Enterasys Matrix® N Standalone (NSA) Configuration Guide Firmware Version 6.11.
Notice Enterasys Networks reserves the right to make changes in specifications and other information contained in this document and its web site without prior notice. The reader should in all cases consult Enterasys Networks to determine whether any such changes have been made. The hardware, firmware, or software described in this document is subject to change without notice.
Enterasys Networks, Inc. Software License Agreement This document is an agreement (“Agreement”) between You, the end user, and Enterasys Networks, Inc. on behalf of itself and its Affiliates (“Enterasys”) that sets forth your rights and obligations with respect to the software contained in CD‐ROM or other media.
. PROTECTION AND SECURITY. In the performance of this Agreement or in contemplation thereof, You and your employees and agents may have access to private or confidential information owned or controlled by Enterasys relating to the Licensed Materials supplied hereunder including, but not limited to, product specifications and schematics, and such information may contain proprietary details and disclosures.
9. UNITED STATES GOVERNMENT RESTRICTED RIGHTS. The Licensed Materials (i) were developed solely at private expense; (ii) contains “restricted computer software” submitted with restricted rights in accordance with section 52.227‐19 (a) through (d) of the Commercial Computer Software‐Restricted Rights Clause and its successors, and (iii) in all respects is proprietary data belonging to Enterasys and/or its suppliers.
Contents About This Guide Using This Guide ..........................................................................................................................................xxxiii Structure of This Guide .................................................................................................................................xxxiii Related Documents ......................................................................................................................................
clear ip gratuitous-arp ....................................................................................................................... 2-34 show system..................................................................................................................................... 2-34 show system hardware..................................................................................................................... 2-35 show system utilization...............................................
Commands ............................................................................................................................................. 2-68 dir...................................................................................................................................................... 2-68 show file............................................................................................................................................ 2-70 show config...............................
clear cdp ............................................................................................................................................. 3-7 Cisco Discovery Protocol ................................................................................................................................ 3-8 Purpose .................................................................................................................................................... 3-8 Commands ............................
show console bits ............................................................................................................................... 4-8 set console bits................................................................................................................................... 4-8 clear console bits ................................................................................................................................ 4-9 show console stopbits ....................................
Configuring Link Traps and Link Flap Detection ........................................................................................... 4-39 Purpose .................................................................................................................................................. 4-39 Commands ............................................................................................................................................. 4-39 show port trap......................................
Chapter 5: SNMP Configuration SNMP Configuration Summary ...................................................................................................................... 5-1 SNMPv1 and SNMPv2c ........................................................................................................................... 5-2 SNMPv3 ...................................................................................................................................................
show snmp notifyfilter ....................................................................................................................... 5-36 set snmp notifyfilter........................................................................................................................... 5-37 clear snmp notifyfilter........................................................................................................................ 5-37 show snmp notifyprofile .........................................
clear spantree fwddelay.................................................................................................................... 6-28 show spantree autoedge .................................................................................................................. 6-28 set spantree autoedge...................................................................................................................... 6-29 clear spantree autoedge........................................................
show spantree portcost .................................................................................................................... 6-57 show spantree adminpathcost .......................................................................................................... 6-58 set spantree adminpathcost ............................................................................................................. 6-58 clear spantree adminpathcost ........................................................
Assigning Port VLAN IDs (PVIDs) and Ingress Filtering ................................................................................ 7-9 Purpose .................................................................................................................................................... 7-9 Commands ............................................................................................................................................... 7-9 show port vlan ........................................
Commands ............................................................................................................................................. 8-14 show policy rule ................................................................................................................................ 8-14 show policy capability ....................................................................................................................... 8-17 set policy classify .....................................
Chapter 9: IGMP Configuration About IP Multicast Group Management .......................................................................................................... 9-1 IGMP Configuration Summary ........................................................................................................................ 9-2 Enabling / Disabling IGMP .............................................................................................................................. 9-2 Purpose ..................
Chapter 11: Network Monitoring Configuration Monitoring Network Events and Status ........................................................................................................ 11-1 Purpose .................................................................................................................................................. 11-1 Commands .............................................................................................................................................
show rmon capture ......................................................................................................................... 11-40 set rmon capture............................................................................................................................. 11-41 clear rmon capture..........................................................................................................................
set nodealias .................................................................................................................................... 14-6 set nodealias maxentries.................................................................................................................. 14-7 clear nodealias ................................................................................................................................. 14-7 clear nodealias config ..........................................
arp timeout...................................................................................................................................... 16-17 clear arp-cache ............................................................................................................................... 16-18 Configuring Broadcast Settings .................................................................................................................. 16-19 Applying DHCP/BOOTP Relay ................................
ip nat secure-plus ............................................................................................................................. 18-7 ip nat translation max-entries ........................................................................................................... 18-8 ip nat translation (timeouts) .............................................................................................................. 18-8 show ip nat translations ...............................................
Chapter 20: DHCP Configuration DHCP Overview ........................................................................................................................................... 20-1 Configuring DHCP .................................................................................................................................. 20-1 DHCP Supported Options ...................................................................................................................... 20-2 DHCP Command Modes ...
receive-interface ............................................................................................................................. 21-16 distribute-list ................................................................................................................................... 21-17 redistribute...................................................................................................................................... 21-17 Configuring OSPF ......................................
ip irdp address ................................................................................................................................ 21-58 no ip irdp multicast.......................................................................................................................... 21-59 show ip irdp .................................................................................................................................... 21-59 Configuring VRRP ...........................................
bypass-list range ............................................................................................................................ 23-10 hosts redirect range ........................................................................................................................ 23-10 ip twcb redirect out ......................................................................................................................... 23-11 show ip twcb wcserverfarm ........................................
hostdos ........................................................................................................................................... 24-23 clear hostdos-counters ................................................................................................................... 24-24 Configuring Flow Setup Throttling (FST) .................................................................................................... 24-25 About FST ........................................................
set pwa portcontrol ......................................................................................................................... 25-24 show pwa session .......................................................................................................................... 25-25 Configuring MAC Authentication ................................................................................................................ 25-26 Purpose ............................................................
show radius accounting .................................................................................................................. 25-56 set radius accounting...................................................................................................................... 25-57 clear radius accounting................................................................................................................... 25-58 Configuring RFC 3580 ........................................................
show multiauth station ...................................................................................................................... 27-8 clear multiauth station....................................................................................................................... 27-8 show multiauth session .................................................................................................................... 27-9 show multiauth idle-timeout ............................................
5-2 5-3 5-4 5-5 5-6 5-7 5-8 5-9 5-10 5-11 6-1 6-2 7-1 7-2 7-3 7-4 7-5 8-1 8-2 8-3 8-4 8-5 8-6 9-1 10-1 10-2 10-3 11-1 11-2 11-3 11-4 11-5 11-6 11-7 12-1 12-2 12-3 13-1 14-1 14-2 16-1 16-2 16-3 17-1 17-2 17-3 17-4 18-1 19-1 19-2 19-3 19-4 20-1 20-2 20-3 21-1 Basic SNMP Trap Configuration Command Set................................................................................. 5-4 show snmp engineid Output Details ............................................................................................
21-2 21-3 21-4 21-5 21-6 21-7 22-1 24-1 24-2 25-1 25-2 25-3 25-4 25-5 26-1 26-2 26-3 26-4 26-5 xxxii OSPF Configuration Task List and Commands.............................................................................. 21-21 show ip ospf database Output Details ............................................................................................ 21-44 show ip ospf interface Output Details .............................................................................................
About This Guide This manual explains how to access the device’s Command Line Interface (CLI) and how to use it to configure Enterasys Matrix® Standalone Series switch/router devices. Important Notice Depending on the firmware version used in your Matrix Series device, some features described in this document may not be supported. Refer to the Release Notes shipped with your Matrix Series device to determine which features are supported.
Structure of This Guide Protocol, the Cisco Discovery Protocol, and the IEEE 802.1AB Link Layer Discovery Protocol (LLDP) and LLDP Media Endpoint Discovery Protcol (LLDP‐MED). Chapter 4, Port Configuration, describes how to review and configure console port settings, and how to enable or disable switch ports and configure switch port settings, including port speed, duplex mode, auto‐negotiation, flow control, port mirroring, link aggegation and broadcast suppression.
Related Documents Chapter 20, DHCP Configuration, describes how to configure and display statistics for Dynamic Host Configuration Protocol. Chapter 21, Routing Protocol Configuration, describes how to configure RIP, OSPF, DVMRP, IRDP and VRRP.
Conventions Used in This Guide Conventions Used in This Guide The following conventions are used in the text of this document: Convention Description Bold font Indicates mandatory keywords, parameters or keyboard keys. italic font Indicates complete document titles. Courier font Used for examples of information displayed on the screen. Courier font in italics Indicates a user-supplied value, either required or optional. [] Square brackets indicate an optional value.
Getting Help Getting Help For additional support related to the product or this document, contact Enterasys Networks using one of the following methods: World Wide Web www.enterasys.com/support Phone 1-800-872-8440 (toll-free in U.S. and Canada) or 1-978-684-1000 To find the Enterasys Networks Support toll-free number in your country: www.enterasys.com/support Internet mail support@enterasys.com To expedite your message, type [N-SERIES] in the subject line.
Getting Help xxxviii About This Guide
1 Introduction This chapter provides an overview of the Enterasys Matrix Series’ unique features and functionality, an overview of the tasks that may be accomplished using the CLI interface, an overview of ways to manage the device, and information on how to contact Enterasys Networks for technical support.
Device Management Methods • Configure Spanning Trees. • Clear NVRAM. • Configure interfaces for IP routing. • Configure RIP, OSPF, DVMRP, IRDP and VRRP routing protocols. • Configure security methods, including 802.1X. RADIUS, TACACS, CEP, SSHv2, MAC locking, and DoS attack prevention. • Configure access lists (ACLs). Device Management Methods The Matrix Series device can be managed using the following methods: • Locally using a VT type terminal connected to the console port.
2 Startup and General Configuration This chapter describes factory default settings and the Startup and General Configuration set of commands. For information about... Refer to page...
Startup and General Configuration Summary Table 2-1 2-2 Default Device Settings for Basic Switch Operation Device Feature Default Setting CDP discovery protocol Auto enabled on all ports. CDP authentication code Set to 00-00-00-00-00-00-00-00 CDP hold time Set to 180 seconds. CDP interval Transmit frequency of CDP messages set to 60 seconds. Cisco Discovery Protocol Globally auto-enabled, enabled on ports. Community name Public.
Startup and General Configuration Summary Table 2-1 Default Device Settings for Basic Switch Operation (continued) Device Feature Default Setting MAC aging time Set to 300 seconds. MAC locking Disabled (globally and on all ports). Management Authentication Notification Enabled MTU discovery protocol Enabled.
Startup and General Configuration Summary Table 2-1 2-4 Default Device Settings for Basic Switch Operation (continued) Device Feature Default Setting Spanning Tree edge port delay Enabled. Spanning Tree forward delay Set to 15 seconds. Spanning Tree hello interval Set to 2 seconds. Spanning Tree ID (SID) Set to 0. Spanning Tree legacy path cost Disabled. Spanning Tree maximum aging time Set to 20 seconds. Spanning Tree point-topoint Set to auto for all Spanning Tree ports.
Startup and General Configuration Summary Table 2-1 Default Device Settings for Basic Switch Operation (continued) Device Feature Default Setting VLAN ID All ports use a VLAN identifier of 1. WebView (HTTP) Enabled on TCP port 80. Table 2-2 Default Device Settings for Router Mode Operation Device Feature Default Setting Access groups (IP security) None configured. Access lists (IP security) None configured. Area authentication (OSPF) Disabled. Area default cost (OSPF) Set to 1.
Startup and General Configuration Summary Table 2-2 Default Device Settings for Router Mode Operation (continued) Device Feature Default Setting OSPF priority Set to 1. Passive interfaces (RIP) None configured. Proxy ARP Enabled on all interfaces. Receive interfaces (RIP) Enabled on all interfaces. Retransmit delay (OSPF) Set to 1 second. Retransmit interval (OSPF) Set to 5 seconds. RIP receive version Set to accept both version 1 and version 2. RIP send version Set to version 1.
Startup and General Configuration Summary Note: Depending on which Matrix Series device you are using, your default command prompt may be different than the examples shown. Using WebView By default WebView (Enterasys Networks’ embedded web server for device configuration and management tasks) is enabled on TCP port number 80 of the Matrix Series device. You can verify WebView status, enable or disable WebView, and reset the WebView port as described in the following section.
Startup and General Configuration Summary Logging in with a Default User Account If this is the first time your are logging in to the Matrix Series device, or if the default user accounts have not been administratively changed, proceed as follows: 1. At the login prompt, enter one of the following default user names: – ro for Read‐Only access, – rw for Read‐Write access. – admin for Super User access. 2. Press ENTER. The Password prompt displays. 3. Leave this string blank and press ENTER.
Startup and General Configuration Summary Command Line Interface Enterasys Networks, Inc. 50 Minuteman Rd. Andover, MA 01810-1008 U.S.A. Phone: +1 978 684 1000 E-mail: support@enterasys.com WWW: http://www.enterasys.com (c) Copyright Enterasys Networks, Inc. 2005 ModuleChassis Serial Number: 1234567 ModuleChassis Firmware Revision: 05.11.
Startup and General Configuration Summary notifyprofile SNMP notify profile configuration targetaddr SNMP target address configuration targetparams SNMP target parameters configuration user SNMP USM user configuration view SNMP VACM view tree configuration Matrix(rw)->show snmp Matrix(rw)->show snmp user ? list List usernames User name remote Show users with remote SNMP engine ID volatile Show temporary entries nonvolatile Show permanent entries read-only Show r/o entries
Startup and General Configuration Summary 00-00-02-00-00-01 1 fe.1.3 learned 00-00-02-00-00-02 1 fe.1.4 learned 00-00-02-00-00-03 1 fe.1.5 learned 00-00-02-00-00-04 1 fe.1.6 learned 00-00-02-00-00-05 1 fe.1.7 learned 00-00-02-00-00-06 1 fe.1.8 learned 00-00-02-00-00-07 1 fe.1.9 learned 00-00-02-00-00-08 1 fe.1.
Startup and General Configuration Summary and vi commands. Use the set line‐editor command (“set line‐editor” on page 2‐14) to change the line‐editor mode. Figure 2-7 2-12 Basic Line Editing Emacs & vi Commands Key Sequence Emacs Command Ctrl+A Move cursor to beginning of line. Ctrl+B Move cursor back one character. Ctrl+C Abort command. Ctrl+D Delete a character. Ctrl+E Move cursor to end of line. Ctrl+F Move cursor forward one character. Ctrl+H Delete character to left of cursor.
show line-editor Startup and General Configuration Summary Figure 2-7 Basic Line Editing Emacs & vi Commands (continued) Key Sequence Emacs Command I Insert at beginning of line R Type over characters nrc Replace the following n characters with c nx Delete n characters starting at cursor nX Delete n characters to the left of the cursor d SPACE Delete character dl Delete character dw Delete word dd Delete entire line d$ Delete everything from cursor to end of line D Same as “d$” p
Startup and General Configuration Summary set line-editor Example This example shows how to view the current and default line‐editor mode and Delete mode: Matrix(rw)->show line-editor Current Line-Editor mode is set to: EMACS Default Line-Editor mode is set to: Default Current DEL mode is set to: delete System DEL mode is set to: delete set line-editor Use this command to set the current and default line editing mode or the way the Delete character is treated by the line editor.
show system login Setting User Accounts and Passwords Setting User Accounts and Passwords Purpose To change the device’s default user login and password settings, and to add new user accounts and passwords. Commands For information about... Refer to page...
Setting User Accounts and Passwords set system login admin super-user enabled no ***access always allowed*** bar read-only enabled yes 00:00 24:00 Sun Sat foo read-write enabled no 08:00 17:00 Mon Tue Wed Thu Fri ro read-only enabled no ***access always allowed*** rw read-write enabled no ***access always allowed*** Table 2‐3 provides an explanation of the command output. Table 2-3 show system login Output Details Output... What it displays...
clear system login Setting User Accounts and Passwords password password (Optional) Specifies the encrypted password for this user account. NOTE: This option is intended only for use in configurations generated by the show config command. allowed‐interval HH:MM HH:MM (Optional) Specifies the start and end hour HH and minute MM time period for which access will be allowed for this user based upon 24 hour time.
Setting User Accounts and Passwords set password allowed‐days (Optional) When specified, the configured allowed days setting is reset to the default value. local‐only (Optional) When specified, the configured local only setting is reset to the default value. Defaults The account is removed if no optional parameters are entered. Mode Switch command, Super User.
show system password Setting User Accounts and Passwords The admin password can be reset by toggling dip switch 8 on the device as described in your Matrix Series Installation Guide. Examples This example shows how a super‐user would change the Read‐Write password from the system default (blank string): Matrix(su)->set password rw Please enter new password: ******** Please re-enter new password: ******** Password changed.
Setting User Accounts and Passwords set system password Numeric: 0 Special: 0 Password assignment required at account creation : no Allow multiple accounts to share same password : yes Length of substrings in previous password(s) not allowed in new password: 0 Allow the same character to appear consecutively in a password : yes Require non-superusers to change password at first login : no Minimum interval between password changes by non-superusers : 0 minutes set system password Use this command
set system password Setting User Accounts and Passwords require‐at‐creation Specifies whether a password is required at the time of user account creation: • yes ‐ Password is required when creating a user account • no ‐ Password is not required when creating a user account allow‐duplicates Specifies whether multiple accounts can share the same password: • yes ‐ Specifies that multiple accounts may share the same password • no ‐ Specifies that multiple accounts may not share the same password substring
Setting User Accounts and Passwords clear system password If the require‐at‐creation option is enabled, the set system login command will interactively prompt for a cleartext password upon creation of a new user account. It will be as if a set password username command was implicitly executed. The new account will not be successfully created until a valid password has been specified.
show system lockout Setting User Accounts and Passwords allow‐duplicates Specifies that the option controlling whether multiple accounts can share the same password be set to the default value. substring‐match‐ len #ofChars Specifies that the length of any substring present in a previous password(s) for this account that may not be used in a new password be set to the default value.
Setting User Accounts and Passwords set system lockout Table 2‐4 provides an explanation of the command output. These settings are configured with the set system lockout command (“set system lockout” on page 2‐24). Table 2-4 show system lockout Output Details Output... What it displays... Unsuccessful login attempts Number of failed login attempts allowed before a read-write or readonly user’s account will be disabled.
set system lockout Setting User Accounts and Passwords Example This example shows how to set login attempts to 5 and lockout time to 30 minutes and the inactivity timer to 60 days: Matrix(su)->set system lockout attempts 5 time 30 inactive 60 Enterasys Matrix N Standalone (NSA) Series Configuration Guide 2-25
Managing the Management Authentication Notification MIB show mgmt-auth-notify Managing the Management Authentication Notification MIB Purpose This MIB provides controls for enabling/disabling the sending of SNMP notifications when a user login authentication event occurs for various management access types. The types of access currently supported by the MIB include console, telnet, ssh, and web.
set mgmt-auth-notify Managing the Management Authentication Notification MIB ssh enabled telnet enabled web enabled set mgmt-auth-notify Use this command to either enable or disable the Management Authentication Notification MIB. By selecting the optional Management access type, a user can specifically enable or disable a single access type, multiple access types or all of the access types. The default setting is that all Management Authentication Notification types are enabled.
Managing the Management Authentication Notification MIB clear mgmt-auth-notify This example shows how to set only the console and telnet authentication access types to be enabled on the Management Authentication Notification MIB. That information is then displayed with the show command.
clear mgmt-auth-notify Managing the Management Authentication Notification MIB Matrix(su)->clear mgmt-auth-notify Matrix(su)->show mgmt-auth-notify Management Type Status --------------- -------- console enabled ssh enabled telnet enabled web enabled Enterasys Matrix N Standalone (NSA) Series Configuration Guide 2-29
Setting Basic Device Properties clear mgmt-auth-notify Setting Basic Device Properties Important Notice Module, slot, and certain other hardware-based parameters in the Matrix N Series Standalone (NSA) CLI support only chassis based N Series devices, such as the N7, N5, N3 or N1. Executing commands in the NSA CLI with modular parameters not supported by the standalone will result in an error message.
show ip address Setting Basic Device Properties For information about... Refer to page... show version 2-48 set system name 2-50 set system location 2-50 set system contact 2-51 set width 2-51 set length 2-52 show logout 2-52 set logout 2-53 show physical alias 2-53 set physical alias 2-54 clear physical alias 2-55 show physical assetid 2-56 set physical assetid 2-56 clear physical assetid 2-57 show ip address Use this command to display the system IP address and subnet mask.
Setting Basic Device Properties set ip address set ip address Use this command to set the system IP address, subnet mask and default gateway. Syntax set ip address ip-address [mask ip-mask] [gateway ip-gateway] Parameters ip‐address Sets the IP address for the system. mask ip‐mask (Optional) Sets the system’s subnet mask. gateway ip‐gateway (Optional) Sets the system’s default gateway (next‐hop device).
show ip gratuitous-arp Setting Basic Device Properties show ip gratuitous-arp Use this command to display the gratuitous ARP processing behavior. Syntax show ip gratuitous-arp Parameters None. Defaults None. Mode Switch command, Read‐Only. Example This example shows how to display the IP gratuitous‐arp process for both requests and replies. Matrix(rw)‐>show ip gratuitous‐arp Processing gratuitous ARP requests and replies.
Setting Basic Device Properties clear ip gratuitous-arp clear ip gratuitous-arp Use this command to stop all gratuitous ARP processing. Syntax clear ip gratuitous-arp Parameters None. Defaults None. Mode Switch command, Read‐Write. Example This example shows how to clear the gratuitous‐arp processing: Matrix(rw)->clear ip gratuitous-arp show system Use this command to display system information, including contact information, power and fan tray status and uptime.
show system hardware Setting Basic Device Properties ok not installed Fan1-Status ------------ok Temp-Alarm Uptime d,h:m:s Logout ------------- -------------- ------------- off 0,19:40:00 PS1-Type PS2-Type ------------- ------------- 6C207-1 not installed 10 min Table 2‐5 provides an explanation of the command output. Table 2-5 Show System Output Display Output... What it displays... System contact Contact person for the system.
Setting Basic Device Properties show system hardware Defaults None. Mode Switch command, Read‐Only. Example The following example shows a portion of the information displayed with the show system hardware command. Note: Depending on the hardware configuration of your Matrix system, your output will vary from the example shown.
show system utilization Setting Basic Device Properties Revision: 1.0 FABRIC CHIP 0 1 1.0 1.0 0 1 2 Block ID: 0 1 3 Revision: 1.50/150 1.50/150 1.
Setting Basic Device Properties show system utilization --------------------------------------------------1 1 3.6% 3.0% 3.0% Process Utilization: Slot: 1 CPU: 1 Name ProcID 5 sec 1 min 5 min ------------------------------------------------------------ 2-38 CLI 1 0.0% 0.0% 0.0% Chassis Data Synchronization 2 0.0% 0.0% 0.0% Connection Maintenance 3 1.0% 0.5% 0.5% Hardware Maintenece 4 0.0% 0.0% 0.0% Image & Config Management 5 0.0% 0.0% 0.
set system utilization threshold Setting Basic Device Properties Name ProcID 5 sec 1 min 5 min -----------------------------------------------------------Switch Web Server 34 1.4% 1.4% 1.4% Router Misc. 35 0.0% 0.0% 0.0% Router Multicast 36 0.0% 0.0% 0.0% Router Control Plane 37 0.0% 0.0% 0.0% Router IP 38 0.0% 0.0% 0.0% Router DHCPS 39 0.0% 0.0% 0.0% Router OSPF 40 0.0% 0.0% 0.0% Router RIP 41 0.0% 0.0% 0.0% Router VRRP 42 0.0% 0.0% 0.
Setting Basic Device Properties clear system utilization Mode Switch command, Read‐Write. Usage The value range is [1..1000] and represents the % of system utilization to use as the trap threshold. Example This example shows how to set the system utilization threshold to 100%: Matrix(rw)->set system utilization threshold 1000 clear system utilization Use this command to clear the threshold for sending CPU utilization notification messages. Syntax clear system utilization Parameters None.
set time Setting Basic Device Properties Example This example shows how to display the current time. The output shows the day of the week, month, day, and the time of day in hours, minutes, and seconds and the year: Matrix(rw)->show time THU SEP 05 09:21:57 2002 set time Use this command to change the time of day on the system clock.
Setting Basic Device Properties set summertime Example This example shows how to display daylight savings time settings: Matrix(rw)->show summertime Summertime is disabled and set to '' Start : SUN MAR 11 02:00:00 2007 End : SUN NOV 04 02:00:00 2007 Offset: 60 minutes (1 hours 0 minutes) Recurring: yes, starting at 2:00 of the second Sunday of March and ending at 2:00 of the first Sunday of November set summertime Use this command to enable or disable the daylight savings time function.
set summertime recurring Setting Basic Device Properties start_year Specifies the year to start daylight savings time. start_hr_min Specifies the time of day to start daylight savings time. Format is hh:mm. end_month Specifies the month of the year to end daylight savings time. end_date Specifies the day of the month to end daylight savings time. end_year Specifies the year to end daylight savings time. end_hr_min Specifies the time of day to end daylight savings time. Format is hh:mm.
Setting Basic Device Properties clear summertime end_hr_min Specifies the time of day to end daylight savings time. Format is hh:mm. offset_minutes (Optional) Specifies the amount of time in minutes to offset daylight savings time from the non‐daylight savings time system setting. Valid values are 1 ‐ 1440. Defaults If an offset is not specified, none will be applied. Mode Switch command, Read‐Write.
set prompt Setting Basic Device Properties set prompt Use this command to modify the command prompt. Syntax set prompt “prompt_string” Parameters prompt_string Specifies a text string for the command prompt. Note: A prompt string containing a space in the text must be enclosed in quotes as shown in the example below. Defaults None. Mode Switch command, Read‐Write.
Setting Basic Device Properties loop loop Use this command to execute a command loop. Syntax loop count [delay] [-r] Parameters count Specifies the number of times to loop. A value of 0 will make the command loop forever. delay (Optional) Specifies the number of seconds to delay between executions. ‐r (Optional) Refreshes the cursor to the home position on the screen. Defaults • If a delay is not specified, none will be set. • If not specified, the cursor will not refresh.
set banner Setting Basic Device Properties -- Kirk, "Metamorphosis", stardate 3219.8 set banner Use this command to set the banner message for pre and post session login. Syntax set banner {login message | motd message} Parameters login message Specifies a message displayed pre session login. This is a text string that can be formatted with tabs (\t) and new line escape (\n) characters. The \t tabs will be converted into 8 spaces in the banner output.
Setting Basic Device Properties clear banner clear banner Use this command to clear the banner message displayed at pre and post session login to a blank string. Syntax clear banner {login | motd} Parameters None. Defaults None. Mode Switch command, Read‐Write. Example This example shows how to clear the post session message of the day banner to a blank string: Matrix(rw)->clear banner motd show version Use this command to display hardware and firmware information.
show version Setting Basic Device Properties Bp: 01.00.10 Fw: 05.01.56 2 7G4202-30 GR-A13 Hw: 0 Bp: 01.00.05 Fw: 05.01.56 3 7G4202-30 gr-a5 Hw: 0 Bp: 01.00.10 Fw: 05.01.56 4 7G4202-30 GR-R18 Hw: 0 Bp: 01.00.05 Fw: 05.01.56 5 7K4290-02 040802623111 Hw: 2 Bp: 01.00.15 Fw: 05.01.56 6 7H4382-49 TRI_RA110 Hw: 3 Bp: 01.00.10 Fw: 05.01.56 7 7H4203-72 CP-22 Hw: 0 Bp: 01.00.09 Fw: 05.01.561 041405833244 4G4202-60 Hw: 0 Bp: 01.00.15 Fw: 05.01.57 2 4H4282-49 03320004320A Hw: 0 Bp: 01.
Setting Basic Device Properties set system name set system name Use this command to configure a name for the system. Syntax set system name [string] Parameters string (Optional) Specifies a text string that identifies the system. Note: A name string containing a space in the text must be enclosed in quotes as shown in the example below. Defaults If string is not specified, the system name will be cleared. Mode Switch command, Read‐Write.
set system contact Setting Basic Device Properties set system contact Use this command to identify a contact person for the system. Syntax set system contact [string] Parameters string (Optional) Specifies a text string that contains the name of the person to contact for system administration. Note: A contact string containing a space in the text must be enclosed in quotes as shown in the example below. Defaults If string is not specified, the contact name will be cleared.
Setting Basic Device Properties set length set length Use this command to set the number of lines the CLI will display. Syntax set length screenlength Parameters screenlength Sets the number of lines in the CLI display. Valid values are 0, which disables the scrolling screen feature described in “Displaying Scrolling Screens” on page 2‐10, and from 5 to 512. Defaults None. Mode Switch command, Read‐Write.
set logout Setting Basic Device Properties set logout Use this command to set the time (in minutes) an idle console or Telnet CLI session will remain connected before timing out. Syntax set logout timeout Parameters timeout Sets the number of minutes the system will remain idle before timing out. Defaults None. Mode Switch command, Read‐Write.
Setting Basic Device Properties set physical alias fan‐slot (Optional) Displays an alias for the fan tray’s slot. port‐string port‐string (Optional) Displays the alias set for a specified port‐string. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. Defaults If no parameters are specified, all physical alias information will be displayed. Mode Switch command, Read‐Only.
clear physical alias Setting Basic Device Properties Important Notice Module, slot, and certain other hardware-based parameters in the Matrix N Series Standalone (NSA) CLI support only chassis based N Series devices, such as the N7, N5, N3 or N1. Executing commands in the NSA CLI with modular parameters not supported by the standalone will result in an error message. Defaults If string is not specified, the alias of the type specified will be cleared. Mode Switch command, Read‐Write.
Setting Basic Device Properties show physical assetid show physical assetid Use this command to display the asset ID for a module. Syntax show physical assetid module module Parameters module module Specifies the module for which to display an asset ID. Defaults None. Mode Switch command, Read‐Only. Example This example shows how to display asset ID information for module 1.
clear physical assetid Setting Basic Device Properties Example This example shows how to set the asset ID information for module 1 to “dfe1”: Matrix(rw)->set physical assetid module 1 dfe1 clear physical assetid Use this command to reset the asset ID for a moduleto a zero‐length string. Syntax clear physical assetid module module Parameters module module Specifies the module for which to clear the asset ID. Defaults None. Mode Switch command, Read‐Write.
Activating Licensed Features set license Activating Licensed Features In order to enable advanced features, such as routing protocols, and extended ACLs on a Matrix Series device, you must purchase and activate a license key. If you have purchased a license, you can proceed to activate your license as described in this section. If you wish to purchase a license, contact Enterasys Networks Sales. Purpose To activate and verify licensed features. Commands For information about... Refer to page...
show license Activating Licensed Features show license When available and activated, use this command to display your license key. Syntax show license Parameters None. Defaults None. Mode Switch command, Read‐Write. Example This example shows how to display your license key information: Matrix(rw)->show license advanced abcdefg123456789 clear license Use this command to clear license key settings.
Reviewing and Selecting a Boot Firmware Image clear license Reviewing and Selecting a Boot Firmware Image Downloading a New Firmware Image You can upgrade the operational firmware in the Matrix Series device without physically opening the device or being in the same location. There are three ways to download firmware to the device: • Via FTP download. This procedure uses an FTP server connected to the network and downloads the firmware using the FTP protocol. It is the most robust downloading mechanism.
clear license Reviewing and Selecting a Boot Firmware Image Testing SDRAM.... PASSED. Loading Boot Image: 01.00.02... DONE. Uncompressing Boot Image... DONE. Press any key to enter System Image Loader menu 2. Before the boot up completes, press any key. The following boot menu options screen displays. Options available 1 - Start operational code 2 - Change baud rate 3 - Retrieve event log using XMODEM (64KB).
Reviewing and Selecting a Boot Firmware Image 9. show boot system Set the terminal baud rate back to 9600 and press ENTER. 10. Type setboot filename to set the device to boot to the new firmware image. In this example, the downloaded image file is named “myimage.” The following message displays: [System Image Loader]: setboot myimage Image boot file set to myimage [System Image Loader]: 11. Type boot to reboot the device.
set boot system Reviewing and Selecting a Boot Firmware Image Usage The system must be reset by software for the new boot image to take effect at startup. If the chassis is powered OFF and then back ON, the current active image will just reload at startup. The dir command, as described in “dir” on page 2‐68, displays additional information about boot image files. “Active” indicates the image that is currently running, and “Boot” means indicates the image that is currently scheduled to boot next.
Starting and Configuring Telnet show telnet Starting and Configuring Telnet Purpose To enable or disable Telnet, and to start a Telnet session to a remote host. The Matrix Series device allows a total of four inbound and / or outbound Telnet session to run simultaneously. Commands The commands used to enable, start and configure Telnet are listed below and described in the associated section as shown. For information about... Refer to page...
set telnet Starting and Configuring Telnet set telnet Use this command to enable or disable Telnet on the device. Syntax set telnet {enable | disable}{inbound | outbound | all} Parameters enable | disable Enables or disables Telnet services. inbound | outbound | all Specifies inbound service (the ability to Telnet to this device), outbound service (the ability to Telnet to other devices), or all (both inbound and outbound). Defaults None. Mode Switch command, Read‐Write.
Starting and Configuring Telnet show router telnet Example This example shows how to start a Telnet session to a host at 10.21.42.13: Matrix(rw)->telnet 10.21.42.13 show router telnet Use this command to display the state of Telnet service to the router. Syntax show router telnet Parameters None. Defaults None. Mode Switch command, Read‐Only.
clear router telnet Starting and Configuring Telnet clear router telnet Use this command to reset Telnet service to the router to the default state of disabled. Syntax clear router telnet Parameters None. Defaults None. Mode Switch command, Read‐Write.
Managing Configuration and Image Files dir Managing Configuration and Image Files Matrix Series devices provide a single configuration interface which allows you to perform both switch and router configuration with the same command set. The Matrix Series devices now support a script feature that allows you to execute a previously created script file containing CLI commands, and at the time of execution, enter optional arguments that modify the actions of the commands.
dir Managing Configuration and Image Files Parameters filename (Optional) Specifies the file name or directory to list. Defaults If filename is not specified, all files in the system will be displayed. Mode Switch, Read‐Only. Example This example shows how to list all the files in the system: Matrix(rw)->dir Images: ========================================================= Filename: ets-mtxe7-msi Version: 01.02.
Managing Configuration and Image Files show file Size: 5494579 (bytes) Date: FRI JUL 30 08:50:40 2004 CheckSum: f564c266c3a5907a9f3750dd17db6999 Location: slot1 Compatibility: 7G4202-30, 7G4202-60, 7G4270-09, 7G4270-10, 7G427012, 7G4282-41, 7H4202-72, 7H4203-72, 7H4284-49, 7H4382-25, 7H438249, 7H4383-49, 7H4385-49, 7K4290-02, 2G4072-52 Files: ===================================================== slot1: FEB 24 2004 15:25:24 7060 sample.cfg Table 2‐7 provides an explanation of the command output.
show file Managing Configuration and Image Files Defaults None. Mode Switch, Read‐Only. Example This example (an excerpt of the complete output) shows how to display the contents of the sample.cfg configuration file: Matrix(rw)->show file slot4/sample.
Managing Configuration and Image Files ! # console ! begin ! # ***** NON-DEFAULT CONFIGURATION ***** ! ! ! # SLOT TYPE # ___ ________________ ! # 1 7G4270-12 # 2 # 3 7H4382-49 # 4 7H4382-49 # 5 7H4382-49 # 6 7H4382-49 # 7 7H4382-49 ! ! # Router instance 3 Configuration begin router router enable config t write file exit disable exit end router # arp ! # cdp ! # console ! 2-72 Startup and General Configuration show file
show config Managing Configuration and Image Files show config Use this command to display the system configuration or write the configuration to a file. Syntax show config [all] [facility] [outfile outfile] Parameters all (Optional) Displays default and non‐default configuration settings. facility (Optional) Displays the configuration for a specific facility. outfile outfile (Optional) Specifies a file in which to store the configuration.
Managing Configuration and Image Files configure configure Use this command to execute a previously downloaded configuration file stored on the device. Syntax configure filename [append] Parameters filename Specifies the path and file name of the configuration file to execute. append (Optional) Executes the configuration as an appendage to the current configuration.
delete Managing Configuration and Image Files Usage The Matrix module to which a configuration file is downloaded must have the same hardware configuration as the Matrix module from which it was uploaded. Examples This example shows how to download an image via TFTP: Matrix(rw)->copy tftp://134.141.89.34/ets-mtxe7-msi newimage This example shows how to download an image via Anonymous FTP: Matrix(rw)->copy ftp://134.141.89.
Managing Configuration and Image Files script This example shows how to delete the “010300” image file: Matrix(rw)->delete images/010300 script Use this command to execute a script file. Syntax script filename [arg1] [arg2] [arg3] [arg4] [arg5] [arg6] [arg7] Parameters filename Specifies the local path name to the file. Valid directories are /images and /slotN. arg1 through arg7 Specifies up to seven arguments to the script. Defaults None. Mode Switch, Read‐Write.
script Managing Configuration and Image Files set set set set port port port port vlan fe.1.1 100 modify-egress jumbo enable fe.1.1 disable fe.1.1 lacp port fe.1.1 disabled The converted strings are then executed by the CLI engine and the script command returns.
Enabling or Disabling the Path MTU Discovery Protocol show mtu Enabling or Disabling the Path MTU Discovery Protocol Purpose To enable or disable the path MTU (Maximum Transmission Unit) discovery protocol on the device. Because ports with transmission speeds higher than 100 Mbps are capable of transmitting frames up to a maximum of 10,239 bytes, it is necessary to have the path MTU discovery protocol enabled if jumbo frames are allowed in the network.
set mtu Enabling or Disabling the Path MTU Discovery Protocol set mtu Use this command to disable or re‐enable path MTU discovery protocol on the device. Syntax set mtu {enable | disable} Parameters enable | disable Enables or disables path MTU discovery protocol. Defaults None. Mode Switch command, Read‐Write. Example This example shows how to disable path MTU discovery: Matrix(rw)->set mtu disable clear mtu Use this command to reset the state of the path MTU discovery protocol back to enabled.
Pausing, Clearing and Closing the CLI wait Pausing, Clearing and Closing the CLI Purpose To pause or clear the CLI screen or to close your CLI session. Commands The commands used to pause, clear and close the CLI session are listed below and described in the associated sections as shown. For information about... Refer to page... wait 2-80 cls (clear screen) 2-80 exit | quit 2-81 wait Use this command to pause the CLI for a specified number of seconds before executing the next command.
exit | quit Pausing, Clearing and Closing the CLI Parameters None. Defaults None. Mode Switch command, Read‐Only. Example This example shows how to clear the CLI screen: Matrix(rw)->cls exit | quit Use either of these commands to leave a CLI session. Syntax exit quit Parameters None. Defaults None. Mode Switch command, Read‐Only. Usage By default, device timeout occurs after 15 minutes of user inactivity, automatically closing your CLI session.
Resetting the Device show reset Resetting the Device Purpose To reset one or more device modules, to clear the user‐defined switch and router configuration parameters, or to schedule a system reset in order to load a new boot image. Commands The commands used to reset the device and clear the configuration are listed below and described in the associated sections as shown. For information about... Refer to page...
reset Resetting the Device reset Use this command to reset the device without losing any user‐defined configuration settings or to display information about device resets. Syntax reset {[mod | system | nemcpu {mod.nemcpu}] [cancel]} Parameters mod Specifies a module to be reset. system Resets the system. nemcpu mod.
Resetting the Device reset at reset at Use this command to schedule a system reset at a specific future time. This feature is useful for loading a new boot image. Syntax reset at hh:mm [mm/dd] [reason] Parameters hh:mm Schedules the hour and minute of the reset (using the 24‐hour system). mm/dd (Optional) Schedules the month and day of the reset. reason (Optional) Specifies a reason for the reset.
clear config Resetting the Device Parameters hh:mm Specifies the number of hours and minutes into the future to perform a reset. reason (Optional) Specifies a reason for the reset Defaults If a reason is not specified, none will be applied. Mode Switch command, Read‐Write.
Gathering Technical Support Information show support Gathering Technical Support Information Purpose To gather common technical support information. Command For information about... Refer to page... show support 2-86 show support Use this command to display output for technical support‐related commands. Syntax show support [filename] Parameters filename (Optional) Filename (slotN/name) to save output.
show support Gathering Technical Support Information Example This example shows how to execute the show support command and save the results to slot 1 as a support3.txt file: Matrix(su)->show support slot1/support3.txt Writing output to file.................. Writing 'show config' output..... Writing Message Log output....... Matrix(su)-> There is no display example as the list of commands is quite lengthy.
Preparing the Device for Router Mode show support Preparing the Device for Router Mode Important Notice Startup and general configuration of the Matrix Series device must occur from the switch CLI. For details on how to start the device and configure general platform settings, refer to “Startup and General Configuration Summary” on page 2-1 and “Setting User Accounts and Passwords” on page 2-15.
show support Reviewing and Configuring Routing Table 2-8 Enabling the Switch for Routing To do this task Type this command... At this prompt... For details see... Step 3 Enable global router configuration mode. configure terminal Router: Matrix>Router# “Enabling Router Configuration Modes” on page 2-91 Step 4 Enable interface configuration mode using the interface of the routing module.
Reviewing and Configuring Routing show router show router Use this command to display which module that is currently running routing services. The DFE is a distributed system, which means that even though the protocols are running on a specific module, routing frames is done locally by every module. Syntax show router Parameters None. Defaults None. Mode Switch command, Read‐Write. Example This example shows how to display the module that is currently running routing services.
router Reviewing and Configuring Routing router Use this command to enter router CLI mode. Syntax router Parameters None. Defaults None. Mode Switch command, Read‐Write. Example This example shows how to enable routing on this router: Matrix(su)->router Matrix(rw)->Router> Enabling Router Configuration Modes The Matrix CLI provides different modes of router operation for issuing a subset of commands from each mode. Table 2‐9 describes these modes of operation.
Reviewing and Configuring Routing Table 2-9 2-92 router Router CLI Configuration Modes (continued) Use this mode... To... Access method... Resulting Prompt... Router Configuration Mode Set IP protocol parameters. Type router and the protocol name (and, for OSPF, the instance ID) from Global or Interface Configuration mode. Matrix>router (config-router)# Key Chain Configuration Mode Set protocol (RIP) authentication key parameters.
router Reviewing and Configuring Routing Table 2-9 Router CLI Configuration Modes (continued) Use this mode... To... Access method... Resulting Prompt... DHCP Host Configuration Mode Configure DHCP host parameters. Type client-identifier and the identifier, or hardware-address and an address from any DHCP configuration mode. Matrix>router (config-dhcp-host)# Note: To jump to a lower configuration mode, type exit at the command prompt.
Reviewing and Configuring Routing 2-94 Startup and General Configuration router
3 Discovery Protocols Configuration This chapter describes how to configure the discovery protocols supported by the firmware using CLI commands. For information about... Refer to page... Displaying Neighbors 3-1 Enterasys Discovery Protocol 3-3 Cisco Discovery Protocol 3-8 Link Layer Discovery Protocol and LLDP-MED 3-15 Displaying Neighbors Purpose The show neighbors command displays neighbor discovered by all support discovery protocols. Command For information about... Refer to page...
Displaying Neighbors show neighbors Defaults If port‐string is not specified, all Network Neighbor Discovery information will be displayed. Mode Switch command, Read‐Only. Example This example shows how to display Network Neighbor Discovery information: Matrix(rw)->show neighbors Port Device ID Port ID Type Network Address -------------------------------------------------------------------------------- 3-2 fe.1.27 00-00-1d-83-77-3f 10.21.64.135 cdp 10.21.64.135 fe.1.
show cdp Enterasys Discovery Protocol Enterasys Discovery Protocol Purpose To enable and configure the Enterasys Discovery Protocol (CDP), used to discover network topology. When enabled, CDP allows Enterasys devices to send periodic PDUs about themselves to neighboring devices. Commands For information about... Refer to page...
Enterasys Discovery Protocol set cdp state CDP Authentication Code 0x0 0x0 CDP Transmit Frequency Port : 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0 : 60 Status ----------------fe.1.1 auto-enable fe.1.2 auto-enable fe.1.3 auto-enable fe.1.4 auto-enable fe.1.5 auto-enable fe.1.6 auto-enable fe.1.7 auto-enable fe.1.8 auto-enable fe.1.9 auto-enable Table 3‐1 provides an explanation of the command output. Table 3-1 show cdp Output Details Output... What it displays...
set cdp auth Enterasys Discovery Protocol Parameters auto | disable | enable Auto‐enables, disables or enables the CDP protocol on the specified port(s). In auto‐enable mode, which is the default mode for all ports, a port automatically becomes CDP‐enabled upon receiving its first CDP message. port‐string (Optional) Enables or disables CDP on specific port(s). For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2.
Enterasys Discovery Protocol set cdp interval A device with the default authentication code (16 null characters) will recognize all devices, no matter what their authentication code, and enter them into its CDP neighbor table. Example This example shows how to set the CDP authentication code to 1,2,3,4,5,6,7,8: Matrix(rw)->set cdp auth 1,2,3,4,5,6,7,8 set cdp interval Use this command to set the message interval frequency (in seconds) of the CDP discovery protocol.
clear cdp Enterasys Discovery Protocol Example This example shows how to set CDP hold time to 60 seconds: Matrix(rw)->set cdp hold-time 60 clear cdp Use this command to reset CDP discovery protocol settings to defaults. Syntax clear cdp {[state] [port-state port-string] [interval] [hold-time] [auth-code]} Parameters state (Optional) Resets the global CDP state to auto‐enabled. port‐state port‐string (Optional) Resets the port state on specific port(s) to auto‐enabled.
Cisco Discovery Protocol show ciscodp Cisco Discovery Protocol Purpose To enable and configure the Cisco Discovery Protocol, used to discover network topology. When enabled, the Cisco Discovery Protocol allows Cisco devices to send periodic PDUs about themselves to neighboring devices. The Cisco Discovery Protocol is also used to manage the Cisco module of the Convergence End Points (CEP) IP phone detection function described in “Configuring Convergence End Points (CEP) Phone Detection” on page 25‐39.
show ciscodp port info Cisco Discovery Protocol Device ID : 00E06314BD57 Last Change : WED FEB 08 01:07:45 2006 Table 3‐2 provides an explanation of the command output. Table 3-2 show ciscodp Output Details Output... What it displays... CiscoDP Whether Cisco Discovery Protocol is disabled or enabled globally. Auto indicates that Cisco DP will be globally enabled only if Cisco DP PDUs are received.
Cisco Discovery Protocol set ciscodp status fe.1.1 enabled none untrusted 0 fe.1.2 enabled none untrusted 0 fe.1.3 enabled none untrusted 0 fe.1.4 enabled none untrusted 0 fe.1.5 enabled none untrusted 1 Table 3‐3 provides an explanation of the command output. Table 3-3 show port ciscodp info Output Details Output... What it displays... Port Port designation. State Whether CiscoDP is enabled or disabled on this port.
set ciscodp timer Cisco Discovery Protocol set ciscodp timer Use this command to set the number of seconds between Cisco Discovery Protocol PDU transmissions. Syntax set ciscodp timer time Parameters time Specifies the number of seconds between CiscoDP PDU transmissions. Valid values are 5 ‐ 254. Defaults None. Mode Switch command, Read‐Write.
Cisco Discovery Protocol set ciscodp port set ciscodp port Use this command to set the status, voice VLAN, extended trust mode, and CoS priority for untrusted traffic for the Cisco Discovery Protocol on one or more ports. Syntax set ciscodp port { [status {disable | enable}] [ vvid { | none | dot1p | untagged}] [trust-ext {trusted | untrusted}] [cos-ext value] } Parameters status Sets the CiscoDP port operational status. disable Does not transmit or process CiscoDP PDUs.
clear ciscodp Cisco Discovery Protocol • A Cisco DP port trust status of trusted or untrusted is only meaningful when a Cisco IP phone is connected to a switch port and a PC or other device is connected to the back of the Cisco IP phone. • A Cisco DP port state of trusted or untrusted only affects tagged traffic transmitted by the device connected to the Cisco IP phone. Untagged traffic transmitted by the device connected to the Cisco IP phone is unaffected by this setting.
Cisco Discovery Protocol clear ciscodp cos‐ext Clears the CoS priority for untrusted traffic of the port to 0. port‐string Specifies the port(s) on which status will be set. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. Defaults None. Mode Switch command, Read‐Write.
clear ciscodp Link Layer Discovery Protocol and LLDP-MED Link Layer Discovery Protocol and LLDP-MED The IEEE 802.1AB standard, commonly referred to as the Link Layer Discovery Protocol (LLDP), is described in “IEEE 802.1AB‐2005 Edition, IEEE Standard for Local and Metropolitan Networks: Station and Media Access Control Connectivity Discovery, May 2005.” LLDP‐MED is described in the ANSI TIA Standards document “TIA‐1057‐2006, Link Layer Discovery Protocol for Media Endpoint Devices.
Link Layer Discovery Protocol and LLDP-MED clear ciscodp Step Task Command(s) 1. Configure global system LLDP parameters set lldp tx-interval set lldp hold-multiplier set lldp trap-interval set lldp med-fast-repeat clear lldp 2. Enable/disable specific ports to: • Transmit and process received LLDPDUs • Send LLDP traps • Send LLDP-MED traps set/clear lldp port status set/clear lldp port trap set/clear lldp port med-trap 3.
show lldp Link Layer Discovery Protocol and LLDP-MED For information about... Refer to page... clear lldp 3-34 clear lldp port status 3-34 clear lldp port trap 3-35 clear lldp port med-trap 3-35 clear lldp port location-info 3-36 clear lldp port network-policy 3-36 clear lldp port tx-tlv 3-37 show lldp Use this command to display LLDP configuration information. Syntax show lldp Parameters None. Defaults None. Mode Switch command, Read‐Only.
Link Layer Discovery Protocol and LLDP-MED show lldp port status show lldp port status Use this command to display the LLDP status of one or more ports. Syntax show lldp port status [port-string] Parameters port-string (Optional) Displays LLDP status for one or a range of ports. Defaults If port‐string is not specified, LLDP status information will be displayed for all ports. Mode Switch command, Read‐Only. Usage The command lists the ports that are enabled to send and receive LLDPPDUs.
show lldp port tx-tlv Link Layer Discovery Protocol and LLDP-MED Mode Switch command, Read‐Only. Usage Ports are enabled to send LLDP notifications with the set lldp port trap command and to send LLDP‐MED notifications with the set lldp port med‐trap command. Example This example shows how to display LLDP port trap information for all ports.
Link Layer Discovery Protocol and LLDP-MED show lldp port location-info Desc Name Desc Cap Addr Id Id PHY Aggr Frame Cap Pol Loc PoE ------- ---- ---- ---- --- ---- ---- ---- --- --- ---- ---- --- --- --- --- ge.1.1 * * * * * * slg * * * * * * ge.1.2 * * * * * * slg * * * * * * ge.1.3 * * * * * * slg * * * * * * show lldp port location-info Use this command to display configured location information for one or more ports.
show lldp port local-info Link Layer Discovery Protocol and LLDP-MED Parameters port-string (Optional) Displays local system information for one or a range of ports. Defaults If port‐string is not specified, local system information will be displayed for all ports. Mode Switch command, Read‐Only. Usage You can use this information to detect misconfigurations or incompatibilities between the local port and the attached endpoint device (remote port).
Link Layer Discovery Protocol and LLDP-MED Table 3-4 3-22 show lldp port local-info show lldp port local-info Output Details (continued) Output... What it displays... Sys Name Optional basic LLDP TLV. Value is the administratively assigned name for the system. Sys Desc Optional basic LLDP TLV. Value is sysDescr object defined in RFC 3418. Sys Cap Supported/Enabled Optional basic LLDP TLV. System capabilities, value can be bridge and/or router. Auto-Neg Supported/Enabled IEEE 802.
show lldp port remote-info Table 3-4 Link Layer Discovery Protocol and LLDP-MED show lldp port local-info Output Details (continued) Output... What it displays... PoE Pair Controllable/Used IEEE 802.3 Extensions Power via MDI TLV. Displayed only when a port has PoE capabilities. Indicates whether pair selection can be controlled on the given port (refer to RFC 3621). Value for Controllable can be true or false.
Link Layer Discovery Protocol and LLDP-MED Mgmt Addr : 0.0.0.0 Chassis ID : 0.0.0.
show lldp port network-policy Link Layer Discovery Protocol and LLDP-MED Parameters all Displays information about all network policy applications. voice Displays information about only the voice application type. voice‐signaling Displays information about only the voice signaling application type. guest‐voice Displays information about only the guest voice application type. guest‐voice‐signaling Displays information about only the guest voice signaling application type.
Link Layer Discovery Protocol and LLDP-MED set lldp tx-interval set lldp tx-interval Use this command to set the time, in seconds, between successive LLDP frame transmissions initiated by changes in the LLDP local system information. Syntax set lldp tx-interval frequency Parameters frequency Specifies the number of seconds between transmissions of LLDP frames. Value can range from 5 to 32,768 seconds. The default is 30 seconds. Defaults None. Mode Switch command, Read‐Write.
set lldp trap-interval Link Layer Discovery Protocol and LLDP-MED Example This example sets the transmit interval to 20 seconds and the hold multiplier to 5, which will configure a time‐to‐live of 100 to be used in the TTL field in the LLDPDU header. Matrix(rw)->set lldp tx-interval 20 Matrix(rw)->set lldp hold-multiplier 5 set lldp trap-interval Use this command to set the minimum interval between LLDP notifications sent by this device.
Link Layer Discovery Protocol and LLDP-MED set lldp port status Mode Switch command, Read‐Write. Usage When an LLDP‐MED endpoint device has connected to a port, the network connectivity device starts sending LLDP‐MED TLVs at a fast start rate on that port. Use this command to set the number of successive LLDPDUs (with LLDP‐MED TLVs) to be sent for one complete fast start interval. Example This example sets the number of fast start LLDPDUs to be sent to 4.
set lldp port trap Link Layer Discovery Protocol and LLDP-MED set lldp port trap Use this command to enable or disable sending LLDP notifications (traps) when a remote system change is detected. Syntax set lldp port trap {enable | disable} port-string Parameters enable Enables transmitting LLDP traps on the specified ports. disable Disables transmitting LLDP traps on the specified ports. port-string Specifies the port or range of ports to be affected. Defaults None.
Link Layer Discovery Protocol and LLDP-MED set lldp port location-info Example This example enables transmitting LLDP‐MED traps on ports ge.1.1 through ge.1.6. Matrix(rw)->set lldp port med-trap enable ge.1.1-6 set lldp port location-info Use this command to configure LLDP‐MED location information on a port or range of ports. Currently, only Emergency Call Services (ECS) Emergency Location Identification Number (ELIN) is supported.
set lldp port tx-tlv Link Layer Discovery Protocol and LLDP-MED Parameters all Add all optional TLVs to transmitted LLDPDUs. port‐desc Port Description optional basic LLDP TLV. Value sent is ifDescr object defined in RFC 2863. sys‐name System Name optional basic LLDP TLV. Value sent is the administratively assigned name for the system. sys‐desc System Description optional basic LLDP TLV. Value sent is sysDescr object defined in RFC 3418. sys‐cap System Capabilities optional basic LLDP TLV.
Link Layer Discovery Protocol and LLDP-MED set lldp port network-policy med‐poe LLDP‐MED Extended Power via MDI TLV. Values sent include the Power Limit (total power the port is capable of sourcing over a maximum length cable) and the power priority configured on the port. Only valid for PoE‐enabled ports. port-string Specifies the port or range of ports to be affected. Defaults None. Mode Switch command, Read‐Write.
set lldp port network-policy state enable | disable Link Layer Discovery Protocol and LLDP-MED (Optional) Enables or disables advertising the application information being configured. tag tagged | untagged (Optional) Indicates whether the application being configured is using a tagged or untagged VLAN. If untagged, both the VLAN ID and the CoS priority fields are ignored and only the DSCP value has relevance. vid vlan‐id | dot1p (Optional) VLAN identifier for the port.
Link Layer Discovery Protocol and LLDP-MED clear lldp clear lldp Use this command to return LLDP parameters to their default values. Syntax clear lldp {all | tx-interval | hold-multipler | trap-interval | med-fast-repeat} Parameters all Returns all LLDP configuration parameters to their default values, including port LLDP configuration parameters. tx‐interval Returns the number of seconds between transmissions of LLDP frames.to the default of 30 seconds.
clear lldp port trap Link Layer Discovery Protocol and LLDP-MED Example This example returns port ge.1.1 to the default state of enabled for both transmitting and processing received LLDPDUs. Matrix(rw)->clear lldp port status ge.1.1 clear lldp port trap Use this command to return the port LLDP trap setting to the default value of disabled. Syntax clear lldp port trap port-string Parameters port-string Specifies the port or range of ports to be affected. Defaults None.
Link Layer Discovery Protocol and LLDP-MED clear lldp port location-info clear lldp port location-info Use this command to return the port ECS ELIN location setting to the default value of null. Syntax clear lldp port location-info elin port-string Parameters elin Specifies that the ECS ELIN location information value should be cleared. port-string Specifies the port or range of ports to be affected. Defaults None. Mode Switch command, Read‐write.
clear lldp port tx-tlv Link Layer Discovery Protocol and LLDP-MED tag (Optional) Clear the tag value of the application being configured to untagged. vid (Optional) Clear the VLAN identifier for the port to the default value of 1. cos (Optional) Clear the Layer 2 priority to be used for the application being configured to the default value of 0. (A value of 0 represents use of the default priority as defined in IEEE 802.1D.
Link Layer Discovery Protocol and LLDP-MED clear lldp port tx-tlv vlan‐id Disables the Port VLAN ID IEEE 802.1 Extensions TLV from being transmitted in LLDPDUs. stp Disables the Spanning Tree information defined by Protocol Identity IEEE 802.1 Extensions TLV from being transmitted in LLDPDUs. lacp Disables the LACP information defined by Protocol Identity IEEE 802.1 Extensions TLV from being transmitted in LLDPDUs. gvrp Disables the GVRP information defined by Protocol Identity IEEE 802.
4 Port Configuration This chapter describes the Port Configuration set of commands and how to use them. Important Notice CLI examples in this guide illustrate a generic Matrix command prompt . Depending on which Matrix Series device you are using, your default command prompt and output may be different than the examples shown. For information about... Refer to page...
Port Configuration Summary N Series Standalone Switch Ports The N12G4072‐52 standalone device provides the following types of switch port connections: • Forty eight fixed RJ45 10/100/1000 Mbps 1000BASE‐T Fast Ethernet copper ports • Four SFP slots that provide the option of installing Small Form Pluggable (SFP) Mini‐GBICs for 1000BASE‐T compliant copper connections or 1000BASE‐SX\LX fiber‐optic connections.
Setting Console Port Properties fe.1.1,fe.1.3,fe.1.7-10 tg.3.1 This example shows the port‐string syntax for specifying all 1‐Gigabit Ethernet ports in the standalone device. ge.3.* tg.*.* This example shows the port‐string syntax for specifying all ports (of any interface type) in the standalone device *.*.* Setting Console Port Properties Purpose To review and set parameters for one or more of the device’s console ports, including baud rate, auto baud detection, stopbits and parity.
Setting Console Port Properties show console show console Use this command to display properties set for one or more console ports. Syntax show console [port-string] Parameters port‐string (Optional) Displays properties for specific console port(s) Defaults If port‐string is not specified, properties for all console ports will be displayed. Mode Switch command, Read‐Only. Example This example shows how to display properties for console port com.1.1: Matrix(rw)->show console com.1.
show console baud Setting Console Port Properties show console baud Use this command to display the baud rate for one or more console ports. Syntax show console baud [port-string] Parameters port‐string (Optional) Displays baud rate for specific console port(s). Defaults If port‐string is not specified, baud rate for all console ports will be displayed. Mode Switch command, Read‐Only. Example This example shows how to display the baud rate for console port com.1.1: Matrix(rw)->show console baud com.
Setting Console Port Properties clear console baud clear console baud Use this command to clear the baud rate for one or more console ports. Syntax clear console baud [port-string] Parameters port‐string (Optional) Clears baud rate for specific port(s). Defaults If port‐string is not specified, baud rate will be cleared for all console ports. Mode Switch command, Read‐Write. Example This example shows how to clear the baud rate on console port com.1.1: Matrix(rw)->clear console baud com.1.
set console flowcontrol Setting Console Port Properties set console flowcontrol Use this command to set the type of flow control for one or more console ports. Syntax set console flowcontrol {none | ctsrts | dsrdtr} [port-string] Parameters none Disables all hardware flow control. ctsrts Enables CTS/RTS (Clear to Send/Request to Send) hardware flow control. dsrdtr Enables DSR/DTR (Data Set Ready/Data Terminal Ready) hardware flow control.
Setting Console Port Properties show console bits show console bits Use this command to display the number of bits per character set for one or more console ports. Syntax show console bits [port-string] Parameters port‐string (Optional) Displays the bits per character setting for specific console port(s). Defaults If port‐string is not specified, the bits per character setting for all console ports will be displayed. Mode Switch command, Read‐Only.
clear console bits Setting Console Port Properties clear console bits Use this command to clear the number of bits per character for one or more console ports. Syntax clear console bits [port-string] Parameters port‐string (Optional) Clears bits per character for specific console port(s). Defaults If port‐string is not specified, bits per character will be cleared for all console ports. Mode Switch command, Read‐Write. Example This example shows how to clear bits per character for console port com.
Setting Console Port Properties set console stopbits set console stopbits Use this command to set the stop bits per character for one or more console ports. Syntax set console stopbits {one | oneandhalf | two} [port-string] Parameters one | oneandhalf | two Sets stop bits per character to 1, 1.5 or 2. port‐string (Optional) Sets stop bits for specific console port(s). Defaults If port‐string is not specified, stop bits per character will be set for all console ports.
show console parity Setting Console Port Properties show console parity Use this command to display the type of parity checking set for one or more console ports. Syntax show console parity [port-string] Parameters port‐string (Optional) Displays parity type for specific console port(s). Defaults If port‐string is not specified, parity type for all console ports will be displayed. Mode Switch command, Read‐Only. Example This example shows how to display parity type for console port com.1.
Setting Console Port Properties clear console parity Example This example shows how to enable even parity checking on console port com.1.1: Matrix(rw)->set console parity even com.1.1 clear console parity Use this command to clear the parity type for one or more console ports. Syntax clear console parity [port-string] Parameters port‐string (Optional) Clears the parity type for specific console port(s). Defaults If port‐string is not specified, parity type will be cleared for all console ports.
show port Reviewing Port Status Reviewing Port Status Purpose To display operating status, duplex mode, speed, port type, and statistical information about traffic received and transmitted through one or all switch ports on the device. Commands The commands used to review port status are listed below and described in the associated sections as shown. For information about... Refer to page...
Reviewing Port Status show port status show port status Use this command to display operating and admin status, speed, duplex mode and port type for one or more ports on the device. Syntax show port status [port-string] [-interesting] Parameters port‐string (Optional) Displays status for specific port(s). For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2.
show port counters Reviewing Port Status Table 4-1 show port status Output Details Output... What it displays... Duplex Duplex mode (half or full) of the specified port. For details on using the set port duplex command to change defaults, refer to “Setting AutoNegotiation and Advertised Ability” on page 4-30. Type Physical port and interface type. show port counters Use this command to display port counter statistics detailing traffic through the device and through all MIB2 network devices.
Reviewing Port Status show port counters In Broadcast Pkts 0 In Discards 0 In Errors 0 In Unknown Protocol 0 Out Octets 0 Out Unicasts Pkts 0 Out Multicast Pkts 0 Out Broadcast Pkts 0 Out Errors 0 Out Queue Length 256 802.1Q Switch Counters ---------------------Frames Received 0 Frames Transmitted 0 Frames Filtered 0 This example shows how to display all fe.3.1 port counter statistics related to traffic through the device. Matrix(rw)->show port counters fe.3.1 switch Port: fe.3.
show port operstatuscause Reviewing Port Status show port operstatuscause Use this command to display the causes configured to place operating status to a down or dormant state for one or more ports. Syntax show port operstatuscause [port-string] [any] [modifiable][admin] [linkloss] [linkflap] [self] [init] [flowlimit] [policy] [cos] [dot1x] [lag] Parameters port‐string (Optional) Displays causes for specific port(s).
Reviewing Port Status clear port operstatuscause Example This example shows how to display operation status causes for ports ge.1.1 through 6. In this case, port ge.1.6 is down due to a link loss: Matrix(rw)->show port operstatuscause ge.1.1-6 +------------------------------+ Port | A L L | D L F S I F D | O | | M O L E N L P C T L | | I S A L I O O O 1 A | | N S P F T W L S X G | ----------+------------------------------+ ge.1.1 | . . . . . . . . . .
clear port operstatuscause Reviewing Port Status Example This example shows how to override all operational causes on all ports: Matrix(rw)->clear port operstatuscause Enterasys Matrix N Standalone (NSA) Series Configuration Guide 4-19
Disabling / Enabling and Naming Ports set port disable Disabling / Enabling and Naming Ports Purpose To disable and re‐enable one or more ports, and to assign an alias to a port. By default, all ports are enabled at device startup. You may want to disable ports for security or to troubleshoot network issues. Commands For information about... Refer to page...
set port enable Disabling / Enabling and Naming Ports set port enable Use this command to administratively enable one or more ports. Syntax set port enable port-string Parameters port-string Specifies the port(s) to enable. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. Defaults None. Mode Switch command, Read‐Write. Example This example shows how to enable Fast Ethernet port 3 in port group 1: Matrix(rw)->set port enable fe.1.
Disabling / Enabling and Naming Ports set port alias set port alias Use this command to assign an alias name to a port. Syntax set port alias port-string [string] Parameters port-string Specifies the port to which an alias will be assigned. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. string (Optional) Assigns a text string name to the port. Defaults If string is not specified, the alias assigned to the port will be cleared.
set forcelinkdown Disabling / Enabling and Naming Ports set forcelinkdown Use this command to enable or disable the force link down function. When enabled, this forces ports in the “operstatus down” state to become disabled. Syntax set forcelinkdown {enable | disable} Parameters enable | disable Enables or disables the force link down function on all ports. Defaults None. Mode Switch command, Read‐Write.
Setting Speed and Duplex Mode show port speed Setting Speed and Duplex Mode Purpose To review and set the operational speed in Mbps and the default duplex mode: Half, for half duplex, or Full, for full duplex for one or more ports. Note: These settings only take effect on ports that have auto-negotiation disabled. Commands For information about... Refer to page...
set port speed Setting Speed and Duplex Mode set port speed Use this command to set the default speed of one or more ports. This setting only takes effect on ports that have auto‐negotiation disabled. Syntax set port speed port-string {10 | 100 | 1000} Parameters port‐string Specifies the port(s) for which to a speed value will be set. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. 10 | 100 | 1000 Specifies the port speed.
Setting Speed and Duplex Mode set port duplex Example This example shows how to display the default duplex setting for 1‐Gigabit Ethernet port 14 in port group 3: Matrix(rw)->show port duplex ge.3.14 default duplex mode is full on port ge.3.14. set port duplex Use this command to set the default duplex type for one or more ports. Syntax set port duplex port-string {full | half} Parameters port‐string Specifies the port(s) for which duplex type will be set.
show port jumbo Enabling / Disabling Jumbo Frame Support Enabling / Disabling Jumbo Frame Support Purpose To review, enable, and disable jumbo frame support on one or more ports. This allows Gigabit Ethernet ports to transmit frames up to 10 KB in size. Commands For information about... Refer to page...
Enabling / Disabling Jumbo Frame Support set port jumbo set port jumbo Use this command to enable or disable jumbo frame support on one or more ports. Syntax set port jumbo {enable | disable} [port-string] Parameters enable | disable Enables or disables jumbo frame support. port‐string (Optional) Specifies the port(s) on which to disable or enable jumbo frame support. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2.
clear port jumbo Enabling / Disabling Jumbo Frame Support Mode Switch command, Read‐Write. Example This example shows how to reset jumbo frame support status for 1‐Gigabit Ethernet port 14 in port group 3: Matrix(rw)->clear port jumbo ge.3.
Setting Auto-Negotiation and Advertised Ability show port negotiation Setting Auto-Negotiation and Advertised Ability Purpose To review, disable or enable auto‐negotiation, and to review or set a port’s advertised mode of operation. During auto‐negotiation and advertised ability, the port “tells” the device at the other end of the segment what its capabilities and mode of operation are.
set port negotiation Setting Auto-Negotiation and Advertised Ability Mode Switch command, Read‐Only. Example This example shows how to display auto‐negotiation status for 1‐Gigabit Ethernet port 14 in port group 3: Matrix(rw)->show port negotiation ge.3.14 auto-negotiation is enabled on port ge.3.14. set port negotiation Use this command to enable or disable auto‐negotiation on one or more ports.
Setting Auto-Negotiation and Advertised Ability set port mdix Parameters port‐string (Optional) Displays mode for specific port(s). For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. all Displays port(s) MDI and MDIX admin status. auto Displays port(s) automatically determining MDI/MDIX. mdi Displays port(s) forced to MDI configuration. mdix Displays port(s) forced to MDIX configuration.
clear port mdix Setting Auto-Negotiation and Advertised Ability Example This example shows how to force 1‐Gigabit Ethernet port 14 in port group 3 to MDIX configuration: Matrix(rw)->set port mdix ge.3.14 mdix clear port mdix Use this command to reset MDIX mode to the default setting of auto on one or more ports. Syntax clear port mdix [port-string] Parameters port‐string (Optional) Resets mode for specific port(s).
Setting Auto-Negotiation and Advertised Ability show port advertise Example This example shows how to display advertised ability fe.1.16: Matrix(rw)->show port advertise fe.1.16 fe.1.
set port advertise Setting Auto-Negotiation and Advertised Ability set port advertise Use this command to enable or disable and to configure the advertised ability on one or more ports. Syntax set port advertise port-string [10t] [10tfd] [100tx] [100txfd] [1000x] [1000xfd] [1000t] [1000tfd] [pause] [apause] [spause] [bpause] Parameters port-string Specifies the port(s) for which to set advertised ability.
Setting Auto-Negotiation and Advertised Ability clear port advertise Parameters port-string Specifies port(s) for which advertised ability will be reset. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. 10t (Optional) Clears 10BASE‐T half duplex mode from the port’s advertised ability. 10tfd (Optional) Clears 10BASE‐T full duplex mode from the port’s advertised ability.
show port flowcontrol Setting Flow Control Setting Flow Control Purpose To review, enable or disable port flow control. Flow control is used to manage the transmission between two devices as specified by IEEE 802.3x to prevent receiving ports from being overwhelmed by frames from transmitting devices. Commands For information about... Refer to page... show port flowcontrol 4-37 set port flowcontrol 4-38 show port flowcontrol Use this command to display the flow control state for one or more ports.
Setting Flow Control set port flowcontrol Table 4‐4 provides an explanation of the command output. Table 4-4 show port flow control Output Details Output... What it displays... Port Port designation. For a detailed description of possible port-string values, refer to “Port String Syntax Used in the CLI” on page 4-2. TX Admin Whether or not the port is administratively enabled or disabled for sending flow control frames.
show port trap Configuring Link Traps and Link Flap Detection Configuring Link Traps and Link Flap Detection Purpose To disable or re‐enable link traps and to configure the link flapping detection function. By default, all ports are enabled to send SNMP trap messages indicating changes in their link status (up or down).
Configuring Link Traps and Link Flap Detection set port trap Mode Switch command, Read‐Write. Example This example shows how to display link trap status for fe.3.1 through 4: Matrix(rw)->show port trap fe.3.1-4 Link traps enabled on port fe.3.1. Link traps enabled on port fe.3.2. Link traps enabled on port fe.3.3. Link traps enabled on port fe.3.4. set port trap Use this command to enable or disable ports for sending SNMP trap messages when their link status changes.
show linkflap Configuring Link Traps and Link Flap Detection Parameters globalstate Displays the global enable state of link flap detection. portstate Displays the port enable state of link flap detection. parameters Displays the current value of settable link flap detection parameters. metrics Displays linkflap detection metrics. portsupported Displays ports which can support the link flap detection function. actsupported Displays link flap detection actions supported by system hardware.
Configuring Link Traps and Link Flap Detection show linkflap Linkflap Port Settable Parameter Table (X means error occurred) Port LF Status Actions Threshold Interval Downtime -------- --------- ------- ---------- ---------- ---------- ge.1.1 disabled ....... 10 5 300 ge.1.2 enabled D..S..T 3 5 300 ge.1.3 disabled ...S..T 10 5 300 Table 4‐5 provides an explanation of the show linkflap parameters command output. Table 4-5 show linkflap parameters Output Details Output...
set linkflap globalstate Configuring Link Traps and Link Flap Detection set linkflap globalstate Use this command to globally enable or disable the link flap detection function. By default, the function is disabled globally and on all ports. If disabled globally after per‐port settings have been configured using the commands later in this chapter, per‐port settings will be retained.
Configuring Link Traps and Link Flap Detection set linkflap interval set linkflap interval Use this command to set the time interval (in seconds) for accumulating link down transitions. Syntax set linkflap interval port-string interval_value Parameters port‐string Specifies the port(s) on which to set the link flap interval. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. interval_value Specifies an interval in seconds.
clear linkflap action Configuring Link Traps and Link Flap Detection Mode Switch command, Read‐Write. Examples This example shows how to set the link flap violation action on port fe.1.4 to generating a Syslog entry: Matrix(rw)->set linkflap action fe.1.4 gensyslogentry clear linkflap action Use this command to clear reactions to a link flap violation.
Configuring Link Traps and Link Flap Detection set linkflap downtime Parameters port‐string Specifies the port(s) on which to set the link flap action trigger count. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. threshold_value Specifies the number of link down transitions necessary to trigger the link flap action. Defaults None. Mode Switch command, Read‐Write.
clear linkflap down Configuring Link Traps and Link Flap Detection clear linkflap down Use this command to toggle link flap disabled ports to operational. Syntax clear linkflap down [port-string] Parameters port‐string Specifies the port(s) to make operational. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. Defaults If port‐string is not specified, all ports disabled by a link flap violation will be made operational.
Configuring Link Traps and Link Flap Detection Examples This example shows how to clear all link flap options on port fe.1.4: Matrix(rw)->clear linkflap all fe.1.
show port broadcast Configuring Broadcast Suppression Configuring Broadcast Suppression Purpose To review, disable or set the broadcast thresholds on one or more ports. This limits the amount of received broadcast frames that the specified port will be allowed to switch out to other ports. Broadcast suppression protects against broadcast storms, leaving more bandwidth available for critical data. Commands For information about... Refer to page...
Configuring Broadcast Suppression set port broadcast Table 4-7 show port broadcast Output Details Output... What it displays... Port Port designation. For a detailed description of possible port-string values, refer to “Port String Syntax Used in the CLI” on page 4-2. Total BC Packets Total broadcast packets received on this port. Threshold (pkts/s) Current broadcast threshold in packets per second on this port.
clear port broadcast Configuring Broadcast Suppression Parameters port-string Specifies the port(s) on which broadcast settings will be cleared. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. threshold (Optional) Clears the broadcast threshold setting. peak (Optional) Clears the broadcast peak rate and peak rate time values. Defaults If not specified, both threshold and peak settings will be cleared. Mode Read‐Write.
Configuring Port Mirroring clear port broadcast Configuring Port Mirroring Caution: Port mirroring configuration should be performed only by personnel who are knowledgeable about the effects of port mirroring and its impact on network operation. The Matrix device allows you to mirror (or redirect) the traffic being switched on a port or VLAN for the purposes of network traffic analysis and connection assurance.
show port mirroring Configuring Port Mirroring Note: Eight destination ports must be reserved for an IDS mirror. Purpose To review and configure port mirroring on the device. Commands For information about... Refer to page... show port mirroring 4-53 set port mirroring 4-54 clear port mirroring 4-55 show port mirroring Use this command to display the source and target ports for mirroring, and whether mirroring is currently enabled or disabled for those ports.
Configuring Port Mirroring set port mirroring set port mirroring Use this command to create a new mirroring relationship or to enable or disable an existing mirroring relationship between two ports. Syntax set port mirroring {create | disable | enable} | igmp‐mcast {enable | disable}source destination [both | rx | tx] Parameters create | disable | enable Creates, disables or enables mirroring settings on the specified ports.
clear port mirroring Configuring Port Mirroring clear port mirroring Use this command to clear a port mirroring relationship. Syntax clear port mirroring {igmp-mcast | source destination} Parameters igmp‐mcast Clears IGMP multicast mirroring. source Specifies the source port of the mirroring configuration to be cleared. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2.
Configuring LACP clear port mirroring Configuring LACP Caution: Link aggregation configuration should only be performed by personnel who are knowledgeable about Spanning Tree and Link Aggregation, and fully understand the ramifications of modifications beyond device defaults. Otherwise, the proper operation of the network could be at risk.
clear port mirroring Configuring LACP • A means of identifying the set of capabilities associated with each port and with each aggregator, as understood by a given device. • A means of identifying a LAG and its associated aggregator. LACP Terminology Table 4‐8 defines key terminology used in LACP configuration. Table 4-8 LACP Terms and Definitions Term Definition Aggregator Virtual port that controls link aggregation for underlying physical ports.
Configuring LACP clear port mirroring by comparing operational keys. Aggregator ports allow only underlying ports with keys matching theirs to join their LAG. LACP uses a system priority value to build a LAG ID, which determines aggregation precedence. If there are two partner devices competing for the same aggregator, LACP compares the LAG IDs for each grouping of ports. The LAG with the lower LAG ID is given precedence and will be allowed to use the aggregator.
show lacp Configuring LACP For information about... Refer to page... clear singleportlag 4-65 show port lacp 4-66 set port lacp 4-67 clear port lacp 4-69 show lacp flowRegeneration 4-70 set lacp flowRegeneration 4-70 clear lacp flowRegeneration 4-71 show lacp outportAlgorithm 4-71 set lacp outportAlgorithm 4-72 clear lacp outportAlgorithm 4-72 show lacp Use this command to display the global LACP enable state, or to display information about one or more aggregator ports.
Configuring LACP set lacp Actor Partner System Identifier: 00:e0:63:9d:b5:87 00:00:00:00:00:00 System Priority: 32768 32768 Admin Key: 32768 Oper Key: Attached Ports: 32768 32768 None. Table 4‐9 provides an explanation of the command output. Table 4-9 show lacp Output Details Output... What it displays... Aggregator LAG port designation. Each Matrix Series module provides 48 virtual link aggregator ports, which are designated in the CLI as lag.0.1 through lag.0.48.
clear lacp state Configuring LACP Example This example shows how to disable LACP: Matrix(rw)->set lacp disable clear lacp state Use this command to reset LACP to the default state of enabled. Syntax clear lacp state Parameters None. Defaults None. Mode Switch command, Read‐Write. Example This example shows how to reset LACP to enabled Matrix(rw)->clear lacp state set lacp asyspri Use this command to set the LACP system priority.
Configuring LACP set lacp aadminkey Usage Only one LACP system priority can be set on a Matrix Series device, using either this command, or the set port lacp command (“set port lacp” on page 4‐67). LACP uses this value to determine aggregation precedence. If there are two partner devices competing for the same aggregator, LACP compares the LAG IDs for each grouping of ports. The LAG with the lower LAG ID is given precedence and will be allowed to use the aggregator.
set lacp static Configuring LACP Defaults None. Mode Switch command, Read‐Write. Example This example shows how to clear the actor admin key for LAG port 48: Matrix(rw)->clear lacp aadminkey lag.0.484 set lacp static SyntaxUse this command to assign one or more underlying physical ports to a Link Aggregation Group (LAG). set lacp static lagportstring [key] port‐string Parameters lagportstring Specifies the LAG aggregator port to which new ports will be assigned.
Configuring LACP clear lacp static Example This example shows how to add port fe.1.6 to the LAG of aggregator port 48: Matrix(rw)->set lacp static lag.0.484 fe.1.6 clear lacp static Use this command to remove specific ports from a Link Aggregation Group. Syntax clear lacp static lagportstring port-string Parameters lagportstring Specifies the LAG aggregator port from which ports will be removed. port‐string Specifies the port(s) to remove from the LAG.
set singleportlag Configuring LACP Example This example shows how to display the status of the single port LAG function: Matrix(rw)->show lacp singleportlag Single Port LAGs: enabled set singleportlag Use this command to enable or disable the formation of single port LAGs. When enabled, this maintains LAGs when only one port is receiving protocol transmissions from a partner.
Configuring LACP show port lacp show port lacp Use this command to display link aggregation information for one or more underlying physical ports. Syntax show port lacp port port-string {[status {detail | summary}] | [counters]} [sort {port | lag}] Parameters port port‐string Displays LACP information for specific port(s). For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2.
set port lacp Configuring LACP Matrix(rw)->show port lacp port fe.1.12 status summary Port AggrActor System Partner System Pri: System ID: Key: Pri: System ID: fe.1.12 Key: none [(32768,00e0639db587,32768),(32768,000000000000, 1411)] This example shows how to display LACP counters for port fe.1.12: Matrix(rw)->show port lacp port fe.1.12 counters Port Instance: fe.1.
Configuring LACP set port lacp Sets the port’s actor LACP administrative state to allow for: aadminstate lacpactive | • lacpactive ‐ Transmitting LACP PDUs. lacptimeout | lacpagg | lacpsync | • lacptimeout ‐ Transmitting LACP PDUs every 1 sec. vs 30 sec. lacpcollect | lacpdist (default). | lacpdef | lacpexpire • lacpagg ‐ Aggregation on this port. • lacpsync ‐ Transition to synchronization state. • lacpcollect ‐ Transition to collection state. • lacpdist ‐ Transition to distribution state.
clear port lacp Configuring LACP partners maintain current status of the other via LACPDUs containing information about their ports’ LACP status and operational state. Example This example shows how to set the actor admin key to 3555 for port ge.3.16: Matrix(rw)->set port lacp ge.3.16 aadminkey 3555 clear port lacp Use this command to clear link aggregation settings for one or more ports.
Configuring LACP show lacp flowRegeneration Mode Switch command, Read‐Write. Example This example shows how to clear all link aggregation parameters for port ge.3.16: Matrix(rw)->clear port lacp port ge.3.16 show lacp flowRegeneration Use this command to display the LACP flow regeneration state. Syntax show lacp flowRegeneration Parameters None. Defaults None. Mode Switch command, Read‐Only.
clear lacp flowRegeneration Configuring LACP Usage When enabled and a new port joins a link aggregation group (LAG), LACP will redistribute all existing flows over the LAG. It will also attempt to load balance existing flows to take advantage of ports added to the LAG. When flow regeneration is disabled and a new port joins a LAG, LACP will only distribute new flows over the increased number of ports in the LAG and will leave existing flows intact.
Configuring LACP set lacp outportAlgorithm Example This example shows how to display the current LACP: Matrix(rw)->show lacp outportAlgorithmoutport algorithm dip-sip set lacp outportAlgorithm Use this command to set the algorithm LACP will use for outport determination. Syntax set lacp outportAlgorithm {dip-sip | da-sa | round-robin} Parameters dip‐sip Specifies that destination and source IP addresses will determine the LACP outport.
clear lacp outportAlgorithm Configuring LACP Example This example shows how to reset the LACP outport algorithm to DIP‐SIP: Matrix(rw)->clear lacp outportAlgorithm Enterasys Matrix N Standalone (NSA) Series Configuration Guide 4-73
Configuring LACP 4-74 Port Configuration clear lacp outportAlgorithm
5 SNMP Configuration This chapter describes the Simple Network Management Protocol (SNMP) set of commands and how to use them. Note: Commands for configuring SNMP on the Matrix Series device are independent during the SNMP setup process. For instance, target parameters can be specified when setting up optional notification filters — even though these parameters have not yet been created with the set snmp targetparams command. For information about... Refer to page...
SNMP Configuration Summary SNMPv1 and SNMPv2c The components of SNMPv1 and SNMPv2c network management fall into three categories: • Managed devices (such as a switch) • SNMP agents and MIBs, including SNMP traps, community strings, and Remote Monitoring (RMON) MIBs, which run on managed devices • SNMP network management applications, such as Enterasys NetSight, which communicate with agents to get statistics and alerts from the managed devices.
SNMP Configuration Summary Table 5-1 SNMP Security Levels Model Security Level Authentication Encryption How It Works v1 NoAuthNoPriv Community string None Uses a community string match for authentication. v2c NoAuthNoPriv Community string None Uses a community string match for authentication. v3 NoAuthNoPriv User name None Uses a user name match for authentication. AuthNoPriv MD5 or SHA None Provides authentication based on the HMAC-MD5 or HMAC-SHA algorithms.
SNMP Configuration Summary Note: This example illustrates how to configure an SNMPv2 trap notification. Creating an SNMPv1 or v3 Trap, or an SNMPv3 Inform notification would require using the same commands with different parameters, where appropriate. Always ensure that v1/v2 communities or v3 users used for generating traps or informs are pre-configured with enough privileges to access corresponding MIBs. Complete an SNMPv2 trap configuration on a Matrix Series device as follows: 1.
show snmp engineid Reviewing SNMP Statistics How SNMP Will Use This Configuration In order to send a trap/notification requested by a MIB code, the SNMP agent requires the equivalent of a trap “door”, a “key” to unlock the door, and a “procedure” for crossing the doorstep. To determine if all these elements are in place, the SNMP agent proceeds as follows: 1. Determines if the “keys” for trap “doors” do exist.
Reviewing SNMP Statistics show snmp counters Defaults None. Mode Switch command, Read‐Only. Example This example shows how to display SNMP engine properties: Matrix(rw)->show snmp engineid EngineId: 80:00:15:f8:03:00:e0:63:9d:b5:87 Engine Boots = 12 Engine Time = 162181 Max Msg Size = 2048 Table 5‐3 shows a detailed explanation of the command output. Table 5-3 show snmp engineid Output Details Output... What it displays... EngineId String identifying the SNMP agent on the device.
show snmp counters Reviewing SNMP Statistics snmpOutPkts = 396601 snmpInBadVersions = 0 snmpInBadCommunityNames = 0 snmpInBadCommunityUses = 0 snmpInASNParseErrs = 0 snmpInTooBigs = 0 snmpInNoSuchNames = 0 snmpInBadValues = 0 snmpInReadOnlys = 0 snmpInGenErrs = 0 snmpInTotalReqVars = 403661 snmpInTotalSetVars = 534 snmpInGetRequests = 290 snmpInGetNexts = 396279 snmpInSetRequests = 32 snmpInGetResponses = 0 snmpInTraps = 0 snmpOutTooBigs = 0 snmpOutNoSuchNames = 11 Tabl
Reviewing SNMP Statistics Table 5-4 5-8 show snmp counters show snmp counters Output Details (continued) Output... What it displays... snmpInGenErrs Number of SNMP PDUs delivered to the SNMP protocol entity with the value of the error-status field as “genErr.” snmpInTotalReqVars Number of MIB objects retrieved successfully by the SNMP protocol entity as the result of receiving valid SNMP Get-Request and Get-Next PDUs.
show snmp counters Reviewing SNMP Statistics Table 5-4 show snmp counters Output Details (continued) Output... What it displays... usmStatsNotInTimeWindows Number of packets received by the SNMP engine that were dropped because they appeared outside of the authoritative SNMP engine's window. usmStatsUnknownUserNames Number of packets received by the SNMP engine that were dropped because they referenced a user that was not known to the SNMP engine.
Configuring SNMP Users, Groups and Communities show snmp user Configuring SNMP Users, Groups and Communities Purpose To review and configure SNMP users, groups and v1 and v2 communities. These are defined as follows: • User — A person registered in SNMPv3 to access SNMP management. • Group — A collection of users who share the same SNMP access privileges. • Community — A name used to authenticate SNMPv1 and v2 users. Commands For information about... Refer to page...
show snmp user Configuring SNMP Users, Groups and Communities • If user is not specified, information about all SNMP users will be displayed. • If remote is not specified, user information about the local SNMP engine will be displayed. • If not specified, user information for all storage types will be displayed. Mode Switch command, Read‐Only.
Configuring SNMP Users, Groups and Communities set snmp user set snmp user Use this command to create a new SNMPv3 user. Syntax set snmp user user [remote remoteid] [authentication {md5 | sha}] [authpassword] [privacy privpassword] [volatile | nonvolatile] Parameters user Specifies a name for the SNMPv3 user. remote remoteid (Optional) Registers the user on a specific remote SNMP engine. authentication md5 | sha (Optional) Specifies the authentication type required for this user as MD5 or SHA.
show snmp group Configuring SNMP Users, Groups and Communities Defaults If remote is not specified, the user will be removed from the local SNMP engine. Mode Switch command, Read‐Write. Example This example shows how to remove the SNMP user named “bill”: Matrix(rw)->clear snmp user bill show snmp group Use this command to display an SNMP group configuration. An SNMP group is a collection of SNMPv3 users who share the same access privileges.
Configuring SNMP Users, Groups and Communities set snmp group Storage type = nonVolatile Row status = active Security model = SNMPv1 Security/user name = public.router Group name = Anyone Storage type = nonVolatile Row status = active Table 5‐6 shows a detailed explanation of the command output. Table 5-6 show snmp group Output Details Output... What it displays... Security model SNMP version associated with this group. Security/user name User belonging to the SNMP group.
clear snmp group Configuring SNMP Users, Groups and Communities Example This example shows how to create an SNMP group called “anyone”, assign a user named “public” and assign SNMPv3 security to the group: Matrix(rw)->set snmp group anyone user public security-model usm clear snmp group Use this command to clear SNMP group settings globally or for a specific SNMP group and user.
Configuring SNMP Users, Groups and Communities set snmp community Example This example shows how to display information about the SNMP “public” community name. For a description of this output, refer to “set snmp community” on page 5‐16: Matrix(rw)->show snmp community public --- Configured community strings --Name = public Security name = public Context = Transport tag = Storage type = nonVolatile Status = active set snmp community Use this command to configure an SNMP community group.
clear snmp community Configuring SNMP Users, Groups and Communities Examples This example shows how to set an SNMP community name called “vip”: Matrix(rw)->set snmp community vip This example shows how to grant SNMP management privileges to “vip” community from the routing module operating in router mode: Matrix(rw)->set snmp community vip context router clear snmp community Use this command to delete an SNMP community name.
Configuring SNMP Access Rights show snmp access Configuring SNMP Access Rights Purpose To review and configure SNMP access rights and assign viewing privileges and security levels to SNMP user groups. Commands For information about... Refer to page... show snmp access 5-18 set snmp access 5-20 clear snmp access 5-21 set snmp timefilter break 5-41 show snmp access Use this command to display access rights and security levels configured for SNMP one or more groups.
show snmp access Configuring SNMP Access Rights • If volatile, nonvolatile or read‐only are not specified, all entries of all storage types will be displayed. Mode Switch command, Read‐Only.
Configuring SNMP Access Rights Table 5-7 set snmp access show snmp access Output Details (continued) Output... What it displays... Context match Whether or not SNMP context match must be exact (full context name match) or a partial match with a given prefix. Storage type Whether access entries for this group are stored in volatile, nonvolatile or read-only memory. Row status Status of this entry: active, notInService, or notReady.
clear snmp access Configuring SNMP Access Rights • If write view is not specified, none will be applied. • If notify view is not specified, none will be applied. • If storage type is not specified, entries will be stored as permanent and will be held through device reboot. Mode Switch command, Read‐Write.
Configuring SNMP MIB Views show snmp view Configuring SNMP MIB Views Purpose To review and configure SNMP MIB views. SNMP views map SNMP objects to access rights. Commands For information about... Refer to page... show snmp view 5-22 show snmp context 5-23 set snmp view 5-24 clear snmp view 5-25 show snmp view Use this command to display the MIB configuration for SNMPv3 view‐based access (VACM).
show snmp context Configuring SNMP MIB Views View Type = included Storage type = nonVolatile Row status = active View Name = All Subtree OID = 0.0 Subtree mask = View Type = included Storage type = nonVolatile Row status = active View Name = Network Subtree OID = 1.3.6.1.2.1 Subtree mask = View Type = included Storage type = nonVolatile Row status = active Table 5‐8 provides an explanation of the command output.
Configuring SNMP MIB Views set snmp view Mode Switch command, Read‐Only. Usage An SNMP context is a collection of management information that can be accessed by an SNMP agent or entity. The default context allows all SNMP agents to access all management information (MIBs). When created using the set snmp access command (“set snmp access” on page 5‐20), other contexts can be applied to limit access to a subset of management information and to permit SNMP access from one or more routing modules.
clear snmp view Configuring SNMP MIB Views Example This example shows how to set an SNMP MIB view to “public” with a subtree name of 1.3.6.1 included: Matrix(rw)->set snmp view viewname public subtree 1.3.6.1 included clear snmp view Use this command to delete an SNMPv3 MIB view. Syntax clear snmp view viewname subtree Parameters viewname Specifies the MIB view name to be deleted. subtree Specifies the subtree name of the MIB view to be deleted. Defaults None. Mode Switch command, Read‐Write.
Configuring SNMP Target Parameters show snmp targetparams Configuring SNMP Target Parameters Purpose To review and configure SNMP target parameters. This controls where and under what circumstances SNMP notifications will be sent. A target parameter entry can be bound to a target IP address allowed to receive SNMP notification messages with the set snmp targetaddr command (“set snmp targetaddr” on page 5‐30) Commands For information about... Refer to page...
set snmp targetparams Configuring SNMP Target Parameters Storage type = nonVolatile Row status = active Target Parameter Name = v2cExampleParams Security Name = public Message Proc. Model = SNMPv2c Security Level = noAuthNoPriv Storage type = nonVolatile Row status = active Target Parameter Name = v3ExampleParams Security Name = CharlieDChief Message Proc.
Configuring SNMP Target Parameters clear snmp targetparams security‐model v1 | v2c | usm Specifies the SNMP security model applied to this target parameter as version 1, 2c or 3 (usm). message‐ processing v1 | v2c | v3 Specifies the SNMP message processing model applied to this target parameter as version 1, 2c or 3.
show snmp targetaddr Configuring SNMP Target Addresses Configuring SNMP Target Addresses Purpose To review and configure SNMP target addresses which will receive SNMP notification messages. An address configuration can be linked to optional SNMP transmit, or target, parameters (such as timeout, retry count, and UDP port) set with the set snmp targetparams command (“set snmp targetparams” on page 5‐27). Commands For information about... Refer to page...
Configuring SNMP Target Addresses set snmp targetaddr Retry count = 4 Parameters = v2cParams Storage type = nonVolatile Row status = active Table 5‐10 shows a detailed explanation of the command output. Table 5-10 show snmp targetaddr Output Details Output... What it displays... Target Address Name Unique identifier in the snmpTargetAddressTable. Tag List Tags a location to the target address as a place to send notifications. IP Address Target IP address.
clear snmp targetaddr Configuring SNMP Target Addresses taglist taglist (Optional) Specifies a list of SNMP notify tag values. This tags a location to the target address as a place to send notifications. List must be enclosed in quotes and tag values must be separated by a space (i.e.: “tag 1 tag 2”) volatile | nonvolatile (Optional) Specifies temporary (default), or permanent storage for SNMP entries. Defaults • If not specified, udpport will be set to 162.
Configuring SNMP Target Addresses Mode Switch command, Read‐Write.
show snmp notify Configuring SNMP Notification Parameters Configuring SNMP Notification Parameters Purpose To configure SNMP notification parameters and optional filters. Notifications are entities which handle the generation of SNMP v1 and v2 “traps” or SNMP v3 “informs” messages to select management targets. Optional notification filters identify which targets should not receive notifications.
Configuring SNMP Notification Parameters show snmp notify Parameters notify (Optional) Displays notify entries for a specific notify name. volatile | nonvolatile | read‐only (Optional) Displays notify entries for a specific storage type. Defaults • If a notify name is not specified, all entries will be displayed. • If volatile, nonvolatile or read‐only are not specified, all storage type entries will be displayed. Mode Switch command, Read‐Only.
set snmp notify Configuring SNMP Notification Parameters set snmp notify Use this command to set the SNMP notify configuration. Syntax set snmp notify notify tag tag [trap | inform] [volatile | nonvolatile] Parameters notify Specifies an SNMP notify name. tag tag Specifies an SNMP notify tag. This binds the notify name to the SNMP target address table. trap | inform (Optional) Specifies SNMPv1 or v2 Trap messages (default) or SNMP v3 InformRequest messages.
Configuring SNMP Notification Parameters show snmp notifyfilter Defaults None. Mode Switch command, Read‐Write. Example This example shows how to clear the SNMP notify configuration for “hello”: Matrix(rw)->clear snmp notify hello show snmp notifyfilter Use this command to display SNMP notify filter information, identifying which profiles will not receive SNMP notifications.
set snmp notifyfilter Configuring SNMP Notification Parameters set snmp notifyfilter Use this command to create an SNMP notify filter configuration. Syntax set snmp notifyfilter profile subtree oid-or-mibobject [mask mask] [included | excluded] [volatile | nonvolatile] Parameters profile Specifies an SNMP filter notify name. subtree oid‐or‐ mibobject Specifies a MIB subtree ID target for the filter. mask mask (Optional) Applies a subtree mask.
Configuring SNMP Notification Parameters show snmp notifyprofile Defaults None. Mode Switch command, Read‐Write. Example This example shows how to delete the SNMP notify filter “pilot1”: Matrix(rw)->clear snmp notifyfilter pilot1 subtree 1.3.6 show snmp notifyprofile Use this command to display SNMP notify profile information. This associates target parameters to an SNMP notify filter to determine who should not receive SNMP notifications.
set snmp notifyprofile Configuring SNMP Notification Parameters set snmp notifyprofile Use this command to create an SNMP notify filter profile configuration. Syntax set snmp notifyprofile profile targetparam targetparam [volatile | nonvolatile] Parameters profile Specifies an SNMP filter notify name. targetparam targetparam Specifies an associated entry in the SNMP Target Params Table. volatile | nonvolatile (Optional) Specifies a storage type.
Configuring SNMP Notification Parameters clear snmp notifyprofile Example This example shows how to delete SNMP notify profile “area51”: Matrix(rw)->clear snmp notifyprofile area51 targetparam v3ExampleParams 5-40 SNMP Configuration
set snmp timefilter break Configuring SNMP Walk Behavior Configuring SNMP Walk Behavior Purpose To configure SNMP walk behavior. Commands For information about... Refer to page... set snmp timefilter break 5-41 set snmp timefilter break Use this command to set SNMP to exit the MIB walk after the first entry it returns if the index includes a timestamp.
Configuring SNMP Walk Behavior 5-42 SNMP Configuration set snmp timefilter break
6 Spanning Tree Configuration This chapter describes the Spanning Tree Configuration set of commands and how to use them. For information about... Refer to page... Overview: Single, Rapid and Multiple Spanning Tree Protocols 6-1 Configuring Spanning Tree Bridge Parameters 6-3 Configuring Spanning Tree Port Parameters 6-49 Configuring Spanning Tree Loop Protect Features 6-65 Overview: Single, Rapid and Multiple Spanning Tree Protocols The IEEE 802.
Overview: Single, Rapid and Multiple Spanning Tree Protocols For details on creating Spanning Tree instances, refer to “set spantree msti” on page 6‐14. For details on mapping Spanning Tree instances to VLANs, refer to “set spantree mstmap” on page 6‐15. Note: MSTP and RSTP are fully compatible and interoperable with each other and with legacy STP 802.1D.
Configuring Spanning Tree Bridge Parameters • Disabling a port based on frequency of failure events Port forwarding state in the designated port is gated by a timer that is set upon BPDU reception. It is analogous to the rcvdInfoWhile timer the port uses when receiving root information in the root/ alternate/backup role. There are two operational modes for Loop Protect on a port. If the port is connected to a device known to implement Loop Protect, it uses full functional mode.
Configuring Spanning Tree Bridge Parameters For information about... 6-4 Refer to page...
Configuring Spanning Tree Bridge Parameters For information about... Refer to page...
Configuring Spanning Tree Bridge Parameters show spantree stats For information about... Refer to page... show spantree debug 6-46 clear spantree debug 6-48 show spantree stats Use this command to display Spanning Tree information for one or more ports. Syntax show spantree stats [port port-string] [sid sid] [active] Parameters port port‐string (Optional) Displays information for the specified port(s).
show spantree stats Configuring Spanning Tree Bridge Parameters Bridge Max Age - 20 sec Bridge Hello Time - 2 Bridge Forward Delay - 15 sec Topology Change Count - 7 Time Since Top Change - 00 days 03:19:15 Max Hops - 20 sec Table 6‐1 shows a detailed explanation of command output. Table 6-1 show spantree Output Details Output... What it displays... Spanning tree instance Spanning Tree ID. Spanning tree status Whether Spanning Tree is enabled or disabled.
Configuring Spanning Tree Bridge Parameters show spantree stats This example shows how to display port‐specific Spanning Tree information for port ge.1.1. Table 6‐2 describes the port‐specific information displayed. Matrix(rw)->show spantree stats port ge.1.
show spantree version Configuring Spanning Tree Bridge Parameters show spantree version Use this command to display the current version of the Spanning Tree protocol running on the device. Syntax show spantree version Parameters None. Defaults None. Mode Switch command, Read‐Only.
Configuring Spanning Tree Bridge Parameters clear spantree version mode will cause the bridge to transmit only 802.1D BPDUs, and will prevent non‐edge ports from rapidly transitioning to forwarding state. Example This example shows how to globally change the Spanning Tree version from the default of MSTP to RSTP: Matrix(rw)->set spantree version rstp clear spantree version Use this command to reset the Spanning Tree version to MSTP mode. Syntax clear spantree version Parameters None. Defaults None.
set spantree stpmode Configuring Spanning Tree Bridge Parameters Example This example shows how to display the STP mode: Matrix(rw)->show spantree stpmode Bridge Stp Mode is set to ieee8021 set spantree stpmode Use this command to globally enable or disable the Spanning Tree Protocol (STP) mode. Syntax set spantree stpmode {none | ieee8021} Parameters none Disables Spanning Tree. ieee8021 Enables 802.1 Spanning Tree mode. Defaults None. Mode Switch command, Read‐Write.
Configuring Spanning Tree Bridge Parameters show spantree maxconfigurablestps Example This example shows how to reset the STP mode to IEEE 802.1: Matrix(rw)->clear spantree stpmode show spantree maxconfigurablestps Use this command to display the setting for the maximum number of user configurable Spanning Tree instances. Syntax show spantree maxconfigurablestps Parameters None. Defaults None. Mode Switch command, Read‐Only.
clear spantree maxconfigurablestps Configuring Spanning Tree Bridge Parameters clear spantree maxconfigurablestps Use this command to clear the setting for the maximum number of user configurable Spanning Tree instances. Syntax clear spantree maxconfigurablestps Parameters None. Defaults None. Mode Switch command, Read‐Write.
Configuring Spanning Tree Bridge Parameters set spantree msti set spantree msti Use this command to create or delete a Multiple Spanning Tree instance. Syntax set spantree msti sid sid {create | delete} Parameters sid sid Sets the Multiple Spanning Tree ID. Valid values are 1 ‐ 4094. Note: Matrix Series devices will support up to . create | delete Creates or deletes an MST instance. Defaults None. Mode Switch command, Read‐Write.
show spantree mstmap Configuring Spanning Tree Bridge Parameters show spantree mstmap Use this command to display the mapping of a filtering database ID (FID) to a Spanning Trees. Since VLANs are mapped to FIDs, this shows to which SID a VLAN is mapped. Syntax show spantree mstmap [fid fid] Parameters fid fid (Optional) Displays information for specific FIDs. Defaults If fid is not specified, information for all assigned FIDs will be displayed. Mode Switch command, Read‐Only.
Configuring Spanning Tree Bridge Parameters clear spantree mstmap Example This example shows how to map FID 3 to SID 2: Matrix(rw)->set spantree mstmap 3 sid 2 clear spantree mstmap Use this command to map a FID back to SID 0. Syntax clear spantree mstmap fid Parameters fid Specifies one or more FIDs to reset to 0. Defaults None. Mode Switch command, Read‐Write.
show spantree mstcfgid Configuring Spanning Tree Bridge Parameters Example This example shows how to display assignments for all VLANs assigned to any SID other than SID 0: Matrix(rw)->show spantree vlanlist Vlan 104 is mapped to Sid 104 Vlan 105 is mapped to Sid 105 Vlan 106 is mapped to Sid 106 Vlan 107 is mapped to Sid 107 show spantree mstcfgid Use this command to display the MST configuration identifier elements, including format selector, configuration name, revision level, and configuration digest
Configuring Spanning Tree Bridge Parameters clear spantree mstcfgid Parameters cfgname name Specifies an MST configuration name. rev level Specifies an MST revision level. Valid values are 0 ‐ 65535. Defaults None. Mode Switch command, Read‐Write.
set spantree bridgeprioritymode Configuring Spanning Tree Bridge Parameters Defaults None. Mode Switch command, Read‐Only. Example This example shows how to display the Spanning Tree bridge priority mode setting: Matrix(rw)->show spantree bridgeprioritymode Bridge Priority Mode is set to IEEE802.1t mode. set spantree bridgeprioritymode Use this command to set the Spanning Tree bridge priority mode to 802.1D (legacy) or 802.1t.
Configuring Spanning Tree Bridge Parameters show spantree priority Defaults None. Mode Switch command, Read‐Write. Example This example shows how to reset the bridge priority mode to 802.1t: Matrix(rw)->clear spantree bridgeprioritymode show spantree priority Use this command to display the Spanning Tree bridge priority. Syntax show spantree priority [sid] Parameters sid (Optional) Displays the priority for a specific Spanning Tree. Valid values are 0 ‐ 4094. If not specified, SID 0 is assumed.
set spantree priority Configuring Spanning Tree Bridge Parameters Parameters priority Specifies the priority of the bridge. Valid values are from 0 to 65535, with the numerical value of 0 indicating highest priority and the numerical value 65535 indicating lowest priority. When 802.1t is selected as the bridge priority mode, as described in “set spantree bridgeprioritymode” on page 6‐19, values will be rounded up or down, depending on the 802.
Configuring Spanning Tree Bridge Parameters clear spantree priority clear spantree priority Use this command to reset the Spanning Tree priority to the default value of 32768. Syntax clear spantree priority [sid] Parameters sid (Optional) Resets the priority on a specific Spanning Tree. Valid values are 0 ‐ 4094. If not specified, SID 0 is assumed. Defaults If sid is not specified, priority will be reset on Spanning Tree 0. Mode Switch command, Read‐Write.
set spantree bridgehellomode Configuring Spanning Tree Bridge Parameters Example This example shows how to display the Spanning Tree bridge hello mode. In this case, a single bridge hello mode has been enabled using the set spantree bridgehellomode command as described in “set spantree hello” on page 6‐24: Matrix(rw)->show spantree bridgehellomode Bridge Hello Mode is currently enabled. set spantree bridgehellomode Use this command to enable or disable bridge hello mode on the device.
Configuring Spanning Tree Bridge Parameters show spantree hello Example This example shows how to reset the Spanning Tree bridge hello mode to enabled: Matrix(rw)->clear spantree bridgehellomode show spantree hello Use this command to display the Spanning Tree hello time. Syntax show spantree hello Parameters None. Defaults None. Mode Switch command, Read‐Only.
clear spantree hello Configuring Spanning Tree Bridge Parameters Example This example shows how to globally set the Spanning Tree hello time to 10 seconds: Matrix(rw)->set spantree hello 10 clear spantree hello Use this command to reset the Spanning Tree hello time to the default value. Syntax clear spantree hello Parameters None. Defaults None. Mode Switch command, Read‐Write.
Configuring Spanning Tree Bridge Parameters set spantree maxage set spantree maxage Use this command to set the bridge maximum aging time. Syntax set spantree maxage agingtime Parameters agingtime Specifies the maximum number of seconds that the system retains the information received from other bridges through STP. Valid values are 6 ‐ 40. Defaults None Mode Switch command, Read‐Write.
show spantree fwddelay Configuring Spanning Tree Bridge Parameters Example This example shows how to globally reset the maximum aging time: Matrix(rw)->clear spantree maxage show spantree fwddelay Use this command to display the Spanning Tree forward delay time. Syntax show spantree fwddelay Parameters None. Defaults None. Mode Switch command, Read‐Only.
Configuring Spanning Tree Bridge Parameters clear spantree fwddelay addition, each port needs time to listen for conflicting information that would make it return to a blocking state; otherwise, temporary data loops might result. Example This example shows how to globally set the bridge forward delay to 16 seconds: Matrix(rw)->set spantree fwddelay 16 clear spantree fwddelay Use this command to reset the Spanning Tree forward delay to the default setting of 15 seconds.
set spantree autoedge Configuring Spanning Tree Bridge Parameters Example This example shows how to display the status of the automatic edge port detection function: Matrix(rw)->show spantree autoedge autoEdge is currently enabled. set spantree autoedge Use this command to enable or disable the automatic edge port detection function. Syntax set spantree autoedge {disable | enable} Parameters disable | enable Disables or enables automatic edge port detection. Defaults None.
Configuring Spanning Tree Bridge Parameters show spantree legacypathcost show spantree legacypathcost Use this command to display the default Spanning Tree path cost setting. Syntax show spantree legacypathcost Parameters None. Defaults None. Mode Switch command, Read‐Only.
clear spantree legacypathcost Configuring Spanning Tree Bridge Parameters clear spantree legacypathcost Use this command to set the Spanning Tree default value for legacy path cost to 802.1t values. Syntax clear spantree legacypathcost Parameters None. Defaults None. Mode Switch command, Read‐Write. Example This example shows how to set the default path cost values to 802.
Configuring Spanning Tree Bridge Parameters set spantree tctrapsuppress set spantree tctrapsuppress Use this command to disable or enable topology change trap suppression on Rapid Spanning Tree edge ports. Syntax set spantree tctrapsupress {disable | enable | edgedisable} Parameters disable | enable Disables or enables topology change trap suppression. edgedisable Disables sending topology change traps on edge ports. Defaults None. Mode Switch command, Read‐Write.
show spantree txholdcount Configuring Spanning Tree Bridge Parameters Example This example shows how to clear topology change trap suppression settings: Matrix(rw)->clear spantree tctrapsuppress show spantree txholdcount Use this command to display the maximum BPDU transmission rate. Syntax show spantree txholdcount Parameters None. Defaults None. Mode Switch command, Read‐Only.
Configuring Spanning Tree Bridge Parameters clear spantree txholdcount Example This example shows how to globally set the transmit hold count to 5: Matrix(rw)->set spantree txholdcount 5 clear spantree txholdcount Use this command to reset the transmit hold count to the default value of 6. Syntax clear spantree txholdcount Parameters None. Defaults None. Mode Switch command, Read‐Write.
set spantree maxhops Configuring Spanning Tree Bridge Parameters set spantree maxhops Use this command to set the Spanning Tree maximum hop count. Syntax set spantree maxhops max_hop_count Parameters max_hop_count Specifies the maximum number of hops allowed. Valid values are 0 to 255. Default value is 20. Defaults None. Mode Switch command, Read‐Write.
Configuring Spanning Tree Bridge Parameters show spantree spanguard show spantree spanguard Use this command to display the status of the Spanning Tree span guard function. Syntax show spantree spanguard Parameters None. Defaults None. Mode Switch command, Read‐Only. Example This example shows how to display the span guard function status: Matrix(rw)->show spantree spanguard spanguard is currently disabled.
clear spantree spanguard Configuring Spanning Tree Bridge Parameters Example This example shows how to enable the span guard function: Matrix(rw)->set spantree spanguard enable clear spantree spanguard Use this command to resets the status of the Spanning Tree span guard function to disabled. Syntax clear spantree spanguard Parameters None. Defaults None. Mode Switch command, Read‐Write.
Configuring Spanning Tree Bridge Parameters set spantree spanguardtimeout set spantree spanguardtimeout Use this command to set the amount of time (in seconds) an edge port will remain locked by the span guard function. Syntax set spantree spanguardtimeout timeout Parameters timeout Specifies a timeout value in seconds. Valid values are 0 (forever) to 65535. Defaults None. Mode Switch command, Read‐Write.
show spantree spanguardlock Configuring Spanning Tree Bridge Parameters show spantree spanguardlock Use this command to display the span guard lock status of one or more ports. Syntax show spantree spanguardlock port-string Parameters port‐string Specifies the port(s) for which to show span guard lock status. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. Defaults None. Mode Switch command, Read‐Only.
Configuring Spanning Tree Bridge Parameters show spantree spanguardtrapenable Example This example shows how to unlock port fe.1.16: Matrix(rw)->clear spantree spanguardlock fe.1.16 show spantree spanguardtrapenable Use this command to displays the state of the Spanning Tree span guard trap function. Syntax show spantree spanguardtrapenable Parameters None. Defaults None. Mode Switch command, Read‐Only.
clear spantree spanguardtrap enable Configuring Spanning Tree Bridge Parameters clear spantree spanguardtrap enable Use this command to reset the Spanning Tree span guard trap function back to the default state of enabled. Syntax clear spantree spanguardtrapenable Parameters None. Defaults None. Mode Switch command, Read‐Write.
Configuring Spanning Tree Bridge Parameters set spantree backuproot set spantree backuproot Use this command to enable or disable the Spanning Tree backup root function. Syntax set spantree backuproot sid {enable | disable} Parameters sid Specifies the Spanning Tree on which to enable or disable the backup root function. Valid values are 0 ‐ 4094. enable | disable Enables or disables the backup root function. Defaults None. Mode Switch command, Read‐Write.
show spantree backuproottrapendable Configuring Spanning Tree Bridge Parameters Example This example shows how to reset the backup root function to disabled on SID 2: Matrix(rw)->clear spantree backuproot 2 show spantree backuproottrapendable Use this command to display the state of the Spanning Tree backup root trap function. Syntax show spantree backuproottrapenable Parameters None. Defaults None. Mode Switch command, Read‐Only.
Configuring Spanning Tree Bridge Parameters clear spantree backuproottrapenable Example This example shows how to enable the backup root trap function: Matrix(rw)->set spantree backuproottrapenable enable clear spantree backuproottrapenable Use this command to resets the Spanning Tree backup root trap function to the default state of disabled. Syntax clear spantree backuproottrapenable. Parameters None. Defaults None. Mode Switch command, Read‐Write.
set spantree newroottrapenable Configuring Spanning Tree Bridge Parameters set spantree newroottrapenable Use this command to enable or disable the Spanning Tree new root trap function. Syntax set spantree newroottrapenable {enable | disable} Parameters enable | disable Enables or disables the backup root trap function. Defaults None. Mode Switch command, Read‐Write. Usage When SNMP trap messaging is configured, this sends a trap message when a Spanning Tree becomes the new root of the network.
Configuring Spanning Tree Bridge Parameters clear spantree default clear spantree default Use this command to restore default values to a Spanning Tree. Syntax clear spantree default [sid] Parameters sid (Optional) Restores defaults on a specific Spanning Tree. Valid values are 0 ‐ 4094. If not specified, SID 0 is assumed. Defaults If sid is not specified, defaults will be restored on Spanning Tree 0. Mode Switch command, Read‐Write.
show spantree debug Configuring Spanning Tree Bridge Parameters Example This example shows how to display Spanning Tree debug counters for link aggregation port 3, SID 0: Matrix(rw)->show spantree debug port lag.0.
Configuring Spanning Tree Bridge Parameters clear spantree debug Use this command to clear Spanning Tree debug counters. Syntax clear spantree debug Parameters None. Defaults None. Mode Switch command, Read‐Write.
clear spantree debug Configuring Spanning Tree Port Parameters Configuring Spanning Tree Port Parameters Purpose To display and set Spanning Tree port parameters, including enabling or disabling the Spanning Tree algorithm on one or more ports, displaying designated bridge, port and root information, displaying blocked ports, displaying and setting Spanning Tree port priorities and costs, configuring edge port parameters, and setting point‐to‐point protocol mode. Commands For information about...
Configuring Spanning Tree Port Parameters show spantree portenable show spantree portenable Use this command to display the port status on one or more Spanning Tree ports. Syntax show spantree portenable [port port-string] Parameters port port‐string (Optional) Displays status for specific port(s). For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. Defaults If port‐string is not specified, status will be displayed for all ports.
clear spantree portenable Configuring Spanning Tree Port Parameters clear spantree portenable Use this command to reset the default value for one or more Spanning Tree ports to enabled. Syntax clear spantree portenable port-string Parameters port‐string Specifies port(s) to reset. For a detailed description of possible port‐ string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. Defaults None. Mode Switch command, Read‐Write.
Configuring Spanning Tree Port Parameters set spantree portadmin set spantree portadmin Use this command to disable or enable the Spanning Tree algorithm on one or more ports. Syntax set spantree portadmin port-string {disable | enable} Parameters port‐string Specifies the port(s) for which to enable or disable Spanning Tree. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. disable | enable Disables or enables Spanning Tree.
set spantree protomigration Configuring Spanning Tree Port Parameters set spantree protomigration Use this command to reset the protocol state migration machine for one or more Spanning Tree ports. When operating in RSTP mode, this forces a port to transmit MSTP BPDUs. Syntax set spantree protomigration port-string true Parameters port‐string Specifies the port(s) for which protocol migration mode will be enabled.
Configuring Spanning Tree Port Parameters show spantree blockedports Example This example shows how to display the Spanning Tree state for fe.1.7: Matrix(rw)->show spantree portstate port fe.1.7 Port fe.1.7 has a Port State of Forwarding on SID 0 show spantree blockedports Use this command to display the blocked ports in a Spanning Tree. Syntax show spantree blockedports [sid] Parameters sid (Optional) Displays blocked ports on a specific Spanning Tree. Valid values are 0 ‐ 4094.
set spantree portpri Configuring Spanning Tree Port Parameters Parameters port port‐string (Optional) Specifies the port(s) for which to display Spanning Tree priority. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. sid sid (Optional) Displays port priority for a specific Spanning Tree identifier. Valid values are 0 ‐ 4094. If not specified, SID 0 is assumed.
Configuring Spanning Tree Port Parameters clear spantree portpri clear spantree portpri Use this command to reset the bridge priority of a Spanning Tree port to a default value of 128. Syntax clear spantree portpri port-string [sid sid] Parameters port‐string Specifies the port(s) for which to set Spanning Tree port priority. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2.
clear spantree porthello Configuring Spanning Tree Port Parameters Usage This command can be executed only if bridge hello mode is disabled. For information on using the set spantree bridgehellomode command, refer to “set spantree bridgehellomode” on page 6‐23. Example This example shows how to set the hello time to 3 seconds for port fe.1.4: Matrix(rw)->set spantree porthello fe.1.
Configuring Spanning Tree Port Parameters • show spantree adminpathcost If sid is not specified, port cost will be displayed for all Spanning Trees. Mode Switch command, Read‐Only. Example This example shows how to display the port cost for fe.2.5: Matrix(rw)->show spantree portcost port fe.2.5 Port fe.2.5 has a Port Path Cost of 2000000 on SID 0 show spantree adminpathcost Use this command to display the admin path cost for a port on one or more Spanning Trees.
clear spantree adminpathcost Configuring Spanning Tree Port Parameters Parameters port‐string Specifies the port(s) on which to set an admin path cost. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. cost Specifies the port path cost. Va1id values are: sid sid • 0 ‐ 65535 if legacy path cost is enabled. • 0 ‐ 200000000 if legacy path cost is disabled. (Optional) Sets the admin path cost for a specific Spanning Tree identifier.
Configuring Spanning Tree Port Parameters show spantree adminedge Example This example shows how to reset the admin path cost to 0 for fe.3.2 on SID 1: Matrix(rw)->clear spantree adminpathcost fe.3.2 sid 1 show spantree adminedge Use this command to display the edge port administrative status for a port. Syntax show spantree adminedge [port port-string] Parameters port‐string (Optional) Displays edge port administrative status for specific port(s).
clear spantree adminedge Configuring Spanning Tree Port Parameters Mode Switch command, Read‐Write. Example This example shows how to set fe.1.11 as an edge port: Matrix(rw)->set spantree adminedge fe.1.11 true clear spantree adminedge Use this command to reset a Spanning Tree port to non‐edge status. Syntax clear spantree adminedge port-string Parameters port‐string Specifies port(s) on which to reset edge port status.
Configuring Spanning Tree Port Parameters show spantree adminpoint Mode Switch command, Read‐Only. Example This example shows how to display the edge port status for fe.2.7: Matrix(rw)->show spantree operedge port fe.2.7 Port fe.2.7 has a Port Oper Edge of Edge-Port show spantree adminpoint Use this command to display the administrative point‐to‐point status of the LAN segment attached to a Spanning Tree port.
set spantree adminpoint Configuring Spanning Tree Port Parameters Defaults If not specified, status will be displayed for all ports. Mode Switch command, Read‐Only. Example This example shows how to display the point‐to‐point status operating of the LAN segment attached to fe.2.7: Matrix(rw)->show spantree operpoint port fe.2.7 Port fe.2.
Configuring Spanning Tree Port Parameters clear spantree adminpoint clear spantree adminpoint Use this command to reset the administrative point‐to‐point status of the LAN segment attached to a Spanning Tree port to auto mode. Syntax clear spantree adminpoint port-string Parameters port‐string Specifies port(s) on which to reset point‐to‐point protocol status. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. Defaults None.
set spantree lp Configuring Spanning Tree Loop Protect Features Configuring Spanning Tree Loop Protect Features Purpose To display and set Spanning Tree Loop Protect parameters, including the global parameters of Loop Protect threshold, window, enabling traps, and disputed BPDU threshold, as well as per port and port/SID parameters. See “Loop Protect” on page 2. for more information about the Loop Protect feature. Commands For information about... Refer to page...
Configuring Spanning Tree Loop Protect Features show spantree lp Parameters port‐string Specifies port(s) on which to enable or disable the Loop Protect feature. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. enable | disable Enables or disables the feature on the specified port. sid sid (Optional) Enables or disables the feature for specific Spanning Tree(s). Valid values are 0 ‐ 4094. If not specified, SID 0 is assumed.
clear spantree lp Configuring Spanning Tree Loop Protect Features If no SID is specified, SID 0 is assumed. Mode Switch command, Read‐Only. Example This example shows how to display Loop Protect status on fe.2.3: Matrix(rw)->show spantree lp port fe.2.3 LoopProtect is enabled on port fe.2.3 , SID 0 clear spantree lp Use this command to return the Loop Protect status per port and optionally, per SID, to its default state of disabled.
Configuring Spanning Tree Loop Protect Features clear spantree lplock Parameters port‐string (Optional) Specifies port(s) for which to display the Loop Protect lock status. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. sid sid (Optional) Specifies the specific Spanning Tree(s) for which to display the Loop Protect lock status. Valid values are 0 ‐ 4094. If not specified, SID 0 is assumed.
set spantree lpcapablepartner Configuring Spanning Tree Loop Protect Features Usage The default state is unlocked. Example This example shows how to clear Loop Protect lock from ge.1.1: Matrix(rw)->show spantree lplock port ge.1.1 LoopProtect Lock status for port ge.1.1 , SID 0 is LOCKED. Matrix(rw)->clear spantree lplock ge.1.1 Matrix(rw)->show spantree lplock port ge.1.1 LoopProtect Lock status for port ge.1.1 , SID 0 is UNLOCKED.
Configuring Spanning Tree Loop Protect Features show spantree lpcapablepartner show spantree lpcapablepartner Use this command to the Loop Protect capability of a link partner for one or more ports. Syntax show spantree lpcapablepartner [port port-string] Parameters port‐string (Optional) Specifies port(s) for which to display Loop Protect capability for its link partner. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2.
set spantree lpthreshold Configuring Spanning Tree Loop Protect Features set spantree lpthreshold Use this command to set the Loop Protect event threshold. Syntax set spantree lpthreshold value Parameters value Specifies the number of events that must occur during the event window in order to lock a port/SID. The default value is 3 events. A threshold of 0 specifies that ports will never be locked. Defaults None. The default event threshold is 3. Mode Switch command, Read‐Write.
Configuring Spanning Tree Loop Protect Features clear spantree lpthreshold Example This example shows how to display the current Loop Protect threshold value: Matrix(rw)->show spantree lpthreshold LoopProtect event threshold is set to 4 clear spantree lpthreshold Use this command to return the Loop Protect event threshold to its default value of 3. Syntax clear spantree lpthreshold Parameters None. Defaults None. Mode Switch command, Read‐Write.
show spantree lpwindow Configuring Spanning Tree Loop Protect Features counter is not reset until the Loop Protect event threshold is reached. If the threshold is reached, that constitutes a loop protection event. Example This example shows how to set the Loop Protect event window to 120 seconds: Matrix(rw)->set spantree lpwindow 120 show spantree lpwindow Use this command to display the current Loop Protect event window value. Syntax show spantree lpwindow Parameters None. Defaults None.
Configuring Spanning Tree Loop Protect Features set spantree lptrapenable Example This example shows how to reset the Loop Protect event window to the default of 180 seconds: Matrix(rw)->clear spantree lpwindow set spantree lptrapenable Use this command to enable or disable Loop Protect event notification. Syntax set spantree lptrapenable {enable | disable} Parameters enable | disable Enables or disables the sending of Loop Protect traps. Default is disabled. Defaults None.
clear spantree lptrapenable Configuring Spanning Tree Loop Protect Features Example This example shows how to display the current Loop Protect event notification status: Matrix(rw)->show spantree lptrapenable LoopProtect event traps are enabled clear spantree lptrapenable Use this command to return the Loop Protect event notification state to its default state of disabled. Syntax clear spantree lptrapenable Parameters None. Defaults None. Mode Switch command, Read‐Write.
Configuring Spanning Tree Loop Protect Features show spantree disputedbpduthreshold Usage A disputed BPDU is one in which the flags field indicates a designated role and learning, and the priority vector is worse than that already held by the port. If a disputed BPDU is received the port is forced to the listening state. Refer to the 802.
show spantree nonforwardingreason Configuring Spanning Tree Loop Protect Features Parameters None. Defaults None. Mode Switch command, Read‐Write. Example This example shows how to reset the disputed BPDU threshold to the default of 0: Matrix(rw)->clear spantree disputedbpduthreshold show spantree nonforwardingreason Use this command to display the reason for placing a port in a non‐forwarding state due to an exceptional condition.
Configuring Spanning Tree Loop Protect Features 6-78 Spanning Tree Configuration show spantree nonforwardingreason
7 802.1Q VLAN Configuration This chapter describes the Enterasys Matrix system’s capabilities to implement 802.1Q virtual LANs (VLANs). It documents how to: • Create, enable, disable and name a VLAN. • Review status and other information related to VLANs.
VLAN Configuration Summary Port Assignment Scheme For information on this device’s port assignment scheme, refer to “Port String Syntax Used in the CLI” on page 4‐2. Port String Syntax Used in the CLI For information on how to designate port numbers in the CLI syntax, refer to “Port String Syntax Used in the CLI” on page 4‐2. Preparing for VLAN Configuration A little forethought and planning is essential to a good VLAN implementation.
show vlan Reviewing Existing VLANs 3. Add the host port and the desired switch port to the egress list for the VLAN created in Step 1. (“set vlan egress” on page 7‐18) 4. Set a private community name and access policy. (“set snmp community” on page 5‐16) The commands used to create a secure management VLAN are listed in Table 7‐1 and described in the associated sections as shown. This example assumes the management station is attached to fe.1.1 and wants untagged frames.
Reviewing Existing VLANs show vlan Parameters static (Optional) Displays information related to static VLANs. Static VLANs are manually created using the set vlan command (“set vlan” on page 7‐6), SNMP MIBs, or the WebView management application. The default VLAN, VLAN 1, is always statically configured and can’t be deleted. Only ports that use a specified VLAN as their default VLAN (PVID) will be displayed. vlan‐list (Optional) Displays information for a specific VLAN or range of VLANs.
show vlan Reviewing Existing VLANs Table 7-2 show vlan Output Details (continued) Output... What it displays... Forbidden Egress Ports Ports prevented from transmitted frames for this VLAN. Untagged Ports Ports configured to transmit untagged frames for this VLAN.
Creating and Naming Static VLANs set vlan Creating and Naming Static VLANs Purpose To create a new static VLAN, or to enable or disable existing VLAN(s). Commands For information about... Refer to page... set vlan 7-6 set vlan name 7-7 clear vlan 7-7 clear vlan name 7-8 set vlan Use this command to create a new static IEEE 802.1Q VLAN, or to enable or disable an existing VLAN.
set vlan name Creating and Naming Static VLANs Examples This example shows how to create VLAN 3: Matrix(rw)->set vlan create 3 This example shows how to disable VLAN 3: Matrix(rw)->set vlan disable 3 set vlan name Use this command to set or change the ASCII name for a new or existing VLAN. Syntax set vlan name vlan-list vlan-name Parameters vlan‐list Specifies the VLAN ID of the VLAN(s) to be named. vlan‐name Specifies the string used as the name of the VLAN (1 to 32 characters). Defaults None.
Creating and Naming Static VLANs clear vlan name Example This example shows how to remove a static VLAN 9 from the device’s VLAN list: Matrix(rw)->clear vlan 9 clear vlan name Use this command to remove the name of a VLAN from the VLAN list. Syntax clear vlan name vlan-list Parameters vlan‐list Specifies the VLAN ID of the VLAN(s) for which the name will be cleared. Defaults None. Mode Switch command, Read‐Write.
show port vlan Assigning Port VLAN IDs (PVIDs) and Ingress Filtering Assigning Port VLAN IDs (PVIDs) and Ingress Filtering Purpose To assign default VLAN IDs to untagged frames on one or more ports, to configure MIB‐II interface mapping to a VLAN, to configure VLAN ingress filtering, and to set the frame discard mode. Commands For information about... Refer to page...
Assigning Port VLAN IDs (PVIDs) and Ingress Filtering set port vlan Usage PVID determines the VLAN to which all untagged frames received on one or more ports will be classified. Example This example shows how to display PVIDs assigned to Fast Ethernet ports 1 through 6 in port group 2. In this case, untagged frames received on these ports will be classified to VLAN 1: Matrix(rw)->show port vlan fe.2.1-6 fe.2.1 is set to 1 fe.2.2 is set to 1 fe.2.3 is set to 1 fe.2.4 is set to 1 fe.2.5 is set to 1 fe.2.
clear port vlan Assigning Port VLAN IDs (PVIDs) and Ingress Filtering Example This example shows how to add fe.1.10 to the port VLAN list of VLAN 4 (PVID 4). Since VLAN 4 is a new VLAN, it is created. Then port fe.1.10 is added to VLAN 4’s untagged egress list, and is cleared from the egress list of VLAN 1 (the default VLAN): Matrix(rw)->set port vlan fe.1.10 4 Matrix(rw)->set vlan 4 create Matrix(rw)->set vlan egress 4 fe.1.10 untagged Matrix(rw)->clear vlan egress 1 fe.1.
Assigning Port VLAN IDs (PVIDs) and Ingress Filtering set vlan interface Mode Switch command, Read‐Only. Example This example shows how to display the interface entry for VLAN 1: Matrix(rw)->show vlan interface 1 VLAN Port Storage Type ------------------------------------1 vlan.0.1 non-volatile Table 7‐3 provides an explanation of the command output. Table 7-3 show vlan interface Output Details Output... What it displays... VLAN VLAN ID. Port Port-string designation.
clear vlan interface Assigning Port VLAN IDs (PVIDs) and Ingress Filtering clear vlan interface Use this command to clear the MIB‐II interface entry mapped to a VLAN. Syntax clear vlan interface vlan-list Parameters vlan‐list Specifies the VLAN(s) for which an interface entry will be cleared. Defaults None. Mode Switch command, Read‐Write.
Assigning Port VLAN IDs (PVIDs) and Ingress Filtering set port ingress filter Example This example shows how to display the port ingress filter status for Fast Ethernet ports 10 through 15 in port group 1. In this case, the ports are disabled for ingress filtering: Matrix(rw)->show port ingress-filter fe.1.10-15 Port State -------- --------- fe.1.10 disabled fe.1.11 disabled fe.1.12 disabled fe.1.13 disabled fe.1.14 disabled fe.1.
show port discard Assigning Port VLAN IDs (PVIDs) and Ingress Filtering show port discard Use this command to display the frame discard mode for one or more ports. Syntax show port discard [port-string] Parameters port‐string (Optional) Displays the frame discard mode for specific port(s). For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. Defaults If port‐string is not specified, frame discarded mode will be displayed for all ports.
Assigning Port VLAN IDs (PVIDs) and Ingress Filtering clear port discard Mode Switch command, Read‐Write. Example This example shows how to set Fast Ethernet port 7 in port group 2 to discard both tagged and untagged frames: Matrix(rw)->set port discard fe.2.7 both clear port discard Use this command to reset the frame discard mode to the factory default setting (none). Syntax clear port discard port-string Parameters port‐string Specifies the port(s) for which to reset frame discard mode.
show port egress Configuring the VLAN Egress List Configuring the VLAN Egress List Purpose To assign or remove ports on the egress list of a particular VLAN. This determines which ports will be eligible to transmit frames for a particular VLAN. For example, ports 1, 5, 9, 8 could be assigned to transmit frames belonging to VLAN 5 (VLAN ID=5). The port egress type for all ports defaults to tagging transmitted frames, but can be changed to forbidden or untagged.
Configuring the VLAN Egress List set vlan egress Example This example shows you how to show VLAN egress information for Fast Ethernet ports 1 through 3 in port group 1. In this case, all three ports are allowed to transmit VLAN 1 frames as tagged and VLAN 10 frames as untagged. Both are static VLANs: Matrix(rw)->show port egress fe.1.1-3 Port Vlan Egress Number Id Status Registration Status ------------------------------------------------------fe.1.1 1 tagged static fe.1.
clear vlan egress Configuring the VLAN Egress List Examples This example shows how to add Fast Ethernet ports 5 through 10 in port group 1 to the egress list of VLAN 7. This means that these ports will transmit VLAN 7 frames as tagged: Matrix(rw)->set vlan egress 7 fe.1.5-10 This example shows how to forbid Fast Ethernet ports 13 through 15 in port group 1 from joining VLAN 7 and disallow egress on those ports: Matrix(rw)->set vlan egress 7 fe.1.
Configuring the VLAN Egress List show vlan dynamic egress show vlan dynamic egress Use this command to display which VLANs are currently enabled for VLAN dynamic egress. Syntax show vlan dynamicegress [vlan-list] Parameters vlan‐list (Optional) Displays dynamic egress status for specific VLAN(s). Defaults If vlan‐list is not specified, status for all VLANs where dynamic egress is enabled will be displayed. Mode Switch command, Read‐Only.
set vlan dynamicegress Configuring the VLAN Egress List Example This example shows how to enable the dynamic egress function on VLAN 7: Matrix(rw)->set vlan dynamicegress 7 enable Enterasys Matrix N Standalone (NSA) Series Configuration Guide 7-21
Enabling/Disabling GVRP set vlan dynamicegress Enabling/Disabling GVRP Purpose To dynamically create VLANs across a switched network. The GVRP (GARP VLAN Registration Protocol) command set is used to display GVRP configuration information, the current global GVRP state setting, individual port settings (enable or disable) and timer settings. By default, GVRP is enabled on all ports, and globally on the device.
set vlan dynamicegress Figure 7-1 Enabling/Disabling GVRP Example of VLAN Propagation via GVRP Switch 3 Switch 2 1H152-51 1H152-51 2 4 6 8 10 12 14 16 18 20 22 24 26 28 30 32 34 36 38 40 42 44 46 48 1 3 5 7 9 11 13 15 17 19 21 23 25 27 29 31 33 35 37 39 41 43 45 47 2 4 6 8 1 3 5 7 10 12 14 16 18 20 22 24 26 28 30 32 34 36 38 40 42 44 46 48 9 11 13 15 17 19 21 23 25 27 29 31 33 35 37 39 41 43 45 47 CPU CPU
Enabling/Disabling GVRP show gvrp show gvrp Use this command to display GVRP configuration information. Syntax show gvrp [port-string] Parameters port‐string (Optional) Displays GVRP configuration information for specific port(s). For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. Defaults If port‐string is not specified, GVRP configuration information will be displayed for all ports and the device. Mode Switch command, Read‐Only.
show garp timer Enabling/Disabling GVRP Parameters port‐string (Optional) Displays GARP timer information for specific port(s). For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. Defaults If port‐string is not specified, GARP timer information will be displayed for all ports. Mode Switch command, Read‐Only.
Enabling/Disabling GVRP set gvrp set gvrp Use this command to enable or disable GVRP globally on the device or on one or more ports. Syntax set gvrp {enable | disable} [port-string] Parameters disable | enable Disables or enables GVRP on the device. port‐string (Optional) Disables or enables GVRP on specific port(s). For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2.
set garp timer Enabling/Disabling GVRP Example This example shows how to clear GVRP status globally on the device: Matrix(rw)->clear gvrp set garp timer Use this command to adjust the values of the join, leave, and leaveall timers. Syntax set garp timer {[join timer-value] [leave timer-value] [leaveall timer-value]} port-string Parameters join timer‐value Sets the GARP join timer in centiseconds (Refer to 802.1Q standard.) leave timer‐value Sets the GARP leave timer in centiseconds (Refer to 802.
Enabling/Disabling GVRP clear garp timer Parameters join (Optional) Resets the join timer to 20 centiseconds. leave (Optional) Resets the leave timer to 60 centiseconds. leaveall (Optional) Resets the leaveall timer to 1000 centiseconds. port‐string Specifies the port(s) on which to reset GARP timer(s). For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. Defaults At least one optional parameter must be entered.
8 Policy Classification Configuration This chapter describes the Policy Classification set of commands and how to use them. Note: It is recommended that you use Enterasys NetSight Policy Manager as an alternative to CLI for configuring policy classification on the Enterasys Matrix Series devices. For information about... Refer to page...
Configuring Policy Profiles show policy profile Configuring Policy Profiles Purpose To review, create, change and remove policy profiles for managing network resources. Commands For information about... Refer to page...
show policy profile Configuring Policy Profiles Defaults If optional parameters are not specified, summary information will be displayed for the specified index or all indexes. Mode Switch command, Read‐Only.
Configuring Policy Profiles Table 8-1 set policy profile show policy profile Output Details (continued) Output... What it displays... Replace TCI status Whether or not the TCI overwrite function is enabled or disabled for this profile. Admin Profile Usage Ports administratively assigned to use this policy profile. Oper Profile Usage Ports currently assigned to use this policy profile. Dynamic Profile Usage Port dynamically assigned to use this policy profile.
clear policy profile Configuring Policy Profiles append (Optional) Appends this policy profile setting to settings previously specified for this policy profile by the egress‐vlans, forbidden‐vlans, or untagged‐vlans parameters. If append is not used, previous VLAN settings are replaced. clear (Optional) Clears this policy profile setting from settings previously specified for this policy profile by the egress‐vlans, forbidden‐vlans, or untagged‐vlans parameters.
Configuring Policy Profiles show policy invalid show policy invalid Displays information about the action the device will apply on an invalid or unknown policy. Syntax show policy invalid {action | count | all} Parameters action | count | all Shows the action the device should take if asked to apply an invalid or unknown policy, or the number of times the device has detected an invalid/unknown policy, or both action and count information. Defaults None. Mode Switch command, Read‐Only.
clear policy invalid action Configuring Policy Profiles Example This example shows how to assign a drop action to invalid policies: Matrix(rw)->set policy invalid action drop clear policy invalid action Use this command to reset the action the device will apply to an invalid or unknown policy to the default action of applying the default policy. Syntax clear policy invalid action Parameters None. Defaults None. Mode Switch command, Read‐Write.
Configuring Policy Profiles show policy accounting Example This example shows how to enable TCI overwrite on port fe.1.3: Matrix(rw)->set port tcioverwrite fe.1.3 enable show policy accounting Use this command to display the status of policy accounting. Syntax show policy accounting Parameters None. Defaults None. Mode Switch command, Read‐Only.
clear policy accounting Configuring Policy Profiles clear policy accounting Use this command to restore policy accounting to its default state of enabled. Syntax clear policy accounting Parameters None. Defaults None. Mode Switch command, Read‐Write. Example This example shows how to re‐enable policy accounting: Matrix(rw)->clear policy accounting show policy syslog Use this command to show the message formatting settings.
Configuring Policy Profiles set policy syslog Example This example shows how to display the device formatting of rule usage messages: Matrix(rw)->show policy syslog Syslog machine-readable: disabled Syslog extended-format : disabled set policy syslog Use this command to set the rule usage and extended format syslog policy settings.
clear policy syslog Configuring Policy Profiles clear policy syslog Use this command to clear the rule usage and extended‐format syslog message settings to the default state. Syntax clear policy syslog [machine-readable] [extended-format] Parameters machine‐readable (Optional) Clears the machine‐readable formatting of rule usage messages to its default, which is human‐readable (disabled).
Configuring Policy Profiles show policy maptable Mode Switch command, Read‐Write. Example This example shows how to set the Policy Profile mappings table for VLAN 3 and for Policy ID 8: Matrix(rw)->set policy maptable 3 8 This example shows how to use both tunnel and policy attributes in the RADIUS response for the Policy Profile mappings . Matrix(rw)->set policy maptable response both show policy maptable Use this command to display the VLAN ID ‐ Policy Profile mappings table.
clear policy maptable Configuring Policy Profiles Parameters vlan‐list VLAN ID or range of IDs (1 to 4094). response Applied the filter‐id attribute. Defaults None. Mode Switch command, Read‐Write. Example This example clears the Policy Profile mappings table.
Assigning Classification Rules to Policy Profiles show policy rule Assigning Classification Rules to Policy Profiles Purpose To review, assign and unassign classification and admin rules. Classification rules map policy profiles to protocol‐based frame filtering policies configured for a particular VLAN or Class of Service (CoS). Admin rules assign policy profiles to incoming traffic. Commands For information about... Refer to page...
show policy rule Assigning Classification Rules to Policy Profiles ipsource Displays IP source address rules. iptos Displays Type of Service rules. llcDsapSsap Displays 802.3 DSAP/SSAP rules. macdest Displays MAC destination address rules. macsource Displays MAC source address rules. port Displays port related rules. tcpdestport Displays TCP destination port rules. tcpsourceport Displays TCP source port rules. udpdestport Displays UDP destination port rules.
Assigning Classification Rules to Policy Profiles show policy rule |PID |Rule Type |Rule Data |Mk|PortStr |RS|ST|S|T|D|VLAN|CoS |U| | 1 |Ether |32923 (0x809B) |16|All | A|NV|Y|Y| | 105| |?| | 1 |Ether |33011 (0x80F3) |16|All | A|NV|Y|Y| | 105| |?| | 1 |Ether |33079 (0x8137) |16|All | A|NV|Y|Y| | 101| |?| | 1 |Ether |33080 (0x8138) |16|All | A|NV|Y|Y| | 101| |?| | 1 |Ether |33276 (0x81FC) |16|All | A|NV|Y|Y| |drop| |?| | 2 |Ether |32923 (0x809B) |16|All | A|NV|Y|Y| |
show policy capability Assigning Classification Rules to Policy Profiles show policy capability Use this command to display all policy classification capabilities supported by your Enterasys Matrix Series device. Syntax show policy capability Parameters None. Defaults None. Mode Switch command, Read‐Only. Usage The output of this command shows a table listing classifiable traffic attributes and the type of actions, by rule type, that can be executed relative to each attribute.
Assigning Classification Rules to Policy Profiles set policy classify |MAC source address | X | X | X | X | X | X | X | X | X | |MAC destination address | X | X | X | X | X | X | X | X | X | |IPX source address | X | X | X | X | X | X | X | X | X | |IPX destination address | X | X | X | X | X | X | X | X | X | |IPX source socket | X | X | X | X | X | X | X | X | X | |IPX destination socket | X | X | X | X | X | X | X | X | X | |IPX transmission control | X | X | X | X | X | X | X | X | X | |IP
set policy classify Assigning Classification Rules to Policy Profiles Parameters profile-index Specifies that this is an administrative rule or associates this classification rule with a policy profile index configured with the set policy profile command (“set policy profile” on page 8‐4). Valid profile‐ index values are 1‐ 1023.
Assigning Classification Rules to Policy Profiles set policy rule Examples This example shows how to use Table 8‐3 to create (and enable) a VLAN classification rule to policy 2, classification 65, to drop packets from a source IP address of 172.16.1.2: Matrix(rw)->set policy classify 2 65 vlan drop ipsource 172.16.1.2 set policy rule Use this command to assign incoming untagged frames to a specific policy profile and to VLAN or Class‐of‐Service classification rules.
set policy rule Assigning Classification Rules to Policy Profiles port‐string port‐string (Optional) If admin‐profile is specified, applies this administratively‐ assigned rule to a specific ingress port. Note: Enterasys Matrix Series devices with firmware versions 3.00.xx and higher also support this alternative command to administratively assign a profile rule to a port: set policy port port-string admin-id storage‐type non‐ volatile | volatile Adds or removes this entry from non‐volatile storage.
Assigning Classification Rules to Policy Profiles Table 8-3 clear policy rule Valid Values for Policy Classification Rules Classification Rule Parameter data value mask bits ether Type field in Ethernet II packet: 1536 - 65535 1- 16 Destination or Source IP Address: ipdest ipsource IP Address in dotted decimal format: 000.000.000.000 1 - 48 ipfrag Not applicable. Not applicable.
clear policy all-rules Assigning Classification Rules to Policy Profiles macdest Deletes associated MAC destination address classification rule. macsource Deletes associated MAC source address classification rule. port Deletes associated port‐string classification rule. tcpdestport Deletes associated TCP destination port classification rule . tcpsourceport Deletes associated TCP source port classification rule . udpdestport Deletes associated UDP destination port classification rule .
Assigning Classification Rules to Policy Profiles set policy port set policy port Use this command to assign an administrative rule to a port. Syntax set policy port port-name admin-id Parameters port‐name Specifies the port(s) on which to set assign an administrative rule. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. admin‐id Specify a policy profile index number with a valid range of [1..1023]. Defaults None.
set policy allowed-type Assigning Classification Rules to Policy Profiles Example This example shows how to show information about policies allowed on port ge.1.5: Matrix(rw)->show policy allowed-type ge.1.
Assigning Classification Rules to Policy Profiles clear policy allowed-type Mode Switch command, Read‐Write. Examples This example shows how to allow only rule type 1 (source MAC address classification) to be applied to the admin profile for port ge.1.5: Matrix(rw)->set policy allowed-type ge.1.5 traffic-rule 1 This example shows how to clear only rule type 27 (VLAN classification) from the allowed rule type list on port ge.1.5.
clear policy port-hit Assigning Classification Rules to Policy Profiles Defaults None. Mode Switch command, Read‐Write.
Configuring Policy Class of Service (CoS) clear policy port-hit Configuring Policy Class of Service (CoS) Using Port-Based or Policy-Based CoS Settings Note: It is recommended that you use Enterasys NetSight Policy Manager as an alternative to CLI for configuring policy-based CoS on the Enterasys Matrix Series devices.
clear policy port-hit Configuring Policy Class of Service (CoS) Table 8-4 Configuring User-Defined CoS To do this.... Use these commands... Enable CoS. set cos state If desired, create new or change existing CoS port configurations. set cos port-config irl set cos port config txq Define IRL or TXQ resources (data rates or transmit priorities). set cos port-resource irl set cos port-resource txq Bind a CoS reference index ID to a defined resource.
Configuring Policy Class of Service (CoS) show cos state For information about... Refer to page... set cos settings 8-46 clear cos settings 8-46 show cos violation irl 8-47 clear cos violation irl 8-47 clear cos all-entries 8-48 show cos state Use this command to display the Class of Service enable state. Syntax show cos state Parameters None. Defaults None. Mode Switch command, Read‐Only.
show cos port-type Configuring Policy Class of Service (CoS) Example This example shows how to enable Class of Service: Matrix(rw)->set cos state enable show cos port-type Use this command to display Class of Service port type configurations. Syntax show cos port-type [irl | txq] [index-list] Parameters irl | txq (Optional) Displays inbound rate limiting or transmit queue information. index‐list (Optional) Displays information for a specific port type.
Configuring Policy Class of Service (CoS) ----- ------------ 0 DFE-P 16Q show cos port-type --------64/16 --------- ----------------- -------------- perc ge.1.1-12 ge.1.1-12 perc ge.2.1-30; ge.2.1-30; Kbps ge.3.1-30; ge.3.1-30; Mbps ge.4.1-30; ge.4.1-30; Gbps fe.6.1-48; fe.6.1-48; ge.6.1-6; ge.6.1-6; fe.7.1-72 fe.7.
show cos unit Configuring Policy Class of Service (CoS) Table 8-5 show cos port-type Output Details Output... What it displays... Number of slices / Number of queues The total number of slices of transmit resources that can be divided among port queues, and the total number of queues available. Default port type 0 (7GR4270-12, 7G4270-12, 7G4270-09, and 7G4270-10 DFE modules only). allows 64 slices for 16 queues. Default port type 1 (all other modules) allows 32 slices for 4 queues.
Configuring Policy Class of Service (CoS) show cos port-config 0 irl Kbps 10000000 5121024 1 0 irl perc 100 1 1 1 irl Gbps 10 1 1 1 irl Mbps 10000 1 1 1 irl Kbps 10000000 5121024 1 1 irl perc 100 1 1 show cos port-config Use this command to display Class of Service port group configurations. Syntax show cos port-config [irl | txq] [group-type-index] Parameters irl | txq (Optional) Displays inbound rate limiting or transmit queue information.
set cos port-config irl Configuring Policy Class of Service (CoS) :Q [ 8]: 0 Q [ 9]: 0 Q [10]: 0 Q [11]: 0 :Q [12]: 0 Q [13]: 0 Q [14]: 0 Q [15]: 64 Percentage/queue :Q [ 0]: 0% Q [ 1]: 0% Q [ 2]: 0% Q [ 3]: 0% :Q [ 4]: 0% Q [ 5]: 0% Q [ 6]: 0% Q [ 7]: 0% :Q [ 8]: 0% Q [ 9]: 0% Q [10]: 0% Q [11]: 0% :Q [12]: 0% Q [13]: 0% Q [14]: 0% Q [15]: 100% ---------------------------------------------------------------------Port Group Name :DFE-P 4Q Port Group :0 Port Type :1
Configuring Policy Class of Service (CoS) clear cos port-config irl ports port-list (Optional) Applies this configuration to one or more ports in the port group. append | clear (Optional) Appends or clears port designations from a previously configured port group. Defaults • If a name is not specified, default names described in Table 8‐5 will be applied. • If not specified, this configuration will be applied to all ports in the port group.
set cos port-config txq Configuring Policy Class of Service (CoS) set cos port-config txq Use this command to set the Class of Service transmit queue port group configuration: Syntax set cos port-config txq group-type-index [name name] [ports port-list] [append] | [clear] Parameters group‐type‐index Specifies a transmit queue port group/type index for this entry. Valid entries are in the form of group.type.
Configuring Policy Class of Service (CoS) show cos port-resource name Clears the name associated with this transmit queue entry. ports Clears the port(s) assigned to this port group. Defaults None. Mode Switch command, Read‐Write. Example This example shows how to clear all non‐default CoS transmit queue port group entries: Matrix(rw)->clear cos port-config txq all show cos port-resource Use this command to display Class of Service port resource configuration information.
set cos port-resource irl Configuring Policy Class of Service (CoS) 0.1 2 irl perc none drop none 0.1 3 irl perc none drop none 0.1 4 irl perc none drop none 0.1 5 irl perc none drop none 0.1 6 irl perc none drop none 0.1 7 irl perc none drop none set cos port-resource irl Use this command to configure a Class of Service inbound rate limiting port resource entry.
Configuring Policy Class of Service (CoS) clear cos port-resource irl Example This example shows how to configure Class of Service port resource IRL entry 0 for port group 0.1 assigning an inbound rate limit of 512 kilobits per second This entry will trigger a Syslog and an SNMP trap message if this rate is exceeded: Matrix(rw)->set cos port-resource irl 0.
clear cos port-resource txq Configuring Policy Class of Service (CoS) Parameters group‐type‐index Specifies a transmit queue port group/type index for this entry. Valid entries are in the form of group.type. Group can be 0‐7, with 0 designating the default group, and 1‐7 reserved for user‐defined groups. Default port type values cannot be changed, and are 0 for the 7GR4270‐12, 7G4270‐12, 7G4270‐09, and 7G4270‐10 DFE modules, and 1 for all other modules.
Configuring Policy Class of Service (CoS) show cos reference Mode Switch command, Read‐Write. Example This example shows how to clear all port resource settings associated with Class of Service transmit queue 1 in port group 0.1: Matrix(rw)->clear cos port-resource txq 0.1 1 show cos reference Use this command to display Class of Service port reference information.
set cos reference irl Configuring Policy Class of Service (CoS) 0.1 12 txq 3 0.1 13 txq 3 0.1 14 txq 3 0.1 15 txq 3 set cos reference irl Use this command to set a Class of Service inbound rate limiting reference configuration. Syntax set cos reference irl group-type-index reference rate-limit number Parameters group‐type‐index Specifies an inbound rate limiting port group/type index for this entry. Valid entries are in the form of group.type.
Configuring Policy Class of Service (CoS) set cos reference txq Defaults None. Mode Switch command, Read‐Write. Example This example shows how to clear all Class of Service inbound rate limiting reference entries: Matrix(rw)->clear cos reference irl all set cos reference txq Use this command to set a Class of Service inbound rate limiting reference configuration.
show cos settings Configuring Policy Class of Service (CoS) Parameters all | group‐type‐index Clears all non‐default transmit queue reference entries or a specific entry. reference Specifies a reference number of the entry to be cleared. Defaults None. Mode Switch command, Read‐Write. Example This example shows how to clear all Class of Service transmit queue reference entries: Matrix(rw)->clear cos reference txq all show cos settings Use this command to display Class of Service parameters.
Configuring Policy Class of Service (CoS) set cos settings 6 6 * 12 * 7 7 * 14 * set cos settings Use this command to configure a Class of Service entry. Syntax set cos settings cos-list [priority priority] [tos-value tos-value] [txq-reference txq-reference] [irl-reference irl-reference] Parameters cos‐list Specifies a Class of Service entry. Valid values are 0 ‐ 255. priority priority (Optional) Specifies a CoS priority value. Valid values are 0 ‐ 7, with 0 being the lowest priority.
show cos violation irl Configuring Policy Class of Service (CoS) tos‐value Clears the Type of Service value associated with this entry. txq‐reference Clears the transmit queue reference associated with this entry. irl‐reference Clears the inbound rate limiting reference associated with this entry. Defaults None. Mode Switch command, Read‐Write.
Configuring Policy Class of Service (CoS) clear cos all-entries Parameters all Clears all inbound rate limiting violation entries. disabled‐ports Clears the list of ports that are disabled because of violating an inbound rate limiter. violation-index Clears the entry for a specific violation index. both | status | counter Clears the violation status, the violation counter, or both. Defaults If no options are specified, all information for all types of CoS violations will be displayed.
show route-map Configuring Policy-Based Routing Configuring Policy-Based Routing Router: These commands can be executed when the device is in router mode only. For details on how to enable router configuration modes, refer to “Enabling Router Configuration Modes” on page 2-91. About Policy-Based Routing Normally, IP packets are forwarded according to the route that has been selected by traditional routing protocols, such as RIP and OSPF, or by static routes.
Configuring Policy-Based Routing route-map Parameters id‐number Specifies the ID number for which to display a configured PBR route map list. Valid values for PBR are 100 ‐ 199. Defaults None. Mode Router command, Global configuration: Matrix>Router(config)# Example This example shows how to display route map list 101. In this case, the packet source IP addresses matching ACL lists 2,3,4,8, or 110 will be forwarded to next hop 10.2.1.1, 10.2.2.1 or 10.2.3.1.
match ip address Configuring Policy-Based Routing Defaults • If permit or deny is not specified, this command will enable route map or policy based routing configuration mode. • If sequence‐number is not specified, 10 will be applied. Mode Router command, Global configuration: Matrix>Router(config)# Usage Use this command to add a route map to an existing route map list by specifying the list’s id‐ number and a new sequence‐number. The “no” form of this command removes the specified route map list:.
Configuring Policy-Based Routing set next hop set next hop Use this command to set one or more next hop IP address for packets matching an extended access list in a configured route map. Syntax set next hop {next-hop1}[next-hop2....next-hop5] no set next hop {next-hop1}[next-hop2....next-hop5] Parameters next‐hop Specifies a next hop IP address(es). Up to five can be configured. Defaults None.
ip policy route-map Configuring Policy-Based Routing Example This example shows how to display policy information: Matrix>Router(config)#show ip policy Interface Route map Priority Load policy Pinger Interval Retries 3 103 first first-available off 3 3 2 102 only round-robin on 10 4 Table 8‐6 provides an explanation of the command output. Table 8-6 show ip policy Output Details Output... What it displays... Interface Routing interface.
Configuring Policy-Based Routing ip policy priority Mode Router command, Interface configuration: Matrix>Router(config‐if(Vlan ))# Usage The “no” form of un‐assigns a route map list. Example This example shows how to assign route map 101 to VLAN 1: Matrix>Router(config)#interface vlan 1 Matrix>Router(config-if(Vlan 1))#ip policy route-map 101 ip policy priority Use this command to prioritize PBR next hop behavior.
ip policy load-policy Configuring Policy-Based Routing ip policy load-policy Use this command to configure PBR next hop behavior.
Configuring Policy-Based Routing ip policy pinger interval interval (Optional) When ping is on, specifies the ping interval in seconds. Valid values are 1 ‐ 30. Default is 3. retries retries (Optional) When ping is on, specifies the number of retries (timeout failures) before setting the hop as unavailable. Valid values are 1 ‐ 10. Default is 3. Defaults • If not specified, interval will be set to 3 seconds. • If not specified, retries will be set to 3.
9 IGMP Configuration This chapter describes the IGMP Configuration set of commands and how to use them. For information about... Refer to page... About IP Multicast Group Management 9-1 IGMP Configuration Summary 9-2 Enabling / Disabling IGMP 9-2 Configuring IGMP 9-5 About IP Multicast Group Management The Internet Group Management Protocol (IGMP) runs between hosts and their immediately neighboring multicast switch device.
IGMP Configuration Summary show igmp enable However, note that IGMP neither alters nor routes any IP multicast packets. Since IGMP is not concerned with the delivery of IP multicast packets across subnetworks, an external IP multicast switch device is needed if IP multicast packets have to be routed across different subnetworks. IGMP Configuration Summary Multicasting is used to support real‐time applications such as video conferences or streaming audio.
set igmp enable Enabling / Disabling IGMP Mode Switch command, Read‐Only. Example This example shows how to display the IGMP status for VLAN 104: Matrix(rw)->show igmp enable 104 IGMP Default State for vlan 104 is Disabled set igmp enable Use this command to enable IGMP on one or more VLANs. Syntax set igmp enable vlan-list Parameters vlan‐list Specifies the VLAN(s) on which to enable IGMP. Defaults None. Mode Switch command, Read‐Write.
Enabling / Disabling IGMP Example This example shows how to disable IGMP on VLAN 104: Matrix(rw)->set igmp disable 104 9-4 IGMP Configuration set igmp disable
show igmp query Configuring IGMP Configuring IGMP Purpose To display and set IGMP configuration parameters, including query interval and response time settings, and to create and configure static IGMP entries. Commands For information about... Refer to page...
Configuring IGMP set igmp query-enable Defaults None. Mode Switch command, Read‐Only. Example This example shows how to display the IGMP query state for VLAN 1: Matrix(rw)->show igmp query 1 IGMP querying on vlan 1 is Disabled set igmp query-enable Use this command to enable IGMP querying on one or more VLANs. Syntax set igmp query-enable vlan-list Parameters vlan‐list Specifies the VLAN(s) on which to enable IGMP querying. Defaults None. Mode Switch command, Read‐Write.
show igmp grp-full-action Configuring IGMP Mode Switch command, Read‐Write. Example This example shows how to disable IGMP querying on VLAN 104: Matrix(rw)->set igmp query-disable 104 show igmp grp-full-action Use this command to show what action to take with multicast frames when the multicast IGMP group table is full Syntax show igmp grp-full-action Defaults None. Mode Switch command, Read‐Only.
Configuring IGMP show igmp config Mode Switch command, Read‐Write. Example This example shows how to flood multicast frames to the VLAN when the multicast group table is full: Matrix(rw)->set igmp grp-full-action 2 show igmp config Use this command to display IGMP configuration information for one or more VLANs. Syntax show igmp config vlan-list Parameters vlan‐list Specifies the VLAN(s) for which to display IGMP configuration information. Defaults None. Mode Switch command, Read‐Only.
set igmp config Configuring IGMP Table 9-1 show igmp config Output Details (continued) Output... What it displays... Vlan IGMP Version Whether or not IGMP version is 1 or 2. VlanQuerier IP address of the IGMP querier. VlanQueryMaxResponse Time Maximum query response time (in tenths of a second). VlanRobustness Robustness value. VlanLastMemberQueryIntvl Last member query interval.
Configuring IGMP set igmp delete Example This example shows how to set the IGMP query interval time to 250 seconds on VLAN 1: Matrix(rw)->set igmp config 1 query-interval 250 set igmp delete Use this command to remove IGMP configuration settings for one or more VLANs. Syntax set igmp delete vlan-list Parameters vlan‐list Specifies the VLAN(s) on which configuration settings will be cleared. Defaults None. Mode Switch command, Read‐Write.
show igmp static Configuring IGMP Example This example shows how to display IGMP group information for VLAN 105. In this example, the device knows to forward all multicast traffic for IP group address 224.0.0.2 (VLAN 105) to Fast Ethernet port 2 in port group 2, and 1‐Gigabit Ethernet port 14 in port group 3: Matrix(rw)->show igmp groups 105 ----------------------------------------------------------Vlan Id = 105 Multicast Group Address = 224.0.0.2 Type = IGMP IGMP Port List = fe.2.2 ge.3.
Configuring IGMP set igmp remove-static modify (Optional) Adds new ports to an existing entry. include‐ports (Optional) Port or range of ports. exclude‐ports (Optional) Port or range of ports. Defaults If not specified, the static entry will be created and not modified. Mode Switch command, Read‐Write. Example This example shows how to add port fe.1.3 to the IGMP group at 224.0.2 (VLAN 105): Matrix(rw)->set igmp add-static 224.0.0.2 105 modify include-ports fe.1.
show igmp protocols Configuring IGMP show igmp protocols Use this command to display the binding of IP protocol id to IGMP classification. Syntax show igmp protocols Defaults None. Mode Switch command, Read‐Only.
Configuring IGMP clear igmp protocols Defaults None. Mode Switch command, Read‐Write. Example This example shows how to change IGMP routing protocols to a protocol id of 3: Matrix(rw)->set igmp protocols classification 2 protocol-id 3 modify clear igmp protocols Use this command to clear the binding of IP protocol id to IGMP classification Syntax clear igmp protocols [protocol-id protocol-id] Parameters protocol‐id protocol‐id The protocol ids to change (0‐255). Defaults None.
show igmp reporters Configuring IGMP Example This example shows how to display igmp information for vlan 12: Matrix(rw)->show igmp vlan 12 IGMP Vlan 12 Info IGMP query state : Enabled QueryInterval(sec.) : 125 Status : Active IGMP Version : 2 Querier : 2.25.0.1 QueryMaxResponseTime(sec.) : 10 Robustness : 2 LastMemberQueryIntvl(sec.) : 10 QuerierUpTime : 4 D Router(s) on ports : none. Egressing ports : lag.0.
Configuring IGMP show igmp flows lag.0.2 239.255.12.43 1 Any 253 DYNAMIC lag.0.2 239.255.255.250 1 Any 255 DYNAMIC lag.0.2 239.255.255.250 20 Any 249 DYNAMIC lag.0.4 235.80.68.83 20 Any 237 DYNAMIC lag.0.4 239.255.255.250 20 Any 243 DYNAMIC show igmp flows Use this command to display IGMP flow information. Syntax show igmp flows [portlist portlist] [group group] [vlan-list vlan-list] [sip sip] Parameters portlist portlist (Optional) Port or range of ports.
show igmp number-groups Configuring IGMP Defaults None. Mode Switch command, Read‐Only.
Configuring IGMP show igmp number-groups Example This example shows how to display the number of multicast groups supported by the device.
10 System Logging Configuration This chapter describes system logging commands and how to use them. Note: An Enterasys Feature Guide document that contains a complete discussion on Syslog configuration exists at the following Enterasys web site: http://www.enterasys.com/support/ manuals/ Configuring System Logging Purpose To display and configure system logging, including Syslog server settings, logging severity levels for various applications, Syslog default settings, and the logging buffer.
Configuring System Logging show logging all show logging all Use this command to display all configuration information for system logging. Syntax show logging all Parameters None. Defaults None. Mode Switch command, Read‐Only.
show logging server Configuring System Logging 1 80.80.80.252 Defaults: local7 debugging(8) N-Series local4 debugging(8) 514 enabled 514 Syslog Console Logging enabled Syslog File Logging disabled Table 10‐1 provides an explanation of the command output. Table 10-1 show logging all Output Details Output... What it displays... Application A mnemonic abbreviation of the textual description for applications being logged.
Configuring System Logging set logging server Defaults If index is not specified, all Syslog server information will be displayed. Mode Switch command, Read‐Only. Example This example shows how to display Syslog server configuration information. For an explanation of the command output, refer back to Table 10‐1. Matrix(rw)->show logging server IP Address Facility Severity Description Port Status ------------------------------------------------------------------------1 132.140.82.
clear logging server Configuring System Logging Defaults • If ip‐addr is not specified, an entry in the Syslog server table will be created with the specified index number and a message will display indicating that no IP address has been assigned. • If not specified, facility, severity and port will be set to defaults configured with the set logging default command (“set logging default” on page 10‐6.). • If state is not specified, the server will not be enabled or disabled.
Configuring System Logging set logging default Defaults None. Mode Switch command, Read‐Only. Example This command shows how to display the Syslog server default values. For an explanation of the command output, refer back to Table 10‐1. Matrix(rw)->show logging default. Facility Severity Port ----------------------------------------Defaults: local4 warning(5) 514 set logging default Use this command to set logging default values.
clear logging default Configuring System Logging Example This example shows how to set the Syslog default facility name to local2 and the severity level to 4 (error logging): Matrix(rw)->set logging default facility local2 severity 4 clear logging default Use this command to reset logging default values. Syntax clear logging default{[facility] [severity] [port]} Parameters facility (Optional) Resets the default facility name to local4.
Configuring System Logging show logging application Mode Switch command, Read‐Only. Usage Mnemonics will vary depending on the number and types of applications running on your system. To display a complete list, use the show logging application command as described in “show logging application” on page 10‐7. Sample values and their corresponding applications are listed in Table 10‐3. Mnemonic values are case sensitive and must be typed as they appear in Table 10‐3.
set logging application 90 Configuring System Logging SNMP 6 1-8 1(emergencies) 2(alerts) 3(critical) 4(errors) 5(warnings) 6(notifications) 7(information) 8(debugging) Table 10‐2 provides an explanation of the command output. Table 10-2 show logging application Output Details Output... What it displays... Application A mnemonic abbreviation of the textual description for applications being logged.
Configuring System Logging set logging application Defaults • If level is not specified, none will be applied. • If server is not specified, messages will be sent to all Syslog servers. Mode Switch command, Read‐Write. Usage Mnemonic values are case sensitive and must be typed as they appear in Table 10‐3.
clear logging application Configuring System Logging clear logging application Use this command to reset the logging severity level for one or all applications to the default value of 6 (notifications of significant conditions). Syntax clear logging application {mnemonic | all} Parameters mnemonic | all (Optional) Resets the severity level for a specific application or for all applications. Valid mnemonic values and their corresponding applications are listed in Table 10‐3. Defaults None.
Configuring System Logging set logging local set logging local Use this command to configure log messages to the console and a persistent file. Syntax set logging local console {enable | disable} file {enable | disable} Parameters console enable | disable Enables or disables logging to the console. file enable | disable Enables or disables logging to a persistent file. Defaults None. Mode Switch command, Read‐Write.
set logging here Configuring System Logging set logging here Use this command to enable or disable the current CLI session as a Syslog destination. Syntax set logging here {enable | disable} Parameters enable | disable Enables or disables display of logging messages for the current CLI session. Defaults None. Mode Switch command, Read‐Write. Usage The effect of this command will be temporary if the current CLI session is using Telnet or SSH, but persistent on the console.
Configuring System Logging show logging buffer show logging buffer Use this command to display the last 256 messages logged on all blades. Syntax show logging buffer Parameters None. Defaults None. Mode Switch command, Read‐Only. Example This example shows a portion of the information displayed with the show logging buffer command Matrix(rw)->show logging buffer <165>Sep 4 07:43:09 10.42.71.13 CLI[5]User:rw logged in from 10.2.1.122 (telnet) <165>Sep 4 07:43:24 10.42.71.
11 Network Monitoring Configuration This chapter describes Network Monitoring commands and how to use them. For information about... Refer to page... Monitoring Network Events and Status 11-1 Configuring SMON 11-8 Configuring RMON 11-13 Monitoring Network Events and Status Purpose To display switch events and command history, to set the size of the history buffer, and to display and disconnect current user sessions. Commands For information about... Refer to page...
Monitoring Network Events and Status show history Parameters None. Defaults None. Mode Switch command, Read‐Only. Usage The command history buffer includes all the switch commands entered up to a maximum of 50, as specified in the set history command (“set history” on page 11‐3). Example This example shows how to display the contents of the command history buffer.
set history Monitoring Network Events and Status set history Use this command to set the size of the history buffer. Syntax set history size [default] Parameters size Specifies the size of the history buffer in lines. Valid values are 1 to 100. default (Optional) Makes this setting persist for all future sessions. Defaults If default is not specified, the history setting will not be persistent. Mode Switch command, Read‐Write.
Monitoring Network Events and Status ping Example This example shows how to display statistics for all the current active network connections: Matrix(rw)->show netstat Active Internet connections (including servers) PCB Proto Recv-Q Send-Q Local Address Foreign Address (state) -------- ----- ------ ------ ------------------ ------------------ ------- 1cc6314 TCP 0 0 0.0.0.0.80 0.0.0.0.0 LISTEN 1cc6104 TCP 0 0 0.0.0.0.23 0.0.0.0.0 LISTEN 1cc6290 UDP 0 0 0.0.0.0.162 0.0.0.0.
ping Monitoring Network Events and Status Mode Switch command, Read‐Write. Examples Matrix(rw)‐>ping 134.141.89.29This example shows how to ping IP address 134.141.89.29. In this case, this host is alive: 134.141.89.29 is alive Matrix(rw)‐>ping 134.141.89.255In this example, the host at IP address is not responding: no answer from 134.141.89.255 This example shows how to ping IP address 134.141.89.29 with 10 packets: Matrix(rw)->ping 134.141.89.29 10 PING 134.141.89.29: 56 data bytes 64 bytes from 134.
Monitoring Network Events and Status show users show users Use this command to display information about the active console port or Telnet session(s) logged in to the switch. Syntax show users Parameters None. Defaults None. Mode Switch command, Read‐Only. Example This example shows how to use the show users command. In this output, there are two Telnet users logged in with Read‐Write access privileges from IP addresses 134.141.192.119 and 134.141.192.
disconnect Monitoring Network Events and Status Example This example shows how to tell all users about a system reset: Matrix(rw)->tell all system reset scheduled for 1 p.m. today disconnect Use this command to close an active console port or Telnet session from the switch CLI. Syntax disconnect {ip-addr | console} Parameters ip‐addr Specifies the IP address of the Telnet session to be disconnected. This address is displayed in the output shown in “show users” on page 11‐6.
Configuring SMON show smon priority Configuring SMON Purpose To configure SMON (Switched Network Monitoring) on the device. Commands For information about... Refer to page... show smon priority 11-8 set smon priority 11-9 clear smon priority 11-9 show smon vlan 11-10 set smon vlan 11-11 clear smon vlan 11-11 show smon priority Use this command to display SMON user priority statistics. SMON generates aggregated statistics for IEEE 802.1Q VLAN environments.
set smon priority Configuring SMON -----------------------Interface = ge.3.14 Owner = none Creation = 0 days 0 hours 6 minutes 39 seconds Status = enabled -------------------Priority 0 Packets Octets ---------Total 7981308 2332402460 Overflow 0 0 set smon priority Use this command to create, start, or stop priority‐encoded SMON user statistics counting.
Configuring SMON show smon vlan Parameters port‐string (Optional) Clears statistics for specific port(s). For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. Defaults If port‐string is not specified, priority statistics will be cleared on all ports. Mode Switch command, Read‐Write. Example This example shows how clear SMON priority statistics on 1‐Gigabit Ethernet source port 14 in port group 3: Matrix(rw)->clear smon priority ge.3.
set smon vlan Configuring SMON Status = enabled -------------------VLAN 1 Packets Octets Total 8011072 2070785503 Overflow 0 0 NonUnicast 0 0 NonUnicast Overflow 0 0 set smon vlan Use this command to create, start, or stop SNMP VLAN‐related statistics counting. Syntax set smon vlan {create | enable | disable} port-string [owner] Parameters create | enable | disable Creates, enables, or disables SMON VLAN statistics counting. Create automatically enables (starts) counters.
Configuring SMON clear smon vlan Parameters port‐string (Optional) Clears statistics counting configuration(s) for specific port(s). For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. Defaults If port‐string is not specified, VLAN statistics counting configurations will be cleared for all ports. Mode Switch command, Read‐Write.
clear smon vlan Configuring RMON Configuring RMON RMON Monitoring Group Functions and Commands RMON (Remote Network Monitoring) provides comprehensive network fault diagnosis, planning, and performance tuning information and allows for interoperability between SNMP management stations and monitoring agents. RMON extends the SNMP MIB capability by defining additional MIBs that generate a much richer set of data about network usage.
Configuring RMON Table 11-2 RMON Group Host clear smon vlan RMON Monitoring Group Functions and Commands (continued) What It Does... What It Monitors... CLI Command(s) Records statistics associated with each host discovered on the network. Host address, packets and bytes received and transmitted, and broadcast, multicast and error packets.
show rmon stats Configuring RMON show rmon stats Use this command to display RMON statistics measured for one or more ports. Syntax show rmon stats [port-string] [wide] [bysize] Parameters port‐string (Optional) Displays RMON statistics for specific port(s). For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. wide (Optional) Display most important stats, one line per entry. bysize (Optional) Display counters by packet length.
Configuring RMON show rmon stats Table 11-3 11-16 show rmon stats Output Details Output... What it displays... Port Port designation. Owner Name of the entity that configured this entry. Monitor is default. Data Source Data source of the statistics being displayed. Drop Events Total number of times that the switch was forced to discard frames due to lack of available switch device resources.
set rmon stats Configuring RMON Table 11-3 show rmon stats Output Details (continued) Output... What it displays... 512 – 1023 Octets Total number of frames, including bad frames, received that were between 512 and 1023 bytes in length (excluding framing bits, but including FCS bytes). 1024 – 1518 Octets Total number of frames, including bad frames, received that were between 1024 and 1518 bytes in length (excluding framing bits, but including FCS bytes).
Configuring RMON show rmon history Defaults None. Mode Switch command, Read‐Write. Example This example shows how to delete RMON statistics entry 2: Matrix(rw)->clear rmon stats 2 show rmon history Use this command to display RMON history properties and statistics. The RMON history group records periodic statistical samples from a network. Syntax show rmon history [port-string] [wide] [interval] Parameters port‐string (Optional) Displays RMON history entries for specific port(s).
set rmon history Configuring RMON Sample 2304 Interval Start: 0 days 19 hours 11 minutes 35 seconds Drop Events = 0 Undersize Pkts = 0 Octets = 0 Oversize Pkts = 0 Packets = 0 Fragments = 0 Broadcast Pkts = 0 Jabbers = 0 Multicast Pkts = 0 Collisions = 0 CRC Align Errors = 0 Utilization(%) = 0 set rmon history Use this command to configure an RMON history entry.
Configuring RMON show rmon alarm Parameters index‐list Specifies one or more history entries to be deleted, causing them to disappear from any future RMON queries. to‐defaults Resets all history entries to default values. This will cause entries to reappear in RMON queries. Defaults None. Mode Switch command, Read‐Write. Example This example shows how to delete RMON history entry 1: Matrix(rw)->clear rmon history 1 show rmon alarm Use this command to display RMON alarm entries.
set rmon alarm properties Configuring RMON Sample Type = delta Startup Alarm = rising Interval = 30 Value = 0 Rising Threshold = 1 Falling Threshold = 0 Rising Event Index = 2 Falling Event Index = 0 Table 11‐4 provides an explanation of the command output. Table 11-4 show rmon alarm Output Details Output... What it displays... Index Index number for this alarm entry. Owner Text string identifying who configured this entry.
Configuring RMON set rmon alarm status startup rising | falling | either (Optional) Specifies the type of alarm generated when this event is first enabled as: • Rising ‐ Sends alarm when an RMON event reaches a maximum threshold condition is reached, for example, more than 30 collisions per second. • Falling ‐ Sends alarm when RMON event falls below a minimum threshold condition, for example when the network is behaving normally again.
clear rmon alarm Configuring RMON Parameters index Specifies an index number for this entry. Maximum number or entries is 50. Maximum value is 65535. enable Enables this alarm entry. Defaults None. Mode Switch command, Read‐Write. Usage An RMON alarm entry can be created using this command, configured using the set rmon alarm properties command (“set rmon alarm properties” on page 11‐21), then enabled using this command.
Configuring RMON show rmon event show rmon event Use this command to display RMON event entry properties. Syntax show rmon event [index] Parameters index (Optional) Displays RMON properties and log entries for a specific entry index ID. Defaults If index is not specified, information about all RMON entries will be displayed. Mode Switch command, Read‐Only.
set rmon event properties Configuring RMON set rmon event properties Use this command to configure an RMON event entry, or to create a new event entry with an unused event index number. Syntax set rmon event properties index [description description] [type {none | log | trap | both}] [community community] [owner owner] Parameters index Specifies an index number for this entry. Maximum number of entries is 100. Maximum value is 65535.
Configuring RMON clear rmon event Parameters index Specifies an index number for this entry. Maximum number of entries is 100. Maximum value is 65535. enable Enables this event entry. Defaults None. Mode Switch command, Read‐Write. Usage An RMON event entry can be created using this command, configured using the set rmon event properties command (“set rmon event properties” on page 11‐25), then enabled using this command.
show rmon host Configuring RMON show rmon host Use this command to display RMON properties and statistics associated with each host discovered on the network. Syntax show rmon host [port-string] [address | creation] Parameters port‐string (Optional) Displays RMON properties and statistics for specific port(s). address | creation (Optional) Sorts the display by MAC address or creation time of the entry. Defaults • If port‐string is not specified, information about all ports will be displayed.
Configuring RMON set rmon host properties Out Octets 136 Broadcast Pkts 0 Multicast Pkts 0 set rmon host properties Use this command to configure an RMON host entry. Syntax set rmon host properties index port-string [owner] Parameters index Specifies an index number for this entry. An entry will automatically be created if an unused index number is chosen. Maximum number of entries is 5. Maximum value is 65535. port‐string Configures RMON host monitoring on a specific port.
clear rmon host Configuring RMON Example This example shows how to enable RMON host entry 1: Matrix(rw)->set rmon host status 1 enable clear rmon host Use this command to delete an RMON host entry. Syntax clear rmon host index Parameters index Specifies the index number of the entry to be cleared. Defaults None. Mode Switch command, Read‐Write.
Configuring RMON show rmon topN Example This example shows how to display all RMON TopN properties and statistics. A control entry displays first, followed by actual entries corresponding to the control entry: Matrix(rw)->show rmon topN -------------------Index = 1 Status = 1 valid Owner = monitor Start Time = 0 HostIndex = 1 Rate Base = 1 InPkts Duration = 10 Time Remaining = 0 Requested Size = 10000 Granted Size = 100 Report 1 ------------------Rate = 3 Address = 0.1.f4.6.2e.
set rmon topN properties Configuring RMON set rmon topN properties Use this command to configure an RMON topN entry (report). Syntax set rmon topn properties index [hindex hindex] [rate {inpackets | outpackets | inoctets | outoctets | errors | bcast | mcast}] [duration duration] [size size] [owner owner] Parameters index Specifies an index number for this entry. An entry will automatically be created if an unused index number is chosen. Maximum number of entries is 10. Maximum value is 65535.
Configuring RMON clear rmon topN Parameters index Specifies an index number for this entry. Maximum number of entries is 10. Maximum value is 65535. enable Enables this TopN entry. Defaults None. Mode Switch command, Read‐Write. Example This example shows how to enable RMON TopN entry 1: Matrix(rw)->set rmon topN status 1 enable clear rmon topN Use this command to delete an RMON TopN entry. Syntax clear rmon topN index Parameters index Specifies the index number of the entry to be cleared.
show rmon matrix Configuring RMON Parameters port‐string (Optional) Displays RMON properties and statistics for a specific port(s). source | dest (Optional) Sorts the display by source or destination address. Defaults • If port‐string is not specified, information about all ports will be displayed. • If not specified, information about source and destination addresses will be displayed. Mode Switch command, Read‐Only.
Configuring RMON set rmon matrix properties Table 11-7 show rmon matrix Output Details (continued) Output... What it displays... Octets Number of octets (excluding framing bits, but including FCS octets) contained in all packets transmitted from the source address to the destination address. Errors Errors recorded. set rmon matrix properties Use this command to configure an RMON matrix entry.
clear rmon matrix Configuring RMON Mode Switch command, Read‐Write. Example This example shows how to enable RMON matrix entry 1: Matrix(rw)->set rmon matrix status 1 enable clear rmon matrix Use this command to delete an RMON matrix entry. Syntax clear rmon matrix index Parameters index Specifies the index number of the entry to be cleared. Defaults None. Mode Switch command, Read‐Write.
Configuring RMON set rmon channel Example This example shows how to display RMON channel information for fe.2.12: Matrix(rw)->show rmon channel fe.2.12 Port fe.2.
clear rmon channel Configuring RMON Defaults • If an action is not specified, packets will be accepted on filter matches. • If not specified, control will be set to off. • If onevent and offevent are not specified, none will be applied. • If event status is not specified, ready will be applied. • If a description is not specified, none will be applied. • If owner is not specified, it will be set to monitor. Mode Switch command, Read‐Write.
Configuring RMON set rmon filter Parameters index index | channel channel (Optional) Displays information about a specific filter entry, or about all filters which belong to a specific channel. Defaults If no options are specified, information for all filter entries will be displayed. Mode Switch command, Read‐Only.
clear rmon filter Configuring RMON smask smask (Optional) Specifies the mask applied to status to indicate which bits are significant. snotmask snotmask (Optional) Specifies the inversion mask that indicates which bits should be set or not set data data (Optional) Specifies the data to be matched. dmask dmask (Optional) Specifies the mask applied to data to indicate which bits are significant.
Configuring RMON show rmon capture show rmon capture Use this command to display RMON capture entries and associated buffer control entries. Syntax show rmon capture [index] [nodata] Parameters index (Optional) Displays the specified buffer control entry and all captured packets associated with that entry. nodata (Optional) Displays only the buffer control entry specified by index. Defaults If no options are specified, all buffer control entries and associated captured packets will be displayed.
set rmon capture Configuring RMON set rmon capture Use this command to configure an RMON capture entry, or to enable or disable an existing entry. Syntax set rmon capture index {channel [action {lock | wrap}] [slice slice] [loadsize loadsize] [offset offset] [asksize asksize] [owner owner]} | {enable | disable} Parameters index Specifies a buffer control entry. channel Specifies the channel to which this capture entry will be applied.
Configuring RMON clear rmon capture clear rmon capture Use this command to clears an RMON capture entry. Syntax clear rmon capture index Parameters index Specifies the capture entry to be cleared. Defaults None. Mode Switch command, Read‐Write.
12 Network Address and Route Management Configuration This chapter describes switch‐related network address and route management commands and how to use them. Note: The commands in this section pertain to the Enterasys Matrix Series device from the switch CLI only. For information on router-related network management tasks, including reviewing router ARP tables and IP traffic, refer to Chapter 16.
Managing Switch Network Addresses and Routes show arp For information about... Refer to page... show newaddrtraps 12-13 set newaddrtraps 12-14 show movedaddrtrap 12-14 set movedaddrtrap 12-15 show arp Use this command to display the switch’s ARP table. Syntax show arp Parameters None. Defaults None. Mode Switch command, Read‐Only.
set arp Managing Switch Network Addresses and Routes Table 12-1 show arp Output Details Output... What it displays... IP Address IP address mapped to MAC address. Phys Address MAC address mapped to IP address. Flags Route status. Possible values and their definitions include: S - manually configured entry (static) P - respond to ARP requests for this entry set arp Use this command to add mapping entries to the switch’s ARP table.
Managing Switch Network Addresses and Routes show rad Parameters ip | all Specifies the IP address in the ARP table to be cleared, or clears all ARP entries. Defaults None. Mode Switch command, Read‐Write. Example This example shows how to delete entry 10.1.10.10 from the ARP table: Matrix(rw)->clear arp 10.1.10.10 show rad Use this command to display the status of the RAD (Runtime Address Discovery) protocol on the switch. Syntax show rad Parameters None. Defaults None.
show ip route Managing Switch Network Addresses and Routes Defaults None. Mode Switch command, Read‐Write. Usage The Enterasys Matrix Series device uses BOOTP/DHCP to obtain an IP address if one hasn’t been configured. RAD can also be used to retrieve a text configuration file from the network. In order for RAD to retrieve a text configuration file, the file must be specified in the BootP tab.
Managing Switch Network Addresses and Routes Table 12-2 traceroute show ip route Output Details Output... What it displays... Destination IP address of the host entry. Gateway MAC address of the destination. Mask IP mask of the destination. TOS Type of Service setting. Flags Route status.
traceroute Managing Switch Network Addresses and Routes ‐d (Optional) Sets the debug socket option. ‐t tos (Optional) Sets the type of service (TOS) to be used in probe packets. ‐F (Optional) Sets the ‘don’t fragment’ bit. ‐g gateway (Optional) Specifies a loose source gateway (up to 8 can be specified), or specifies a specific gateway, such as gw1. ‐I (Optional) Specifies the use of ICMP echo requests rather than UDP datagrams. ‐n (Optional) Displays hop addresses numerically.
Managing Switch Network Addresses and Routes set ip route Example This example shows how to use traceroute to display a round trip path to host 192.167.252.17. In this case, hop 1 is the Enterasys Matrix Series switch, hop 2 is 14.1.0.45, and hop 3 is back to the host IP address. Round trip times for each of the three UDP probes are displayed next to each hop: Matrix(rw)->traceroute 192.167.252.17 traceroute to 192.167.252.17 (192.167.252.17), 30 hops max, 40 byte packets 1 matrix.enterasys.com (192.167.
show port mac Managing Switch Network Addresses and Routes Defaults None. Mode Switch command, Read‐Write. Example This example shows how to clear the default gateway: Matrix(rw)->clear ip route default show port mac Use this command to display the MAC address(es) for one or more ports. Syntax show port mac [port-string] Parameters port‐string (Optional) Displays MAC addresses for specific port(s).
Managing Switch Network Addresses and Routes show mac show mac Use this command to display the timeout period for aging learned MAC addresses, and to show MAC addresses in the switch’s filtering database.
set mac Managing Switch Network Addresses and Routes Matrix(rw)->show mac port-string fe.1.3 MAC Address FID Port Type Status ----------------- ---- ------------- ------- ------00-01-F4-32-88-C5 0 fe.1.3 self 00-00-1D-12-11-88 3 fe.1.3 mgmt perm Table 12‐3 provides an explanation of the command output. Table 12-3 show mac Output Details Output... What it displays... MAC Address MAC addresses mapped to the port(s) shown. FID Filter database identifier. Port Port designation.
Managing Switch Network Addresses and Routes clear mac unicast mac‐address fid receive‐port [ageable] This command allows you to statically enter a unicast MAC address (mac-address) into a filtering database (fid) for a single port (receiveport). This entry will be either permanent or ageable where it will age out same as a dynamically learned MAC address.
show newaddrtraps Managing Switch Network Addresses and Routes vlan‐id vlan‐id Specify a VLAN ID from which to clear the MAC address for multicast entries only. static port‐string port‐string Single port to clear (ex. fe.1.1); if not specified, clear command shall be scoped to all ports. type {learned | mgmt} Status type to clear; if not specified, clear command shall be scoped to all ʹlearnedʹ and ʹmgmtʹ entries where mgmt refers to all statically entered MAC addresses.
Managing Switch Network Addresses and Routes set newaddrtraps Example This example shows how to display the status of MAC address traps on ge.1.1 through 3: Matrix(rw)->show newaddrtrap New Address Traps Globally disabled Port Enable State --------- -----------ge.1.1 disabled ge.1.2 disabled ge.1.3 disabled set newaddrtraps Use this command to enable or disable SNMP trap messaging, globally or on one or more ports, when new source MAC addresses are detected.
set movedaddrtrap Managing Switch Network Addresses and Routes Parameters port‐string (Optional) Displays MAC address traps for specific port(s). For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. Defaults If port‐string is not specified, MAC address traps for all ports will be displayed. Mode Switch command, Read‐Only. Example This example shows how to display the status of MAC address traps on ge.1.
Managing Switch Network Addresses and Routes Example This example shows how to globally enable MAC address traps: Matrix(rw)->set movedaddrtrap enable 12-16 Network Address and Route Management Configuration set movedaddrtrap
13 SNTP Configuration This chapter describes Simple Network Time Protocol (SNTP) commands and how to use them. Configuring Simple Network Time Protocol (SNTP) Purpose To configure the Simple Network Time Protocol (SNTP), which synchronizes device clocks in a network. Commands For information about... Refer to page...
Configuring Simple Network Time Protocol (SNTP) show sntp show sntp Use this command to display SNTP client settings. Syntax show sntp Parameters None. Defaults None. Mode Switch command, Read‐Only.
set sntp client Configuring Simple Network Time Protocol (SNTP) Table 13-1 show sntp Output Details (continued) Output... What it displays... Client Mode Whether SNTP client is operating in unicast or broadcast mode. Set using set sntp client command (“set sntp client” on page 13-3). Broadcast Delay Round trip delay for SNTP broadcast frames. Default of 3000 microseconds can be reset using the set sntp broadcastdelay command (“set sntp broadcastdelay” on page 13-5).
Configuring Simple Network Time Protocol (SNTP) clear sntp client Mode Switch command, Read‐Write. Example This example shows how to enable SNTP in broadcast mode: Matrix(rw)->set sntp client broadcast clear sntp client Use this command to clear the SNTP client’s operational mode. Syntax clear sntp client Parameters None. Defaults None. Mode Switch command, Read‐Write.
clear sntp server Configuring Simple Network Time Protocol (SNTP) Example This example shows how to set the server at IP address 10.21.1.100 as an SNTP server: Matrix(rw)->set sntp server 10.21.1.100 clear sntp server Use this command to remove one or all servers from the SNTP server list. Syntax clear sntp server {ip-address | all} Parameters ip‐address Specifies the IP address of a server to remove from the SNTP server list. all Removes all servers from the SNTP server list. Defaults None.
Configuring Simple Network Time Protocol (SNTP) clear sntp broadcast delay Example This example shows how to set the SNTP broadcast delay to 12000 microseconds: Matrix(rw)->set sntp broadcastdelay 12000 clear sntp broadcast delay Use this command to clear the round trip delay time for SNTP broadcast frames. Syntax clear sntp broadcastdelay Parameters None. Defaults None. Mode Switch command, Read‐Write.
clear sntp poll-interval Configuring Simple Network Time Protocol (SNTP) clear sntp poll-interval Use this command to clear the poll interval between unicast SNTP requests. Syntax clear sntp poll-interval Parameters None. Defaults None. Mode Switch command, Read‐Write. Example This example shows how to clear the SNTP poll interval: Matrix(rw)->clear sntp poll-interval set sntp poll-retry Use this command to set the number of poll retries to a unicast SNTP server.
Configuring Simple Network Time Protocol (SNTP) set sntp poll-timeout Parameters None. Defaults None. Mode Switch command, Read‐Write. Example This example shows how to clear the number of SNTP poll retries: Matrix(rw)->clear sntp poll-retry set sntp poll-timeout Use this command to set the poll timeout (in seconds) for a response to a unicast SNTP request. Syntax set sntp poll-timeout timeout Parameters timeout Specifies the poll timeout in seconds. Valid values are 1 to 30. Defaults None.
show timezone Configuring Simple Network Time Protocol (SNTP) Mode Switch command, Read‐Write. Example This example shows how to clear the SNTP poll timeout: Matrix(rw)->clear sntp poll-timeout show timezone Use this command to display SNTP time zone settings. Syntax show timezone Parameters None. Defaults None. Mode Switch command, Read‐Only.
Configuring Simple Network Time Protocol (SNTP) Defaults If offset hours or minutes are not specified, none will be applied. Mode Switch command, Read‐Write. Example This example shows how to set the time zone to EST with an offset of minus 5 hours: Matrix(rw)->set timezone ETS -5 0 clear timezone Use this command to remove SNTP time zone adjustment values. Syntax clear timezone Parameters None. Defaults None. Mode Switch command, Read‐Write.
14 Node Alias Configuration This chapter describes node alias commands and how to use them. Configuring Node Aliases Purpose To review, configure, disable and re‐enable node (port) alias functionality, which determines what network protocols are running on one or more ports. Commands For information about... Refer to page...
Configuring Node Aliases show nodealias mac Defaults If port‐string is not specified, node alias properties will be displayed for all ports. Mode Switch command, Read‐Only. Usage Node aliases are dynamically assigned upon packet reception to ports enabled with an alias agent, which is the default setting on Enterasys Matrix Series devices. Node aliases cannot be statically created, but can be deleted using the clear node alias command (“clear nodealias” on page 14‐7).
show nodealias mac Configuring Node Aliases Parameters mac_address Specifies a MAC address for which to display node alias entries. This can be a full or partial address.
Configuring Node Aliases show nodealias protocol Example This example shows how to display node alias entries for BPDU traffic on MAC addresses beginning with 00‐e0. Refer back to Table 14‐1 for a description of the command output. Matrix(rw)->show nodealias mac 00-e0 bpdu Port: lag.0.1 Time: 0 days 01 hrs 34 mins 53 secs -------------------------------------------------------Alias ID = 306783575 Active = true Vlan ID = 1 MAC Address = 00-e0-63-59-f4-3d Protocol = bpdu Port: lag.0.
show nodealias config Configuring Node Aliases Parameters ip | apl | mac | hsrp | dhcps | dhcpc | bootps | bootpc | ospf | vrrp | ipx | xrip | xsap | ipx20 | rtmp | netBios | nbt | bgp | rip | igrp | dec | bpdu | udp Specifies the protocol for which to display node alias entries. Refer back show nodealias mac (“show nodealias mac” on page 14‐2) for a detailed description of these parameters.
Configuring Node Aliases set nodealias Defaults If port‐string is not specified, node alias configurations will be displayed for all ports. Mode Switch command, Read‐Only. Example This example shows how to display node alias configuration settings for ports fe.2.1 through 9: Matrix(rw)->show nodealias config fe.2.1-9 Port Number Max Entries Used Entries Status ----------- ----------- ------------ ------ fe.2.1 16 0 Enabled fe.2.2 47 0 Enabled fe.2.3 47 2 Enabled fe.2.
set nodealias maxentries Configuring Node Aliases Defaults None. Mode Switch command, Read‐Write. Usage Upon packet reception, node aliases are dynamically assigned to ports enabled with an alias agent, which is the default setting on Enterasys Matrix Series devices. Node aliases cannot be statically created, but can be deleted using the clear node alias command as described in “clear nodealias” on page 14‐7. Example This example shows how to disable the node alias agent on fe.1.
Configuring Node Aliases clear nodealias config Parameters port‐string port‐string Specifies the port(s) on which to remove all node alias entries. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. alias‐id alias‐id Specifies the ID of the node alias to remove. This value can be viewed using the show nodealias command as described in “show nodealias” on page 14‐1. Defaults None. Mode Switch command, Read‐Write.
15 NetFlow Configuration This chapter describes NetFlow commands and how to use them. Note: An Enterasys Feature Guide document that contains a complete discussion on NetFlow configuration exists at the following Enterasys web site: http://www.enterasys.com/support/ manuals/ Configuring NetFlow NetFlow is a protocol developed for collecting IP traffic information.
Configuring NetFlow • It has accumulated the maximum number of NetFlow records per packet, which is 30, or • It has accumulated fewer than 30 NetFlow records and the active flow timer has expired, or • The flow expires (ages out or is invalidated). Note: A flow is a unidirectional sequence of packets having a set of common properties, travelling between between a source and a destination endpoint.
show netflow Configuring NetFlow For information about... Refer to page...
Configuring NetFlow set netflow cache Export Interval: 30 (min) Number of Entries: 196607 Inactive Timer: 40 (sec) Template Refresh-rate: 20 (packets) Template Timeout: 30 (min) Enabled Ports: ----------------ge.1.11,23 set netflow cache Use this command to enable (create) or disable (free up) a NetFlow cache on each DFE blade in the Enterasys Matrix system. Syntax set netflow cache {enable | disable} Parameters enable | disable Enable or disable the NetFlow cache. Defaults None.
set netflow export-destination Configuring NetFlow Defaults None. Mode Switch command, Read‐Write. Usage When this command is executed, NetFlow is effectively disabled on the system. Example This example shows how to remove the NetFlow caches on the DFE blades and disable NetFlow: Matrix(rw)->clear netflow cache set netflow export-destination Use this command to configure the NetFlow collector destination.
Configuring NetFlow set netflow export-interval Parameters ip‐address (Optional) Specifies the IP address of the NetFlow collector to clear. udp‐port (Optional) Specifies the UDP port number used by NetFlow collector. Defaults Since only one collector address per Enterasys Matrix system is supported, entering the IP address and UDP port information is not required. Executing this command without any parameters will return the collector address to “Not Configured.” Mode Switch command, Read‐Write.
clear netflow export-interval Configuring NetFlow clear netflow export-interval Use this command to clear NetFlow export interval to its default of 30 minutes. Syntax clear netflow export-interval Parameters None. Defaults None. Mode Switch command, Read‐Write. Example This example shows how to return the NetFlow export interval to its default value: Matrix(rw)->clear netflow export-interval set netflow port Use this command to enable NetFlow collection on a port.
Configuring NetFlow clear netflow port clear netflow port Use this command to return a port to the default NetFlow collection state of disabled. Syntax clear netflow port port-string Parameters port‐string Specifies the port or ports on which to disable NetFlow collection. Defaults None. Mode Switch command, Read‐Write. Example This example shows how to disable NetFlow collection on port ge.1.1: Matrix(rw)->clear netflow port ge.1.
clear netflow export-version Configuring NetFlow Example This example shows how to set the flow record format to Version 9: Matrix(rw)->set netflow export-version 9 clear netflow export-version Use this command to return the NetFlow flow record format used to export data to the default of Version 5. Syntax clear netflow export-version Parameters None. Defaults None. Mode Switch command, Read‐Write.
Configuring NetFlow set netflow template Parameters refresh‐rate packets The number of export packets sent that causes a template to be retransmitted by an individual DFE blade. The value of packets can range from 1 to 600. The default value is 20 packets. timeout minutes The length of the timeout period, in minutes, after which a template is retransmitted by all blades in the system. The value of minutes can range from 1 to 3600. The default value is 30 minutes.
clear netflow template Configuring NetFlow clear netflow template Use this command to reset the Version 9 template refresh rate and/or timeout values to their default values. Syntax clear netflow template {[refresh-rate] [timeout]} Parameters refresh‐rate Clear the template packet refresh rate to the default value of 20 packets. timeout Clear the template timeout to the default value of 30 minutes.
Configuring NetFlow 15-12 NetFlow Configuration clear netflow template
16 IP Configuration This chapter describes the Internet Protocol (IP) configuration set of commands and how to use them. Router: Unless otherwise noted, the commands covered in this chapter can be executed only when the device is in router mode. For details on how to enable router configuration modes, refer to “Enabling Router Configuration Modes” on page 2-91. For information about... Refer to page...
Configuring Routing Interface Settings Table 16-1 show interface VLAN and Loopback Interface Configuration Modes For Routing Interface Type... Enter (in Global Configuration Mode)... Resulting Prompt... VLAN vlan vlan-id Matrix>Router (config-if(Vlan 1))# Loopback loopback loopback-id Matrix>Router (config-if (Lpbk 1))# Local (software loopback) lo local-id Matrix>Router (config-if (Lo 1))# For details on how to enable all router CLI configuration modes, refer back to Table 2‐9.
interface Configuring Routing Interface Settings Mode Router command, Any router mode. Example This example shows how to display information for all interfaces configured on the router. In this case, one loopback interface has been configured for routing. For a detailed description of this output, refer to Table 16‐2Matrix>Router#show interface : Vlan 1 is Administratively DOWN Vlan 1 is Operationally DOWN Mac Address is: 0001.f4da.
Configuring Routing Interface Settings ip ecm-forwarding-algorithm details on configuration modes supported by the Enterasys Matrix Series device and their uses, refer to Table 2‐9 in “Enabling Router Configuration Modes” on page 2‐91. VLANs must be created from the switch CLI before they can be configured for IP routing. For details on creating VLANs and configuring them for IP, refer to “Reviewing and Configuring Routing” on page 2‐89.
show ip interface Configuring Routing Interface Settings show ip interface Use this command to display information, including administrative status, IP address, MTU (Maximum Transmission Unit) size and bandwidth, and ACL configurations, for interfaces configured for IP. Syntax show ip interface [vlan vlan-id | loopback loopback-id | lo loopback-id] Parameters vlan vlan‐id | loopback loopback‐id lo loopback‐id (Optional) Displays information for a specific VLAN, loopback, or local interface.
Configuring Routing Interface Settings Table 16-2 ip address show ip interface Output Details (continued) Output... What it displays... MAC-Address MAC address mapped to this interface. Set using the ip mac-address command as described in “ip mac-address” on page 16-16. Incoming | Outgoing Access List Whether or not an access control list (ACL) has been configured on this interface using the commands described in “Configuring Access Lists” on page 24-15.
no shutdown Configuring Routing Interface Settings Usage Each Enterasys Matrix Series routing module or standalone device supports up to routing interfaces, with up to 50 secondary addresses (200 maximum per router) allowed for each primary IP address. The “no” form of this command removes the specified IP address and disables the interface for IP processing. Example This example sets the IP address to 192.168.1.1 and the network mask to 255.255.255.
Managing Router Configuration Files show running-config Managing Router Configuration Files Each Enterasys Matrix Series device provides a single configuration interface which allows you to perform both switch and router configuration with the same command set.This section demonstrates managing configuration files while operating in router mode only.
write Managing Router Configuration Files interface vlan 10 ip address 99.99.2.10 255.255.255.0 no shutdown ! router ospf 1 network 99.99.2.0 0.0.0.255 area 0.0.0.0 network 192.168.100.1 0.0.0.0 area 0.0.0.0 write Use this command to save or delete the router running configuration, or to display it to output devices. Syntax write [erase | file [filename config-file] | terminal] Parameters erase (Optional) Deletes the router‐specific file.
Managing Router Configuration Files no ip routing exit router rip network 182.127.0.0 exit disable exit no ip routing Use this command to disable IP routing on the device and remove the routing configuration. Syntax no ip routing Parameters None. Defaults None. Mode Router command, Global configuration: Matrix>Router(config)# Usage By default, IP routing is enabled when interfaces are configured for it as described in “Configuring Routing Interface Settings” on page 16‐1.
no ip routing Performing a Basic Router Configuration Performing a Basic Router Configuration Using Router-Only Config Files Although the Enterasys Matrix Series’ single configuration interface provides one set of commands to perform both switch and router configuration, it is still possible to use router‐only commands to configure the router. To do so, you need to add router config wrappers to your existing router config files, as shown in Figure 16‐1.
Reviewing and Configuring the ARP Table show ip arp Reviewing and Configuring the ARP Table Purpose To review and configure the routing ARP table, to enable proxy ARP on an interface, and to set a MAC address on an interface. Commands For information about... Refer to page...
arp Reviewing and Configuring the ARP Table Mode Any router mode. Example This example shows how to use the show ip arp command: Matrix>Router#show ip arp Protocol Address Age (min) Hardware Addr Type Interface -----------------------------------------------------------------------------Internet 134.141.235.251 0 0003.4712.7a99 ARPA Vlan1 Internet 134.141.235.165 - 0002.1664.a5b3 ARPA Vlan1 Internet 134.141.235.167 4 00d0.cf00.
Reviewing and Configuring the ARP Table ip gratuitous-arp Parameters ip‐address Specifies the IP address of a device on the network. Valid values are IP addresses in dotted decimal notation. mac‐address Specifies the 48‐bit hardware address corresponding to the ip‐address expressed in hexadecimal notation. arpa Specifies ARPA as the type of ARP mapping. Defaults None.
ip gratuitous-arp-learning Reviewing and Configuring the ARP Table Usage The “no” form of this command resumes default ARP processing as described in RFC 826, update an existing ARP entry from either a gratuitous ARP reply or request.
Reviewing and Configuring the ARP Table ip proxy-arp ip proxy-arp Use this command to enable proxy ARP on an interface. This variation of the ARP protocol allows the routing module to send an ARP response on behalf of an end node to the requesting host. Syntax ip proxy-arp [default-route] [local] no ip proxy-arp Parameters default‐route (Optional) Sets the router to respond to ARP requests for hosts that are only reachable via the default route.
arp timeout Reviewing and Configuring the ARP Table Mode Router command, Interface configuration: Matrix>Router(config‐if(Vlan 1))# Usage By default, every routing interface uses the same MAC address. If the user needs interfaces to use different MAC addresses, this command will allow it. It is the user’s responsibility to select a MAC address that will not conflict with other devices on the VLAN since the Enterasys Matrix Series device will not automatically detect this conflict.
Reviewing and Configuring the ARP Table clear arp-cache Use this command to delete all nonstatic (dynamic) entries from the ARP table. Syntax clear arp-cache Parameters None. Defaults None.
ip directed-broadcast Configuring Broadcast Settings Configuring Broadcast Settings Applying DHCP/BOOTP Relay DHCP/BOOTP relay functionality is applied with the help of IP broadcast forwarding. A typical situation occurs when a host requests an IP address with no DHCP server located on that segment.
Configuring Broadcast Settings ip forward-protocol Usage The “no” form of this command disables IP directed broadcast globally. Example This example shows how to enable IP directed broadcasts on VLAN 1: Matrix>Router(config)#interface vlan 1 Matrix>Router(config-if(Vlan 1))#ip directed-broadcast ip forward-protocol Use this command to enable UDP broadcast forwarding and specify which protocols will be forwarded.
ip helper-address Configuring Broadcast Settings Example This example shows how to enable forwarding of Domain Naming System UDP datagrams (port 53): Matrix>Router(config)#ip forward-protocol udp 53 ip helper-address Use this command to enable DHCP/BOOTP relay and the forwarding of local UDP broadcasts specifying a new destination address. Syntax ip helper-address address no ip helper-address address Parameters address Specifies a destination broadcast of host address used when forwarding.
Reviewing IP Traffic and Configuring Routes show ip protocols Reviewing IP Traffic and Configuring Routes Purpose To review IP protocol information about the device, to review IP traffic and configure routes, to enable and send router ICMP (ping) messages, and to execute traceroute. Commands For information about... Refer to page...
show ip traffic Reviewing IP Traffic and Configuring Routes Example This example shows how to display IP protocol information. In this case, the routing protocol is RIP (Routing Information Protocol).
Reviewing IP Traffic and Configuring Routes Frags: clear ip stats 0 reassembled, 0 timeouts 0 couldn't reassemble 0 fragmented, 0 couldn't fragment Bcast: 1 received, 8 sent Mcast: 0 received, 16 sent Sent: 24 generated, 0 forwarded 0 no route ICMP Statistics: Rcvd: 4 total, 0 checksum errors, 0 redirects, 0 unreachable, 4 echo 0 echo reply, 0 mask requests, 0 quench 0 parameter, 0 timestamp, 0 time exceeded, Sent: 6 total, 0 redirects, 0 unreachable, 0 echo, 4 echo reply 0 mask requests, 2 mas
show ip route Reviewing IP Traffic and Configuring Routes Example This example shows how to clear all IP traffic counters: Matrix>Router#clear ip stats show ip route Use this command to display information about IP routes.
Reviewing IP Traffic and Configuring Routes ip route Example This example shows how to display all IP route information. In this case, there are routes directly connected to VLANs 1 and 2, two static routes connected to VLAN 1 (one indirectly, and one via another network IP), and one RIP route.
ip icmp Reviewing IP Traffic and Configuring Routes Examples This example shows how to set IP address 10.1.2.3 as the next hop gateway to destination address 10.0.0.0. The route is assigned a tag of 1: Matrix>Router(config)#ip route 10.0.0.0 255.0.0.0 10.1.2.3 1 This example shows how to set IP address 10.1.2.3 as the next hop gateway to destination address 10.0.0.0. The route is set as permanent and assigned a tag of 20: Matrix>Router(config)#ip route 10.0.0.0 255.0.0.0 10.1.2.
Reviewing IP Traffic and Configuring Routes ping ping Use this command to test routing network connectivity by sending IP ping requests. Syntax ping ip-address Parameters ip‐address Specifies the IP address of the system to ping. Defaults None. Mode Router command, Privileged EXEC: Matrix>Router# Usage The ping utility (IP ping only) transmits a maximum of five echo requests, with a packet size of 100.
traceroute Reviewing IP Traffic and Configuring Routes Parameters host Specifies a host to which the route of an IP packet will be traced. Defaults None. Mode Router command, Privileged EXEC: Matrix>Router# Usage Three ICMP probes will be transmitted for each hop between the source and the traceroute destination. Examples This example shows how to use traceroute to display a round trip path to host 192.167.252.46. In this case, hop 1 is an unnamed router at 192.167.201.2, hop 2 is “rtr10” at 192.4.9.
Configuring Debug IP Packet debug ip packet access-group Configuring Debug IP Packet Purpose Debug IP packet is an IP based packet monitor that allows for the monitoring of all IP traffic received and transmitted from an N‐Series router forwarding engine. Debug IP Packet uses SYSLOG messages to display packet information. Packet filtering takes place by assigning a router access group to the debug ip packet command and is based on the groups ACL entries.
debug ip packet restart Configuring Debug IP Packet Mode Router command, Router configuration: Matrix>Router(config)# Router Exec: Matrix>Router# Usage • Too high a throttle or limit value may require a second CLI session for CLI access due to the volume of potential data. • Use the debug ip packet restart command to restart the utility when the display limit has been reached.
Configuring Debug IP Packet show debugging Parameters None. Defaults None. Mode Router command, Router configuration: Matrix>Router(config)# Router Exec: Matrix>Router# Usage By default, 30 packet will be display and then the packet monitor will stop. To collect another 30 packets, use this command. The default of 30 can be modified with the debug ip packet access‐ group limit parameter.
no debug ip packet Configuring Debug IP Packet Parameters None. Defaults None.
Configuring Debug IP Packet 16-34 IP Configuration no debug ip packet
17 PIM Configuration This chapter describes the Protocol Independent Multicast (PIM) configuration set of commands and how to use them. Router: Unless otherwise noted, the commands covered in this chapter can be executed only when the device is in router mode. For details on how to enable router configuration modes, refer to “Enabling Router Configuration Modes” on page 2-91. Configuring PIM Important Notice PIM is an advanced routing feature that must be enabled with a license key.
Configuring PIM ip pim sparse mode For information about... Refer to page... show ip mforward 17-11 show ip rpf 17-12 ip pim sparse mode Use this command to enable Protocol Independent Multicast (PIM) Sparse Mode (SM) on a routing interface. Syntax ip pim sparse-mode no ip pim sparse-mode Parameters None. Defaults None. Mode Router command, Interface configuration: Matrix>Router(config‐if(Vlan 1))# Usage The “no” form of this command disables PIM on an interface.
ip pim dr-priority Configuring PIM Parameters pim‐interface Interface of the BSR candidate. This interface must be enabled with PIM as described in “ip pim sparse mode” on page 17‐2. hash‐mask‐length (Optional) Length of a mask to be added with the group address before the hash function is called. All groups with the same seed hash correspond to the same Rendezvous Point (RP). This option provides one RP for multiple groups. A hash‐mask‐length value of 30 will be automatically applied.
Configuring PIM ip pim rp-address Mode Router command, Interface configuration: Matrix>Router(config‐if(Vlan 1))# Usage The “no” form of this command disables the DR functionality. Example This example sets the DR priority to 20 on VLAN 1: Matrix>Router(config)#interface vlan 1 Matrix>Router(config-if(Vlan 1))#ip pim dr-priority 20 ip pim rp-address Use this command to set a static rendezvous point (RP) for a multicast group.
ip pim rp-candidate Configuring PIM ip pim rp-candidate Use this command to enable the router to advertise itself as a PIM candidate rendezvous point (RP) to the BSR. Syntax ip pim rp-candidate pim-interface group-address group-mask [priority priority] no ip pim rp-candidate pim-interface group-address group-mask Parameters pim‐interface Interface to advertise as an RP candidate. This interface must be enabled with PIM as described in “ip pim sparse mode” on page 17‐2.
Configuring PIM show ip pim interface Mode Router command, Privileged EXEC: Matrix>Router# Example This example shows how to display BootStrap Router (BSR) information: Matrix>Router#show ip pim bsr PIMv2 Elected Bootstrap Router Information: BSR Address: 10.0.0.1 Bsr Priority: 77 Bsr Hash Mask Length: 30 Bsr Uptime: 00:01:10 Bsr Expiry: 00:00:49 This Router is a Candidate Bootstrap Router (CBSR) Candidate BSR Address: 10.0.0.
show ip pim neighbor Configuring PIM Parameters interface (Optional) Displays information about a specific PIM interface. This interface must be enabled with PIM as described in “ip pim sparse mode” on page 17‐2. Defaults If not specified, information about all PIM interfaces will be displayed.
Configuring PIM show ip pim rp Parameters interface (Optional) Displays information about a specific PIM interface. This interface must be enabled with PIM as described in “ip pim sparse mode” on page 17‐2. Defaults If not specified, information about all PIM interfaces will be displayed.
show ip pim rp Configuring PIM Parameters group (Optional) Displays active RPs for any existing multicast group(s). mapping (Optional) Displays all RP mappings. multicast‐group‐address (Optional) Displays RP information for a specific multicast group IP address. Defaults If no optional parameters are specified, all active RPs will be displayed.
Configuring PIM show ip pim rp-hash show ip pim rp-hash Use this command to display the rendezvous point (RP) that is being selected for a specified group. Syntax show ip pim rp-hash group-address Parameters group‐address Displays information about a specific group address. Defaults None. Mode Router command, Privileged EXEC: Matrix>Router# Example This example shows how to display RP hash information: Matrix>Router#show ip pim rp-hash RP 192.168.41.
show ip mforward Configuring PIM Example This example shows a portion of the IP multicast routing table display. In this case, it shows there are nine source PIM sparse mode (PIMSM) multicast networks.
Configuring PIM show ip rpf Example This example shows a portion of the IP multicast forwarding table display: Matrix>Router#show ip mforward IP Multicast Forwarding Table 1 of 8: (63.63.100.1/32, 225.1.2.3) Sources: 63.63.100.1 Incoming interface: Vlan-999 Outgoing interface list: Vlan-410, Forward/Sparse Vlan-555, Forward/Sparse Vlan-910, Forward/Sparse Vlan-920, Forward/Sparse show ip rpf Use this command to display the reverse path of an address in the unicast table.
18 Network Address Translation (NAT) Configuration This chapter describes the Network Address Translation (NAT) configuration set of commands and how to use them. Router: Unless otherwise noted, the commands covered in this chapter can be executed only when the device is in router mode. For details on how to enable router configuration modes, refer to “Enabling Router Configuration Modes” on page 2-91.
Configuring Network Address Translation (NAT) NAT works with DNS by having the DNS Application Specific Gateway (ALG) translate an address that appears in a Domain Name System response to a name or inverse lookup. NAT works with FTP by having the FTP ALG translate the FTP control payload. Both FTP PORT CMD packets and PASV packets, containing IP address information within the data portion, are supported.
ip nat Configuring Network Address Translation (NAT) ip nat Use this command to enable NAT on this interface. Syntax ip nat {inside | outside} no ip nat {inside | outside} Parameters inside Specifies that this internal network interface should be enabled for NAT as a private interface. outside Specifies that this external network interface should be enabled for NAT as a public interface. Defaults None. Mode Router command, Interface configuration: Matrix‐>Router(config‐if)#.
Configuring Network Address Translation (NAT) ip nat inside source list Parameters name Specifies the name of this NAT pool. start‐ip‐address Specifies the start of the IP address range for members of this NAT pool. end‐ip‐address Specifies the end of the IP address range for members of this NAT pool. netmask (Optional) Specifies the netmask for this NAT pool range. prefix‐length (Optional) Specifies the prefix length for this NAT pool range.
ip nat inside source static (NAT) Configuring Network Address Translation (NAT) Mode Router command, Global configuration: Matrix‐>Router(config)# Usage Packets from addresses that match those on the specified access list are translated using global addresses allocated from the named pool. The optional overload key enables NAPT translation. The optional interface VLAN parameter ensures that the translation only applies to packets being transmitted out the specified VLAN.
Configuring Network Address Translation (NAT) ip nat inside source static (NAPT) ip nat inside source static (NAPT) Use this command to enable static NAPT translation of inside source addresses. Syntax ip nat inside source static {tcp | udp} local-ip local-port global-ip global-port no ip nat inside source static {tcp | udp} local-ip local-port global-ip global-port Parameters local‐ip Specifies the private IP address for this static NAPT translation.
ip nat secure-plus Configuring Network Address Translation (NAT) Defaults None. Mode Router command, Global configuration: Matrix‐>Router(config)# Usage The no version of the command resets the FTP control port to the default value.
Configuring Network Address Translation (NAT) ip nat translation max-entries ip nat translation max-entries Use this command to configure the maximum number of translation entries. Syntax ip nat translation max-entries number no ip nat translation max-entries Parameters number Specifies the maximum number of translation entries allowed for this router. Default value of 32000. Defaults None.
show ip nat translations Configuring Network Address Translation (NAT) dns‐timeout Specifies the timeout value applied to the DNS translations. Default: 240 seconds. ftp‐timeout Specifies the timeout value applied to the FTP translations. Default: 240 seconds. seconds Specifies the timeout value in seconds. Defaults If seconds is not specified, see the parameter table above for the default value.
Configuring Network Address Translation (NAT) show ip nat statistics tcp 81.1.1.1:1030 172.111.1.4:50025 DynOver 3 tcp 81.1.1.1:1031 172.111.1.4:50026 DynOver 3 tcp 81.1.1.1:1032 172.111.1.4:50027 DynOver 1 tcp 81.1.1.1:1033 172.111.1.4:50028 DynOver 1 tcp 81.1.1.1:1034 172.111.1.4:50029 DynOver 1 NAT translation count = 10.
show ip nat statistics Configuring Network Address Translation (NAT) Examples This example displays the NAT statistics for this router: Matrix->Router(config)#show ip nat statistics Nat current status: Active Nat secure plus: Disable Total translations: 953 (0 static, 953 dynamic) Outside interface: vlan 3000, vlan Inside interface: 21, vlan 20 vlan 3005, vlan 3004, vlan 3003, vlan 3002, vlan 3001, vlan 15 Created translations:961, Expired translations: 8, Misses:0 Binding Resource Allocation
Configuring Network Address Translation (NAT) clear ip nat translation access-list 35 refcount 28 pool vlan 3000: netmask 0.0.0.0 start 85.1.1.1 end 85.1.1.1 type napt, total addresses 1, allocated 1, max_ports 32000, used_ports 28 (0%) , misses 0 clear ip nat translation Use this command to clear active dynamic NAT translations. Syntax clear ip nat translation Parameters None. Defaults None.
clear ip nat translation inside (NAPT) Configuring Network Address Translation (NAT) Usage This command clears an active translation. Use the no ip nat inside source static command to delete a static NAT configuration. Example This example clears the simple NAT translation for private address 10.10.10.50 and uniquely public address 45.20.10.5: Matrix->Router(config)#clear ip nat translation inside 45.20.10.5 10.10.10.
Configuring Network Address Translation (NAT) set router limits (NAT) set router limits (NAT) Use this command to set NAT configuration limits.
show router limits (NAT) Configuring Network Address Translation (NAT) Example This example sets the maximum NAT cache size to 1000: Matrix(rw)->set router limits nat-cache 1000 show router limits (NAT) Use this command to display NAT router limit configuration settings.
Configuring Network Address Translation (NAT) clear router limits (NAT) Route Table Limit - 12000 (default) TWCB maximum Bindings - 32000 (default) TWCB Cache size - 2000 (default) TWCB maximum Configs - 1 (default) 2000 (default) This example displays the NAT cache‐size limit for this system: Matrix(su)->show router limits nat-cache NAT Cache size - clear router limits (NAT) Use this command to reset NAT router limits to the default values.
clear router limits (NAT) Configuring Network Address Translation (NAT) Example This example resets the NAT cache router limits setting to the default value: Matrix(rw)->clear router limits nat-cache Enterasys Matrix N Standalone (NSA) Series Configuration Guide 18-17
Configuring Network Address Translation (NAT) 18-18 Network Address Translation (NAT) Configuration clear router limits (NAT)
19 LSNAT Configuration This chapter describes the Load Sharing Network Address Translation (LSNAT) configuration set of commands and how to use them. Router: Unless otherwise noted, the commands covered in this chapter can be executed only when the device is in router mode. For details on how to enable router configuration modes, refer to Enabling Router Configuration Modes on page 2-91.
Configuring Load Sharing Network Address Translation (LSNAT) • When different virtual server IPs (VIPs) share the same real server in different server farms, the persistence level must be set the same. • In general, in order to edit or delete a virtual server or real server (serverfarm) configuration, the devices must be first configured “out of service” (no inservice) before the changes will be allowed.
Configuring Load Sharing Network Address Translation (LSNAT) would only require the use of one binding hardware resource (instead of one per service per client). In order to use sticky persistence, the following configuration criteria are required: • Sticky persistence must be configured for the server farm group (with the sticky command) as well as for the virtual server (with the persistence level command). • The real servers in this server farm are to be used for all services.
Configuring Load Sharing Network Address Translation (LSNAT) the UDP port. If the server responds with an ICMP “Port Unreachable” message, it is concluded that the port is not active and the server is reported as “DOWN”. Otherwise, if the server either gets data back from the request to the server or does not get any response at all, it is assumed that the port is active and the server is reported as “UP”.
Configuring Load Sharing Network Address Translation (LSNAT) Purpose To review and configure Load Sharing Network Address Translation (LSNAT). LSNAT Configuration Task List and Commands Table 19‐1 lists the mandatory and optional tasks and commands for configuring LSNAT on the Enterasys Matrix Series device. Commands are described in the associated sections as shown. Table 19-1 LSNAT Configuration Task List and Commands Task Use these commands...
Configuring Load Sharing Network Address Translation (LSNAT) Table 19-1 show ip slb serverfarms LSNAT Configuration Task List and Commands (continued) Task Use these commands... Associate a virtual server with a server farm. serverfarm (“serverfarm (Virtual Server)” on page 19-22) Configure a virtual server IP address (VIP). virtual (“virtual” on page 19-22) Enable a virtual server for service.
ip slb ftpctrlport Configuring Load Sharing Network Address Translation (LSNAT) Parameters detail (Optional) Displays detailed output for a specific server farm or for all configured server farms. serverfarmname (Optional) Specifies a server farm name for which to display information. Defaults If no parameter is specified, summary information for all configured server farms will be displayed. Mode Router command, Any router mode.
Configuring Load Sharing Network Address Translation (LSNAT) ip slb serverfarm Example This example shows how to specify port 46 as the FTP control port for server load balancing: Matrix>Router(config)#ip slb ftpctrlport 46 ip slb serverfarm Use this command to identify an LSNAT server farm and enable server load balancing (SLB) server farm configuration mode. Syntax ip slb serverfarm serverfarmname no ip slb serverfarm serverfarmname Parameters serverfarmname Specifies a server farm name.
predictor Configuring Load Sharing Network Address Translation (LSNAT) Defaults None. Mode Router command, SLB Server Farm Configuration mode: Matrix>Router(config‐slb‐sfarm)# Usage For backwards compatibility, entering a port number is optional for TCP session persistence only. However, the recommended procedure is to always configure a port number for a real server. All real servers in the same server farm should be configured to use the same port.
Configuring Load Sharing Network Address Translation (LSNAT) sticky Example This example shows how to specify Least Connections as the server selection algorithm for the “httpserver” server farm: Matrix>Router(config)#ip slb serverfarm httpserver Matrix>Router(config-slb-sfarm)#predictor leastconns sticky Use this command to configure sticky session persistence for this server farm. Syntax sticky no sticky Parameters None. Defaults None.
show ip slb reals Configuring Load Sharing Network Address Translation (LSNAT) Parameters detail (Optional) Displays detailed output for a specific server farm or for all configured server farms. serverfarm serverfarmname (Optional) Specifies a server farm name for which to display information. Defaults If no parameter is specified, summary information about all configured server farms will be displayed. Mode Router command, Any router mode.
Configuring Load Sharing Network Address Translation (LSNAT) show ip slb reals Current Connections on this real server: 0 Current state of this real server: UP Maximum Connections : Unlimited Real Server Weight : 1 InService real-serv-ip:port server-farm type ins stat wgt maxcon conns -----------------------------------------------------------------------------192.169.1.11:23 matrix both IS UP 1 N\A 0 192.169.1.10:23 matrix ping IS UP 1 2 0 192.169.2.
inservice (real server) Configuring Load Sharing Network Address Translation (LSNAT) inservice (real server) Use this command to enable a real LSNAT server. Syntax inservice no inservice Parameters None. Defaults None. Mode Router command, SLB Real Server Configuration mode: Matrix>Router(config‐slb‐real)# Usage The “no” form of this command removes the real server from service. Example This example shows how to enable the real server IP 10.1.2.
Configuring Load Sharing Network Address Translation (LSNAT) faildetect (real server) Parameters type both | ping | app [upd] | acv [udp] Specifies that the failure detection mechanism will be ping, TCP or UDP application, ACV, or that both application TCP and ping methods will be used as follows: • acv ‐ Set or reset auto command verification as the fail detect mechanism • app ‐ Set or reset application port monitoring as the fail detect mechanism • both ‐ Set or reset ping and application TCP as the fa
faildetect acv-command Configuring Load Sharing Network Address Translation (LSNAT) Matrix>Router(config-slb-real)#faildetect type app udp Matrix>Router(config-slb-real)#inservice This example sets the ACV protocol to TCP for the real server at IP 10.1.2.5 in the “SF‐TCP” server farm: Matrix>Router(config)#ip slb serverfarm SF-TCP Matrix>Router(config-slb-sfarm)#real 10.1.2.
Configuring Load Sharing Network Address Translation (LSNAT) faildetect acv-reply faildetect acv-reply Use this command to set the expected validation ACV reply string from the server application port. Syntax faildetect acv-reply “reply-string” Parameters reply‐string Specifies the expected reply returned from the server to the command string sent to the server. Defaults None.
faildetect read-till-index Configuring Load Sharing Network Address Translation (LSNAT) Usage A Carriage Return / Line Feed character “\\r\\n” is appended to the quit string when it is sent to the server. It is not necessary to put a CR or LF in your acv‐quit string. For example, when working with FTP, use “BYE” rather than “BYE\\r\\n.
Configuring Load Sharing Network Address Translation (LSNAT) maxconns maxconns Use this command to limit the number of connections to a real LSNAT server. Syntax maxconns maximum-number no maxconns Parameters maximum‐number Specifies the maximum number of connections allowed. The default condition is unlimited number of connections. Defaults None.
show ip slb vservers Configuring Load Sharing Network Address Translation (LSNAT) Mode Router command, SLB Real Server Configuration mode: Matrix>Router(config‐slb‐real)# Usage The “no” form of this command resets the weight load number to the default value of 1. Example This example shows how to set the weight load number to 100 on the real server at IP 10.1.2.3 in the “httpserver” server farm: Matrix>Router(config)#ip slb serverfarm httpserver Matrix>Router(config-slb-sfarm)#real 10.1.2.
Configuring Load Sharing Network Address Translation (LSNAT) show ip slb vservers five 3.3.3.3 80 ten TCP 41 IS test 192.169.10.88 80 big TCP 240 IS ftp This example shows how to display detailed information about the “test” virtual server: Matrix Router(config)#>show ip slb vservers test detail Virtual Server : test Virtual Server IP : 192.168.2.
ip slb vserver Configuring Load Sharing Network Address Translation (LSNAT) Table 19-3 show ip slb vservers Output Details (continued) Output... What it displays... client(s) allowed to use the virtual server(s) Clients with permission to access this server. Set with the client command as described in “client” on page 19-24. client(s) allowed direct access to the real server(s) Clients with permission to access this server without LSNAT translation.
Configuring Load Sharing Network Address Translation (LSNAT) serverfarm (Virtual Server) serverfarm (Virtual Server) Use this command to associate a virtual server with an LSNAT server farm. Syntax serverfarm serverfarm-name no serverfarm serverfarm-name Parameters serverfarm‐name Specifies a server farm name. Must be previously configured with the ip slb serverfarm command as described in “ip slb serverfarm” on page 19‐8. Defaults None.
virtual Configuring Load Sharing Network Address Translation (LSNAT) Parameters ip‐address Specifies an IP address for the virtual server. tcp | udp Specifies TCP or UDP as the protocol used by the virtual server. port Specifies a TCP or UDP port number (0 through 65535) or port name to be used by this virtual server. Specifying 0 indicates all ports can be used by this virtual server, and should be used only with sticky session persistence configuration.
Configuring Load Sharing Network Address Translation (LSNAT) inservice (virtual server) inservice (virtual server) Use this command to enable a virtual LSNAT server. Syntax inservice no inservice Parameters None. Defaults None. Mode Router command, SLB Virtual Server Configuration mode: Matrix>Router(config‐slb‐vserver)# Usage The “no” form of this command removes the virtual server from service.
persistence level Configuring Load Sharing Network Address Translation (LSNAT) Parameters ip‐address (Optional) Specifies a client’s IP address. network‐mask (Optional) Specifies a client’s network mask. Defaults None. Mode Router command, SLB Virtual Server Configuration mode: Matrix>Router(config‐slb‐vserver)# Usage If no clients are specified with this command, all clients will be allowed to use a virtual server.
Configuring Load Sharing Network Address Translation (LSNAT) persistence level Parameters tcp | ssl | sticky (Optional) Specifies the type of binding that is used to connect a client to a server. TCP is the default. TCP will bind based on four fields within the packets (source IP address, destination IP address, source port, and destination port). SSL will bind based on source IP address, destination IP address, and destination port.
allow accessservers Configuring Load Sharing Network Address Translation (LSNAT) This example shows how to use sticky session persistence, in conjunction with the sticky server farm parameter. Matrix>Router(config)#ip slb serverfarm lsnat Matrix>Router(config-slb-sfarm)#sticky Matrix>Router(config-slb-sfarm)#real 10.1.2.10 port 80 Matrix>Router(config-slb-real)#inservice Matrix>Router(config-slb-real)#exit Matrix>Router(config-slb-sfarm)#real 10.1.2.
Configuring Load Sharing Network Address Translation (LSNAT) ip slb allowaccess_all Example This example shows how to allow clients at 10.24.16.12 through 10.24.16.42 non‐LSNAT access to the virtual server named “virtual‐http”: Matrix>Router(config)#ip slb vserver virtual-http Matrix>Router(config-slb-vserver)#allow accessservers 10.24.16.12 10.24.16.
show ip slb conns Configuring Load Sharing Network Address Translation (LSNAT) Matrix>Router(config-slb-real)#inservice Matrix>Router(config-slb-real)#exit Matrix>Router(config-slb-sfarm)#exit Matrix>Router(config)#ip slb vserver virtual-http Matrix>Router(config-slb-vserver)#serverfarm httpserver Matrix>Router(config-slb-vserver)#virtual 10.1.4.5 tcp www Matrix>Router(config-slb-vserver)#persistence level tcp 360 Matrix>Router(config-slb-vserver)#allow accessservers 10.24.16.12 10.24.16.
Configuring Load Sharing Network Address Translation (LSNAT) 1 192.169.1.11 192.168.1.253 show ip slb stats 23 1249 TCP OUT-SERVR REPLY This example shows how to display detailed information about active server load balancing connections: Matrix>Router#show ip slb conns detail Connection Flow ID : 3 Real Server IP : 172.17.1.2 Client IP : 169.225.1.
show ip slb sticky Configuring Load Sharing Network Address Translation (LSNAT) Parameters None. Defaults None. Mode Router command, Any router mode. Example This example shows how to display server load balancing connection statistics: Matrix>Router#show ip slb stats created conns established conns deleted conns --------------------------------------------------------------3 2 1 show ip slb sticky Use this command to display server load balancing active sticky connections.
Configuring Load Sharing Network Address Translation (LSNAT) clear ip slb clear ip slb Use this command to clear server load balancing counters or to remove server load balancing connections. Syntax clear ip slb {[counters] [connections {all | flowid flowid | serverfarm serverfarm | vserver vserver}]} Parameters counters Clears all server load balancing counters.
set router limits (LSNAT) Configuring Load Sharing Network Address Translation (LSNAT) Usage This command must be executed from the switch CLI.
Configuring Load Sharing Network Address Translation (LSNAT) clear router limits (LSNAT) Defaults • If not specified, maximum bindings will be set to the default value of 5000. • If not specified, cache size will be set to the default value of 1000. • If not specified, maximum configs will be set to the default value of 50. That is, up to 50 server farms, 50 virtual servers, and 50 direct access entries can be configured, and up to 500 real servers and 500 client access entries can be configured.
clear router limits (LSNAT) Configuring Load Sharing Network Address Translation (LSNAT) Mode Switch command, Read‐Write. Usage This command must be executed from the switch CLI. Note: Router limits can also be cleared in the following contexts: To clear NAT router limits see “clear router limits (NAT)” on page 18-16. To clear TWCB router limits see “clear router limits (TWCB)” on page 23-17.
Configuring Load Sharing Network Address Translation (LSNAT) 19-36 LSNAT Configuration clear router limits (LSNAT)
20 DHCP Configuration This chapter describes the Dynamic Host Configuration Protocol (DHCP) configuration set of commands and how to use them. Router: Unless otherwise noted, the commands covered in this chapter can be executed only when the device is in router mode. For details on how to enable router configuration modes, refer to “Enabling Router Configuration Modes” on page 2-91.
DHCP Overview To configure DHCP on the Enterasys Matrix‐N or standalone device, you must configure an IP address pool, client parameters, and optional static IP address for a specified scope. Where several subnets are accessed through a single port, you can also define multiple scopes on the same interface and group the scopes together into a superscope. DHCP Task List The CLI commands for DHCP Server provide functionality for: 1. Configuring a DHCP local pool for a subnet (required) 2.
DHCP Overview Table 20-1 DHCP Server Supported Options DHCP Option Option Code Domain Name 15 Swap Server 16 Root Path 17 Extensions Path 18 IP Forwarding Enable/Disable 19 Non Local Source Routing Enable/Disable 20 Policy Filter 21 Max Datagram Reassembly Size 22 Default IP Time-to-live 23 Path MTU Aging Timeout 24 Path MTU Plateau Table 25 Interface MTU 26 All Subnets Are Local 27 Broadcast Address 28 Perform Mask Discovery 29 Mask Supplier 30 Perform Router Discovery
DHCP Overview Table 20-1 DHCP Server Supported Options DHCP Option Option Code Renewal Time Value 58 Rebinding Time Value 59 NIS+ Domain 64 NIS+ Servers 65 Mobile IP Home Agent 68 SMTP Server 69 POP3 Server 70 NNTP Server 71 Default WWW Server 72 Default Finger Server 73 Default IRC Server 74 StreetTalk Server 75 StreetTalk Directory Assistance Server 76 Relay Agent Information 82 Defined in RFC-3046 Subnet Selection 118 Defined in RFC3011 DHCP Command Modes Except for cle
DHCP Overview Table 20-2 DHCP Command Modes (continued) Mode Usage Access Method Resulting Prompt DHCP Class Configuration Mode Configure a DHCP client class. Type client-class and the client class name from DHCP Pool or Host Configuration Mode. Matrix>Router (config-dhcp-class)# DHCP Host Configuration Mode Configure DHCP host parameters. Type clientidentifier and the identifier, or hardware-address and an address from any DHCP configuration mode.
DHCP Overview ip dhcp server For information about... Refer to page... clear ip dhcp binding 20-20 show ip dhcp server statistics 20-20 clear ip dhcp server statistics 20-22 ip dhcp server Use this command to enable DHCP server features on a routing interface. Syntax ip dhcp server no ip dhcp Parameters None. Defaults None.
exclude DHCP Overview Defaults None. Mode Router command, Global configuration: Matrix>Router(config)# Usage The “no” form of this command removes the local address pool. Example This example shows how to configure a local address pool called “localpool” on IP subnet 172.20.28.0/24. Mask can also be expressed as 255.255.255.0: Matrix>Router(config)#ip local pool localpool 172.20.28.
DHCP Overview ip dhcp ping packets ip dhcp ping packets Use this command to specify the number of packets a DHCP server sends to an IP address before assigning the address to a requesting client. Syntax ip dhcp ping packets number no ip dhcp ping packets Parameters number Specifies the number of ping packets to be sent. Valid values are 0 ‐ 10. Default is 2. Defaults None.
ip dhcp pool DHCP Overview Usage The “no” form of this command resets the ping timeout to the default value. Example This example shows how to set the DHCP ping timeout to 900 milliseconds: Matrix>Router(config)#ip dhcp ping timeout 900 ip dhcp pool Use this command to assign a name to a DHCP server pool of addresses, and to enable DHCP address pool configuration mode. Syntax ip dhcp pool name no ip dhcp pool name Parameters name Specifies a DHCP address pool name.
DHCP Overview dns-server Parameters domain Specifies a domain name string. Defaults None. Mode Router command, Any DHCP configuration mode. Usage This command configures DHCP option 15. The “no” form of this command deletes a DHCP domain name. Example This example shows how to assign the “mycompany.com” domain name to the “localpool” address pool: Matrix>Router(config)#ip dhcp pool localpool Matrix>Router(config-dhcp-pool)#domain-name mycompany.
netbios-name-server DHCP Overview Example This example shows how to assign a DNS server at 11.12.1.99 to the “localpool” address pool: Matrix>Router(config)#ip dhcp pool localpool Matrix>Router(config-dhcp-pool)#dns-server 11.12.1.99 netbios-name-server Use this command to assign one or more NetBIOS WINS servers to DHCP clients. Syntax netbios-name-server address [address2...address8] no netbios-name-server Parameters address Specifies the IP address of a NetBIOS WINS server. address2...
DHCP Overview default-router Parameters type Specifies the NetBIOS node type. Valid values and their corresponding types are: • h‐node — hybrid (recommended) • b‐node — broadcast • p‐node — peer‐to‐peer • m‐mode — mixed Defaults None. Mode Router command, Any DHCP configuration mode. Usage This command configures DHCP option 46. The “no” form of this command deletes the NetBIOS node type.
bootfile DHCP Overview Usage This command configures DHCP option 3. The ʺnoʺ form of this command deletes the default router list. Example This example shows how to assign a default router at 14.12.1.99 to the “localpool” address pool: Matrix>Router(config)#ip dhcp pool localpool Matrix>Router(config-dhcp-pool)#default-router 14.12.1.99 bootfile Use this command to specify the default boot image for a DHCP client.
DHCP Overview option Parameters ip‐address Specifies the next server in the boot process by IP address. Defaults None. Mode Router command, Any DHCP configuration mode. Usage The next server is the server the client will contact for the boot file if the primary server is not able to supply it.
lease DHCP Overview Usage These configuration parameters and other control information are carried in tagged data items that are stored in the options field of the DHCP message to network hosts. All options specified in Table 20‐1 on page 20‐2 may be configured using this command.
DHCP Overview host Usage The “no” form of this command resets the lease duration to the default value of 1 day (24 hours). Example This example shows how to set a one‐hour lease to the “localpool” address pool: Matrix>Router(config)#ip dhcp pool localpool Matrix>Router(config-dhcp-pool)#lease 0 1 host Use this command to specify an IP address and network mask for manual DHCP binding. Syntax host address [mask | prefix-length] no host Parameters address Specifies the IP address of the DHCP client.
client-identifier DHCP Overview Parameters name Specifies a name for a DHCP client class. Defaults None. Mode Router command, Any DHCP configuration mode. Usage Using this command to give a set of client class properties a name, allows you to assign properties to all DHCP clients within the class rather than configuring each client separately. This command also enables DHCP class configuration mode. The “no” form of this command deletes a client class name.
DHCP Overview client-name Example This example shows how to assign client MAC address 00.01f4.0127 within “clientclass1”: Matrix>Router(config)#ip dhcp pool localpool Matrix>Router(config-dhcp-pool)#client-identifier 0100.01f4.0127 client-class clientclass1 client-name Use this command to assign a name to a DHCP client. Syntax client-name name [client-class name] no client-name name Parameters name Specifies a name for a DHCP client. Note: The client name should not include the domain name.
show ip dhcp binding DHCP Overview Parameters hardware‐address Specifies the MAC address of the client’s hardware platform. type (Optional) Specifies a hardware protocol or client class name. Valid values and their corresponding meanings are: • 1 ‐ 10Mb Ethernet • 6 or ieee802 ‐ IEEE 802 networks • client‐class name ‐ Client class (configured as described in “show ip dhcp binding” on page 20‐19). • ethernet ‐ 10Mb Ethernet Defaults If type is not specified, Ethernet will be applied.
DHCP Overview clear ip dhcp binding Example This example shows how to display the DHCP binding address parameters, including an associated Ethernet MAC addresses, lease expiration dates, type of address assignments, and whether the lease is active: Matrix>(config-dhcp-pool)#show ip dhcp binding IP address Hardware address Lease expiration Type Act. 172.28.1.249 00a0.c976.6d38 APR 09 2004 03:33PM Automatic Y 172.28.1.254 00a0.ccd1.
show ip dhcp server statistics DHCP Overview Mode Router command, Any DHCP configuration mode.
DHCP Overview clear ip dhcp server statistics Table 20-3 show ip dhcp server statistics Output Details (continued) Output... What it displays... Received Number of messages received by the DHCP server. Sent Number of messages sent by the DHCP server. clear ip dhcp server statistics Use this command to reset all DHCP server counters. Syntax clear ip dhcp server statistics Parameters None. Defaults None.
21 Routing Protocol Configuration This chapter describes the Routing Protocol Configuration set of commands and how to use them. Router: The commands covered in this chapter can be executed only when the device is in router mode. For details on how to enable router configuration modes, refer to “Enabling Router Configuration Modes” on page 2-91. For information about... Refer to page...
Configuring RIP router rip Table 21-1 RIP Configuration Task List and Commands To do this... Use these commands... Enable RIP configuration mode and associate a network. router rip (“router rip” on page 21-2) Allow unicast updates by defining a neighboring router. neighbor (RIP) (“neighbor” on page 21-4) Configure an administrative distance. distance (“distance” on page 21-4) Apply offsets to RIP routing metrics. ip rip offset (“ip rip offset” on page 21-5) Adjust timers.
network Configuring RIP Parameters None. Defaults None. Mode Router command, Global configuration: Matrix>Router(config)# Usage You must execute the router rip command to enable the protocol before completing many RIP‐ specific configuration tasks. For details on enabling configuration modes, refer to Table 2‐8 in “Enabling Router Configuration Modes” on page 2‐91. The “no” form of this command disables RIP.
Configuring RIP neighbor Example This example shows how to attach network 192.168.1.0 to the RIP routing process: Matrix>Router(config)#router rip Matrix>Router(config-router)#network 192.168.1.0 neighbor Use this command to instruct the router to send unicast RIP information to an IP address. Syntax neighbor ip-address no neighbor ip-address Parameters ip‐address Specifies the IP address of a directly connected neighbor with which RIP will exchange routing information. Defaults None.
ip rip offset Configuring RIP Parameters weight Specifies an administrative distance for RIP routes. Valid values are 1 ‐ 255. Defaults None. Mode Router command, Router configuration: Matrix>Router(config‐router)# Usage If several routes (coming from different protocols) are presented to the Enterasys Matrix Series Route Table Manager (RTM), the protocol with the lowest administrative distance will be chosen for route installation. By default, RIP administrative distance is set to 120.
Configuring RIP timers Defaults None. Mode Router command, Interface configuration: Matrix>Router(config‐if(Vlan 1))# Usage Adding an offset on an interface is used for the purpose of making an interface a backup. The “no” form of this command removes an offset.
ip rip send version Configuring RIP Example This example shows how to set RIP timers to a 5 second update time, a 10 second invalid interval, a 20 second holdown time, and a 60 second flush time: Matrix>Router(config)#router rip Matrix>Router(config-router)#timers basic 5 10 20 60 ip rip send version Use this command to set the RIP version(s) for update packets transmitted on an interface. Syntax ip rip send version {1 | 2 | r1compatible} no ip rip send version Parameters 1 Specifies RIP version 1.
Configuring RIP key chain Parameters 1 Specifies RIP version 1. 2 Specifies RIP version 2. 12 Specifies RIP versions 1 and 2. none Specifies that no RIP routes will be processed on this interface. Defaults None. Mode Router command, Interface configuration: Matrix>Router(config‐if(Vlan 1))# Usage The “no” form of this command restores the default version of the RIP module update packets that are accepted on the interface.
key Configuring RIP Example This example shows how to create a RIP authentication key chain called “md5key”: Matrix>Router(config)#key chain md5key key Use this command to identify a RIP authentication key on a key chain. Syntax key key-id no key key-id Parameters key‐id Specifies an authentication number for a key. Valid number are from 0 to 4294967295. Only one key is supported per key chain in this Enterasys Matrix Series release. Defaults None.
Configuring RIP accept-lifetime Parameters text Specifies the authentication string that must be sent and received in RIP packets. The string can contain from 1 to 16 uppercase and lowercase alphanumeric characters, except that the first character cannot be a number. Defaults None. Mode Router command, Key chain key configuration: Matrix>Router(config-keychain-key)# Usage The “no” form of this command removes the authentication string.
send-lifetime Configuring RIP end‐time Specifies the hours, minutes and seconds (hh:mm:ss) and the month, date and year from the start‐time the key is valid to be received. infinite Specifies that the key is valid to be received from the start‐time on. Defaults None. Mode Router command, Key chain key configuration: Matrix>Router(config‐keychain‐key)# Usage The “no” form of this command removes the accept‐lifetime configuration for an authentication key.
Configuring RIP ip rip authentication keychain Defaults None. Mode Router command, Key chain key configuration: Matrix>Router(config‐keychain‐key)# Usage The “no” form of this command removes the send‐lifetime configuration for an authentication key. Start time can be specified, but is not mandatory.
ip rip authentication mode Configuring RIP ip rip authentication mode Use this command to set the authentication mode when a key chain is present. Syntax ip rip authentication mode {text | md5} no ip rip authentication mode Parameters text Initiates text‐only authentication. md5 Initiates MD5 authentication. Defaults None.
Configuring RIP ip rip disable-triggered-updates Usage This command is necessary for enabling CIDR for RIP on the Enterasys Matrix Series device. By default, RIP version 2 supports automatic route summarization, which summarizes subprefixes to the classful network boundary when crossing network boundaries. Disabling automatic route summarization enables CIDR, allowing RIP to advertise all subnets and host routing information on the Enterasys Matrix Series device.
ip split-horizon poison Configuring RIP ip split-horizon poison Use this command to enable or disable split horizon poison‐reverse mode for RIP packets. Syntax ip split-horizon poison no ip split-horizon poison Parameters None. Defaults None. Mode Router command, Interface configuration: Matrix>Router(config‐if(Vlan 1))# Usage Split horizon prevents packets from exiting through the same interface on which they were received.
Configuring RIP receive-interface Mode Router command, Router configuration: Matrix>Router(config‐router)# Usage This command does not prevent RIP from monitoring updates on the interface. The “no” form of this command disables passive interface. Example This example shows how to set VLAN 2 as a passive interface.
distribute-list Configuring RIP distribute-list Use this command to filter networks received and to suppress networks from being advertised in RIP updates. Syntax distribute-list access-list-number {in vlan vlan-id | out vlan vlan-id} no distribute-list access-list-number {in vlan vlan-id | out vlan vlan-id} Parameters access‐list‐number Specifies the number of the IP access list. This list defines which networks are to be advertised and which are to be suppressed in routing updates.
Configuring RIP redistribute Parameters connected Specifies that non‐RIP routing information discovered via directly connected interfaces will be redistributed. ospf Specifies that OSPF routing information will be redistributed in RIP. process‐id Specifies the process ID, an internally used identification number for each instance of the OSPF routing process run on a router. Valid values are 1 to 65535.
redistribute Configuring OSPF Configuring OSPF Important Notice OSPF is an advanced routing feature that must be enabled with a license key. If you have purchased an advanced license key, and have enabled routing on the device, you must activate your license as described back in “Activating Licensed Features” on page 2-58 in order to enable the OSPF command set. If you wish to purchase an advanced routing license, contact Enterasys Networks Sales.
Configuring OSPF redistribute own forwarding engine that uses this information to make forwarding decisions locally on the module that receives the frame. These engines independently make forwarding decisions based on route and rule information distributed by the router protocol process. In a stable network, the distributed route and rule information is fairly constant.
redistribute Configuring OSPF OSPF Configuration Task List and Commands Table 21‐2 lists the tasks and commands associated with OSPF configuration. Commands are described in the associated section as shown. Note: Activating your advanced routing license, and enabling OSPF with the router ospf and network commands are required if you want to run OSPF on the device. All other tasks are optional. . Table 21-2 OSPF Configuration Task List and Commands To do this... Use these commands...
Configuring OSPF router ospf Table 21-2 OSPF Configuration Task List and Commands (continued) To do this... Use these commands... Enable passive OSPF mode on an interface. passive-interface (“passive-interface” on page 21-36) Enable redistribution from non-OSPF routes. redistribute (“redistribute” on page 21-37) Limit link state database overflow.
network Configuring OSPF Mode Router command, Global configuration: Matrix>Router(config)# Usage You must execute the router ospf command to enable the protocol before completing many OSPF‐ specific configuration tasks. For details on enabling configuration modes, refer to Table 2‐8 in “Enabling Router Configuration Modes” on page 2‐91. Only one OSPF process (process‐id) is allowed per Enterasys Matrix Series routing module or standalone device.
Configuring OSPF router id Example This example shows how to configure IP address 182.127.62.1 0.0.0.31 as OSPF area 0: Matrix>Router(config)#router ospf 1 Matrix>Router(config-router)#network 182.127.62.1 0.0.0.31 area 0 router id Use this command to set the OSPF router ID for the device. Syntax router id ip-address no router id Parameters ip‐address Specifies the IP address that OSPF will use as the router ID. Defaults None.
ip ospf priority Configuring OSPF Mode Router command, Interface configuration: Matrix>Router(config‐if(Vlan 1))# Usage Each router interface that participates in OSPF routing is assigned a default cost. This command overwrites the default of 10. The “no” form of this command resets the OSPF cost to the default of 10.
Configuring OSPF timers spf timers spf Use this command to change OSPF timer values to fine‐tune the OSPF network. Syntax timers spf spf-delay spf-hold no timers spf Parameters spf‐delay Specifies the delay, in seconds, between the receipt of an update and the SPF execution. Valid values are 0 to 4294967295. Default 5 Seconds. spf‐hold Specifies the minimum amount of time, in seconds, between two consecutive OSPF calculations.
ip ospf transmit-delay Configuring OSPF Mode Router command, Interface configuration: Matrix>Router(config‐if(Vlan 1))# Usage The “no” form of this command resets the retransmit interval value to the default.
Configuring OSPF ip ospf hello-interval ip ospf hello-interval Use this command to set the number of seconds a router must wait before sending a hello packet to neighbor routers on an interface. Syntax ip ospf hello-interval seconds no ip ospf hello-interval Parameters seconds Specifies the hello interval in seconds. Hello interval must be the same on neighboring routers (on a specific subnet), but can vary between subnets. This parameter is an unsigned integer with valid values between 1 and 65535.
ip ospf authentication-key Configuring OSPF Defaults None. Mode Router command, Interface configuration: Matrix>Router(config‐if(Vlan 1))# Usage The “no” form of this command sets the dead interval value to the default.
Configuring OSPF ip ospf message digest key md5 Example This example shows how to enables an OSPF authentication key on VLAN 1 with the password “yourpass”: Matrix>Router(config)#interface vlan 1 Matrix>Router(config-if(Vlan 1))#ip ospf authentication-key yourpass ip ospf message digest key md5 Use this command to enable or disable OSPF MD5 authentication on an interface.
area range Configuring OSPF Parameters external | inter‐area | intra‐area Applies the distance value to external (type 5 and type 7), to inter‐area, or to intra‐area routes. Note: The value for intra-area distance must be less than the value for interarea distance, which must be less than the value for external distance. weight Specifies an administrative distance for OSPF routes. Valid values are 1 ‐ 255.
Configuring OSPF area authentication Parameters area‐id Specifies the area at the boundary of which routes are to be summarized. ip‐address Specifies the common prefix of the summarized networks. ip‐mask Specifies the length of the common prefix. Defaults None. Mode Router command, Router configuration: Matrix>Router(config‐router)# Usage Each Enterasys Matrix Series module or standalone device can support up to 6 OSPF areas and up to 256 OSPF interfaces running per Enterasys Matrix chassis.
area stub Configuring OSPF Usage The “no” form of this command disables authentication for an OSPF area. Example This example shows how to enable MD5 authentication on OSPF area 10.0.0.0: Matrix>Router(config)#router ospf 1 Matrix>Router(config-router)#area 10.0.0.0 authentication message-digest area stub Use this command to define an OSPF area as a stub area. Syntax area area-id stub [no-summary] no area area-id stub [no-summary] Parameters area‐id Specifies the stub area.
Configuring OSPF area default cost area default cost Use this command to set the cost value for the default route that is sent into a stub area by an Area Border Router (ABR). Syntax area area-id default-cost cost no area area-id default-cost Parameters area‐id Specifies the stub area. Valid values are decimal values or IP addresses. cost Specifies a cost value for the summary route that is sent into a stub area by default. Valid values are 24‐bit numbers, from 0 to 16777215. Defaults None.
area virtual-link Configuring OSPF Defaults If default‐information‐originate is not specified, no default type will be generated. Mode Router command, Router configuration: Matrix>Router(config‐router)# Usage An NSSA allows some external routes represented by external Link State Advertisements (LSAs) to be imported into it. This is in contrast to a stub area that does not allow any external routes. External routes that are not imported into an NSSA can be represented by means of a default route.
Configuring OSPF passive-interface authentication‐ key key Specifies a password to be used by neighbor routers. Valid values are alphanumeric strings of up to 8 bytes. Neighbor routers on a network must have the same password. dead‐interval seconds Specifies the number of seconds that the hello packets of a router are not communicated to neighbor routers before the neighbor routers determine that the router sending the hello packet is out of service.
redistribute Configuring OSPF Mode Router command, Router configuration: Matrix‐>Router(config‐router)# Usage This allows an interface to be included in the OSPF route table, but turns off sending and receiving hellos for an interface. It also prevents OSPF adjacencies from being formed on an interface. The “no” form of this command disables passive OSPF mode.
Configuring OSPF database-overflow Defaults • If metric value is not specified, 0 will be applied. • If type value is not specified, type 2 (external route) will be applied. • If subnets is not specified, only non‐subnetted routes will be redistributed. • If route‐map is not specified, none will be applied. • If tag is not specified, none will be applied. Mode Router configuration: Matrix>Router(config‐router)# Usage The “no” form of this command clears redistribution parameters.
graceful-restart enable Configuring OSPF Mode Router command, Router configuration: Matrix‐>Router(config‐router)# Usage Setting database overflow allows you to set a limit on the number of external LSAs. If the limit is exceeded, self‐originated external LSAs will be removed so that OSPF can handle the large number of external LSAs coming from another router. When the warning level is set, a Syslog message will be issued when the number of external LSAs has reached the specified level.
Configuring OSPF graceful-restart helper-disable Example This example shows how to enable the graceful restart ability on this router: Matrix->Router(config)#router ospf 1 Matrix->Router(config-router)#graceful-restart enable Matrix->Router(config-router) graceful-restart helper-disable Use this command to disable the graceful restart helper function on this router. Syntax graceful-restart helper-disable no graceful-restart helper-disable Parameters None. Defaults Helper mode enabled.
graceful-restart strict-lsa-checking-disable Configuring OSPF Parameters interval Specifies the maximum amount of time in seconds that this router will remain in graceful‐restart mode starting at the time it enters graceful‐ restart. Valid values are 1 ‐ 1800 seconds. Default value is 120 seconds. Defaults None.
Configuring OSPF show ip ospf Example This example shows how to disable strict LSA checking on this router: Matrix->Router(config)#router ospf 1 Matrix->Router(config-router)#graceful-restart strict-lsa-checking-disable show ip ospf Use this command to display OSPF information. Syntax show ip ospf Parameters None. Defaults None. Mode Router command, Any router mode. Example This example shows how to display OSPF information: Matrix>Router#show ip ospf Routing Process "ospf 20 " with ID 134.141.7.
show ip ospf database Configuring OSPF Link State Update Interval is 00:30:00 and due in 00:02:28. Link State Age Interval is 00:00:00 and due in 00:00:00. Area 0.0.0.2 Number of interfaces in this area is 3 Area has no authentication SPF algorithm executed 61 times Area ranges are 140.20.0.0/255.255.0.0 Link State Update Interval is 00:30:00 and due in 00:03:07. Link State Age Interval is 00:00:00 and due in 00:00:00. show ip ospf database Use this command to display the OSPF link state database.
Configuring OSPF show ip ospf database nssa‐external Displays nssa‐external (Type 7) link state records in their detailed format. Type 7 records are originated by ASBRs. database‐summary Displays a numerical summary of the contents of the link state database. Defaults If link‐state‐id is not specified, the specified type of database records will be displayed for all link state IDs. Mode Router command, Any router mode.
show ip ospf border-routers Table 21-3 Configuring OSPF show ip ospf database Output Details (continued) Output... What it displays... Checksum Field in the link state record used to verify the contents upon receipt by another router. LinkCount Link count of router link state records. This number is equal to, or greater than, the number of active OSPF interfaces on the originating router.
Configuring OSPF show ip ospf interface Parameters vlan vlan‐id (Optional) Displays OSPF information for a specific VLAN. This VLAN must be configured for IP routing as described in “Pre‐Routing Configuration Tasks” on page 2‐88. Defaults If vlan‐id is not specified, OSPF statistics will be displayed for all VLANs. Mode Router command, Any router mode.
show ip ospf neighbor Configuring OSPF Table 21-4 show ip ospf interface Output Details (continued) Output... What it displays... Timer intervals configured OSPF timer intervals. These are either default, or configured with the ip ospf retransmit-interval (“ip ospf retransmit-interval” on page 21-26), the ip ospf hello-interval (“ip ospf hello-interval” on page 21-28), and the ip ospf dead interval (“ip ospf dead-interval” on page 21-28) commands.
Configuring OSPF show ip ospf virtual-links Example This example shows how to use the show ospf neighbor command: Matrix>Router#show ip ospf neighbor ID Pri 182.127.62.1 1 State Dead-Int Address Interface FULL 40 182.127.63.1 vlan1 Table 21‐5 provides an explanation of the command output. Table 21-5 show ip ospf neighbor Output Details Output... What it displays... ID Neighbor’s router ID of the OSPF neighbor. Pri Neighbor’s priority over this interface.
clear ip ospf process Configuring OSPF Hello 10, Dead 40, Wait 40, Retransmit 5 Adjacency State FULL Table 21‐6 provides an explanation of the command output. Table 21-6 show ip ospf virtual links Output Details Output... What it displays... Virtual Link ID of the virtual link neighbor, and the virtual link status, which is up or down. Transit area ID of the transit area through which the virtual link is configured. via interface Router’s interface into the transit area.
Configuring OSPF debug ip ospf debug ip ospf Use this command to enable OSPF protocol debugging output. Syntax debug ip ospf {subsystem} no debug ip ospf {subsystem} Parameters subsystem Specifies the OSPF subsystem for which protocol debugging will be enabled.
rfc1583compatible Configuring OSPF Mode Router command, Router configuration: Matrix>Router(config‐router)# Usage The “no” form of this command removes OSPF RFC 1583 compatible.
Configuring DVMRP ip dvmrp Configuring DVMRP Purpose To enable and configure the Distance Vector Multicast Routing Protocol (DVMRP) on an interface. DVMRP routes multicast traffic using a technique known as Reverse Path Forwarding. When a router receives a packet, it floods the packet out of all paths except the one that leads back to the packet’s source. Doing so allows a data stream to reach all VLANs (possibly multiple times).
ip dvmrp metric Configuring DVMRP The “no” form of this command disables DVMRP. Example This example shows how to enable DVMRP on VLAN 1: Matrix>Router(config)#interface vlan 1 Matrix>Router(config-if(Vlan 1))#ip dvmrp ip dvmrp metric Use this command to configure the metric associated with a set of destinations for DVMRP reports. Syntax ip dvmrp metric metric Parameters metric Specifies a metric associated with a set of destinations for DVMRP reports. Valid values are from 0 to 31.
Configuring DVMRP show ip dvmrp route Mode Router command, Any router mode. Example This example shows how to display DVMRP routing table entries. In this case, the routing table has 5 entries. The first entry shows that the source network 60.1.1.0/24 can be reached via next‐hop router 40.1.1.3. This route has a metric of 2. It has been in the DVMRP routing table for 1 hour, 24 minutes and 2 seconds and will expire in 2 minutes and 3 seconds.
ip irdp Configuring IRDP Configuring IRDP Purpose To enable and configure the ICMP Router Discovery Protocol (IRDP) on an interface. This protocol enables a host to determine the address of a router it can use as a default gateway. Commands For information about... Refer to page...
Configuring IRDP ip irdp maxadvertinterval ip irdp maxadvertinterval Use this command to set the maximum interval in seconds between IRDP advertisements. Syntax ip irdp maxadvertinterval interval no irdp maxadvertinterval Parameters interval Specifies a maximum advertisement interval in seconds. Valid values are 4 to 1800. Default: 600 Seconds. Defaults None.
ip irdp holdtime Configuring IRDP Usage The “no” form of this command deletes the custom holdtime setting and resets the minimum advertisement interval to the default value of three‐fourths of the maxadvertinterval value.
Configuring IRDP ip irdp preference ip irdp preference Use this command to set the IRDP preference value for an interface. This value is used by IRDP to determine the interface’s selection as a default gateway address. Syntax ip irdp preference preference no irdp preference Parameters preference Specifies the value to indicate the interface’s use as a default router address. Valid values are ‐2147483648 to 2147483647.
no ip irdp multicast Configuring IRDP Mode Router command, Interface configuration: Matrix>Router(config‐if(Vlan 1))# Usage The “no” form of this command clears an IP address from being advertised. Example This example shows how to advertise IP address 183.255.0.162 with a preference of 1 on VLAN 1: Matrix>Router(config)#interface vlan 1 Matrix>Router(config-if(Vlan 1))#ip irdp address 183.255.0.
Configuring IRDP show ip irdp Defaults If vlan vlan‐id is not specified, IRDP information for all interfaces will be displayed.
router vrrp Configuring VRRP Configuring VRRP Purpose To enable and configure the Virtual Router Redundancy Protocol (VRRP). This protocol eliminates the single point of failure inherent in the static default routed environment by transferring the responsibility from one router to another if the original router goes down. VRRP‐enabled routers decide who will become master and who will become backup in the event the master fails. Commands For information about... Refer to page...
Configuring VRRP create Usage You must execute the router vrrp command to enable the protocol before completing other VRRP‐ specific configuration tasks. For details on enabling configuration modes, refer to Table 2‐8 in “Enabling Router Configuration Modes” on page 2‐91. The “no” form of this command removes all VRRP configurations from the running configuration.
address Configuring VRRP address Use this command to configure a virtual router IP address. Syntax address vlan vlan-id vrid ip-address owner no address vlan vlan-id vrid ip-address owner Parameters vlan vlan‐id Specifies the number of the VLAN on which to configure a virtual router address. This VLAN must be configured for IP routing as described in “Pre‐Routing Configuration Tasks” on page 2‐88. vrid Specifies a unique Virtual Router ID (VRID) associated with the routing interface.
Configuring VRRP priority Examples This example shows how to configure a virtual router address of 182.127.62.1 on VLAN 1, VRID 1, and to set the router connected to the VLAN via this interface as the master: Matrix>Router(config)#router vrrp Matrix>Router(config-router)#address vlan 1 1 182.127.62.1 1 This example shows how to configure 5 virtual router addresses on a single interface, VLAN 1, VRID 1.
master-icmp-reply Configuring VRRP Example This example shows how set a VRRP priority of 200 on VLAN 1, VRID 1: Matrix>Router(config)#router vrrp Matrix>Router(config-router)#priority vlan 1 1 200 master-icmp-reply Use this command to enable ICMP replies for non‐owner masters. Syntax master-icmp-reply vlan vlan-id vrid no master-icmp-reply vlan vlan-id vrid Parameters vlan vlan‐id Specifies the number of the VLAN on which to enable master ICMP replies.
Configuring VRRP advertise-interval advertise-interval Use this command to set the interval in seconds between VRRP advertisements. Syntax advertise-interval vlan vlan-id vrid interval no advertise-interval vlan vlan-id vrid interval Parameters vlan vlan‐id Specifies the number of the VLAN on which to configure the VRRP advertisement interval. This VLAN must be configured for IP routing as described in “Reviewing and Configuring Routing” on page 2‐89.
preempt Configuring VRRP Parameters vlan vlan‐id Specifies the number of the VLAN on which to set the critical IP address. This VLAN must be configured for IP routing as described in “Reviewing and Configuring Routing” on page 2‐89. vrid Specifies a unique Virtual Router ID (VRID) associated with the routing interface. Valid values are from 1 to 255. ip‐address Specifies the IP address to set as the critical IP address.
Configuring VRRP preempt-delay Defaults None. Mode Router command, Router configuration: Matrix>Router(config‐router)# Usage The router that owns the virtual router IP address always preempts other routers, regardless of this setting. Preempt is enabled on VRRP routers by default, which allows a higher priority backup router to preempt a lower priority master. The “no” form of this command disables preempt mode.
enable Configuring VRRP When preempt mode is enabled this specifies a delay (in seconds) that a higher priority backup router must wait to preempt a lower priority master. For more information on setting preempt status, refer back to “preempt” on page 21‐67. For more information on setting VRRP priority, refer back to “priority” on page 21‐64. The “no” form of this command clears the preempt delay timer.
Configuring VRRP ip vrrp authentication-key ip vrrp authentication-key Use this command to set a VRRP authentication password on an interface. Syntax ip vrrp authentication-key password no ip vrrp authentication-key Parameters password Specifies an authentication password. Text string can be 1 to 8 characters in length. Defaults None. Mode Router command, Interface configuration: Matrix>Router(config‐if(Vlan 1))# Usage The “no” form of this command clears VRRP authentication.
show ip vrrp Configuring VRRP Defaults None. Mode Router command, Interface configuration: Matrix>Router(config‐if(Vlan 1))# Usage The “no” form of this command clears VRRP MD5 authentication. Example This example shows how to set the VRRP MD5 authentication password to “qwer” on VLAN 1, VRID 1: Matrix>Router(config)#interface vlan 1 Matrix>Router(config-if(Vlan 1))#ip vrrp message-digest-key 1 md5 qwer show ip vrrp Use this command to display VRRP routing information.
Configuring VRRP show ip vrrp Table 21-7 show ip vrrp Output Details Output... What it displays... Vlan Specifies the VLAN on which this VRRP session resides. Vrid Specifies the Virtual Router ID associated with the routing interface. State Specifies the current state of the VRRP session as follows: Stopped - The Vrid is disabled. Init - The session is waiting in the init state.
22 Port Priority and Rate Limiting Configuration This chapter describes the Port Priority and Rate Limiting set of commands and how to use them. For information about... Refer to page...
Configuring Port Priority show port priority Configuring Port Priority Purpose To view or configure port priority characteristics as follows: • Display or change the port default Class‐of Service (CoS) transmit priority (0 through 7) of each port for frames that are received (ingress) without priority information in their tag header. • Display the current traffic class mapping‐to‐priority of each port. • Set each port to transmit frames according to 802.1D (802.
set port priority Configuring Port Priority fe.2.5 is set to 0 set port priority Use this command to set the 802.1D (802.1p) Class‐of‐Service transmit queue priority (0 through 7) on each port. Syntax set port priority port-string priority Parameters port‐string Specifies the port for which to set priority. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2.
Configuring Port Priority clear port priority Parameters port‐string Specifies the port for which to clear priority. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. Defaults None. Mode Switch command, Read‐Write. Usage This command will cause all frames received without a priority value in its header to be set to priority 0. Example This example shows how to reset fe.1.11 to the default priority: Matrix(rw)->clear port priority fe.
show port priority-queue Configuring Priority to Transmit Queue Mapping Configuring Priority to Transmit Queue Mapping Purpose To perform the following: • View the current priority to transmit queue mapping of each port, which includes both physical and virtual ports.
Configuring Priority to Transmit Queue Mapping set port priority-queue Examples This example shows how to display priority queue information for fe.1.7.
clear port priority-queue Configuring Priority to Transmit Queue Mapping Parameters port‐string Specifies the port(s) for which to set priority queue. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. priority Specifies a value of 0 ‐ 7(0 is the lowest level) that determines what priority frames will be transmitted at the priority queue level entered in this command.
Configuring Priority to Transmit Queue Mapping Mode Switch command, Read‐Write. Example This example shows how to clear the priority queue settings on fe.2.12: Matrix(rw)->clear port priority-queue fe.2.12 Usage The total percentage of transmit queue values must add up to 100%.
show port ratelimit Configuring Port Traffic Rate Limiting Configuring Port Traffic Rate Limiting Purpose To limit the rate of inbound traffic on the Enterasys Matrix Series device on a per port/priority basis. The allowable range for the rate limiting is kilobytes per second minimum up to the maximum transmission rate allowable on the interface type. Rate limit is configured for a given port and list of priorities. The list of priorities can include one, some, or all of the eight 802.1p priority levels.
Configuring Port Traffic Rate Limiting ----------- set port ratelimit ----- --------- ------------ --------- ----------- -------- fe.2.1 1 64125 discard inbound 0 disabled fe.2.1 2 64125 discard inbound 0 disabled fe.2.1 3 64125 discard inbound 0 disabled fe.2.1 4 64125 discard inbound 0 disabled fe.2.1 5 64125 discard inbound 0 disabled fe.2.1 6 64125 discard inbound 0 disabled fe.2.1 7 64125 discard inbound 0 disabled fe.2.
clear port ratelimit Configuring Port Traffic Rate Limiting priority Specifies the 802.1D (802.1p) port priority level associated with the port‐ string. Options are: • 0 ‐ 7, with 0 specifying the lowest priority, and • all to set the rate limiting threshold and other parameters on all port priority levels associated with the port‐string. threshold Specifies a port rate limiting threshold in kilobytes per second. Range is up to the maximum bytes per second rate for a given interface.
Configuring Port Traffic Rate Limiting Example This example shows how to clear all rate limiting parameters on port fe.2.: 1Matrix(rw)->clear port ratelimit fe.2.
23 Transparent Web Cache Balancing Configuration This chapter describes the Transparent Web Cache Balancing (TWCB) commands and how to use them. Router: Unless otherwise specified, the commands covered in this chapter can be executed only when the device is in router mode. For details on how to enable router configuration modes, refer to Enabling Router Configuration Modes on page 2-91.
Understanding Transparent Web Cache Balancing (TWCB) farm is configured with 2 cache servers from the 186.89.0.0 subnet. The s2Server server farm is configured with 5 cache servers from the 176.89.0.0 subnet. A user on the 10.10.10.0/24 subnet makes a web request from the web site host. The response is sent to both the requesting user and a Cache1 cache server. The router determines the cache server on which an end‐user’s cache resides.
ip twcb wcserverfarm Understanding Transparent Web Cache Balancing (TWCB) For information about... (continued) Refer to page...
Understanding Transparent Web Cache Balancing (TWCB) predictor roundrobin predictor roundrobin Use this command to modify the round‐robin predictor value by applying a list of destination IP addresses for which the cache servers within this server farm will be selected by the round‐robin algorithm.
cache Understanding Transparent Web Cache Balancing (TWCB) cache Use this command to create a cache server based upon the supplied IP address. Syntax cache ip-address Parameters ip‐address Specifies the IP address of the cache server to be created. Defaults None. Mode Router command, Server Farm Configuration mode: Matrix(rw)‐>Router(config‐twcb‐wcsfarm)#. Usage The firmware supports 128 cache servers. Executing this command enters cache server configuration command mode.
Understanding Transparent Web Cache Balancing (TWCB) faildetect Mode Router command, Cache Server Configuration mode: Matrix(rw)‐>Router(config‐twcb‐cache)#. Usage The application method defaults to a check of service availability on port 80. This check can be overridden by the web‐cache group configuration of http‐port using the http‐port command. Example This example sets the failure detection type to the ping method for cache server 186.89.10.
maxconns Understanding Transparent Web Cache Balancing (TWCB) maxconns Use this command to limit the maximum number of connections to the server. Syntax maxconns number Parameters number Specifies the maximum number of connections allowed for this server. Values range from 1 to 5000. Default value of 5000. Defaults None. Mode Router command, Cache Server Configuration mode: Matrix(rw)‐>Router(config‐twcb‐cache)#. Example This example sets the maximum number of connections for cache server 186.89.10.
Understanding Transparent Web Cache Balancing (TWCB) ip twcb webcache Examples This example sets the maximum number of connections for cache server 186.89.10.51 to 100 and activates the server: Matrix(rw)->Router(config)#ip twcb wcserverfarm s1Server Matrix(rw)->Router(config-twcb-wcsfarm)#cache 186.89.10.
http-port Understanding Transparent Web Cache Balancing (TWCB) http-port Use this command to redirect outbound HTTP requests to a non‐standard HTTP port number. Syntax http-port port-number Parameters port‐number Specifies the non‐standard HTTP port number to redirect outbound HTTP requests to. Default value of 80. Defaults None. Mode Router command, web‐cache Configuration mode: Matrix(rw)‐>Router(config‐twcb‐webcache)#.
Understanding Transparent Web Cache Balancing (TWCB) bypass-list range Example This example adds the server farm s1Server to the cache1 web‐cache: Matrix(rw)->Router(config)#ip twcb webcache cache1 Matrix(rw)->Router(config-twcb-webcache)#serverfarm s1Server bypass-list range Use this command to specify web host sites for which HTTP requests are not redirected to the cache servers.
ip twcb redirect out Understanding Transparent Web Cache Balancing (TWCB) Parameters begin‐ip‐address Specifies an IP address that begins a range to explicitly permit or deny redirection of HTTP requests from these end users to this web‐cache. end‐ip‐address Specifies an IP address that ends a range to explicitly permit or deny redirection of HTTP requests from these end users to this web‐cache. Defaults None.
Understanding Transparent Web Cache Balancing (TWCB) show ip twcb wcserverfarm Example This example associates the cache1 web‐cache with vlan 1 for the redirection of HTTP traffic: Matrix(rw)->router Matrix>router>enable Matrix>router#configure terminal Enter configuration commands: Matrix>Router(config)#interface vlan 1 Matrix>Router(config-if(Vlan 1))#ip twcb cache1 redirect out show ip twcb wcserverfarm Use this command to display configuration data for the specified server farm.
show ip twcb webcache Understanding Transparent Web Cache Balancing (TWCB) show ip twcb webcache Use this command to display configuration data associated with the specified web‐cache. Syntax show ip twcb webcache [webcache-name] Parameters webcache‐name (Optional) Specifies the name of the web‐cache for the display of configuration data. Defaults If no parameter is specified, information for all web‐caches is displayed. Mode Router command: Matrix(rw)‐>Router#.
Understanding Transparent Web Cache Balancing (TWCB) show ip twcb stats Example This example displays connection data for the all cache servers and all clients: Matrix(rw)->Router#show ip twcb conns flo-id cache-server-ip client-ip cport state ----------------------------------------------------------------1 172.17.1.2 169.254.1.52 80 OUT-SERVR REPLY show ip twcb stats Use this command to display cache server connection stats data. Syntax show ip twcb stats Parameters None. Defaults None.
show limits Understanding Transparent Web Cache Balancing (TWCB) Defaults If no parameter is specified, statistics for all web‐caches, server farms, and cache servers are cleared. Mode Router Command: Matrix(rw)‐>Router#. Example This example clears statistics for all web‐caches, web‐cache server farms and cache servers: Matrix(rw)->Router#clear ip twcb statistics show limits Use this command to display the TWCB entry and memory limits. Syntax show limits Parameters None. Defaults None.
Understanding Transparent Web Cache Balancing (TWCB) show router limits (TWCB) Parameters twcb‐bindings twcb‐bindings (Optional) Specifies the maximum number of TWCB bindings for this router. Values range from 1000 to 32000. Default value of 32000. twcb‐cache twcb‐cache (Optional) Specifies the maximum TWCB cache size for this router. Values range from 500 to 10000. Default value of 2000. twcb‐configs twcb‐configs (Optional) Specifies the maximum number of web‐cache configurations.
clear router limits (TWCB) Understanding Transparent Web Cache Balancing (TWCB) Mode Switch command mode: Matrix(rw)‐>.
Understanding Transparent Web Cache Balancing (TWCB) clear router limits (TWCB) Usage This command must be executed from the switch CLI. Note: Router limits can also be cleared in the following contexts: To clear LSNAT router limits see clear router limits (LSNAT) on page 19-34. To clear NAT router limits see clear router limits (NAT) on page 18-16. If you do not specify a parameter when issueing a clear router limits command, router limits for TWCB, LSNAT, and NAT contexts are reset to the default value.
clear router limits (TWCB) TWCB Configuration Example TWCB Configuration Example In this TWCB configuration example we will step through the configuration of two server farms named s1Server and s2Server. The S1Server server farm will have round‐robin predictor end‐user ranges associated with it from both the 20.10.10.0/24 subnet and the 10.10.10.0/24 subnet, for users with an expectation of heavy web‐site access requirements.
TWCB Configuration Example clear router limits (TWCB) Matrix>router Matrix>Router>enable Matrix>Router>#configure Enter configuration commands: Matrix>Router(config)#ip twcb wcserverfarm s1Server Matrix>Router(config-twcb-wcsfarm)# Configure the end‐users that will use this server farm by setting the round‐robin predictor ranges: Matrix>Router(config-twcb-wcsfarm)#predictor roundrobin 10.10.10.01 10.10.10.15 Matrix>Router(config-twcb-wcsfarm)#predictor roundrobin 20.10.10.25 10.10.10.
clear router limits (TWCB) TWCB Configuration Example Matrix>Router(config-twcb-wcsfarm)#exit Matrix>Router(config)# Configure the cache1 Web Cache Configure the web‐cache cache1: Matrix>Router(config)#ip twcb webcache cache1 Matrix>Router(config-twcb-webcache)#http-port 8080 Matrix>Router(config-twcb-webcache)#serverfarm s1Server Matrix>Router(config-twcb-webcache)#serverfarm s2Server Matrix>Router(config-twcb-webcache)#bypass-list range 50.10.10.30 50.10.10.
TWCB Configuration Example 23-22 Transparent Web Cache Balancing Configuration clear router limits (TWCB)
24 Security Configuration This chapter describes the Security Configuration set of commands and how to use them. For information about... Refer to page...
Configuring MAC Locking • show maclock Flow Setup Throttling (FST) — prevents the effects of DoS attacks by limiting the number of new or established flows that can be programmed on any individual switch port. For details, refer to “Configuring Flow Setup Throttling (FST)” on page 24‐25. Configuring MAC Locking Purpose To review, disable, enable and configure MAC locking. This locks a MAC address to one or more ports, preventing connection of unauthorized devices via the port(s).
show maclock Configuring MAC Locking Parameters port_string (Optional) Displays MAC locking status for specified port(s). For a detailed description of possible port_string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. Defaults If port_string is not specified, MAC locking status will be displayed for all ports. Mode Switch command, Read‐Only. Example This example shows how to display MAC locking information for ge.2.1 through 5: Matrix(rw)->show maclock ge.2.
Configuring MAC Locking show maclock stations show maclock stations Use this command to display MAC locking information about end stations connected to the device. Syntax show maclock stations [firstarrival | static] [port-string] Parameters firstarrival (Optional) Displays MAC locking information about end stations first connected to MAC locked ports. static (Optional) Displays only MAC locking information about static (management defined) end stations connected to MAC locked ports.
set maclock enable Configuring MAC Locking Table 24-2 show maclock stations Output Details Output... What it displays... Status Whether the end stations are active or inactive. State Whether the end station locked to the port is a first learned, first arrival or static connection. set maclock enable Use this command to enable MAC locking on one or more ports. Syntax set maclock enable [port_string] Parameters port_string (Optional) Enables MAC locking on specific port(s).
Configuring MAC Locking set maclock Parameters port_string (Optional) Disables MAC locking on specific port(s). For a detailed description of possible port_string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. Defaults If port_string is not specified, MAC locking will be disabled on all ports. Mode Switch command, Read‐Write. Example This example shows how to disable MAC locking on fe.2.3: Matrix(rw)->set maclock disable fe.2.
set maclock firstarrival Configuring MAC Locking Example This example shows how to create a MAC locking association between MAC address 00‐a0‐c9‐0d‐ 32‐11 and port fe.2.3: Matrix(rw)->set maclock 00-a0-c9-0d-32-11 fe.2.3 create set maclock firstarrival Use this command to restrict MAC locking on a port to a maximum number of end station addresses first connected to that port. Syntax set maclock firstarrival port_string value Parameters port_string Specifies the port on which to limit MAC locking.
Configuring MAC Locking clear maclock firstarrival Mode Switch command, Read‐Write. Example This example shows how to move all current first arrival MACs to static entries on fe.1.3: Matrix(rw)->set maclock move fe.1.3 clear maclock firstarrival Use this command to reset the number of first arrival MAC addresses allowed per port to the default value of 600. Syntax clear maclock firstarrival port-string Parameters port_string Specifies the port on which to reset the first arrival value.
clear maclock static Configuring MAC Locking Defaults None. Mode Switch command, Read‐Write. Example This example shows how to restrict MAC locking to 4 static addresses on fe.2.3: Matrix(rw)->set maclock static fe.2.3 4 clear maclock static Use this command to reset the number of static MAC addresses allowed per port to the default value of 20. Syntax clear maclock static port_string Parameters port_string Specifies the port on which to reset the static MAC locking limit.
Configuring MAC Locking clear maclock Defaults None. Mode Switch command, Read‐Write. Usage When enabled, this authorizes the device to send an SNMP trap message if an end station is connected that exceeds the maximum values configured using the set maclock firstarrival and set maclock static commands. Violating MAC addresses are dropped from the device’s routing table. Example This example shows how to enable MAC lock trap messaging on fe.2.3: Matrix(rw)->set maclock trap fe.2.
show ssh state Configuring Secure Shell (SSH) Configuring Secure Shell (SSH) Purpose To review, enable, disable, and configure the Secure Shell (SSH) protocol, which provides secure Telnet. Commands For information about... Refer to page... show ssh state 24-11 set ssh 24-11 set ssh hostkey 24-12 show router ssh 24-12 set router ssh 24-13 clear router ssh 24-13 show ssh state Use this command to display the current status of SSH on the device. Syntax show ssh state Parameters None.
Configuring Secure Shell (SSH) set ssh hostkey Parameters enable | disable Enables or disables SSH, or reinitializes the SSH server. reinitialize Reinitializes the SSH server. Defaults None. Mode Switch command, Read‐Write. Example This example shows how to disable SSH: Matrix(rw)->set ssh disable set ssh hostkey Use this command to set or reinitialize new SSH authentication keys. Syntax set ssh hostkey [reinitialize] Parameters reinitialize Reinitializes the server host authentication keys.
set router ssh Configuring Secure Shell (SSH) Defaults None. Mode Switch command, Read‐Only. Example This example shows how to display the state of SSH service to the router: Matrix(rw)->show router ssh SSH Server status: Enabled set router ssh Use this command to enables or disable SSH service to the router. Syntax set router ssh {enable | disable} Parameters enable | disable Enables or disable SSH service. Defaults None. Mode Switch command, Read‐Write.
Configuring Secure Shell (SSH) clear router ssh Mode Switch command, Read‐Write.
show access-lists Configuring Access Lists Configuring Access Lists Router: These commands can be executed when the device is in router mode only. For details on how to enable router configuration modes, refer to “Enabling Router Configuration Modes” on page 2-91. Purpose To review and configure security access control lists (ACLs), which permit or deny access to routing interfaces based on protocol and source IP address restrictions. Commands For information about... Refer to page...
Configuring Access Lists access-list (standard) deny ip 150.136.0.0 0.0.255.255 224.0.0.0 15.255.255.255 deny ip 11.6.0.0 0.1.255.255 224.0.0.0 15.255.255.255 2) deny ip 172.24.24.0 0.0.1.255 224.0.0.0 15.255.255.255 access-list (standard) Use this command to define a standard IP access list by number when operating in router mode. Restrictions defined by an access list are applied by using the ip access‐group command (“ip access‐group” on page 24‐20).
access-list (extended) Configuring Access Lists Defaults • If insert, replace or move are not specified, the new entry will be appended to the access list. • If source2 is not specified with move, only one entry will be moved. Mode Router command, Global configuration: Matrix>Router(config)# Usage Valid access‐list‐numbers for standard ACLs are 1 to 99. For extended ACLs, valid values are 100 to 199. The “no” form of this command removes the defined access list or entry.
Configuring Access Lists access-list (extended) To apply ACL restrictions to IP, UDP, or ICMP packets: access-list access-list-number {deny | permit} protocol source [source-wildcard] [operator [port]] destination [destination-wildcard] [operator [port]] [tos-extensions][icmp-type [icmp-code] [log] To apply ACL restrictions to TCP packets: access-list access-list-number {deny | permit} protocol source [source-wildcard] [operator [port]] destination [destination-wildcard] [operator [port]] [tos-extensions
access-list (extended) Configuring Access Lists destination Specifies the network or host to which the packet will be sent. Valid options for expressing destination are: • IP address (A.B.C.D) • any ‐ Any destination host • host source ‐ IP address of a single destination host destination‐ wildcard (Optional) Specifies the bits to ignore in the destination address. icmp‐type (Optional) Filters ICMP frames by ICMP message type. The type is a number from 0 to 255.
Configuring Access Lists ip access-group Mode Router command, Global configuration: Matrix>Router(config)# Usage Valid access‐list‐numbers for extended ACLs are 100 to 199. For standard ACLs, valid values are 1 to 99. Restrictions defined by an access list are applied by using the ip access‐group command as described in “ip access‐group” on page 24‐20. The “no” form of this command removes the defined access list or entry.
ip access-group Configuring Access Lists Usage ACLs must be applied per routing interface. An entry (rule) can either be applied to inbound or outbound frames. The “no” form of this command removes the specified access list. Example This example shows how to apply access list 1 for all inbound frames on VLAN 1. Through the definition of access list 1, only frames with destination 192.5.34.0 will be routed.
Configuring Denial of Service (DoS) Prevention show hostdos Configuring Denial of Service (DoS) Prevention Router: These commands can be executed when the device is in router mode only. For details on how to enable router configuration modes, refer to “Enabling Router Configuration Modes” on page 2-91. Purpose To configure Denial of Service (DoS) prevention, which will protect the router from attacks and notify administrators via Syslog. Commands For information about... Refer to page...
hostdos Configuring Denial of Service (DoS) Prevention Disabled IP packet with multicast/broadcast source address Always enabled 0 attacks Fragmented ICMP traffic Disabled Large ICMP packet Disabled Ping-of-Death attack Always enabled 0 attacks Port Scanning Disabled hostdos Use this command to enable or disable Denial of Service security features.
Configuring Denial of Service (DoS) Prevention clear hostdos-counters Examples This example shows how to globally enable land attack and large ICMP packets protection for packets larger than 2000 bytes: Matrix>Router(config)#hostdos land Matrix>Router(config)#hostdos largeicmp 2000 This example shows how to enable spoofed address checking on the VLAN 1 interface: Matrix>Router(config)#interface vlan 1 Matrix>Router(config-if(Vlan 1))#hostdos checkspoof clear hostdos-counters Use this command to clear De
clear hostdos-counters Configuring Flow Setup Throttling (FST) Configuring Flow Setup Throttling (FST) About FST Flow Setup Throttling (FST) is a proactive feature designed to mitigate DoS attacks before the virus can wreak havoc on the network. FST directly combats the effects of DoS attacks by limiting the number of new or established flows that can be programmed on any individual switch port.
Configuring Flow Setup Throttling (FST) show flowlimit show flowlimit Use this command to display flow setup throttling information. Syntax show flowlimit [port [port-string]] [stats [port-string]] Parameters port port‐string (Optional) Displays flow limiting port settings for one or all ports. stats port‐string (Optional) Displays flow limiting statistics for one or all ports. Defaults If no optional parameters are specified, detailed flow limiting information will be displayed for all ports.
set flowlimit limit Configuring Flow Setup Throttling (FST) Example This example shows how to enable FST on Fast Ethernet ports 1‐5 in port group 2: Matrix(rw)->set flowlimit fe.2.1-5 enable set flowlimit limit Use this command to set a flow limit that will trigger an action for a port user classification. Syntax set flowlimit {limit1 | limit2 limit} [userport | serverport | aggregateduser | interswitchlink | unspecified] Parameters limit1 | limit2 Specifies this configuration as limit 1 or 2.
Configuring Flow Setup Throttling (FST) clear flowlimit limit clear flowlimit limit Use this command to remove a flow limit configuration. Syntax clear flowlimit {limit1 | limit2} [userport | serverport | aggregateduser | interswitchlink | unspecified] Parameters limit1 | limit2 Specifies the configuration to be removed as limit 1 or 2.
clear flowlimit action Configuring Flow Setup Throttling (FST) drop (Optional) When flow limit is reached, drops excess flows and discard packets. disable (Optional) When flow limit is reached, disables the interface (if the set flowlimit shutdown function is enabled as described in “set flowlimit shutdown” on page 24‐32). This will clear all FST settings on the port.
Configuring Flow Setup Throttling (FST) show flowlimit class disable (Optional) Removes the disable action. userport | serverport | aggregateduser | interswitchlink | unspecified (Optional) Removes this action configuration from the user classification port type: • user port • server port • aggregation port • inter‐switch link • unspecified port Defaults • If not specified, all action types will be removed. • If not specified, the action will be removed from all port classifications.
set flowlimit port Configuring Flow Setup Throttling (FST) Example This example shows how to show flow limits and associated actions configured for the various port classifications: Matrix(rw)->show flowlimit class Flow setup throttling class configuration: Class Limit Action ------------------ ---------------------- --------------------------userPort limit1 :800 action1 :notify limit2 :1000 action2 :disable,notify limit1 :5000 action1 :notify limit2 :6000 action2 :disable,notify aggre
Configuring Flow Setup Throttling (FST) clear flowlimit port class Defaults If port‐string is not specified, settings will apply to all ports. Mode Switch command, Read‐Write. Usage Once a classification is assigned, these ports will be subject to the flow limit configured (with the set flowlimit limit command as described in “set flowlimit limit” on page 24‐27) and the action configured (with the set flowlimit action command as described in “set flowlimit action” on page 24‐28).
set flowlimit notification Configuring Flow Setup Throttling (FST) Parameters enable | disable Enables or disables the flow limit shut down function. Defaults None. Mode Switch command, Read‐Write. Usage When enabled, this allows ports configured with a “trap” action to send an SNMP trap message when a specified flow limit is reached. When enabled, this allows ports configured with a “disable” action to shut down.
Configuring Flow Setup Throttling (FST) clear flowlimit notification interval clear flowlimit notification interval Use this command to reset the SNMP flow limit notification interval to the default value of 120 seconds. Syntax clear flowlimit notification interval Parameters None. Defaults None. Mode Switch command, Read‐Write.
25 Authentication Configuration This chapter describes the set of commands for supported authentication methods. For information about... Refer to page... Overview of Authentication Methods 25-1 Configuring 802.
Configuring 802.1X Authentication • Local user credentials — used for local authentication and authorization of CLI and WebView management sessions. For details, refer to “Setting User Accounts and Passwords” on page 2‐15 and “Setting the Authentication Login Method” on page 25‐50. • Remote AAA service — used for remote authentication, authorization, and accounting of CLI and WebView management sessions, as well as all network access sessions provisioned by way of 802.1x, PWA, or MAC Authentication.
show dot1x Configuring 802.1X Authentication selected ports, which results in allowing or denying network access according to RADIUS server configuration. Commands For information about... Refer to page... show dot1x 25-3 show dot1x auth-config 25-5 set dot1x 25-7 set dot1x auth-config 25-7 clear dot1x auth-config 25-9 show dot1x Use this command to display 802.1X status, diagnostics, statistics, and reauthentication or initialization control information for one or more ports.
Configuring 802.1X Authentication show dot1x Mode Switch command, Read‐Only. Examples This example shows how to display 802.1X status: Matrix(rw)->show dot1x DOT1X is disabled. This example shows how to display authentication diagnostics information for fe.1.1: Matrix(rw)->show dot1x auth-diag fe.1.
show dot1x auth-config Configuring 802.1X Authentication Matrix(rw)->show dot1x auth-stats fe.1.1 Port: 1 Auth-Stats: EAPOL Frames Rx: 0 EAPOL Frames Tx: 0 EAPOL Start Frames Rx: 0 EAPOL Logoff Frames Rx: 0 EAPOL RespId Frames Rx: 0 EAPOL Resp Frames Rx: 0 EAPOL ReqId Frames Tx: 0 EAPOL Req Frames Tx: 0 Invalid EAPOL Frames Rx: 0 EAP Length Error Frames Rx: 0 Last EAPOL Frame Version: 0 Last EAPOL Frame Source: 0:0:0:0:0:0 show dot1x auth-config Use this command to display 802.
Configuring 802.1X Authentication show dot1x auth-config txperiod (Optional) Displays the transmission period value, in seconds, currently in use by the authenticator PAE state machine. port‐string (Optional) Limits the display of desired information information to specific port(s). For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. Defaults • If no parameters are specified, all 802.1X settings will be displayed.
set dot1x Configuring 802.1X Authentication set dot1x Use this command to enable or disable 802.1X authentication, to reauthenticate one or more access entities, or to reinitialize one or more supplicants. Syntax set dot1x {[enable | disable] [init | reauth [port-string] [index index-list]} Parameters enable | disable Enables or disables 802.1X. init | reauth Reinitializes one or more access entities or reauthenticates one or more supplicants.
Configuring 802.1X Authentication set dot1x auth-config Parameters authcontrolled‐ portcontrol auto | forced‐auth | forced‐ unauth Specifies the EAPOL port control mode as: • auto ‐ Auto authorization mode (default). The Enterasys Matrix system will only forward frames received on a port which are considered authenticated according to the state of the corresponding access entity. • forced‐auth ‐ Forced authorized mode, which effectively disables 802.
clear dot1x auth-config Configuring 802.1X Authentication This example shows how to enable reauthentication control on ports fe.1.1‐3: Matrix(rw)->set dot1x auth-config reathenabled true fe.1.1-3 This example shows how to set the 802.1X quiet period to 120 seconds on ports fe.1.1‐3: Matrix(rw)->set dot1x auth-config quietperiod 120 fe.1.1-3 clear dot1x auth-config Use this command to reset 802.1X authentication parameters to default values on one or more ports.
Configuring 802.1X Authentication Matrix(rw)->clear dot1x auth-config quietperiod fe.1.
clear dot1x auth-config Configuring Port Web Authentication (PWA) Configuring Port Web Authentication (PWA) About PWA PWA provides a way of authenticating users before allowing general access to the network. A PWA user’s access to the network is restricted until after the user successfully logs in via a web browser using the Enterasys Matrix Series web‐based security interface.
Configuring Port Web Authentication (PWA) clear dot1x auth-config • allow access to a server (at IP 1.2.3.4) that acts as both a DNS and DHCP server, and • be assigned as the default policy profile for all Fast Ethernet ports. Matrix(rw)->set policy rule 1 ether 0x806 forward Matrix(rw)->set policy rule 1 ipdest 1.2.3.4 forward Matrix(rw)->set policy rule 1 udpdest 67 forward Matrix(rw)->set policy rule 1 updsource 68 forward Matrix(rw)->set policy port fe.*.
show pwa Configuring Port Web Authentication (PWA) For information about... Refer to page... set pwa maxrequests 25-24 set pwa portcontrol 25-24 show pwa session 25-25 show pwa Use this command to display port web authentication information for one or more ports. Syntax show pwa [port-string] Parameters port‐string (Optional) Displays PWA information for specific port(s). Defaults If port‐string is not specified, PWA information will be displayed for all ports. Mode Switch command, Read‐Only.
Configuring Port Web Authentication (PWA) Table 25-1 25-14 show pwa show pwa Output Details Output... What it displays... PWA Status Whether or not port web authentication is enabled or disabled. Default state of disabled can be changed using the set pwa command as described in “set pwa” on page 25-15. PWA IP Address IP address of the end station from which PWA will prevent network access until the user is authenticated.
set pwa Configuring Port Web Authentication (PWA) set pwa Use this command to enable or disable port web authentication. Syntax set pwa {enable | disable} Parameters enable | disable Enables or disables port web authentication. Defaults None. Mode Switch command, Read‐Write. Usage Port Web Authentication cannot be enabled if either MAC authentication or EAPOL (802.1X) is enabled. For information on disabling 802.1X, refer to “set dot1x” on page 25‐7.
Configuring Port Web Authentication (PWA) Example This example shows how to set the PWA host name to “pwahost”: Matrix(rw)->set pwa hostname pwahost clear pwa hostname Use this command to clear the port web authentication host name. Syntax clear pwa hostname Parameters None. Defaults None. Mode Switch command, Read‐Write.
set pwa banner Configuring Port Web Authentication (PWA) set pwa banner Use this command to configure a string to be displayed as the PWA login banner. Syntax set pwa banner string Parameters string Specifies the PWA login banner. Defaults None. Mode Switch command, Read‐Write.
Configuring Port Web Authentication (PWA) set pwa displaylogo Parameters None. Defaults None. Mode Switch command, Read‐Write. Example This example shows how to reset the PWA login banner to a blank string Matrix(rw)->clear pwa banner set pwa displaylogo Use this command to set the display options for the Enterasys Networks logo. Syntax set pwa displaylogo {display | hide} Parameters display | hide Displays or hides the Enterasys Networks logo when the PWA website displays. Defaults None.
set pwa ipaddress Configuring Port Web Authentication (PWA) Defaults None. Mode Switch command, Read‐Write. Example This example shows how to set the PWA redirect time to 10 seconds: Matrix(rw)->set pwa redirecttime 10 set pwa ipaddress Use this command to set the PWA IP address. Syntax set pwa ipaddress ip-address Parameters ip‐address Specifies a globally unique IP address. This same value must be configured into every authenticating switch in the domain. Defaults None.
Configuring Port Web Authentication (PWA) set pwa enhancedmode Parameters chap | pap Sets the PWA protocol to: • CHAP (PPP Challenge Handshake Protocol) ‐ encrypts the username and password between the end‐station and the switch port. • PAP (Password Authentication Protocol‐ does not provide any encryption between the end‐station the switch port. Defaults None. Mode Switch command, Read‐Write.
set pwa guestname Configuring Port Web Authentication (PWA) set pwa guestname Use this command to set a guest user name for PWA enhanced mode networking. Syntax set pwa guestname name Parameters name Specifies a guest user name. Defaults None. Mode Read‐Write. Usage When enhanced mode is enabled (as described in “set pwa enhancedmode” on page 25‐20), PWA will use this name to grant network access to guests without established login names and passwords.
Configuring Port Web Authentication (PWA) set pwa guestpassword set pwa guestpassword Use this command to set the guest user password for PWA networking. Syntax set pwa guestpassword Parameters None. Defaults None. Mode Switch command, Read‐Write. Usage When enhanced mode is enabled, (as described in “set pwa enhancedmode” on page 25‐20) PWA will use this password and the guest user name to grant network access to guests without established login names and passwords.
set pwa initialize Configuring Port Web Authentication (PWA) Usage When enhanced mode is enabled (as described in “set pwa enhancedmode” on page 25‐20), PWA will use a guest password and guest user name to grant network access with default policy privileges to users without established login names and passwords.
Configuring Port Web Authentication (PWA) set pwa maxrequests Defaults If port‐string is not specified, quiet period will be set for all ports. Mode Read‐Write. Example This example shows how to set the PWA quiet period to 30 seconds for ports fe.1.5‐7: Matrix(rw)->set pwa quietperiod 30 fe.1.5-7 set pwa maxrequests Use this command to set the maximum number of log on attempts allowed before transitioning the PWA port to a held state.
show pwa session Configuring Port Web Authentication (PWA) Parameters enable | disable Enables or disables PWA on the specified port. port‐string (Optionally) Enables or disables a specific port(s). For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. Defaults Enables or disables all ports if no port is specified. Mode Switch command, Read‐Write.
Configuring MAC Authentication show macauthentication Configuring MAC Authentication Purpose To review, disable, enable and configure MAC authentication. This allows the device to authenticate source MAC addresses in an exchange with an authentication server. The authenticator (switch) selects a source MAC seen on a MAC‐authentication enabled port, and submits it to a backend client for authentication.
show macauthentication Configuring MAC Authentication Parameters port‐string (Optional) Displays MAC authentication information for specific port(s). For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. Defaults If port‐string is not specified, MAC authentication information will be displayed for all ports. Mode Switch command, Read‐Only. Examples This example shows how to display MAC authentication information for ge.1.
Configuring MAC Authentication show macauthentication session Table 25-2 show macauthentication Output Details (continued) Output... What it displays... Port Port designation. For a detailed description of possible port-string values, refer to “Port String Syntax Used in the CLI” on page 4-2. Port State Whether or not MAC authentication is enabled or disabled on this port. Quiet Period Enables a reauthentication attempt for failed entries at the period specified in seconds.
set macauthentication Table 25-3 Configuring MAC Authentication show macauthentication session Output Details Output... What it displays... Port Port designation. For a detailed description of possible port-string values, refer to “Port String Syntax Used in the CLI” on page 4-2. MAC Address MAC address associated with the session. Duration Time this session has been active.
Configuring MAC Authentication clear macauthentication password Defaults None. Mode Switch command, Read‐Write. Examples This example shows how to set the MAC authentication password to “macauth”: Matrix(rw)->set macauthentication password macauth clear macauthentication password Use this command to clear the MAC authentication password. Syntax clear macauthentication password Parameters None. Defaults None. Mode Switch command, Read‐Write.
clear macauthentication significant-bits Configuring MAC Authentication Mode Switch command, Read‐Write. Examples This example shows how to set the MAC authentication significant bits to 24: Matrix(rw)->set macauthentication significant-bits 24 clear macauthentication significant-bits Use this command to clear the MAC authentication significant bits setting. Syntax clear macauthentication significant-bits Parameters None. Defaults None. Mode Switch command, Read‐Write.
Configuring MAC Authentication set macauthentication authallocated Usage Enabling port(s) for MAC authentication requires globally enabling MAC authentication on the device as described in “set macauthentication” on page 25‐29, and then enabling it on a port‐by‐ port basis. By default, MAC authentication is globally disabled and disabled on all ports. Example This example shows how to enable MAC authentication on ge.2.1 though 5: Matrix(rw)->set macauthentication port enable ge.2.
set macauthentication portinitialize Configuring MAC Authentication Defaults If port‐string is not specified the number of allowed authentication sessions will be cleared on all ports. Mode Switch command, Read‐Write. Example This example shows how to clear the number of allowed MAC authentication sessions on ge.2.1: Matrix(rw)->clear macauthentication authallocated ge.2.
Configuring MAC Authentication set macauthentication reauthentication Defaults None. Mode Switch command, Read‐Write. Example This example shows how to force the MAC authentication session for address 00‐60‐97‐b5‐4c‐07 to re‐initialize: Matrix(rw)->set macauthentication macinitialize 00-60-97-b5-4c-07 set macauthentication reauthentication Use this command to enable or disable reauthentication of all currently authenticated MAC addresses on one or more ports.
set macauthentication macreauthenticate Configuring MAC Authentication Parameters port‐string Specifies MAC authentication port(s) to be reauthenticated. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. Defaults None. Mode Switch command, Read‐Write. Example This example shows how to force ge.2.1 though 5 to reauthenticate: Matrix(rw)->set macauthentication portreauthentication ge.2.
Configuring MAC Authentication clear macauthentication reauthperiod Parameters time Specifies the number of seconds between reauthentication attempts. Valid values are 1 ‐ 4294967295. port‐string Specifies the port(s) on which to set the MAC reauthentication period. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. Defaults None. Mode Switch command, Read‐Write.
set macauthentication quietperiod Configuring MAC Authentication set macauthentication quietperiod Use this command to enable a reauthentication attempt for failed entries at the period specified in seconds. Syntax set macauthentication quietperiod time port-string Parameters time Specifies the number of seconds between reauthentication attempts. Valid values are 0 ‐ 4294967295. port‐string Specifies the port(s) on which to set the macauthentication quiet period.
Configuring MAC Authentication clear macauthentication quietperiod Usage The default value is 0 (never). Example This example shows how to clear the macauthentication quietperiod for port ge.1.1 Matrix(rw)->clear macauthentication quietperiod ge.1.
clear macauthentication quietperiod Configuring Convergence End Points (CEP) Phone Detection Configuring Convergence End Points (CEP) Phone Detection About CEP Phone Detection Convergence is a method to detect a remote IP telephony or video device and apply a policy to the connection port based on the type of CEP device found. When a convergence end point (CEP) is found, the global policy for CEP detection is applied to the user on that port.
Configuring Convergence End Points (CEP) Phone Detection show cep connections For information about... Refer to page... set cep detection-id type 25-45 set cep detection-id address 25-46 set cep detection-id protocol 25-46 set cep detection-id porthigh | portlow 25-47 set cep initialize 25-48 clear cep 25-49 show cep connections Use this command to display all learned CEPs. Syntax show cep connections port-string Parameters port‐string Displays CEP status for one or more ports.
show cep policy Configuring Convergence End Points (CEP) Phone Detection Parameters detection‐id (Optional) Show CEP detection parameters, based on the CEP configuration group id. Defaults If no detection‐id is specified, all CEP detection parameters are displayed. Mode Read‐Only.
Configuring Convergence End Points (CEP) Phone Detection show cep port Examples This example shows how to display CEP policy information: Matrix>show cep policy CEP default policies CEP Type Policy Index Policy Name -------- ------------ ------------ cisco 13 Cisco IP Phone siemens 9 IP Phone Siemens h323 3 IP Phone Avaya sip 0 show cep port Use this command to display enable status of all supported CEP types.
set cep port Configuring Convergence End Points (CEP) Phone Detection Defaults Disabled. Mode Switch command, Read‐Write. Example This example shows how to globally enable CEP detection: Matrix>set cep enable set cep port Use this command to enable or disable a CEP detection type on one or more ports. Syntax set cep port port-string {cisco | h323 | lldp-med | siemens | sip} {enable | disable} Parameters port‐string Specifies the port(s) to enable or disable.
Configuring Convergence End Points (CEP) Phone Detection set cep detection-id Parameters cisco Set the Cisco global default policy index. h323 Set the H323global default policy index. siemens Set the Siemens global default policy index. sip Set the SIP global default policy index. index Set the policy index value. This must be configured using the policy management commands described in Chapter 8. Valid values are 1 ‐ 65535. Defaults None. Mode Switch command, Read‐Write.
set cep detection-id type Configuring Convergence End Points (CEP) Phone Detection Usage This command applies only to Siemens, H.323, and SIP phone detection. Cisco detection uses CiscoDP as its discovery method. Example This example shows how to create CEP detection group 1: Matrix>set cep detection-id 1 create set cep detection-id type Use this command to specify whether a phone detection group will use H.323, Siemens or SIP as its phone discovery type.
Configuring Convergence End Points (CEP) Phone Detection set cep detection-id address set cep detection-id address Use this command to set an H.323, Siemens, or SIP phone detection group’s IP address or mask. Syntax set cep detection-id id address { ip-address | unknown } mask {mask | unknown } Parameters id Specifies a CEP configuration group ID. This group must be created and enabled using the set cep detection‐id command as described in “set cep detection‐id” on page 25‐44.
set cep detection-id porthigh | portlow Configuring Convergence End Points (CEP) Phone Detection Parameters id Specifies a CEP configuration group ID. This group must be created and enabled using the set cep detection‐id command as described in “set cep detection‐id” on page 25‐44. Valid values are 1 ‐ 2147483647. tcp | udp | both | none Sets the CEP IP protocol type to be used for detection as: • TCP • UDP • Both UDP and TCP • None Defaults None. Mode Switch command, Read‐Write.
Configuring Convergence End Points (CEP) Phone Detection set cep initialize Mode Switch command, Read‐Write. Usage This command applies only to Siemens, H.323, and SIP phone detection. Cisco detection uses CiscoDP as its discovery method. Once UDP and/or TCP phone detection has been specified using the set cep detection‐id protocol command as described in “set cep detection‐id protocol” on page 25‐46, the protocols will use this port range for detection matching.
clear cep Configuring Convergence End Points (CEP) Phone Detection clear cep Use this command to clear convergence end points parameters. Syntax clear cep {all | policy | detection [detection-id] | users [port-string] | port [port-string {all | cisco | h323 | siemens |sip} ] } Parameters all Restores factory defaults to all CEP configuration information. policy Restore factory defaults to CEP policy configuration.
RADIUS Filter-ID Attribute and Dynamic Policy Profile Assignment clear cep RADIUS Filter-ID Attribute and Dynamic Policy Profile Assignment If you configure an authentication method that requires communication with a RADIUS server, you can use the RADIUS Filter‐ID attribute to dynamically assign a policy profile and/or management level to authenticating users and/or devices.
show authentication login Setting the Authentication Login Method For information about... Refer to page... show authentication login 25-51 set authentication login 25-51 clear authentication login 25-52 show authentication login Use this command to display the current authentication login method. Syntax show authentication login Parameters None. Defaults None. Mode Switch command, Read‐Only.
Setting the Authentication Login Method clear authentication login Defaults None. Mode Switch command, Read‐Write. Example This example shows how to set the authentication login method to use the local password settings: Matrix(rw)->set authentication login local clear authentication login Use this command to reset the authentication login method to the default setting of “any”. Syntax clear authentication login Parameters None. Defaults None. Mode Switch command, Read‐Write.
show radius Configuring RADIUS Configuring RADIUS Purpose To perform the following: • Review the RADIUS client/server configuration on the device. • Enable or disable the RADIUS client. • Set local and remote login options. • Set primary and secondary server parameters, including IP address, timeout period, authentication realm, and number of user login attempts allowed. • Reset RADIUS server settings to default values. • Configure a RADIUS accounting server. Commands For information about...
Configuring RADIUS set radius Defaults If no parameters are specified, all RADIUS configuration information will be displayed. Mode Switch command, Read‐Only. Example This example shows how to display RADIUS configuration information: Matrix(rw)->show radius RADIUS state: Enabled RADIUS retries: 2 RADIUS timeout: 3 seconds RADIUS Server IP Address -- --------------- --------1 100.10.0.
clear radius Configuring RADIUS timeout timeout Specifies the maximum amount of time (in seconds) to establish contact with the RADIUS server before retry attempts begin. Valid values are from 1 to 30. Default is 20 seconds. server index ip_address port Specifies the index number, IP address and the UDP authentication port for the RADIUS server. secret‐value (Optional) Specifies an encryption key to be used for authentication between the RADIUS client and server.
Configuring RADIUS show radius accounting Parameters state (Optional) Resets the RADIUS client state to the default setting of disabled. retries (Optional) Resets the maximum number of attempts a user can contact the RADIUS server before timing out to 3. timeout (Optional) Resets the maximum amount of time to establish contact with the RADIUS server before timing out to 20 seconds. server (Optional) Deletes server settings. realm (Optional) Resets the realm setting to allowing any authentication.
set radius accounting Configuring RADIUS Defaults If no parameters are specified, all RADIUS accounting configuration information will be displayed. Mode Switch command, Read‐Only. Example This example shows how to display RADIUS accounting configuration information. In this case, RADIUS accounting is enabled and global default settings have not been changed. One server has been configured.
Configuring RADIUS clear radius accounting index | all Applies the settings to a specific RADIUS accounting server or to all. server ip_address port server‐secret Specifies the accounting server’s: • IP address • UDP authentication port (0 ‐ 65535) • server‐secret (Read‐Write password to access this accounting server. Device will prompt for this entry upon creating a server instance, as shown in the example below.) Defaults None. Mode Switch command, Read‐Write.
clear radius accounting Configuring RADIUS Defaults None. Mode Switch command, Read‐Write.
Configuring RFC 3580 show vlanauthorization Configuring RFC 3580 About RFC 3580 RFC 3580 provides suggestions on how 802.1x Authenticators should leverage RADIUS as the backend AAA infrastructure. RFC 3580 is divided into several major sections: RADIUS Accounting, RADIUS Authentication, RC4 EAPOL‐Key‐Frame Discussions, and Security Considerations. Upon detection, End‐Points (PCs, IP Phones, etc.
set vlanauthorization Configuring RFC 3580 Mode Switch command, Read‐Only. Example This example shows how to display VLAN Authorization configuration information for ports ge.1.1‐3: Matrix(su)->show vlanauthorization ge.1.1-3 VLAN Authorization Global Status: VLAN Authorization Table Port Status enabled : Admin Egress Oper Egress VLAN ID -------------------------------------------------------------ge.1.1 enabled untagged untagged 4094 ge.1.2 disabled untagged untagged none ge.1.
Configuring RFC 3580 clear vlanauthorization Example This example shows how to enable VLAN Authorization: Matrix(su)->set vlanauthorization enable This example shows how to enable VLAN Authorization for port ge.1.1 for tagged packets: Matrix(su)->set vlanauthorization port ge.1.1 enable tagged clear vlanauthorization Use this command to clear the VLAN Authorization attributes to the defaults.
show tacacs Configuring TACACS+ Configuring TACACS+ Purpose To perform the following: • Review the TACACS+ client and server configurations on the device. • Enable or disable the TACACS+ client. • Set local and remote login options. • Set server parameters, including IP address, timeout period, server port, and secret. • Reset TACACS+ client and server settings to default values. Commands For information about... Refer to page...
Configuring TACACS+ show tacacs Mode Switch command, Read‐Only.
set tacacs Configuring TACACS+ set tacacs Use this command to enable or disable the TACACS+ client. Syntax set tacacs {enable | disable} Parameters enable | disable Enables or disables the TACACS client. Defaults None. Mode Switch command, Read‐Write. Usage The TACACS+ client can be enabled on the switch anytime, with or without a TACACS+ server online. If the TACACS+ server is offline and TACACS+ is enabled, the login authentication is switched to RADIUS or local, if enabled.
Configuring TACACS+ set tacacs server Example This example displays configuration information for all configured TACACS+ servers. Matrix(ro)->show tacacs server all TACACS+ Server IP Address Port Timeout Status -------------- --------------- ----- ------- ------- 1 192.168.10.10 49 10 Active 2 192.168.1.116 49 10 Active set tacacs server Use this command to configure the TACACS+ server(s) to be used by the TACACS+ client.
clear tacacs server Configuring TACACS+ clear tacacs server Use this command to remove one or all configured TACACS+ servers, or to return the timeout value to its default value for one or all configured TACACS+ servers. Syntax clear tacacs server {all | index} [timeout] Parameters all Specifies that all configured TACACS+ servers should be affected. index Specifies one TACACS+ server to be affected. timeout (Optional) Return the timeout value to its default value of 10 seconds.
Configuring TACACS+ set tacacs session Matrix(ro)->show tacacs session authorization TACACS+ service: exec TACACS+ session authorization A-V pairs: access level attribute value read-only 'priv-lvl' '0' read-write 'priv-lvl' '1' super-user 'priv-lvl' '15' This example shows how to display client session accounting state.
clear tacacs session Configuring TACACS+ Mode Switch command, Read‐Write. Usage When session accounting is enabled, the TACACS+ server will log accounting information, such as start and stop times, IP address of the client, and so forth, for each authorized client session.
Configuring TACACS+ show tacacs command Defaults At least one of the session authorization parameters must be specified. Mode Switch command, Read‐Write. Examples This example shows how to return only the service name to the default of “exec.” Matrix(rw)->clear tacacs session authorization service This example shows how to return all the session authorization parameters to their default values.
set tacacs command Configuring TACACS+ set tacacs command Use this command to enable or disable TACACS+ accounting or authorization on a per‐command basis. Syntax set tacacs command {accounting | authorization} {enable | disable} Parameters accounting | authorization Specifies either TACACS+ accounting or authorization to be enabled or disabled. enable | disable Enable or disable accounting or authorization on a per‐command basis. Defaults None. Mode Switch command, Read‐Write.
Configuring TACACS+ set tacacs singleconnect Defaults If state is not specified, all single connection configuration parameters are displayed (which at this time includes only the enabled/disabled state). Mode Switch command, Read‐Write. Example This example shows how to display the state of the TACACS+ client’s ability to send multiple requests over a single connection.
26 RADIUS Snooping Configuration This chapter describes the RADIUS Snooping commands and how to use them. Note: An Enterasys Feature Guide document that contains a complete discussion on RADIUS Snooping configuration exists at the following Enterasys web site: http://www.enterasys.
Understanding RADIUS Snooper set radius-snooping • Globally enable RS on the switch • Enable RS on those ports you wish enabled for snooping • Optionally change the period RS will wait for a RADIUS response frame from the server • Manually populate the RADIUS flow table with RS clients and RADIUS servers Command options also are available to: • Terminate all sessions on the system for the specified port or for the specified MAC address • Reset all RS configuration to the default values • Clea
set radius-snooping timeout Understanding RADIUS Snooper Parameters enable Globally enables RS on this device. disable Globally disables RS on this device. Defaults None. Mode Read‐Write. Usage This command does not enable RS on the ports for this device. To enable ports for RS see the command set radius‐snooping port on page 26‐4.
Understanding RADIUS Snooper set radius-snooping port Example This example shows how to set the RS timeout to 30 seconds: Matrix(rw)->set radius-snooping timeout 30 set radius-snooping port Use this command to enable RS on all or the specified port(s). Syntax set radius-snooping port [enable | disable] [timeout seconds] [drop {enable | disable}] [authallocated number] [port-string] Parameters enable | disable Enables or disables RS functionality on the specified port(s). Disabled by default.
set radius-snooping flow Understanding RADIUS Snooper Example This example enables RS on ports ge.1.10 through ge.1.15, sets the timeout to 15 seconds and enables drop: Matrix(rw)->set radius-snooping enable timeout 15 drop enable ge.1.10-15 set radius-snooping flow Use this command to provide for the entering of RADIUS client and server session flow entries into the RS flow table.
Understanding RADIUS Snooper set radius-snooping initialize set radius-snooping initialize Use this command to terminate all RS sessions on the system for the specified port or MAC address. Syntax set radius-snooping initialize {port port-string | mac-address} Parameters port port‐string Specifies the port(s) to initialize. Use *.*.* for all ports. mac‐address Specifies the MAC address to initialize. Defaults None. Mode Read‐write.
clear radius-snooping flow Understanding RADIUS Snooper clear radius-snooping flow Use this command to clear all entries or the specified index entry from the RS flow table. Syntax clear radius-snooping flow {all | index} Parameters all Specifies that all flow table entries are to be cleared. index Specifies a specific flow table index entry to be cleared. Defaults None. Mode Read‐write. Usage Use the index value to clear flows for a particular port.
Understanding RADIUS Snooper show radius-snooping port Example This example shows how to display RADIUS configuration information: Matrix(rw)->show radius-snooping RADIUS Snooping: Enabled Number of configured flows: 2 Active sessions: 12 Enabled ports: fe.1.1-fe.1.8; fe.1.22 Table 26-1 Radius-Snooping Settings Output... What it displays... RADIUS Snooping Specifies whether RS is globally enabled or disabled.
show radius-snooping flow Understanding RADIUS Snooper Table 26-2 Radius-Snooping Port Settings Output... What it displays... Port Specifies the port(s) currently enabled for RS. Port State Specifies the actual port state. Timeout Specifies the amount of time in seconds before the session will be terminated if no response is seen from the RADIUS server once a request is seen from the client. Drop State Specifies whether Drop State is enabled or disabled for sessions on this port.
Understanding RADIUS Snooper show radius-snooping session Total RADIUS Access Accepts : 212 Total RADIUS Access Rejects : 26 Invalid RADIUS Request packets : 0 Invalid RADIUS Response packets: 0 Total Dropped Packets Table 26-3 : 0 Radius-Snooping Flow Settings Output... What it displays... FlowID Specifies the index ID for this flow. Client IP Specifies the client IP address for this flow. Server IP Specifies the server IP address for this flow.
show radius-snooping session Understanding RADIUS Snooper Defaults None. Mode Read‐Only. Examples This example displays RADIUS configuration information for port fe.1.1: Matrix(rw)->show radius-snooping session port fe.1.1 Port MAC Address Duration fe.1.1 00-0E-0C-12-13-14 00:02:36 Table 26-4 Radius-Snooping Session Port Settings Output... What it displays... MAC Address Specifies the MAC address associated with the session information in this display.
Understanding RADIUS Snooper 26-12 RADIUS Snooping Configuration show radius-snooping session
27 MultiAuth Configuration This chapter describes the MultiAuth set of commands and how to use them. Multiple User Multiple Authentication – allows multiple users on a given port to simultaneously authenticate using any or all of the supported protocols (MAC Authentication, PWA, 802.1X, and CEP), and for each authenticated user to receive a unique level of network access.
Configuring Multiple Authentication set multiauth mode Commands For information about... Refer to page...
clear multiauth mode Configuring Multiple Authentication Defaults None. Mode Switch command, Read‐Write. Example This example shows how to enable multiple authentication: Matrix(rw)->set multiauth mode multi clear multiauth mode Use this command to clear the system authentication mode. Syntax clear multiauth mode Parameters None. Defaults None. Mode Switch command, Read‐Write.
Configuring Multiple Authentication show multiauth counters Example This example shows how to display multiple authentication session‐timeout values, for an active session: Matrix(su)->show multiauth Multiple authentication system configuration ------------------------------------------------Supported types : dot1x, pwa, mac, cep Maximum number of users : 2048 Current number of users : 1 System mode : multi Default precedence : dot1x, pwa, mac, cep Admin precedence : dot1x, mac, pwa, cep Opera
set multiauth precedence Configuring Multiple Authentication lag.0.46 0 0 0 0 lag.0.47 0 0 0 0 lag.0.48 0 0 0 0 set multiauth precedence Use this command to set the system’s multiple authentication administrative precedence. Syntax set multiauth precedence {[dot1x] [mac] [pwa] [cep]} Parameters dot1x Sets precedence for 802.1X authentication. mac Sets precedence for MAC authentication. pwa Sets precedence for port web authentication.
Configuring Multiple Authentication show multiauth port Mode Switch command, Read‐Write. Example This example shows how to clear the multiple authentication precedence: Matrix(rw)->clear multiauth precedence show multiauth port Use this command to display multiple authentication properties for one or more ports. Syntax show multiauth port [port-string] Parameters port‐string (Optional) Displays multiple authentication information for specific port(s).
clear multiauth port Configuring Multiple Authentication Parameters mode auth‐opt | auth‐reqd | force‐ auth | force‐unauth Specifies the port(s)’ multiple authentication mode as: • auth‐opt — Authentication optional • auth‐reqd — Authentication required • force‐auth — Authentication considered • force‐unauth — Authentication disabled numusers numusers Specifies the number of users allowed authentication on port(s).
Configuring Multiple Authentication show multiauth station show multiauth station Use this command to display multiple authentication station (end user) entries. Syntax show multiauth station [mac address] [port port-string] Parameters mac address (Optional) Displays multiple authentication station entries for specific MAC address(es). port port‐string (Optional) Displays multiple authentication station entries for specific port(s).
show multiauth session Configuring Multiple Authentication Mode Switch command, Read‐Write. Example This example shows how to clear the multiple authentication station entry associated with port fe.1.20: Matrix(rw)->clear multiauth station port fe.1.20 show multiauth session Use this command to display multiple authentication session entries.
Configuring Multiple Authentication show multiauth idle-timeout Termination time: Not Terminated show multiauth idle-timeout Use this command to display the multiple authentication timeout value for an idle session. Syntax show multiauth idle-timeout Parameters None. Defaults None. Mode Switch command, Read‐Only. Usage This will display the idle‐timeout values, in seconds, for the following authentication types: dot1x, pwa, mac, and cep.
clear multiauth idle-timeout Configuring Multiple Authentication mac (Optional) Specifies the authentication type Enterasys Mac Authentication. pwa (Optional) Specifies the authentication type Enterasys Port Web Authentication. timeout Specifies the timeout value in seconds. The value can range from 0 to 65535. A value of 0 means that no idle timeout will be applied unless an idle timeout value is provided by the authenticating server. The default timeout value is 300 seconds.
Configuring Multiple Authentication show multiauth session-timeout Defaults If no authentication type is specified, the idle timeout value is returned to 300 seconds for all authentication types. Mode Switch command, Read‐Write.
set multiauth session-timeout Configuring Multiple Authentication set multiauth session-timeout Use this command to set the maximum number of seconds an authenticated session may last before termination of the session. Syntax set multiauth session-timeout [cep | dot1x | mac | pwa] timeout Parameters cep (Optional) Specifies the authentication type Enterasys Convergence End Point Authentication. dot1x (Optional) Specifies the authentication type IEEE 802.1X Port‐Based Network Access Control.
Configuring Multiple Authentication clear multiauth session-timeout clear multiauth session-timeout Use this command to clear session‐timeout values, for one or all authentication methods, back to the default values. Syntax clear multiauth session-timeout [cep | dot1x | mac | pwa] Parameters cep (Optional) Specifies the authentication type Enterasys Convergence End Point Authentication. dot1x (Optional) Specifies the authentication type IEEE 802.1X Port‐Based Network Access Control.
clear multiauth trap Configuring Multiple Authentication Parameters system Configures multiauth system trap settings as follows: enabled - traps are sent when max users reached in system disabled - traps are not sent when max users reached in system module Configures multiauth module trap settings as follows: enabled - traps are sent when max users reached in module disabled - traps are not sent when max users reached in module port portstring Configures multiauth port trap settings for the port spec
Configuring Multiple Authentication show multiauth trap terminated Enables sending terminated traps for the specified port. max‐reached Enables sending max number users reached traps for the specified port. Defaults None. Mode Switch command, Read‐Write. Examples This example shows how to disable the multiauth system trap setting: Matrix(rw)->clear multiauth trap system This example shows how to disable all multiauth port trap settings: Matrix(rw)->clear multiauth trap port ge.1.
show multiauth trap Configuring Multiple Authentication Matrix(rw)-> This example shows how to display multiple authentication trap system settings: Matrix(rw)->show multiauth trap system System : Disabled Matrix(rw)-> Enterasys Matrix N Standalone (NSA) Series Configuration Guide 27-17
Configuring Multiple Authentication 27-18 MultiAuth Configuration show multiauth trap
Index Numerics 802.1D 6-1 802.1Q 7-1 802.1w 6-1 802.
Login administratively configured 2-8 default 2-8 setting accounts 2-15 via Telnet 2-8 Loop Protect about 6-2 configuring 6-65 Loopback Interfaces 16-1 LSNAT 18-1, 19-1 configuration mode, enabling 21-22 configuration tasks 21-19 cost 21-24, 21-34 debugging 21-50 hello packet intervals 21-28 information, displaying 21-42 to 21-48 link state advertisements 21-43 neighbors 21-47 networks 21-23 priority 21-25 redistribute 21-37 retransmit interval 21-26 timers 21-26 transmit delay 21-27 virtual links 21-35, 2
Spanning Tree bridge parameters 6-3 features 6-2 Loop Protect feature 6-2 port parameters 6-49 Rapid Spanning Tree Protocol (RSTP) 6-1 Split Horizon 21-15 Stub Areas 21-33 Syslog 10-1 System Information displaying basic 2-34 setting basic 2-30 VRRP authentication 21-70 configuration mode, enabling 21-61 creating a session 21-62 critical IP 21-66 enabling on an interface 21-69 priority 21-64 virtual router address 21-63 W WebView 1-2, 2-7 T Technical Support 1-2 Telnet disconnecting 11-7 enabling in switc
Index-4
