Enterasys Matrix DFE-Gold Series Configuration Manual

Enterasys networks switch configuration guide

page of 944

/ 944
Contents
Table of Contents
Bookmarks

Table of Contents

Quick Links

Enterasys Matrix

DFE-Gold

Configuration Guide

Firmware Version 6.11.xx

P/N

9033933-15

Table of Contents

Summary of Contents for Enterasys Enterasys Matrix DFE-Gold Series

Page 1 Enterasys Matrix DFE-Gold Configuration Guide Firmware Version 6.11.xx 9033933-15 ®...
Page 3 Notice Enterasys Networks reserves the right to make changes in specifications and other information contained in this document and its web site without prior notice. The reader should in all cases consult Enterasys Networks to determine whether any such changes have been made. The hardware, firmware, or software described in this document is subject to change without notice. IN NO EVENT SHALL ENTERASYS NETWORKS BE LIABLE FOR ANY INCIDENTAL, INDIRECT, SPECIAL, OR CONSEQUENTIAL DAMAGES WHATSOEVER (INCLUDING BUT NOT LIMITED TO LOST PROFITS) ARISING OUT OF OR RELATED TO THIS DOCUMENT, WEB SITE, OR THE INFORMATION CONTAINED IN THEM, EVEN IF ENTERASYS NETWORKS HAS BEEN ADVISED OF, KNEW OF, OR SHOULD HAVE KNOWN OF, THE POSSIBILITY OF SUCH DAMAGES. Enterasys Networks, Inc. 50 Minuteman Road Andover, MA 01810 © 2008 Enterasys Networks, Inc. All rights reserved. Part Number: 9033933‐15 September 2008 ENTERASYS, ENTERASYS NETWORKS, ENTERASYS MATRIX, ENTERASYS NETSIGHT, LANVIEW, WEBVIEW, and any logos associated therewith, are trademarks or registered trademarks of Enterasys Networks, Inc., in the United States and other countries. For a complete list of Enterasys trademarks, see http://www.enterasys.com/company/trademarks.aspx. All other product names mentioned in this manual may be trademarks or registered trademarks of their respective companies. Documentation URL: http://www.enterasys.com/support/manuals Documentacion URL: http://www.enterasys.com/support/manuals Dokumentation im Internet: http://www.enterasys.com/support/manuals...
Page 4 Enterasys Networks, Inc. Software License Agreement This document is an agreement (“Agreement”) between You, the end user, and Enterasys Networks, Inc. on behalf of itself and its Affiliates (“Enterasys”) that sets forth your rights and obligations with respect to the software contained in CD‐ROM or other media. “Affiliates” means any person, partnership, corporation, limited liability company, or other form of enterprise that directly or indirectly through one or more intermediaries, controls, or is controlled by, or is under common control with the party specified. BY INSTALLING THE ENCLOSED PRODUCT, YOU ARE AGREEING TO BECOME BOUND BY THE TERMS OF THIS AGREEMENT, WHICH INCLUDES THE LICENSE AND THE LIMITATION OF WARRANTY AND DISCLAIMER OF LIABILITY. IF YOU DO NOT AGREE TO THE TERMS OF THIS AGREEMENT, RETURN THE UNOPENED PRODUCT TO ENTERASYS OR YOUR DEALER, IF ANY, WITHIN TEN (10) DAYS FOLLOWING THE DATE OF RECEIPT FOR A FULL REFUND. IF YOU HAVE ANY QUESTIONS ABOUT THIS AGREEMENT, CONTACT ENTERASYS NETWORKS, INC. (978) 684‐1000. Attn: Legal Department. Enterasys will grant You a non‐transferable, non‐exclusive license to use the machine‐readable form of software (the “Licensed Software”) and the accompanying documentation (the Licensed Software, the media embodying the Licensed Software, and the documentation are collectively referred to in this Agreement as the “Licensed Materials”) on one single computer if You agree to the following terms and conditions: TERM. This Agreement is effective from the date on which You open the package containing the Licensed Materials. You may terminate the Agreement at any time by destroying the Licensed Materials, together with all copies, modifications and merged portions in any form. The Agreement and your license to use the Licensed Materials will also terminate if You fail to comply with any term or condition herein. GRANT OF SOFTWARE LICENSE. The license granted to You by Enterasys when You open this sealed package authorizes You to use the Licensed Software on any one, single computer only, or any replacement for that computer, for internal use only. A separate license, under a separate Software License Agreement, is required for any other computer on which You or another individual or employee intend to use the Licensed Software. YOU MAY NOT USE, COPY, OR MODIFY THE LICENSED MATERIALS, IN WHOLE OR IN PART, EXCEPT AS EXPRESSLY PROVIDED IN THIS AGREEMENT. RESTRICTION AGAINST COPYING OR MODIFYING LICENSED MATERIALS. Except as expressly permitted in this Agreement, You may not copy or otherwise reproduce the Licensed Materials. In no event does the limited copying or reproduction permitted under this Agreement include the right to decompile, disassemble, electronically transfer, or reverse engineer the Licensed Software, or to translate the Licensed Software into another computer language. The media embodying the Licensed Software may be copied by You, in whole or in part, into printed or machine readable form, in sufficient numbers only for backup or archival purposes, or to replace a worn or defective copy. However, You agree not to have more than two (2) copies of the Licensed Software in whole or in part, including the original media, in your ...
Page 5 PROTECTION AND SECURITY. In the performance of this Agreement or in contemplation thereof, You and your employees and agents may have access to private or confidential information owned or controlled by Enterasys relating to the Licensed Materials supplied hereunder including, but not limited to, product specifications and schematics, and such information may contain proprietary details and disclosures. All information and data so acquired by You or your employees or agents under this Agreement or in contemplation hereof shall be and shall remain Enterasys’ exclusive property, and You shall use your best efforts (which in any event shall not be less than the efforts You take to ensure the confidentiality of your own proprietary and other confidential information) to keep, and have your employees and agents keep, any and all such information and data confidential, and shall not copy, publish, or disclose it to others, without Enterasys’ prior written approval, and shall return such information and data to Enterasys at its request. Nothing herein shall limit your use or dissemination of information not actually derived from Enterasys or of information which has been or subsequently is made public by Enterasys, or a third party having authority to do so. You agree not to deliver or otherwise make available the Licensed Materials or any part thereof, including without limitation the object or source code (if provided) of the Licensed Software, to any party other than Enterasys or its employees, except for purposes specifically related to your use of the Licensed Software on a single computer as expressly provided in this Agreement, without the prior written consent of Enterasys. You agree to use your best efforts and take all reasonable steps to safeguard the Licensed Materials to ensure that no unauthorized personnel shall have access thereto and that no unauthorized copy, publication, disclosure, or distribution, in whole or in part, in any form shall be made, and You agree to notify Enterasys of any unauthorized use thereof. You acknowledge that the Licensed Materials contain valuable confidential information and trade secrets, and that unauthorized use, copying and/or disclosure thereof are harmful to Enterasys or its Affiliates and/or its/their software suppliers. MAINTENANCE AND UPDATES. Updates and certain maintenance and support services, if any, shall be provided to You pursuant to the terms of an Enterasys Service and Maintenance Agreement, if Enterasys and You enter into such an agreement. Except as specifically set forth in such agreement, Enterasys shall not be under any obligation to provide Software Updates, modifications, or enhancements, or Software maintenance and support services to You. DEFAULT AND TERMINATION. In the event that You shall fail to keep, observe, or perform any obligation under this Agreement, including a failure to pay any sums due to Enterasys, or in the event that You become insolvent or seek protection, voluntarily or involuntarily, under any bankruptcy law, Enterasys may, in addition to any other remedies it may have under law, terminate the License and any other agreements between Enterasys and You. (a) Immediately after any termination of the Agreement or if You have for any reason discontinued use of Software, You shall return to Enterasys the original and any copies of the Licensed Materials and remove the Licensed Software from any modular works made pursuant to Section 3, and certify in writing that through your best efforts and to the best of your knowledge the original and all copies of the terminated or discontinued Licensed Materials have been returned to Enterasys. (b) Sections 4, 5, 7, 8, 9, 10, 11, and 12 shall survive termination of this Agreement for any reason. EXPORT REQUIREMENTS. You understand that Enterasys and its Affiliates are subject to regulation by agencies of the U.S. Government, including the U.S. Department of Commerce, which prohibit export or diversion of certain technical products ...
Page 6 UNITED STATES GOVERNMENT RESTRICTED RIGHTS. The Licensed Materials (i) were developed solely at private expense; (ii) contains “restricted computer software” submitted with restricted rights in accordance with section 52.227‐19 (a) through (d) of the Commercial Computer Software‐Restricted Rights Clause and its successors, and (iii) in all respects is proprietary data belonging to Enterasys and/or its suppliers. For Department of Defense units, the Licensed Materials are considered commercial computer software in accordance with DFARS section 227.7202‐3 and its successors, and use, duplication, or disclosure by the U.S. Government is subject to restrictions set forth herein. 10. LIMITED WARRANTY AND LIMITATION OF LIABILITY. The only warranty Enterasys makes to You in connection with this license of the Licensed Materials is that if the media on which the Licensed Software is recorded is defective, it will be replaced without charge, if Enterasys in good faith determines that the media and proof of payment of the license fee are returned to Enterasys or the dealer from whom it was obtained within ninety (90) days of the date of payment of the license fee. NEITHER ENTERASYS NOR ITS AFFILIATES MAKE ANY OTHER WARRANTY OR REPRESENTATION, EXPRESS OR IMPLIED, WITH RESPECT TO THE LICENSED MATERIALS, WHICH ARE LICENSED ʺAS ISʺ. THE LIMITED WARRANTY AND REMEDY PROVIDED ABOVE ARE EXCLUSIVE AND IN LIEU OF ALL OTHER WARRANTIES, INCLUDING IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, WHICH ARE EXPRESSLY DISCLAIMED, AND STATEMENTS OR REPRESENTATIONS MADE BY ANY OTHER PERSON OR FIRM ARE VOID. ONLY TO THE EXTENT SUCH EXCLUSION OF ANY IMPLIED WARRANTY IS NOT PERMITTED BY LAW, THE DURATION OF SUCH IMPLIED WARRANTY IS LIMITED TO THE DURATION OF THE LIMITED WARRANTY SET FORTH ABOVE. YOU ASSUME ALL RISK AS TO THE QUALITY, FUNCTION AND PERFORMANCE OF THE LICENSED MATERIALS. IN NO EVENT WILL ENTERASYS OR ANY OTHER PARTY WHO HAS BEEN INVOLVED IN THE CREATION, PRODUCTION OR DELIVERY OF THE LICENSED MATERIALS BE LIABLE FOR SPECIAL, DIRECT, INDIRECT, RELIANCE, INCIDENTAL OR CONSEQUENTIAL DAMAGES, INCLUDING LOSS OF DATA OR PROFITS OR FOR INABILITY TO USE THE LICENSED MATERIALS, TO ANY PARTY EVEN IF ENTERASYS OR SUCH OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. IN NO EVENT SHALL ENTERASYS OR SUCH OTHER PARTYʹS LIABILITY FOR ANY DAMAGES OR LOSS TO YOU OR ANY OTHER PARTY EXCEED THE LICENSE FEE YOU PAID FOR THE LICENSED MATERIALS. Some states do not allow limitations on how long an implied warranty lasts and some states do not allow the exclusion or limitation of incidental or consequential damages, so the above limitation and exclusion may not apply to You. This limited warranty gives You specific legal rights, and You may also have other rights which vary from state to state. 11. JURISDICTION. The rights and obligations of the parties to this Agreement shall be governed and construed in accordance with the laws and in the State and Federal courts of the Commonwealth of Massachusetts, without regard to its rules with respect to choice of law. You waive any objections to the personal jurisdiction and venue of such courts. None of the 1980 United Nations Convention on the Limitation Period in the International Sale of Goods, and the Uniform Computer Information Transactions Act shall apply to this Agreement. 12. GENERAL. (a) This Agreement is the entire agreement between Enterasys and You regarding the Licensed Materials, and all prior agreements, representations, statements, and undertakings, oral or written, are hereby expressly superseded and ...
Page 7: Table Of Contents
About This Guide Using This Guide ...xxxiii Structure of This Guide ...xxxiii Related Documents ... xxxv Conventions Used in This Guide ... xxxv Getting Help ... xxxvi Chapter 1: Introduction Matrix DFE Series Features ... 1-1 Matrix Series CLI Overview ... 1-1 Device Management Methods ...
Page 8 clear ip gratuitous-arp ... 2-33 show system... 2-34 show system hardware... 2-35 show system utilization... 2-37 set system utilization threshold... 2-39 clear system utilization ... 2-40 show time ... 2-40 set time ... 2-41 show summertime ... 2-41 set summertime ... 2-42 set summertime date ...
Page 9 set inlinepower psetrap... 2-69 clear inlinepower psetrap... 2-69 show port inlinepower ... 2-70 set port inlinepower ... 2-70 clear port inlinepower ... 2-71 Reviewing and Selecting a Boot Firmware Image ... 2-72 Downloading a New Firmware Image ... 2-72 Purpose ... 2-74 Commands ...
Page 10 Purpose ... 2-101 Commands ... 2-101 show router... 2-102 clear router ... 2-102 router ... 2-103 Enabling Router Configuration Modes ... 2-103 Chapter 3: Discovery Protocols Configuration Displaying Neighbors ... 3-1 Purpose ... 3-1 Command ... 3-1 show neighbors ... 3-1 Enterasys Discovery Protocol ...
Page 11 clear lldp port trap ... 3-35 clear lldp port med-trap... 3-35 clear lldp port location-info... 3-36 clear lldp port network-policy ... 3-36 clear lldp port tx-tlv ... 3-37 Chapter 4: Port Configuration Port Configuration Summary ... 4-1 Port String Syntax Used in the CLI ... 4-2 Setting Console Port Properties ...
Page 12 Purpose ... 4-27 Commands ... 4-27 show port jumbo ... 4-27 set port jumbo... 4-28 clear port jumbo ... 4-28 Setting Auto-Negotiation and Advertised Ability ... 4-30 Purpose ... 4-30 Commands ... 4-30 show port negotiation ... 4-30 set port negotiation ... 4-31 show port mdix ...
Page 13 show lacp... 4-58 set lacp ... 4-59 clear lacp state ... 4-60 set lacp asyspri... 4-60 set lacp aadminkey... 4-61 clear lacp ... 4-61 set lacp static... 4-62 clear lacp static ... 4-63 show lacp singleportlag ... 4-63 set singleportlag ... 4-64 clear singleportlag ...
Page 14 show snmp context... 5-23 set snmp view... 5-24 clear snmp view... 5-25 Configuring SNMP Target Parameters ... 5-26 Purpose ... 5-26 Commands ... 5-26 show snmp targetparams ... 5-26 set snmp targetparams... 5-27 clear snmp targetparams... 5-28 Configuring SNMP Target Addresses ... 5-29 Purpose ...
Page 15 show spantree vlanlist ... 6-16 show spantree mstcfgid ... 6-17 set spantree mstcfgid ... 6-17 clear spantree mstcfgid ... 6-18 show spantree bridgeprioritymode ... 6-18 set spantree bridgeprioritymode ... 6-19 clear spantree bridgeprioritymode ... 6-19 show spantree priority ... 6-20 set spantree priority ...
Page 16 clear spantree newroottrapenable ... 6-45 clear spantree default ... 6-46 show spantree debug ... 6-46 clear spantree debug... 6-48 Configuring Spanning Tree Port Parameters ... 6-49 Purpose ... 6-49 Commands ... 6-49 show spantree portenable ... 6-50 set spantree portenable ... 6-50 clear spantree portenable ...
Page 17 show spantree nonforwardingreason ... 6-77 Chapter 7: 802.1Q VLAN Configuration VLAN Configuration Summary ... 7-1 Port Assignment Scheme ... 7-2 Port String Syntax Used in the CLI ... 7-2 Preparing for VLAN Configuration ... 7-2 About PVIDs and Policy Classification to a VLAN ... 7-2 Creating a Secure Management VLAN ...
Page 18 Purpose ... 8-2 Commands ... 8-2 show policy profile ... 8-2 set policy profile ... 8-3 clear policy profile ... 8-5 show policy invalid... 8-5 set policy invalid action... 8-6 clear policy invalid action ... 8-6 Assigning Classification Rules to Policy Profiles ... 8-7 Purpose ...
Page 19 show route-map ... 8-42 route-map ... 8-43 match ip address ... 8-44 set next hop ... 8-45 show ip policy ... 8-45 ip policy route-map ... 8-46 ip policy priority ... 8-47 ip policy load-policy ... 8-48 ip policy pinger... 8-48 Chapter 9: IGMP Configuration About IP Multicast Group Management ...
Page 20 set logging application ... 10-9 clear logging application ... 10-11 show logging local ... 10-11 set logging local... 10-12 clear logging local... 10-12 set logging here ... 10-13 clear logging here ... 10-13 show logging buffer ... 10-14 Chapter 11: Network Monitoring Configuration Monitoring Network Events and Status ...
Page 21 ... 11-40 set rmon capture... 11-41 clear rmon capture... 11-42 Chapter 12: Network Address and Route Management Configuration Managing Switch Network Addresses and Routes ... 12-1 Purpose ... 12-1 Commands ... 12-1 show arp ... 12-2 set arp... 12-3 clear arp...
Page 22 Chapter 14: Node Alias Configuration Configuring Node Aliases ... 14-1 Purpose ... 14-1 Commands ... 14-1 show nodealias... 14-1 show nodealias mac ... 14-2 show nodealias protocol ... 14-4 show nodealias config ... 14-5 set nodealias ... 14-6 set nodealias maxentries... 14-7 clear nodealias ...
Page 23 Reviewing and Configuring the ARP Table ... 16-12 Purpose ... 16-12 Commands ... 16-12 show ip arp ... 16-12 arp ... 16-14 ip gratuitous-arp... 16-15 ip gratuitous-arp-learning... 16-15 ip proxy-arp... 16-16 ip mac-address ... 16-17 arp timeout... 16-17 clear arp-cache ... 16-18 Configuring Broadcast Settings ...
Page 24 Chapter 18: Network Address Translation (NAT) Configuration Configuring Network Address Translation (NAT) ... 18-1 NAT Configuration Task List and Commands ... 18-2 ip nat... 18-3 ip nat pool ... 18-3 ip nat inside source list ... 18-4 ip nat inside source static (NAT)... 18-5 ip nat inside source static (NAPT) ...
Page 25 show ip slb conns ... 19-29 show ip slb stats ... 19-30 show ip slb sticky ... 19-31 clear ip slb ... 19-32 show router limits (LSNAT)... 19-32 set router limits (LSNAT) ... 19-33 clear router limits (LSNAT) ... 19-34 Chapter 20: DHCP Configuration DHCP Overview ...
Page 26 accept-lifetime ... 21-10 send-lifetime ... 21-11 ip rip authentication keychain ... 21-12 ip rip authentication mode ... 21-13 no auto-summary... 21-13 ip rip disable-triggered-updates ... 21-14 ip split-horizon poison ... 21-15 passive-interface ... 21-15 receive-interface ... 21-16 distribute-list ... 21-17 redistribute...
Page 27 Configuring IRDP ... 21-55 Purpose ... 21-55 Commands ... 21-55 ip irdp... 21-55 ip irdp maxadvertinterval ... 21-56 ip irdp minadvertinterval ... 21-56 ip irdp holdtime ... 21-57 ip irdp preference... 21-58 ip irdp address ... 21-58 no ip irdp multicast... 21-59 show ip irdp ...
Page 28 Configure the s1Server Server Farm ... 23-19 Configure the s2Server Server Farm ... 23-20 Configure the cache1 Web Cache ... 23-21 Configure the Switch and Router ... 23-21 Chapter 24: Security Configuration Overview of Security Methods ... 24-1 Configuring MAC Locking ... 24-2 Purpose ...
Page 29 show access-lists... 24-15 access-list (standard) ... 24-16 access-list (extended)... 24-17 ip access-group ... 24-20 Configuring Denial of Service (DoS) Prevention ... 24-22 Purpose ... 24-22 Commands ... 24-22 show hostdos... 24-22 hostdos ... 24-23 clear hostdos-counters ... 24-24 Configuring Flow Setup Throttling (FST) ... 24-25 About FST ...
Page 30 set pwa enhancedmode ... 25-20 set pwa guestname ... 25-21 clear pwa guestname ... 25-21 set pwa guestpassword ... 25-22 set pwa gueststatus... 25-22 set pwa initialize ... 25-23 set pwa quietperiod ... 25-23 set pwa maxrequests... 25-24 set pwa portcontrol ... 25-24 show pwa session ...
Page 31 set authentication login... 25-51 clear authentication login... 25-52 Configuring RADIUS ... 25-53 Purpose ... 25-53 Commands ... 25-53 show radius ... 25-53 set radius ... 25-54 clear radius ... 25-55 show radius accounting ... 25-56 set radius accounting... 25-57 clear radius accounting... 25-58 Configuring RFC 3580 ...
Page 32 TWCB Configuration Overview... 23-2 23-2 TWCB Configuration Example Overview... 23-19 Tables Default Device Settings for Basic Switch Operation ... 2-2 Default Device Settings for Router Mode Operation ... 2-5 show system login Output Details ... 2-16 show system lockout Output Details... 2-24 Show System Output Display ...
Page 33 show port advertise Output Details... 4-34 show port flow control Output Details ... 4-38 show linkflap parameters Output Details ... 4-42 show linkflap metrics Output Details... 4-42 show port broadcast Output Details ... 4-50 LACP Terms and Definitions ... 4-56 show lacp Output Details...
Page 34 19-1 LSNAT Configuration Task List and Commands ... 19-5 19-2 show ip slb reals Output Details ... 19-12 19-3 show ip slb vservers Output Details ... 19-20 19-4 show ip slb conns Output Details ... 19-30 20-1 DHCP Server Supported Options... 20-2 20-2 DHCP Command Modes ...
Page 35: About This Guide
IRDP, and VRRP. • Configure security protocols, including 802.1X and RADIUS, SSHv2, MAC locking, MAC authentication, multiple authentication, DoS attack prevention, and flow setup throttling. • Configure policy‐based routing. • Configure access control lists (ACLs). Structure of This Guide The guide is organized as follows: Chapter 1, Introduction, provides an overview of the tasks that can be accomplished using the CLI interface, an overview of local management requirements, and information about obtaining technical support. Chapter 2, Startup and General Configuration, provides an overview of the device’s factory default settings and describes how to start the CLI interface, how to set basic system properties, how to download a firmware image, how to configure WebView and Telnet, how to manage configuration files, how to set the login password, how to exit the CLI, and how to prepare the device for router mode operation. Chapter 3, Discovery Protocols Configuration, describes how to configure the three discovery protocols supported by the firmware using CLI commands, including the Enterasys Discovery About This Guide ® DFE‐Gold Series switch/router devices. Important Notice Enterasys Matrix DFE-Gold Series Configuration Guide xxxiii...
Page 36 Structure of This Guide Protocol, the Cisco Discovery Protocol, and the IEEE 802.1AB Link Layer Discovery Protocol (LLDP) and LLDP Media Endpoint Discovery Protcol (LLDP‐MED). Chapter 4, Port Configuration, describes how to review and configure console port settings, and how to enable or disable switch ports and configure switch port settings, including port speed, duplex mode, auto‐negotiation, flow control, port mirroring, link aggegation and broadcast suppression. Chapter 5, SNMP Configuration, describes how to configure SNMP users and user groups, access rights, target addresses, and notification parameters. Chapter 6 Spanning Tree Configuration, describes how to review and set Spanning Tree bridge parameters for the device, including bridge priority, hello time, maximum aging time and forward delay; and how to review and set Spanning Tree port parameters, including port priority and path costs. Also describes how to configure the Loop Protect feature. Chapter 7, 802.1Q VLAN Configuration, describes how to create static VLANs, select the mode of operation for each port, establish VLAN forwarding (egress) lists, route frames according to VLAN ID, display the current ports and port types associated with a VLAN and protocol, create a secure management VLAN, and configure ports on the device as GVRP‐aware ports. Chapter 8, Policy Classification Configuration, describes how to create, change or remove user roles or profiles based on business‐specific use of network services; how to permit or deny access to specific services by creating and assigning classification rules which map user profiles to frame filtering policies; how to classify frames to a VLAN or Class of Service (CoS); and how to assign or unassign ports to policy profiles so that only ports activated for a profile will be allowed to transmit frames accordingly. Chapter 9, IGMP Configuration, describes how to configure Internet Group Management Protocol (IGMP) settings for multicast filtering, including IGMP query count, IGMP report delay and IGMP group status. Chapter 10, System Logging Configuration, describes how to configure and display statistics for Syslog. Chapter 11, Network Monitoring Configuration, describes how to manage general switch ...
Page 37: Related Documents
Chapter 23, Transparent Web Cache Balancing Configuration, describes how to configure and display statistics for Transparent Web Cache Balancing. Chapter 24, Security Configuration, describes how to configure Secure Shell server, MAC locking, policy‐based routing, and IP access control lists (ACLs), Denial of Service (DoS) prevention, and flow setup throttling. Chapter 25, Authentication Configuration, describes how to configure 802.1X Network Access Control, Port Web Authentication (PWA), MAC Authentication, and Convergence End Point (CEP), RADIUS server, TACACS+, and RFC3580. Chapter 26, RADIUS Snooping Configuration, describes how to configure and display statistics for the RADIUS Snooping authentication method. Chapter 27, MultiAuth Configuration, describes how to configure Multi‐Authentication. Related Documents The following Enterasys Networks documents may help you to set up, control, and manage the Matrix Series device: • Matrix Series Installation Guide(s) • Matrix WebView User’s Guide • A series of Enterasys feature guides that provide overviews of key switching and routing features of the Matrix DFE products, detailed descriptions of feature operation, and configuration examples. Documents listed above, can be obtained from the World Wide Web in Adobe Acrobat Portable Document Format (PDF) at the following web site: http://www.enterasys.com/support/manuals/ Enterasys Matrix DFE-Gold Series Configuration Guide xxxv Related Documents...
Page 38: Conventions Used In This Guide
Conventions Used in This Guide Conventions Used in This Guide The following conventions are used in the text of this document: Convention Bold font italic font Courier font Courier font in italics [x | y | z] {x | y | z} [x {y | z} ] The following icons are used in this guide: Note: Calls the reader’s attention to any item of information that may be of special importance. Router: Calls the reader’s attention to router-specific commands and information.
Page 39: Getting Help
Any previous Return Material Authorization (RMA) numbers www.enterasys.com/support 1-800-872-8440 (toll-free in U.S. and Canada) or 1-978-684-1000 To find the Enterasys Networks Support toll-free number in your country: www.enterasys.com/support support@enterasys.com To expedite your message, type [N-SERIES] in the subject line. Enterasys Matrix DFE-Gold Series Configuration Guide xxxvii...
Page 40 Getting Help xxxviii About This Guide...
Page 41: Chapter 1: Introduction
RMON, multi‐image support and configuration upload/download. Matrix Series CLI Overview Enterasys Networks’ Matrix Series CLI interface allows you to perform a variety of network management tasks, including the following: • Assign IP address and subnet mask. • Select a default gateway. • Assign a login password to the device for additional security. • Download a new firmware image. • Designate which network management workstations receive SNMP traps from the device. • View device, interface, and RMON statistics. • Manage configuration files. • Assign ports to operate in the standard or full duplex mode. • Control the number of received broadcasts that are switched to the other interfaces. • Set flow control on a port‐by‐port basis. • Set port configurations and port‐based VLANs. • Configure ports to prioritize and assign a VLAN or Class of Service to incoming frames based on Layer 2, Layer 3, and Layer 4 information. Introduction Enterasys Matrix DFE-Gold Series Configuration Guide 1-1...
Page 42: Device Management Methods
Device Management Methods • Configure the device to operate as a Generic Attribute Registration Protocol (GARP) device to dynamically create VLANs across a switched network. • Redirect frames according to a port or VLAN and transmit them on a preselected destination port. • Configure Spanning Trees. • Clear NVRAM. • Configure interfaces for IP routing. • Configure RIP, OSPF, DVMRP, IRDP and VRRP routing protocols. • Configure security methods, including 802.1X. RADIUS, TACACS, CEP, SSHv2, MAC locking, and DoS attack prevention. • Configure access lists (ACLs). Device Management Methods The Matrix Series device can be managed using the following methods: • Locally using a VT type terminal connected to the console port. • Remotely using a VT type terminal connected through a modem. • Remotely using an SNMP management station. • In‐band through a Telnet connection. • In‐band using Enterasys Networks’ NetSight • Remotely using WebView™, Enterasys Networks’ embedded web server application. The Enterasys Matrix Series Installation Guide provides setup instructions for connecting a terminal or modem to the Matrix Series device. 1-2 Introduction ®...
Page 43 Reviewing and Configuring Routing Startup and General Configuration Summary At startup, the Matrix Series device is configured with many defaults and standard features. The following sections provide information on how to review and change factory defaults, how to customize basic system settings to adapt to your work environment, and how to prepare to run the device in router mode. Factory Default Settings The following tables list factory default device settings available on the Matrix Series device. Table 2‐1 lists default settings for Matrix Series switch operation. Table router mode operation. Startup and General Configuration Enterasys Matrix DFE-Gold Series Configuration Guide 2-1 Refer to page... 2-15 2-26 2-30 2-58 2-61 2-72 2-76 2-80 2-90...
Page 44: Chapter 2: Startup And General Configuration
Startup and General Configuration Summary Table 2-1 Default Device Settings for Basic Switch Operation Device Feature CDP discovery protocol CDP authentication code CDP hold time CDP interval Cisco Discovery Protocol Community name Convergence End Points phone detection EAPOL EAPOL authentication...
Page 45 Rate limiting Disabled (globally and on all ports). SNMP Enabled. SNTP Disabled. Spanning Tree Globally enabled and enabled on all ports. Spanning Tree edge port Enabled. administrative status Startup and General Configuration Summary Enterasys Matrix DFE-Gold Series Configuration Guide 2-3...
Page 46 Startup and General Configuration Summary Table 2-1 Default Device Settings for Basic Switch Operation (continued) Device Feature Spanning Tree edge port delay Spanning Tree forward delay Spanning Tree hello interval Spanning Tree ID (SID) Spanning Tree legacy path cost Spanning Tree maximum...
Page 47: Default Device Settings For Router Mode Operation
Disabled with no password set. (OSPF) MTU size Set to 1500 bytes on all interfaces. OSPF Disabled. OSPF cost Set to 10 for all interfaces. OSPF network None configured. Startup and General Configuration Summary Enterasys Matrix DFE-Gold Series Configuration Guide 2-5...
Page 48: Cli "Defaults" Descriptions
Startup and General Configuration Summary Table 2-2 Default Device Settings for Router Mode Operation (continued) Device Feature OSPF priority Passive interfaces (RIP) Proxy ARP Receive interfaces (RIP) Retransmit delay (OSPF) Retransmit interval (OSPF) Set to 5 seconds. RIP receive version RIP send version RIP offset SNMP...
Page 49: Using Webview
Administratively Configured Account” on page 2‐8. Logging in with a Default User Account If this is the first time your are logging in to the Matrix Series device, or if the default user accounts have not been administratively changed, proceed as follows: At the login prompt, enter one of the following default user names: – ro for Read‐Only access, – rw for Read‐Write access. – admin for Super User access. Press ENTER. The Password prompt displays. “Setting User Accounts and Passwords” on page 2-15. 2‐1, will display. You can now start the Command Line Enterasys Matrix DFE-Gold Series Configuration Guide 2-7 Startup and General Configuration Summary...
Page 50: Matrix Dfe-Gold Startup Screen
Telnet session. Figure 2-1 Matrix DFE-Gold Startup Screen login: admin Password: M A T R I X DFE GOLD Command Line Interface Enterasys Networks, Inc. 50 Minuteman Rd. Andover, MA 01810-1008 U.S.A. Phone: +1 978 684 1000 E-mail: support@enterasys.com WWW: http://www.enterasys.com 2-8 Startup and General Configuration 2‐1.
Page 51: Performing A Keyword Lookup
SNMP USM user configuration view SNMP VACM view tree configuration Matrix(rw)->show snmp Matrix(rw)->show snmp user ? list List usernames <user> User name Startup and General Configuration Summary Length of the screen (5..512, 0 to disable 'more') Enterasys Matrix DFE-Gold Series Configuration Guide 2-9...
Page 52: Performing A Partial Keyword Lookup
Startup and General Configuration Summary remote volatile nonvolatile read-only <cr> Matrix(rw)->show snmp user Entering a question mark (?) without a space after a partial keyword will display a list of commands that begin with the partial keyword. Figure commands beginning with co: Figure 2-3 Performing a Partial Keyword Lookup Matrix(rw)->co? configure copy Matrix(rw)->co Note: At the end of the lookup display, the system will repeat the command you entered without the Displaying Scrolling Screens If the CLI screen length has been set using the set length command as described in “set length” on ...
Page 53: Configuring The Line Editor
*.161 *.1025 *.123 Emacs Command Move cursor to beginning of line. Move cursor back one character. Abort command. Delete a character. Enterasys Matrix DFE-Gold Series Configuration Guide 2-11 Startup and General Configuration Summary 2‐5 shows how to State ESTABLISHED ESTABLISHED LISTEN LISTEN 2‐45. Figure 2‐6 shows how, when the ...
Page 54 Startup and General Configuration Summary Figure 2-7 Basic Line Editing Emacs & vi Commands (continued) Key Sequence Ctrl+E Ctrl+F Ctrl+H Ctrl+I or TAB Ctrl+K Ctrl+L or Ctrl+R Ctrl+N Ctrl+P Ctr1+Q Ctr1+S Ctrl+T Ctrl+U or Ctrl+X Ctrl+W Ctrl+Y c SPACE d SPACE 2-12 Startup and General Configuration Emacs Command Move cursor to end of line.
Page 55: Commands
Put last deletion after the cursor Put last deletion before the cursor Undo last command Toggle case, lower to upper or vice versa Enterasys Matrix DFE-Gold Series Configuration Guide 2-13 Startup and General Configuration Summary Refer to page... 2-13 2-14...
Page 56: Set Line-Editor
Parameters emacs default delete {backspace | delete} default Defaults If default is not entered after selecting a line editing or Delete mode, the selection will apply only to the current session and will not persist for future sessions. Mode Switch command, Read‐Write. Examples This example sets the current line‐editor to vi mode: Matrix(rw)->set line-editor vi This example sets the default line‐editor to emacs mode and sets the selection to persist for future sessions: Matrix(rw)->set line-editor emacs default 2-14 Startup and General Configuration {emacs | vi | default | delete {backspace | delete}} [default] Selects emacs command line editing mode. See Table commonly used emacs commands.
Page 57: Setting User Accounts And Passwords
Mode Switch command, Super User. Example This example shows how to display login account information. In this case, device defaults are user names admin, ro, and rw and have not been changed. bar and foo are user configured accounts: Matrix(su)->show system login Username Access State Local Only? Enterasys Matrix DFE-Gold Series Configuration Guide 2-15 Setting User Accounts and Passwords Refer to page... 2-15 2-16 2-17 2-18 2-19 2-20 2-22 2-23 2-24 Login Access Allowed...
Page 58: Set System Login
Setting User Accounts and Passwords admin Table 2‐3 provides an explanation of the command output. Table 2-3 show system login Output Details Output... Password history size Password aging Username Access State Local Only? Login Access Allowed set system login Use this command to create a new user login account, or to disable or enable an existing account. The Matrix Series device supports up to 16 user accounts, including the admin account, which cannot be disabled or deleted. Syntax set system login username {super-user | read-write | read-only} {enable | disable} [password password] [allowed-interval HH:MM HH:MM] [allowed-days {[Sun] [Mon] [Tue] [Wed] [Thu] [Fri] [Sat]}] [local-only {yes | no}] Parameters...
Page 59: Clear System Login
NOTE: This option is intended only for use in configurations generated by the show config command. (Optional) Specifies the start and end hour HH and minute MM time period for which access will be allowed for this user based upon 24 hour time. (Optional) Specifies at least 1 and up to 7 days of the week for which access will be allowed for this user. (Optional) Specifies the authentication scope for this user. Valid values: yes, no. yes specifies that authentication is only by way of the local user database even with RADIUS or TACACS+ configured. no specifies that authentication is by way of configured methods. Specifies the login name of the account to be cleared if no optional parameters are specified. If an optional parameter(s) is specified, the account is not cleared and the specified parameter(s) is reset to the default value. Note: The default admin (su) account cannot be deleted. (Optional) When specified, the configured allowed interval setting is reset to the default value. Enterasys Matrix DFE-Gold Series Configuration Guide 2-17 Setting User Accounts and Passwords...
Page 60: Set Password
Setting User Accounts and Passwords allowed‐days local‐only Defaults The account is removed if no optional parameters are entered. Mode Switch command, Super User. Example This example shows how to remove the “netops” user account: Matrix(su)->clear system login netops set password Use this command to change system default passwords or to set a new login password on the CLI. Syntax set password [username] Parameters username Defaults None. Mode Switch command. Read‐Write users can change their own passwords. Super Users (Admin) can change any password on the system. Usage Only users with admin (su) access privileges can change any password on the system. Users with Read‐Write (rw) access privileges can change their own passwords, but cannot enter or modify other system passwords. Passwords must be a minimum of 8 characters and a maximum of 40 characters. If configured, password length must conform to the minimum number of characters set with the set system password length command (“set system password” on page 2‐20). 2-18 Startup and General Configuration (Optional) When specified, the configured allowed days setting is reset ...
Page 61: Show System Password
None. Mode Switch command, Super User. Example This example shows how to display password configuration settings. In this case, the settings displayed are the default settings: Matrix(su)->show system password Password history size Password aging Password minimum length: 8 Password minimum character requirements: Uppercase: 0 Lowercase: 0 : disabled Enterasys Matrix DFE-Gold Series Configuration Guide 2-19 Setting User Accounts and Passwords...
Page 62: Set System Password
Setting User Accounts and Passwords Numeric: 0 Special: 0 Password assignment required at account creation Allow multiple accounts to share same password Length of substrings in previous password(s) not allowed in new password: 0 Allow the same character to appear consecutively in a password Require non-superusers to change password at first login Minimum interval between password changes by non-superusers set system password...
Page 63 • no ‐ Password is not required when creating a user account Specifies whether multiple accounts can share the same password: • yes ‐ Specifies that multiple accounts may share the same password • no ‐ Specifies that multiple accounts may not share the same password Specifies the length of any substring present in a previous password(s) for this account that may not be used in a new password. Valid values: 0 ‐ 40. Specifies whether the same character may appear consecutively in the same password: • yes ‐ specifies that the same character may appear consecutively in a password • no ‐ specifies that the same character may not appear consecutively in a password Specifies whether new users are required to change their password upon first login: • yes ‐ specifies that new users must change the password for this account upon first login • no ‐ specifies that new users are not required to change the password for this account upon first login Specifies a minimum interval in minutes between password changes allowed for non‐superusers. Valid values: 0 ‐ 65535. Enterasys Matrix DFE-Gold Series Configuration Guide 2-21 Setting User Accounts and Passwords...
Page 64: Clear System Password
Setting User Accounts and Passwords If the require‐at‐creation option is enabled, the set system login command will interactively prompt for a cleartext password upon creation of a new user account. It will be as if a set password username command was implicitly executed. The new account will not be successfully created until a valid password has been specified. A cleartext password will not be solicited if an encrypted password is already specified by way of the set system login command’s password option. If the allow‐duplicates option is set to no, a user will not be able to select as a new password one which is already being used by another user. If a substring‐match‐len option is set to zero, no substring matching will be performed when validating new passwords. If the substring‐match‐len option is configured with a nonzero length, any substring of the specified length appearing in the current password for this user may not appear in a new password. If the configured history size is nonzero, then all historical passwords up to that size will also be compared with the input of the new password. Any substring of the configured length appearing in any of the historical passwords may not be used in the new password. This option is not enforced when a password is changed by a superuser. A password change‐frequency interval of zero means there is no restriction on the frequency of password changes. A configured minimum change‐frequency interval applies only to users without super‐user privileges attempting to change their own passwords. Users with super‐user privileges may change their passwords at any time. Example This example shows how to set the age of a system password for 60 days, the minimum lenght of the password to 6 and that the same character can not repeat consecutively in the same password: Matrix(su)->set system password age 60 length 6 allow-repeating-chars no clear system password Use this command to set local login password parameters to default values.
Page 65: Show System Lockout
Duration of lockout (superuser accounts only) Period of inactivity before non-superuser account lockout: 0 days Specifies that the option controlling whether multiple accounts can share the same password be set to the default value. Specifies that the length of any substring present in a previous password(s) for this account that may not be used in a new password be set to the default value. Specifies that the option controlling whether the same character may appear consecutively in the same password be set to the default value. Specifies that the option controlling whether new users are required to change their password upon first login be set to the default value. Specifies that the minimum interval between password changes be set to the default value. Enterasys Matrix DFE-Gold Series Configuration Guide 2-23 Setting User Accounts and Passwords : 15 minutes...
Page 66: Set System Lockout
Parameters attempts attempts time minutes inactive days Defaults attempts: 3 time: 15 minutes inactive: 0 days. Mode Switch command, Super User. Usage An inactivity timer value of zero means that no account will be locked out due to inactivity. Once a user account is locked out, it can only be re‐enabled by a super user with the set system login command (“set system login” on page 2‐16). 2-24 Startup and General Configuration What it displays... Number of failed login attempts allowed before a read-write or read- only user’s account will be disabled.
Page 67 Setting User Accounts and Passwords Example This example shows how to set login attempts to 5 and lockout time to 30 minutes and the inactivity timer to 60 days: Matrix(su)->set system lockout attempts 5 time 30 inactive 60 Enterasys Matrix DFE-Gold Series Configuration Guide 2-25...
Page 68: Managing The Management Authentication Notification Mib
Note: Ensure that SNMP is correctly configured on the DFE in order to send these notifications. Refer to Chapter 5 for SNMP configuration information. show mgmt-auth-notify Use this command to display the current setting for the Management Authentication Notification MIB. Syntax show mgmt-auth-notify Parameters None. Defaults None. Mode Switch command, Read‐Only. Example This example shows how to display the current information for the Management Authentication Notification.: Matrix(su)->show mgmt-auth-notify Management Type --------------- console 2-26 Startup and General Configuration Status -------- enabled show mgmt-auth-notify Refer to page...
Page 69: Set Mgmt-Auth-Notify
This example shows how to set all the authentication types to be disabled on the Management Authentication Notification MIB. That information is then displayed with the show command: Matrix(su)->set mgmt-auth-notify disable Matrix(su)->show mgmt-auth-notify Management Type --------------- console telnet Managing the Management Authentication Notification MIB enabled enabled enabled Enables selected or all notifications. Disables selected or all notifications. (Optional) sets the console authentications (Optional) sets SSH authentications (Optional) sets telnet authentications (Optional) sets web authentications Status -------- disabled disabled disabled disabled Enterasys Matrix DFE-Gold Series Configuration Guide 2-27...
Page 70: Clear Mgmt-Auth-Notify
Matrix(su)->show mgmt-auth-notify Management Type --------------- console telnet clear mgmt-auth-notify Use this command to set the current setting for the Management Authentication Notification access types to the default setting of enabled. Syntax clear mgmt-auth-notify Parameters None. Defaults None. Mode Switch command, Read‐Write. Usage Ensure that SNMP is correctly configured on the DFE in order to send these notifications. Refer to Chapter 5 for SNMP configuration information. Example This example displays the state of Management Authentication Notification access types prior to using the clear command, then displays the same information after using the clear command: Matrix(su)->show mgmt-auth-notify Management Type --------------- console telnet 2-28 Startup and General Configuration Status --------...
Page 71 Matrix(su)->clear mgmt-auth-notify Matrix(su)->show mgmt-auth-notify Management Type --------------- console telnet Managing the Management Authentication Notification MIB Status -------- enabled enabled enabled enabled Enterasys Matrix DFE-Gold Series Configuration Guide 2-29...
Page 72: Setting Basic Device Properties
Setting Basic Device Properties Setting Basic Device Properties Purpose To display and set the system IP address and other basic system (device) properties, including time, contact name and alias, physical asset IDs for modules, terminal output, timeout, and version information. Commands For information about... show ip address set ip address clear ip address show ip gratuitous-arp set ip gratuitous-arp clear ip gratuitous-arp show system show system hardware show system utilization set system utilization threshold clear system utilization show time...
Page 73: Show Ip Address
Use this command to set the system IP address, subnet mask and default gateway. Syntax set ip address ip-address [mask ip-mask] [gateway ip-gateway] Address Mask ---------------- ---------------- 10.42.13.20 255.255.0.0 Enterasys Matrix DFE-Gold Series Configuration Guide 2-31 Setting Basic Device Properties Refer to page... 2-51 2-51 2-52 2-52 2-53 2-53 2-54...
Page 74: Clear Ip Address
Setting Basic Device Properties Parameters ip‐address mask ip‐mask gateway ip‐gateway Defaults If not specified, ip‐mask will be set to the natural mask of the ip‐address and ip‐gateway will be set to the ip‐address. Mode Switch command, Read‐Write. Example This example shows how to set the system IP address to 10.1.10.1 with a mask of 255.255.128.0 and a default gateway of 10.1.0.1: Matrix(rw)->set ip address 10.1.10.1 mask 255.255.128.0 gateway 10.1.10.1 clear ip address Use this command to clear the system IP address. Syntax clear ip address Parameters None. Defaults None. Mode Switch command, Read‐Write. Example This example shows how to clear the system IP address: Matrix(rw)->clear ip address...
Page 75: Set Ip Gratuitous-Arp
[request] [reply] [both]] Parameters request reply both Defaults Disabled by default Mode Switch command, Read‐Write. Example This example sets both gratuitous ARP requests and replies: Matrix(rw)->set ip gratuitous-arp both clear ip gratuitous-arp Use this command to stop all gratuitous ARP processing. Syntax clear ip gratuitous-arp Process only gratuitous ARP requests. Process only gratuitous ARP replies. Process both requests and replies. Enterasys Matrix DFE-Gold Series Configuration Guide 2-33 Setting Basic Device Properties...
Page 76: Show System
Setting Basic Device Properties Parameters None. Defaults None. Mode Switch command, Read‐Write. Example This example shows how to clear the gratuitous‐arp processing: Matrix(rw)->clear ip gratuitous-arp show system Use this command to display system information, including contact information, power and fan tray status and uptime. Syntax show system Parameters None. Defaults None. Mode Switch command, Read‐Only. Example This example shows how to display system information: Matrix(rw)->show system System contact: System location: System name: PS1-Status -------------...
Page 77: Show System Hardware
Default of 15 minutes can be changed with the set logout command (“set Model number of power supply 1 and, if installed, power supply 2. Enterasys Matrix DFE-Gold Series Configuration Guide 2-35 Setting Basic Device Properties (“set system (“set system location”...
Page 78 Firmware Version: BootCode Version: CPU Version: UpLink: SDRAM: NVRAM: Flash System: /flash0 free space: /flash1 free space: Dip Switch Bank Position: OFF OFF OFF OFF OFF OFF OFF OFF HOST CHIP Revision: FABRIC CHIP Revision: SWITCH CHIP Block ID: Revision:...
Page 79: Show System Utilization
8 MB 8 MB 8 MB FastEnet FastEnet BCM5226 (Optional) Displays total CPU, individual process, or storage resource utilization only. (Optional) Displays system resource utilization for a specific module. 5 sec 1 min 5 min 3.6% 3.0% 3.0% Enterasys Matrix DFE-Gold Series Configuration Guide 2-37 Setting Basic Device Properties 8 MB 8 MB 8 MB 8 MB FTM1...
Page 80 Switch Filter Database Switch GVRP Switch Host IP Switch IGMP Switch LACP Switch MAC Authentication Switch MAC Locking Switch MTU Discovery Switch Node & Alias Switch Packet Processing Switch POE Switch Port Management Switch PWA Switch Radius Switch Radius Accounting Switch RMON...
Page 81: Set System Utilization Threshold
0.0% 0.0% 0.0% 0.0% 0.0% 0.0% 0.0% 0.0% 96.4% Size (Kb) 131072 16384 16384 Specifies a threshold value (in 1/10 of a percent).Valid range is 1 ‐ 1000. A value of 0 will disable utilization notification messages. Enterasys Matrix DFE-Gold Series Configuration Guide 2-39 Setting Basic Device Properties 0.0% 0.0% 0.0% 0.0% 0.0% 0.0% 0.0% 0.0% 0.0% 0.0% 0.0% 0.0% 0.0% 0.0%...
Page 82: Clear System Utilization
Setting Basic Device Properties clear system utilization Use this command to clear the threshold for sending CPU utilization notification messages. Syntax clear system utilization Parameters None. Defaults None. Mode Switch command, Read‐Write. Example This example shows how to clear the system utilization threshold: Matrix(rw)->clear system utilization 1000 show time Use this command to display the current time of day in the system clock. Syntax show time Parameters None. Defaults None. Mode Switch command, Read‐Only. Example This example shows how to display the current time. The output shows the day of the week, month, day, and the time of day in hours, minutes, and seconds and the year: Matrix(rw)->show time...
Page 83: Set Time
None. Defaults None. Mode Switch command, Read‐Only. Example This example shows how to display daylight savings time settings: Matrix(rw)->show summertime Summertime is disabled and set to '' Start : SUN MAR 11 02:00:00 2007 Sets the time in: • month, day, year and/or • 24‐hour format At least one set of time parameters must be entered. Enterasys Matrix DFE-Gold Series Configuration Guide 2-41 Setting Basic Device Properties...
Page 84: Set Summertime
Use this command to enable or disable the daylight savings time function. Syntax set summertime {enable | disable} [zone] Parameters enable | disable zone Defaults If a zone name is not specified, none will be applied. Mode Switch command, Read‐Write. Example This example shows how to enable daylight savings time function: Matrix(rw)->set summertime enable set summertime date Use this command to configure specific dates to start and stop daylight savings time. Syntax set summertime date start_month start_date start_year start_hr_min end_month end_date end_year end_hr_min [offset_minutes] Parameters...
Page 85: Set Summertime Recurring
[offset_minutes] Parameters start_week start_day start_hr_min end_week end_day end_hr_min offset_minutes Defaults If an offset is not specified, none will be applied. Specifies the time of day to end daylight savings time. Format is hh:mm. (Optional) Specifies the amount of time in minutes to offset daylight savings time from the non‐daylight savings time system setting. Valid values are 1 ‐ 1440. Specifies the week of the month to restart daylight savings time. Valid values are: first, second, third, fourth, and last. Specifies the day of the week to restart daylight savings time. Specifies the time of day to restart daylight savings time. Format is hh:mm. Specifies the week of the month to end daylight savings time. Specifies the day of the week to end daylight savings time. Specifies the time of day to end daylight savings time. Format is hh:mm. (Optional) Specifies the amount of time in minutes to offset daylight savings time from the non‐daylight savings time system setting. Valid values are 1 ‐ 1440. Enterasys Matrix DFE-Gold Series Configuration Guide 2-43 Setting Basic Device Properties...
Page 86: Clear Summertime
Setting Basic Device Properties Mode Switch command, Read‐Write. Usage These settings will start and stop daylight savings time at the specified day of the month and hour each year and will not have to be reset annually. Example This example shows how set daylight savings time to recur start date of April 4, 2004 at 2 a.m. and an ending date of October 31, 2004 at 2 a.m. with an offset time of one hour: Matrix(rw)->set summertime recurring first Sunday April 02:00 last Sunday October 02:00 60 clear summertime Use this command to clear the daylight savings time configuration. Syntax clear summertime Parameters None. Defaults None. Mode Switch command, Read‐Write. Example This example shows how to clear the daylight savings time configuration: Matrix(rw)->clear summertime set prompt Use this command to modify the command prompt.
Page 87: Set Cli Completion
{enable | disable} [default] Parameters enable | disable default Defaults If not specified, the status setting will not be maintained as the default. Mode Switch command, Read‐Write. Example This example shows how to enable the CLI command completion function and maintain it as the default setting: Matrix(rw)->set cli completion enable default loop Use this command to execute a command loop. Syntax loop count [delay] [-r] Enables or disables the CLI command completion function. (Optional) Maintains the status for all future sessions. Enterasys Matrix DFE-Gold Series Configuration Guide 2-45 Setting Basic Device Properties...
Page 88: Show Banner
Setting Basic Device Properties Parameters count delay ‐r Defaults • If a delay is not specified, none will be set. • If not specified, the cursor will not refresh. Mode Switch command, Read‐Write. Example This example shows how to execute a command loop 10 times with a 30 second delay: Matrix(rw)->loop 10 30 show banner Use this command to show the banner message that will display at pre and post session login. Syntax show banner {login | motd} Parameters None. Defaults None. Mode Switch command, Read‐Only. Example This example shows how to display the banner message of the day: Matrix(rw)->show banner motd Not one hundred percent efficient, of course ...
Page 89: Set Banner
Matrix(rw)->set banner motd Change is the price of survival. \n\t--Winston Churchill This example shows how to set the pre session message to read “There is nothing more important than our customers.” : Matrix(rw)->set banner login There is nothing more important than our customers Specifies a message displayed pre session login. This is a text string that can be formatted with tabs (\t) and new line escape (\n) characters. The \t tabs will be converted into 8 spaces in the banner output. Specifies a message of the day displayed post session login. This is a text string that can be formatted with tabs (\t) and new line escape (\n) characters. The \t tabs will be converted into 8 spaces in the banner output. Enterasys Matrix DFE-Gold Series Configuration Guide 2-47 Setting Basic Device Properties...
Page 90: Clear Banner
Firmware Image” on page 2‐72 for instructions on how to download a firmware image. Syntax show version Parameters None. Defaults None. Mode Switch command, Read‐Only. Example This example shows how to display version information: Matrix(rw)->show version Copyright (c) 2004 by Enterasys Networks, Inc. Slot Model ------ ---------------- 7G4270-12 2-48 Startup and General Configuration Serial # Versions -------------------- ------------- CH-2R72 Hw: 2...
Page 91: Show Version Output Details
Device’s model number. Device’s serial number of the device. • Hw: Hardware version number. • Bp: BootPROM version • Fw: Current firmware version number. Enterasys Matrix DFE-Gold Series Configuration Guide 2-49 Setting Basic Device Properties 4G4202-60 2G4072-52 CLI” on page 4-2.
Page 92: Set System Name
Setting Basic Device Properties set system name Use this command to configure a name for the system. Syntax set system name [string] Parameters string Defaults If string is not specified, the system name will be cleared. Mode Switch command, Read‐Write. Example This example shows how to set the system name to Information Systems: Matrix(rw)->set system name “Information Systems” set system location Use this command to identify the location of the system. Syntax set system location [string] Parameters string Defaults If string is not specified, the location name will be cleared. Mode Switch command, Read‐Write.
Page 93: Set System Contact
Example This example shows how to set the terminal columns to 50: Matrix(rw)->set width 50 (Optional) Specifies a text string that contains the name of the person to contact for system administration. Note: A contact string containing a space in the text must be enclosed in quotes as shown in the example below. Sets the number of terminal columns. Valid values are 50 to 150. Enterasys Matrix DFE-Gold Series Configuration Guide 2-51 Setting Basic Device Properties...
Page 94: Set Length
Setting Basic Device Properties set length Use this command to set the number of lines the CLI will display. Syntax set length screenlength Parameters screenlength Defaults None. Mode Switch command, Read‐Write. Example This example shows how to set the terminal length to 50: Matrix(rw)->set length 50 show logout Use this command to display the time (in seconds) an idle console or Telnet CLI session will remain connected before timing out. Syntax show logout Parameters None. Defaults None. Mode Switch command, Read‐Only. Example This example shows how to display the CLI logout setting: Matrix(rw)->show logout Logout currently set to: 10 minutes.
Page 95: Set Logout
| [powersupply powersupply] | [powersupply-slot powersupply-slot] | [fan] | [fan-slot] | [port-string port-string] Parameters chassis slot slot backplane backplane module module powersupply powersupply powersupply‐slot powersupply‐slot Sets the number of minutes the system will remain idle before timing out. (Optional) Displays the alias set for the chassis. (Optional) Displays the alias set for a specified slot in the chassis. (Optional) Displays the alias set for the backplane. Valid values are 1 for FTM 1 and 2 for FTM 2. (Optional) Displays the alias set for a specified module. A maximum of one module alias per slot is allowed. (Optional) Displays the alias set for a specified power supply. Valid values are 1 or 2. (Optional) Displays an alias set for a specific power supply slot. (Optional) Displays the alias set for the fan tray. Enterasys Matrix DFE-Gold Series Configuration Guide 2-53 Setting Basic Device Properties...
Page 96: Set Physical Alias
Setting Basic Device Properties fan‐slot port‐string port‐string Defaults If no parameters are specified, all physical alias information will be displayed. Mode Switch command, Read‐Only. Example This example shows how to display physical alias information for the chassis. In this case, the chassis entity is 1 and there is no alias currently set for the chassis: Matrix(rw)->show physical alias chassis chassis-1 set physical alias Use this command to set the alias, a text name, for a physical object. Syntax set physical alias {[chassis] [slot slot] [backplane backplane] [module module] [powersupply powersupply] [powersupply-slot powersupply-slot] [fan] [fan-slot] [port-string port-string]} [string]...
Page 97: Clear Physical Alias
Clears an alias for a specific port. Defaults None. Mode Switch command, Read‐Write. Example This example shows how to set clear the alias set for the chassis: Matrix(rw)->clear physical alias chassis show physical assetid Use this command to display the asset ID for a module. Syntax show physical assetid module module Clears the chassis alias. Clears and alias for a specific slot. Clears and alias for a specific backplane. Valid values are 1 for FTM 1 and 2 for FTM 2. Clears an alias for a specific module. Clears an alias for a specific power supply. Valid values are 1 or 2. Clears the fan tray alias Enterasys Matrix DFE-Gold Series Configuration Guide 2-55 Setting Basic Device Properties...
Page 98: Set Physical Assetid
Setting Basic Device Properties Parameters module module Defaults None. Mode Switch command, Read‐Only. Example This example shows how to display asset ID information for module 1. In this case, none has been configured: Matrix(rw)->show physical assetid module 1 module-1 set physical assetid Use this command to set the asset ID for a module. Syntax set physical assetid module module string Parameters module module string Defaults None. Mode Switch command, Read‐Write. Example This example shows how to set the asset ID information for module 1 to “dfe1”: Matrix(rw)->set physical assetid module 1 dfe1 clear physical assetid Use this command to reset the asset ID for a module to a zero‐length string.
Page 99 Parameters module module Defaults None. Mode Switch command, Read‐Write. Example This example shows how to clear the asset ID for module 1: Matrix(rw)->clear physical assetid module 1 Specifies the module for which to clear the asset ID. Enterasys Matrix DFE-Gold Series Configuration Guide 2-57 Setting Basic Device Properties...
Page 100: Activating Licensed Features
Note: Interoperability of Matrix DFE-Gold Series modules is dependent upon module placement rules during installation in the chassis. For details on these rules and their effects on system management, refer to the Matrix DFE-Gold Series Installation Guide. The DFE‐Gold System Management Module (SMM) coordinates and controls the configuration of the entire chassis. By default, this is the module installed in slot 1. Access to the SMM is available through any console (COM) port on any module in the chassis. Only one CLI session can be active at any one time, and active status is granted to the first connection to any of the console ports. In order to enable switch and routing redundancy on a Matrix DFE‐Gold Series device, you must purchase and activate a license key. If you have purchased a redundancy license, you can proceed to activate it as described in this section. If you wish to purchase a redundancy license, contact Enterasys Networks Sales. When a redundancy license key is purchased and activated as described in this section, redundancy can be configured on the module in slot 2 of the chassis. Then, in the event module 1 fails, module 2 will assume chassis management.
Page 101: Show License
Note: When available, the licensing key will display at the top of the show running-config command output.To see an example of this output, refer to “show running-config” on page 16-8. (Optional) Specifies a module to which the license will be bound. Enterasys Matrix DFE-Gold Series Configuration Guide 2-59 Activating Licensed Features...
Page 102: Clear License
Activating Licensed Features clear license Use this command to clear license key settings. Syntax clear license {advanced | redundancy} [slot slot] Parameters advanced redundancy slot slot Defaults If not specified, the license settings will be cleared from all modules. Mode Switch command, Read‐Write. Example This example shows how to clear advanced license key settings: Matrix(rw)‐>clear license advanced 2-60 Startup and General Configuration Clears the advanced routing license setting. Clears the management module redundancy license setting. (Optional) Specifies a module from which the license setting will be cleared. clear license...
Page 103: Configuring Power Over Ethernet (Poe)
Use this command to display device PoE properties. Syntax show inlinepower Configuring Power over Ethernet (PoE) Important Notice Enterasys Matrix DFE-Gold Series Configuration Guide 2-61 Refer to page... 2-61 2-62 2-63 2-63 2-64 2-65 2-65 2-66...
Page 104: Set Inlinepower Mode
Configuring Power over Ethernet (PoE) Parameters None. Defaults None. Mode Switch command, Read‐Only. Example This example shows how to display device PoE properties. In this case, only the modules in slots 2 and 3 are PoE modules, so their power configurations display: Matrix(rw)->show inlinepower Total Power Detected Total Power Available Total Power Assigned Power Allocation Mode Power Trap Status Power Redundancy Status : not redundant Power Supply 1 Status...
Page 105: Clear Inlinepower Mode
Parameters None. Defaults None. Mode Switch command, Read‐Write. Example This example shows how to reset the chassis power allocation mode to auto: Matrix(rw)->clear inlinepower mode set inlinepower available Use this command to set the percentage of total power available that a chassis can withdraw from the total power detected. Syntax set inlinepower available max-percentage Assigns automatic mode to chassis power allocation. Assigns manual mode to chassis power allocation. This setting allows the values configured with the set inlinepower assigned command (“set inlinepower assigned” on page 2‐66) to be applied to PoE modules. Enterasys Matrix DFE-Gold Series Configuration Guide 2-63 Configuring Power over Ethernet (PoE)
Page 106: Clear Inlinepower Available
Configuring Power over Ethernet (PoE) Parameters max- percentage Defaults None. Mode Switch command, Read‐Write. Usage If the total power wattage value set with the set inlinepower assigned command (“set inlinepower assigned” on page 2‐66) is greater that the maximum power percentage specified with this command, a warning will display. If the user opts to execute these parameters, a ratio of assigned power will be applied to each module. Refer to the show inlinepower output (“show inlinepower” on page 2‐61) for a sample warning message. Example This example shows how to set the maximum inline power available to the chassis to 70 percent: Matrix(rw)->set inlinepower available 70 clear inlinepower available Use this command to reset the percentage of the total power available to a chassis to the default value of 100. Syntax clear inlinepower available Parameters None. Defaults None. Mode Switch command, Read‐Write.
Page 107: Set Inlinepower Powertrap
Mode Switch command, Read‐Write. Example This example shows how to enable a chassis power supplies trap: Matrix(rw)->set inlinepower powertrap enable clear inlinepower powertrap Use this command to reset chassis power trap messaging back to the default state of disabled. Syntax clear inlinepower powertrap Parameters None. Defaults None. Mode Switch command, Read‐Write. Example This example shows how to reset chassis power trap messaging to disabled: Matrix(rw)->clear inlinepower powertrap Disables or enables a chassis power supplies trap messaging. Enterasys Matrix DFE-Gold Series Configuration Guide 2-65 Configuring Power over Ethernet (PoE)
Page 108: Set Inlinepower Assigned
Configuring Power over Ethernet (PoE) set inlinepower assigned Use this command to manually assign Power Sourcing Equipment (PSE) power to a module in the chassis. Syntax set inlinepower assigned power-value slot-number Parameters power‐value slot‐number Defaults None. Mode Switch command, Read‐Write. Usage If the total power wattage value set with this command is greater that the maximum power percentage specified with the set inlinepower available command (“set inlinepower available” on page 2‐63), a warning will display. If the user opts to execute these parameters, a ratio of assigned power will be applied to each module. Refer to the show inlinepower output (“show inlinepower” on page 2‐61) for a sample warning message. Example This example shows how to assign 200 watts of power to the module in slot 1: Matrix(rw)->set inlinepower assigned 200 1 clear inlinepower assigned Use this command to clear the power value manually assigned to one or more modules.
Page 109: Set Inlinepower Threshold
Switch command, Read‐Write. Example This example shows how to set the PoE threshold to 50 on module 1: Matrix(rw)->set inlinepower threshold 50 1 clear inlinepower threshold Use this command to reset the PoE usage threshold on a specified module to the default value of 75 percent. Syntax clear inlinepower threshold module-number Parameters module‐number Defaults None. Mode Switch command, Read‐Write. Specifies a PoE threshold as a percentage of total system power usage. Valid values are 1 ‐ 99. Specifies the module on which to set the PoE threshold. Specifies the module on which to reset the PoE threshold. Enterasys Matrix DFE-Gold Series Configuration Guide 2-67 Configuring Power over Ethernet (PoE)
Page 110: Set Inlinepower Management
Use this command to set the PoE management mode on a specified module. Syntax set inlinepower management {realtime | class} module-number Parameters realtime class module‐number Defaults None. Mode Switch command, Read‐Write. Example This example shows how to set the PoE management mode to “class” on module 1: Matrix(rw)->set inlinepower management class 1 clear inlinepower management Use this command to reset the PoE management mode on a specified module back to the default setting of “realtime”. Syntax clear inlinepower management module-number Parameters module‐number Defaults None.
Page 111: Set Inlinepower Psetrap
Switch command, Read‐Write. Usage The module’s PoE usage threshold must be set using the set inlinepower threshold command as described in “set inlinepower threshold” on page 2‐67. Example This example shows how to enable PoE trap messaging on module 1: Matrix(rw)->set inlinepower psetrap enable 1 clear inlinepower psetrap Use this command to reset PoE trap messaging for a module back to default state of disabled. Syntax clear inlinepower psetrap module-number Parameters module‐number Defaults None. Disables or enables PoE trap messaging. Specifies the module on which to disable or enable trap messaging. Specifies the module on which to clear PoE trap messaging. Enterasys Matrix DFE-Gold Series Configuration Guide 2-69 Configuring Power over Ethernet (PoE)
Page 112: Show Port Inlinepower
Configuring Power over Ethernet (PoE) Mode Switch command, Read‐Write. Example This example shows how to reset PoE trap messaging for module 1 to disabled: Matrix(rw)->clear inlinepower psetrap 1 show port inlinepower Use this command to display all ports supporting PoE. Syntax show port inlinepower [port-string] Parameters port‐string Defaults If not specified, information for all PoE ports will be displayed. Mode Switch command, Read‐Only. Example This example shows how to display PoE information for Fast Ethernet ports 11, 12 and 13 in module 1: Matrix(rw)->show port inlinepower fe.1.1-2 Port Type (truncated) ------- ------------- ---------------- ------ -------- ----- ----- ----- ------ fe.1.11 Wireless 1...
Page 113: Clear Port Inlinepower
Defaults None. Mode Switch command, Read‐Write. Example This example shows how to rest the PoE priority on port fe.3.1 to low: Matrix(rw)->clear port inlinepower fe.3.1 priority Specifies the port(s) on which to configure PoE. Sets the PoE administrative state to off (disabled) or auto (on). Sets the port(s) priority for the PoE allocation algorithm to critical (highest), high or low. Specifies a string describing the type of device connected to a port. Sets the maximum power allowed on this port in megawatts. Valid values are 0 ‐ 15400. Specifies the port(s) on which to reset PoE. Resets the PoE administrative state to auto (on). Resets the port(s) priority for the PoE allocation algorithm to low. Resets the port type to an empty string. Resets the maximum power to 15400 megawatts. Enterasys Matrix DFE-Gold Series Configuration Guide 2-71 Configuring Power over Ethernet (PoE)
Page 114: Reviewing And Selecting A Boot Firmware Image
You can now set the device to load the new image file at startup using the set boot system command as described in “set boot system” on page 2‐75. Downloading via the Serial Port To download device firmware via the serial (console) port, proceed as follows: With the console port connected, power up the device. The following message displays: Boot ROM Initialization, Version 01.00.01 Copyright (c) 2004 Enterasys Networks, Inc. SDRAM size: 128 MB 2-72 Startup and General Configuration Important Notice (“Downloading via the Serial (“set boot system” on page 2-75).
Page 115 Setting baud rate to 115200, you must change your terminal baud rate. Set the terminal baud rate to 115200 and press ENTER. Type download to start the ZMODEM receive process. Send the image file using the ZMODEM protocol from your terminal application. (This procedure will vary depending on your application.) When the ZMODEM download is finished, the following message displays: [System Image Loader]: download Preparing to receive file... Writing file... Download successful. [System Image Loader]: Set the device baud rate back to 9600. Reviewing and Selecting a Boot Firmware Image PASSED. DONE. DONE. Enterasys Matrix DFE-Gold Series Configuration Guide 2-73...
Page 116: Purpose
Use this command to display the firmware image the system will load at the next system reset. Syntax show boot system Parameters None. Defaults None. Mode Switch command, Read‐Only. 2-74 Startup and General Configuration DONE. (“set boot system” on page 2-75). If the device cannot find the image, or it is not show boot system Refer to page... 2-74 2-75...
Page 117: Set Boot System
Matrix(rw)->set boot system newimage This command can optionally reset the system to boot the new image. Do you want to reset now (y/n) [n]?y Resetting system ... Specifies the name of the firmware image file. Enterasys Matrix DFE-Gold Series Configuration Guide 2-75 Reviewing and Selecting a Boot Firmware Image...
Page 118: Starting And Configuring Telnet
Use this command to display the status of Telnet on the device. Syntax show telnet Parameters None. Defaults None. Mode Switch command, Read‐Only. Example This example shows how to display Telnet: Matrix(rw)->show telnet Telnet inbound is currently: ENABLED Telnet outbound is currently: ENABLED 2-76 Startup and General Configuration status show telnet Refer to page...
Page 119: Telnet
All telnet sessions have been terminated, telnet is now disabled. telnet Use this command to start a Telnet connection to a remote host. The Matrix Series device allows a total of four inbound and / or outbound Telnet session to run simultaneously. Syntax telnet host [port] Parameters host port Defaults If not specified, the default port number 23 will be used. Mode Switch command, Read‐Write. Enables or disables Telnet services. Specifies inbound service (the ability to Telnet to this device), outbound service (the ability to Telnet to other devices), or all (both inbound and outbound). Specifies the name or IP address of the remote host. (Optional) Specifies the server port number. Enterasys Matrix DFE-Gold Series Configuration Guide 2-77 Starting and Configuring Telnet...
Page 120: Show Router Telnet
Matrix(rw)->telnet 10.21.42.13 show router telnet Use this command to display the state of Telnet service to the router. Syntax show router telnet Parameters None. Defaults None. Mode Switch command, Read‐Only. Example This example shows how to display the state of Telnet service to the router: Matrix(rw)->show router telnet Telnet to Router IP is enabled set router telnet Use this command to enable or disable Telnet service to the router interface IP address. Syntax set router telnet {enable | disable} Parameters None.
Page 121: Clear Router Telnet
Use this command to reset Telnet service to the router to the default state of disabled. Syntax clear router telnet Parameters None. Defaults None. Mode Switch command, Read‐Write. Example This example shows how to reset Telnet service to the router: Matrix(rw)->clear router telnet to disabled Starting and Configuring Telnet Enterasys Matrix DFE-Gold Series Configuration Guide 2-79...
Page 122: Managing Configuration And Image Files
For details on performing a basic routing configuration (while operating in router mode), refer to “Performing a Basic Router Configuration” on page 16‐11. For details on downloading a new firmware image, refer to “Downloading a New Firmware Image” on page 2‐72. For details on reviewing and selecting the boot firmware image, refer to “Reviewing and Selecting a Boot Firmware Image” on page 2‐72. Note: The commands described in this section manage both switch and router configuration parameters, but must be executed from the switch CLI. Purpose To view, manage, and execute configuration and image files. Commands For information about... show file...
Page 123 MON FEB 24 14:07:08 2003 6a2398391ba885531f96f19e161b096b slot3, slot4, slot5, slot6 01_02_00 (Active) (Boot) 01.03.00 3293059 (bytes) TUE MAR 04 06:18:22 2003 77481f78b8963675e1ed48e5a0085513 slot3, slot4, slot5, slot6 7060 sample.cfg Enterasys Matrix DFE-Gold Series Configuration Guide 2-81 Managing Configuration and Image Files...
Page 124: Dir Output Details
Managing Configuration and Image Files slot6: Filename: Version: Size: Date: CheckSum: Location: Compatibility: 7G4202-30, 7G4202-60, 7G4270-09, 7G4270-10, 12, 7G4282-41, 7H4202-72, 7H4203-72, 49, 7H4383-49, Files: ===================================================== slot1: FEB 24 2004 15:25:24 Table 2‐7 provides an explanation of the command output. Table 2-7 dir Output Details Output... Images Filename Version Size Date...
Page 125: Show File
Switch, Read‐Only. Example This example (an excerpt of the complete output) shows how to display the contents of the sample.cfg configuration file: Matrix(rw)->show file slot4/sample.cfg begin # ***** NON-DEFAULT CONFIGURATION ***** SLOT TYPE ________________ 4H4282-49 4H4282-49 4H4282-49 # Router instance Configuration begin router router enable Specifies the filename to display. Enterasys Matrix DFE-Gold Series Configuration Guide 2-83 Managing Configuration and Image Files...
Page 126 Managing Configuration and Image Files config t write file exit disable exit end router # arp # cdp # console begin # ***** NON-DEFAULT CONFIGURATION ***** SLOT TYPE ________________ 7G4270-12 7H4382-49 7H4382-49 7H4382-49 7H4382-49 7H4382-49 # Router instance 3 Configuration begin router router enable...
Page 127: Show Config
Use 'show config all' to show both default and non-default configurations. begin # ***** NON-DEFAULT CONFIGURATION ***** # Router Configuration begin router router enable config t router id 2.2.2.2 (Optional) Displays default and non‐default configuration settings. (Optional) Displays the configuration for a specific facility. (Optional) Specifies a file in which to store the configuration. Enterasys Matrix DFE-Gold Series Configuration Guide 2-85 Managing Configuration and Image Files...
Page 128: Configure
2.2.2.2 255.255.255.255 no shutdown configure Use this command to execute a previously downloaded configuration file stored on the device. Syntax configure filename [append] Parameters filename append Defaults If append is not specified, the current running configuration will be replaced with the contents of the configuration file, which will require an automated reset of the chassis. Mode Switch, Read‐Write. Example This example shows how to execute the “myconfig” file in the module in slot 1: Matrix(rw)->configure slot1/myconfig copy Use this command to upload or download an image or a CLI configuration file. Syntax copy source destination 2-86 Startup and General Configuration Specifies the path and file name of the configuration file to execute. (Optional) Executes the configuration as an appendage to the current configuration. This is equivalent to typing the contents of the config file directly into the CLI and can be used, for example, to make incremental adjustments to the current configuration.
Page 129: Delete
Matrix(rw)->copy tftp://134.141.89.34/myconfig slot3/myconfig This example shows how to upload a configuration file via Anonymous FTP from the module in slot 3: Matrix(rw)->copy slot3/myconfig ftp://134.141.89.34/myconfig This example shows how to copy a configuration file from the slot 3 directory to the slot 5 directory: Matrix(rw)->copy slot3/myconfig slot5/myconfig delete Use this command to remove an image or a CLI configuration file from the Matrix system. Syntax delete filename Parameters filename Specifies location and name of the source file to copy. Options are a local file path (valid directories are /images and /slotN), or the URL of an FTP or TFTP server. Specifies location and name of the destination where the file will be copied. Options are a slot location and file name, or the URL of an FTP or TFTP server. Specifies the local path name to the file. Valid directories are /images and /slotN. Enterasys Matrix DFE-Gold Series Configuration Guide 2-87 Managing Configuration and Image Files...
Page 130: Script
Managing Configuration and Image Files Defaults None. Mode Switch, Read‐Write. Usage Use the show config command as described in “show config” (page 2‐85)to display current image and configuration file names. Examples This example shows how to delete the “myconfig” configuration file from slot 3: Matrix(rw)->delete slot3/myconfig This example shows how to delete the “010300” image file: Matrix(rw)->delete images/010300 script Use this command to execute a script file. Syntax script filename [arg1] [arg2] [arg3] [arg4] [arg5] [arg6] [arg7] Parameters filename arg1 through arg7 Defaults None. Mode Switch, Read‐Write. Usage The script file must first be created on a PC and copied to the Matrix device using the copy command (“copy” on page 2‐86) before the script can be executed. The file can contain any number of switch commands, up to a maximum file size of 128 kilobytes. Router commands cannot be included in the file. Scripts cannot be nested within the file. Note that the history command will not reflect the execution of commands within a script file. Example This example uses the copy command to copy the script file named “setport.scr” from IP address ...
Page 131 Matrix(rw)->script slot4/setport.scr fe.1.1 100 When the script command parses the file and performs the command line argument substitution, the commands are converted to the following: set port alias fe.1.1 script_set_port set port vlan fe.1.1 100 modify-egress set port jumbo enable fe.1.1 set port disable fe.1.1 set port lacp port fe.1.1 disabled The converted strings are then executed by the CLI engine and the script command returns. Enterasys Matrix DFE-Gold Series Configuration Guide 2-89...
Page 132: Enabling Or Disabling The Path Mtu Discovery Protocol
Use this command to display the status of the path MTU discovery protocol on the device. Syntax show mtu Parameters None. Defaults None. Mode Switch command, Read‐Only. Example This example shows how to display path MTU discovery status: Matrix(rw)->show mtu MTU discovery status: Enabled 2-90 Startup and General Configuration jumbo” on page 4-28, path MTU discovery should not be disabled. show mtu Refer to page...
Page 133: Clear Mtu
None. Mode Switch command, Read‐Write. Example This example shows how to disable path MTU discovery: Matrix(rw)->set mtu disable clear mtu Use this command to reset the state of the path MTU discovery protocol back to enabled. Syntax clear mtu Parameters None. Defaults None. Mode Switch command, Read‐Write. Example This example shows how to reset the state of MTU discovery: Matrix(rw)->clear mtu Enabling or Disabling the Path MTU Discovery Protocol Enables or disables path MTU discovery protocol. Enterasys Matrix DFE-Gold Series Configuration Guide 2-91...
Page 134: Pausing, Clearing And Closing The Cli
For information about... cls (clear screen) exit | quit cls (clear screen) Use this command to clear the screen for the current CLI session. Syntax Parameters None. Defaults None. Mode Switch command, Read‐Only. Example This example shows how to clear the CLI screen: Matrix(rw)->cls exit | quit Use either of these commands to leave a CLI session. Syntax exit quit Parameters None. 2-92 Startup and General Configuration cls (clear screen) Refer to page...
Page 135 | quit Defaults None. Mode Switch command, Read‐Only. Usage By default, device timeout occurs after 15 minutes of user inactivity, automatically closing your CLI session. Use the set logout command as described in “set logout” on page 2‐53 to change this default. When operating in router mode, the exit command jumps to a lower configuration level. For details on enabling router configuration modes, refer to “Enabling Router Configuration Modes” on page 2‐103. Example This example shows how to exit a CLI session: Matrix(rw)->exit Pausing, Clearing and Closing the CLI Enterasys Matrix DFE-Gold Series Configuration Guide 2-93...
Page 136: Resetting The Device
Resetting the Device Resetting the Device Purpose To reset one or more device modules, to clear the user‐defined switch and router configuration parameters, or to schedule a system reset in order to load a new boot image. Commands The commands used to reset the device and clear the configuration are listed below and described in the associated sections as shown. For information about... show reset reset reset at reset in clear config show reset Use this command to display information about scheduled device resets. Syntax show reset Parameters None. Defaults None. Mode Switch command, Read‐Only. Example This command shows how to display reset information Matrix(rw)->show reset Reset scheduled for Fri Jan 21 2000, 23:00:00 (in 3 days 12 hours 56 minutes 57 seconds).
Page 137: Reset
This command will reset NEM CPU 4.1. Do you want to continue (y/n) [n]? y Resetting NEM CPU 4.1 ... Specifies a module to be reset. Resets the system. Resets the CPU on a Matrix Security Module or other processing NEM, where specifies the DFE module in which the Matrix Security Module or processing NEM is installed and location of the NEM. Currently, this value can only be 1. Cancels a reset scheduled using the reset at command as described in “reset at” on page 2‐96, or the reset in command as described in “reset in” on page 2‐96. Enterasys Matrix DFE-Gold Series Configuration Guide 2-95 Resetting the Device nemcpu specifies the ...
Page 138: Reset At
• If month and day are not specified, the reset will be scheduled for the first occurrence of the specified time. • If a reason is not specified, none will be applied. Mode Switch command, Read‐Write. Examples Matrix(rw)‐>reset at 20:00 10/12This example shows how to schedule a reset at 8 p.m. on October Reset scheduled at 20:00:00, Sat Oct 12 2002 Proceed with scheduled reset? (y/n) [n]? y Reset scheduled for 20:00:00, Sat Oct 12 2002 (in 1 day 5 hours 40 minutes This example shows how to schedule a reset at a specific future time and include a reason for the ...
Page 139: Clear Config
Use this command to clear the user‐defined switch and router configuration parameters for one or more modules. Syntax clear config mod-num | all Parameters mod‐num | all Defaults None. Mode Read‐Write. Usage Executing clear config on one Matrix module resets that module back to its factory defaults. If that module is in a chassis with other active modules, it will inherit system settings from the system. For a list of factory device default settings, refer to “Factory Default Settings” on page 2‐1. This command will not affect the IP address. Example This example shows how to clear configuration parameters in all modules: Matrix(rw)->clear config all Specifies the number of hours and minutes into the future to perform a reset. (Optional) Specifies a reason for the reset Clears configuration parameters in a specific module or in all modules. Enterasys Matrix DFE-Gold Series Configuration Guide 2-97 Resetting the Device...
Page 140: Gathering Technical Support Information
4‐14) • show spantree status (“show spantree stats” on page 6‐6) • show spantree blockedports (“show spantree blockedports” on page 6‐54) • show ip address (“show ip address” on page 2‐31) • show ip route (“show ip route” on page 10‐60) • show netstat (“show netstat” on page 10‐17) • show arp (“show arp” on page 10‐57) • show system utilization (“show system utilization” on page 2‐37) • show config (“show config” on page 2‐85) Mode Switch command, Read‐Only. 2-98 Startup and General Configuration (Optional) Filename (slotN/name) to save output. show support Refer to page... 2-98...
Page 141 Gathering Technical Support Information Example This example shows how to execute the show support command and save the results to slot 1 as a support3.txt file: Matrix(su)->show support slot1/support3.txt Writing output to file... Writing 'show config' output... Writing Message Log output... Matrix(su)-> There is no display example as the list of commands is quite lengthy. Click on the hyper‐links in the “Command Defaults” section above, which contains a list of the individual commands executed, for more information and example outputs for the individual commands. Enterasys Matrix DFE-Gold Series Configuration Guide 2-99...
Page 142: Preparing The Device For Router Mode
Preparing the Device for Router Mode Preparing the Device for Router Mode Startup and general configuration of the Matrix Series device must occur from the switch CLI. For details on how to start the device and configure general platform settings, refer to...
Page 143: Commands
{vlan vlan- id | loopback loopback-id ip address { address ip-mask} no shutdown 2‐8 shows how to: Enterasys Matrix DFE-Gold Series Configuration Guide 2-101 Reviewing and Configuring Routing At this prompt... For details see... Router: “Enabling Router Matrix>Router# Configuration Modes” on...
Page 144: Show Router
Reviewing and Configuring Routing show router Use this command to display which module that is currently running routing services. The DFE is a distributed system, which means that even though the protocols are running on a specific module, routing frames is done locally by every module. Syntax show router Parameters None. Defaults None. Mode Switch command, Read‐Write. Example This example shows how to display the module that is currently running routing services. : Matrix(rw)->show router Router Services are currently running on module 1 clear router Use this command to clear the router configuration. This command de‐configures the router and will remove the persistent router configuration. It will effectively write a blank configuration file to persistent memory. Before using this command, save the current configuration using the show config outfile command in “show config” on page 2‐85. Syntax clear router Parameters None.
Page 145: Router
Configure router Type interface vlan or interfaces. interface loopback and the interface’s id from Global Configuration mode. Enterasys Matrix DFE-Gold Series Configuration Guide 2-103 Reviewing and Configuring Routing and throughout this guide show switch Resulting Prompt... Matrix>Router> Matrix>Router# Matrix>router(config)# Matrix>router...
Page 146 Reviewing and Configuring Routing Table 2-9 Router CLI Configuration Modes (continued) Use this mode... Router Configuration Mode Key Chain Configuration Mode Key Chain Key Configuration Mode Route Map Configuration Mode Policy-Based Routing Configuration Mode Server Load Balancing (SLB) Server Farm Configuration Mode Server Load Balancing (SLB)
Page 147 CLI, type exit from Privileged EXEC router mode. To... Access method... Configure DHCP host Type client-identifier parameters. and the identifier, or hardware-address and an address from any DHCP configuration mode. Enterasys Matrix DFE-Gold Series Configuration Guide 2-105 Reviewing and Configuring Routing Resulting Prompt... Matrix>router (config-dhcp-host)#...
Page 148 Reviewing and Configuring Routing router 2-106 Startup and General Configuration...
Page 149: Chapter 3: Discovery Protocols Configuration
Displaying Neighbors Purpose The show neighbors command displays neighbor discovered by all support discovery protocols. Command For information about... show neighbors show neighbors Use this command to display Network Neighbor Discovery information from all supported discovery protcols. Syntax show neighbors [port-string] Parameters port‐string Discovery Protocols Configuration (Optional) Displays Network Neighbor Discovery information for a specific port. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. Enterasys Matrix DFE-Gold Series Configuration Guide 3-1 Refer to page... 3-15 Refer to page...
Page 150 Displaying Neighbors Defaults If port‐string is not specified, all Network Neighbor Discovery information will be displayed. Mode Switch command, Read‐Only. Example This example shows how to display Network Neighbor Discovery information: Matrix(rw)->show neighbors Port Device ID -------------------------------------------------------------------------------- fe.1.27 00-00-1d-83-77-3f fe.1.33 00-e0-63-9d-c1-62 fe.1.34 00-01-f4-2a-c8-1f fe.1.46 00-01-f4-00-73-00 fe.1.47 00-01-f4-00-70-18 fe.1.51 00-01-f4-00-7d-cc fe.1.51 00-e0-63-86-47-53 fe.1.52 00e063d6892f fe.2.3 00e012345666 3-2 Discovery Protocols Configuration Port ID Type 10.21.64.135 10.21.64.21...
Page 151: Show Cdp
Mode Switch command, Read‐Only. Example This example shows how to display CDP information for ports fe.1.1 through fe.1.9: Matrix(rw)->show cdp fe.1.1-9 CDP Global Status CDP Versions Supported CDP Hold Time (Optional) Displays CDP status for a specific port. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. : enabled : 0x0 0x38 : 180 Enterasys Matrix DFE-Gold Series Configuration Guide 3-3 Enterasys Discovery Protocol Refer to page...
Page 152: Set Cdp State
Enterasys Discovery Protocol CDP Authentication Code : 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0 CDP Transmit Frequency Port Status ----------------- fe.1.1 auto-enable fe.1.2 auto-enable fe.1.3 auto-enable fe.1.4 auto-enable fe.1.5 auto-enable fe.1.6 auto-enable fe.1.7 auto-enable...
Page 153: Set Cdp Auth
Matrix(rw)->set cdp state disable fe.1.2 set cdp auth Use this command to set a global CDP authentication code. Syntax set cdp auth auth‐code Parameters auth‐code Defaults None. Mode Switch command, Read‐Write. Usage This value determines a device’s CDP domain. If two or more devices have the same CDP authentication code, they will be entered into each otherʹs CDP neighbor tables. If they have different authentication codes, they are in different domains and will not be entered into each other’s CDP neighbor tables. Auto‐enables, disables or enables the CDP protocol on the specified port(s). In auto‐enable mode, which is the default mode for all ports, a port automatically becomes CDP‐enabled upon receiving its first CDP message. (Optional) Enables or disables CDP on specific port(s). For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. Specifies an authentication code for the CDP protocol. This can be up to 16 hexadecimal values separated by commas. Enterasys Matrix DFE-Gold Series Configuration Guide 3-5 Enterasys Discovery Protocol...
Page 154: Set Cdp Interval
This example shows how to set the CDP authentication code to 1,2,3,4,5,6,7,8: Matrix(rw)->set cdp auth 1,2,3,4,5,6,7,8 set cdp interval Use this command to set the message interval frequency (in seconds) of the CDP discovery protocol. Syntax set cdp interval frequency Parameters frequency Defaults None. Mode Switch command, Read‐Write. Example This example shows how to set the CDP interval frequency to 15 seconds: Matrix(rw)->set cdp interval 15 set cdp hold-time Use this command to set the hold time value for CDP discovery protocol configuration messages. Syntax set cdp hold-time hold-time Parameters hold‐time Defaults None.
Page 155: Clear Cdp
Syntax clear cdp {[state] [port-state port-string] [interval] [hold-time] [auth-code]} Parameters state port‐state port‐string interval hold‐time auth‐code Defaults At least one optional parameter must be entered. Mode Switch command, Read‐Write. Example This example shows how to reset the CDP state to auto‐enabled: Matrix(rw)->clear cdp state (Optional) Resets the global CDP state to auto‐enabled. (Optional) Resets the port state on specific port(s) to auto‐enabled. (Optional) Resets the message frequency interval to 60 seconds. (Optional) Resets the hold time value to 180 seconds. (Optional) Resets the authentication code to 16 bytes of 00 (00‐00‐00‐00‐ 00‐00‐00‐00). Enterasys Matrix DFE-Gold Series Configuration Guide 3-7 Enterasys Discovery Protocol...
Page 156: Show Ciscodp
Use this command to display global Cisco Discovery Protocol information. Syntax show ciscodp Parameters None. Defaults None. Mode Switch command, Read‐Only. Example This example shows how to display Cisco Discovery Protocol information. In this case, defaults have not been changed: Matrix>show ciscodp CiscoDP : Auto Timer : 60 Holdtime (TTL) : 180 3-8 Discovery Protocols Configuration show ciscodp Refer to page...
Page 157: Show Ciscodp Port Info
The MAC address of the switch. The time that the last Cisco DP neighbor was discovered. (Optional) Displays information about specific port(s). For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. vvid trust Enterasys Matrix DFE-Gold Series Configuration Guide 3-9 Cisco Discovery Protocol “set ciscodp status” on “set ciscodp timer” on “set ciscodp...
Page 158: Set Ciscodp Status
Trust set ciscodp status Use this command to enable or disable Cisco Discovery Protocol globally on the device. Syntax set ciscodp status {auto | enable | disable} Parameters auto enable disable Defaults None. Mode Switch command, Read‐Write. Example This example shows how to enable Cisco Discovery Protocol on the device: Matrix>set ciscodp status enable 3-10 Discovery Protocols Configuration none untrusted none untrusted none untrusted none untrusted...
Page 159: Set Ciscodp Timer
Matrix>set ciscodp timer 120 set ciscodp holdtime Use this command to set the time to live (TTL) for Cisco Discovery Protocol PDUs. This is the amount of time (in seconds) neighboring devices will hold PDU transmissions from the sending device. Syntax set ciscodp holdtime time Parameters time Defaults None. Mode Switch command, Read‐Write. Example This example shows how to set the Cisco Discovery Protocol hold time to 180 seconds: Matrix>set ciscodp holdtime 180 Specifies the number of seconds between CiscoDP PDU transmissions. Valid values are 5 ‐ 254. Specifies the time to live for CiscoDP PDUs. Valid values are 10 ‐ 255. Enterasys Matrix DFE-Gold Series Configuration Guide 3-11 Cisco Discovery Protocol...
Page 160: Set Ciscodp Port
Defaults None. Mode Switch command, Read‐Write. Usage Note: The Cisco Discovery Protocol must be globally enabled using the set ciscodp status command as described in individual ports. The following points describe how the Cisco DP extended trust settings work on the Matrix device. 3-12 Discovery Protocols Configuration Sets the CiscoDP port operational status. Does not transmit or process CiscoDP PDUs.
Page 161: Clear Ciscodp
{ [status | timer | holdtime | port {status | vvid | trust-ext | cos-ext}] } <port-string> Parameters status timer holdtime port status vvid trust‐ext Clears global CiscoDP enable status to default of auto. Clears the time between CiscoDP PDU transmissions to default of 60 seconds. Clears the time‐to‐live for CiscoDP PDU data to default of 180 seconds. Clears the CiscoDP port configuration. Clears the individual port operational status to the default of enabled. Clears the individual port voice VLAN for CiscoDP PDU transmission to 0. Clears the trust mode configuration of the port to trusted. Enterasys Matrix DFE-Gold Series Configuration Guide 3-13 Cisco Discovery Protocol...
Page 162 Cisco Discovery Protocol cos‐ext port‐string Defaults None. Mode Switch command, Read‐Write. Examples This example shows how to clear all the Cisco DP parameters back to the default settings: Matrix>clear ciscodp This example shows how to clear the Cisco DP port status on port fe.1.5: Matrix>clear ciscodp port status fe.1.5 3-14 Discovery Protocols Configuration Clears the CoS priority for untrusted traffic of the port to 0. Specifies the port(s) on which status will be set. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. clear ciscodp...
Page 163: Link Layer Discovery Protocol And Lldp-Med
Inventory management, allowing network administrators to track their network devices and to determine their characteristics, such as manufacturer, software and hardware versions, and serial or asset numbers The information sent by an LLDP‐enabled device is extracted and tabulated by its peers. The communication can be done when information changes or on a periodic basis. The information tabulated is aged to ensure that it is kept up to date. Ports can be configured to send this information, receive this information, or both send and receive. Either LLDP or LLDP‐MED, but not both, can be used on an interface between two devices. A switch port uses LLDP‐MED when it detects that an LLDP‐MED‐capable device is connected to it. LLDP Frames LLDP information is contained within a Link Layer Discovery Protocol Data Unit (LLDPDU) sent in a single 802.3 Ethernet frame. The information fields in LLDPDU are a sequence of short, variable‐length, information elements known as TLVs — type, length, and value fields where: • Type identifies what kind of information is being sent • Length indicates the length of the information string in octets • Value is the actual information that needs to be sent The standard specifies that certain TLVs are mandatory in transmitted LLDPDUs, while others are optional. You can configure on a port‐specific basis which optional LLDP and LLDP‐MED TLVs should be sent in LLDPDUs. Configuration Tasks The commands included in this implementation allow you to perform the following configuration tasks: Link Layer Discovery Protocol and LLDP-MED Enterasys Matrix DFE-Gold Series Configuration Guide 3-15...
Page 164: Commands
Link Layer Discovery Protocol and LLDP-MED Step Task Configure global system LLDP parameters Enable/disable specific ports to: • Transmit and process received LLDPDUs • Send LLDP traps • Send LLDP-MED traps Configure an ECS ELIN value for specific ports Configure Network Policy TLVs for specific ports Configure which optional TLVs should be sent by specific ports.
Page 165: Show Lldp
: ge.1.1-60; ge.2.1-24; ge.3.1-30; ge.4.1-12; ge.5.1-12;tg.6.1-2; fe.7.1-48 : ge.1.1-60; ge.2.1-24; ge.3.1-30; ge.4.1-12; ge.5.1-12; tg.6.1-2; fe.7.1-48 : ge.1.1-60; ge.2.1-24; ge.3.1-30; ge.4.1-12; ge.5.1-12;tg.6.1-2; fe.7.1-48 Enterasys Matrix DFE-Gold Series Configuration Guide 3-17 Refer to page... 3-34 3-34 3-35 3-35 3-36...
Page 166: Show Lldp Port Status
Link Layer Discovery Protocol and LLDP-MED show lldp port status Use this command to display the LLDP status of one or more ports. Syntax show lldp port status [port-string] Parameters port-string Defaults If port‐string is not specified, LLDP status information will be displayed for all ports. Mode Switch command, Read‐Only. Usage The command lists the ports that are enabled to send and receive LLDPPDUs. Ports are enabled or disabled with the set lldp port status command. Example This example shows how to display LLDP port status information for all ports. Matrix(ro)->show lldp port status Tx-Enabled Ports Rx-Enabled Ports show lldp port trap Use this command to display the ports that are enabled to send an LLDP notification when a ...
Page 167: Show Lldp Port Tx-Tlv
Column Pro Id uses letter notation for enable: s-stp, l-lacp, g-gvrp Ports Port Sys (Optional) Displays information about TLV configuration for one or a range of ports. Sys Mgmt Vlan Pro MAC PoE Link Max Enterasys Matrix DFE-Gold Series Configuration Guide 3-19 Link Layer Discovery Protocol and LLDP-MED MED MED MED MED...
Page 168: Show Lldp Port Location-Info
---- ---- ---- --- ---- ---- ---- --- --- ---- ---- ge.1.1 ge.1.2 ge.1.3 show lldp port location-info Use this command to display configured location information for one or more ports. Syntax show lldp port location-info [port-string] Parameters port‐string Defaults If port‐string is not specified, port location configuration information will be displayed for all ports. Mode Switch command, Read‐Only. Usage Ports are configured with a location value using the set lldp port location‐info command. Example This example shows how to display port location information for three ports. Matrix(ro)->show lldp port location-info ge.1.1-3 Ports Type -------- ------------- ge.1.1 ELIN ge.1.2 ELIN ge.1.3...
Page 169: Show Lldp Port Local-Info Output Details
: 10.21.64.100 Chassis ID : 00-E0-63-93-74-A5 Sys Name : LLDP PoE test Chassis Sys Desc : Enterasys Networks, Inc. Matrix E7 Gold Rev 05.41 Sys Cap Supported/Enabled Auto-Neg Supported/Enabled Auto-Neg Advertised Table 3‐4 describes the information displayed by the show lldp port local‐info command. Table 3-4 show lldp port local-info Output Details Output...
Page 170 LLDP-MED Extensions Extended Power via MDI TLV. Displayed only when a port has PoE capabilities. Value is the Power Type of the device. On a Matrix switch port, the value is Power Sourcing Entity (PSE). LLDP-MED Extensions Extended Power via MDI TLV. Displayed only when a port has PoE capabilities.
Page 171: Show Lldp Port Remote-Info
PoE capabilities. Indicates the power priority configured on the port. Value can be critical, high, or low. (Optional) Displays remote system information for one or a range of ports. Remote Port Id : 00-09-6e-0e-14-3d Enterasys Matrix DFE-Gold Series Configuration Guide 3-23 Link Layer Discovery Protocol and LLDP-MED...
Page 172: Show Lldp Port Network-Policy
Link Layer Discovery Protocol and LLDP-MED Mgmt Addr : 0.0.0.0 Chassis ID : 0.0.0.0 Device Type : Communication Device Endpoint (class III) Sys Name : AVE0E143D Sys Cap Supported/Enabled Auto-Neg Supported/Enabled Auto-Neg Advertised Operational Speed/Duplex/Type : 100/full/TX Note that the information fields displayed by the show lldp port remote‐info command will vary, depending on the type of remote device that is connected to the port. Table 3‐5 describes the output fields that are unique to the remote system information database. ...
Page 173 Displays information about only the streaming video application type. Displays information about only the video signaling application type. (Optional) Displays information about LLDP network policy for one or a range of ports. State -------- -------- enabled untagged enabled untagged enabled untagged enabled untagged enabled untagged enabled untagged enabled untagged enabled untagged Enterasys Matrix DFE-Gold Series Configuration Guide 3-25 Link Layer Discovery Protocol and LLDP-MED Vlan-Id Dscp -------...
Page 174: Set Lldp Tx-Interval
Link Layer Discovery Protocol and LLDP-MED set lldp tx-interval Use this command to set the time, in seconds, between successive LLDP frame transmissions initiated by changes in the LLDP local system information. Syntax set lldp tx-interval frequency Parameters frequency Defaults None. Mode Switch command, Read‐Write. Example This example sets the transmit interval to 20 seconds. Matrix(rw)->set lldp tx-interval 20 set lldp hold-multiplier Use this command to set the time‐to‐live value used in LLDP frames sent by this device. Syntax set lldp hold-multiplier multiplier-val Parameters multiplier-val Defaults None.
Page 175: Set Lldp Trap-Interval
Switch command, Read‐Write. Example This example sets the minimum interval between LLDP traps to 10 seconds. Matrix(rw)->set lldp trap-interval 10 set lldp med-fast-repeat Network connectivity devices transmit only LLDP TLVs in LLDPDUs until they detect that an LLDP‐MED endpoint device has connected to a port. Syntax set lldp med-fast-repeat count Parameters count Defaults None. Specifies the minimum time between LLDP trap transmissions, in seconds. The value can range from 5 to 3600 seconds. The default value is 5 seconds. Specifies the number of fast start LLDPDUs to be sent when an LLDP‐ MED endpoint device is detected. Value can range from 1 to 10. Default is 3. Enterasys Matrix DFE-Gold Series Configuration Guide 3-27 Link Layer Discovery Protocol and LLDP-MED...
Page 176: Set Lldp Port Status
Link Layer Discovery Protocol and LLDP-MED Mode Switch command, Read‐Write. Usage When an LLDP‐MED endpoint device has connected to a port, the network connectivity device starts sending LLDP‐MED TLVs at a fast start rate on that port. Use this command to set the number of successive LLDPDUs (with LLDP‐MED TLVs) to be sent for one complete fast start interval. Example This example sets the number of fast start LLDPDUs to be sent to 4. Matrix(rw)->set lldp med-fast-repeat 4 set lldp port status Use this command to enable or disable transmitting and processing received LLDPDUs on a port or range of ports. Syntax set lldp port status {tx-enable | rx-enable | both | disable} port-string Parameters tx‐enable rx‐enable...
Page 177: Set Lldp Port Trap
Use this command to enable or disable sending an LLDP‐MED notification when a change in the topology has been sensed on the port (that is, a remote endpoint device has been attached or removed from the port). Syntax set lldp port med-trap {enable | disable} port-string Parameters enable disable port-string Defaults None. Mode Switch command, Read‐Write. Enables transmitting LLDP traps on the specified ports. Disables transmitting LLDP traps on the specified ports. Specifies the port or range of ports to be affected. Enable transmitting LLDP‐MED traps on the specified ports. Disable transmitting LLDP‐MED traps on the specified ports. Specifies the port or range of ports to be affected. Enterasys Matrix DFE-Gold Series Configuration Guide 3-29 Link Layer Discovery Protocol and LLDP-MED...
Page 178: Set Lldp Port Location-Info
Syntax set lldp port location-info elin elin-string port-string Parameters elin elin-string port-string Defaults None. Mode Switch command, Read‐Write. Example After you configure a location information value, you must also configure the port to send the Location Information TLV with the set lldp port tx‐tlv command. This example configures the ELIN identifier 5551234567 on ports ge.1.1 through ge.1.6 and then configures the ports to send the Location Information TLV. Matrix(rw)->set lldp port location-info 5551234567 ge.1.1-6 Matrix(rw)->set lldp port tx-tlv med-loc ge.1.1-6 set lldp port tx-tlv Use this command to select the optional LLDP and LLDP‐MED TLVs to be transmitted in LLDPDUs by the specified port or ports. Use the show lldp port local‐info command to display ...
Page 179 GVRP information defined by Protocol Identity IEEE 802.1 Extensions TLV. If LACP is enabled on the port, value sent includes version of protocol being used. MAC‐PHY Configuration/Status IEEE 802.3 Extensions TLV. Value sent includes the operational MAU type, duplex, and speed of the port. Power via MDI IEEE 802.3 Extensions TLV. Values sent include whether pair selection can be controlled on port, and the power class supplied by the port. Only valid for PoE‐enabled ports. Link Aggregation IEEE 802.3 Extensions TLV. Values sent indicate whether the link associated with this port can be aggregated, whether it is currently aggregated, and if aggregated, the aggregated port identifier. Maximum Frame Size IEEE 802.3 Extensions TLV. Value sent indicates maximum frame size of the port’s MAC and PHY. LLDP‐MED Capabilities TLV.Value sent indicates the capabilities (whether the device supports location information, network policy, extended power via MDI) and Device Type (network connectivity device) of the sending device. LLDP‐MED Network Policy TLV. Values sent include application name, VLAN type (tagged or untagged), VLAN ID, and both Layer 2 and Layer 3 priorities associated with application, for all applications enabled on the port. See the set lldp port network‐policy command for more information. LLDP‐MED Location Identification TLV. Value sent is the ECS ELIN value configured on the port. See the set lldp port location‐info command for more information. Enterasys Matrix DFE-Gold Series Configuration Guide 3-31 Link Layer Discovery Protocol and LLDP-MED...
Page 180: Set Lldp Port Network-Policy
Link Layer Discovery Protocol and LLDP-MED med‐poe port-string Defaults None. Mode Switch command, Read‐Write. Example This example configures the management address, MED capability, MED network policy, and MED location identification TLVs to be sent in LLDPDUs by port ge.1.1. Matrix(rw)->set lldp port tx-tlv mgmt-addr med-cap med-pol med-loc ge.1.1 set lldp port network-policy Use this command to configure network policy for a set of applications on a port or range of ports. Syntax set lldp port network-policy {all | voice | voice-signaling | guest-voice |...
Page 181 IEEE 802.1D priority level is significant and the default PVID of the ingress port is used. (Optional) Specifies the Layer 2 priority to be used for the application being configured. The value can range from 0 to 7. A value of 0 represents use of the default priority as defined in IEEE 802.1D. (Optional) Specifies the DSCP value to be used to provide Diffserv node behavior for the application being configured. The value can range from 0 to 63. A value of 0 represents use of the default DSCP value as defined in RFC 2475. Specifies the port or range of ports to be affected. Enterasys Matrix DFE-Gold Series Configuration Guide 3-33 Link Layer Discovery Protocol and LLDP-MED vlan-id can range ...
Page 182: Clear Lldp
Syntax clear lldp {all | tx-interval | hold-multipler | trap-interval | med-fast-repeat} Parameters tx‐interval hold‐multiplier trap‐interval med‐fast‐repeat Defaults None. Mode Switch command, Read‐Write. Examples This example returns the transmit interval to the default value of 30 seconds. Matrix(rw)->clear lldp tx-interval clear lldp port status Use this command to return the port status to the default value of both (both transmitting and processing received LLDPDUs are enabled). Syntax clear lldp port status port-string Parameters port-string Defaults None.
Page 183: Clear Lldp Port Trap
Matrix(rw)->clear lldp port trap ge.1.1 clear lldp port med-trap Use this command to return the port LLDP‐MED trap setting to the default value of disabled. Syntax clear lldp port med-trap port-string Parameters port-string Defaults None. Mode Switch command, Read‐write. Example This example returns port ge.1.1 to the default LLDP‐MED trap state of disabled. Matrix(rw)->clear lldp port med-trap ge.1.1 Specifies the port or range of ports to be affected. Specifies the port or range of ports to be affected. Enterasys Matrix DFE-Gold Series Configuration Guide 3-35 Link Layer Discovery Protocol and LLDP-MED...
Page 184: Clear Lldp Port Location-Info
Use this command to return the port ECS ELIN location setting to the default value of null. Syntax clear lldp port location-info elin port-string Parameters elin port-string Defaults None. Mode Switch command, Read‐write. Example This example returns the location information ELIN value on port ge.1.1 to the default value of null. Matrix(rw)->clear lldp port location-info elin ge.1.1 clear lldp port network-policy Use this command to return network policy for a set of applications on a port or range of ports to default values. Syntax clear lldp port network-policy {all | voice | voice-signaling | guest-voice |...
Page 185: Clear Lldp Port Tx-Tlv
(Optional) Clear the tag value of the application being configured to untagged. (Optional) Clear the VLAN identifier for the port to the default value of (Optional) Clear the Layer 2 priority to be used for the application being configured to the default value of 0. (A value of 0 represents use of the default priority as defined in IEEE 802.1D.) (Optional) Clear the DSCP value to be used to provide Diffserv node behavior for the application being configured to the default value of 0. (A value of 0 represents use of the default DSCP value as defined in RFC 2475.) Specifies the port or range of ports to be affected. Disables all optional TLVs from being transmitted in LLDPDUs. Disables the Port Description optional basic LLDP TLV from being transmitted in LLDPDUs. Disables the System Name optional basic LLDP TLV from being transmitted in LLDPDUs. Disables the System Description optional basic LLDP TLV from being transmitted in LLDPDUs. Disables the System Capabilities optional basic LLDP TLV from being transmitted in LLDPDUs. Disables the Management Address optional basic LLDP TLV from being transmitted in LLDPDUs. Enterasys Matrix DFE-Gold Series Configuration Guide 3-37 Link Layer Discovery Protocol and LLDP-MED...
Page 186 Defaults None. Mode Switch command, Read‐Write. Example This example disables the management address, MED capability, MED network policy, and MED location identification TLVs from being sent in LLDPDUs by port ge.1.1. Matrix(rw)->clear lldp port tx-tlv mgmt-addr med-cap med-pol med-loc ge.1.1 3-38 Discovery Protocols Configuration Disables the Port VLAN ID IEEE 802.1 Extensions TLV from being transmitted in LLDPDUs. Disables the Spanning Tree information defined by Protocol Identity IEEE 802.1 Extensions TLV from being transmitted in LLDPDUs. Disables the LACP information defined by Protocol Identity IEEE 802.1 Extensions TLV from being transmitted in LLDPDUs. Disables the GVRP information defined by Protocol Identity IEEE 802.1 Extensions TLV from being transmitted in LLDPDUs. Disables the MAC‐PHY Configuration/Status IEEE 802.3 Extensions ...
Page 187: Port Configuration Summary
Configuring LACP Port Configuration Summary Console Port(s) Each Matrix Series module or standalone device includes a console port through which local management of the device can be accessed using a terminal or modem. For details on configuring one or more console port settings, refer to “Setting Console Port Properties” on page 4‐3. For module placement rules and considerations for configuring local management on DFE‐Gold modules, refer to the Matrix DFE‐Gold Series Installation Guide. For details on activating redundancy on a DFE‐Gold Series module, refer to “Activating Licensed Features” on page 2‐58. Port Configuration Important Notice Enterasys Matrix DFE-Gold Series Configuration Guide 4-1 Refer to page... 4-13 4-20 4-24 4-27 4-30 4-37 4-39 4-49 4-52 4-55...
Page 188: Port String Syntax Used In The Cli
Port Configuration Summary Switch Ports The Matrix Series modules and standalone devices have fixed front panel switch ports and, depending on the model, optional expansion module slots. The numbering scheme used to identify the switch ports on the front panel and the expansion module(s) installed is interface‐type dependent and is also dependent upon the chassis in which the module(s) are installed. Port String Syntax Used in the CLI Commands requiring a port‐string parameter use the following syntax to designate port type, slot location, and port number: port type.slot location.port number Where port type can be: fe for 100‐Mbps Ethernet ge for 1‐Gbps Ethernet tg for 10‐Gbps Ethernet com for COM (console) port host for the host port vlan for vlan interfaces lag for IEEE802.3 link aggregation ports lpbk for loopback interfaces, or lo for the local (software loopback) interface bp for FTM1 backplane ports pc for the internal ports which connect to the on‐board processor of an installed Matrix Security Module rtr for router interface Slot location for modules installed in a Matrix N7 or E7 chassis can be: 0 through 7, with 0 designating virtual system ports (lag, vlan, host, loopback), and 1 designating the left‐most module slot in the chassis. Slot location for modules installed in a Matrix N3 or N5 chassis can be: 0 through 3 or 0 through 5, with 0 designating virtual system ports (lag, vlan, host, loopback), and ...
Page 189: Setting Console Port Properties
For information about... show console clear console show console baud set console baud clear console baud show console flowcontrol set console flowcontrol clear console flowcontrol *.*.* Enterasys Matrix DFE-Gold Series Configuration Guide 4-3 Setting Console Port Properties Refer to page...
Page 190: Show Console
Use this command to display properties set for one or more console ports. Syntax show console [port-string] Parameters port‐string Defaults If port‐string is not specified, properties for all console ports will be displayed. Mode Switch command, Read‐Only. Example This example shows how to display properties for console port com.1.1: Matrix(rw)->show console com.1.1 Port ------------ com.1.1 clear console Use this command to clear the properties set for one or more console ports. Syntax clear console [port-string] 4-4 Port Configuration (Optional) Displays properties for specific console port(s)
Page 191: Show Console Baud
Defaults If port‐string is not specified, baud rate for all console ports will be displayed. Mode Switch command, Read‐Only. Example This example shows how to display the baud rate for console port com.1.1: Matrix(rw)->show console baud com.1.1 Port ------------ com.1.1 set console baud Use this command to set the baud rate for one or more console ports. Syntax set console baud rate [port-string] (Optional) Clears properties for specific console port(s). (Optional) Displays baud rate for specific console port(s). Baud -------- 38400 Enterasys Matrix DFE-Gold Series Configuration Guide 4-5 Setting Console Port Properties...
Page 192: Clear Console Baud
Setting Console Port Properties Parameters rate port‐string Defaults If port‐string is not specified, baud rate will be set for all console ports. Mode Switch command, Read‐Write. Example This example shows how to set the baud rate to 19200 on console port com.1.1: Matrix(rw)->set console baud 19200 com.1.1 clear console baud Use this command to clear the baud rate for one or more console ports. Syntax clear console baud [port-string] Parameters port‐string Defaults If port‐string is not specified, baud rate will be cleared for all console ports. Mode Switch command, Read‐Write. Example This example shows how to clear the baud rate on console port com.1.1: Matrix(rw)->clear console baud com.1.1 show console flowcontrol Use this command to display the type of flow control setting for one or more console ports.
Page 193: Set Console Flowcontrol
Defaults If port‐string is not specified, flow control will be set for all console ports. Mode Switch command, Read‐Write. Example This example shows how to enable DSR/DTR flow control for console port com.1.1: Matrix(rw)->set console flowcontrol dsrdtr com.1.1 clear console flowcontrol Use this command to clear the type of flow control for one or more console ports. Syntax clear console flowcontrol [port-string] Flow -------- ctsrts Disables all hardware flow control. Enables CTS/RTS (Clear to Send/Request to Send) hardware flow control. Enables DSR/DTR (Data Set Ready/Data Terminal Ready) hardware flow control. (Optional) Sets flow control for specific console port(s). Enterasys Matrix DFE-Gold Series Configuration Guide 4-7 Setting Console Port Properties...
Page 194: Show Console Bits
Setting Console Port Properties Parameters port‐string Defaults If port‐string is not specified, flow control will be cleared for all console ports. Mode Switch command, Read‐Write. Example This example shows how to clear flow control for console port com.1.1: Matrix(rw)->clear console flowcontrol com.1.1 show console bits Use this command to display the number of bits per character set for one or more console ports. Syntax show console bits [port-string] Parameters port‐string Defaults If port‐string is not specified, the bits per character setting for all console ports will be displayed. Mode Switch command, Read‐Only. Example This example shows how to display the bits per character setting for console port com.1.1: Matrix(rw)->show console bits com.1.1 Port ------------ com.1.1 set console bits Use this command to set the number of bits per character for one or more console ports.
Page 195: Clear Console Bits
[port-string] Parameters port‐string Defaults If port‐string is not specified, bits per character will be cleared for all console ports. Mode Switch command, Read‐Write. Example This example shows how to clear bits per character for console port com.1.1: Matrix(rw)->clear console bits com.1.1 show console stopbits Use this command to display the console port stop bits per character. Syntax show console stopbits [port-string] Parameters port‐string Specifies the number of bits per character. Valid values are 5, 6, 7, and 8. (Optional) Sets bits per character for specific console port(s). (Optional) Clears bits per character for specific console port(s). (Optional) Displays stop bits for specific console port(s). Enterasys Matrix DFE-Gold Series Configuration Guide 4-9 Setting Console Port Properties...
Page 196: Set Console Stopbits
Setting Console Port Properties Defaults If port‐string is not specified, stop bits per character will be displayed for all console ports. Mode Switch command, Read‐Write. Example This example shows how to show stop bits per character on com.1.1: Matrix(rw)->show console stopbits com.1.1 Port ------------ com.1.1 set console stopbits Use this command to set the stop bits per character for one or more console ports. Syntax set console stopbits {one | oneandhalf | two} [port-string] Parameters one | oneandhalf | port‐string Defaults If port‐string is not specified, stop bits per character will be set for all console ports. Mode Switch command, Read‐Write. Example This example shows how to set stop bits per character to 2 for console port com.1.1: Matrix(rw)->set console stopbits 2 com.1.1...
Page 197: Show Console Parity
Port ------------ com.1.1 set console parity Use this command to set the parity type for one or more console ports. Syntax set console parity {none | odd | even | mark | space} [port-string] Parameters none (Optional) Displays parity type for specific console port(s). Parity -------- none Specifies that no parity checking will be performed. Enables odd parity checking. Enterasys Matrix DFE-Gold Series Configuration Guide 4-11 Setting Console Port Properties...
Page 198: Clear Console Parity
Setting Console Port Properties even mark space port‐string Defaults If port‐string is not specified, parity type will be set for all console ports. Mode Switch command, Read‐Write. Example This example shows how to enable even parity checking on console port com.1.1: Matrix(rw)->set console parity even com.1.1 clear console parity Use this command to clear the parity type for one or more console ports. Syntax clear console parity [port-string] Parameters port‐string Defaults If port‐string is not specified, parity type will be cleared for all console ports. Mode Switch command, Read‐Write. Example This example shows how to clear parity type on console port com.1.1: Matrix(rw)->clear console parity com 1.1 4-12 Port Configuration Enables even parity checking.
Page 199: Reviewing Port Status
[port-string] Parameters port‐string Defaults If port‐string is not specified, operational status information for all ports will be displayed. Mode Switch command, Read‐Only. Examples This example shows how to display operational status information for 1‐Gigabit Ethernet port 14 in module 3: Matrix(rw)->show port ge.3.14 Port ge.3.14 enabled (Optional) Displays operational status for specific port(s). For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. Enterasys Matrix DFE-Gold Series Configuration Guide 4-13 Reviewing Port Status Refer to page... 4-13 4-14 4-15 4-17 4-18...
Page 200: Show Port Status
Reviewing Port Status show port status Use this command to display operating and admin status, speed, duplex mode and port type for one or more ports on the device. Syntax show port status [port-string] [-interesting] Parameters port‐string ‐interesting Defaults If no options are specified, status information for all ports will be displayed. Mode Switch command, Read‐Only. Examples This example shows how to display status information for port ge.3.1 through 4: Matrix(rw)->show port status ge.3.1-4 Port ------------ ge.3.14 This example shows how to display status information for console ports: Matrix(rw)->show port status com.*.* Port ------------ com.5.1 com.7.1 Table 4‐1 provides an explanation of the command output.
Page 201: Show Port Counters
Physical port and interface type. (Optional) Displays counter statistics for specific port(s). For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. (Optional) Displays switch or MIB2 statistics. Switch statistics detail performance of the Matrix switch device. MIB2 interface statistics detail performance of all network devices. MIB2 Interface: 1 Bridge Port: 2 Enterasys Matrix DFE-Gold Series Configuration Guide 4-15 Reviewing Port Status “set port disable” on page 4-20. For “set “Setting Auto- Ability” on page 4-30.
Page 202: Show Port Counters Output Details
Out Errors Out Queue Length 802.1Q Switch Counters ---------------------- Frames Received Frames Transmitted Frames Filtered This example shows how to display all fe.3.1 port counter statistics related to traffic through the device. Matrix(rw)->show port counters fe.3.1 switch Port: fe.3.1 No counter discontinuity time 802.1Q Switch Counters ------------------------------------------- Frames Received Frames Transmitted Frames Filtered Table 4‐2 provides an explanation of the command output.
Page 203: Show Port Operstatuscause
Used in the CLI” on page 4‐2. (Optional) Displays a table of all causes. (Optional) Displays a table of modifiable causes. (Optional) Displays ports down due to adminStatus. (Optional) Displays ports down due to link loss. (Optional) Displays ports down due to link flap violation. For more information on configuring the link flap function, refer to “Configuring Link Traps and Link Flap Detection” on page 4‐39. (Optional) Displays ports down due to a hardware cause. (Optional) Displays ports in initialization phase. (Optional) Displays ports down due to a flow limiting constraint. For more information on configuring flow limiting, which is also known as flow setup throttling, refer to “Configuring Flow Setup Throttling (FST)” on page 24‐25. (Optional) Displays ports down due to policy restriction. For more information on configuring user policies, refer to Chapter (Optional) Displays ports down due to Class of Service constraint. For more information on configuring Class of Service, refer to “Configuring Policy Class of Service (CoS)” on page 8‐21. (Optional) Displays ports dormant due to 802.1X enforcement. For more information on configuring 802.1X, refer to “Configuring 802.1X Authentication” on page 25‐2. (Optional) Displays ports dormant due to Link Aggregation Group (LAG) membership. For more information on configuring LAG, refer to “Configuring Link Traps and Link Flap Detection” on page 4‐39. Enterasys Matrix DFE-Gold Series Configuration Guide 4-17 Reviewing Port Status...
Page 204: Clear Port Operstatuscause
Reviewing Port Status Mode Switch command, Read‐Only. Example This example shows how to display operation status causes for ports ge.1.1 through 6. In this case, port ge.1.6 is down due to a link loss: Matrix(rw)->show port operstatuscause ge.1.1-6 +------------------------------+ Port ----------+------------------------------+ ge.1.1 ge.1.2 ge.1.3 ge.1.4 ge.1.5 ge.1.6 clear port operstatuscause Use this command to override the causes configured to place operating status to a down or dormant state for one or more ports. Syntax clear port operstatuscause [port-string] [admin] [linkflap] [flowlimit] [policy] [cos][all] Parameters port‐string admin linkflap...
Page 205 Mode Switch command, Read‐Write. Example This example shows how to override all operational causes on all ports: Matrix(rw)->clear port operstatuscause Reviewing Port Status Enterasys Matrix DFE-Gold Series Configuration Guide 4-19...
Page 206: Disabling / Enabling And Naming Ports
Use this command to administratively disable one or more ports. Syntax set port disable port-string Parameters port-string Defaults None. Mode Switch command, Read‐Write. Example This example shows how to disable Fast Ethernet port 1 in module1: Matrix(rw)->set port disable fe.1.1 4-20 Port Configuration Specifies the port(s) to disable. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. set port disable Refer to page... 4-20 4-21...
Page 207: Set Port Enable
Parameters port-string Defaults If port‐string is not specified, aliases for all ports will be displayed. Mode Switch command, Read‐Only. Example This example shows how to display alias information for fe.3.1. In this case, an alias has not been assigned: Matrix(rw)->show port alias fe.3.1 Alias not assigned on port fe.3.1. Specifies the port(s) to enable. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. (Optional) Displays alias name(s) for specific port(s). For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. Enterasys Matrix DFE-Gold Series Configuration Guide 4-21 Disabling / Enabling and Naming Ports...
Page 208: Set Port Alias
Disabling / Enabling and Naming Ports set port alias Use this command to assign an alias name to a port. Syntax set port alias port-string [string] Parameters port-string string Defaults If string is not specified, the alias assigned to the port will be cleared. Mode Switch command, Read‐Write. Example This example shows how to assign the alias “management” to fe.3.1: Matrix(rw)->set port alias fe.3.1 management show forcelinkdown Use this command to display the status of the force link down function. Syntax show forcelinkdown Parameters None. Defaults None.
Page 209: Set Forcelinkdown
Defaults None. Mode Switch command, Read‐Write. Example This example shows how to enable the force link down function: Matrix(rw)->set forcelinkdown enable clear forcelinkdown Use this command to resets the force link down function to the default state of disabled. Syntax clear forcelinkdown Parameters None. Defaults None. Mode Switch command, Read‐Write. Example This example shows how to reset the force link down function to disabled: Matrix(rw)->clear forcelinkdown Enables or disables the force link down function on all ports. Enterasys Matrix DFE-Gold Series Configuration Guide 4-23 Disabling / Enabling and Naming Ports...
Page 210: Setting Speed And Duplex Mode
Use this command to display the default speed setting on one or more ports. Syntax show port speed [port-string] Parameters port‐string Defaults If port‐string is not specified, default speed settings for all ports will display. Mode Switch command, Read‐Only. Example This example shows how to display the default speed setting for 1‐Gigabit Ethernet port 14 in module 3: Matrix(rw)->show port speed ge.3.14 default speed is 1000 on port ge.3.14. 4-24 Port Configuration (Optional) Displays default speed setting(s) for specific port(s). For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. show port speed Refer to page...
Page 211: Set Port Speed
Use this command to display the default duplex setting (half or full) for one or more ports. Syntax show port duplex [port-string] Parameters port‐string Defaults If port‐string is not specified, default duplex settings for all ports will be displayed. Mode Switch command, Read‐Only. Specifies the port(s) for which to a speed value will be set. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. Specifies the port speed. Valid values are: 10 Mbps, 100 Mbps, or 1000 Mbps. (Optional) Displays default duplex setting(s) for specific port(s). For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. Enterasys Matrix DFE-Gold Series Configuration Guide 4-25 Setting Speed and Duplex Mode...
Page 212: Set Port Duplex
Use this command to set the default duplex type for one or more ports. Syntax set port duplex port-string {full | half} Parameters port‐string full | half Defaults None. Mode Switch command, Read‐Write. Usage This command will only take effect on ports that have auto‐negotiation disabled. Example This example shows how to set Fast Ethernet port 17 in module 1 to full duplex: Matrix(rw)->set port duplex fe.1.17 full 4-26 Port Configuration Specifies the port(s) for which duplex type will be set. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. Sets the port(s) to full‐duplex or half‐duplex operation.
Page 213: Enabling / Disabling Jumbo Frame Support
Port Number Jumbo Oper Status ----------- ----------------- ge.1.1 Disabled (Optional) Displays the status of jumbo frame support for specific port(s). For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. Jumbo Admin Status ------------------ Disabled Enterasys Matrix DFE-Gold Series Configuration Guide 4-27 Enabling / Disabling Jumbo Frame Support Refer to page... 4-27 4-28 4-28 Jumbo MTU --------- 10239...
Page 214: Set Port Jumbo
Use this command to enable or disable jumbo frame support on one or more ports. Syntax set port jumbo {enable | disable} [port-string] Parameters enable | disable port‐string Defaults If port‐string is not specified, jumbo frame support will be enabled or disabled on all ports. Mode Switch command, Read‐Write. Usage By default, jumbo frame support is disabled on all ports and path MTU discovery is enabled. When jumbo frame support is enabled, path MTU discovery should not be disabled. For details on setting the path MTU state, refer to “set mtu” on page 2‐91. Examples This example shows how to enable jumbo frame support for 1‐Gigabit Ethernet port 14 in module Matrix(rw)->set port jumbo enable ge.3.14 This example shows how to enable jumbo frame support for router in slot 2, router instance 1.: Matrix(rw)->set port jumbo enable rtr.2.1 clear port jumbo Use this command to reset jumbo frame support status to enabled on one or more ports.
Page 215 Mode Switch command, Read‐Write. Example This example shows how to reset jumbo frame support status for 1‐Gigabit Ethernet port 14 in module 3: Matrix(rw)->clear port jumbo ge.3.14 Enabling / Disabling Jumbo Frame Support Enterasys Matrix DFE-Gold Series Configuration Guide 4-29...
Page 216: Setting Auto-Negotiation And Advertised Ability
Setting Auto-Negotiation and Advertised Ability Setting Auto-Negotiation and Advertised Ability Purpose To review, disable or enable auto‐negotiation, and to review or set a port’s advertised mode of operation. During auto‐negotiation and advertised ability, the port “tells” the device at the other end of the segment what its capabilities and mode of operation are. If auto‐negotiation is disabled, the port reverts to the values specified by default speed, default duplex, and the port flow control commands. In normal operation, with all capabilities enabled, advertised ability enables a port to “advertise” that it has the ability to operate in any mode. The user may choose to configure a port so that only a portion of its capabilities are advertised and the others are disabled. Note: Advertised ability can be activated only on ports that have auto-negotiation enabled. Commands For information about... show port negotiation set port negotiation show port mdix set port mdix...
Page 217: Set Port Negotiation
Use this command to display the MDI/MDIX mode on one or more ports. This function detects and adapts to straight through (MDI) or cross‐over (MDIX) Ethernet cabling on switch ports. Syntax show port mdix [port-string] {all | auto | mdi | mdix} Parameters port‐string Specifies the port(s) for which to enable or disable auto‐negotiation. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. Enables or disables auto‐negotiation. (Optional) Displays mode for specific port(s). For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. Displays port(s) MDI and MDIX admin status. Enterasys Matrix DFE-Gold Series Configuration Guide 4-31 Setting Auto-Negotiation and Advertised Ability...
Page 218: Set Port Mdix
Setting Auto-Negotiation and Advertised Ability auto mdix Defaults If port‐string is not specified, the mode for all ports will be displayed. Mode Switch command, Read‐Only. Example This example shows how to display MDI/MDIX mode for 1‐Gigabit Ethernet port 14 in module 3: Matrix(rw)->show port negotiation ge.3.14 mdix configuration is auto on port fe.3.14 set port mdix Use this command to set MDI/MDIX mode on one or more ports. Syntax set port mdix [port-string] {auto | mdi | mdix} Parameters port‐string...
Page 219: Clear Port Mdix
[port-string] Parameters port‐string Defaults If port‐string is not specified, advertised ability for all ports will be displayed. Mode Switch command, Read‐Only. Example This example shows how to display advertised ability fe.1.16: Matrix(rw)->show port advertise fe.1.16 fe.1.16 capability ---------------------------------------------- (Optional) Resets mode for specific port(s). For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. (Optional) Displays advertised ability for specific port(s). For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. advertised remote Enterasys Matrix DFE-Gold Series Configuration Guide 4-33 Setting Auto-Negotiation and Advertised Ability...
Page 220: Set Port Advertise
Setting Auto-Negotiation and Advertised Ability 10BASE-T 10BASE-TFD 100BASE-TX 100BASE-TXFD 1000BASE-X 1000BASE-XFD 1000BASE-T 1000BASE-TFD other pause Apause Spause Bpause Table 4‐3 provides an explanation of the command output. Table 4-3 show port advertise Output Details Output... capability advertised remote set port advertise Use this command to enable or disable and to configure the advertised ability on one or more ports. Syntax set port advertise port-string [10t] [10tfd] [100tx] [100txfd] [1000x] [1000xfd] [1000t] [1000tfd] [pause] [apause] [spause] [bpause] 4-34 Port Configuration What it displays...
Page 221: Clear Port Advertise
Parameters port-string 10tfd Specifies the port(s) for which to set advertised ability. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. (Optional) Advertises 10BASE‐T half duplex mode. (Optional) Advertises 10BASE‐T full duplex mode. (Optional) Advertises 100BASE‐TX half duplex mode. (Optional) Advertises 100BASE‐TX full duplex mode. (Optional) Advertises 1000BASE‐X, ‐LX, ‐SX, ‐CX half duplex mode. (Optional) Advertises 1000BASE‐X, ‐LX, ‐SX, ‐CX full duplex mode. (Optional) Advertises 1000BASE‐T half duplex mode. (Optional) Advertises 1000BASE‐T full duplex mode. (Optional) Advertises PAUSE for full‐duplex links. (Optional) Advertises asymmetric PAUSE for full‐duplex links. (Optional) Advertises symmetric PAUSE for full‐duplex links. (Optional) Advertises asymmetric and symmetric PAUSE for full‐ duplex links Specifies port(s) for which advertised ability will be reset. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. (Optional) Clears 10BASE‐T half duplex mode from the port’s advertised ability. (Optional) Clears 10BASE‐T full duplex mode from the port’s advertised ability. Enterasys Matrix DFE-Gold Series Configuration Guide 4-35 Setting Auto-Negotiation and Advertised Ability...
Page 222 Setting Auto-Negotiation and Advertised Ability 100tx 100txfd 1000x 1000xfd 1000t 1000tfd pause apause spause bpause Defaults If not specified, all modes of advertised ability will be cleared. Mode Switch command, Read‐Write. Example This example shows how to reset all advertised ability to default settings on fe.3.4: Matrix(rw)->clear port advertise fe.3.4 4-36 Port Configuration (Optional) Clears 100BASE‐TX half duplex mode from the port’s advertised ability. (Optional) Clears 100BASE‐TX full duplex mode from the port’s advertised ability. (Optional) Clears 1000BASE‐X, ‐LX, ‐SX, ‐CX half duplex mode from the port’s advertised ability. (Optional) Clears 1000BASE‐X, ‐LX, ‐SX, ‐CX full duplex mode from the port’s advertised ability. (Optional) Clears 1000BASE‐T half duplex mode from the port’s advertised ability. (Optional) Clears 1000BASE‐T full duplex mode from the port’s advertised ability.
Page 223: Setting Flow Control
Enterasys Matrix DFE-Gold Series Configuration Guide 4-37 Setting Flow Control Refer to page... 4-37 4-38 RX Oper TX Pause Count RX Pause Count enabled...
Page 224: Set Port Flowcontrol
{receive | send | both}{enable | disable} Parameters port‐string receive | send | both enable | disable Defaults None. Mode Switch command, Read‐Write. Example This example shows how to enable ports fe.3.1 through 5 to send and receive flow control packets: Matrix(rw)->set port flowcontrol fe.3.1-5 both enable 4-38 Port Configuration What it displays... Port designation. For a detailed description of possible port-string values, refer to “Port String Syntax Used in the...
Page 225: Configuring Link Traps And Link Flap Detection
Use this command to display whether the port is enabled for generating an SNMP trap message if its link state changes. Syntax show port trap [port-string] Parameters port‐string Defaults If port‐string is not specified, the trap status for all ports will be displayed. (Optional) Displays link trap status for specific port(s). For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. Enterasys Matrix DFE-Gold Series Configuration Guide 4-39 Configuring Link Traps and Link Flap Detection Refer to page... 4-39 4-40 4-40 4-43 4-43 4-44 4-44 4-45...
Page 226: Set Port Trap
Configuring Link Traps and Link Flap Detection Mode Switch command, Read‐Write. Example This example shows how to display link trap status for fe.3.1 through 4: Matrix(rw)->show port trap fe.3.1-4 Link traps enabled on port fe.3.1. Link traps enabled on port fe.3.2. Link traps enabled on port fe.3.3. Link traps enabled on port fe.3.4. set port trap Use this command to enable or disable ports for sending SNMP trap messages when their link ...
Page 227 Matrix(rw)->show linkflap parameters Displays the global enable state of link flap detection. Displays the port enable state of link flap detection. Displays the current value of settable link flap detection parameters. Displays linkflap detection metrics. Displays ports which can support the link flap detection function. Displays link flap detection actions supported by system hardware. Displays the maximum allowed linkdowns per 10 seconds supported by system hardware. Displays ports disabled by link flap detection due to a violation. Displays linkflap actions taken on violating port(s). Displays whether linkflap has deactivated port(s). Displays the number of allowed link down transitions before action is taken. Displays the time period for counting link down transitions. Displays how long violating port(s) are deactivated. Displays how many linkdown transitions are in the current interval. Displays how many linkdown transitions have occurred since the last reset. Displays the time period since the last link down event or reset. Displays the number of link flap violations since the last reset. (Optional) Displays information for specific port(s). For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. Enterasys Matrix DFE-Gold Series Configuration Guide 4-41 Configuring Link Traps and Link Flap Detection...
Page 228: Show Linkflap Parameters Output Details
Configuring Link Traps and Link Flap Detection Linkflap Port Settable Parameter Table (X means error occurred) Port LF Status -------- --------- ge.1.1 disabled ge.1.2 enabled ge.1.3 disabled Table 4‐5 provides an explanation of the show linkflap parameters command output. Table 4-5 show linkflap parameters Output Details Output... Port LF Status Actions Threshold Interval...
Page 229: Set Linkflap Globalstate
{disable | enable} [port-string] Parameters disable | enable port‐string Defaults If port‐string is not specified, all ports will be disabled or enabled. Mode Switch command, Read‐Write. Example This example shows how to enable the link trap monitoring on all ports: Matrix(rw)->set linkflap portstate enable Globally disables or enables the link flap detection function. Disables or enables the link flap detection function. (Optional) Specifies the port(s) on which to disable or enable monitoring. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. Enterasys Matrix DFE-Gold Series Configuration Guide 4-43 Configuring Link Traps and Link Flap Detection...
Page 230: Set Linkflap Interval
Use this command to set the time interval (in seconds) for accumulating link down transitions. Syntax set linkflap interval port-string interval_value Parameters port‐string interval_value Defaults None. Mode Switch command, Read‐Write. Examples This example shows how to set the link flap interval on port fe.1.4 to 1000 seconds: Matrix(rw)->set linkflap interval fe.1.4 1000 set linkflap action Use this command to set reactions to a link flap violation. Syntax set linkflap action port-string {disableInterface | gensyslogentry | gentrap | all} Parameters port‐string...
Page 231: Clear Linkflap Action
Matrix(rw)->clear linkflap action all set linkflap threshold Use this command to set the link flap action trigger count. Syntax set linkflap threshold port-string threshold_value (Optional) Specifies the port(s) on which to clear the link flap action. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. Clears the reaction of: • Disabling the interface • Generating a Syslog entry • Generating an SNMP trap message, or • All of the above. Enterasys Matrix DFE-Gold Series Configuration Guide 4-45 Configuring Link Traps and Link Flap Detection...
Page 232: Set Linkflap Downtime
Configuring Link Traps and Link Flap Detection Parameters port‐string threshold_value Defaults None. Mode Switch command, Read‐Write. Examples This example shows how to set the link flap threshold on port fe.1.4 to 5: Matrix(rw)->set linkflap threshold fe.1.4 5 set linkflap downtime Use this command to set the time interval (in seconds) one or more ports will be held down after a link flap violation. Syntax set linkflap downtime port-string downtime_value Parameters port‐string downtime_value Defaults None. Mode Switch command, Read‐Write. Examples This example shows how to set the link flap downtime on port fe.1.4 to 5000 seconds:...
Page 233: Clear Linkflap Down
| downtime | all} Parameters all | stats parameter threshold | interval | downtime | all port‐string Defaults If port‐string is not specified, settings and/or statistics will be cleared on all ports. Mode Switch command, Read‐Write. Specifies the port(s) to make operational. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. Clears all options and statistics, or clears only statistics. Clears link flap parameters. Clears link flap threshold, interval, downtime or all parameters. (Optional unless parameter is specified) Specifies the port(s) on which to clear settings. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. Enterasys Matrix DFE-Gold Series Configuration Guide 4-47 Configuring Link Traps and Link Flap Detection...
Page 234 Configuring Link Traps and Link Flap Detection Examples This example shows how to clear all link flap options on port fe.1.4: Matrix(rw)->clear linkflap all fe.1.4 4-48 Port Configuration clear linkflap...
Page 235: Configuring Broadcast Suppression
Matrix(rw)->show port broadcast fe.2.2 Port ----------------------------------------------------------------------- fe.2.2 Table 4‐7 provides an explanation of the command output. (Optional) Displays broadcast status for specific port(s). For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. Total BC Threshold Packets (pkts/s) 148810 Enterasys Matrix DFE-Gold Series Configuration Guide 4-49 Configuring Broadcast Suppression Refer to page... 4-49 4-50 4-50 Peak Rate Peak Rate Time (pkts/s) (ddd:hh:mm:ss) 000:05:57:37...
Page 236: Set Port Broadcast
Read‐Write. Example This example shows how to set broadcast suppression to 800 packets per second on Fast Ethernet ports 1 through 5 in module 1: Matrix(rw)->set port broadcast fe.1.1-5 800 clear port broadcast Use this command to reset the broadcast threshold and/or clear the peak rate and peak time values on one or switch more ports. Syntax clear port broadcast port-string [threshold] [peak] 4-50 Port Configuration What it displays... Port designation. For a detailed description of possible port-string values, refer to “Port String Syntax Used in the Total broadcast packets received on this port.
Page 237 Parameters port-string threshold peak Defaults If not specified, both threshold and peak settings will be cleared. Mode Read‐Write. Example This example shows how to clear all broadcast suppression settings on Fast Ethernet ports 1 through 5 in module1: Matrix(rw)->clear port broadcast fe.1.1-5 Setting Port Mirroring Specifies the port(s) on which broadcast settings will be cleared. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. (Optional) Clears the broadcast threshold setting. (Optional) Clears the broadcast peak rate and peak rate time values. Enterasys Matrix DFE-Gold Series Configuration Guide 4-51 Configuring Broadcast Suppression...
Page 238: Configuring Port Mirroring
Configuring Port Mirroring Configuring Port Mirroring Caution: Port mirroring configuration should be performed only by personnel who are knowledgeable about the effects of port mirroring and its impact on network operation. The Matrix device allows you to mirror (or redirect) the traffic being switched on a port for the purposes of network traffic analysis and connection assurance. When port mirroring is enabled, one port becomes a monitor port for another port within the device. Supported Mirrors The following types of ports can participate in mirroring on the Matrix Series device: • Physical ports, including front panel and FTM‐1 ports • Virtual ports, including Link Aggregation Group (LAG) and host ports. For details on ...
Page 239: Set Port Mirroring
{ create | disable | enable} | igmp‐mcast {enable | disable} | | tx] Creates, disables or enables mirroring settings on the specified ports. Enables or disables the mirroring of IGMP multicast frames. Specifies the source port designation. This is the port on which the traffic will be monitored. For a description of port types that can participate in mirroring, refer to “Supported Mirrors” on page 4‐52. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. Specifies the target port designation. This is the port that will duplicate or “mirror” all the traffic on the monitored port. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. (Optional) Specifies that frames received and transmitted by the source port, only frames received, or only frames transmitted will be mirrored. Enterasys Matrix DFE-Gold Series Configuration Guide 4-53 Configuring Port Mirroring source...
Page 240: Clear Port Mirroring
Configuring Port Mirroring Defaults If not specified, both received and transmitted frames will be mirrored. Mode Switch command, Read‐Write. Examples This example shows how to enable port mirroring of transmitted and received frames with fe.1.4 as the source port and fe.1.11 as the target port: Matrix(rw)->set port mirroring enable fe.1.4 fe.1.11 both The following example command sequence creates a VLAN 1 and mirrors all VLAN 1 traffic, both inbound and outbound: Matrix(rw)->set vlan interface 1 create Matrix(rw)->set port mirroring create vlan.0.1 fe.1.1 both clear port mirroring Use this command to clear a port mirroring relationship. Syntax clear port mirroring {igmp-mcast | source destination} Parameters igmp‐mcast...
Page 241: Configuring Lacp
• Attaches the port to the aggregator used by the LAG, and detaches the port from the aggregator when it is no longer used by the LAG. • Uses information from the partner device’s link aggregation control entity to decide whether to aggregate ports. The operation of LACP involves the following activities: • Checking that candidate links can actually be aggregated. • Controlling the addition of a link to a LAG, and the creation of the group if necessary. • Monitoring the status of aggregated links to ensure that the aggregation is still valid. • Removing a link from a LAG if its membership is no longer valid, and removing the group if it no longer has any member links. In order to allow LACP to determine whether a set of links connect to the same device, and to determine whether those links are compatible from the point of view of aggregation, it is necessary to be able to establish • A globally unique identifier for each device that participates in link aggregation. Enterasys Matrix DFE-Gold Series Configuration Guide 4-55 Configuring LACP...
Page 242: Lacp Terminology
Table 4-8 LACP Terms and Definitions Term Aggregator LACPDU Actor and Partner Admin Key System Priority Matrix Series Usage Considerations In normal usage (and typical implementations) there is no need to modify any of the default LACP parameters on the Matrix Series device. The default values will result in the maximum number of aggregations possible. If the switch is placed in a configuration with its peers not running the protocol, no dynamic link aggregations will be formed and the switch will function normally (that is, will block redundant paths). For information about building static aggregations, refer to set lacp static (“set lacp static” on page 4‐62). Each Matrix Series module provides 4 virtual link aggregator ports, which are designated in the CLI as lag.0.1 through lag.0.4. Once underlying physical ports (i.e.; fe.x.x, or ge.x.x) are associated with an aggregator port, the resulting aggregation will be represented as one LAG with a lag.x.x port designation. LACP determines which underlying physical ports are capable of aggregating 4-56 Port Configuration Definition Virtual port that controls link aggregation for underlying physical ports. Each Matrix Series module provides aggregator ports, which are designated in the CLI as lag.0.1 through lag.0.4.
Page 243: Purpose
(“set lacp asyspri” on page 4-60), or the set port lacp command Enterasys Matrix DFE-Gold Series Configuration Guide 4-57 Configuring LACP (“set port lacp” Refer to page... 4-58 4-59...
Page 244: Show Lacp
Use this command to display the global LACP enable state, or to display information about one or more aggregator ports. Syntax show lacp [state | port-string] Parameters state port‐string Defaults • If state is not specified, aggregator information will be displayed for specified ports. • If port‐string is not specified, link aggregation information for all ports will be displayed. Mode Switch command, Read‐Only. Usage Each Matrix Series module provides 4 virtual link aggregator ports, which are designated in the CLI as lag.0.1 through lag.0.4. Once underlying physical ports (i.e.; fe.x.x, ge.x.x) are associated with an aggregator port, the resulting aggregation will be represented as one Link Aggregation Group (LAG) with a lag.x.x port designation. Example This example shows how to display information for aggregator port 4: Matrix(rw)->show lacp lag.0.484 Aggregator: lag.0.484 4-58 Port Configuration (Optional) Displays the global LACP enable state. (Optional) Displays LACP information for specific LAG port(s). Valid port designations are lag.0.1 ‐ 4.
Page 245: Set Lacp
Underlying physical ports associated with this aggregator. DFE-Gold Series devices allow for up to four ports per aggregator. Disables or enables LACP. Enterasys Matrix DFE-Gold Series Configuration Guide 4-59 Configuring LACP Partner 32768 32768 virtual (“set lacp...
Page 246: Clear Lacp State
Configuring LACP Mode Switch command, Read‐Write. Example This example shows how to disable LACP: Matrix(rw)->set lacp disable clear lacp state Use this command to reset LACP to the default state of enabled. Syntax clear lacp state Parameters None. Defaults None. Mode Switch command, Read‐Write. Example This example shows how to reset LACP to enabled Matrix(rw)->clear lacp state set lacp asyspri Use this command to set the LACP system priority. Syntax set lacp asyspri value Parameters asyspri value Defaults None. Mode Switch command, Read‐Write.
Page 247: Set Lacp Aadminkey
Parameters port‐string value Defaults None. Mode Switch command, Read‐Write. Example This example shows how to set the LACP admin key to 2000 for LAG port 4: Matrix(rw)->set lacp aadminkey lag.0.484 2000 clear lacp Use this command to clear LACP system priority or admin key settings. Syntax clear lacp {[asyspri] [aadminkey port-string]} Parameters asyspri aadminkey port‐string Clears admin keys for one or more ports. Specifies the LAG port(s) on which to assign an admin key. Specifies an admin key value to set. Valid values are 0 to 65535. Clears system priority. Enterasys Matrix DFE-Gold Series Configuration Guide 4-61 Configuring LACP...
Page 248: Set Lacp Static
Configuring LACP Defaults None. Mode Switch command, Read‐Write. Example This example shows how to clear the actor admin key for LAG port 4: Matrix(rw)->clear lacp aadminkey lag.0.484 set lacp static Use this command to assign one or more underlying physical ports to a Link Aggregation Group (LAG). Matrix DFE‐Gold Series devices allow for up to four ports per aggregator. Syntax set lacp static lagportstring [key] port‐string Parameters lagportstring port‐string Defaults If not specified, a key will be assigned according to the specified aggregator. For example a key of 4 would be assigned to lag.0.4. Mode Switch command, Read‐Write. Usage At least two ports need to be assigned to a LAG port for a Link Aggregation Group to form and attach to the specified LAG port. The same usage considerations for dynamic LAGs discussed in “Matrix Series Usage Considerations” on page 4‐56 apply to statically created LAGs. Static LAG configuration should be performed by personnel who are knowledgeable about Link Aggregation. Misconfiguration can result in LAGs not being formed, or in ports attaching to the wrong LAG port, affecting proper network operation. 4-62 Port Configuration Specifies the LAG aggregator port to which new ports will be assigned.
Page 249: Clear Lacp Static
Defaults None. Mode Switch command, Read‐Write. Example This example shows how to remove Fast Ethernet port 6 in module 1 from the LAG of aggregator port 4: Matrix(rw)->clear lacp static lag.0.484 fe.1.6 show lacp singleportlag Use this command to display the status of the single port LAG function. Syntax show lacp singleportlag Parameters None. Defaults None. Mode Switch command, Read‐Only. Specifies the LAG aggregator port from which ports will be removed. Specifies the port(s) to remove from the LAG. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. Enterasys Matrix DFE-Gold Series Configuration Guide 4-63 Configuring LACP...
Page 250: Set Singleportlag
Matrix(rw)->show lacp singleportlag Single Port LAGs: set singleportlag Use this command to enable or disable the formation of single port LAGs. When enabled, this maintains LAGs when only one port is receiving protocol transmissions from a partner. Syntax set lacp singleportlag {enable | disable} Parameters enable | disable Defaults None. Mode Switch command, Read‐Write. Example This example shows how to enable single port LAGs: Matrix(rw)->set lacp singleportlag enable clear singleportlag Use this command to reset the single port LAG function back to the default state of disabled. Syntax clear lacp singleportlag Parameters None. Defaults None.
Page 251: Show Port Lacp
PartnerAdminPortPriority: -----GlA PartnerOperPortPriority: -F----lA PartnerAdminKey: 00-e0-63-9d-b5-87 PartnerOperKey: none PartnerAdminState: none PartnerOperState: Detached PartnerAdminSystemID: port Disabled PartnerOperSystemID: Enterasys Matrix DFE-Gold Series Configuration Guide 4-65 Configuring LACP 1411 1411 32768 32768 32768 32768 1411 1411 --DCSGlp --DC-Glp 00-00-00-00-00-00 00-00-00-00-00-00 (“set port lacp” on page 4-66) and...
Page 252: Set Port Lacp
Configuring LACP Matrix(rw)->show port lacp port fe.1.12 status summary Port AggrActor System fe.1.12 none [(32768,00e0639db587,32768),(32768,000000000000, 1411)] This example shows how to display LACP counters for port fe.1.12: Matrix(rw)->show port lacp port fe.1.12 counters Port Instance: LACPDUsRx: LACPDUsTx: IllegalRx: UnknownRx: ActorSyncTransitionCount: ActorChangeCount: ActorChurnCount: ActorChurnState: MuxState: MuxReason: set port lacp Use this command to set link aggregation parameters for one or more ports. Syntax set port lacp port port-string {[aadminkey aadminkey] [aportpri aportpri] [asyspri asyspri] [aadminstate {lacpactive | lacptimeout | lacpagg | lacpsync | lacpcollect | lacpdist | lacpdef | lacpexpire}] [padminsyspri padminsyspri] [padminsysid...
Page 253 • lacpactive ‐ Transmitting LACP PDUs. • lacptimeout ‐ Transmitting LACP PDUs every 1 sec. vs 30 sec. (default). • lacpagg ‐ Aggregation on this port. • lacpsync ‐ Transition to synchronization state. • lacpcollect ‐ Transition to collection state. • lacpdist ‐ Transition to distribution state. • lacpdef ‐ Transition to defaulted state. • lacpexpire ‐ Transition to expired state. Sets a default value to use as the port’s partner priority. Valid values are 0 ‐ 65535, with lower values given higher priority. Sets a default value to use as the port’s partner system ID. This is a MAC address. with matching admin keys are allowed to aggregate. Valid values are 1 ‐ 65535. Sets a default value to use as the port’s partner port priority. Valid values are 0 ‐ 65535, with lower values given higher priority. Sets a default value to use as the port’s partner admin value. Valid values are 1 ‐ 65535. Sets a port’s partner LACP administrative state. See aadminstate for valid options. (Optional) Enables LACPDU processing on this port. (Optional) Disables LACPDU processing on this port. Enterasys Matrix DFE-Gold Series Configuration Guide 4-67 Configuring LACP...
Page 254: Clear Port Lacp
Configuring LACP partners maintain current status of the other via LACPDUs containing information about their ports’ LACP status and operational state. Example This example shows how to set the actor admin key to 3555 for port ge.3.16: Matrix(rw)->set port lacp ge.3.16 aadminkey 3555 clear port lacp Use this command to clear link aggregation settings for one or more ports. Syntax clear port lacp port port-string {[aadminkey] [aportpri] [asyspri] [aadminstate {lacpactive | lacptimeout | lacpagg | lacpsync | lacpcollect | lacpdist | lacpdef | lacpexpire | all}] [padminsyspri] [padminsysid] [padminkey] [padminportpri] [padminport] [padminstate {lacpactive | lacptimeout | lacpagg | lacpsync | lacpcollect | lacpdist | lacpdef | lacpexpire | all}]} Parameters...
Page 255: Show Lacp Flowregeneration
Parameters None. Defaults None. Mode Switch command, Read‐Only. Example This example shows how to display the current LACP flow regeneration state: Matrix(rw)->show lacp flowRegeneration disable set lacp flowRegeneration Use this command to enable or disable LACP flow regeneration. Syntax set lacp flowRegeneration {enable | disable} Parameters enable | disable Defaults None. Mode Switch command, Read‐Write. Enables or disables LACP flow regeneration Enterasys Matrix DFE-Gold Series Configuration Guide 4-69 Configuring LACP...
Page 256: Clear Lacp Flowregeneration
Example This example shows how to enable LACP flow regeneration: Matrix(rw)->set lacp flowRegeneration enable clear lacp flowRegeneration Use this command to reset LACP flow regeneration to its default state (disabled). Syntax clear lacp flowRegeneration Parameters None. Defaults None. Mode Switch command, Read‐Write. Example This example shows how to reset LACP flow regeneration to disabled: Matrix(rw)->clear lacp flowRegeneration show lacp outportAlgorithm Use this command to display the current LACP outport algorithm. Syntax show lacp outportAlgorithm Parameters None. Defaults None. Mode Switch command, Read‐Only.
Page 257: Set Lacp Outportalgorithm
Defaults None. Mode Switch command, Read‐Write. Example This example shows how to set the LACP outport algorithm to DA‐SA: Matrix(rw)->set lacp outportalgorithm da-sa clear lacp outportAlgorithm Use this command to reset LACP to DIP‐SIP, its default outport algorithm. Syntax clear lacp outportAlgorithm Parameters None. Defaults None. Mode Switch command, Read‐Write. Specifies that destination and source IP addresses will determine the LACP outport. Specifies that destination and source MAC addresses will determine the LACP outport. Specifies that the round‐robin algorithm will determine the LACP outport. Enterasys Matrix DFE-Gold Series Configuration Guide 4-71 Configuring LACP...
Page 258 Configuring LACP Example This example shows how to reset the LACP outport algorithm to DIP‐SIP: Matrix(rw)->clear lacp outportAlgorithm 4-72 Port Configuration clear lacp outportAlgorithm...
Page 259: Snmp Configuration Summary
Configuring SNMP Walk Behavior SNMP Configuration Summary SNMP is an application‐layer protocol that facilitates the exchange of management information between network devices. SNMP enables network administrators to manage network performance, find and solve network problems, and plan for network growth. Matrix Series devices support three versions of SNMP: • Version 1 (SNMPv1) — This is the initial implementation of SNMP. Refer to RFC 1157 for a full description of functionality. • Version 2 (SNMPv2c) — The second release of SNMP, described in RFC 1907, has additions and enhancements to data types, counter size, and protocol operations. • Version 3 (SNMPv3) — This is the most recent version of SNMP, and includes significant enhancements to administration and security. SNMPv3 is fully described in RFC 2571, RFC 2572, RFC 2573, RFC 2574, and RFC 2575. SNMP Configuration Refer to page... 5-10 5-18 5-22 5-26 5-29 5-33 5-41 Enterasys Matrix DFE-Gold Series Configuration Guide 5-1...
Page 260: Snmpv1 And Snmpv2C
SNMP Configuration Summary SNMPv1 and SNMPv2c The components of SNMPv1 and SNMPv2c network management fall into three categories: • Managed devices (such as a switch) • SNMP agents and MIBs, including SNMP traps, community strings, and Remote Monitoring (RMON) MIBs, which run on managed devices • SNMP network management applications, such as Enterasys NetSight, which communicate with agents to get statistics and alerts from the managed devices. SNMPv3 SNMPv3 is an interoperable standards‐based protocol that provides secure access to devices by authenticating and encrypting frames over the network. The advanced security features provided in SNMPv3 are as follows: • Message integrity — Collects data securely without being tampered with or corrupted. • Authentication — Determines the message is from a valid source.
Page 261: Using Snmp Contexts To Access Specific Mibs
Community string None User name None MD5 or SHA None MD5 or SHA Enterasys Matrix DFE-Gold Series Configuration Guide 5-3 SNMP Configuration Summary How It Works Uses a community string match for authentication. Uses a community string match for authentication.
Page 262: Basic Snmp Trap Configuration Command Set
SNMP Configuration Summary Note: This example illustrates how to configure an SNMPv2 trap notification. Creating an SNMPv1 or v3 Trap, or an SNMPv3 Inform notification would require using the same commands with different parameters, where appropriate. Always ensure that v1/v2 communities or v3 users used for generating traps or informs are pre-configured with enough privileges to access corresponding MIBs.
Page 263: Reviewing Snmp Statistics
Sends the trap notification message. Reviewing SNMP Statistics Purpose To review SNMP statistics. Commands For information about... show snmp engineid show snmp counters show snmp engineid Use this command to display the SNMP local engine ID. This is the SNMP v3 engine’s administratively unique identifier. Syntax show snmp engineid Parameters None. Reviewing SNMP Statistics Refer to page... Enterasys Matrix DFE-Gold Series Configuration Guide 5-5...
Page 264: Show Snmp Counters
Reviewing SNMP Statistics Defaults None. Mode Switch command, Read‐Only. Example This example shows how to display SNMP engine properties: Matrix(rw)->show snmp engineid EngineId: 80:00:15:f8:03:00:e0:63:9d:b5:87 Engine Boots Engine Time Max Msg Size Table 5‐3 shows a detailed explanation of the command output. Table 5-3 show snmp engineid Output Details Output... EngineId Engine Boots Engine Time Max Msg Size show snmp counters Use this command to display SNMP traffic counter values.
Page 265: Show Snmp Counters Output Details
Number of SNMP PDUs delivered to the SNMP protocol entity with the value of the error-status field as “badValue.” Number of valid SNMP PDUs delivered to the SNMP protocol entity with the value of the error-status field as “readOnly.” Enterasys Matrix DFE-Gold Series Configuration Guide 5-7 Reviewing SNMP Statistics...
Page 266 Reviewing SNMP Statistics Table 5-4 show snmp counters Output Details (continued) Output... snmpInGenErrs snmpInTotalReqVars snmpInTotalSetVars snmpInGetRequests snmpInGetNexts snmpInSetRequests snmpInGetResponses snmpInTraps snmpOutTooBigs snmpOutNoSuchNames snmpOutBadValues snmpOutGenErrs snmpOutGetRequests snmpOutGetNexts snmpOutSetRequests snmpOutGetResponses snmpOutTraps snmpSilentDrops snmpProxyDrops usmStatsUnsupportedSec Levels 5-8 SNMP Configuration What it displays... Number of SNMP PDUs delivered to the SNMP protocol entity with the value of the error-status field as “genErr.”...
Page 267 Number of packets received by the SNMP engine that were dropped because they did not contain the expected digest value. Number of packets received by the SNMP engine that were dropped because they could not be decrypted. Enterasys Matrix DFE-Gold Series Configuration Guide 5-9 Reviewing SNMP Statistics...
Page 268: Configuring Snmp Users, Groups And Communities
Configuring SNMP Users, Groups and Communities Configuring SNMP Users, Groups and Communities Purpose To review and configure SNMP users, groups and v1 and v2 communities. These are defined as follows: • User — A person registered in SNMPv3 to access SNMP management. • Group — A collection of users who share the same SNMP access privileges. • Community — A name used to authenticate SNMPv1 and v2 users. Commands For information about... show snmp user set snmp user clear snmp user show snmp group set snmp group clear snmp group show snmp community set snmp community...
Page 269: Show Snmp User Output Details
Type of authentication protocol applied to this user. Whether a privacy protocol is applied when authentication protocol is in use. Whether entry is stored in volatile, nonvolatile, or read-only memory. Status of this entry: active, notInService, or notReady. Enterasys Matrix DFE-Gold Series Configuration Guide 5-11...
Page 270: Set Snmp User
(Optional) Specifies a storage type for this user entry. Defaults • If remote is not specified, the user will be registered for the local SNMP engine. • If authentication is not specified, no authentication will be applied. • If privacy is not specified, no encryption will be applied. • If storage type is not specified, nonvolatile will be applied. Mode Switch command, Read‐Write. Example This example shows how to create a new SNMP user named “netops”. By default, this user will be registered on the local SNMP engine without authentication and encryption. Entries related to this user will be stored in permanent (nonvolatile) memory: Matrix(rw)->set snmp user netops clear snmp user Use this command to remove a user from the SNMPv3 security‐model list. Syntax clear snmp user user [remote remote] Parameters user remote remote 5-12 SNMP Configuration Specifies a name for the SNMPv3 user.
Page 271: Show Snmp Group
Example This example shows how to display SNMP group information: Matrix(rw)->show snmp group --- SNMP group information --- Security model Security/user name Group name Configuring SNMP Users, Groups and Communities (Optional) Displays information about users within the specified group. (Optional) Displays information about groups assigned to a specific security SNMP model. (Optional) Displays SNMP group information for a specified storage type. = SNMPv1 = public = Anyone Enterasys Matrix DFE-Gold Series Configuration Guide 5-13...
Page 272: Set Snmp Group
{v1 | v2c | usm} [volatile | nonvolatile] Parameters groupname user user security‐model v1 | v2c | usm volatile | nonvolatile Defaults If storage type is not specified, nonvolatile storage will be applied. Mode Switch command, Read‐Write. 5-14 SNMP Configuration = nonVolatile = active = SNMPv1 = public.router = Anyone = nonVolatile = active What it displays... SNMP version associated with this group.
Page 273: Clear Snmp Group
This example shows how to clear all settings assigned to the “public” user within the SNMP group “anyone”: Matrix(rw)->clear snmp group anyone public show snmp community Use this command to display SNMP community names and status. In SNMPv1 and v2, community names act as passwords to remote management. Syntax show snmp community [name] Parameters name Defaults If name is not specified, information will be displayed for all SNMP communities. Mode Switch command, Read‐Only. Configuring SNMP Users, Groups and Communities Specifies the SNMP group to be cleared. Specifies the SNMP user to be cleared. (Optional) Clears the settings associated with a specific security model. (Optional) Displays SNMP information for a specific community name. Enterasys Matrix DFE-Gold Series Configuration Guide 5-15...
Page 274: Set Snmp Community
[securityname securityname] [context context] [transport transport] [volatile | nonvolatile] Parameters community securityname securityname context context transport transport volatile | nonvolatile Defaults None. Mode Switch command, Read‐Write. 5-16 SNMP Configuration = public = public = nonVolatile = active Specifies a community group name. (Optional) Specifies an SNMP security name to associate with this community. Default: If no security name is specified, the community name is used. (Optional) Specifies a subset of management information this community will be allowed to access. Valid values are full or partial ...
Page 275: Clear Snmp Community
Matrix(rw)->set snmp community vip context router clear snmp community Use this command to delete an SNMP community name. Syntax clear snmp community name Parameters name Defaults None. Mode Switch command, Read‐Write. Example This example shows how to delete the community name “vip.” Matrix(rw)->clear snmp community vip Configuring SNMP Users, Groups and Communities Specifies the SNMP community name to clear. Enterasys Matrix DFE-Gold Series Configuration Guide 5-17...
Page 276: Configuring Snmp Access Rights
Configuring SNMP Access Rights Configuring SNMP Access Rights Purpose To review and configure SNMP access rights and assign viewing privileges and security levels to SNMP user groups. Commands For information about... show snmp access set snmp access clear snmp access set snmp timefilter break show snmp access Use this command to display access rights and security levels configured for SNMP one or more groups. Syntax show snmp access [groupname] [security-model {v1 | v2c | usm}] [noauthentication | authentication | privacy] [context context] [volatile | nonvolatile | read-only] Parameters groupname...
Page 277: Show Snmp Access Output Details
Name of the view that allows this group to configure the contents of the SNMP agent Name of the view that allows this group to send an SNMP trap message. Enterasys Matrix DFE-Gold Series Configuration Guide 5-19 Configuring SNMP Access Rights...
Page 278: Set Snmp Access
Configuring SNMP Access Rights Table 5-7 show snmp access Output Details (continued) Output... Context match Storage type Row status set snmp access Use this command to set an SNMP access configuration. Syntax set snmp access groupname security-model {v1 | v2c | usm} [noauthentication | authentication | privacy] [context context] [exact | prefix] [read read] [write write] [notify notify] [volatile | nonvolatile] Parameters groupname...
Page 279: Clear Snmp Access
Defaults • If security level is not specified, all levels will be cleared. • If context is not specified, none will be applied. Mode Switch command, Read‐Write. Example This example shows how to clear SNMP version 3 access for the “mis‐group” via the authentication protocol: Matrix(rw)->clear snmp access mis-group security-model usm authentication Specifies the name of the SNMP group for which to clear access. Specifies the security model to be cleared for the SNMP access group. (Optional) Clears a specific security level for the SNMP access group. (Optional) Clears a specific context for the SNMP access group. Enter / ‐ / to clear the default context. Enterasys Matrix DFE-Gold Series Configuration Guide 5-21 Configuring SNMP Access Rights...
Page 280: Configuring Snmp Mib Views
[viewname] [subtree oid-or-mibobject] [volatile | nonvolatile | read-only] Parameters viewname subtree oid‐or‐ mibobject volatile | nonvolatile | read‐only Defaults If no parameters are specified, all SNMP MIB view configuration information will be displayed. Mode Switch command, Read‐Only. Example This example shows how to display SNMP MIB view configuration information: Matrix(rw)->show snmp view --- SNMP MIB View information --- View Name Subtree OID Subtree mask 5-22 SNMP Configuration (Optional) Displays information for a specific MIB view. (Optional) Displays information for a specific MIB subtree when ...
Page 281: Show Snmp Context
Whether or not subtree use must be included or excluded for this view. Whether storage is in nonVolatile or Volatile memory Status of this entry: active, notInService, or notReady. Enterasys Matrix DFE-Gold Series Configuration Guide 5-23 Configuring SNMP MIB Views...
Page 282: Set Snmp View
Configuring SNMP MIB Views Mode Switch command, Read‐Only. Usage An SNMP context is a collection of management information that can be accessed by an SNMP agent or entity. The default context allows all SNMP agents to access all management information (MIBs). When created using the set snmp access command (“set snmp access” on page 5‐20), other contexts can be applied to limit access to a subset of management information and to permit SNMP access from one or more routing modules. Example This example shows how to display a list of all SNMP contexts known to the device: Matrix(rw)->show snmp context --- Configured contexts: default context (all mibs) router set snmp view Use this command to set a MIB configuration for SNMPv3 view‐based access (VACM). Syntax set snmp view viewname viewname subtree subtree [mask mask] [included | excluded]...
Page 283: Clear Snmp View
Matrix(rw)->set snmp view viewname public subtree 1.3.6.1 included clear snmp view Use this command to delete an SNMPv3 MIB view. Syntax clear snmp view viewname subtree Parameters viewname subtree Defaults None. Mode Switch command, Read‐Write. Example This example shows how to delete SNMP MIB view “public”: Matrix(rw)->clear snmp view public 1.3.6.1 Specifies the MIB view name to be deleted. Specifies the subtree name of the MIB view to be deleted. Enterasys Matrix DFE-Gold Series Configuration Guide 5-25 Configuring SNMP MIB Views...
Page 284: Configuring Snmp Target Parameters
[targetParams] [volatile | nonvolatile | read-only] Parameters targetParams volatile | nonvolatile | read‐only Defaults • If targetParams is not specified, entries associated with all target parameters will be displayed. • If not specified, entries of all storage types will be displayed. Mode Switch command, Read‐Only. Example This example shows how to display SNMP target parameters information: Matrix(rw)->show snmp targetparams --- SNMP TargetParams information --- Target Parameter Name Security Name Message Proc. Model Security Level 5-26 SNMP Configuration (Optional) Displays entries for a specific target parameter.
Page 285: Set Snmp Targetparams
Whether entry is stored in volatile, nonvolatile, or read-only memory. Status of this entry: active, notInService, or notReady. Specifies a name identifying parameters used to generate SNMP messages to a particular target. Specifies an SNMPv1 or v2 community name or an SNMPv3 user name. Maximum length is 32 bytes. Enterasys Matrix DFE-Gold Series Configuration Guide 5-27 Configuring SNMP Target Parameters...
Page 286: Clear Snmp Targetparams
(Optional) Specifies the storage type applied to this target parameter. Defaults None. • If not specified, security level will be set to noauthentication. • If not specified, storage type will be set to nonvolatile. Mode Switch command, Read‐Write. Example This example shows how to set SNMP target parameters named “v1ExampleParams” for a user named “fred” using version 3 security model and message processing, and authentication: Matrix(rw)->set snmp targetparams v1ExampleParams user fred security-model usm message-processing v3 authentication clear snmp targetparams Use this command to clear the SNMP target parameter configuration. Syntax clear snmp targetparams targetParams Parameters targetParams Defaults None.
Page 287: Configuring Snmp Target Addresses
Tag List IP Address UDP Port# Target Mask Timeout (Optional) Displays information for a specific target address name. (Optional) When target address is specified, displays target address information for a specific storage type. = labmachine = v2cTrap = 10.2.3.116 = 162 = 255.255.255.255 = 1500 Enterasys Matrix DFE-Gold Series Configuration Guide 5-29 Configuring SNMP Target Addresses Refer to page... 5-29 5-30 5-31...
Page 288: Set Snmp Targetaddr
Configuring SNMP Target Addresses Retry count Parameters Storage type Row status Table 5‐10 shows a detailed explanation of the command output. Table 5-10 show snmp targetaddr Output Details Output... Target Address Name Tag List IP Address UDP Port# Target Mask Timeout Retry count Parameters Storage type Row status set snmp targetaddr Use this command to configure an SNMP target address. ...
Page 289: Clear Snmp Targetaddr
Matrix(rw)->set snmp targetaddr tr 192.168.190.80 param v2cExampleParams taglist TrapSink clear snmp targetaddr Use this command to delete an SNMP target address entry. Syntax clear snmp targetaddr targetAddr Parameters targetAddr Defaults None. (Optional) Specifies a list of SNMP notify tag values. This tags a location to the target address as a place to send notifications. List must be enclosed in quotes and tag values must be separated by a space (i.e.: “tag 1 tag 2”) (Optional) Specifies temporary (default), or permanent storage for SNMP entries. Specifies the target address entry to delete. Enterasys Matrix DFE-Gold Series Configuration Guide 5-31 Configuring SNMP Target Addresses...
Page 290 Configuring SNMP Target Addresses Mode Switch command, Read‐Write. Example This example shows how to clear SNMP target address entry “tr”: Matrix(rw)->clear snmp targetaddr tr 5-32 SNMP Configuration clear snmp targetaddr...
Page 291: Configuring Snmp Notification Parameters
Use this command to display the SNMP notify configuration, which determines which management targets will receive SNMP notifications. Syntax show snmp notify [notify] [volatile | nonvolatile | read-only] Configuring SNMP Notification Parameters Refer to page... Enterasys Matrix DFE-Gold Series Configuration Guide 5-33 5-33 5-35 5-35 5-36 5-37 5-37 5-38 5-39...
Page 292: Show Snmp Notify Output Details
Configuring SNMP Notification Parameters Parameters notify volatile | nonvolatile | read‐only Defaults • If a notify name is not specified, all entries will be displayed. • If volatile, nonvolatile or read‐only are not specified, all storage type entries will be displayed. Mode Switch command, Read‐Only. Example This example shows how to display the SNMP notify information: Matrix(rw)->show snmp notify --- SNMP notifyTable information --- Notify name Notify Tag Notify Type Storage type Row status Notify name Notify Tag...
Page 293: Set Snmp Notify
Example This example shows how to set an SNMP notify configuration with a notify name of “hello” and a notify tag of “world”. Notifications will be sent as trap messages and storage type will automatically default to permanent: Matrix(rw)->set snmp notify hello tag world trap clear snmp notify Use this command to clear an SNMP notify configuration. Syntax clear snmp notify notify Parameters notify Specifies an SNMP notify name. Specifies an SNMP notify tag. This binds the notify name to the SNMP target address table. (Optional) Specifies SNMPv1 or v2 Trap messages (default) or SNMP v3 InformRequest messages. SNMP entries. Specifies an SNMP notify name to clear. Enterasys Matrix DFE-Gold Series Configuration Guide 5-35 Configuring SNMP Notification Parameters...
Page 294: Show Snmp Notifyfilter
Configuring SNMP Notification Parameters Defaults None. Mode Switch command, Read‐Write. Example This example shows how to clear the SNMP notify configuration for “hello”: Matrix(rw)->clear snmp notify hello show snmp notifyfilter Use this command to display SNMP notify filter information, identifying which profiles will not receive SNMP notifications. Syntax show snmp notifyfilter [profile] [subtree oid-or-mibobject] [volatile | nonvolatile | read-only] Parameters profile subtree oid‐or‐ mibobject volatile | nonvolatile | read‐only Defaults If no parameters are specified, all notify filter information will be displayed. Mode Switch command, Read‐Only.
Page 295: Set Snmp Notifyfilter
This example shows how to create an SNMP notify filter called “pilot1” with a MIB subtree ID of 1.3.6: Matrix(rw)->set snmp notifyfilter pilot1 subtree 1.3.6 clear snmp notifyfilter Use this command to delete an SNMP notify filter configuration. Syntax clear snmp notifyfilter profile subtree oid-or-mibobject Parameters profile subtree oid‐or‐ mibobject Specifies an SNMP filter notify name. Specifies a MIB subtree ID target for the filter. (Optional) Applies a subtree mask. (Optional) Specifies that subtree is included or excluded. Specifies an SNMP filter notify name to delete. Specifies a MIB subtree ID containing the filter to be deleted. Enterasys Matrix DFE-Gold Series Configuration Guide 5-37 Configuring SNMP Notification Parameters...
Page 296: Show Snmp Notifyprofile
Configuring SNMP Notification Parameters Defaults None. Mode Switch command, Read‐Write. Example This example shows how to delete the SNMP notify filter “pilot1”: Matrix(rw)->clear snmp notifyfilter pilot1 subtree 1.3.6 show snmp notifyprofile Use this command to display SNMP notify profile information. This associates target parameters to an SNMP notify filter to determine who should not receive SNMP notifications. Syntax show snmp notifyprofile [profile] [targetparam targetparam] [volatile | nonvolatile | read-only] Parameters profile targetparam targetparam volatile | nonvolatile | read‐only Defaults If no parameters are specified, all notify profile information will be displayed.
Page 297: Set Snmp Notifyprofile
Matrix(rw)->set snmp notifyprofile area51 targetparam v3ExampleParams clear snmp notifyprofile Use this command to delete an SNMP notify profile configuration. Syntax clear snmp notifyprofile profile targetparam targetparam Parameters profile targetparam targetparam Defaults None. Mode Switch command, Read‐Write. Specifies an SNMP filter notify name. Specifies an associated entry in the SNMP Target Params Table. Specifies an SNMP filter notify name to delete. Specifies an associated entry in the snmpTargetParamsTable. Enterasys Matrix DFE-Gold Series Configuration Guide 5-39 Configuring SNMP Notification Parameters...
Page 298 Configuring SNMP Notification Parameters Example This example shows how to delete SNMP notify profile “area51”: Matrix(rw)->clear snmp notifyprofile area51 targetparam v3ExampleParams 5-40 SNMP Configuration clear snmp notifyprofile...
Page 299: Configuring Snmp Walk Behavior
{enable | disable} Parameters enable disable Defaults Disabled. Mode Switch command, Read‐Write. Usage When an index contains a timestamp, by default the getNext walk continues to return values until the current time is reached, which may not ever occur, leaving the user with the impression that the walk is in a loop. Enabling this command will exit the walk after the first entry is returned. Examples This example enables the SNMP timestamp filter break for this router: Matrix(rw)->set snmp timefilter break enable Configures the MIB walk behavior to exit after the first entry is returned when the getNext object index contains a timestamp. Configures the MIB walk behavior to only exit when the current time is reached when the getNext object index contains a timestamp. Enterasys Matrix DFE-Gold Series Configuration Guide 5-41 Configuring SNMP Walk Behavior Refer to page... 5-41...
Page 300 Configuring SNMP Walk Behavior set snmp timefilter break 5-42 SNMP Configuration...
Page 301: Chapter 6: Spanning Tree Configuration
RSTP The IEEE 802.1w Rapid Spanning Protocol (RSTP), an evolution of 802.1D, can achieve much faster convergence than legacy STP in a properly configured network. RSTP significantly reduces the time to reconfigure the network’s active topology when physical topology or configuration parameter changes occur. It selects one switch as the root of a Spanning Tree‐connected active topology and assigns port roles to individual ports on the switch, depending on whether that port is part of the active topology. RSTP provides rapid connectivity following the failure of a switch, switch port, or a LAN. A new root port and the designated port on the other side of the bridge transition to forwarding through an explicit handshake between them. By default, user ports are configured to rapidly transition to forwarding in RSTP. MSTP The IEEE 802.1s Multiple Spanning Tree Protocol (MSTP) builds upon 802.1D and RSTP by optimizing utilization of redundant links between switches in a network. When redundant links exist between a pair of switches running single STP, one link is forwarding while the others are blocking for all traffic flowing between the two switches. The blocking links are effectively used only if the forwarding link goes down. MSTP assigns each VLAN present on the network to a particular Spanning Tree instance, allowing each switch port to be in a distinct state for each such instance: blocking for one Spanning Tree while forwarding for another. Thus, traffic associated with one set of VLANs can traverse a particular inter‐switch link, while traffic associated with another set of VLANs can be blocked on that link. If VLANs are assigned to Spanning Trees wisely, no inter‐switch link will be completely idle, maximizing network utilization. Spanning Tree Configuration Enterasys Matrix DFE-Gold Series Configuration Guide 6-1 Refer to page... 6-49 6-65...
Page 302: Spanning Tree Features
• Creating a single Spanning Tree from any arrangement of switching or bridging elements. • Compensating automatically for the failure, removal, or addition of any device in an active data path. • Achieving port changes in short time intervals, which establishes a stable active topology quickly with minimal network disturbance. • Using a minimum amount of communications bandwidth to accomplish the operation of the Spanning Tree Protocol. • Reconfiguring the active topology in a manner that is transparent to stations transmitting and receiving data packets. • Managing the topology in a consistent and reproducible manner through the use of Spanning Tree Protocol parameters. Loop Protect The Loop Protect feature prevents or short circuits loop formation in a network with redundant paths by requiring ports to receive type 2 BPDUs (RSTP/MSTP) on point‐to‐point inter‐switch links (ISLs) before their states are allowed to become forwarding. Further, if a BPDU timeout occurs on a port, its state becomes listening until a BPDU is received. Both upstream and downstream facing ports are protected. When a root or alternate port loses its path to the root bridge due to a message age expiration it takes on the role of designated port. It will not forward traffic until a BPDU is received. When a port is intended to be the designated port in an ISL it constantly proposes and will not forward until a BPDU is received, and will revert to listening if it fails to get a response. This protects against misconfiguration and protocol failure by the connected bridge. The Disputed BPDU mechanism protects against looping in situations where there is one way communication. A disputed BPDU is one in which the flags field indicates a designated role and learning and the priority vector is worse than that already held by the port. If a disputed BPDU is received, the port is forced to the listening state. When an inferior designated BPDU with the learning bit set is received on a designated port, its state is set to discarding to prevent loop formation. Note that the Dispute mechanism is always active regardless of the configuration setting of Loop Protection. Loop Protect operates as a per port, per MST instance feature. It should be set on inter‐switch links. It is comprised of several related functions: • Control of port forwarding state based on reception of agreement BPDUs •...
Page 303: Configuring Spanning Tree Bridge Parameters
Otherwise, the proper operation of the network could be at risk. Configuring Spanning Tree Bridge Parameters Purpose To display and set Spanning Tree bridge parameters, including device priorities, hello time, maximum wait time, forward delay, path cost, and topology change trap suppression. Note: The term “bridge” is used as an equivalent to the term “switch” or “device” in this document. Commands For information about... show spantree stats show spantree version...
Page 304 Configuring Spanning Tree Bridge Parameters For information about... clear spantree version show spantree stpmode set spantree stpmode clear spantree stpmode show spantree maxconfigurablestps set spantree maxconfigurablestps clear spantree maxconfigurablestps show spantree mstilist set spantree msti clear spantree msti show spantree mstmap set spantree mstmap clear spantree mstmap show spantree vlanlist...
Page 305 6-30 6-30 6-31 6-31 6-32 6-32 6-33 6-33 6-34 6-34 6-35 6-35 6-36 6-36 6-37 6-37 6-38 6-38 6-39 6-39 6-40 6-40 6-41 6-41 6-42 6-42 6-43 6-43 6-44 6-44 6-45 6-45 6-46 Enterasys Matrix DFE-Gold Series Configuration Guide 6-5...
Page 306: Show Spantree Stats
Defaults • If port‐string is not specified, Spanning Tree information for all ports will be displayed. • If sid is not specified, information for Spanning Tree 0 will be displayed. • If active is not specified information for all ports will be displayed regardless of whether or not they have received BPDUs. Mode Switch command, Read‐Only. Example This example shows how to display the device’s Spanning Tree configuration: Matrix(rw)->show spantree stats Spanning tree status Spanning tree instance Designated Root MacAddr Designated Root Priority Designated Root Cost Designated Root Port Root Max Age Root Hello Time...
Page 307: Show Spantree Output Details
This is a default value, or is assigned using the set spantree mashops command. For details, refer to spantree maxhops” on page 6-35. Enterasys Matrix DFE-Gold Series Configuration Guide 6-7 “set spantree priority” “set spantree “set spantree fwddelay”...
Page 308: Port-Specific Show Spantree Stats Output Details
Configuring Spanning Tree Bridge Parameters This example shows how to display port‐specific Spanning Tree information for port ge.1.1. Table 6‐2 describes the port‐specific information displayed. Matrix(rw)->show spantree stats port ge.1.1 Spanning tree status Spanning tree instance Designated Root MacAddr Designated Root Priority Designated Root Cost Designated Root Port Root Max Age Root Hello Time Root Forward Delay Bridge ID MAC Address Bridge ID Priority Bridge Max Age...
Page 309: Show Spantree Version
Use this command to set the version of the Spanning Tree protocol to MSTP (Multiple Spanning Tree Protocol), RSTP (Rapid Spanning Tree Protocol) or to STP 802.1D‐compatible. Syntax set spantree version {mstp | stpcompatible | rstp} Parameters mstp stpcompatible rstp Defaults None. Mode Switch command, Read‐Write. Usage In most networks, Spanning Tree version should not be changed from its default setting of mstp (Multiple Spanning Tree Protocol) mode. MSTP mode is fully compatible and interoperable with legacy STP 802.1D and Rapid Spanning Tree (RSTP) bridges. Setting the version to stpcompatible Sets the version to STP 802.1s‐compatible. Sets the version to STP 802.1D‐compatible. Sets the version to 802.1w‐compatible. Enterasys Matrix DFE-Gold Series Configuration Guide 6-9 Configuring Spanning Tree Bridge Parameters...
Page 310: Clear Spantree Version
Example This example shows how to globally change the Spanning Tree version from the default of MSTP to RSTP: Matrix(rw)->set spantree version rstp clear spantree version Use this command to reset the Spanning Tree version to MSTP mode. Syntax clear spantree version Parameters None. Defaults None. Mode Switch command, Read‐Write. Example This example shows how to reset the Spanning Tree version: Matrix(rw)->clear spantree version show spantree stpmode Use this command to display the Spanning Tree Protocol (STP) mode setting. Syntax show spantree stpmode Parameters None. Defaults None. Mode Switch command, Read‐Only.
Page 311: Set Spantree Stpmode
Defaults None. Mode Switch command, Read‐Write. Example This example shows how to disable Spanning Tree: Matrix(rw)->set spantree stpmode none clear spantree stpmode Use this command to reset the Spanning Tree protocol mode to the default setting of IEEE802.1. This re‐enables Spanning Tree. Syntax clear spantree stpmode Parameters None. Defaults None. Mode Switch command, Read‐Write. Disables Spanning Tree. Enables 802.1 Spanning Tree mode. Enterasys Matrix DFE-Gold Series Configuration Guide 6-11 Configuring Spanning Tree Bridge Parameters...
Page 312: Show Spantree Maxconfigurablestps
Matrix(rw)->clear spantree stpmode show spantree maxconfigurablestps Use this command to display the setting for the maximum number of user configurable Spanning Tree instances. Syntax show spantree maxconfigurablestps Parameters None. Defaults None. Mode Switch command, Read‐Only. Example This example shows how to display the STP maximum configs setting: Matrix(rw)->show spantree maxconfigurablestps Max user configurable stps is set to 33 set spantree maxconfigurablestps Use this command to set the maximum number of user configurable Spanning Tree instances. Syntax set spantree maxconfigurablestps numstps Parameters numstps Defaults None.
Page 313: Clear Spantree Maxconfigurablestps
Matrix(rw)->clearspantree maxconfigurablestps show spantree mstilist Use this command to display a list of Multiple Spanning Tree (MST) instances configured on the device. Syntax show spantree mstilist Parameters None. Defaults None. Mode Switch command, Read‐Only. Example This example shows how to display a list of MST instances. In this case, SID 2 has been configured: Matrix(rw)->show spantree mstilist Configured Multiple Spanning Tree instances: 2 Configuring Spanning Tree Bridge Parameters Enterasys Matrix DFE-Gold Series Configuration Guide 6-13...
Page 314: Set Spantree Msti
Use this command to create or delete a Multiple Spanning Tree instance. Syntax set spantree msti sid sid {create | delete} Parameters sid sid create | delete Defaults None. Mode Switch command, Read‐Write. Example This example shows how to create MST instance 2: Matrix(rw)->set spantree msti sid 2 create clear spantree msti Use this command to delete one or more Multiple Spanning Tree instances. Syntax clear spantree msti sid Parameters Defaults None.
Page 315: Show Spantree Mstmap
Use this command to map one or more filtering database IDs (FIDs) to a SID. Since VLANs are mapped to FIDs, this essentially maps one or more VLAN IDs to a Spanning Tree (SID). Syntax set spantree mstmap fid [sid sid] Parameters fid sid sid Defaults If sid is not specified, FID(s) will be mapped to Spanning Tree 0. Mode Switch command, Read‐Write. (Optional) Displays information for specific FIDs. Specifies one or more FIDs to assign to the MST. Valid values are 1 ‐ 4093, and must correspond to a VLAN ID created using the set vlan command as described in “set vlan” on page (Optional) Specifies a Multiple Spanning Tree ID. Valid values are 1 ‐ 4094, and must correspond to a SID created using the set msti command as described in “set spantree msti” on page 6‐14. Enterasys Matrix DFE-Gold Series Configuration Guide 6-15 Configuring Spanning Tree Bridge Parameters 7‐6.
Page 316: Clear Spantree Mstmap
Example This example shows how to map FID 3 to SID 2: Matrix(rw)->set spantree mstmap 3 sid 2 clear spantree mstmap Use this command to map a FID back to SID 0. Syntax clear spantree mstmap fid Parameters Defaults None. Mode Switch command, Read‐Write. Example This example shows how to map FID 2 back to SID 0: Matrix(rw)->clear spantree mstmap 2 show spantree vlanlist Use this command to display the VLAN ID(s) assigned to one or more Spanning Trees. Syntax show spantree vlanlist [vlan-list] Parameters vlan‐list Defaults If not specified, SID assignment will be displayed only for VLANs assigned to any SID other than ...
Page 317: Show Spantree Mstcfgid
MST Configuration Identifier: Format Selector: 0 Configuration Name: 00:01:f4:89:51:94 Revision Level: 0 Configuration Digest: ac:36:17:7f:50:28:3c:d4:b8:38:21:d8:ab:26:de:62 set spantree mstcfgid Use this command to set the MST configuration name and/or revision level. Syntax set spantree mstcfgid {cfgname name | rev level} Configuring Spanning Tree Bridge Parameters Enterasys Matrix DFE-Gold Series Configuration Guide 6-17...
Page 318: Clear Spantree Mstcfgid
Configuring Spanning Tree Bridge Parameters Parameters cfgname name rev level Defaults None. Mode Switch command, Read‐Write. Example This example shows how to set the MST configuration name to “mstconfig”: Matrix(rw)->set spantree mstconfigid cfgname mstconfig clear spantree mstcfgid Use this command to reset the MST revision level to a default value of 0, and the configuration name to a default string representing the bridge MAC address. Syntax clear spantree mstcfgid Parameters None. Defaults None. Mode Switch command, Read‐Write. Example This example shows how to reset the MST configuration identifier elements to default values: Matrix(rw)->clear spantree mstcfgid show spantree bridgeprioritymode Use this command to display the Spanning Tree bridge priority mode setting.
Page 319: Set Spantree Bridgeprioritymode
Parameters 8021d 8021t Defaults None. Mode Switch command, Read‐Write. Example This example shows how to set the bridge priority mode to 802.1D: Matrix(rw)->set spantree bridgeprioritymode 8021d clear spantree bridgeprioritymode Use this command to reset the Spanning Tree bridge priority mode to the default setting of 802.1t. Syntax clear spantree bridgeprioritymode Parameters None. Sets the bridge priority mode to use 802.1D (legacy) values of values, which are 0 ‐ 65535. Sets the bridge priority mode to use 802.1t values, which are 0 ‐ 61440, in increments of 4096. Values will be rounded up or down, depending on the 802.1t value to which the entered value is closest. Enterasys Matrix DFE-Gold Series Configuration Guide 6-19 Configuring Spanning Tree Bridge Parameters...
Page 320: Show Spantree Priority
Configuring Spanning Tree Bridge Parameters Defaults None. Mode Switch command, Read‐Write. Example This example shows how to reset the bridge priority mode to 802.1t: Matrix(rw)->clear spantree bridgeprioritymode show spantree priority Use this command to display the Spanning Tree bridge priority. Syntax show spantree priority [sid] Parameters Defaults If sid is not specified, priority will be shown for Spanning Tree 0. Mode Switch command, Read‐Only. Example This example shows how to show the bridge priority for Spanning Tree 0 Matrix(rw)->show spantree priority Bridge Priority is set to 4096 on sid 0 set spantree priority Use this command to set the device’s Spanning Tree priority. ...
Page 321 Bride Priority has been rounded down to 8192 from 10000 This example shows how to set the bridge priority to 1000 on all SIDs with 8021t priority mode enabled: Matrix(rw)->set spantree priority 1000 Bride Priority has been rounded down to 0 from 1000 Specifies the priority of the bridge. Valid values are from 0 to 65535, with the numerical value of 0 indicating highest priority and the numerical value 65535 indicating lowest priority. When 802.1t is selected as the bridge priority mode, as described in “set spantree bridgeprioritymode” on page 6‐19, values will be rounded up or down, depending on the 802.1t value to which the entered value is closest, in increments of 4096. (Optional) Sets the priority on a specific Spanning Tree. Valid values are 0 ‐ 4094. If not specified, SID 0 is assumed. Enterasys Matrix DFE-Gold Series Configuration Guide 6-21 Configuring Spanning Tree Bridge Parameters...
Page 322: Clear Spantree Priority
Configuring Spanning Tree Bridge Parameters clear spantree priority Use this command to reset the Spanning Tree priority to the default value of 32768. Syntax clear spantree priority [sid] Parameters Defaults If sid is not specified, priority will be reset on Spanning Tree 0. Mode Switch command, Read‐Write. Example This example shows how to reset the bridge priority on SID 1: Matrix(rw)->clear spantree priority 1 show spantree bridgehellomode Use this command to display the status of bridge hello mode on the device. Syntax show spantree bridgehellomode Parameters None. Defaults None. Mode Switch command, Read‐Only. Usage When enabled, a single bridge administrative hello time is being used. When disabled, per‐port ...
Page 323: Set Spantree Bridgehellomode
Mode Switch command, Read‐Write. Example This example shows how to disable single Spanning Tree hello mode on the device. Per‐port hello times can now be configured using the set spantree porthellomode command as described in “set spantree porthello” on page 6‐56: Matrix(rw)->set spantree bridgehellomode disable clear spantree bridgehellomode Use this command to reset the Spanning Tree administrative hello mode to enabled. Syntax clear spantree bridgehellomode Parameters None. Defaults None. Mode Switch command, Read‐Write. Enables single Spanning Tree bridge hello mode. Disables single Spanning Tree bridge hello mode, allowing for the configuration of per‐port hello times. Enterasys Matrix DFE-Gold Series Configuration Guide 6-23 Configuring Spanning Tree Bridge Parameters...
Page 324: Show Spantree Hello
Matrix(rw)->clear spantree bridgehellomode show spantree hello Use this command to display the Spanning Tree hello time. Syntax show spantree hello Parameters None. Defaults None. Mode Switch command, Read‐Only. Example This example shows how to display the Spanning Tree hello time: Matrix(rw)->show spantree hello Bridge Hello Time is set to 2 seconds set spantree hello Use this command to set the device’s Spanning Tree hello time. Syntax set spantree hello interval Parameters...
Page 325: Clear Spantree Hello
Use this command to display the Spanning Tree maximum aging time. Syntax show spantree maxage Parameters None. Defaults None. Mode Switch command, Read‐Only. Example This example shows how to display the Spanning Tree maximum aging time: Matrix(rw)->show spantree maxage Bridge Max Age Time is set to 20 seconds Configuring Spanning Tree Bridge Parameters Enterasys Matrix DFE-Gold Series Configuration Guide 6-25...
Page 326: Set Spantree Maxage
Configuring Spanning Tree Bridge Parameters set spantree maxage Use this command to set the bridge maximum aging time. Syntax set spantree maxage agingtime Parameters agingtime Defaults None Mode Switch command, Read‐Write. Usage Maximum aging time is the maximum time (in seconds) a device can wait without receiving a configuration message (bridge “hello”) before attempting to reconfigure. All device ports (except for designated ports) should receive configuration messages at regular intervals. Any port that ages out STP information provided in the last configuration message becomes the designated port for the attached LAN. If it is a root port, a new root port is selected from among the device ports attached to the network. Example This example shows how to set the maximum aging time to 25 seconds: Matrix(rw)->set spantree maxage 25 clear spantree maxage Use this command to reset the maximum aging time for a Spanning Tree to the default value. Syntax clear spantree maxage Parameters None.
Page 327: Show Spantree Fwddelay
Bridge Forward Delay is set to 15 seconds set spantree fwddelay Use this command to set the Spanning Tree forward delay. Syntax set spantree fwddelay delay Parameters delay Defaults None. Mode Switch command, Read‐Write. Usage Spanning Tree forward delay is the maximum time (in seconds) the root device will wait before changing states (that is, listening to learning to forwarding). This delay is required because every device must receive information about topology changes before it starts to forward frames. In Specifies the number of seconds for the bridge forward delay. Valid values are 4 ‐ 30. Enterasys Matrix DFE-Gold Series Configuration Guide 6-27 Configuring Spanning Tree Bridge Parameters...
Page 328: Clear Spantree Fwddelay
Example This example shows how to globally set the bridge forward delay to 16 seconds: Matrix(rw)->set spantree fwddelay 16 clear spantree fwddelay Use this command to reset the Spanning Tree forward delay to the default setting of 15 seconds. Syntax clear spantree fwddelay Parameters None. Defaults None. Mode Switch command, Read‐Write. Example This example shows how to globally reset the bridge forward delay: Matrix(rw)->clear spantree fwddelay show spantree autoedge Use this command to display the status of automatic edge port detection. Syntax show spantree autoedge Parameters None. Defaults None. Mode Switch command, Read‐Only.
Page 329: Set Spantree Autoedge
Mode Switch command, Read‐Write. Example This example shows how to disable automatic edge port detection: Matrix(rw)->set spantree autoedge disable clear spantree autoedge Use this command to reset automatic edge port detection to the default state of enabled. Syntax clear spantree autoedge Parameters None. Defaults None. Mode Switch command, Read‐Write. Example This example shows how to reset automatic edge port detection to enabled: Matrix(rw)->clear spantree autoedge Disables or enables automatic edge port detection. Enterasys Matrix DFE-Gold Series Configuration Guide 6-29 Configuring Spanning Tree Bridge Parameters...
Page 330: Show Spantree Legacypathcost
Configuring Spanning Tree Bridge Parameters show spantree legacypathcost Use this command to display the default Spanning Tree path cost setting. Syntax show spantree legacypathcost Parameters None. Defaults None. Mode Switch command, Read‐Only. Example This example shows how to display the default Spanning Tree path cost setting: Matrix(rw)->show spantree legacypathcost Legacy Path Cost is disabled set spantree legacypathcost Use this command to enable or disable legacy (802.1D) path cost values. Syntax set spantree legacypathcost {disable | enable} Parameters disable | enable...
Page 331: Clear Spantree Legacypathcost
Matrix(rw)->clear spantree legacypathcost show spantree tctrapsuppress Use this command to display the status of topology change trap suppression on Rapid Spanning Tree edge ports. Syntax show spantree tctrapsuppress Parameters None. Defaults None. Mode Switch command, Read‐Only. Example This example shows how to display the status of topology change trap suppression: Matrix(rw)->show spantree tctrapsuppress Topology change trap suppression is currently enabled. Configuring Spanning Tree Bridge Parameters Enterasys Matrix DFE-Gold Series Configuration Guide 6-31...
Page 332: Set Spantree Tctrapsuppress
Configuring Spanning Tree Bridge Parameters set spantree tctrapsuppress Use this command to disable or enable topology change trap suppression on Rapid Spanning Tree edge ports. Syntax set spantree tctrapsupress {disable | enable | edgedisable} Parameters disable | enable edgedisable Defaults None. Mode Switch command, Read‐Write. Usage By default, RSTP non‐edge (bridge) ports that transition to forwarding or blocking cause the switch to issue a topology change trap. When topology change trap suppression is enabled, which is the device default, edge ports (such as end station PCs) are prevented from sending topology change traps. This is because there is usually no need for network management to monitor edge port STP transition states, such as when PCs are powered on. When topology change trap suppression is disabled, all ports, including edge and bridge ports, will transmit topology change traps. Example This example shows how to allow Rapid Spanning Tree edge ports to transmit topology change traps: Matrix(rw)->set spantree tctrapsuppress disable clear spantree tctrapsuppress Use this command to clear topology change trap suppression settings.
Page 333: Show Spantree Txholdcount
Matrix(rw)->show spantree txholdcount Tx hold count = 3. set spantree txholdcount Use this command to set the maximum BPDU transmission rate. Syntax set spantree txholdcount txholdcount Parameters txholdcount Defaults None. Mode Switch command, Read‐Write. Usage Maximum BPDU transmission rate is the number of BPDUs which will be transmitted before transmissions are subject to a one‐second timer. Specifies the maximum number of BPDUs to be transmitted before transmissions are subject to a one‐second timer. Valid values are 1 ‐ 10. Default value is 6. Enterasys Matrix DFE-Gold Series Configuration Guide 6-33 Configuring Spanning Tree Bridge Parameters...
Page 334: Clear Spantree Txholdcount
Configuring Spanning Tree Bridge Parameters Example This example shows how to globally set the transmit hold count to 5: Matrix(rw)->set spantree txholdcount 5 clear spantree txholdcount Use this command to reset the transmit hold count to the default value of 6. Syntax clear spantree txholdcount Parameters None. Defaults None. Mode Switch command, Read‐Write. Example This example shows how to reset the transmit hold count: Matrix(rw)->clear spantree txholdcount show spantree maxhops Use this command to display the Spanning Tree maximum hop count. Syntax show spantree maxhops Parameters None. Defaults None. Mode Switch command, Read‐Only.
Page 335: Set Spantree Maxhops
Example This example shows how to set the maximum hop count to 40: Matrix(rw)->set spantree maxhops 40 clear spantree maxhops Use this command to reset the maximum hop count to the default value of 20. Syntax clear spantree maxhops Parameters None. Defaults None. Mode Switch command, Read‐Write. Example This example shows how to reset the maximum hop count to 20: Matrix(rw)->clear spantree maxhops Specifies the maximum number of hops allowed. Valid values are 0 to 255. Default value is 20. Enterasys Matrix DFE-Gold Series Configuration Guide 6-35 Configuring Spanning Tree Bridge Parameters...
Page 336: Show Spantree Spanguard
Configuring Spanning Tree Bridge Parameters show spantree spanguard Use this command to display the status of the Spanning Tree span guard function. Syntax show spantree spanguard Parameters None. Defaults None. Mode Switch command, Read‐Only. Example This example shows how to display the span guard function status: Matrix(rw)->show spantree spanguard spanguard is currently disabled. set spantree spanguard Use this command to enable or disable the Spanning Tree span guard function. Syntax set spantree spanguard {enable | disable} Parameters enable | disable...
Page 337: Clear Spantree Spanguard
Matrix(rw)->clear spantree spanguard show spantree spanguardtimeout Use this command to display the Spanning Tree span guard timeout setting. Syntax show spantree spanguardtimeout Parameters None. Defaults None. Mode Switch command, Read‐Only. Example This example shows how to display the span guard timeout setting: Matrix(rw)->show spantree spanguardtimeout spanguard timeout is set at 300 seconds. Configuring Spanning Tree Bridge Parameters Enterasys Matrix DFE-Gold Series Configuration Guide 6-37...
Page 338: Set Spantree Spanguardtimeout
Configuring Spanning Tree Bridge Parameters set spantree spanguardtimeout Use this command to set the amount of time (in seconds) an edge port will remain locked by the span guard function. Syntax set spantree spanguardtimeout timeout Parameters timeout Defaults None. Mode Switch command, Read‐Write. Example This example shows how to set the span guard timeout to 600 seconds: Matrix(rw)->set spantree spanguardtimeout 600 clear spantree spanguardtimeout Use this command to reset the Spanning Tree span guard timeout to the default value of 300 seconds. Syntax clear spantree spanguardtimeout Parameters None. Defaults None.
Page 339: Show Spantree Spanguardlock
/ set spantree spanguardlock Use either of these commands to unlock one or more ports locked by the Spanning Tree span guard function. Syntax clear spantree spanguardlock port-string set spantree spanguardlock port‐string Parameters port‐string Defaults None. Mode Switch command, Read‐Write. Usage When span guard is enabled, it locks ports that receive BPDUs when those ports have been defined as edge (user) ports (as described in “set spantree adminedge” on page 6‐60). Specifies the port(s) for which to show span guard lock status. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. Specifies port(s) to unlock. For a detailed description of possible port‐ string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. Enterasys Matrix DFE-Gold Series Configuration Guide 6-39 Configuring Spanning Tree Bridge Parameters...
Page 340: Show Spantree Spanguardtrapenable
Matrix(rw)->clear spantree spanguardlock fe.1.16 show spantree spanguardtrapenable Use this command to displays the state of the Spanning Tree span guard trap function. Syntax show spantree spanguardtrapenable Parameters None. Defaults None. Mode Switch command, Read‐Only. Example This example shows how to display the state of the span guard trap function: Matrix(rw)->show spantree spanguardtrapenable Span Guard Trap is set to enable set spantree spanguardtrapenable Use this command to enable or disable the sending of an SNMP trap message when span guard detects that an unauthorized port has tried to join the Spanning Tree. Syntax set spantree spanguardtrapenable {disable | enable} Parameters disable | enable...
Page 341: Clear Spantree Spanguardtrap Enable
Use this command to display the state of the Spanning Tree backup root function. Syntax show spantree backuproot [sid] Parameters Defaults If sid is not specified, status will be shown for Spanning Tree 0. Mode Switch command, Read‐Only. Example This example shows how to display the status of the backup root function on SID 0: Matrix(rw)->show spantree backuproot Backup Root is set to disable on sid 0 (Optional) Displays status for a specific Spanning Tree. Valid values are 0 ‐ 4094. If not specified, SID 0 is assumed. Enterasys Matrix DFE-Gold Series Configuration Guide 6-41 Configuring Spanning Tree Bridge Parameters...
Page 342: Set Spantree Backuproot
Configuring Spanning Tree Bridge Parameters set spantree backuproot Use this command to enable or disable the Spanning Tree backup root function. Syntax set spantree backuproot sid {enable | disable} Parameters enable | disable Defaults None. Mode Switch command, Read‐Write. Usage Enabled by default on bridge(s) directly connected to the root bridge, this prevents stale Spanning Tree information from circulating in the event the root bridge is lost. If this happens, the backup root will dynamically lower its bridge priority so that it will be selected as the new root over the lost root bridge. Example This example shows how to enable the backup root function on SID 2: Matrix(rw)->set spantree backuproot 2 enable clear spantree backuproot Use this command to reset the Spanning Tree backup root function to the default state of disabled. Syntax...
Page 343: Show Spantree Backuproottrapendable
Backup Root Trap is set to enable set spantree backuproottrapenable Use this command to enable or disable the Spanning Tree backup root trap function. Syntax set spantree backuproottrapenable {enable | disable} Parameters enable | disable Defaults None. Mode Switch command, Read‐Write. Usage When SNMP trap messageing is configured, this sends a trap message when the back up root function makes a Spanning Tree the new root of the network. Enables or disables the backup root trap function. Enterasys Matrix DFE-Gold Series Configuration Guide 6-43 Configuring Spanning Tree Bridge Parameters...
Page 344: Clear Spantree Backuproottrapenable
Example This example shows how to enable the backup root trap function: Matrix(rw)->set spantree backuproottrapenable enable clear spantree backuproottrapenable Use this command to resets the Spanning Tree backup root trap function to the default state of disabled. Syntax clear spantree backuproottrapenable. Parameters None. Defaults None. Mode Switch command, Read‐Write. Example This example shows how to reset the backup root trap function: Matrix(rw)->clear spantree backuproottrapenable show spantree newroottrapendable Use this command to display the state of the Spanning Tree new root trap function. Syntax show spantree newroottrapenable Parameters None. Defaults None. Mode Switch command, Read‐Only.
Page 345: Set Spantree Newroottrapenable
Example This example shows how to enable the new root trap function: Matrix(rw)->set spantree newroottrapenable enable clear spantree newroottrapenable Use this command to reset the Spanning Tree new root trap function back to the default state of enabled. Syntax clear spantree newroottrapenable Parameters None. Defaults None. Mode Switch command, Read‐Write. Example This example shows how to reset the new root trap function to enabled: Matrix(rw)->clear spantree newroottrapenable Enables or disables the backup root trap function. Enterasys Matrix DFE-Gold Series Configuration Guide 6-45 Configuring Spanning Tree Bridge Parameters...
Page 346: Clear Spantree Default
Configuring Spanning Tree Bridge Parameters clear spantree default Use this command to restore default values to a Spanning Tree. Syntax clear spantree default [sid] Parameters Defaults If sid is not specified, defaults will be restored on Spanning Tree 0. Mode Switch command, Read‐Write. Example This example shows how to restore Spanning Tree defaults on SID 1: Matrix(rw)->clear spantree default 1 show spantree debug Use this command to display Spanning Tree debug counters for one or more ports. Syntax show spantree debug [port port-string] [sid sid] [active] Parameters port port‐string sid sid...
Page 347 MST CIST TC BPDU Tx Count Configuring Spanning Tree Bridge Parameters - 379 - 16 - 335 - 81812 - 790319 - 2131 - 26623 - RootPort - 50263 - 47602 - 497 - 3325 Enterasys Matrix DFE-Gold Series Configuration Guide 6-47...
Page 348: Clear Spantree Debug
Configuring Spanning Tree Bridge Parameters clear spantree debug Use this command to clear Spanning Tree debug counters. Syntax clear spantree debug Parameters None. Defaults None. Mode Switch command, Read‐Write. Example This example shows how to clear Spanning Tree debug counters: Matrix(rw)->clear spantree debug 6-48 Spanning Tree Configuration clear spantree debug...
Page 349: Configuring Spanning Tree Port Parameters
Configuring Spanning Tree Port Parameters Refer to page... Enterasys Matrix DFE-Gold Series Configuration Guide 6-49 6-50 6-50 6-51 6-51 6-52 6-52 6-53...
Page 350: Show Spantree Portenable
Configuring Spanning Tree Port Parameters show spantree portenable Use this command to display the port status on one or more Spanning Tree ports. Syntax show spantree portenable [port port-string] Parameters port port‐string Defaults If port‐string is not specified, status will be displayed for all ports. Mode Switch command, Read‐Only. Example This example shows how to display status for port fe.1.12: Matrix(rw)->show spantree portenable port fe.1.12 Port fe.1.12 set spantree portenable Use this command to set the port status on one or more Spanning Tree ports. Syntax set spantree portenable port-string {enable | disable} Parameters port‐string...
Page 351: Clear Spantree Portenable
[port port-string] Parameters port port‐string Defaults If port‐string is not specified, status will be displayed for all ports. Mode Switch command, Read‐Only. Example This example shows how to display port admin status for fe.1.7: Matrix(rw)->show spantree portadmin port fe.1.7 Port fe.1.7 has portadmin set to enable Specifies port(s) to reset. For a detailed description of possible port‐ string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. (Optional) Displays status for specific port(s). For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. Enterasys Matrix DFE-Gold Series Configuration Guide 6-51 Configuring Spanning Tree Port Parameters...
Page 352: Set Spantree Portadmin
Configuring Spanning Tree Port Parameters set spantree portadmin Use this command to disable or enable the Spanning Tree algorithm on one or more ports. Syntax set spantree portadmin port-string {disable | enable} Parameters port‐string disable | enable Defaults None. Mode Switch command, Read‐Write. Example This example shows how to disable Spanning Tree on fe.1.5: Matrix(rw)->set spantree portadmin fe.1.5 disable clear spantree portadmin Use this command to reset the default Spanning Tree admin status to enable on one or more ports. Syntax clear spantree portadmin port-string Parameters port‐string Defaults None.
Page 353: Set Spantree Protomigration
[port port-string] [sid sid] Parameters port port‐string sid sid Defaults • If port‐string is not specified, current state will be displayed for all Spanning Tree ports. • If sid is not specified, current port state will be displayed for Spanning Tree 0. Mode Switch command, Read‐Only. Specifies the port(s) for which protocol migration mode will be enabled. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. Enables protocol migration mode. (Optional) Displays the Spanning Tree state for specific Spanning Tree port(s). For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. (Optional) Displays the state for a specific Spanning Tree identifier. Valid values are 0 ‐ 4094. If not specified, SID 0 is assumed. Enterasys Matrix DFE-Gold Series Configuration Guide 6-53 Configuring Spanning Tree Port Parameters...
Page 354: Show Spantree Blockedports
Matrix(rw)->show spantree portstate port fe.1.7 Port fe.1.7 has a Port State of Forwarding on SID 0 show spantree blockedports Use this command to display the blocked ports in a Spanning Tree. Syntax show spantree blockedports [sid] Parameters Defaults If sid is not specified, blocked ports will be displayed for Spanning Tree 0. Mode Switch command, Read‐Only. Usage A port in this state does not participate in the transmission of frames, thus preventing duplication arising through multiple paths existing in the active topology of the bridged LAN. It receives Spanning Tree configuration messages, but does not forward packets. Example This example shows how to display blocked ports on SID 1: Matrix(rw)->show spantree blockedports 1 Port --------- fe.1.1...
Page 355: Set Spantree Portpri
Defaults If sid is not specified, port priority will be set for Spanning Tree 0. Mode Switch command, Read‐Write. Example This example shows how to set the priority of fe.1.3 to 240 on SID 1. Matrix(rw)->set spantree portpri fe.1.3 240 sid 1: (Optional) Specifies the port(s) for which to display Spanning Tree priority. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. (Optional) Displays port priority for a specific Spanning Tree identifier. Valid values are 0 ‐ 4094. If not specified, SID 0 is assumed. Specifies the port(s) for which to set Spanning Tree port priority. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. Specifies a number that represents the priority of a link in a Spanning Tree bridge. Valid values are from 0 to 240 (in increments of 16) with 0 indicating high priority. (Optional) Sets port priority for a specific Spanning Tree identifier. Valid values are 0 ‐ 4094. If not specified, SID 0 is assumed. Enterasys Matrix DFE-Gold Series Configuration Guide 6-55 Configuring Spanning Tree Port Parameters...
Page 356: Clear Spantree Portpri
Configuring Spanning Tree Port Parameters clear spantree portpri Use this command to reset the bridge priority of a Spanning Tree port to a default value of 128. Syntax clear spantree portpri port-string [sid sid] Parameters port‐string sid sid Defaults If sid is not specified, port priority will be set for Spanning Tree 0. Mode Switch command, Read‐Write. Example This example shows how to reset the priority of fe.1.3 to 128 on SID 1: Matrix(rw)->clear spantree portpri fe.1.3 sid 1: set spantree porthello Use this command to set the hello time for one or more Spanning Tree ports. This is the time interval (in seconds) the port(s) will transmit BPDUs. Syntax set spantree porthello port-string interval Parameters port‐string...
Page 357: Clear Spantree Porthello
Matrix(rw)->clear spantree porthello fe.1.4 show spantree portcost Use this command to display cost values assigned to one or more Spanning Tree ports. Syntax show spantree portcost [port port-string] [sid sid] Parameters port port‐string sid sid Defaults • If port‐string is not specified, port cost will be displayed for all Spanning Tree ports. Specifies the port(s) for which to reset hello time. (Optional) Displays cost values for specific port(s). For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. (Optional) Displays port cost for a specific Spanning Tree identifier. Valid values are 0 ‐ 4094. If not specified, SID 0 will be assumed. Enterasys Matrix DFE-Gold Series Configuration Guide 6-57 Configuring Spanning Tree Port Parameters...
Page 358: Show Spantree Adminpathcost
Configuring Spanning Tree Port Parameters • If sid is not specified, port cost will be displayed for all Spanning Trees. Mode Switch command, Read‐Only. Example This example shows how to display the port cost for fe.2.5: Matrix(rw)->show spantree portcost port fe.2.5 Port fe.2.5 has a Port Path Cost of 2000000 on SID 0 show spantree adminpathcost Use this command to display the admin path cost for a port on one or more Spanning Trees. Syntax show spantree adminpathcost [port port-string] [sid sid] Parameters port port‐string...
Page 359: Clear Spantree Adminpathcost
[sid sid] Parameters port‐string sid sid Defaults If sid is not specified, admin path cost will be reset for Spanning Tree 0. Mode Switch command, Read‐Write. Specifies the port(s) on which to set an admin path cost. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. Specifies the port path cost. Va1id values are: • 0 ‐ 65535 if legacy path cost is enabled. • 0 ‐ 200000000 if legacy path cost is disabled. (Optional) Sets the admin path cost for a specific Spanning Tree identifier. Valid values are 0 ‐ 4094. If not specified, SID 0 will be assumed. Specifies the port(s) for which to reset admin path cost. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. (Optional) Resets the admin path cost for specific Spanning Tree(s). Valid values are 0 ‐ 4094. If not specified, SID 0 is assumed. Enterasys Matrix DFE-Gold Series Configuration Guide 6-59 Configuring Spanning Tree Port Parameters...
Page 360: Show Spantree Adminedge
Syntax show spantree adminedge [port port-string] Parameters port‐string Defaults If port‐string is not specified edge port administrative status will be displayed for all Spanning Tree ports. Mode Switch command, Read‐Only. Example This example shows how to display the edge port status for fe.3.2: Matrix(rw)->show spantree adminedge port fe.3.2 Port fe.3.2 has a Port Admin Edge of Edge-Port set spantree adminedge Use this command to set the edge port administrative status on a Spanning Tree port. Syntax set spantree adminedge port-string {true | false} Parameters port‐string...
Page 361: Clear Spantree Adminedge
This example shows how to reset fe.1.11 as a non‐edge port: Matrix(rw)->clear spantree adminedge fe.1.11 show spantree operedge Use this command to display the Spanning Tree edge port operating status for a port. Syntax show spantree operedge [port port-string] Parameters port port‐string Defaults If port‐string is not specified edge port operating status will be displayed for all Spanning Tree ports. Specifies port(s) on which to reset edge port status. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. (Optional) Displays edge port operating status for specific port(s). For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. Enterasys Matrix DFE-Gold Series Configuration Guide 6-61 Configuring Spanning Tree Port Parameters...
Page 362: Show Spantree Adminpoint
Configuring Spanning Tree Port Parameters Mode Switch command, Read‐Only. Example This example shows how to display the edge port status for fe.2.7: Matrix(rw)->show spantree operedge port fe.2.7 Port fe.2.7 has a Port Oper Edge of Edge-Port show spantree adminpoint Use this command to display the administrative point‐to‐point status of the LAN segment attached to a Spanning Tree port. Syntax show spantree adminpoint [port port-string] Parameters port port‐string Defaults If port‐string is not specified, status will be displayed for all Spanning Tree port(s). Mode Switch command, Read‐Only.
Page 363: Set Spantree Adminpoint
{true | false | auto} Parameters port‐string true | false | auto Defaults None. Mode Switch command, Read‐Write. Example This example shows how to set the LAN attached to fe.1.3 as a point‐to‐point segment: Matrix(rw)->set spantree adminpoint fe.1.3 true Specifies the port on which to set point‐to‐point protocol status. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. Specifies the point‐to‐point status of the LAN attached to the specified port. • true forces the port to be considered point‐to‐point. • false forces the port to be considered non point‐to‐point. • auto (the default setting) allows the firmware to determine the port’s point‐to‐point status. Enterasys Matrix DFE-Gold Series Configuration Guide 6-63 Configuring Spanning Tree Port Parameters...
Page 364: Clear Spantree Adminpoint
Configuring Spanning Tree Port Parameters clear spantree adminpoint Use this command to reset the administrative point‐to‐point status of the LAN segment attached to a Spanning Tree port to auto mode. Syntax clear spantree adminpoint port-string Parameters port‐string Defaults None. Mode Switch command, Read‐Write. Example This example shows how to reset point‐to‐point status to auto on fe.2.3: Matrix(rw)->clear spantree adminpoint fe.2.3 6-64 Spanning Tree Configuration Specifies port(s) on which to reset point‐to‐point protocol status. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. clear spantree adminpoint...
Page 365: Purpose
Use this command to enable or disable the Loop Protect feature per port and optionally, per SID. Syntax set spantree lp port-string {enable | disable} [sid sid] Configuring Spanning Tree Loop Protect Features 2. for more information about the Loop Refer to page... Enterasys Matrix DFE-Gold Series Configuration Guide 6-65 6-65 6-66 6-67 6-67 6-68 6-69 6-70...
Page 366: Show Spantree Lp
Configuring Spanning Tree Loop Protect Features Parameters port‐string enable | disable sid sid Defaults If no SID is specified, SID 0 is assumed. Mode Switch command, Read‐Write. Usage The Loop Protect feature is disabled by default. See “Loop Protect” on page 2. for more information. Loop Protect takes precedence over per port STP enable/disable (portAdmin). Normally portAdmin disabled would cause a port to go immediately to forwarding. If Loop Protect is enabled, that port should go to listening and remain there. Note: The Loop Protect enable/disable settings for an MSTI port should match those for the CIST port. Example This example shows how to enable Loop Protect on fe.2.3: Matrix(rw)->set spantree lp enable fe.2.3...
Page 367: Clear Spantree Lp
Matrix(rw)->clear spantree lp port fe.2.3 show spantree lplock Use this command to display the Loop Protect lock status per port and/or per SID. Syntax show spantree lplock [port port-string] [sid sid] , SID 0 port-string [sid sid] Specifies port(s) for which to clear the Loop Protect feature status. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. (Optional) Specifies the specific Spanning Tree(s) for which to clear the Loop Protect feature status. Valid values are 0 ‐ 4094. If not specified, SID 0 is assumed. Enterasys Matrix DFE-Gold Series Configuration Guide 6-67 Configuring Spanning Tree Loop Protect Features...
Page 368: Clear Spantree Lplock
Configuring Spanning Tree Loop Protect Features Parameters port‐string sid sid Defaults If no port‐string is specified, status is displayed for all ports. If no SID is specified, SID 0 is assumed. Mode Switch command, Read‐Only. Usage A port can become locked if a configured number of Loop Protect events occur during the configured window of time. See the set spantree lpthreshold and set spantree lpwindow commands. Once a port is forced into blocking (locked), it remains locked until manually unlocked with the clear spantree lplock command. Example This example shows how to display Loop Protect lock status on ge.1.1: Matrix(rw)->show spantree lplock port ge.1.1 LoopProtect Lock status for port ge.1.1 clear spantree lplock Use this command to manually unlock a blocked port and optionally, per SID. Syntax clear spantree lplock port-string [sid sid] Parameters port‐string...
Page 369: Set Spantree Lpcapablepartner
This type of timeout will not be considered a loop protection event. Loop protection is maintained by keeping the port from forwarding but since this is not considered a loop event it will not be factored into locking the port. See “Loop Protect” on page 2. for more information. Example This example shows how to set the Loop Protect capable partner to true for ge.1.1: Matrix(rw)->set spantree lpcapablepartner ge.1.1 true Configuring Spanning Tree Loop Protect Features , SID 0 , SID 0 Specifies port(s) for which to configure a Loop Protect capable link partner. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. Specifies whether the link partner is capable (true) or not (false). Enterasys Matrix DFE-Gold Series Configuration Guide 6-69 is LOCKED. is UNLOCKED.
Page 370: Show Spantree Lpcapablepartner
Configuring Spanning Tree Loop Protect Features show spantree lpcapablepartner Use this command to the Loop Protect capability of a link partner for one or more ports. Syntax show spantree lpcapablepartner [port port-string] Parameters port‐string Defaults If no port‐string is specified, Loop Protect capability for link partners is displayed for all ports. Mode Switch command, Read‐Only. Example This example shows how to display the Loop Protect partner capability for ge.1.1: Matrix(rw)->show spantree lpcapablepartner port ge.1.1 Link partner of port ge.1.1 clear spantree lpcapablepartner Use this command to reset the Loop Protect capability of port link partners to the default state of false. Syntax clear spantree lpcapablepartner port-string Parameters port‐string...
Page 371: Set Spantree Lpthreshold
The LoopProtect event threshold is a global integer variable that provides protection in the case of intermittent failures. The default value is 3. If the event counter reaches the threshold within a given period (the event window), then the port, for the given SID, becomes locked (that is, held indefinitely in the blocking state). If the threshold is 0, the ports are never locked. Example This example shows how to set the Loop Protect threshold value to 4: Matrix(rw)->set spantree lpthreshold 4 show spantree lpthreshold Use this command to display the current value of the Loop Protect event threshold. Syntax show spantree lpthreshold Parameters None. Defaults None. Mode Switch command, Read‐Only. Configuring Spanning Tree Loop Protect Features Specifies the number of events that must occur during the event window in order to lock a port/SID. The default value is 3 events. A threshold of 0 specifies that ports will never be locked. Enterasys Matrix DFE-Gold Series Configuration Guide 6-71...
Page 372: Clear Spantree Lpthreshold
Matrix(rw)->show spantree lpthreshold LoopProtect event threshold is set to 4 clear spantree lpthreshold Use this command to return the Loop Protect event threshold to its default value of 3. Syntax clear spantree lpthreshold Parameters None. Defaults None. Mode Switch command, Read‐Write. Example This example shows how to reset the Loop Protect event threshold to the default of 3: Matrix(rw)->clear spantree lpthreshold set spantree lpwindow Use this command to set the Loop Protect event window value in seconds. Syntax set spantree lpwindow value Parameters value Defaults None. ...
Page 373: Show Spantree Lpwindow
Example This example shows how to display the current Loop Protect window value: Matrix(rw)->show spantree lpwindow LoopProtect event window is set to 120 seconds clear spantree lpwindow Use this command to reset the Loop Protect event window to the default value of 180 seconds. Syntax clear spantree lpwindow Parameters None. Defaults None. Mode Switch command, Read‐Write. Configuring Spanning Tree Loop Protect Features Enterasys Matrix DFE-Gold Series Configuration Guide 6-73...
Page 374: Set Spantree Lptrapenable
Example This example shows how to reset the Loop Protect event window to the default of 180 seconds: Matrix(rw)->clear spantree lpwindow set spantree lptrapenable Use this command to enable or disable Loop Protect event notification. Syntax set spantree lptrapenable {enable | disable} Parameters enable | disable Defaults None. Mode Switch command, Read‐Write. Usage Loop Protect traps are sent when a Loop Protect event occurs, that is, when a port goes to listening due to not receiving BPDUs. The trap indicates port, SID and loop protection status. Example This example shows how to enable sending of Loop Protect traps: Matrix(rw)->set spantree lptrapenable enable show spantree lptrapenable Use this command to display the current status of Loop Protect event notification. Syntax show spantree lptrapenable Parameters None.
Page 375: Clear Spantree Lptrapenable
Parameters value Defaults None. Mode Switch command, Read‐Write. Configuring Spanning Tree Loop Protect Features Specifies the number of disputed BPDUs that must be received on a given port/SID to cause a disputed BPDU trap to be sent. A threshold of 0 indicates that traps should not be sent. The default value is 0. Enterasys Matrix DFE-Gold Series Configuration Guide 6-75...
Page 376: Show Spantree Disputedbpduthreshold
Matrix(rw)->set spantree disputedbpduthreshold 5 show spantree disputedbpduthreshold Use this command to display the current value of the disputed BPDU threshold. Syntax show spantree disputedbpduthreshold Parameters None. Defaults None. Mode Switch command, Read‐Only. Example This example shows how to display the current disputed BPDU threshold: Matrix(rw)->show spantree disputedbpduthreshold Disputed BPDU threshold is set to 0 clear spantree disputedbpduthreshold Use this command to return the disputed BPDU threshold to its default value of 0, meaning that disputed BPDU traps should not be sent. Syntax clear spantree disputedbpduthreshold 6-76 Spanning Tree Configuration...
Page 377: Show Spantree Nonforwardingreason
Matrix(rw)->show spantree nonforwardingreason port ge.1.1 Port ge.1.1 has not been placed in a non-forwarding state on SID 0 due to any exceptional condition. Configuring Spanning Tree Loop Protect Features (Optional) Specifies port(s) for which to display the non‐forwarding reason. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. (Optional) Specifies the specific Spanning Tree(s) for which to display the non‐forwarding reason. Valid values are 0 ‐ 4094. If not specified, SID 0 is assumed. Enterasys Matrix DFE-Gold Series Configuration Guide 6-77...
Page 378 Configuring Spanning Tree Loop Protect Features show spantree nonforwardingreason 6-78 Spanning Tree Configuration...
Page 379: Vlan Configuration Summary
Assigning Port VLAN IDs (PVIDs) and Ingress Filtering Configuring the VLAN Egress List Enabling/Disabling GVRP VLAN Configuration Summary Virtual LANs allow the network administrator to partition network traffic into logical groups and control the flow of that traffic through the network. Once the traffic and, in effect, the users creating the traffic, are assigned to a VLAN, then broadcast and multicast traffic is contained within the VLAN and users can be allowed or denied access to any of the network’s resources. Also, some or all of the ports on the device can be configured as GVRP ports, which enable frames received with a particular VLAN ID and protocol to be transmitted on a limited number of ports. This keeps the traffic associated with a particular VLAN and protocol isolated from the other parts of the network. 802.1Q VLAN Configuration Enterasys Matrix DFE-Gold Series Configuration Guide 7-1 Refer to page... 7-17 7-22...
Page 380: Port Assignment Scheme
About PVIDs and Policy Classification to a VLAN Port VLAN IDs (PVIDs) assign VLAN IDs to untagged frames on one or more ports. Using the set port vlan command as described in “set port vlan” on page 7‐10, you can, for example, assign ports 1, 5, 8, and 9 to VLAN 3. Untagged frames received on those ports will be assigned to VLAN 3. (By default, all ports are members of VLAN ID 1, the default VLAN.) Policy classification to a VLAN, as described in Chapter precedence over PVID assignment if: • Policy classification is configured to a VLAN as described in “set policy rule” on page 8‐13, • PVID override has been enabled for a policy profile, and assigned to port(s) associated with the PVID as described in “set policy profile” on page 8‐3. For more information about configuring user policy profiles, including PVID override, protocol‐ based policy classification a VLAN or Class of Service, and assigning ports to policy profiles, refer to Chapter Creating a Secure Management VLAN If the Matrix Series device is to be configured for multiple VLAN’s, it may be desirable to configure a management‐only VLAN. This allows a station connected to the management VLAN to manage the device. It also makes management secure by preventing configuration via ports assigned to other VLANs. To create a secure management VLAN, you must: Create a new VLAN. (“set vlan” on page 7‐6) Set the PVID for the host port and the desired switch port to the VLAN created in Step 1. (“set port vlan” on page 7‐10) 7-2 802.1Q VLAN Configuration 8, “set policy rule” on page 8‐13, takes ...
Page 381: Reviewing Existing Vlans
2 host.0.1; fe.1.1 2 untagged egress” on page 7-18) set snmp community private (“set snmp page 5-16) (Optional) show snmp community (“show snmp community” on page 5-15) Refer to page... Enterasys Matrix DFE-Gold Series Configuration Guide 7-3 vlan” on (“set vlan community” on...
Page 382: Show Vlan Output Details
Reviewing Existing VLANs Parameters static vlan‐list Defaults If no options are specified, all information related to static and dynamic VLANs will be displayed. Mode Switch command, Read‐Only. Example This example shows how to display information for VLAN 1. In this case, VLAN 1 is named “DEFAULT VLAN” and it is enabled to operate. Ports allowed to transmit frames belonging to VLAN 1 are listed as egress ports. Ports that won’t include a VLAN tag in their transmitted frames are listed as untagged ports. There are no forbidden ports (prevented from transmitted frames) on VLAN 1: Matrix(rw)->show vlan 1 VLAN: 1 VLAN Type: Permanent Creation Time: 4 days 9 hours 4 minutes 50 seconds ago Egress Ports host.0.1, fe.1.1-10, ge.2.1-4, fe.3.1-7, lag.0.1-32 Forbidden Egress Ports None.
Page 383 Table 7-2 show vlan Output Details (continued) Output... Forbidden Egress Ports Untagged Ports What it displays... Ports prevented from transmitted frames for this VLAN. Ports configured to transmit untagged frames for this VLAN. Enterasys Matrix DFE-Gold Series Configuration Guide 7-5 Reviewing Existing VLANs...
Page 384: Creating And Naming Static Vlans
Use this command to create a new static IEEE 802.1Q VLAN, or to enable or disable an existing VLAN. Syntax set vlan {create | enable | disable} vlan‐list Parameters create | enable | disable vlan‐list Defaults None. Mode Switch command, Read‐Write. Usage Each VLAN ID must be unique. If a duplicate VLAN ID is entered, the device assumes that the Administrator intends to modify the existing VLAN. Enter the VLAN ID using a unique number between 2 and 4094. The VLAN IDs of 0, 1, and 4094 and higher may not be used for user‐defined VLANs. Once a VLAN is created, you can assign it a name using the set vlan name command described in “set vlan name” on page 7‐7. 7-6 802.1Q VLAN Configuration Creates, enables or disables VLAN(s). Specifies one or more VLAN IDs to be created, enabled or disabled. set vlan Refer to page...
Page 385: Set Vlan Name
Defaults None. Mode Switch command, Read‐Write. Example This example shows how to set the name for VLAN 7 to green: Matrix(rw)->set vlan name 7 green clear vlan Use this command to remove a static VLAN from the list of VLANs recognized by the device. Syntax clear vlan vlan-list Parameters vlan‐list Defaults None. Mode Switch command, Read‐Write. Specifies the VLAN ID of the VLAN(s) to be named. Specifies the string used as the name of the VLAN (1 to 32 characters). Specifies the VLAN ID of the VLAN(s) to be removed. Enterasys Matrix DFE-Gold Series Configuration Guide 7-7 Creating and Naming Static VLANs...
Page 386: Clear Vlan Name
Creating and Naming Static VLANs Example This example shows how to remove a static VLAN 9 from the device’s VLAN list: Matrix(rw)->clear vlan 9 clear vlan name Use this command to remove the name of a VLAN from the VLAN list. Syntax clear vlan name vlan-list Parameters vlan‐list Defaults None. Mode Switch command, Read‐Write. Example This example shows how to clear the name for VLAN 9: Matrix(rw)->clear vlan name 9 7-8 802.1Q VLAN Configuration Specifies the VLAN ID of the VLAN(s) for which the name will be cleared. clear vlan name...
Page 387: Assigning Port Vlan Ids (Pvids) And Ingress Filtering
[port-string] Parameters port‐string Defaults If port ‐string is not specified, port VLAN information for all ports will be displayed. Mode Switch command, Read‐Only. Assigning Port VLAN IDs (PVIDs) and Ingress Filtering (Optional) Displays PVID information for specific port(s). For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. Enterasys Matrix DFE-Gold Series Configuration Guide 7-9 Refer to page... 7-10 7-11 7-11 7-12 7-13 7-13 7-14 7-15 7-15...
Page 388: Set Port Vlan
1 fe.2.6 is set to 1 set port vlan Use this command to configure the PVID (port VLAN identifier) for one or more ports. Syntax set port vlan Parameters port‐string pvid modify‐egress | no‐ modify‐egress Defaults If not specified, the egress list will be modified. Mode Switch command, Read‐Write. Usage For information on how to configure protocol‐based policy classification to a VLAN, including how to configure a VLAN policy to override PVID, refer to Chapter The PVID is used to classify untagged frames as they ingress into a given port. If the specified VLAN has not already been created, this command will create it. It will prompt the user to add the VLAN to the port’s egress list as untagged, and remove the default VLAN from the port’s egress list. 7-10 802.1Q VLAN Configuration port‐string pvid [ modify-egress | no‐modify‐egress] Specifies the port(s) for which to configure a VLAN identifier. For a detailed description of possible port‐string values, refer to “Port String ...
Page 389: Clear Port Vlan
This example shows how to reset the Fast Ethernet ports 3 and 11 in module1 to a VLAN ID of 1 (Host VLAN): Matrix(rw)->clear port vlan fe.1.3,fe.1.11 show vlan interface Use this command to display the MIB‐II interface entry mapped to a VLAN. Syntax show vlan interface [vlan-list] Parameters vlan‐list Defaults If vlan‐list is not specified, MIB2 interface entries will be displayed for all VLANs. Assigning Port VLAN IDs (PVIDs) and Ingress Filtering Specifies the port(s) to be reset to the host VLAN ID 1. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. (Optional) Displays the MIB2 interface entry for specific VLAN(s). Enterasys Matrix DFE-Gold Series Configuration Guide 7-11...
Page 390: Set Vlan Interface
Assigning Port VLAN IDs (PVIDs) and Ingress Filtering Mode Switch command, Read‐Only. Example This example shows how to display the interface entry for VLAN 1: Matrix(rw)->show vlan interface 1 VLAN Port ------------------------------------- vlan.0.1 Table 7‐3 provides an explanation of the command output. Table 7-3 show vlan interface Output Details Output... VLAN Port Storage Type set vlan interface Use this command to create, disable or enables a MIB‐II interface mapped to a VLAN. Syntax set vlan interface vlan-list {create | disable | enable} [volatile] Parameters vlan‐list ...
Page 391: Clear Vlan Interface
Use this command to show all ports that are enabled for port ingress filtering, which limits incoming VLAN ID frames according to a port VLAN egress list. Syntax show port ingress-filter [port-string] Parameters port‐string Defaults If port‐string is not specified, ingress filtering status for all ports will be displayed. Mode Switch command, Read‐Only. Usage If the VLAN ID specified in the received frame is not on the port’s VLAN egress list, then that frame is dropped and not forwarded. Assigning Port VLAN IDs (PVIDs) and Ingress Filtering Specifies the VLAN(s) for which an interface entry will be cleared. (Optional) Specifies the port(s) for which to display ingress filtering status. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. Enterasys Matrix DFE-Gold Series Configuration Guide 7-13...
Page 392: Set Port Ingress Filter
Use this command to discard all frames received with a VLAN ID that don’t match the port’s VLAN egress list. Syntax set port ingress-filter port-string Parameters port‐string disable | enable Defaults None. Mode Switch command, Read‐Write. Usage When ingress filtering is enabled on a port, the VLAN IDs of incoming frames are compared to the port’s egress list. If the received VLAN ID does not match a VLAN ID on the port’s egress list, then the frame is dropped. Ingress filtering is implemented according to the IEEE 802.1Q standard. Example This example shows how to enable port ingress filtering on Fast Ethernet port 3 in module 1: Matrix(rw)->set port ingress-filter fe.1.3 enable 7-14 802.1Q VLAN Configuration {disable | enable} Specifies the port(s) on which to enable of disable ingress filtering. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2.
Page 393: Show Port Discard
{tagged | untagged | none | both} Parameters port‐string tagged | untagged | none | both Defaults None. (Optional) Displays the frame discard mode for specific port(s). For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. Discard Mode ------------- tagged Specifies the port(s) for which to set frame discard mode. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. Sets the port(s) to discard tagged or untagged frames, no frames, or both types of frames. Enterasys Matrix DFE-Gold Series Configuration Guide 7-15 Assigning Port VLAN IDs (PVIDs) and Ingress Filtering...
Page 394: Clear Port Discard
Assigning Port VLAN IDs (PVIDs) and Ingress Filtering Mode Switch command, Read‐Write. Example This example shows how to set Fast Ethernet port 7 in module2 to discard both tagged and untagged frames: Matrix(rw)->set port discard fe.2.7 both clear port discard Use this command to reset the frame discard mode to the factory default setting (none). Syntax clear port discard port-string Parameters port‐string Defaults None. Mode Switch command, Read‐Write. Example This example shows how to reset Fast Ethernet port 7 in module module2 to the default discard mode of “none”: Matrix(rw)->clear port discard fe.2.7 7-16 802.1Q VLAN Configuration...
Page 395: Configuring The Vlan Egress List
Use this command to display the VLAN membership for one or more ports. Syntax show port egress [port-string] Parameters port‐string Defaults If port‐string is not specified, VLAN membership will be displayed for all ports. Mode Switch command, Read‐Write. (Optional) Displays VLAN membership for specific port(s). For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. Enterasys Matrix DFE-Gold Series Configuration Guide 7-17 Configuring the VLAN Egress List Refer to page... 7-17 7-18 7-19 7-20 7-20...
Page 396: Set Vlan Egress
Use this command to add ports to the VLAN egress list for the device, or to prevent one or more ports from participating in a VLAN. This determines which ports will transmit frames for a particular VLAN. Syntax set vlan egress vlan-list port-string [untagged | forbidden | tagged] Parameters vlan‐list port‐string untagged | forbidden | tagged Defaults If untagged, forbidden or tagged is not specified, the port will be added to the VLAN egress list as tagged. Mode Switch command, Read‐Write. 7-18 802.1Q VLAN Configuration Egress Registration Status Status tagged static untagged static tagged static untagged static...
Page 397: Clear Vlan Egress
If forbidden is not specified, tagged and untagged settings will be cleared. Mode Switch command, Read‐Write. Examples This example shows how to remove Fast Ethernet port 14 in module 3 from the egress list of VLAN 9: Matrix(rw)->clear vlan egress 9 fe.3.14 This example shows how to remove all Fast Ethernet ports in module 2 from the egress list of VLAN 4: Matrix(rw)->clear vlan egress 4 fe.2.* Specifies the number of the VLAN from which a port(s) will be removed from the egress list. Specifies one or more ports to be removed from the VLAN egress list of the specified vlan‐list. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. (Optional) Clears the forbidden setting from the specified port(s) and resets the port(s) as able to egress frames if so configured by either static or dynamic means. Enterasys Matrix DFE-Gold Series Configuration Guide 7-19 Configuring the VLAN Egress List...
Page 398: Show Vlan Dynamic Egress
Use this command to display which VLANs are currently enabled for VLAN dynamic egress. Syntax show vlan dynamicegress [vlan-list] Parameters vlan‐list Defaults If vlan‐list is not specified, status for all VLANs where dynamic egress is enabled will be displayed. Mode Switch command, Read‐Only. Example This example shows how to display which VLANs are enabled for dynamic egress: Matrix(rw)->show vlan dynamicegress VLAN 1 is enabled VLAN 101 is enabled VLAN 102 is enabled VLAN 105 is enabled set vlan dynamicegress Use this command to set the administrative status of one or more VLANs’ dynamic egress ...
Page 399 Configuring the VLAN Egress List Example This example shows how to enable the dynamic egress function on VLAN 7: Matrix(rw)->set vlan dynamicegress 7 enable Enterasys Matrix DFE-Gold Series Configuration Guide 7-21...
Page 400: Enabling/Disabling Gvrp
Enabling/Disabling GVRP Enabling/Disabling GVRP Purpose To dynamically create VLANs across a switched network. The GVRP (GARP VLAN Registration Protocol) command set is used to display GVRP configuration information, the current global GVRP state setting, individual port settings (enable or disable) and timer settings. By default, GVRP is enabled on all ports, and globally on the device. GARP VLAN Registration Protocol (GVRP) Operation The following sections describe the device operation when its ports are operating under the Generic Attribute Registration Protocol (GARP) application – GARP VLAN Registration Protocol (GVRP). Overview The purpose of GVRP is to dynamically create VLANs across a switched network. When a VLAN is declared, the information is transmitted out GVRP configured ports on the device in a GARP formatted frame using the GVRP multicast MAC address. A switch/router that receives this frame, examines the frame, and extracts the VLAN IDs. GVRP then creates the VLANs and adds the receiving port to its tagged member list for the extracted VLAN ID (s). The information is then transmitted out the other GVRP configured ports of the device. Figure how VLAN blue from end station A would be propagated across a switch/router network. How It Works In Figure 7‐1, Device 4, port 1 is registered as being a member of VLAN Blue and then declares this fact out all its ports (2 and 3) to Device 1 and Device 2. These two devices register this in the port egress lists of the ports (Device 1, port 1 and Device 2, port 1) that received the frames with the information. Device 2, which is connected to Device 3 and Device 5 declares the same information to those two devices and the port egress list of each port is updated with the new information, accordingly. 7-22 802.1Q VLAN Configuration set vlan dynamicegress 7‐1 shows an example of ...
Page 401: Example Of Vlan Propagation Via Gvrp
The end result is that the port egress list of a port is updated with information about VLANs that reside on that port, even if the actual station on the VLAN is several hops away. Commands For information about... show gvrp show garp timer set gvrp clear gvrp set garp timer clear garp timer Enterasys Matrix DFE-Gold Series Configuration Guide 7-23 Enabling/Disabling GVRP Refer to page... 7-24 7-24 7-26 7-26 7-27 7-27...
Page 402: Show Gvrp
Enabling/Disabling GVRP show gvrp Use this command to display GVRP configuration information. Syntax show gvrp [port-string] Parameters port‐string Defaults If port‐string is not specified, GVRP configuration information will be displayed for all ports and the device. Mode Switch command, Read‐Only. Example This example shows how to display GVRP status for the device and for Fast Ethernet port 1 in module 2: Matrix(rw)->show gvrp fe.2.1 Global GVRP status is enabled. Port Number ----------- fe.2.1 Table 7‐4 provides an explanation of the command output. Table 7-4 show gvrp Output Details Output...
Page 403: Show Gvrp Configuration Output Details
Port designation. For a detailed description of possible port-string values, refer to “Port String Syntax Used in the Join timer setting. Leave timer setting. Leavall timer setting. Enterasys Matrix DFE-Gold Series Configuration Guide 7-25 Enabling/Disabling GVRP 1000 1000 1000 1000...
Page 404: Set Gvrp
Enabling/Disabling GVRP set gvrp Use this command to enable or disable GVRP globally on the device or on one or more ports. Syntax set gvrp {enable | disable} [port-string] Parameters disable | enable port‐string Defaults If port‐string is not specified, GVRP will be disabled or enabled for all ports. Mode Switch command, Read‐Write. Examples This example shows how to enable GVRP globally on the device: Matrix(rw)->set gvrp enable This example shows how to disable GVRP globally on the device: Matrix(rw)->set gvrp disable This example shows how to enable GVRP on Fast Ethernet port 3 in module 1: Matrix(rw)->set gvrp enable fe.1.3 clear gvrp Use this command to clear GVRP status or on one or more ports. Syntax clear gvrp [port-string] Parameters port‐string...
Page 405: Set Garp Timer
Matrix(rw)->set garp timer leave 300 *.*.* This example shows how to set the leaveall timer value to 20000 centiseconds for all ports: Matrix(rw)->set garp timer leaveall 20000 *.*.* clear garp timer Use this command to reset GARP timers back to default values. Syntax clear garp timer {[join] [leave] [leaveall]} port-string Sets the GARP join timer in centiseconds (Refer to 802.1Q standard.) Sets the GARP leave timer in centiseconds (Refer to 802.1Q standard.) Sets the GARP leaveall timer in centiseconds (Refer to 802.1Q standard.) Specifies the port(s) on which to configure GARP timer settings. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. Enterasys Matrix DFE-Gold Series Configuration Guide 7-27 Enabling/Disabling GVRP...
Page 406 Enabling/Disabling GVRP Parameters join leave leaveall port‐string Defaults At least one optional parameter must be entered. Mode Switch command, Read‐Write. Example This example shows how to reset the GARP leave timer to 60 centiseconds on Fast Ethernet port 5 in module 2: Matrix(rw)->clear garp timer leave fe.2.5 7-28 802.1Q VLAN Configuration (Optional) Resets the join timer to 20 centiseconds. (Optional) Resets the leave timer to 60 centiseconds. (Optional) Resets the leaveall timer to 1000 centiseconds. Specifies the port(s) on which to reset GARP timer(s). For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. clear garp timer...
Page 407: Policy Classification Configuration Summary
Layer 3 according to matching access lists (ACLs) in route maps configured on routing interfaces. For details, refer to Policy Classification Configuration “Configuring Denial of Service (DoS) Enterasys Matrix DFE-Gold Series Configuration Guide 8-1 Refer to page... 8-21 8-42 8-42 Prevention”...
Page 408: Configuring Policy Profiles
Use this command to display policy profile information. Syntax show policy profile {all | profile-index [consecutive-pids] [-verbose]} Parameters all | profile‐index consecutive‐pids ‐verbose Defaults If optional parameters are not specified, summary information will be displayed for the specified index or all indexes. Mode Switch command, Read‐Only. Example This example shows how to display policy information for policy profile 11: Matrix(rw)->show policy profile 11 Profile Index Profile Name 8-2 Policy Classification Configuration Displays policy information for all profile indexes or a specific profile index. (Optional) Displays information for specified consecutive profile indexes. (Optional) Displays detailed information.
Page 409: Set Policy Profile
VLAN(s) that ports to which the policy profile is assigned can use for untagged egress. Ports administratively assigned to use this policy profile. Ports currently assigned to use this policy profile. Port dynamically assigned to use this policy profile. Enterasys Matrix DFE-Gold Series Configuration Guide 8-3 Configuring Policy Profiles...
Page 410 Defaults If optional parameters are not specified, none will be applied. Mode Switch command, Read‐Write. Example This example shows how to create a policy profile 1 named “netadmin” with PVID override enabled for PVID 10, and Class‐of‐Service override enabled for CoS 5. This profile can use VLAN 10 for untagged egress: Matrix(rw)->set policy profile 1 name netadmin pvid-status enable pvid 10 cos- status enable cos 5 untagged-vlans 10 8-4 Policy Classification Configuration Specifies an index number for the policy profile. Valid values are 1 ‐ 1023. (Optional) Specifies a name for the policy profile. This is a string from 1 ...
Page 411: Clear Policy Profile
Defaults None. Mode Switch command, Read‐Only. Example This example shows how to display invalid policy action and count information: Matrix(rw)->show policy invalid all Current action on invalid/unknown profile is: Forward packets Number of invalid/unknown profiles detected: 4 Specifies the index number of the policy profile entry to be deleted. Valid values are 1 to 1023. Shows the action the device should take if asked to apply an invalid or unknown policy, or the number of times the device has detected an invalid/unknown policy, or both action and count information. Enterasys Matrix DFE-Gold Series Configuration Guide 8-5 Configuring Policy Profiles...
Page 412: Set Policy Invalid Action
Use this command to assign the action the device will apply to an invalid or unknown policy. Syntax set policy invalid action {default-policy | drop | forward} Parameters default‐policy drop forward Defaults None. Mode Switch command, Read‐Write. Example This example shows how to assign a drop action to invalid policies: Matrix(rw)->set policy invalid action drop clear policy invalid action Use this command to reset the action the device will apply to an invalid or unknown policy to the default action of applying the default policy. Syntax clear policy invalid action Parameters None.
Page 413: Assigning Classification Rules To Policy Profiles
Displays the attributes of the specified rules. Displays all admin and classification rules, rules for the admin profile, profile-index or for a specific number. Valid index values are 1 ‐ 1023. Displays Ethernet type II rules. Displays IP destination address rules. Displays IP fragmentation rules. Displays IP protocol field in IP packet rules. Enterasys Matrix DFE-Gold Series Configuration Guide 8-7 Assigning Classification Rules to Policy Profiles Refer to page... 8-10 8-11 8-13 8-15 8-16 8-17 8-17 8-18 8-19 8-19 [ether...
Page 414 Displays rules associated with a specific administrative policy profile ‐verbose Defaults • If port‐string, rule status, storage type, Syslog state, trap, and usage‐list are not specified, all rules related to other specifications will be displayed. • If verbose is not specified, summary information will be displayed. Mode Switch command, Read‐Only. Examples This example shows how to display policy classification information for Ethernet type 2 rules Matrix(rw)->show policy rule ether: 8-8 Policy Classification Configuration Displays IP source address rules. Displays Type of Service rules. Displays 802.3 DSAP/SSAP rules. Displays MAC destination address rules. Displays MAC source address rules. Displays port related rules. Displays TCP destination port rules. Displays TCP source port rules. Displays UDP destination port rules. Displays UDP source port rules. (Not required for ipfrag classification.) Displays rules for a predefined classifier. This value is dependent on the classification type entered. ...
Page 415: Show Policy Rule Output Details
Class of Service value to which this rule applies. Whether or not this is a dynamic profile ID. Whether or not this is an administrative profile index ID. Enterasys Matrix DFE-Gold Series Configuration Guide 8-9 Assigning Classification Rules to Policy Profiles |RS|ST|S|T|D|VLAN|CoS |U|...
Page 416: Show Policy Capability
Assigning Classification Rules to Policy Profiles show policy capability Use this command to display all policy classification capabilities supported by your Enterasys Matrix Series device. Syntax show policy capability Parameters None. Defaults None. Mode Switch command, Read‐Only. Usage The output of this command shows a table listing classifiable traffic attributes and the type of actions, by rule type, that can be executed relative to each attribute. Above the table is a list of all the actions possible on this device. The left‐most column of the table lists all possible classifiable traffic attributes. The next two columns from the left indicate how policy profiles may be assigned, either administratively or dynamically. The next four columns from the left indicate the actions that may be performed. The last three columns indicate auditing options. An x in an action column for a traffic attribute row indicates that your system has the capability to perform that action for traffic classified by that attribute. Example This example shows how to display your Enterasys Matrix Series device’s policy classification capabilities. In this case, Enterasys Matrix DFE‐Platinum Series capabilities are shown. Refer to “set policy rule” on page 8‐13 for a description of the parameters displayed: Matrix(rw)->show policy capability The following supports related to policy are supported in this device:...
Page 417: Set Policy Classify
| X | X | X | X | X | X | X | X | X | | X | X | X | X | X | X | X | X | X | Enterasys Matrix DFE-Gold Series Configuration Guide 8-11...
Page 418 Defaults If mask is not specified, all data bits will be considered relevant. Mode Switch command, Read‐Write. Usage Classification rules are automatically enabled when created. 8-12 Policy Classification Configuration Specifies that this is an administrative rule or associates this classification rule with a policy profile index configured with the set policy profile command (“set policy profile” on page 8‐3). Valid profile‐ index values are 1‐ 63. Policy Classification Index (1‐65535) Specifies Vlan Classification Rule Specifies Class Of Service Classification Rule vlan / Class Of Service (0‐4095) Specifies Forwarding of packet Specifies Dropping of packet Classifies based on type field in Ethernet II packet. DSAP/SSAP pair in 802.3 type packet field ‐ (0 ‐ 65535) Classifies based on Type of Service field in IP packet. Classifies based on protocol field in IP packet.
Page 419: Set Policy Rule
Classifies based on type field in Ethernet II packet. Classifies based on destination IP address. Classifies based on IP fragmentation value. Classifies based on protocol field in IP packet. Classifies based on source IP address. Classifies based on Type of Service field in IP packet. Classifies based on DSAP/SSAP pair in 802.3 type packet. Classifies based on MAC destination address. Classifies based on MAC source address. Classifies based on port‐string. Classifies based on TCP destination port with. Classifies based on TCP source port . Classifies based on UDP destination port . Classifies based on UDP source port . (Not required for ipfrag classification.) Specifies the code for a predefined classifier. This value is dependent on the classification type entered. Refer to Table 8‐3 for valid values for each classification type. (Optional) Specifies the number of significant bits to match, dependent on the data value entered. Refer to Table classification type and data value. Enterasys Matrix DFE-Gold Series Configuration Guide 8-13 Assigning Classification Rules to Policy Profiles 8‐3 for valid values for each ...
Page 420 If admin‐profile is specified, associates this rule with a policy profile cos cos Defaults • If mask is not specified, all data bits will be considered relevant. • If port‐string is not specified, rule will be scoped to all ports. Mode Switch command, Read‐Write. Usage Classification rules are automatically enabled when created. Examples This example shows how to use Table with policy number 1. This rule will filter Ethernet II Type 1526 frames to VLAN 7: Matrix(rw)->set policy rule 1 ether 1526 vlan 7 This example shows how to use Table with policy profile number 5. This rule specifies that UDP frames from source port 45 will be filtered to VLAN 7: Matrix(rw)->set policy rule 5 udpportsourceip 45 vlan 7 This example shows how to configure classification rule 2 as an administrative profile and assign it to ingress port fe.1.1: Matrix(rw)->set policy rule admin-profile port fe.1.1 port-string fe.1.1 admin-...
Page 421: Clear Policy Rule
Deletes all rules associated with the specified policy profile index ID. Deletes associated Ethernet II classification rule. Deletes associated IP destination classification rule. Deletes associated IP fragmentation classification rule. Deletes associated IP protocol classification rule. Deletes associated IP source classification rule. Deletes associated IP Type of Service classification rule. Deletes associated DSAP/SSAP classification rule. Enterasys Matrix DFE-Gold Series Configuration Guide 8-15 Assigning Classification Rules to Policy Profiles mask bits 1- 16 1 - 48 Not applicable. 1- 8 1- 8 1 - 40 1 - 48...
Page 422: Clear Policy All-Rules
Assigning Classification Rules to Policy Profiles macdest macsource port tcpdestport tcpsourceport udpdestport udpsourceport all‐traffic‐entries | data mask mask port‐string port‐string Defaults When applicable, data, mask, and port‐string must be specified for individual rules to be cleared. Mode Switch command, Read‐Write. Example This example shows how to delete all classification rule entries associated with policy profile 1 from all ports: Matrix(rw)->clear policy rule 1 all-pid-entries clear policy all-rules Use this command to remove all admin and classification rules. Syntax clear policy all-rules Parameters None. Defaults None. Mode Switch command, Read‐Write.
Page 423: Set Policy Port
Matrix(rw)->set policy port fe.1.3 20 show policy allowed-type Use this command to display a list of currently supported traffic rules applied to the admininstrative profile for one or more ports. Syntax show policy allowed-type port-string [-verbose] Parameters port‐string ‐verbose Defaults If ‐verbose is not specified, summary information will be displayed. Mode Switch command, Read‐Only. Specifies the port(s) on which to set assign an administrative rule. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. Specify a policy profile index number with a valid range of [1..63]. Specifies port(s) for which to display traffic rules. (Optional) Displays detailed information. Enterasys Matrix DFE-Gold Series Configuration Guide 8-17 Assigning Classification Rules to Policy Profiles...
Page 424: Set Policy Allowed-Type
Assigning Classification Rules to Policy Profiles Example This example shows how to show information about policies allowed on port ge.1.5: Matrix(rw)->show policy allowed-type ge.1.5 SUPPORTED AND ALLOWED TRAFFIC RULE TYPES o Means Traffic Rule Type is supported on this bridge port * Means Traffic Rule Type is supported and allowed on this bridge port ====================================================================== +--------------+---+-----------+-----+-----+---+---+-+-----+---+---+-+ Port...
Page 425: Clear Policy Allowed-Type
None. Mode Switch command, Read‐Write. Usage This command will reassign the default setting, which is all rules are allowed. Example This example shows how to clear the allowed rule list from port ge.1.5: Matrix(rw)->clear policy allowed-type ge.1.5 clear policy port-hit Use this command to clear rule port hit indications on one or more ports. Syntax clear policy port-hit {all | port-list port-list} Parameters all | port‐list port‐list Specifies port(s) on which to clear traffic rules. Clears port hit indications on all ports or on one or more specified ports. Enterasys Matrix DFE-Gold Series Configuration Guide 8-19 Assigning Classification Rules to Policy Profiles...
Page 426 Assigning Classification Rules to Policy Profiles Defaults None. Mode Switch command, Read‐Write. Example This example shows how to clear rule port hit indications on all ports: Matrix(rw)->clear policy port-hit all 8-20 Policy Classification Configuration clear policy port-hit...
Page 427: Configuring Policy Class Of Service (Cos)
Table 8-4 Configuring User-Defined CoS To do this... Enable CoS. If desired, create new or change existing CoS port configurations. 8‐4. Enterasys Matrix DFE-Gold Series Configuration Guide 8-21 Configuring Policy Class of Service (CoS) Use these commands... set cos state set cos port-config irl...
Page 428: Purpose
Configuring Policy Class of Service (CoS) Table 8-4 Configuring User-Defined CoS To do this... Define IRL or TXQ resources (data rates or transmit priorities). Bind a CoS reference index ID to a defined resource. Bind an IRL or TXQ reference ID to a CoS setting index ID. Associate CoS index IDs to policy rules.
Page 429: Show Cos State
Use this command to enable or disable Class of Service. Syntax set cos state{enable | disable} Parameters enable | disable Defaults None. Mode Switch command, Read‐Write. Example This example shows how to enable Class of Service: Matrix(rw)->set cos state enable Enables or disables Class of Servic.e Enterasys Matrix DFE-Gold Series Configuration Guide 8-23 Configuring Policy Class of Service (CoS) Refer to page... 8-40 8-41...
Page 430: Show Cos Port-Type
Configuring Policy Class of Service (CoS) show cos port-type Use this command to display Class of Service port type configurations. Syntax show cos port-type [irl | txq] [index-list] Parameters irl | txq index‐list Defaults If not specified, all rate limiting information for all port types will be displayed. Mode Switch command, Read‐Only. Usage The Enterasys Matrix Series CoS implementation provides two default port type groupings for designating available rate limiting and transmit queue resources on device modules. Port type 0 designates one of 7GR4270‐12, 7G4270‐12, 7G4270‐09, or 7G4270‐10 DFE modules. Port type 1 designates all other modules, including DFE‐Gold and NSA modules. Other port groupings can be configured using the commands in this section. Example This example shows how to display all Class of Service port type information. In this case, no new port groups have been configured, so information for the two device default groups of 0 and 1 are shown: Matrix(rw)->show cos port-type Number of resources:...
Page 431: Show Cos Port-Type Output Details
When configured for IRL, default port type 0 (7GR4270-12, 7G4270-12, 7G4270-09, and 7G4270-10 DFE modules only). allows for 32, and default port type 1 (all other modules) allows for 8. Enterasys Matrix DFE-Gold Series Configuration Guide 8-25 Configuring Policy Class of Service (CoS) ge.2.1-30;...
Page 432: Show Cos Unit
Syntax show cos unit [irl | txq] [port-type index] Parameters irl | txq port‐type index Defaults If not specified, all rate limiting information for all port types and CoS units of measure will be displayed. Mode Switch command, Read‐Only. Example This example shows how to show all Class of Service IRL unit of measure information: Matrix(rw)->show cos unit irl Port Type Type --------- ---- 8-26 Policy Classification Configuration What it displays... Unit of measure supported by the port type.
Page 433: Show Cos Port-Config
0% Q [ 9]: 0% Q [10]: :Q [12]: 0% Q [13]: 0% Q [14]: :DFE-P 4Q Enterasys Matrix DFE-Gold Series Configuration Guide 8-27 Configuring Policy Class of Service (CoS) Q [ 2]: Q [ 3]: Q [ 6]: Q [ 7]:...
Page 434: Set Cos Port-Config Irl
Configuring Policy Class of Service (CoS) Port Group Port Type Assigned Ports Arbiter Mode Slices/queue Percentage/queue :Q [ 0]: ---------------------------------------------------------------------- Inbound Rate Limiting Port Configuration Entries ---------------------------------------------------------------------- Port Group Name Port Group Port Type Assigned Ports ---------------------------------------------------------------------- Port Group Name Port Group Port Type Assigned Ports...
Page 435: Clear Cos Port-Config Irl
Matrix(rw)->clear cos port-config irl 1.1 entry set cos port-config txq Use this command to set the Class of Service transmit queue port group configuration: Syntax set cos port-config txq group-type-index [name name] [ports port-list] [append] | [clear] Clears all inbound rate limiting non‐default configurations, or those for a specific user‐defined port group index. Deletes a specific entry or name, or clears the ports assigned to this inbound rate limiting configuration. Enterasys Matrix DFE-Gold Series Configuration Guide 8-29 Configuring Policy Class of Service (CoS)
Page 436: Clear Cos Port-Config Txq
• If a name is not specified, default names described in Table • If not specified, this configuration will be applied to all ports in the port group. • If append or clear are not specified, port(s) will be appended to the specified port grouping. • If arb‐slice or arb‐percentage values are not specified, default allocations will be applied. Mode Switch command, Read‐Write. Example This example shows how to create a CoS transmit queue port group entry named “test txq” with a port group ID of 2 and a port type ID of 1: Matrix(rw)->set cos port-config txq 2.1 name test txq clear cos port-config txq Use this command to clear one or all non‐default Class of Service transmit queue port group configurations: Syntax clear cos port-config txq all | group-type-index {entry | name | ports } Parameters all | group‐type‐index...
Page 437: Show Cos Port-Resource
Enterasys Matrix DFE-Gold Series Configuration Guide 8-31 Configuring Policy Class of Service (CoS) none none none none none none none none...
Page 438: Set Cos Port-Resource Irl
Defaults • If a rate is not specified, port defaults will be applied. • If not specified, frames will not be dropped. • If not specified, Syslog and port disabling will not be configured. Mode Switch command, Read‐Write. Example This example shows how to configure Class of Service port resource IRL entry 0 for port group 0.1 assigning an inbound rate limit of 512 kilobits per second This entry will trigger a Syslog and an SNMP trap message if this rate is exceeded: Matrix(rw)->set cos port-resource irl 0.1 0 unit kbps 512 syslog enable trap enable 8-32 Policy Classification Configuration Specifies an inbound rate limiting port group/type index for this entry. Valid entries are in the form of group.type. Group can be 0‐7, with 0 designating the default group, and 1‐7 reserved for user‐defined groups. Default port type values cannot be changed, and are 0 for the 7GR4270‐12, 7G4270‐12, 7G4270‐09, and 7G4270‐10 DFE modules, and 1 for all other modules. ...
Page 439: Clear Cos Port-Resource Irl
{[unit {percentage | kbps | mbps | gbps}] [rate rate] [algorithm {tail-drop}]} Clears all inbound rate limiting port resource entries or a specific entry. Specifies a resource entry to be cleared. (Optional) Clears the unit of measure setting. (Optional) Clears the data rate setting. (Optional) Clears the type of action setting. (Optional) Clears the Syslog setting. (Optional) Clears the SNMP trap setting. (Optional) Clears the disable port setting. (Optional) Clears the limit violation setting. Enterasys Matrix DFE-Gold Series Configuration Guide 8-33 Configuring Policy Class of Service (CoS)
Page 440: Clear Cos Port-Resource Txq
Defaults • If a rate is not specified, port defaults will be applied. • If not specified, no algorithm will be assigned. Mode Switch command, Read‐Write. Example This example shows how to configure a Class of Service port resource entry for port group 0.1 assigning 50 percent of the total available inbound bandwidth to transmit queue 7: Matrix(rw)->set cos port-resource txq 0.1 7 unit percentage 50 clear cos port-resource txq Use this command to clear one or all Class of Service transmit queue port resource entry. Syntax clear cos port-resource txq all | group-type-index resource[unit] [rate] [algorithm] Parameters all | group‐type‐index...
Page 441: Show Cos Reference
Defaults If no options are specified, all reference information for all port types will be displayed. Mode Switch command, Read‐Only. Example This example shows how to show all transmit queue reference configuration information for port group 0.1: Matrix(rw)->show cos reference txq 0.1 Group Index Reference Type ----------- --------- ---- ------------ (Optional) Displays inbound rate limiting or transmit queue reference information. (Optional) Displays information for a specific port group/type entry. (Optional) Displays information for a specific reference entry. Queue Enterasys Matrix DFE-Gold Series Configuration Guide 8-35 Configuring Policy Class of Service (CoS)
Page 442: Set Cos Reference Irl
Parameters group‐type‐index reference number rate‐limit Defaults None. Mode Switch command, Read‐Write. Example This example shows how to configure inbound rate limiting reference entry 0 for port group 0.1 referencing resources defined by IRL entry 0: Matrix(rw)->set cos reference irl 0.1 0 rate-limit 0 clear cos reference irl Use this command to clear one or all Class of Service inbound rate limiting reference configurations. Syntax clear cos reference irl {all | group-type-index reference} Parameters all | group‐type‐index...
Page 443: Set Cos Reference Txq
Matrix(rw)->set cos reference irl 0.1 0 queue 0 clear cos reference txq Use this command to clear one or all non‐default Class of Service transmit queue reference configurations. Syntax clear cos reference txq {all | group-type-index reference} Specifies a transmit queue port group/type index for this entry. Valid entries are in the form of group.type. Group can be 0‐7, with 0 designating the default group, and 1‐7 reserved for user‐defined groups. Default port type values cannot be changed, and are 0 for the 7GR4270‐12, 7G4270‐12, 7G4270‐09, and 7G4270‐10 DFE modules, and 1 for all other modules. Specifies a reference number to be associated with this entry. Specifies a transmit queue resource ID to bind to this entry. Enterasys Matrix DFE-Gold Series Configuration Guide 8-37 Configuring Policy Class of Service (CoS)
Page 444: Show Cos Settings
Configuring Policy Class of Service (CoS) Parameters all | group‐type‐index reference Defaults None. Mode Switch command, Read‐Write. Example This example shows how to clear all Class of Service transmit queue reference entries: Matrix(rw)->clear cos reference txq all show cos settings Use this command to display Class of Service parameters. Syntax show cos settings [cos-list] Parameters cos‐list Defaults If not specified, all CoS entries will be displayed. Mode Switch command, Read‐Only. Example This example shows how to show all CoS settings: Matrix(rw)->show cos settings...
Page 445: Set Cos Settings
Syntax clear cos settings cos-list {[all] | [priority] [tos-value] [txq-reference] [irl- reference]} Parameters cos‐list priority Specifies a Class of Service entry. Valid values are 0 ‐ 255. (Optional) Specifies a CoS priority value. Valid values are 0 ‐ 7, with 0 being the lowest priority. (Optional) Specifies a Type of Service value with mask in the format of 0 ‐ 255:0 ‐ 255 or 0 ‐ 0xFF:0 ‐ 0xFF. (Optional) Specifies the transmit queue associated with this entry. Valid values are 0 ‐ 15 (Optional) Specifies the inbound rate limiter associated with this entry. Valid values are 0 ‐ 31. Specifies a Class of Service entry to clear. Clears all settings associated with this entry. Clears the priority value associated with this entry. Enterasys Matrix DFE-Gold Series Configuration Guide 8-39 Configuring Policy Class of Service (CoS)
Page 446: Show Cos Violation Irl
Configuring Policy Class of Service (CoS) tos‐value txq‐reference irl‐reference Defaults None. Mode Switch command, Read‐Write. Example This example shows how to clear the priority and transmit queue reference values for CoS entry 2: Matrix(rw)->clear cos settings 2 priority txq-reference show cos violation irl Use this command to display Class of Service violation configurations. Syntax show cos violation irl Parameters violation‐index Defaults If no options are specified, all inbound rate limiting violation information will be displayed. Mode Switch command, Read‐Only. Example This example shows how to show any CoS inbound rate limiting violations: Matrix(rw)->show cos violation irl...
Page 447: Clear Cos All-Entries
Matrix(rw)->clear cos violation irl all both clear cos all-entries Use this command to clears all Class of Service entries except priority settings 0 ‐ 7. Syntax clear cos all-entries Parameters None. Defaults None. Mode Switch command, Read‐Write. Example This example shows how to clear all Class of Service entries except priority settings 0 ‐ 7: Matrix(rw)->clear cos all-entries Clears all inbound rate limiting violation entries. Clears the list of ports that are disabled because of violating an inbound rate limiter. Clears the entry for a specific violation index. Enterasys Matrix DFE-Gold Series Configuration Guide 8-41 Configuring Policy Class of Service (CoS)
Page 448: Configuring Policy-Based Routing
Configuring Policy-Based Routing Configuring Policy-Based Routing Router: These commands can be executed when the device is in router mode only. For details on how to enable router configuration modes, refer to page 2-103. About Policy-Based Routing Normally, IP packets are forwarded according to the route that has been selected by traditional routing protocols, such as RIP and OSPF, or by static routes. In this case, selection is performed based only on the destination of the IP packet. Policy‐based routing adds more flexibility to routing by specifying other alternative paths. When a route map list is configured and applied to an interface, policy‐based routing will check an incoming IP packet against the access list (ACL) of ...
Page 449: Show Route-Map
Use this command to create a route map for policy‐based routing and to enable policy‐based routing configuration mode. Syntax route-map id-number [permit | deny] [sequence-number] no route-map id-number Parameters id‐number permit deny sequence‐number Specifies the ID number for which to display a configured PBR route map list. Valid values for PBR are 100 ‐ 199. Specifies a route map list ID number to which this route map will be added. If an unused ID number is specified, a new route map list will be created. Valid values are for policy‐based routing are: 100 ‐ 199. (Optional) Permits the packet to bypass route lookup and be forwarded to the next hop configured in the matching route map. (Optional) Denies policy‐based routing, forcing the packet to continue on its normal routing path. (Optional) Specifies the order of this map in the route map list, and the order in which this route map will be checked for matching access list criteria. The packet check will exit with the first map in the list which matches the packet data. Enterasys Matrix DFE-Gold Series Configuration Guide 8-43 Configuring Policy-Based Routing...
Page 450: Match Ip Address
Configuring Policy-Based Routing Defaults • If permit or deny is not specified, this command will enable route map or policy based routing configuration mode. • If sequence‐number is not specified, 10 will be applied. Mode Router command, Global configuration: Matrix>Router(config)# Usage Use this command to add a route map to an existing route map list by specifying the list’s id‐ number and a new sequence‐number. The “no” form of this command removes the specified route map list:. Example This example shows how to create route map 101 with a sequence order of 20: Matrix>Router(config)#route-map 101 permit 20 match ip address Use this command to match a packet source IP address against a PBR access list. Up to 5 access lists can be matched. Syntax match ip address access-list-number no match ip address access-list-number Parameters ip address access‐list‐number Defaults None.
Page 451: Set Next Hop
Usage The “no” form of this command deletes next hop IP address(es). Example This example shows how to set IP address 10.2.3.4 as the next hop for packets matching ACL 1: Matrix>Router(config)#route-map 101 permit 20 Matrix>Router(config-route-map-pbr)#match ip address 1 Matrix>Router(config-route-map-pbr)#set next-hop 10.2.3.4 show ip policy Use this command to display the policy applied to a routing interface. Syntax show ip policy Parameters None. Defaults None. Mode Router command, Global configuration: Matrix>Router(config)# Specifies a next hop IP address(es). Up to five can be configured. Enterasys Matrix DFE-Gold Series Configuration Guide 8-45 Configuring Policy-Based Routing...
Page 452: Ip Policy Route-Map
Configuring Policy-Based Routing Example This example shows how to display policy information: Matrix>Router(config)#show ip policy Interface Route map Table 8‐6 provides an explanation of the command output. Table 8-6 show ip policy Output Details Output... Interface Route map Priority Load policy Pinger Interval Retries ip policy route-map Use this command to assign a route map list to a routing interface. Syntax ip policy route-map id-number no ip policy route-map Parameters id‐number Defaults...
Page 453: Ip Policy Priority
Parameters only | first | last Defaults None. Mode Router command, Interface configuration: Matrix>Router(config‐if(Vlan <vlan_id>))# Usage The “no” form of this command resets the PBR priority configuration back to the default of first. Example This example shows how to set the IP policy priority on VLAN 1 to “last”: Matrix>Router(config)#interface vlan 1 Matrix>Router(config-if(Vlan 1))#ip policy priority last Prioritizes use of the PBR configured policy — as opposed to doing a lookup in the FIB (Forward Information Base) route table for a next hop — as follows: • only ‐ uses the PBR next hop, but if it is unavailable, drops the packet. • first (default) ‐ uses the PBR next hop, but if unavailable, falls back to the FIB. • last ‐ uses the FIB, but if no route is found, then uses the PBR next hop. Enterasys Matrix DFE-Gold Series Configuration Guide 8-47 Configuring Policy-Based Routing...
Page 454: Ip Policy Load-Policy
Configuring Policy-Based Routing ip policy load-policy Use this command to configure PBR next hop behavior. Syntax ip policy load-policy {[first-available] [round-robin] [ip-hash {sip | dip | both}]} no ip policy load-policy Parameters first‐available | round‐robin | ip‐hash sip | dip | both Defaults If pinger is not specified, none is configured. Mode Router command, Interface configuration: Matrix>Router(config‐if(Vlan <vlan_id>))# Usage When more than one next hop is configured (using the set next hop command as described in “set next hop” on page 8‐45) the load policy specifies choosing one next hop from among the sequence of next hops in the map matching the current packet. A next hop is considered available by default unless a pinger task is running and has flagged it as unavailable. The “no” form of this command resets the next hop behavior to first‐available. Example This example shows how to set the load policy behavior on VLAN 1 to “round‐robin”: Matrix>Router(config)#interface vlan 1 Matrix>Router(config-if(Vlan 1))#ip policy load-policy round-robin ip policy pinger...
Page 455 Defaults • If not specified, interval will be set to 3 seconds. • If not specified, retries will be set to 3. Mode Router command, Interface configuration: Matrix>Router(config‐if(Vlan <vlan_id>))# Usage The “no” form of this command turns PBR ping to off. Example This example shows how to configure the PBR ping interval to 5 and retries to 4 on VLAN 1: Matrix>Router(config)#interface vlan 1 Matrix>Router(config-if(Vlan 1))#ip policy pinger on interval 5 retries 4 (Optional) When ping is on, specifies the ping interval in seconds. Valid values are 1 ‐ 30. Default is 3. (Optional) When ping is on, specifies the number of retries (timeout failures) before setting the hop as unavailable. Valid values are 1 ‐ 10. Default is 3. Enterasys Matrix DFE-Gold Series Configuration Guide 8-49 Configuring Policy-Based Routing...
Page 456 Configuring Policy-Based Routing ip policy pinger 8-50 Policy Classification Configuration...
Page 457: Chapter 9: Igmp Configuration
About IP Multicast Group Management The Internet Group Management Protocol (IGMP) runs between hosts and their immediately neighboring multicast switch device. The protocol’s mechanisms allow a host to inform its local switch device that it wants to receive transmissions addressed to a specific multicast group. A multicast‐enabled switch device can periodically ask its hosts if they want to receive multicast traffic. If there is more than one switch device on the LAN performing IP multicasting, one of these devices is elected “querier” and assumes the responsibility of querying the LAN for group members. Based on the group membership information learned from IGMP, a switch device can determine which (if any) multicast traffic needs to be forwarded to each of its ports. At Layer‐3, multicast switch devices use this information, along with a multicast routing protocol, to support IP multicasting across the Internet. IGMP provides the final step in an IP multicast packet delivery service since it is only concerned with forwarding multicast traffic from the local switch device to group members on a directly attached subnetwork or LAN segment. This switch device supports IP multicast group management by • passively snooping on the IGMP query and IGMP report packets transferred between IP multicast switches and IP multicast host groups to learn IP multicast group members, and • actively sending IGMP query messages to solicit IP multicast group members. The purpose of IP multicast group management is to optimize a switched network’s performance so multicast packets will only be forwarded to those ports containing multicast group hosts or multicast switch devices instead of flooding to all ports in the subnet (VLAN). In addition to passively monitoring IGMP query and report messages, the Enterasys Matrix Series device can also actively send IGMP query messages to learn locations of multicast switches and member hosts in multicast groups within each VLAN. IGMP Configuration Refer to page... Enterasys Matrix DFE-Gold Series Configuration Guide 9-1...
Page 458: Igmp Configuration Summary
IGMP Configuration Summary However, note that IGMP neither alters nor routes any IP multicast packets. Since IGMP is not concerned with the delivery of IP multicast packets across subnetworks, an external IP multicast switch device is needed if IP multicast packets have to be routed across different subnetworks. IGMP Configuration Summary Multicasting is used to support real‐time applications such as video conferences or streaming audio. A multicast server does not have to establish a separate connection with each client. It merely broadcasts its service to the network, and any hosts that want to receive the multicast register with their local multicast switch/router. Although this approach reduces the network overhead required by a multicast server, the broadcast traffic must be carefully pruned at every multicast switch/router it passes through to ensure that traffic is only passed to the hosts that subscribed to this service. The Enterasys Matrix Series switch device uses IGMP (Internet Group Management Protocol) to query for any attached hosts who want to receive a specific multicast service. The device looks up the IP Multicast Group used for this service and adds any port that received a similar request to that group. It then propagates the service request on to any neighboring multicast switch/router to ensure that it will continue to receive the multicast service. Enabling / Disabling IGMP Purpose To display IGMP information and to enable or disable IGMP snooping on the device. Commands For information about... show igmp enable set igmp enable set igmp disable show igmp enable Use this command to display the status of IGMP on one or more VLAN(s).
Page 459: Set Igmp Enable
Parameters vlan‐list Defaults None. Mode Switch command, Read‐Write. Example This example shows how to enable IGMP on VLAN 104: Matrix(rw)->set igmp enable 104 set igmp disable Use this command to disable IGMP on one or more VLANs. Syntax set igmp enable vlan-list Parameters vlan‐list Defaults None. Mode Switch command, Read‐Write. Specifies the VLAN(s) on which to enable IGMP. Specifies the VLAN(s) on which to enable IGMP. Enterasys Matrix DFE-Gold Series Configuration Guide 9-3 Enabling / Disabling IGMP...
Page 460 Enabling / Disabling IGMP Example This example shows how to disable IGMP on VLAN 104: Matrix(rw)->set igmp disable 104 9-4 IGMP Configuration set igmp disable...
Page 461: Configuring Igmp
Use this command to display the IGMP query status of one or more VLANs. Syntax show igmp query vlan-list Parameters vlan‐list Specifies the VLAN(s) for which to display IGMP query state. Enterasys Matrix DFE-Gold Series Configuration Guide 9-5 Configuring IGMP Refer to page... 9-10 9-10 9-11 9-11 9-12 9-13 9-13...
Page 462: Set Igmp Query-Enable
Configuring IGMP Defaults None. Mode Switch command, Read‐Only. Example This example shows how to display the IGMP query state for VLAN 1: Matrix(rw)->show igmp query 1 IGMP querying on vlan 1 is Disabled set igmp query-enable Use this command to enable IGMP querying on one or more VLANs. Syntax set igmp query-enable vlan-list Parameters vlan‐list Defaults None. Mode Switch command, Read‐Write. Example This example shows how to enable IGMP querying on VLAN 104: Matrix(rw)->set igmp query-enable 104 set igmp query-disable Use this command to disable IGMP querying on one or more VLANs.
Page 463: Show Igmp Grp-Full-Action
Group Table Full Action: Flood to Vlan set igmp grp-full-action Use this command to determine what action to take with multicast frames when the multicast group table is full. Syntax set igmp grp-full-action action Parameters action Defaults Flood multicast frames to the Vlan Specifies the action to take when the multicast Group Table is full. The options are: • 1-send multicast frames to Routers • 2-flood multicast frames to the VLAN Enterasys Matrix DFE-Gold Series Configuration Guide 9-7 Configuring IGMP...
Page 464: Show Igmp Config
Configuring IGMP Mode Switch command, Read‐Write. Example This example shows how to flood multicast frames to the VLAN when the multicast group table is full: Matrix(rw)->set igmp grp-full-action 2 show igmp config Use this command to display IGMP configuration information for one or more VLANs. Syntax show igmp config vlan-list Parameters vlan‐list Defaults None. Mode Switch command, Read‐Only. Example This example shows how to display IGMP configuration information for VLAN 1: Matrix(rw)->show igmp config 1 IGMP config for vlan 1 VlanQueryInterval VlanStatus Vlan IGMP Version...
Page 465: Set Igmp Config
Leave Group messages. It is also the amount of time between group- specific query messages. Time (in seconds) the IGMP querier has been active. Specifies the VLAN(s) on which to configure IGMP. (Optional) Specifies the frequency of host‐query frame transmissions. Valid values are from 1 to 65535 seconds. This value works together with max‐resp‐time to remove ports from an IGMP group. (Optional) Specifies the IGMP version. Valid values are: • 1 ‐ IGMP V1 • 2 ‐ IGMP V2 (Optional) Specifies the maximum query response time. Valid values are 1 to 25 seconds. This value works together with query‐interval to remove ports from an IGMP group. (Optional) Specifies the robustness value. This can be increased to tune for expected packet loss on a subnet. Valid values are 2 to 255. (Optional) Specifies the Last Member Query Interval. This is the maximum response time inserted into group‐specific queries which are sent in response to Leave Group messages. It is also the amount of time between group‐specific query messages. Valid values are 1 to 255. Enterasys Matrix DFE-Gold Series Configuration Guide 9-9 Configuring IGMP...
Page 466: Set Igmp Delete
Matrix(rw)->set igmp config 1 query-interval 250 set igmp delete Use this command to remove IGMP configuration settings for one or more VLANs. Syntax set igmp delete vlan-list Parameters vlan‐list Defaults None. Mode Switch command, Read‐Write. Example This example shows how to remove IGMP configuration settings for VLAN 104: Matrix(rw)->set igmp delete 104 show igmp groups Use this command to display information about IGMP groups known to one or more VLANs. Syntax show igmp groups [group group] [vlan-list vlan-list] [sip sip] [-verbose] Parameters group vlan‐list...
Page 467: Show Igmp Static
[modify] [include-ports] [exclude-ports] Parameters group vlan‐list = 105 Multicast Group Address = 224.0.0.2 Specifies the VLAN(s) for which to display static IGMP information. (Optional) Displays information for a specific IGMP group (IP address). = 105 Multicast Group Address = 224.0.0.2 Specifies a group IP address for the entry. Specifies the VLAN(s) on which to configure the entry. Enterasys Matrix DFE-Gold Series Configuration Guide 9-11 Configuring IGMP Type = IGMP Type = IGMP...
Page 468: Set Igmp Remove-Static
Configuring IGMP modify include‐ports exclude‐ports Defaults If not specified, the static entry will be created and not modified. Mode Switch command, Read‐Write. Example This example shows how to add port fe.1.3 to the IGMP group at 224.0.2 (VLAN 105): Matrix(rw)->set igmp add-static 224.0.0.2 105 modify include-ports fe.1.3 set igmp remove-static Use this command to delete a static IGMP entry, or to remove one or more ports from an existing entry. Syntax set igmp remove-static group vlan-list [modify] [include-ports] [exclude-ports] Parameters group vlan‐list modify include‐ports exclude‐ports Defaults If not specified, the static entry will be removed and not modified.
Page 469: Show Igmp Protocols
0,4-6,10-16,18-41,44,46,49-84,87,90,93-99,101-102,104-111,113-255 set igmp protocols Use this command to changes the IGMP classification of received IP frames Syntax set igmp protocols [classification classification] [protocol-id protocol-id] [modify] Parameters classification classification protocol‐id protocol‐id modify Specifies the classification. Options are: • 1-multicast data • 2-routing protocol • 3-ignore The protocol ids to change(0‐255). Add to existing classifications. If not used, protocols will be overwritten. Enterasys Matrix DFE-Gold Series Configuration Guide 9-13 Configuring IGMP...
Page 470: Clear Igmp Protocols
Configuring IGMP Defaults None. Mode Switch command, Read‐Write. Example This example shows how to change IGMP routing protocols to a protocol id of 3: Matrix(rw)->set igmp protocols classification 2 protocol-id 3 modify clear igmp protocols Use this command to clear the binding of IP protocol id to IGMP classification Syntax clear igmp protocols [protocol-id protocol-id] Parameters protocol‐id protocol‐id Defaults None. Mode Switch command, Read‐Write. Example This example shows how to clear IGMP protocols for protocol id 3: Matrix(rw)->clear igmp protocols protocol-id 3 show igmp vlan Use this command to display IGMP information for a specific VLAN.
Page 471: Show Igmp Reporters
: Enabled : 125 : Active : 2.25.0.1 : 10 : 10 : 4 D 23 H : none. : lag.0.1-2,4 (Optional) Port or range of ports. (Optional) Group IP address (none means show all groups) (Optional) VLAN ID or range of IDs (1‐4094) (Optional) Source IP address (none means show all sips) Vlan Source IP ExpireTime(Sec) Flags Enterasys Matrix DFE-Gold Series Configuration Guide 9-15 Configuring IGMP DYNAMIC...
Page 472: Show Igmp Flows
Use this command to display IGMP flow information. Syntax show igmp flows [portlist portlist] [group group] [vlan-list vlan-list] [sip sip] Parameters portlist portlist group group vlan‐list vlan‐list sip sip Defaults If no parameters are specified, information for all IGMP flows is displayed. Mode Switch command, Read‐Only. Example This example shows how to display all the IGMP flow information: Matrix(rw)->show igmp counters Multicast Flows Src Port Group Address ----------------------------------------------- fe.1.20 224.1.1.1 fe.1.36 224.1.1.2 show igmp counters Use this command to display IGMP counter information.
Page 473: Show Igmp Number-Groups
Usage show igmp number-groups Use this command to display the number of multicast groups supported by the Enterasys Matrix device. Syntax show igmp number-groups Parameters None. Defaults None. Mode Switch command, Read‐write. Usage The command displays both the currently active number of groups and the configured number that will take effect at the next reboot. : false : 1016368 : 776482 : 1024 : 22 : 22 Enterasys Matrix DFE-Gold Series Configuration Guide 9-17 Configuring IGMP...
Page 474 Configuring IGMP Example This example shows how to display the number of multicast groups supported by the device. Matrix(rw)->show igmp number-groups IGMP current max number of groups = 4096 IGMP stored max number of groups = 4096 9-18 IGMP Configuration show igmp number-groups...
Page 475: Configuring System Logging
System Logging Configuration http://www.enterasys.com/support/ Enterasys Matrix DFE-Gold Series Configuration Guide 10-1 Refer to page... 10-2 10-3 10-4 10-5 10-5 10-6 10-7...
Page 476: Show Logging All
Configuring System Logging show logging all Use this command to display all configuration information for system logging. Syntax show logging all Parameters None. Defaults None. Mode Switch command, Read‐Only. Example This example shows how to display all system logging information: Matrix(rw)->show logging all Application ---------------------------------------------------------- RtrAcl SNMP Webview System RtrFe Trace RtrLSNat FlowLimt Router AddrNtfy OSPF VRRP RtrArpProc LACP 1(emergencies) 4(errors)
Page 477: Show Logging Server
UDP port the client uses to send to the server. Whether or not this Syslog configuration is currently enabled or disabled. (Optional) Displays Syslog information pertaining to a specific server table entry. Valid values are 1‐8. Enterasys Matrix DFE-Gold Series Configuration Guide 10-3 Configuring System Logging 514 enabled “set logging application” on “set logging default”...
Page 478: Set Logging Server
Configuring System Logging Defaults If index is not specified, all Syslog server information will be displayed. Mode Switch command, Read‐Only. Example This example shows how to display Syslog server configuration information. For an explanation of the command output, refer back to Table Matrix(rw)->show logging server IP Address ------------------------------------------------------------------------- 1 132.140.82.111 local4 warning(5) 2 132.140.90.84 set logging server Use this command to configure a Syslog server. Syntax set logging server index [ip-addr ip-addr] [facility facility] [severity severity] [descr descr] [port port] [state {enable | disable}]...
Page 479: Clear Logging Server
Use this command to remove a server from the Syslog server table. Syntax clear logging server index Parameters index Defaults None. Mode Switch command, Read‐Write. Example This command shows how to remove the Syslog server with index 1 from the server table: Matrix(rw)->clear logging server 1 show logging default Use this command to display the Syslog server default values. Syntax show logging default Parameters None. Specifies the server table index number for the server to be removed. Valid values are 1 ‐ 8. Enterasys Matrix DFE-Gold Series Configuration Guide 10-5 Configuring System Logging...
Page 480: Set Logging Default
Configuring System Logging Defaults None. Mode Switch command, Read‐Only. Example This command shows how to display the Syslog server default values. For an explanation of the command output, refer back to Table Matrix(rw)->show logging default. ----------------------------------------- Defaults: set logging default Use this command to set logging default values. Syntax set logging default {[facility facility] [severity severity] port port]} Parameters facility facility severity severity port port Defaults None. Mode Switch command, Read‐Write. 10-6 System Logging Configuration 10‐1.
Page 481: Clear Logging Default
Switch command, Read‐Write. Example This example shows how to reset the Syslog default severity level to 6: Matrix(rw)->clear logging default severity show logging application Use this command to display the severity level of Syslog messages for one or all applications configured for logging on your system. Syntax show logging application [mnemonic | all] Parameters mnemonic | all Defaults If not specified, information for all applications will be displayed. (Optional) Resets the default facility name to local4. (Optional) Resets the default logging severity level to 6 (notifications of significant conditions). (Optional) Resets the default UDP port the client uses to send to the server to 514. (Optional) Displays severity level for one or all applications configured for logging. Enterasys Matrix DFE-Gold Series Configuration Guide 10-7 Configuring System Logging...
Page 482 Configuring System Logging Mode Switch command, Read‐Only. Usage Mnemonics will vary depending on the number and types of applications running on your system. To display a complete list, use the show logging application command as described in “show logging application” on page 10‐7. Sample values and their corresponding applications are listed in Table 10‐3. Mnemonic values are case sensitive and must be typed as they appear in Table 10‐3. Example This example shows how to display system logging information pertaining to the all supported applications. Matrix(su)->show logging application Application ---------------------------------------------------------- RtrAcl SNMP Webview System RtrFe Trace RtrLSNat FlowLimt Router AddrNtfy OSPF VRRP RtrArpProc LACP 1(emergencies) 4(errors) 7(information) This example shows how to display system logging information pertaining to the SNMP ...
Page 483: Set Logging Application
3 - critical conditions 4 - error conditions 5 - warning conditions 6 - notifications (significant conditions) 7 - informational messages 8 - debugging messages (Optional) Specifies index number(s) of the Syslog server(s) to which messages will be sent. Valid values are 1 ‐ 8 and are set using the set logging server command (“set logging server” on page 10‐4). Enterasys Matrix DFE-Gold Series Configuration Guide 10-9 Configuring System Logging “set logging 10‐3.
Page 484: Sample Mnemonic Values For Logging Applications
Configuring System Logging Defaults • If level is not specified, none will be applied. • If server is not specified, messages will be sent to all Syslog servers. Mode Switch command, Read‐Write. Usage Mnemonic values are case sensitive and must be typed as they appear in Table 10‐3. Table 10-3 Sample Mnemonic Values for Logging Applications Mnemonic AddrNtfy FlowLimit LACP OSPF Router RtrAcl RtrFE RtrArpProc RtrLSNat SNMP System Trace VRRP Webview Example This example shows how to set the severity level for SSH (Secure Shell) to 4 so that error conditions will be logged for that application and sent to Syslog server 1: Matrix(rw)->set logging application SSH level 4 server 1...
Page 485: Clear Logging Application
Use this command to display the state of message logging to the console and a persistent file. Syntax show logging local Parameters None. Defaults None. Mode Switch command, Read‐Only. Example This example shows how to display the state of message logging. In this case, logging to the console is enabled and logging to a persistent file is disabled. Matrix(rw)->show logging local Syslog Console Logging enabled Syslog File Logging disabled (Optional) Resets the severity level for a specific application or for all applications. Valid mnemonic values and their corresponding applications are listed in Table 10‐3. Enterasys Matrix DFE-Gold Series Configuration Guide 10-11 Configuring System Logging...
Page 486: Set Logging Local
Use this command to configure log messages to the console and a persistent file. Syntax set logging local console {enable | disable} file {enable | disable} Parameters console enable | disable file enable | disable Defaults None. Mode Switch command, Read‐Write. Example This command shows how to enable logging to the console and disable logging to a persistent file: Matrix(rw)->set logging local console enable file disable clear logging local Use this command to clear the console and persistent store logging for the local session. Syntax clear logging local Parameters None.
Page 487: Set Logging Here
Usage The effect of this command will be temporary if the current CLI session is using Telnet or SSH, but persistent on the console. Example This command shows how to enable the display of logging messages to the current CLI session: Matrix(rw)->set logging here enable clear logging here Use this command to clear the logging state for the current CLI session. Syntax clear logging here Parameters None. Defaults None. Mode Switch command, Read‐Write. Example This command shows how to clear the logging state for the current CLI session: Matrix(rw)->clear logging here Enables or disables display of logging messages for the current CLI session. Enterasys Matrix DFE-Gold Series Configuration Guide 10-13 Configuring System Logging...
Page 488: Show Logging Buffer
Use this command to display the last 256 messages logged on all blades. Syntax show logging buffer Parameters None. Defaults None. Mode Switch command, Read‐Only. Example This example shows a portion of the information displayed with the show logging buffer command Matrix(rw)->show logging buffer <165>Sep 4 07:43:09 10.42.71.13 CLI[5]User:rw logged in from 10.2.1.122 (telnet) <165>Sep 4 07:43:24 10.42.71.13 CLI[5]User: debug failed login from 10.4.1.100...
Page 489: Purpose
Use this command to display the contents of the command history buffer. Syntax history Network Monitoring Configuration Enterasys Matrix DFE-Gold Series Configuration Guide 11-1 Refer to page... 11-1 11-8 11-13 Refer to page... 11-1 11-2 11-3 11-3 11-4 11-6...
Page 490: Show History
Monitoring Network Events and Status Parameters None. Defaults None. Mode Switch command, Read‐Only. Usage The command history buffer includes all the switch commands entered up to a maximum of 50, as specified in the set history command (“set history” on page 11‐3). Example This example shows how to display the contents of the command history buffer. It shows there are five commands in the buffer: Matrix(rw)->history 1 hist 2 show gvrp 3 show vlan 4 show igmp 5 show ip address show history Use this command to display the size (in lines) of the history buffer. Syntax show history Parameters None.
Page 491: Set History
[icmp | ip | routes | stats | tcp | udp] Parameters icmp routes stats Defaults If no parameters are specified, show netstat will be executed as shown in the example below. Mode Switch command, Read‐Only. Specifies the size of the history buffer in lines. Valid values are 1 to 100. (Optional) Makes this setting persist for all future sessions. (Optional) Shows Internet Control Message Protocol (ICMP) statistics. (Optional) Shows Internet Protocol (IP) statistics. (Optional) Shows the IP routing table. (Optional) Shows all statistics for TCP, UDP, IP, and ICMP. (Optional) Shows Transmission Control Protocol (TCP) statistics. (Optional) Shows User Datagram Protocol (UDP) statistics. Enterasys Matrix DFE-Gold Series Configuration Guide 11-3 Monitoring Network Events and Status...
Page 492: Ping
1cc620c Table 11‐1 provides an explanation of the command output. Table 11-1 show netstat Output Details Output... Proto Recv-Q Send-Q Local Address Foreign Address (state) ping Use this command to send ICMP echo‐request packets to another node on the network from the switch CLI. Syntax ping [-s] host [count] Parameters ‐s host count Defaults • If ‐s is not specified, the ping will not be continuous. • If not specified, packet count will be 1. 11-4 Network Monitoring Configuration Local Address ------------------ ------------------ ------- 0.0.0.0.80...
Page 493 64 bytes from 134.141.89.29: icmp-seq=7. time=0. ms 64 bytes from 134.141.89.29: icmp-seq=8. time=0. ms ----134.141.89.29 PING Statistics---- 9 packets transmitted, 9 packets received, 0% packet loss round- trip (ms) min/avg/max = 0/0/0 Monitoring Network Events and Status Enterasys Matrix DFE-Gold Series Configuration Guide 11-5...
Page 494: Show Users
Monitoring Network Events and Status show users Use this command to display information about the active console port or Telnet session(s) logged in to the switch. Syntax show users Parameters None. Defaults None. Mode Switch command, Read‐Only. Example This example shows how to use the show users command. In this output, there are two Telnet users logged in with Read‐Write access privileges from IP addresses 134.141.192.119 and 134.141.192.18: Matrix(rw)->show users Session User -------- ----- -------------------------- * telnet telnet tell Use this command to send a message to one or all users. Syntax tell {dest | all} message...
Page 495: Disconnect
Matrix(rw)->tell all system reset scheduled for 1 p.m. today disconnect Use this command to close an active console port or Telnet session from the switch CLI. Syntax disconnect {ip-addr | console} Parameters ip‐addr console Defaults None. Mode Switch command, Read‐Write. Examples This example shows how to close a Telnet session to host 134.141.192.119: Matrix(rw)->disconnect 134.141.192.119 This example shows how to close the current console session: Matrix(rw)->disconnect console Specifies the IP address of the Telnet session to be disconnected. This address is displayed in the output shown in “show users” on page 11‐6. Closes an active console port. Enterasys Matrix DFE-Gold Series Configuration Guide 11-7 Monitoring Network Events and Status...
Page 496: Configuring Smon
Syntax show smon priority [port-string] [priority priority] Parameters port‐string priority priority Defaults • If port‐string is not specified, SMON statistics for all ports will be displayed. • If priority is not specified, statistics for all priority queues will be displayed. Mode Switch command, Read‐Only. Example This example shows how to display SMON priority 0 statistics for 1‐Gigabit Ethernet port 14 in module 3: Matrix(rw)->show smon priority ge.3.14 0 Show Priority Statistics 11-8 Network Monitoring Configuration (Optional) Displays SMON priority statistics being collected by specific port(s). For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. (Optional) Displays SMON statistics based on encoded user priority, Valid values are 0 ‐ 7. show smon priority Refer to page...
Page 497: Set Smon Priority
Defaults If owner is not specified, none will be applied. Mode Switch command, Read‐Write. Example This example shows how set the device to gather SMON priority statistics from 1‐Gigabit Ethernet port 14 in module 3: Matrix(rw)->set smon priority ge.3.14 clear smon priority Clears priority‐encoded user statistics on one or more ports. Syntax clear smon priority [port-string] Octets 2332402460 Creates, enables, or disables SMON priority statistics counting. Create automatically enables (starts) counters. Specifies one or more source ports on which to collect statistics. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. (Optional) Specifies an administratively assigned name of the owner of this entity. Enterasys Matrix DFE-Gold Series Configuration Guide 11-9 Configuring SMON...
Page 498: Show Smon Vlan
Configuring SMON Parameters port‐string Defaults If port‐string is not specified, priority statistics will be cleared on all ports. Mode Switch command, Read‐Write. Example This example shows how clear SMON priority statistics on 1‐Gigabit Ethernet source port 14 in module 3: Matrix(rw)->clear smon priority ge.3.14 show smon vlan Use this command to display SMON (Switched Network Monitoring) VLAN statistics. Syntax show smon vlan [port-string] [vlan vlan-id] Parameters port‐string vlan vlan‐id Defaults • If port‐string is not specified, SMON statistics for all ports will be displayed. • If vlan‐id is not specified, statistics for all VLANs will be displayed. Mode Switch command, Read‐Only. Example This example shows how to display SMON VLAN 1 statistics for 1‐Gigabit Ethernet port 14 in module 3: Matrix(rw)->show smon vlan ge.3.14 vlan 1...
Page 499: Set Smon Vlan
If owner is not specified, none will be applied. Mode Switch command, Read‐Write. Example This example shows how set the device to gather SMON VLAN‐related statistics from 1‐Gigabit Ethernet port 14 in module 3: Matrix(rw)->set smon vlan ge.3.14 clear smon vlan Use this command to delete an SMON VLAN statistics counting configuration. Syntax clear smon vlan [port-string] Packets Octets 8011072 2070785503 Creates, enables, or disables SMON VLAN statistics counting. Create automatically enables (starts) counters. Specifies one or more source ports on which to collect statistics. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. (Optional) Specifies an administratively assigned name of the owner of this entity. Enterasys Matrix DFE-Gold Series Configuration Guide 11-11 Configuring SMON...
Page 500 Configuring SMON Parameters port‐string Defaults If port‐string is not specified, VLAN statistics counting configurations will be cleared for all ports. Mode Switch command, Read‐Write. Example This example shows how clear an SMON VLAN statistics counting configuration from 1‐Gigabit Ethernet source port 14 in module 3: Matrix(rw)->clear smon vlan ge.3.14 11-12 Network Monitoring Configuration (Optional) Clears statistics counting configuration(s) for specific port(s). For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. clear smon vlan...
Page 501: Configuring Rmon
11-25) set rmon event status on page 11-25) clear rmon event page 11-26) Enterasys Matrix DFE-Gold Series Configuration Guide 11-13 Configuring RMON (“show rmon stats” on stats” on page 11-17) stats” on page 11-17) (“show rmon...
Page 502 Configuring RMON Table 11-2 RMON Monitoring Group Functions and Commands (continued) RMON Group What It Does... Host Records statistics associated with each host discovered on the network. Host TopN Generates tables that describe hosts that top a list ordered by one of their statistics.
Page 503 = 1.3.6.1.2.1.2.2.1.1.51021 Packets Octets 64 Octets = 0 127 Octets = 0 255 Octets = 0 511 Octets = 0 - 1023 Octets = 0 1024 - 1518 Octets = 0 Enterasys Matrix DFE-Gold Series Configuration Guide 11-15 Configuring RMON...
Page 504: Show Rmon Stats Output Details
Name of the entity that configured this entry. Monitor is default. Data source of the statistics being displayed. Total number of times that the switch was forced to discard frames due to lack of available switch device resources. This does not display the number of frames dropped, only the number of times the switch was forced to discard frames.
Page 505: Set Rmon Stats
Total number of frames, including bad frames, received that were between 1024 and 1518 bytes in length (excluding framing bits, but including FCS bytes). Specifies an index for this statistics entry. Specifies port(s) to which this entry will be assigned. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. (Optional) Assigns an owner for this entry. Specifies one or more stats entries to be deleted, causing them to disappear from any future RMON queries. Resets all history entries to default values. This will cause entries to reappear in RMON queries. Enterasys Matrix DFE-Gold Series Configuration Guide 11-17 Configuring RMON...
Page 506: Show Rmon History
Configuring RMON Defaults None. Mode Switch command, Read‐Write. Example This example shows how to delete RMON statistics entry 2: Matrix(rw)->clear rmon stats 2 show rmon history Use this command to display RMON history properties and statistics. The RMON history group records periodic statistical samples from a network. Syntax show rmon history [port-string] [wide] [interval] Parameters port‐string wide interval Defaults If port‐string is not specified, information about all RMON history entries will be displayed. Mode Switch command, Read‐Only. Example This example shows how to display RMON history entries for Fast Ethernet port 14 in module 3. A control entry displays first, followed by actual entries corresponding to the control entry. In this case, the default settings for entry owner, sampling interval, and maximum number of entries. (buckets) have not been changed from their default values (as described in “set rmon history” on page 11‐19). For a description of the types of statistics shown, refer to Table Matrix(rw)->show rmon history fe.3.14 Port: fe.3.14...
Page 507: Set Rmon History
11‐19. Syntax clear rmon history {index-list | to-defaults} Interval Start: 0 days 19 hours 11 minutes 35 seconds Undersize Pkts Oversize Pkts Fragments Jabbers Collisions Utilization(%) Specifies an index number for this entry. (Optional) Assigns this entry to a specific port. (Optional) Specifies the maximum number of entries to maintain. (Optional) Specifies the sampling interval in seconds. (Optional) Specifies an owner for this entry. Enterasys Matrix DFE-Gold Series Configuration Guide 11-19 Configuring RMON...
Page 508: Show Rmon Alarm
Configuring RMON Parameters index‐list to‐defaults Defaults None. Mode Switch command, Read‐Write. Example This example shows how to delete RMON history entry 1: Matrix(rw)->clear rmon history 1 show rmon alarm Use this command to display RMON alarm entries. Syntax show rmon alarm [index] Parameters index Defaults If index is not specified, information about all RMON alarm entries will be displayed. Mode Switch command, Read‐Only. Usage The RMON alarm group periodically takes statistical samples from RMON variables and compares them with previously configured thresholds. If the monitored variable crosses a threshold an RMON event is generated. Example This example shows how to display RMON alarm entry 3: Matrix(rw)->show rmon alarm 3...
Page 509: Set Rmon Alarm Properties
Specifies an index number for this entry. Maximum number or entries is 50. Maximum value is 65535. (Optional) Specifies an interval (in seconds) for RMON to conduct sample monitoring. (Optional) Specifies a MIB object to be monitored. Note: This parameter is not mandatory for executing the command, but must be specified in order to enable the alarm entry configuration. (Optional) Specifies the monitoring method as: sampling the absolute value of the object, or the difference (delta) between object samples. Enterasys Matrix DFE-Gold Series Configuration Guide 11-21 Configuring RMON = rising...
Page 510: Set Rmon Alarm Status
• fthresh ‐ 0 • revent ‐ 0 • fevent ‐ 0 • owner ‐ monitor Mode Switch command, Read‐Write. Example This example shows how to configure a rising RMON alarm. This entry will conduct monitoring of the delta between samples every 30 seconds: Matrix(rw)->set rmon alarm properties 3 interval 30 object 1.3.6.1.4.1.5624.1.2.29.1.2.1.0 type delta rthresh 1 revent 2 owner Manager set rmon alarm status Use this command to enable an RMON alarm entry. Syntax set rmon alarm status index enable 11-22 Network Monitoring Configuration (Optional) Specifies the type of alarm generated when this event is first ...
Page 511: Clear Rmon Alarm
Matrix(rw)->set rmon alarm status 3 enable clear rmon alarm Use this command to delete an RMON alarm entry. Syntax clear rmon alarm index Parameters index Defaults None. Mode Switch command, Read‐Write. Example This example shows how to clear RMON alarm entry 1: Matrix(rw)->clear rmon alarm 1 Specifies an index number for this entry. Maximum number or entries is 50. Maximum value is 65535. Enables this alarm entry. Specifies the index number of entry to be cleared. Enterasys Matrix DFE-Gold Series Configuration Guide 11-23 Configuring RMON...
Page 512: Show Rmon Event
Configuring RMON show rmon event Use this command to display RMON event entry properties. Syntax show rmon event [index] Parameters index Defaults If index is not specified, information about all RMON entries will be displayed. Mode Switch command, Read‐Only. Example This example shows how to display RMON event entry 3: Matrix(rw)->show rmon event 3 Index 3 ---------------- Owner Status Description Type Community Last Time Sent = 0 days 0 hours 0 minutes 37 seconds Table 11‐5 provides an explanation of the command output.
Page 513: Set Rmon Event Properties
Matrix(rw)->set rmon event properties 2 description “STP topology change" type both community public owner Manager set rmon event status Use this command to enable an RMON event entry. An event entry describes the parameters of an RMON event that can be triggered. Events can be fired by RMON alarms and can be configured to create a log entry, generate a trap, or both. Syntax set rmon event status index enable Specifies an index number for this entry. Maximum number of entries is 100. Maximum value is 65535. (Optional) Specifies the type of RMON event notification as: none, a log table entry, an SNMP trap, or both a log entry and a trap message. (Optional) Specifies an SNMP community name to use if the message type is set to trap. For details on setting SNMP traps and community names, refer to “Configuring SNMP Target Addresses” on page 5‐29. (Optional) Specifies the name of the entity that configured this entry. Enterasys Matrix DFE-Gold Series Configuration Guide 11-25 Configuring RMON...
Page 514: Clear Rmon Event
Configuring RMON Parameters index enable Defaults None. Mode Switch command, Read‐Write. Usage An RMON event entry can be created using this command, configured using the set rmon event properties command (“set rmon event properties” on page 11‐25), then enabled using this command. An RMON event entry can be created and configured at the same time by specifying an unused index with the set properties command. Example This example shows how to enable RMON event entry 1: Matrix(rw)->set rmon event status 1 enable clear rmon event Use this command to delete an RMON event entry and any associated log entries. Syntax clear rmon event index Parameters index Defaults None. Mode Switch command, Read‐Write. Example This example shows how to clear RMON event 1: Matrix(rw)->clear rmon event 1...
Page 515: Show Rmon Host
Out Pkts In Octets Out Octets Broadcast Pkts 0 Multicast Pkts 0 Host 00-00-f6-00-86-6d In Pkts Out Pkts In Octets (Optional) Displays RMON properties and statistics for specific port(s). (Optional) Sorts the display by MAC address or creation time of the entry. 11‐3: 21009 monitor Creation Order 22 Creation Order 74 Enterasys Matrix DFE-Gold Series Configuration Guide 11-27 Configuring RMON...
Page 516: Set Rmon Host Properties
Use this command to configure an RMON host entry. Syntax set rmon host properties index port-string [owner] Parameters index port‐string owner Defaults If owner is not specified, monitor will be applied. Mode Switch command, Read‐Write. Example This example shows how to configure RMON host entry 1 on Fast Ethernet port 5 in module 1: Matrix(rw)->set rmon host properties 1 fe.1.5 set rmon host status Use this command to enable an RMON host entry. Syntax set rmon host status index enable Parameters index enable ...
Page 517: Clear Rmon Host
Defaults None. Mode Switch command, Read‐Write. Example This example shows how to clear RMON host entry 1: Matrix(rw)->clear rmon host 1 show rmon topN Use this command to displays RMON TopN properties and statistics. TopN monitoring prepares tables that describe the hosts topping a list ordered by one of their statistics. TopN lists are samples of one of the hosts base statistics over a specific interval. Syntax set rmon topN [index] Parameters index Defaults If index is not specified, information about all entries will be displayed. Mode Switch command, Read‐Only. Specifies the index number of the entry to be cleared. (Optional) Displays RMON properties and statistics for a specific entry index ID. Enterasys Matrix DFE-Gold Series Configuration Guide 11-29 Configuring RMON...
Page 518: Show Rmon Topn Output Details
Configuring RMON Example This example shows how to display all RMON TopN properties and statistics. A control entry displays first, followed by actual entries corresponding to the control entry: Matrix(rw)->show rmon topN -------------------- Index Status Owner Start Time HostIndex Rate Base Duration Time Remaining = 0 Requested Size = 10000 Granted Size Report 1 ------------------- Rate = 3 Address = 0.1.f4.6.2e.40 Table 11‐6 provides an explanation of the command output. Properties are set using the set rmon topN properties command as described in “set rmon topN properties” on page 11‐31. Table 11-6 show rmon topN Output Details Output...
Page 519: Set Rmon Topn Properties
Matrix(rw)->set rmon topN properties 1 1 inpackets 60 20 set rmon topN status Use this command to enable an RMON topN entry. Syntax set rmon topN status index enable | Specifies an index number for this entry. An entry will automatically be created if an unused index number is chosen. Maximum number of entries is 10. Maximum value is 65535. (Optional) Specifies an index number of the host table. (Optional) Specifies the type of counter to activate with this entry as InPackets, OutPackets, InOctets, OutOctets, OutErrors, Broadcast packets, or Multicast packets. (Optional) Specifies the sampling interval in seconds. Value must be a minimum of 60. (Optional) Specifies the maximum number of entries to maintain. (Optional) Specifies the name of the entity that configured this entry. Enterasys Matrix DFE-Gold Series Configuration Guide 11-31 Configuring RMON...
Page 520: Clear Rmon Topn
Configuring RMON Parameters index enable Defaults None. Mode Switch command, Read‐Write. Example This example shows how to enable RMON TopN entry 1: Matrix(rw)->set rmon topN status 1 enable clear rmon topN Use this command to delete an RMON TopN entry. Syntax clear rmon topN index Parameters index Defaults None. Mode Switch command, Read‐Write. Example This example shows how to delete RMON TopN entry 1: Matrix(rw)->clear rmon topN 1 show rmon matrix Use this command to display RMON matrix properties and statistics. The RMON matrix stores ...
Page 521: Show Rmon Matrix Output Details
Source of the data from which this entry creates a traffic matrix. Destination of the data from which this entry creates a traffic matrix. Number of packets (including bad packets) transmitted from the source address to the destination address. Enterasys Matrix DFE-Gold Series Configuration Guide 11-33 Configuring RMON = 286...
Page 522: Set Rmon Matrix Properties
Use this command to configure an RMON matrix entry. Syntax set rmon matrix properties index port-string [owner] Parameters index port‐string owner Defaults If owner is not specified, monitor will be applied. Mode Switch command, Read‐Write. Example This example shows how to configure RMON matrix entry 1 for fe.1.1 Matrix(rw)->set rmon matrix properties 1 fe.1.1 set rmon matrix status Use this command to enable an RMON matrix entry. Syntax set rmon matrix status index enable Parameters index enable Defaults None.
Page 523: Clear Rmon Matrix
Parameters index Defaults None. Mode Switch command, Read‐Write. Example This example shows how to delete RMON matrix entry 1: Matrix(rw)->clear rmon matrix 1 show rmon channel Use this command to display RMON channel entries for one or more ports. Syntax show rmon channel [port-string] Parameters port‐string Defaults If port‐string is not specified, information about all channels will be displayed. Mode Switch command, Read‐Only. Specifies the index number of the entry to be cleared. (Optional) Displays RMON channel entries for a specific port(s). Enterasys Matrix DFE-Gold Series Configuration Guide 11-35 Configuring RMON...
Page 524: Set Rmon Channel
Configuring RMON Example This example shows how to display RMON channel information for fe.2.12: Matrix(rw)->show rmon channel fe.2.12 Port fe.2.12 ---------------------------------------------------------- Control OnEventIndex EventIndex Matches Description Owner set rmon channel Use this command to configure an RMON channel entry. Syntax set rmon channel index port-string [accept {matched | failed}] [control {on | off}] [onevent onevent] [offevent offevent] [event event] [estatus {ready | fired | always}] [description description] [owner owner] Parameters index...
Page 525: Clear Rmon Channel
Syntax clear rmon channel index Parameters index Defaults None. Mode Switch command, Read‐Write. Example This example shows how to clear RMON channel entry 2: Matrix(rw)->clear rmon channel 2 show rmon filter Use this command to display one or more RMON filter entries. Syntax show rmon filter [index index | channel channel] Specifies the channel entry to be cleared. Enterasys Matrix DFE-Gold Series Configuration Guide 11-37 Configuring RMON...
Page 526: Set Rmon Filter
Configuring RMON Parameters index index | channel channel Defaults If no options are specified, information for all filter entries will be displayed. Mode Switch command, Read‐Only. Example This example shows how to display all RMON filter entries and channel information: Matrix(rw)->show rmon filter Index= 55508 ---------------------------------------------------------- Data Offset PktStatusMask Owner ----------------------------- Data ff ff ff ff ff ff ----------------------------- DataMask ff ff ff ff ff ff ----------------------------- DataNotMask 00 00 00 00 00 00 set rmon filter Use this command to configure an RMON filter entry.
Page 527: Clear Rmon Filter
{index index | channel channel} Parameters index index | channel channel Defaults None. Mode Switch command, Read‐Write. Example This example shows how to clear RMON filter entry 1: Matrix(rw)->clear rmon filter index 1 (Optional) Specifies the mask applied to status to indicate which bits are significant. (Optional) Specifies the inversion mask that indicates which bits should be set or not set (Optional) Specifies the data to be matched. (Optional) Specifies the mask applied to data to indicate which bits are significant. (Optional) Specifies the inversion mask that indicates which bits should be set or not set. (Optional) Specifies the name of the entity that configured this entry. Clears a specific filter entry, or all entries belonging to a specific channel. Enterasys Matrix DFE-Gold Series Configuration Guide 11-39 Configuring RMON...
Page 528: Show Rmon Capture
Configuring RMON show rmon capture Use this command to display RMON capture entries and associated buffer control entries. Syntax show rmon capture [index] [nodata] Parameters index nodata Defaults If no options are specified, all buffer control entries and associated captured packets will be displayed. Mode Switch command, Read‐Only. Example This example shows how to display RMON capture entries and associated buffer entries: Matrix(rw)->show rmon capture Buf.control= 28062 ---------------------------------------------------------- FullStatus Captured packets Download size Max Octet Requested 50000 Start time Owner...
Page 529: Set Rmon Capture
If not specified, asksize defaults to 1 (which will request as many octets as possible) • If slice and loadsize are not specified, 100 will be applied. • If owner is not specified, it will be set to monitor. Mode Switch command, Read‐Write. Example This example shows how to create RMON capture entry 1 to “listen” on channel 628: Matrix(rw)->set rmon capture 1 628 Specifies a buffer control entry. Specifies the channel to which this capture entry will be applied. (Optional) Specifies the action of the buffer when it is full as: • lock ‐ Packets will cease to be accepted • wrap ‐ Oldest packets will be overwritten (Optional) Specifies the maximum octets from each packet to be saved in a buffer. (default: 100) (Optional) Specifies the maximum octets from each packet to be downloaded from the buffer (default: 100) (Optional) Specifies that the first octet from each packet that will be retrieved. (Optional) Specifies that the requested maximum octets will be saved in this buffer. (Optional) Specifies the name of the entity that configured this entry. Enables or disables an existing RMON capture entry. Enterasys Matrix DFE-Gold Series Configuration Guide 11-41 Configuring RMON...
Page 530: Clear Rmon Capture
Configuring RMON clear rmon capture Use this command to clears an RMON capture entry. Syntax clear rmon capture index Parameters index Defaults None. Mode Switch command, Read‐Write. Example This example shows how to clear RMON capture entry 1: Matrix(rw)->clear rmon capture 1 11-42 Network Monitoring Configuration Specifies the capture entry to be cleared. clear rmon capture...
Page 531: Managing Switch Network Addresses And Routes
Network Address and Route Management This chapter describes switch‐related network address and route management commands and how to use them. Note: The commands in this section pertain to the Enterasys Matrix Series device from the switch CLI only. For information on router-related network management tasks, including reviewing router ARP tables and IP traffic, refer to...
Page 532: Show Arp
Managing Switch Network Addresses and Routes For information about... show newaddrtraps set newaddrtraps show movedaddrtrap set movedaddrtrap show arp Use this command to display the switch’s ARP table. Syntax show arp Parameters None. Defaults None. Mode Switch command, Read‐Only. Example This example shows how to display the ARP table: Matrix(rw)->show arp LINK LEVEL ARP TABLE IP Address ----------------------------------------------------- 10.20.1.1...
Page 533: Set Arp
MAC address mapped to IP address. Route status. Possible values and their definitions include: S - manually configured entry (static) P - respond to ARP requests for this entry Specifies the IP address to map to the MAC address and add to the ARP table. Specifies the MAC address to map to the IP address and add to the ARP table. (Optional) Sets the ARP entry as not permanent. This allows the entry to time out. (Optional) Publishes the specified ARP entry. This causes the system to respond to ARP requests for this entry, even though it is not the host. (Optional) Specifies that trailer encapsulations can be sent to this host. Enterasys Matrix DFE-Gold Series Configuration Guide 12-3...
Page 534: Set Rad
Managing Switch Network Addresses and Routes Parameters ip | all Defaults None. Mode Switch command, Read‐Write. Example This example shows how to delete entry 10.1.10.10 from the ARP table: Matrix(rw)->clear arp 10.1.10.10 show rad Use this command to display the status of the RAD (Runtime Address Discovery) protocol on the switch. Syntax show rad Parameters None. Defaults None. Mode Switch command, Read‐Only. Example This example shows how to display RAD status: Matrix(rw)->show rad RAD is currently enabled. set rad Use this command to enable or disable RAD (Runtime Address Discovery) protocol. ...
Page 535: Show Ip Route
This example shows how to display the IP routing table: Matrix(rw)->show ip route ROUTE TABLE Destination ------------------------------------------------------------------------------ default 10.0.0.0 127.0.0.1 Table 12‐2 provides an explanation of the command output. Gateway Mask 12.22.73.13 00000000 12.22.73.13 ff000000 127.0.0.1 00000000 Enterasys Matrix DFE-Gold Series Configuration Guide 12-5 Managing Switch Network Addresses and Routes Flags Refcnt Use Interface host0 host0...
Page 536: Traceroute
Managing Switch Network Addresses and Routes Table 12-2 show ip route Output Details Output... Destination Gateway Mask Flags Refcnt Interface traceroute Use this command to display a hop‐by‐hop path through an IP network from the device to a specific destination host. Syntax traceroute [-w waittime] [-f first-ttl] [-m max-ttl] [-p port] [-q nqueries] [-s src-addr] [-r] [-d] [-t tos] [-F] [-g gateway] [-I] [-n] [-v] [-x] host [packetlen] Parameters ‐w waittime...
Page 537 • If gateway is not specified, none will be applied. • If ‐I is not specified, UDP datagrams will be used. • If ‐v is not specified, summary output will be displayed. • If ‐x is not specified, checksums will be calculated. Mode Switch command, Read‐Only. Usage Three UDP or ICMP probes will be transmitted for each hop between the source and the traceroute destination. Managing Switch Network Addresses and Routes (Optional) Sets the debug socket option. (Optional) Sets the type of service (TOS) to be used in probe packets. (Optional) Sets the ‘don’t fragment’ bit. (Optional) Specifies a loose source gateway (up to 8 can be specified), or specifies a specific gateway, such as gw1. (Optional) Specifies the use of ICMP echo requests rather than UDP datagrams. (Optional) Displays hop addresses numerically. (Supported in a future release.) (Optional) Displays verbose output, including the size and destination of each response. (Optional) Prevents traceroute from calculating checksums. Specifies the host to which the route of an IP packet will be traced. (Optional) Specifies the length of the probe packet. Enterasys Matrix DFE-Gold Series Configuration Guide 12-7...
Page 538: Set Ip Route
Managing Switch Network Addresses and Routes Example This example shows how to use traceroute to display a round trip path to host 192.167.252.17. In this case, hop 1 is the Enterasys Matrix Series switch, hop 2 is 14.1.0.45, and hop 3 is back to the host IP address. Round trip times for each of the three UDP probes are displayed next to each hop: Matrix(rw)->traceroute 192.167.252.17 traceroute to 192.167.252.17 (192.167.252.17), 30 hops max, 40 byte packets matrix.enterasys.com (192.167.201.40) 14.1.0.45 (14.1.0.45) 192.167.252.17 (192.167.252.17) set ip route Use this command to add a route to the switch’s IP routing table. Syntax set ip route {destination | default} gateway...
Page 539: Show Port Mac
Defaults If port‐string is not specified, MAC addresses for all ports will be displayed. Mode Switch command, Read‐Only. Usage These are port MAC addresses programmed into the device during manufacturing. To show the MAC addresses learned on a port through the switching process, use the show mac command as described in “show mac” on page 12‐10. Example This example shows how to display the MAC address for 1‐Gigabit Ethernet port 4 in module 2: Matrix(rw)->show port mac fe.2.4 Port ------------ fe.2.4 (Optional) Displays MAC addresses for specific port(s). For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. MAC Address ---------------------- 00-01-F4-DA-32-FE Enterasys Matrix DFE-Gold Series Configuration Guide 12-9 Managing Switch Network Addresses and Routes...
Page 540: Show Mac
Managing Switch Network Addresses and Routes show mac Use this command to display the timeout period for aging learned MAC addresses, and to show MAC addresses in the switch’s filtering database. Syntax show mac [agetime] [address mac-address] [fid fid] [vlan-id vlan-id] [port-string port-string] [type {other | invalid | learned | self | mgmt}] [field-decode] [unicast-as-multicast] [-verbose] Parameters agetime address mac‐address fid vlan-id vlan‐id ...
Page 541: Set Mac
• perm - entry is currently in use and shall remain so AFTER the next reset (permanent) Specifies the timeout period in seconds for aging learned MAC addresses. Valid values are 10 to 65535. This command allows you to limit specific layer two multicast mac-address addresses ( ) to specific ports ( vlan-id ). You can later come back and append or clear ports from the list of ports the multicast MAC address is allowed to be dynamically learned on or flooded to. Enterasys Matrix DFE-Gold Series Configuration Guide 12-11 Managing Switch Network Addresses and Routes Status perm port-string ) within a VLAN ...
Page 542: Clear Mac
Managing Switch Network Addresses and Routes unicast mac‐address fid receive‐port [ageable] unicast‐as‐ multicast {enable | disable} Defaults If port‐string is not defined with the set mac multicast command, then it will apply to all ports. If the set mac unicast command is used without the ageable parameter, the entry will be permanent. Mode Switch command, Read‐Write. Usage A warning displays if a unicast MAC address is entered as part of a multicast command: matrix(rw)‐>set mac multicast 00‐02‐ca‐bb‐cc‐dd 2 fe.1.5 Warning: Unicast address converted to multicast 01‐02‐CA‐BB‐CC‐DD Example This example shows how to set the MAC timeout period to 600 seconds: Matrix(rw)->set mac agetime 600 This example shows how to enable the MAC for unicast‐as‐multicast: Matrix(rw)->set mac unicast-as-multicast enable clear mac Use this command to reset the timeout period for aging learned MAC entries to the default value of 300 seconds, or to clear MAC addresses out of the filtering database(s). Syntax clear mac {[all] | [address address] [fid fid] | [vlan-id vlan-id] | [port-string...
Page 543: Show Newaddrtraps
Use this command to display the status of MAC address traps on one or more ports. Syntax show newaddrtrap [port-string] Parameters port‐string Defaults If port‐string is not specified, MAC address traps for all ports will be displayed. Mode Switch command, Read‐Only. Managing Switch Network Addresses and Routes Specify a VLAN ID from which to clear the MAC address multicast entries only Single port to clear (ex. fe.1.1); if not specified, clear command shall be scoped to all ports. all ʹlearnedʹ and ʹmgmtʹ entries where mgmt refers to all statically entered MAC addresses. (Optional) Clear timeout period to default value of 300 seconds. (Optional) The layer 2 lookup to attempt to match the unlearned destination MAC address against the static multicast MAC entries cleared. (Optional) Displays MAC address traps for specific port(s). For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. Enterasys Matrix DFE-Gold Series Configuration Guide 12-13 for static ...
Page 544: Set Newaddrtraps
Managing Switch Network Addresses and Routes Example This example shows how to display the status of MAC address traps on ge.1.1 through 3: Matrix(rw)->show newaddrtrap New Address Traps Globally disabled Port Enable State --------- ------------ ge.1.1 disabled ge.1.2 disabled ge.1.3 disabled set newaddrtraps Use this command to enable or disable SNMP trap messaging, globally or on one or more ports, when new source MAC addresses are detected. Syntax set newaddrtrap [port-string] {enable | disable} Parameters port‐string enable | disable Defaults If port‐string is not specified, MAC address traps will be globally enabled or disabled.
Page 545: Set Movedaddrtrap
Use this command to enable or disable SNMP trap messaging, globally or on one or more ports, when moved source MAC addresses are detected. Syntax set movedaddrtrap [port-string] {enable | disable} Parameters port‐string enable | disable Defaults If port‐string is not specified, MAC address traps will be globally enabled or disabled. Mode Switch command, Read‐Write. Managing Switch Network Addresses and Routes (Optional) Displays MAC address traps for specific port(s). For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. (Optional) Specifies the port(s) on which to enable or disable MAC address traps. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. Enables or disables SNMP trap messaging when moved source MAC addresses are detected. Enterasys Matrix DFE-Gold Series Configuration Guide 12-15...
Page 546 Managing Switch Network Addresses and Routes Example This example shows how to globally enable MAC address traps: Matrix(rw)->set movedaddrtrap enable 12-16 Network Address and Route Management Configuration set movedaddrtrap...
Page 547: Purpose
SNTP Configuration Refer to page... Enterasys Matrix DFE-Gold Series Configuration Guide 13-1 13-2 13-3 13-4 13-4 13-5 13-5 13-6 13-6 13-7...
Page 548: Show Sntp
Use this command to display SNTP client settings. Syntax show sntp Parameters None. Defaults None. Mode Switch command, Read‐Only. Example This example shows how to display SNTP client settings: Matrix(rw)->show sntp SNTP Version: 3 Current Time: TUE SEP 09 16:13:33 2003 Timezone: 'EST', offset from UTC is -4 hours and 0 minutes Client Mode: unicast Broadcast Delay: 3000 microseconds...
Page 549: Set Sntp Client
(“set sntp Whether or not the SNTP server is active. Enables SNTP in broadcast client mode. Enables SNTP in unicast (point‐to‐point) client mode. In this mode, the client must supply the IP address from which to retrieve the current time. Disables SNTP. Enterasys Matrix DFE-Gold Series Configuration Guide 13-3 (“set sntp client” on page 13-3). (“set sntp poll- (“set sntp poll-retry” on (“clear server” on page 13-4).
Page 550: Clear Sntp Client
Configuring Simple Network Time Protocol (SNTP) Mode Switch command, Read‐Write. Example This example shows how to enable SNTP in broadcast mode: Matrix(rw)->set sntp client broadcast clear sntp client Use this command to clear the SNTP client’s operational mode. Syntax clear sntp client Parameters None. Defaults None. Mode Switch command, Read‐Write. Example This example shows how to clear the SNTP client’s operational mode: Matrix(rw)->clear sntp client set sntp server Use this command to add a server from which the SNTP client will retrieve the current time when operating in unicast mode. Up to 10 servers can be set as SNTP servers. Syntax set sntp server ip-address [precedence] Parameters ip‐address...
Page 551: Clear Sntp Server
Mode Switch command, Read‐Write. Example This example shows how to remove the server at IP address 10.21.1.100 from the SNTP server list: Matrix(rw)->clear sntp server 10.21.1.100 set sntp broadcastdelay Use this command to set the round trip delay, in microseconds, for SNTP broadcast frames. Syntax set sntp broadcastdelay time Parameters time Defaults None. Mode Switch command, Read‐Write. Configuring Simple Network Time Protocol (SNTP) Specifies the IP address of a server to remove from the SNTP server list. Removes all servers from the SNTP server list. Specifies broadcast delay time in microseconds. Valid values are 1 to 999999. Default value is 3000. Enterasys Matrix DFE-Gold Series Configuration Guide 13-5...
Page 552: Clear Sntp Broadcast Delay
Example This example shows how to set the SNTP broadcast delay to 12000 microseconds: Matrix(rw)->set sntp broadcastdelay 12000 clear sntp broadcast delay Use this command to clear the round trip delay time for SNTP broadcast frames. Syntax clear sntp broadcastdelay Parameters None. Defaults None. Mode Switch command, Read‐Write. Example This example shows how to clear the SNTP broadcast delay time: Matrix(rw)->clear sntp broadcastdelay set sntp poll-interval Use this command to set the poll interval between SNTP unicast requests. Syntax set sntp poll-interval interval Parameters interval Defaults None. Mode Switch command, Read‐Write.
Page 553: Clear Sntp Poll-Interval
Use this command to set the number of poll retries to a unicast SNTP server. Syntax set sntp poll-retry retry Parameters retry Defaults None. Mode Switch command, Read‐Write. Example This example shows how to set the number of SNTP poll retries to 5: Matrix(rw)->set sntp poll-retry 5 clear sntp poll-retry Use this command to clear the number of poll retries to a unicast SNTP server. Syntax clear sntp poll-retry Configuring Simple Network Time Protocol (SNTP) Specifies the number of retries. Valid values are 0 to 10. Enterasys Matrix DFE-Gold Series Configuration Guide 13-7...
Page 554: Set Sntp Poll-Timeout
Configuring Simple Network Time Protocol (SNTP) Parameters None. Defaults None. Mode Switch command, Read‐Write. Example This example shows how to clear the number of SNTP poll retries: Matrix(rw)->clear sntp poll-retry set sntp poll-timeout Use this command to set the poll timeout (in seconds) for a response to a unicast SNTP request. Syntax set sntp poll-timeout timeout Parameters timeout Defaults None. Mode Switch command, Read‐Write. Example This example shows how to set the SNTP poll timeout to 10 seconds: Matrix(rw)->set sntp poll-timeout 10 clear sntp poll-timeout Use this command to clear the SNTP poll timeout.
Page 555: Show Timezone
Config timezone: '', offset from UTC is 5 hours and 0 minutes set timezone Use this command to set the SNTP time zone name and the hours and minutes it is offset from Coordinated Universal Time (UTC). Syntax set timezone name [hours] [minutes] Parameters name hours minutes Configuring Simple Network Time Protocol (SNTP) Specifies the time zone name. (Optional) Specifies the number of hours this timezone will be offset from UTC. Valid values are minus 12 (‐12) to 12. (Optional) Specifies the number of minutes this timezone will be offset from UTC. Valid values are 0 to 59. Enterasys Matrix DFE-Gold Series Configuration Guide 13-9...
Page 556: Clear Timezone
Configuring Simple Network Time Protocol (SNTP) Defaults If offset hours or minutes are not specified, none will be applied. Mode Switch command, Read‐Write. Example This example shows how to set the time zone to EST with an offset of minus 5 hours: Matrix(rw)->set timezone ETS -5 0 clear timezone Use this command to remove SNTP time zone adjustment values. Syntax clear timezone Parameters None. Defaults None. Mode Switch command, Read‐Write. Example This example shows how to remove SNTP time zone adjustment values: Matrix(rw)->clear timezone 13-10 SNTP Configuration clear timezone...
Page 557: Purpose
Use this command to display node alias properties for one or more ports. Syntax show nodealias [port-string] Parameters port‐string Node Alias Configuration (Optional) Displays node alias properties for specific port(s). For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. Enterasys Matrix DFE-Gold Series Configuration Guide 14-1 Refer to page... 14-1 14-2 14-4 14-5 14-6 14-7 14-7 14-8...
Page 558: Show Nodealias Mac
Configuring Node Aliases Defaults If port‐string is not specified, node alias properties will be displayed for all ports. Mode Switch command, Read‐Only. Usage Node aliases are dynamically assigned upon packet reception to ports enabled with an alias agent, which is the default setting on Enterasys Matrix Series devices. Node aliases cannot be statically created, but can be deleted using the clear node alias command (“clear nodealias” on page 14‐7). Example This example (a portion of the command output) shows how to display node alias properties for ge.3.12: Matrix(rw)->show nodealias ge.3.12 Alias ID Vlan ID Protocol Table 14‐1 provides an explanation of the command output. Table 14-1 show nodealias Output Details Output... Alias ID Active Vlan ID MAC Address Protocol...
Page 559 • Internet Packet Exchange • IPX Routing Information Protocol • IPX Service Access Point • PX Protocol 20 packet • Routing Table Maintenance Protocol • NetBIOS (raw) • NetBIOS (over TCP/IP) • Border Gateway Protocol • Routing Information Protocol • Interior Gateway Routing Protocol • Digital Equipment Corporation • Bridge Protocol Data Unit • User Datagram Protocol (Optional) Displays node alias properties for specific port(s). For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. Enterasys Matrix DFE-Gold Series Configuration Guide 14-3 Configuring Node Aliases...
Page 560: Show Nodealias Protocol
Configuring Node Aliases Example This example shows how to display node alias entries for BPDU traffic on MAC addresses beginning with 00‐e0. Refer back to Table Matrix(rw)->show nodealias mac 00-e0 bpdu Port: lag.0.1 -------------------------------------------------------- Alias ID Vlan ID Protocol Port: lag.0.1 -------------------------------------------------------- Alias ID Vlan ID Protocol Port: ge.3.14 -------------------------------------------------------- Alias ID Vlan ID Protocol Port: ge.3.17 -------------------------------------------------------- Alias ID Vlan ID Protocol show nodealias protocol...
Page 561: Show Nodealias Config
Specifies the protocol for which to display node alias entries. Refer back show nodealias mac (“show nodealias mac” on page 14‐2) for a detailed description of these parameters. (Optional) Used for IP protocol only, displays node alias entries for a specific source address. (Optional) Displays node alias entries for specific port(s). For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. = 1533917141 Active MAC Address = ip Source IP (Optional) Displays node alias configuration settings for specific port(s). For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. Enterasys Matrix DFE-Gold Series Configuration Guide 14-5 Configuring Node Aliases = true = 00-e0-63-04-7b-00 = 199.45.62.25...
Page 562: Set Nodealias
Configuring Node Aliases Defaults If port‐string is not specified, node alias configurations will be displayed for all ports. Mode Switch command, Read‐Only. Example This example shows how to display node alias configuration settings for ports fe.2.1 through 9: Matrix(rw)->show nodealias config fe.2.1-9 Port Number ----------- fe.2.1 fe.2.2 fe.2.3 fe.2.4 fe.2.5 fe.2.6 fe.2.7 fe.2.8 fe.2.9 Table 14‐2 provides an explanation of the command output. Table 14-2 show nodealias config Output Details Output... Port Number Max Entries Used Entries...
Page 563: Set Nodealias Maxentries
Parameters port‐string Defaults None. Mode Switch command, Read‐Write. Example This example shows how to set the maximum node alias entries to 1000 on fe.1.3: Matrix(rw)->set nodealias maxentries 1000 fe.1.3 clear nodealias Use this command to remove one or more node alias entries. Syntax clear nodealias {port-string port-string | alias-id alias-id} Specifies the maximum number of alias entries. Specifies the port(s) on which to set the maximum entry value. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. Enterasys Matrix DFE-Gold Series Configuration Guide 14-7 Configuring Node Aliases...
Page 564: Clear Nodealias Config
Configuring Node Aliases Parameters port‐string port‐string alias‐id alias‐id Defaults None. Mode Switch command, Read‐Write. Example This example shows how to clear all node alias entries on fe.1.3: Matrix(rw)->clear nodealias port-string fe.1.3 clear nodealias config Use this command to reset node alias state to enabled and clear the maximum entries value. Syntax clear nodealias config port-string Parameters port‐string Defaults None. Mode Switch command, Read‐Write. Example This example shows how to reset the node alias configuration on fe.1.3: Matrix(rw)->clear nodealias config fe.1.3 14-8 Node Alias Configuration Specifies the port(s) on which to remove all node alias entries. For a ...
Page 565: Chapter 15: Netflow Configuration
NetFlow is a protocol developed for collecting IP traffic information. Network devices (switches and routers) with NetFlow enabled generate NetFlow flow records, which are exported from the device in UDP packets and collected by a NetFlow collector. Enterasys Matrix DFE Implementation The Enterasys Matrix DFE flow‐based architecture provides a powerful mechanism for collecting network flow statistics, with reporting capacity that scales with the addition of each DFE blade. For each flow, packet and byte count statistics are collect by the DFE forwarding hardware. The flow report generation logic is distributed, permitting each blade to report flows on its own ports. The Enterasys Matrix DFE implementation enables the collection of NetFlow data on both switched and routed frames, allowing DFE blades in all areas of a network infrastructure to collect and report flow data. Routing does not need to be enabled to utilize NetFlow data collection. Flow detail depends on the content of the frame and the path the frame takes through the switch. Operation NetFlow can be enabled on all ports on a Enterasys Matrix system, including fixed front panel ports, LAG ports, NEM ports, and FTM1 backplane ports. Router interfaces which map to VLANs may not be enabled directly. NetFlow records are generated only for flows for which a hardware connection has been established. As long as the network connection exists (and NetFlow is enabled), NetFlow records will be generated. Flows that are switched in firmware (soft forwarded) will not have NetFlow records reported. For flows that are routed, the DFE firmware reports the source and destination ifIndexes as the physical ports, not routed interfaces. In the case of a LAG port, the blade(s) that the physical ports are on will generate NetFlow records independently. They will however, report the source ifIndex as the LAG port. The Flow Sequence Counter field in the NetFlow Header is unique per blade. The Engine ID field of the NetFlow Header is used to identify each unique blade. Each blade functions as a separate Netflow engine. When NetFlow is enabled, each DFE blade in the Enterasys Matrix system will transmit a NetFlow packet when: NetFlow Configuration http://www.enterasys.com/support/ Enterasys Matrix DFE-Gold Series Configuration Guide 15-1...
Page 566: Version Support
Configuring NetFlow • It has accumulated the maximum number of NetFlow records per packet, which is 30, or • It has accumulated fewer than 30 NetFlow records and the active flow timer has expired, or • The flow expires (ages out or is invalidated). Note: A flow is a unidirectional sequence of packets having a set of common properties, travelling between between a source and a destination endpoint. A flow is created on the Enterasys Matrix device when the MAC destination address of a packet is learned on a port and torn down when either it ages out or it is explicitly torn down by the firmware.
Page 567: Show Netflow
Matrix(rw)->show netflow Cache Status: Destination IP: Destination UDP Port: Export Version: (Optional) Show the NetFlow configuration. (Optional) Show the NetFlow statistics. (Optional) Show the NetFlow export statistics. Specifies the port or ports to display. enabled 10.10.1.1 2055 Enterasys Matrix DFE-Gold Series Configuration Guide 15-3 Configuring NetFlow Refer to page... 15-4 15-5 15-5 15-6 15-7 15-7 15-8 15-8 15-9 15-9...
Page 568: Set Netflow Cache
Enabled Ports: ----------------- ge.1.11,23 set netflow cache Use this command to enable (create) or disable (free up) a NetFlow cache on each DFE blade in the Enterasys Matrix system. Syntax set netflow cache {enable | disable} Parameters enable | disable Defaults None. Mode Switch command, Read‐Write. Usage A NetFlow cache maintains NetFlow information for all active flows. By default, NetFlow caches are not created. Example This example shows how to enable, or create, a NetFlow cache on each DFE blade in the system: Matrix(rw)->set netflow cache enable clear netflow cache Use this command to remove, or free up, the NetFlow caches on each DFE blade in the Enterasys Matrix system. Syntax clear netflow cache Parameters None.
Page 569: Set Netflow Export-Destination
[udp-port] Parameters ip‐address udp‐port Defaults None. Mode Switch command, Read‐Write. Usage By default, no collector address is configured. Only one collector destination per Enterasys Matrix system can be configured. Example This example shows how to set the IP address of the NetFlow collector: Matrix(rw)->set netflow export-destination 10.10.1.1 clear netflow export-destination Use this command to clear the NetFlow collector IP address. Syntax clear netflow export-destination [ip-address [udp-port]] Specifies the IP address of the NetFlow collector. (Optional) Specifies the UDP port number used by the NetFlow collector. Default is 2055. Enterasys Matrix DFE-Gold Series Configuration Guide 15-5 Configuring NetFlow...
Page 570: Set Netflow Export-Interval
Configuring NetFlow Parameters ip‐address udp‐port Defaults Since only one collector address per Enterasys Matrix system is supported, entering the IP address and UDP port information is not required. Executing this command without any parameters will return the collector address to “Not Configured.” Mode Switch command, Read‐Write. Example This example shows how to clear the NetFlow collector address: Matrix(rw)->clear netflow export-destination set netflow export-interval Use this command to configure the NetFlow export interval. Syntax set netflow export-interval interval Parameters interval Defaults None. Mode Switch command, Read‐Write. Usage Each DFE blade in the Enterasys Matrix system will transmit a NetFlow packet when: • It has accumulated the maximum number of NetFlow records per packet, which is 30, or • It has accumulated fewer than 30 NetFlow records and the active flow timer has expired, or • The flow expires (ages out or is invalidated). Example This example shows how to set the NetFlow export interval to 10 minutes:...
Page 571: Clear Netflow Export-Interval
Matrix(rw)->clear netflow export-interval set netflow port Use this command to enable NetFlow collection on a port. Syntax set netflow port port-string {enable | disable} Parameters port‐string enable | disable Defaults None. Mode Switch command, Read‐Write. Example This example shows how to enable NetFlow collection on port ge.1.1: Matrix(rw)->set netflow port ge.1.1 enable Specifies the port or ports on which to enable or disable NetFlow collection. Enables or disables NetFlow collection. Enterasys Matrix DFE-Gold Series Configuration Guide 15-7 Configuring NetFlow...
Page 572: Clear Netflow Port
Configuring NetFlow clear netflow port Use this command to return a port to the default NetFlow collection state of disabled. Syntax clear netflow port port-string Parameters port‐string Defaults None. Mode Switch command, Read‐Write. Example This example shows how to disable NetFlow collection on port ge.1.1: Matrix(rw)->clear netflow port ge.1.1 set netflow export-version Use this command to set the NetFlow flow record format used to export data. Syntax set netflow export-version {5 | 9} Parameters 5 | 9 Defaults None. Mode Switch command, Read‐Write.
Page 573: Clear Netflow Export-Version
Parameters None. Defaults None. Mode Switch command, Read‐Write. Usage Use the show netflow config command (“show netflow” on page 15‐3) to display the current NetFlow version. Example This example shows how to return the flow record format to Version 5: Matrix(rw)->clear netflow export-version set netflow template Use this command to configure the NetFlow Version 9 template refresh rate and/or timeout values. Syntax set netflow template {[refresh-rate packets] [timeout minutes]} Enterasys Matrix DFE-Gold Series Configuration Guide 15-9 Configuring NetFlow...
Page 574 Configuring NetFlow Parameters refresh‐rate packets timeout minutes Defaults At least one of the refresh‐rate or timeout parameters must be specified, although both can be specified on one command line. Mode Switch command, Read‐Write. Usage Version 9 template records have a limited lifetime and must be periodically refreshed. Templates are retransmitted when either: • The packet refresh rate is reached, or • The template timeout is reached. Template refresh based on the timeout period is performed on every blade. Since each DFE blade handles its own packet transmissions, template refresh based on number of export packets sent is managed by each blade independently. The refresh rate defines the maximum delay a new or restarted NetFlow collector would experience until it learns the format of the data records being forwarded (from the template referenced by the data records). Refresh rates affect NetFlow collectors during their start up when they must ignore incoming data flow reports until the required template is received. Setting the appropriate refresh rate for your Enterasys Matrix system must be determined, since the default settings of a 20 packet refresh rate and a 30 minute timeout may not be optimal for your environment. For example, a switch processing an extremely slow flow rate of, say, 20 packets per half hour, would refresh the templates only every half hour using the default settings, while a switch sending 300 flow report packets per second would refresh the templates 15 times per second. Enterasys recommends that you configure your Enterasys Matrix system so it does not refresh templates more often than once per second. Use the show netflow config command (“show netflow” on page 15‐3) to display the currently configured values. Example This example shows how to set the Version 9 template packet refresh rate to 50 packets and the timeout value to 45 minutes: Matrix(rw)->set netflow template refresh-rate 50 timeout 45 15-10 NetFlow Configuration The number of export packets sent that causes a template to be ...
Page 575: Clear Netflow Template
Use this command to reset the Version 9 template refresh rate and/or timeout values to their default values. Syntax clear netflow template {[refresh-rate] [timeout]} Parameters refresh‐rate timeout Defaults At least one of the refresh‐rate or timeout parameters must be specified, although both can be specified on one command line. Mode Switch command, Read‐Write. Example This example shows how to return the Version 9 template packet refresh rate to 20 packets and the timeout value to 30 minutes: Matrix(rw)->set netflow template refresh-rate 50 timeout 30 Clear the template packet refresh rate to the default value of 20 packets. Clear the template timeout to the default value of 30 minutes. Enterasys Matrix DFE-Gold Series Configuration Guide 15-11 Configuring NetFlow...
Page 576 Configuring NetFlow clear netflow template 15-12 NetFlow Configuration...
Page 577: About Loopback Versus Vlan Interfaces
Configuring Routing Interface Settings About Loopback Versus VLAN Interfaces Loopback interfaces are different from VLAN routing interfaces because they allow you to disconnect the operation of routing protocols from network hardware operation, improving the reliability of IP connections. A loopback interface is always reachable. The IP address assigned to the loopback interface is used as the router ID, which helps when running protocols like OSPF, because OSPF can be running even when the outbound interface is down. IP packets routed to the loopback interface are rerouted back to the router or access server and processed locally. Routing interface configuration commands in this guide will configure either a VLAN or loopback interface, depending on your choice of parameters, as shown in Table IP Configuration Modes” on page 2-103. 16‐1. Enterasys Matrix DFE-Gold Series Configuration Guide 16-1 Refer to page... 16-1 16-8 16-11 16-12 16-19 16-22 16-30...
Page 578: Show Interface
Configuring Routing Interface Settings Table 16-1 VLAN and Loopback Interface Configuration Modes For Routing Interface Type... VLAN Loopback Local (software loopback) For details on how to enable all router CLI configuration modes, refer back to Table For details on configuring routing protocols, refer to Chapter Purpose To enable routing interface configuration mode on the device, to create VLAN or loopback routing interfaces, to review the usability status of interfaces configured for IP, to set IP addresses for interfaces, and to enable interfaces for IP routing at device startup. Commands For information about... show interface interface ip ecm-forwarding-algorithm show ip interface ip address no shutdown show interface Use this command to display information about one or more interfaces (VLANs or loopbacks) ...
Page 579: Interface
The bandwidth is 10000 Mb/s interface Use this command to configure interfaces for IP routing. Syntax interface {vlan vlan-id | loopback loopback-id} Parameters vlan vlan‐id | loopback loopback‐id Defaults None. Mode Router command, Global configuration mode: Matrix>Router(config)# Usage This command enables interface configuration mode from global configuration mode, and, if the interface has not previously been created, this command creates a new routing interface. For 16‐2Matrix>Router#show interface : Specifies the number of the VLAN or loopback interface to be configured for routing. This interface must be configured for IP routing as described in “Pre‐Routing Configuration Tasks” on page 2‐100. Enterasys Matrix DFE-Gold Series Configuration Guide 16-3 Configuring Routing Interface Settings...
Page 580: Ip Ecm-Forwarding-Algorithm
Configuring Routing Interface Settings details on configuration modes supported by the Enterasys Matrix Series device and their uses, refer to Table 2‐9 in “Enabling Router Configuration Modes” on page 2‐103. VLANs must be created from the switch CLI before they can be configured for IP routing. For details on creating VLANs and configuring them for IP, refer to “Reviewing and Configuring Routing” on page 2‐101. Each VLAN or loopback interface must be configured for routing separately using the interface command. To end configuration on one interface before configuring another, type exit at the command prompt. Enabling interface configuration mode is required for completing interface‐ specific configuration tasks. For an example of how these commands are used, refer to Figure in “Pre‐Routing Configuration Tasks” on page Each Enterasys Matrix Series routing module or standalone device can support up to 96 routing interfaces. Each interface can be configured for the RIP and/or OSPF routing protocols. Example This example shows how to enter configuration mode for VLAN 1: Matrix>Router#configure terminal Matrix>Router(config)#interface vlan 1 Matrix>Router(config-if(Vlan 1))# ip ecm-forwarding-algorithm Use this command to enable ECM (Equal Cost Multipath) for forwarding IP packets on routing interfaces. Syntax ip ecm-forwarding-algorithm [hash-thold | round-robin] no ip ecm-forwarding-algorithm Parameters hash‐thold | round‐...
Page 581: Show Ip Interface
Interface’s IP address and mask. Set using the ip address command as described in “ip address” on page 16-6. Encapsulation type used by this interface. Set using the arp command as described in “arp” on page 16-14. Enterasys Matrix DFE-Gold Series Configuration Guide 16-5 Configuring Routing Interface Settings...
Page 582: Ip Address
Configuring Routing Interface Settings Table 16-2 show ip interface Output Details (continued) Output... MAC-Address Incoming | Outgoing Access List IP Helper Address ARP Timeout Proxy Arp ICMP Policy routing ip address Use this command to set, remove, or disable a primary or secondary IP address for an interface. Syntax ip address ip-address ip-mask [secondary] no ip address ip-address ip-mask Parameters ip‐address ip‐mask...
Page 583: No Shutdown
Matrix>Router(config)#interface vlan 1 Matrix>Router(config-if(Vlan 1))#ip address 192.168.1.1 255.255.255.0 no shutdown Use this command to enable an interface for IP routing and to allow the interface to automatically be enabled at device startup. Syntax no shutdown Parameters None. Defaults None. Mode Router command, Interface configuration: Matrix>Router(config‐if(Vlan 1))# Usage The shutdown form of this command disables an interface for IP routing. Example This example shows how to enable VLAN 1 for IP routing: Matrix>Router(config)#interface vlan 1 Matrix>Router(config-if(Vlan 1))#no shutdown Configuring Routing Interface Settings Enterasys Matrix DFE-Gold Series Configuration Guide 16-7...
Page 584: Managing Router Configuration Files
Managing Router Configuration Files Managing Router Configuration Files Each Enterasys Matrix Series device provides a single configuration interface which allows you to perform both switch and router configuration with the same command set. When a redundancy license is available and has been activated, the device also provides redundant, distributed copies of each router configuration in the event that DFE modules are added or removed from the Enterasys Matrix chassis. This section demonstrates managing configuration files while operating in router mode only. For a sample of how to use these commands interchangeably with the Enterasys Matrix Series single configuration interface commands, refer to “Performing a Basic Router Configuration” on page 16‐11. Purpose To review and save the current router configuration, and to disable IP routing. Commands For information about... show running-config write no ip routing show running-config Use this command to display the non‐default, user‐supplied commands entered while configuring the device. Syntax show running-config Parameters None. Defaults None.
Page 585: Write
Router command, Privileged EXEC: Matrix>Router# Usage The write file command must be executed in order to save the router configuration to NVRAM. If this command is not executed, router configuration changes will not be saved upon reboot. Example This example shows how to display the router‐specific configuration to the terminal:Matrix>Router#write terminal Enable Config t interface vlan 1 iP Address 182.127.63.1 255.255.255.0 no shutdown 0.0.0.255 area 0.0.0.0 area 0.0.0.0 (Optional) Deletes the router‐specific file. (Optional) Saves the router‐specific configuration to NVRAM. (Optional) Saves the router‐specific configuration to a file. (Optional) Displays the current router‐specific configuration to the terminal session. Enterasys Matrix DFE-Gold Series Configuration Guide 16-9 Managing Router Configuration Files...
Page 586: No Ip Routing
Managing Router Configuration Files interface vlan 2 iP Address 182.127.62.1 255.255.255.0 no shutdown exit router rip network 182.127.0.0 exit disable exit no ip routing Use this command to disable IP routing on the device and remove the routing configuration. Syntax no ip routing Parameters None. Defaults None. Mode Router command, Global configuration: Matrix>Router(config)# Usage By default, IP routing is enabled when interfaces are configured for it as described in “Configuring Routing Interface Settings” on page 16‐1. Example This example shows how to disable IP routing on the device: Matrix>Router(config)#no ip routing 16-10 IP Configuration...
Page 587: Performing A Basic Router Configuration
Run the configure command using the downloaded config file as described in “configure” on page 2‐86. Creating and saving a custom file... Enable the router as described in “Enabling Router Configuration Modes” on page 2‐103 and configure it manually. (Refer back to Figure Save the configuration using the write file command as described in “write” on page 16‐9. Moving a Config File from Another Routing Module To copy a router configuration from one module to another, proceed as follows: From the routing module in which you wish to copy a config file, perform a show config on the file as described in “show config” on page 2‐85. Performing a Basic Router Configuration 16‐1. 16‐1 for an example of a basic config file.) Enterasys Matrix DFE-Gold Series Configuration Guide 16-11...
Page 588: Reviewing And Configuring The Arp Table
Reviewing and Configuring the ARP Table Copy the config file to a place where it can be edited with a file editing program. If you only want the router config, delete all the non‐routing config elements and save the new file. Change the routing instance to the module to which the config will be moved as described in “Enabling Router Configuration Modes” on page 2‐103. Use the copy command to move the config file to the new module as described in “copy” on page 2‐86. Run the configure command using the new config file as described in “configure” on page 2‐86. Reviewing and Configuring the ARP Table Purpose To review and configure the routing ARP table, to enable proxy ARP on an interface, and to set a MAC address on an interface. Commands For information about... show ip arp ip gratuitous-arp ip gratuitous-arp-learning ip proxy-arp ip mac-address arp timeout clear arp-cache...
Page 589 Age (min) Hardware Addr 0003.4712.7a99 0002.1664.a5b3 00d0.cf00.4b74 Age (min) Hardware Addr 0002.1664.a5b3 Age (min) Hardware Addr 0003.4712.7a99 ARPA Vlan2 Enterasys Matrix DFE-Gold Series Configuration Guide 16-13 Reviewing and Configuring the ARP Table Type Interface ARPA Vlan1 ARPA Vlan1 ARPA Vlan2...
Page 590: Show Ip Arp Output Details
Reviewing and Configuring the ARP Table Table 16-3 show ip arp Output Details Output... Protocol Address Age (min) Hardware Addr Type Interface Use this command to add or remove permanent (static) ARP table entries. Syntax arp ip-address mac-address arpa no arp ip-address Parameters ip‐address mac‐address arpa Defaults None. Mode Router command, Global configuration: Matrix>Router(config)# Usage Up to 1,000 static ARP entries are supported per Enterasys Matrix Series routing module or ...
Page 591: Ip Gratuitous-Arp
Use this command to allow an interface to learn new ARP bindings using gratuitous ARP. Syntax ip gratuitous-arp-learning {both | reply | request} no ip gratuitous-arp-learning Parameters both | reply | request Allows learning from gratuitous ARP reply, ARP request, or from both Defaults None. Ignore all gratuitous ARP frames, no updates will occur. This option will also prevent any new learning from gratuitous arps, if the command ip gratuitous‐arp‐learning was used.(“ip gratuitous‐arp‐ learning” on page 16‐15). Update from gratuitous arp reply only. Update from gratuitous arp request only. the ARP reply and request. Enterasys Matrix DFE-Gold Series Configuration Guide 16-15 Reviewing and Configuring the ARP Table...
Page 592: Ip Proxy-Arp
Reviewing and Configuring the ARP Table Mode Router command, Interface configuration: Matrix>Router(config‐if(Vlan 1))# Usage This command will be in effect if the ip gratuitous‐arp ignore command (“ip gratuitous‐arp” on page 16‐15) is used. There will be no learning from gratuitous ARP frames, even with the ip gratuitous‐arp‐learning command enabled. The “no” form of this command disables gratuitous ARP learning. Example This example shows how to enable gratuitous ARP learning for both requests and replies on VLAN 1: Matrix>Router(config)#interface vlan 1 Matrix>Router(config-if(Vlan 1))#ip gratuitous-arp-learning both ip proxy-arp Use this command to enable proxy ARP on an interface. This variation of the ARP protocol allows the routing module to send an ARP response on behalf of an end node to the requesting host. Syntax ip proxy-arp [default-route] [local] no ip proxy-arp Parameters default‐route local Defaults None.
Page 593: Ip Mac-Address
By default, every routing interface uses the same MAC address. If the user needs interfaces to use different MAC addresses, this command will allow it. It is the user’s responsibility to select a MAC address that will not conflict with other devices on the VLAN since the Enterasys Matrix Series device will not automatically detect this conflict. The “no” form of this command clears the MAC address. Example This example shows how to set an IP MAC address of 000A.000A.000B. on VLAN 1: Matrix>Router(config)#interface vlan 1 Matrix>Router(config-if(Vlan 1))#ip mac-address 000A.000A.000B arp timeout Use this command to set the duration (in seconds) for entries to stay in the ARP table before expiring. Syntax arp timeout seconds no arp timeout seconds Specifies a 48‐bit MAC address in hexadecimal format. Enterasys Matrix DFE-Gold Series Configuration Guide 16-17 Reviewing and Configuring the ARP Table...
Page 594: Clear Arp-Cache
Reviewing and Configuring the ARP Table Parameters seconds Defaults None. Mode Router command, Global configuration: Matrix>Router(config)# Usage The device can support up to 2000 outstanding unresolved ARP entries. The “no” form of this command restores the default value of 14,400 seconds Example This example shows how to set the ARP timeout to 7200 seconds: Matrix>Router(config)#arp timeout 7200 clear arp-cache Use this command to delete all nonstatic (dynamic) entries from the ARP table. Syntax clear arp-cache Parameters None. Defaults None. Mode Privileged EXEC: Matrix>Router# Example This example shows how to delete all dynamic entries from the ARP table: Matrix>Router#clear arp-cache 16-18 IP Configuration Specifies the time in seconds that an entry remains in the ARP cache. Valid values are 0 ‐ 65535. A value of 0 specifies that ARP entries will ...
Page 595: Configuring Broadcast Settings
For information about... ip directed-broadcast ip forward-protocol ip helper-address ip directed-broadcast Use this command to enable or disable IP directed broadcasts on an interface. Syntax ip directed-broadcast no ip directed-broadcast Parameters None. Defaults None. Mode Router command, Interface configuration: Matrix>Router(config‐if(Vlan 1))# Configuring Broadcast Settings Refer to page... Enterasys Matrix DFE-Gold Series Configuration Guide 16-19 16-19 16-20 16-21...
Page 596: Ip Forward-Protocol
Configuring Broadcast Settings Usage The “no” form of this command disables IP directed broadcast globally. Example This example shows how to enable IP directed broadcasts on VLAN 1: Matrix>Router(config)#interface vlan 1 Matrix>Router(config-if(Vlan 1))#ip directed-broadcast ip forward-protocol Use this command to enable UDP broadcast forwarding and specify which protocols will be forwarded. Syntax ip forward-protocol {udp [port]} no ip forward-protocol {udp [port]} Parameters port Defaults If port is not specified, default forwarding services will be performed as listed above. Mode Router command, Global configuration: Matrix>Router(config)# Usage If a certain service exists inside the node, and there is no need to forward the request to remote networks, the “no” form of this command should be used to disable the forwarding for the specific port. Such requests will not be automatically blocked from being forwarded just because a service for them exists in the node. The “no” form of this command removes a UDP port or protocol, disabling forwarding 16-20 IP Configuration Specifies UDP as the IP forwarding protocol. ...
Page 597: Ip Helper-Address
Router command, Interface configuration: Matrix>Router(config‐if(Vlan <vlan_id>))# Usage This command works in conjunction with the ip forward‐protocol command (“ip forward‐ protocol” on page 16‐20), which defines the forward protocol and port number. You can use this command to add more than one helper address per interface. The “no” form of this command disables the forwarding of UDP datagrams to the specified address Example This example shows how to permit UDP broadcasts from hosts on networks 191.168.1.255 and 192.24.1.255 to reach servers on those networks: Matrix>Router(config)#ip forward-protocol udp Matrix>Router(config)#interface vlan 1 Matrix>Router(config-if(Vlan 1))#ip helper-address 192.168.1.255 Matrix>Router(config)#interface vlan 2 Matrix>Router(config-if(Vlan 2))#ip helper-address 192.24.1.255 Specifies a destination broadcast of host address used when forwarding. Enterasys Matrix DFE-Gold Series Configuration Guide 16-21 Configuring Broadcast Settings...
Page 598: Show Ip Protocols
Reviewing IP Traffic and Configuring Routes Reviewing IP Traffic and Configuring Routes Purpose To review IP protocol information about the device, to review IP traffic and configure routes, to enable and send router ICMP (ping) messages, and to execute traceroute. Commands For information about... show ip protocols show ip traffic clear ip stats show ip route ip route ip icmp ping traceroute show ip protocols Use this command to display information about IP protocols running on the device.
Page 599: Show Ip Traffic
Matrix>Router#show ip traffic IP Statistics: Rcvd: 10 total, 6 local destination 0 header errors 0 unknown protocol, 0 security failures Send Recv Key-chain Distance Last Update (Optional) Displays IP protocol softpath statistics. This option is used for debugging. Enterasys Matrix DFE-Gold Series Configuration Guide 16-23 Reviewing IP Traffic and Configuring Routes...
Page 600: Clear Ip Stats
Reviewing IP Traffic and Configuring Routes Frags: Bcast: 1 received, 8 sent Mcast: 0 received, 16 sent Sent: 24 generated, 0 forwarded 0 no route ICMP Statistics: Rcvd: 4 total, 0 checksum errors, 0 redirects, 0 unreachable, 4 echo Sent: 6 total, 0 redirects, 0 unreachable, 0 echo, 4 echo reply 0 info reply, 0 time exceeded, 0 parameter problem UDP Statistics:...
Page 601: Show Ip Route
Defaults If no parameters are specified, all IP route information will be displayed. Mode Router command, Any router mode. Usage When there is more than one routing module configured in an Enterasys Matrix chassis, each module will create and maintain its own route tables. Routes are managed by the RTM (Route Table Manager), and are contained in the RIB (Route Information Base). This database contains all the active static routes, all the RIP routes, and up to three best routes to each network as determined by OSPF. The RTM selects up to three of the best routes to each network and installs these routes in the FIB (Forwarding Information Base). The routes in the FIB are distributed to every module for use by the routerʹs distributed forwarding engine on the ingress module as frames are received. (Optional) Converts the specified address and mask into a prefix and displays any routes that match the prefix. (Optional) Displays connected routes. (Optional) Displays routes configured for the OSPF routing protocol. For details on configuring OSPF, refer to “Configuring OSPF” on page 21‐19. (Optional) Displays routes configured for the RIP routing protocol. For details on configuring RIP, refer to “Configuring RIP” on page 21‐1. (Optional) Displays static routes. (Optional) Displays a summary of the IP routing table. Enterasys Matrix DFE-Gold Series Configuration Guide 16-25 Reviewing IP Traffic and Configuring Routes...
Page 602: Ip Route
Reviewing IP Traffic and Configuring Routes Example This example shows how to display all IP route information. In this case, there are routes directly connected to VLANs 1 and 2, two static routes connected to VLAN 1 (one indirectly, and one via another network IP), and one RIP route. Distance/cost is displayed as [x/y]: Matrix>Router#show ip route Codes: C – connected, S – – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2, E1 – OSPF external type 1, E2 – OSPF external type 2, * - candidate default, U – per user static route 192.168.27.0/24 192.168.32.0/24 2.0.0.0/8...
Page 603: Ip Icmp
{echo-reply | mask-reply} Parameters echo‐reply mask‐reply Defaults None. Mode Router command, Interface configuration: Matrix>Router(config‐if(Vlan 1))# Usage By default, ICMP messaging is enabled on a routing interface for both echo‐reply and mask‐reply modes. If, for security reasons, ICMP has been disabled using no ip icmp, this command will re‐ enable it on the routing interface. The “no” form of this command disables ICMP. Example This example shows how to enable ICMP in echo‐reply mode on VLAN 1: Matrix>Router(config)#interface vlan 1 Matrix>Router(config-if(Vlan 1))#ip icmp echo-reply Enables ICMP in echo‐reply mode. Enables ICMP in mask‐reply mode. Enterasys Matrix DFE-Gold Series Configuration Guide 16-27 Reviewing IP Traffic and Configuring Routes...
Page 604: Ping
Reviewing IP Traffic and Configuring Routes ping Use this command to test routing network connectivity by sending IP ping requests. Syntax ping ip-address Parameters ip‐address Defaults None. Mode Router command, Privileged EXEC: Matrix>Router# Usage The ping utility (IP ping only) transmits a maximum of five echo requests, with a packet size of 100. The application stops when the response has been received, or after the maximum number of requests has been sent Examples This example shows output from a successful ping to IP address 182.127.63.23: Matrix>Router#ping 182.127.63.23 Reply from 182.127.63.23 Reply from 182.127.63.23 Reply from 182.127.63.23 ------ PING 182.127.63.23 : Statistics ------ 3 packets transmitted, 3 packets received, 0% packet loss This example shows output from an unsuccessful ping to IP address 182.127.63.24: Matrix>Router#ping 182.127.63.24...
Page 605 20.00 ms 20.00 ms 240.00 ms <1 ms TraceRoute Complete Specifies a host to which the route of an IP packet will be traced. 20.00 ms 192.167.201.2 [] 20.00 ms 192.4.9.10 [enatel-rtr10.enatel.com] 480.00 ms 192.167.208.43 [enatel-rtr43.enatel.com] 20.00 ms 192.167.225.46 [enatel-rtr46.enatel.com] Enterasys Matrix DFE-Gold Series Configuration Guide 16-29 Reviewing IP Traffic and Configuring Routes...
Page 606: Debug Ip Packet Access-Group
Configuring Debug IP Packet Configuring Debug IP Packet Purpose Debug IP packet is an IP based packet monitor that allows for the monitoring of all IP traffic received and transmitted from an N‐Series router forwarding engine. Debug IP Packet uses SYSLOG messages to display packet information. Packet filtering takes place by assigning a router access group to the debug ip packet command and is based on the groups ACL entries. This utility displays matching frames for the defined signature being processed in the soft path of the router. It is desirable that the number of rules assigned to the access group be limited so as to minimize the impact on the forwarding system performance. By default the utility displays a subset of available information. A verbose option provides detailed packet information. Options are available to both throttle the number of packets per second and limit the number of packets per board. Commands For information about... debug ip packet access-group debug ip packet restart show debugging no debug ip packet debug ip packet access-group Use this command to enable the debug IP packet utility for monitoring of IP packets based upon ...
Page 607: Debug Ip Packet Restart
PortSting empty for port-69 vlan 2730 Matrix(rw)->Router(config)#show debug IP Packet debugging is on, with access-group 1 throttle 5 limit 20 verbose Matrix(rw)->Router(config)# debug ip packet restart Use this command to restart the debug IP packet utility. Syntax debug ip packet restart Configuring Debug IP Packet Enterasys Matrix DFE-Gold Series Configuration Guide 16-31...
Page 608: Show Debugging
Configuring Debug IP Packet Parameters None. Defaults None. Mode Router command, Router configuration: Matrix>Router(config)# Router Exec: Matrix>Router# Usage By default, 30 packet will be display and then the packet monitor will stop. To collect another 30 packets, use this command. The default of 30 can be modified with the debug ip packet access‐ group limit parameter. Example This example shows how to restart the debug IP packet utility: Matrix(rw)->Router(config)#debug ip packet restart show debugging Use this command to display the debug IP Packet utility settings. Syntax show debugging Parameters None. Defaults None. Mode Router command, Router configuration: Matrix>Router(config)# Example This example shows how to display the debug IP packet utility settings: Matrix(rw)->Router(config)#show debug IP Packet debugging is on, with access-group 1 throttle 5 limit 20 verbose no debug ip packet Use this command to disable the debug IP packet utility.
Page 609 Parameters None. Defaults None. Mode Router command, Router configuration: Matrix>Router(config)# Example This example shows how to disable the debug IP packet utility: Matrix(rw)->Router(config)#no debug ip packet Configuring Debug IP Packet Enterasys Matrix DFE-Gold Series Configuration Guide 16-33...
Page 610 Configuring Debug IP Packet no debug ip packet 16-34 IP Configuration...
Page 611: Chapter 17: Pim Configuration
PIM is an advanced routing feature that must be enabled with a license key. If you have purchased an advanced license key, and have enabled routing on the device, you must activate your license as described back in set. If you wish to purchase an advanced routing license, contact Enterasys Networks Sales. Purpose To review and configure Protocol Independent Multicast (PIM).
Page 612: Ip Pim Sparse Mode
Configuring PIM For information about... show ip mforward show ip rpf ip pim sparse mode Use this command to enable Protocol Independent Multicast (PIM) Sparse Mode (SM) on a routing interface. Syntax ip pim sparse-mode no ip pim sparse-mode Parameters None. Defaults None. Mode Router command, Interface configuration: Matrix>Router(config‐if(Vlan 1))# Usage The “no” form of this command disables PIM on an interface. Example This example enables PIM sparse mode on VLAN 1: Matrix>Router(config)#interface vlan 1 Matrix>Router(config-if(Vlan 1))#ip pim sparse-mode ip pim bsr-candidate Use this command to enable the router to announce its candidacy as a BootStrap Router (BSR).
Page 613: Ip Pim Dr-Priority
Use this command to set the priority for which a router will be elected as the designated router (DR). Syntax ip pim dr-priority priority no ip dr-priority Parameters priority Defaults None. Interface of the BSR candidate. This interface must be enabled with PIM as described in “ip pim sparse mode” on page 17‐2. (Optional) Length of a mask to be added with the group address before the hash function is called. All groups with the same seed hash correspond to the same Rendezvous Point (RP). This option provides one RP for multiple groups. A hash‐mask‐length value of 30 will be automatically applied. (Optional) Specifies a BSR priority value ranging from 0 ‐ 255. Higher values assign higher priority. The BSR with the larger priority is preferred. If priority values are the same, the IP address breaks the tie. The BSR candidate with the higher IP address is preferred. Specifies a priority value for designated router selection. Valid values are 0 ‐ 4294967294. Default is 1. Enterasys Matrix DFE-Gold Series Configuration Guide 17-3 Configuring PIM...
Page 614: Ip Pim Rp-Address
Configuring PIM Mode Router command, Interface configuration: Matrix>Router(config‐if(Vlan 1))# Usage The “no” form of this command disables the DR functionality. Example This example sets the DR priority to 20 on VLAN 1: Matrix>Router(config)#interface vlan 1 Matrix>Router(config-if(Vlan 1))#ip pim dr-priority 20 ip pim rp-address Use this command to set a static rendezvous point (RP) for a multicast group. Syntax ip pim rp-address rp-address group-address group-mask [priority priority] no ip rp-address rp-address group-address group-mask Parameters rp‐address group‐address group‐mask priority priority Defaults If not specified, a priority value of 192 will be assigned.
Page 615: Ip Pim Rp-Candidate
Example This example enables the PIM interface at 35.0.0 224.0.0 240.0.0 to advertise itself as an RP candidate with a priority of 124: Matrix>Router(config)#ip pim rp-candidate 35.0.0.1 224.0.0.0 240.0.0.0 priority show ip pim bsr Use this command to display BootStrap Router (BSR) information. Syntax show ip pim bsr Parameters None. Defaults None. Interface to advertise as an RP candidate. This interface must be enabled with PIM as described in “ip pim sparse mode” on page 17‐2. Specifies the multicast group address. Specifies the multicast group mask. (Optional) Specifies an RP priority value, ranging from 0 ‐ 255. Lower values assign higher priority. Enterasys Matrix DFE-Gold Series Configuration Guide 17-5 Configuring PIM...
Page 616: Show Ip Pim Interface
Configuring PIM Mode Router command, Privileged EXEC: Matrix>Router# Example This example shows how to display BootStrap Router (BSR) information: Matrix>Router#show ip pim bsr PIMv2 Elected Bootstrap Router Information: BSR Address: 10.0.0.1 Bsr Priority: 77 Bsr Hash Mask Length: 30 Bsr Uptime: 00:01:10 Bsr Expiry: 00:00:49 This Router is a Candidate Bootstrap Router (CBSR) Candidate BSR Address: 10.0.0.1 Hash Mask Length: 30 Priority: 77...
Page 617: Show Ip Pim Neighbor
Interval between Hello messages. Default is 30 seconds. Designated router priority value on the interface. Set with the ip pim dr-priority command IP address of the designated router on the LAN. Enterasys Matrix DFE-Gold Series Configuration Guide 17-7 Configuring PIM 35.0.0.2 23.0.0.1 20.0.0.2...
Page 618: Show Ip Pim Rp
Configuring PIM Parameters interface Defaults If not specified, information about all PIM interfaces will be displayed. Mode Router command, Privileged EXEC: Matrix>Router# Example This example shows how to display PIM neighbor information: Matrix>Router#show ip pim neighbor Neighbor Address ------------------------------------------------------------------------ 10.0.0.2 Table 17‐3 provides an explanation of the command output. Table 17-3 show ip pim neighbor Output Details Output... Neighbor Address Vlan DR Priority Uptime Expires Mode (DR) show ip pim rp Use this command to display the active rendezvous points (RPs) that are cached with associated ...
Page 619: Show Ip Pim Rp Output Details
Address of the RP for that group. RP priority value. Period (in hours:minutes:seconds) in which the next bootstrap message is due from this BSR. Interval that this router has been up in hours:minutes:seconds. Enterasys Matrix DFE-Gold Series Configuration Guide 17-9 Configuring PIM...
Page 620: Show Ip Pim Rp-Hash
Configuring PIM show ip pim rp-hash Use this command to display the rendezvous point (RP) that is being selected for a specified group. Syntax show ip pim rp-hash group-address Parameters group‐address Defaults None. Mode Router command, Privileged EXEC: Matrix>Router# Example This example shows how to display RP hash information: Matrix>Router#show ip pim rp-hash 192.168.41.1, via show ip mroute Use this command to display the IP multicast routing table. Syntax show ip mroute [unicast-source-address | multicast-group-address] [summary] Parameters unicast‐source‐address | ...
Page 621: Show Ip Mforward
Vlan-920, Forward/Sparse, 01:52:43/00:00:00 show ip mforward Use this command to display the IP multicast forwarding table. Syntax show ip mforward [unicast-source-address | multicast-group-address] [summary] Parameters unicast‐source‐address | multicast‐group‐address summary Defaults If no optional parameters are specified, detailed information about all source and destination addresses will be displayed. Mode Router command, Any router mode. Usage This table shows what multicast routes have actually been programmed into the Enterasys Matrix hardware. Although redundant to the show ip mroute display (“show ip mroute” on page 17‐10), it is a useful debugging tool if there are discrepancies between the multicast routing table and the multicast forwarding table. (Optional) Displays information about a specific unicast source address or multicast destination address. (Optional) Displays a summary of information. Enterasys Matrix DFE-Gold Series Configuration Guide 17-11 Configuring PIM...
Page 622: Show Ip Rpf
Configuring PIM Example This example shows a portion of the IP multicast forwarding table display: Matrix>Router#show ip mforward IP Multicast Forwarding Table 1 of 8: (63.63.100.1/32, 225.1.2.3) Sources: 63.63.100.1 Incoming interface: Vlan-999 Outgoing interface list: Vlan-410, Forward/Sparse Vlan-555, Forward/Sparse Vlan-910, Forward/Sparse Vlan-920, Forward/Sparse show ip rpf Use this command to display the reverse path of an address in the unicast table. Syntax show ip rfp Parameters None.
Page 623: Chapter 18: Network Address Translation (Nat) Configuration
Network Address Port Translation (NAPT). In addition, the following features are also supported: • Static and Dynamic NAT Pool Binding • FTP, DNS, TELNET, SSH, TFTP, HTTP, NTP (Network Time Protocol), and ICMP (with five different error messages) software path NAT translation • Force Flows (Secure Plus) Both basic NAT and NAPT are referred to as traditional NAT and provide a mechanism to connect a realm with private addresses to an external realm with globally unique registered addresses. Basic NAT is a method by which IP addresses are mapped from one group to another, transparent to the end user. NAPT is a method by which many network addresses, along with their associated TCP/UDP ports, are translated into a single network address and its associated TCP/UDP ports. The static address binding feature is designed for both the basic NAT and NAPT implementations to support static and no expire binding, between inside and outside NAT address translation. It supports one‐to‐one binding, local addresses to global addresses, and TCP/UDP port number translations. The dynamic address binding feature is designed for both the basic NAT and NAPT implementations to support dynamic binding between an address from an access‐list of local addresses to an address from a pool of global addresses. IP addresses defined for dynamic binding are reassigned whenever they become available from the global address pool. NAPT allows port address translation for each IP address in the global pool. The ports are dynamically assigned between a range of 1024 to 4999. It is sometimes possible for a host on the outside global network that knows an inside local address, to be able to send a message directly to the inside local address without NAT translation. The force flows feature, set using the command ip nat secure‐plus on page all flows between the inside local pool and the outside global network to be translated. Modes” on page 2-103. http://www.enterasys.com/support/ Enterasys Matrix DFE-Gold Series Configuration Guide 18-1 18‐7, is designed to force ...
Page 624: Nat Configuration Task List And Commands
Configuring Network Address Translation (NAT) NAT works with DNS by having the DNS Application Specific Gateway (ALG) translate an address that appears in a Domain Name System response to a name or inverse lookup. NAT works with FTP by having the FTP ALG translate the FTP control payload. Both FTP PORT CMD packets and PASV packets, containing IP address information within the data portion, are supported. The NAT implementation also supports the translation of the IP address embedded in the data portion of following types of ICMP error message: destination unreachable (type3), source quench (type4), redirect (type5), time exceeded (type 11) and parameter problem (type 12). Purpose To display and set NAT and NAPT configuration including dynamic pools, static and dynamic NAT configurations, FTP control port, Force Flows, maximum entries and timeout values, and clear active translations. NAT Configuration Task List and Commands Table 18‐1 lists the mandatory and optional tasks and commands for configuring NAT on the Enterasys Matrix Series device. Commands are described in the associated sections as shown. Table 18-1 NAT Configuration Task List and Commands Task Enable NAT on an inside or outside interface. Define a NAT address pool.
Page 625: Ip Nat
[netmask netmask | prefix-length prefix-length] no ip nat pool name [start-ip-address end-ip-address] [netmask netmask | prefix- length prefix-length] Specifies that this internal network interface should be enabled for NAT as a private interface. Specifies that this external network interface should be enabled for NAT as a public interface. Enterasys Matrix DFE-Gold Series Configuration Guide 18-3 Configuring Network Address Translation (NAT)
Page 626: Ip Nat Inside Source List
Configuring Network Address Translation (NAT) Parameters name start‐ip‐address end‐ip‐address netmask prefix‐length Defaults If no netmask or prefix‐length is specified, all addresses in the range are used. Mode Router command, Global configuration: Matrix‐>Router(config)# Usage The dynamic address binding feature draws interfaces from a specified NAT pool. The netmask and prefix‐length parameters are optional. If no values are given, a host route will be added for each IP address in the pool. If either parameter is given, the IP address range will be checked against the netmask and a network route will be added for this pool. The no version of the command deletes the specified NAT pool. Example This example defines the doc1 NAT address pool with a start address of 10.10.10.25 and end address of 10.10.10.45 and a netmask of 255.255.255.0: Matrix->Router(config)#ip nat pool doc1 10.10.10.25 10.10.10.45 netmask 255.255.255.0 ip nat inside source list Use this command to enable dynamic translation of inside source addresses. Syntax ip nat inside source list access-list pool pool-name [overload | interface vlan vlan-id [overload]] no ip nat inside source list access-list pool pool-name [overload | interface vlan vlan-id [overload]]...
Page 627: Ip Nat Inside Source Static (Nat)
Parameters local‐ip global‐ip Defaults None. Mode Router command, Global configuration: Matrix‐>Router(config)# Usage The no version of the command deletes the specified static NAT translation. Example This example enables a static NAT translation of inside source addresses for private local address 10.10.10.50 destined for and transmitting from unique public address 45.20.10.5: Matrix->Router(config)#ip nat inside source static 10.10.10.50 45.20.10.5 Specifies the private (local) address to be associated with a public (global) address for this translation. Specifies the public (global) address to be associated with a private (local) address for this translation. Enterasys Matrix DFE-Gold Series Configuration Guide 18-5 Configuring Network Address Translation (NAT)
Page 628: Ip Nat Inside Source Static (Napt)
Configuring Network Address Translation (NAT) ip nat inside source static (NAPT) Use this command to enable static NAPT translation of inside source addresses. Syntax ip nat inside source static {tcp | udp} local-ip local-port global-ip global-port no ip nat inside source static {tcp | udp} local-ip local-port global-ip global-port Parameters local‐ip local‐port global‐ip global‐port...
Page 629: Ip Nat Secure-Plus
Matrix->Router(config)#ip nat ftp-control-port 22 ip nat secure-plus Use this command to enable force flows to block clients on the outside interface from establishing connections directly to the inside interface addresses. Syntax ip nat secure-plus no ip nat secure-plus Parameters None Defaults None. Mode Router command, Global configuration: Matrix‐>Router(config)# Usage All flows are translated between outside and inside interfaces when secure‐plus is enabled. The no version of the command disables secure‐plus. Example This example enables force flows for this router: Matrix->Router(config)#ip nat secure-plus Configuring Network Address Translation (NAT) Enterasys Matrix DFE-Gold Series Configuration Guide 18-7...
Page 630: Ip Nat Translation Max-Entries
Configuring Network Address Translation (NAT) ip nat translation max-entries Use this command to configure the maximum number of translation entries. Syntax ip nat translation max-entries number no ip nat translation max-entries Parameters number Defaults None. Mode Router command, Global configuration: Matrix‐>Router(config)# Usage 32,000 entries is currently the maximum value allowed for this command. Certain applications such as NAT, LSNAT, TWCB share the same hardware resource pool of 32,000 on a first come first serve basis. Lowering this value assures resources will be available for other applications. The no version of the command resets the number of maximum entries to the default value. Example This example sets the maximum number of NAT translation entries to 20000: Matrix->Router(config)#ip nat translation max-entries 20000 ip nat translation (timeouts) Use this command to configure the maximum timeout value in seconds per flow type.
Page 631: Show Ip Nat Translations
Proto Outside-global ------------------------------------------------------------------------------ 81.1.1.1:1024 81.1.1.1:1025 81.1.1.1:1026 81.1.1.1:1027 81.1.1.1:1029 Specifies the timeout value applied to the DNS translations. Default: 240 seconds. Specifies the timeout value applied to the FTP translations. Default: 240 seconds. Specifies the timeout value in seconds. Inside-local 172.111.1.4:50020 172.111.1.4:50021 172.111.1.4:50022 172.111.1.4:50023 172.111.1.4:50024 Enterasys Matrix DFE-Gold Series Configuration Guide 18-9 Configuring Network Address Translation (NAT) Type No. of Flows DynOver DynOver DynOver DynOver DynOver...
Page 632: Show Ip Nat Statistics
Configuring Network Address Translation (NAT) 81.1.1.1:1030 81.1.1.1:1031 81.1.1.1:1032 81.1.1.1:1033 81.1.1.1:1034 NAT translation count = 10. This example shows a portion of the verbose version of the above example: Matrix->Router(config)#show ip nat translations verbose Proto Outside-global ------------------------------------------------------------------------------ 81.1.1.1:1024 create 07:39:00 use 00:00:03 81.1.1.1:1025 create 07:39:00 use 00:00:03 81.1.1.1:1026 create 07:39:02 use 00:00:01 84.1.1.1:1024 create 07:39:02 use 00:00:01 84.1.1.1:1027 create 07:39:02 use 00:00:01...
Page 633 Active Disable tcp-timeout icmp-timeout ftp-timeout 21, vlan vlan 3005, vlan 3004, vlan 3003, vlan 3002, vlan 3001, vlan Expired translations: 95, Misses:0 end 81.1.1.1 Enterasys Matrix DFE-Gold Series Configuration Guide 18-11 Configuring Network Address Translation (NAT) 8, Misses:0 32000 dns-timeout...
Page 634: Clear Ip Nat Translation
Configuring Network Address Translation (NAT) access-list 35 refcount 28 pool vlan 3000: netmask 0.0.0.0 start 85.1.1.1 type napt, total addresses 1, allocated 1, max_ports 32000, used_ports 28 (0%) misses 0 clear ip nat translation Use this command to clear active dynamic NAT translations. Syntax clear ip nat translation Parameters None.
Page 635: Clear Ip Nat Translation Inside (Napt)
Defaults None. Mode Router command, Global configuration: Matrix‐>Router(config)# Usage This command clears an active NAPT translation. Use the no ip nat inside source static command to delete a static NAT configuration. Example This example clears the TCP NAPT translation for private address 10.10.10.51 and port 123 and uniquely public address 45.20.10.6 and port 123: Matrix->Router(config)#clear ip nat translation tcp inside 45.20.10.6 121 10.10.10.51 123 Specifies the unique public IP address to clear for this static NAPT translation. Specifies the L4 translated source port port associated with the unique public IP address for this static NAPT translation. Specifies the private IP address to clear for this static NAPT translation. Specifies the L4 source port associated with the private IP address for this static NAPT translation. Enterasys Matrix DFE-Gold Series Configuration Guide 18-13 Configuring Network Address Translation (NAT)
Page 636: Set Router Limits (Nat)
Defaults None. Mode Switch Command: Matrix(rw)‐>. Usage Bindings and cache use valuable memory resources. By default these setting are set to maximum values. Use this command to free memory resources by limiting the number of bindings and cache size. The chassis or system must be rebooted for any new change to take effect. This command must be executed from the switch CLI. Note: Router limits can also be set in the following contexts: To set LSNAT router limits see To set TWCB router limits see 18-14 Network Address Translation (NAT) Configuration (Optional) Specifies the maximum number of NAT bindings for this ...
Page 637: Show Router Limits (Nat)
NAT maximum Interface Configs NAT maximum global address Configs NAT maximum global port Configs (Optional) Displays the NAT maximum bindings limit. (Optional) Displays the NAT cache size limit. (Optional) Displays the NAT dynamic configuration limit. (Optional) Displays the NAT static mappings configuration limit. (Optional) Displays the NAT interface configuration limit. (Optional) Displays the NAT global address configuration limit. (Optional) Displays the NAT global port configuration limit. Enterasys Matrix DFE-Gold Series Configuration Guide 18-15 Configuring Network Address Translation (NAT) 32000 (default) 2000 (default) (default) 32000 (default) 2000...
Page 638: Clear Router Limits (Nat)
Defaults If no parameters are specified, all router limits are reset, including TWCB, LSNAT and route‐table router limits. Mode Switch Command: Matrix(rw)‐>. Usage Note: Router limits can also be cleared in the following contexts: To clear LSNAT router limits see To clear TWCB router limits see If you do not specify a parameter when issuing a clear router limits command, router limits for all contexts are reset to the default value.
Page 639 (NAT) Configuring Network Address Translation (NAT) Example This example resets the NAT cache router limits setting to the default value: Matrix(rw)->clear router limits nat-cache Enterasys Matrix DFE-Gold Series Configuration Guide 18-17...
Page 640 Configuring Network Address Translation (NAT) clear router limits (NAT) 18-18 Network Address Translation (NAT) Configuration...
Page 641: Chapter 19: Lsnat Configuration
LSNAT is an advanced routing feature that must be enabled with a license key. If you have purchased an advanced license key, and have enabled routing on the device, you must activate your license as described in Activating Licensed Features on page purchase an advanced routing license, contact Enterasys Networks Sales. About LSNAT As defined in RFC 2391, LSNAT supports network reliability and availability by enabling high ...
Page 642: Session Persistence
Configuring Load Sharing Network Address Translation (LSNAT) • When different virtual server IPs (VIPs) share the same real server in different server farms, the persistence level must be set the same. • In general, in order to edit or delete a virtual server or real server (serverfarm) configuration, the devices must be first configured “out of service” (no inservice) before the changes will be allowed. Session Persistence Load balancing clients connect to a virtual IP address which, in reality, is redirected to one of several physical servers in a load balancing server farm group. In many web page display applications, a client may have its requests redirected to and serviced by different servers in the group. In certain situations, however, it may be critical that all traffic for the client be directed to the same physical server for the duration of the session—this is the concept of session persistence. When the router receives a new session request from a client for a specific virtual address, the router creates a binding between the client (source) IP address/port socket and the (destination) IP address/port socket of the load balancing server selected for this client. Subsequent packets from clients are compared to the list of bindings. If there is a match, the packet is sent to the same server previously selected for this client. If there is not a match, a new binding is created. How the router determines the binding match for session persistence is configured with the persistence level command when the virtual server is created. There are three configurable levels of session persistence: • TCP persistence — a binding is determined by the matching the source IP/port address as well as the virtual destination IP/port address. For example, requests from the client address of 134.141.176.10:1024 to the virtual destination address 207.135.89.16:80 is considered one session and would be directed to the same load balancing server (for example, the server with IP address 10.1.1.1). A request from a different source socket from the same client address to the same virtual destination address would be considered another session and may be directed to a different load balancing server (for example, the server with IP address 10.1.1.2). This is the default level of session persistence. • SSL persistence — a binding is determined by matching the source IP address and the virtual destination IP/port address. Note that requests from any source socket with the client IP ...
Page 643: Configuring Direct Access To Real Servers
If you also want to provide direct client access to real servers configured as part of a server farm group, there are two mechanisms that can provide direct client access. The first mechanism, configured within virtual server configuration mode with the allow accessservers command, allows you to identify specific clients who can set up connections directly to a real server’s IP address, as well as continue to use the virtual server IP address. The second mechanism, configured in Global configuration mode with the ip slb allowaccess_all command, allows all clients to directly access all services provided by real servers, except for those services configured to be accessed by means of a configured virtual server. The real servers are still protected from direct client access for configured services only. For example, using this mechanism, if you configured a load balancing server group containing “realserver1” and “realserver2” to provide HTTP service through virtual server “vserver‐http,” clients can only access the HTTP service on those real servers by means of the “vserver‐http” virtual server. However, clients can directly access “realserver1” and “realserver2” for any services other than HTTP. If you combine the two mechanisms, that is, configure ip slb allowaccess_all at the Global configuration mode and also configure allow accessservers within a virtual server’s configuration mode, the clients identified with the allow accessservers command will have direct access to the real servers for all services (including those provided by a virtual server) and be blocked from using the virtual server. So for example, an “allowed” client can access “realserver1” and “realserver2” directly for all services, including HTTP, but cannot access those servers for HTTP by means of the “vserver‐http” virtual server. Service Verification UPD port service verification can be enabled on one or more load balancing servers. The firmware accomplishes this by sending a UDP packet with “\r\n” (Carriage Return / Line Feed) as data to Configuring Load Sharing Network Address Translation (LSNAT) Enterasys Matrix DFE-Gold Series Configuration Guide 19-3...
Page 644: Application Content Verification (Acv)
Configuring Load Sharing Network Address Translation (LSNAT) the UDP port. If the server responds with an ICMP “Port Unreachable” message, it is concluded that the port is not active and the server is reported as “DOWN”. Otherwise, if the server either gets data back from the request to the server or does not get any response at all, it is assumed that the port is active and the server is reported as “UP”. The lack of a response could also be the result of the server itself not being available and could produce an erroneous indication of the server being “UP”. To avoid this when requesting an APP UDP on a UDP port, an ICMP ping is issued first to insure that the server is available before submitting the APP UDP request. This prevents a situation where the UDP port will not return a “Port Unreachable” because of the server itself being down, resulting in LSNAT responding with a false indication that the UDP port is “UP”. Application Content Verification (ACV) Application Content Verification (ACV) can be enabled on a port to verify the content of an application on one or more load balancing servers. ACV is a method of ensuring that data coming from your servers remains intact and does not change without your knowledge. ACV can simultaneously protect against server outages, accidental file modification or deletion, and servers whose security have been compromised. By nature, ACV is protocol independent and is designed to work with any type of server that communicates via formatted ASCII text messages, including HTTP, FTP, and SMTP. For ACV verification, you specify the following: • A string that the router sends to a single server. The string can be a simple HTTP command to get a specific HTML page, or it can be a command to execute a user‐defined CGI script that tests the operation of the application. • The reply that the application on each server sends is back used by the router to validate the content. In the case where a specific HTML page is retrieved, the reply can be a string that appears on the page, such as “OK”. If a CGI script is executed on the server, it should return a specific response (for example, “OK”) that the router can verify. ACV works by sending a command to your server and searching the response for a certain string. If it finds the string, the server is marked as Up. If the string is not found, the server is marked as Down. For example, if you sent the following string to your HTTP server, “HEAD / HTTP/ 1.1\\r\\nHost: www.enterasys.com\\r\\n\\r\\n”, you could expect to get a response of a ...
Page 645: Lsnat Configuration Task List And Commands
(“maxconns” on page 19-18) weight (“weight” on page 19-18) show ip slb vservers (“show ip slb page 19-19) ip slb vserver (“ip slb vserver” on page 19-21) Enterasys Matrix DFE-Gold Series Configuration Guide 19-5 reals” on acv-reply” on acv-quit” on vservers” on...
Page 646: Show Ip Slb Serverfarms
(Optional) Clear server load balancing connections or statistics. Display and set chassis-based LSNAT limits: (Optional) Display and set chassis-based LSNAT address translation limits, from the switch CLI. Note: These commands must be executed from the switch CLI. show ip slb serverfarms Use this command to display server load balancing server farm information.
Page 647: Ip Slb Ftpctrlport
Parameters port‐number Defaults None. Mode Router command, Global configuration mode: Matrix>Router(config)# Usage The “no” form of this command resets the FTP control port to 21. Configuring Load Sharing Network Address Translation (LSNAT) (Optional) Displays detailed output for a specific server farm or for all configured server farms. (Optional) Specifies a server farm name for which to display information. predictor status LEASTCONNECTION ACTIVE ROUNDROBIN ACTIVE ROUNDROBIN ACTIVE ROUNDROBIN ACTIVE Specifies an FTP port number Enterasys Matrix DFE-Gold Series Configuration Guide 19-7 rserver rserver...
Page 648: Ip Slb Serverfarm
Configuring Load Sharing Network Address Translation (LSNAT) Example This example shows how to specify port 46 as the FTP control port for server load balancing: Matrix>Router(config)#ip slb ftpctrlport 46 ip slb serverfarm Use this command to identify an LSNAT server farm and enable server load balancing (SLB) server farm configuration mode. Syntax ip slb serverfarm serverfarmname no ip slb serverfarm serverfarmname Parameters serverfarmname Defaults None. Mode Router command, Global configuration mode: Matrix>Router(config)# Usage The “no” form of this command deletes the server farm from the LSNAT configuration. Example This example shows how to identify a server farm named “httpserver” and enable configuration mode for that server farm: Matrix>Router(config)#ip slb serverfarm httpserver Matrix>Router(config-slb-sfarm)# real Use this command to add a real LSNAT server to a server farm and to enable LSNAT real server ...
Page 649: Predictor
Matrix>Router(config-slb-sfarm)#real 10.1.2.3 port 80 Matrix>Router(config-slb-real)# predictor Use this command to specify which load balancing algorithm to use for selecting a real server in an LSNAT server farm. Syntax predictor [roundrobin | leastconns] no predictor Parameters roundrobin | leastconns Defaults If not specified, Round Robin will be used as the selection algorithm. Mode Router command, SLB Server Farm Configuration mode: Matrix>Router(config‐slb‐sfarm)# Usage The “no” form of this command resets the selection algorithm to Round Robin. Configuring Load Sharing Network Address Translation (LSNAT) (Optional) Specifies Round Robin or Least Connections as the selection algorithm. Enterasys Matrix DFE-Gold Series Configuration Guide 19-9...
Page 650: Sticky
Configuring Load Sharing Network Address Translation (LSNAT) Example This example shows how to specify Least Connections as the server selection algorithm for the “httpserver” server farm: Matrix>Router(config)#ip slb serverfarm httpserver Matrix>Router(config-slb-sfarm)#predictor leastconns sticky Use this command to configure sticky session persistence for this server farm. Syntax sticky no sticky Parameters None. Defaults None. Mode Router command, SLB Server Farm Configuration mode: Matrix>Router(config‐slb‐sfarm)# Usage See “Sticky Persistence Configuration Considerations” on page 19‐2 for more information. This command is used in conjunction with the persistence level sticky command described in “persistence level” on page 19‐25. The “no” form of this command removes this server farm using persistence sticky. Example This example shows how to set sticky persistence for the “lsnat” server farm: Matrix>Router(config)#ip slb serverfarm lsnat Matrix>Router(config-slb-sfarm)#sticky show ip slb reals Use this command to display information about the real servers.
Page 651 Maximum Connections : 350 Real Server Weight : 2 InService Real Server Port : 80 Fail Detect Ping Retries:4 Ping Interval : 200 Fail Detect App Retries:4 App Interval : 15 Fail Detect Type : ping Enterasys Matrix DFE-Gold Series Configuration Guide 19-11...
Page 652: Show Ip Slb Reals Output Details
Configuring Load Sharing Network Address Translation (LSNAT) real-serv-ip:port ------------------------------------------------------------------------------ 192.169.1.11:23 192.169.1.10:23 192.169.2.14:21 192.169.2.13:21 10.3.0.3:80 10.3.0.2:80 10.3.0.1:80 192.169.2.13:0 Table 19‐2 provides an explanation of the detailed command output. Table 19-2 show ip slb reals Output Details Output... Server Farm Real Server IP Real Server Port Fail Detect Ping/App Retries Fail Detect Type Current Connections Current State...
Page 653: Inservice (Real Server)
Syntax faildetect {type {both | ping | app [upd] | acv [udp]}} | ping-int seconds ping- retries number | app-int seconds app-retries number no faildetect Configuring Load Sharing Network Address Translation (LSNAT) Enterasys Matrix DFE-Gold Series Configuration Guide 19-13...
Page 654 Configuring Load Sharing Network Address Translation (LSNAT) Parameters type both | ping | app [upd] | acv [udp] ping‐int seconds ping‐retries number app‐int seconds app‐retries number Defaults If not specified, ping will be chosen as the fail detection type. Unless the UDP option is specified, app defaults to TCP. Mode Router command, SLB Real Server Configuration mode: Matrix>Router(config‐slb‐real)# Usage The “no” form of this command resets the fail detection configuration parameters to default values. Examples This example shows how to set the ping interval to 10 seconds and the retry number to 6 for the real server at IP 10.1.2.3 in the “httpserver” server farm: Matrix>Router(config)#ip slb serverfarm httpserver Matrix>Router(config-slb-sfarm)#real 10.1.2.3 port 80 Matrix>Router(config-slb-real)#faildetect ping-int 10 ping-retries 6 Matrix>Router(config-slb-real)#inservice This example sets the app type to UPD for the real server at IP 10.1.2.4 in the “SF‐UDP” server farm: Matrix>Router(config)#ip slb serverfarm SF-UPD Matrix>Router(config-slb-sfarm)#real 10.1.2.4 port 7...
Page 655: Faildetect Acv-Command
Feed. Example This example sends the command string “HEAD / HTTP/1.1\\r\\nHost: www.enterasys.com\\r\\n\\r\\n” to the server application port 7: Matrix>Router(config)#ip slb serverfarm SF-UPD Matrix>Router(config-slb-sfarm)#real 10.1.2.4 port 7 Matrix>Router(config-slb-real)#faildetect type app udp Matrix>Router(config-slb-real)#faildetect acv-command “HEAD / HTTP/1.1\\r\\nHost: www.enterasys.com\\r\\n\\r\\n” Matrix>Router(config-slb-real)#inservice Configuring Load Sharing Network Address Translation (LSNAT) Specifies the command string sent to the application port of the server. Enterasys Matrix DFE-Gold Series Configuration Guide 19-15...
Page 656: Faildetect Acv-Reply
Configuring Load Sharing Network Address Translation (LSNAT) faildetect acv-reply Use this command to set the expected validation ACV reply string from the server application port. Syntax faildetect acv-reply “reply-string” Parameters reply‐string Defaults None. Mode Router command, SLB Real Server Configuration mode: Matrix>Router(config‐slb‐real)# Usage The reply to the ACV command‐string is validated against the ACV reply‐string specified in this command. Example This example expects to receive “200 OK” in reply to the command string sent to the server application port 7: Matrix>Router(config)#ip slb serverfarm SF-UPD Matrix>Router(config-slb-sfarm)#real 10.1.2.4 port 7 Matrix>Router(config-slb-real)#faildetect type app udp Matrix>Router(config-slb-real)#faildetect acv-reply “200 OK” Matrix>Router(config-slb-real)#inservice faildetect acv-quit Use this command when the protocol requires the user to issue a command to close the session.
Page 657: Faildetect Read-Till-Index
Mode Router command, SLB Real Server Configuration mode: Matrix>Router(config‐slb‐real)# Usage The router will search from the beginning of the file up to the read‐till‐index number of characters for the start of the acv‐reply string. Example This example sets the read to index for this search to 100 characters: Matrix>Router(config)#ip slb serverfarm SF-UPD Matrix>Router(config-slb-sfarm)#real 10.1.2.4 port 25 Matrix>Router(config-slb-real)#faildetect acv-command “noop\\r\\n” acv-reply “OK” Matrix>Router(config-slb-real)#faildetect read-till-index 100 Matrix>Router(config-slb-real)#inservice Configuring Load Sharing Network Address Translation (LSNAT) Specifies the index to read to in the reply search range. Valid values: 1‐255. Default: 255. Enterasys Matrix DFE-Gold Series Configuration Guide 19-17...
Page 658: Maxconns
Configuring Load Sharing Network Address Translation (LSNAT) maxconns Use this command to limit the number of connections to a real LSNAT server. Syntax maxconns maximum-number no maxconns Parameters maximum‐number Defaults None. Mode Router command, SLB Real Server Configuration mode: Matrix>Router(config‐slb‐real)# Usage The “no” form of this command removes the limit of connections to the server. Example This example shows how to limit the number of connections to 20 on the real server at IP 10.1.2.3 in the “httpserver” server farm: Matrix>Router(config)#ip slb serverfarm httpserver Matrix>Router(config-slb-sfarm)#real 10.1.2.3 port 80 Matrix>Router(config-slb-real)#faildetect ping-int 10 ping-retries 6 Matrix>Router(config-slb-real)#maxconns 20 Matrix>Router(config-slb-real)#inservice weight Use this command to specify the weight load number of a real server that is a member of an ...
Page 659: Show Ip Slb Vservers
Matrix Router(config)#>show ip slb vservers virt-serv ------------------------------------------------------------------------------ telnet wftpd Configuring Load Sharing Network Address Translation (LSNAT) (Optional) Displays detailed output for a specific virtual server or for all configured virtual servers. (Optional) Specifies a virtual server name for which to display information. vserv vserv-ip-addr port server-farm 192.169.10.1 matrix 192.169.10.3 ftpserver Enterasys Matrix DFE-Gold Series Configuration Guide 19-19 persistence service type level ins name STICKY 200...
Page 660: Show Ip Slb Vservers Output Details
Configuring Load Sharing Network Address Translation (LSNAT) five test This example shows how to display detailed information about the “test” virtual server: Matrix Router(config)#>show ip slb vservers test detail Virtual Server : test Virtual Server IP : 192.168.2.2 Port : 23 Server Farm : test1 Persistence Type : TCP Level : 240 Virtual Server Protocol Type : TCP In Service Service Name :...
Page 661: Ip Slb Vserver
Clients with permission to access this server. Set with the client command as described in “client” on page 19-24. Clients with permission to access this server without LSNAT translation. Set with the allow accessservers command as described “allow accessservers” on page 19-27. Specifies a virtual server name. Enterasys Matrix DFE-Gold Series Configuration Guide 19-21...
Page 662: Serverfarm (Virtual Server)
Configuring Load Sharing Network Address Translation (LSNAT) serverfarm (Virtual Server) Use this command to associate a virtual server with an LSNAT server farm. Syntax serverfarm serverfarm-name no serverfarm serverfarm-name Parameters serverfarm‐name Defaults None. Mode Router command, SLB Virtual Server Configuration mode: Matrix>Router(config‐slb‐vserver)# Usage The “no” form of this command removes the virtual server association. Example This example shows how to associate the virtual server named “virtual‐http” to the “httpserver” server farm: Matrix>Router(config)#ip slb serverfarm httpserver Matrix>Router(config-slb-sfarm)#real 10.1.2.1 port 80 Matrix>Router(config-slb-real)#inservice Matrix>Router(config-slb-real)#exit Matrix>Router(config-slb-sfarm)#real 10.1.2.3 port 80 Matrix>Router(config-slb-real)#inservice Matrix>Router(config-slb-real)#exit Matrix>Router(config-slb-sfarm)#exit...
Page 663 The following port name keywords may be used: ftp — File Transfer Protocol, port 21 telnet — Telnet, port 23 www — World Wide Web, port 80 (Optional) Specifies the service to be accessed through this virtual server IP address when TCP is specified. Currently, only ftp may be specified. Enterasys Matrix DFE-Gold Series Configuration Guide 19-23...
Page 664: Inservice (Virtual Server)
Configuring Load Sharing Network Address Translation (LSNAT) inservice (virtual server) Use this command to enable a virtual LSNAT server. Syntax inservice no inservice Parameters None. Defaults None. Mode Router command, SLB Virtual Server Configuration mode: Matrix>Router(config‐slb‐vserver)# Usage The “no” form of this command removes the virtual server from service. Example This example shows how to enable virtual server named “virtual‐http”: Matrix>Router(config)#ip slb serverfarm httpserver Matrix>Router(config-slb-sfarm)#real 10.1.2.1 port 80 Matrix>Router(config-slb-real)#inservice Matrix>Router(config-slb-real)#exit Matrix>Router(config-slb-sfarm)#real 10.1.2.3 port 80 Matrix>Router(config-slb-real)#inservice Matrix>Router(config-slb-real)#exit Matrix>Router(config-slb-sfarm)#exit Matrix>Router(config)#ip slb vserver virtual-http...
Page 665: Persistence Level
Matrix>Router(config-slb-vserver)#client 100.12.22.42 255.255.255.0 persistence level Use this command to set the type of binding used and the time limit to allow clients to remain bound to an LSNAT virtual server. Syntax persistence level [tcp | ssl | sticky] timeperiod no persistence level {tcp | ssl | sticky} Configuring Load Sharing Network Address Translation (LSNAT) (Optional) Specifies a client’s IP address. (Optional) Specifies a client’s network mask. Enterasys Matrix DFE-Gold Series Configuration Guide 19-25...
Page 666 Configuring Load Sharing Network Address Translation (LSNAT) Parameters tcp | ssl | sticky timeperiod Defaults If not specified, persistence level is set to TCP. Mode Router command, SLB Virtual Server Configuration mode: Matrix>Router(config‐slb‐vserver)# Usage See “Session Persistence” on page 19‐2 for more information. The “no” form of this command resets the timeout to the default of 240 seconds for TCP, 7200 seconds for SSL, and 7200 seconds for Sticky. Examples This example shows how to set the TCP session persistence timeout to 360 seconds on the virtual server named “virtual‐http”: Matrix>Router(config)#ip slb serverfarm httpserver Matrix>Router(config-slb-sfarm)#real 10.1.2.1 port 80 Matrix>Router(config-slb-real)#inservice Matrix>Router(config-slb-real)#exit Matrix>Router(config-slb-sfarm)#real 10.1.2.3 port 80 Matrix>Router(config-slb-real)#inservice Matrix>Router(config-slb-real)#exit Matrix>Router(config-slb-sfarm)#exit Matrix>Router(config)#ip slb vserver virtual-http Matrix>Router(config-slb-vserver)#serverfarm httpserver Matrix>Router(config-slb-vserver)#virtual 10.1.4.5 tcp www Matrix>Router(config-slb-vserver)#persistence level tcp 360...
Page 667: Allow Accessservers
Matrix>Router(config-slb-vserver)#persistence level sticky Matrix>Router(config-slb-vserver)#inservice allow accessservers Use this command to allow specific clients to access the load balancing real servers in a particular LSNAT server farm without address translation. Syntax allow accessservers client‐ip‐start client‐ip‐end no allow accessservers client‐ip‐start client‐ip‐end Parameters client‐ip‐start client‐ip‐end Defaults None. Mode Router command, SLB Virtual Server Configuration mode: Matrix>Router(config‐slb‐vserver)# Usage Specified clients can set up connections directly to the real servers’ IP addresses, as well as to the virtual server IP address (VIP). For more information about using this command, see “Configuring Direct Access to Real Servers” on page 19‐3. The “no” form of this command removes non‐LSNAT access permission from the specified clients. Configuring Load Sharing Network Address Translation (LSNAT) Specifies an IP address at the start of the range of clients to be allowed access. Specifies an IP address at the end of the range of clients to be allowed access. Enterasys Matrix DFE-Gold Series Configuration Guide 19-27...
Page 668: Ip Slb Allowaccess_All
Configuring Load Sharing Network Address Translation (LSNAT) Example This example shows how to allow clients at 10.24.16.12 through 10.24.16.42 non‐LSNAT access to the virtual server named “virtual‐http”: Matrix>Router(config)#ip slb vserver virtual-http Matrix>Router(config-slb-vserver)#allow accessservers 10.24.16.12 10.24.16.42 ip slb allowaccess_all Use this command to allow all clients to directly access all services provided by real servers, except for those services configured for server load balancing. Syntax ip slb allowaccess_all no ip slb allowaccess_all Parameters None Defaults None. Mode Router command, Global configuration mode: Matrix>Router(config)# Usage The real servers are still protected from direct client access for configured services only. See “Configuring Direct Access to Real Servers” on page 19‐3 for more information about using this command in conjunction with the virtual server configuration mode command allow ...
Page 669: Show Ip Slb Conns
Configuring Load Sharing Network Address Translation (LSNAT) (Optional) Displays detailed output for a specific virtual server, a specific client, or for all configured virtual servers and clients. (Optional) Specifies a virtual server name for which to display information. (Optional) Specifies a client IP for which to display information. client-ip rport cl-prt ptcl state 192.168.1.137 1063 192.168.1.137 1128 192.168.1.137 192.168.1.253 1084 192.168.1.253 Enterasys Matrix DFE-Gold Series Configuration Guide 19-29 OUT-SERVR REPLY OUT-SERVR REPLY OUT-SERVR REPLY OUT-SERVR REPLY OUT-SERVR REPLY...
Page 670: Show Ip Slb Stats
Configuring Load Sharing Network Address Translation (LSNAT) 192.169.1.11 This example shows how to display detailed information about active server load balancing connections: Matrix>Router#show ip slb conns detail Connection Flow ID : 3 Real Server IP : 172.17.1.2 Client IP : 169.225.1.50 Real Server Port : 1003 Client Port : 1113 Protocol : TCP Created Time stamp : 2004/3/24 14:34:17 Connection State : outgoing server reply state Connection Flow ID : 2...
Page 671: Show Ip Slb Sticky
Parameters client ip‐address Defaults If client is not specified, all server load balancing active sticky connections are displayed. Mode Router command, Any router mode. Examples This example shows how to display all server load balancing active sticky connections. Matrix>Router#show ip slb sticky client-ip ------------------------------------------------------------------------ 192.170.1.253 192.168.1.90 Configuring Load Sharing Network Address Translation (LSNAT) established conns deleted conns (Optional) Display sticky connections for a particular client. real-server-ip 192.169.1.11 192.169.2.14 Enterasys Matrix DFE-Gold Series Configuration Guide 19-31 conns ftp-cntrl...
Page 672: Clear Ip Slb
This example shows how to remove all server load balancing connections: Matrix>Router#clear ip slb connections all show router limits (LSNAT) Use this command to display LSNAT router limits. Syntax show router limits [lsnat-bindings] | [lsnat-cache] | [lsnat-configs] Parameters lsnat‐bindings lsnat‐cache lsnat‐configs Defaults If no options are specified, all router limits will be displayed. Mode Switch command, Read‐Only. 19-32 LSNAT Configuration Clears all server load balancing counters. Removes all server load balancing connections, or those associated with a specific flow‐ID, server farm name, or virtual server name. (Optional) Displays the LSNAT maximum bindings limit. (Optional) Displays the LSNAT cache size limit. (Optional) Displays the LSNAT configuration limit. clear ip slb...
Page 673: Set Router Limits (Lsnat)
• 1 to 50 server farms, virtual servers, and direct access entries can be configured • 10 to 500 real servers and client access entries can be configured Enterasys Matrix DFE-Gold Series Configuration Guide 19-33 32000 (default) 2000 (default) (default)
Page 674: Clear Router Limits (Lsnat)
Defaults • If not specified, maximum bindings will be set to the default value of 5000. • If not specified, cache size will be set to the default value of 1000. • If not specified, maximum configs will be set to the default value of 50. That is, up to 50 server farms, 50 virtual servers, and 50 direct access entries can be configured, and up to 500 real servers and 500 client access entries can be configured. Mode Switch command, Read‐Write. Usage The chassis or system must be rebooted for any new change to take effect. This command must be executed from the switch CLI. Note: Router limits can also be set in the following contexts: To set NAT router limits see To set TWCB router limits see Example This example shows how to set the LSNAT configuration limit to 25. This means that up to 25 server farms, 25 virtual servers, and 25 direct access entries can be configured, and up to 250 real ...
Page 675 To clear NAT router limits see To clear TWCB router limits see Example This example shows how to reset all chassis‐based LSNAT limits: Matrix(rw)->clear router limits Configuring Load Sharing Network Address Translation (LSNAT) “clear router limits (NAT)” on page 18-16. “clear router limits (TWCB)” on page 23-17. Enterasys Matrix DFE-Gold Series Configuration Guide 19-35...
Page 676 Configuring Load Sharing Network Address Translation (LSNAT) clear router limits (LSNAT) 19-36 LSNAT Configuration...
Page 677: Chapter 20: Dhcp Configuration
The DHCP protocol is based on a client‐server model in which a designated DHCP server allocates network addresses and delivers configuration parameters to dynamically configured clients. Throughout the remainder of this section, the term “server” refers to a host providing initialization parameters through DHCP, and the term “client” refers to a host requesting initialization parameters from a DHCP server. DHCP supports the following mechanisms for IP address allocation: • Automatic — DHCP assigns an IP address to a client for a limited period of time (or until the client explicitly relinquishes the address). • Manual — A clientʹs IP address is assigned by the network administrator, and DHCP is used simply to convey the assigned address to the client. The amount of time that a particular IP address is valid for a system is called a lease. The Enterasys Matrix‐N or standalone device maintains a lease database which contains information about each assigned IP address, the MAC address to which it is assigned, the lease expiration, and whether the address assignment is dynamic or static. The DHCP lease database is stored in flash memory. Configuring DHCP By default, the DHCP server is not enabled on the Enterasys Matrix‐N or standalone device. You can selectively enable DHCP service on particular interfaces and not others. To enable DHCP service on an interface, you must first define a DHCP scope. A scope consists of a pool of IP addresses and a set of parameters for a DHCP client. The parameters are used by the client to configure its network environment, for example, the default gateway and DNS domain name. DHCP Configuration Modes” on page 2-103. Enterasys Matrix DFE-Gold Series Configuration Guide 20-1...
Page 678: Dhcp Supported Options
DHCP Overview To configure DHCP on the Enterasys Matrix‐N or standalone device, you must configure an IP address pool, client parameters, and optional static IP address for a specified scope. Where several subnets are accessed through a single port, you can also define multiple scopes on the same interface and group the scopes together into a superscope. DHCP Task List The CLI commands for DHCP Server provide functionality for: Configuring a DHCP local pool for a subnet (required) Excluding IP addresses not to be assigned to the clients by the DHCP server (optional) Configuring a DHCP pool (required) Configuring manual bindings of IP addresses and client hardware addresses (optional) Configuring a DHCP server boot file (optional) Monitoring and maintaining DHCP server services (optional) Enabling DHCP service on a routing interface (required) DHCP Supported Options Table 20‐1 lists the DHCP server option names and codes supported by the firmware. All options specified in Table commonly‐used options may also be configured using dedicated commands: “domain‐name” on page 20‐9, “dns‐server” on page 20‐10, “netbios‐name‐server” on page 20‐11, “netbios‐node‐type” on page 20‐11, and “default‐router” on page 20‐12. Except where noted, all options are defined in RFC‐2132. In addition, the site‐specific option codes designated by RFC‐2132 (128‐254) may be used to define options for use within a site or an organization. Some vendors have made use of site‐specific options to configure their product features. Table 20-1 DHCP Server Supported Options DHCP Option Subnet Mask Time Offset Router...
Page 679 NetBIOS Over TCP/IP Name Server NetBIOS Over TCP/IP Datagram Distribution Server NetBIOS Over TCP/IP Node Type NetBIOS Over TCP/IP Scope X Window System Font Server X Window System Display Manager Option Code Enterasys Matrix DFE-Gold Series Configuration Guide 20-3 DHCP Overview...
Page 680: Dhcp Command Modes
DHCP Overview Table 20-1 DHCP Server Supported Options DHCP Option Renewal Time Value Rebinding Time Value NIS+ Domain NIS+ Servers Mobile IP Home Agent SMTP Server POP3 Server NNTP Server Default WWW Server Default Finger Server Default IRC Server StreetTalk Server StreetTalk Directory Assistance Server Relay Agent Information Subnet Selection...
Page 681: Commands
Mode. Type client- Matrix>Router identifier and the (config-dhcp-host)# identifier, or hardware-address and an address from any DHCP configuration mode. Refer to page... Enterasys Matrix DFE-Gold Series Configuration Guide 20-5 DHCP Overview 20-6 20-6 20-7 20-8 20-8 20-9 20-9 20-10 20-11...
Page 682: Ip Dhcp Server
DHCP Overview For information about... clear ip dhcp binding show ip dhcp server statistics clear ip dhcp server statistics ip dhcp server Use this command to enable DHCP server features on a routing interface. Syntax ip dhcp server no ip dhcp Parameters None. Defaults None. Mode Router command, Interface configuration: Matrix>Router(config‐if(Vlan 1))# Usage The “no” form of this command disables DHCP server features on one or all routing interfaces. Example This example shows how to enable DHCP server on VLAN 1: Matrix>Router(config)#interface vlan 1 Matrix>Router(config-if(Vlan 1))ip dhcp server ip local pool...
Page 683: Exclude
Syntax exclude ip-address number no exclude ip-address number Parameters ip‐address number Defaults None. Mode Router command, IP Local Pool configuration: Matrix>Router(ip‐local‐pool)# Usage The “no” form of this command removes the addresses from the list of addresses excluded from the local pool. Example This example shows how to exclude 2 IP addresses beginning with 172.20.28.254 from the “localpool” address pool: Matrix>Router(config)#ip local pool localpool Matrix>Router(ip-local-pool)#exclude 172.20.28.254 2 Specifies the starting IP address to be excluded from this pool. Specifies the number of addresses to be excluded. Valid values are 1 ‐ 65535. Enterasys Matrix DFE-Gold Series Configuration Guide 20-7 DHCP Overview...
Page 684: Ip Dhcp Ping Packets
DHCP Overview ip dhcp ping packets Use this command to specify the number of packets a DHCP server sends to an IP address before assigning the address to a requesting client. Syntax ip dhcp ping packets number no ip dhcp ping packets Parameters number Defaults None. Mode Router command, Global configuration: Matrix>Router(config)# Usage The “no” form of this command prevents the sever from pinging IP addresses. Example This example shows how to set the number of DHCP ping attempts to 6: Matrix>Router(config)#ip dhcp ping packets 6 ip dhcp ping timeout Use this command to specify the amount of time the DHCP server will wait for a ping reply from an IP address before timing out. Syntax ip dhcp ping timeout milliseconds no ip dhcp ping timeout...
Page 685: Ip Dhcp Pool
Specifies a DHCP address pool name. Note: This must match the previously configured name assigned with the ip local pool command as described in Enterasys Matrix DFE-Gold Series Configuration Guide 20-9 DHCP Overview “ip local pool” on page 20-6.
Page 686: Dns-Server
DHCP Overview Parameters domain Defaults None. Mode Router command, Any DHCP configuration mode. Usage This command configures DHCP option 15. The “no” form of this command deletes a DHCP domain name. Example This example shows how to assign the “mycompany.com” domain name to the “localpool” address pool: Matrix>Router(config)#ip dhcp pool localpool Matrix>Router(config-dhcp-pool)#domain-name mycompany.com dns-server Use this command to assign one or more DNS servers to DHCP clients. Syntax dns-server address [address2...address8] no dns-server Parameters address address2... address8 Defaults If address2...address8 is not specified, no additional addresses will be configured. Mode Router command, Any DHCP configuration mode. Usage This command configures DHCP option 6. The “no” form of this command deletes the DNS server list. 20-10 DHCP Configuration Specifies a domain name string.
Page 687: Netbios-Name-Server
Parameters address address2... address8 Defaults If address2...address8 is not specified, no additional addresses will be configured. Mode Router command, Any DHCP configuration mode. Usage This command configures DHCP option 44. The “no” form of this command deletes the NetBIOS WINS server list. Example This example shows how to assign a NetBIOS WINS server at 13.12.1.90 to the “localpool” address pool: Matrix>Router(config)#ip dhcp pool localpool Matrix>Router(config-dhcp-pool)#netbios-name-server 13.12.1.90 netbios-node-type Use this command to assign a NetBIOS node (server) type to DHCP clients. Syntax netbios-node-type type no netbios-node-type Specifies the IP address of a NetBIOS WINS server. (Optional) Specifies, in order of preference, up to 7 additional NetBIOS WINS server IP address(es). Enterasys Matrix DFE-Gold Series Configuration Guide 20-11 DHCP Overview...
Page 688: Default-Router
DHCP Overview Parameters type Defaults None. Mode Router command, Any DHCP configuration mode. Usage This command configures DHCP option 46. The “no” form of this command deletes the NetBIOS node type. Example This example shows how to specify hybrid as the NetBIOS node type for the “localpool” address pool: Matrix>Router(config)#ip dhcp pool localpool Matrix>Router(config-dhcp-pool)#netbios-node type h-node default-router Use this command to assign a default router list to DHCP clients. Syntax default-router address [address2...address8] no default-router Parameters address address2... address8 Defaults If address2...address8 is not specified, no additional addresses will be configured. Mode Router command, Any DHCP configuration mode. 20-12 DHCP Configuration Specifies the NetBIOS node type. Valid values and their corresponding ...
Page 689: Bootfile
Syntax bootfile filename no bootfile Parameters filename Defaults None. Mode Router command, Any DHCP configuration mode. Usage The “no” form of this command deletes the boot image association. Example This example shows how to specify “dhcpboot” as the boot image file in the “localpool” address pool: Matrix>Router(config)#ip dhcp pool localpool Matrix>Router(config-dhcp-pool)#bootfile dhcpboot next-server Use this command to specify the next server in the DHCP server boot process. Syntax next-server ip-address no next-server ip-address Specifies the boot image file name. Enterasys Matrix DFE-Gold Series Configuration Guide 20-13 DHCP Overview...
Page 690: Option
DHCP Overview Parameters ip‐address Defaults None. Mode Router command, Any DHCP configuration mode. Usage The next server is the server the client will contact for the boot file if the primary server is not able to supply it. A next server is usually specified in a manual DHCP binding configuration in order to provide an IP address to a BOOTP client and allow the client to receive the TFTP server address when downloading a boot file image. The “no” form of this command removes the next server. Example This example shows how to specify 192.168.42.13 as the next server in the boot process: Matrix>Router(config)#ip dhcp pool localpool Matrix>Router(config-dhcp-pool)#next-server 192.168.42.13 option Use this command to configure DHCP options. Syntax option code [instance number] {ascii string | hex string | ip address} no option code [instance number] Parameters code instance number...
Page 691: Lease
Matrix>Router(config-dhcp-pool)#option 72 ip 168.24.3.252 168.24.3.253 lease Use this command to specify the duration of the lease for an IP address assigned by a DHCP server to a client. Syntax lease {days [hours] [minutes] | infinite} no lease Parameters days hours minutes infinite Defaults If hours or minutes are not specified, no values will be configured. Mode Router command, DHCP‐Pool, Client‐Class and Hardware‐Address command modes. Specifies the number of days an address lease will remain valid. (Optional) When a days value has been assigned, specifies the number of hour an address lease will remain valid. (Optional) When a days value has been assigned, specifies the number of minutes an address lease will remain valid. Specifies that the duration of the lease will be unlimited. Enterasys Matrix DFE-Gold Series Configuration Guide 20-15 DHCP Overview...
Page 692: Host
DHCP Overview Usage The “no” form of this command resets the lease duration to the default value of 1 day (24 hours). Example This example shows how to set a one‐hour lease to the “localpool” address pool: Matrix>Router(config)#ip dhcp pool localpool Matrix>Router(config-dhcp-pool)#lease 0 1 host Use this command to specify an IP address and network mask for manual DHCP binding. Syntax host address [mask | prefix-length] no host Parameters address mask | prefix‐length Defaults If not specified, DHCP server will examine its defined IP address pools for a mask or prefix‐length. If no mask is found in the IP address pool database, the Class A, B, or C natural mask will be used. Mode Router command, DHCP Pool Configuration mode: Matrix>Router(config‐dhcp‐pool)# Usage The “no” form of this command removes the client IP address. Example This example shows how to set 15.12.1.99 255.255.248.0 as the IP address and subnet mask of a client in the “localpool” address pool: Matrix>Router(config)#ip dhcp pool localpool Matrix>Router(config-dhcp-pool)#hardware-address 0001.f401.2710 Matrix>Router(config-dhcp-host)#host 15.12.1.99 255.255.248.0 client-class...
Page 693: Client-Identifier
Matrix>Router(config)#ip dhcp pool localpool Matrix>Router(config-dhcp-pool)#client-class clientclass1 client-identifier Use this command to enable DHCP host configuration mode and associate a client class with a DHCP client. Syntax client-identifier mac-address [client-class name] no client-identifier unique-identifier Parameters mac‐address client‐class name Defaults If client‐class is not specified, none will be assigned. Mode Router command, Any DHCP configuration mode. Usage The “no” form of this command deletes a client identifier. Specifies a name for a DHCP client class. Specifies the client’s MAC address. (Optional) Specifies the class to which this client will be assigned. Must be configured using the client‐class name as described in “client‐class” on page 20‐16. Enterasys Matrix DFE-Gold Series Configuration Guide 20-17 DHCP Overview...
Page 694: Client-Name
DHCP Overview Example This example shows how to assign client MAC address 00.01f4.0127 within “clientclass1”: Matrix>Router(config)#ip dhcp pool localpool Matrix>Router(config-dhcp-pool)#client-identifier 0100.01f4.0127 client-class clientclass1 client-name Use this command to assign a name to a DHCP client. Syntax client-name name [client-class name] no client-name name Parameters name client‐class name Defaults If client‐class is not specified, none will be assigned. Mode Router command, Any DHCP configuration mode. Usage The “no” form of this command deletes a client name. Example This example shows how to assign “soho1” as a client name in “clientclass1”: Matrix>Router(config)#ip dhcp pool localpool Matrix>Router(config-dhcp-pool)#client-name soho1 client-class clientclass1 hardware-address Use this command to specify parameters for a new DHCP client address. ...
Page 695: Show Ip Dhcp Binding
Use this command to display information about one or all DHCP address bindings. Syntax show ip dhcp binding [ip-address] Parameters ip‐address Defaults If ip‐address is not specified, information about all address bindings will be shown. Mode Router command, Any DHCP configuration mode. Specifies the MAC address of the client’s hardware platform. (Optional) Specifies a hardware protocol or client class name. Valid values and their corresponding meanings are: • 1 ‐ 10Mb Ethernet • 6 or ieee802 ‐ IEEE 802 networks • client‐class name ‐ Client class (configured as described in “show ip dhcp binding” on page 20‐19). • ethernet ‐ 10Mb Ethernet (Optional) Displays bindings for a specific client IP address. Enterasys Matrix DFE-Gold Series Configuration Guide 20-19 DHCP Overview...
Page 696: Clear Ip Dhcp Binding
DHCP Overview Example This example shows how to display the DHCP binding address parameters, including an associated Ethernet MAC addresses, lease expiration dates, type of address assignments, and whether the lease is active: Matrix>(config-dhcp-pool)#show ip dhcp binding IP address 172.28.1.249 172.28.1.254 clear ip dhcp binding Use this command to delete one or all automatic DHCP address bindings. Syntax clear ip dhcp binding {address | *} Parameters address | * Defaults None. Mode Router command, Privileged EXEC: Matrix>Router# Example This example shows how to delete the address binding 18.12.22.99 from the DHCP server bindings database: Matrix>Router#clear ip dhcp binding 18.12.22.99 show ip dhcp server statistics Use this command to display DHCP server statistics.
Page 697: Show Ip Dhcp Server Statistics Output Details
DHCP database. Number of expired leases. Number of truncated or corrupted messages e received by the DHCP server. Message type received by the DHCP server. Enterasys Matrix DFE-Gold Series Configuration Guide 20-21 DHCP Overview...
Page 698: Clear Ip Dhcp Server Statistics
DHCP Overview Table 20-3 show ip dhcp server statistics Output Details (continued) Output... Received Sent clear ip dhcp server statistics Use this command to reset all DHCP server counters. Syntax clear ip dhcp server statistics Parameters None. Defaults None. Mode Router command, Privileged EXEC: Matrix>Router# Example This example shows how to reset all DHCP server counters: Matrix>Router#clear ip dhcp server statistics 20-22 DHCP Configuration What it displays...
Page 699: Chapter 21: Routing Protocol Configuration
Note: Enabling RIP with the router rip and network commands is required if you want to run RIP on the device. All other tasks are optional. Routing Protocol Configuration Modes” on page 2-103. Enterasys Matrix DFE-Gold Series Configuration Guide 21-1 “Enabling Router Refer to page... 21-1...
Page 700: Router Rip
Configuring RIP Table 21-1 RIP Configuration Task List and Commands To do this... Enable RIP configuration mode and associate a network. Allow unicast updates by defining a neighboring router. Configure an administrative distance. Apply offsets to RIP routing metrics. Adjust timers. Specify a RIP version.
Page 701: Network
“Enabling Router Configuration Modes” on page 2‐103. The “no” form of this command disables RIP. Example This example shows how to enable RIP: Matrix>Router#configure terminal Matrix>Router(config)#router rip Matrix>Router(config-router)# network Use this command to attach a network of directly connected networks to a RIP routing process, or to remove a network from a RIP routing process. Syntax network ip-address no network ip-address Parameters ip‐address Defaults None. Mode Router command, Router configuration: Matrix>Router(config‐router)# Usage The “no” form of this command removes the network from the RIP routing process. Specifies the IP address of a directly connected network that RIP will advertise to its neighboring routers. Enterasys Matrix DFE-Gold Series Configuration Guide 21-3 Configuring RIP 2‐8 in ...
Page 702: Neighbor
Configuring RIP Example This example shows how to attach network 192.168.1.0 to the RIP routing process: Matrix>Router(config)#router rip Matrix>Router(config-router)#network 192.168.1.0 neighbor Use this command to instruct the router to send unicast RIP information to an IP address. Syntax neighbor ip-address no neighbor ip-address Parameters ip‐address Defaults None. Mode Router command, Router configuration: Matrix>Router(config‐router)# Usage RIP is normally a broadcast protocol. In order for RIP routing updates to reach nonbroadcast networks, the neighbor’s IP address must be configured to permit the exchange of routing information. The “no” form of this command disables point‐to‐point routing exchanges. Example This example shows how to instruct the system to exchange routing information with neighbor 192.5.10.1: Matrix>Router(config)#router rip Matrix>Router(config-router)#neighbor 192.5.10.1 distance Use this command to configure the administrative distance for RIP routes. Syntax distance weight no distance [weight] 21-4 Routing Protocol Configuration Specifies the IP address of a directly connected neighbor with which ...
Page 703: Ip Rip Offset
Matrix>Router(config-router)#distance 100 ip rip offset Use this command to add or remove an offset to the metric of an incoming or outgoing RIP route. Syntax ip rip offset {in | out} value no ip rip offset {in | out} Parameters value Specifies an administrative distance for RIP routes. Valid values are 1 ‐ 255. Default Distance Applies the offset to incoming metrics. Applies the offset to outgoing metrics. Specifies a positive offset to be applied to routes learned via RIP. Valid values are from 0 to 16. If the value is 0, no action is taken. Enterasys Matrix DFE-Gold Series Configuration Guide 21-5 Configuring RIP...
Page 704: Timers
Configuring RIP Defaults None. Mode Router command, Interface configuration: Matrix>Router(config‐if(Vlan 1))# Usage Adding an offset on an interface is used for the purpose of making an interface a backup. The “no” form of this command removes an offset. Example The following example shows how to add an offset of 1 to incoming RIP metrics on VLAN 1: Matrix>Router(config)#interface vlan 1 Matrix>Router(config-if(Vlan 1))#ip rip offset in 1 timers Use this command to adjust RIP routing timers determining the frequency of routing updates, the length of time before a route becomes invalid, and the interval during which routing information regarding better paths is suppressed. Syntax timers basic update-seconds invalid-seconds holdown-seconds flush-seconds no timers basic Parameters basic update‐seconds invalid‐seconds holdown‐seconds flush‐seconds Defaults None. ...
Page 705: Ip Rip Send Version
Matrix>Router(config-if(Vlan 1))#ip rip send version 2 ip rip receive version Use this command to set the RIP version(s) for update packets accepted on the interface. Syntax ip rip receive version {1 | 2 | 1 2 | none} no ip rip receive version Specifies RIP version 1. Specifies RIP version 2. Specifies that packets be sent as version 2 packets, but transmits these as broadcast packets rather than multicast packets so that systems which only understand RIP version 1 can receive them. Enterasys Matrix DFE-Gold Series Configuration Guide 21-7 Configuring RIP...
Page 706: Key Chain
Configuring RIP Parameters 1 1 2 none Defaults None. Mode Router command, Interface configuration: Matrix>Router(config‐if(Vlan 1))# Usage The “no” form of this command restores the default version of the RIP module update packets that are accepted on the interface. Example This example shows how to set the RIP receive version to 2 for update packets received on VLAN Matrix>Router(config)#interface vlan 1 Matrix>Router(config-if(Vlan 1))#ip rip receive version 2 key chain Creates or deletes a key chain used globally for RIP authentication. Syntax key chain name no key chain name Parameters name Defaults None. Mode Router command, Global configuration: Matrix>Router(config)# Usage The “no” form of this command deletes the specified key chain.
Page 707: Key
Parameters key‐id Defaults None. Mode Router command, Key chain configuration: Matrix>Router(config‐keychain)# Usage This release of the Enterasys Matrix Series firmware supports only one key per key chain. The “no” form of this command removes the key from the key chain. Example This example shows how to create authentication key 3 within the key chain called “md5key”: Matrix>Router(config-router)#key chain md5key Matrix>Router(config-keychain)#key 3 key-string Use this command to specify a RIP authentication string for a key. Once configured, this string must be sent and received in RIP packets in order for them to be authenticated. Syntax key-string text no key-string text Specifies an authentication number for a key. Valid number are from 0 to 4294967295. Only one key is supported per key chain in this Enterasys Matrix Series release. Enterasys Matrix DFE-Gold Series Configuration Guide 21-9 Configuring RIP...
Page 708: Accept-Lifetime
Configuring RIP Parameters text Defaults None. Mode Router command, Key chain key configuration: Matrix>Router(config-keychain-key)# Usage The “no” form of this command removes the authentication string. Example This example shows how to create an authentication string called “password” for key 3 in the “md5key” key chain: Matrix>Router(config-router)#key chain md5key Matrix>Router(config-keychain)#key 3 Matrix>Router(config-keychain-key)#key-string password accept-lifetime Use this command to specify the time period during which an authentication key on a key chain is valid to be received. Syntax accept-lifetime start-time month date year {duration seconds | end-time | infinite} no accept-lifetime start-time month date year Parameters...
Page 709: Send-Lifetime
[start-time month date year] Parameters start‐time month date year duration seconds end‐time infinite Specifies the hours, minutes and seconds (hh:mm:ss) and the month, date and year from the start‐time the key is valid to be received. Specifies that the key is valid to be received from the start‐time on. Specifies the time of day the authentication key will begin to be valid to be sent. Valid input is hours:minutes:seconds (hh:mm:ss). Specifies the month the authentication key will begin to be valid to be sent. Valid input is the first three letters of the month. Specifies the day of the month the authentication key will begin to be valid to be sent. Valid values, depending on the length of the month, are 1 ‐ 31. Specifies the year the authentication key will begin to be valid to be sent. Valid input is four digits up to 2035. Length of time (in seconds) the key is valid to be sent. Valid values are 1 ‐ 4294967295. Specifies the hours, minutes and seconds (hh:mm:ss) and the month, date and year from the start‐time the key is valid to be sent. Specifies that the key is valid to be sent from the start‐time on. Enterasys Matrix DFE-Gold Series Configuration Guide 21-11 Configuring RIP...
Page 710: Ip Rip Authentication Keychain
Configuring RIP Defaults None. Mode Router command, Key chain key configuration: Matrix>Router(config‐keychain‐key)# Usage The “no” form of this command removes the send‐lifetime configuration for an authentication key. Start time can be specified, but is not mandatory. Example This example shows how to allow the “password” authentication key to be sent as valid on its RIP‐configured interface beginning at 2:30 on November 30, 2002 with no ending time (infinitely): Matrix>Router(config-router)#key chain md5key Matrix>Router(config-keychain)#key 3 Matrix>Router(config-keychain-key)#key-string password Matrix>Router(config-keychain-key)#send-lifetime 02:30:00 nov 30 2002 infinite ip rip authentication keychain Use this command to enable or disable a RIP authentication key chain for use on an interface. Syntax ip rip authentication keychain name no ip rip authentication keychain name Parameters name Defaults...
Page 711: Ip Rip Authentication Mode
Usage The RIP authentication keychain must be enabled as described in “ip rip authentication keychain” on page 21‐12 before RIP authentication mode can be configured. The “no” form of this command suppresses the use of authentication. Example This example shows how to set the authentication mode for VLAN 1 as “text”: Matrix>Router(config)#interface vlan 1 Matrix>Router(config-if(Vlan 1))#ip rip authentication mode text no auto-summary Use this command to disable automatic route summarization. Syntax no auto-summary auto-summary Parameters None. Defaults None. Mode Router command, Router configuration: Matrix>Router(config‐router)# Initiates text‐only authentication. Initiates MD5 authentication. Enterasys Matrix DFE-Gold Series Configuration Guide 21-13 Configuring RIP...
Page 712: Ip Rip Disable-Triggered-Updates
Configuring RIP Usage This command is necessary for enabling CIDR for RIP on the Enterasys Matrix Series device. By default, RIP version 2 supports automatic route summarization, which summarizes subprefixes to the classful network boundary when crossing network boundaries. Disabling automatic route summarization enables CIDR, allowing RIP to advertise all subnets and host routing information on the Enterasys Matrix Series device. To verify which routes are summarized for an interface, use the show ip protocols command as described in “show ip protocols” on page 16‐22. The auto‐summary version of the command re‐enables automatic route summarization. Example This example shows how to disable RIP automatic route summarization: Matrix>Router(config)#router rip Matrix>Router(config-router)#no auto-summary ip rip disable-triggered-updates Use this command to prevent RIP from sending triggered updates. Syntax ip rip disable-triggered-updates no ip rip disable-triggered-updates Parameters None. Defaults None. Mode Router command, Interface configuration: Matrix>Router(config‐if(Vlan 1))# Usage Triggered updates are sent when there is a change in the network and a new route with a lower metric is learned, or an old route is lost. This command stops or starts the interface from sending these triggered updates. By default triggered updates are enabled on a RIP interface. The “no” form of this command allows RIP to respond to a request for a triggered update.
Page 713: Ip Split-Horizon Poison
Example This example shows how to disable split horizon poison reverse for RIP packets transmitted on VLAN 1: Matrix>Router(config)#interface vlan 1 Matrix>Router(config-if(Vlan 1))#no ip split-horizon poison passive-interface Use this command to prevent RIP from transmitting update packets on an interface. Syntax passive-interface vlan vlan-id no passive-interface vlan vlan-id Parameters vlan vlan ‐id Defaults None. Specifies the number of the VLAN to make a passive interface. This VLAN must be configured for IP routing as described in “Pre‐Routing Configuration Tasks” on page 2‐100. Enterasys Matrix DFE-Gold Series Configuration Guide 21-15 Configuring RIP...
Page 714: Receive-Interface
Configuring RIP Mode Router command, Router configuration: Matrix>Router(config‐router)# Usage This command does not prevent RIP from monitoring updates on the interface. The “no” form of this command disables passive interface. Example This example shows how to set VLAN 2 as a passive interface. No RIP updates will be transmitted on VLAN 2: Matrix>Router(config)#router rip Matrix>Router(config-router)#passive-interface vlan 2 receive-interface Use this command to allow RIP to receive update packets on an interface. This does not affect the sending of RIP updates on the specified interface. Syntax receive-interface vlan vlan-id no receive-interface vlan vlan-id Parameters vlan‐id Defaults None. Mode Router command, Router configuration: Matrix>Router(config‐router)# Usage The “no” form of this command denies the reception of RIP updates. Example This example shows how to deny the reception of RIP updates on VLAN 2: Matrix>Router(config)#router rip Matrix>Router(config-router)#no receive-interface vlan 2 21-16 Routing Protocol Configuration Specifies the number of the VLAN to make a receive interface. This ...
Page 715: Distribute-List
Use this command to allow routing information discovered through non‐RIP protocols to be distributed in RIP update messages. Syntax redistribute {connected | ospf process-id | static} [metric metric value] [subnets] no redistribute {connected | ospf process-id | static} Specifies the number of the IP access list. This list defines which networks are to be advertised and which are to be suppressed in routing updates. For details on how to configure access lists, refer to “Configuring Access Lists” on page 24‐15. Applies the access list to incoming or outgoing routing updates on the specified VLAN. This VLAN must be configured for IP routing as described in “Pre‐Routing Configuration Tasks” on page 2‐100. Enterasys Matrix DFE-Gold Series Configuration Guide 21-17 Configuring RIP...
Page 716: Redistribute
Configuring RIP Parameters connected ospf process‐id static metric metric value subnets Defaults • If metric value is not specified, 1 will be applied. • If subnets is not specified, only non‐subnetted routes will be redistributed. Mode Router configuration: Matrix>Router(config‐router)# Usage The “no” form of this command clears redistribution parameters. Example This example shows how to redistribute routing information discovered through OSPF process ID 1 non‐subnetted routes into RIP update messages: Matrix>Router(config)#router rip Matrix>Router(config-router)#redistribute ospf 1 21-18 Routing Protocol Configuration Specifies that non‐RIP routing information discovered via directly connected interfaces will be redistributed. Specifies that OSPF routing information will be redistributed in RIP. Specifies the process ID, an internally used identification number for each instance of the OSPF routing process run on a router. Valid values are 1 to 65535. Specifies that non‐RIP routing information discovered via static routes will be redistributed. Static routes are those created using the ip route command detailed in “ip route” on page 16‐26. (Optional) Specifies a metric for the connected, OSPF or static ...
Page 717: Configuring Ospf
OSPF is an advanced routing feature that must be enabled with a license key. If you have purchased an advanced license key, and have enabled routing on the device, you must activate your license as described back in “Activating Licensed purchase an advanced routing license, contact Enterasys Networks Sales. Understanding Graceful Restart OSPF graceful restart, sometimes referred to as non‐stop forwarding, provides for an OSPF router to remain on the forwarding path during a restart of its OSPF software. Graceful‐restart has four ...
Page 718: Purpose
Configuring OSPF own forwarding engine that uses this information to make forwarding decisions locally on the module that receives the frame. These engines independently make forwarding decisions based on route and rule information distributed by the router protocol process. In a stable network, the distributed route and rule information is fairly constant. If the router protocol process was to suddenly fail, forwarding information current at the time of the failure in all probability is usable for the short time after the failure until recovery occurs. During this recovery period, existing connections (that were not directly using the failed module) remain in effect. New connections continue to be installed using the last known ʺgoodʺ forwarding information. The router protocol process that failed is dynamically restarted on another module. The user does not configure where the router process is running. The router forwarding process remains active on every module. The protocol process exchanges protocol and maintains state that it distributes to the other modules and does not have to run on any specific module. One exception to this rule is that the module must have 256M of memory to be router protocol process eligible. Upon failure of a module running the router protocol process, the protocol process is started on a recovery module. One of the first messages it sends to its OSPF neighbors is a grace LSA. High availability failover will successfully occur if the following is true: • The router is enabled for graceful restart • The neighbors are enabled to participate as graceful restart helper • The OSPF dead interval is configured for a sufficient period such that the grace LSA is received by its neighbors before the configured OSPF dead interval expires • And each neighbor is a member of a LAG common to the failed router, allowing the neighbor to remain up Figure 21-1 Physical and Logical Single Router HA Failover Configuration Figure 21‐1 depicts the physical and logical configurations of the single router high availability failover mechanism. The blue lines display direct neighbor connections to the router enabled for ...
Page 719: Ospf Configuration Task List And Commands
21-32) area stub (“area stub” on page 21-33) area default cost (“area default cost” on page 21-34) area nssa (“area nssa” on page 21-34) area virtual-link (“area virtual-link” on page 21-35) Enterasys Matrix DFE-Gold Series Configuration Guide 21-21 Configuring OSPF...
Page 720: Router Ospf
Configuring OSPF Table 21-2 OSPF Configuration Task List and Commands (continued) To do this... Enable passive OSPF mode on an interface. Enable redistribution from non-OSPF routes. Limit link state database overflow. Enable graceful restart Disable graceful restart helper Setting the graceful restart restart-interval Disabling strict LSA checking for graceful restart Monitor and maintain OSPF.
Page 721: Network
Use this command to configure area IDs for OSPF interfaces. Syntax network ip-address wildcard-mask area area-id no network ip-address wildcard-mask area area-id Parameters ip‐address wildcard‐mask area area‐id Defaults None. Mode Router command, Router configuration: Matrix>Router(config‐router)# Usage The “no” form of this command removes OSPF routing for interfaces identified by the IP address and mask parameters. Specifies the IP address of an interface or a group of interfaces within the network address range. Specifies the IP‐address‐type mask that includes “donʹt care” bits. Specifies the area‐id to be associated with the OSPF address range. Valid values are decimal values or IP addresses. A subnet address can be specified as the area‐id to associate areas with IP subnets. Enterasys Matrix DFE-Gold Series Configuration Guide 21-23 Configuring OSPF 2‐8 in ...
Page 722: Router Id
Configuring OSPF Example This example shows how to configure IP address 182.127.62.1 0.0.0.31 as OSPF area 0: Matrix>Router(config)#router ospf 1 Matrix>Router(config-router)#network 182.127.62.1 0.0.0.31 area 0 router id Use this command to set the OSPF router ID for the device. Syntax router id ip-address no router id Parameters ip‐address Defaults None. Mode Router command, Router configuration: Matrix>Router(config‐router)# Usage The OSPF protocol uses the router ID as a tie‐breaker for path selection. If not specified, this will be set to the lowest IP address of the interfaces configured for IP routing. The “no” form of this command resets the router ID to the first interface configured for IP routing. Example This example shows how to set the OSPF router ID to IP address 182.127.62.1: Matrix>Router(config-router)#router id 182.127.62.1 ip ospf cost Use this command to set the cost of sending an OSPF packet on an interface. ...
Page 723: Ip Ospf Priority
Use this command to set the OSPF priority value for router interfaces. Syntax ip ospf priority number no ip ospf priority Parameters number Defaults None. Mode Router command, Interface configuration: Matrix>Router(config‐if(Vlan 1))# Usage The priority value is communicated between routers by means of hello messages and influences the election of a designated router. The “no” form of this command resets the value to the default of 1. Example This example shows how to set the OSPF priority to 20 for VLAN 1: Matrix>Router(config)#interface vlan 1 Matrix>Router(config-if(Vlan 1))#ip ospf priority 20 Specifies the router’s OSPF priority in a range from 0 to 255. Enterasys Matrix DFE-Gold Series Configuration Guide 21-25 Configuring OSPF...
Page 724: Timers Spf
Configuring OSPF timers spf Use this command to change OSPF timer values to fine‐tune the OSPF network. Syntax timers spf spf-delay spf-hold no timers spf Parameters spf‐delay spf‐hold Defaults None. Mode Router command, Router configuration: Matrix>Router(config‐router)# Usage The “no” form of this command restores the default timer values. Example This example shows how to set spf delay time to 7 seconds and hold time to 3: Matrix>Router(config)#ospf 1 Matrix>Router(config-router)#timers spf 7 3 ip ospf retransmit-interval Use this command to set the amount of time between retransmissions of link state advertisements (LSAs) for adjacencies that belong to an interface. Syntax ip ospf retransmit-interval seconds no ip ospf retransmit-interval Parameters seconds...
Page 725: Ip Ospf Transmit-Delay
Syntax ip ospf transmit-delay seconds no ip ospf transmit-delay Parameters seconds Defaults None. Mode Router command, Interface configuration: Matrix>Router(config‐if(Vlan 1))# Usage The “no” form of this command resets the retransmit interval value to the default. Example This example shows how to set the time required to transmit a link state update packet on VLAN 1 at 20 seconds: Matrix>Router(config)#interface vlan 1 Matrix>Router(config-if(Vlan 1))#ip ospf transmit-delay 20 Specifies the transmit delay in seconds. Valid values are from 1 to 65535. Default: 1 Second. Enterasys Matrix DFE-Gold Series Configuration Guide 21-27 Configuring OSPF...
Page 726: Ip Ospf Hello-Interval
Configuring OSPF ip ospf hello-interval Use this command to set the number of seconds a router must wait before sending a hello packet to neighbor routers on an interface. Syntax ip ospf hello-interval seconds no ip ospf hello-interval Parameters seconds Defaults None. Mode Router command, Interface configuration: Matrix>Router(config‐if(Vlan 1))# Usage Each Enterasys Matrix Series routing module or standalone device can support communications between up to 60 neighboring routers. The “no” form of this command sets the hello interval value to the default. Example This example shows how to set the hello interval to 5 for VLAN 1: Matrix>Router(config)#interface vlan 1 Matrix>Router(config-if(Vlan 1))#ip ospf hello-interval 5 ip ospf dead-interval Use this command to set the number of seconds a router must wait to receive a hello packet from its neighbor before determining that the neighbor is out of service.
Page 727: Ip Ospf Authentication-Key
Use this command to assign a password to be used by neighboring routers using OSPF’s simple password authentication. Syntax ip ospf authentication-key password no ip ospf authentication-key Parameters password Defaults If password is not specified, the password will be set to a blank string. Mode Router command, Interface configuration: Matrix>Router(config‐if(Vlan 1))# Usage The password key set with this command will only be used when authentication is enabled for an OSPF area using the area authentication command described in “area authentication” on page 21‐32. All neighboring routers on the same network must have the same password configured to be able to exchange OSPF information. This password is used as a “key” that is inserted directly into the OSPF header in routing protocol packets. A separate password can be assigned to each OSPF network on a per‐interface basis. The “no” form of this command removes an OSPF authentication password on an interface. Specifies an OSPF authentication password. Valid values are alphanumeric strings up to 8 bytes in length. Enterasys Matrix DFE-Gold Series Configuration Guide 21-29 Configuring OSPF...
Page 728: Ip Ospf Message Digest Key Md5
Configuring OSPF Example This example shows how to enables an OSPF authentication key on VLAN 1 with the password “yourpass”: Matrix>Router(config)#interface vlan 1 Matrix>Router(config-if(Vlan 1))#ip ospf authentication-key yourpass ip ospf message digest key md5 Use this command to enable or disable OSPF MD5 authentication on an interface. Syntax ip ospf message-digest-key keyid md5 key no ip ospf message-digest-key keyid Parameters keyid Defaults None. Mode Router command, Interface configuration: Matrix>Router(config‐if(Vlan 1))# Usage This command validates OSPF MD5 routing updates between neighboring routers. The “no” form of this command disables MD5 authentication on an interface.
Page 729: Area Range
Note: The value for intra-area distance must be less than the value for inter- area distance, which must be less than the value for external distance. Specifies an administrative distance for OSPF routes. Valid values are 1 ‐ 255. Default Distance Enterasys Matrix DFE-Gold Series Configuration Guide 21-31 Configuring OSPF...
Page 730: Area Authentication
Configuring OSPF Parameters area‐id ip‐address ip‐mask Defaults None. Mode Router command, Router configuration: Matrix>Router(config‐router)# Usage Each Enterasys Matrix Series module or standalone device can support up to 6 OSPF areas and up to 256 OSPF interfaces running per Enterasys Matrix chassis. The “no” form of this command stops the routes from being summarized. Example This example shows how to define the address range as 172.16.0.0/16 for summarized routes communicated at the boundary of area 0.0.0.0: Matrix>Router(config)#router ospf 1 Matrix>Router(config-router)#area 0.0.0.0 range 172.16.0.0 255.255.0.0 area authentication Use this command to enable or disable authentication for an OSPF area. Syntax area area-id authentication {simple | message-digest} no area area-id authentication {simple | message-digest} Parameters area‐id simple...
Page 731: Area Stub
[no-summary] no area area-id stub [no-summary] Parameters area‐id no‐summary Defaults If no‐summary is not specified, the stub area will be able to receive LSAs. Mode Router command, Router configuration: Matrix>Router(config‐router)# Usage This is an area that carries no external routes. The “no” form of this command changes the stub back to a plain area. Example The following example shows how to define OSPF area 10 as a stub area: Matrix>Router(config)#router ospf 1 Matrix>Router(config-router)#area 10 stub Specifies the stub area. Valid values are decimal values or ip addresses. (Optional) Prevents an Area Border Router (ABR) from sending Link State Advertisements (LSAs) into the stub area. When this parameter is used, it means that all destinations outside of the stub area are represented by means of a default route. Enterasys Matrix DFE-Gold Series Configuration Guide 21-33 Configuring OSPF...
Page 732: Area Default Cost
Configuring OSPF area default cost Use this command to set the cost value for the default route that is sent into a stub area by an Area Border Router (ABR). Syntax area area-id default-cost cost no area area-id default-cost Parameters area‐id cost Defaults None. Mode Router command, Router configuration: Matrix>Router(config‐router)# Usage The use of this command is restricted to ABRs attached to stub areas. The “no” form of this command removes the cost value from the summary route that is sent into the stub area. Example This example shows how to set the cost value for stub area 10 to 99: Matrix>Router(config)#router ospf 1 Matrix>Router(config-router)#area 10 default-cost 99 area nssa Use this command to configure an area as a not so stubby area (NSSA). Syntax area area-id nssa [default-information-originate] no area area-id nssa [default-information-originate] Parameters...
Page 733: Area Virtual-Link
Parameters area‐id ip‐address Specifies the transit area for the virtual link. Valid values are decimal values or IP addresses. A transit area is an area through which a virtual link is established. Specifies the IP address of the ABR. A virtual link is established from the ABR, where virtual link configuration is taking place. Enterasys Matrix DFE-Gold Series Configuration Guide 21-35 Configuring OSPF...
Page 734: Passive-Interface
Configuring OSPF authentication‐ key dead‐interval seconds hello‐interval seconds retransmit‐ interval seconds transmit‐delay seconds Specifies the estimated number of seconds for a link state update packet Defaults None. Mode Router command, Router configuration: Matrix>Router(config‐router)# Usage The “no” form of this command removes the virtual link. Example This example shows how to configure a virtual link between OSPF area 0.0.0.2 and ABR network 134.141.7.2: Matrix>Router(config)#router ospf 1 Matrix>Router(config-router)#area 0.0.0.2 virtual-link 134.141.7.2 passive-interface Use this command to enable passive OSPF on an interface. Syntax passive-interface vlan vlan-id no passive-ospf vlan vlan-id Parameters vlan‐id Defaults None. 21-36 Routing Protocol Configuration Specifies a password to be used by neighbor routers. Valid values are ...
Page 735: Redistribute
{connected | rip | static} Parameters static metric metric value metric‐type type value subnets tag tag connected route‐map id‐number Specifies that RIP routing information will be redistributed in OSPF. Specifies that non‐OSPF information discovered via static routes will be redistributed. Static routes are those created using the ip route command detailed in “ip route” on page 16‐26. (Optional) Specifies a metric for the connected, RIP or static redistribution route. This value should be consistent with the designation protocol. (Optional) Specifies the external link type associated with the default connected, RIP or static route advertised into the OSPF routing domain. Valid values are 1 for type 1 external route, and 2 for type 2 external route. (Optional) Specifies that connected, RIP or static routes that are subnetted routes will be redistributed. (Optional) Specifies that tagged routes will be redistributed in OSPF. Specifies that non‐OSPF information discovered via directly connected interfaces will be redistributed. These are routes not specified in the OSPF network command as described in “network” on page 21‐23. (Optional) Redistributes routes using the rules established by the designated route‐map. Valid values are 1‐99. Enterasys Matrix DFE-Gold Series Configuration Guide 21-37 Configuring OSPF...
Page 736: Database-Overflow
Configuring OSPF Defaults • If metric value is not specified, 0 will be applied. • If type value is not specified, type 2 (external route) will be applied. • If subnets is not specified, only non‐subnetted routes will be redistributed. • If route‐map is not specified, none will be applied. • If tag is not specified, none will be applied. Mode Router configuration: Matrix>Router(config‐router)# Usage The “no” form of this command clears redistribution parameters. Example This example shows how to distribute external type 2 RIP routing information from non‐ subnetted routes in OSPF updates: Matrix>Router(config)#router ospf Matrix>Router(config-router)#redistribute rip database-overflow Use this command to limit the size of OSPF link state database overflow, a condition where the router is unable to maintain the database in its entirety. Syntax database-overflow external {[exit-overflow-interval interval] [limit limit] [warning-level level]} no database-overflow external {[exit-overflow-interval interval] [limit limit] [warning-level level]} Parameters external ...
Page 737: Graceful-Restart Enable
Matrix->Router(config-router)#database-overflow external exit-overflow-interval Matrix->Router(config-router)#database-overflow external limit 3800 Matrix->Router(config-router)#database-overflow external warning-level 2500 graceful-restart enable Use this command to enable the graceful‐restart ability on this router. Syntax graceful-restart enable no graceful-restart enable Parameters None. Defaults Disabled. Mode Router command, Router configuration: Matrix‐>Router(config‐router)# Usage Graceful restart allows this router to stay on the forwarding path during a restart of OSPF software. For more information about graceful restart, see “Understanding Graceful Restart” on page 21‐19. The “no” form of this command disables graceful‐restart for this router. Enterasys Matrix DFE-Gold Series Configuration Guide 21-39 Configuring OSPF...
Page 738: Graceful-Restart Helper-Disable
Configuring OSPF Example This example shows how to enable the graceful restart ability on this router: Matrix->Router(config)#router ospf 1 Matrix->Router(config-router)#graceful-restart enable Matrix->Router(config-router) graceful-restart helper-disable Use this command to disable the graceful restart helper function on this router. Syntax graceful-restart helper-disable no graceful-restart helper-disable Parameters None. Defaults Helper mode enabled. Mode Router command, Router configuration: Matrix‐>Router(config‐router)# Usage Each restarting router network segment functions as a helper by monitoring the network for topology changes. So long as the helper does not see an LSA change, it continues to advertise its LSAs as though the restarting router remained in continuous operation. This command disables this capability. For more information on the graceful restart helper function, see “Understanding Graceful Restart” on page 21‐19. The “no” form of this command enables graceful‐restart helper mode for this router. Example This example shows how to disable the helper function on this router: Matrix->Router(config)#router ospf 1 Matrix->Router(config-router)#graceful-restart helper-disable graceful-restart restart-interval Use this command to set the graceful‐restart restart interval. ...
Page 739: Graceful-Restart Strict-Lsa-Checking-Disable
Matrix->Router(config)#router ospf 1 Matrix->Router(config-router)#graceful-restart enable Matrix->Router(config-router)#graceful-restart restart-interval 300 graceful-restart strict-lsa-checking-disable Use this command to disable strict LSA checking during graceful restart. Syntax graceful-restart strict-lsa-checking-disable no graceful-restart strict-lsa-checking-disable Parameters None. Defaults Strict LSA checking enabled. Mode Router command, Router configuration: Matrix‐>Router(config‐router)# Usage Strict LSA checking assures that graceful restart will terminate if there is a changed LSA on the restarting router’s retransmission list when graceful restart intitiates or an LSA change occurs during graceful restart. With strict LSA checking disabled, graceful restart does not terminate for these conditions. The “no” form of this command enables strict LSA checking. Specifies the maximum amount of time in seconds that this router will remain in graceful‐restart mode starting at the time it enters graceful‐ restart. Valid values are 1 ‐ 1800 seconds. Default value is 120 seconds. Enterasys Matrix DFE-Gold Series Configuration Guide 21-41 Configuring OSPF...
Page 740: Show Ip Ospf
Configuring OSPF Example This example shows how to disable strict LSA checking on this router: Matrix->Router(config)#router ospf 1 Matrix->Router(config-router)#graceful-restart strict-lsa-checking-disable show ip ospf Use this command to display OSPF information. Syntax show ip ospf Parameters None. Defaults None. Mode Router command, Any router mode. Example This example shows how to display OSPF information: Matrix>Router#show ip ospf Routing Process "ospf 20 " with ID 134.141.7.2 Supports only single TOS(TOS0) route It is an area border and autonomous system boundary router Summary Link update interval is 0 seconds.
Page 741: Show Ip Ospf Database
[link-state-id] show ip ospf database database-summary Parameters link‐state‐id router network summary asbr‐summary external (Optional) Specifies the link state identifier. Valid values are IP addresses. Displays router (Type 1) link state records in their detailed format. Router records are originated by all routers. Displays network (Type 2) link state records in their detailed format. Network records are originated by designated routers. Displays summary (Type 3) link state records in their original format. Summary records are originated by ABRs. Displays Autonomous System Border Router (ASBR) summary (Type 4) link status records in their detail format. ASBR‐summary records are originated by ABRs. Displays external (Type 5) link state records. Type 5 link state records in their detailed format. Enterasys Matrix DFE-Gold Series Configuration Guide 21-43 Configuring OSPF...
Page 742: Show Ip Ospf Database Output Details
Configuring OSPF nssa‐external database‐summary Defaults If link‐state‐id is not specified, the specified type of database records will be displayed for all link state IDs. Mode Router command, Any router mode. Example This example shows how to display all OSPF link state database information: Matrix>Router#show ip ospf database OSPF Router with ID(182.127.64.1) Displaying Net Link States(Area 0.0.0.0) LinkID 182.127.63.1 Displaying Router Link States(Area 0.0.0.0) LinkID 182.127.64.1 182.127.62.1 Displaying Summary Net Link States(Area 0.0.0.0) LinkID 182.127.63.1 Table...
Page 743: Show Ip Ospf Border-Routers
Field in the link state record used to verify the contents upon receipt by another router. Link count of router link state records. This number is equal to, or greater than, the number of active OSPF interfaces on the originating router. Enterasys Matrix DFE-Gold Series Configuration Guide 21-45 Configuring OSPF...
Page 744: Show Ip Ospf Interface Output Details
Configuring OSPF Parameters vlan vlan‐id Defaults If vlan‐id is not specified, OSPF statistics will be displayed for all VLANs. Mode Router command, Any router mode. Example This example shows how to display all OSPF related information for VLAN 1: Matrix>Router#show ip ospf interface vlan 1 Vlan 1 is UP Internet Address Router ID 182.127.64.1,Network Type BROADCAST,Cost: 10 Transmit Delay is 1 sec,State BACKUPDR,Priority 1 Designated Router id 182.127.62.1, Interface addr 182.127.63.1 Backup Designated Router id 182.127.63.2, Timer intervals configured, Hello 10,Dead 40,Wait 40,Retransmit 5 Neighbor Count is 1, Adjacent neighbor count is 1...
Page 745: Show Ip Ospf Neighbor
Number of neighbors over this interface. Number of adjacent (FULL state) neighbors over this interface. IP address of the adjacent neighbor. (Optional) Displays detailed information about the neighbors, including the area in which they are neighbors, who the designated router/backup designated router is on the subnet, if applicable, and the decimal equivalent of the E‐bit value from the hello packet options field. (Optional) Displays OSPF neighbors for a specific IP address. (Optional) Displays OSPF neighbors for a specific VLAN. This VLAN must be configured for IP routing as described in “Pre‐Routing Configuration Tasks” on page 2‐100. Enterasys Matrix DFE-Gold Series Configuration Guide 21-47 Configuring OSPF...
Page 746: Show Ip Ospf Virtual-Links
Configuring OSPF Example This example shows how to use the show ospf neighbor command: Matrix>Router#show ip ospf neighbor 182.127.62.1 Table 21‐5 provides an explanation of the command output. Table 21-5 show ip ospf neighbor Output Details Output... State Dead-Int Address Interface show ip ospf virtual-links Use this command to display information about the virtual links configured on a router. Syntax show ip ospf virtual-links Parameters None. Defaults None. Mode Router command, Any router mode. Usage A virtual link represents a logical connection between the backbone and a non‐backbone OSPF ...
Page 747: Clear Ip Ospf Process
Timer intervals configured for the virtual link, including Hello, Dead, Wait, and Retransmit intervals. State of adjacency between this router and the virtual link neighbor of this router. Specifies the process ID, an internally used identification number for each instance of the OSPF routing process run on a router. Valid values are 1 to 65535. Enterasys Matrix DFE-Gold Series Configuration Guide 21-49 Configuring OSPF...
Page 748: Debug Ip Ospf
Configuring OSPF debug ip ospf Use this command to enable OSPF protocol debugging output. Syntax debug ip ospf {subsystem} no debug ip ospf {subsystem} Parameters subsystem Defaults None. Mode Router command, Privileged EXEC: Matrix>Router# Usage The “no” form of this command disables OSPF protocol debugging output. Example This example shows how to enable OSPF protocol debugging output to display information about Link State Advertisement generation: Matrix>Router#debug ip ospf lsa-generation rfc1583compatible Use this command to enable the OSPF router for RFC 1583 compatibility. Syntax rfc1583compatible no rfc1583compatible Parameters None. Defaults None.
Page 749 Mode Router command, Router configuration: Matrix>Router(config‐router)# Usage The “no” form of this command removes OSPF RFC 1583 compatible. Example This example shows how to configure RFC 1583 compatibility: Matrix>Router(config)#router ospf 1 Matrix>Router(config-router)#rfc1583compatible Enterasys Matrix DFE-Gold Series Configuration Guide 21-51 Configuring OSPF...
Page 750: Ip Dvmrp
Configuring DVMRP Configuring DVMRP Purpose To enable and configure the Distance Vector Multicast Routing Protocol (DVMRP) on an interface. DVMRP routes multicast traffic using a technique known as Reverse Path Forwarding. When a router receives a packet, it floods the packet out of all paths except the one that leads back to the packet’s source. Doing so allows a data stream to reach all VLANs (possibly multiple times). If a router is attached to a set of VLANs that do not want to receive from a particular multicast group, the router can send a “prune” message back up the distribution tree to stop subsequent packets from traveling where there are no members. DVMRP will periodically reflood in order to reach any new hosts that want to receive from a particular group. Note: IGMP must be enabled on all VLANs running DVMRP. To do this, use the set igmp enable command as described in querying be enabled on all VLANs running DVMRP. To do this, use the set igmp query-enable command as described in Commands For information about...
Page 751: Ip Dvmrp Metric
Defaults None. Mode Router command, Interface configuration: Matrix>Router(config‐if(Vlan 1))# Usage To reset the DVMRP metric back to the default value of 1, enter ip dvmrp metric 0. Example This example shows how to set a DVMRP of 16 on VLAN 1: Matrix>Router(config-if(Vlan 1))#ip dvmrp metric 16 show ip dvmrp route Use this command to display DVMRP routing information. Syntax show ip dvmrp route Parameters None. Defaults None. Specifies a metric associated with a set of destinations for DVMRP reports. Valid values are from 0 to 31. Entering a 0 value will reset the metric back to the default value of 1. Enterasys Matrix DFE-Gold Series Configuration Guide 21-53 Configuring DVMRP...
Page 752 Configuring DVMRP Mode Router command, Any router mode. Example This example shows how to display DVMRP routing table entries. In this case, the routing table has 5 entries. The first entry shows that the source network 60.1.1.0/24 can be reached via next‐hop router 40.1.1.3. This route has a metric of 2. It has been in the DVMRP routing table for 1 hour, 24 minutes and 2 seconds and will expire in 2 minutes and 3 seconds. It supports flag messages for verifying neighbors, pruning, generation ID and netmask in prunes and grafts (VPGN): Matrix>Router#show ip dvmrp route flag characters used: ------------- V Neighbor is verified. P Neighbor supports pruning. G Neighbor supports generation ID. N Neighbor supports netmask in prunes and grafts. S Neighbor supports SNMP. M Neighbor supports mtrace.
Page 753: Configuring Irdp
Parameters None. Defaults None. Mode Router command, Interface configuration: Matrix>Router(config‐if(Vlan 1))# Usage The “no” form of this command disables IRDP on an interface. Example This example shows how to enable IRDP on VLAN 1: Matrix>Router(config)#interface vlan 1 Matrix>Router(config-if(Vlan 1))#ip irdp Refer to page... Enterasys Matrix DFE-Gold Series Configuration Guide 21-55 Configuring IRDP 21-55 21-56 21-56 21-57 21-58 21-58 21-59 21-59...
Page 754: Ip Irdp Maxadvertinterval
Configuring IRDP ip irdp maxadvertinterval Use this command to set the maximum interval in seconds between IRDP advertisements. Syntax ip irdp maxadvertinterval interval no irdp maxadvertinterval Parameters interval Defaults None. Mode Router command, Interface configuration: Matrix>Router(config‐if(Vlan 1))# Usage The “no” form of this command resets the maximum advertisement interval to the default value. Example This example shows how to set the maximum IRDP advertisement interval to 1000 seconds on VLAN 1: Matrix>Router(config)#interface vlan 1 Matrix>Router(config-if(Vlan 1))#ip irdp maxadvertinterval 1000 ip irdp minadvertinterval Use this command to set the minimum interval in seconds between IRDP advertisements. Syntax ip irdp minadvertinterval interval no irdp minadvertinterval Parameters interval...
Page 755: Ip Irdp Holdtime
Parameters holdtime Defaults None. Mode Router command, Interface configuration: Matrix>Router(config‐if(Vlan 1))# Usage Hold time is automatically set at three times the maxadvertinterval value when the maximum advertisement interval is set as described in “ip irdp maxadvertinterval” on page 21‐56 and the minimum advertisement interval is set as described in “ip irdp minadvertinterval” on page 21‐56. The “no” form of this command resets the hold time to the default value of three times the maxadvertinterval value. Example This example shows how to set the IRDP hold time to 4000 seconds on VLAN 1: Matrix>Router(config)#interface vlan 1 Matrix>Router(config-if(Vlan 1))#ip irdp holdtime 4000 Specifies the hold time in seconds. Valid values are 0 to 9000. Enterasys Matrix DFE-Gold Series Configuration Guide 21-57 Configuring IRDP...
Page 756: Ip Irdp Preference
Configuring IRDP ip irdp preference Use this command to set the IRDP preference value for an interface. This value is used by IRDP to determine the interface’s selection as a default gateway address. Syntax ip irdp preference preference no irdp preference Parameters preference Defaults None. Mode Router command, Interface configuration: Matrix>Router(config‐if(Vlan 1))# Usage The “no” form of this command resets the interface’s IRDP preference value to the default of 0. Example This example shows how to set the IRDP preference value to 80000000 seconds on VLAN 1: Matrix>Router(config)#interface vlan 1 Matrix>Router(config-if(Vlan 1))#ip irdp preference 80000000 ip irdp address Use this command to add additional IP addresses for IRDP to advertise. Syntax ip irdp address ip-address preference no ip irdp preference ip-address Parameters ip‐address...
Page 757: No Ip Irdp Multicast
None. Defaults None. Mode Router command, Interface configuration: Matrix>Router(config‐if(Vlan 1))# Example This example shows how to enable the router to send IRDP advertisements using broadcast: Matrix>Router(config)#interface vlan 1 Matrix>Router(config-if(Vlan 1))#no ip irdp multicast show ip irdp Use this command to display IRDP information. Syntax show ip irdp [vlan vlan-id] Parameters vlan vlan‐id (Optional) Displays IRDP information for a specific VLAN. This VLAN must be configured for IP routing as described in “Pre‐Routing Configuration Tasks” on page 2‐100. Enterasys Matrix DFE-Gold Series Configuration Guide 21-59 Configuring IRDP...
Page 758 Configuring IRDP Defaults If vlan vlan‐id is not specified, IRDP information for all interfaces will be displayed. Mode Router command, Interface configuration: Matrix>Router(config‐if(Vlan 1))# Example This example shows how to display IRDP information for VLAN 1: Matrix>Router(config)#interface vlan 1 Matrix>Router(config-if(vlan 1))#show ip irdp vlan 1 Interface 1 is not enabled 21-60 Routing Protocol Configuration show ip irdp...
Page 759: Router Vrrp
Use this command to enable or disable VRRP configuration mode. Syntax router vrrp no router vrrp Parameters None. Defaults None. Mode Router command, Global configuration: Matrix>Router(config)# Refer to page... Enterasys Matrix DFE-Gold Series Configuration Guide 21-61 Configuring VRRP 21-61 21-62 21-63 21-64 21-65 21-66 21-66 21-67 21-68 21-69 21-70...
Page 760 Configuring VRRP Usage You must execute the router vrrp command to enable the protocol before completing other VRRP‐ specific configuration tasks. For details on enabling configuration modes, refer to Table “Enabling Router Configuration Modes” on page 2‐103. The “no” form of this command removes all VRRP configurations from the running configuration. Example This example shows how enable VRRP configuration mode: Matrix>Router#configure terminal Matrix>Router(config)#router vrrp Matrix>Router(config-router)# create Use this command to create a VRRP session. Syntax create vlan vlan-id vrid no create vlan vlan-id vrid Parameters vlan vlan‐id vrid Defaults None. Mode Router command, Router configuration: Matrix>Router(config‐router)# Usage This command must be executed to create an instance of VRRP on a routing interface (VLAN) before any other VRRP settings can be configured. Each Enterasys Matrix Series Gold routing module supports up to 128 VRRP sessions. Up to four VRIDs can be associated with an individual routing interface. The “no” form of this command disables the VRRP session. Example This example shows how to create a VRRP session on VLAN 1 with a VRID of 1: Matrix>Router(config)#router vrrp...
Page 761 Router command, Router configuration: Matrix>Router(config‐router)# Usage If the virtual router IP address is the same as the interface (VLAN) address owned by a VRRP router, then the router owning the address becomes the master. The master sends an advertisement to all other VRRP routers declaring its status and assumes responsibility for forwarding packets associated with its virtual router ID (VRID). If the virtual router IP address is not owned by any of the VRRP routers, then the routers compare their priorities and the higher priority owner becomes the master. If priority values are the same, then the VRRP router with the higher IP address is selected master. For details on using the priority command, refer to “priority” on page 21‐64. Each VRRP routing interface can support up to 16 virtual router IP addresses. A virtual router IP address can be either an address configured on the routing interface or an address that falls within the range of any networks configured on the routing interface. All of the virtual router IP addresses associated with a single VRID must be designated as “owner” or “non‐owner”— a mix of “owner” and “non‐owner” addresses on a single VRID is not allowed. The “no” form of this command clears the VRRP address configuration. Specifies the number of the VLAN on which to configure a virtual router address. This VLAN must be configured for IP routing as described in “Pre‐Routing Configuration Tasks” on page 2‐100. Specifies a unique Virtual Router ID (VRID) associated with the routing interface. Specifies the virtual router IP address to associate with the router. The limit is 16 virtual router IP addresses per interface. Specifies a value to indicate if the router owns the IP address as one of its interfaces. Valid values are: • 1 to indicate the router owns the address. • 0 to indicate the router does not own the address. Enterasys Matrix DFE-Gold Series Configuration Guide 21-63 Configuring VRRP...
Page 762: Priority
Configuring VRRP Examples This example shows how to configure a virtual router address of 182.127.62.1 on VLAN 1, VRID 1, and to set the router connected to the VLAN via this interface as the master: Matrix>Router(config)#router vrrp Matrix>Router(config-router)#address vlan 1 1 182.127.62.1 1 This example shows how to configure 5 virtual router addresses on a single interface, VLAN 1, VRID 1. All 5 addresses fall within the range of networks configured on the VLAN 1 routing interface, because VLAN 1 has a primary IP address of 182.127.62.1/24, and secondary IP addresses of 10.1.1.1/24 and 10.2.2.1/24. All virtual addresses are non‐owners. Matrix>Router(config)#router vrrp Matrix>Router(config-router)#address vlan 1 1 182.127.62.2 0 Matrix>Router(config-router)#address vlan 1 1 10.1.1.2 0 Matrix>Router(config-router)#address vlan 1 1 10.1.1.3 0 Matrix>Router(config-router)#address vlan 1 1 10.2.2.2 0 Matrix>Router(config-router)#address vlan 1 1 10.2.2.3 0 priority Use this command to set a priority value for a VRRP router.
Page 763: Master-Icmp-Reply
Parameters vlan vlan‐id vrid Defaults None. Mode Router command, Router configuration: Matrix>Router(config‐router)# Usage This command provides the ability for the virtual router master to respond to an ICMP echo even if it does not “own” the virtual IP address. Without this function, the virtual router can only respond to an ICMP echo when the virtual IP address matches the real IP address of the interface. Therefore, when the backup router takes over, there would be no device that would answer the ICMP echo for that virtual IP (because only the primary was configured with the matching real IP). With master‐icmp‐reply enabled, management stations that use “ping” to poll devices will be able to “see” that the virtual router is available when the backup router assumes the role of master. The “no” form of this command disables master ICMP replies. Example This example shows how enable master ICMP replies on VLAN 1, VRID 1: Matrix>Router(config)#router vrrp Matrix>Router(config-router)#master-icmp-reply vlan 1 1 Specifies the number of the VLAN on which to enable master ICMP replies. This VLAN must be configured for IP routing as described in “Reviewing and Configuring Routing” on page 2‐101. Specifies a unique Virtual Router ID (VRID) associated with the routing interface. Valid values are from 1 to 255. Enterasys Matrix DFE-Gold Series Configuration Guide 21-65 Configuring VRRP...
Page 764: Advertise-Interval
Configuring VRRP advertise-interval Use this command to set the interval in seconds between VRRP advertisements. Syntax advertise-interval vlan vlan-id vrid interval no advertise-interval vlan vlan-id vrid interval Parameters vlan vlan‐id vrid interval Defaults None. Mode Router command, Router configuration: Matrix>Router(config‐router)# Usage All routers with the same VRID should be configured with the same advertisement interval. VRRP advertisements are sent by the master router to other routers participating in the VRRP master selection process, informing them of its configured values. Once the master is selected, then advertisements are sent every advertising interval to let other VRRP routers in this VLAN/ VRID know the router is still acting as master of the VLAN/VRID. The “no” form of this command clears the VRRP advertise interval value. Example This example shows how set an advertise interval of 3 seconds on VLAN 1, VRID 1: Matrix>Router(config)#router vrrp Matrix>Router(config-router)#advertise-interval vlan 1 1 3 critical-ip Use this command to set a critical IP address for VRRP routing. ...
Page 765: Preempt
Matrix>Router(config-router)#critical-ip vlan 1 1 182.127.62.3 preempt Use this command to enable or disable preempt mode on a VRRP router. Syntax preempt vlan-id vrid no preempt vlan-id vrid Parameters vlan vlan‐id vrid Specifies the number of the VLAN on which to set the critical IP address. This VLAN must be configured for IP routing as described in “Reviewing and Configuring Routing” on page 2‐101. Specifies a unique Virtual Router ID (VRID) associated with the routing interface. Valid values are from 1 to 255. Specifies the IP address to set as the critical IP address. (Optional) Specifies the value by which the VRID’s priority will decrease as a critical IP becomes unavailable. Specifies the number of the VLAN on which to set preempt mode. This VLAN must be configured for IP routing as described in “Reviewing and Configuring Routing” on page 2‐101. Specifies a unique Virtual Router ID (VRID) associated with the routing interface. Valid values are from 1 to 255. Enterasys Matrix DFE-Gold Series Configuration Guide 21-67 Configuring VRRP...
Page 766: Preempt-Delay
Configuring VRRP Defaults None. Mode Router command, Router configuration: Matrix>Router(config‐router)# Usage The router that owns the virtual router IP address always preempts other routers, regardless of this setting. Preempt is enabled on VRRP routers by default, which allows a higher priority backup router to preempt a lower priority master. The “no” form of this command disables preempt mode. Example This example shows how to disable preempt mode on VLAN 1, VRID 1: Matrix>Router(config)#router vrrp Matrix>Router(config-router)#no preempt vlan 1 1 preempt-delay Use this command to set a preempt delay time on a VRRP router. Syntax preempt-delay vlan-id vrid delay-timer no preempt-delay vlan-id vrid Parameters vlan vlan‐id vrid delay‐timer Defaults None. Mode Router command, Router configuration: Matrix>Router(config‐router)# Usage The router that owns the virtual router IP address always preempts other routers, regardless of ...
Page 767: Enable
Parameters vlan vlan‐id vrid Defaults None. Mode Router command, Router configuration: Matrix>Router(config‐router)# Usage Before enabling VRRP, you must set the other options described in this section. Once enabled, you cannot make any configuration changes to VRRP without first disabling it using the no enable vlan command. The “no” form of this command disables VRRP on an interface. Example This example shows how to enable VRRP on VLAN 1, VRID 1: Matrix>Router(config)#router vrrp Matrix>Router(config-router)#enable vlan 1 1 Specifies the number of the VLAN on which to enable VRRP. This VLAN must be configured for IP routing as described in “Reviewing and Configuring Routing” on page 2‐101. Specifies the Virtual Router ID (VRID) associated with the values are from 1 to 255. Enterasys Matrix DFE-Gold Series Configuration Guide 21-69 Configuring VRRP vlan ‐id. Valid ...
Page 768: Ip Vrrp Authentication-Key
Configuring VRRP ip vrrp authentication-key Use this command to set a VRRP authentication password on an interface. Syntax ip vrrp authentication-key password no ip vrrp authentication-key Parameters password Defaults None. Mode Router command, Interface configuration: Matrix>Router(config‐if(Vlan 1))# Usage The “no” form of this command clears VRRP authentication. Example This example shows how to set the VRRP authentication password to “vrrpkey” on VLAN 1: Matrix>Router(config)#interface vlan 1 Matrix>Router(config-if(Vlan 1))#ip vrrp authentication-key vrrpkey ip vrrp message-digest-key Use this command to set a VRRP MD5 authentication password on an interface. Syntax ip vrrp message-digest-key vrid md5 password [hmac-96] no ip vrrp message-digest-key Parameters vrid...
Page 769: Show Ip Vrrp
Syntax show ip vrrp Parameters None. Defaults None. Mode Router command, Any router mode. Example This example shows how to display VRRP information: Matrix>Router(config)#show ip vrrp -----------VRRP CONFIGURATION----------- Vlan Vrid Table 21‐7 provides an explanation of the command output. State Owner AssocIpAddr Backup 172.3.56.20 172.3.56.21 172.3.56.22 Enterasys Matrix DFE-Gold Series Configuration Guide 21-71 Configuring VRRP Priority VirtMacAddr 0000.5e00.0101...
Page 770: Show Ip Vrrp Output Details
Configuring VRRP Table 21-7 show ip vrrp Output Details Output... Vlan Vrid State Owner AssocIpAddr Priority VirtMacAddr 21-72 Routing Protocol Configuration What it displays... Specifies the VLAN on which this VRRP session resides. Specifies the Virtual Router ID associated with the routing interface. Specifies the current state of the VRRP session as follows: Stopped - The Vrid is disabled.
Page 771: Chapter 22: Port Priority And Rate Limiting Configuration
Note: When CoS override is enabled using the set policy profile command as described in policy profile” on page 8-3, CoS-based classification rules will take precedence over priority settings configured with the set port priority command described in this section. Enterasys Matrix DFE-Gold Series Configuration Guide 22-1 Refer to page... 22-1 22-2...
Page 772: Show Port Priority
Use this command to display the 802.1D priority for one or more ports. Syntax show port priority [port-string] Parameters port‐string Defaults If port‐string is not specified, priority for all ports will be displayed. Mode Switch command, Read‐Only. Example This example shows how to display the port priority for the fe.2.1 through 5: Matrix(rw)->show port priority fe.2.1-5 fe.2.1 is set to 0 fe.2.2 is set to 0 fe.2.3 is set to 0 fe.2.4 is set to 0 22-2 Port Priority and Rate Limiting Configuration (Optional) Displays priority information for a specific port. For a ...
Page 773: Set Port Priority
8‐3, CoS‐based classification rules will take precedence over priority settings configured with this command. A port receiving a frame without priority information in its tag header is assigned a priority according to the priority setting on the port. For example, if the priority of a port is set to 5, the frames received through that port without a priority indicated in their tag header are classified as a priority 5. A frame with priority information in its tag header is transmitted according to that priority. Example This example shows how to set a default priority of 6 on fe.1.3. Frames received by this port without priority information in their frame header are set to the default setting of 6: Matrix(rw)->set port priority fe.1.3 6 clear port priority Use this command to reset the current CoS port priority setting to 0. Syntax clear port priority port-string Specifies the port for which to set priority. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. Specifies a value of 0 ‐ 7 to set the CoS port priority for the port entered in the port‐string. Port priority value of 0 is the lowest priority. Enterasys Matrix DFE-Gold Series Configuration Guide 22-3 Configuring Port Priority...
Page 774 Configuring Port Priority Parameters port‐string Defaults None. Mode Switch command, Read‐Write. Usage This command will cause all frames received without a priority value in its header to be set to priority 0. Example This example shows how to reset fe.1.11 to the default priority: Matrix(rw)->clear port priority fe.1.11 22-4 Port Priority and Rate Limiting Configuration Specifies the port for which to clear priority. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. clear port priority...
Page 775: Show Port Priority-Queue
Use this command to display the port priority levels (0 through 7, with 0 as the lowest level) associated with the current transmit queue (0 ‐ 15 depending on port type, with 0 being the lowest priority) for each priority of the selected port. Syntax show port priority-queue [priority] Parameters priority Defaults If priority is not specified, all priority queue information will be displayed. Mode Switch command, Read‐Only. Usage A frame with a certain port priority is transmitted according to the settings entered using the set priority queue command described in “set port priority‐queue” on page 22‐6. (Optional) Displays queue levels for a specific priority value. Enterasys Matrix DFE-Gold Series Configuration Guide 22-5 Configuring Priority to Transmit Queue Mapping Refer to page... 22-5 22-6 22-7...
Page 776: Set Port Priority-Queue
Configuring Priority to Transmit Queue Mapping Examples This example shows how to display priority queue information for fe.1.7. In this case, the frames shown with a priority of 0 or 3 are transmitted according to the transmit priority queue of 1 (the second lowest transmit priority); frames with 1 or 2 priority, at the lowest transmit priority of 0; frames with 4 or 5 priority, at the second highest transmit priority of 2; and frames with 6 or 7 priority, at the highest transmit priority of 3: Matrix(rw)->show port priority-queue fe.1.7 fe.1.7 Priority ---------- -------- This example shows how to display the transmit queues associated with priority 3. Matrix(rw)->show port priority-queue 3 fe.1.7 Priority ---------- -------- fe.1.8 Priority ---------- -------- fe.1.9 Priority ---------- -------- set port priority-queue Use this command to map 802.1D (802.1p) priorities to transmit queues. ...
Page 777: Clear Port Priority-Queue
Parameters port‐string Defaults None. Specifies the port(s) for which to set priority queue. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. Specifies a value of 0 ‐ 7(0 is the lowest level) that determines what priority frames will be transmitted at the priority queue level entered in this command. Specifies a value (0 is the lowest level) that determines when to transmit the frames with the port priority entered in this command. Number of transmit queues varies by port type. Typical values are: • 100Base‐T ‐ 4 • 1000Base‐T ‐ 4 • 1000Base‐X ‐ 8 Specifies the port for which to clear priority queue. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. Enterasys Matrix DFE-Gold Series Configuration Guide 22-7 Configuring Priority to Transmit Queue Mapping...
Page 778 Configuring Priority to Transmit Queue Mapping Mode Switch command, Read‐Write. Example This example shows how to clear the priority queue settings on fe.2.12: Matrix(rw)->clear port priority-queue fe.2.12 Usage The total percentage of transmit queue values must add up to 100%. 22-8 Port Priority and Rate Limiting Configuration clear port priority-queue...
Page 779: Show Port Ratelimit
Matrix(rw)->show port ratelimit fe.2.1 Global Ratelimiting status is disabled. Port Number Index (Optional) Displays rate limiting information for specific port(s). For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. Threshold (kB/s) Action Direction Enterasys Matrix DFE-Gold Series Configuration Guide 22-9 Configuring Port Traffic Rate Limiting Refer to page... 22-9 22-10 22-11 Priority List Status...
Page 780: Set Port Ratelimit
Configuring Port Traffic Rate Limiting ----------- ----- fe.2.1 fe.2.1 fe.2.1 fe.2.1 fe.2.1 fe.2.1 fe.2.1 fe.2.1 fe.2.1 fe.2.1 fe.2.1 fe.2.1 Table 22‐1 shows a detailed explanation of the command output. Table 22-1 show port ratelimit Output Details Output... Port Number Index Threshold (kB/s) Action Direction Priority List Status set port ratelimit Use this command to configure the traffic rate limiting status and threshold (in kilobytes per ...
Page 781: Clear Port Ratelimit
[index] Parameters port‐string index Defaults If not specified, all index entries will be reset. Mode Switch command, Read‐Write. Specifies the 802.1D (802.1p) port priority level associated with the port‐ string. Options are: • 0 ‐ 7, with 0 specifying the lowest priority, and • all to set the rate limiting threshold and other parameters on all port priority levels associated with the port‐string. Specifies a port rate limiting threshold in kilobytes per second. Range is 64 up to the maximum bytes per second rate for a given interface. (Optional) Applies this rate policing rule to inbound or outbound traffic. (Optional) Assigns a resource index for this port. Specifies the port(s) on which to clear rate limiting. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. (Optional) Specifies the associated resource index to be reset. Enterasys Matrix DFE-Gold Series Configuration Guide 22-11 Configuring Port Traffic Rate Limiting...
Page 782 Configuring Port Traffic Rate Limiting Example This example shows how to clear all rate limiting parameters on port fe.2.: 1Matrix(rw)->clear port ratelimit fe.2.1 22-12 Port Priority and Rate Limiting Configuration clear port ratelimit...
Page 783: Chapter 23: Transparent Web Cache Balancing Configuration
Transparent Web Cache Balancing (TWCB) provides for the storing of frequently accessed web objects on a cache of local servers. Each HTTP request is transparently redirected by the N‐Series router to a configured cache server. When a user first accesses a web object that object is stored on a cache server. Each subsequent request for the object uses this cached object. Web caching allows multiple users to access web objects stored on local cache servers with a much faster response time than accessing the same objects over an internet connection or through a default gateway. This can also result in substantial cost savings by reducing the internet bandwidth usage. The N‐Series router does not act as a cache for web objects; rather, it redirects HTTP requests to local servers on which web objects are cached. The cache servers should have a web‐based proxy cache running. The Squid application is an example of a web‐based proxy cache. Implementing a TWCB configuration requires users to configure a routed network with IP interfaces that allow the N‐Series router to send requests for the internet to the correct web caching device. There are five aspects to TWCB configuration: • Create the server farms that will cache the web objects. A server farm is made up of 1 or more cache servers. • Specify the end users whose HTTP requests will or will not be redirected to the cache servers. This step is optional. If no hosts are configured, the firmware redirects all HTTP requests. • Specify the web site hosts that will not take part in TWCB. • Create a web‐cache that the server farms will be associated with. • Apply the caching policy to an outbound interface to redirect HTTP traffic on that interface to the cache servers. Figure 23‐1 provides an example of a TWCB configuration overview. The web‐cache is made up of server farms which logically group one or more cache servers. In our example, Cache1 is the name of the web‐cache. It is made up of two server farms: s2Servers and s1Servers. The s1Server server 2-103. http://www.enterasys.com/support/ Enterasys Matrix DFE-Gold Series Configuration Guide 23-1...
Page 784: Twcb Configuration Overview
Understanding Transparent Web Cache Balancing (TWCB) farm is configured with 2 cache servers from the 186.89.0.0 subnet. The s2Server server farm is configured with 5 cache servers from the 176.89.0.0 subnet. A user on the 10.10.10.0/24 subnet makes a web request from the web site host. The response is sent to both the requesting user and a Cache1 cache server. The router determines the cache server on which an end‐user’s cache resides. Any future requests for that web object will be handled by the cache server until the cache entry expires. Cache entry expiration is configured in the web‐based proxy cache application. Figure 23-1 TWCB Configuration Overview Purpose To enable, configure and display information for Transparent Web Cache Balancing (TWCB) used to store frequently accessed web objects on a cache of local servers. Commands For information about... ip twcb wcserverfarm predictor roundrobin faildetect type faildetect type faildetect maxconns inservice ip twcb webcache http-port serverfarm 23-2 Transparent Web Cache Balancing Configuration...
Page 785: Ip Twcb Wcserverfarm
None. Mode Router Configuration: Matrix(rw)‐>Router(config)#. Usage Executing this command enters server farm configuration command mode. Example This example creates the s1Server web‐cache server farm: Matrix(rw)->Router(config)#ip twcb wcserverfarm s1Server Matrix(rw)->Router(config-twcb-wcsfarm)# Understanding Transparent Web Cache Balancing (TWCB) Specifies a server farm name. A maximum of 5 web‐cache server farms are supported. Enterasys Matrix DFE-Gold Series Configuration Guide 23-3 Refer to page... 23-10 23-10 23-11 23-12 23-13 23-13 23-14 23-14 23-15 23-15...
Page 786: Predictor Roundrobin
Understanding Transparent Web Cache Balancing (TWCB) predictor roundrobin Use this command to modify the round‐robin predictor value by applying a list of destination IP addresses for which the cache servers within this server farm will be selected by the round‐robin algorithm. Syntax predictor roundrobin ip-address-begin ip-address-end Parameters ip‐address‐begin ip‐address‐end Defaults None. Mode Router command, Server Farm Configuration mode: Matrix(rw)‐>Router(config‐twcb‐wcsfarm)#. Usage The router uses the end‐user IP address, making the HTTP request, to determine which cache server it will send the request to. If a web site is accessed frequently, the cache server serving requests for this end‐user ip address may become overloaded with user requests. You can specify end‐user ip addresses be distributed across the cache servers of this server farm in a round‐robin algorithm using the predictor roundrobin command. When a predictor round‐robin user list is configured, only users in configured lists are cached in cache servers belonging to this server farm. If no predictor round‐robin user list is configured for a server farm, all other users not configured in a predictor round‐robin user list on some other server farm may be cached in the cache servers belonging to this server farm. Up to 10 separate lists can be defined per server farm. The destination IP addresses specified can not be already configured within any other round‐robin destination IP list. Example This example configures a predictor round‐robin for the web‐cache server farm s1Server specifying that the end users with IP addresses from 10.10.10.05 through 10.10.10.25 should be selected on a round‐robin basis for caching on cache servers belonging to this server farm: Matrix(rw)->Router(config)#ip twcb wcserverfarm s1Server Matrix(rw)->Router(config-twcb-wcsfarm)#predictor roundrobin 10.10.10.05 10.10.10.25 23-4 Transparent Web Cache Balancing Configuration...
Page 787: Cache
Matrix(rw)->Router(config)#ip twcb wcserverfarm s1Server Matrix(rw)->Router(config-twcb-wcsfarm)#cache 186.89.10.51 Matrix(rw)->Router(config-twcb-cache)# faildetect type Use this command to specify the TWCB cache server up or down status detection method. Syntax faildetect type [ping | app | both] Parameters ping both Defaults If no parameter is specified, the Ping method is used. Understanding Transparent Web Cache Balancing (TWCB) Specifies the IP address of the cache server to be created. (Optional) Specifies the ping method for detection of TWCB cache server up or down status. (Optional) Specifies the application method for detection of TWCB cache server up or down status. (Optional) Specifies that both ping and app detection types should be used for the detection of TWCB cache server up or down status. Enterasys Matrix DFE-Gold Series Configuration Guide 23-5...
Page 788: Faildetect
Understanding Transparent Web Cache Balancing (TWCB) Mode Router command, Cache Server Configuration mode: Matrix(rw)‐>Router(config‐twcb‐cache)#. Usage The application method defaults to a check of service availability on port 80. This check can be overridden by the web‐cache group configuration of http‐port using the http‐port command. Example This example sets the failure detection type to the ping method for cache server 186.89.10.51: Matrix(rw)->Router(config)#ip twcb wcserverfarm s1Server Matrix(rw)->Router(config-twcb-wcsfarm)#cache 186.89.10.51 Matrix(rw)->Router(config-twcb-cache)#faildetect type ping faildetect Use this command to specify the TWCB cache server up or down status detection method parameter values. Syntax faildetect [ping-int seconds] [ping-retries number] [app-int seconds app-retries number] Parameters ping‐int seconds ping‐retries number app‐int seconds app‐retries number Defaults If no parameter is specified, all parameters remain unchanged.
Page 789: Inservice
Example This example sets the maximum number of connections for cache server 186.89.10.51 to 1000: Matrix(rw)->Router(config)#ip twcb wcserverfarm s1Server Matrix(rw)->Router(config-twcb-wcsfarm)#cache 186.89.10.51 Matrix(rw)->Router(config-twcb-cache)#maxconns 1000 inservice Use this command to activate this cache server or web‐cache. Syntax inservice Parameters None. Defaults None. Mode Router command, Cache Server Configuration: Matrix(rw)‐>Router(config‐twcb‐cache)# or Web‐Cache Configuration mode: Matrix(rw)‐>Router(config‐twcb‐webcache)#. Usage Enter the inservice command after all other parameters are configured for the cache server or web‐cache context. At least one cache server must be in service in order to place a web‐cache in service. Understanding Transparent Web Cache Balancing (TWCB) Specifies the maximum number of connections allowed for this server. Values range from 1 to 5000. Default value of 5000. Enterasys Matrix DFE-Gold Series Configuration Guide 23-7...
Page 790: Ip Twcb Webcache
Understanding Transparent Web Cache Balancing (TWCB) Examples This example sets the maximum number of connections for cache server 186.89.10.51 to 100 and activates the server: Matrix(rw)->Router(config)#ip twcb wcserverfarm s1Server Matrix(rw)->Router(config-twcb-wcsfarm)#cache 186.89.10.51 Matrix(rw)->Router(config-twcb-cache)#maxconns 100 Matrix(rw)->Router(config-twcb-cache)#inservice This example adds the web‐cache server farm s1Server to the cache1 web‐cache and activates the web‐cache: Matrix(rw)->Router(config)#ip twcb webcache cache1 Matrix(rw)->Router(config-twcb-webcache)#serverfarm s1Server Matrix(rw)->Router(config-twcb-webcache)#inservice ip twcb webcache Use this command to create a web‐cache using the specified name. Syntax ip twcb webcache web-cache-name Parameters web‐cache‐name Defaults None. Mode Router Configuration mode: Matrix(rw)‐>Router(config)#.
Page 791: Http-Port
Mode Router command, web‐cache Configuration mode: Matrix(rw)‐>Router(config‐twcb‐webcache)#. Example This example changes the HTTP port for web‐cache cache1 to 8080: Matrix(rw)->Router(config)#ip twcb webcache cache1 Matrix(rw)->Router(config-twcb-webcache)#http-port 8080 serverfarm Use this command to add the specified server farm to this web‐cache. Syntax serverfarm serverfarm-name Parameters serverfarm‐name Defaults None. Mode Router command, Cache Server Configuration mode: Matrix(rw)‐>Router(config‐twcb‐ webcache)#. Usage The firmware supports a maximum of 5 server farms. Understanding Transparent Web Cache Balancing (TWCB) Specifies the non‐standard HTTP port number to redirect outbound HTTP requests to. Default value of 80. Specifies the name of the server farm to add to this web‐cache. Enterasys Matrix DFE-Gold Series Configuration Guide 23-9...
Page 792: Bypass-List Range
Understanding Transparent Web Cache Balancing (TWCB) Example This example adds the server farm s1Server to the cache1 web‐cache: Matrix(rw)->Router(config)#ip twcb webcache cache1 Matrix(rw)->Router(config-twcb-webcache)#serverfarm s1Server bypass-list range Use this command to specify web host sites for which HTTP requests are not redirected to the cache servers. Syntax bypass-list range begin-ip-address end-ip-address Parameters begin‐ip‐address end‐ip‐address Defaults None. Mode Router command, Cache Server Configuration mode: Matrix(rw)‐>Router(config‐twcb‐ webcache)#. Usage Some web site hosts require source IP address authentication for user access. HTTP requests for these sites can not be redirected to the cache servers. This command provides for the creation of lists of IP addresses that need to bypass the cache servers. Example This example creates a bypass list for web‐cache cache1 for IP address range 50.10.10.30 to 50.10.10.43: Matrix(rw)->Router(config)#ip twcb webcache cache1 Matrix(rw)->Router(config-twcb-webcache)#bypass-list range 50.10.10.30 50.10.10.43 hosts redirect range...
Page 793: Ip Twcb Redirect Out
10.10.10.50 ip twcb redirect out Use this command to redirect outbound HTTP traffic from an interface to the cache servers. Syntax ip twcb webcache-name redirect out Parameters webcache‐name Defaults None. Mode Router command, Interface Configuration mode: Matrix>Router(config‐if(Vlan 1))#. Usage The outbound interface is typically an interface that connects to the Internet. Associate the specified web‐cache to the indicated VLAN for redirection of HTTP traffic. Up to 3 interfaces can be associated with a web‐cache. Understanding Transparent Web Cache Balancing (TWCB) Specifies an IP address that begins a range to explicitly permit or deny redirection of HTTP requests from these end users to this web‐cache. Specifies an IP address that ends a range to explicitly permit or deny redirection of HTTP requests from these end users to this web‐cache. Specifies the name of the web‐cache to redirect outbound HTTP traffic Enterasys Matrix DFE-Gold Series Configuration Guide 23-11...
Page 794: Show Ip Twcb Wcserverfarm
Understanding Transparent Web Cache Balancing (TWCB) Example This example associates the cache1 web‐cache with vlan 1 for the redirection of HTTP traffic: Matrix(rw)->router Matrix>router>enable Matrix>router#configure terminal Enter configuration commands: Matrix>Router(config)#interface vlan 1 Matrix>Router(config-if(Vlan 1))#ip twcb cache1 redirect out show ip twcb wcserverfarm Use this command to display configuration data for the specified server farm. Syntax show ip twcb wcserverfarm [serverfarm-name] Parameters serverfarm‐name Defaults If no parameter is specified, displays details for all configured server farms. Mode Router command: Matrix(rw)‐>Router#.
Page 795: Show Ip Twcb Webcache
Parameters client ip‐address wcserver webcache‐name Defaults If no parameter is specified, connection data for all clients and cache servers is displayed. Mode Router Command: Matrix(rw)‐>Router#. Understanding Transparent Web Cache Balancing (TWCB) (Optional) Specifies the name of the web‐cache for the display of configuration data. Applied Http Interface Port Vlan1 (Optional) Specifies a particular client for the display of connection data. (Optional) Specifies a particular web‐cache for the display of connection data. Enterasys Matrix DFE-Gold Series Configuration Guide 23-13 Active Active Status Server Farms inservice s1Server s2Server...
Page 796: Show Ip Twcb Stats
Understanding Transparent Web Cache Balancing (TWCB) Example This example displays connection data for the all cache servers and all clients: Matrix(rw)->Router#show ip twcb conns flo-id cache-server-ip ----------------------------------------------------------------- 172.17.1.2 show ip twcb stats Use this command to display cache server connection stats data. Syntax show ip twcb stats Parameters None. Defaults None. Mode Router Command: Matrix(rw)‐>Router#. Example This example displays connection stats data for all clients and cache servers: Matrix(rw)->Router#show ip twcb stats created connections ------------------------------------------------------------------------------- clear ip twcb statistics Use this command to reset the statistical data for the specified web‐cache.
Page 797: Show Limits
Understanding Transparent Web Cache Balancing (TWCB) Entries Resource Max- InUse= ======== ===== ===== 5000 Enterasys Matrix DFE-Gold Series Configuration Guide 23-15 Memory (bytes) Avail | Each ~= ===== | ===== ======= 50 | 19688 984400 5000 | 216 1080000 InUse...
Page 798: Show Router Limits (Twcb)
Understanding Transparent Web Cache Balancing (TWCB) Parameters twcb‐bindings twcb‐bindings twcb‐cache twcb‐cache twcb‐configs twcb‐configs Defaults None. Mode Switch Command: Matrix(rw)‐>. Usage Bindings and cache use valuable memory resources and are shared on a first come first serve basis across a number of applications. Use this command to free memory resources to be user by other applications by limiting the number of TWCB bindings and cache size allowed. Currently, only a single web‐cache is supported. The TWCB configs setting exists for future use. The chassis or system must be rebooted for any new change to take effect. This command must be executed from the switch CLI. Note: Router limits can also be set in the following contexts: To set LSNAT router limits see...
Page 799: Clear Router Limits (Twcb)
Defaults If no parameters are specified, all router limits are reset, including NAT and LSNAT router limits. Mode Switch Command: Matrix(rw)‐>. Understanding Transparent Web Cache Balancing (TWCB) (Optional) Specifies the resetting of TWCB binding router limits to the default value. (Optional) Specifies the resetting of TWCB cache size router limits to the default value. (Optional) Specifies the resetting the number of TWCB configurations to the default value. Enterasys Matrix DFE-Gold Series Configuration Guide 23-17 32000 (default) 2000 (default) (default) 32000 (default) 2000 (default) (default) (default) (default) 1000 (default)
Page 800 Understanding Transparent Web Cache Balancing (TWCB) Usage This command must be executed from the switch CLI. Note: Router limits can also be cleared in the following contexts: To clear LSNAT router limits see To clear NAT router limits see If you do not specify a parameter when issueing a clear router limits command, router limits for TWCB, LSNAT, and NAT contexts are reset to the default value.
Page 801: Twcb Configuration Example
The s1Server will have cache servers 186.89.10.51 and 186.89.10.55 associated with it. The s2Server will have cache server 196.89.10.20 associated with it. s1Server cache servers will use faildetect type ping with faildetect parameter values changed to an interval of 4 seconds and the number of retries to 5. The s2Server cache servers will use the application faildetect type, with faildetect parameter values changed to an interval of 12 seconds and the number of retries to 5. The maximum number of connections per cache server will be configured for 800 for both server farms. The web‐cache will be configured as cache1. The HTTP port being used has been changed from the default of 80 to 8080. A bypass list has been configured to deny TWCB functionality for web requests to web host sites 50.10.10.30 to 50.10.10.43 because these sites require IP address authentication for user access. End‐users 10.10.10.25 to 10.10.10.30 have been configured to deny TWCB functionality. On the switch TWCB router bindings are limited to 20,000 and the TWCB cache size is limited to 5000. See Figure 23‐2 for a depiction of the example setup. Figure 23-2 TWCB Configuration Example Overview Configure the s1Server Server Farm Create the server farm: TWCB Configuration Example Enterasys Matrix DFE-Gold Series Configuration Guide 23-19...
Page 802: Configure The S2Server Server Farm
TWCB Configuration Example Matrix>router Matrix>Router>enable Matrix>Router>#configure Enter configuration commands: Matrix>Router(config)#ip twcb wcserverfarm s1Server Matrix>Router(config-twcb-wcsfarm)# Configure the end‐users that will use this server farm by setting the round‐robin predictor ranges: Matrix>Router(config-twcb-wcsfarm)#predictor roundrobin 10.10.10.01 10.10.10.15 Matrix>Router(config-twcb-wcsfarm)#predictor roundrobin 20.10.10.25 10.10.10.60 Matrix>Router(config-twcb-wcsfarm)# Configure cache server 186.89.10.51: Matrix>Router(config-twcb-wcsfarm)#cache 186.89.10.51 Matrix>Router(config-twcb-cache)#faildetect type ping Matrix>Router(config-twcb-cache)#faildetect ping-int 4 Matrix>Router(config-twcb-cache)#faildetect ping-retries 5 Matrix>Router(config-twcb-cache)#maxconns 800 Matrix>Router(config-twcb-cache)#inservice Matrix>Router(config-twcb-cache)#exit Matrix>Router(config-twcb-wcsfarm)# Configure cache server 186.89.10.55:...
Page 803: Configure The Cache1 Web Cache
Matrix>Router(config-if(Vlan 1))#ip twcb cache1 redirect out Matrix>Router(config-if(Vlan 1))#end Matrix>Router# Configure the Switch and Router Configure the TWCB router limits: Matrix(rw)-> set router limits twcb-bindings 20000 Matrix(rw)-> set router limits twcb-cache 5000 Clear the statistical data for this web‐cache: Matrix(rw)->Router#clear ip twcb statistics This completes the TWCB configuration example. TWCB Configuration Example Enterasys Matrix DFE-Gold Series Configuration Guide 23-21...
Page 804 TWCB Configuration Example clear router limits (TWCB) 23-22 Transparent Web Cache Balancing Configuration...
Page 805: Chapter 24: Security Configuration
24‐2. • Secure Shell (SSH) — provides for secure remote CLI management access. For details, refer to “Configuring Secure Shell (SSH)” on page 24‐11. • IP Access Lists (ACLs) — permits or denies access to routing interfaces based on protocol and inbound and/or outbound IP address restrictions configured in access lists. For details, refer to “Configuring Access Lists” on page 24‐15. • Policy‐Based Routing — permits or denies access to routing interfaces based on access lists in a route map applied to the interface. For details, refer to “Configuring Denial of Service (DoS) Prevention” on page 24‐22. • Denial of Service (DoS) Prevention — prevents Denial of Service attacks, including land, fragmented and large ICMP packets, spoofed address attacks, and UDP/TCP port scanning. For details, refer to “Configuring Denial of Service (DoS) Prevention” on page 24‐22. Security Configuration Enterasys Matrix DFE-Gold Series Configuration Guide 24-1 Refer to page... 24-1 24-2 24-11 24-15 24-22 24-25...
Page 806: Configuring Mac Locking
Configuring MAC Locking • Flow Setup Throttling (FST) — prevents the effects of DoS attacks by limiting the number of new or established flows that can be programmed on any individual switch port. For details, refer to “Configuring Flow Setup Throttling (FST)” on page 24‐25. Configuring MAC Locking Purpose To review, disable, enable and configure MAC locking. This locks a MAC address to one or more ports, preventing connection of unauthorized devices via the port(s). When source MAC addresses are received on specified ports, the switch discards all subsequent frames not containing the configured source addresses. The only frames forwarded on a “locked” port are those with the “locked” MAC address(es) for that port. Note: Matrix DFE-Gold Series modules allow for up to 32 MAC addresses to be locked per port. Commands For information about... show maclock...
Page 807: Show Maclock Output Details
For details on setting this value using the set maclock firstarrival command, refer to “set maclock Most recent MAC address(es) violating the maximum static and first arrival value(s) set for the port. Enterasys Matrix DFE-Gold Series Configuration Guide 24-3 Configuring MAC Locking Violating MAC Address -----------------...
Page 808: Show Maclock Stations
Configuring MAC Locking show maclock stations Use this command to display MAC locking information about end stations connected to the device. Syntax show maclock stations [firstarrival | static] [port-string] Parameters firstarrival static port_string Defaults If no parameters are specified, MAC locking information will be displayed for end stations in the stations table. This does not include static configured end stations. Mode Switch command, Read‐Only. Example This example shows how to display MAC locking information for the end stations connected to all Fast Ethernet ports in module 2: Matrix(rw)->show maclock stations fe.2.* Port Number ------------ fe.2.3 fe.2.3 fe.2.6 fe.2.6 fe.2.9 fe.2.12 fe.2.14 Table 24‐2 provides an explanation of the command output.
Page 809: Set Maclock Enable
What it displays... Whether the end stations are active or inactive. Whether the end station locked to the port is a first learned, first arrival or static connection. (Optional) Enables MAC locking on specific port(s). For a detailed description of possible port_string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. Enterasys Matrix DFE-Gold Series Configuration Guide 24-5 Configuring MAC Locking...
Page 810: Set Maclock
Configuring MAC Locking Parameters port_string Defaults If port_string is not specified, MAC locking will be disabled on all ports. Mode Switch command, Read‐Write. Example This example shows how to disable MAC locking on fe.2.3: Matrix(rw)->set maclock disable fe.2.3 set maclock Use this command to create a static MAC address and enable or disable MAC locking for the specific MAC address and port. Syntax set maclock mac_address port_string {create | enable | disable} Parameters mac_address port_string create enable | disable Defaults None. Mode Switch command, Read‐Write. Usage Configuring one or more ports for MAC locking requires globally enabling it on the device first ...
Page 811: Set Maclock Firstarrival
Example This example shows how to restrict MAC locking to 6 MAC addresses on fe.2.3: Matrix(rw)->set maclock firstarrival fe.2.3 6 set maclock move Use this command to move all current first arrival MACs to static entries. Syntax set maclock move port-string Parameters port‐string Defaults None. Specifies the port on which to limit MAC locking. For a detailed description of possible port_string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. Specifies the number of first arrival end station MAC addresses to be allowed connections to the port. Valid values are 0 to 600. Specifies the port where all current first arrival MACs will be moved to static entries. For a detailed description of possible port_string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. Enterasys Matrix DFE-Gold Series Configuration Guide 24-7 Configuring MAC Locking...
Page 812: Clear Maclock Firstarrival
Configuring MAC Locking Mode Switch command, Read‐Write. Example This example shows how to move all current first arrival MACs to static entries on fe.1.3: Matrix(rw)->set maclock move fe.1.3 clear maclock firstarrival Use this command to reset the number of first arrival MAC addresses allowed per port to the default value of 600. Syntax clear maclock firstarrival port-string Parameters port_string Defaults None. Mode Switch command, Read‐Write. Example This example shows how to reset MAC first arrivals on fe.2.3: Matrix(rw)->clear maclock firstarrival fe.2.3 6 set maclock static Use this command to restrict MAC locking on a port to a maximum number of static (management defined) MAC addresses for end stations connected to that port. Syntax...
Page 813: Clear Maclock Static
Example This example shows how to reset static MAC locking on fe.2.3: Matrix(rw)->clear maclock static fe.2.3 set maclock trap Use this command to enable or disable MAC lock trap messaging. Syntax set maclock trap port_string {enable | disable} Parameters port_string enable | disable Specifies the port on which to reset the static MAC locking limit. For a detailed description of possible port_string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. Specifies the port on which MAC lock trap messaging will be enabled or disabled. For a detailed description of possible port_string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. Enables or disables MAC lock trap messaging. Enterasys Matrix DFE-Gold Series Configuration Guide 24-9 Configuring MAC Locking...
Page 814: Clear Maclock
Configuring MAC Locking Defaults None. Mode Switch command, Read‐Write. Usage When enabled, this authorizes the device to send an SNMP trap message if an end station is connected that exceeds the maximum values configured using the set maclock firstarrival and set maclock static commands. Violating MAC addresses are dropped from the device’s routing table. Example This example shows how to enable MAC lock trap messaging on fe.2.3: Matrix(rw)->set maclock trap fe.2.3 enable clear maclock Use this command to clear MAC locking from one or more static MAC addresses. Syntax clear maclock {all | mac-address port-string} Parameters all mac_address port_string Defaults None. Mode Switch command, Read‐Write. Example This example shows how to clear MAC locking between MAC address 00‐a0‐c9‐0d‐32‐11 and port fe.2.3: Matrix(rw)->clear maclock 00-a0-c9-0d-32-11 fe.2.3 24-10 Security Configuration Clears all static MAC locking for one or more ports.
Page 815: Configuring Secure Shell (Ssh)
Examples This example shows how to display SSH status on the device: Matrix(rw)->show ssh state SSH Server status: set ssh Use this command to enable, disable or reinitialize SSH server on the device. Syntax set ssh {enable | disable | reinitialize} Disabled. Enterasys Matrix DFE-Gold Series Configuration Guide 24-11 Configuring Secure Shell (SSH) Refer to page... 24-11 24-11 24-12 24-12 24-13 24-13...
Page 816: Set Ssh Hostkey
Configuring Secure Shell (SSH) Parameters enable | disable reinitialize Defaults None. Mode Switch command, Read‐Write. Example This example shows how to disable SSH: Matrix(rw)->set ssh disable set ssh hostkey Use this command to set or reinitialize new SSH authentication keys. Syntax set ssh hostkey [reinitialize] Parameters reinitialize Defaults None. Mode Switch command, Read‐Write. Example This example shows how to regenerate SSH keys: Matrix(rw)->set ssh hostkey reinitialize show router ssh Use this command to display the state of SSH service to the router.
Page 817: Set Router Ssh
{enable | disable} Parameters enable | disable Defaults None. Mode Switch command, Read‐Write. Example This example shows how to disable SSH service to the router: Matrix(rw)->set router ssh disable clear router ssh Use this command to reset SSH service to the router to the default state of disabled. Syntax clear router ssh Parameters None. Defaults None. Enables or disable SSH service. Enterasys Matrix DFE-Gold Series Configuration Guide 24-13 Configuring Secure Shell (SSH)
Page 818 Configuring Secure Shell (SSH) Mode Switch command, Read‐Write. Example This example shows how to reset SSH service to the router to the default state of disabled: Matrix(rw)->clear router ssh 24-14 Security Configuration clear router ssh...
Page 819: Configuring Access Lists
Extended IP access list 101 permit icmp host 18.2.32.130 any permit udp host 198.92.32.130 host 171.68.225.126 eq “Enabling Router Configuration (Optional) Displays access list information for a specific access list number. Valid values are between 1 and 199. Enterasys Matrix DFE-Gold Series Configuration Guide 24-15 Configuring Access Lists Modes” on Refer to page... 24-15 24-16 24-17...
Page 820: Access-List (Standard)
Configuring Access Lists deny ip 150.136.0.0 0.0.255.255 224.0.0.0 15.255.255.255 deny ip 11.6.0.0 0.1.255.255 224.0.0.0 15.255.255.255 2) deny ip 172.24.24.0 0.0.1.255 224.0.0.0 15.255.255.255 access-list (standard) Use this command to define a standard IP access list by number when operating in router mode. Restrictions defined by an access list are applied by using the ip access‐group command (“ip access‐group” on page 24‐20). Syntax access-list access-list-number [insert | replace entry] | [log 1-5000 | all] [move destination source1 [source2]] {deny | permit} source [source-wildcard] no access-list access-list-number [entry] To insert or replace an ACL entry:...
Page 821: Access-List (Extended)
[source2] To log entries within an ACL: access-list access-list-number log 1-5000 | all Important Notice “Activating Advanced Routing Features” on page 21-1 in order to Enterasys Matrix DFE-Gold Series Configuration Guide 24-17 Configuring Access Lists...
Page 822 Configuring Access Lists To apply ACL restrictions to IP, UDP, or ICMP packets: access-list access-list-number {deny | permit} protocol source [source-wildcard] [operator [port]] destination [destination-wildcard] [operator [port]] [tos-extensions][icmp-type [icmp-code] [log] To apply ACL restrictions to TCP packets: access-list access-list-number {deny | permit} protocol source [source-wildcard] [operator [port]] destination [destination-wildcard] [operator [port]] [tos-extensions][icmp-type [icmp-code] [established] [log] no access-list access-list-number [entry]...
Page 823 • lt port ‐ Match only packets with a lower port number. • gt port ‐ Match only packets with a greater port number. • eq port ‐ Match only packets on a given port number. • neq port ‐ Match only packets not on a given port number. • range min‐sport max‐sport ‐ Match only packets in the range of source ports • range min‐dport max‐dport ‐ Match only packets in the range of destination ports. (Optional) Applies access rules to the precedence and/or tos fields, or to the DiffServ field. That is, you can specify one or both precedence and tos fields, or you can specify the DiffServ field. Use the following keyword/value pairs to specify the tos‐extensions: • precedence value (0‐7) ‐ Match packets based on the IP precedence value. • tos value (0‐15) ‐ Match packets based on the IP Type of Service value. • dscp value (0‐63) ‐ Match packets based on the Diffserv codepoint value. (Optional) Applies TCP restrictions to established connections only. (Optional) Enable the rule being configured for syslog. Enterasys Matrix DFE-Gold Series Configuration Guide 24-19 Configuring Access Lists...
Page 824: Ip Access-Group
Configuring Access Lists Mode Router command, Global configuration: Matrix>Router(config)# Usage Valid access‐list‐numbers for extended ACLs are 100 to 199. For standard ACLs, valid values are 1 to 99. Restrictions defined by an access list are applied by using the ip access‐group command as described in “ip access‐group” on page 24‐20. The “no” form of this command removes the defined access list or entry. Examples This example shows how to define access list 101 to deny ICMP transmissions from any source and for any destination: Matrix>Router(config)#access-list 101 deny ICMP any any This example shows how to define access list 102 to deny TCP packets transmitted from IP source 10.1.2.1 with a port number of 42 to any destination. Matrix>Router(config)#access-list 102 deny TCP host 10.1.2.1 eq 42 any This example shows how to define access list 101 to deny TCP packets transmitted from any IP source port with the precedence field set to a value of 3 and the tos field set to a value of 4. Matrix>Router(config)#access-list 101 deny tcp any precedence 3 tos 4 This example shows how to define access list 102 to deny TCP packets transmitted from any IP ...
Page 825 Usage ACLs must be applied per routing interface. An entry (rule) can either be applied to inbound or outbound frames. The “no” form of this command removes the specified access list. Example This example shows how to apply access list 1 for all inbound frames on VLAN 1. Through the definition of access list 1, only frames with destination 192.5.34.0 will be routed. All the frames with other destination received on VLAN 1 are dropped: Matrix>Router(config)#access-list 1 permit 192.5.34.0 0.0.0.255 Matrix>Router(config)#interface vlan 1 Matrix>Router(config-if(Vlan 1))#ip access-group 1 in Configuring Access Lists Enterasys Matrix DFE-Gold Series Configuration Guide 24-21...
Page 826: Show Hostdos
Configuring Denial of Service (DoS) Prevention Configuring Denial of Service (DoS) Prevention Router: These commands can be executed when the device is in router mode only. For details on how to enable router configuration modes, refer to page 2-103. Purpose To configure Denial of Service (DoS) prevention, which will protect the router from attacks and ...
Page 827: Hostdos
{land | fragmicmp | largeicmp size | checkspoof} Parameters land fragmicmp largeicmp size checkspoof portscan Defaults None. Mode Router command, Global configuration: Matrix>Router(config)#, or Interface configuration: Matrix>Router(config‐if(Vlan <vlan_id>))# Usage The “no” form of this command disables the specified security features. Enables land attack protection and automatically discards illegal frames. This can be enabled globally, or per‐interface. Enables fragmented ICMP and Ping of Death packets protection and automatically discards illegal frames. This can only be enabled globally. Enables large ICMP packets protection, specifies the packet size above which the protection starts, and automatically discards illegal frames. Valid packet size values are 1 to 65535. The default is 1024. This can only be enabled globally. Enables spoofed address checking and automatically reports spoofed addresses via Syslog. This can be enabled globally, or per‐interface. Enables UDP and TCP port scan protection. This can only be enabled globally. Enterasys Matrix DFE-Gold Series Configuration Guide 24-23 Configuring Denial of Service (DoS) Prevention...
Page 828: Clear Hostdos-Counters
Configuring Denial of Service (DoS) Prevention Examples This example shows how to globally enable land attack and large ICMP packets protection for packets larger than 2000 bytes: Matrix>Router(config)#hostdos land Matrix>Router(config)#hostdos largeicmp 2000 This example shows how to enable spoofed address checking on the VLAN 1 interface: Matrix>Router(config)#interface vlan 1 Matrix>Router(config-if(Vlan 1))#hostdos checkspoof clear hostdos-counters Use this command to clear Denial of Service security counters. Syntax clear hostdos-counters Parameters None. Defaults None. Mode Router command, Global configuration: Matrix>Router(config)# Example This example shows how to clear Denial of Service security counters: Matrix>Router(config)#clear hostdos-counters 24-24 Security Configuration clear hostdos-counters...
Page 829: About Fst
Configuring Flow Setup Throttling (FST) Refer to page... Enterasys Matrix DFE-Gold Series Configuration Guide 24-25 24-26 24-26 24-27 24-28 24-28 24-29 24-30...
Page 830: Show Flowlimit
Use this command to display flow setup throttling information. Syntax show flowlimit [port [port-string]] [stats [port-string]] Parameters port port‐string stats port‐string Defaults If no optional parameters are specified, detailed flow limiting information will be displayed for all ports. Mode Switch command, Read‐Only. Example This example shows how to display flow limiting information for Fast Ethernet port 1 in module 2. In this case, it is enabled for FST with an “unspecified” port classification, is currently operational, and has no FST action assigned: Matrix(rw)->show flowlimit limit port fe.2.1 Flow setup throttling port configuration: Port Class --------- ------------------ -------- --------------------- ---------- ----- fe.2.1...
Page 831: Set Flowlimit Limit
24‐28. This limit can be assigned to one or more ports using the set flowlimit class command as described in “set flowlimit port” on page 24‐31. Example This example shows how to set the flow limit 1 to 12 flows on ports classified as user ports: Matrix(rw)->set flowlimit limit1 12 userport Specifies this configuration as limit 1 or 2. Two limits assigned to two actions (describing what will occur when a certain flow limit is reached) can be defined per user classification. Specifies the number of flows that will trigger the associated action configuration. Valid values are 0 ‐ 4294967295. (Optional) Assigns this limit configuration to the user classification port type: • user port • server port • aggregation port • inter‐switch link • unspecified port Enterasys Matrix DFE-Gold Series Configuration Guide 24-27 Configuring Flow Setup Throttling (FST)
Page 832: Clear Flowlimit Limit
| unspecified] Parameters limit1 | limit2 userport | serverport | aggregateduser | interswitchlink | unspecified Defaults If not specified, the limit will be removed from all port classification types. Mode Switch command, Read‐Write. Example This example shows how to remove flow limit 1 from all port classifications: Matrix(rw)->clear flowlimit limit1 set flowlimit action Use this command to associate an action with a flow limit. This is the action that will occur once the associated flow limit is reached. Syntax set flowlimit {action1 | action2} [notify] [drop] [disable] [userport | serverport | aggregateduser | interswitchlink | unspecified] Parameters action1 | action2...
Page 833: Clear Flowlimit Action
| aggregateduser | interswitchlink | unspecified] Parameters action1 | action2 notify drop (Optional) When flow limit is reached, drops excess flows and discard packets. (Optional) When flow limit is reached, disables the interface (if the set flowlimit shutdown function is enabled as described in “set flowlimit shutdown” on page 24‐32). This will clear all FST settings on the port. (Optional) Assigns this action configuration to the user classification port type: • user port • server port • aggregation port • inter‐switch link • unspecified port Specifies the configuration to be removed as action 1 or 2. (Optional) Removes the notify action. (Optional) Removes the drop action. Enterasys Matrix DFE-Gold Series Configuration Guide 24-29 Configuring Flow Setup Throttling (FST)
Page 834: Show Flowlimit Class
Configuring Flow Setup Throttling (FST) disable userport | serverport | aggregateduser | interswitchlink | unspecified Defaults • If not specified, all action types will be removed. • If not specified, the action will be removed from all port classifications. Mode Switch command, Read‐Write. Example This example shows how to remove flow limiting action 1 from all port classifications: Matrix(rw)->clear flowlimit action1 show flowlimit class Use this command to display flow limiting classification configuration(s). Syntax show flowlimit class [userport | serverport | aggregateduser | interswitchlink | unspecified] Parameters userport | serverport | aggregateduser | ...
Page 835: Set Flowlimit Port
Enables or disables flow limiting on specified ports. Assigns a user classification type to the port(s) as: • user port • server port • aggregation port • interswitch link • unspecified port Enables an interface previously disabled by a flow limiting action. (Optional) Specifies port(s) on which to configure flow limiting parameters. Enterasys Matrix DFE-Gold Series Configuration Guide 24-31 Configuring Flow Setup Throttling (FST) :notify :disable,notify :notify :disable,notify :notify :disable,notify :notify :disable,notify :notify :disable,notify...
Page 836: Clear Flowlimit Port Class
Configuring Flow Setup Throttling (FST) Defaults If port‐string is not specified, settings will apply to all ports. Mode Switch command, Read‐Write. Usage Once a classification is assigned, these ports will be subject to the flow limit configured (with the set flowlimit limit command as described in “set flowlimit limit” on page 24‐27) and the action configured (with the set flowlimit action command as described in “set flowlimit action” on page 24‐28). Example This example shows how to assign the user port classification type to Fast Ethernet ports 3‐5 in module 2: Matrix(rw)->set flowlimit port class userport fe.2.3-5 clear flowlimit port class Use this command to remove flow limiting port classification properties. Syntax clear flowlimit port class [port-string] Parameters port‐string Defaults If port‐string is not specified, classifications will be removed from all ports.
Page 837: Set Flowlimit Notification
Use this command to enable or disable flow limit notification, or to set a notification interval. Syntax set flowlimit notification {disable | enable | interval} Parameters disable | enable interval Defaults None. Mode Switch command, Read‐Write. Example This example shows how to enable the flow limit notification function: Matrix(rw)->set flowlimit notification enable Enables or disables the flow limit shut down function. Disables or enables SNMP notification. Specifies a notification interval (in seconds) for SNMP trap messages. Valid values are 0 ‐ 4294967295. Enterasys Matrix DFE-Gold Series Configuration Guide 24-33 Configuring Flow Setup Throttling (FST)
Page 838: Clear Flowlimit Notification Interval
Configuring Flow Setup Throttling (FST) clear flowlimit notification interval Use this command to reset the SNMP flow limit notification interval to the default value of 120 seconds. Syntax clear flowlimit notification interval Parameters None. Defaults None. Mode Switch command, Read‐Write. Example This example shows how to reset the SNMP flow limit notification interval: Matrix(rw)->clear flowlimit notification interval clear flowlimit stats Use this command to reset flow limiting statistics back to default values on one or more port(s). Syntax clear flowlimit stats [port-string] Parameters port‐string Defaults If port‐string is not specified, statistics will be reset on all ports.
Page 839: Chapter 25: Authentication Configuration
Authentication” on page 25‐2. • Port Web Authentication (PWA) — used for controlling access to network resources on a per user basis via HTTP. For details, refer to “Configuring Port Web Authentication (PWA)” on page 25‐11. • MAC Authentication — used for controlling access to network resources on a per MAC address basis. For details, refer to “Configuring MAC Authentication” on page 25‐26. • Convergence End Point (CEP) — Convergence Endpoint (CEP) detection is an Enterasys Networks mechanism for identifying IP phones that are connected to a given switch. When an endpoint is discovered, a policy is then assigned to the endpoint. For details, refer to “Configuring Convergence End Points (CEP) Phone Detection” on page 25‐39. Authentication Configuration http://www.enterasys.com/support/ Enterasys Matrix DFE-Gold Series Configuration Guide 25-1 Refer to page... 25-1 25-2 25-11 25-26 25-39 25-50 25-50 25-53 25-60 25-63...
Page 840: Configuring 802.1X Authentication
Configuring 802.1X Authentication • Local user credentials — used for local authentication and authorization of CLI and WebView management sessions. For details, refer to “Setting User Accounts and Passwords” on page 2‐15 and “Setting the Authentication Login Method” on page 25‐50. • Remote AAA service — used for remote authentication, authorization, and accounting of CLI and WebView management sessions, as well as all network access sessions provisioned by way of 802.1x, PWA, or MAC Authentication. For details, refer to “Setting the Authentication Login Method” on page 25‐50 and “Configuring 802.1X Authentication” on page 25‐2. • Support for RADUIS, RFC 3580, and TACACS+ can be found in the following sections: “Configuring RADIUS” on page 25‐53, “Configuring RFC 3580” on page 25‐60, and “Configuring TACACS+” on page 25‐63 Configuring 802.1X Authentication About Multi-User Authentication Enterasys Networks’ enhanced version of the IEEE 802.1X‐2001 specification decreases security vulnerabilities inherent with the standard implementation, and allows multiple devices and users, also known as “supplicants,” to be authenticated on a single port. The enhanced standard clearly distinguishes each network access port from its access “entities,” which maintain authentication instructions associated with each unique potential supplicant. 802.1X enhancements are backwards‐compatible with existing 802.1X supplicants and configurations, and are designed to seamlessly integrate into Enterasys’ per‐user policy management system; allowing much more granular control over user authorization. The Enterasys multi‐user 802.1X implementation includes the following components: • A Multi‐Mode Enabled Enterasys Matrix System—only when a system is set to operate in multiple authentication mode (as described in “Configuring Multiple Authentication” on ...
Page 841: Show Dot1X
If no parameters are specified, 802.1X status will be displayed. • If all is not specified, only active entries will be displayed. • If index is not specified, information for all access entities will be displayed. • If port‐string is not specified, information for all ports will be displayed. (Optional) Displays authentication configuration information. (Optional) Displays access entity information. (Optional) Displays authentication diagnostics information. (Optional) Displays authentication session statistics. (Optional) Displays authentication statistics. (Optional) Displays inactive and active authentication entries. Displays information for one or all MAC addresses. (Optional) Displays information for one or more access entities. Valid values are 0 ‐ 8191. (Optional) Displays the status of port initialization and reauthentication control. (Optional) Displays information for specific port(s). For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. Enterasys Matrix DFE-Gold Series Configuration Guide 25-3 Configuring 802.1X Authentication Refer to page... 25-3 25-5 25-7 25-7 25-9...
Page 842 Configuring 802.1X Authentication Mode Switch command, Read‐Only. Examples This example shows how to display 802.1X status: Matrix(rw)->show dot1x DOT1X is disabled. This example shows how to display authentication diagnostics information for fe.1.1: Matrix(rw)->show dot1x auth-diag fe.1.1 Port: 1 Auth-Diag: Enter Connecting: EAP Logoffs While Connecting: Enter Authenticating: Success While Authenticating: Timeouts While Authenticating: Fail While Authenticating: ReAuths While Authenticating:...
Page 843: Show Dot1X Auth-Config
[quietperiod] [reauthenabled] [reauthperiod] [servertimeout] [supptimeout] [txperiod] [port-string] Parameters authcontrolled‐ portcontrol keytxenabled maxreq quietperiod reauthenabled reauthperiod servertimeout supptimeout 0:0:0:0:0:0 (Optional) Displays the current value of the controlled Port control parameter for the Port. (Optional) Displays the state of 802.1X key transmission currently in use by the authenticator PAE state machine. (Optional) Displays the value set for maximum requests currently in use by the backend authentication state machine. (Optional) Displays the value set for quiet period currently in use by the authenticator PAE state machine. (Optional) Displays the state of reauthentication control used by the Reauthentication Timer state machine. (Optional) Displays the value, in seconds, set for the reauthentication period used by the reauthentication timer state machine. (Optional) Displays the server timeout value, in seconds, currently in use by the backend authentication state machine. (Optional) Displays the authentication supplicant timeout value, in seconds, currently in use by the backend authentication state machine. Enterasys Matrix DFE-Gold Series Configuration Guide 25-5 Configuring 802.1X Authentication...
Page 844 Configuring 802.1X Authentication txperiod port‐string Defaults • If no parameters are specified, all 802.1X settings will be displayed. • If port‐string is not specified, information for all ports will be displayed. Mode Switch command, Read‐Only. Examples This example shows how to display the EAPOL port control mode for fe.1.1: Matrix(rw)->show dot1x auth-config authcontrolled-portcontrol fe.1.1 Port 1: Auth controlled port control: This example shows how to display the 802.1X quiet period settings for fe.1.1: Matrix(rw)->show dot1x auth-config quietperiod fe.1.1 Port 1: Quiet period: This example shows how to display all 802.1X authentication configuration settings for fe.2.24: Matrix(rw)->show dot1x fe.2.24 Port: fe.2.24...
Page 845: Set Dot1X
{[authcontrolled-portcontrol {auto | forced-auth | forced- unauth}] [keytxenabled{false | true}] [maxreq value] [quietperiod value] [reauthenabled {false | true}] [reauthperiod value] [servertimeout timeout] [supptimeout timeout] [txperiod value]} [port-string] Enables or disables 802.1X. Reinitializes one or more access entities or reauthenticates one or more supplicants. (Optional) Specifies the port(s) to reinitialize or reauthenticate. (Optional) Specifies one or more access entities on which to enable initialization or reauthentication control. Valid values are 0 ‐ 8191. Enterasys Matrix DFE-Gold Series Configuration Guide 25-7 Configuring 802.1X Authentication...
Page 846 Defaults If port‐string is not specified, authentication parameters will be set on all ports Mode Switch command, Read‐Write. Examples This example shows how to set EAPOL port control to forced authorized mode on ports fe.1.1‐5, which disables authentication on these ports: Matrix(rw)->set dot1x auth-config authcontrolled-portcontrol forced-auth fe.1.1-5 25-8 Authentication Configuration Specifies the EAPOL port control mode as: • auto ‐ Auto authorization mode (default). The Enterasys Matrix system will only forward frames received on a port which are considered authenticated according to the state of the corresponding access entity. • forced‐auth ‐ Forced authorized mode, which effectively disables 802.1X authentication on the port, and allows all frames received on the port to be forwarded.
Page 847: Clear Dot1X Auth-Config
If port‐string is not specified, parameters will be set on all ports. Mode Switch command, Read‐Write. Examples This example shows how to reset the 802.1X port control mode to auto on all ports: Matrix(rw)->clear dot1x auth-config authcontrolled-portcontrol This example shows how to reset reauthentication control to disabled on ports fe.1.1‐3: Matrix(rw)->clear dot1x auth-config reauthenabled fe.1.1-3 This example shows how to reset the 802.1X quiet period to 60 seconds on ports fe.1.1‐3: (Optional) Resets the 802.1X port control mode to auto. (Optional) Resets the 802.1X key transmission state to disabled (false). (Optional) Resets the maximum requests value to 2. (Optional) Resets the quiet period value to 60 seconds. (Optional) Resets the reauthentication control state to disabled (false). (Optional) Resets the reauthentication period value to 3600 seconds. (Optional) Resets the server timeout value to 30 seconds. (Optional) Resets the authentication supplicant timeout value to 30 seconds. (Optional) Resets the transmission period value to 30 seconds. (Optional) Resets settings on specific port(s). For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. Enterasys Matrix DFE-Gold Series Configuration Guide 25-9 Configuring 802.1X Authentication...
Page 848 Configuring 802.1X Authentication clear dot1x auth-config Matrix(rw)->clear dot1x auth-config quietperiod fe.1.1-3 25-10 Authentication Configuration...
Page 849: Configuring Port Web Authentication (Pwa)
Matrix(rw)->set multiauth port mode auth-opt fe.*.* For details on using the set multiauth port command, refer to “set multiauth port” on page 27‐6. Setting the port mode in this fashion will allow traffic to flow through the port without authentication according to its configuration. By default, this would allow all traffic to be forwarded. Conversely, you could configure the ports to drop all traffic, but this is not the most effective solution. Better yet would be to configure the port to provide only the minimal services and nothing more. The most powerful tool for accomplishing this goal is policy configuration. Policies provide the flexibility needed to tailor these services to the configuration and security needs of your environment. This example shows how to configure a policy profile that will discard all traffic by default: Matrix(rw)->set policy profile 1 name “Unauthenticated User” pvid 0 pvid-status enable This example shows how to configure policy profile rule 1 that will enable the selective services required for PWA. This rule will: • forward ARP requests, Configuring Port Web Authentication (PWA) Enterasys Matrix DFE-Gold Series Configuration Guide 25-11...
Page 850: Purpose
Configuring Port Web Authentication (PWA) • allow access to a server (at IP 1.2.3.4) that acts as both a DNS and DHCP server, and • be assigned as the default policy profile for all Fast Ethernet ports. Matrix(rw)->set policy rule 1 ether 0x806 forward Matrix(rw)->set policy rule 1 ipdest 1.2.3.4 forward Matrix(rw)->set policy rule 1 udpdest 67 forward Matrix(rw)->set policy rule 1 updsource 68 forward Matrix(rw)->set policy port fe.*.* 1 Also, the PWA client must be configured (statically, or through DHCP) to have routes to both the ...
Page 851: Show Pwa
(Optional) Displays PWA information for specific port(s). - enabled - 192.168.62.99 - PAP - N/A - enabled - guest - N/A AuthStatus QuietPeriod -------------- ----------- disconnected Enterasys Matrix DFE-Gold Series Configuration Guide 25-13 Configuring Port Web Authentication (PWA) Refer to page... 25-24 25-24 25-25 MaxReq ---------...
Page 852: Show Pwa Output Details
“set pwa enhancedmode” on page 25-20. Whether the Enterasys Networks logo will be displayed or hidden at user login. Default state of enabled (displayed) can be changed using the set pwa displaylogo command as described in displaylogo”...
Page 853: Set Pwa
25‐7. For information on disabling MAC authentication, refer to “set macauthentication” on page 25‐29. Example This example shows how to enable port web authentication: Matrix(rw)->set pwa enable set pwa hostname Use this command to set a port web authentication host name. Syntax set pwa hostname name Parameters name Defaults None. Mode Switch command, Read‐Write. Usage This is a URL for accessing the PWA login page. Enables or disables port web authentication. Specifies a name for accessing the PWA login page. Enterasys Matrix DFE-Gold Series Configuration Guide 25-15 Configuring Port Web Authentication (PWA)
Page 854: Clear Pwa Hostname
Parameters None. Defaults None. Mode Switch command, Read‐Write. Example This example shows how to clear the PWA host name: Matrix(rw)->clear pwa hostname show pwa banner Use this command to display the port web authentication login banner string. Syntax show pwa banner Parameters None. Defaults None. Mode Switch command, Read‐Only. Example This example shows how to display the PWA login banner: Matrix(rw)->show pwa banner Welcome to Enterasys Networks 25-16 Authentication Configuration clear pwa hostname...
Page 855: Set Pwa Banner
Use this command to disable the currently configured PWA banner. Syntax set pwa displaylogo hide Parameters None. Defaults None. Mode Switch command, Read‐Write. Example This example disables the current PWA login banner: Matrix(rw)->set pwa displaylogo hide clear pwa banner Use this command to reset the PWA login banner to a blank string. Syntax clear pwa banner Specifies the PWA login banner. Enterasys Matrix DFE-Gold Series Configuration Guide 25-17 Configuring Port Web Authentication (PWA)
Page 856: Set Pwa Displaylogo
Configuring Port Web Authentication (PWA) Parameters None. Defaults None. Mode Switch command, Read‐Write. Example This example shows how to reset the PWA login banner to a blank string Matrix(rw)->clear pwa banner set pwa displaylogo Use this command to set the display options for the Enterasys Networks logo. Syntax set pwa displaylogo {display | hide} Parameters display | hide Defaults None. Mode Switch command, Read‐Write. Example This example shows how to hide the Enterasys Networks logo: Matrix(rw)->set pwa displaylogo hide set pwa redirecttime Use this command to set the PWA login success page redirect time.
Page 857: Set Pwa Ipaddress
Parameters ip‐address Defaults None. Mode Switch command, Read‐Write. Usage This is the IP address of the end station from which PWA will prevent network access until the user is authenticated. Example This example shows how to set a PWA IP address of 1.2.3.4: Matrix(rw)->set pwa ipaddress 1.2.3.4 set pwa protocol Use this command to set the port web authentication protocol. Syntax set pwa protocol {chap | pap} Specifies a globally unique IP address. This same value must be configured into every authenticating switch in the domain. Enterasys Matrix DFE-Gold Series Configuration Guide 25-19 Configuring Port Web Authentication (PWA)
Page 858: Set Pwa Enhancedmode
Configuring Port Web Authentication (PWA) Parameters chap | pap Defaults None. Mode Switch command, Read‐Write. Example This example shows how to set a the PWA protocol to CHAP: Matrix(rw)->set pwa protocol chap set pwa enhancedmode Use this command to enable or disable PWA enhanced mode. Syntax set pwa enhancedmode {enable | disable} Parameters enable | disable Defaults None. Mode Switch command, Read‐Write. Usage When enabled, users on unauthenticated PWA ports can type any URL into a browser and be presented the PWA login page on their initial web access. They will also be granted guest networking privileges. Example This example shows how to enable PWA enhanced mode: ...
Page 859: Set Pwa Guestname
Example This example shows how to set the PWA guest user name to “guestuser”: Matrix(rw)->set pwa guestname guestuser clear pwa guestname Use this command to clear the PWA guest user name. Syntax clear pwa guestname Parameters None. Defaults None. Mode Read‐Write. Example This example shows how to clear the PWA guest user name Matrix(rw)->clear pwa guestname Specifies a guest user name. Enterasys Matrix DFE-Gold Series Configuration Guide 25-21 Configuring Port Web Authentication (PWA)
Page 860: Set Pwa Guestpassword
Configuring Port Web Authentication (PWA) set pwa guestpassword Use this command to set the guest user password for PWA networking. Syntax set pwa guestpassword Parameters None. Defaults None. Mode Switch command, Read‐Write. Usage When enhanced mode is enabled, (as described in “set pwa enhancedmode” on page 25‐20) PWA will use this password and the guest user name to grant network access to guests without established login names and passwords. Example This example shows how to set the PWA guest user password name: Matrix(rw)->set pwa guestpasword Guest Password: ********* Retype Guest Password: ********* set pwa gueststatus Use this command to enable or disable guest networking for port web authentication. ...
Page 861: Set Pwa Initialize
This example shows how to initialize ports fe.1.5‐7: Matrix(rw)->set pwa initialize fe.1.5-7 set pwa quietperiod Use this command to set the amount of time a port will remain in the held state after a user unsuccessfully attempts to log on to the network. Syntax set pwa quietperiod time [port-string] Parameters time port‐string (Optional) Initializes specific port(s). For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. Specifies quiet time in seconds. (Optional) Sets the quiet period for specific port(s). For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. Enterasys Matrix DFE-Gold Series Configuration Guide 25-23 Configuring Port Web Authentication (PWA)
Page 862: Set Pwa Maxrequests
Configuring Port Web Authentication (PWA) Defaults If port‐string is not specified, quiet period will be set for all ports. Mode Read‐Write. Example This example shows how to set the PWA quiet period to 30 seconds for ports fe.1.5‐7: Matrix(rw)->set pwa quietperiod 30 fe.1.5-7 set pwa maxrequests Use this command to set the maximum number of log on attempts allowed before transitioning the PWA port to a held state. Syntax set pwa maxrequests maxrequests [port-string] Parameters maxrequests port‐string Defaults If port‐string is not specified, maximum requests will be set for all ports. Mode Read‐Write. Example This example shows how to set the PWA maximum requests to 3 for all ports: Matrix(rw)->set pwa maxrequests 3 set pwa portcontrol Use this command to set the PWA port control mode.
Page 863: Show Pwa Session
00-c0-4f-20-05-4b 172.50.15.121 ge.2.19 00-c0-4f-24-51-70 172.50.15.120 ge.2.19 00-00-f8-78-9c-a7 172.50.15.61 Enables or disables PWA on the specified port. (Optionally) Enables or disables a specific port(s). For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. (Optional) Displays PWA session information for specific port(s). For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. User pwachap10 pwachap1 pwachap11 Enterasys Matrix DFE-Gold Series Configuration Guide 25-25 Configuring Port Web Authentication (PWA) Duration Status 0,14:46:55 active 0,15:43:30 active 0,14:47:58 active...
Page 864: Configuring Mac Authentication
Configuring MAC Authentication Configuring MAC Authentication Purpose To review, disable, enable and configure MAC authentication. This allows the device to authenticate source MAC addresses in an exchange with an authentication server. The authenticator (switch) selects a source MAC seen on a MAC‐authentication enabled port, and submits it to a backend client for authentication. The backend client uses the MAC address stored password, if required, as credentials for an authentication attempt. If accepted, a string representing an access policy may be returned. If present, the switch applies the associated policy rules. For an information on configuring policy classification, refer back to Chapter Commands For information about... show macauthentication show macauthentication session set macauthentication set macauthentication password clear macauthentication password set macauthentication significant-bits clear macauthentication significant-bits set macauthentication port...
Page 865: Show Macauthentication Output Details
Any other failure to authenticate the full address, (i.e., authentication server timeout) causes the next attempt to start once again with a full MAC authentication. Default is 48 and cannot be reset. Enterasys Matrix DFE-Gold Series Configuration Guide 25-27 Configuring MAC Authentication Auth...
Page 866: Show Macauthentication Session
Auth Allowed Auth Allocated Reauthentications show macauthentication session Use this command to display the active MAC authenticated sessions. Syntax show macauthentication session Parameters None. Defaults If port‐string is not specified, MAC session information will be displayed for all MAC authentication ports. Mode Switch command, Read‐Only. Example This example shows how to display MAC session information: Matrix(rw)->show macauthentication session Port MAC Address ----- ----------------- ge.1.2 00:60:97:b5:4c:07 Table 25‐3 provides an explanation of the command output. 25-28 Authentication Configuration What it displays...
Page 867: Set Macauthentication Password
Whether or not reauthentication is enabled or disabled on this port. Set using the set macauthentication reauthentication command described in “set macauthentication Globally enables or disables MAC authentication. Specifies a text string MAC authentication password. Enterasys Matrix DFE-Gold Series Configuration Guide 25-29 Configuring MAC Authentication CLI” on page 4-2. “set reauthentication” on page 25-34.
Page 868: Clear Macauthentication Password
Configuring MAC Authentication Defaults None. Mode Switch command, Read‐Write. Examples This example shows how to set the MAC authentication password to “macauth”: Matrix(rw)->set macauthentication password macauth clear macauthentication password Use this command to clear the MAC authentication password. Syntax clear macauthentication password Parameters None. Defaults None. Mode Switch command, Read‐Write. Examples This example shows how to clear the MAC authentication password: Matrix(rw)->clear macauthentication password set macauthentication significant-bits Use this command to set the number of significant bits of the MAC address to use for authentication. Syntax set macauthentication significant-bits number...
Page 869: Clear Macauthentication Significant-Bits
Switch command, Read‐Write. Example This example shows how to clear the MAC authentication significant bits setting: Matrix(rw)->clear macauthentication significant-bits set macauthentication port Use this command to enable or disable one or more ports for MAC authentication. Syntax set macauthentication port {enable | disable} port-string Parameters enable | disable port‐string Defaults None. Mode Switch command, Read‐Write. Enables or disables MAC authentication. Specifies port(s) on which to enable or disable MAC authentication. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. Enterasys Matrix DFE-Gold Series Configuration Guide 25-31 Configuring MAC Authentication...
Page 870: Set Macauthentication Authallocated
Use this command to set the number of MAC authentication sessions allowed for one or more ports. Syntax set macauthentication authallocated number port-string Parameters number port‐string Defaults None. Mode Switch command, Read‐Write. Example This example shows how to set the number of allowed MAC authentication sessions to 4 on ge.2.1: Matrix(rw)->set macauthentication authallocated 4 ge.2.1 clear macauthentication authallocated Use this command to clear the number of MAC authentication sessions allowed for one or more ports. Syntax clear macauthentication authallocated [port-string] Parameters port‐string 25-32 Authentication Configuration Specifies the number of authentication sessions allowed. ...
Page 871: Set Macauthentication Portinitialize
Parameters port‐string Defaults None. Mode Switch command, Read‐Write. Example This example shows how to force ge.2.1 through 5 to initialize: Matrix(rw)->set macauthentication portinitialize ge.2.1-5 set macauthentication macinitialize Use this command to force a current MAC authentication session to re‐initialize and remove the session. Syntax set macauthentication macinitialize mac_addr Parameters mac_addr Specifies the MAC authentication port(s) to re‐initialize. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. Specifies the MAC address of the session to re‐initialize. Enterasys Matrix DFE-Gold Series Configuration Guide 25-33 Configuring MAC Authentication...
Page 872: Set Macauthentication Reauthentication
Configuring MAC Authentication Defaults None. Mode Switch command, Read‐Write. Example This example shows how to force the MAC authentication session for address 00‐60‐97‐b5‐4c‐07 to re‐initialize: Matrix(rw)->set macauthentication macinitialize 00-60-97-b5-4c-07 set macauthentication reauthentication Use this command to enable or disable reauthentication of all currently authenticated MAC addresses on one or more ports. Syntax set macauthentication reauthentication {enable | disable} port-string Parameters enable | disable port‐string Defaults None. Mode Switch command, Read‐Write. Example This example shows how to enable MAC reauthentication on ge.4.1 though 5: Matrix(rw)->set macauthentication reauthentication enable ge.4.1-5 set macauthentication portreauthenticate Use this command to force an immediate reauthentication of the currently active sessions on one ...
Page 873: Set Macauthentication Macreauthenticate
Parameters mac_addr Defaults None. Mode Switch command, Read‐Write. Example This example shows how to force the MAC authentication session for address 00‐60‐97‐b5‐4c‐07 to reauthenticate: Matrix(rw)->set macauthentication macreauthenticate 00-60-97-b5-4c-07 set macauthentication reauthperiod Use this command to set the MAC reauthentication period (in seconds). Syntax set macauthentication reauthperiod time port-string Specifies MAC authentication port(s) to be reauthenticated. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. Specifies the MAC address of the session to reauthenticate. Enterasys Matrix DFE-Gold Series Configuration Guide 25-35 Configuring MAC Authentication...
Page 874: Clear Macauthentication Reauthperiod
Configuring MAC Authentication Parameters time port‐string Defaults None. Mode Switch command, Read‐Write. Usage This is the time lapse between attempts to reauthenticate any current MAC address authenticated to a port. Example This example shows how to set the MAC reauthentication period to 7200 seconds (2 hours) on ge.2.1 through 5: Matrix(rw)->set macauthentication reauthperiod 7200 ge.2.1-5 clear macauthentication reauthperiod Use this command to clear the MAC reauthentication period on one or more ports. Syntax clear macauthentication reauthperiod [port-string] Parameters port‐string Defaults If port‐string is not specified, the reauthentication period will be cleared on all ports. Mode Switch command, Read‐Write. Example This example shows how to globally clear the MAC reauthentication period: Matrix(rw)->clear macauthentication reauthperiod 25-36 Authentication Configuration Specifies the number of seconds between reauthentication attempts. ...
Page 875: Set Macauthentication Quietperiod
Matrix(rw)->set macauthentication quiet period 120 ge.2.1-5 clear macauthentication quietperiod Use this command to clear the macauthentication quiet period on one or more ports to the default value. Syntax clear macauthentication quietperiod [port-string] Parameters port‐string Defaults None. Mode Switch command, Read‐Write. Specifies the number of seconds between reauthentication attempts. Valid values are 0 ‐ 4294967295. Specifies the port(s) on which to set the macauthentication quiet period. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. (Optional) Clears the macauthentication quiet period on specific port(s). For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. Enterasys Matrix DFE-Gold Series Configuration Guide 25-37 Configuring MAC Authentication...
Page 876 Configuring MAC Authentication Usage The default value is 0 (never). Example This example shows how to clear the macauthentication quietperiod for port ge.1.1 Matrix(rw)->clear macauthentication quietperiod ge.1.1: 25-38 Authentication Configuration clear macauthentication quietperiod...
Page 877: Configuring Convergence End Points (Cep) Phone Detection
Note: There is no way to detect if a Siemens, SIP or H.323 phone goes away other than a link down. Therefore, if these types of phones are not directly connected to the switch’s port and the phone goes away, the switch will still think there is a phone connection and any configured policy will remain on the port.
Page 878: Show Cep Connections
Configuring Convergence End Points (CEP) Phone Detection For information about... set cep detection-id type set cep detection-id address set cep detection-id protocol set cep detection-id porthigh | portlow set cep initialize clear cep show cep connections Use this command to display all learned CEPs. Syntax show cep connections port-string Parameters port‐string Defaults...
Page 879: Show Cep Policy
Address Type unknown Address Mask Type unknown Mask Row Status enabled show cep policy Use this command to display the global policies of all supported CEP types. Syntax show cep policy Parameters None. Defaults None Mode Read‐Only. Configuring Convergence End Points (CEP) Phone Detection (Optional) Show CEP detection parameters, based on the CEP configuration group id. Enterasys Matrix DFE-Gold Series Configuration Guide 25-41...
Page 880: Show Cep Port
Configuring Convergence End Points (CEP) Phone Detection Examples This example shows how to display CEP policy information: Matrix>show cep policy CEP default policies CEP Type Policy Index -------- ------------ cisco siemens h323 show cep port Use this command to display enable status of all supported CEP types. Syntax show cep port port-string Parameters port‐string Defaults None Mode Read‐Only. Examples This example shows how to display CEP status information for port fe.1.21: Matrix>show cep port fe.1.21 Port...
Page 881: Set Cep Port
Use this command to set a global default policy for a CEP detection type. Syntax set cep policy {cisco | h323 | siemens | sip} index Configuring Convergence End Points (CEP) Phone Detection Specifies the port(s) to enable or disable. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. Set the Cisco detection status on the specified ports. Set the H323 detection status on the specified ports. Set the LLDP‐MED detection status on the specified ports. Set the Siemens detection status on the specified ports. Set the SIP detection status on the specified ports. Enables or disables CEP detection as specified. Enterasys Matrix DFE-Gold Series Configuration Guide 25-43...
Page 882: Set Cep Detection-Id
Configuring Convergence End Points (CEP) Phone Detection Parameters cisco h323 siemens index Defaults None. Mode Switch command, Read‐Write. Usage This is the policy that will be applied when a phone of the specified type is detected on a port. It must be configured using the policy management commands described in Chapter Example This example shows how to assign policy index 1: Matrix>set cep policy h323 1 to all H.323 phones detected set cep detection-id Use this command to create a new H.323, Siemens, or SIP phone detection configuration group, or enable, disable or remove an existing group. Syntax set cep detection-id id {create | delete | disable | enable} Parameters id ...
Page 883: Set Cep Detection-Id Type
Defaults None. Mode Switch command, Read‐Write. Usage This command applies only to Siemens, H.323, and SIP phone detection. Cisco detection uses CiscoDP as its discovery method. There are currently 3 manual detection types (Siemens, H323, SIP). Under manual detection configuration, for each of the types, the “Endpoint Phone Type” will be listed correctly. However, the high and low ports will not reflect default ports for the “Endpoint Phone Types”. The user will have to configure the port low and high options to match their needs for the Endpoint Phone Type being configured, as described in “set cep detection‐id porthigh | portlow” on page 25‐47. Example This example shows how to set the phone detection type to H.323 for CEP group 1: Matrix>set cep detection-id 1 type h323 Configuring Convergence End Points (CEP) Phone Detection Specifies a CEP configuration group ID. This group must be created and enabled using the set cep detection‐id command as described in “set cep detection‐id” on page 25‐44. Valid values are 1 ‐ 2147483647. Specifies the phone type to detect as H.323,Siemens or SIP. Enterasys Matrix DFE-Gold Series Configuration Guide 25-45...
Page 884: Set Cep Detection-Id Address
{ ip-address | unknown } mask {mask | unknown } Parameters id address ip‐address | unknown mask mask | unknown Defaults None. Mode Switch command, Read‐Write. Usage This command applies only to Siemens, H.323, and SIP phone detection. Cisco detection uses CiscoDP as its discovery method. By default, H.323 will use 224.0.1.41 as its IP address and Siemens will have no IP address configured. Example This example shows how to set an IP address of 10.1.1.3 and mask for detection group 1: Matrix>set cep detection-id 1 address 10.1.1.3 mask 255.255.0.0 set cep detection-id protocol Use this command to specify an IP protocol type for H.323, Siemens, or SIP convergence end ...
Page 885: Set Cep Detection-Id Porthigh | Portlow
{ porthigh | portlow } port Parameters id porthigh | portlow port Defaults None. Configuring Convergence End Points (CEP) Phone Detection Specifies a CEP configuration group ID. This group must be created and enabled using the set cep detection‐id command as described in “set cep detection‐id” on page 25‐44. Valid values are 1 ‐ 2147483647. Sets the CEP IP protocol type to be used for detection as: • • UDP • Both UDP and TCP • None Specifies a CEP configuration group ID. This group must be created and enabled using the set cep detection‐id command as described in “set cep detection‐id” on page 25‐44. Valid values are 1 ‐ 2147483647. Specifies a maximum or minimum UDP or TCP port for CEP detection.Valid values are 1 ‐ 65535. Enterasys Matrix DFE-Gold Series Configuration Guide 25-47...
Page 886: Set Cep Initialize
Configuring Convergence End Points (CEP) Phone Detection Mode Switch command, Read‐Write. Usage This command applies only to Siemens, H.323, and SIP phone detection. Cisco detection uses CiscoDP as its discovery method. Once UDP and/or TCP phone detection has been specified using the set cep detection‐id protocol command as described in “set cep detection‐id protocol” on page 25‐46, the protocols will use this port range for detection matching. Example This example shows how to set port 65 as the minimum port to be used for convergence end points detection for CEP group 1: Matrix>set cep detection-id 1 portlow 65 set cep initialize Use this command to clear all existing CEP connections for one or more CEP‐enabled ports. Syntax set cep initialize [port-string] Parameters port‐string Defaults If no port‐string is specified, all existing CEP connections on all ports are cleared. Mode Switch command, Read‐Write.
Page 887: Clear Cep
This example shows how to clear detection id 4 parameters Matrix>clear cep detection-id 4 This example shows how to clears ports fe.1.1‐5 of Cisco phone detection parameters Matrix>clear cep port fe.1.1-5 cisco Configuring Convergence End Points (CEP) Phone Detection Restores factory defaults to all CEP configuration information. Restore factory defaults to CEP policy configuration. Optionally, specify a particular CEP configuration group to clear with detection‐id. Valid values are 1 ‐ 2147483647. Clear discovered Convergence Endpoints. Optionally, specify one or more port(s) on which to clear discovered CEPs. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. Resets the CEP enabled state to the default of disabled. Optionally, specify one or more port(s) to disable and specify all detection types or individual detection types to disable. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐2. Enterasys Matrix DFE-Gold Series Configuration Guide 25-49...
Page 888: Radius Filter-Id Attribute And Dynamic Policy Profile Assignment
RADIUS Filter-ID Attribute and Dynamic Policy Profile Assignment RADIUS Filter-ID Attribute and Dynamic Policy Profile Assignment If you configure an authentication method that requires communication with a RADIUS server, you can use the RADIUS Filter‐ID attribute to dynamically assign a policy profile and/or management level to authenticating users and/or devices. The RADIUS Filter‐ID attribute is simply a string that is formatted in the RADIUS Access‐Accept packet sent back from the RADIUS server to the switch during the authentication process. Each user can be configured in the RADIUS server database with a RADIUS Filter‐ID attribute that specifies the name of the policy profile and/or management level the user should be assigned upon successful authentication. During the authentication process, when the RADIUS server returns a RADIUS Access‐Accept message that includes a Filter‐ID matching a policy profile name configured on the switch, the switch then dynamically applies the policy profile to the physical port the user/device is authenticating on. Filter-ID Attribute Formats Enterasys Networks supports two Filter‐ID formats — “decorated” and “undecorated.” The decorated format has three forms: • To specify the policy profile to assign to the authenticating user (network access authentication): Enterasys:version=1:policy=string where string specifies the policy profile name. Policy profile names are case‐sensitive. • To specify a management level (management access authentication): Enterasys:version=1:mgmt=level where level indicates the management level, either ro, rw, or su.
Page 889: Show Authentication Login
{any | local | radius | tacacs} Parameters any local radius tacacs Specifies that the authentication protocol will be selected using the following precedence order: • TACACS+ • RADIUS • Local Specifies that the local network password settings will be used for authentication login. Specifies that RADIUS will be used for authentication login. Specifies that TACACS+ will be used for authentication login. Enterasys Matrix DFE-Gold Series Configuration Guide 25-51 Setting the Authentication Login Method Refer to page... 25-51 25-51 25-52...
Page 890: Clear Authentication Login
Setting the Authentication Login Method Defaults None. Mode Switch command, Read‐Write. Example This example shows how to set the authentication login method to use the local password settings: Matrix(rw)->set authentication login local clear authentication login Use this command to reset the authentication login method to the default setting of “any”. Syntax clear authentication login Parameters None. Defaults None. Mode Switch command, Read‐Write. Example This example shows how to reset the authentication login method: Matrix(rw)->clear authentication login 25-52 Authentication Configuration clear authentication login...
Page 891: Show Radius
[state | retries authtype || timeout | server [index | all]] Parameters state retries authtype server timeout index | all (Optional) Displays the RADIUS client’s enable status. (Optional) Displays the number of retry attempts before the RADIUS server times out. (Optional) Displays the RADIUS server’s authentication type. (Optional) Displays RADIUS server configuration information. (Optional) Displays the maximum amount of time (in seconds) to establish contact with the RADIUS server before retry attempts begin. (Optional) Displays configuration information for a specified server or all RADIUS servers. Enterasys Matrix DFE-Gold Series Configuration Guide 25-53 Configuring RADIUS Refer to page... 25-53 25-54 25-55 25-56 25-57 25-58...
Page 892: Set Radius
Configuring RADIUS Defaults If no parameters are specified, all RADIUS configuration information will be displayed. Mode Switch command, Read‐Only. Example This example shows how to display RADIUS configuration information: Matrix(rw)->show radius RADIUS state: RADIUS retries: RADIUS timeout: RADIUS Server -- --------------- --------- Table 25‐4 provides an explanation of the command output. Table 25-4 show radius Output Details Output... RADIUS state RADIUS retries RADIUS timeout RADIUS Server set radius Use this command to enable, disable, or configure RADIUS authentication.
Page 893: Clear Radius
Matrix(rw)->set radius retries 10 clear radius Use this command to clear RADIUS server settings. Syntax clear radius [state] [retries] [timeout] [server [index | all] [realm {index | all}] Specifies the maximum amount of time (in seconds) to establish contact with the RADIUS server before retry attempts begin. Valid values are from 1 to 30. Default is 20 seconds. Specifies the index number, IP address and the UDP authentication port for the RADIUS server. (Optional) Specifies an encryption key to be used for authentication between the RADIUS client and server. (Optional) Restricts the RADIUS server realm to management or network access authentication, or allows it to perform all authentications. Applies the server realm setting to a specific server or to all servers. Enterasys Matrix DFE-Gold Series Configuration Guide 25-55 Configuring RADIUS...
Page 894: Show Radius Accounting
Defaults • If index or all is not specified for clearing RADIUS server, all RADIUS server settings will be deleted. • If no other optional parameters are specified, all RADIUS settings will be cleared. Mode Switch command, Read‐Write. Examples This example shows how to clear all settings on all RADIUS servers: Matrix(rw)->clear radius server all This example shows how to reset the RADIUS timeout to the default value of 20 seconds: Matrix(rw)->clear radius timeout show radius accounting Use this command to display the RADIUS accounting configuration. This transmits accounting information between a network access server and a shared accounting server. Syntax show radius accounting [updateinterval] | [intervalminimum] | [state] | [server {index | all}]...
Page 895: Set Radius Accounting
Enabled 1800 secs 600 secs Server Acct Port Retries 1236 Enables or disables the RADIUS accounting client. Sets the minimum interval at which RADIUS accounting will send interim updates. Valid values are 60 ‐ 2147483647. Sets the number of seconds between each RADIUS accounting interim update (when accumulated accounting data is sent to the server for a session.) Valid values are 180 ‐ 2147483647. Sets the maximum number of attempts to contact a specified RADIUS accounting server before timing out. Valid retry values are 1 ‐ 2147483647. Sets the maximum amount of time (in seconds) to establish contact with a specified RADIUS accounting server before timing out. Valid timeout values are 1 ‐ 2147483647. Enterasys Matrix DFE-Gold Series Configuration Guide 25-57 Configuring RADIUS Timeout Status Primary...
Page 896: Clear Radius Accounting
Configuring RADIUS index | all server ip_address port server‐secret Defaults None. Mode Switch command, Read‐Write. Examples This example shows how to enable the RADIUS accounting client for authenticating with the accounting server 1 at IP address 10.2.4.12, UDP authentication port 1800. As previously noted, the “server secret” password entered here must match that already configured as the Read‐Write (rw) password on the RADIUS accounting server Matrix(rw)->set radius accounting server 1 10.2.4.12 1800: Server Secret:****** Retype Server Secret:****** Make This Entry Active (y/n)? y Warning: rfc2138 recommends secret minimum length of 16 This example shows how to set the RADIUS accounting timeout to 30 seconds on server 6:...
Page 897 Defaults None. Mode Switch command, Read‐Write. Example This example shows how to reset the RADIUS accounting timeout to 5 seconds on all servers: Matrix(rw)->clear radius accounting timeout all Enterasys Matrix DFE-Gold Series Configuration Guide 25-59 Configuring RADIUS...
Page 898: Configuring Rfc 3580
Configuring RFC 3580 Configuring RFC 3580 About RFC 3580 RFC 3580 provides suggestions on how 802.1x Authenticators should leverage RADIUS as the backend AAA infrastructure. RFC 3580 is divided into several major sections: RADIUS Accounting, RADIUS Authentication, RC4 EAPOL‐Key‐Frame Discussions, and Security Considerations. Upon detection, End‐Points (PCs, IP Phones, etc.) may be interrogated by the AAA clients for credentials, which may then be used to authenticate the user and determine the services which should be provided (authorization). During the exchange with the AAA server, the AAA client will present information describing the End‐Point and itself. The AAA server will then describe the level of service which should be provided. This may include authentication success, session duration, and class‐of‐service to be provided. Enterasys Networks Layer 2 switches utilize two specific attributes to implement the provisioning of service in response to a successful authentication: • A proprietary Filter‐ID, which describes a Policy Profile to be applied to the user. (See “RADIUS Filter‐ID Attribute and Dynamic Policy Profile Assignment” on page 25‐50.) • The VLAN‐Tunnel‐Attribute; which defines the base VLAN‐ID to be applied to the user (or possibly mapped to an Enterasys Policy Profile). Purpose To review and configure RFC 3580 support. Commands For information about... show vlanauthorization set vlanauthorization clear vlanauthorization show vlanauthorization Use this command to display the VLAN Authorization settings.
Page 899: Set Vlanauthorization
- Disable port VLAN Authorization. none ‐ No egress change will be made. tagged - Port added to egress. untagged - Port added to untagged egress. dynamic - Use information in authentication response. Enterasys Matrix DFE-Gold Series Configuration Guide 25-61 Configuring RFC 3580 VLAN ID 4094 none...
Page 900: Clear Vlanauthorization
This example shows how to enable VLAN Authorization: Matrix(su)->set vlanauthorization enable This example shows how to enable VLAN Authorization for port ge.1.1 for tagged packets: Matrix(su)->set vlanauthorization port ge.1.1 enable tagged clear vlanauthorization Use this command to clear the VLAN Authorization attributes to the defaults. Syntax clear vlanauthorization port-list all Parameters port‐list Defaults None. Mode Switch command, Read‐Write. Example This example shows how to clear VLAN Authorization: Matrix(su)->clear vlanauthorization This example shows how to clear VLAN Authorization for ports ge.1.1‐4: Matrix(su)->clear vlanauthorization ge.1.1-4 25-62 Authentication Configuration (Optional) Clear port(s) attributes for VLAN Authorization. Clear all VLAN Authorization to the defaults. clear vlanauthorization...
Page 901: Configuring Tacacs
Use this command to display the current TACACS+ configuration information and status. Syntax show tacacs [state] Parameters state Defaults If state is not specified, all TACACS+ configuration information will be displayed. (Optional) Displays only the TACACS+ client status. Enterasys Matrix DFE-Gold Series Configuration Guide 25-63 Configuring TACACS+ Refer to page... 25-63 25-65 25-65 25-66 25-67 25-67 25-68 25-69 25-70...
Page 902: Show Tacacs Output Details
Configuring TACACS+ Mode Switch command, Read‐Only. Example This example shows how to display all TACACS configuration information: Matrix(ro)->show tacacs TACACS+ state: TACACS+ session accounting state: TACACS+ command authorization state: TACACS+ command accounting state: TACACS+ single-connect state: TACACS+ service: TACACS+ session authorization A-V pairs: access level attribute read-only read-write super-user TACACS+ Server...
Page 903: Set Tacacs
Examples This example shows how to enable the TACACS+ client. Matrix(rw)->set tacacs enable show tacacs server Use this command to display the current TACACS+ server configuration. Syntax show tacacs server {index | all} Parameters index Defaults None. Mode Switch command, Read‐Only. Enables or disables the TACACS client. Display the configuration of the TACACS+ server identified by index The value of can range from 1 to 2,147,483,647. Display the configuration for all configured TACACS+ servers. Enterasys Matrix DFE-Gold Series Configuration Guide 25-65 Configuring TACACS+ index . ...
Page 904: Set Tacacs Server
Syntax set tacacs server {all | index} timeout seconds set tacacs server index address port secret Parameters index timeout seconds address port secret Defaults None. Mode Switch command, Read‐Write. Example This example configures TACACS+ server 1. The default timeout value of 10 seconds will be applied. Matrix(rw)->set tacacs server 1 192.168.10.10 49 mysecret 25-66 Authentication Configuration IP Address Port Timeout --------------- ----- ------- 192.168.10.10...
Page 905: Clear Tacacs Server
Matrix(rw)->clear tacacs server 1 show tacacs session Use this command to display the current TACACS+ client session settings. Syntax show tacacs session {authorization | accounting [state]} Parameters authorization accounting state Defaults If state is not specified, all session accounting configuration parameters are displayed (which at this time includes only the enabled/disabled status). Mode Switch command, Read‐Only. Examples This example shows how to display client session authorization information: Specifies that all configured TACACS+ servers should be affected. Specifies one TACACS+ server to be affected. (Optional) Return the timeout value to its default value of 10 seconds. Display client session authorization settings. Display client session accounting settings. (Optional) Display the client session accounting state. Enterasys Matrix DFE-Gold Series Configuration Guide 25-67 Configuring TACACS+...
Page 906: Set Tacacs Session
Configuring TACACS+ Matrix(ro)->show tacacs session authorization TACACS+ service: TACACS+ session authorization A-V pairs: access level attribute read-only read-write super-user This example shows how to display client session accounting state. Matrix(ro)->show tacacs session accounting state TACACS+ session accounting state: set tacacs session Use this command to enable or disable TACACS+ session accounting, or to configure TACACS+ session authorization parameters. For simplicity, separate syntax formats are shown for configuring session accounting and session authorization. Syntax set tacacs session accounting {enable | disable} set tacacs session authorization { attribute value | super-user...
Page 907: Clear Tacacs Session
Use this command to return the TACACS+ session authorization settings to their default values. Syntax clear tacacs session authorization { [service] [read-only] [read-write] [super- user] } Parameters authorization service read‐only read‐write super‐user Clears the TACACS+ session authorization parameters. Clears the TACACS+ session authorization service name to the default value of “exec.” Clears the TACACS+ session authorization read‐only attribute‐value pair to their default values of “priv‐lvl” and 0. Clears the TACACS+ session authorization read‐write attribute‐value pair to their default values of “priv‐lvl” and 1. Clears the TACACS+ session authorization super‐user attribute‐value pair to their default values of “priv‐lvl” and 15. Enterasys Matrix DFE-Gold Series Configuration Guide 25-69 Configuring TACACS+...
Page 908: Show Tacacs Command
Configuring TACACS+ Defaults At least one of the session authorization parameters must be specified. Mode Switch command, Read‐Write. Examples This example shows how to return only the service name to the default of “exec.” Matrix(rw)->clear tacacs session authorization service This example shows how to return all the session authorization parameters to their default values. Matrix(rw)->clear tacacs session authorization service read-only read-write super-user show tacacs command Use this command to display the status (enabled or disabled) of TACACS+ accounting or authorization on a per‐command basis. Syntax show tacacs command {accounting | authorization} [state] Parameters accounting authorization state Defaults If state is not specified, all accounting or authorization configuration parameters are displayed ...
Page 909: Set Tacacs Command
When per‐command accounting is enabled, the TACACS+ server will log accounting information, such as start and stop times, IP address of the client, and so forth, for each command executed during the session. When per‐command authorization is enabled, the TACACS+ server will check whether each command is permitted for that authorized session and return a success or fail. If the authorization fails, the command is not executed. Example This example shows how to enable TACACS+ authorization on a command basis. Matrix(rw)->set tacacs command authorization enable show tacacs singleconnect Use this command to display the current status of the TACACS+ client’s ability to send multiple requests over a single TCP connection. Syntax show tacacs singleconnect [state] Parameters state Specifies either TACACS+ accounting or authorization to be enabled or disabled. Enable or disable accounting or authorization on a per‐command basis. (Optional) Specifies that only the single connection state should be displayed. Enterasys Matrix DFE-Gold Series Configuration Guide 25-71 Configuring TACACS+...
Page 910: Set Tacacs Singleconnect
Configuring TACACS+ Defaults If state is not specified, all single connection configuration parameters are displayed (which at this time includes only the enabled/disabled state). Mode Switch command, Read‐Write. Example This example shows how to display the state of the TACACS+ client’s ability to send multiple requests over a single connection. Matrix(rw)->show tacacs singleconnect TACACS+ single-connect state: set tacacs singleconnect Use this command to enable or disable the ability of the TACACS+ client to send multiple requests over a single TCP connection. When enabled, the TACACS+ client will use a single TCP connection for all requests to a given TACACS+ server. Syntax set tacacs singleconnect {enable | disable} Parameters enable | disable Defaults None. Mode Switch command, Read‐Write. Examples This example shows how to disable sending multiple requests over a single connection. Matrix(rw)->set tacacs singleconnect disable...
Page 911: Chapter 26: Radius Snooping Configuration
This allows for the deployment of less feature rich edge devices to perform basic access control at the network edge, while still providing complex user and service based CoS provisioning, authorization, and usage auditing to the session. Many downstream devices authenticate the local session with a RADIUS server that resides upstream of the distribution‐tier device. RADIUS request and response frames from these devices transit the distribution‐tier device. The interception of this RADIUS traffic allows the distribution‐ tier device to build an authenticated session for the end‐station, as though it was directly connected. Sessions detected by RS function identically to local authenticated sessions from the perspective of the Enterasys MultiAuth framework. The unencrypted traffic of the downstream devices passes through the device running RS, allowing such MultiAuth and SecureNetwork features as session‐timeout, idle‐timeout, filter‐ID attributes and VLAN‐tunnel attributes to be applied to the traffic. The client sends a RADIUS Access‐Request frame to the RADIUS server to initiate the authentication process. This request frame contains the Calling‐Station‐ID attribute. The Calling‐ Station‐ID, containing the MAC address, is captured by the RS. The session is defined by the attributes returned by the RADIUS server in the Access‐Accept frame. The idle‐timeout and session‐timeout dictate the end of the session, just as if the session was directly connected to the distributed‐tier device running RS. The RS flow table contains flows for each valid session for this system. The client IP address and authenticating RADIUS server IP address are manually entered into the RADIUS flow table on the RS enabled switch. When an investigated RADIUS frame transits the RS enabled port with a match in the flow table, a session is created. The session becomes active when it sees a response for the session match from the RADIUS server. A configurable timer determines the amount of time the firmware will wait before terminating a session because no response was seen from the RADIUS server. Default and network administrator configurable RADIUS packet drop settings exist based upon resource issues and validation failure. Packet drop for validation failures can be configured on a port‐by‐port basis. To configure RS on a switch: RADIUS Snooping Configuration Enterasys Matrix DFE-Gold Series Configuration Guide 26-1 http://www.enterasys.com/...
Page 912: Set Radius-Snooping
Understanding RADIUS Snooper • Globally enable RS on the switch • Enable RS on those ports you wish enabled for snooping • Optionally change the period RS will wait for a RADIUS response frame from the server • Manually populate the RADIUS flow table with RS clients and RADIUS servers Command options also are available to: • Terminate all sessions on the system for the specified port or for the specified MAC address • Reset all RS configuration to the default values • Clear all RS counters • Clear flows from all or the specified flow table • Display RS statistics Purpose To enable, configure and display information for RADIUS Snooping used by the network manager to manage downstream connections, when the full complement of Enterasys’ SecureNetworks capabilities is not deployed at the network edge. Commands For information about... set radius-snooping set radius-snooping timeout set radius-snooping port set radius-snooping flow...
Page 913: Set Radius-Snooping Timeout
Matrix(rw)->set radius-snooping enable set radius-snooping timeout Use this command to set the number of seconds that the firmware waits for a RADIUS response frame to be returned from the RADIUS server, after successfully snooping a RADIUS request frame from the client. Syntax set radius-snooping timeout seconds Parameters seconds Defaults None. Mode Read‐Write. Usage If no response is seen before the timeout expires, the session is terminated. Radius‐Snooper timeout values are rounded to the nearest factor of 10. For example, a configured value of 22 would be an actual value of 20. Globally enables RS on this device. Globally disables RS on this device. 26‐4. Specifies the number of seconds that the firmware waits from the time it successfully snoops a RADIUS request frame, for a RADIUS response frame to be returned from the RADIUS server. Default: 20 Enterasys Matrix DFE-Gold Series Configuration Guide 26-3 Understanding RADIUS Snooper...
Page 914: Set Radius-Snooping Port
Understanding RADIUS Snooper Example This example shows how to set the RS timeout to 30 seconds: Matrix(rw)->set radius-snooping timeout 30 set radius-snooping port Use this command to enable RS on all or the specified port(s). Syntax set radius-snooping port [enable | disable] [timeout seconds] [drop {enable | disable}] [authallocated number] [port-string] Parameters enable | disable timeout seconds drop {enable | disable} authallocated number port‐string Defaults If no timeout value is specified, the global timeout value specified in the set radius‐snooping timeout command is used. If no parameters are specified, RADIUS snooping is enabled on all ports. Mode Read‐write.
Page 915: Set Radius-Snooping Flow
Defaults If no secret is specified, no secret is used for this flow entry. Mode Read‐write. Usage RADIUS flows defined in the RS flow table are snooped if RS is enabled for both the system and this port. Flow entries are added to the flow table based upon the entry index value. The first matching entry in the table is the entry used for the continuation of the authentication process. If a secret is configured on the authentication server and not configured here, no validation will occur. Example This example creates an index 1 entry in the RADIUS flow table for client 192.10.5.10 and server 192.10.20.1 for the standard UPD port 1812 with a secret mysecret: Matrix(rw)->set radius-snooping flow 1 192.10.5.10 192.10.20.1 standard mysecret Specifies a numeric index ID for this flow table entry. Specifies the client IP address for this RS flow table entry. Specifies the server IP address for this RS flow table entry. Specifies the RADIUS UDP port to use for this RS flow table entry. Specifies RADIUS UDP standard port 1812. Specifies the RADIUS secret for this RS flow table entry. Enterasys Matrix DFE-Gold Series Configuration Guide 26-5 Understanding RADIUS Snooper...
Page 916: Set Radius-Snooping Initialize
Understanding RADIUS Snooper set radius-snooping initialize Use this command to terminate all RS sessions on the system for the specified port or MAC address. Syntax set radius-snooping initialize {port port-string | mac-address} Parameters port port‐string mac‐address Defaults None. Mode Read‐write. Example This example terminates all RS sessions associated with port ge.1.1 by initializing the port: Matrix(rw)->set radius-snooping initialize port ge.1.1 clear radius-snooping all Use this command to reset all RS configuration to the default values for this system. Syntax clear radius-snooping all Parameters None. Defaults None.
Page 917: Clear Radius-Snooping Flow
None. Mode Read‐write. Usage Use the index value to clear flows for a particular port. Examples This example clears all flow table entries: Matrix(rw)->clear radius-snooping flow all This example clears the flow table entry for index 5: Matrix(rw)->clear radius-snooping flow 5 show radius-snooping Use this command to display a general overview of the global RS status. Syntax show radius-snooping Parameters None. Defaults None. Mode Read‐Only. Specifies that all flow table entries are to be cleared. Specifies a specific flow table index entry to be cleared. Enterasys Matrix DFE-Gold Series Configuration Guide 26-7 Understanding RADIUS Snooper...
Page 918: Show Radius-Snooping Port
Understanding RADIUS Snooper Example This example shows how to display RADIUS configuration information: Matrix(rw)->show radius-snooping RADIUS Snooping: Enabled Number of configured flows: Active sessions: 12 Enabled ports: fe.1.1-fe.1.8; fe.1.22 Table 26-1 Radius-Snooping Settings Output... RADIUS Snooping Number of configured flows Active sessions Enabled ports show radius-snooping port Use this command to display both a general overview of the global RS status as well as the per port RS status for the port(s) specified.
Page 919: Show Radius-Snooping Flow
Specifies the number of allocated sessions as set in the command snooping port on page 26-4. Specifies a specific flow table index entry to be displayed. Specifies that all flow table entries are to be displayed. Server IP UDP Port 192.10.10.10 1812 : 17 : 85 : 242 Enterasys Matrix DFE-Gold Series Configuration Guide 26-9 Understanding RADIUS Snooper set radius- Validation Enabled...
Page 920: Show Radius-Snooping Session
Understanding RADIUS Snooper Total RADIUS Access Accepts Total RADIUS Access Rejects Invalid RADIUS Request packets : 0 Invalid RADIUS Response packets: 0 Total Dropped Packets Table 26-3 Radius-Snooping Flow Settings Output... FlowID Client IP Server IP UDP Port Validation Number of current sessions Number pending Total Sessions Total RADIUS Access Requests...
Page 921: Radius-Snooping Session Port Settings
Specifies the length of time that this session has been active. Specifies the IP address of the client associated with this session. Specifies the IP address of the RADIUS server for this session. Enterasys Matrix DFE-Gold Series Configuration Guide 26-11 Understanding RADIUS Snooper...
Page 922 Understanding RADIUS Snooper show radius-snooping session 26-12 RADIUS Snooping Configuration...
Page 923: Chapter 27: Multiauth Configuration
Multiple authentication mode must be globally enabled on the device using the set multiauth mode command as described in MultiAuth Configuration 27‐6. “set multiauth mode” on page 27-2. Enterasys Matrix DFE-Gold Series Configuration Guide 27-1 http://...
Page 924: Set Multiauth Mode
Configuring Multiple Authentication Commands For information about... set multiauth mode clear multiauth mode show multiauth show multiauth counters set multiauth precedence clear multiauth precedence show multiauth port set multiauth port clear multiauth port show multiauth station clear multiauth station show multiauth session show multiauth idle-timeout set multiauth idle-timeout clear multiauth idle-timeout...
Page 925: Clear Multiauth Mode
Use this command to clear the system authentication mode. Syntax clear multiauth mode Parameters None. Defaults None. Mode Switch command, Read‐Write. Example This example shows how to clear the system authentication mode: Matrix(rw)->clear multiauth mode show multiauth Use this command to display system‐configured multiauth values. Syntax show multiauth Parameters None. Defaults None. Mode Switch command, Read‐Only. Configuring Multiple Authentication Enterasys Matrix DFE-Gold Series Configuration Guide 27-3...
Page 926: Show Multiauth Counters
Syntax show multiauth counters [[cep | dot1x | mac | pwa][chassis | port portstring]] [[chassis [cep | dot1x | mac | pwa]] [port portstring] Parameters portstring Defaults Displays multiauth counter information for all parameters. Mode Switch command, Read‐Only. Example This example shows how to display multiple authentication session‐timeout values, for an active session: Matrix(su)->show multiauth counters Location Authentication Type dot1x...
Page 927: Set Multiauth Precedence
Defaults From high to low precedence: dot1x, pwa, mac, cep. Mode Switch command, Read‐Write. Usage When a user is successfully authenticated by more than one method at the same time, the precedence of the authentication methods will determine which RADIUS‐returned filter ID will be processed and result in an applied traffic policy profile. Example This example shows how to set precedence for MAC authentication: Matrix(rw)->set multiauth precedence mac clear multiauth precedence Use this command to clear the system’s multiple authentication administrative precedence. Syntax clear multiauth precedence Parameters None. Defaults None. Sets precedence for 802.1X authentication. Sets precedence for MAC authentication. Sets precedence for port web authentication. Sets precedence for CEP authentication Enterasys Matrix DFE-Gold Series Configuration Guide 27-5 Configuring Multiple Authentication...
Page 928: Show Multiauth Port
Configuring Multiple Authentication Mode Switch command, Read‐Write. Example This example shows how to clear the multiple authentication precedence: Matrix(rw)->clear multiauth precedence show multiauth port Use this command to display multiple authentication properties for one or more ports. Syntax show multiauth port [port-string] Parameters port‐string Defaults If port‐string is not specified, multiple authentication information will be displayed for all ports. Mode Switch command, Read‐Only. Example This example shows how to display multiple authentication information for ports fe.1.1‐4: Matrix(rw)->show multiauth port fe.1.1-4 Port Mode ------------ ------------- ---------- ---------- ---------- fe.1.1 auth-opt fe.1.2...
Page 929: Clear Multiauth Port
Defaults None. Mode Switch command, Read‐Write. Examples This example shows how to clear the port multiple authentication mode on all 1‐Gigabit Ethernet ports: Matrix(rw)->clear multiauth port mode ge.*.* Specifies the port(s)’ multiple authentication mode as: • auth‐opt — Authentication optional • auth‐reqd — Authentication required • force‐auth — Authentication considered • force‐unauth — Authentication disabled Specifies the number of users allowed authentication on port(s). Specifies the port(s) on which to set multiple authentication properties. Clears the port(s)’ multiple authentication mode. Clears the value set for the number of users allowed authentication on port(s). Specifies the port(s) on which to clear multiple authentication properties. Enterasys Matrix DFE-Gold Series Configuration Guide 27-7 Configuring Multiple Authentication...
Page 930: Show Multiauth Station
Use this command to display multiple authentication station (end user) entries. Syntax show multiauth station [mac address] [port port-string] Parameters mac address port port‐string Defaults If no options are specified, multiple authentication station entries will be displayed for all MAC addresses and ports. Mode Switch command, Read‐Only. Example This example shows how to display multiple authentication station entries. In this case, two end user MAC addresses are shown: Matrix(rw)->show multiauth station Port Address type Address ------------ ------------ ------------------------ fe.1.20 mac fe.2.16 mac clear multiauth station Use this command to clear one or more multiple authentication station entries.
Page 931: Show Multiauth Session
Session applied : radius VLAN-Tunnel-Attr Policy name Session duration : 300 Idle time Enterasys Matrix DFE-Gold Series Configuration Guide 27-9 Configuring Multiple Authentication : 00-01-f4-2b-4f-8b : MON MAY 08 14:34:42 2006 : true : None : No policy applied : 0,00:01:01...
Page 932: Show Multiauth Idle-Timeout
Configuring Multiple Authentication Termination time: Not Terminated show multiauth idle-timeout Use this command to display the multiple authentication timeout value for an idle session. Syntax show multiauth idle-timeout Parameters None. Defaults None. Mode Switch command, Read‐Only. Usage This will display the idle‐timeout values, in seconds, for the following authentication types: dot1x, pwa, mac, and cep. Example This example shows how to display timeout values for an idle session, for each of the authentication types: Matrix(rw)->show multiauth idle-timeout Authentication type ------------------- ------------- dot1x set multiauth idle-timeout Use this command to set the multiauth idle‐timeout value per authentication method or for all methods.
Page 933: Clear Multiauth Idle-Timeout
Syntax clear multiauth idle-timeout [cep | dot1x | mac | pwa] Parameters dot1x (Optional) Specifies the authentication type Enterasys Mac Authentication. (Optional) Specifies the authentication type Enterasys Port Web Authentication. Specifies the timeout value in seconds. The value can range from 0 to 65535. A value of 0 means that no idle timeout will be applied unless an idle timeout value is provided by the authenticating server. The default timeout value is 300 seconds. (Optional) Specifies the authentication type Enterasys Convergence End Point Authentication. (Optional) Specifies the authentication type IEEE 802.1X Port‐Based Network Access Control. (Optional) Specifies the authentication type Enterasys Mac Authentication. (Optional) Specifies the authentication type Enterasys Port Web Authentication. Enterasys Matrix DFE-Gold Series Configuration Guide 27-11 Configuring Multiple Authentication...
Page 934: Show Multiauth Session-Timeout
Configuring Multiple Authentication Defaults If no authentication type is specified, the idle timeout value is returned to 300 seconds for all authentication types. Mode Switch command, Read‐Write. Examples This example shows how to clear the idle‐timeout session values for cep and mac authentication types, back to default value of 300 seconds: Matrix(rw)->clear multiauth idle-timeout cep Matrix(rw)->clear multiauth idle-timeout mac This example shows how to clear the idle‐timeout session values for all authentication types, back to the default value of 300 seconds: Matrix(rw)->set multiauth idle-timeout show multiauth session-timeout Use this command to display session‐timeout values, in seconds, for all authentication methods. Syntax show multiauth session-timeout Parameters None Defaults None. Mode Switch command, Read‐Only. Example This example shows how to display multiple authentication session‐timeout values, for an active ...
Page 935: Set Multiauth Session-Timeout
Examples This example shows how to set the session‐timeout value for an active session, for cep and mac authentication to 500 seconds: Matrix(rw)->set multiauth session-timeout cep 500 Matrix(rw)->set multiauth session-timeout mac 500 This example shows how to set the session‐timeout value for an active session, for all the authentication types to 600 seconds: Matrix(rw)->set multiauth session-timeout 600 (Optional) Specifies the authentication type Enterasys Convergence End Point Authentication. (Optional) Specifies the authentication type IEEE 802.1X Port‐Based Network Access Control. (Optional) Specifies the authentication type Enterasys Mac Authentication. (Optional) Specifies the authentication type Enterasys Port Web Authentication. Specifies the timeout value in seconds. The value can range from 0 to 65535. A value of 0 means that no session timeout will be applied unless a session timeout value is provided by the authenticating server. Enterasys Matrix DFE-Gold Series Configuration Guide 27-13 Configuring Multiple Authentication...
Page 936: Clear Multiauth Session-Timeout
Use this command to clear session‐timeout values, for one or all authentication methods, back to the default values. Syntax clear multiauth session-timeout [cep | dot1x | mac | pwa] Parameters dot1x Defaults If no authentication type is specified, the session timeout value is returned to 300 seconds for all authentication types. Mode Switch command, Read‐Write. Examples This example shows how to clear the session‐timeout values, for an active session, for cep and mac authentication types, to the default value of 0 seconds: Matrix(rw)->clear multiauth idle-timeout cep Matrix(rw)->clear multiauth idle-timeout mac This example shows how to clear the session‐timeout values, for an active session, for all authentication types, to the default value of 0 seconds: Matrix(rw)->set multiauth idle-timeout set multiauth trap Use this command to set the multiauth trap setting for system, module and port.
Page 937: Clear Multiauth Trap
Enables sending max number users reached traps for the specified port. Clears the configuration of multiauth port trap settings for the port specified in portstring. Enables sending all traps for the specified port. Enables sending success traps for the specified port. Enables sending failed traps for the specified port. Enterasys Matrix DFE-Gold Series Configuration Guide 27-15 Configuring Multiple Authentication...
Page 938: Show Multiauth Trap
Configuring Multiple Authentication terminated max‐reached Defaults None. Mode Switch command, Read‐Write. Examples This example shows how to disable the multiauth system trap setting: Matrix(rw)->clear multiauth trap system This example shows how to disable all multiauth port trap settings: Matrix(rw)->clear multiauth trap port ge.1.1 all show multiauth trap Use this command to display multiple authentication trap settings for the specified context. Syntax show multiauth trap {system | module | port portstring {all | success | failed |...
Page 939 Configuring Multiple Authentication Matrix(rw)-> This example shows how to display multiple authentication trap system settings: Matrix(rw)->show multiauth trap system System : Disabled Matrix(rw)-> Enterasys Matrix DFE-Gold Series Configuration Guide 27-17...
Page 940 Configuring Multiple Authentication show multiauth trap 27-18 MultiAuth Configuration...
Page 941: Index
802.1Q 802.1w 802.1x 25-54, 25-65 Access Groups 24-20 Access Lists 24-16 24-17 Addresses IP, adding to switch routing table 12-8 MAC, adding entries to routing table 16-6 MAC, setting for IP routing 16-17 setting the router ID address 21-24 Advertised Ability...
Page 942 2-50 Neighbors OSPF 21-47 21-4 NetFlow configuring 15-1 versions supported 15-2 Network Management addresses and routes 12-1 monitoring switch events and status 11-1 Network Statistics displaying for switch 11-3 RMON 11-15 Networks OSPF 21-23 21-3 Node Alias 14-1, 15-1...
Page 943 Stub Areas 21-33 Syslog 10-1 System Information displaying basic 2-34 setting basic 2-30 Technical Support Telnet disconnecting 11-7 enabling in switch mode 2-77 Terminal Settings 2-51 TFTP downloading firmware upgrades 2-72 Timeout 16-17 CLI, system 2-53 RADIUS 25-54, 25-65 Timers...
Page 944 Index-4...

Enterasys Matrix DFE-Gold Series Configuration Manual

Chapter 1: Introduction

Chapter 2: Startup and General Configuration

Chapter 3: Discovery Protocols Configuration

Quick Links

Related Manuals for Enterasys Enterasys Matrix DFE-Gold Series

Summary of Contents for Enterasys Enterasys Matrix DFE-Gold Series