability Purpose To determine whether auto-negotiation is enabled or disabled for the specific port and to set the state, and to display or set a port’s advertised mode of operation. During auto-negotiation and advertised ability, the port “tells” the device at the other end of the segment what its capabilities and mode of operation are.
Port Configuration Command Set Setting Port Auto-Negotiation and Advertised Ability 4.2.5.1 show port negotiation Use this command to display the status of auto-negotiation for one or more ports. show port negotiation [port-string] Syntax Description port-string (Optional) Displays auto-negotiation status for specific port(s). For a detailed description of possible port-string values, refer to Section 4.1.2.
Port Configuration Command Set Setting Port Auto-Negotiation and Advertised Ability 4.2.5.2 set port negotiation Use this command to enable or disable auto-negotiation on one or more ports. set port negotiation port-string {enable | disable} Syntax Description port-string Specifies the port(s) for which to enable or disable auto-negotiation. For a detailed description of possible port-string values, refer to Section 4.1.2. enable | disable | Enables or disables auto-negotiation.
Port Configuration Command Set Setting Port Auto-Negotiation and Advertised Ability 4.2.5.3 show port advertised ability Use this command to display the advertised ability on one or more ports. show port advertised ability [port-string] Syntax Description port-string (Optional) Displays advertised ability for specific port(s). For a detailed description of possible port-string values, refer to Section 4.1.2.
Port Configuration Command Set Setting Port Auto-Negotiation and Advertised Ability Example This example shows how to display advertised ability on all ports: Matrix>show port advertised ability Port Advertised Ability ------------------------------------------------------fe.0.1 10half 10full 100half 100full fe.0.2 10half 10full 100half 100full fe.0.3 10half 10full 100half 100full fe.0.4 10half 10full 100half 100full fe.0.5 10half 10full 100half 100full fe.0.6 10half 10full 100half 100full fe.0.
Port Configuration Command Set Setting Port Auto-Negotiation and Advertised Ability 4.2.5.4 set port advertised ability Use this command to enable or disable and to configure the advertised ability on one or more ports. set port advertised ability port-string {10 | 100 | 1000 | all} {half | full | all} {disable | enable} Syntax Description port-string Specifies the port(s) for which to enable, disable or configure advertised ability.
Port Configuration Command Set Setting Flow Control and Thesholds 4.2.6 Setting Flow Control and Thesholds About Managing Oversubscribed Ports At times during normal switch operation, a burst of traffic could temporarily oversubscribe an egress port. Oversubscribed means more traffic is destined to a port than it can transmit. The two general approaches to handle this situation are flow control and Head of Line (HOL) Blocking Prevention.
Port Configuration Command Set Setting Flow Control and Thesholds Commands The commands needed to set port flow control and thresholds are listed below and described in the associated section as shown. • show port flowcontrol (Section 4.2.6.1) • set port flowcontrol (Section 4.2.6.2) • show port buffer threshold (Section 4.2.6.3) • set port buffer threshold (Section 4.2.6.4) • show port holbp (Section 4.2.6.5) • set port holbp (Section 4.2.6.
Port Configuration Command Set Setting Flow Control and Thesholds 4.2.6.1 show port flowcontrol Use this command to display the flow control state for one or more ports. show port flowcontrol [port-string] Syntax Description port-string (Optional) Displays flow control state for specific port(s). For a detailed description of possible port-string values, refer to Section 4.1.2. Command Defaults If port-string is not specified, flow control statistics for all ports will be displayed.
Port Configuration Command Set Setting Flow Control and Thesholds 4.2.6.2 set port flowcontrol Use this command to enable or disable flow control for one or more ports. set port flowcontrol port-string {disable | enable} Syntax Description port-string Specifies the port(s) for which to enable or disable flow control. For a detailed description of possible port-string values, refer to Section 4.1.2. disable | enable Disables or enables flow control. Command Defaults None. Command Type Switch command.
Port Configuration Command Set Setting Flow Control and Thesholds 4.2.6.3 show port buffer threshold Use this command to display port buffer threshold settings. show port buffer threshold Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only. Example This example shows how to display port buffer threshold settings.
Port Configuration Command Set Setting Flow Control and Thesholds 4.2.6.4 set port buffer threshold Use this command to configure buffer threshold settings for a group of ports. This command applies priority queue or buffer percentages to various types of ingress or egress thresholds, and can also be used to reset all thresholds back to default values. Ingress thresholds are used for buffer control at the point the frame enters the switch.
Port Configuration Command Set Setting Flow Control and Thesholds threshold (Cont’d) • EgressGeneral - controls the buffer allocations for unicast frames destined to a single egress port, for multicast frames queued for egress per device, and for frames destined for routing ports. • ResetAll - resets all threshold types.
Port Configuration Command Set Setting Flow Control and Thesholds xon-limit xoff-limit When the IngressRX threshold type is chosen, sets the Xon and Xoff limits. When this limit is reached, the receiving port sends flow control pause frames the sending port requesting that transmissions be “turned off”. Once the sending port responds to the request, the frames will empty until the Xon threshold is reached.
Port Configuration Command Set Setting Flow Control and Thesholds Examples This example shows how to set all buffer queues to 25 percent for multicast and unicast traffic switched out all Fast Ethernet ports: Matrix>set port buffer threshold egressallpri fe 25.0 25.0 25.0 25.0 This example shows how to set the receive buffer and the flow control on and off limit buffers within the IngressRX threshold for frames destined for Gigabit Ethernet ports: Matrix>set port buffer threshold ingressrx ge 30.0 20.
Port Configuration Command Set Setting Flow Control and Thesholds 4.2.6.5 show port holbp Use this command to display Head of Line (HOL) Blocking Prevention settings for one or more ports. show port holbp port-string {ingress | egress} Syntax Description port-string Specifies the port(s) for which to display HOL Blocking Prevention settings. For a detailed description of possible port-string values, refer to Section 4.1.2. ingress | egress Displays ingress or egress HOL settings.
Port Configuration Command Set Setting Flow Control and Thesholds limits must be configured using the set port buffer threshold command as described in Section 4.2.6.4: Matrix>show port holbp ge.0.* egress Port Egress HOL Priority Queue 0 1 2 ge.0.1 enabled enabled enabled ge.0.2 enabled enabled enabled ge.0.3 enabled enabled enabled ge.0.4 enabled enabled enabled ge.0.5 enabled enabled enabled ge.0.
Port Configuration Command Set Setting Flow Control and Thesholds 4.2.6.6 set port holbp Use this command to enables or disable Head of Line (HOL) Blocking Prevention for one or more ports. HOL Blocking Prevention drops frames after a pre-defined number of frames are queued to a congested port. This prevents flow control from hampering other uncongested ports at the expense of dropping frames to the congested port.
Port Configuration Command Set Setting Port Traps 4.2.7 Setting Port Traps Purpose To display the status, and to enable or disable an SNMP link trap on one or more ports. This operation is typically used to alert the system manager of a change in the link status of the port. Command The commands needed to display, enable or disable port traps are listed below and described in the associated section as shown. • show port trap (Section 4.2.7.1) • set port trap (Section 4.2.7.
Port Configuration Command Set Setting Port Traps 4.2.7.1 show port trap Use this command to display the status of an SNMP link trap on one or more ports. show port trap [port-string] Syntax Description port-string (Optional) Displays trap status for specific port(s). For a detailed description of possible port-string values, refer to Section 4.1.2. Command Defaults If port-string is not specified, the trap status for all ports will be displayed. Command Type Switch command. Command Mode Read-Write.
Port Configuration Command Set Setting Port Traps This example shows how to display SNMP link trap status for all ports: Matrix>show port trap Port State --------- --------fe.0.1 enabled fe.0.4 enabled fe.0.7 enabled fe.0.10 enabled fe.0.13 enabled fe.0.16 enabled fe.0.19 enabled fe.0.22 enabled fe.0.25 enabled fe.0.28 enabled fe.0.31 enabled fe.0.34 enabled fe.0.37 enabled fe.0.40 enabled fe.0.43 enabled fe.0.46 enabled Port State --------- --------fe.0.2 enabled fe.0.5 enabled fe.0.8 enabled fe.0.
Port Configuration Command Set Setting Port Traps 4.2.7.2 set port trap Use this command to enable or disable an SNMP link trap on one or more ports. set port trap port-string {enable | disable} Syntax Description port-string Specifies the port(s) for which to enable or disable a trap. For a detailed description of possible port-string values, refer to Section 4.1.2. enable | disable Enables or disables a trap on the specified port. Command Defaults None. Command Type Switch command.
Overview: Port Mirroring Setting Port Mirroring 4.3 OVERVIEW: PORT MIRRORING CAUTION: Port mirroring configuration should be performed only by personnel who are knowledgeable about the effects of port mirroring and its impact on network operation. The Matrix E1 allows you to mirror the traffic being switched on one or more ports for the purposes of network traffic analysis and connection assurance. When port mirroring is enabled, one port becomes a monitor port for other ports within the device.
Overview: Port Mirroring Setting Port Mirroring 4.3.1.1 show port mirroring Use this command to display the source and target ports for mirroring, and whether mirroring is currently enabled or disabled for those ports. show port mirroring Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only. Example This example shows how to display port mirroring information. In this case, two mirroring configurations have been set.
Overview: Port Mirroring Setting Port Mirroring 4.3.1.2 set port mirroring Use this command to enable, disable or configure mirroring between ports. set port mirroring {disable | enable | source_port target_port} Syntax Description disable | enable Disables or enables port mirroring. source_port Specifies the port designation for the source on which the traffic will be monitored. For a detailed description of possible port-string values, refer to Section 4.1.2.
Overview: Port Mirroring Setting Port Mirroring This example shows how to disable port mirroring: Matrix>set port mirroring disable 4-48 Matrix E1 Series (1G58x-09 and 1H582-xx) Configuration Guide
Overview: Port Mirroring Setting Port Mirroring 4.3.1.3 clear port mirroring Use this command to clear a mirroring association between ports. clear port mirroring source_port Syntax Description source_port Specifies the source port for the mirroring association to be cleared. For a detailed description of possible port-string values, refer to Section 4.1.2. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
Overview: Link Aggregation Matrix E1 Trunk and LAG Usage Considerations 4.4 OVERVIEW: LINK AGGREGATION Link aggregation — using multiple links simultaneously — is a powerful feature for increasing the bandwidth of a network connection and for ensuring fault recovery. Matrix E1 devices support the following two methods of link aggregation: • Port Trunking — Statically grouping ports by creating and assigning ports to a “trunk”.
Overview: Link Aggregation Port Grouping Considerations • None of the ports in a trunk or LAG can be configured as a mirror source port or mirror target port. • All the ports in a trunk or LAG have to be treated as a whole when moved from/to, added or deleted from a VLAN. • The Spanning Tree Algorithm will treat all the ports in a trunk or LAG as a whole. • The Spanning Tree state of a trunk or LAG will be the Spanning Tree state of the lowest numbered port.
Overview: Link Aggregation Port Grouping Considerations Figure 4-3 Port Grouping Designations for the Matrix E1 1H582-51 1 2 1 2 1.x 1 2 3.x 2.x 0.x 1 2 3 4 5 6 3754_06 Figure 4-4 Port Grouping Designations for the Matrix E1 1H582-25 1 2 1.x 0.
Overview: Link Aggregation Port Grouping Considerations Table 4-5 Port Grouping IDs for the 1H-16TX and 1H-8FX Expansion Modules Expansion Module Slot Location 1H-16TX Group IDs Ports 1H-8FX Group IDs Ports 1, 2 or 3 1 2 1 thru 8 9 thru 16 1 1 thru 8 For details on how to specify port designation in the CLI syntax, refer to Section 4.1.2.
Overview: Link Aggregation Configuring Static Port Trunking 4.4.3 Configuring Static Port Trunking The Matrix E1 allows you to configure up to 12 trunks on the device. Depending on the Matrix E1 model type and the expansion module(s) installed, each trunk can combine up to eight ports into an aggregate connection with up to 8 Gbps of bandwidth when operating at full duplex.
Overview: Link Aggregation Configuring Static Port Trunking 4.4.3.1 show trunk Use this command to display trunking information for the device. Output will vary depending on the link aggregation mode of the device, as shown in the examples below. show trunk [trunk_name] Syntax Description trunk_name (Optional, portTrunking mode only) Displays trunking information for a specific trunk. Command Defaults If trunk_name is not specified, information for all trunks will be displayed.
Overview: Link Aggregation Configuring Static Port Trunking This example shows how to display trunking information when the device is in port trunking mode: Matrix>show trunk Device is in portTrunking mode. Trunking algorithm is round robin. trunkName: newtrunk1 Admin Status: enabled Oper Status: up trunkName: trunk2 Admin Status: disabled Oper Status: down This example shows how to display trunking information for trunk2 when the device is in port trunking mode: Matrix>show trunk trunk2 trunk port: fe.0.
Overview: Link Aggregation Configuring Static Port Trunking Table 4-6 show trunk Output Details (Continued) Output What It Displays... OKey (Displayed in 802.3ad mode only.) Operational key, which determines underlying physical ports’ ability to aggregate. For more details, refer to Section 4.4.8.2. ports (Displayed in 802.3ad mode only.) Physical ports belonging to the LAG.
Overview: Link Aggregation Configuring Static Port Trunking 4.4.3.2 set trunkmode Use this command to toggle the trunking mode on the device from the default (802.3ad) to port trunking, which allows the device to recognize statically created port trunks. set trunkmode {8023ad | porttrunking} Syntax Description 8023ad Enables 802.3ad link aggregation mode. porttrunking Enables manual port trunking mode. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
Overview: Link Aggregation Configuring Static Port Trunking 4.4.3.3 set trunk Use this command to create, enable or disable a trunk when the device is set to port trunking mode. set trunk trunk_name {create | disable | enable} Syntax Description trunk_name Specifies the name of the trunk port to be created, disabled or enabled. create | disable | enable Creates, disables or enables a trunk with the specified name. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
Overview: Link Aggregation Configuring Static Port Trunking 4.4.3.4 clear trunk Use this command to delete a trunk when the device is set to port trunking mode. clear trunk trunk_name Syntax Description trunk_name Specifies the name of the trunk to be deleted. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
Overview: Link Aggregation Configuring Static Port Trunking 4.4.3.5 set trunk port Use this command to add one or more trunk ports to an existing trunk when the device is set to port trunking mode. set trunk port trunk_name port-string Syntax Description trunk_name Specifies the name of the trunk to which the trunk port will be added. port-string Specifies the designation of the port(s) to be added to the trunk. For a detailed description of possible port-string values, refer to Section 4.1.2.
Overview: Link Aggregation Configuring Static Port Trunking 4.4.3.6 clear trunk port Use this command to remove a port from a trunk when the device is set to port trunking mode. clear trunk port trunk_name port-string Syntax Description trunk_name Specifies the name of the trunk from which the port will be removed. port-string Specifies the designation of the port to be removed from the trunk. For a detailed description of possible port-string values, refer to Section 4.1.2. Command Defaults None.
Overview: Link Aggregation Configuring Static Port Trunking 4.4.3.7 set trunk algorithm Sets the algorithm that will be used to distribution MAC addresses across a trunk group as they are learned on the device. set trunk algorithm {machashing | roundrobin} Syntax Description machashing Applies the MAC hashing algorithm. roundrobin Applies round robin distribution of MAC addresses. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
Overview: Link Aggregation Overview: Link Aggregation Control Protocol (LACP) 4.4.4 Overview: Link Aggregation Control Protocol (LACP) CAUTION: Link aggregation configuration should only be performed by personnel who are knowledgeable about Spanning Tree and Link Aggregation, and fully understand the ramifications of modifications beyond device defaults. Otherwise, the proper operation of the network could be at risk.
Overview: Link Aggregation LACP Terminology • Controlling the addition of a link to a LAG, and the creation of the group if necessary. • Monitoring the status of aggregated links to ensure that the aggregation is still valid. • Removing a link from a LAG if its membership is no longer valid, and removing the group if it no longer has any member links.
Overview: Link Aggregation Matrix E1 LAG Usage Considerations Table 4-7 LACP Terms and Definitions (Continued) Term Definition Actor and Partner An actor is the local device sending LACPDUs. Its protocol partner is the device on the other end of the link aggregation. Each maintains current status of the other via LACPDUs containing information about their ports’ LACP status and operational state. Admin Key Value assigned to aggregator ports and physical ports that are candidates for joining a LAG.
Overview: Link Aggregation Matrix E1 LAG Usage Considerations • Ethernet ports do not belong to the same port group. As described in Section 4.4.1, only one LAG is allowed per Ethernet port group. • There is no available aggregator for two or more ports with the same LAG ID. This can happen if there are simply no available aggregators, or if none of the aggregators have a matching admin key and system priority. • 802.1x authentication is enabled using the set eapol command (Section 14.3.2.
Overview: Link Aggregation Configuring Link Aggregation 4.4.8 Configuring Link Aggregation Purpose To disable and re-enable the Link Aggregation Control Protocol (LACP), to display and configure LACP settings for one or more aggregator ports, and to display and configure the LACP settings for underlying physical ports that are potential members of a link aggregation. NOTE: Commands with the keyword lacp can only be used when the device is in 802.3ad mode.
Overview: Link Aggregation Configuring Link Aggregation 4.4.8.1 set lacp Use this command to disable or enable the Link Aggregation Control Protocol (LACP) on the device. set lacp {disable | enable} Syntax Description disable | enable Disables or enables LACP. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
Overview: Link Aggregation Configuring Link Aggregation 4.4.8.2 set lacp static Use this command to assign one or more underlying physical ports to a Link Aggregation Group (LAG). This provides the ability to hard code LAG trunks, similar to forming trunks while the device is in port trunking mode, NOTES: At least two ports need to be assigned to a LAG port for a Link Aggregation Group to form and attach to the specified LAG port. Usage considerations discussed in Section 4.4.
Overview: Link Aggregation Configuring Link Aggregation 4.4.8.3 clear lacp static Use this command to remove specific ports from a Link Aggregation Group. clear lacp static lagportstring port-string Syntax Description lagportstring Specifies the LAG aggregator port from which ports will be removed. port-string Specifies the port(s) to remove from the LAG. For a detailed description of possible port-string values, refer to Section 4.1.2. Command Defaults None. Command Type Switch command.
Overview: Link Aggregation Configuring Link Aggregation 4.4.8.4 show port lacp Use this command to display link aggregation information for one or more underlying physical ports. show port lacp {[port-string] [counters port-string] [detail port-string]} Syntax Description port-string Displays LACP information for specific port(s). For a detailed description of possible port-string values, refer to Section 4.1.2. counters port-string Displays LACP counter information for one or more ports.
Overview: Link Aggregation Configuring Link Aggregation NOTES: State definitions, such as ActorAdminState and Partner AdminState, are indicated with letter abbreviations.
Overview: Link Aggregation Configuring Link Aggregation 4.4.8.5 set port lacp Use this command to set link aggregation parameters for one or more ports. These settings will determine the specified underlying physical ports’ ability to join a LAG, and their administrative state once aggregated.
Overview: Link Aggregation Configuring Link Aggregation Command Mode Read-Write. Examples This example shows how to place ports ge.0.1 and ge.0.2 in the same LAG by assigning both padminkey 1: Matrix>set port lacp padminkey ge.0.1 1 Matrix>set port lacp padminkey ge.0.2 1 This example shows how to clear the LAG created: Matrix>set port lacp padminkey ge.0.* default This example shows how to disable LACP processing on all Gigabit Ethernet front panel ports: Matrix>set port lacp disable ge.0.
Overview: Link Aggregation Configuring Port Broadcast Suppression 4.4.9 Configuring Port Broadcast Suppression Purpose To display, disable or set the broadcast thresholds on a per-port basis. This limits the amount of received broadcast frames that the specified port will be allowed to switch out to other ports. Broadcast suppression protects against broadcast storms, leaving more bandwidth available for critical data.
Overview: Link Aggregation Configuring Port Broadcast Suppression 4.4.9.1 show port broadcast Use this command to display port broadcast suppression information for one or more ports. show port broadcast [port-string] Syntax Description port-string (Optional) Displays broadcast status for specific port(s). For a detailed description of possible port-string values, refer to Section 4.1.2. Command Defaults If port-string is not specified, broadcast status of all ports will be displayed.
Overview: Link Aggregation Configuring Port Broadcast Suppression 4.4.9.2 set port broadcast Use this command to set the broadcast suppression limit in packets per second on one or more ports. This sets a threshold on the broadcast traffic that is received and switched out to other ports. set port broadcast port-string packet_count [disable | enable] Syntax Description port-string Specifies the port(s) for which to enable or disable broadcast suppression.
5 SNMP Configuration This chapter describes the Simple Network Management Protocol (SNMP) set of commands and how to use them. 5.1 SNMP CONFIGURATION SUMMARY SNMP is an application-layer protocol that facilitates the exchange of management information between network devices. SNMP enables network administrators to manage network performance, find and solve network problems, and plan for network growth.
SNMP Configuration Summary SNMPv3 5.1.2 SNMPv3 SNMPv3 is an interoperable standards-based protocol that provides secure access to devices by authenticating and encrypting frames over the network. The advanced security features provided in SNMPv3 are as follows: • Message integrity — Collects data securely without being tampered with or corrupted. • Authentication — Determines the message is from a valid source.
SNMP Configuration Summary Process Overview: SNMP Configuration Table 5-1 SNMP Security Levels Model Security Level Authentication Encryption How It Works v1 NoAuthNoPriv Community string None Uses a community string match for authentication. v2 NoAuthNoPriv Community string None Uses a community string match for authentication. v3 NoAuthNoPriv User name None Uses a user name match for authentication. AuthNoPriv MD5 None Provides authentication based on the HMAC-MD5 algorithm.
SNMP Command Set Disabling / Enabling and Reviewing SNMP Statistics 6. Configuring SNMP target addresses (Section 5.2.6) 7. Configuring SNMP notification parameters (Section 5.2.7) 8. Configuring a basic SNMP trap notification (Section 5.2.8) 5.2 SNMP COMMAND SET 5.2.1 Disabling / Enabling and Reviewing SNMP Statistics Purpose To disable, re-enable SNMP and to review SNMP statistics.
SNMP Command Set Disabling / Enabling and Reviewing SNMP Statistics 5.2.1.1 show snmp Use this command to display the status of SNMP management on the device. By default, it is enabled at device startup. show snmp Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only. Example This example shows how to display SNMP status: Matrix>show snmp SNMP is currently enabled.
SNMP Command Set Disabling / Enabling and Reviewing SNMP Statistics 5.2.1.2 set snmp Use this command to enable or disable SNMP management on the device. set snmp {enable | disable} Syntax Description enable | disable Enables or disables SNMP management. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
SNMP Command Set Disabling / Enabling and Reviewing SNMP Statistics 5.2.1.3 show snmp engineid Use this command to display the SNMP local engine ID. This is the SNMP v3 engine’s administratively unique identifier. show snmp engineid Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only.
SNMP Command Set Disabling / Enabling and Reviewing SNMP Statistics 5.2.1.4 show snmp counters Use this command to display SNMP traffic counter values. show snmp counters Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only.
SNMP Command Set Disabling / Enabling and Reviewing SNMP Statistics Example This example shows how to display SNMP counter values Matrix>show snmp counters --- mib2 SNMP group counters: snmpInPkts = 396601 snmpOutPkts = 396601 snmpInBadVersions = 0 snmpInBadCommunityNames = 0 snmpInBadCommunityUses = 0 snmpInASNParseErrs = 0 snmpInTooBigs = 0 snmpInNoSuchNames = 0 snmpInBadValues = 0 snmpInReadOnlys = 0 snmpInGenErrs = 0 snmpInTotalReqVars = 403661 snmpInTotalSetVars = 534 snmpInGetRequests = 290 snmpInGet
SNMP Command Set Disabling / Enabling and Reviewing SNMP Statistics Table 5-3 show snmp counters Output Details Output What It Displays... snmpInPkts Number of messages delivered to the SNMP entity from the transport service. snmpOutPkts Number of SNMP messages passed from the SNMP protocol entity to the transport service. snmpInBadVersions Number of SNMP messages delivered to the SNMP entity for an unsupported SNMP version.
SNMP Command Set Disabling / Enabling and Reviewing SNMP Statistics Table 5-3 show snmp counters Output Details (Continued) Output What It Displays... snmpInTotalReqVars Number of MIB objects retrieved successfully by the SNMP protocol entity as the result of receiving valid SNMP Get-Request and Get-Next PDUs. snmpInTotalSetVars Number of MIB objects altered successfully by the SNMP protocol entity as the result of receiving valid SNMP Set-Request PDUs.
SNMP Command Set Disabling / Enabling and Reviewing SNMP Statistics Table 5-3 show snmp counters Output Details (Continued) Output What It Displays... snmpOutGetNexts Number of SNMP Get-Next PDUs generated by the SNMP protocol entity. snmpOutSetRequests Number of SNMP Set-Request PDUs generated by the SNMP protocol entity. snmpOutGetResponses Number of SNMP Get-Response PDUs generated by the SNMP protocol entity. snmpOutTraps Number of SNMP Trap PDUs generated by the SNMP protocol entity.
SNMP Command Set Disabling / Enabling and Reviewing SNMP Statistics Table 5-3 show snmp counters Output Details (Continued) Output What It Displays... usmStatsWrongDigests Number of packets received by the SNMP engine that were dropped because they did not contain the expected digest value. usmStatsDecriptionErrors Number of packets received by the SNMP engine that were dropped because they could not be decrypted.
SNMP Command Set Configuring SNMP Users, Groups and Communities 5.2.2 Configuring SNMP Users, Groups and Communities Purpose To review and configure SNMP users, groups and communities. These are defined as follows: • User — A person registered in SNMPv3 to access SNMP management. • Group — A collection of users who share the same SNMP access privileges. • Community — A name used to authenticate SNMPv1 and v2 users.
SNMP Command Set Configuring SNMP Users, Groups and Communities 5.2.2.1 show snmp user Use this command to display information about users. These are people registered to access SNMP management. show snmp user [user] | [remote remote] Syntax Description user (Optional) Displays information about a specific user. remote remote (Optional) Displays information about users on a specific remote SNMP engine. Command Defaults • If user is not specified, information about all SNMP users will be displayed.
SNMP Command Set Configuring SNMP Users, Groups and Communities Table 5-4 5-16 show snmp user Output Details Output What It Displays... EngineId SNMP local engine identifier. Username SNMPv1 or v2 community name or SNMPv3 user name. Auth protocol Type of authentication protocol applied to this user. Privacy protocol Whether a privacy protocol is applied when authentication protocol is in use.
SNMP Command Set Configuring SNMP Users, Groups and Communities 5.2.2.2 set snmp user Use this command to create a new SNMPv3 user. set snmp user user [authentication {md5 authpassword [privacy privpassword]][remote remote] [{volatile | nonvolatile}] Syntax Description user Specifies a name for the SNMPv3 user. authentication md5 (Optional) Specifies the authentication type required for this user as MD5. authpassword (Optional) Specifies a password for this user when authentication is required.
SNMP Command Set Configuring SNMP Users, Groups and Communities Example This example shows how to create a new SNMP user named “netops” with MD5 authentication and privacy encryption: Matrix>set snmp user netops authentication md5 passwordone privacy passwordtwo Matrix>Enter authentication password>*********** Matrix>Reenter authentication password>*********** Matrix>Enter privacy password>*********** Matrix>Reenter privacy password>*********** 5-18 Matrix E1 Series (1G58x-09 and 1H582-xx) Configuration
SNMP Command Set Configuring SNMP Users, Groups and Communities 5.2.2.3 clear snmp user Use this command to remove a user from the SNMPv3 security-model list. clear snmp user user [remote remote] Syntax Description user Specifies an SNMPv3 user to remove. remote remote (Optional) Removes the user from a specific remote SNMP engine. Command Defaults If remote is not specified, the user will be removed from the local SNMP engine. Command Type Switch command. Command Mode Read-Write.
SNMP Command Set Configuring SNMP Users, Groups and Communities 5.2.2.4 show snmp group Use this command to display an SNMP group configuration. An SNMP group is a collection of SNMPv3 users who share the same access privileges. show snmp group [groupname] [user user] [security-model {v1 | v2 | v3}] Syntax Description groupname groupname (Optional) Displays information for a specific SNMP group. user user (Optional) Displays information about users within the specified group.
SNMP Command Set Configuring SNMP Users, Groups and Communities Example This example shows how to display SNMP group information: Matrix>show snmp group --- SNMP group information --Security model = SNMPv1 Security/user name = public Group name = Anyone Storage type = nonVolatile Row status = active Security model Security/user name Group name Storage type Row status = = = = = SNMPv1 public.router1 Anyone nonVolatile active Table 5-5 shows a detailed explanation of the command output.
SNMP Command Set Configuring SNMP Users, Groups and Communities 5.2.2.5 set snmp group Use this command to create an SNMP group. This associates SNMPv3 users to a group that shares common access privileges. set snmp group groupname user user security-model {v1 | v2 | v3} [volatile | nonvolatile] Syntax Description groupname Specifies an SNMP group name to create. user user Specifies an SNMPv3 user name to assign to the group.
SNMP Command Set Configuring SNMP Users, Groups and Communities 5.2.2.6 clear snmp group Use this command to clear SNMP group settings globally or for a specific SNMP group or user. clear snmp group groupname user [security-model {v1 | v2 | v3}] Syntax Description groupname Specifies the SNMP group to be cleared. user Specifies the SNMP user to be cleared. security-model v1 | (Optional) Clears the settings associated with a specific v2 | v3 security model.
SNMP Command Set Configuring SNMP Users, Groups and Communities 5.2.2.7 show community Use this command to display SNMPv1 and v3 community names and access policies. In SNMPv1 and v2, community names act as passwords to remote SNMP management. Access is controlled by enacting either of two levels of security authorization (Read-Only or Read-Write). show community Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only.
SNMP Command Set Configuring SNMP Users, Groups and Communities 5.2.2.8 set community Use this command to set SNMPv1 and v2 community names and access policies. set community community_name access_ policy Syntax Description community_name Specifies the name through which a user will access SNMP management. Up to 5 community names can be set. access_ policy Specifies the access permission accorded each community name.
SNMP Command Set Configuring SNMP Users, Groups and Communities 5.2.2.9 clear community Use this command to delete an SNMPv1 or v2 community name. clear community community_name Syntax Description community_name Specifies the SNMP management user access name to be deleted. Command Defaults None. Command Type Switch command. Command Mode Read-Write. Example This example shows how to delete the community name “green.
SNMP Command Set Configuring SNMP Users, Groups and Communities 5.2.2.10 show snmp community Use this command to display the mapping of SNMPv1and v2 community names to SNMPv3 access policies. show snmp community [name] Syntax Description name (Optional) Displays SNMP information for a specific community name. Command Defaults If name is not specified, information will be displayed for all SNMP communities. Command Type Switch command. Command Mode Read-Only.
SNMP Command Set Configuring SNMP Users, Groups and Communities 5.2.2.11 set snmp community Use this command to create a relationship between an SNMP v1 or v2 community name and an SNMPv3 access policy. set snmp community name {user username} [volatile | nonvolatile] Syntax Description name Specifies a community name. user username Specifies the SNMPv3 user name to which this community name will be mapped. For details on creating an SNMP v3 user, refer to Section 5.2.2.2.
SNMP Command Set Configuring SNMP Users, Groups and Communities 5.2.2.12 clear snmp community Use this command to remove a relationship between an SNMP v1 or v2 community name and an SNMPv3 access policy. clear snmp community name Syntax Description name Specifies the SNMPv1 or v2 community name for which the SNMPv3 relationship will be cleared. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
SNMP Command Set Configuring SNMP Access Rights 5.2.3 Configuring SNMP Access Rights Purpose To review and configure SNMP access rights, assigning viewing privileges and security levels to SNMP user groups. Commands The commands needed to review and configure SNMP access are listed below and described in the associated section as shown. • show snmp access (Section 5.2.3.1) • set snmp access (Section 5.2.3.2) • clear snmp access (Section 5.2.3.
SNMP Command Set Configuring SNMP Access Rights 5.2.3.1 show snmp access Use this command to display access rights and security levels configured for SNMP one or more groups. show snmp access [groupname] [security-model {v1 | v2 | v3 {noauth | auth | authpriv}] Syntax Description groupname (Optional) Displays access information for a specific SNMPv3 group. security-model v1 | (Optional) Displays access information for SNMP v2 | v3 security model version 1, 2c or 3.
SNMP Command Set Configuring SNMP Access Rights Example This example shows how to display SNMP access information: Matrix>show snmp access Group Name: initial Security Model: SNMPv3 Security Level: No authentication. Storage Type: nonvolatile Row Status: active Read View Name: internet Write View Name: internet Notify View Name: internet No Privacy. -----------------------------Group Name: initial-restricted Security Model: - SNMPv3 Security Level: No authentication.
SNMP Command Set Configuring SNMP Access Rights Table 5-7 show snmp access Output Details (Continued) Output What It Displays... Storage Type Whether access entries for this group are stored in volatile, nonvolatile or read-only memory. Row Status Status of this entry: active, notInService, or notReady. Read View Name Name of the view that allows this group to view SNMP MIB objects. Write View Name Name of the view that allows this group to configure the contents of the SNMP agent.
SNMP Command Set Configuring SNMP Access Rights 5.2.3.2 set snmp access Use this command to set an SNMP access configuration. set snmp access groupname security-model {v1 | v2 | v3 {noauth | auth | authpriv}} [read read] [write write] [notify notify] [volatile | nonvolatile] Syntax Description groupname Specifies a name for an SNMPv3 group. security-model v1 | Applies SNMP version 1, 2c or 3.
SNMP Command Set Configuring SNMP Access Rights Example This example shows how to set SNMP access privileges for the “mis-group” using the SNMP version 3 security model, authentication and privacy protocols, and allowing them to receive notification messages specified the “hello” notification configuration: Matrix>set snmp access mis-group security-model v3 authpriv notify hello Matrix E1 Series (1G58x-09 and 1H582-xx) Configuration Guide 5-35
SNMP Command Set Configuring SNMP Access Rights 5.2.3.3 clear snmp access Use this command to clear the SNMP access entry of a specific group, including its set SNMP security-model, and level of security. clear snmp access groupname security-model {v1 | v2 | v3 {noauth | auth | authpriv}} Syntax Description groupname Specifies the name of the SNMP group for which to clear access. security-model v1 | Specifies the security model to be cleared for the SNMP v2 | v3 access group.
SNMP Command Set Configuring SNMP MIB Views 5.2.4 Configuring SNMP MIB Views Purpose To review and configure SNMP MIB views. SNMP views map SNMP objects to access rights. Commands The commands needed to review and configure SNMP MIB views are listed below and described in the associated section as shown. • show snmp view (Section 5.2.4.1) • set snmp view (Section 5.2.4.2) • clear snmp view (Section 5.2.4.
SNMP Command Set Configuring SNMP MIB Views 5.2.4.1 show snmp view Use this command to display the MIB configuration for SNMPv3 view-based access (VACM). show snmp view [viewname] [subtree oid] Syntax Description viewname (Optional) Displays information for a specific MIB view. subtree oid (Optional) Displays information for a specific MIB subtree when viewname is specified. Command Defaults If no parameters are specified, all SNMP MIB view configuration information will be displayed.
SNMP Command Set Configuring SNMP MIB Views Table 5-8 show snmp view Output Details (Continued) Output What It Displays... View Type Whether or not subtree use must be included or excluded for this view. Row Status Status of this entry: active, notInService, or notReady.
SNMP Command Set Configuring SNMP MIB Views 5.2.4.2 set snmp view Use this command to set a MIB configuration for SNMPv3 view-based access (VACM). set snmp view viewname subtree subtree [included | excluded] [volatile | nonvolatile] Syntax Description viewname Specifies a name for a MIB view subtree subtree Specifies a MIB subtree name. included | excluded (Optional) Specifies subtree use (default) or no subtree use.
SNMP Command Set Configuring SNMP MIB Views 5.2.4.3 clear snmp view Use this command to delete an SNMPv3 MIB view. clear snmp view viewname subtree subtree Syntax Description viewname Specifies the MIB view name to be deleted. subtree subtree Specifies the subtree name of the MIB view to be deleted. Command Defaults None. Command Type Switch command. Command Mode Read-Write. Example This example shows how to delete SNMP MIB view “public”: Matrix>clear snmp view public subtree 1.3.6.
SNMP Command Set Configuring SNMP Target Parameters 5.2.5 Configuring SNMP Target Parameters Purpose To review and configure SNMP target parameters. This controls where and under what circumstances SNMP notifications will be sent. A target parameter entry can be bound to a target IP address allowed to receive SNMP notification messages with the set snmp targetaddr command (Section 5.2.6.2).
SNMP Command Set Configuring SNMP Target Parameters 5.2.5.1 show snmp targetparams Use this command to display SNMP parameters used to generate a message to a target. show snmp targetparams [targetparams] Syntax Description targetparams (Optional) Displays entries for a specific target parameter. Command Defaults If targetParams is not specified, entries associated with all target parameters will be displayed. Command Type Switch command. Command Mode Read-Only.
SNMP Command Set Configuring SNMP Target Parameters Example This example shows how to display SNMP target parameters information: Matrix>show snmp targetparams --- SNMP TargetParams information --Target Parameter Name = v1ExampleParams Security Name = public Message Proc. Model = SNMPv1 Security Level = noAuthNoPriv Storage type = nonVolatile Row status = active Target Parameter Name Security Name Message Proc.
SNMP Command Set Configuring SNMP Target Parameters Table 5-9 show snmp targetparams Output Details (Continued) Output What It Displays... Security Level Type of security level. Valid levels are: • noauth — No authentication or privacy protocol required. • auth — Authentication but no privacy protocol required. • authpriv — Authentication and privacy protocol required. Storage type Whether entry is stored in volatile, nonvolatile or read-only memory.
SNMP Command Set Configuring SNMP Target Parameters 5.2.5.2 set snmp targetparams Use this command to set SNMP target parameters, a named set of security/authorization criteria used to generate a message to a target. set snmp targetparams paramsname user user security-model {v1 | v2 | v3 {noauthentication | authentication | privacy}} [volatile | nonvolatile] Syntax Description paramsname Specifies a name identifying parameters used to generate SNMP messages to a particular target.
SNMP Command Set Configuring SNMP Target Parameters 5.2.5.3 clear snmp targetparams Use this command to delete an SNMP target parameter configuration. clear snmp targetparams targetparams Syntax Description targetparams Specifies the name of the parameter in the SNMP target parameters table to be cleared. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
SNMP Command Set Configuring SNMP Target Addresses 5.2.6 Configuring SNMP Target Addresses Purpose To review and configure SNMP target addresses which will receive SNMP notification messages. An address configuration can be linked to optional SNMP transmit, or target, parameters (such as timeout, retry count, and UDP port) set with the set snmp targetparams command (Section 5.2.5.2).
SNMP Command Set Configuring SNMP Target Addresses 5.2.6.1 show snmp targetaddr Use this command to display SNMP target address information. show snmp targetaddr [targetaddr] Syntax Description targetaddr (Optional) Displays information for a specific target address name. Command Defaults If targetAddr is not specified, entries for all target address names will be displayed. Command Type Switch command. Command Mode Read-Only.
SNMP Command Set Configuring SNMP Target Addresses Example This example shows how to display SNMP target address information: Matrix>show snmp targetaddr --- SNMP targetaddr information --Target Address Name = 1 Tag List = Console IP Address = 127.0.0.1 UDP Port# = 0 Target Mask = 255.255.255.
SNMP Command Set Configuring SNMP Target Addresses Table 5-10 show snmp targetaddr Output Details (Continued) Output What It Displays... Parameters Entry in the snmpTargetParamsTable. Storage type Whether entry is stored in volatile, nonvolatile or read-only memory. Row status Status of this entry: active, notInService, or notReady.
SNMP Command Set Configuring SNMP Target Addresses 5.2.6.2 set snmp targetaddr Use this command to set an SNMP target address configuration. The target address is a unique identifier and a specific IP address that will receive SNMP notification messages. This address configuration can be linked to optional SNMP transmit parameters (such as timeout, retry count, and UDP port).
SNMP Command Set Configuring SNMP Target Addresses Command Defaults • If not specified, udpport will be set to 162. • If not specified, timeout will be set to 1500 seconds. • If not specified, number of retries will be set to 3. • If not specified, storage type will be nonvolatile. • If taglist is not specified, none will be set. Command Type Switch command. Command Mode Read-Write.
SNMP Command Set Configuring SNMP Target Addresses 5.2.6.3 clear snmp targetaddr Use this command to delete an SNMP target address entry. clear snmp targetaddr targetAddr Syntax Description targetAddr Specifies the target address entry to delete. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
SNMP Command Set Configuring SNMP Notification Parameters 5.2.7 Configuring SNMP Notification Parameters Purpose To configure SNMP notification parameters and optional filters. Notifications are entities which handle the generation of SNMP v1 and v2 “traps” or SNMP v3 “informs” messages to select management targets. Optional notification filters identify which targets should not receive notifications.
SNMP Command Set Configuring SNMP Notification Parameters 5.2.7.1 show trap Use this command to display SNMP trap configuration information. show trap Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only Example This example shows how to display the SNMP trap configuration. In this case, there are two SNMP traps enabled. One is assigned to the “orange” community at IP address 1.2.3.4. Another is assigned to the “blue” community at IP address 100.54.5.112.
SNMP Command Set Configuring SNMP Notification Parameters 5.2.7.2 set trap Use this command to configure an SNMP trap assigned to an IP address. Since the device is an SNMP compliant device, it can send messages to multiple network management stations to alert users of status changes. For details on the types of traps this device supports, refer to the appropriate Matrix E1 Release Notes.
SNMP Command Set Configuring SNMP Notification Parameters 5.2.7.3 clear trap Use this command to clear an SNMP trap assigned to an IP address. clear trap ip_address Syntax Description ip_address Specifies the IP address of the trap to be cleared. Command Defaults None. Command Type Switch command. Command Mode Read-Write Example This example shows how to clear the trap assigned to IP address 172.29.65.123: Matrix>clear trap 172.29.65.
SNMP Command Set Configuring SNMP Notification Parameters 5.2.7.4 show snmp notify Use this command to display the SNMP notify configuration, which determines which management targets will receive SNMP notifications. show snmp notify [notify] Syntax Description notify (Optional) Displays notify entries for a specific notify name. Command Defaults If a notify name is not specified, all entries will be displayed. Command Type Switch command. Command Mode Read-Only.
SNMP Command Set Configuring SNMP Notification Parameters Table 5-12 5-60 show snmp notify Output Details Output What It Displays... Notify name A unique identifier used to index the SNMP notify table. Notify Tag Name of the entry in the SNMP motify table. Notify Type Type of notification: SNMPv1 or v2 trap or SNMPv3 InformRequest message. Storage Type Whether access entry is stored in volatile, nonvolatile or read-only memory.
SNMP Command Set Configuring SNMP Notification Parameters 5.2.7.5 set snmp notify Use this command to set the SNMP notify configuration. This creates an entry in the SNMP notify table, which is used to select management targets who should receive notification messages. This command’s tag parameter can be used to bind each entry to a target address using the set snmp targetaddr command (Section 5.2.6.2).
SNMP Command Set Configuring SNMP Notification Parameters 5.2.7.6 clear snmp notify Use this command to clear an SNMP notify configuration. set snmp notify notify Syntax Description notify Specifies an SNMP notify name to clear. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
SNMP Command Set Configuring SNMP Notification Parameters About SNMP Notify Filters Profiles indicating which targets should not receive SNMP notification messages are kept in the NotifyFilter table. If this table is empty, meaning that no filtering is associated with any SNMP target, then no filtering will take place. “Traps” or “informs” notifications will be sent to all destinations in the SNMP targetAddrTable that have tags matching those found in the NotifyTable.
SNMP Command Set Configuring SNMP Notification Parameters Example This example shows how to display SNMP notify filter information. In this case, the notify profile “pilot1” in subtree 1.3.6 will not receive SNMP notification messages: Matrix>show snmp notifyfilter --- SNMP notifyFilter information --Profile = pilot1 Subtree = 1.3.
SNMP Command Set Configuring SNMP Notification Parameters 5.2.7.8 set snmp notifyfilter Use this command to create an SNMP notify filter configuration. This identifies which management targets should NOT receive notification messages, which is useful for fine-tuning the amount of SNMP traffic generated. set snmp notifyfilter profile subtree oid [mask mask] [included | excluded] [volatile | nonvolatile] Syntax Description profile Specifies an SNMP filter notify name.
SNMP Command Set Configuring SNMP Notification Parameters 5.2.7.9 clear snmp notifyfilter Use this command to delete an SNMP notify filter configuration. clear snmp notifyfilter profile subtree oid Syntax Description profile Specifies an SNMP filter notify name to delete. subtree oid Specifies a MIB subtree containing the filter to be deleted. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
SNMP Command Set Configuring SNMP Notification Parameters 5.2.7.10 show snmp notifyprofile Use this command to display SNMP notify profile information. This associates target parameters to an SNMP notify filter to determine who should not receive SNMP notifications. show snmp notifyprofile [profile] [targetparam targetparam] Syntax Description profile (Optional) Displays a specific notify profile. targetparam targetparam (Optional) Displays entries for a specific target parameter.
SNMP Command Set Configuring SNMP Notification Parameters 5.2.7.11 set snmp notifyprofile Use this command to create an SNMP notify filter profile configuration. This associates a notification filter, created with the set snmp notifyfilter command (Section 5.2.7.8), to a set of SNMP target parameters to determine which management targets should not receive SNMP notifications.
SNMP Command Set Configuring SNMP Notification Parameters 5.2.7.12 clear snmp notifyprofile Use this command to delete an SNMP notify profile configuration. clear snmp notifyprofile profile targetparam targetparam Syntax Description profile Specifies an SNMP filter notify name to delete. targetparam targetparam Specifies an associated entry in the snmpTargetParamsTable. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
SNMP Command Set Basic SNMP Trap Configuration 5.2.8 Basic SNMP Trap Configuration Traps are notification messages sent by an SNMPv1 or v2 agent to a network management station, a console, or a terminal to indicate the occurrence of a significant event, such as when a port or module goes up or down, when there are authentication failures, and when power supply errors occur.
SNMP Command Set Basic SNMP Trap Configuration Table 5-13 Basic SNMP Trap Configuration Command Set (Continued) To do this... Use these commands... Create a target address entry. set snmp targetaddr (Section 5.2.6.2) Example The example in Figure 5-1 shows how to: • create an SNMP community called “mgmt” • configure a trap notification called “TrapSink”. This trap notification will be sent with the community name “mgmt” to the workstation 192.168.190.80 (which is target address “tr”).
6 Spanning Tree Configuration This chapter describes the Spanning Tree Configuration set of commands and how to use them. 6.1 SPANNING TREE CONFIGURATION SUMMARY 6.1.1 Overview: Single, Rapid and Multiple Spanning Tree Protocols The IEEE 802.1D Spanning Tree Protocol (STP) resolves the problems of physical loops in a network by establishing one primary path between any two devices in a network.
Spanning Tree Configuration Summary Spanning Tree Features particular Spanning Tree instance, allowing each switch port to be in a distinct state for each such instance: blocking for one Spanning Tree while forwarding for another. Thus, traffic associated with one set of VLANs can traverse a particular inter-switch link, while traffic associated with another set of VLANs can be blocked on that link.
Spanning Tree Configuration Command Set Process Overview: Spanning Tree Configuration 6.1.3 Process Overview: Spanning Tree Configuration CAUTION: Spanning Tree configuration should be performed only by personnel who are very knowledgeable about Spanning Trees and the configuration of the Spanning Tree Algorithm. Otherwise, the proper operation of the network could be at risk. Use the following steps as a guide in the Spanning Tree configuration process: 1.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters • clear spantree msti (Section 6.2.1.8) • show spantree mstmap (Section 6.2.1.9) • set spantree mstmap (Section 6.2.1.10) • clear spantree mstmap (Section 6.2.1.11) • show spantree vlanlist (Section 6.2.1.12) • show spantree mstcfgid (Section 6.2.1.13) • set spantree mstcfgid (Section 6.2.1.14) • clear spantree mstcfgid (Section 6.2.1.15) • set spantree priority (Section 6.2.1.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters • clear spantree tctrapsuppress (Section 6.2.1.35) • show spantree txholdcount (Section 6.2.1.36) • set spantree txholdcount (Section 6.2.1.37) • clear spantree txholdcount (Section 6.2.1.38) • set spantree maxhops (Section 6.2.1.39) • clear spantree maxhops (Section 6.2.1.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 6.2.1.1 show spantree stats Use this command to display Spanning Tree information for one or more ports or Spanning Trees. show spantree stats [sid sid] [port port-string] Syntax Description sid sid (Optional) Displays Spanning Tree information for a specific Spanning Tree. port port-string (Optional) Displays Spanning Tree information for specific port(s).
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters Example This example shows how to display Spanning Tree information for Fast Ethernet front panel port 1: Matrix>show spantree stats port fe.0.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters Table 6-1 6-8 show spantree stats Output Details (Continued) Output What It Displays... Designated Root Cost Total path cost to reach the root. Designated Root Port Port through which the root bridge can be reached. Root Max Age Amount of time (in seconds) a BPDU packet should be considered valid.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters Table 6-1 show spantree stats Output Details (Continued) Output What It Displays... Max Hops Spanning Tree maximum hop count. Default of 20 can be changed using the set spantree maxhops command, as described in Section 6.2.1.39. SID Spanning Tree ID. Port Spanning Tree port designation. For a detailed description of possible port-string values, refer to Section 4.1.2.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 6.2.1.2 set spantree Use this command to globally enable or disable the Spanning Tree protocol on the switch. set spantree {disable | enable} Syntax Description disable | enable Globally disables or enables Spanning Tree. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 6.2.1.3 show spantree version Use this command to display the current version of the Spanning Tree protocol running on the device. show spantree version Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 6.2.1.4 set spantree version Use this command to set the version of the Spanning Tree protocol to RSTP (Rapid Spanning Tree Protocol) or to STP 802.1D-compatible. set spantree version {mstp | rstp | stpcompatible} NOTE: In most networks, Spanning Tree version should not be changed from its default setting of mstp (Multiple Spanning Tree Protocol) mode.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 6.2.1.5 clear spantree version Use this command to reset the version of the Spanning Tree protocol to the default mode of MSTP. clear spantree version Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 6.2.1.6 show spantree mstilist Use this command to display a list of Multiple Spanning Tree (MST) instances configured on the device. show spantree mstilist Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only. Example This example shows how to display a list of MST instances.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 6.2.1.7 set spantree msti Use this command to create or delete a Multiple Spanning Tree instance. set spantree msti sid {create | delete} Syntax Description sid Sets the Multiple Spanning Tree ID. Valid values are 1 4094. NOTE: Matrix E1 devices will support up to 16 MST instances. create | delete Creates or deletes an MST instance. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 6.2.1.8 clear spantree msti Use this command to delete one or more Multiple Spanning Tree instances. clear spantree msti [sid] Syntax Description sid (Optional) Deletes a specific multiple Spanning Tree ID. Command Defaults If sid is not specified, all MST instances will be cleared. Command Type Switch command. Command Mode Read-Write.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 6.2.1.9 show spantree mstmap Use this command to display the mapping of a range of filtering database IDs (FIDs) to Spanning Trees. Since VLANs are mapped to FIDs, this shows to which SID a VLAN is mapped. show spantree mstmap first_fid_num [last_fid_num] Syntax Description first_fid_num Specifies the first in a range or FIDs for which MSTP mapping will be displayed.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 6.2.1.10 set spantree mstmap Use this command to map a filtering database ID (FID) to a SID. Since VLANs are mapped to FIDs, this essentially maps a Spanning Tree SID to a VLAN ID. set spantree mstmap fid_num sid Syntax Description fid_num Specifies a FID to assign to the MST. Valid values are 1 4094, and must correspond to a VLAN ID created using the set vlan command as described in Section 7.3.2.1.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 6.2.1.11 clear spantree mstmap Use this command to map a FID back to SID 0. clear spantree mstmap [fid_num] Syntax Description fid_num (Optional) Resets the mapping of a specific FID. Valid values are 1 - 4094, and must correspond to a VLAN ID created using the set vlan command as described in Section 7.3.2.1. Command Defaults If fid_num is not specified, all SID to FID mappings will be reset.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 6.2.1.12 show spantree vlanlist Use this command to display the VLAN(s) mapped to a Spanning Tree ID. show spantree vlanlist sid Syntax Description sid Specifies a Multiple Spanning Tree ID. Valid values are 1 4094, and must correspond to a SID created using the set spantree msti command as described in Section 6.2.1.7. Command Defaults None. Command Type Switch command. Command Mode Read-Only.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 6.2.1.13 show spantree mstcfgid Use this command to display the MST configuration identifier elements, including format selector, configuration name, revision level, and configuration digest. show spantree mstcfgid Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only. Example This example shows how to display the MST configuration identifier elements.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 6.2.1.14 set spantree mstcfgid Use this command to set the MST configuration name and/or revision level. set spantree mstcfgid {cfgname name | rev level} Syntax Description cfgname name Specifies an MST configuration name. rev level Specifies an MST revision level. Valid values are 1 - 65535. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 6.2.1.15 clear spantree mstcfgid Use this command to reset the MST revision level to a default value of 0, and the configuration name to a default string representing the bridge MAC address. clear spantree mstcfgid Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 6.2.1.16 set spantree priority Use this command to set the bridge priority for one or more Spanning Trees. The device with the highest priority becomes the Spanning Tree root device. If all devices have the same priority, the device with the lowest MAC address will then become the root device. set spantree priority bridge_priority [sid] Syntax Description bridge_priority Specifies the priority of the bridge.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 6.2.1.17 clear spantree priority Use this command to reset the bridge priority to the default value of 32768. clear spantree priority [sid] Syntax Description sid (Optional) Resets the bridge priority for a specific Spanning Tree. Command Defaults If sid is not specified, all SIDs will be reset. Command Type Switch command. Command Mode Read-Write.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 6.2.1.18 show spantree bridgehellomode Use this command to display the status of bridge hello mode on the device. When enabled, a single bridge administrative hello time is being used. When disabled, per-port administrative hello times are being used. show spantree bridgehellomode Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 6.2.1.19 set spantree bridgehellomode Use this command to enable or disable bridge hello mode on the device. set spantree bridgehellomode {enable | disable} Syntax Description enable Enables single Spanning Tree bridge hello mode. disable Disables single Spanning Tree bridge hello mode, allowing for the configuration of per-port hello times. Command Defaults None. Command Type Switch command.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 6.2.1.20 clear spantree bridgehellomode Use this command to reset the Spanning Tree administrative hello mode to enabled. clear spantree bridgehellomode Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 6.2.1.21 set spantree hello Use this command to set the hello time for the bridge or for one or more ports. This is the time interval (in seconds) the device will transmit BPDUs indicating it is active.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 6.2.1.22 clear spantree hello Use this command to reset the bridge hello time for the bridge or for one or more ports to the default value of 2 seconds. clear spantree hello [port-string] Syntax Description port-string (Optional) Resets the hello time for specific port(s). NOTE: Port-string cannot be specified if bridge hello mode is enabled.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 6.2.1.23 set spantree maxage Use this command to set the bridge maximum aging time. This is the maximum time (in seconds) a device can wait without receiving a configuration message (bridge “hello”) before attempting to reconfigure. All device ports (except for designated ports) should receive configuration messages at regular intervals.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 6.2.1.24 clear spantree maxage Use this command to reset the bridge maximum aging time to the default value of 20 seconds. clear spantree maxage Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 6.2.1.25 set spantree fwddelay Use this command to set the Spanning Tree forward delay. This is the maximum time (in seconds) the root device will wait before changing states (i.e., listening to learning to forwarding). This delay is required because every device must receive information about topology changes before it starts to forward frames.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 6.2.1.26 clear spantree fwddelay Use this command to reset the bridge forward delay to the default setting of 15 seconds. clear spantree fwddelay Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 6.2.1.27 show spantree autoedge Use this command to display the status of automatic edge port detection. show spantree autoedge Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only. Example This example shows how to display the status of the automatic edge port detection function: Matrix>show spantree autoedge autoEdge is currently enabled.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 6.2.1.28 set spantree autoedge Use this command to enable or disable the automatic edge port detection function. set spantree autoedge {disable | enable} Syntax Description disable | enable Disables or enables automatic edge port detection. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 6.2.1.29 clear spantree autoedge Use this command to reset automatic edge port detection to the default state of enabled. clear spantree autoedge Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 6.2.1.30 show spantree legacypathcost Use this command to display the status of the legacy (802.1D) path cost setting. show spantree legacypathcost Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only. Example This example shows how to display the status of the legacy path cost setting: Matrix>show spantree legacypathcost Legacy path cost is currently enabled.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 6.2.1.31 set spantree legacypathcost Use this command to enable or disable legacy (802.1D) path cost values. set spantree legacypathcost {disable | enable} Syntax Description disable | enable Disables or enables legacy (802.1D) path cost values. Command Defaults None. Command Type Switch command. Command Mode Read-Write. Example This example shows how to set the default path cost values to 802.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 6.2.1.32 clear spantree legacypathcost Use this command to reset path cost to 802.1D values. clear spantree legacypathcost Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 6.2.1.33 show spantree tctrapsuppress Use this command to display the status of topology change trap suppression on Rapid Spanning Tree edge ports. show spantree tctrapsuppress Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 6.2.1.34 set spantree tctrapsuppress Use this command to disable or enable topology change trap suppression on Rapid Spanning Tree edge ports. By default, RSTP non-edge (bridge) ports that transition to forwarding or blocking cause the switch to issue a topology change trap.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 6.2.1.35 clear spantree tctrapsupress Use this command to clear topology change trap suppression settings. clear spantree tctrapsuppress Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 6.2.1.36 show spantree txholdcount Use this command to display the maximum BPDU transmission rate. show spantree txholdcount Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only. Example This example shows how to display the transmit hold count setting: Matrix>show spantree txholdcount Tx hold count = 3.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 6.2.1.37 set spantree txholdcount Use this command to set the maximum BPDU transmission rate. This is the number of BPDUs which will be transmitted before transmissions are subject to a one-second timer. set spantree txholdcount txholdcount Syntax Description txholdcount Specifies the maximum number of BPDUs to be transmitted before transmissions are subject to a one-second timer. Valid values are 1 to 10.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 6.2.1.38 clear spantree txholdcount Use this command to reset the transmit hold count to the default value of 3. clear spantree txholdcount Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 6.2.1.39 set spantree maxhops Use this command to set the Spanning Tree maximum hop count. This is the maximum number of hops that the information for a particular Spanning Tree instance may traverse (via relay of BPDUs within the applicable MST region) before being discarded. set spantree maxhops max_hop_count Syntax Description max_hop_count Specifies the maximum number of hops allowed.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Bridge Parameters 6.2.1.40 clear spantree maxhops Use this command to reset the maximum hop count to the default value of 20. clear spantree maxhops Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Port Parameters 6.2.2 Reviewing and Setting Spanning Tree Port Parameters Purpose To display and set Spanning Tree port parameters, including enabling or disabling the Spanning Tree algorithm on one or more ports, displaying blocked ports, displaying and setting Spanning Tree port priorities and costs, configuring edge port parameters, configuring the secure span function, and setting point-to-point protocol mode.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Port Parameters • clear spantree securespantimeout (Section 6.2.2.19) • show spantree securespanlock (Section 6.2.2.20) • clear spantree securespanlock (Section 6.2.2.21) • show spantree adminpoint (Section 6.2.2.22) • set spantree adminpoint (Section 6.2.2.23) • clear spantree adminpoint (Section 6.2.2.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Port Parameters 6.2.2.1 show spantree portadmin Use this command to display the status of the Spanning Tree algorithm on one or more ports. show spantree portadmin port-string Syntax Description port-string Specifies port(s) for which to display status. For a detailed description of possible port-string values, refer to Section 4.1.2. Command Defaults None. Command Type Switch command. Command Mode Read-Only.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Port Parameters 6.2.2.2 set spantree portadmin Use this command to enable or disable the Spanning Tree algorithm on one or more ports. set spantree portadmin port-string {enable | disable} NOTE: Spanning Tree must be disabled on ports that will be dedicated as IP routing uplinks (VLANs). To display administrative status for all Spanning Tree ports, use the show spantree portadmin command as detailed in Section 6.2.2.1.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Port Parameters 6.2.2.3 clear spantree portadmin Use this command to reset the default Spanning Tree admin status to enable on one or more ports. clear spantree portadmin [port-string] Syntax Description port-string (Optional) Resets status to enable on specific port(s). For a detailed description of possible port-string values, refer to Section 4.1.2.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Port Parameters 6.2.2.4 show spantree blocked ports Use this command to display the blocked ports in one or more Spanning Trees. A port in this state does not participate in the transmission of frames, thus preventing duplication arising through multiple paths existing in the active topology of the bridged LAN. It receives Spanning Tree configuration messages, but does not forward packets.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Port Parameters 6.2.2.5 show spantree portpri Use this command to show the Spanning Tree priority for one or more ports. If the path cost for all ports on a device is the same, the port with the highest priority (i.e., lowest value) will be configured as an active link in the Spanning Tree. When more than one port is assigned the highest priority, the port with the lowest numeric identifier will be enabled.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Port Parameters 6.2.2.6 set spantree portpri Use this command to set a port’s priority for use in the Spanning Tree algorithm (STA). set spantree portpri port-string priority [sid] NOTE: Path cost (set spantree portcost) takes precedence over port priority. Syntax Description port-string Specifies the port(s) for which to set Spanning Tree port priority.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Port Parameters 6.2.2.7 clear spantree portpri Use this command to reset the bridge priority of a Spanning Tree port to the default value of 128. clear spantree portpri [port-string] [sid] Syntax Description port-string (Optional) Resets the priority for specific port(s). For a detailed description of possible port-string values, refer to Section 4.1.2. sid (Optional) Resets the port priority for a specific SID.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Port Parameters 6.2.2.8 show spantree portcost Use this command to display cost values assigned to one or more Spanning Tree ports. show spantree portcost port-string [sid] Syntax Description port-string Specifies the port(s) for which to display cost values. For a detailed description of possible port-string values, refer to Section 4.1.2. sid (Optional) Displays cost values for a specific SID.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Port Parameters 6.2.2.9 set spantree portcost Use this command to assign a cost value to a Spanning Tree or port. This parameter is used to determine the best path between Spanning Tree devices. Therefore, lower values should be assigned to ports attached to faster media, and higher values assigned to ports with slower media.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Port Parameters Example This example shows how to set port cost to 25 on Fast Ethernet front panel port 11: Matrix>set spantree portcost fe.0.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Port Parameters 6.2.2.10 clear spantree portcost Use this command to reset the path cost for a Spanning Tree or port to the default value of 0, allowing for path cost to be determined dynamically based on port speed. clear spantree portcost [port-string] [sid] Syntax Description port-string (Optional) Resets the path cost for specific port(s). For a detailed description of possible port-string values, refer to Section 4.1.2.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Port Parameters 6.2.2.11 show spantree adminedgeport Use this command to display the edge port administrative status for a port. show spantree adminedgeport port-string Syntax Description port-string Specifies the port(s) for which to display edge port administrative status. For a detailed description of possible port-string values, refer to Section 4.1.2. Command Defaults None. Command Type Switch command.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Port Parameters 6.2.2.12 set spantree adminedgeport Use this command to set the edge port administrative status on a Spanning Tree port. set spantree adminedgeport port-string {true | false} Syntax Description port-string Specifies the edge port. For a detailed description of possible port-string values, refer to Section 4.1.2. true | false Enables (true) or disables (false) the specified port as a Spanning Tree edge port.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Port Parameters 6.2.2.13 clear spantree adminedgeport Use this command to reset the edge port status for one or more Spanning Tree ports to the default value of false. clear spantree adminedgeport [port-string] Syntax Description port-string (Optional) Resets edge port status for specific port(s). For a detailed description of possible port-string values, refer to Section 4.1.2.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Port Parameters 6.2.2.14 show spantree securespan Use this command to display the status of the Spanning Tree secure span function. show spantree securespan Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only. Example This example shows how to display the secure span function status: Matrix>show spantree securespan Secure-Span is currently disabled.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Port Parameters 6.2.2.15 set spantree securespan Use this command to enable or disable the Spanning Tree secure span function. When enabled, this prevents an unauthorized bridge from becoming part of the active Spanning Tree topology. It does this by disabling a port that receives a BPDU when that port has been defined as an edge (user) port (as described in Section 6.2.2.12).
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Port Parameters 6.2.2.16 clear spantree securespan Use this command to resets the status of the Spanning Tree secure span function to disabled. clear spantree securespan Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Port Parameters 6.2.2.17 show spantree securespantimeout Use this command to display the Spanning Tree secure span timeout setting. show spantree securespantimeout Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only. Example This example shows how to display the secure span timeout setting: Matrix>show spantree securespantimeout secure-Span timeout is set at 300 seconds.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Port Parameters 6.2.2.18 set spantree securespantimeout Use this command to set the amount of time (in seconds) an edge port will remain locked by the secure span function. set spantree securespantimeout timeout Syntax Description timeout Specifies a timeout value in seconds. Valid values are 0 (forever) to 65535. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Port Parameters 6.2.2.19 clear spantree securespantimeout Use this command to reset the Spanning Tree secure span timeout to the default value of 300 seconds. clear spantree securespantimeout Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Port Parameters 6.2.2.20 show spantree securespanlock Use this command to display the secure span lock status of one or more ports. show spantree securespanlock port-string Syntax Description port-string Specifies the port(s) for which to show secure span lock status. For a detailed description of possible port-string values, refer to Section 4.1.2. Command Defaults None. Command Type Switch command. Command Mode Read-Only.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Port Parameters 6.2.2.21 clear spantree securespanlock Use this command to unlock one or more ports locked by the Spanning Tree secure span function. When secure scan is enabled, it locks ports that receive BPDUs when those ports have been defined as edge (user) ports (as described in Section 6.2.2.12). clear spantree securespanlock [port-string] Syntax Description port-string (Optional) Unlocks specific port(s).
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Port Parameters 6.2.2.22 show spantree adminpoint Use this command to display the administrative point-to-point status of the LAN segment attached to a port. show spantree adminpoint port-string Syntax Description port-string Specifies the port(s) for which to display point-to-point status. For a detailed description of possible port-string values, refer to Section 4.1.2. Command Defaults None. Command Type Switch command.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Port Parameters 6.2.2.23 set spantree adminpoint Use this command to set the administrative point-to-point status of the LAN segment attached to a Spanning Tree port. set spantree adminpoint port-string {true | false | auto} Syntax Description port-string Specifies the port(s) for which to set point-to-point protocol status. For a detailed description of possible port-string values, refer to Section 4.1.2.
Spanning Tree Configuration Command Set Reviewing and Setting Spanning Tree Port Parameters 6.2.2.24 clear spantree adminpoint Use this command to resets the point-to-point admin status to “auto” on one or more ports. clear spantree adminpoint [port-string] Syntax Description port-string (Optional) Resets point-to-point status on specific port(s). For a detailed description of possible port-string values, refer to Section 4.1.2.
7 802.1Q VLAN Configuration This chapter describes the VLAN configuration capabilities of the Matrix E1 device and how to use them to determine status, to add, change, or delete VLANs; assign ports to those VLANs, to classify frames to VLANs, to create a secure management VLAN, and configure the device for GVRP operation. The device can support up to 4094 802.1Q VLANs. The allowable range for VLANs is 2 to 4094. As a default, all ports on the device are assigned to VLAN ID 1, untagged. 7.
Process Overview: 802.1Q VLAN Configuration Port String Syntax Used in the CLI 7.2 PROCESS OVERVIEW: 802.1Q VLAN CONFIGURATION Use the following steps as a guide to configure VLANs on the device (refer to the associated section in parentheses): 1. Review existing VLANs (Section 7.3.1) 2. Create and name VLANs (Section 7.3.2) 3. Assign port VLAN IDs and Ingress Filtering (Section 7.3.3) 4. Configure VLAN Egress (Section 7.3.4) 5. Assign VLANs according to classification rules (Section 7.3.5) 6.
VLAN Configuration Command Set Reviewing Existing VLANs 7.3 7.3.1 VLAN CONFIGURATION COMMAND SET Reviewing Existing VLANs Purpose To see a list of the current VLANs configured on the device, their VLAN type, the VLAN attributes related to one or more ports, and the ports on a VLAN egress list. The device uses the VLAN egress list to keep track of all VLANs that it will recognize. Depending on the command used, you can see a list of all VLANs (dynamic and static) or just the static VLANs.
VLAN Configuration Command Set Reviewing Existing VLANs 7.3.1.1 show vlan Use this command to display all information related to a specific VLAN or all VLANs known to the device (static and dynamic). show vlan [detail] [vlan-list | vlan-name] Syntax Description detail (Optional) Displays detailed attributes of one or more VLANs. vlan-list | vlan-name (Optional) Displays information for specific VLAN(s). For VLAN name to display, it must first be set using the set vlan name command.
VLAN Configuration Command Set Reviewing Existing VLANs This example shows how to display the information for VLAN 7 only. In this case, VLAN 7 has a VLAN name of green and it is enabled. Fast Ethernet front panel ports 5 through 10, 12, and 30 are in VLAN 7 port egress list and are configured to transmit frames tagged as VLAN 7 frames. There are no VLAN 7 forbidden ports: Matrix>show vlan 7 VLAN: 7 Name: green Egress Ports fe.0.5-10, fe.0.12, fe.0.
VLAN Configuration Command Set Reviewing Existing VLANs 7.3.1.2 show vlan static Use this command to display all information related to a specific static VLAN or all static VLANs known to the device. Static VLANs are those VLANs that you have manually created using this command set, SNMP MIBs, or the WebView management application. show vlan static [vlan-list | vlan-name] Syntax Description vlan-list | vlan-name (Optional) Displays specific VLAN(s).
VLAN Configuration Command Set Reviewing Existing VLANs 7.3.1.3 show vlan portinfo Use this command to display VLAN attributes related to one or more ports. show vlan portinfo [vlan vlan-list | vlan-name] [port port-string] Syntax Description vlan vlan-list | vlan-name (Optional) Displays specific VLAN(s). For VLAN name to display, it must first be set using the set vlan name command. For details, refer to Section 7.3.2.2. port port-string (Optional) Displays the VLAN list for specific port(s).
VLAN Configuration Command Set Reviewing Existing VLANs Example This example shows how to display VLAN information related to all Gigabit Ethernet ports. In this case, all six ports ge.0.1-5 are still assigned to VLAN 1, the default VLAN. Ingress filtering has not been enabled. Ports ge.0.1-5 are assigned to transmit untagged frames for the default VLAN only, while, port ge.0.6 is also configured to transmit tagged frames for VLANs 510, 520, 530, 4000 and 4094: Matrix>show vlan portinfo ge*.
VLAN Configuration Command Set Creating and Naming Static VLANs 7.3.2 Creating and Naming Static VLANs Purpose To create a new static VLAN, or enable/disable the new or other existing static VLANs. Commands The commands needed to establish new or remove VLANs are listed below and described in the associated section as shown. • set vlan (Section 7.3.2.1) • set vlan name (Section 7.3.2.2) • clear vlan (Section 7.3.2.3) • clear vlan name (Section 7.3.2.
VLAN Configuration Command Set Creating and Naming Static VLANs 7.3.2.1 set vlan Use this command to create a new static IEEE 802.1Q VLAN, or to enable or disable an existing VLAN. When a new VLAN is created, it is added to the list of VLANs that the device will recognize. set vlan {create | enable | disable} vlan-list NOTE: Once a VLAN is created, you can assign it a name using the set vlan name command described in Section 7.3.2.2.
VLAN Configuration Command Set Creating and Naming Static VLANs 7.3.2.2 set vlan name Use this command to set the ASCII name for a new or existing VLAN. Once set, you can use the vlan-name interchangeably with the vlan-id in the show vlan, show vlan static and show vlan dynamicegress commands. set vlan name vlan-id | vlan-name NOTES: Each VLAN ID must be unique. If a duplicate VLAN ID is entered, the device assumes that the Administrator intends to modify the existing VLAN.
VLAN Configuration Command Set Creating and Naming Static VLANs 7.3.2.3 clear vlan Use this command to remove one or more static VLANs from the list of VLANs recognized by the device. clear vlan vlan-list Syntax Description vlan-list Specifies the VLAN(s) to be removed. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
VLAN Configuration Command Set Creating and Naming Static VLANs 7.3.2.4 clear vlan name Use this command to remove the name of a VLAN from the VLAN list. clear vlan name vlan-id Syntax Description vlan-id Specifies the number of the VLAN associated with the VLAN name to be cleared. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
VLAN Configuration Command Set Assigning Port VLAN IDs (PVIDs) and Ingress Filtering 7.3.3 Assigning Port VLAN IDs (PVIDs) and Ingress Filtering Purpose To assign default VLAN IDs to untagged frames on one or more ports. Using set port vlan you can, for example, assign ports 1, 5, 8, and 9 to VLAN 3. Untagged frames received on those ports will be assigned to VLAN 3. (By default, all ports are members of VLAN ID 1, the default VLAN.
VLAN Configuration Command Set Assigning Port VLAN IDs (PVIDs) and Ingress Filtering 7.3.3.1 show port vlan Use this command to display which VLANs are on one or all port VLAN lists. show port vlan [port-string] Syntax Description port-string (Optional) Displays the VLAN list for specific port(s). For a detailed description of possible port-string values, refer to Section 4.1.2. Command Defaults If port _string is not specified, all port VLAN information will be displayed. Command Type Switch command.
VLAN Configuration Command Set Assigning Port VLAN IDs (PVIDs) and Ingress Filtering 7.3.3.2 set port vlan Use this command to configure the PVID (port VLAN identifier) for one or more ports. set port vlan port-string vlan-id NOTE: The PVID is used to classify untagged frames as they ingress into a given port. When setting a PVID with the set port vlan command, you can also add the port to the VLAN’s untagged egress list.
VLAN Configuration Command Set Assigning Port VLAN IDs (PVIDs) and Ingress Filtering 7.3.3.3 clear port vlan Use this command to reset the port’s 802.1Q port VLAN ID to the host VLAN ID 1. clear port vlan port-string Syntax Description port-string Specifies the port(s) to reset to the host VLAN ID 1. For a detailed description of possible port-string values, refer to Section 4.1.2. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
VLAN Configuration Command Set Assigning Port VLAN IDs (PVIDs) and Ingress Filtering 7.3.3.4 show port ingress filter Use this command to show all ports that are enabled for port ingress filtering, which limits incoming VLAN ID frames according to a port VLAN egress list. If the port is not on the port VLAN egress list of the VLAN ID indicated in the incoming frame, then that frame is dropped and not forwarded.
VLAN Configuration Command Set Assigning Port VLAN IDs (PVIDs) and Ingress Filtering 7.3.3.5 set port ingress filter Use this command to limit the forwarding of received VLAN tagged frames on a port to the frames with VLAN IDs that match that port’s membership on port VLAN egress lists. When ingress filtering on a port is enabled, the VLAN IDs of incoming frames on a received port are compared to the received ports on the egress list of that VLAN.
VLAN Configuration Command Set Configuring the VLAN Egress List 7.3.4 Configuring the VLAN Egress List Purpose To assign or remove ports on the VLAN egress list for the device. This determines which ports will transmit frames of a particular VLAN. For example, ports 1, 5, 9, 8 could be assigned to transmit frames with VLAN ID=5. The port egress type for all ports defaults to tagging transmitted frames, but can be changed to forbidden or untagged.
VLAN Configuration Command Set Configuring the VLAN Egress List 7.3.4.1 set vlan forbidden Use this command to prevent one or more ports from participating in a VLAN. This setting instructs the device to ignore dynamic requests (either through GVRP or dynamic egress) for the port to join the VLAN. set vlan forbidden vlan-id port-string Syntax Description vlan-id Specifies the VLAN for which to set forbidden port(s). port-string Specifies the port(s) to set as forbidden for the specified vlan-id.
VLAN Configuration Command Set Configuring the VLAN Egress List 7.3.4.2 show port egress Use this command to display the VLAN membership for one or more ports. show port egress [port-string] Syntax Description port-string (Optional) Displays VLAN membership for specific port(s). For a detailed description of possible port-string values, refer to Section 4.1.2. Command Defaults If port-string is not specified, VLAN membership will be displayed for all ports. Command Type Switch command.
VLAN Configuration Command Set Configuring the VLAN Egress List 7.3.4.3 set vlan egress Use this command to add ports to one or more VLAN egress lists for the device. This determines which ports will transmit frames for a particular VLAN. set vlan egress vlan-list port-string [untagged] Syntax Description vlan-list Specifies the VLAN(s) where port(s) will be added to the egress list. port-string Specifies port(s) to add to the VLAN egress list of the specified vlan-id.
VLAN Configuration Command Set Configuring the VLAN Egress List 7.3.4.4 clear vlan egress Use this command to remove ports from one or more VLAN egress lists. clear vlan egress vlan-list port-string Syntax Description vlan-list Specifies the VLAN(s) from which port(s) will be removed from the egress list. port-string Specifies port(s) to remove from the VLAN egress list of the specified vlan-id. For a detailed description of possible port-string values, refer to Section 4.1.2. Command Defaults None.
VLAN Configuration Command Set Configuring the VLAN Egress List 7.3.4.5 show vlan dynamic egress Use this command to display which VLANs are currently enabled for VLAN dynamic egress. show vlan dynamicegress [vlan-id | vlan-name] Syntax Description vlan-id | vlan-name (Optional) Displays dynamic egress status for a specific VLAN ID or VLAN name. Command Defaults If vlan-id or vlan-name is not specified, status for all VLANs where dynamic egress is enabled will be displayed. Command Type Switch command.
VLAN Configuration Command Set Configuring the VLAN Egress List 7.3.4.6 set vlan dynamicegress Use this command to set the administrative status of the VLAN’s dynamic capability. If VLAN dynamic egress is enabled, the device will add the port receiving a tagged frame to the VLAN egress list of the port according to the frame VLAN ID. If the VLAN does not exist, it is created.
VLAN Configuration Command Set Assigning VLANs According to Classification Rules 7.3.5 Assigning VLANs According to Classification Rules Important Notice In addition to the commands described in this section, Matrix E1 (1G58x-09 and 1H582-xx) devices with firmware versions 2.05.xx and higher also support policy profile-based classification to a VLAN or Class of Service.
VLAN Configuration Command Set Assigning VLANs According to Classification Rules 7.3.5.1 show vlan classification Use this command to display the VLAN ID (VID), protocol classification, and description of each classification of the current entries. show vlan classification Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only. Command Alternative (v2.05.xx and higher) show policy class (Section 8.3.2.
VLAN Configuration Command Set Assigning VLANs According to Classification Rules 7.3.5.2 set vlan classification Use this command to • assign or contain frames according to classification rule, • enable or disable the global classifier on the device, • create a rule that will assign untagged traffic to a VLAN based on Layer 2/3/4 classification rules, and • enable or disable a classification rule associated with a VLAN.
VLAN Configuration Command Set Assigning VLANs According to Classification Rules create | enable | disable create - Creates a new classification rule that will be applied to the vlan-id. enable - If a classification rule is not entered in this command, this entry enables the global classifier in the device so that VLAN classification rules may be implemented. NOTE: Classification rules are automatically enabled when created.
VLAN Configuration Command Set Assigning VLANs According to Classification Rules Examples This example shows how to • enable the global classifier so that VLAN classification rules may be implemented, • use Table 7-1 to create (and enable) a classification rule for classifying Ethernet II Type IP frames to VLAN 7: Matrix>set vlan classification enable Matrix>set vlan classification 7 ethernet-II-type ip create This example shows how to use Table 7-2 to disable a VLAN 5 classification rule for filtering o
VLAN Configuration Command Set Assigning VLANs According to Classification Rules 7.3.5.3 Valid Values for VLAN Classification and Frame Filtering The following tables provide parameters for classifying a frame to a VLAN or filtering (dropping) untagged frames received on a VLAN. Table 7-1 provides the set vlan classification data_meaning parameters that can be entered to classify frames into a VLAN, and the data_values that can be entered for each classifier associated with those parameters.
VLAN Configuration Command Set Assigning VLANs According to Classification Rules Table 7-1 Valid Values for VLAN Classification (Continued) data_meaning keywords 802.3-SAP Table 7-2 data_value keywords (value applied) • • • • • IPX-LLC (E0E0) IPX-RAW (FFFF) IPX-SNAP (AAAA) Netbios (F0F0) SNA (0000, 0404, 0808 and 0C0C) data_ mask Not applicable.
VLAN Configuration Command Set Assigning VLANs According to Classification Rules Table 7-2 Valid Values for VLAN Frame Filtering (Continued) data_meaning data_value(s) data_ mask IP Address Group: IP Address in dotted decimal format: 000.000.000.000 Data mask in dotted decimal format: 000.000.000.
VLAN Configuration Command Set Assigning VLANs According to Classification Rules Table 7-2 Valid Values for VLAN Frame Filtering (Continued) data_meaning data_value(s) data_ mask TCP Port Group: Same selection as for UDP Port Group Not applicable. • • • • • • • • Not applicable.
VLAN Configuration Command Set Assigning VLANs According to Classification Rules 7.3.5.4 Classification Precedence Rules NOTE: It is important that you have a comprehensive understanding of the precedence concept before configuring the Matrix E1 device, as these rules can have a significant impact on the network operation.
VLAN Configuration Command Set Assigning VLANs According to Classification Rules Table 7-3 Classification Precedence (Continued) Default Precedence Level Classification Type (IPX) 802.
VLAN Configuration Command Set Assigning VLANs According to Classification Rules 7.3.5.5 clear vlan classification Use this command to clear a VLAN classification entry. clear vlan classification vlan-id data_meaning data _value [data_mask] Syntax Description vlan-id Specifies the number of the VLAN associated with the classification to be cleared. data_meaning Specifies the data_meaning of the classification to be cleared.
VLAN Configuration Command Set Assigning VLANs According to Classification Rules 7.3.5.6 set vlan classification ingress Use this command to add ports to a VLAN classification rule. Ports added will now be active for this rule. Untagged frames received will be tagged according to the VLAN classification rule.
VLAN Configuration Command Set Assigning VLANs According to Classification Rules Examples This example shows how to assign IP traffic received on Fast Ethernet front panel ports 5 through 15 to the IP VLAN (VLAN 7): Matrix>set vlan classification ingress 7 fe.0.5-15 ethernet-II-type ip This example shows how to drop all Source UDP traffic received on Fast Ethernet front panel ports 5 through 10 from source UDP (sockets) 45 to 53.
VLAN Configuration Command Set Assigning VLANs According to Classification Rules 7.3.5.7 clear vlan classification ingress Use this command to remove ports from a VLAN classification rule. clear vlan classification ingress vlan-id port-string data_meaning data_value [data_mask} Syntax Description vlan-id Specifies the number of the VLAN to remove from the classification rule. port-string Specifies the port(s) to remove from the classification rule.
VLAN Configuration Command Set Assigning VLANs According to Classification Rules Example This example shows how to remove Fast Ethernet front panel port 21 from the Source UDP Range classification rule to filter out (drop) incoming frames: Matrix>clear vlan classification ingress 6 fe.0.
VLAN Configuration Command Set Setting the Host VLAN 7.3.6 Setting the Host VLAN Purpose To assign the host port on the device to a VLAN that only select devices are allowed to access. This secures the host port. NOTE: The host port is the management entity of the device. Commands The commands needed to configure host VLANs are listed below and described in the associated section as shown. • show host vlan (Section 7.3.6.1) • set host vlan (Section 7.3.6.2) • clear host vlan (Section 7.3.6.
VLAN Configuration Command Set Setting the Host VLAN 7.3.6.1 show host vlan Use this command to display the current host VLAN. An application for a host VLAN would be to create a secure management-only VLAN. show host vlan Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only. Example This example shows how to display the host VLAN: Matrix>show host vlan Host vlan is 7.
VLAN Configuration Command Set Setting the Host VLAN 7.3.6.2 set host vlan Use this command to assign a host VLAN to a secure VLAN where only designated users are allowed access. For example, a host VLAN could be specifically created for device management. This would allow a management station connected to the management VLAN to manage all ports on the device and make management secure by preventing management via ports assigned to other VLANs.
VLAN Configuration Command Set Setting the Host VLAN 7.3.6.3 clear host vlan Use this command to reset the host VLAN to the default setting of 1. clear host vlan Syntax Description None. Command Defaults None. Command Type Switch Command. Command Mode Read-Write.
VLAN Configuration Command Set Creating a Secure Management VLAN 7.3.7 Creating a Secure Management VLAN If the Matrix E1 is to be configured for multiple VLANs, it may be desirable to configure a management-only VLAN. This allows a station connected to the management VLAN to manage all ports on the device. It also makes management secure by preventing configuration via ports assigned to other VLANs. To create a secure management VLAN, you must: 1. Create and name a new VLAN. (Section 7.3.2) 2.
VLAN Configuration Command Set Enabling/Disabling GVRP (GARP VLAN Registration Protocol) 7.3.8 Enabling/Disabling GVRP (GARP VLAN Registration Protocol) Purpose To dynamically create VLANs across a switched network. The GVRP command set is used to display GVRP configuration information, the current global GVRP state setting, individual port settings (enable or disable) and timer settings. By default, GVRP is enabled on all ports.
VLAN Configuration Command Set Enabling/Disabling GVRP (GARP VLAN Registration Protocol) Figure 7-1 Example of VLAN Propagation via GVRP Switch 3 Switch 2 1H152-51 1H152-51 2 4 6 8 10 12 14 16 18 20 22 24 26 28 30 32 34 36 38 40 42 44 46 48 1 3 5 7 9 11 13 15 17 19 21 23 25 27 29 31 33 35 37 39 41 43 45 47 2 4 6 8 10 12 14 16 18 20 22 24 26 28 30 32 34 36 38 40 42 44 46 48 1 3 5 7 9 11 13 15 17 19 21 23 25 27 29 31
VLAN Configuration Command Set Enabling/Disabling GVRP (GARP VLAN Registration Protocol) Commands The commands used to configure GVRP are listed below and described in the associated section as shown. • show gvrp (Section 7.3.8.1) • show garp timer (Section 7.3.8.2) • set gvrp (Section 7.3.8.3) • set garp timer (Section 7.3.8.
VLAN Configuration Command Set Enabling/Disabling GVRP (GARP VLAN Registration Protocol) 7.3.8.1 show gvrp Use this command to display GVRP status. show gvrp [port-string] Syntax Description port-string (Optional) Displays GVRP configuration information for specific port(s). For a detailed description of possible port-string values, refer to Section 4.1.2. Command Defaults If port-string is not specified, GVRP status will be displayed for all ports. Command Type Switch command. Command Mode Read-Only.
VLAN Configuration Command Set Enabling/Disabling GVRP (GARP VLAN Registration Protocol) 7.3.8.2 show garp timer Use this command to display GARP timer values set for one or more ports. show garp timer [port-string] Syntax Description port-string (Optional) Displays GARP timer information for specific port(s). For a detailed description of possible port-string values, refer to Section 4.1.2. Command Defaults If port-string is not specified, GARP timer information will be displayed for all ports.
VLAN Configuration Command Set Enabling/Disabling GVRP (GARP VLAN Registration Protocol) Matrix>show garp timer fe.0.1-10 Port based GARP Configuration: (Timer units are centiseconds) Port Number Join Leave Leaveall ----------- ---------- ---------- ---------fe.0.1 20 60 1000 fe.0.2 20 60 1000 fe.0.3 20 60 1000 fe.0.4 20 60 1000 fe.0.5 20 60 1000 fe.0.6 20 60 1000 fe.0.7 20 60 1000 fe.0.8 20 60 1000 fe.0.9 20 60 1000 fe.0.10 20 60 1000 Table 7-5 provides an explanation of the command output.
VLAN Configuration Command Set Enabling/Disabling GVRP (GARP VLAN Registration Protocol) 7.3.8.3 set gvrp Use this command to enable or disable GVRP globally on the device or on one or more ports. set gvrp {disable | enable} [port-string] Syntax Description disable | enable Disables or enables GVRP on the device. port-string (Optional) Disables or enables GVRP on specific port(s). For a detailed description of possible port-string values, refer to Section 4.1.2.
VLAN Configuration Command Set Enabling/Disabling GVRP (GARP VLAN Registration Protocol) 7.3.8.4 set garp timer Use this command to adjust the values of the join, leave, and leaveall timers. set garp timer {[join timer_value] [leave timer_value] [leaveall timer_value]} port-string NOTE: The setting of these timers is critical and should only be changed by personnel familiar with the 802.1Q standards documentation, which is not supplied with this device.
VLAN Configuration Command Set Enabling/Disabling GVRP (GARP VLAN Registration Protocol) This example shows how to set the leave timer value to 300 centiseconds for all the ports on all the VLANs: Matrix>set garp timer leave 300 This example shows how to set the leaveall timer value to 20000 centiseconds for all the ports on all the VLANs: Matrix>set garp timer leaveall 20000 7-56 Matrix E1 Series (1G58x-09 and 1H582-xx) Configuration Guide
8 Policy Classification Configuration This chapter describes the Policy Classification set of commands and how to use them. NOTE: It is recommended that you use Enterasys Networks NetSight Atlas Policy Manager as an alternative to CLI for configuring policy classification on Matrix E1 Series devices. 8.
Policy Classification Configuration Command Set Configuring Policy Profiles 8.3 POLICY CLASSIFICATION CONFIGURATION COMMAND SET 8.3.1 Configuring Policy Profiles Purpose To review, create, change and remove user profiles that relate to business-driven policies for managing network resources. Commands The commands used to review and configure policy profiles are listed below and described in the associated section as shown. • show policy profile (Section 8.3.1.1) • set policy profile (Section 8.3.1.
Policy Classification Configuration Command Set Configuring Policy Profiles 8.3.1.1 show policy profile Use this command to display policy profile information. show policy profile [profile-index] Syntax Description profile-index (Optional) Displays policy information for a specific profile index. Command Defaults If profile-index is not specified, all policy profile information will be displayed. Command Type Switch command. Command Mode Read-Only.
Policy Classification Configuration Command Set Configuring Policy Profiles Table 8-1 show policy profile Output Details (Continued) Output What It Displays... Row Status Whether or not the profile is enabled (active) or disabled. Port Vid Status Whether or not PVID override is enabled or disabled for this profile. Port Vid PVID assigned to the PVID override function. COS Status Whether or not Class of Service override is enabled or disabled for this profile.
Policy Classification Configuration Command Set Configuring Policy Profiles 8.3.1.2 set policy profile Use this command to create a policy profile entry. set policy profile profile-index {[enable | disable] [name enable | disable vlan-id enable | disable cos]} Syntax Description profile-index Specifies an index number for the profile entry. Valid values are 1 to 65535. enable | disable Enables or disables the profile entry. name Specifies a name for the entry.
Policy Classification Configuration Command Set Configuring Policy Profiles 8.3.1.3 clear policy profile Use this command to delete one or all policy profile entries. clear policy profile profile-index | all Syntax Description profile-index Specifies the index number of the profile entry to be deleted. Valid values are 1 to 65535. all Deletes all policy profile entries. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
Policy Classification Configuration Command Set Assigning Classification Rules to Policy Profiles 8.3.2 Assigning Classification Rules to Policy Profiles Purpose To review, assign and unassign classification rules to user profiles. This maps users to specific policies provisioning business use of network resources. Commands The commands used to review, assign and unassign classification rules to user profiles are listed below and described in the associated section as shown.
Policy Classification Configuration Command Set Assigning Classification Rules to Policy Profiles 8.3.2.1 show policy class Use this command to display policy classification information. show policy class [profile-index] Syntax Description profile-index (Optional) Displays policy classification information for a specific profile index number. Valid values are 1 - 65535. Command Defaults If profile-index is not specified, information will be displayed for all profiles. Command Type Switch command.
Policy Classification Configuration Command Set Assigning Classification Rules to Policy Profiles 8.3.2.2 set policy classify Use this command to assign incoming untagged frames to a specific policy profile and to VLAN or Class-of-Service classification rules.
Policy Classification Configuration Command Set Assigning Classification Rules to Policy Profiles 8-10 ipxbil Classifies based on bilateral IPX address. ipxbilsocket Classifies based on bilateral IPX socket. ipxclass Classifies based on transmission control in IPX. ipxdest Classifies based on destination IPX address. ipxdestsocket Classifies based on destination IPX socket. ipxsource Classifies based on source IPX address. ipxsourcesocket Classifies based on source IPX socket.
Policy Classification Configuration Command Set Assigning Classification Rules to Policy Profiles Command Defaults Data masks are required only for classification types requiring a second data-value. For details, refer to Table 8-2. Command Type Switch command. Command Mode Read-Write. Examples This example shows how to use Table 8-2 to create (and enable) classification rule number 1.
Policy Classification Configuration Command Set Assigning Classification Rules to Policy Profiles Table 8-2 Valid Values for Policy Classification (Continued) Classification Parameter data_value data_mask llc DSAP/SSAP pair in 802.3 type packet field: Not applicable. 0 - 65535 IP Address (Bilateral, Source or Destination): IP Address in dotted decimal format: ipbil ipsource ipdest 000.000.000.
Policy Classification Configuration Command Set Assigning Classification Rules to Policy Profiles Table 8-2 Valid Values for Policy Classification (Continued) Classification Parameter data_value data_mask IPX Socket (Bilateral, Source or Destination): IPX Socket Number: Not applicable.
Policy Classification Configuration Command Set Assigning Classification Rules to Policy Profiles 8.3.2.3 Classification Precedence Rules NOTE: It is important that you have a comprehensive understanding of the precedence concept before configuring the switch, as these rules can have a significant impact on the network operation.
Policy Classification Configuration Command Set Assigning Classification Rules to Policy Profiles Table 8-3 Classification Precedence (Continued) IPX Socket Destination / UDP or TCP Destination Port 9 ICMP 10 IP TOS / IPX COS 11 IP Protocol Type / IPX Packet Type 12 Ethertype Field / DSAP/SSAP Fields 13 VLAN 14 Priority 15 Matrix E1 Series (1G58x-09 and 1H582-xx) Configuration Guide 8-15
Policy Classification Configuration Command Set Assigning Classification Rules to Policy Profiles 8.3.2.4 clear policy class Use this command to delete one or all policy classification entries. clear policy class profile-index | all Syntax Description profile-index Specifies the profile index number of the policy classification to be deleted. Valid values are 1 to 65535. all Deletes all policy classification entries. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
Policy Classification Configuration Command Set Assigning Ports to Policy Profiles 8.3.3 Assigning Ports to Policy Profiles Purpose To assign and unassign ports to policy profiles, and to display policy information about one or more ports. Commands The commands used to assign ports to policy profiles are listed below and described in the associated section as shown. • show policy port (Section 8.3.3.1) • set policy port (Section 8.3.3.2) • clear policy port (Section 8.3.3.
Policy Classification Configuration Command Set Assigning Ports to Policy Profiles 8.3.3.1 show policy port Use this command to display policy information for one or more ports. show policy port [port-string] Syntax Description port-string (Optional) Displays policy classification information for a specific port. For a detailed description of possible port-string values, refer to Section 4.1.2. Command Defaults If port-string is not specified, policy information will be displayed for all ports.
Policy Classification Configuration Command Set Assigning Ports to Policy Profiles 8.3.3.2 set policy port Use this command to assign ports to a policy profile. Ports assigned will now be active for this profile. Untagged frames received will be tagged according to the policy profile settings. set policy port port-string admin-id Syntax Description port-string Specifies the port(s) to add to the policy profile. For a detailed description of possible port-string values, refer to Section 4.1.2.
Policy Classification Configuration Command Set Assigning Ports to Policy Profiles 8.3.3.3 clear policy port Use this command to delete one or all policy port entries. clear policy port port-string | all Syntax Description port-string Specifies the port(s) to remove from a policy profile. For a detailed description of possible port-string values, refer to Section 4.1.2. all Deletes all policy port entries. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
9 Port Priority and Classification Configuration This chapter describes the Port Priority, Priority Classification, and Rate Limiting set of commands and how to use them. 9.1 9.1.1 PORT PRIORITY AND CLASSIFICATION CONFIGURATION SUMMARY Priority Important Notice In addition to the commands described in this section, Matrix E1 (1G58x-09 and 1H582-xx) devices with firmware versions 2.05.xx and higher also support policy profile-based classification to a Class of Service or VLAN.
Port Priority and Classification Configuration Summary Priority Queueing Modes (Algorithms) 9.1.2 Priority Queueing Modes (Algorithms) The transmit queues for each port on the device can be configured with different queueing algorithms, as described in the following subsections. Strict Priority Queueing (SP) SP queueing provides higher priority queues with absolute preferential treatment over low priority queues, which minimizes the queueing delay of frames from the higher queues.
Port Priority and Classification Configuration Summary Port Classification 9.1.3 Port Classification Port classification is another way to manage network traffic through the device. Port classification allows you to configure one or more device ports to prioritize and forward untagged frames according to a specific protocol type classification rule. By default, when a frame is received that already contains an 802.1Q frame tag, frame classification is not implemented.
Process Overview: Priority, Classification, And Rate Limiting Configuration Configuring Port Priority 9.2 PROCESS OVERVIEW: PRIORITY, CLASSIFICATION, AND RATE LIMITING CONFIGURATION Use the following steps as a guide to the port priority, QoS, classification, and rate limiting configuration process: 1. Configuring Port Priority (Section 9.3.1) 2. Configuring Priority Queueing (Section 9.3.2) 3. Configuring Quality of Service (QoS) (Section 9.3.3) 4. Configuring Priority Classification (Section 9.3.4) 5.
Port Priority and Classification Configuration Commands Configuring Port Priority 9.3.1.1 show port priority Use this command to display the 802.1p priority for one or more ports. show port priority [port-string] Syntax Description port-string (Optional) Displays priority information for specific port(s). For a detailed description of possible port-string values, refer to Section 4.1.2. Command Defaults If port-string is not specified, port priority for all ports will be displayed.
Port Priority and Classification Configuration Commands Configuring Port Priority 9.3.1.2 set port priority Use this command to set the 802.1D transmit queue priority (0 through 7) on each port. A port receiving a frame without priority information in its tag header is assigned a priority according to the priority setting on the port. For example, if the priority of a port is set to 5, the frames received through that port without a priority indicated in their tag header are classified as a priority 5.
Port Priority and Classification Configuration Commands Configuring Port Priority 9.3.1.3 clear port priority Use this command to reset the current 802.1D port priority setting to 0. This will cause all frames received without a priority value in its header to be set to priority 0. clear port priority port-string Syntax Description port-string Specifies the port for which to clear priority. For a detailed description of possible port-string values, refer to Section 4.1.2. Command Defaults None.
Port Priority and Classification Configuration Commands Configuring Priority to Transmit Queue Mapping 9.3.2 Configuring Priority to Transmit Queue Mapping Purpose To do the following: • View the current priority to transmit queue mapping of each port, which includes both physical and virtual ports. • Configure each port to either transmit frames according to the port priority transmit queues (set using the set port priority command described back in Section 9.3.1.
Port Priority and Classification Configuration Commands Configuring Priority to Transmit Queue Mapping 9.3.2.1 show priority queue Use this command to display the port priority levels (0 through 7, with 0 as the lowest level) associated with the current transmit priority queue (0 -3, with 0 being the lowest priority) for each priority of the selected port. A frame with a certain port priority is transmitted according to the settings entered using the set priority queue command described in Section 9.3.2.
Port Priority and Classification Configuration Commands Configuring Priority to Transmit Queue Mapping This example shows how to display the transmit queue associated with priority 5.
Port Priority and Classification Configuration Commands Configuring Priority to Transmit Queue Mapping 9.3.2.2 set priority queue Use this command to map 802.1p priorities to transmit queues. This enables you to change the priority queue (0 -3, with 0 being the lowest priority queue) for each port priority of the selected port. You can apply the new settings to one or more ports.
Port Priority and Classification Configuration Commands Configuring Priority to Transmit Queue Mapping Example This example shows how to use the set priority queue command to program the device so the priority 5 frames received are transmitted at the lowest transmit priority queue of 0: Matrix>set priority queue 5 0 9-12 Matrix E1 Series (1G58x-09 and 1H582-xx) Configuration Guide
Port Priority and Classification Configuration Commands Configuring Quality of Service (QoS) 9.3.3 Configuring Quality of Service (QoS) Purpose To configure one or more ports with the following Layer 2 switching features: • Four priority queues on each port. • Programmable scheduling per transmit (Tx) port according to fixed priority, weighted round-robin (in percentage of traffic per queue), or hybrid algorithm.
Port Priority and Classification Configuration Commands Configuring Quality of Service (QoS) 9.3.3.1 show port qos Use this command to display Quality of Service information, including the current QoS algorithm and associated queue settings, for one or more ports. show port qos [port-string] Syntax Description port-string (Optional) Display QoS settings for specific port(s). For a detailed description of possible port-string values, refer to Section 4.1.2.
Port Priority and Classification Configuration Commands Configuring Quality of Service (QoS) 9.3.3.2 set port qos sp Use this command to enable 802.1p strict priority traffic queueing on one or more ports. set port qos sp [port-string] Syntax Description port-string (Optional) Specifies the port(s) to enable as strict 802.1 queueing ports. For a detailed description of possible port-string values, refer to Section 4.1.2.
Port Priority and Classification Configuration Commands Configuring Quality of Service (QoS) 9.3.3.3 set port qos wrr Use this command to set the weighted round robin transmission queues for one or more ports. set port qos wrr port-string que0_weight que1_weight que2_weight que3_weight Syntax Description port-string Specifies the port(s) on which to set QoS weighted queues. For a detailed description of possible port-string values, refer to Section 4.1.2.
Port Priority and Classification Configuration Commands Configuring Quality of Service (QoS) 9.3.3.4 set port qos hybrid Use this command to enable and configure one of two hybrid queuing modes, either applying 802.1p strict priority (SP) queuing to higher priority queues, or weighted round robin (WRR) queuing to lower priority queues.
Port Priority and Classification Configuration Commands Configuring Quality of Service (QoS) Example, Mode 1 This example shows how to set hybrid Mode 1 and the transmission queues on Fast Ethernet front panel ports 1 through 3. In this example the hybrid queues 0, 1, and 2 are being set to 30, 40, and 30 percent, respectively. Queue 3 will automatically use the 802.1p strict priority algorithm to service the frames in Queue 3 first.
Port Priority and Classification Configuration Commands Configuring Priority Classification 9.3.4 Configuring Priority Classification Purpose To perform the following functions: • Display the current priority, classification, and description entries of each classification rule. • Assign priorities according to classification rules. • Add/delete a priority and associated protocol entry.
Port Priority and Classification Configuration Commands Configuring Priority Classification 9.3.4.1 show priority classification Use this command to display priority classification information. show priority classification Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only. Command Alternative (v2.05.xx and higher) show policy class (Section 8.3.2.
Port Priority and Classification Configuration Commands Configuring Priority Classification 9.3.4.2 set priority classification Use this command to create a classification rule that will assign traffic to a priority based on Layer 2/3/4/ rules. set priority classification priority_value data_meaning data_value [data_mask] {create | disable | enable} Syntax Description priority_value Specifies a port priority number (0 through 7) to which the frame classification is applied.
Port Priority and Classification Configuration Commands Configuring Priority Classification Examples This example shows how to enable or disable the priority classifier globally.
Port Priority and Classification Configuration Commands Configuring Priority Classification 9.3.4.3 Valid Values for Priority Classification Table 9-1 provides the set priority classification data_meaning parameters that can be entered to classify frames, and the data_values that can be entered for each classifier associated with those parameters. Values applied are listed next to each data_value keyword. When applicable, data_masks are also listed for each data_value.
Port Priority and Classification Configuration Commands Configuring Priority Classification Table 9-1 Valid Values for Priority Classification (Continued) data_meaning keywords data_value keywords data_ mask IPX-Packet-Type • • • • • • 0 = Hello-or-SAP 1 = RIP 2 = Echo-Packet 3 = Error-Packet 4 = Netware-386-or-SAP 5 = Sequenced-PacketProtocol • 16 - 31 = Experimental Protocols • 17 = Netware-286 Not applicable. IP Address Group: IP Address in dotted decimal format: 000.000.000.
Port Priority and Classification Configuration Commands Configuring Priority Classification Table 9-1 Valid Values for Priority Classification (Continued) data_meaning keywords data_value keywords data_ mask UDP Port Group: • • • • • • • • • • • • • • • • • • Integer (0 - 65535) BootP-Client BootP-Server DNS FTP FTP-Data HTTP IMAP2 IMAP3 Netbios-Datagram Netbios-Name-Server Netbios-Sess-Server POP3 RIP Smart-Voice-Gateway SMTP Telnet TFTP Not applicable.
Port Priority and Classification Configuration Commands Configuring Priority Classification Table 9-1 Valid Values for Priority Classification (Continued) data_meaning keywords data_value keywords data_ mask MAC Address Group: MAC Address: 00-00-00-00-00-00 Data mask bits Lower boundary of port range: (0 - 65535) Upper boundary of port range: (0 - 65535) Lower boundary of port range: 0 - 65535 Upper boundary of port range: 0 - 65535 Src-MAC-Address Dest-MAC-Address Bil-MAC-Address UDP Range Gro
Port Priority and Classification Configuration Commands Configuring Priority Classification 9.3.4.4 clear priority classification Use this command to clear priority classification entries. clear priority classification priority_value data_meaning data_value [data_mask] Syntax Description priority_value Specifies a port priority (0 through 7) associated with the classification to be cleared. data_meaning Specifies the data_meaning of the classification to be cleared.
Port Priority and Classification Configuration Commands Configuring Priority Classification About ToS The Type of Service (ToS) field [also known as the Differential Services (DF) field in RFC 2474] is an 8-bit field. It is located in the IP header and used by a device to indicate the precedence or priority of a given frame (see Table 9-1). Together with the 802.1p priotity and IP, ToS fields enable the ability to signal the frame priority from end to end as the frame makes its way through the network.
Port Priority and Classification Configuration Commands Configuring Priority Classification 9.3.4.5 set priority classification tosvalue Use this command to enter the ToS value. This value identifies to the various switch devices and routers in the IP-based network those packets which should have preferential treatment on a Class of Service (CoS) basis.
Port Priority and Classification Configuration Commands Configuring Priority Classification Example This example shows how to set a ToS value of 200 to frames with a priority 7, meeting the Ethernet Type II IP classification rule: Matrix>set priority classification tosvalue 200 7 ethernet-II-type IP 9-30 Matrix E1 Series (1G58x-09 and 1H582-xx) Configuration Guide
Port Priority and Classification Configuration Commands Configuring Priority Classification 9.3.4.6 set priority classification tosstatus Use this command to enable or disable the ToS value configured in the set priority classification tosstatus command. set priority classification tosstatus priority_value data_meaning data_value [data_mask] {enable | disable} Syntax Description priority_value Specifies a port priority (0 through 7) associated with the classification to be enabled or disabled.
Port Priority and Classification Configuration Commands Configuring Priority Classification 9.3.4.7 show priority classification qtagoverride Use this command to display the status of the priority tag override feature on one or more ports. When enabled as described in Section 9.3.4.8, this feature lowers the precedence level of 802.1Q frame tags received on specified ports. show priority classification qtagoverride [port-string] Syntax Description port-string (Optional) Displays status of the 802.
Port Priority and Classification Configuration Commands Configuring Priority Classification 9.3.4.8 set priority classification qtagoverride Use this command to enable or disable the priority tag override feature on one or more ports. When enabled, this feature lowers the precedence level of 802.1Q (VLAN) frame tags received on specified ports, allowing MAC address matching and other types of priority classifications to receive higher precedence.
Port Priority and Classification Configuration Commands Classification Precedence Rules 9.3.5 Classification Precedence Rules NOTE: It is important that you have a comprehensive understanding of the precedence concept before configuring the Matrix E1 device, as these rules can have a significant impact on the network operation.
Port Priority and Classification Configuration Commands Classification Precedence Rules Table 9-2 Classification Precedence (Continued) Precedence Level (Default) Classification Type (IP) With 802.1Q Priority Tag Override UDP / TCP Port Destination 9 8 IP ToS 10 9 IP Type 11 10 Protocol Type (Ether Type or DSAP/SSAP) 12 11 Receive Port 13 13 Precedence Level (Default) Classification Type (IPX) With 802.1Q Priority Tag Override 802.
Port Priority and Classification Configuration Commands Classification Precedence Rules 9.3.5.1 set priority classification ingress Use this command to add ports to a priority classification rule. These ports will then be active for this rule. set priority classification ingress priority_value port-string data_meaning data_value [data_mask] Syntax Description priority_value Specifies the number of the port priority (0 through 7) being associated with the priority ingress classification list.
Port Priority and Classification Configuration Commands Classification Precedence Rules Example This example shows how to add Fast Ethernet front panel ports 30 through 33 to the Ethernet II Type IP classification rule: Matrix>set priority classification ingress 7 fe.0.
Port Priority and Classification Configuration Commands Classification Precedence Rules 9.3.5.2 clear priority classification ingress Use this command to remove ports from a priority classification rule. clear priority classification ingress priority_value port-string data_meaning data_value [data_mask] Syntax Description priority_value Specifies the number of the port priority (0 through 7) being removed from the priority ingress classification list.
Port Priority and Classification Configuration Commands Configuring Port Traffic Rate Limiting 9.3.6 Configuring Port Traffic Rate Limiting Purpose To limit the incoming rate of traffic entering the Matrix E1 on a per port/priority basis.
Port Priority and Classification Configuration Commands Configuring Port Traffic Rate Limiting 9.3.6.1 show port ratelimit Use this command to show the traffic rate limiting configuration on one or more ports. show port ratelimit [port-string] Syntax Description port-string (Optional) Displays rate limiting parameters for specific port(s). For a detailed description of possible port-string values, refer to Section 4.1.2.
Port Priority and Classification Configuration Commands Configuring Port Traffic Rate Limiting Example This example shows how to display the current rate limits set for Fast Ethernet front panel ports 1 and 2. In this case, rate limiting is globally disabled, and is disabled on these ports. The threshold on all priorities queues within these ports is set to the default value of 195000 bits per second.
Port Priority and Classification Configuration Commands Configuring Port Traffic Rate Limiting 9.3.6.2 set port ratelimit Use this command to configure the traffic rate limiting status and threshold (in bits per second) for one or more ports. set port ratelimit {disable | enable port-string priority threshold {discard | marked}{disable | enable}} Syntax Description disable | enable Disables or enables rate limiting globally on the device.
Port Priority and Classification Configuration Commands Configuring Port Traffic Rate Limiting Example This example shows how to: • globally enable rate limiting on the device, • configure rate limiting on port priority 5 for Fast Ethernet front panel ports 3 through 7 to a threshold of 20,000 bits per second, • discard all frames, and enable rate limiting with these parameters on the specified ports: Matrix>set port ratelimit enable Matrix>set port ratelimit fe.0.
Port Priority and Classification Configuration Commands Configuring Port Traffic Rate Limiting 9.3.6.3 clear port ratelimit Use this command to reset rate limiting parameters back to default values for one or more priorities on one or more ports. clear port ratelimit port-string {priority} Syntax Description port-string Specifies a port on which to reset the rate limiting threshold and other parameters. For a detailed description of possible port-string values, refer to Section 4.1.2.
10 IGMP Configuration This chapter describes the IGMP Configuration set of commands and how to use them. 10.1 IGMP CONFIGURATION SUMMARY Multicasting is used to support real-time applications such as video conferences or streaming audio. A multicast server does not have to establish a separate connection with each client. It merely broadcasts its service to the network, and any hosts that want to receive the multicast register with their local multicast switch/router.
IGMP Configuration Command Set Enabling / Disabling IGMP 10.2 IGMP CONFIGURATION COMMAND SET 10.2.1 Enabling / Disabling IGMP Purpose To display IGMP status and to enable or disable IGMP snooping on the device. Commands The commands needed to display, enable and disable IGMP are listed below and described in the associated sections as shown. • show igmp (Section 10.2.1.1) • set igmp (Section 10.2.1.
IGMP Configuration Command Set Enabling / Disabling IGMP 10.2.1.1 show igmp Use this command to display IGMP information. show igmp [groups | query-interval | response-time] Syntax Description groups (Optional) Displays a list of IGMP streams and client connection ports. query-interval (Optional) Displays (in seconds) the frequency of host-query frame transmissions. response-time (Optional) Displays (in tenths of a second) the maximum query response time.
IGMP Configuration Command Set Enabling / Disabling IGMP 10.2.1.2 set igmp Use this command to enable or disable IGMP snooping on the device. This allows a host to inform the device it wants to receive transmissions addressed to a specific multicast group. set igmp {enable | disable} Syntax Description enable | disable Enables or disables IGMP snooping on the device. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
IGMP Configuration Command Set Setting IGMP Query Interval and Response Time 10.2.2 Setting IGMP Query Interval and Response Time Purpose To display and set IGMP query interval and response time settings. These commands work together to remove ports from an IGMP group. Query interval specifies how often IGMP host queries are sent. Response time specifies the maximum query response time.
IGMP Configuration Command Set Setting IGMP Query Interval and Response Time 10.2.2.1 show igmp query-interval Use this command to display the IGMP query interval setting. show igmp query-interval Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only. Example This example shows how to display IGMP query count status: Matrix>show igmp query-interval IGMP query interval is 125 seconds.
IGMP Configuration Command Set Setting IGMP Query Interval and Response Time 10.2.2.2 set igmp query-interval Use this command to set the IGMP query interval as defined in RFC 2236, Section 8.2. set igmp query-interval intervaltime Syntax Description intervaltime Specifies the frequency of host-query frame transmissions. Valid values are from 30 to 600 seconds. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
IGMP Configuration Command Set Setting IGMP Query Interval and Response Time 10.2.2.3 show igmp response-time Use this command to display the IGMP response time setting. show igmp response-time Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only. Example This example shows how to display the IGMP response time (in tenths of a second): Matrix>show igmp response-time IGMP response time is 100 .1 seconds.
IGMP Configuration Command Set Setting IGMP Query Interval and Response Time 10.2.2.4 set igmp response-time Use this command to set the maximum IGMP query response time as defined in RFC 2236, Section 8.3. set igmp response-time value Syntax Description value Specifies the maximum query response time. Valid values are 10 to 255 tenths of a second. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
IGMP Configuration Command Set Reviewing IGMP Groups 10.2.3 Reviewing IGMP Groups Purpose Use this command to display the status of IGMP groups on the device. This includes the VLAN port configured to transmit IGMP multicast transmissions, its VLAN ID, and the IP addresses of the ports asking to receive those transmissions as part of the IGMP group. Command The command used to display IGMP groups is listed below and described in the associated section as shown. • show igmp groups (Section 10.2.3.
IGMP Configuration Command Set Reviewing IGMP Groups 10.2.3.1 show igmp groups Use this command to display a list of IGMP streams and client connection ports. show igmp groups Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only. Example This example shows how to display IGMP groups. In this example, the device knows to forward all multicast traffic for IP address 224.47.239.
IGMP Configuration Command Set Reviewing IGMP Groups This example shows the display when no IGMP groups have been configured on the device: Matrix>show igmp groups Multicast group list processed.
IGMP Configuration Command Set Configuring IGMP VLAN Registration 10.2.4 Configuring IGMP VLAN Registration Purpose Use these commands to configure IGMP VLAN Registration (IVR) on the device. IVR is designed for applications using wide-scale deployment of multicast traffic. It eliminates the need to duplicate multicast traffic for clients in each VLAN. Multicast traffic for all groups is only sent around the VLAN trunk once — only on the multicast VLAN. NOTE: IVR cannot be used when routing is enabled.
IGMP Configuration Command Set Configuring IGMP VLAN Registration 10.2.4.1 show igmp mode Use this command to display IVR information for one or more ports. show igmp mode [port-string] Syntax Description port-string (Optional) Displays IVR information for specific port(s). For a detailed description of possible port-string values, refer to Section 4.1.2. Command Defaults If port-string is not specified, IVR information will be displayed for all ports. Command Type Switch command. Command Mode Read-Only.
IGMP Configuration Command Set Configuring IGMP VLAN Registration Table 10-2 show igmp mode Output Details (Continued) Output What It Displays... Port Port designation. Type Whether or not the port’s IVR registration is: • Open -- scoping multicast transmissions to the IGMP VLAN. These ports are user access ports subscribing to receive multicast streams via the IGMP registered VLAN. • Secure -- scoping multicast transmissions to the VLAN receiving the IGMP requests.
IGMP Configuration Command Set Configuring IGMP VLAN Registration 10.2.4.2 set igmp mode vlan Use this command to set the VLAN registered to forward multicast traffic to all subscribing, or “open” ports. set igmp mode vlan vlan_id Syntax Description vlan_id Specifies the IGMP registered VLAN. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
IGMP Configuration Command Set Configuring IGMP VLAN Registration 10.2.4.3 set igmp mode ipaddress Use this command to set the virtual IP address through which multicast traffic will be forwarded to all subscribing, or “open” ports. set igmp mode ipaddress ip_address Syntax Description ip_address Specifies the virtual IP address associated with the vlan_id used in the set igmp mode vlan command (Section 10.2.4.2). Command Defaults None. Command Type Switch command. Command Mode Read-Write.
IGMP Configuration Command Set Configuring IGMP VLAN Registration 10.2.4.4 set igmp mode Use this command to configure IVR ports as open or secure. Open ports will scope multicast transmissions to the IGMP VLAN. These ports are user access ports subscribing to receive multicast streams via the IGMP registered VLAN specified in the set igmp mode vlan command (Section 10.2.4.2). Ports in secure mode will scope multicast transmissions to the VLAN receiving the IGMP requests.
About IGMP Configuring IGMP VLAN Registration 10.3 ABOUT IGMP The Internet Group Management Protocol (IGMP) runs between hosts and their immediately neighboring multicast switch device. The protocol’s mechanisms allow a host to inform its local switch device that it wants to receive transmissions addressed to a specific multicast group. A multicast-enabled switch device can periodically ask its hosts if they want to receive multicast traffic.
About IGMP IGMP VLAN Registration 10.3.1 IGMP VLAN Registration IGMP VLAN Registration (IVR) is designed for applications using wide-scale deployment of multicast traffic. For example, the broadcast of multiple television channels over a campus network or multi-tenant environment. IVR allows a user on a port to subscribe and unsubscribe to a multicast stream on the network-wide multicast VLAN, using IGMP open mode.
11 Logging and Switch Network Management This chapter describes switch-related logging and network management commands and how to use them. NOTE: The commands in this section pertain to network management of the Matrix E1 device when it is in switch mode only. For information on router-related network management tasks, including reviewing router ARP tables and IP traffic, refer to Chapter 12. 11.
Logging and Network Management Command Set Configuring System Logging 11.2 LOGGING AND NETWORK MANAGEMENT COMMAND SET 11.2.1 Configuring System Logging Purpose To display and configure system logging, including Syslog server settings, logging severity levels for various applications, and Syslog default settings. Commands Commands to configure system logging are listed below and described in the associated section as shown. • set logging (Section 11.2.1.1) • show logging all (Section 11.2.1.
Logging and Network Management Command Set Configuring System Logging 11.2.1.1 set logging Use this command to globally disable or re-enable Syslog on the device. set logging {enable | disable} Syntax Description enable | disable Enables or disables Syslog. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
Logging and Network Management Command Set Configuring System Logging 11.2.1.2 show logging all Use this command to display all configuration information for system logging. show logging all NOTE: Most system messages are logged at severity level of 6 (Notice). By default, the logging applications are set to 5 (Warning), which will suppress level 6 (Notice) messages from the console session.
Logging and Network Management Command Set Configuring System Logging Example This example shows how to display all system logging information: Matrix>show logging all Global Logging State: Enabled Application Current Severity Level --------------------------------------------0 default 6 1 GARP 5 2 MSTP 5 3 IGMP 5 4 LAG 5 5 FilterDb 5 6 hostVx 5 7 CDP 5 8 RMON 5 9 Policy 5 10 Syslog 5 11 RatePol 5 12 rtrFE 6 13 RtrCfg 5 14 etsVlan 5 15 rtrACL 5 16 MII 5 17 Envoy 5 18 SSH 5 19 RtrDvmrp 5 20 RtrOspf 5 21 Eap
Logging and Network Management Command Set Configuring System Logging Matrix>show logging all emergencies(1) errors(4) information(7) (Continued from previous page) alerts(2) warnings(5) debugging(8) critical(3) notifications(6) Minimum message level displayed on the console session: warnings(5) Defaults: Facility Severity Port ------------------------------------------------------------local0 emergencies(1) 514 IP Address Facility Severity Port Status -------------------------------------------------
Logging and Network Management Command Set Configuring System Logging Table 11-1 show logging all Output Details (Continued) Output What It Displays... Facility Syslog facility that will be encoded in messages sent to this server. Valid values are: local0 to local7. Severity Severity level at which the server is logging messages. Description Text string description of this facility/server. Port UDP port the client uses to send to the server.
Logging and Network Management Command Set Configuring System Logging 11.2.1.3 show logging console Use this command to display the global logging state and the severity level at which logging messages will display to the console port. show logging console Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only. Example This command shows how to display console logging settings.
Logging and Network Management Command Set Configuring System Logging 11.2.1.4 set logging console Use this command to set the severity level at which Syslog messages will display to the console, or prevent Syslog messages from displaying to the console. set logging console {severity | disable} Syntax Description severity Specifies the severity level at which log messages will display to the console.
Logging and Network Management Command Set Configuring System Logging 11.2.1.5 show logging server Use this command to display the Syslog configuration for a particular server. show logging server [index] Syntax Description index (Optional) Displays Syslog information pertaining to a specific server table entry. Valid values are 1-8. Command Defaults If index is not specified, all Syslog server information will be displayed. Command Type Switch command. Command Mode Read-Only.
Logging and Network Management Command Set Configuring System Logging 11.2.1.6 set logging server Use this command to configure a Syslog server. set logging server index {ip_addr ip_addr | facility facility | severity severity | descr descr | port port | state [enable | disable]} Syntax Description index Specifies the server table index number for this server. Valid values are 1 - 8. ip_addr ip_addr Specifies the Syslog message server’s IP address.
Logging and Network Management Command Set Configuring System Logging Command Mode Read-Write. Example This command shows how to enable a Syslog server configuration for index 1, IP address 134.141.89.113, facility local4, severity level 8 (debugging) port 514: Matrix>set logging server 1 ip_addr 134.141.89.
Logging and Network Management Command Set Configuring System Logging 11.2.1.7 clear logging server Use this command to remove a server from the Syslog server table. clear logging server index Syntax Description index Specifies the server table index number for the server to be removed. Valid values are 1 - 8. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
Logging and Network Management Command Set Configuring System Logging 11.2.1.8 show logging default Use this command to display the Syslog server default values. show logging default Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only. Example This command shows how to display the Syslog server default values. For an explanation of the command output, refer back to Table 11-1.
Logging and Network Management Command Set Configuring System Logging 11.2.1.9 set logging default Use this command to set logging default values. set logging default {facility facility | severity severity | port port} Syntax Description facility facility Specifies the default facility name. Valid values are: local0 to local7. severity severity Specifies the default logging severity level.
Logging and Network Management Command Set Configuring System Logging 11.2.1.10 clear logging default Use this command to reset logging default values. clear logging default [facility] [severity] [port] Syntax Description facility (Optional) Resets the default facility name to local7. severity (Optional) Resets the default logging severity level to 5 (warning conditions). port (Optional) Resets the default UDP port the client uses to send to the server to 514.
Logging and Network Management Command Set Configuring System Logging 11.2.1.11 show logging application Use this command to display the severity level of Syslog messages for applications. show logging application Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only. Example This command shows a portion of the information displayed with the show logging application command. For a full list of supported applications, refer to Table 11-3.
Logging and Network Management Command Set Configuring System Logging Table 11-2 show logging application Output Details Output What It Displays... Application Mnemonic values for applications being logged. For details on setting this value using the set logging application command, refer to Section 11.2.1.12. For a list of valid values and their corresponding applications, refer to Table 11-3.
Logging and Network Management Command Set Configuring System Logging 11.2.1.12 set logging application Use this command to set the severity level of log messages for an application. set logging application {mnemonic | all} level Syntax Description mnemonic Specifies a case sensitive mnemonic value of an application to be logged. Valid values and their corresponding applications are listed in Table 11-3. all Resets the severity level for all applications.
Logging and Network Management Command Set Configuring System Logging Table 11-3 11-20 Mnemonic Values for Logging Applications Mnemonic Application default Applications not explicitly included in Matrix E1 device. GARP 802.1D Generic Attribute Resolution Protocol (GVR/GMRP) MSTP 802.1D Spanning Tree (802.1w/802.1s) BrdgMIB IETF Bridge MIB component IGMP Internet Group Management Protocol FilterDb 802.
Logging and Network Management Command Set Configuring System Logging Table 11-3 Mnemonic Values for Logging Applications (Continued) Mnemonic Application Radius RADIUS client/server Trunking Port trunking MacAuth MAC authentication Alias Node and alias SNMP Simple Network Management Protocol sntp Simple Network Time Protocol CLI Command Line Interface Telnet Telnet server and client SysDownload System download PortMirroring Port mirroring (redirect) Webview Enterasys’ WebView mana
Logging and Network Management Command Set Configuring System Logging 11.2.1.13 clear logging application Use this command to reset the logging severity level for one or all applications to the default value of 5 (warning conditions). clear logging application {mnemonic | all} Syntax Description mnemonic Resets the severity level for a specific application. Valid mnemonic values and their corresponding applications are listed in Table 11-3. all Resets the severity level for all applications.
Logging and Network Management Command Set Configuring System Logging 11.2.1.14 show logging audit-trail Use this command to display the contents of a logging audit trail file. This will be a record of all events that occur when users request and use specific system resources. The device can store up to 200 messages. show logging audit-trail [file] Syntax Description file (Optional) Displays a specific audit-trail log file.
Logging and Network Management Command Set Configuring System Logging 11.2.1.15 copy audit-trail Use this command to copy the Syslog audit trail history buffer to a target file. copy audit-trail destination Syntax Description destination Specifies the target file where the Syslog audit trail will be copied. This can be a local file in NVRAM or a file on a TFTP server. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
Logging and Network Management Command Set Monitoring Switch Network Events and Status 11.2.2 Monitoring Switch Network Events and Status Purpose To display switch events and command history, to set the size of the history buffer, and to display network and RMON statistics. Commands Commands to monitor switch network events and status are listed below and described in the associated section as shown. • show eventlog (Section 11.2.2.1) • clear eventlog (Section 11.2.2.2) • history (Section 11.2.2.
Logging and Network Management Command Set Monitoring Switch Network Events and Status 11.2.2.1 show eventlog Use this command to display system events for the switch. show eventlog Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only.
Logging and Network Management Command Set Monitoring Switch Network Events and Status 11.2.2.2 clear eventlog Use this command to delete all entries from the system event log. clear eventlog Syntax Description None. Command Defaults None. Command Type Switch Command. Command Mode Read-Write.
Logging and Network Management Command Set Monitoring Switch Network Events and Status 11.2.2.3 history Use this command to display the contents of the command history buffer. The command history buffer includes all the switch commands entered up to a maximum of 32, as specified in the set history command (Section 11.2.2.6). history Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only.
Logging and Network Management Command Set Monitoring Switch Network Events and Status 11.2.2.4 repeat Use this command to repeat a command shown in the command history buffer. repeat [cmd_num] [iterations] Syntax Description cmd_num (Optional) Specifies the number of the command from the history display. iterations (Optional) Specifies the number of times to re-execute the command. Valid values are 0 to 2147483647.
Logging and Network Management Command Set Monitoring Switch Network Events and Status Example This example shows how to repeat cmd_num 1 (show arp in the history buffer display). It is repeated once: Matrix>history 1 show arp 2 history 3 show ip 4 show cdp fe.0.1 5 history Matrix>repeat 1 1 Matrix>show arp LINK LEVEL ARP TABLE destination gateway flags Refcnt Use Interface -------------------------------------------------------------------------10.1.0.1 00:00:1d:bc:df:bf 405 1 0 host0 10.1.10.
Logging and Network Management Command Set Monitoring Switch Network Events and Status 11.2.2.5 show history Use this command to display the size (in lines) of the history buffer. show history Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only.
Logging and Network Management Command Set Monitoring Switch Network Events and Status 11.2.2.6 set history Use this command to set the size of the history buffer. set history size Syntax Description size Specifies the size of the history buffer in lines. Valid values are from 1 to 32. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
Logging and Network Management Command Set Monitoring Switch Network Events and Status 11.2.2.7 show netstat Use this command to display statistics for the switch’s active network connections. show netstat [icmp | interface | ip | routes | stats | tcp | udp] Syntax Description icmp (Optional) Displays Internet Control Message Protocol (ICMP) statistics. interface (Optional) Displays interface statistics. ip (Optional) Displays Internet Protocol (IP) statistics.
Logging and Network Management Command Set Monitoring Switch Network Events and Status Example This example shows how to display statistics for all the current active network connections: Matrix>show netstat Active Internet connections (including servers) PCB Proto Recv-Q Send-Q Local Address -------- ----- ------ ------ -----------------1cc6314 TCP 0 0 0.0.0.0.80 1cc6104 TCP 0 0 0.0.0.0.23 1cc6290 UDP 0 0 0.0.0.0.162 1cc620c UDP 0 0 0.0.0.0.161 Foreign Address -----------------0.0.0.0.0 0.0.0.0.0 0.0.0.
Logging and Network Management Command Set Monitoring Switch Network Events and Status 11.2.2.8 show rmon stats Use this command to display RMON statistics for one or more ports. show rmon stats [port-string] Syntax Description port-string (Optional) Displays RMON statistics for specific port(s). For a detailed description of possible port-string values, refer to Section 4.1.2. Command Defaults If port-string is not specified, RMON stats will be displayed for all ports. Command Type Switch command.
Logging and Network Management Command Set Monitoring Switch Network Events and Status Table 11-5 11-36 show rmon stats Output Details Output What It Displays... Index Current Ethernet interface for which statistics are being shown. The device has an embedded RMON agent that gathers statistics for each interface. Status Current operating status of the displayed interface. Owner Name of the entity that configured this entry. Data Source Data source of the statistics being displayed.
Logging and Network Management Command Set Monitoring Switch Network Events and Status Table 11-5 show rmon stats Output Details (Continued) Output What It Displays... Fragments Number of received frames that are not the minimum number of bytes in length, or received frames that had a bad or missing Frame Check Sequence (FCS), were less than 64 bytes in length (excluding framing bits, but including FCS bytes) and had an invalid CRC.
Logging and Network Management Command Set Monitoring Switch Network Events and Status 11.2.2.9 show users Use this command to display information about the active console port or Telnet session(s) logged in to the switch. show users Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only. Example This example shows how to use the show users command. In this output, there is one Telnet user at IP address 10.1.10.
Logging and Network Management Command Set Monitoring Switch Network Events and Status 11.2.2.10 disconnect Use this command to close an active console port or Telnet session when operating in switch mode. disconnect {ip_address | console} Syntax Description ip_address Specifies the IP address of the Telnet session to be disconnected. This address is displayed in the output shown in Section 11.2.2.9. console Closes an active console port. Command Defaults None. Command Type Switch command.
Logging and Network Management Command Set Managing Switch Network Addresses 11.2.3 Managing Switch Network Addresses Purpose To display, add or delete switch ARP table entries, to display or set the status of RAD (Runtime Address Discovery) protocol, to display or delete MAC address information, to configure DNS and to execute PING and traceroute. Commands Commands to manage switch network addresses are listed below and described in the associated section as shown. • show arp (Section 11.2.3.
Logging and Network Management Command Set Managing Switch Network Addresses 11.2.3.1 show arp Use this command to display the switch’s ARP table. show arp Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only. Example This example shows how to display the ARP table: Matrix>show arp LINK LEVEL ARP TABLE destination gateway flags Refcnt Use Interface -------------------------------------------------------------------------10.1.0.
Logging and Network Management Command Set Managing Switch Network Addresses 11.2.3.2 set arp Use this command to add mapping entries to the switch’s ARP table. set arp ip_address mac_address [temp] [pub] [trail] Syntax Description ip_address Specifies the IP address to map to the MAC address and add to the ARP table. mac_address Specifies the MAC address to map to the IP address and add to the ARP table. temp (Optional) Sets the ARP entry as not permanent. This allows the entry to time out.
Logging and Network Management Command Set Managing Switch Network Addresses 11.2.3.3 clear arp Use this command to delete a specific entry or all entries from the switch’s ARP table. clear arp [hostname | ip_address] Syntax Description hostname | ip_address (Optional) Specifies the IP address in the ARP table to be cleared. An IP alias or host name that can be resolved through the DNS can be specified instead of an IP address.
Logging and Network Management Command Set Managing Switch Network Addresses 11.2.3.4 show rad Use this command to display the status of the RAD (Runtime Address Discovery) protocol on the switch. show rad Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only. Example This example shows how to display RAD status: Matrix>show rad RAD is currently enabled.
Logging and Network Management Command Set Managing Switch Network Addresses 11.2.3.5 set rad Use this command to enable or disable RAD (Runtime Address Discovery) protocol. The Matrix E1 uses BOOTP/DHCP to obtain an IP address if one hasn’t been configured. RAD can also be used to retrieve a text configuration file from the network. NOTE: In order for RAD to retrieve a text configuration file, the file must be specified in the BootP tab.
Logging and Network Management Command Set Managing Switch Network Addresses 11.2.3.6 show mac Use this command to display MAC addresses information in the switch’s routing table. show mac [address mac address] [fid vlan_id] [port port-string] [type {learned | self | mgmt}] Syntax Description address mac address (Optional) Displays information for a specific MAC address (if it is known by the device). fid vlan_id (Optional) Displays MAC addresses for a specific filter database identifier.
Logging and Network Management Command Set Managing Switch Network Addresses Example This example shows how to display MAC address information: Matrix>show mac Filter Database Algorithm: mac-vid sequential Current Filter Database Algorithm: mac-vid sequential Aging Time : 300 seconds Dynamic Address Counts : 20 Static Address Counts : 0 ---------------------------------------------------------MAC Address FID Port Type ---------------------------------------------------------00-01-f4-d2-bc-80 10 host.0.
Logging and Network Management Command Set Managing Switch Network Addresses Table 11-6 11-48 show mac Output Details (Continued) Output What It Displays... Port Port designation associated with the address. Type Whether or not the address belongs to the device (self), is a learned address, or is connected to a management (host) port.
Logging and Network Management Command Set Managing Switch Network Addresses 11.2.3.7 set mac Use this command to add MAC addresses to the switch IP routing table. set mac mac_address vlan_id port-string {delete-on-reset | delete-on-timeout | permanent} Syntax Description mac_address Specifies the MAC address to set. vlan_id Specifies the number identifying the VLAN to which the MAC address belongs. port-string Specifies the port designation for the MAC addresses.
Logging and Network Management Command Set Managing Switch Network Addresses 11.2.3.8 clear mac Use this command to clear dynamic MAC address information for the switch. clear mac [address mac_address vlan_id | port port-string | vid vlan_id port-string] Syntax Description address mac_address vlan_id (Optional) Removes all dynamic MAC address entries attached to the specified VLAN. port port-string (Optional) Removes all dynamic MAC address entries attached to the specified port(s).
Logging and Network Management Command Set Managing Switch Network Addresses 11.2.3.9 show mac agingtime Use this command to display the current MAC aging time setting. show mac agingtime Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only. Example This example shows how to display the MAC aging time.
Logging and Network Management Command Set Managing Switch Network Addresses 11.2.3.10 set mac agingtime Use this command to set the time in seconds to age out inactive MAC address entries. set mac agingtime seconds Syntax Description seconds Specifies the number of seconds for MAC aging time. Valid values are 10 to 630. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
Logging and Network Management Command Set Managing Switch Network Addresses 11.2.3.11 clear mac agingtime Use this command to reset the MAC address aging time to the default value of 300 seconds. clear mac agingtime Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
Logging and Network Management Command Set Managing Switch Network Addresses 11.2.3.12 set mac algorithm Use this command to set the MAC algorithm mode, which determines the hash mechanism used by the device when performing layer 2 lookups on received frames. Each algorithm is optimized for a different spread of MAC addresses.
Logging and Network Management Command Set Managing Switch Network Addresses mac-vidsequential Sets the mode to mac-vid-sequential algorithm, which is best used by networks where a single MAC can be on more than one VLAN and it is necessary for the VLAN ID to be used in the Layer 2 lookup. When running in this mode the, filter database lookup algorithm is optimized for networks with MAC addresses that very by the non-vendor bytes of the address. This is the device’s default setting.
Logging and Network Management Command Set Managing Switch Network Addresses 11.2.3.13 show dns Use this command to display DNS (Domain Name Service) settings. DNS translates domain names into IP addresses. show dns Syntax Description None. Command Defaults None. Command Mode Read-Only. Example This example shows how to display DNS settings. In this case, DNS is enabled, using three servers and a domain name of “net.com”: Matrix>show dns DNS status: configured DNS domain: net.
Logging and Network Management Command Set Managing Switch Network Addresses 11.2.3.14 set dns domain Use this command to set the DNS domain name. set dns domain domain-name Syntax Description domain-name Specifies a DNS domain name. Command Defaults None. Command Type Switch command. Command Mode Read-Write. Example This example shows how to set the DNS domain name to “net.com”: Matrix>set dns domain net.
Logging and Network Management Command Set Managing Switch Network Addresses 11.2.3.15 clear dns domain Use this command to clear the DNS domain name. clear dns domain Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
Logging and Network Management Command Set Managing Switch Network Addresses 11.2.3.16 set dns server Use this command to add a server to the DNS server list. set dns server ip-address Syntax Description ip-address Specifies an IP address of a DNS server. Command Defaults None. Command Type Switch command. Command Mode Read-Write. Example This example shows how to add the server at IP address 134.141.92.37 to the DNS server list: Matrix>set dns server 134.141.92.
Logging and Network Management Command Set Managing Switch Network Addresses 11.2.3.17 clear dns server Use this command to remove a server from the DNS server list. set dns server ip-address Syntax Description ip-address Specifies an IP address of a DNS server. Command Defaults None. Command Type Switch command. Command Mode Read-Write. Example This example shows how to remove the server at IP address 134.141.92.37 from the DNS server list: Matrix>set dns server 134.141.92.
Logging and Network Management Command Set Managing Switch Network Addresses 11.2.3.18 clear dns Use this command to clear all DNS information. clear dns Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
Logging and Network Management Command Set Managing Switch Network Addresses 11.2.3.19 ping Use this command to send ICMP echo-request packets to another node on the network while operating in switch mode. ping {[[-s] hostname | ip_address] [hostname | ip_address [packet-count]]} Syntax Description -s (Optional) Causes a continuous ping, sending one datagram per second and printing one line of output for every response received, until the user enters Ctrl+C.
Logging and Network Management Command Set Managing Switch Network Addresses This example shows how to ping IP address 10.1.10.1 with 10 packets: Matrix>ping Reply from Reply from Reply from Reply from Reply from Reply from Reply from Reply from Reply from Reply from 10.1.10.1 10 10.1.10.1 10.1.10.1 10.1.10.1 10.1.10.1 10.1.10.1 10.1.10.1 10.1.10.1 10.1.10.1 10.1.10.1 10.1.10.1 ------ PING 10.1.10.
Logging and Network Management Command Set Managing Switch Network Addresses 11.2.3.20 traceroute Use this command to display a hop-by-hop path through an IP network from the device to a specific destination host when operating in switch mode. Three UDP or ICMP probes will be transmitted for each hop between the source and the traceroute destination.
Logging and Network Management Command Set Managing Switch Network Addresses -x (Optional) Prevents traceroute from calculating checksums. host Specifies the host to which the route of an IP packet will be traced. packetlen (Optional) Specifies the length of the probe packet. Command Defaults • If not specified, waittime will be set to 5 seconds. • If not specified, first-ttl will be set to 1 second. • If not specified, max-ttl will be set to 30 seconds.
Logging and Network Management Command Set Managing Switch Network Addresses Example This example shows how to use traceroute to display a round trip path to host 192.167.252.17. In this case, hop 1 is the Matrix E1 switch, hop 2 is 14.1.0.45, and hop 3 is back to the host IP address. Round trip times for each of the three UDP probes are displayed next to each hop: Matrix>traceroute 192.167.252.17 traceroute to 192.167.252.17 (192.167.252.17), 30 hops max, 40 byte packets 1 matrix.enterasys.com (192.167.
Logging and Network Management Command Set Configuring Simple Network Time Protocol (SNTP) 11.2.4 Configuring Simple Network Time Protocol (SNTP) Purpose To configure the Simple Network Time Protocol (SNTP), which synchronizes device clocks in a network. Commands Commands to configure SNTP are listed below and described in the associated section as shown. • show sntp (Section 11.2.4.1) • set sntp client (Section 11.2.4.2) • set sntp broadcastdelay (Section 11.2.4.3) • set sntp poll-interval (Section 11.
Logging and Network Management Command Set Configuring Simple Network Time Protocol (SNTP) 11.2.4.1 show sntp Use this command to display SNTP settings. show sntp Syntax Description None. Command Defaults None. Command Mode Read-Only. Example This example shows how to display SNTP settings. In this case, SNTP is operating in unicast mode. Broadcast delay is set at the default of 3000 milliseconds and SNTP requests are being transmitted every 512 seconds. Two servers, one with IP address 10.21.1.
Logging and Network Management Command Set Configuring Simple Network Time Protocol (SNTP) 11.2.4.2 set sntp client Use this command to set the SNTP operation mode. set sntp client {broadcast | unicast | disable} Syntax Description broadcast Enables SNTP in broadcast client mode. unicast Enables SNTP in unicast (point-to-point) client mode. In this mode, the client must supply the IP address from which to retrieve the current time. disable Disables SNTP. Command Defaults None.
Logging and Network Management Command Set Configuring Simple Network Time Protocol (SNTP) 11.2.4.3 set sntp broadcastdelay Use this command to set the SNTP time to wait for a response from an SNTP server, in milliseconds, when in broadcast mode. set sntp broadcastdelay time Syntax Description time Specifies broadcast delay time in milliseconds. Valid values are 1 to 999999. Default value is 3000. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
Logging and Network Management Command Set Configuring Simple Network Time Protocol (SNTP) 11.2.4.4 set sntp poll-interval Use this command to set the SNTP poll interval in seconds. This is the time between SNTP requests when operation in broadcast or unicast mode. set sntp poll-interval interval Syntax Description interval Specifies the poll interval in seconds. Valid values are 16 to 16284. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
Logging and Network Management Command Set Configuring Simple Network Time Protocol (SNTP) 11.2.4.5 set sntp server Use this command to add a server from which the SNTP client will retrieve the current time when operating in unicast mode. Up to 10 servers can be set as SNTP servers. set sntp server {ip-address | hostname} Syntax Description ip-address | hostname Specifies the SNTP server’s IP address or host name. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
Logging and Network Management Command Set Configuring Simple Network Time Protocol (SNTP) 11.2.4.6 clear sntp server Use this command to remove one or all servers from the SNTP server list. clear sntp server {all [ip-address | hostname]} Syntax Description all Removes all servers from the SNTP server list. ip-address | hostname Specifies the IP address or host name of a server to remove from the SNTP server list. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
Logging and Network Management Command Set Configuring Simple Network Time Protocol (SNTP) 11.2.4.7 set timezone Use this command to set the SNTP time zone name and hours and minutes it is offset from Coordinated Universal Time (UTC). set timezone name [hours] [minutes] Syntax Description name Specifies the time zone name. hours (Optional) Specifies the number of hours this timezone will be offset from UTC. Valid values are minus 12 (-12) to 12.
Logging and Network Management Command Set Configuring Simple Network Time Protocol (SNTP) 11.2.4.8 clear timezone Use this command to remove SNTP time zone adjustment values. clear timezone Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
Logging and Network Management Command Set Configuring Node Aliases 11.2.5 Configuring Node Aliases Purpose To review, configure, disable and re-enable node (port) alias functionality, which determines what network protocols are running on one or more ports. Commands Commands to configure node aliases are listed below and described in the associated section as shown. • show nodealias (Section 11.2.5.1) • show nodealias config (Section 11.2.5.2) • set nodealias (Section 11.2.5.
Logging and Network Management Command Set Configuring Node Aliases 11.2.5.1 show nodealias Use this command to display node alias properties. show nodealias Syntax Description None. Command Defaults None. Command Mode Read-Only. Example This example (a portion of the command output) shows how to display node alias properties: Matrix>show nodealias Alias ID = 24117248 Interface = ge.0.
Logging and Network Management Command Set Configuring Node Aliases Table 11-7 show nodealias Output Details Output What It Displays... Alias ID Alias dynamically assigned to this port. NOTE: Node aliases are dynamically assigned upon packet reception to ports enabled with an alias agent, which is the default setting on Matrix E1 Series devices. Node aliases cannot be statically created, but can be deleted using the clear node alias command (Section 11.2.5.5).
Logging and Network Management Command Set Configuring Node Aliases 11.2.5.2 show nodealias config Use this command to display node alias configuration settings on one or more ports. show nodealias config [port-string] Syntax Description port-string (Optional) Displays node alias configuration settings for specific port(s). For a detailed description of possible port-string values, refer to Section 4.1.2.
Logging and Network Management Command Set Configuring Node Aliases Table 11-8 11-80 show nodealias config Output Details Output What It Displays... Total Control Entries Total aliases learned. Active Entries Number of Total Control Entries that are active (not marked for deletion). Purge Time Last time the node alias table was cleared. State Node alias is ready to learn new entries. Allocated Entries Number of entries that have been allocated to all the ports.
Logging and Network Management Command Set Configuring Node Aliases 11.2.5.3 set nodealias Use this command to enable or disable a node alias agent on one or more ports. Upon packet reception, node aliases are dynamically assigned to ports enabled with an alias agent, which is the default setting on Matrix E1 Series devices. Node aliases cannot be statically created, but can be deleted using the clear node alias command as described in Section 11.2.5.5.
Logging and Network Management Command Set Configuring Node Aliases 11.2.5.4 set nodealias maxentries Use this command to set the maximum number of node alias entries allowed for one or more ports. set nodealias maxentries val port-string Syntax Description val Specifies the maximum number of alias entries. Valid values are 1 - 4096. port-string Specifies the port(s) on which to set the maximum entry value. For a detailed description of possible port-string values, refer to Section 4.1.2.
Logging and Network Management Command Set Configuring Node Aliases 11.2.5.5 clear nodealias Use this command to remove one or more node alias entries. clear nodealias {port port-string | alias-id alias-id} Syntax Description port port-string Specifies the port(s) on which to remove all node alias entries. For a detailed description of possible port-string values, refer to Section 4.1.2. alias-id alias-id Specifies the ID of the node alias to remove.
Logging and Network Management Command Set Configuring Node Aliases 11.2.5.6 clear nodealias config Use this command to reset node alias state to enabled and clear the maximum entries value. clear nodealias config Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
12 IP Configuration This chapter describes the Internet Protocol (IP) configuration set of commands and how to use them. ROUTER: The commands covered in this chapter can be executed when the device is in router mode only. For details on how to enable router configuration modes, refer to Section 3.3.3. 12.1 PROCESS OVERVIEW: INTERNET PROTOCOL (IP) CONFIGURATION Use the following steps as a guide to configuring IP on the device: 1. Configuring routing interface settings (Section 12.2.3) 2.
IP Configuration Command Set Configuring Routing Interface Settings 12.2 IP CONFIGURATION COMMAND SET 12.2.1 Configuring Routing Interface Settings About Loopback vs. VLAN Interfaces Loopback interfaces are different from VLAN routing interfaces because they allow you to disconnect the operation of routing protocols from network hardware operation, improving the reliability of IP connections. A loopback interface is always reachable.
IP Configuration Command Set Configuring Routing Interface Settings Purpose To enable routing interface configuration mode on the device, to create VLAN or loopback routing interfaces, to review the usability status of interfaces configured for IP, to set IP addresses for interfaces, and to enable interfaces for IP routing at device startup.
IP Configuration Command Set Configuring Routing Interface Settings 12.2.1.1 show interface Use this command to display information about all interfaces (VLANs or loopbacks) configured on the router. show interface [vlan vlan-id | loopback loopback-id] Syntax Description vlan vlan-id | loopback loopback-id (Optional) Displays interface information for a specific VLAN or loopback. This interface must be configured for IP routing as described in Section 3.3.2. Command Type Router command.
IP Configuration Command Set Configuring Routing Interface Settings Example This example shows how to display information for all interfaces configured on the router: Matrix>Router#show interface Vlan 1 is Administratively UP Vlan 1 is Operationally UP Internet Address is 10.1.1.1, Subnet Mask is 255.0.0.0 Internet Address is 11.1.1.1, Subnet Mask is 255.0.0.0 Internet Address is 12.1.1.1, Subnet Mask is 255.0.0.0 Internet Address is 13.1.1.1, Subnet Mask is 255.0.0.0 Internet Address is 14.1.1.
IP Configuration Command Set Configuring Routing Interface Settings 12.2.1.2 interface Use this command to enable interface configuration mode from global configuration mode. For details on configuration modes supported by the Matrix E1 device and their uses, refer to Table 3-8 in Section 3.3.3. interface vlan vlan_id | loopback loopback-id NOTES: VLANs must be created in switch mode before they can be configured for IP routing.
IP Configuration Command Set Configuring Routing Interface Settings 12.2.1.3 show ip interface Use this command to display information, including administrative status, IP address, name, MTU size and bandwidth, for interfaces configured for IP. show ip interface [vlan vlan_id | loopback loopback-id] Syntax Description vlan vlan_id | loopback loopback-id (Optional) Displays interface information for a specific VLAN or loopback. This interface must be configured for IP routing as described in Section 3.3.
IP Configuration Command Set Configuring Routing Interface Settings 12.2.1.4 ip address Use this command to set, remove, or disable a primary or secondary IP address for an interface. ip address ip_address ip_mask [secondary] Syntax Description ip_address Specifies the IP address of the interface to be added or removed. ip_mask Specifies the mask for the associated IP subnet. secondary (Optional) Specifies that the configured IP address is a secondary address.
IP Configuration Command Set Configuring Routing Interface Settings 12.2.1.5 no shutdown Use this command to enable an interface for IP routing and to allow the interface to automatically be enabled at device startup. no shutdown Syntax Description None. NOTE: The shutdown form of this command disables an interface for IP routing. Command Type Router command. Command Mode Interface configuration: Matrix>Router(config-if(Vlan ))# Command Defaults None.
IP Configuration Command Set Reviewing and Saving the Routing Configuration 12.2.2 Reviewing and Saving the Routing Configuration Purpose To review and save the current routing configuration, and to disable IP routing. Commands The commands needed to review and save the routing configuration are listed below and described in the associated section as shown: • show running-config (Section 12.2.2.1) • write (Section 12.2.2.2) • no ip routing (Section 12.2.2.
IP Configuration Command Set Reviewing and Saving the Routing Configuration 12.2.2.1 show running-config Use this command to display the current non-default router operating configuration. show running-config Syntax Description None. Command Type Router command. Command Mode Privileged EXEC: Matrix>Router# Command Defaults None. Example This example shows how to display the current router operating configuration: Matrix>Router#show running-config ! Router id 182.127.62.
IP Configuration Command Set Reviewing and Saving the Routing Configuration Table 12-2 12-12 show running-config Output Details Output What It Displays... Router id Router ID (IP address) used by the OSPF protocol for path selection. Unless configured by using the router id command as described in Section 13.1.2.3, this will default to the lowest IP address of interfaces configured for routing on the device. interface vlan VLANs configured for IP routing and their IP addresses.
IP Configuration Command Set Reviewing and Saving the Routing Configuration 12.2.2.2 write Use this command to save or delete the router running configuration, or to display it to output devices. write [erase | file [filename config_file] | terminal] NOTE: The write file command must be executed in order to save the router configuration to NVRAM. If this command is not executed, router configuration changes will not be saved upon reboot.
IP Configuration Command Set Reviewing and Saving the Routing Configuration Example This example shows how to display the router-specific configuration to the terminal: Matrix>Router#write terminal Enable Config t interface vlan 1 iP Address 182.127.63.1 255.255.255.0 no shutdown interface vlan 2 iP Address 182.127.62.1 255.255.255.0 no shutdown exit router rip network 182.127.0.
IP Configuration Command Set Reviewing and Saving the Routing Configuration 12.2.2.3 no ip routing Use this command to disable IP routing on the device and remove the routing configuration. By default, IP routing is enabled when interfaces are configured for it as described in Section 12.2.1. no ip routing Syntax Description None. Command Type Router command. Command Mode Global configuration: Matrix>Router(config)# Command Defaults None.
IP Configuration Command Set Reviewing and Configuring the ARP Table 12.2.3 Reviewing and Configuring the ARP Table Purpose To review and configure the routing ARP table, to enable proxy ARP on an interface, and to set a MAC address on an interface. Commands The commands needed to review and configure the ARP table are listed below and described in the associated section as shown: • show ip arp (Section 12.2.3.1) • arp (Section 12.2.3.2) • ip proxy-arp (Section 12.2.3.3) • ip mac-address (Section 12.2.3.
IP Configuration Command Set Reviewing and Configuring the ARP Table 12.2.3.1 show ip arp Use this command to display entries in the ARP (Address Resolution Protocol) table. ARP converts an IP address into a physical address. show ip arp [ip_address] [vlan vlan_id] [output-modifier] Syntax Description ip_address (Optional) Displays ARP entries related to a specific IP address. vlan vlan_id (Optional) Displays only ARP entries learned through a specific VLAN interface.
IP Configuration Command Set Reviewing and Configuring the ARP Table Example The following example shows how to use the show ip arp command: Matrix>Router#show ip arp Protocol Address Age (min) Hardware Addr Type Interface -----------------------------------------------------------------------------Internet 134.141.235.251 0 Internet 134.141.235.165 - Internet 134.141.235.167 4 0003.4712.7a99 ARPA Vlan1 0002.1664.a5b3 ARPA Vlan1/fe.0.1 00d0.cf00.
IP Configuration Command Set Reviewing and Configuring the ARP Table 12.2.3.2 arp Use this command to add or remove permanent ARP table entries. arp ip_address mac_address arpa Syntax Description ip_address Specifies the IP address of a device on the network. Valid values are IP addresses in dotted decimal notation. mac_address Specifies the 48-bit hardware address corresponding to the ip_address expressed in hexadecimal notation. arpa Specifies ARPA as the type of ARP mapping.
IP Configuration Command Set Reviewing and Configuring the ARP Table 12.2.3.3 ip proxy-arp Use this command to re-enable proxy ARP on an interface. This variation of the ARP protocol allows the router to send an ARP response on behalf of an end node to the requesting host. Proxy ARP can lessen bandwidth use on slow-speed WAN links. It is enabled by default. ip proxy-arp Syntax Description None.
IP Configuration Command Set Reviewing and Configuring the ARP Table 12.2.3.4 ip mac-address Use this command to set a MAC address on an interface. ip mac-address address Syntax Description address Specifies a 48-bit MAC address in hexadecimal format. Command Syntax of the “no” Form The “no” form of this command clears the MAC address: no ip mac-address Command Type Router command. Command Mode Interface configuration: Matrix>Router(config-if (Vlan ))# Command Defaults None.
IP Configuration Command Set Reviewing and Configuring the ARP Table 12.2.3.5 arp timeout Use this command to set the duration (in seconds) for entries to stay in the ARP table before expiring. arp timeout seconds Syntax Description seconds Specifies the time in seconds that an entry remains in the ARP cache. Valid values are 15 - 65535.
IP Configuration Command Set Reviewing and Configuring the ARP Table 12.2.3.6 clear arp-cache Use this command to delete all nonstatic (dynamic) entries from the ARP table. clear arp-cache Syntax Description None. Configuration Mode Privileged EXEC: Matrix>Router# Command Defaults None.
IP Configuration Command Set Configuring Broadcast Settings 12.2.4 Configuring Broadcast Settings Purpose To configure IP broadcast settings. Commands The commands needed to configure IP broadcast settings are listed below and described in the associated section as shown: • ip directed-broadcast (Section 12.2.4.1) • ip helper address (Section 12.2.4.
IP Configuration Command Set Configuring Broadcast Settings 12.2.4.1 ip directed-broadcast Use this command to enable or disable IP directed broadcasts on an interface. ip directed-broadcast Syntax Description None. Command Syntax of the “no” Form The “no” form of this command disables IP directed broadcast globally: no ip directed-broadcast Command Type Router command. Command Mode Interface configuration: Matrix>Router(config-if(Vlan ))# Command Defaults None.
IP Configuration Command Set Configuring Broadcast Settings 12.2.4.2 ip helper address Use this command to enable or disable forwarding of UDP datagrams and specify the new destination address. Default ports from which datagrams will be forwarded are 67 and 68. ip helper-address address Syntax Description address Specifies the destination broadcast or host address to be used when forwarding UDP datagrams.
IP Configuration Command Set Reviewing IP Traffic and Configuring Routes 12.2.5 Reviewing IP Traffic and Configuring Routes Purpose To review IP protocol information about the device, to review IP traffic and configure routes, to enable and send router ICMP (ping) messages, and execute traceroute. Commands The commands needed to review IP traffic and configure routes are listed below and described in the associated section as shown: • show ip protocols (Section 12.2.5.1) • show ip traffic (Section 12.2.
IP Configuration Command Set Reviewing IP Traffic and Configuring Routes 12.2.5.1 show ip protocols Use this command to display information about IP protocols running on the device. show ip protocols Syntax Description None. Command Type Router command. Command Mode Privileged EXEC: Matrix>Router# Command Defaults None. Example This example shows how to display IP protocol information. In this case, the routing protocol is RIP (Routing Information Protocol).
IP Configuration Command Set Reviewing IP Traffic and Configuring Routes 12.2.5.2 show ip traffic Use this command to display IP traffic statistics. show ip traffic [softpath] Syntax Description softpath (Optional) Displays IP protocol softpath statistics. This option is used for debugging. Command Type Router command. Command Mode Privileged EXEC: Matrix>Router# Command Defaults If softpath is not specified, general IP traffic statistics will be displayed.
IP Configuration Command Set Reviewing IP Traffic and Configuring Routes Example This example shows how to display IP traffic statistics: Matrix>Router#show ip traffic IP Statistics: Rcvd: 10 total, 6 local destination 0 header errors 0 unknown protocol, 0 security failures Frags: 0 reassembled, 0 timeouts 0 couldn't reassemble 0 fragmented, 0 couldn't fragment Bcast: 1 received, 8 sent Mcast: 0 received, 16 sent Sent: 24 generated, 0 forwarded 0 no route ICMP Statistics: Rcvd: 4 total, 0 checksum errors,
IP Configuration Command Set Reviewing IP Traffic and Configuring Routes 12.2.5.3 clear ip stats Use this command to clear all IP traffic counters (IP, ICMP, UDP, TCP, IGMP, and ARP). clear ip stats Syntax Description None. Configuration Mode Privileged EXEC: Matrix>Router# Command Defaults None.
IP Configuration Command Set Reviewing IP Traffic and Configuring Routes 12.2.5.4 show ip route Use this command to display information about IP routes. show ip route [destination prefix destination prefix mask longer-prefixes | connected | ospf | rip | static | summary] Syntax Description destination prefix destination prefix mask longer-prefixes (Optional) Converts the specified address and mask into a prefix and displays any routes that match the prefix.
IP Configuration Command Set Reviewing IP Traffic and Configuring Routes Example This example shows how to display all IP route information.
IP Configuration Command Set Reviewing IP Traffic and Configuring Routes 12.2.5.5 ip route Use this command to add or remove a static IP route. ip route prefix mask {forward-addr | vlan vlan-id} [distance] [permanent] [tag value] Syntax Description prefix Specifies a destination IP address prefix. mask Specifies a destination prefix mask. forward-addr | vlan vlan-id Specifies a forwarding (gateway) IP address or routing (VLAN) interface ID.
IP Configuration Command Set Reviewing IP Traffic and Configuring Routes Examples This example shows how to set IP address 10.1.2.3 as the next hop gateway to destination address 10.0.0.0. The route is assigned a tag of 1: Matrix>Router(config)#ip route 10.0.0.0 255.0.0.0 10.1.2.3 1 This example shows how to set IP address 10.1.2.3 as the next hop gateway to destination address 10.0.0.0. The route is set as permanent and assigned a tag of 20: Matrix>Router(config)#ip route 10.0.0.0 255.0.0.0 10.1.2.
IP Configuration Command Set Reviewing IP Traffic and Configuring Routes 12.2.5.6 ip icmp Use this command to re-enable the Internet Control Message Protocol (ICMP), allowing a router to reply to IP ping requests. By default, ICMP messaging is enabled on a routing interface for both echo-reply and mask-reply modes. If, for security reasons, ICMP has been disabled using no ip icmp, this command will re-enable it on the routing interface.
IP Configuration Command Set Reviewing IP Traffic and Configuring Routes 12.2.5.7 ping Use this command to test routing network connectivity by sending IP ping requests. The ping utility (IP ping only) transmits a maximum of five echo requests, with a packet size of 100. The application stops when the response has been received, or after the maximum number of requests has been sent.
IP Configuration Command Set Reviewing IP Traffic and Configuring Routes 12.2.5.8 traceroute Use this command to display a hop-by-hop path through an IP network from the device to a specific destination host. Three ICMP probes will be transmitted for each hop between the source and the traceroute destination. traceroute host Syntax Description host Specifies a host to which the route of an IP packet will be traced. Command Type Router command.
13 Routing Protocol Configuration This chapter describes the Routing Protocol Configuration set of commands and how to use them. ROUTER: The commands covered in this chapter can be executed when the device is in router mode only. For details on how to enable router configuration modes, refer to Section 3.3.3. 13.1 PROCESS OVERVIEW: ROUTING PROTOCOL CONFIGURATION Use the following steps as a guide to configuring routing protocols on the device: 1. Configuring RIP (Section 13.1.1) 2.
Process Overview: Routing Protocol Configuration Configuring RIP 13.1.1 Configuring RIP Purpose To enable and configure the Routing Information Protocol (RIP). RIP Configuration Task List and Commands Table 13-1 lists the tasks and commands associated with RIP configuration. Commands are described in the associated section as shown. NOTE: Enabling RIP with the router rip and network commands is required if you want to run RIP on the device. All other tasks are optional.
Process Overview: Routing Protocol Configuration Configuring RIP Table 13-1 RIP Configuration Task List and Commands (Continued) To do this... Use these commands... Configure RIP authentication. key chain (Section 13.1.1.9) key (Section 13.1.1.10) key-string (Section 13.1.1.11) accept-lifetime (Section 13.1.1.12) send-lifetime (Section 13.1.1.13) ip rip authentication keychain (Section 13.1.1.14) ip rip authentication mode (Section 13.1.1.
Process Overview: Routing Protocol Configuration Configuring RIP 13.1.1.1 router rip Use this command to enable or disable RIP configuration mode. router rip NOTE: You must execute the router rip command to enable the protocol before completing many RIP-specific configuration tasks. For details on enabling configuration modes, refer to Table 3-8 in Section 3.3.3. Syntax Description None.
Process Overview: Routing Protocol Configuration Configuring RIP 13.1.1.2 network Use this command to attach a network of directly connected networks to a RIP routing process, or to remove a network from a RIP routing process. network ip_address Syntax Description ip_address Specifies the IP address of a directly connected network that RIP will advertise to its neighboring routers.
Process Overview: Routing Protocol Configuration Configuring RIP 13.1.1.3 neighbor Use this command to instruct the router to send unicast RIP information to a specific IP address. neighbor ip_address Syntax Description ip_address Specifies the IP address of a directly connected network. Command Syntax of the “no” Form The “no” form of this command disables point-to-point routing exchanges: no neighbor ip_address Command Type Router command.
Process Overview: Routing Protocol Configuration Configuring RIP 13.1.1.4 distance Use this command to configure the administrative distance for RIP routes. If several routes (coming from different protocols) are presented to the Matrix E1 Series Route Table Manager (RTM), the protocol with the lowest administrative distance will be chosen for route installation. By default, RIP administrative distance is set to 120.
Process Overview: Routing Protocol Configuration Configuring RIP Example This example shows how to change the default administrative distance for RIP to 1001: Matrix>Router(config)#router rip Matrix>Router(config-router)#distance 100 13-8 Matrix E1 Series (1G58x-09 and 1H582-xx) Configuration Guide
Process Overview: Routing Protocol Configuration Configuring RIP 13.1.1.5 ip rip offset Use this command to add or remove an offset to the metric of an incoming or outgoing RIP route. Adding an offset on an interface is used for the purpose of making an interface a backup. ip rip offset {in | out} value Syntax Description in Applies the offset to incoming metrics. out Applies the offset to outgoing metrics. value Specifies a positive offset to be applied to routes learned via RIP.
Process Overview: Routing Protocol Configuration Configuring RIP 13.1.1.6 timers Use this command to adjust RIP routing timers determining the frequency of routing updates, the length of time before a route becomes invalid, and the interval during which routing information regarding better paths is suppressed. timers basic update_seconds invalid_seconds holdown_seconds flush_seconds Syntax Description basic Specifies a basic configuration for RIP routing timers.
Process Overview: Routing Protocol Configuration Configuring RIP 13.1.1.7 ip rip send version Use this command to set the RIP version(s) for update packets transmitted on an interface. ip rip send version {1 | 2 | r1compatible} Syntax Description 1 Specifies RIP version 1. 2 Specifies RIP version 2.
Process Overview: Routing Protocol Configuration Configuring RIP 13.1.1.8 ip rip receive version Use this command to set the RIP version(s) for update packets accepted on the interface. ip rip receive version {1 | 2 | 1 2 | none} Syntax Description 1 Specifies RIP version 1. 2 Specifies RIP version 2. 12 Specifies both versions 1 and 2. none Specifies that no RIP routes will be processed on this interface.
Process Overview: Routing Protocol Configuration Configuring RIP About RIP Authentication The following tasks must be completed to configure RIP authentication on the Matrix E1 device: 1. Create a key chain as described in Section 13.1.1.9. 2. Add a key to the chain as described in Section 13.1.1.10. 3. Specify an authentication string for the key as described in Section 13.1.1.11. 4. Set the time periods the authentication string can be received and sent as valid as described in Section 13.1.1.
Process Overview: Routing Protocol Configuration Configuring RIP 13.1.1.10 key Use this command to identify a RIP authentication key on a key chain. key key-id NOTE: This release of the Matrix E1 supports only one key per key chain. Syntax Description key-id Specifies an authentication number for a key. Valid number are from 0 to 4294967295. Only one key is supported per key chain in this Matrix E1 release.
Process Overview: Routing Protocol Configuration Configuring RIP 13.1.1.11 key-string Use this command to specify an authentication string for a key. Once configured, this string must be sent and received in RIP packets in order for them to be authenticated. key-string text Syntax Description text Specifies the authentication string that must be sent and received in RIP packets.
Process Overview: Routing Protocol Configuration Configuring RIP 13.1.1.12 accept-lifetime Use this command to specify the time period during which an authentication key on a key chain is valid to be received. accept-lifetime start-time month date year {duration seconds | end-time | infinite} Syntax Description start-time Specifies the time of day the authentication key will begin to be valid to be received.
Process Overview: Routing Protocol Configuration Configuring RIP Command Mode Key chain key configuration: Matrix>Router(config-keychain-key)# Command Defaults None.
Process Overview: Routing Protocol Configuration Configuring RIP 13.1.1.13 send-lifetime Use this command to specify the time period during which an authentication key on a key chain is valid to be sent. send-lifetime start-time month date year {duration seconds | end-time | infinite} Syntax Description start-time Specifies the time of day the authentication key will begin to be valid to be sent.
Process Overview: Routing Protocol Configuration Configuring RIP Command Defaults None.
Process Overview: Routing Protocol Configuration Configuring RIP 13.1.1.14 ip rip authentication keychain Use this command to enable or disable a RIP authentication key chain for use on an interface. ip rip authentication keychain name NOTE: A RIP authentication keychain must be enabled with this command before the RIP authentication mode (Section 13.1.1.15) can be configured. Syntax Description name Specifies the key chain name to enable or disable for RIP authentication.
Process Overview: Routing Protocol Configuration Configuring RIP 13.1.1.15 ip rip authentication mode Use this command to set the authentication mode when a key chain is present. ip rip authentication mode {text | md5} NOTE: The RIP authentication keychain must be enabled as described in Section 13.1.1.14 before RIP authentication mode can be configured. Syntax Description text Initiates text-only authentication. md5 Initiates MD5 authentication.
Process Overview: Routing Protocol Configuration Configuring RIP 13.1.1.16 no auto-summary Use this command to disable automatic route summarization. By default, RIP version 2 supports automatic route summarization, which summarizes subprefixes to the classful network boundary when crossing network boundaries. Disabling automatic route summarization enables CIDR, allowing RIP to advertise all subnets and host routing information on the Matrix E1 Series device.
Process Overview: Routing Protocol Configuration Configuring RIP 13.1.1.17 ip rip disable-triggered-updates Use this command to prevent RIP from sending triggered updates. Triggered updates are sent when there is a change in the network and a new route with a lower metric is learned, or an old route is lost. This command stops or starts the interface from sending these triggered updates. By default triggered updates are enabled on a RIP interface. ip rip disable-triggered-updates Syntax Description None.
Process Overview: Routing Protocol Configuration Configuring RIP 13.1.1.18 ip split-horizon Use this command to enable or disable split horizon mode for RIP packets. Split horizon prevents packets from exiting through the same interface on which they were received. ip split-horizon [poison] Syntax Description poison (Optional) Specifies that split horizon be performed with poison-reverse.
Process Overview: Routing Protocol Configuration Configuring RIP 13.1.1.19 passive-interface Use this command to prevent RIP from transmitting update packets on an interface. passive-interface vlan vlan_id NOTE: This command does not prevent RIP from monitoring updates on the interface. Syntax Description vlan vlan_id Specifies the number of the VLAN to make a passive interface. This VLAN must be configured for IP routing as described in Section 3.3.2.
Process Overview: Routing Protocol Configuration Configuring RIP 13.1.1.20 receive-interface Use this command to allow RIP to receive update packets on an interface. This does not affect the sending of RIP updates on the specified interface. receive-interface vlan vlan_id Syntax Description vlan vlan_id Specifies the number of the VLAN to make a receive interface. This VLAN must be configured for IP routing as described in Section 3.3.2.
Process Overview: Routing Protocol Configuration Configuring RIP 13.1.1.21 distribute-list Use this command to filter networks received and to suppress networks from being advertised in RIP updates. distribute-list access-list-number {in vlan vlan_id | out vlan vlan_id} Syntax Description access-list-number Specifies the number of the IP access list. This list defines which networks are to be advertised and which are to be suppressed in routing updates.
Process Overview: Routing Protocol Configuration Configuring RIP 13.1.1.22 redistribute Use this command to allow routing information discovered through non-RIP protocols to be distributed in RIP update messages. redistribute {connected | ospf process_id | static} [metric metric value] [subnets] Syntax Description connected Specifies that non-RIP routing information discovered via directly connected interfaces will be redistributed.
Process Overview: Routing Protocol Configuration Configuring RIP Example This example shows how to redistribute routing information discovered through OSPF process ID 1 non-subnetted routes into RIP update messages: Matrix>Router(config)#router rip Matrix>Router(config-router)#redistribute ospf 1 Matrix E1 Series (1G58x-09 and 1H582-xx) Configuration Guide 13-29
Process Overview: Routing Protocol Configuration Configuring OSPF 13.1.2 Configuring OSPF Purpose To enable and configure the Open Shortest Path First (OSPF) routing protocol. OSPF Configuration Task List and Commands Table 13-2 lists the tasks and commands associated with OSPF configuration. Commands are described in the associated section as shown. . NOTE: Enabling OSPF with the router ospf and network commands are required if you want to run OSPF on the device. All other tasks are optional.
Process Overview: Routing Protocol Configuration Configuring OSPF Table 13-2 OSPF Configuration Task List and Commands (Continued) To do this... Use these commands... • Configure OSPF authentication. ip ospf authentication-key (Section 13.1.2.11) ip ospf message digest key md5 (Section 13.1.2.12) Configure OSPF Areas. • Configure an administrative distance ospf (Section 13.1.2.13) distance. • Define the range of addresses to be area range (Section 13.1.2.
Process Overview: Routing Protocol Configuration Configuring OSPF 13.1.2.1 router ospf Use this command to enable or disable Open Shortest Path First (OSPF) configuration mode. router ospf process-id NOTE: You must execute the router ospf command to enable the protocol before completing many OSPF-specific configuration tasks. For details on enabling configuration modes, refer to Table 3-8 in Section 3.3.3.
Process Overview: Routing Protocol Configuration Configuring OSPF 13.1.2.2 network Use this command to configure area IDs for OSPF interfaces. network ip_address wildcard_mask area area-id Syntax Description ip_address Specifies the IP address of an interface or a group of interfaces within the network address range. wildcard_mask Specifies the IP-address-type mask that includes “don't care” bits. area area-id Specifies the area-id to be associated with the OSPF address range.
Process Overview: Routing Protocol Configuration Configuring OSPF 13.1.2.3 router id Use this command to set the OSPF router ID for the device. The OSPF protocol uses the router ID as a tie-breaker for path selection. If not specified, this will be set to the lowest IP address of the interfaces configured for IP routing. router id ip_address Syntax Description ip_address Specifies the IP address that OSPF will use as the router ID.
Process Overview: Routing Protocol Configuration Configuring OSPF 13.1.2.4 ip ospf cost Use this command to set the cost of sending a packet on an interface. Each router interface that participates in OSPF routing is assigned a default cost. This command overwrites the default of 10. ip ospf cost cost Syntax Description cost Specifies the cost of sending a packet. Valid values range from 1 to 65535.
Process Overview: Routing Protocol Configuration Configuring OSPF 13.1.2.5 ip ospf priority Use this command to set the OSPF priority value for router interfaces. The priority value is communicated between routers by means of hello messages and influences the election of a designated router. ip ospf priority number Syntax Description number Specifies the router’s OSPF priority in a range from 0 to 255.
Process Overview: Routing Protocol Configuration Configuring OSPF 13.1.2.6 timers spf Use this command to change OSPF timer values to fine-tune the OSPF network. timers spf spf-delay spf-hold Syntax Description spf-delay Specifies the delay, in seconds, between the receipt of an update and the SPF execution. Valid values are 0 to 4294967295. spf-hold Specifies the minimum amount of time, in seconds, between two consecutive OSPF calculations. Valid values are 0 to 4294967295.
Process Overview: Routing Protocol Configuration Configuring OSPF 13.1.2.7 ip ospf retransmit-interval Use this command to set the amount of time between retransmissions of link state advertisements (LSAs) for adjacencies that belong to an interface. ip ospf retransmit-interval seconds Syntax Description seconds Specifies the retransmit time in seconds. Valid values are 1 to 3600.
Process Overview: Routing Protocol Configuration Configuring OSPF 13.1.2.8 ip ospf transmit-delay Use this command to set the amount of time required to transmit a link state update packet on an interface. ip ospf transmit-delay seconds Syntax Description seconds Specifies the transmit delay in seconds. Valid values are from 1 to 3600.
Process Overview: Routing Protocol Configuration Configuring OSPF 13.1.2.9 ip ospf hello-interval Use this command to set the number of seconds a router must wait before sending a hello packet to neighbor routers on an interface. ip ospf hello-interval seconds Syntax Description seconds Specifies the hello interval in seconds. Hello interval must be the same on neighboring routers (on a specific subnet), but can vary between subnets.
Process Overview: Routing Protocol Configuration Configuring OSPF 13.1.2.10 ip ospf dead-interval Use this command to set the number of seconds a router must wait to receive a hello packet from its neighbor before determining that the neighbor is out of service. ip ospf dead-interval seconds Syntax Description seconds Specifies the number of seconds that a router must wait to receive a hello packet. Dead interval must be the same on neighboring routers (on a specific subnet), but can vary between subnets.
Process Overview: Routing Protocol Configuration Configuring OSPF 13.1.2.11 ip ospf authentication-key Use this command to assign a password to be used by neighboring routers using OSPF’s simple password authentication. This password is used as a “key” that is inserted directly into the OSPF header in routing protocol packets. A separate password can be assigned to each OSPF network on a per-interface basis.
Process Overview: Routing Protocol Configuration Configuring OSPF 13.1.2.12 ip ospf message digest key md5 Use this command to enable or disable OSPF MD5 authentication on an interface. This validates OSPF MD5 routing updates between neighboring routers. ip ospf message-digest-key keyid md5 key Syntax Description keyid Specifies the key identifier on the interface where MD5 authentication is enabled. Valid values are integers from 1 to 255.
Process Overview: Routing Protocol Configuration Configuring OSPF 13.1.2.13 distance ospf Use this command to configure the administrative distance for OSPF routes. If several routes (coming from different protocols) are presented to the Matrix E1 Series Route Table Manager (RTM), the protocol with the lowest administrative distance will be chosen for route installation. By default, OSPF administrative distance is set to 110.
Process Overview: Routing Protocol Configuration Configuring OSPF Command Mode Router configuration: Matrix>Router(config-router)# Command Defaults If route type is not specified, the distance value will be applied to all OSPF routes.
Process Overview: Routing Protocol Configuration Configuring OSPF 13.1.2.14 area range Use this command to define the range of addresses to be used by Area Border Routers (ABRs) when they communicate routes to other areas. area area-id range ip_address ip_mask Syntax Description area-id Specifies the area at the boundary of which routes are to be summarized. ip_address Specifies the common prefix of the summarized networks. ip_mask Specifies the length of the common prefix.
Process Overview: Routing Protocol Configuration Configuring OSPF 13.1.2.15 area authentication Use this command to enable or disable authentication for an OSPF area. area area-id authentication {simple | message-digest} Syntax Description area-id Specifies the OSPF area in which to enable authentication. Valid values are decimal values or IP addresses. simple Enables simple text authentication. Simple password authentication allows a password (key) to be configured per area.
Process Overview: Routing Protocol Configuration Configuring OSPF 13.1.2.16 area stub Use this command to define an OSPF area as a stub area. This is an area that carries no external routes. area area-id stub [no-summary] Syntax Description area-id Specifies the stub area. Valid values are decimal values or ip addresses. no-summary (Optional) Prevents an Area Border Router (ABR) from sending Link State Advertisements (LSAs) into the stub area.
Process Overview: Routing Protocol Configuration Configuring OSPF 13.1.2.17 area default cost Use this command to set the cost value for the default route that is sent into a stub area by an Area Border Router (ABR). The use of this command is restricted to ABRs attached to stub areas. area area-id default-cost cost Syntax Description area-id Specifies the stub area. Valid values are decimal values or IP addresses.
Process Overview: Routing Protocol Configuration Configuring OSPF 13.1.2.18 area nssa Use this command to configure an area as a not so stubby area (NSSA). An NSSA allows some external routes represented by external Link State Advertisements (LSAs) to be imported into it. This is in contrast to a stub area that does not allow any external routes. External routes that are not imported into an NSSA can be represented by means of a default route.
Process Overview: Routing Protocol Configuration Configuring OSPF 13.1.2.19 area virtual-link Use this command to define an OSPF virtual link, which represents a logical connection between the backbone and a non-backbone OSPF area.
Process Overview: Routing Protocol Configuration Configuring OSPF retransmitinterval seconds Specifies the number of seconds between successive retransmissions of the same LSAs. Valid values are greater than the expected amount of time required for the update packet to reach and return from the interface, and range from 1 to 8192. transmit-delay seconds Specifies the estimated number of seconds for a link state update packet on the interface to be transmitted. Valid values range from 1 to 8192.
Process Overview: Routing Protocol Configuration Configuring OSPF 13.1.2.20 redistribute Use this command to allow routing information discovered through non-OSPF protocols to be distributed in OSPF update messages. redistribute {connected | rip | static}[metric metric value] [metric-type type-value] [subnets] Syntax Description connected Specifies that non-OSPF information discovered via directly connected interfaces will be redistributed.
Process Overview: Routing Protocol Configuration Configuring OSPF Command Syntax of the “no” Form The “no” form of this command clears redistribution parameters: no redistribute {connected | rip | static} Command Mode Router configuration: Matrix>Router(config-router)# Command Defaults • If metric value is not specified, 0 will be applied. • If type value is not specified, type 2 (external route) will be applied. • If subnets is not specified, only non-subnetted routes will be redistributed.
Process Overview: Routing Protocol Configuration Configuring OSPF 13.1.2.21 show ip ospf Use this command to display OSPF information. show ip ospf Syntax Description None. Command Type Router command. Command Mode Privileged EXEC: Matrix>Router# Command Defaults None.
Process Overview: Routing Protocol Configuration Configuring OSPF Example This example shows how to display OSPF information: Matrix>Router#show ip ospf Routing Process "ospf 20 " with ID 134.141.7.2 Supports only single TOS(TOS0) route It is an area border and autonomous system boundary router Summary Link update interval is 0 seconds. External Link update interval is 0 seconds.
Process Overview: Routing Protocol Configuration Configuring OSPF 13.1.2.22 show ip ospf database Use this command to display the OSPF link state database.
Process Overview: Routing Protocol Configuration Configuring OSPF Command Type Router command. Command Mode Privileged EXEC: Matrix>Router# Command Defaults If link-state-id is not specified, the specified type of database records will be displayed for all link state IDs. Example This example shows how to display all OSPF link state database information: Matrix>Router#show ip ospf database OSPF Router with ID(182.127.64.1) Displaying Net Link States(Area 0.0.0.0) LinkID ADV Router Age Seq# 182.127.63.
Process Overview: Routing Protocol Configuration Configuring OSPF Table 13-3 show ip ospf database Output Details Output What It Displays... Link ID Link ID, which varies as a function of the link state record type, as follows: • Net Link States - Shows the interface IP address of the designated router to the broadcast network. • Router Link States - Shows the ID of the router originating the record. • Summary Link States - Shows the summary network prefix.
Process Overview: Routing Protocol Configuration Configuring OSPF 13.1.2.23 show ip ospf border-routers Use this command to display information about OSPF internal entries to Area Border Routers (ABRs) and Autonomous System Boundary Routers (ASBRs). show ip ospf border-routers Syntax Description None. Command Type Router command. Command Mode Privileged EXEC: Matrix>Router# Command Defaults None. Example This example shows how to display information about OSPF border routers.
Process Overview: Routing Protocol Configuration Configuring OSPF 13.1.2.24 show ip ospf interface Use this command to display OSPF interface related information, including network type, priority, cost, hello interval, and dead interval. show ip ospf interface [vlan vlan_id] Syntax Description vlan vlan_id (Optional) Displays OSPF information for a specific VLAN. This VLAN must be configured for IP routing as described in Section 3.3.2. Command Type Router command.
Process Overview: Routing Protocol Configuration Configuring OSPF Table 13-4 show ip ospf interface Output Details Output What It Displays... Vlan Interface (VLAN) administrative status as up or down. Internet Address IP address and mask assigned to this interface. Router ID Router ID, which OSPF selects from IP addresses configured on this router. Network Type OSPF network type, for instance, broadcast.
Process Overview: Routing Protocol Configuration Configuring OSPF Table 13-4 show ip ospf interface Output Details (Continued) Output What It Displays... Adjacent neighbor Number of adjacent (FULL state) neighbors over this count interface. Adjacent with neighbor IP address of the adjacent neighbor.
Process Overview: Routing Protocol Configuration Configuring OSPF 13.1.2.25 show ip ospf neighbor Use this command to display the state of communication between an OSPF router and its neighbor routers.
Process Overview: Routing Protocol Configuration Configuring OSPF Table 13-5 provides an explanation of the command output. Table 13-5 show ip ospf neighbor Output Details Output What It Displays... ID Neighbor’s router ID of the OSPF neighbor. Pri Neighbor’s priority over this interface. State Neighbor’s OSPF communication state. Dead-Int Interval (in seconds) this router will wait without receiving a Hello packet from a neighbor before declaring the neighbor is down.
Process Overview: Routing Protocol Configuration Configuring OSPF 13.1.2.26 show ip ospf virtual-links Use this command to display information about the virtual links configured on a router. A virtual link represents a logical connection between the backbone and a non-backbone OSPF area. show ip ospf virtual-links Syntax Description None. Command Type Router command. Command Mode Privileged EXEC: Matrix>Router# Command Defaults None.
Process Overview: Routing Protocol Configuration Configuring OSPF Table 13-6 show ip ospf virtual links Output Details (Continued) Output What It Displays... Transit Delay Time (in seconds) added to the LSA (Link State Advertisement) age field when the LSA is transmitted through the virtual link. State Interface state assigned to a virtual link, which is point-to-point.
Process Overview: Routing Protocol Configuration Configuring OSPF 13.1.2.27 clear ip ospf process Use this command to reset the OSPF process. This will require adjacencies to be reestablished and routes to be reconverged. clear ip ospf process process-id Syntax Description process-id Specifies the process ID, an internally used identification number for each instance of the OSPF routing process run on a router. Valid values are 1 to 65535. Command Type Router command.
Process Overview: Routing Protocol Configuration Configuring DVMRP 13.1.3 Configuring DVMRP Purpose To enable and configure the Distance Vector Routing Protocol (DVMRP) on an interface. DVMRP routes multicast traffic using a technique known as Reverse Path Forwarding. When a router receives a packet, it floods the packet out of all paths except the one that leads back to the packet’s source. Doing so allows a data stream to reach all VLANs (possibly multiple times).
Process Overview: Routing Protocol Configuration Configuring DVMRP 13.1.3.1 ip dvmrp Use this command to enable or disable DVMRP on an interface. ip dvmrp Syntax Description None. Command Syntax of the “no” Form The “no” form of this command disables DVMRP: no ip dvmrp Command Type Router command. Command Mode Interface configuration: Matrix>Router(config-if(Vlan ))# Command Defaults None.
Process Overview: Routing Protocol Configuration Configuring DVMRP 13.1.3.2 ip dvmrp metric Use this command to configure the metric associated with a set of destinations for DVMRP reports. ip dvmrp metric metric Syntax Description metric Specifies a metric associated with a set of destinations for DVMRP reports. Valid values are from 0 to 31. Entering a 0 value will reset the metric back to the default value of 1. NOTE: To reset the DVMRP metric back to the default value of 1, enter ip dvmrp metric 0.
Process Overview: Routing Protocol Configuration Configuring DVMRP 13.1.3.3 show ip dvmrp route Use this command to display DVMRP routing information. show ip dvmrp route Syntax Description None. Command Type Router command. Command Mode Privileged EXEC: Router# Command Defaults None.
Process Overview: Routing Protocol Configuration Configuring DVMRP Example This example shows how to display DVMRP routing table entries. In this case, the routing table has 5 entries. The first entry shows that the source network 60.1.1.0/24 can be reached via next-hop router 40.1.1.3. This route has a metric of 2. It has been in the DVMRP routing table for 1 hour, 24 minutes and 2 seconds and will expire in 2 minutes and 3 seconds.
Process Overview: Routing Protocol Configuration Configuring DVMRP 13.1.3.4 show ip mroute Use this command to display the multicast forwarding cache table. Since the DVMRP routing table is not aware of group membership, the DVMRP process builds a forwarding cache table based on a combination of information. This information includes items from the multicast routing table, such at the source network/mask and upstream neighbors.
Process Overview: Routing Protocol Configuration Configuring DVMRP Example This example shows how to display the multicast forwarding cache table. In this case, it shows there are two source multicast networks. The network at IP address 165.223.129.0 is in multicast group 224.2.164.189. It recognizes an upstream neighbor at 134.141.20.1 via the VLAN 20 interface, and two downstream VLANs. The other multicast network at IP address 134.141.30.0 is in multicast group 238.27.2.2.
Process Overview: Routing Protocol Configuration Configuring IRDP 13.1.4 Configuring IRDP Purpose To enable and configure the ICMP Router Discovery Protocol (IRDP) on an interface. This protocol enables a host to determine the address of a router it can use as a default gateway. Commands The commands needed to enable and configure IRDP are listed below and described in the associated section as shown: • ip irdp (Section 13.1.4.1) • ip irdp maxadvertinterval (Section 13.1.4.
Process Overview: Routing Protocol Configuration Configuring IRDP 13.1.4.1 ip irdp Use this command to enable or disable IRDP on an interface. ip irdp Syntax Description None. Command Syntax of the “no” Form The “no” form of this command disables IRDP on an interface: no ip irdp Command Type Router command. Command Mode Interface configuration: Matrix>Router(config-if(Vlan ))# Command Defaults None.
Process Overview: Routing Protocol Configuration Configuring IRDP 13.1.4.2 ip irdp maxadvertinterval Use this command to set the maximum interval in seconds between IRDP advertisements. ip irdp maxadvertinterval interval Syntax Description interval Specifies a maximum advertisement interval in seconds. Valid values are 4 to 1800.
Process Overview: Routing Protocol Configuration Configuring IRDP 13.1.4.3 ip irdp minadvertinterval Use this command to set the minimum interval in seconds between IRDP advertisements. ip irdp minadvertinterval interval Syntax Description interval Specifies a minimum advertisement interval in seconds. Valid values are 3 to 1800.
Process Overview: Routing Protocol Configuration Configuring IRDP 13.1.4.4 ip irdp holdtime Use this command to set the length of time in seconds IRDP advertisements are held valid. ip irdp holdtime holdtime NOTE: Hold time is automatically set at three times the maxadvertinterval value when the maximum advertisement interval is set as described in Section 13.1.4.2 and the minimum advertisement interval is set as described in Section 13.1.4.3.
Process Overview: Routing Protocol Configuration Configuring IRDP 13.1.4.5 ip irdp preference Use this command to set the IRDP preference value for an interface. This value is used by IRDP to determine the interface’s selection as a default gateway address. ip irdp preference preference Syntax Description preference Specifies the value to indicate the interface’s use as a default router address. Valid values are -2147483648 to 2147483647.
Process Overview: Routing Protocol Configuration Configuring IRDP 13.1.4.6 ip irdp address Use this command to add additional IP addresses for IRDP to advertise. ip irdp address ip_address preference Syntax Description ip_address Specifies an IP address to advertise. preference Specifies the value to indicate the address’ use as a default router address. Valid values are -2147483648 to 2147483647.
Process Overview: Routing Protocol Configuration Configuring IRDP 13.1.4.7 no ip irdp multicast Use this command to enable the router to send IRDP advertisements using broadcast rather than multicast transmissions. By default, the router sends IRDP advertisements via multicast. no ip irdp multicast Syntax Description None. Command Type Router command. Command Mode Interface configuration: Matrix>Router(config-if(Vlan ))# Command Defaults None.
Process Overview: Routing Protocol Configuration Configuring IRDP 13.1.4.8 show ip irdp Use this command to display IRDP information. show ip irdp [vlan vlan_id] Syntax Description vlan vlan_id (Optional) Displays IRDP information for a specific VLAN. This VLAN must be configured for IP routing as described in Section 3.3.2. Command Type Router command.
Process Overview: Routing Protocol Configuration Configuring VRRP 13.1.5 Configuring VRRP Purpose To enable and configure the Virtual Router Redundancy Protocol (VRRP). This protocol eliminates the single point of failure inherent in the static default routed environment by transferring the responsibility from one router to another if the original router goes down. VRRP-enabled routers decide who will become master and who will become backup in the event the master fails.
Process Overview: Routing Protocol Configuration Configuring VRRP 13.1.5.1 router vrrp Use this command to enable or disable VRRP configuration mode. router vrrp NOTE: You must execute the router vrrp command to enable the protocol before completing other VRRP-specific configuration tasks. For details on enabling configuration modes, refer to Table 3-8 in Section 3.3.3. Syntax Description None.
Process Overview: Routing Protocol Configuration Configuring VRRP 13.1.5.2 create Use this command to create a VRRP session. create vlan vlan_id vrid NOTE: This command must be executed to create an instance of VRRP on a routing interface (VLAN) before any other VRRP settings can be configured. Syntax Description vlan vlan_id Specifies the number of the VLAN on which to create a VRRP session. This VLAN must be configured for IP routing as described in Section 3.3.2.
Process Overview: Routing Protocol Configuration Configuring VRRP 13.1.5.3 address Use this command to configure a virtual router IP address. If the virtual router IP address is the same as the interface (VLAN) address owned by a VRRP router, then the router owning the address becomes the master. The master sends an advertisement to all other VRRP routers declaring its status and assumes responsibility for forwarding packets associated with its virtual router ID (VRID).
Process Overview: Routing Protocol Configuration Configuring VRRP Example This example shows how to configure a virtual router address of 182.127.62.1 on VLAN 1, VRID 1, and to set the router connected to the VLAN via this interface as the master: Matrix>Router(config)#router vrrp Matrix>Router(config-router)#address vlan 1 1 182.127.62.
Process Overview: Routing Protocol Configuration Configuring VRRP 13.1.5.4 priority Use this command to set a priority value for a VRRP router. priority vlan vlan_id vrid priority_value Syntax Description vlan vlan_id Specifies the number of the VLAN on which to configure VRRP priority. This VLAN must be configured for IP routing as described in Section 3.3.2. vrid Specifies a unique Virtual Router ID (VRID) associated with the routing interface. Valid values are from 1 to 255.
Process Overview: Routing Protocol Configuration Configuring VRRP 13.1.5.5 advertise-interval Use this command to set the interval in seconds between VRRP advertisements. These are sent by the master router to other routers participating in the VRRP master selection process, informing them of its configured values. Once the master is selected, then advertisements are sent every advertising interval to let other VRRP routers in this VLAN/VRID know the router is still acting as master of the VLAN/VRID.
Process Overview: Routing Protocol Configuration Configuring VRRP Example This example shows how set an advertise interval of 3 seconds on VLAN 1, VRID 1: Matrix>Router(config)#router vrrp Matrix>Router(config-router)#advertise-interval vlan 1 1 3 13-92 Matrix E1 Series (1G58x-09 and 1H582-xx) Configuration Guide
Process Overview: Routing Protocol Configuration Configuring VRRP 13.1.5.6 critical-ip Use this command to set a critical IP address for VRRP routing. The critical IP address defines an interface — in addition to the interface between hosts and a first-hop router — that will prevent the master router from functioning properly if the interface were to fail.
Process Overview: Routing Protocol Configuration Configuring VRRP 13.1.5.7 preempt Use this command to enable or disable preempt mode on a VRRP router. Preempt is enabled on VRRP routers by default, which allows a higher priority backup router to preempt a lower priority master. preempt vlan_id vrid NOTE: The router that owns the virtual router IP address always preempts other routers, regardless of this setting.
Process Overview: Routing Protocol Configuration Configuring VRRP 13.1.5.8 enable Use this command to enable VRRP on an interface. enable vlan vlan_id vrid NOTE: Before enabling VRRP, you must set the other options described in this section. Once enabled, you cannot make any configuration changes to VRRP without first disabling it using the no enable vlan command. Syntax Description vlan vlan_id Specifies the number of the VLAN on which to enable VRRP.
Process Overview: Routing Protocol Configuration Configuring VRRP 13.1.5.9 ip vrrp authentication-key Use this command to set a VRRP authentication password on an interface. ip vrrp authentication-key password Syntax Description password Specifies an authentication password. Text string can be 1 to 8 characters in length. Command Syntax of the “no” Form The “no” form of this command clears VRRP authentication: no ip vrrp authentication-key Command Type Router command.
Process Overview: Routing Protocol Configuration Configuring VRRP 13.1.5.10 show ip vrrp Use this command to display VRRP routing information. show ip vrrp Syntax Description None. Command Type Router command. Command Mode Global configuration: Matrix>Router(config)# Command Defaults None. Example This example shows how to display VRRP information: Matrix>Router(config)#show ip vrrp -----------VRRP CONFIGURATION----------Vlan Vrid State Owner 1 1 Master 1 AssocIpAddr 182.127.63.
14 Security Configuration This chapter describes the Security Configuration set of commands and how to use them. 14.1 OVERVIEW OF SECURITY METHODS The following security methods are available for controlling which users are allowed to access, monitor, and manage the device. • Login Security Password – used to log in to the CLI via a Telnet connection or local COM port connection. For details, refer to Section 3.2.1. • SNMP – allows access to the Matrix E1 device via a network SNMP management application.
Process Overview: Security Configuration • Port Web Authentication (PWA) – locks down a port a user is attached to until after the user logs in using a web browser to access the switch. The switch will pass all login information from the end station to a RADIUS server for authentication before turning the port on. PWA is an alternative to 802.1X and MAC authentication. For details, refer to Section 14.3.5.
Security Configuration Command Set Configuring RADIUS 14.3 SECURITY CONFIGURATION COMMAND SET 14.3.1 Configuring RADIUS Purpose To perform the following: • Review the RADIUS client/server configuration on the device. • Enable or disable the RADIUS client. • Set local and remote login options. • Set primary and secondary server parameters, including IP address, timeout period, and number of user login attempts allowed. • Reset RADIUS server settings to default values.
Security Configuration Command Set Configuring RADIUS 14.3.1.1 show radius Use this command to display the current RADIUS client/server configuration. show radius [last-resort-action] [retries] [server [index]] [timeout] Syntax Description last-resort-action (Optional) Displays last resort action settings. This is the action to be taken if the RADIUS server times out during local or remote login.
Security Configuration Command Set Configuring RADIUS Example This example shows how to display RADIUS configuration information: Matrix>show radius RADIUS status: Disabled RADIUS retries: 3 RADIUS timeout: 20 seconds RADIUS mgmt-auth status: Disabled Server Server Index IP Auth-Port Status --------------------------------------------------100 1.2.100.
Security Configuration Command Set Configuring RADIUS Table 14-1 14-6 show radius Output Details (Continued) Output What It Displays... Server IP IP address of the RADIUS server. Auth-Port RADIUS server’s UDP authentication port. Status Whether the server is the primary or secondary RADIUS server. RADIUS last-resort-action Last resort action to be taken if the RADIUS server times out during local or remote login.
Security Configuration Command Set Configuring RADIUS 14.3.1.2 set radius Use this command to enable, disable, or configure RADIUS authentication. set radius {enable | disable | last-resort-action {local {accept | reject | challenge} | remote {accept | reject | challenge}} | retries number-of-retries | server index ip_address port server-secret | timeout timeout-value | mgmt-auth {enable | disable}} Syntax Description enable | disable Enables or disables the RADIUS client.
Security Configuration Command Set Configuring RADIUS mgmt-auth enable | Enables or disables RADIUS login authentication on management sessions. With RADIUS client enabled and disable mgmt-auth disabled (the default state), users will be allowed to login via console or Telnet using their pre-configured Read-Write (rw) passwords. NOTE: RADIUS client must be enabled in order for management authentication to be enabled. Command Type Switch command. Command Mode Read-Write. Command Defaults None.
Security Configuration Command Set Configuring RADIUS 14.3.1.3 clear radius Use this command to reset RADIUS server settings to default values. clear radius {[last-resort-action [local | remote]] [retries] [server {index | all}] [timeout]} Syntax Description last-resort-action Resets the last resort local and/or remote action to local | remote Challenge. retries Resets the maximum number of attempts a user can contact the RADIUS server before timing out to 3.
Security Configuration Command Set Configuring RADIUS 14.3.1.4 show radius accounting Use this command to display the RADIUS accounting configuration. This transmits accounting information between a network access server and a shared accounting server. show radius accounting [server [index] | counter [index] | retries [index] | timeout [index] | intervalminimum | updateinterval] Syntax Description server index (Optional) Displays one or all RADIUS accounting server configurations.
Security Configuration Command Set Configuring RADIUS Example This example shows how to display RADIUS accounting configuration information. In this case, RADIUS accounting is not currently enabled and global default settings have not been changed. One server has been configured. The Matrix E1 Series device allows for up to 10 RADIUS accounting servers to be configured, with up to 2 active at any given time. For details on enabling and configuring RADIUS accounting, refer to Section 14.3.1.
Security Configuration Command Set Configuring RADIUS 14.3.1.5 set radius accounting Use this command to configure RADIUS accounting. set radius accounting {[enable] [disable] [server index ip_address port server-secret] [retries retries index] [timeout timeout index] [intervalminimum value] [updateinterval value]} Syntax Description enable | disable Enables or disables the RADIUS accounting client.
Security Configuration Command Set Configuring RADIUS Command Defaults None. Examples This example shows how to enable the RADIUS accounting client for authenticating with accounting server 1 at IP address 10.2.4.12, UDP authentication port 1800. As previously noted, the “server secret” password entered here must match that already configured as the Read-Write (rw) password on the RADIUS accounting server: Matrix>set radius accounting server 1 10.2.4.
Security Configuration Command Set Configuring RADIUS 14.3.1.6 clear radius accounting Use this command to clear RADIUS accounting configuration settings. clear radius accounting {[server{index | all}] [counter{index | all}] [retries { index | all}] [timeout {index | all}] [intervalminimum] [updateinterval]} Syntax Description server index | all Clears the configuration on one or more accounting servers. counter index | all Clears counters on one or more accounting servers.
Security Configuration Command Set Configuring 802.1X Authentication 14.3.2 Configuring 802.1X Authentication Purpose To review and configure 802.1X authentication for one or more ports using EAPOL (Extensible Authentication Protocol Over LANs). 802.1X controls network access by enforcing user authorization on selected ports, which results in allowing or denying network access according to user profiles on the RADIUS server. NOTES: When both 802.
Security Configuration Command Set Configuring 802.1X Authentication 14.3.2.1 show dot1x Use this command to display 802.1X status, diagnostics, statistics, and reauthentication or initialization control information for one or more port access entity (PAE) ports. show dot1x [auth-diag] [auth-session-stats] [auth-stats] [port [init | reauth]] [port-string] Syntax Description auth-config (Optional) Displays authentication configuration information.
Security Configuration Command Set Configuring 802.1X Authentication This example shows how to display authentication diagnostics information for Fast Ethernet front panel port 1: Matrix>show dot1x auth-diag fe.0.
Security Configuration Command Set Configuring 802.1X Authentication This example shows how to display authentication statistics for Fast Ethernet front panel port 1: Matrix>show dot1x auth-stats fe.0.
Security Configuration Command Set Configuring 802.1X Authentication 14.3.2.2 show dot1x auth-config Use this command to display 802.1X authentication configuration settings for one or more ports. show dot1x auth-config [authcontrolled-portcontrol] [keytxenabled] [maxreq] [quietperiod] [reauthenabled] [reauthperiod] [servertimeout] [supptimeout] [txperiod] [port-string] Syntax Description authcontrolledportcontrol (Optional) Displays the EAPOL port control mode. Command Alternative (v3.xx.
Security Configuration Command Set Configuring 802.1X Authentication Examples This example shows how to display the EAPOL port control mode for Fast Ethernet front panel port 1: Matrix>show dot1x auth-config authcontrolled-portcontrol fe.0.1 Port 1: Auth controlled port control: Auto This example shows how to display the 802.1X quiet period settings for Fast Ethernet front panel port 1: Matrix>show dot1x auth-config quietperiod fe.0.
Security Configuration Command Set Configuring 802.1X Authentication 14.3.2.3 set dot1x Use this command to enable or disable 802.1X authentication. set dot1x {enable | disable} Syntax Description enable | disable Enables or disables 802.1X. Command Type Switch command. Command Mode Read-Write. Command Defaults None. Example This example shows how to enable 802.
Security Configuration Command Set Configuring 802.1X Authentication 14.3.2.4 set dot1x auth-config Use this command to configure 802.1X authentication.
Security Configuration Command Set Configuring 802.1X Authentication txperiod value Specifies the period (in seconds) allowed for the transmission of 802.1X keys. Valid values are 1 2147483647. port-string (Optional) Configures authentication settings on specific port(s). For a detailed description of possible port-string values, refer to Section 4.1.2. Command Type Switch command. Command Mode Read-Write. Command Defaults If port-string is not specified, parameters will be set on all ports.
Security Configuration Command Set Configuring 802.1X Authentication 14.3.2.5 set dot1x port Use this command to enable or disable 802.1X reauthentication or initialization control. set dot1x port {[init {false | true}] [reauth false | true]} Syntax Description init false | true Disables (false) or enables (true) initialization control. reauth false | true Disables (false) or enables (true) reauthentication control. Command Type Switch command. Command Mode Read-Write. Command Defaults None.
Security Configuration Command Set Configuring 802.1X Authentication 14.3.2.6 clear dot1x auth-config Use this command to reset 802.1X authentication parameters to default values on one or more ports. clear dot1x auth-config [authcontrolled-portcontrol] [keytxenabled] [maxreq] [quietperiod] [reauthenabled] [reauthperiod] [servertimeout] [supptimeout] [txperiod] [port-string] Syntax Description authcontrolledportcontrol (Optional) Resets the 802.1X port control mode to auto.
Security Configuration Command Set Configuring 802.1X Authentication Command Defaults • If no parameters are specified, all authentication parameters will be reset. • If port-string is not specified, parameters will be set on all ports. Examples This example shows how to reset the 802.
Security Configuration Command Set Configuring 802.1X Authentication 14.3.2.7 show eapol Use this command to display EAPOL settings for one or more ports. show eapol [port-string] Syntax Description port-string (Optional) Displays EAPOL status for specific port(s). For a detailed description of possible port-string values, refer to Section 4.1.2. Command Type Switch command. Command Mode Read-Only. Command Alternatives (v3.xx.xx and higher) • show dot1x (Section 14.3.2.
Security Configuration Command Set Configuring 802.1X Authentication Table 14-2 provides an explanation of the command output. For details on using the set eapol command to enable the protocol and assign an authentication mode, refer to Section 14.3.2.8. Table 14-2 show eapol Output Details Output What It Displays... Port Port designation. For a detailed description of possible port-string values, refer to Section 4.1.2. Authentication State Current EAPOL authentication state for each port.
Security Configuration Command Set Configuring 802.1X Authentication Table 14-2 show eapol Output Details (Continued) Output What It Displays... Authentication State (Cont’d) • forceAuth: Management is allowing normal, unsecured switching on this port. • forceUnauth: Management is preventing any frames from being forwarded to or from this port. Authentication Mode Mode enabling network access for each port.
Security Configuration Command Set Configuring 802.1X Authentication 14.3.2.8 set eapol Use this command to enable or disable EAPOL port-based user authentication with the RADIUS server and to set the authentication mode for one or more ports. set eapol [enable | disable | auth-mode {auto | forced-authorized | forced-unauthorized} port-string Syntax Description enable | disable Enables or disables EAPOL. auth-mode auto | Specifies the authorization mode as: forced• auto - Auto authorization mode.
Security Configuration Command Set Configuring 802.1X Authentication Examples This example shows how to enable EAPOL: Matrix>set eapol enable This example shows how to enable EAPOL with forced unauthorized mode on Fast Ethernet front panel port 1: Matrix>set eapol auth-mode forced-unauthorized fe.0.
Security Configuration Command Set Configuring MAC Authentication 14.3.3 Configuring MAC Authentication Purpose To review, disable, enable and configure MAC authentication. This allows the device to authenticate source MAC addresses in an exchange with an authentication server. The authenticator (switch) selects a source MAC seen on a MAC-authentication enabled port and submits it to a backend client for authentication.
Security Configuration Command Set Configuring MAC Authentication • set macauthentication reauthperiod (Section 14.3.3.11) • set macauthentication quietperiod (Section 14.3.3.
Security Configuration Command Set Configuring MAC Authentication 14.3.3.1 show macauthentication Use this command to display MAC authentication information for one or more ports. show macauthentication [port-string] Syntax Description port-string (Optional) Displays MAC authentication information for specific port(s). For a detailed description of possible port-string values, refer to Section 4.1.2. Command Type Switch command. Command Mode Read-Only.
Security Configuration Command Set Configuring MAC Authentication Examples This example shows how to display MAC authentication information for Fast Ethernet front panel ports 1 through 15: Matrix>show macauthentication fe.0.1-15 MAC authentication - disabled MAC user password - NOPASSWORD Port username significant bits - 48 Port ------fe.0.1 fe.0.2 fe.0.3 fe.0.4 fe.0.5 fe.0.6 fe.0.7 fe.0.8 fe.0.9 fe.0.10 fe.0.11 fe.0.12 fe.0.13 fe.0.14 fe.0.
Security Configuration Command Set Configuring MAC Authentication Table 14-3 14-36 show macauthentication Output Details (Continued) Output What It Displays... Port username significant bits Number of significant bits in the MAC addresses to be used starting with the left-most bit of the vendor portion of the MAC address. The significant portion of the MAC address is sent as a user-name credential when the primary attempt to authenticate the full MAC address fails.
Security Configuration Command Set Configuring MAC Authentication 14.3.3.2 show macauthentication session Use this command to display the active MAC authenticated sessions on one or more ports. show macauthentication [port-string] Syntax Description port-string (Optional) Displays active MAC authenticated sessions for specific port(s). For a detailed description of possible port-string values, refer to Section 4.1.2. Command Type Switch command. Command Mode Read-Only.
Security Configuration Command Set Configuring MAC Authentication Table 14-4 14-38 show macauthentication session Output Details (Continued) Output What It Displays... Reauth Period Reauthentication period for this port, set using the set macauthentication reauthperiod command described in Section 14.3.3.11. Reauthentications Whether or not reauthentication is enabled or disabled on this port. Set using the set macauthentication reauthentication command described in Section 14.3.3.8.
Security Configuration Command Set Configuring MAC Authentication 14.3.3.3 set macauthentication Use this command to globally enable or disable MAC authentication. set macauthentication {enable | disable} Syntax Description enable | disable Globally enables or disables MAC authentication. Command Type Switch command. Command Mode Read-Write. Command Defaults None.
Security Configuration Command Set Configuring MAC Authentication 14.3.3.4 set macauthentication password Use this command to set a MAC authentication password. set macauthentication password password Syntax Description password Specifies a text string MAC authentication password. Command Type Switch command. Command Mode Read-Write. Command Defaults None.
Security Configuration Command Set Configuring MAC Authentication 14.3.3.5 set macauthentication port Use this command to enable or disable one or more ports for MAC authentication. set macauthentication port {enable | disable}[port-string] NOTE: Enabling port(s) for MAC authentication requires globally enabling MAC authentication on the device as described in Section 14.3.3.3, and then enabling it on a port-by-port basis. By default, MAC authentication is globally disabled and disabled on all ports.
Security Configuration Command Set Configuring MAC Authentication 14.3.3.6 set macauthentication portinitialize Use this command to force one or more MAC authentication ports to re-initialize and remove any currently active sessions on those ports. set macauthentication portinitialize [port-string] Syntax Description port-string (Optional) Re-initializes specific MAC authentication port(s). For a detailed description of possible port-string values, refer to Section 4.1.2. Command Type Switch command.
Security Configuration Command Set Configuring MAC Authentication 14.3.3.7 set macauthentication macinitialize Use this command to force a current MAC authentication session to re-initialize and remove the session. set macauthentication macinitialize mac_addr Syntax Description mac_addr Specifies the MAC address of the session to re-initialize. Command Type Switch command. Command Mode Read-Write. Command Defaults None.
Security Configuration Command Set Configuring MAC Authentication 14.3.3.8 set macauthentication reauthentication Use this command to enable or disable reauthentication of all currently authenticated MAC addresses on one or more ports. set macauthentication reauthentication {enable | disable} [port-string] Syntax Description enable | disable Enables or disables MAC reauthentication. port-string (Optional) Enables or disables MAC reauthentication on specific port(s).
Security Configuration Command Set Configuring MAC Authentication 14.3.3.9 set macauthentication portreauthenticate Use this command to force an immediate reauthentication of the currently active sessions on one or more MAC authentication ports. set macauthentication portreauthenticate [port-string] Syntax Description port-string (Optional) Forces reauthentication of specific MAC authentication port(s). For a detailed description of possible port-string values, refer to Section 4.1.2.
Security Configuration Command Set Configuring MAC Authentication 14.3.3.10 set macauthentication macreauthenticate Use this command to force an immediate reauthentication of a MAC address. set macauthentication macreauthenticate mac_addr Syntax Description mac_addr Specifies the MAC address of the session to reauthenticate. Command Type Switch command. Command Mode Read-Write. Command Defaults None.
Security Configuration Command Set Configuring MAC Authentication 14.3.3.11 set macauthentication reauthperiod Use this command to set the MAC reauthentication period (in seconds). This is the time lapse between attempts to reauthenticate any current MAC address authenticated to a port. set macauthentication reauthperiod time [port-string] Syntax Description time Specifies the number of seconds between reauthentication attempts. Valid values are 1 - 4294967295.
Security Configuration Command Set Configuring MAC Authentication 14.3.3.12 set macauthentication quietperiod Use this command to set the time (in seconds) following a failed MAC authentication before another attempt can be made through a port. set macauthentication quietperiod time [port-string] Syntax Description time Specifies the number of seconds between reauthentication attempts. Valid values are 1 - 4294967295. Default is 30.
Security Configuration Command Set Configuring MAC Locking 14.3.4 Configuring MAC Locking Purpose To review, disable, enable and configure MAC locking. This locks a port to one or more MAC addresses, preventing connection of unauthorized devices via the port(s). When source MAC addresses are received on specified ports, the switch discards all subsequent frames not containing the configured source addresses.
Security Configuration Command Set Configuring MAC Locking 14.3.4.1 show maclock Use this command to display the status of MAC locking on one or more ports. show maclock [port-string] Syntax Description port-string (Optional) Displays MAC locking status for specified port(s). For a detailed description of possible port-string values, refer to Section 4.1.2. Command Defaults If port-string is not specified, MAC locking status will be displayed for all ports. Command Type Switch command.
Security Configuration Command Set Configuring MAC Locking Examples This example shows how to display global MAC locking information: Matrix>show maclock MAC Locking is globally enabled. Port Number -------fe.0.1 fe.0.2 fe.0.3 fe.0.4 fe.0.5 fe.0.6 fe.0.7 fe.0.8 fe.0.9 fe.0.10 fe.0.11 fe.0.12 fe.0.13 fe.0.14 fe.0.15 fe.0.
Security Configuration Command Set Configuring MAC Locking Table 14-5 14-52 show maclock Output Details Output What It Displays... Port Number Port designation. For a detailed description of possible port-string values, refer to Section 4.1.2. Port Status Whether MAC locking is enabled or disabled on the port. MAC locking is globally disabled by default. For details on using set maclock commands to enable it on the device and on one or more ports, refer to Section 14.3.4.3 and Section 14.3.4.5.
Security Configuration Command Set Configuring MAC Locking 14.3.4.2 show maclock stations Use this command to display MAC locking information about end stations connected to the device. show maclock stations [port-string] [firstarrival | firstarrival port-string] [static | static port-string] Syntax Description port-string (Optional) Displays end station information for specified port(s). For a detailed description of possible port-string values, refer to Section 4.1.2.
Security Configuration Command Set Configuring MAC Locking Examples This example shows how to display MAC locking information for all end stations known to the device: Matrix>show maclock stations Number of stations found: 5 Port Number -----------fe.0.5 fe.0.8 fe.0.8 fe.0.8 fe.0.
Security Configuration Command Set Configuring MAC Locking 14.3.4.3 set maclock enable Use this command to enable MAC locking on one or more ports. When enabled and configured for a specific MAC address and port string, this locks a port so that only one end station address is allowed to participate in frame relay. set maclock enable [port-string] NOTE: MAC locking is disabled by default at device startup.
Security Configuration Command Set Configuring MAC Locking 14.3.4.4 set maclock disable Use this command to disable MAC locking on one or more ports. set maclock disable [port-string] Syntax Description port-string (Optional) Disables MAC locking on specific port(s). For a detailed description of possible port-string values, refer to Section 4.1.2. Command Defaults If port-string is not specified, MAC locking will be disabled on all ports. Command Type Switch command. Command Mode Read-Write.
Security Configuration Command Set Configuring MAC Locking 14.3.4.5 set maclock Use this command to create a static MAC address and enable or disable MAC locking for the specific MAC address and port. When created and enabled, this allows only the end station designated by the MAC address to participate in frame relay.
Security Configuration Command Set Configuring MAC Locking 14.3.4.6 set maclock firstarrival Use this command to restrict MAC locking on a port to a maximum number of end station addresses first connected to that port. set maclock firstarrival port-string value Syntax Description port-string Specifies the port on which to limit MAC locking. For a detailed description of possible port-string values, refer to Section 4.1.2.
Security Configuration Command Set Configuring MAC Locking 14.3.4.7 set maclock static Use this command to restrict MAC locking on a port to a maximum number of static (management defined) MAC addresses for end stations connected to that port. set maclock static port-string value Syntax Description port-string Specifies the port on which to limit MAC locking. For a detailed description of possible port-string values, refer to Section 4.1.2.
Security Configuration Command Set Configuring MAC Locking 14.3.4.8 set maclock move Use this command to move all current first arrival MACs to static entries. set maclock move port-string Syntax Description port-string Specifies the port where all current first arrival MACs will be moved to static entries. For a detailed description of possible port-string values, refer to Section 4.1.2. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
Security Configuration Command Set Configuring MAC Locking 14.3.4.9 clear maclock static Use this command to remove statically locked MACs from a port. clear maclock static port-string Syntax Description port-string Specifies the port from which statically locked MACs will be removed. For a detailed description of possible port-string values, refer to Section 4.1.2. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
Security Configuration Command Set Configuring MAC Locking 14.3.4.10 set maclock trap Use this command to enable or disable MAC lock trap messaging. When enabled, this authorizes the device to send an SNMP trap message if an end station is connected that exceeds the maximum values configured using the set maclock firstarrival and set maclock static commands. Violating MAC addresses are dropped from the device’s routing table.
Security Configuration Command Set Configuring MAC Locking 14.3.4.11 clear maclock Use this command to clear MAC locking from one or more static MAC addresses. clear maclock mac_address port-string Syntax Description mac_address Specifies the MAC address for which the MAC locking will be cleared. port-string Specifies the port on which to clear MAC locking. For a detailed description of possible port-string values, refer to Section 4.1.2. Command Defaults None. Command Type Switch command.
Security Configuration Command Set Configuring Port Web Authentication (PWA) 14.3.5 Configuring Port Web Authentication (PWA) About PWA PWA provides a way of authenticating a user on a switch port before allowing the user general access to the network. PWA locks down a port a user is attached to until after the user successfully logs in via a web browser and Secure HarbourTM — Enterasys Networks’ web-based security interface — to access the Matrix E1 device.
Security Configuration Command Set Configuring Port Web Authentication (PWA) • set pwa ipaddress (Section 14.3.5.6) • set pwa protocol (Section 14.3.5.7) • set pwa enhancedmode (Section 14.3.5.8) • set pwa guestname (Section 14.3.5.9) • set pwa guestpassword (Section 14.3.5.10) • set pwa gueststatus (Section 14.3.5.11) • set pwa initialize (Section 14.3.5.12) • set pwa quietperiod (Section 14.3.5.13) • set pwa maxrequests (Section 14.3.5.14) • set pwa portcontrol (Section 14.3.5.
Security Configuration Command Set Configuring Port Web Authentication (PWA) 14.3.5.1 show pwa Use this command to display port web authentication information. show pwa Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Only.
Security Configuration Command Set Configuring Port Web Authentication (PWA) Table 14-7 show pwa Output Details Output What It Displays... PWA Status Whether or not port web authentication is enabled or disabled. Default state of disabled can be changed using the set pwa command as described in Section 14.3.5.2. PWA Hostname Host name (URL) for accessing the Secure Harbour login / logoff web page. Default of secureharbour can be changed using the set pwa hostname command as described in Section 14.
Security Configuration Command Set Configuring Port Web Authentication (PWA) Table 14-7 14-68 show pwa Output Details (Continued) Output What It Displays... PWA Guest Network Status Whether PWA guest user status is disabled or enabled with RADIUS or no authentication. Default state of disabled can be changed using the set pwa gueststatus command as described in Section 14.3.5.11. Port PWA port designation. Mode PWA port control mode.
Security Configuration Command Set Configuring Port Web Authentication (PWA) 14.3.5.2 set pwa Use this command to enable or disable port web authentication. set pwa {enable | disable} NOTE: Port Web Authentication cannot be enabled if either MAC authentication or EAPOL (802.1X) is enabled. For information on disabling 802.1X, refer to Section 14.3.2.8. For information on disabling MAC authentication, refer to Section 14.3.3.3.
Security Configuration Command Set Configuring Port Web Authentication (PWA) 14.3.5.3 set pwa hostname Use this command to set a port web authentication host name. This is a URL for accessing the Secure Harbour login / logoff web page. set pwa hostname name Syntax Description name Specifies a name for accessing Secure Harbor web page. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
Security Configuration Command Set Configuring Port Web Authentication (PWA) 14.3.5.4 set pwa displaylogo Use this command to set the display options for the Secure Harbor logo. set pwa displaylogo {display | hide} Syntax Description display | hide Displays or hides the Secure Harbor logo when the PWA website displays. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
Security Configuration Command Set Configuring Port Web Authentication (PWA) 14.3.5.5 set pwa nameservices Use this command to enable or disable Domain Name Service (DNS) and Windows Internet Naming Services (WINS) clients. When disabled, the device will not spoof DNS or WINS on an un-authenticated port. set pwa nameservices {enable | disable} Syntax Description enable | disable Enables or disables DNS and WINS. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
Security Configuration Command Set Configuring Port Web Authentication (PWA) 14.3.5.6 set pwa ipaddress Use this command to set the Secure Harbor IP address. This is the IP address of the end station from which PWA will prevent network access until the user is authenticated. It is bound to the host name configured in Section 14.3.5.3. set pwa ipaddress ip-address Syntax Description ip-address Specifies a globally unique IP address.
Security Configuration Command Set Configuring Port Web Authentication (PWA) 14.3.5.7 set pwa protocol Use this command to set the port web authentication protocol. set pwa protocol {chap | pap} Syntax Description chap | pap Sets the PWA protocol to: • CHAP (PPP Challenge Handshake Protocol) encrypts the username and password between the end-station and the switch port. • PAP (Password Authentication Protocol- does not provide any encryption between the end-station the switch port.
Security Configuration Command Set Configuring Port Web Authentication (PWA) 14.3.5.8 set pwa enhancedmode Use this command to enable or disable PWA enhanced mode. When enabled, users on unauthenticated PWA ports can type any URL into a browser and be presented the Secure Harbor login page on their initial web access. They will also be granted guest networking privileges. NOTE: In order for PWA enhanced mode to operate, PWA port control mode must be set to auto as described in Section 14.3.5.15.
Security Configuration Command Set Configuring Port Web Authentication (PWA) 14.3.5.9 set pwa guestname Use this command to set a guest user name for PWA enhanced mode networking. When enhanced mode is enabled (as described in Section 14.3.5.8), PWA will use this name to grant network access to guests without established login names and passwords. set pwa guestname name Syntax Description name Specifies a guest user name. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
Security Configuration Command Set Configuring Port Web Authentication (PWA) 14.3.5.10 set pwa guestpassword Use this command to set the guest user password for PWA networking. When enhanced mode is enabled, (as described in Section 14.3.5.8) PWA will use this password and the guest user name to grant network access to guests without established login names and passwords. set pwa guestpassword Syntax Description None. Command Defaults None. Command Type Switch command. Command Mode Read-Write.
Security Configuration Command Set Configuring Port Web Authentication (PWA) 14.3.5.11 set pwa gueststatus Use this command to enable or disable guest networking for port web authentication. When enhanced mode is enabled (as described in Section 14.3.5.8), PWA will use a guest password and guest user name to grant network access with default policy privileges to users without established login names and passwords.
Security Configuration Command Set Configuring Port Web Authentication (PWA) 14.3.5.12 set pwa initialize Use this command to initialize a PWA port to its default unauthenticated state. set pwa initialize [port-string] Syntax Description port-string (Optional) Initializes specific port(s). For a detailed description of possible port-string values, refer to Section 4.1.2. Command Defaults If port-string is not specified, all ports will be initialized. Command Type Switch command. Command Mode Read-Write.
Security Configuration Command Set Configuring Port Web Authentication (PWA) 14.3.5.13 set pwa quietperiod Use this command to set the amount of time a port will remain in the held state after a user unsuccessfully attempts to log on to the network. set pwa quietperiod time [port-string] Syntax Description time Specifies quiet time in seconds. port-string (Optional) Sets the quiet period for specific port(s). For a detailed description of possible port-string values, refer to Section 4.1.2.
Security Configuration Command Set Configuring Port Web Authentication (PWA) 14.3.5.14 set pwa maxrequests Use this command to set the maximum number of log on attempts allowed before transitioning the PWA port to a held state. set pwa maxrequests requests [port-string] Syntax Description maxrequests Specifies the maximum number of log on attempts. port-string (Optional) Sets the maximum requests for specific port(s). For a detailed description of possible port-string values, refer to Section 4.1.2.
Security Configuration Command Set Configuring Port Web Authentication (PWA) 14.3.5.15 set pwa portcontrol Use this command to set the PWA port control mode. set pwa portcontrol {auto | forceauthorized | forceunauthorized | promiscuousauto} [port-string] Syntax Description auto Sets the port to auto mode. In this mode, the port is filtering traffic. Login/Logout screens are available, as is the Secure Harbour IP. Spoofing (ARP, DNS, WINS and DHCP) will respond to requests.
Security Configuration Command Set Configuring Port Web Authentication (PWA) Example This example shows how to set the PWA control mode to auto for all ports: Matrix>set pwa portcontrol auto Matrix E1 Series (1G58x-09 and 1H582-xx) Configuration Guide 14-83
Security Configuration Command Set Configuring Secure Shell (SSH) 14.3.6 Configuring Secure Shell (SSH) Purpose To review, enable, disable, and configure the Secure Shell (SSH) protocol. SSH provides a secure, remote connection to the device by permitting or denying access based on IP address, ciphers and MAC algorithms. Commands The commands needed to review and configure SSH are listed below and described in the associated section as shown: • show ssh (Section 14.3.6.1) • ssh (server) (Section 14.3.6.
Security Configuration Command Set Configuring Secure Shell (SSH) 14.3.6.1 show ssh Use this command to display the current status and configuration of SSH on the device. show ssh [ciphers] [config admin | oper] [mac] [sessions] Syntax Description ciphers (Optional) Displays server supported ciphers. config admin | oper (Optional) Displays SSH administration (admin) or operational (oper) configuration settings. mac (Optional) Displays all server supported MAC algorithms.
Security Configuration Command Set Configuring Secure Shell (SSH) This example shows how to display SSH session information, including server and client version numbers, remote login name(s), supported MAC algorithms, authentication keys and encryption cipher: Matrix>show ssh sessions SSH Session: 1 inbound Server Version: SSH-2.0-3.0.4 SSH Secure Shell Username: rw Client Host: 10.0.0.2 Client Version: SSH-1.99-3.1.
Security Configuration Command Set Configuring Secure Shell (SSH) 14.3.6.2 set ssh Use this command to enable or disable the SSH protocol on the device. set ssh {enable | disable} Syntax Description enable | disable Enables or disables SSH. Command Type Switch command. Command Mode Read-Write. Command Defaults None.
Security Configuration Command Set Configuring Secure Shell (SSH) 14.3.6.3 ssh Use this command to configure a connection to an SSH server. ssh ipaddr login [port] Syntax Description ipaddr Specifies the IP address of the remote SSH server. login Specifies a login name for the remote SSH server. port (Optional) Specifies the remote SSH server’s TCP listening port. Valid values are 1 - 65535. The default of 22 can also be changed using the set ssh port command as described in Section 14.3.6.6.
Security Configuration Command Set Configuring Secure Shell (SSH) 14.3.6.4 set ssh ciphers Use this command to set the cipher name(s) used for SSH encryption. set ssh ciphers {all | anycipher | anystdcipher | ciphername} Syntax Description all Specifies that all supported ciphers will be allowed. anycipher Specifies that all server-supported ciphers will be allowed. anystdcipher Specifies that the subset of server and IETF-supported ciphers will be allowed.
Security Configuration Command Set Configuring Secure Shell (SSH) 14.3.6.5 clear ssh ciphers Use this command to clear one or more cipher names used for SSH encryption. clear ssh ciphers {all | ciphername} Syntax Description all Resets the cipher name to the default: anycipher ciphername Specifies a user-named cipher to clear. Command Type Switch command. Command Mode Read-Write. Command Defaults None.
Security Configuration Command Set Configuring Secure Shell (SSH) 14.3.6.6 set ssh port Use this command to set the SSH listening port. set ssh port port_num Syntax Description port_num Specifies a TCP port as the SSH listening port. Command Type Switch command. Command Mode Read-Write. Command Defaults None.
Security Configuration Command Set Configuring Secure Shell (SSH) 14.3.6.7 set ssh mac Use this command to set the MAC algorithms supported by SSH. These algorithms provide integrity checking. set ssh mac {all | anymac | anystdmac | mac_name} Syntax Description all Specifies all server-supported MAC algorithms. anymac Specifies any server-supported MAC algorithms. anystdmac Specifies that the subset of server and IETF-supported MAC algorithms. mac_name Specifies a user-supplied MAC algorithm name.
Security Configuration Command Set Configuring Secure Shell (SSH) 14.3.6.8 clear ssh mac Use this command to clear one or more MAC algorithms supported by SSH. clear ssh mac {all | mac_name} Syntax Description all Specifies that all server-supported MAC algorithms will be cleared. mac_name Specifies a MAC algorithm name to be cleared. Command Type Switch command. Command Mode Read-Write. Command Defaults None.
Security Configuration Command Set Configuring Secure Shell (SSH) 14.3.6.9 set ssh rekeyintervalseconds Use this command to set the number of seconds between SSH key exchanges. set ssh rekeyintervalseconds value Syntax Description value Specifies the interval (in seconds) between SSH key exchanges. Valid values are from 0 (which disables re-keying) to 86400. Default is 3600. Command Type Switch command. Command Mode Read-Write. Command Defaults None.
Security Configuration Command Set Configuring Secure Shell (SSH) 14.3.6.10 set ssh passwordguesses Use this command to set the number of SSH authentication attempts allowed before access is denied. set ssh passwordguesses value Syntax Description value Specifies the number of authentication attempts allowed before remote access is denied. Valid values are from 1 to 10. Default is 3. Command Type Switch command. Command Mode Read-Write. Command Defaults None.
Security Configuration Command Set Configuring Secure Shell (SSH) 14.3.6.11 set ssh logingracetime Use this command to set the time interval for an SSH client to authenticate. set ssh logingracetime value Syntax Description value Specifies the number of seconds the client will be allowed to authenticate. Valid values are from 15 to 600. Default is 60. Command Type Switch command. Command Mode Read-Write. Command Defaults None.
Security Configuration Command Set Configuring Secure Shell (SSH) 14.3.6.12 clear ssh keys Use this command to regenerate new SSH authentication keys. clear ssh keys Syntax Description None. Command Type Switch command. Command Mode Read-Write. Command Defaults None. Example This example shows how to regenerate SSH keys: Matrix>clear ssh keys Generating 1024-bit dsa key pair Key generated. 1024-bit dsa Private key saved to sshdrv:/.ssh2/dsa Public key saved to sshdrv:/.ssh2/dsa.
Security Configuration Command Set Configuring Secure Shell (SSH) 14.3.6.13 clear ssh config Use this command to reset the SSH configuration to default settings. clear ssh config Syntax Description None. Command Type Switch command. Command Mode Read-Write. Command Defaults None.
Security Configuration Command Set Configuring Access Lists 14.3.7 Configuring Access Lists Purpose To review and configure security access lists (ACLs), which permit or deny access to routing interfaces based on protocol and source IP address restrictions. Commands The commands needed to review and configure security access lists are listed below and described in the associated section as shown: • show access-lists (Section 14.3.7.1) • access-list (standard) (Section 14.3.7.
Security Configuration Command Set Configuring Access Lists 14.3.7.1 show access-lists Use this command to display configured IP access lists when operating in router mode. show access-lists [access-list-number] ROUTER: This command can be executed when the device is in router mode only. For details on how to enable router configuration modes, refer to Section 3.3.3. Syntax Description access-listnumber (Optional) Displays access list information for a specific access list number.
Security Configuration Command Set Configuring Access Lists 14.3.7.2 access-list (standard) Use this command to define a standard IP access list by number when operating in router mode. Restrictions defined by an access list are applied by using the ip access-group command (Section 14.3.7.4). access-list access-list-number [insert | replace entry] | [move destination source1 [source2]] {deny | permit} source [source-wildcard] ROUTER: This command can be executed when the device is in router mode only.
Security Configuration Command Set Configuring Access Lists protocol Specifies an IP protocol for which to deny or permit access. Valid values and their corresponding protocols are: • • • • source ip - Any Internet protocol icmp - Internet Control Message Protocol udp - User Datagram Protocol tcp - Transmission Protocol Specifies the network or host from which the packet will be sent. Valid options for expressing source are: • IP address or range of addresses (A.B.C.
Security Configuration Command Set Configuring Access Lists Examples This example shows how to allow access to only those hosts on the three specified networks. The wildcard bits apply to the host portions of the network addresses. Any host with a source address that does not match the access list statements will be rejected: Matrix>Router(config)#access-list 1 permit 192.5.34.0 0.0.0.255 Matrix>Router(config)#access-list 1 permit 128.88.0.0 0.0.255.255 Matrix>Router(config)#access-list 1 permit 36.0.0.
Security Configuration Command Set Configuring Access Lists 14.3.7.3 access-list (extended) Use this command to define an extended IP access list by number when operating in router mode. Restrictions defined by an access list are applied by using the ip access-group command as described in Section 14.3.7.4.
Security Configuration Command Set Configuring Access Lists move destination source1 source2 (Optional) Moves a sequence of access list entries before another entry. Destination is the number of the existing entry before which this new entry will be moved. Source1 is a single entry number or the first entry number in the range to be moved. Source2 (optional) is the last entry number in the range to be moved. If not specified, only the source1 entry will be moved.
Security Configuration Command Set Configuring Access Lists operator port (Optional) Applies access rules to TCP or UDP source or destination port numbers. Possible operands include: • • • • lt port - Match only packets with a lower port number. gt port - Match only packets with a greater port number. eq port - Match only packets on a given port number. neq port - Match only packets not on a given port number.
Security Configuration Command Set Configuring Access Lists Examples This example shows how to define access list 101 to deny ICMP transmissions from any source and for any destination: Matrix>Router(config)#access-list 101 deny ICMP any any This example shows how to define access list 102 to deny TCP packets transmitted from IP source 10.1.2.1 with a port number of 42 to any destination: Matrix>Router(config)#access-list 102 deny TCP host 10.1.2.
Security Configuration Command Set Configuring Access Lists 14.3.7.4 ip access-group Use this command to apply access restrictions on an interface when operating in router mode. ip access-group access-list-number {in | out} ROUTER: This command can be executed when the device is in router mode only. For details on how to enable router configuration modes, refer to Section 3.3.3. Syntax Description access-list-number Specifies the number of the access list to be applied to the access list.
Security Configuration Command Set Configuring Denial of Service Prevention 14.3.8 Configuring Denial of Service Prevention Purpose To configure Denial of Service (DoS) prevention, which will protect the router from attacks and notify administrators via Syslog. Commands The commands needed to configure DoS prevention are listed below and described in the associated section as shown: • show HostDos (Section 14.3.8.1) • HostDos (Section 14.3.8.2) • clear hostdos-counters (Section 14.3.8.
Security Configuration Command Set Configuring Denial of Service Prevention 14.3.8.1 show HostDos Use this command to display Denial of Service security status and counters. show HostDoS ROUTER: This command can be executed when the device is in router mode only. For details on how to enable router configuration modes, refer to Section 3.3.3. NOTE: When fragmented ICMP packets protection is enabled, the Ping of Death counter will not be incremented.
Security Configuration Command Set Configuring Denial of Service Prevention Example This example shows how to display Denial of Service security status and counters. For details on how to set these parameters, refer to Section 14.3.8.
Security Configuration Command Set Configuring Denial of Service Prevention 14.3.8.2 HostDos Use this command to enable or disable Denial of Service security features. HostDoS {land | fragmicmp | largeicmp size | checkspoof | portscan number-of-ports} ROUTER: This command can be executed when the device is in router mode only. For details on how to enable router configuration modes, refer to Section 3.3.3. Syntax Description land Enables land attack protection and automatically discards illegal frames.
Security Configuration Command Set Configuring Denial of Service Prevention Command Defaults None.
Security Configuration Command Set Configuring Denial of Service Prevention 14.3.8.3 clear hostdos-counters Use this command to clear Denial of Service security counters. clear hostdos-counters ROUTER: This command can be executed when the device is in router mode only. For details on how to enable router configuration modes, refer to Section 3.3.3. Syntax Description None. Command Type Router command. Command Mode Global configuration: Matrix>Router(config)# Command Defaults None.
Working with Security Configurations Host Access Control Authentication (HACA) 14.4 WORKING WITH SECURITY CONFIGURATIONS 14.4.1 Host Access Control Authentication (HACA) To use HACA, the embedded RADIUS client on the Matrix E1 device must be configured to communicate with the RADIUS server. A RADIUS server must be online and its IP address(es) must be configured with the same password as the RADIUS client. When using the set radius command (Section 14.3.1.
Working with Security Configurations 802.1X Port Based Network Access Control Overview 14.4.2 802.1X Port Based Network Access Control Overview When using the physical access characteristics of IEEE 802 LAN infrastructures, the 802.1X standard provides a mechanism for administrators to securely authenticate and grant appropriate access to end user devices directly attached to Matrix E1 device ports.
Working with Security Configurations MAC Authentication Overview behavior is changed according to the authorized access policy and a session is started. If unsuccessful, the forwarding behavior of the port remains unchanged. If successful, the filter-id in the RADIUS response may contain a policy string of the form policy=”policy name”. If the string exists and it refers to a currently configured access policy in this switch, then the port receives this new policy.
Working with Security Configurations MAC Authentication Overview • The user executes an 802.1X logout. • Management terminates the 802.1X session. NOTE: The switch may terminate a session in many different ways. All of these reactivate the MAC authentication method. Refer to Table 14-8 for the precedence relationship between MAC and 802.1X authentication. When a port is set for concurrent use of MAC and 802.
Working with Security Configurations MAC Authentication Overview Table 14-8 MAC / 802.1X Precedence States (Continued) 802.1X Port Control (EAPOL) MAC Port Control Auto Enabled MAC Authenticated? Default Port Policy Exists? PAP Authorized Policy Exists? Action Yes No No • Hybrid authentication (both methods active). • Frames are forwarded. Auto Enabled No Yes Don’t Care • Hybrid authentication (both methods are active). • Frames are forwarded according to default policy.
Working with Security Configurations MAC Authentication Overview Table 14-8 802.1X Port Control (EAPOL) MAC / 802.1X Precedence States (Continued) PAP Authorized Policy Exists? No MAC Port Control MAC Authenticated? Default Port Policy Exists? Force Unauthorization Enabled Yes Yes Force Unauthorization Enabled Yes No No • MAC performs authentication. • Frames are forwarded. Force Unauthorization Enabled No Yes Don’t Care • MAC performs authentication.
Working with Security Configurations MAC Authentication Control 14.4.4 MAC Authentication Control This global variable can be enabled or disabled using the set macauthentication command as described in Section 14.3.3.3. If enabled, then • MAC authentication is active on those ports individually enabled using the set macauthentication port command as described in Section 14.3.3.5. • All session and statistic information is reset to defaults. • Any MAC addresses currently locked to ports are unlocked.
Matrix E1 CLI Quick Reference Guide access list (set extended) A Matrix E1 CLI Quick Reference Guide A.1 OVERVIEW This quick reference guide provides an alphabetical listing of CLI tasks, each with a brief description of command function and syntax. Each task’s mode of operation (whether accomplished by a switch or a router command) is indicated.
CLI Tasks, Command Functions and Syntax access list (set standard) CLI Task Mode Command Function and Syntax access list (set standard) Router Defines a standard IP access list by number when operating in router mode. For details, refer to Section 14.3.7.2. access-list access-list-number [insert | replace entry] | [move destination source1 [source2]] {deny | permit} source [source-wildcard] advertised ability (set port) Switch Enables, disables and sets the advertised ability on one or more ports.
CLI Tasks, Command Functions and Syntax ARP timeout (set) CLI Task Mode Command Function and Syntax alias entries (set) Switch Sets the maximum number of node alias entries. For details, refer to Section 11.2.5.4. set nodealias maxentries val port-string ARP (clear) Switch Deletes a specific entry or all entries from the device’s ARP (Address Resolution Protocol) table. For details, refer to Section 11.2.3.3. clear arp [hostname | A.B.C.
CLI Tasks, Command Functions and Syntax banner (clear) CLI Task Mode Command Function and Syntax banner (clear) Switch Clears the banner message of the day displayed at session login. For details, refer to Section 3.2.2.8. clear banner motd banner (set) Switch Sets the banner message of the day displayed at session login. For details, refer to Section 3.2.2.7. set banner motd message banner (show) Switch Shows the banner message of the day displayed at session login.
CLI Tasks, Command Functions and Syntax config (set boot) CLI Task Mode Command Function and Syntax CDP interval (set) Switch Sets the message interval frequency of the CDP discovery protocol. For details, refer to Section 3.2.6.3. set cdp interval frequency config file (show) Switch Displays the contents of the CLI text configuration file. For details, refer to Section 3.2.5.2.
CLI Tasks, Command Functions and Syntax config (show running) CLI Task Mode Command Function and Syntax config (show running) Router Displays the current non-default router operating configuration. For details, refer to Section 12.2.2.1. show running-config counters (clear port) Switch Clears port counter statistics for one or more ports. For details, refer to Section 4.2.1.3.
CLI Tasks, Command Functions and Syntax dot1x authentication (enable) CLI Task Mode Command Function and Syntax DNS server (set) Switch Adds a server to the DNS server list. For details, refer to Section 11.2.3.16. set dns server ip-address DNS (show) Switch Display DNS settings. For details, refer to Section 11.2.3.13. show dns DoS host security counters (clear) Router Clears Denial of Service security counters. For details refer to Section 14.3.8.3.
CLI Tasks, Command Functions and Syntax dot1x authentication configuration (set) CLI Task Mode Command Function and Syntax dot1x authentication configuration (set) Switch Configures 802.1X authentication. For details refer to Section 14.3.2.4.
CLI Tasks, Command Functions and Syntax flow control (set port) CLI Task Mode Command Function and Syntax DVMRP (enable) Router Enables or disables the Distance Vector Multicast Routing Protocol (DVMRP) on an interface. For details, refer to Section 13.1.3.1. ip dvmrp DVMRP metric (set) Router Configures the metric associated with destinations for DVMRP reports. For details, refer to Section 13.1.3.2.
CLI Tasks, Command Functions and Syntax flow control (show port) CLI Task Mode Command Function and Syntax flow control (show port) Switch Displays the flow control state of one or more ports. For details, refer to Section 4.2.6.1. show port flowcontrol [port-string] GARP timer (set) Switch Sets the values of the join, leave, and leaveall timers. For details, refer to Section 7.3.8.4.
CLI Tasks, Command Functions and Syntax IGMP VLAN mode (set ip address) CLI Task Mode Command Function and Syntax history buffer size (show) Switch Displays the size (in lines) of the command history buffer. For details, refer to Section 11.2.2.5. show history IGMP (set) Switch Enables or disables IGMP (Internet Group Management Protocol) snooping on the switch. For details, refer to Section 10.2.1.2. set igmp {enable | disable} IGMP (show) Switch Displays current IGMP settings.
CLI Tasks, Command Functions and Syntax IGMP VLAN mode (set ports) CLI Task Mode Command Function and Syntax IGMP VLAN mode (set ports) Switch Sets IGMP VLAN Registration (IVR) ports as open or secure. Open ports will scope multicast transmissions to the IGMP VLAN. For details, refer to Section 10.2.4.4. set igmp mode port-string {open | secure} IGMP VLAN mode (set VLAN) Switch Sets the VLAN registered to forward IGMP multicast traffic to all subscribing, or “open” ports.
CLI Tasks, Command Functions and Syntax IRDP address CLI Task Mode Command Function and Syntax IP interface (enable) Router Enables an interface for IP routing and allows it to automatically be enabled at device startup. For details, refer to Section 12.2.1.5. no shutdown IP interface (show) Router Displays usability status and other information about interfaces configured for IP routing. For details, refer to Section 12.2.1.3.
CLI Tasks, Command Functions and Syntax IRDP broadcasts (enable) CLI Task Mode Command Function and Syntax IRDP broadcasts (enable) Router Enables the router to send IRDP advertisements using broadcast rather than multicast transmissions. By default, the router sends IRDP advertisements via multicast. For details, refer to Section 13.1.4.7. no ip irdp multicast IRDP hold time Router Sets the length of time in seconds IRDP advertisements are held valid. For details, refer to Section 13.1.4.4.
CLI Tasks, Command Functions and Syntax login (clear system) CLI Task Mode Command Function and Syntax link aggregation (clear static ports) Switch Removes specific ports from a link aggregation group (LAG). For details, refer to Section 4.4.8.3. clear lacp static lagportstring port-string link aggregation (disable/enable) Switch Disables or enables link aggregation on the device. For details, refer to Section 4.4.8.1.
CLI Tasks, Command Functions and Syntax login (set system) CLI Task Mode Command Function and Syntax login (set system) Switch Create a new user login account, or to disable or enable and existing account. For details, refer to Section 3.2.1.2. set system login username {su | rw | ro} {enable | disable} login (show system) Switch Displays login account user names and access privileges. For details, refer to Section 3.2.1.1.
CLI Tasks, Command Functions and Syntax logging server (show) CLI Task Mode Command Function and Syntax logging console (set) Switch Set sthe severity level at which Syslog messages will display to the console, or prevents Syslog messages from displaying to the console. For details, refer to Section 11.2.1.4. set logging console {severity | disable} logging console (show) Switch Shows the state of global logging and the severity level at which logging messages will display to the console port.
CLI Tasks, Command Functions and Syntax MAC (set) CLI Task Mode Command Function and Syntax MAC (set) Switch Adds MAC addresses to the switch IP routing table. For details, refer to Section 11.2.3.7. set mac mac_address vlan_id port-string {delete-on-reset | delete-on-timeout | permanent} Router Sets a MAC address on a routing interface. For details, refer to Section 12.2.3.4. ip mac-address address MAC (show) Switch Displays MAC addresses contained in the switch’s routing table.
CLI Tasks, Command Functions and Syntax MAC authentication port initialize CLI Task Mode Command Function and Syntax MAC algorithm (set) Switch Sets the MAC algorithm mode, which determines the hash mechanism used by the device when performing layer 2 lookups on received frames. Each algorithm is optimized for a different spread of MAC addresses. For details, refer to Section 11.2.3.12.
CLI Tasks, Command Functions and Syntax MAC authentication port reauthenticate CLI Task Mode Command Function and Syntax MAC authentication port reauthenticate Switch Forces an immediate reauthentication of the currently active sessions on one or more MAC authentication ports. For details, refer to Section 14.3.3.9.
CLI Tasks, Command Functions and Syntax MAC locking stations (show) CLI Task Mode Command Function and Syntax MAC locking (disable) Switch Disables MAC locking on one or more ports. For details, refer to Section 14.3.4.4. set maclock disable [port-string] MAC locking (enable) Switch Enables MAC locking on one or more ports. For details, refer to Section 14.3.4.3. set maclock enable [port-string] MAC locking (show) Switch Displays the status of MAC locking globally or on one or more ports.
CLI Tasks, Command Functions and Syntax MAC locking trap (set) CLI Task Mode Command Function and Syntax MAC locking trap (set) Switch Enables or disables MAC lock trap messaging. For details, refer to Section 14.3.4.10. set maclock trap port-string {enable | disable} mirroring (clear port) Switch Clears a mirroring association between ports. For details, refer to Section 4.3.1.3.
CLI Tasks, Command Functions and Syntax OSPF cost CLI Task Mode Command Function and Syntax OSPF (show) Router Displays OSPF information. For details, refer to Section 13.1.2.21. show ip ospf OSPF area authentication Router Enables or disables authentication for an OSPF area. For details, refer to Section 13.1.2.15.
CLI Tasks, Command Functions and Syntax OSPF database (show) CLI Task Mode Command Function and Syntax OSPF database (show) Router Displays the OSPF link state database. For details, refer to Section 13.1.2.22. show ip ospf database [link-state-id] OSPF dead interval Router Sets the number of seconds a router must wait to receive a hello packet from its neighbor before determining that the neighbor is out of service. For details, refer to Section 13.1.2.10.
CLI Tasks, Command Functions and Syntax OSPF transmit delay CLI Task Mode Command Function and Syntax OSPF NSSA area Router Configures an OSPF area as a not so stubby area (NSSA). In contrast to a stub area, an NSSA allows some external routes, represented by external Link State Advertisements (LSAs), to be imported into it. For details, refer to Section 13.1.2.18. area area-id nssa [default-information-originate] OSPF priority Router Sets the OSPF priority value for router interfaces.
CLI Tasks, Command Functions and Syntax OSPF virtual link (set) CLI Task Mode Command Function and Syntax OSPF virtual link (set) Router Defines an OSPF virtual link, which represents a logical connection between the backbone and a non-backbone OSPF area. For details, refer to Section 13.1.2.19. area area_id virtual-link ip_address OSPF virtual link (show) Router Displays information about the virtual links configured on a router. For details, refer to Section 13.1.2.26.
CLI Tasks, Command Functions and Syntax policy profile (clear) CLI Task Mode Command Function and Syntax ping (send) Switch Sends ICMP echo-request packets to another node on the network when operating in switch mode. For details, refer to Section 11.2.2.8. ping {[[-s] hostname | ip_address ] [hostname | ip_address [packet-count]]} Router Sends ICMP echo-request packets to another IP address when operating in router mode. For details, refer to Section 12.2.5.7.
CLI Tasks, Command Functions and Syntax policy profile (set) CLI Task Mode Command Function and Syntax policy profile (set) Switch Creates a policy profile entry. For details, refer to Section 8.3.1.2. policy profile (show) Switch set policy profile profile-index {[enable | disable] [name enable | disable vlan-id enable | disable cos]} Displays policy profile information. For details, refer to Section 8.3.1.1.
CLI Tasks, Command Functions and Syntax port status (show) CLI Task Mode Command Function and Syntax port buffer threshold (show HOLBP) Switch Displays Head of the Line Blocking Prevention settings for one or more ports.For details, refer to Section 4.2.6.5. show port holbp port-string {ingress | egress} port disable Switch Disables one or more ports. For details, refer to Section 4.2.2.1. set port disable port-string port enable Switch Enables one or more ports. For details, refer to Section 4.
CLI Tasks, Command Functions and Syntax port web authentication (set) CLI Task Mode Command Function and Syntax port web authentication (set) Switch Enables or disables port web authentication. For details, refer to Section 14.3.5.2. set pwa {enable | disable} port web authentication (show) Switch Displays port web authentication information. For details, refer to Section 14.3.5.1. show pwa port web authentication display logo Switch Sets the display options for the Secure Harbor logo.
CLI Tasks, Command Functions and Syntax priority classification (clear) CLI Task Mode Command Function and Syntax port web authentication initialize Switch Initializes a port to its default port web authentication state. For details, refer to Section 14.3.5.12. set pwa initialize [port-string] port web authentication IP address Switch Sets the Secure Harbor IP address. For details, refer to Section 14.3.5.6.
CLI Tasks, Command Functions and Syntax priority classification (set) CLI Task Mode Command Function and Syntax priority classification (set) Switch Creates a rule that will assign untagged traffic to a priority based on Layer 2/3/4/ rules. For details, refer to Section 9.3.4.2. set priority classification priority_value data_meaning data_value [data_mask] {create | disable | enable} priority classification (show) Switch Displays priority classification information. For details, refer to Section 9.
CLI Tasks, Command Functions and Syntax QoS strict priority (set port) CLI Task Mode Command Function and Syntax priority classification TOS value (set) Switch Sets the ToS (Type of Service) value. This value identifies packets which should have preferential treatment on a Class of Service (CoS) basis. For details, refer to Section 9.3.4.5. set priority classification tosvalue tos_value priority_value data_meaning data_value [data_mask] priority queue (set) Switch Maps 802.
CLI Tasks, Command Functions and Syntax QoS weighted round robin (set port) CLI Task Mode Command Function and Syntax QoS weighted round robin (set port) Switch Sets the weighted round robin transmission queues for one or more ports. For details, refer to Section 9.3.3.3. set port qos wrr port-string que0_weight que1_weight que2_weight que3_weight RAD (set) Switch Enables or disables RAD (Runtime Address Discovery) protocol. For details, refer to Section 11.2.3.5.
CLI Tasks, Command Functions and Syntax reset (at a future time) CLI Task Mode Command Function and Syntax RADIUS accounting (set) Switch Configures RADIUS accounting. For details, refer to Section 14.3.1.5. set radius accounting {[enable] [disable] [server index ip_address port server-secret] [retries retries index] [timeout timeout index] [intervalminimum value] [updateinterval value]} RADIUS accounting (show) Switch Displays the RADIUS accounting configuration. For details, refer to Section 14.
CLI Tasks, Command Functions and Syntax reset (after a specified time) CLI Task Mode Command Function and Syntax reset (after a specified time) Switch Schedules a system reset after a specified time. For details, refer to Section 3.2.8.4. reset in hh:mm [reason reason] RIP authentication key Router Identifies a RIP authentication key on a key chain. For details, refer to Section 13.1.1.10.
CLI Tasks, Command Functions and Syntax RIP passive interface CLI Task Mode Command Function and Syntax RIP automatic route summarization (disable) Router Disables automatic route summarization. This enables CIDR, allowing RIP to advertise all subnets and host routing information on the device. For details, refer to Section 13.1.1.16. no auto-summary RIP configuration mode Router Enables or disables RIP router configuration mode. For details, refer to Section 13.1.1.1.
CLI Tasks, Command Functions and Syntax RIP receive interface CLI Task Mode Command Function and Syntax RIP receive interface Router Allows RIP to receive update packets on an interface. For details, refer to Section 13.1.1.20. receive-interface vlan vlan_id RIP receive version Router Sets the RIP version(s) for update packets accepted on an interface. For details, refer to Section 13.1.1.8.
CLI Tasks, Command Functions and Syntax SNMP access (set) CLI Task Mode Command Function and Syntax router (enable) Router Enables router mode (Privileged EXEC) from switch mode. For more details, refer to Section 3.3.3. router router ID (set) Router Sets the IP address that will be used as the OSPF router ID. For details, refer to Section 13.1.2.3. router id ip_address routing (disable) Router Disables IP routing on the device and removes the routing configuration.
CLI Tasks, Command Functions and Syntax SNMP access (show) CLI Task Mode Command Function and Syntax SNMP access (show) Switch Displays the SNMP access security information associated with a specific group. For details, refer to Section 5.2.3.1. show snmp access [groupname] [security-model {v1 | v2 | v3 {noauth | auth | authpriv}} SNMPv1 / v2 community (clear) Switch Deletes an SNMPv1 or v2 community name. For details, refer to Section 5.2.2.9.
CLI Tasks, Command Functions and Syntax SNMP notify filter (clear) CLI Task Mode Command Function and Syntax SNMP engine (show) Switch Displays the SNMP engine properties. For details, refer to Section 5.2.1.3. show snmp engineid SNMP group (clear) Switch Clears the SNMP security-mode setting for a specific SNMP group or user. For details, refer to Section 5.2.2.6. clear snmp group groupname user username security-model {v1 | v2 | v3} SNMP group (set) Switch Sets the SNMP group configuration.
CLI Tasks, Command Functions and Syntax SNMP notify filter (set) CLI Task Mode Command Function and Syntax SNMP notify filter (set) Switch Creates an SNMP notify filter configuration. For details, refer to Section 5.2.7.8. set snmp notifyfilter profile subtree oid [mask mask] [included | excluded] [volatile | nonvolatile] SNMP notify filter (show) Switch Displays SNMP notify filter configurations. For details, refer to Section 5.2.7.7.
CLI Tasks, Command Functions and Syntax SNMP trap (show port) CLI Task Mode Command Function and Syntax SNMP target parameters (clear) Switch Deletes an SNMP target parameter configuration. For details, refer to Section 5.2.5.3. clear snmp targetparams targetParams SNMP target parameters (set) Switch Sets the SNMP target parameters configuration. For details, refer to Section 5.2.5.2.
CLI Tasks, Command Functions and Syntax SNMP user (clear) CLI Task Mode Command Function and Syntax SNMP user (clear) Switch Removes a user from the SNMPv3 security-model list. For details, refer to Section 5.2.2.3. clear snmp user user [remote remote] SNMP user (set) Switch Creates a new SNMPv3 user. For details, refer to Section 5.2.2.2.
CLI Tasks, Command Functions and Syntax Spanning Tree blocked ports (show) CLI Task Mode Command Function and Syntax SNTP poll interval (set) Switch Sets the SNTP poll interval in seconds. This is the time between SNTP requests. For details, refer to Section 11.2.4.4. set sntp poll-interval time SNTP server (clear) Switch Removes one or all servers from the SNTP server list. For details, refer to Section 11.2.4.6.
CLI Tasks, Command Functions and Syntax Spanning Tree edge port (clear) CLI Task Mode Command Function and Syntax Spanning Tree edge port (clear) Switch Resets the edge port status for one or more Spanning Tree ports to the default value of false. For details, refer to Section 6.2.2.13. clear spantree adminedgeport [port-string] Spanning Tree edge port (set) Switch Sets the edge port administrative status for a Spanning Tree port. For details, refer to Section 6.2.2.12.
CLI Tasks, Command Functions and Syntax Spanning Tree legacy path cost (clear) CLI Task Mode Command Function and Syntax Spanning Tree hello (clear) Switch Resets the bridge hello time for a Spanning Tree to a default value of 2 seconds. For details, refer to Section 6.2.1.22. clear spantree hello [port-string] Spanning Tree hello (set) Switch Sets the bridge hello time for a Spanning Tree. This is the time interval (in seconds) at which the root device transmits a configuration message.
CLI Tasks, Command Functions and Syntax Spanning Tree legacy path cost (set) CLI Task Mode Command Function and Syntax Spanning Tree legacy path cost (set) Switch Enables or disables legacy (802.1D) path cost values. For details, refer to Section 6.2.1.31. set spantree legacypathcost {disable | enable} Spanning Tree legacy path cost (show) Switch Displays the administrative status of the legacy (802.1D) path cost setting. For details, refer to Section 6.2.1.30.
CLI Tasks, Command Functions and Syntax Spanning Tree point-to-point (set) CLI Task Mode Command Function and Syntax Spanning Tree MST config (set) Switch Sets the Multiple Spanning Tree configuration name and/or revision level. For details, refer to Section 6.2.1.14.
CLI Tasks, Command Functions and Syntax Spanning Tree point-to-point (show) CLI Task Mode Command Function and Syntax Spanning Tree point-to-point (show) Switch Displays the administrative point-to-point status of the LAN segment attached to a port. For details, refer to Section 6.2.2.22. show spantree adminpoint port-string Spanning Tree port admin (clear) Switch Resets the default Spanning Tree admin status to enable on one or more ports. For details, refer to Section 6.2.2.3.
CLI Tasks, Command Functions and Syntax Spanning Tree secure span lock (clear) CLI Task Mode Command Function and Syntax Spanning Tree port priority (set) Switch Sets a port’s priority for use in the Spanning Tree algorithm (STA). For details, refer to Section 6.2.2.6. set spantree portpri port-string priority [sid] Spanning Tree port priority (show) Switch Displays the Spanning Tree priority for one or more ports. For details, refer to Section 6.2.2.5.
CLI Tasks, Command Functions and Syntax Spanning Tree secure span lock (show) CLI Task Mode Command Function and Syntax Spanning Tree secure span lock (show) Switch Displays the status of the Spanning Tree secure span function on one or more ports. For details, refer to Section 6.2.2.20. show spantree securespanlock port-string Spanning Tree secure span timeout (clear) Switch Resets the Spanning Tree secure span timeout to the default value of 300 seconds. For details, refer to Section 6.2.2.19.
CLI Tasks, Command Functions and Syntax SSH ciphers (clear) CLI Task Mode Command Function and Syntax Spanning Tree topology change trap suppress (show) Switch Displays the status of topology change trap suppression on Rapid Spanning Tree edge ports. For details, refer to Section 6.2.1.33. Spanning Tree version (clear) Switch show spantree tctrapsuppress Resets the Spanning Tree version to MSTP mode. For details, refer to Section 6.2.1.5.
CLI Tasks, Command Functions and Syntax SSH ciphers (set) CLI Task Mode Command Function and Syntax SSH ciphers (set) Switch Sets the cipher name(s) used for SSH encryption. For details, refer to Section 14.3.6.4. set ssh ciphers {all | anycipher | anystdcipher | ciphername} SSH config (clear) Switch Resets the SSH configuration to default settings. For details, refer to Section 14.3.6.13. clear ssh config SSH keys (clear) Switch Regenerates new SSH authentication keys.
CLI Tasks, Command Functions and Syntax Telnet (show) CLI Task Mode Command Function and Syntax SSH server Switch Configures a connection to an SSH server. For details, refer to Section 14.3.6.3. ssh ipaddr login [port] system (show) Switch Displays system information, including operating status, baud rate, uptime, system name, location and contact name. For details, refer to Section 3.2.2.2. show system system contact (set) Switch Sets a contact person for the system.
CLI Tasks, Command Functions and Syntax terminal (set) CLI Task Mode Command Function and Syntax terminal (set) Switch Sets the number of columns and rows for the display terminal connected to the device’s console port. This information is used to control the output of the CLI itself. For details, refer to Section 3.2.2.14.
CLI Tasks, Command Functions and Syntax UDP (enable) CLI Task Mode Command Function and Syntax traffic (show IP) Router Displays general IP traffic statistics. For details, refer to Section 12.2.5.2. show ip traffic [softpath] trunk (clear) Switch Deletes a trunk from the switch. For details, refer to Section 4.4.3.4. clear trunk [trunk_name] trunk (set) Switch Creates, enables or disables trunks on the switch. For details, refer to Section 4.4.3.3.
CLI Tasks, Command Functions and Syntax users (show) CLI Task Mode Command Function and Syntax users (show) Switch Displays information about the active console port or Telnet session(s) logged in to the device. For details, refer to Section 11.2.2.9. show users version (show) Switch Displays firmware and hardware information. For details, refer to Section 3.2.2.9. show version VLAN (clear) Switch Removes a statically created VLAN from the list of VLANs recognized by the device.
CLI Tasks, Command Functions and Syntax VLAN egress (clear) CLI Task Mode Command Function and Syntax VLAN classification (set) Switch Assigns VLANs according to VLAN classification rules, or filters (drops) incoming frames according to protocol. For details, refer to Section 7.3.5.2.
CLI Tasks, Command Functions and Syntax VLAN egress (set) CLI Task Mode Command Function and Syntax VLAN egress (set) Switch Adds ports to the VLAN egress list for the device. This determines which ports will transmit frames for a particular VLAN. For details, refer to Section 7.3.4.3. set vlan egress vlan-string port-string [untagged] VLAN egress (show) Switch Displays the VLAN membership for one or more ports. For details, refer to Section 7.3.4.2.
CLI Tasks, Command Functions and Syntax VRRP configuration mode CLI Task Mode Command Function and Syntax VLAN port (clear) Switch Resets the port’s 802.1Q port VLAN ID to the host VLAN ID 1. For details, refer to Section 7.3.3.3. clear port vlan port-string VLAN port (set) Switch Sets the port VLAN identifier (vlan_id) for one or more ports. For details, refer to Section 7.3.3.2. set port vlan port-string vlan_id VLAN port (show) Switch Displays ports associated with a particular 802.
CLI Task Mode Command Function and Syntax VRRP create session Router Creates a VRRP session. For details, refer to Section 13.1.5.2. VRRP critical IP Router create vlan vlan_id vrid Sets a critical IP address for VRRP routing. This defines an interface — in addition to the interface between hosts and a first-hop router — that will prevent the master router from functioning properly if it were to fail. For details, refer to Section 13.1.5.6.
CLI Tasks, Command Functions and Syntax WebView (show) CLI Task Mode Command Function and Syntax WebView (set) Switch Enables or disables WebView. For details, refer to Section 3.1.4. set webview {enable | disable} WebView (show) Switch Displays WebView status. For details, refer to Section 3.1.4.
Index Numerics RADIUS server 14-7, 14-12 RIP 13-13 SSH 14-95 to 14-97 VRRP 13-96 Auto-negotiation 4-23 802.1D 6-1 802.1Q 7-1 802.1s 6-1 802.1w 6-1 802.
Index saving or writing to output devices 12-13 show running config 3-72 Console Port connecting to a 2-1 Copying Configuration Files 3-68 Cost area default 13-49 OSPF 13-35, 13-49 Spanning Tree port 6-59, 6-63 D H Head of Line Blocking Prevention 4-40 Hello Packets 13-40 to 13-41 Host Access Control Authentication (HACA) how to use 14-115 Host VLAN 7-43 Hybrid quality of service (QoS) 9-17 queueing 9-2 I Defaults command 3-9 factory installed 3-1 DNS 11-56 DoS 14-109 DVMRP 13-69 Dynamic Egress 7-26 E
Index Link State Advertisements displaying 13-57 retransmit interval 13-38 transmit delay 13-39 Local Management connecting to a console port for 2-1 Log in accounts, creating 3-22 attempts before lockout 3-29 password 3-24 Logging Syslog, configuring 11-2 M MAC Addresses setting in routing mode 12-21 setting in switch mode 11-49 MAC Algorithms in SSH 14-92 MAC Authentication 14-32 MAC Locking 14-49 Management VLAN 7-47 MD5 Authentication 13-43 Mirroring Ports 4-45 Modem connecting to a 2-4 Multiple Spann
Index assigning ports 8-17 profiles 8-2 Port Classification 9-3 Port Mirroring 4-45 Port Priority 9-1 configuring 9-4 Port Status reviewing 4-7 Port String syntax used in the CLI 4-4 Port Trunking 4-64 Port Web Authentication 14-64 Port(s) assignment scheme 4-1 auto-negotiation and advertised ability 4-23 broadcast suppression 4-76 classification 9-3 counters, reviewing statistics 4-10 duplex mode, setting 4-17 enabling and disabling 4-14 flow control 4-29 grouping considerations 4-54 MAC lock 14-55 mirror
Index classification precedence 7-36 S Scrolling Screens 3-17 Secure Shell (SSH) authentication 14-95, 14-96 ciphers 14-89, 14-91 clear config 14-98 enabling 14-87 MAC algorithms 14-92 port 14-91 regenerating new keys 14-97 Security configurations, working with 14-115 methods, overview of 14-1 Serial Port downloading upgrades via 3-51 SNMP access 5-34 counters 5-8 notification parameters 5-55 security models and levels 5-2 target addresses 5-42, 5-48 target parameters 5-42 trap configuration 5-70 users, g
Index assigning according to classification rules 7-27 assigning ingress filtering 7-19 assigning port VLAN IDs 7-14 classification ingress 7-39 configuring for IP routing 3-89, 7-2 creating static 7-9 egress lists 7-20 enabling GVRP 7-48 forbidden ports 7-21 host, setting 7-43 ingress filtering 7-14 naming 7-11 reviewing existing 7-3 secure management, creating 7-47 VRRP authentication 13-96 configuration mode, enabling 13-86 creating a session 13-87 critical IP 13-93 enabling on an interface 13-95 priori
