Page 1 Enterasys ® Stackable Switches Configuration Guide Firmware Version 6.61.xx.xxxx P/N 9034313-12...
Page 3 Enterasys Networks reserves the right to make changes in specifications and other information contained in this document and its web site without prior notice. The reader should in all cases consult Enterasys Networks to determine whether any such changes have been made.
Page 4 CAREFULLY READ THIS LICENSE AGREEMENT. This document is an agreement (“Agreement”) between the end user (“You”) and Enterasys Networks, Inc., on behalf of itself and its Affiliates (as hereinafter defined) (“Enterasys”) that sets forth Your rights and obligations with respect to the Enterasys software program/firmware (including any accompanying documentation, hardware or media) (“Program”) in the package...
Page 5 Agreement. 12. WAIVER. A waiver by Enterasys of a breach of any of the terms and conditions of this Agreement must be in writing and will not be construed as a waiver of any subsequent breach of such term or condition. Enterasys’ failure to enforce a term upon...
Page 6 14. TERMINATION. Enterasys may terminate this Agreement immediately upon Your breach of any of the terms and conditions of this Agreement. Upon any such termination, You shall immediately cease all use of the Program and shall return...
Page 7: Table Of Contents
Navigating the Command Line Interface ....................1-8 Chapter 2: Configuring Switches in a Stack About Enterasys C3 Switch Operation in a Stack ..................2-1 Installing a New Stackable System of Up to Eight Units ................2-2 Installing Previously-Configured Systems in a Stack ..................2-3 Adding a New Unit to an Existing Stack ......................
Page 8 show ip protocol..........................3-5 set ip protocol ............................. 3-6 show ip route ............................3-6 show system............................3-7 show system hardware........................3-8 show system utilization........................3-9 set system utilization ........................3-10 clear system utilization ........................3-11 show system enhancedbuffermode ....................3-11 set system enhancedbuffermode .....................
Page 9 dir..............................3-37 show file............................3-38 show config............................3-39 configure ............................3-40 copy ..............................3-41 delete..............................3-42 show tftp settings..........................3-42 set tftp timeout ..........................3-43 clear tftp timeout ..........................3-43 set tftp retry............................3-44 clear tftp retry............................ 3-44 Clearing and Closing the CLI ........................3-45 Purpose ..............................
Page 10 Defaults ..............................5-4 Commands ..............................5-5 show system login ..........................5-5 set system login ..........................5-6 clear system login ..........................5-8 set password ............................5-9 set system password-resetbutton ..................... 5-10 show system password ........................5-10 set system password ........................5-13 clear system password ........................
Page 11 set cdp interval ..........................10-4 set cdp hold-time ..........................10-5 clear cdp ............................10-5 show neighbors ..........................10-6 Configuring Cisco Discovery Protocol ......................10-7 Purpose ..............................10-7 Commands ............................. 10-7 show ciscodp ............................ 10-7 show ciscodp port info ........................10-8 set ciscodp status ..........................
Page 12 Disabling / Enabling and Naming Ports ......................11-7 Purpose ..............................11-7 Commands ............................. 11-7 set port disable ..........................11-7 set port enable..........................11-8 show port alias..........................11-8 set port alias ............................. 11-9 Setting Speed and Duplex Mode ........................ 11-10 Purpose ..............................11-10 Commands ............................
Page 13 Link Aggregation Control Protocol (LACP) ....................11-44 LACP Operation ........................... 11-44 Flexible Link Aggregation Groups ......................11-45 LACP Terminology ..........................11-45 Enterasys C3 Usage Considerations ....................11-46 Commands ............................11-47 show lacp............................11-47 set lacp ............................11-49 set lacp asyspri..........................11-49 set lacp aadminkey.........................
Page 14 Configuring SNMP Users, Groups, and Communities .................. 12-7 Purpose ..............................12-7 Commands ............................. 12-7 show snmp user ..........................12-7 set snmp user ........................... 12-8 clear snmp user ..........................12-10 show snmp group ........................... 12-10 set snmp group ..........................12-11 clear snmp group ..........................12-12 show snmp community ........................
Page 15 set snmp interface .......................... 12-38 clear snmp interface ........................12-39 Configuring the SNMP Engine ID ....................... 12-39 Purpose ..............................12-39 Commands ............................12-39 show snmp engineid........................12-40 set snmp engineid .......................... 12-40 clear snmp engineid ........................12-41 Chapter 13: Spanning Tree Configuration Spanning Tree Configuration Summary .......................
Page 16 clear spantree spanguard ....................... 13-27 show spantree spanguardtimeout ....................13-27 set spantree spanguardtimeout ...................... 13-28 clear spantree spanguardtimeout ....................13-28 show spantree spanguardlock ......................13-29 clear / set spantree spanguardlock....................13-29 show spantree spanguardtrapenable ..................... 13-30 set spantree spanguardtrapenable ....................13-30 clear spantree spanguardtrapenable ....................
Page 17 show spantree nonforwardingreason ..................... 13-57 Chapter 14: 802.1Q VLAN Configuration VLAN Configuration Summary ........................14-1 Port String Syntax Used in the CLI ......................14-1 Creating a Secure Management VLAN ....................14-2 Viewing VLANs ............................. 14-3 Purpose ..............................14-3 Command ............................... 14-3 show vlan............................
Page 18 clear vlan association ........................14-27 show vlan association........................14-28 Chapter 15: Policy Classification Configuration Policy Classification Configuration Summary ....................15-1 Configuring Policy Profiles ..........................15-2 Purpose ..............................15-2 Commands ............................. 15-2 show policy profile ..........................15-2 set policy profile ..........................15-3 clear policy profile ..........................
Page 19 show port priority ..........................16-2 set port priority..........................16-3 clear port priority..........................16-3 Configuring Priority to Transmit Queue Mapping ..................16-4 Purpose ..............................16-4 Commands ............................. 16-4 show port priority-queue ........................16-4 set port priority-queue........................16-5 clear port priority-queue........................16-6 Configuring Quality of Service (QoS) ......................
Page 20 show history............................18-2 set history ............................18-3 ping..............................18-3 show users ............................18-4 disconnect ............................18-4 show netstat ............................. 18-5 Managing Switch Network Addresses and Routes ..................18-7 Purpose ..............................18-7 Commands ............................. 18-7 show arp ............................18-7 set arp............................... 18-8 clear arp............................
Page 21 Chapter 20: Configuring SNTP About SNTP Authentication .......................... 20-1 General SNTP Commands ........................... 20-2 show sntp ............................20-2 set sntp client............................ 20-4 clear sntp client..........................20-5 set sntp server ..........................20-5 clear sntp server ..........................20-6 set sntp poll-interval.......................... 20-6 clear sntp poll-interval........................
Page 22 Commands ............................21-16 show rmon channel ........................21-16 set rmon channel ..........................21-17 clear rmon channel ......................... 21-18 show rmon filter ..........................21-18 set rmon filter ..........................21-19 clear rmon filter ..........................21-20 Packet Capture Commands ........................21-21 Purpose ..............................21-21 Commands ............................
Page 23 set dhcp pool lease......................... 22-22 clear dhcp pool lease........................22-22 set dhcp pool default-router ......................22-23 clear dhcp pool default-router......................22-23 set dhcp pool dns-server ........................ 22-24 clear dhcp pool dns-server ......................22-24 set dhcp pool domain-name ......................22-25 clear dhcp pool domain-name ......................22-25 set dhcp pool netbios-name-server ....................
Page 24 clear arpinspection statistics......................23-29 Chapter 24: Preparing for Router Mode Pre-Routing Configuration Tasks ......................... 24-1 Example ..............................24-2 Enabling Router Configuration Modes ......................24-2 Chapter 25: IP Configuration Configuring Routing Interface Settings ......................25-1 Purpose ..............................25-1 Commands ............................. 25-1 show interface ..........................
Page 25 RIP Configuration Task List and Commands ..................26-1 Router Configuration Commands ......................26-2 router rip ............................26-2 distance ............................26-3 no auto-summary..........................26-4 split-horizon poison........................... 26-4 passive-interface ..........................26-5 receive-interface ..........................26-6 redistribute............................26-6 Interface Configuration Commands ....................... 26-7 ip rip enable ............................26-7 ip rip send version ..........................
Page 26 show ip ospf database........................27-19 show ip ospf interface ........................27-21 show ip ospf neighbor........................27-22 show ip ospf virtual-links......................... 27-23 clear ip ospf process........................27-24 Configuring DVMRP ........................... 27-25 Purpose ..............................27-25 Enabling DVMRP on an Interface ......................27-25 Commands ............................
Page 27 ping ipv6 ............................28-9 traceroute ipv6..........................28-10 Chapter 29: IPv6 Configuration Overview ............................... 29-1 Default Conditions ..........................29-2 General Configuration Commands ....................... 29-3 ipv6 forwarding ..........................29-3 ipv6 hop-limit ............................ 29-3 ipv6 route............................29-4 ipv6 route distance ........................... 29-5 ipv6 unicast-routing .......................... 29-6 ping ipv6 ............................
Page 28 Interface Configuration Commands ......................30-10 Purpose ..............................30-10 Commands ............................30-10 ipv6 dhcp server ..........................30-10 ipv6 dhcp relay ..........................30-11 DHCPv6 Show Commands ........................30-13 Purpose ..............................30-13 Commands ............................30-13 show ipv6 dhcp ..........................30-13 show ipv6 dhcp interface ........................ 30-14 show ipv6 dhcp statistics ........................
Page 29 ipv6 ospf dead-interval ........................31-24 ipv6 ospf hello-interval........................31-25 ipv6 ospf mtu-ignore ........................31-25 ipv6 ospf network..........................31-26 ipv6 ospf priority ..........................31-27 ipv6 ospf retransmit-interval ......................31-27 ipv6 ospf transmit-delay........................31-28 OSPFv3 Show Commands ......................... 31-30 Purpose ..............................31-30 Commands ............................
Page 30 show eapol ............................. 32-25 set eapol ............................32-27 clear eapol ............................32-27 Configuring MAC Authentication ........................ 32-29 Purpose ..............................32-29 Commands ............................32-29 show macauthentication ......................... 32-29 show macauthentication session ....................32-31 set macauthentication........................32-32 set macauthentication password ....................32-32 clear macauthentication password ....................
Page 31 clear policy maptable........................32-60 Configuring MAC Locking ........................... 32-61 Purpose ..............................32-61 Commands ............................32-61 show maclock ..........................32-62 show maclock stations........................32-64 set maclock enable......................... 32-65 set maclock disable ........................32-65 set maclock............................. 32-66 clear maclock..........................32-67 set maclock static ........................... 32-67 clear maclock static ........................
Page 32 Implementation Defaults ........................33-2 Commands ..............................33-2 show ipsec............................33-2 set ipsec authentication ........................33-3 set ipsec encryption .......................... 33-3 set ipsec ike dh-group ........................33-4 set ipsec ike lifetime ......................... 33-5 set ipsec ike phase1 ......................... 33-5 set ipsec ike version ......................... 33-6 Chapter 34: Configuring Access Control Lists About Access Control Lists ...........................
Page 33 ........................37-15 clear sflow interface ........................37-16 show sflow agent ..........................37-17 Figures Enterasys C3 Startup Screen ......................1-6 Sample CLI Defaults Description......................1-8 Performing a Keyword Lookup ......................1-8 Performing a Partial Keyword Lookup ....................1-9 Scrolling Screen Output........................
Page 34 11-4 show linkflap parameters Output Details ..................11-26 11-5 show linkflap metrics Output Details....................11-27 11-6 LACP Terms and Definitions ......................11-45 11-7 show lacp Output Details........................ 11-48 12-1 SNMP Security Levels........................12-3 12-2 show snmp counters Output Details ....................12-5 12-3 show snmp user Output Details......................
Page 35 29-5 show ipv6 traffic Output Details ..................... 29-30 30-1 Output of show ipv6 dhcp interface Command................30-15 30-2 Output of show ipv6 dhcp statistics Command................30-16 31-1 show ipv6 ospf Output Details ......................31-31 31-2 show ipv6 ospf area Output Details....................31-32 31-3 show ipv6 ospf abr Output Details ....................
Page 36 xxxiv...
Page 37: About This Guide
Welcome to the Enterasys C3 CLI Reference. This manual explains how to access the device’s Command Line Interface (CLI) and how to use it to configure Enterasys C3 switch devices. Important Notice Depending on the firmware version used in your C3 device, some features described in this document may not be supported.
Page 38 Structure of This Guide Chapter Setting User Accounts and Passwords, describes user account and password management functionality. Chapter Management Authentication Notification MIB Commands, provides detailed information for the management authentication notification MIB set of commands. Management authentication notification MIB functionality includes enabling/disabling the sending of SNMP notifications when a user login authentication event occurs for various authentication notification types.
Page 39: Related Documents
Chapter 37 sFlow Configuration provides information about the commands used to configure and monitor the sFlow system. Related Documents The following Enterasys Networks documents may help you to set up, control, and manage the device: Enterasys C3 Configuration Guide xxxvii...
Page 40: Conventions Used In This Guide
Conventions Used in This Guide • Enterasys Firmware Feature Guides • Enterasys C3 Installation Guide • Redundant Power Supply Quick References Documents listed above can be obtained from the World Wide Web in Adobe Acrobat Portable Document Format (PDF) at the following web site: https://extranet.enterasys.com/downloads/...
Page 41: Getting Help
Getting Help Getting Help For additional support related to this switch or document, contact Enterasys Networks using one of the following methods: World Wide Web http://www.enterasys.com/support Phone 1-800-872-8440 (toll-free in U.S. and Canada) or 1-978-684-1000 For the Enterasys Networks Support toll-free number in your country: http://www.enterasys.com/support/contact/...
Page 42 Getting Help xl About This Guide...
Page 43: Chapter 1: Introduction
Factory Default Settings Using the Command Line Interface Enterasys C3 CLI Overview The Enterasys Networks Enterasys C3 CLI interface allows you to perform a variety of network management tasks, including the following: • Use CLI commands to perform network management and switch configuration operations.
Page 44: Factory Default Settings
• Remotely using WebView™, Enterasys Networks’ embedded web server application. The Installation Guide for your Enterasys C3 device provides setup instructions for connecting a terminal or modem to the switch. Factory Default Settings The following tables list factory default settings available on the Enterasys C3 switch.
Page 45 Classification rules are automatically enabled when created. RADIUS client Disabled. RADIUS retries When the client is enabled, set to 3. RADIUS timeout When the client is enabled, set to 20 seconds. SNMP Enabled. SNTP Disabled. Enterasys C3 Configuration Guide 1-3...
Page 46: Default Settings For Router Operation
Factory Default Settings Table 1-1 Default Settings for Basic Switch Operation (Continued) Feature Default Setting Spanning Tree Globally enabled and enabled on all ports. Spanning Tree edge port Edge port administrative status begins with the value set to false initially after administrative status the device is powered up.
Page 47 Set to 1 second. Retransmit interval (OSPF) Set to 5 seconds. RIP receive version Set to accept both version 1 and version 2. RIP send version Set to version 1. RIP offset No value applied. SNMP Enabled. Enterasys C3 Configuration Guide 1-5...
Page 48: Using The Command Line Interface
C3(su)-> Connecting Using Telnet Once the Enterasys C3 device has a valid IP address, you can establish a Telnet session from any TCP/IP based node on the network. For information about setting the switch’s IP address, refer to “set ip address”...
Page 49: Logging In
Management” on page 5-1. Using a Default User Account If this is the first time you are logging in to the Enterasys C3 switch, or if the default user accounts have not been administratively changed, proceed as follows: At the login prompt, enter one of the following default user names: –...
Page 50: Navigating The Command Line Interface
Read-Only commands. Administrators or Super Users will be allowed all Read-Write and Read-Only privileges, and will be able to modify local user accounts. The Enterasys C3 switch indicates which mode a user is logged in as by displaying one of the following prompts: •...
Page 51: Performing A Partial Keyword Lookup
Learned --More-- Abbreviating and Completing Commands The Enterasys C3 switch allows you to abbreviate CLI commands and keywords down to the number of characters that will allow for a unique abbreviation. Figure 1-6 shows how to abbreviate the show netstat command to sh net.
Page 52: Abbreviating A Command
Using the Command Line Interface Figure 1-6 Abbreviating a Command C3(su)->sh net Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address State ----- ------ ------ --------------------- --------------------- ------- 10.21.73.13.23 134.141.190.94.51246 ESTABLISHED 10.21.73.13.23 134.141.192.119.4724 ESTABLISHED *.80 LISTEN *.23 LISTEN 10.21.73.13.1030 134.141.89.113.514...
Page 53: About Enterasys C3 Switch Operation In A Stack
Stacking Configuration and Management Commands About Enterasys C3 Switch Operation in a Stack The Enterasys C3 products are stackable switches that can be adapted and scaled to help meet your network needs. These switches provide a management platform and uplink to a network backbone for a stacked group of up to eight Enterasys C3 switches.
Page 54: Installing A New Stackable System Of Up To Eight Units
Use the following procedure for installing a new stack of up to eight units out of the box. Before applying power, make all physical connections with the stack cables as described in your Enterasys C3 Installation Guide. Once all of the stack cables have been connected, individually power on each unit from top to bottom.
Page 55: Installing Previously-Configured Systems In A Stack
Apply power to the new unit. Creating a Virtual Switch Configuration You can create a configuration for a Enterasys C3 switch before adding the actual physical device to a stack. This preconfiguration feature includes configuring protocols on the ports of the “virtual switch.”...
Page 56: Considerations About Using Clear Config In A Stack
Considerations About Using Clear Config in a Stack To create a virtual switch configuration in a stack environment: Display the types of switches supported in the stack, using the show switch switchtype command (page 2-7). Using the output of the show switch switchtype command, determine the switch index (SID) of the model of switch being configured.
Page 57: Stacking Configuration And Management Commands
It is recommended that a SecureStack C3 switch be made the manager of a mixed stack. Use the switch movemanagement command (page 2-10) to change the manager unit. Stacking Configuration and Management Commands Purpose To review, individually configure and manage switches in a Enterasys C3 stack. Commands For information about... Refer to page... show switch...
Page 58 Unassigned Switch Type C3G124-24 Preconfigured Model Identifier C3G124-24 Plugged-in Model Identifier C3G124-24 Switch Status Switch Description Enterasys Networks, Inc. C3 -- Model C3G124-24 Detected Code Version 06.61.xx.xxxx Detected Code in Flash 03.01.20 Detected Code in Back Image 02.01.37 Up Time...
Page 59: Show Switch Switchtype
Configured Switch: Model Identifier C3G124-24 Description Enterasys Networks, Inc. C3 -- Model C3G124-24 show switch switchtype Use this command to display information about supported switch types in the stack. Syntax show switch switchtype [switchindex] Parameters switchindex (Optional) Specifies the switch index (SID) of the switch type to display.
Page 60: Show Switch Stack-Ports
show switch stack-ports Supported Cards: Slot Card Index (CID) Model Identifier C2G124-24 show switch stack-ports Use this command to display various data flow and error counters on stack ports. Syntax show switch stack-ports [unit] Parameters unit (Optional) Specifies the switch unit ID, an integer ranging from 1 to 8. Defaults None.
Page 61: Set Switch Copy-Fw
Switch command, read-write. Example This example shows how to replicate the management image file to all switches in the stack: C3(su)->set switch copy-fw Are you sure you want to copy firmware? (y/n) y Code transfer completed successfully. Enterasys C3 Configuration Guide 2-9...
Page 62: Set Switch Description
set switch description set switch description Use this command to assign a name to a switch in the stack. Syntax set switch description unit description Parameters unit Specifies a unit number for the switch. description Specifies a text description for the unit. Defaults None.
Page 63: Set Switch Member
C3(su)->set switch member 1 1 clear switch member Use this command to remove a member entry from the stack. Syntax clear switch member unit Parameters unit Specifies the unit number of the switch. Defaults None. Mode Switch command, read-write. Enterasys C3 Configuration Guide 2-11...
Page 64: Set Switch Stack-Ports Length
set switch stack-ports length Example This example shows how to remove the switch 5 entry from the stack: C3(su)->clear switch member 5 set switch stack-ports length Use this command to configure a stacking port to use a 5 meter stacking cable. Syntax set switch stack-ports length unit {down | up} {5m | standard} Parameters...
Page 65: Clear Switch Stack-Ports Length
If no switch is specified, all switches in the stack are displayed. Mode Switch command, read-only. Example This example shows the stack port cable length configuration for all switches in the stack. C3(su)->show switch stack-ports length Stacking Switch Port Length Enterasys C3 Configuration Guide 2-13...
Page 66 show switch stack-ports length ------ ---------- -------- standard Down Down standard 2-14 Configuring Switches in a Stack...
Page 67: Chapter 3: Basic Configuration
Basic Configuration At startup, the Enterasys C3 switch is configured with many defaults and standard features. This chapter describes how to customize basic system settings to adapt to your work environment. For information about... Refer to page... Quick Start Setup Commands...
Page 68: Setting Basic Switch Properties
Setting Basic Switch Properties Table 3-2 Optional CLI Setup Commands Refer to Task CLI commands page... Save the active configuration. 3-37 save config Enable or disable SSH. 32-89 set ssh enable | disable Enable or disable Telnet. 3-33 set telnet {enable | disable} [inbound | outbound | all] Enable or disable HTTP 3-51...
Page 69: Show Ip Address
3-25 show console 3-25 set console baud 3-26 set console vt100 3-26 show ip address Use this command to display the system IP address and subnet mask. Syntax show ip address Parameters None. Defaults None. Enterasys C3 Configuration Guide 3-3...
Page 70: Set Ip Address
[mask ip-mask] [gateway ip-gateway] Parameters ip-address Sets the IP address for the system. For Enterasys C3 systems, this is the IP address of the management switch as described in “About Enterasys C3 Switch Operation in a Stack”...
Page 71: Clear Ip Address
Parameters None. Defaults None. Mode Switch command, read-only. Example This example shows how to display the method used to acquire a network IP address: C3(su)->show ip protocol System IP address acquisition method: dhcp Enterasys C3 Configuration Guide 3-5...
Page 72: Set Ip Protocol
set ip protocol set ip protocol Use this command to specify the protocol used to acquire a network IP address for switch management. Syntax set ip protocol {bootp | dhcp | none} Parameters bootp Selects BOOTP as the protocol to use to acquire the system IP address. dhcp Selects DHCP as the protocol to use to acquire the system IP address.
Page 73: Show System
-------- PS1-Status PS2-Status ---------- ---------- Not Installed and/or Not Operating Fan1-Status Fan2-Status ----------- ----------- Temp-Alarm ----------- Thermal Threshold: 58% Temp alarm max threshold: 100% Temp alarm trap: disabled Temp alarm syslog: disabled Uptime d,h:m:s Logout Enterasys C3 Configuration Guide 3-7...
Page 74: Show System Hardware
show system hardware -------------- ------- 0,20:36:49 0 min The following table provides an explanation of the command output. Table 3-3 show system Output Details Output What It Displays... System contact Contact person for the system. Default of a blank string can be changed with the set system contact command (“set system contact”...
Page 75: Show System Utilization
Switch command, read-only. Examples This example shows how to display the system’s CPU utilization: C3(ro)->show system utilization cpu CPU Utilization Threshold Traps enable: Threshold = 80.0% Total CPU Utilization: Switch 5 sec 1 min 5 min ----------------------------------------------- Enterasys C3 Configuration Guide 3-9...
Page 76: Set System Utilization
set system utilization This example shows how to display the system’s overall memory usage: C3(ro)->show system utilization storage Storage Utilization: Type Description Size(Kb) Available (Kb) --------------------------------------------------------------- RAM device 262144 97173 Flash Images, Config, Other 31095 8094 This example shows how to display information about the processes running on the system. Only partial output is shown.
Page 77: Clear System Utilization
Use this command to display the status of enhanced buffer mode, which optimizes buffer distribution into a single CoS queue operation for standalone switches or non-stacked switches. Syntax show system enhancedbuffermode Parameters None. Enterasys C3 Configuration Guide 3-11...
Page 78: Set System Enhancedbuffermode
set system enhancedbuffermode Defaults None. Mode Switch command, read-write. Example This example shows how to display enhanced buffer mode status: C3(su)->show system enhancedbuffermode enable Optimized system buffer distribution Disable set system enhancedbuffermode Use this command to enable or disable enhanced buffer mode, which optimizes buffer distribution into a single CoS queue operation for standalone switches or non-stacked switches.
Page 79: Clear System Temperature
C3(su)->set system temperature trap enable overtemp-threshold 60 clear system temperature Use this command to reset system high temperature parameters to their default values, on the platforms that support this feature. Syntax clear system temperature Parameters None. Enterasys C3 Configuration Guide 3-13...
Page 80: Show Time
show time Defaults None. Mode Switch command, read-write. Usage This command resets all the high temperature parameters to their default values: • Syslog alerts are disabled by default. • Trap alerts are disabled by default. • Overtemp threshold is 100% by default. Example This example resets all high temperature parameters to their defaults.
Page 81: Show Summertime
Start : SUN MAR 14 02:00:00 : SUN NOV 7 02:00:00 Offset: 60 minutes (1 hours 0 minutes) Recurring: yes, starting at 2:00 of the second Sunday of March and ending at 2:00 of the first Sunday of November Enterasys C3 Configuration Guide 3-15...
Page 82: Set Summertime
set summertime set summertime Use this command to enable or disable the daylight savings time function. Syntax set summertime {enable | disable} [zone] Parameters enable | disable Enables or disables the daylight savings time function. zone (Optional) Applies a name to the daylight savings time settings. Defaults If a zone name is not specified, none will be applied.
Page 83: Set Summertime Recurring
This example shows how set daylight savings time to recur starting on the first Sunday of April at 2 a.m. and ending the last Sunday of October at 2 a.m. with an offset time of one hour: C3(su)->set summertime recurring first Sunday April 02:00 last Sunday October 02:00 60 Enterasys C3 Configuration Guide 3-17...
Page 84: Clear Summertime
clear summertime clear summertime Use this command to clear the daylight savings time configuration. Syntax clear summertime Parameters None. Defaults None. Mode Switch command, read-write. Example This example shows how to clear the daylight savings time configuration: C3(su)->clear summertime set prompt Use this command to modify the command prompt.
Page 85: Show Banner
Specifies a message of the day. This is a text string that needs to be in double quotes if any spaces are used. Use a \n for a new line and \t for a tab (eight spaces). The message can be up to 2048 characters in length. Enterasys C3 Configuration Guide 3-19...
Page 86: Clear Banner
For example, if the login banner is configured as "By proceeding with this login you are verifying that you are an Enterasys employee and authorized to use this system.", the following will display prior to entering the login password: By proceeding with this login you are verifying that you are an Enterasys employee and authorized to use this system.
Page 87: Show Version
----------------- ------------------- C3G124-48P 001188021035 Hw:BCM5665 REV 17 Bp:01.00.29 Fw:6.61.xx.xxxx BuFw:03.01.13 PoE:500_3 Table 3-4 provides an explanation of the command output. Table 3-4 show version Output Details Output Field What It Displays... Model Switch’s model number. Enterasys C3 Configuration Guide 3-21...
Page 88: Set System Name
set system name Table 3-4 show version Output Details (Continued) Output Field What It Displays... Serial # Serial number of the switch. Versions • Hw: Hardware version number. • Bp: BootPROM version. • Fw: Current firmware version number. • BuFw: Backup firmware version number. •...
Page 89: Set System Contact
Use this command to set the number of columns for the terminal connected to the switch’s console port. Syntax set width screenwidth [default] Parameters screenwidth Sets the number of terminal columns. Valid values are 50 to 150. default (Optional) Makes this setting persistent for all future sessions (written to NV-RAM). Enterasys C3 Configuration Guide 3-23...
Page 90: Set Length
set length Defaults None. Mode Switch command, read-write. Usage The number of rows of CLI output displayed is set using the set length command as described in “set length” on page 3-24. Example This example shows how to set the terminal columns to 50: C3(su)->set width 50 set length Use this command to set the number of lines the CLI will display.
Page 91: Set Logout
Use this command to display console settings. Syntax show console [baud] [bits] [flowcontrol] [parity] [stopbits] [vt100] Parameters baud (Optional) Displays the input/output baud rate. bits (Optional) Displays the number of bits per character. Enterasys C3 Configuration Guide 3-25...
Page 92: Set Console Baud
set console baud flowcontrol (Optional) Displays the type of flow control. parity (Optional) Displays the type of parity. stopbits (Optional) Displays the number of stop bits. vt100 (Optional) Displays the state of VT100 mode. Defaults If no parameters are specified, all settings will be displayed. Mode Switch command, read-only.
Page 93: Downloading A Firmware Image
C3(su)->set console vt100 enable Downloading a Firmware Image You can upgrade the operational firmware in the Enterasys C3 switch without physically opening the switch or being in the same location. There are two ways to download firmware to the switch: •...
Page 94: Downloading From A Tftp Or Sftp Server
Downloading a Firmware Image Downloading from a TFTP or SFTP Server To perform a TFTP or SFTP download, proceed as follows: If you have not already done so, set the switch’s IP address using the set ip address command as detailed in “set ip address”...
Page 95 Ready to RECEIVE File xcode.bin in binary mode Send several Control-X characters to cCKCKCKCKCKCKCK XMODEM transfer complete, checking CRC..Verified operational code CRC. The following Enterasys Header is in the image: MD5 Checksum....fe967970996c4c8c43a10cd1cd7be99a Boot File Identifier....0x0517 Header Version....0x0100 Image Type......0x82 Image Offset....0x004d...
Page 96: Reverting To A Previous Image
Downloading a Firmware Image 12. In your teminal emulation program, set the terminal baud rate to 9600. – HyperTerminal: File > Properties > Configure > Bits per Second > Apply > OK > OK – TeraTerm: Setup > Serial port > Baud rate > OK 13.
Page 97: Reviewing And Selecting A Boot Firmware Image
Current system image to boot: bootfile set boot system Use this command to set the firmware image the switch loads at startup. Syntax set boot system filename Parameters filename Specifies the name of the firmware image file. Enterasys C3 Configuration Guide 3-31...
Page 98: Starting And Configuring Telnet
Starting and Configuring Telnet Purpose To enable or disable Telnet, and to start a Telnet session to a remote host. The Enterasys C3 switch allows a total of four inbound and / or outbound Telnet session to run simultaneously. 3-32 Basic Configuration...
Page 99: Commands
(Optional) Specifies inbound service (the ability to Telnet to this switch), outbound | all outbound service (the ability to Telnet to other devices), or all (both inbound and outbound). Defaults If not specified, both inbound and outbound Telnet service will be enabled. Enterasys C3 Configuration Guide 3-33...
Page 100: Telnet
All telnet sessions have been terminated, telnet is now disabled. telnet Use this command to start a Telnet connection to a remote host. The Enterasys C3 switch allows a total of four inbound and / or outbound Telnet session to run simultaneously.
Page 101: Purpose
3-43 clear tftp timeout 3-43 set tftp retry 3-44 clear tftp retry 3-44 show snmp persistmode Use this command to display the configuration persistence mode setting. Syntax show snmp persistmode Parameters None. Enterasys C3 Configuration Guide 3-35...
Page 102: Set Snmp Persistmode
set snmp persistmode Defaults None. Mode Switch command, read-only. Usage By default, the mode is set to “auto save,” which automatically saves configuration changes at specific intervals. If the mode is set to “manual,” configuration commands are never automatically saved. In order to make configuration changes persistent when the mode is manual, the save config command must be issued as described in “Configuration Persistence Mode”...
Page 103: Save Config
The secure.log file stored in the “secure/logs” directory cannot be deleted, edited, or renamed. Super-users can copy the secure.log file using SCP, SFTP. or TFTP. Refer to “About Security Audit Logging” on page 19-1 for more information about the secure.log file. Enterasys C3 Configuration Guide 3-37...
Page 104: Show File
show file Example This example shows how to list all the configuration and image files in the system. The display indicates which image file is the Active file and which image file is the Boot file that will be used the next time the system reboots.
Page 105: Show Config
For example, enter “port” to show only port configuration. outfile (Optional) Specifies that the current configuration will be written to a text file in the configs/ directory. configs/filename Specifies a filename in the configs/ directory to display. Enterasys C3 Configuration Guide 3-39...
Page 106: Configure
configure Defaults By default, show config will display all non-default configuration information for all facilities. Mode Switch command, read-only. Usage The separate facilities that can be displayed by this command are identified in the display of the current configuration by a # preceding the facility name. For example, “#port” indicates the facility name “port.”...
Page 107: Copy
Note: Only TFTP can be used to download an image file. Defaults None. Mode Switch command, read-write. Usage SCP can only be used to transfer configuration files or the logs/current.log file. You cannot use SCP to download images (system:image). Enterasys C3 Configuration Guide 3-41...
Page 108: Delete
delete Examples This example shows how to download an image via TFTP: C3(su)->copy tftp://10.1.192.34/version01000 system:image This example shows how to download a configuration file to the configs directory: C3(su)->copy tftp://10.1.192.1/Jan1_2004.cfg configs/Jan1_2004.cfg This example shows how to upload a configuration file from the configs directory using SFTP. C3(su)->copy configs/Jan1_2009.cfg sftp://user:passwd@10.1.192.1/Jan1_2009.cfg delete...
Page 109: Set Tftp Timeout
This example sets the timeout period to 4 seconds. C3(rw)->set tftp timeout 4 clear tftp timeout Use this command to reset the TFTP timeout value to the default value of 2 seconds. Syntax clear tftp timeout Parameters None. Enterasys C3 Configuration Guide 3-43...
Page 110: Set Tftp Retry
set tftp retry Defaults None. Mode Switch command, read-write. Example This example shows how to clear the timeout value to the default of 2 seconds. C3(rw)-> clear tftp timeout set tftp retry Use this command to configure how many times TFTP will resend a packet, either an acknowledgement packet or a data packet.
Page 111: Clearing And Closing The Cli
(clear screen) Use this command to clear the screen for the current CLI session. Syntax Parameters None Defaults None. Mode Switch command, read-only. Example This example shows how to clear the CLI screen: C3(su)->cls Enterasys C3 Configuration Guide 3-45...
Page 112: Exit
exit exit Use this command to leave a CLI session. Syntax exit Parameters None. Defaults None. Mode Switch command, read-only. Usage By default, switch timeout occurs after 15 minutes of user inactivity, automatically closing your CLI session. Use the set logout command (page 3-25) to change this default.
Page 113: Reset
Switch command, read-write. Usage A C3 switch can also be reset with the RESET button located on its front panel. For information on how to do this, refer to the Enterasys C3 Installation Guide shipped with your switch. See the command “reset at”...
Page 114: Reset In
reset in Syntax reset at hh:mm [mm/dd] [reason] Parameters hh:mm Schedules the hour and minute of the reset using the 24-hour system. mm/dd (Optional) Schedules the month and day of the reset. reason (Optional) Specifies a text string that indicates the reason for the reset. Defaults If month and day are not specified, the reset will be scheduled for the first occurrence of the specified time.
Page 115: Show Reset
(Optional) Clears user-defined configuration parameters (and stack unit numbers and priorities, if applicable). Defaults If all is not specified, stacking configuration parameters will not be cleared. Mode Switch command, read-write, if security profile = normal. Enterasys C3 Configuration Guide 3-49...
Page 116: Using And Configuring Webview
By default, WebView (The Enterasys Networks embedded web server for switch configuration and management tasks) is enabled on TCP port number 80 on the Enterasys C3 switch. You can verify WebView status, and enable or disable WebView using the commands described in this section.
Page 117: Show Webview
3-52 for information about enabling and disabling SSL on the switch. It is good practice for security reasons to disable HTTP access on the switch when finished configuring with WebView, and then to only enable WebView on the switch when changes need to be made. Enterasys C3 Configuration Guide 3-51...
Page 118: Show Ssl
show ssl Example This example shows how to disable WebView on the switch:ssl C3(rw)->set webview disable show ssl Use this command to display SSL status. Syntax show ssl Parameters None. Defaults None. Mode Switch command, read-only. Example This example shows how to display SSL status: C3(rw)->show ssl SSL status: Enabled set ssl...
Page 119: Gathering Technical Support Information
This command gathers the output from many “show” commands, including: • show version • show logging buffer • show port status • show system utilization process • show system utilization storage Enterasys C3 Configuration Guide 3-53...
Page 120: Configuring Hostprotect
Configuring Hostprotect Purpose This feature enables rate limiting of host bound traffic on Enterasys C3 switches, to assist in the prevention of Denial of Service issues. When enabled, the hostprotect functionality applies a 64 kbps meter to control plane traffic, such as BPDUs or LACP packets, destined for the host processor.
Page 121: Set System Hostprotect
C3(rw)->set system hostprotect enable host protect disabled: system resources exceeded, check “show config port” priority-queue config clear system hostprotect Use this command to return the hostprotect status to the default of disabled. Syntax clear system hostprotect Enterasys C3 Configuration Guide 3-55...
Page 122 clear system hostprotect Parameters None. Defaults The default state is disabled. Mode Switch command, read-write. Usage Changing the hostprotect status requires a reset of the switch or stack of switches. Example This example returns the hostprotect status to the default of disabled. C3(rw)->clear system hostprotect Changes in the host protect mode will require resetting this stack.
Page 123: Chapter 4: Activating Licensed Features
License Key Field Descriptions When Enterasys supplies a license, it will be sent to you as a character string similar to the following: INCREMENT advrouter 2006.0127 27-jan-2011 0123456789AB 0123456789AB The contents of the six fields, from the left, indicate: •...
Page 124: Adding A New Member To A Licensed Stack
Adding a New Member to a Licensed Stack When a Enterasys C3 switch without a license is added to a stack that has licensing enabled, the ports on the new switch will not pass traffic until a license has been applied to the new switch. To add a new member to a licensed stack: Obtain a license for the new switch from the Enterasys Customer Portal.
Page 125: Set License
Syntax set license type feature DBV expiration key hostid Parameters type Specifies the type of license. For the Enterasys C3, the value in this field is always INCREMENT. feature The name of the feature being licensed. A date-related string generated as part of the license.
Page 126: Show License
show license show license Use this command to display license key information for switches with activated licenses. Syntax show license [unit number] Parameters unit number (Optional) Specifies the switch for which to display license information. Refer to Chapter Configuring Switches in a Stack, for more information about stack unit IDs, or numbers.
Page 127 Example This example shows how to clear the licensed feature : advrouter C3(rw)->clear license featureId advrouter Enterasys C3 Configuration Guide 4-5...
Page 128 clear license 4-6 Activating Licensed Features...
Page 129: Chapter 5: Setting User Accounts And Passwords
Setting User Accounts and Passwords This chapter describes user account and password management functionality on the Enterasys C3 switches. For information about... Refer to page... User Account and Password Management Commands User Account and Password Management User account and password management features allow enhanced control of password usage and provide additional reporting of usage.
Page 130 User Account and Password Management • The switch is capable of ensuring that the password does not contain, repeat, or reverse the associated Username. • The switch is capable of specifying whether multiple accounts can share the same password. (See “set system password allow-duplicates” on page 5-13.) •...
Page 131 When local authentication without RADIUS authentication is enabled, a login delay of at least 4 seconds is supported when a user fails to authenticate using SSH, Telnet, or CLI. • Enterasys edge switches support the following account lockout features (see “set system lockout” on page 5-18): –...
Page 132: Defaults
User Account and Password Management – A user account cannot be deleted while it is the emergency access account. – Only one EA user is supported at a time and one shall always exist. – EA status can only be removed by replacing it with another account. –...
Page 133: Commands
***access always allowed*** read-only enabled ***access always allowed*** read-write enabled ***access always allowed*** guest read-only enabled 00:00 24:00 mon tue wed thu fri Table 5-1 provides an explanation of the command output. Enterasys C3 Configuration Guide 5-5...
Page 134: Set System Login
Use this command to create a new user login account, or to disable or enable an existing account. The Enterasys C3 switch supports up to 16 user accounts, including the admin account. Syntax set system login username {super-user | read-write | read-only} {enable | disable}...
Page 135 “set system password-resetbutton” on page 5-10 for more information.) Examples This example shows how to enable a new user account with the login name “netops” with super user access privileges: C3(su)->set system login netops super-user enable Enterasys C3 Configuration Guide 5-7...
Page 136: Clear System Login
clear system login This example enables a new user account named “guest” with read-only privileges and allows access only on Mondays through Fridays. C3(su)->set system login guest read-only enable allowed-days Mon Tue Wed Thu Fri clear system login Use this command to remove a local login user account. Syntax clear system login username [allowed-interval] [allowed-days] [local-only] [aging] [simultaneous-logins]...
Page 137: Set Password
(Only available to users with super-user access.) Specifies a system default or a user-configured login account name. By default, the Enterasys C3 switch provides the following account names: ro for Read-Only access. rw for Read-Write access. admin for Super User access. (This access level allows Read-Write access to all modifiable parameters, including user accounts.)
Page 138: Set System Password-Resetbutton
set system password-resetbutton set system password-resetbutton Use this command to enable or disable the password reset button functionality. Syntax set system password-resetbutton {enable | disable} Parameters enable Enable the password reset button functionality. This is the default condition. disable Disable the password reset button functionality. Defaults By default, the password reset button functionality is enabled.
Page 139: Show System Password Output Details
The range for each type of character is 0 to 40, with a default of 0. Uppercase: 0 Configured with the set system password min-required-chars Lowercase: 0 command. Numeric: 0 Special: 0 Enterasys C3 Configuration Guide 5-11...
Page 140 show system password Table 5-2 show system password Output Details (Continued) Output... What it displays... Password warning period Period of time prior to password expiration when user will be notified. The range is from 1 to 30 days with a default of 20 days. Configured with the set system password warning-period command.
Page 141: Set System Password
Valid values are 0 to 39. • yes - specifies that the same character may appear consecutively. Default values are: • If the security profile = C2, default is 2. • If the security profile = normal, default is yes. Enterasys C3 Configuration Guide 5-13...
Page 142 set system password change-first-login (Optional) Specifies whether new users are required to change their yes|no password upon first login: • yes — specifies that new users must change the password for this account upon first login. • no — specifies that new users are not required to change the password for this account upon first login.
Page 143: Clear System Password
Use this command to reset the system password parameters to default values. Syntax clear system password [aging] [allow-duplicates] [allow-repeating-chars] [change- first-login] [change-frequency] [grace-limit] [grace-period] [history] [length] [min-required-chars {[uppercase] [lowercase] [numeric] [special]}] [require-at- creation] [substring-match-len] [warning-period] Enterasys C3 Configuration Guide 5-15...
Page 144 clear system password Parameters aging (Optional) Resets aging to the default of disable. allow-duplicates (Optional) Resets allow-duplicates to the default value of yes. allow-repeating- (Optional) Resets allow-repeating-chars to the default value of yes. chars change-first-login (Optional) Resets changing uer passwords upon first login to the default value of no.
Page 145: Show System Lockout
Ports currently locked out due to failed Ports currently locked out due to failed logins will show network logins and/or console if engaged. Account assigned emergency-access The user account allowed emergency access through the console from the console port. Enterasys C3 Configuration Guide 5-17...
Page 146: Set System Lockout
set system lockout set system lockout Use this command to set the number of failed login attempts allowed before disabling a read-write or read-only user account or locking out a super-user account, the number of minutes to lock out a super-user account after maximum login attempts or inactivity, and the number of inactive days before a read-write or read-only account is disabled or a super-user account is locked out.
Page 147 5-10 for more information about password reset button functionality. Example This example shows how to set failed login attempts to 5 and lockout time for super-users accounts to 30 minutes: C3(su)->set system lockout attempts 5 time 30 Enterasys C3 Configuration Guide 5-19...
Page 148 set system lockout 5-20 Setting User Accounts and Passwords...
Page 149: Chapter 6: Management Authentication Notification Mib Commands
Use this command to display the current settings for the Management Authentication Notification MIB. Syntax show mgmt-auth-notify Parameters None. Defaults None. Mode Switch command, read-only. Example This example shows how to display the current settings for Management Authentication Notifications: Enterasys C3 Configuration Guide 6-1...
Page 150: Set Mgmt-Auth-Notify
Enabled maxUserFail Enabled set mgmt-auth-notify Use this command to enable or disable notifications for the authentication notification types specified in the Enterasys Management Authentication Notification MIB. Syntax set mgmt-auth-notify {enable | disable} [console] [ssh] [telnet] [webview] [inactiveUser] [maxUserAttempt] [maxUserFail] Parameters enable Enables selected or all notification types.
Page 151: Clear Mgmt-Auth-Notify
Disabled inactiveUser Disabled maxUserAttempt Disabled maxUserFail Disabled clear mgmt-auth-notify Use this command to set the current setting for the Management Authentication Notification access types to the default setting of enabled. Syntax clear mgmt-auth-notify Parameters None. Enterasys C3 Configuration Guide 6-3...
Page 152 clear mgmt-auth-notify Defaults None. Mode Switch command, read-write. Usage Ensure that SNMP is correctly configured on the module in order to send these notifications. Example This example displays the state of Management Authentication Notification access types prior to using the clear command, then displays the same information after using the clear command: C3(su)->show mgmt-auth-notify Management Type Status...
Page 153: Chapter 7: Setting The Security Mode
FIPS mode. Only the FIPS cryptographic module will be used for AES-128 even if this same algorithm is provided by other functions. The switch ensures that passwords are safeguarded during transit and while in storage using FIPS 140-2 commercial encryption provided by the FIPS module." Enterasys C3 Configuration Guide 7-1...
Page 154: Additional Security Feature Information
Additional Security Feature Information Additional Security Feature Information For information about... See ... Security features related to user account and password Chapter Setting User Accounts and configuration Passwords A list of account and password defaults by security mode Table 5-1 on page 5-4 Security mode effects on SNMP configuration The Defaults and Usage sections of...
Page 155: Clear Security Profile
C3(su)->clear security profile Warning: Changing security profile requires system reset. Do you want to continue (y/n) [n]? show security profile Use this command to display the current security profile setting. Syntax show security profile Parameters None. Enterasys C3 Configuration Guide 7-3...
Page 156 show security profile Defaults None. Mode Switch command, read-only. Example This example shows how to display the current security profile setting. C3(su)->show security profile Security Profile Normal 7-4 Setting the Security Mode...
Page 157: Show Inlinepower
SNMP trap messages will be sent when power status changes, and per- port PoE settings. For more extensive configuration information, refer to the “Configuring Power over Ethernet Management” feature guide on the Enterasys Networks web site: https://extranet.enterasys.com/ downloads/ Commands For information about...
Page 158: Set Inlinepower Threshold
set inlinepower threshold Mode Switch command, read-only. Example This example shows how to display system power properties: C3(su)->show inlinepower Detection Mode : auto Unit Status Power(W) Consumption(W) Usage(%) Threshold(%) Trap ---- ------ ------- ------------- -------- ------------ ---- auto 0.00 0.00 enable Table 8-1 provides an explanation of the command output.
Page 159: Set Inlinepower Trap
C3(su)->set inlinepower trap enable 1 set inlinepower detectionmode Use this command to specify the method the switch will use to detect PDs (powered devices) connected to its ports. Syntax set inlinepower detectionmode {auto | ieee) Enterasys C3 Configuration Guide 8-3...
Page 160: Show Port Inlinepower
show port inlinepower Parameters auto Specifies that the switch will use the standard IEEE 802.3 PoE detection method first. If that fails, then the switch will use the legacy (pre-IEEE 802.3 PoE standard) capacitance method of detection. ieee Specifies that the switch will only use the standard IEEE 802.3 PoE detection method.
Page 161: Set Port Inlinepower
(Optional) Specifies a string describing the type of device connected to a port. The string can be a maximum of 20 characters. Defaults At least one of the optional parameters must be entered. Enterasys C3 Configuration Guide 8-5...
Page 162 set port inlinepower Mode Switch command, read-write. Example This example shows how to enable PoE on port 3.1 with critical priority: C3(su)->set port inlinepower ge.3.1 admin auto priority critical 8-6 Configuring System Power and PoE...
Page 163: Transmit Queue Monitoring Overview
In addition, any change in a port’s link state clears that port’s failure count and restores the port to normal operation. Commands For information about... Refer to page... set txqmonitor set txqmonitor downtime set txqmonitor minrate set txqmonitor threshold Enterasys C3 Configuration Guide 9-1...
Page 164: Set Txqmonitor
Transmit Queue Monitoring Configuration set txqmonitor For information about... Refer to page... clear txqmonitor show txqmonitor show txqmonitor flowcontrol show txqmonitor port set txqmonitor Use this command to enable or disable transmit queue monitoring on the switch. Transmit queue monitoring is enabled by default. Syntax set txqmonitor {enable | disable} Parameters...
Page 165: Set Txqmonitor Minrate
C3(su)-> set txqmonitor minrate 6 set txqmonitor threshold Use this command to set the transmit queue monitoring threshold levels for triggering actions applied to a stalled port. Syntax set txqmonitor threshold { [logging | ignorepause | disableinterface] value } Enterasys C3 Configuration Guide 9-3...
Page 166: Clear Txqmonitor
Transmit Queue Monitoring Configuration clear txqmonitor Parameters logging Specifies the logging trigger level. ignorepause Specifies the discard received pause frames trigger level. disableinterface Specifies the port disable trigger level. value The number of successive failed sample intervals that will trigger an action.
Page 167: Show Txqmonitor
If no parameter is specified, all transmit queue monitoring information is displayed. Mode Switch mode, read-only. Examples This example displays the global state of transmit queue monitoring. C3(su)-> show txqmonitor globalstate txqmonitor enabled This example displays the currently configured trigger values. C3(su)->show txqmonitor threshold Enterasys C3 Configuration Guide 9-5...
Page 168: Show Txqmonitor Flowcontrol
Transmit Queue Monitoring Configuration show txqmonitor flowcontrol logging ignorepause disableinterface show txqmonitor flowcontrol Use this command to display the flow control information for one or more ports. Syntax show txqmonitor flowcontrol [port-string] Parameters port-string (Optional) Specifies the port or ports for which to display flow control information.
Page 169 10 consecutive monitoring samples showing a stalled transmit queue. C3(su)->show txqmonitor port ge.1.1-3 port status consecutive total samples stalled samples stalled -------- -------- ----------------- ------------------ ge.1.1 normal ge.1.2 ignorepause ge.1.3 down Enterasys C3 Configuration Guide 9-7...
Page 170 Transmit Queue Monitoring Configuration show txqmonitor port...
Page 171: Configuring Cdp
Configuring Link Layer Discovery Protocol and LLDP-MED 10-13 Configuring CDP Purpose To review and configure the Enterasys CDP discovery protocol. This protocol is used to discover network topology. When enabled, this protocol allows Enterasys devices to send periodic PDUs about themselves to neighboring devices. Commands The commands used to review and configure the CDP discovery protocol are listed below.
Page 172: Show Cdp
show cdp show cdp Use this command to display the status of the CDP discovery protocol and message interval on one or more ports. Syntax show cdp [port-string] Parameters port-string (Optional) Displays CDP status for a specific port. For a detailed description of possible port-string values, refer to ”...
Page 173: Set Cdp State
This example shows how to globally enable CDP: C3(su)->set cdp state enable This example shows how to enable the CDP for port ge.1.2: C3(su)->set cdp state enable This example shows how to disable the CDP for port ge.1.2: C3(su)->set cdp state disable Enterasys C3 Configuration Guide 10-3...
Page 174: Set Cdp Auth
set cdp auth set cdp auth Use this command to set a global CDP authentication code. Syntax set cdp auth auth-code Parameters auth-code Specifies an authentication code for the CDP protocol. This can be up to 16 hexadecimal values separated by commas. Defaults None.
Page 175: Set Cdp Hold-Time
(Optional) Resets the message frequency interval to 60 seconds. hold-time (Optional) Resets the hold time value to 180 seconds. auth-code (Optional) Resets the authentication code to 16 bytes of 00 (00-00-00- 00-00-00-00-00). Defaults At least one optional parameter must be entered. Enterasys C3 Configuration Guide 10-5...
Page 176: Show Neighbors
show neighbors Mode Switch command, read-write. Example This example shows how to reset the CDP state to auto-enabled: C3(su)->clear cdp state show neighbors This command displays Neighbor Discovery information for either the CDP or Cisco DP protocols. Syntax show neighbors [port-string] Parameters port-string (Optional) Specifies the port or ports for which to display Neighbor...
Page 177: Purpose
Use this command to display global Cisco discovery protocol information. Syntax show ciscodp Parameters None. Defaults None. Mode Switch command, read-only. Example This example shows how to display global Cisco DP information. C3(su)->show ciscodp CiscoDP :Enabled Timer :5 Holdtime (TTl): 180 Enterasys C3 Configuration Guide 10-7...
Page 178: Show Ciscodp Port Info
show ciscodp port info Device ID : 001188554A60 Last Change : WED NOV 08 13:19:56 2006 Table 10-2 provides an explanation of the command output. Table 10-2 show ciscodp Output Details Output Field What It Displays... CiscoDP Whether Cisco DP is globally enabled or disabled. Auto indicates that Cisco DP will be globally enabled only if Cisco DP PDUs are received.
Page 179: Set Ciscodp Status
This example shows how to globally enable CiscoDP: C3(su)->set ciscodp state enable set ciscodp timer Use this command to set the number of seconds between Cisco discovery protocol PDU transmissions. Syntax set ciscodp timer seconds Enterasys C3 Configuration Guide 10-9...
Page 180: Set Ciscodp Holdtime
set ciscodp holdtime Parameters seconds Specifies the number of seconds between Cisco DP PDU transmissions. Valid values are from 5 to 254 seconds. Defaults None. Mode Switch command, read-write. Example This example shows how to set the Cisco DP timer to 120 seconds. C3(su)->set ciscodp timer 120 set ciscodp holdtime Use this command to set the time to live (TTL) for Cisco discovery protocol PDUs.
Page 181 If the switch port is configured to a Cisco DP trust state of trusted (with the trusted yes parameter of this command), this setting is communicated to the Cisco IP phone instructing it to allow the device connected to it to transmit traffic containing any CoS or Layer 2 802.1p marking. Enterasys C3 Configuration Guide 10-11...
Page 182: Clear Ciscodp
clear ciscodp • If the switch port is configured to a Cisco DP trust state of untrusted (trusted no), this setting is communicated to the Cisco IP phone instructing it to overwrite the 802.1p tag of traffic transmitted by the device connected to it to 0, by default, or to the value specified by the cos parameter of this command.
Page 183: Configuring Link Layer Discovery Protocol And Lldp-Med
You can configure on a port-specific basis which optional LLDP and LLDP- MED TLVs should be sent in LLDPDUs. Configuration Tasks The commands included in this implementation allow you to perform the following configuration tasks: Enterasys C3 Configuration Guide 10-13...
Page 184: Commands
Configuring Link Layer Discovery Protocol and LLDP-MED Step Task Command(s) Configure global system LLDP parameters set lldp tx-interval set lldp hold-multiplier set lldp trap-interval set lldp med-fast-repeat clear lldp Enable/disable specific ports to: • Transmit and process received LLDPDUs set/clear lldp port status set/clear lldp port trap •...
Page 185: Show Lldp
Use this command to display the LLDP status of one or more ports. The command lists the ports that are enabled to send and receive LLDP PDUs. Ports are enabled or disabled with the set lldp port status command. Syntax show lldp port status [port-string] Enterasys C3 Configuration Guide 10-15...
Page 186: Show Lldp Port Trap
show lldp port trap Parameters port-string (Optional) Displays LLDP status for one or a range of ports. Defaults If port-string is not specified, LLDP status information will be displayed for all ports. Mode Switch command, read-only. Example This example shows how to display LLDP port status information for all ports. C3(ro)->show lldp port status Tx-Enabled Ports : ge.1.1-60;...
Page 187: Show Lldp Port Tx-Tlv
Use this command to display configured location information for one or more ports. Ports are configured with a location value using the set lldp port location-info command. Syntax show lldp port location-info [port-string] Parameters port-string (Optional) Displays port location information for one or a range of ports. Enterasys C3 Configuration Guide 10-17...
Page 188: Show Lldp Port Local-Info
Port Desc : ... 1000BASE-TX RJ45 Gigabit Ethernet Frontpanel Port Mgmt Addr : 10.21.64.100 Chassis ID : 00-E0-63-93-74-A5 Sys Name : LLDP PoE test Chassis Sys Desc : Enterasys Networks, Inc. Sys Cap Supported/Enabled : bridge,router/bridge 10-18 Discovery Protocol Configuration...
Page 189: Show Lldp Port Local-Info Output Details
IEEE 802.3 Extensions MAC-PHY Configuration/Status TLV. Auto- negotiation supported and enabled settings should be the same on the two systems attached to the same link. Auto-Neg Advertised IEEE 802.3 Extensions MAC-PHY Configuration/Status TLV. Lists the configured advertised values on the port. Enterasys C3 Configuration Guide 10-19...
Page 190 show lldp port local-info Table 10-4 show lldp port local-info Output Details (Continued) Output Field What it Displays... Operational Speed/Duplex/ IEEE 802.3 Extensions MAC-PHY Configuration/Status TLV. Lists the Type operational MAU type, duplex, and speed of the port. If the received TLV indicates that auto-negotiation is supported but not enabled, these values will be used by the port.
Page 191: Show Lldp Port Remote-Info
Manufacturer : Avaya Model Number : 4610 Note that the information fields displayed by the show lldp port remote-info command will vary, depending on the type of remote device that is connected to the port. Enterasys C3 Configuration Guide 10-21...
Page 192: Show Lldp Port Network-Policy
show lldp port network-policy Table 10-5 describes the output fields that are unique to the remote system information database. Refer to Table 10-4 on page 19 for descriptions of the information fields that are common to both the local and the remote system information databases. Table 10-5 show lldp port remote-info Output Display Output Field What it Displays...
Page 193: Set Lldp Tx-Interval
Specifies the number of seconds between transmissions of LLDP frames. Value can range from 5 to 32,768 seconds. The default is 30 seconds. Defaults None. Mode Switch command, read-write. Example This example sets the transmit interval to 20 seconds. Enterasys C3 Configuration Guide 10-23...
Page 194: Set Lldp Hold-Multiplier
set lldp hold-multiplier C3(rw)->set lldp tx-interval 20 set lldp hold-multiplier Use this command to set the time-to-live value used in LLDP frames sent by this device. The time- to-live for LLDPDU data is calculated by multiplying the transmit interval by the hold multiplier value.
Page 195: Set Lldp Med-Fast-Repeat
Enables receiving and processing LLDPDUs from remote systems on the specified ports. both Enables both transmitting and processing received LLDPDUs on the specified ports. disable Disables both transmitting and processing received LLDPDUs on the specified ports. Enterasys C3 Configuration Guide 10-25...
Page 196: Set Lldp Port Trap
set lldp port trap port-string Specifies the port or range of ports to be affected. Defaults None. Mode Switch command, read-write. Example This example enables both transmitting LLDPDUs and receiving and processing LLDPDUs from remote systems on ports ge.1.1 through ge.1.6. C3(rw)->set lldp port status both ge.1.1-6 set lldp port trap Use this command to enable or disable sending LLDP notifications (traps) when a remote system...
Page 197: Set Lldp Port Location-Info
This example configures the ELIN identifier 5551234567 on ports ge.1.1 through ge.1.6 and then configures the ports to send the Location Information TLV. C3(rw)->set lldp port location-info 5551234567 ge.1.1-6 C3(rw)->set lldp port tx-tlv med-loc ge.1.1-6 Enterasys C3 Configuration Guide 10-27...
Page 198: Set Lldp Port Tx-Tlv
set lldp port tx-tlv set lldp port tx-tlv Use this command to select the optional LLDP and LLDP-MED TLVs to be transmitted in LLDPDUs by the specified port or ports. Use the show lldp port local-info command to display the values of these TLVs for the port. Syntax set lldp port tx-tlv {[all] | [port-desc] [sys-name] [sys-desc] [sys-cap] [mgmt- addr] [vlan-id] [stp] [lacp] [gvrp] [mac-phy] [poe] [link-aggr] [max-frame] [med-...
Page 199: Set Lldp Port Network-Policy
[vid {vlan-id | dot1p}] [cos cos-value] [dscp dscp-value] port-string Parameters Configures all applications. voice Configures the voice application. voice-signaling Configures the voice signaling application. This application will not be advertised if the voice application is configured with the same parameters. Enterasys C3 Configuration Guide 10-29...
Page 200 set lldp port network-policy guest-voice Configures the guest voice application. guest-voice-signaling Configures the guest voice signaling application. This application will not be advertised if the guest-voice application is configured with the same parameters. softphone-voice Configures the softphone voice application. video-conferencing Configures the video conferencing application.
Page 201: Clear Lldp
C3(rw)->clear lldp tx-interval clear lldp port status Use this command to return the port status to the default value of both (both transmitting and processing received LLDPDUs are enabled). Syntax clear lldp port status port-string Enterasys C3 Configuration Guide 10-31...
Page 202: Clear Lldp Port Trap
clear lldp port trap Parameters port-string Specifies the port or range of ports to be affected. Defaults None. Mode Switch command, read-write. Example This example returns port 1.1 to the default state of enabled for both transmitting and processing received LLDPDUs. C3(rw)->clear lldp port status ge.1.1 clear lldp port trap Use this command to return the port LLDP trap setting to the default value of disabled.
Page 203: Clear Lldp Port Location-Info
Syntax clear lldp port network-policy {all | voice | voice-signaling | guest-voice | guest-voice-signaling | softphone-voice | video-conferencing | streaming-video | video-signaling} {[state] [tag] [vid] [cos] [dscp]} port-string Parameters Applies command to all applications. Enterasys C3 Configuration Guide 10-33...
Page 204: Clear Lldp Port Tx-Tlv
clear lldp port tx-tlv voice Applies command to the voice application. voice-signaling Applies command to the voice signaling application. guest-voice Applies command to the guest voice application. guest-voice-signaling Applies command to the guest voice signaling application. softphone-voice Applies command to the softphone voice application. video-conferencing Applies command to the video conferencing application.
Page 205 Disables the LLDP-MED Extended Power via MDI TLV from being transmitted in LLDPDUs. Only valid for PoE-enabled ports. port-string Specifies the port or range of ports to be affected. Defaults None. Mode Switch command, read-write. Enterasys C3 Configuration Guide 10-35...
Page 206 clear lldp port tx-tlv Example This example disables the management address, MED capability, MED network policy, and MED location identification TLVs from being sent in LLDPDUs by port 1.1. C3(rw)->clear lldp port tx-tlv mgmt-addr med-cap med-pol med-loc ge.1.1 10-36 Discovery Protocol Configuration...
Page 207: Port Configuration Summary
1-Gbps Ethernet tg for 10-Gbps Ethernet host for the host port vlan for vlan interfaces lag for IEEE802.3 link aggregation ports Where unit_or_slotnumber can be: 1 - 8 for switch units in a stack Enterasys C3 Configuration Guide 11-1...
Page 208: Reviewing Port Status
Reviewing Port Status Where port number depends on the device. The highest valid port number is dependent on the number of ports in the device and the port type. Port Slot/Unit Parameters Used in the CLI The “unit” parameter is often used interchangeably with “module” in the standalone switch CLI to indicate a module slot location.
Page 209: Show Port Status
C3(su)->show port status Alias Oper Admin Speed Port (truncated) Status Status (bps) Duplex Type --------- ------------ ------- ------- --------- ------- ------------ ge.1.47 Down RJ45 ge.1.48 1.0G full RJ45 Table 11-1 provides an explanation of the command output. Enterasys C3 Configuration Guide 11-3...
Page 210: Show Port Counters
CLI” on page 11-1. switch | mib2 (Optional) Displays switch or MIB2 statistics. Switch statistics detail performance of the Enterasys C3 device. MIB2 interface statistics detail performance of all network devices. Defaults If port-string is not specified, counter statistics will be displayed for all ports.
Page 211: Clear Port Counters
MIB2 network traffic counts Counters 802.1Q Switch Counts of frames received, transmitted, and filtered. Counters clear port counters Use this command to clear port counter statistics for a port or range of ports. Syntax clear port counters [port-string] Enterasys C3 Configuration Guide 11-5...
Page 212: Show Port Cablestatus
show port cablestatus Parameters port-string (Optional) Specifies the port or range of ports to clear port counter statistics. Defaults If no port-string is specified, port counters are cleared for all ports. Mode Switch command, read-write Example This example clears the port counters for ge.3.1. C3(rw)->clear port counters ge.3.1 show port cablestatus Use this command to troubleshoot and locate faults in copper cable connections on a per port...
Page 213: Disabling / Enabling And Naming Ports
Use this command to administratively disable one or more ports. When this command is executed, in addition to disabling the physical Ethernet link, the port will no longer learn entries in the forwarding database. Syntax set port disable port-string Enterasys C3 Configuration Guide 11-7...
Page 214: Set Port Enable
set port enable Parameters port-string Specifies the port(s) to disable. For a detailed description of possible port- string values, refer to “Port String Syntax Used in the CLI” on page 11-1. Defaults None. Mode Switch command, read-write. Example This example shows how to disable ge.1.1: C3(su)->set port disable set port enable Use this command to administratively enable one or more ports.
Page 215: Set Port Alias
Mode Switch command, read-write. Examples This example shows how to assign the alias “Admin” to 3.3: C3(rw)->set port alias ge.3.3 Admin This example shows how to clear the alias for 3.3: C3(rw)->set port alias ge.3.3 Enterasys C3 Configuration Guide 11-9...
Page 216: Setting Speed And Duplex Mode
Setting Speed and Duplex Mode Setting Speed and Duplex Mode Purpose To review and set the operational speed in Mbps and the default duplex mode: Half, for half duplex, or Full, for full duplex for one or more ports. Note: These settings only take effect on ports that have auto-negotiation disabled. Commands For information about...
Page 217: Set Port Speed
For a detailed description of possible port-string values, refer to “Port String Syntax Used in the CLI” on page 11-1. Defaults If port-string is not specified, default duplex settings for all ports will be displayed. Mode Switch command, read-only. Enterasys C3 Configuration Guide 11-11...
Page 218: Set Port Duplex
set port duplex Example This example shows how to display the default duplex setting for Ethernet port 14 in unit 3: C3(su)->show port duplex ge.3.14 default duplex mode is full on port ge.3.14. set port duplex Use this command to set the default duplex type for one or more ports. This command will only take effect on ports that have auto-negotiation disabled.
Page 219: Enabling / Disabling Jumbo Frame Support
Switch command, read-only. Example This example shows how to display the status of jumbo frame support for 1.1: C3(su)->show port jumbo ge.1.1 Port Number Jumbo Status Max Frame Size ------------- --------------- ------------------ ge.1.1 Enable 9216 Enterasys C3 Configuration Guide 11-13...
Page 220: Set Port Jumbo
set port jumbo set port jumbo Use this command to enable or disable jumbo frame support on one or more ports. Syntax set port jumbo {enable | disable}[port-string] Parameters enable | disable Enables or disables jumbo frame support. port-string (Optional) Specifies the port(s) on which to disable or enable jumbo frame support.
Page 221: Setting Auto-Negotiation And Advertised Ability
(Optional) Displays auto-negotiation status for specific port(s). For a detailed description of possible port-string values, refer to “Port String Syntax Used in the CLI” on page 11-1. Defaults If port-string is not specified, auto-negotiation status for all ports will be displayed. Enterasys C3 Configuration Guide 11-15...
Page 222: Set Port Negotiation
set port negotiation Mode Switch command, read-only. Example This example shows how to display auto-negotiation status for Ethernet port 14 in unit 3: C3(su)->show port negotiation ge.3.14 auto-negotiation is enabled on port ge.3.14. set port negotiation Use this command to enable or disable auto-negotiation on one or more ports. Syntax set port negotiation port-string {enable | disable} Parameters...
Page 223: Set Port Advertise
Advertise 10BASE-T full duplex mode. 100tx Advertise 100BASE-TX half duplex mode. 100txfd Advertise 100BASE-TX full duplex mode. 1000t Advertise 1000BASE-T half duplex mode. 1000tfd Advertise 1000BASE-T full duplex mode. pause Advertise PAUSE for full-duplex links. Defaults None. Enterasys C3 Configuration Guide 11-17...
Page 224: Clear Port Advertise
clear port advertise Mode Switch command, read-write. Example This example shows how to configure port 1 to advertise 1000BASE-T full duplex: C3(su)->set port advertise ge.1.1 1000tfd clear port advertise Use this command to configure a port to not advertise a specific speed/duplex capability when auto-negotiating with another port.
Page 225: Show Port Mdix
Use this command to configure cable connection type configuration mode for one or more ports. Syntax set port mdix {auto|forced-auto|mdi|mdix} [port-string] Parameters auto Configure ports to automatically determine the required MDI/MDIX mode. This is the default condition. forced-auto Force ports to automatically determine the required MDI/MDIX mode. Enterasys C3 Configuration Guide 11-19...
Page 226 Switch command, read-write. Usage By default, Enterasys Networks switch devices are configured to automatically detect the cable type connection, straight through (MDI) or cross-over (MDIX), required by the cable connected to the port. You can configure ports to only use MDI or MDIX connections with this command.
Page 227: Setting Flow Control
This example shows how to display the port flow control state: C3(su)->show flowcontrol Flow control status: enabled set flowcontrol Use this command to enable or disable flow control. Syntax set flowcontrol {enable | disable} Parameters enable | disable Enables or disables flow control settings. Enterasys C3 Configuration Guide 11-21...
Page 228 set flowcontrol Defaults None. Mode Switch command, read-write. Example This example shows how to enable flow control: C3(su)->set flowcontrol enable 11-22 Port Configuration...
Page 229: Setting Port Link Traps And Link Flap Detection
Syntax show port trap [port-string] Parameters port-string (Optional) Displays link trap status for specific port(s). For a detailed description of possible port-string values, refer to “Port String Syntax Used in the CLI” on page 11-1. Enterasys C3 Configuration Guide 11-23...
Page 230: Set Port Trap
set port trap Defaults If port-string is not specified, the trap status for all ports will be displayed. Mode Switch command, read-write. Example This example shows how to display link trap status for ge.3.1 through 4: C3(su)->show port trap 3.1-4 Link traps enabled on port 3.1.
Page 231 Default Condition Linkflap global state Disabled Linkflap port state Disabled Linkflap action None Linkflap interval Linkflap maximum allowed link downs per 10 seconds Linkflap threshold (number of allowed link down transitions before action is taken) Enterasys C3 Configuration Guide 11-25...
Page 232: Show Linkflap Parameters Output Details
show linkflap Linkflap Parameter Default Condition Linkflap downtime 300 seconds Examples This example shows how to display the global status of the link trap detection function: C3(rw)->show linkflap globalstate Linkflap feature globally disabled This example shows how to display ports disabled by link flap detection due to a violation: C3(rw)->show linkflap downports Ports currently held DOWN for Linkflap violations: None.
Page 233: Set Linkflap Globalstate
This example shows how to globally enable the link trap detection function. C3(rw)->set linkflap globalstate enable set linkflap portstate Use this command to enable or disable link flap monitoring on one or more ports. Syntax set linkflap portstate {disable | enable} [port-string] Enterasys C3 Configuration Guide 11-27...
Page 234: Set Linkflap Interval
set linkflap interval Parameters disable | enable Disables or enables the link flap detection function. port-string (Optional) Specifies the port or ports on which to disable or enable monitoring. Defaults If port-string is not specified, all ports are enabled or disabled. Mode Switch command, read-write.
Page 235: Clear Linkflap Action
If port-string is not specified, actions will be cleared on all ports. Mode Switch mode, read-write. Example This example shows how to clear the link flap violation action on port ge.1.4 to generating a Syslog entry. C3(rw)->clear linkflap action 1.4 gensyslogentry Enterasys C3 Configuration Guide 11-29...
Page 236: Set Linkflap Threshold
set linkflap threshold set linkflap threshold Use this command to set the link flap action trigger count. Syntax set linkflap threshold port-string threshold-value Parameters port-string Specifies the port(s) on which to set the link flap action trigger count. threshold-value Specifies the number of link down transitions necessary to trigger the link flap action.
Page 237: Clear Linkflap Down
If port-string is not specified, settings and/or statistics will be cleared on all ports. Mode Switch mode, read-write. Example This example shows how to clear all link flap options on port ge.1.4. C3(rw)->clear linkflap all Enterasys C3 Configuration Guide 11-31...
Page 238: Show Newaddrtrap
show newaddrtrap show newaddrtrap Use this command to display the global and port-specific status of the new MAC addresses trap function. Syntax show newaddrtrap [port-string] Parameters port-string (Optional) Displays the status of the new MAC addresses trap function on specific ports. Defaults If port-string is not specified, the status of the new MAC addresses trap function will be displayed for all ports.
Page 239 The default mode is disabled globally and per port. Example This example enables the trap function globally and then on ports 1 through 5 in unit/slot 1. C3(rw)->set newaddrtrap enable C3(rw)->set newaddrtrap ge.1.1-5 enable Enterasys C3 Configuration Guide 11-33...
Page 240: Configuring Broadcast Suppression
Configuring Broadcast Suppression Configuring Broadcast Suppression Purpose To review and set the broadcast suppression threshold for one or more ports. This feature limits the number of received broadcast frames the switch will accept per port. Broadcast suppression thresholds apply only to broadcast traffic—multicast traffic is not affected. By default, a broadcast suppression threshold of 14881 packets per second (pps) will be used, regardless of actual port speed.
Page 241: Set Port Broadcast
This example configures ports 1 through 5 with a broadcast limit of 50 pps: C3(su)->set port broadcast ge.1.1-5 50 clear port broadcast Use this command to clear the broadcast threshold limit to the default value of 14881 for the selected port. Syntax clear port broadcast port-string threshold Enterasys C3 Configuration Guide 11-35...
Page 242 clear port broadcast Parameters port-string Select the ports for which to clear broadcast suppression thresholds. For a detailed description of possible port-string values, refer to “Port String Syntax Used in the CLI” on page 11-1. Defaults None. Mode Switch command, read-write. Example This example clears the broadcast threshold limit to 14881 pps for ports 1 through 5: C3(su)->clear port broadcast ge.1.1-5 threshold...
Page 243: Port Mirroring
The Enterasys C3 device allows you to mirror (or redirect) the traffic being switched on a port for the purposes of network traffic analysis and connection assurance. When port mirroring is enabled, one port becomes a monitor port for another port within the device (the stack, if applicable).
Page 244: Configuring Smon Mib Port Mirroring
Port Mirroring • On the source switch, the correct destination port must be chosen to ensure that there is an egress path from that port to the desired remote destination(s). • All ports on the path from the source port to the remote destination must be members of the mirror VLAN.
Page 245: Purpose
11-42 show port mirroring Use this command to display the source and target ports for mirroring, and whether mirroring is currently enabled or disabled for those ports. Syntax show port mirroring Parameters None. Enterasys C3 Configuration Guide 11-39...
Page 246: Set Port Mirroring
set port mirroring Defaults None. Mode Switch command, read-only. Example This example shows how to display port mirroring information. In this case, ge.1.4 is configured as a source port and ge.1.11 is a target and mirroring has been enabled between these ports: C3(su)->show port mirroring Port Mirroring ==============...
Page 247: Clear Port Mirroring
Assigns a VLAN to be reserved for mirroring. If a mirrored VLAN is created, all mirrored traffic will egress VLAN tagged. All traffic on the mirror VLAN will be flooded. Syntax set mirror vlan vlan-id Enterasys C3 Configuration Guide 11-41...
Page 248: Clear Mirror Vlan
clear mirror vlan Parameters vlan-id Specifies the VLAN to be used for remote port mirroring. The ID can range from 2 to 4093. Defaults None. Mode Switch command, read-write. Usage Refer to “Remote Port Mirroring” on page 11-37 for information about configuring mirror VLANs. Use the show port mirroring command to display the VLANs configured for remote port mirroring.
Page 249 Example The following example clears VLAN 2 from being used for remote port mirroring. C3(su)->clear mirror vlan 2 Enterasys C3 Configuration Guide 11-43...
Page 250: Link Aggregation Control Protocol (Lacp)
802.3ad LACP aggregations can also be run to end-users (that is, a server) or to a router. For more information about configuring LACP, see the “Configuring Link Aggregation” Feature Guide on the Enterasys web site: https://extranet.enterasys.com/downloads/ Note: Earlier (proprietary) implementations of port aggregation referred to groups of aggregated ports as “trunks”.
Page 251: Flexible Link Aggregation Groups
Aggregator Virtual port that controls link aggregation for underlying physical ports. Each Enterasys C3 module provides 6, 12, or 24 aggregator ports, which are designated in the CLI as lag.0.x, where x can range from 1 to the number of aggregator ports allowed.
Page 252: Enterasys C3 Usage Considerations
LAG IDs for each grouping of ports. The LAG with the lower LAG ID is given precedence and will be allowed to use the aggregator. Note: Only one LACP system priority can be set on the Enterasys C3 device, using either the set lacp asyspri command...
Page 253: Commands
Use this command to display information about one or more aggregator ports. Syntax show lacp [port-string] Parameters port-string (Optional) Displays LACP information for specific LAG port(s). Valid port designations are lag.0.1 – 24 depending on the number of LAG groups configured. Enterasys C3 Configuration Guide 11-47...
Page 254: Show Lacp Output Details
Mode Switch command, read-only. Usage Each Enterasys C3 switch provides 6, 12, or 24 virtual link aggregator ports, which are designated in the CLI as lag.0.1 through lag.0.24, depending on how many LAG groups have been configured. See “set lacp groups”...
Page 255: Set Lacp
Aggregation Group) ID. Syntax set lacp asyspri value Parameters value Specifies a system priority value. Valid values are 0 to 65535, with precedence given to lower values. The default system priority is 32768. Defaults None. Enterasys C3 Configuration Guide 11-49...
Page 256: Set Lacp Aadminkey
set lacp aadminkey Mode Switch command, read-write. Usage LACP uses this value to determine aggregation precedence. If there are two partner devices competing for the same aggregator, LACP compares the LAG IDs for each grouping of ports. The LAG with the lower LAG ID is given precedence and will be allowed to use the aggregator. Example This example shows how to set the LACP system priority to 1000: C3(su)->set lacp asyspri 1000...
Page 257: Set Lacp Static
If not specified, a key will be assigned according to the specified aggregator. For example a key of 4 would be assigned to lag.0.4. Mode Switch command, read-write. Examples This example shows how to add port ge.1.6 to the LAG of aggregator port 6: C3(su)->set lacp static lag.0.6 Issuing : Enterasys C3 Configuration Guide 11-51...
Page 258: Clear Lacp Static
clear lacp static set lacp static lag.0.6 set lacp aadminkey lag.0.6 6 set port lacp port .1.1 aadminkey 6 set port lacp port .1.1 disable This example sets the aggregator admin key to the default (1) for lag.0.1. C3(su)->set lacp static lag.0.1 Issuing : set lacp static lag.0.1 set lacp aadminkey lag.0.1 1...
Page 259: Clear Lacp Singleportlag
This example shows how to reset the single port LAG function back to disabled: C3(su)->clear lacp singleportlag show port lacp Use this command to display link aggregation information for one or more underlying physical ports. Syntax show port lacp port port-string {[status {detail | summary}] | [counters]} Enterasys C3 Configuration Guide 11-53...
Page 260 show port lacp Parameters port port-string Displays LACP information for specific port(s). For a detailed description of possible port-string values, refer to “Port String Syntax Used in the CLI” on page 11-1. status detail | Displays LACP status in detailed or summary information. summary counters Displays LACP counter information.
Page 261: Set Port Lacp
Aggregator ports allow only underlying ports with oper keys matching theirs to join their LAG. Valid values are 1 - 65535. The default key value is 32768. Enterasys C3 Configuration Guide 11-55...
Page 262 Valid values are 0 - 65535, with higher precedence given to lower values. Note: Only one LACP system priority can be set on a Enterasys C3 device, using either this command, or the set lacp asyspri command (“set lacp...
Page 263: Clear Port Lacp
| lacpexpire | padminsyspri Clears the port’s default partner priority value. padminsysid Clears the port’s default partner system ID. padminkey Clears the port’s default partner admin key. padminportpri Clears the port’s default partner port priority. Enterasys C3 Configuration Guide 11-57...
Page 264: Set Lacp Groups
set lacp groups padminport Deletes a partner port from the LACP configuration. padminstate Clears the port’s specific partner admin state, or all partner admin state(s). lacpactive | lacptimeout | lacpagg | lacpsync | lacpcollect | lacpdist | lacpdef | lacpexpire | Defaults None.
Page 265: Clear Lacp Groups
Changing group limits will result in a system reset and loss of LACP configuration. Do you wish to proceed? (y/n) show lacp groups Use this command to display the maximum number of LACP groups configured on the switch. Syntax show lacp groups Enterasys C3 Configuration Guide 11-59...
Page 266 show lacp groups Parameters None. Defaults None. Mode Switch command, read-write. Example This example shows the number of configured LACP groups. C3(su)->show lacp groups LACP groups supported 6 11-60 Port Configuration...
Page 267: Configuring Protected Ports
Specifies the port or ports to be protected. group-id Specifies the id of the group to which the ports should be assigned. Id can range from 0 to 2. Defaults None. Mode Switch command, read-write. Enterasys C3 Configuration Guide 11-61...
Page 268: Show Port Protected
show port protected Example This example shows how to assign ports ge.1.1 through ge.1.3 to protected port group 1: C3(rw)->set port protected ge.1.1-3 1 show port protected Use this command to display information about the ports configured for protected mode. Syntax show port protected [port-string] | [group-id] Parameters...
Page 269: Set Port Protected Name
Use this command to display the name for the group ids specified. Syntax show port protected name group-id Parameters group-id Specifies the id of the group to display. Id can range from 0 to 2. Defaults None. Mode Read-only. Enterasys C3 Configuration Guide 11-63...
Page 270: Clear Port Protected Name
clear port protected name Example This example shows how to show the name of protected port group 1: C3(ro)->show port protected name 1 Group ID Group Name ----------------------------- group1 clear port protected name Use this command to clear the name of a protected group. Syntax clear port protected name group-id Parameters...
Page 271: Snmp Configuration Summary
Creating a Basic SNMP Trap Configuration 12-35 Configuring the SNMP Management Interface 12-37 Note: An Enterasys Networks Feature Guide document containing an in-depth discussion of SNMP configuration is located on the Enterasys Networks web site: https://extranet.enterasys.com/downloads/ SNMP Configuration Summary SNMP is an application-layer protocol that facilitates the exchange of management information between network devices.
Page 272: Snmpv1 And Snmpv2C
(AuthNoPriv); and privacy (authPriv). A combination of a security model and a security level determines which security mechanism is employed when handling an SNMP frame. Table 12-1 identifies the levels of SNMP security available on Enterasys C3 devices and authentication required within each model. 12-2 SNMP Configuration...
Page 273: Using Snmp Contexts To Access Specific Mibs
DES (DES-56) standard. Using SNMP Contexts to Access Specific MIBs By default, when operating from the switch CLI, Enterasys C3 devices allow access to all SNMP MIBs or contexts. A context is a collection of MIB objects, often associated with a particular physical or logical device.
Page 274: Show Snmp Counters
show snmp counters Commands For information about... Refer to page... show snmp counters 12-4 show snmp counters Use this command to display SNMP traffic counter values. Syntax show snmp counters Parameters None. Defaults None. Mode Switch command, read-only. Example This example shows how to display SNMP counter values C3(su)->show snmp counters --- mib2 SNMP group counters: snmpInPkts...
Page 275: Show Snmp Counters Output Details
Number of SNMP Get-Request PDUs accepted and processed by the SNMP protocol entity. snmpInGetNexts Number of SNMP Get-Next PDUs accepted and processed by the SNMP protocol entity. snmpInSetRequests Number of SNMP Set-Request PDUs accepted and processed by the SNMP protocol entity. Enterasys C3 Configuration Guide 12-5...
Page 276 show snmp counters Table 12-2 show snmp counters Output Details (Continued) Output Field What It Displays... snmpInGetResponses Number of SNMP Get-Response PDUs accepted and processed by the SNMP protocol entity. snmpInTraps Number of SNMP Trap PDUs accepted and processed by the SNMP protocol entity.
Page 277: Configuring Snmp Users, Groups, And Communities
(Optional) Displays information about users on a specific remote SNMP engine. volatile | nonvolatile (Optional) Displays user information for a specified storage type. | read-only Defaults If list is not specified, detailed SNMP information will be displayed. Enterasys C3 Configuration Guide 12-7...
Page 278: Set Snmp User
set snmp user If user is not specified, information about all SNMP users will be displayed. If remote is not specified, user information about the local SNMP engine will be displayed. If a storage type is not specified, user information for all storage types will be displayed. Mode Switch command, read-only.
Page 279 This example shows how to create a new SNMP user named “netops”. By default, this user will be registered on the local SNMP engine without authentication and encryption. Entries related to this user will be stored in permanent (nonvolatile) memory: C3(su)->set snmp user netops Enterasys C3 Configuration Guide 12-9...
Page 280: Clear Snmp User
clear snmp user This example creates a new SNMP user named “admin” with AES encryption and HMAC-SHA-1 authentication required. The encryption password is “admintest1” and the authentication password is “admintest2.” By default, this user will be registered on the local SNMP engine and entries related to this user will be stored in permanent (nonvolatile) memory.
Page 281: Set Snmp Group
Use this command to create an SNMP group. This associates SNMPv3 users to a group that shares common access privileges. Syntax set snmp group groupname user user security-model {v1 | v2c | usm} [volatile | nonvolatile] Enterasys C3 Configuration Guide 12-11...
Page 282: Clear Snmp Group
clear snmp group Parameters groupname Specifies an SNMP group name to create. user user Specifies an SNMPv3 user name to assign to the group. security-model v1 | Specifies an SNMP security model to assign to the group. v2c | usm volatile | (Optional) Specifies a storage type for SNMP entries associated with the nonvolatile...
Page 283: Show Snmp Community
Valid values are full or partial context names. To review all contexts configured for the device, use the show snmp context command as described in “show snmp context” on page 12-20. Enterasys C3 Configuration Guide 12-13...
Page 284: Clear Snmp Community
clear snmp community transport transport (Optional) Specifies the set of transport endpoints from which SNMP request with this community name will be accepted. Makes a link to a target address table. volatile | (Optional) Specifies the storage type for these entries. nonvolatile Defaults If securityname is not specified, the community name will be used.
Page 285: Configuring Snmp Access Rights
Contexts to Access Specific MIBs” on page 12-3. volatile | (Optional) Displays access entries for a specific storage type. nonvolatile | read- only Defaults If groupname is not specified, access information for all SNMP groups will be displayed. Enterasys C3 Configuration Guide 12-15...
Page 286: Show Snmp Access Output Details
show snmp access If security-model is not specified, access information for all SNMP versions will be displayed. If noauthentication, authentication or privacy are not specified, access information for all security levels will be displayed. If context is not specified, all contexts will be displayed. If volatile, nonvolatile or read-only are not specified, all entries of all storage types will be displayed.
Page 287: Set Snmp Access
If write view is not specified, none will be applied. If notify view is not specified, none will be applied. If storage type is not specified, entries will be stored as permanent and will be held through device reboot. Enterasys C3 Configuration Guide 12-17...
Page 288: Clear Snmp Access
clear snmp access Mode Switch mode, read-write, when security profile = normal. Switch mode, super-user, when security profile = C2. Example This example permits the “powergroup” to manage all MIBs via SNMPv3: C3(su)->set snmp access powergroup security-model usm clear snmp access Use this command to clear the SNMP access entry of a specific group, including its set SNMP security-model, and level of security.
Page 289: Configuring Snmp Mib Views
This example shows how to display SNMP MIB view configuration information: C3(su)->show snmp view --- SNMP MIB View information --- View Name = All Subtree OID Subtree mask View Type = included Storage type = nonVolatile Row status = active Enterasys C3 Configuration Guide 12-19...
Page 290: Show Snmp Context
show snmp context View Name = All Subtree OID = 0.0 Subtree mask View Type = included Storage type = nonVolatile Row status = active View Name = Network Subtree OID = 1.3.6.1.2.1 Subtree mask View Type = included Storage type = nonVolatile Row status = active...
Page 291: Set Snmp View
This example shows how to set an SNMP MIB view to “public” with a subtree name of 1.3.6.1 included: C3(su)->set snmp view viewname public subtree 1.3.6.1 included clear snmp view Use this command to delete an SNMPv3 MIB view. Syntax clear snmp view viewname subtree Enterasys C3 Configuration Guide 12-21...
Page 292: Configuring Snmp Target Parameters
Configuring SNMP Target Parameters Parameters viewname Specifies the MIB view name to be deleted. subtree Specifies the subtree name of the MIB view to be deleted. Defaults None. Mode Switch mode, read-write, when security profile = normal. Switch mode, super-user, when security profile = C2. Example This example shows how to delete SNMP MIB view “public”: C3(su)->clear snmp view public 1.3.6.1...
Page 293: Show Snmp Targetparams Output Details
Storage type Whether entry is stored in volatile, nonvolatile or read-only memory. Row status Status of this entry: active, notInService, or notReady. Enterasys C3 Configuration Guide 12-23...
Page 294: Set Snmp Targetparams
set snmp targetparams set snmp targetparams Use this command to set SNMP target parameters, a named set of security/authorization criteria used to generate a message to a target. Syntax set snmp targetparams paramsname user user security-model {v1 | v2c | usm} message- processing {v1 | v2c | v3} [noauthentication | authentication | privacy] [volatile | nonvolatile] Parameters...
Page 295: Clear Snmp Targetparams
Refer to page... show snmp targetaddr 12-25 set snmp targetaddr 12-26 clear snmp targetaddr 12-28 show snmp targetaddr Use this command to display SNMP target address information. Syntax show snmp targetaddr [targetAddr] [volatile | nonvolatile | read-only] Enterasys C3 Configuration Guide 12-25...
Page 296: Set Snmp Targetaddr
set snmp targetaddr Parameters targetAddr (Optional) Displays information for a specific target address name. volatile | nonvolatile (Optional) When target address is specified, displays target address | read-only information for a specific storage type. Defaults If targetAddr is not specified, entries for all target address names will be displayed. If not specified, entries of all storage types will be displayed for a target address.
Page 297 This example shows how to configure a trap notification called “TrapSink.” This trap notification will be sent to the workstation 192.168.190.80 (which is target address “tr”). It will use security and authorization criteria contained in a target parameters entry called “v2cExampleParams”. For Enterasys C3 Configuration Guide 12-27...
Page 298: Clear Snmp Targetaddr
clear snmp targetaddr more information on configuring a basic SNMP trap, refer to “Creating a Basic SNMP Trap Configuration” on page 12-35: C3(su)->set snmp targetaddr tr 192.168.190.80 param v2cExampleParams taglist TrapSink clear snmp targetaddr Use this command to delete an SNMP target address entry. Syntax clear snmp targetaddr targetAddr Parameters...
Page 299: Show Snmp Notify
If volatile, nonvolatile, or read-only are not specified, all storage type entries will be displayed. Mode Switch command, read-only. Example This example shows how to display the SNMP notify information: C3(su)->show snmp notify --- SNMP notifyTable information --- Notify name Notify Tag = Console Enterasys C3 Configuration Guide 12-29...
Page 300: Set Snmp Notify
set snmp notify Notify Type = trap Storage type = nonVolatile Row status = active Notify name Notify Tag = TrapSink Notify Type = trap Storage type = nonVolatile Row status = active Table 12-9 provides an explanation of the command output. Table 12-9 show snmp notify Output Details Output Field What It Displays...
Page 301: Clear Snmp Notify
(Optional) Displays a specific notify filter. subtree oid-or- (Optional) Displays a notify filter within a specific subtree. mibobject volatile | (Optional) Displays notify filter entries of a specific storage type. nonvolatile | read- only Enterasys C3 Configuration Guide 12-31...
Page 302: Set Snmp Notifyfilter
set snmp notifyfilter Defaults If no parameters are specified, all notify filter information will be displayed. Mode Switch command, read-only. Usage “About SNMP Notify Filters” on page 12-28 for more information about notify filters. Example This example shows how to display SNMP notify filter information. In this case, the notify profile “pilot1”...
Page 303: Clear Snmp Notifyfilter
Use this command to display SNMP notify profile information. This associates target parameters to an SNMP notify filter to determine who should not receive SNMP notifications. Syntax show snmp notifyprofile [profile] [targetparam targetparam] [volatile | nonvolatile | read-only] Enterasys C3 Configuration Guide 12-33...
Page 304: Set Snmp Notifyprofile
set snmp notifyprofile Parameters profile (Optional) Displays a specific notify profile. targetparam (Optional) Displays entries for a specific target parameter. targetparam volatile | (Optional) Displays notify filter entries of a specific storage type. nonvolatile | read- only Defaults If no parameters are specified, all notify profile information will be displayed. Mode Switch command, read-only.
Page 305: Clear Snmp Notifyprofile
MIBs. Complete an SNMPv2 trap configuration on a Enterasys C3 device as follows: Create a community name that will act as an SNMP user password. Enterasys C3 Configuration Guide 12-35...
Page 306: Example
The notification entry and tag name created in Step 3 and – The target parameters entry created in Step 2. Table 12-10 shows the commands used to complete an SNMPv2 trap configuration on a Enterasys C3 device. Table 12-10 Basic SNMP Trap Configuration To do this...
Page 307: Configuring The Snmp Management Interface
Switch mode, read-only. Example This example displays the output of this command. In this case, the IP address assigned to loopback interface 1 will be used as the source IP address of the SNMP agent. Enterasys C3 Configuration Guide 12-37...
Page 308: Set Snmp Interface
set snmp interface C3(rw)->show snmp interface loopback 1 192.168.10.1 set snmp interface Use this command to specify the interface used for the source IP address of the SNMP agent when generating SNMP traps. Syntax set snmp interface {loopback loop-ID | vlan vlan-ID} Parameters loopback loop-ID Specifies the loopback interface to be used.
Page 309: Clear Snmp Interface
To display the SNMP local engine ID and to configure a non-default SNMP engine ID on the switch. Commands For information about... Refer to page... show snmp engineid 12-40 set snmp engineid 12-40 clear snmp engineid 12-41 Enterasys C3 Configuration Guide 12-39...
Page 310: Show Snmp Engineid
show snmp engineid show snmp engineid Use this command to display the SNMP local engine ID. This is the SNMP v3 engine’s administratively unique identifier. Syntax show snmp engineid Parameters None. Defaults None. Mode Switch command, read-only. Example This example shows how to display SNMP engine properties: C3(su)->show snmp engineid EngineId: 80:00:15:f8:03:00:e0:63:9d:b5:87 Engine Boots...
Page 311: Clear Snmp Engineid
C3(su)->set snmp group public user public security-model usm C3(su)->clear snmp user public C3(su)->set snmp view viewname All subtree 1 clear snmp engineid Use this command to set the SNMP engine ID to the default value. Syntax clear snmp engineid Parameters None. Enterasys C3 Configuration Guide 12-41...
Page 312 clear snmp engineid Defaults None. Mode Switch command, read-write. Usage Changing the SNMP engine ID will cause all existing SNMP user configuration to be removed and the switch to reset. The default engine ID is defined per the standard as: •...
Page 313: Chapter 13: Spanning Tree Configuration
Spanning Trees and the configuration of the Spanning Tree Algorithm. Otherwise, the proper operation of the network could be at risk. Spanning Tree Configuration Summary Note: An Enterasys Networks Feature Guide document containing an in-depth discussion of Spanning Tree configuration is located on the Enterasys Networks web site: https://extranet.enterasys.com/downloads/ Overview: Single, Rapid, and Multiple Spanning Tree Protocols The IEEE 802.1D Spanning Tree Protocol (STP) resolves the problems of physical loops in a...
Page 314: Spanning Tree Features
Note: MSTP and RSTP are fully compatible and interoperable with each other and with legacy STP 802.1D. Spanning Tree Features The Enterasys C3 device meets the requirements of the Spanning Tree Protocols by performing the following functions: • Creating a single Spanning Tree from any arrangement of switching or bridging elements.
Page 315: Multisource Detection
BPDU. When a port is non-point-to-point, the received information reflects the best priority information out of all the received BPDUs. Typical scenarios for multisource detection are when a switch is connected to a device which Enterasys C3 Configuration Guide 13-3...
Page 316: Purpose
Configuring Spanning Tree Bridge Parameters • has been improperly configured to forward received BPDUs out other ports, or • has been configured to not run the Spanning Tree protocol and treats BPDUs as multicast packets by transmitting them out all other forwarding ports. In these situations, the connected port is effectively acting as a shared media device.
Page 317 13-29 show spantree spanguardtrapenable 13-30 set spanstree spanguardtrapenable 13-30 clear spanstree spanguardtrapenable 13-31 show spantree legacypathcost 13-31 set spantree legacypathcost 13-32 clear spantree legacypathcost 13-32 show spantree autoedge 13-33 set spantree autoedge 13-33 Enterasys C3 Configuration Guide 13-5...
Page 318: Show Spantree Stats
show spantree stats For information about... Refer to page... clear spantree autoedge 13-34 show spantree debug 13-34 clear spantree debug 13-35 show spantree stats Use this command to display Spanning Tree information for one or more ports. Syntax show spantree stats [port port-string] [sid sid] [active] Parameters port port-string (Optional) Displays information for the specified port(s).
Page 319: Show Spantree Output Details
Amount of time (in days, hours, minutes and seconds) since the last topology change. Max Hops Maximum number of hops information for a particular Spanning Tree instance may traverse (via relay of BPDUs within the applicable MST region) before being discarded. Enterasys C3 Configuration Guide 13-7...
Page 320: Set Spantree
set spantree set spantree Use this command to globally enable or disable the Spanning Tree protocol on the switch. Syntax set spantree {disable | enable} Parameters disable | enable Globally disables or enables Spanning Tree. Defaults None. Mode Switch command, read-write. Example This example shows how to disable Spanning Tree on the device: C3(su)->set spantree disable...
Page 321: Set Spantree Version
This example shows how to globally change the Spanning Tree version from the default of MSTP to RSTP: C3(su)->set spantree version rstp clear spantree version Use this command to reset the Spanning Tree version to MSTP mode. Syntax clear spantree version Parameters None. Defaults None. Mode Switch command, read-write. Enterasys C3 Configuration Guide 13-9...
Page 322: Show Spantree Bpdu-Forwarding
show spantree bpdu-forwarding Example This example shows how to reset the Spanning Tree version: C3(su)->clear spantree version show spantree bpdu-forwarding Use this command to display the Spanning Tree BPDU forwarding mode. Syntax show spantree bpdu-forwarding Parameters None. Defaults None. Mode Switch command, read-only.
Page 323: Show Spantree Bridgeprioritymode
Sets the bridge priority mode to use 802.1t values, which are 0 to 61440, in increments of 4096. Values will automatically be rounded up or down, depending on the 802.1t value to which the entered value is closest. This is the default bridge priority mode. Defaults None Enterasys C3 Configuration Guide 13-11...
Page 324: Clear Spantree Bridgeprioritymode
clear spantree bridgeprioritymode Mode Switch command, read-write. Usage The mode affects the range of priority values used to determine which device is selected as the Spanning Tree root as described in set spantree priority (“set spantree priority” on page 13-18). The default for the switch is to use 802.1t bridge priority mode.
Page 325: Set Spantree Msti
{create | delete} Parameters sid sid Sets the Multiple Spanning Tree ID. Valid values are 1 - 4094. Enterasys C3 devices will support up to 4 MST instances, in addition to SID0. create | delete Creates or deletes an MST instance.
Page 326: Show Spantree Mstmap
show spantree mstmap Mode Switch command, read-write. Example This example shows how to delete all MST instances: C3(su)->clear spantree msti show spantree mstmap Use this command to display the mapping of a filtering database ID (FID) to a Spanning Trees. Since VLANs are mapped to FIDs, this shows to which SID a VLAN is mapped.
Page 327: Clear Spantree Mstmap
This example shows how to map FID 2 back to SID 0: C3(su)->clear spantree mstmap 2 show spantree vlanlist Use this command to display the Spanning Tree ID(s) assigned to one or more VLANs. Syntax show spantree vlanlist [vlan-list] Enterasys C3 Configuration Guide 13-15...
Page 328: Show Spantree Mstcfgid
show spantree mstcfgid Parameters vlan-list (Optional) Displays SIDs assigned to specific VLAN(s). Defaults If not specified, SID assignment will be displayed for all VLANs. Mode Switch command, read-only. Example This example shows how to display the SIDs mapped to VLAN 1. In this case, SIDs 2, 16 and 42 are mapped to VLAN 1.
Page 329: Set Spantree Mstcfgid
MAC address. Syntax clear spantree mstcfgid Parameters None. Defaults None. Mode Switch command, read-write. Example This example shows how to reset the MST configuration identifier elements to default values: C3(su)->clear spantree mstcfgid Enterasys C3 Configuration Guide 13-17...
Page 330: Set Spantree Priority
set spantree priority set spantree priority Use this command to set the device’s Spanning Tree priority. Syntax set spantree priority priority [sid] Parameters priority Specifies the priority of the bridge. Valid values are from 0 to 61440 (in increments of 4096), with 0 indicating highest priority and 61440 lowest priority.
Page 331: Set Spantree Hello
C3(su)->set spantree hello 10 clear spantree hello Use this command to reset the Spanning Tree hello time to the default value of 2 seconds. Syntax clear spantree hello Parameters None. Defaults None. Mode Switch command, read-write. Enterasys C3 Configuration Guide 13-19...
Page 332: Set Spantree Maxage
set spantree maxage Example This example shows how to globally reset the Spanning Tree hello time: C3(su)->clear spantree hello set spantree maxage Use this command to set the bridge maximum aging time. Syntax set spantree maxage agingtime Parameters agingtime Specifies the maximum number of seconds that the system retains the information received from other bridges through STP.
Page 333: Set Spantree Fwddelay
This example shows how to globally set the bridge forward delay to 16 seconds: C3(su)->set spantree fwddelay 16 clear spantree fwddelay Use this command to reset the Spanning Tree forward delay to the default setting of 15 seconds. Syntax clear spantree fwddelay Enterasys C3 Configuration Guide 13-21...
Page 334: Show Spantree Backuproot
show spantree backuproot Parameters None. Defaults None. Mode Switch command, read-write. Example This example shows how to globally reset the bridge forward delay: C3(su)->clear spantree fwddelay show spantree backuproot Use this command to display the backup root status for an MST instance. Syntax show spantree backuproot [sid] Parameters...
Page 335: Clear Spantree Backuproot
Switch command, read-write. Usage The Spanning Tree backup root function is disabled by default on the Enterasys C3. When this feature is enabled and the switch is directly connected to the root bridge, stale Spanning Tree information is prevented from circulating if the root bridge is lost. If the root bridge is lost, the backup root will dynamically lower its bridge priority so that it will be selected as the new root over the lost root bridge.
Page 336: Show Spantree Tctrapsuppress
show spantree tctrapsuppress show spantree tctrapsuppress Use this command to display the status of topology change trap suppression on Rapid Spanning Tree edge ports. Syntax show spantree tctrapsuppress Parameters None. Defaults None. Mode Switch command, read-only. Example This example shows how to display the status of topology change trap suppression: C3(rw)->show spantree tctrapsuppress Topology change Trap Suppression is set to enabled set spantree tctrapsuppress...
Page 337: Clear Spantree Tctrapsuppress
Reset the protocol state migration machine for specific port(s). For a detailed description of possible port-string values, refer to “Port String Syntax Used in the CLI” on page 11-1. Defaults None. Mode Switch command, read-write. Enterasys C3 Configuration Guide 13-25...
Page 338: Show Spantree Spanguard
show spantree spanguard Example This example shows how to reset the protocol state migration machine on port 20: C3(su)->set spantree protomigration ge.1.20 show spantree spanguard Use this command to display the status of the Spanning Tree SpanGuard function. Syntax show spantree spanguard Parameters None.
Page 339: Clear Spantree Spanguard
This example shows how to reset the status of the SpanGuard function to disabled: C3(rw)->clear spantree spanguard show spantree spanguardtimeout Use this command to display the Spanning Tree SpanGuard timeout setting. Syntax show spantree spanguardtimeout Parameters None. Enterasys C3 Configuration Guide 13-27...
Page 340: Set Spantree Spanguardtimeout
set spantree spanguardtimeout Defaults None. Mode Switch command, read-only. Example This example shows how to display the SpanGuard timeout setting: C3(su)->show spantree spanguardtimeout Spanguard timeout: 300 set spantree spanguardtimeout Use this command to set the amount of time (in seconds) an edge port will remain locked by the SpanGuard function.
Page 341: Show Spantree Spanguardlock
SpanGuard function. When SpanGuard is enabled, it locks ports that receive BPDUs when those ports have been defined as edge (user) ports (as described in “set spantree adminedge” on page 13-43). Syntax clear spantree spanguardlock port-string set spantree spanguardlock port-string Enterasys C3 Configuration Guide 13-29...
Page 342: Show Spantree Spanguardtrapenable
show spantree spanguardtrapenable Parameters port-string Specifies port(s) to unlock. For a detailed description of possible port-string values, refer to “Port String Syntax Used in the CLI” on page 11-1. Defaults None. Mode Switch command, read-write. Example This example shows how to unlock port 1.16: C3(rw)->clear spantree spanguardlock ge.1.16 show spantree spanguardtrapenable...
Page 343: Clear Spantree Spanguardtrapenable
This example shows how to reset the SpanGuard trap function to enabled: C3(rw)->clear spantree spanguardtrapenable show spantree legacypathcost Use this command to display the default Spanning Tree path cost setting. Syntax show spantree legacypathcost Parameters None. Enterasys C3 Configuration Guide 13-31...
Page 344: Set Spantree Legacypathcost
set spantree legacypathcost Defaults None. Mode Switch command, read-only. Example This example shows how to display the default Spanning Tree path cost setting. C3(su)->show spantree legacypathcost Legacy Path Cost is disabled. set spantree legacypathcost Use this command to enable or disable legacy (802.1D) path cost values. Syntax set spantree legacypathcost {disable | enable} Parameters...
Page 345: Show Spantree Autoedge
Use this command to enable or disable the automatic edge port detection function. Syntax set spantree autoedge {disable | enable} Parameters disable | enable Disables or enables automatic edge port detection. Defaults None. Mode Switch command, read-write. Enterasys C3 Configuration Guide 13-33...
Page 346: Clear Spantree Autoedge
clear spantree autoedge Example This example shows how to disable automatic edge port detection: C3(rw)->set spantree autoedge disable clear spantree autoedge Use this command to reset automatic edge port detection to the default state of enabled. Syntax clear spantree autoedge Parameters None.
Page 347: Clear Spantree Debug
Usage This command displays diagnostic information from the Enterasys Spanning Tree Diagnostic MIB. Example This example displays counters for Link Aggregation port lag.0.1. C3(su)->show spantree debug port lag.0.1 STP Diagnostic Common Counters ---------------------------------- Topology Change Count Message Expiration Count...
Page 348 clear spantree debug Defaults None. Mode Switch command, read-write. Example This example clears the Spanning Tree debug counters. C3(su)->clear spantree debug 13-36 Spanning Tree Configuration...
Page 349: Configuring Spanning Tree Port Parameters
Specifies the port(s) for which to enable or disable Spanning Tree. For a detailed description of possible port-string values, refer to “Port String Syntax Used in the CLI” on page 11-1. disable | enable Disables or enables Spanning Tree. Defaults None. Mode Switch command, read-write. Enterasys C3 Configuration Guide 13-37...
Page 350: Clear Spantree Portadmin
clear spantree portadmin Example This example shows how to disable Spanning Tree on ge.1.5: C3(rw)->set spantree portadmin 1.5 disable clear spantree portadmin Use this command to reset the default Spanning Tree admin status to enable on one or more ports. Syntax clear spantree portadmin port-string Parameters...
Page 351: Show Spantree Portpri
C3(su)->show spantree portpri port Port 2.7 has a Port Priority of 128 on SID 0 set spantree portpri Use this command to set a port’s Spanning Tree priority. Syntax set spantree portpri port-string priority [sid sid] Enterasys C3 Configuration Guide 13-39...
Page 352: Clear Spantree Portpri
clear spantree portpri Parameters port-string Specifies the port(s) for which to set Spanning Tree port priority. For a detailed description of possible port-string values, refer to “Port String Syntax Used in the CLI” on page 11-1. priority Specifies a number that represents the priority of a link in a Spanning Tree bridge.
Page 353: Show Spantree Adminpathcost
(Optional) Sets the admin path cost for a specific Spanning Tree identifier. Valid values are 0 - 4094. If not specified, SID 0 will be assumed. Defaults If sid is not specified, admin path cost will be set for Spanning Tree 0. Mode Switch command, read-write. Enterasys C3 Configuration Guide 13-41...
Page 354: Clear Spantree Adminpathcost
clear spantree adminpathcost Example This example shows how to set the admin path cost to 200 for ge.3.2 on SID 1: C3(su)->set spantree adminpathcost 3.2 200 sid 1 clear spantree adminpathcost Use this command to reset the Spanning Tree default value for port admin path cost to 0. Syntax clear spantree adminpathcost port-string [sid sid] Parameters...
Page 355: Set Spantree Adminedge
This example shows how to set ge.1.11 as an edge port: C3(su)->set spantree adminedge 1.11 true clear spantree adminedge Use this command to reset a Spanning Tree port to non-edge status. Syntax clear spantree adminedge port-string Enterasys C3 Configuration Guide 13-43...
Page 356: Show Spantree Operedge
show spantree operedge Parameters port-string Specifies port(s) on which to reset edge port status. For a detailed description of possible port-string values, refer to “Port String Syntax Used in the CLI” on page 11-1. Defaults None. Mode Switch command, read-write. Example This example shows how to reset ge.1.11 as a non-edge port: C3(su)->clear spantree adminedge...
Page 357: Configuring Spanning Tree Loop Protect Parameters
13-52 clear spantree lpwindow 13-53 set spantree lptrapenable 13-53 show spantree lptrapenable 13-54 clear spantree lptrapenable 13-54 set spantree disputedbpduthreshold 13-55 show spantree disputedbpduthreshold 13-56 clear spantree disputedbpduthreshold 13-56 show spantree nonforwardingreason 13-57 Enterasys C3 Configuration Guide 13-45...
Page 358: Set Spantree Lp
set spantree lp set spantree lp Use this command to enable or disable the Loop Protect feature per port and optionally, per SID. The Loop Protect feature is disabled by default. See “Loop Protect” on page 2. for more information. Syntax set spantree lp port-string {enable | disable} [sid sid] Parameters...
Page 359: Clear Spantree Lp
Once a port is forced into blocking (locked), it remains locked until manually unlocked with the clear spantree lplock command. Syntax show spantree lplock [port port-string] [sid sid] Enterasys C3 Configuration Guide 13-47...
Page 360: Clear Spantree Lplock
clear spantree lplock Parameters port-string (Optional) Specifies port(s) for which to display the Loop Protect lock status. sid sid (Optional) Specifies the specific Spanning Tree(s) for which to display the Loop Protect lock status. Valid values are 0 - 4094. If not specified, SID 0 is assumed.
Page 361: Set Spantree Lpcapablepartner
Use this command to the Loop Protect capability of a link partner for one or more ports. Syntax show spantree lpcapablepartner [port port-string] Parameters port-string (Optional) Specifies port(s) for which to display Loop Protect capability for its link partner. Enterasys C3 Configuration Guide 13-49...
Page 362: Clear Spantree Lpcapablepartner
clear spantree lpcapablepartner Defaults If no port-string is specified, Loop Protect capability for link partners is displayed for all ports. Mode Switch command, read-only. Example This example shows how to display the Loop Protect partner capability for ge.1.1: C3(rw)->show spantree lpcapablepartner port Link partner of port 1.1 is not LoopProtect-capable clear spantree lpcapablepartner...
Page 363: Show Spantree Lpthreshold
C3(rw)->show spantree lpthreshold The Loop Protect event threshold value is 4 clear spantree lpthreshold Use this command to return the Loop Protect event threshold to its default value of 3. Syntax clear spantree lpthreshold Parameters None. Enterasys C3 Configuration Guide 13-51...
Page 364: Set Spantree Lpwindow
set spantree lpwindow Defaults None. Mode Switch command, read-write. Example This example shows how to reset the Loop Protect event threshold to the default of 3: C3(rw)->clear spantree lpthreshold set spantree lpwindow Use this command to set the Loop Protect event window value in seconds. Syntax set spantree lpwindow value Parameters...
Page 365: Clear Spantree Lpwindow
Use this command to enable or disable Loop Protect event notification. Syntax set spantree lptrapenable {enable | disable} Parameters enable | disable Enables or disables the sending of Loop Protect traps. Default is disabled. Enterasys C3 Configuration Guide 13-53...
Page 366: Show Spantree Lptrapenable
show spantree lptrapenable Defaults None. Mode Switch command, read-write. Usage Loop Protect traps are sent when a Loop Protect event occurs, that is, when a port goes to listening due to not receiving BPDUs. The trap indicates port, SID and loop protection status. Example This example shows how to enable sending of Loop Protect traps: C3(rw)->set spantree lptrapenable enable...
Page 367: Set Spantree Disputedbpduthreshold
For example, if the threshold is 10, then a trap is issued when 10, 20, 30, and so on, disputed BPDUs have been received. If the value is 0, traps are not sent. The trap indicates port, SID and total Disputed BPDU count. The default is 0. Enterasys C3 Configuration Guide 13-55...
Page 368: Show Spantree Disputedbpduthreshold
show spantree disputedbpduthreshold Example This example shows how to set the disputed BPDU threshold value to 5: C3(rw)->set spantree disputedbpduthreshold 5 show spantree disputedbpduthreshold Use this command to display the current value of the disputed BPDU threshold. Syntax show spantree disputedbpduthreshold Parameters None.
Page 369: Show Spantree Nonforwardingreason
Protect event, receipt of disputed BPDUs, and loopback detection. Example This example shows how to display the non-forwarding reason on ge.1.1: C3(rw)->show spantree nonforwardingreason port The non-forwarding reason for port on SID 0 is None Enterasys C3 Configuration Guide 13-57...
Page 370 show spantree nonforwardingreason 13-58 Spanning Tree Configuration...
Page 371: Vlan Configuration Summary
802.1Q VLAN Configuration This chapter describes the Enterasys C3 system’s capabilities to implement 802.1Q virtual LANs (VLANs). For information about... Refer to page... VLAN Configuration Summary 14-1 Viewing VLANs 14-3 Creating and Naming Static VLANs 14-5 Assigning Port VLAN IDs (PVIDs) and Ingress Filtering...
Page 372: Creating A Secure Management Vlan
VLAN Configuration Summary Creating a Secure Management VLAN By default at startup, there is one VLAN configured on the Enterasys C3 device. It is VLAN ID 1, the DEFAULT VLAN. The default community name, which determines remote access for SNMP management, is set to “public”...
Page 373: Viewing Vlans
When you use the show vlan vlan-list command, only ports that have link state (port’s link LED is lit) will be displayed. Use the static parameter to show all ports that are configured on a vlan, whether they have link or not. Enterasys C3 Configuration Guide 14-3...
Page 374: Show Vlan Output Details
show vlan Example This example shows how to display information for VLAN 1. In this case, VLAN 1 is named “DEFAULT VLAN”. Ports allowed to transmit frames belonging to VLAN 1 are listed as egress ports. Ports that won’t include a VLAN tag in their transmitted frames are listed as untagged ports.
Page 375: Creating And Naming Static Vlans
VLANs. VLAN 0 is the null VLAN ID, indicating that the tag header in the frame contains priority information rather than a VLAN ID. It cannot be configured as a port VLAN ID. Enterasys C3 Configuration Guide 14-5...
Page 376: Set Vlan Name
set vlan name Examples This example shows how to create VLAN 3: C3(su)->set vlan create 3 set vlan name Use this command to set or change the ASCII name for a new or existing VLAN. Syntax set vlan name vlan-list vlan-name Parameters vlan-list Specifies the VLAN ID of the VLAN(s) to be named.
Page 377: Clear Vlan Name
Specifies the VLAN ID of the VLAN(s) for which the name will be cleared. Defaults None. Mode Switch command, read-write. Example This example shows how to clear the name for VLAN 9: C3(su)->clear vlan name 9 Enterasys C3 Configuration Guide 14-7...
Page 378: Assigning Port Vlan Ids (Pvids) And Ingress Filtering
Assigning Port VLAN IDs (PVIDs) and Ingress Filtering Assigning Port VLAN IDs (PVIDs) and Ingress Filtering Purpose To assign default VLAN IDs to untagged frames on one or more ports, to configure VLAN ingress filtering and constraints, and to set the frame discard mode. Commands For information about...
Page 379: Set Port Vlan
Note: The following command will reset the specified port’s egress status to tagged. To set the specified ports back to the default egress status of untagged, you must issue the set port vlan command as described on page 14-9. Syntax clear port vlan port-string Enterasys C3 Configuration Guide 14-9...
Page 380: Show Port Ingress-Filter
show port ingress-filter Parameters port-string Specifies the port(s) to be reset to the host VLAN ID 1. For a detailed description of possible port-string values, refer to “Port String Syntax Used in the CLI” on page 11-1. Defaults None. Mode Switch command, read-write.
Page 381: Set Port Ingress-Filter
(Optional) Displays the frame discard mode for specific port(s). For a detailed description of possible port-string values, refer to “Port String Syntax Used in the CLI” on page 11-1. Defaults If port-string is not specified, frame discard mode will be displayed for all ports. Enterasys C3 Configuration Guide 14-11...
Page 382: Set Port Discard
set port discard Mode Switch command, read-only. Example This example shows how to display the frame discard mode for 2.7. In this case, the port has been set to discard all tagged frames: C3(su)->show port discard ge.2.7 Port Discard Mode ------------ ------------- ge.2.7...
Page 383: Configuring The Vlan Egress List
(Optional) Displays VLAN membership for specific port(s). For a detailed description of possible port-string values, refer to “Port String Syntax Used in the CLI” on page 11-1. Defaults If port-string is not specified, VLAN membership will be displayed for all ports. Enterasys C3 Configuration Guide 14-13...
Page 384: Set Vlan Forbidden
set vlan forbidden Mode Switch command, read-write. Example This example shows you how to show VLAN egress information for 1.1 through 3. In this case, all three ports are allowed to transmit VLAN 1 frames as tagged and VLAN 10 frames as untagged.
Page 385: Set Vlan Egress
Note: The following command will reset the specified port’s egress status to tagged. To set the specified ports back to the default egress status of untagged, you must issue the set vlan egress command as described on page 14-15. Enterasys C3 Configuration Guide 14-15...
Page 386: Show Vlan Dynamicegress
show vlan dynamicegress Syntax clear vlan egress vlan-list port-string [forbidden] Parameters vlan-list Specifies the number of the VLAN from which a port(s) will be removed from the egress list. port-string Specifies one or more ports to be removed from the VLAN egress list of the specified vlan-list.
Page 387: Set Vlan Dynamicegress
VLAN’s ID, the switch will add the receiving port to that VLAN’s egress list. Dynamic egress is disabled on the Enterasys C3 by default. For example, assume you have 20 AppleTalk users on your network who are mobile users (that is, use different ports every day), but you want to keep the AppleTalk traffic isolated in its own VLAN.
Page 388: Setting The Host Vlan
Setting the Host VLAN Setting the Host VLAN Purpose To configure a host VLAN that only select devices are allowed to access. This secures the host port for management-only tasks. Note: The host port is the management entity of the device. Refer to “Creating a Secure Management VLAN”...
Page 389: Clear Host Vlan
Use this command to reset the host VLAN to the default setting of 1. Syntax clear host vlan Parameters None. Defaults None. Mode Switch command, read-write. Example This example shows how to set the host VLAN to the default setting: C3(su)->clear host vlan Enterasys C3 Configuration Guide 14-19...
Page 390: Enabling/Disabling Gvrp (Garp Vlan Registration Protocol)
Enabling/Disabling GVRP (GARP VLAN Registration Protocol) Enabling/Disabling GVRP (GARP VLAN Registration Protocol) About GARP VLAN Registration Protocol (GVRP) The following sections describe the device operation when its ports are operating under the Generic Attribute Registration Protocol (GARP) application – GARP VLAN Registration Protocol (GVRP).
Page 391: Example Of Vlan Propagation Via Gvrp
(enable or disable) and timer settings. By default, GVRP is enabled globally on the device, but disabled on all ports. Commands For information about... Refer to page... show gvrp 14-22 show garp timer 14-22 set gvrp 14-23 clear gvrp 14-24 set garp timer 14-24 clear garp timer 14-25 Enterasys C3 Configuration Guide 14-21...
Page 392: Show Gvrp
show gvrp show gvrp Use this command to display GVRP configuration information. Syntax show gvrp [port-string] Parameters port-string (Optional) Displays GVRP configuration information for specific port(s). For a detailed description of possible port-string values, refer to “Port String Syntax Used in the CLI”...
Page 393: Set Gvrp
(Optional) Disables or enables GVRP on specific port(s). For a detailed description of possible port-string values, refer to “Port String Syntax Used in CLI” on page 11-1. Defaults If port-string is not specified, GVRP will be disabled or enabled for all ports. Enterasys C3 Configuration Guide 14-23...
Page 394: Clear Gvrp
clear gvrp Mode Switch command, read-write. Examples This example shows how to enable GVRP globally on the device: C3(su)->set gvrp enable This example shows how to disable GVRP globally on the device: C3(su)->set gvrp disable This example shows how to enable GVRP on 1.3: C3(su)->set gvrp enable ge.1.3 clear gvrp...
Page 395: Clear Garp Timer
(Optional) Resets the leave timer to 60 centiseconds. leaveall (Optional) Resets the leaveall time to 1000 centiseconds. port-string Specifies the port or ports on which to reset the GARP timer(s). Defaults At least one optional parameter must be entered. Enterasys C3 Configuration Guide 14-25...
Page 396: Configuring Vlan Associations
Configuring VLAN Associations Mode Switch command, read-write. Example The example shows how to reset the GARP leave timer to 60 centiseconds. C3(su)->clear garp timer leave ge.1.1 Configuring VLAN Associations A VLAN association is a classification rule based on either MAC address, IP subnet, or protocol. Packets matching the applied rule are assigned to the configured VLAN.
Page 397: Clear Vlan Association
(Optional) Specifies the MAC address for the VLAN association to clear. The MAC address can be formatted as xx:xx:xx:xx:xx:xx or xx-xx-xx-xx- xx-xx. If a specific MAC address is not entered, all MAC VLAN associations are cleared. Enterasys C3 Configuration Guide 14-27...
Page 398: Show Vlan Association
show vlan association subnet [ip-addr ip- (Optional) Specifies the IP address and subnet mask for the VLAN mask ] association to clear. If no subnet address and mask are specified, all subnet VLAN associations are cleared. protocol [protocol-list] (Optional) Specifies the protocol or list of protocols for the VLAN association to clear.
Page 399 Example This example displays all VLAN associations. C3(su)->show vlan association VLAN ID IP Mask IP Subnet ------- ---------------- ---------------- 192.168.10.0 255.255.255.0 MAC Address VLAN ID ----------------- ------- 00:00:0c:40:0f:bc Protocol(s) VLAN ID ------------ ----- Enterasys C3 Configuration Guide 14-29...
Page 400 show vlan association 14-30 802.1Q VLAN Configuration...
Page 401: Chapter 15: Policy Classification Configuration
Assign or unassign ports to policy profiles so that only ports activated for a profile will be allowed to transmit frames accordingly. Note: It is recommended that you use Enterasys Networks NetSight Policy Manager as an alternative to CLI for configuring policy classification on the Enterasys C3 devices.
Page 402: Configuring Policy Profiles
Configuring Policy Profiles Configuring Policy Profiles Purpose To review, create, change and remove user profiles that relate to business-driven policies for managing network resources. Note: This device supports profile-based CoS traffic rate limiting only. Policy rules specifying CoS will not support inbound rate limiting. Commands For information about...
Page 403: Set Policy Profile
Use this command to create a policy profile entry. Syntax set policy profile profile-index [name name] [pvid-status {enable | disable}] [pvid pvid] [cos-status {enable | disable}] [cos cos] [egress-vlans egress- vlans][forbidden-vlans forbidden-vlans] [untagged-vlans untagged-vlans] [precedence precedence-list] [append] [clear] Enterasys C3 Configuration Guide 15-3...
Page 404 set policy profile Parameters profile-index Specifies an index number for the policy profile. Valid values are 1 - 255. name name (Optional) Specifies a name for the policy profile. This is a string from 1 to 64 characters. pvid-status (Optional) Enables or disables PVID override for this profile. If all enable | disable classification rules associated with this profile are missed, then this parameter, if specified, determines default behavior.
Page 405: Clear Policy Profile
Specifies the index number of the profile entry to be deleted. Valid values are 1 to 255. Defaults None. Mode Switch command, read-write. Example This example shows how to delete policy profile 8: C3(su)->clear policy profile 8 Enterasys C3 Configuration Guide 15-5...
Page 406: Configuring Classification Rules
Configuring Classification Rules Configuring Classification Rules Purpose To review, create, assign, and unassign classification rules to policy profiles. This maps user profiles to protocol-based frame filtering policies. Note: A4, B3, B5, C3, C5, and G3 devices support profile-based CoS traffic rate limiting but do not support rule-based rate limiting.
Page 407 |33079 (0x8137) |16|All | A|NV|drop| This example shows how to display policy classification information for administrative rule 1 C3(su)->show policy rule admin-pid 1 |Admin|Rule Type |Rule Data |Mk|PortStr |RS|ST|dPID|aPID|U| |admin|Port |ge.1.1 |16|ge.1.1 | A|NV| 1|?| Enterasys C3 Configuration Guide 15-7...
Page 408: Show Policy Capability
Whether or not this is a dynamic profile ID. aPID Whether or not this is an administrative profile ID. show policy capability Use this command to display detailed policy classification capabilities supported by your Enterasys C3 device. Syntax show policy capability Parameters None.
Page 409 Use this command to display detailed policy classification capabilities supported by your Enterasys C3 device. The output of this command shows a table listing classifiable traffic attributes and the type of actions, by rule type, that can be executed relative to each attribute.
Page 410: Set Policy Rule
set policy rule |ICMP packet type |TTL |IP type of service | X | X | X | |IP proto | X | X | X | |Ether II packet type | X | X | X | X | |LLC DSAP/SSAP/CTRL |VLAN tag |Replace tci...
Page 411 0 - 4095. A value of -1 indicates that no CoS forwarding behavior modification is desired. drop | forward Specifies that packets within this classification will be dropped or forwarded. Defaults None. Mode Switch command, read-write. Enterasys C3 Configuration Guide 15-11...
Page 412: Valid Values For Policy Classification Rules
set policy rule Usage An admin rule can be used to map incoming tagged frames to a policy role (profile). There can be only one admin rule configured globally per system (stack), although other admin rules can be applied to specific ports. Typically, this rule is used to implement the “User + IP phone” legacy feature.
Page 413: Clear Policy Rule
Deletes associated TCP source port classification rule. udpdestport Deletes associated UDP destination port classification rule. udpsourceport Deletes associated UDP source port classification rule. Defaults When applicable, data and mask must be specified for individual rules to be cleared. Enterasys C3 Configuration Guide 15-13...
Page 414: Clear Policy All-Rules
clear policy all-rules Mode Switch command, read-write. Examples This example shows how to delete Ethernet II Type 1526 classification rule entries associated with policy profile 1 from all ports. C3(su)->clear policy rule 1 ether 1526 This example shows how to remove a rule from policy profile 5 that will forward UDP frames from source port 45.
Page 415: Assigning Ports To Policy Profiles
Defaults None. Mode Switch command, read-write. Example This example shows how to allow Ethernet ports 5 through 15 in unit 1 to transmit frames according to policy profile 1: C3(su)->set policy port ge.1.5-15 1 Enterasys C3 Configuration Guide 15-15...
Page 416: Clear Policy Port
clear policy port clear policy port Use this command to remove a policy profile from one or more ports. Syntax clear policy port port-string profile-index Parameters port-string Specifies the port(s) from which to remove the policy profile. For a detailed description of possible port-string values, refer to “Port String Syntax Used in the CLI”...
Page 417 A4 switch(su)->show policy port Port Admin Pid Oper Pid -------- --------- -------- ge.1.1 ge.1.2 ge.1.3 ge.1.4 ge.1.5 ge.1.6 ge.1.7 ge.1.8 ge.1.9 ge.1.10 ge.1.11 ge.1.12 ge.1.13 ge.1.14 ge.1.15 ge.1.16 ge.1.17 ge.1.18 ge.1.19 ge.1.20 Enterasys C3 Configuration Guide 15-17...
Page 418: Configuring Policy Class Of Service (Cos)
CLI for configuring policy-based CoS on the switches. The Enterasys C3 supports Class of Service (CoS), which allows you to assign mission-critical data to a higher priority through the device by delaying less critical traffic during periods of congestion.
Page 419 C3(su)->show cos reference irl 1.0 Group Index Reference Type Rate Limiter ----------- --------- ---- ------------ none none none none none none C3(su)->show cos reference irl 2.0 Group Index Reference Type Rate Limiter ----------- --------- ---- ------------ none none none Enterasys C3 Configuration Guide 15-19...
Page 420: About Cos-Based Flood Control
Configuring Policy Class of Service (CoS) none none none In the CoS settings table, configure a CoS setting for CoS index 1, which has a priority of 0. We enter the IRL reference, created in the previous step. C3(su)->set cos settings 0 irl-reference 1 C3(su)->show cos settings CoS Index Priority --------- ---------- ------- -----...
Page 421: Set Cos State
Use this command to enable or disable Class of Service. Syntax set cos state {enable | disable} Parameters enable | disable Enables or disables Class of Service on the switch. Default state is disabled. Defaults None. Mode Switch command, read-write. Enterasys C3 Configuration Guide 15-21...
Page 422: Show Cos State
show cos state Example This example shows how to enable Class of Service: C3(rw)->set cos state enable show cos state Use this command to display the Class of Service enable state. Syntax show cos state Parameters None. Defaults None. Mode Switch command, read-only.
Page 423: Set Cos Settings
CoS IRL Reference Mapping Table. This reference may be thought of as the virtual rate limiter that will assign the physical rate limiter defined by the IRL Reference Mapping Table. Enterasys C3 Configuration Guide 15-23...
Page 424: Clear Cos Settings
clear cos settings Example This example shows how to create CoS entry 8 with a priority value of 3: C3(rw)->set cos settings 8 priority 3 clear cos settings Use this command to clear Class of Service entry settings. Syntax clear cos settings cos-list {[all] | [priority] [tos-value] [irl-reference]} Parameters cos-list Specifies a Class of Service entry to clear.
Page 425: Set Cos Port-Config
CoS port groups are identified by group number and the type of ports in the group, in the form of group#.port-type. The port group 0.0 exists by default. This default port group cannot be removed and all physical ports in the system are assigned to it. Up to seven additional port groups (1 Enterasys C3 Configuration Guide 15-25...
Page 426: Show Cos Port-Config
show cos port-config through 7) can be configured. Currently, only one port type (type 0) is supported. This port type supports 100 limiters. Additional port groups may be created for flexibility. Ports assigned to a new port group must be mutually exclusive from the other port group entries—ports are automatically removed from the default port group—and must be comprised of the same port type as defined by the port group.
Page 427: Clear Cos Port-Config
Delete this non-default inbound rate limiter entry. name Clear the administratively assigned textual description of this port group entry to its default. ports Clear the ports assigned to this group to its default. Defaults None. Enterasys C3 Configuration Guide 15-27...
Page 428: Set Cos Port-Resource Irl
set cos port-resource irl Mode Switch command, read-write. Usage The default port group 0.0 cannot be deleted. Example This example deletes all IRL Port Groups except for the Default group 0.0: C3(su)->clear cos port-config irl all set cos port-resource irl Use this command to set the inbound rate limit parameters for a specific IRL resource for a specific port group.
Page 429: Set Cos Port-Resource Flood-Ctrl
Specifies rate limiting will be applied to broadcast traffic. Specifies rate limiting will be applied to unknown unicast, multicast, and broadcast traffic. rate rate Specifies a rate limit in packets per second. Defaults None. Mode Switch command, read-write. Enterasys C3 Configuration Guide 15-29...
Page 430: Show Cos Port-Resource
show cos port-resource Usage CoS port resources are where actual physical rate limiters are configured. This command can be used to create up to three different flood control limit resources for the port-type index of 0. The resources are assigned to specific ports with the set cos port-config command. Example This example creates a port resource broadcast rate limiter of 5 packets per second for the port group type index of 1.0 (group # 1 of port-type index 0).
Page 431: Clear Cos Port-Resource Irl
Clear the action for the rate limiter. Defaults None. Mode Switch command, read-write. Example This example clears the data rate to 0 for IRL resource index 1 for group 2.0. C3(su)->clear cos port-resource irl 2.0 1 rate Enterasys C3 Configuration Guide 15-31...
Page 432: Clear Cos Port-Resource Flood-Ctrl
clear cos port-resource flood-ctrl clear cos port-resource flood-ctrl Use this command to clear flood control port resources to default values. Syntax clear cos port-resource flood-ctrl {all | group-type-index {unicast | multicast | broadcast | all [rate]}} Parameters Clear all flood control resources for all port groups. group-type-index Specifies a port group/type index.
Page 433: Show Cos Reference
C3(su)->set cos reference irl 1.0 1 rate-limit 1 C3(su)->set cos reference irl 2.0 1 rate-limit 1 show cos reference Use this command to show the Class of Service inbound rate limiting reference configuration. Syntax show cos reference [irl [group-type-index]] Enterasys C3 Configuration Guide 15-33...
Page 434: Clear Cos Reference
clear cos reference Parameters (Optional) Specifies that inbound rate limiting reference information should be displayed. group-type-index (Optional) Specifies an inbound rate limiting port group/type index. Valid entries are in the form of group#.port-type. Valid values for group# can range from 0 to 7. Valid values for port-type can range from 0 to 1, although only port type 0 is currently supported.
Page 435: Show Cos Unit
If no parameters are entered, all Cos unit information is displayed. Mode Switch command, read-only. Examples This example shows possible unit entries for inbound rate limiting C3(su)->show cos unit irl Type: Unit: irl = inbound rate limiting Kbps = Kilobits per second Enterasys C3 Configuration Guide 15-35...
Page 436: Clear Cos All-Entries
clear cos all-entries Port Type Type Unit Maximum Rate Minimum Rate Granularity --------- ---- ---- ------------ ------------ ----------- Kbps 1000000 This examples shows flood control unit information. C3(su)->show cos unit flood-ctrl Type: Unit: flood-ctrl = flood control type = packets per second Port Type Type Unit...
Page 437 Supported rate types: flood-ctrl = flood control type = Packets per second Port type Number of Supported Eligible Unselected Index description limiters rate type ports ports ----- ------------ --------- --------- ---------------- ------------ C3 3 flood-ctrl ge.1.1-24 ge.1.1-24 Enterasys C3 Configuration Guide 15-37...
Page 438 show cos port-type 15-38 Policy Classification Configuration...
Page 439: Chapter 16: Port Priority Configuration
16-7 Port Priority Configuration Summary The Enterasys C3 device supports Class of Service (CoS), which allows you to assign mission- critical data to higher priority through the device by delaying less critical traffic during periods of congestion. The higher priority traffic through the device is serviced first before lower priority traffic.
Page 440: Configuring Port Priority
Configuring Port Priority Configuring Port Priority Purpose To view or configure port priority characteristics as follows: • Display or change the port default Class-of Service (CoS) transmit priority (0 through 7) of each port for frames that are received (ingress) without priority information in their tag header.
Page 441: Set Port Priority
Syntax clear port priority port-string Parameters port-string Specifies the port for which to clear priority. For a detailed description of possible port-string values, refer to “Port String Syntax Used in the CLI” on page 11-1. Enterasys C3 Configuration Guide 16-3...
Page 442: Configuring Priority To Transmit Queue Mapping
Configuring Priority to Transmit Queue Mapping Defaults None. Mode Switch command, read-write. Example This example shows how to reset ge.1.11 to the default priority: C3(rw)->clear port priority ge 1.11 Configuring Priority to Transmit Queue Mapping Purpose To perform the following: •...
Page 443: Set Port Priority-Queue
This command enables you to change the transmit queue (0 to 5, with 0 being the lowest priority queue) for each port priority of the selected port. You can apply the new settings to one or more ports. Enterasys C3 Configuration Guide 16-5...
Page 444: Clear Port Priority-Queue
clear port priority-queue Example This example shows how to set priority 5 frames received on .2.12 to transmit on queue 0. C3(su)->set port priority-queue ge.2.12 5 0 clear port priority-queue Use this command to reset port priority queue settings back to defaults for one or more ports. Syntax clear port priority-queue port-string Parameters...
Page 445: Configuring Quality Of Service (Qos)
Configuring Quality of Service (QoS) Configuring Quality of Service (QoS) Refer to the “Configuring QoS” Feature Guide for detailed information about configuring quality of service on the Enterasys C3. The Enterasys Networks firmware Feature Guides are available at: https://extranet.enterasys.com/downloads/ Purpose Eight transmit queues are implemented in the switch hardware for each port.
Page 446: Set Port Txq
set port txq Example This example shows how to display the current algorithm and transmit queue weights configured on port ge.1.1: C3(su)->show port txq Port Alg Q0 ----- --- --- --- --- --- --- --- --- --- ge.1.1 WRR 2 set port txq Use this command to set QoS transmit queue arbitration values for queues 0 through 5 on physical ports.
Page 447: Clear Port Txq
Defaults Queues 6 and 7 are reserved strict priority queues unaffected by this command. By default transmit queues 0 through 5 are WRR and defined as follows: --- --- --- --- --- --- Enterasys C3 Configuration Guide 16-9...
Page 448 clear port txq Mode Switch command, read-write. Example This example shows how to clear transmit queue values on ge.1.1: C3(su)->clear port txq ge.1.1 C3(su)(su)->show port txq ge.1.1 Port Alg Q0 ----- --- --- --- --- --- --- --- --- --- ge.1.1 WRR 2 16-10 Port Priority Configuration...
Page 449: Chapter 17: Igmp Configuration
17-2 Configuring IGMP on Routing Interfaces 17-10 IGMP Overview Note: An Enterasys Networks Feature Guide document containing an in-depth discussion of multicast configuration is located on the Enterasys Networks web site: https://extranet.enterasys.com/downloads/ About IP Multicast Group Management The Internet Group Management Protocol (IGMP) runs between hosts and their immediately neighboring multicast device.
Page 450: About Multicasting
Configuring IGMP at Layer 2 In addition to passively monitoring IGMP query and report messages, the Enterasys C3 can also actively send L3 IGMP query messages to learn locations of multicast devices and member hosts in multicast groups within each VLAN.
Page 451: Set Igmpsnooping Adminmode
In order for IGMP snooping to be enabled on one or all ports, it must be globally enabled on the device with this command, and then enabled on a port(s) using the set igmpsnooping interface mode command as described in “set igmpsnooping interfacemode” on page 17-4. Enterasys C3 Configuration Guide 17-3...
Page 452: Set Igmpsnooping Interfacemode
set igmpsnooping interfacemode Note: IGMP snooping cannot be controlled via WebView. Example This example shows how to enable IGMP on the system: C3(su)->set igmpsnooping adminmode enable set igmpsnooping interfacemode Use this command to enable or disable IGMP on one or all ports. Syntax set igmpsnooping interfacemode port-string {enable | disable} Parameters...
Page 453: Set Igmpsnooping Maxresponse
Defaults None. Mode Switch command, read-write. Usage This value must be less than the IGMP maximum response time described in “set igmpsnooping groupmembershipinterval” on page 17-4. Enterasys C3 Configuration Guide 17-5...
Page 454: Set Igmpsnooping Mcrtrexpiretime
set igmpsnooping mcrtrexpiretime Example This example shows how to set the IGMP maximum response time to 100 seconds: C3(su)->set igmpsnooping maxresponse 100 set igmpsnooping mcrtrexpiretime Use this command to configure the IGMP multicast router expiration time for the system. Syntax set igmpsnooping mcrtrexpire time Parameters time...
Page 455: Set Igmpsnooping Remove-Static
233.11.22.33 configured on VLAN 20. C3(su)->set igmpsnooping remove-static 233.11.22.33 20 ge.1.1 show igmpsnooping static This command displays static IGMP ports for one or more VLANs or IGMP groups. Syntax show igmpsnooping static vlan-list [group group] Enterasys C3 Configuration Guide 17-7...
Page 456: Show Igmpsnooping Mfdb
show igmpsnooping mfdb Parameters vlan-list Specifies the VLAN for which to display static IGMP ports. group group (Optional) Specifies the IGMP group for which to display static IGMP ports. Defaults If no group is specified, information for all groups is displayed. Mode Switch command, read-only.
Page 457: Clear Igmpsnooping
None. Mode Switch command, read-write. Example This example shows how to clear all IGMP snooping entries: C3(su)->clear igmpsnooping Are you sure you want to clear all IGMP snooping entries? (y/n) y IGMP Snooping Entries Cleared. Enterasys C3 Configuration Guide 17-9...
Page 458: Configuring Igmp On Routing Interfaces
Configuring IGMP on Routing Interfaces Configuring IGMP on Routing Interfaces The Enterasys C3 switch device uses IGMP (Internet Group Management Protocol) to query for any attached hosts who want to receive a specific multicast service. The device looks up the IP Multicast Group used for this service and adds it to the egress list of the Level 3 interface.
Page 459: Ip Igmp Enable
IGMP is disabled by default, both globally and on a per interface basis. Mode Interface configuration: C3(su)->router(Config-if(Vlan 1))# Example This example shows how to enable IGMP on the VLAN 1 interface: C3(su)->router(Config)#interface vlan 1 C3(su)->router(Config-if(Vlan 1))#ip igmp enable Enterasys C3 Configuration Guide 17-11...
Page 460: Ip Igmp Version
ip igmp version ip igmp version Use this command to set the version of IGMP running on the router. The no form of this command resets IGMP to the default version of 2 (IGMPv2). Syntax ip igmp version version no ip igmp Parameters version Specifies the IGMP version number to run on the router.
Page 461: Show Ip Igmp Groups
IGMP query interval to the default value of 125 seconds. Syntax ip igmp query-interval time no ip igmp query-interval Parameters time Specifies the IGMP query interval. Valid values are from 1 to 3600 seconds. Default is 125 seconds. Enterasys C3 Configuration Guide 17-13...
Page 462: Ip Igmp Query-Max-Response-Time
ip igmp query-max-response-time Defaults None. Mode Interface configuration: C3(su)->router(Config-if(Vlan 1))# Example This example shows how to set the IGMP query interval to 1800 seconds on VLAN 1: C3(su)->router(Config)#interface vlan 1 C3(su)->router(Config-if(Vlan 1))#ip igmp query-interval 1800 ip igmp query-max-response-time Use this command to set the maximum response time interval advertised in IGMPv2 queries. no form of this command resets the IGMP maximum response time to the default value of 100 deciseconds, or 10 seconds.
Page 463: Ip Igmp Startup-Query-Count
20. The default value is 2. Defaults None. Mode Interface configuration: C3 (su)->router(Config-if(Vlan 1))# Example This example shows how to set the IGMP startup query count to 10 onVLAN 1: C3(su)->router(Config)#interface vlan 1 C3(su)->router(Config-if(Vlan 1))#ip igmp startup-query-count 10 Enterasys C3 Configuration Guide 17-15...
Page 464: Ip Igmp Last-Member-Query-Interval
ip igmp last-member-query-interval ip igmp last-member-query-interval Use this command to set the maximum response time being inserted into group-specific queries sent in response to leave group messages. The no form of this command resets the IGMP last member query interval to the default value of 1 second (10 deciseconds). Syntax ip igmp last-member-query-interval time no ip igmp last-member-query-interval...
Page 465: Ip Igmp Robustness
After the robustness value is reached, IGMP will assume there is no response to queries. Example This example shows how to set the IGMP robustness value to 5 on VLAN 1: C3(su)->router(Config)#interface vlan 1 C3(su)->router(Config-if(Vlan 1))#ip igmp robustness 5 Enterasys C3 Configuration Guide 17-17...
Page 466 ip igmp robustness 17-18 IGMP Configuration...
Page 467: Chapter 18: Network Management
This chapter describes switch-related network management commands and how to use them. Note: The commands in this chapter pertain to network management of the Enterasys C3 device from the switch CLI only. For information on router-related network management tasks, including...
Page 468: History
history history Use this command to display the contents of the command history buffer. The command history buffer includes all the switch commands entered up to a maximum of 100, as specified in the set history command (“set history” on page 18-3). Syntax history Parameters...
Page 469: Set History
This example shows how to ping IP address 134.141.89.29. In this case, this host is alive: C3(su)->ping 134.141.89.29 134.141.89.29 is alive In this example, the host at IP address is not responding: C3(su)->ping 134.141.89.255 no answer from 134.141.89.255 Enterasys C3 Configuration Guide 18-3...
Page 470: Show Users
show users show users Use this command to display information about the active console port or Telnet session(s) logged in to the switch. Syntax show users Parameters None. Defaults None. Mode Switch command, read-only. Example This example shows how to use the show users command. In this output, there are two Telnet users logged in with Read-Write access privileges from IP addresses 134.141.192.119 and 134.141.192.18: C3(su)->show users...
Page 471: Show Netstat
---- ----------------------------- ----------------------------- ----------- 127.0.0.1.2222 0.0.0.0.* LISTEN 0.0.0.0.80 0.0.0.0.* LISTEN 0.0.0.0.23 0.0.0.0.* LISTEN 10.1.56.17.23 134.141.99.104.47718 ESTABLISHED 0.0.0.0.17185 0.0.0.0.* 127.0.0.1.49152 127.0.0.1.17185 0.0.0.0.161 0.0.0.0.* 0.0.0.0.* 0.0.0.0.* 0.0.0.0.514 0.0.0.0.* The following table describes the output of this command. Enterasys C3 Configuration Guide 18-5...
Page 472: Show Netstat Output Details
show netstat Table 18-1 show netstat Output Details Output Field What it displays... Prot Type of protocol running on the connection. Local Address IP address of the connection’s local host. Foreign Address IP address of the connection’s foreign host. State Communications mode of the connection.
Page 473: Purpose
18-14 clear mac address 18-15 show mac unreserved-flood 18-16 set mac unreserved-flood 18-16 show arp Use this command to display the switch’s ARP table. Syntax show arp Parameters None. Defaults None. Mode Switch command, read-only. Enterasys C3 Configuration Guide 18-7...
Page 474: Set Arp
set arp Example This example shows how to display the ARP table: C3(su)->show arp LINK LEVEL ARP TABLE IP Address Phys Address Flags Interface ----------------------------------------------------- 10.20.1.1 00-00-5e-00-01-1 host 134.142.21.194 00-00-5e-00-01-1 host 134.142.191.192 00-00-5e-00-01-1 host 134.142.192.18 00-00-5e-00-01-1 host 134.142.192.119 00-00-5e-00-01-1 host ----------------------------------------------------- Table 18-2 provides an explanation of the command output.
Page 475: Clear Arp
(Optional) Specifies the base UDP port number used in probes. -q nqueries (Optional) Specifies the number of probe inquiries. (Optional) Bypasses the normal host routing tables. (Optional) Sets the debug socket option. (Optional) Displays hop addresses numerically. (Supported in a future release.) Enterasys C3 Configuration Guide 18-9...
Page 476: Show Mac
This example shows how to use traceroute to display a round trip path to host 192.167.252.17. In this case, hop 1 is the Enterasys C3 switch, hop 2 is 14.1.0.45, and hop 3 is back to the host IP address. Round trip times for each of the three UDP probes are displayed next to each hop: C3(su)->traceroute 192.167.252.17...
Page 477: Show Mac Agetime
Egress Ports The ports which have been added to the egress ports list. show mac agetime Use this command to display the timeout period for aging learned MAC entries. Syntax show mac agetime Parameters None. Enterasys C3 Configuration Guide 18-11...
Page 478: Set Mac Agetime
set mac agetime Defaults None. Mode Switch command, read-only. Example This example shows how to display the MAC timeout period: C3(su)->show mac agetime Aging time: 300 seconds set mac agetime Use this command to set the timeout period for aging learned MAC entries. Syntax set mac agetime time Parameters...
Page 479: Set Mac Algorithm
The default MAC algorithm is mac-crc16-upperbits. Example This example sets the hashing algorithm to mac-crc32-upperbits. C3(rw)->set mac algorithm mac-crc32-upperbits show mac algorithm This command displays the currently selected MAC algorithm mode. Syntax show mac algorithm Enterasys C3 Configuration Guide 18-13...
Page 480: Clear Mac Algorithm
clear mac algorithm Parameters None. Defaults None. Mode Switch command, read-only. Example This example shows the output of this command. C3(su)->show mac algorithm Mac hashing algorithm is mac-crc16-upperbits. clear mac algorithm Use this command to return the MAC hashing algorithm to the default value of mac-crc16- upperbits.
Page 481: Clear Mac Address
Defaults If no vlan-id is specified, the multicast MAC address is cleared from all VLANs. Mode Switch command, read-write. Example This example clears multicast MAC address 01-01-22-33-44-55 from VLAN 24. C3(su)->clear mac address 01-01-22-33-44-55 24 Enterasys C3 Configuration Guide 18-15...
Page 482: Show Mac Unreserved-Flood
show mac unreserved-flood show mac unreserved-flood Use this command to display the state of forwarding of several standard group multicast MAC addresses. Syntax show mac unreserved-flood Parameters None. Defaults None. Mode Switch command, read-write. Example This example displays the state of forwarding of the group multicast MAC addresses. C3(su)->show mac unreserved-flood mac unreserved flood is disabled.
Page 483: Configuring Node Aliases
Syntax show nodealias config [port-string] Parameters port-string (Optional) Displays node alias configuration settings for specific port(s). Defaults If port-string is not specified, node alias configurations will be displayed for all ports. Mode Switch command, read-only. Enterasys C3 Configuration Guide 18-17...
Page 484: Set Nodealias
set nodealias Example This example shows how to display node alias configuration settings for ports ge.2.1 through 9: C3(rw)->show nodealias config ge.2.1-9 Port Number Max Entries Used Entries Status ----------- ----------- ------------ ------ ge.2.1 Enable ge.2.2 Enable ge.2.3 Enable ge.2.4 Enable ge.2.5 Enable...
Page 485: Clear Nodealias Config
Usage Upon packet reception, node aliases are dynamically assigned to ports enabled with an alias agent, which is the default setting on Enterasys C3 devices. Node aliases cannot be statically created, but can be deleted using the command “clear nodealias config”...
Page 486 clear nodealias config 18-20 Network Management...
Page 487: Chapter 19: Configuring System Logging
This chapter describes how to display and configure system logging, including Syslog server settings, Syslog default settings, and the logging buffer. This chapter also includes information about security audit logging. Note: An Enterasys Feature Guide document containing an in-depth discussion of Syslog configuration is located on the Enterasys web site: https://extranet.enterasys.com/downloads/ For information about...
Page 488: Trap Generation
All successive occurrences of reaching 80% of the log file will generate an additional trap. The trap generation is done using the Enterasys Syslog Client MIB notification etsysSyslogSecureLogArchiveNotification. If, for any reason, an event that is to be sent to the secure log gets dropped, resulting in the failure to record the event, an SNMP trap will be generated.
Page 489: Show Logging Server
Valid values are 1-8. Defaults If index is not specified, all Syslog server information will be displayed. Mode Switch command, read-only. Example This example shows how to display Syslog server configuration information: C3(ro)->show logging server Enterasys C3 Configuration Guide 19-3...
Page 490: Set Logging Server
Configuring System Logging set logging server IP Address Facility Severity Description Port Status ------------------------------------------------------------------------- 1 132.140.82.111 local4 warning(5) default 514 enabled 2 132.140.90.84 local4 warning(5) default 514 enabled Table 19-1 provides an explanation of the command output. Table 19-1 show logging server Output Details Output Field What It Displays...
Page 491: Clear Logging Server
Switch command, read-write, if security profile = normal. Switch command, super-user, if security profile = c2 Example This command shows how to remove the Syslog server with index 1 from the server table: C3(su)->clear logging server 1 Enterasys C3 Configuration Guide 19-5...
Page 492: Show Logging Default
Configuring System Logging show logging default show logging default Use this command to display the Syslog server default values. Syntax show logging default Parameters None. Defaults None. Mode Switch command, read-only. Example This command shows how to display the currently configured Syslog server default values. For an explanation of the command output, refer back to Table 19-1 on page 19-4.
Page 493: Clear Logging Default
C3(su)->clear logging default severity show logging application Use this command to display the severity level of Syslog messages for one or all applications configured for logging on your system. Syntax show logging application [mnemonic | all] Enterasys C3 Configuration Guide 19-7...
Page 494: Show Logging Application Output Details
Configuring System Logging show logging application Parameters mnemonic (Optional) Displays severity level for one application configured for logging. Mnemonics will vary depending on the number and types of applications running on your system. Sample mnemonics and their corresponding applications are listed in Table 19-3 on page 19-9.
Page 495: Set Logging Application
Command Line Interface and Webview management SNMP Simple Network Management Protocol Spanning Tree Protocol Driver Hardware drivers System Non-application items such as general chassis management Stacking Stacking management (if applicable) User Personalized Networking Router Router Enterasys C3 Configuration Guide 19-9...
Page 496: Clear Logging Application
Configuring System Logging clear logging application Table 19-3 Mnemonic Values for Logging Applications (Continued) Mnemonic Application Security Security audit logging RtrOspf OSPF RtrMcast Multicast RtrVrrp VRRP Defaults If level is not specified, none will be applied. If no servers are specified, messages will be sent to all configured Syslog servers. Mode Switch command, read-write, if security profile = normal.
Page 497: Show Logging Local
Enables or disables logging to a Syslog persistent file. Disabled is the default condition. sfile enable | disable (Optional) Enables or disables logging to the security audit log file. Disabled is the default condition. This parameter is available only if you have super-user access. Enterasys C3 Configuration Guide 19-11...
Page 498: Clear Logging Local
Configuring System Logging clear logging local Defaults You must enter both the console and file parameters with this command. If you do not enter the sfile parameter, the security audit log status remains unchanged. Mode Switch command, read-write, if security profile = normal. Switch command, super-user, if security profile = c2 Switch command, super-user for security audit log.
Page 499: Show Logging Buffer
This example displays the output of this command. In this case, the IP address assigned to loopback interface 1 will be used as the source IP address of the system logging. C3(rw)->show logging interface loopback 1 192.168.10.1 Enterasys C3 Configuration Guide 19-13...
Page 500: Set Logging Interface
Configuring System Logging set logging interface set logging interface Use this command to specify the interface used for the source IP address of the system logging. Syntax set logging interface {loopback loop-ID | vlan vlan-ID} Parameters loopback loop-ID Specifies the loopback interface to be used. The value of loop-ID can range from 0 to 7.
Page 501: Clear Logging Interface
Switch command, read-write. Example This command returns the interface used for the source IP address of the system logging back to the default of the Host interface. C3(rw)->show logging interface vlan 100 192.168.10.1 C3(rw)->clear logging interface C3(rw)-> Enterasys C3 Configuration Guide 19-15...
Page 502 Configuring System Logging clear logging interface 19-16...
Page 503: Chapter 20: Configuring Sntp
MD5 verifies the integrity of the communication and authenticates the origin of the communication. The process to configure the switch SNTP client for authentication includes these steps: Configure up to five authentication keys with the “set sntp authentication-key” command (page 20-13). Enterasys C3 Configuration Guide 20-1...
Page 504: Show Sntp
Configuring SNTP General SNTP Commands Add the configured authentication keys to the trusted key list with the “set sntp trusted-key” command (page 20-14). Enable authentication on the switch with the “set sntp authenticate” command (page 20-12). Add the keys to the switch’s NTP/SNTP server configurations with the “set sntp server” command (page 20-5).
Page 505: Show Sntp Output Details
(page 20-13). Authentication keys are added to the trusted key list with the set sntp trusted-key command (page 20-14). Broadcast Count Number of SNTP broadcast frames received. Poll Interval Interval between SNTP unicast requests. Default of 512 seconds can be reset using the set sntp poll-interval command (page 20-6). Enterasys C3 Configuration Guide 20-3...
Page 506: Set Sntp Client
Configuring SNTP set sntp client Table 20-1 show sntp Output Details (Continued) Output Field What It Displays... Poll Retry Number of poll retries to a unicast SNTP server. Default of 1 can be reset using the set sntp poll-retry command (“set sntp poll-retry”...
Page 507: Clear Sntp Client
This example shows how to set the server at IP address 10.21.1.100 as an SNTP server, with a precedence of 1 and an authentication key of 1. C3(su)->set sntp server 10.21.1.100 precedence 1 key 1 Enterasys C3 Configuration Guide 20-5...
Page 508: Clear Sntp Server
Configuring SNTP clear sntp server clear sntp server Use this command to remove one or all servers from the SNTP server list. Syntax clear sntp server {ip-address | all} Parameters ip-address Specifies the IP address of a server to remove from the SNTP server list. Removes all servers from the SNTP server list.
Page 509: Clear Sntp Poll-Interval
Specifies the number of retries. Valid values are 0 to 10. Defaults None. Mode Switch command, read-write. Example This example shows how to set the number of SNTP poll retries to 5: C3(su)->set sntp poll-retry 5 Enterasys C3 Configuration Guide 20-7...
Page 510: Clear Sntp Poll-Retry
Configuring SNTP clear sntp poll-retry clear sntp poll-retry Use this command to clear the number of poll retries to a unicast SNTP server. Syntax clear sntp poll-retry Parameters None. Defaults None. Mode Switch command, read-write. Example This example shows how to clear the number of SNTP poll retries: C3(su)->clear sntp poll-retry set sntp poll-timeout Use this command to set the poll timeout (in seconds) for a response to a unicast SNTP request.
Page 511: Set Timezone
To display the current timezone setting used by SNTP, use the show sntp command. To clear an existing offset to zero, enter the command without specifying any hours or minutes. Standard timezone names and offsets can be found at the following URL, among others: http://www.timeanddate.com/library/abbreviations/timezones/ Enterasys C3 Configuration Guide 20-9...
Page 512: Show Sntp Interface
Configuring SNTP show sntp interface Example The following example sets the timezone name to EST and the offset to North American Eastern Standard Time offset of -5 hours from UTC, then displays the timezone used with SNTP. C3(su)->set timezone EST -5 C3(su)->show sntp SNTP Version: 3 Current Time: FRI MAY 13 06:11:19 2011...
Page 513: Set Sntp Interface
This example configures an IP address on VLAN interface 100 and then sets that interface as the SNTP client source IP address. C3(rw)->router(Config-if(Vlan 100))#ip address 192.168.10.1 255.255.255.0 C3(rw)->router(Config-if(Vlan 100))#exit C3(rw)->router(Config)#exit C3(rw)->router#exit C3(rw)->router>exit C3(rw)->set sntp interface vlan 100 C3(rw)->show sntp interface Enterasys C3 Configuration Guide 20-11...
Page 514: Clear Sntp Interface
Configuring SNTP clear sntp interface vlan 100 192.168.10.1 clear sntp interface Use this command to clear the interface used for the source IP address of the SNTP client back to the default of the Host interface. Syntax clear sntp interface Parameters None.
Page 515: Set Sntp Authentication-Key
Specifies MD5 as the encryption algorithm to be used for SNTP authentication. key-value Specifies the value of the key, which is the authentication password. Password string can be from 1 to 32 characters in length. Defaults None. Enterasys C3 Configuration Guide 20-13...
Page 516: Clear Sntp Authentication-Key
Configuring SNTP clear sntp authentication-key Mode Switch command, read-write. Usage After creating an authentication key, you must add it to the trusted key list with the “set sntp trusted-key” command before configuring it to be used with an SNTP server with the “set sntp server”...
Page 517: Clear Sntp Trusted-Key
SNTP server to which it was associated. Use the “show sntp” command to display the authentication keys currently on the trusted key list. Example This example removes authentication key 2 from the trusted key list. C3(su)->clear sntp trusted-key 2 Enterasys C3 Configuration Guide 20-15...
Page 518 Configuring SNTP clear sntp trusted-key 20-16...
Page 519: Chapter 21: Rmon Configuration
RMON Configuration This chapter describes the commands used to configure RMON on a Enterasys C3 switch. For information about... Refer to page... RMON Monitoring Group Functions 21-1 Design Considerations 21-2 Statistics Group Commands 21-3 History Group Commands 21-6 Alarm Group Commands...
Page 520: Design Considerations
Design Considerations Table 21-1 RMON Monitoring Group Functions and Commands (Continued) RMON Group What It Does... What It Monitors... CLI Command(s) History Records periodic statistical Sample period, number of “show rmon history” on samples from a network. samples and item(s) sampled. page 21-6 “set rmon history”...
Page 521: Statistics Group Commands
To display, configure, and clear RMON statistics. Note: Due to hardware limitations, the only frame error counted is oversized frames. Commands For information about... Refer to page... show rmon stats 21-4 set rmon stats 21-4 clear rmon stats 21-5 Enterasys C3 Configuration Guide 21-3...
Page 522: Show Rmon Stats
show rmon stats show rmon stats Use this command to display RMON statistics measured for one or more ports. Syntax show rmon stats [port-string] Parameters port-string (Optional) Displays RMON statistics for specific port(s). Defaults If port-string is not specified, RMON stats will be displayed for all ports. Mode Switch command, read-only.
Page 523: Clear Rmon Stats
Resets all history entries to default values. This will cause entries to reappear in RMON queries. Defaults None. Mode Switch command, read-write. Example This example shows how to delete RMON statistics entry 2: C3(rw)->clear rmon stats 2 Enterasys C3 Configuration Guide 21-5...
Page 524: History Group Commands
History Group Commands History Group Commands Purpose To display, configure, and clear RMON history properties and statistics. Commands For information about... Refer to page... show rmon history 21-6 set rmon history 21-7 clear rmon history 21-7 show rmon history Use this command to display RMON history properties and statistics. The RMON history group records periodic statistical samples from a network.
Page 525: Set Rmon History
Use this command to delete one or more RMON history entries or reset one or more entries to default values. For specific values, refer to “set rmon history” on page 21-7. Syntax clear rmon history {index-list | to-defaults} Enterasys C3 Configuration Guide 21-7...
Page 526 clear rmon history Parameters index-list Specifies one or more history entries to be deleted, causing them to disappear from any future RMON queries. to-defaults Resets all history entries to default values. This will cause entries to reappear in RMON queries. Defaults None.
Page 527: Alarm Group Commands
= 1.3.6.1.4.1.5624.1.2.29.1.2.1.0 Sample Type = delta Startup Alarm = rising Interval = 30 Value Rising Threshold Falling Threshold Rising Event Index Falling Event Index = 0 Table 21-2 provides an explanation of the command output. Enterasys C3 Configuration Guide 21-9...
Page 528: Set Rmon Alarm Properties
set rmon alarm properties Table 21-2 show rmon alarm Output Details Output Field What It Displays... Index Index number for this alarm entry. Owner Text string identifying who configured this entry. Status Whether this event entry is enabled (valid) or disabled. Variable MIB object to be monitored.
Page 529: Set Rmon Alarm Status
Use this command to enable an RMON alarm entry. An alarm is a notification that a statistical sample of a monitored variable has crossed a configured threshold. Syntax set rmon alarm status index enable Enterasys C3 Configuration Guide 21-11...
Page 530: Clear Rmon Alarm
clear rmon alarm Parameters index Specifies an index number for this entry. Maximum number or entries is 50. Maximum value is 65535. enable Enables this alarm entry. Defaults None. Mode Switch command, read-write. Usage An RMON alarm entry can be created using this command, configured using the set rmon alarm properties command (“set rmon alarm properties”...
Page 531: Event Group Commands
Status = valid Description = STP Topology change Type = log-and-trap Community = public Last Time Sent = 0 days 0 hours 0 minutes 37 seconds Table 21-3 provides an explanation of the command output. Enterasys C3 Configuration Guide 21-13...
Page 532: Set Rmon Event Properties
set rmon event properties Table 21-3 show rmon event Output Details Output Field What It Displays... Index Index number for this event entry. Owner Text string identifying who configured this entry. Status Whether this event entry is enabled (valid) or disabled. Description Text string description of this event.
Page 533: Set Rmon Event Status
C3(rw)->set rmon event status 1 enable clear rmon event Use this command to delete an RMON event entry and any associated log entries. Syntax clear rmon event index Parameters index Specifies the index number of the entry to be cleared. Enterasys C3 Configuration Guide 21-15...
Page 534: Filter Group Commands
When packet capture is enabled on an interface, the Enterasys C3 switch will capture 100 frames as close to sequentially as possible. These 100 frames will be placed into a buffer for inspection. If there is data in the buffer when the function is started, the buffer will be overwritten.
Page 535: Set Rmon Channel
(Optional) Specifies the name of the entity that configured this entry. Defaults If an action is not specified, packets will be accepted on filter matches. If not specified, control will be set to off. Enterasys C3 Configuration Guide 21-17...
Page 536: Clear Rmon Channel
clear rmon channel If a description is not specified, none will be applied. If owner is not specified, it will be set to monitor. Mode Switch command, read-write. Example This example shows how to create an RMON channel entry: C3(rw)->set rmon channel 54313 ge.2.12 accept failed control on description "capture all"...
Page 537: Set Rmon Filter
(Optional) Specifies the mask applied to data to indicate which bits are significant. dnotmask dnotmask (Optional) Specifies the inversion mask that indicates which bits should be set or not set. owner (Optional) Specifies the name of the entity that configured this entry. Enterasys C3 Configuration Guide 21-19...
Page 538: Clear Rmon Filter
clear rmon filter Defaults If owner is not specified, it will be set to monitor. If no other options are specified, none (0) will be applied. Mode Switch command, read-write. Example This example shows how to create RMON filter 1 and apply it to channel 9: C3(rw)->set rmon filter 1 9 offset 30 data 0a154305 dmask ffffffff clear rmon filter Use this command to clear an RMON filter entry.
Page 539: Packet Capture Commands
Channel= 38283 EntryStatus= valid ---------------------------------------------------------- FullStatus avail FullAction lock Captured packets Capture slice 1518 Download size Download offset Max Octet Requested 50000 Max Octet Granted 50000 Start time 1 days 0 hours 51 minutes 15 seconds Enterasys C3 Configuration Guide 21-21...
Page 540: Set Rmon Capture
set rmon capture Owner monitor captureEntry= 1 Buff.control= 28062 -------------------------------------------- Pkt ID Pkt time 1 days 0 hours 51 minutes 15 seconds Pkt Length Pkt status Data: 00 00 5e 00 01 01 00 01 f4 00 7d ce 08 00 45 00 00 4b b4 b9 00 00 40 11 32 5c 0a 15 43 05 86 8d bf e5 00 a1 0e 2b 00 37 cf ca 30 2d 02 01 00 04 06 70 75 62 6c 69 63 a2 20 02 02 0c 92 02 01 00...
Page 541: Clear Rmon Capture
Syntax clear rmon capture index Parameters index Specifies the capture entry to be cleared. Defaults None. Mode Switch command, read-write. Example This example shows how to clear RMON capture entry 1: C3(rw)->clear rmon capture 1 Enterasys C3 Configuration Guide 21-23...
Page 542 clear rmon capture 21-24 RMON Configuration...
Page 543: Chapter 22: Dhcp Server Configuration
DHCP Relay Agent The DHCP/BOOTP relay agent function can be configured on all of the Enterasys C3’s routing interfaces. The relay agent can forward a DHCP client’s request to a DHCP server located on a different network if the address of the server is configured as a helper address on the receiving interface.
Page 544: Configuring A Dhcp Server
DHCP options as defined by RFC 2132 Note: A total of 16 address pools, dynamic and/or static, and a maximum of 256 addresses for the entire switch, can be configured on the Enterasys C3 Configuring a DHCP Server On the C3, there are two ways to configure a DHCP server: one is to associate the DHCP address pool with the switch’s host port IP address, and the other is to associate the DHCP address pool...
Page 545: Configuring General Dhcp Server Parameters
You can limit the scope of addresses assigned to a pool for dynamic address assignment with the set dhcp exclude command. Up to 128 non-overlapping address ranges can be excluded on the Enterasys C3. For example: set dhcp exclude 192.0.0.1 192.0.0.10 Note: The IP address of the system’s host port or the routed interface is automatically...
Page 546: Set Dhcp
22-10 clear dhcp server statistics 22-11 set dhcp Use this command to enable or disable the DHCP server functionality on the Enterasys C3. Syntax set dhcp {enable | disable} Parameters enable | disable Enables or disables DHCP server functionality. By default, DHCP server is disabled.
Page 547: Set Dhcp Conflict Logging
Use this command to display conflict information, for one address or all addresses. Syntax show dhcp conflict [address] Parameters address [Optional] Specifies the address for which to display conflict information. Defaults If no address is specified, conflict information for all addresses is displayed. Enterasys C3 Configuration Guide 22-5...
Page 548: Clear Dhcp Conflict
clear dhcp conflict Mode Read-only. Example This example displays conflict information for all addresses. Note that ping is the only detection method used. C3(ro)->show dhcp conflict IP address Detection Method Detection Time ----------- ----------------- --------------- 192.0.0.2 Ping 0 days 19h:01m:23s 192.0.0.3 Ping 0 days 19h:00m:46s...
Page 549: Set Dhcp Exclude
[high-ipaddr] Parameters low-ipaddr Specifies the first IP address in the address range to be cleared. high-ipaddr (Optional) Specifies the last IP address in the address range to be cleared. Defaults None. Mode Switch command, read-write. Enterasys C3 Configuration Guide 22-7...
Page 550: Set Dhcp Ping
set dhcp ping Example This example clears the previously excluded range of IP addresses between 192.168.1.88 through 192.168.1.100. C3(rw)->clear dhcp exclude 192.168.1.88 192.168.1.100 set dhcp ping Use this command to configure the number of ping packets the DHCP server sends to an IP address before assigning the address to a requesting client.
Page 551: Show Dhcp Binding
Use this command to clear (delete) one or all dynamic (automatic) DHCP address bindings. Syntax clear dhcp binding {ip-addr | *} Parameters ip-addr Specifies the IP address for which to clear/delete the DHCP binding. Deletes all dynamic address bindings. Defaults None. Enterasys C3 Configuration Guide 22-9...
Page 552: Show Dhcp Server Statistics
show dhcp server statistics Mode Switch command, read-write. Usage This command clears only dynamic (automatic) DHCP bindings. Use the command clear dhcp pool host to clear manually configured DHCP bindings. Example This example deletes the dynamic DHCP address binding for IP address 192.168.1.1. C3(rw)->clear dhcp binding 192.168.1.1 show dhcp server statistics Use this command to display DHCP server statistics.
Page 553: Clear Dhcp Server Statistics
Use this command to clear all DHCP server counters. Syntax clear dhcp server statistics Parameters None. Defaults None. Mode Switch command, read-write. Example This example clears all DHCP server counters. C3(rw)->clear dhcp server statistics Enterasys C3 Configuration Guide 22-11...
Page 554: Configuring Ip Address Pools
Purpose To configure and clear DHCP address pool parameters, and to display address pool configuration information. Note: A total of 16 address pools, dynamic and/or static, can be configured on the Enterasys C3 Commands For information about... Refer to page...
Page 555: Set Dhcp Pool
Use this command to create and assign a name to a DHCP server pool of addresses. Up to 16 address pools may be configured on a Enterasys C3. Note that entering this command is not required to create an address pool before configuring other address pool parameters.
Page 556: Clear Dhcp Pool
clear dhcp pool clear dhcp pool Use this command to delete a DHCP server pool of addresses. Syntax clear dhcp pool poolname Parameters poolname Specifies the name of the address pool. Pool names may be up to 31 characters in length. Defaults None.
Page 557: Clear Dhcp Pool Network
Specifies the MAC address of the client’s hardware platform. This value can be entered using dotted hexadecimal notation or colons. type (Optional) Specifies the protocol of the hardware platform. Valid values are 1 for Ethernet or 6 for IEEE 802. Default value is 1, Ethernet. Enterasys C3 Configuration Guide 22-15...
Page 558: Clear Dhcp Pool Hardware-Address
clear dhcp pool hardware-address Defaults If no type is specified, Ethernet is assumed. Mode Switch command, read-write. Example This example specifies 0001.f401.2710 as the Ethernet MAC address for the manual address pool named “manual2.” Alternatively, the MAC address could have be entered as 00:01:f4:01:27:10. C3(rw)->set dhcp pool manual2 hardware-address 0001.f401.2710 clear dhcp pool hardware-address Use this command to remove the hardware address of a DHCP client from a manual binding...
Page 559: Clear Dhcp Pool Host
You can use either this command or the set dhcp pool hardware-address command to create a manual binding pool, but using both is not recommended. Syntax set dhcp pool poolname client-identifier id Enterasys C3 Configuration Guide 22-17...
Page 560: Clear Dhcp Pool Client-Identifier
clear dhcp pool client-identifier Parameters poolname Specifies the name of the address pool. Pool names may be up to 31 characters in length. Specifies the unique client identifier for this client. The value must be entered in xx:xx:xx:xx:xx:xx format. Defaults None.
Page 561: Set Dhcp Pool Client-Name
Use this command to delete a DHCP client name from an address pool for manual binding. Syntax clear dhcp pool poolname client-name Parameters poolname Specifies the name of the address pool. Pool names may be up to 31 characters in length. Defaults None. Mode Switch command, read-write. Enterasys C3 Configuration Guide 22-19...
Page 562: Set Dhcp Pool Bootfile
set dhcp pool bootfile Example This example deletes the client name from the manual binding pool “manual2.” C3(rw)->clear dhcp pool manual2 client-name set dhcp pool bootfile Use this command to specify a default boot image for the DHCP clients who will be served by the address pool being configured.
Page 563: Set Dhcp Pool Next-Server
Use this command to remove the boot image file server from the address pool being configured. Syntax clear dhcp pool poolname next-server Parameters poolname Specifies the name of the address pool. Pool names may be up to 31 characters in length. Defaults None. Mode Switch command, read-write. Enterasys C3 Configuration Guide 22-21...
Page 564: Set Dhcp Pool Lease
set dhcp pool lease Example This example removes the file server from address pool “auto1.” C3(rw)->clear dhcp pool auto1 next-server set dhcp pool lease Use this command to specify the duration of the lease for an IP address assigned by the DHCP server from the address pool being configured.
Page 565: Set Dhcp Pool Default-Router
This example assigns a default router at 10.10.10.1 to the address pool named “auto1.” C3(rw)->set dhcp pool auto1 default-router 10.10.10.1 clear dhcp pool default-router Use this command to delete the default routers configured for this address pool. Syntax clear dhcp pool poolname default-router Enterasys C3 Configuration Guide 22-23...
Page 566: Set Dhcp Pool Dns-Server
set dhcp pool dns-server Parameters poolname Specifies the name of the address pool. Pool names may be up to 31 characters in length. Defaults None. Mode Switch command, read-write. Example This example removes the default router from the address pool “auto1.” C3(rw)->clear dhcp pool auto1 default-router set dhcp pool dns-server Use this command to specify one or more DNS servers for the DHCP clients served by the address...
Page 567: Set Dhcp Pool Domain-Name
This example assigns the “mycompany.com” domain name to the address pool “auto1.” C3(rw)->set dhcp pool auto1 domain-name mycompany.com clear dhcp pool domain-name Use this command to remove the domain name from the address pool being configured. Syntax clear dhcp pool poolname domain-name Enterasys C3 Configuration Guide 22-25...
Page 568: Set Dhcp Pool Netbios-Name-Server
set dhcp pool netbios-name-server Parameters poolname Specifies the name of the address pool. Pool names may be up to 31 characters in length. Defaults None. Mode Switch command, read-write. Example This example removes the domain name from the address pool “auto1.” C3(rw)->clear dhcp pool auto1 domain-name set dhcp pool netbios-name-server Use this command to assign one or more NetBIOS name servers for the DHCP clients served by...
Page 569: Set Dhcp Pool Netbios-Node-Type
Specifies the NetBIOs node type to be mixed (broadcast, then WINS). Defaults None. Mode Switch command, read-write. Example This example specifies hybrid as the NetBIOS node type for the address pool “auto1.” C3(rw)->set dhcp pool auto1 netbios-node-type h-node Enterasys C3 Configuration Guide 22-27...
Page 570: Clear Dhcp Pool Netbios-Node-Type
clear dhcp pool netbios-node-type clear dhcp pool netbios-node-type Use this command to remove the NetBIOS node type from the address pool being configured. Syntax clear dhcp pool poolname netbios-node-type Parameters poolname Specifies the name of the address pool. Pool names may be up to 31 characters in length.
Page 571: Clear Dhcp Pool Option
Use this command to display configuration information for one or all address pools. Syntax show dhcp pool configuration {poolname | all} Parameters poolname Specifies the name of the address pool. Pool names may be up to 31 characters in length. Defaults None. Enterasys C3 Configuration Guide 22-29...
Page 572 show dhcp pool configuration Mode Read-only. Example This example displays configuration information for all address pools. C3(rw)->show dhcp pool configuration all Pool: Atg_Pool Pool Type Dynamic Network 192.0.0.0 255.255.255.0 Lease Time 1 days 0 hrs 0 mins Default Routers 192.0.0.1 Pool: static1 Pool Type Manual...
Page 573: Chapter 23: Dhcp Snooping And Dynamic Arp Inspection
This feature is a configurable option. DHCP Message Processing The hardware identifies all incoming DHCP packets on ports where DHCP snooping is enabled. On untrusted ports, the hardware traps all incoming DHCP packets to the CPU. On trusted ports, Enterasys C3 Configuration Guide 23-1...
Page 574: Building And Maintaining The Database
DHCP Snooping Overview the hardware forwards client messages and copies server messages to the CPU so DHCP snooping can learn the binding. The DHCP snooping application processes incoming DHCP messages. For DHCP RELEASE and DHCP DECLINE messages, the application compares the receive interface and VLAN with the client's interface and VLAN in the bindings database.
Page 575: Rate Limiting
DHCP snooping must be enabled on the interfaces where the DHCP clients are connected, and the interfaces must be untrusted DHCP snooping ports. • The routing interface that is connected to the DHCP server must be enabled for DHCP snooping and must be a trusted DHCP snooping port. Enterasys C3 Configuration Guide 23-3...
Page 576: Dhcp Snooping Commands
DHCP Snooping Commands DHCP Snooping Commands For information about... Refer to page... set dhcpsnooping 23-4 set dhcpsnooping vlan 23-5 set dhcpsnooping trust 23-5 set dhcpsnooping binding 23-6 set dhcpsnooping verify 23-7 set dhcpsnooping log-invalid 23-7 set dhcpsnooping limit 23-8 show dhcpsnooping 23-9 show dhcpsnooping port 23-10...
Page 577: Set Dhcpsnooping Vlan
LAGs that are members of a VLAN. enable | disable Enables or disables the specified ports as trusted ports. Defaults By default, ports are untrusted. Mode Switch command, read-write. Enterasys C3 Configuration Guide 23-5...
Page 578: Set Dhcpsnooping Binding
set dhcpsnooping binding Usage In order for DHCP snooping to operate, snooping has to be enabled globally and on specific VLANs, and the ports within the VLANs have to be configured as trusted or untrusted. On trusted ports, DHCP client messages are forwarded directly by the hardware. On untrusted ports, client messages are given to the DHCP snooping application.
Page 579: Set Dhcpsnooping Verify
This example disables source MAC address verification and logging. (rw)->set dhcpsnooping verify mac-address disable set dhcpsnooping log-invalid Use this command to enable or disable logging of invalid DHCP messages on ports. Syntax set dhcpsnooping log-invalid port port-string {enable | disable} Enterasys C3 Configuration Guide 23-7...
Page 580: Set Dhcpsnooping Limit
set dhcpsnooping limit Parameters port port-string Specifies the port or ports on which to enable or disable logging of invalid packets. enable | disable Enables or disables logging on the specified ports. Defaults Disabled. Mode Switch command, read-write. Usage The DHCP snooping application processes incoming DHCP messages. For DHCPRELEASE and DHCPDECLINE messages, the application compares the receive interface and VLAN with the client's interface and VLAN in the bindings database.
Page 581: Show Dhcpsnooping
C3(rw)->set dhcpsnooping limit ge.1.1 rate 20 burst interval 2 C3(rw)->show dhcpsnooping port ge.1.1 Interface Trust State Rate Limit Burst Interval (pps) (seconds) ---------- ------------- ------------- --------------- ge.1.1 show dhcpsnooping Use this command to display DHCP snooping configuration parameters. Syntax show dhcpsnooping Parameters None. Enterasys C3 Configuration Guide 23-9...
Page 582: Show Dhcpsnooping Port
show dhcpsnooping port Defaults None. Mode Switch command, read-write. Usage This command displays the status (enabled or disabled) of DHCP snooping globally, lists the VLANs on which DHCP snooping is enabled, displays whether source MAC address verification is enabled or disabled, and for ports that are enabled for snooping, displays whether they are trusted or untrusted and whether logging of invalid packets has been enabled.
Page 583: Show Dhcpsnooping Binding
This example shows the output of the show dhcpsnooping binding command when no parameters are entered. C3(su)->show dhcpsnooping binding Total number of bindings: MAC Address IP Address VLAN Interface Type Lease (min) ----------------- --------------- ---- ----------- ------- ----------- 00:02:B3:06:60:80 192.168.10.10 ge.1.1 STATIC 00:0F:FE:00:13:04 192.168.20.1 ge.1.30 DYNAMIC 1440 Enterasys C3 Configuration Guide 23-11...
Page 584: Show Dhcpsnooping Statistics
show dhcpsnooping statistics show dhcpsnooping statistics Use this command to display DHCP snooping statistics for untrusted ports. Syntax show dhcpsnooping statistics Parameters None. Defaults None. Mode Switch command, read-write. Usage The DHCP snooping application processes incoming DHCP messages on enabled untrusted interfaces.
Page 585: Clear Dhcpsnooping Statistics
Use this command to reset the rate limit values to the defaults of 15 packets per second with a burst interval of 1 second. Syntax clear dhcpsnooping limit port-string Parameters port-string Specifies the port or ports to which this command applies. Enterasys C3 Configuration Guide 23-13...
Page 586 clear dhcpsnooping limit Defaults None. Mode Switch command, read-write. Example This example resets the rate limit values to their defaults on port ge.1.1. (su)->clear dhcpsnooping limit ge.1.1 23-14 DHCP Snooping and Dynamic ARP Inspection...
Page 587: Dynamic Arp Inspection Overview
You can also enable IP address checking. When this option is enabled, DAI drops ARP packets with an invalid IP address. The following IP addresses are considered invalid: • 0.0.0.0 • 255.255.255.255 • All IP multicast addresses • All class E addresses (240.0.0.0/4) Enterasys C3 Configuration Guide 23-15...
Page 588: Logging Invalid Packets
Dynamic ARP Inspection Overview • Loopback addresses (in the range 127.0.0.0/8) Logging Invalid Packets By default, DAI writes a log message to the normal buffered log for each invalid ARP packet it drops. You can configure DAI to not log invalid packets for specific VLANs. Packet Forwarding DAI forwards valid ARP packets whose destination MAC address is not local.
Page 589: Basic Configuration
DHCP RELEASE packets to be processed by the DHCP snooping functionality and client bindings removed from the bindings database Router Configuration router enable configure interface vlan 10 no shutdown ip address 10.2.0.1 255.255.0.0 Enterasys C3 Configuration Guide 23-17...
Page 590: Dynamic Arp Inspection Commands
Dynamic ARP Inspection Commands ip helper-address 192.168.0.200 ip rip send version 2 ip rip receive version 2 ip rip enable exit interface vlan 192 no shutdown ip address 192.168.0.1 255.255.255.0 ip rip send version 2 ip rip receive version 2 ip rip enable exit router rip...
Page 591: Set Arpinspection Vlan
IP address are a valid pair in the database. ARP packets whose sender MAC address and sender IP address do not match an entry in the database are dropped. If logging is enabled, invalid ARP packets are also logged. Enterasys C3 Configuration Guide 23-19...
Page 592: Set Arpinspection Trust
set arpinspection trust Example This example enables DAI on VLANs 2 through 5 and also enables logging of invalid ARP packets on those VLANs. C3(su)->set arpinspection vlan 2-5 logging set arpinspection trust Use this command to enable or disable a port as a dynamic ARP inspection trusted port. Syntax set arpinspection trust port port-string {enable | disable} Parameters...
Page 593: Set Arpinspection Limit
Specifies a rate limit in packets per second. The value of pps can range from 0 to 50 packets per second. burst interval secs Specifies a burst interval in seconds. The value of secs can range from 1 to 15 seconds. Enterasys C3 Configuration Guide 23-21...
Page 594: Set Arpinspection Filter
set arpinspection filter Defaults Rate = 15 packets per second Burst Interval = 1 second Mode Switch command, read-write. Usage To protect the switch against DHCP attacks when DAI is enabled, the DAI application enforces a rate limit for ARP packets received on untrusted interfaces. DAI monitors the receive rate on each interface separately.
Page 595: Show Arpinspection Access-List
Switch command, read-write. Example This example displays information about the ARP ACL named staticARP. C3(su)->show arpinspection access-list staticARP ARP access list staticARP permit ip host 192.168.1.10 mac host 00:01:22:33:44:55 permit ip host 192.168.1.20 mac host 00:0A:11:22:33:66 Enterasys C3 Configuration Guide 23-23...
Page 596: Show Arpinspection Ports
show arpinspection ports show arpinspection ports Use this command to display the ARP configuration of one or more ports. Syntax show arpinspection ports [port-string] Parameters port-string (Optional) Specifies the port or ports for which to display ARP configuration information. Defaults If a port-string is not specified, information about all DAI-enabled untrusted ports is displayed.
Page 597: Show Arpinspection Statistics
Drops Permits Permits ---- ---------- ---------- ---------- ---------- ---------- ---------- --------- clear arpinspection validate Use this command to remove additional optional ARP validation parameters that were previously configured. Syntax clear arpinspection validate {[src-mac] [dst-mac] [ip]} Enterasys C3 Configuration Guide 23-25...
Page 598: Clear Arpinspection Vlan
clear arpinspection vlan Parameters src-mac Clear, or remove, the verification that the sender MAC address equals the source MAC address in the Ethernet header. dst-mac Clear, or remove, the verification that the target MAC address equals the destination MAC address in the Ethernet header. Clear, or remove, checking the IP address and dropping ARP packets with an invalid address.
Page 599: Clear Arpinspection Filter
Syntax clear arpinspection filter name [permit ip host sender-ipaddr mac host sender-macaddr] | [vlan vlan-range [static] Parameters name Specifies the name of the ARP ACL. permit (Optional) Specifies that a permit rule is being deleted. Enterasys C3 Configuration Guide 23-27...
Page 600 clear arpinspection filter ip host sender-ipaddr Specifies the IP address in the rule being deleted. mac host Specifies the MAC address in the rule being deleted. sender-macaddr vlan vlan-range (Optional) Specifies the VLAN or VLANs to which this command should apply. Remove the ACL from the VLAN, if static is not specified also.
Page 601: Clear Arpinspection Limit
Use this command to clear all dynamic ARP inspection statistics. Syntax clear arpinspection statistics Parameters None. Defaults None. Mode Switch command, read-write. Example This example clears all DAI statistics from the switch. Enterasys C3 Configuration Guide 23-29...
Page 602 clear arpinspection statistics C3(su)->clear arpinspection statistics 23-30 DHCP Snooping and Dynamic ARP Inspection...
Page 603: Chapter 24: Preparing For Router Mode
Enabling Router Configuration Modes 24-2 Pre-Routing Configuration Tasks Startup and general configuration of the Enterasys C3 switch must occur from the switch CLI. For details on how to start the switch and configure general platform settings, refer to Chapter 1,...
Page 604: Example
C3(su)->router(Config)#interface vlan 1 C3(su)->router(Config-if(Vlan 1))#ip address 182.127.63.1 255.255.255.0 C3(su)->router(Config-if(Vlan 1))#no shutdown Enabling Router Configuration Modes The Enterasys C3 CLI provides different modes of router operation for issuing a subset of commands from each mode. Table 24-2 describes these modes of operation.
Page 605 OSPF, the instance ID) from Global or Interface Configuration mode. Note: To jump to a lower configuration mode, type exit at the command prompt. To revert back to switch CLI, type exit from Privileged EXEC router mode. Enterasys C3 Configuration Guide 24-3...
Page 606 Enabling Router Configuration Modes 24-4 Preparing for Router Mode...
Page 607: Configuring Routing Interface Settings
IP routing at device startup, and to review the running configuration. Note: For information about configuring tunnel interfaces, see “Configuring Tunnel Interfaces” on page 25-8. Commands For information about... Refer to page... show interface 25-2 interface 25-3 show ip interface 25-4 ip address 25-5 Enterasys C3 Configuration Guide 25-1...
Page 608: Show Interface
show interface For information about... Refer to page... no shutdown 25-6 no ip routing 25-6 show running-config 25-7 show interface Use this command to display information about one or more interfaces (VLANs or loopbacks) configured on the router. Syntax show interface [vlan vlan-id] [loopback loop-id] Parameters vlan vlan-id (Optional) Displays interface information for a specific VLAN interface.
Page 609: Interface
NAS-IP attribute. (Administrators can assign where to source management or network service IP packets via the set interface commands.) Each Enterasys C3 system (stack) can support up to 24 routing interfaces. Each interface can be configured for the RIP and/or OSPF routing protocols.
Page 610: Show Ip Interface
show ip interface Examples This example shows how to enter configuration mode for VLAN 1: C3(su)->router#configure C3(su)->router(Config)#interface vlan 1 C3(su)->router(Config-if(Vlan 1))# This example shows how to enter configuration mode for loopback 1: C3(su)->router#configure C3(su)->router(Config)#interface loopback 1 C3(su)->router(Config-if(Lpbk 1))# show ip interface Use this command to display information, including administrative status, IP address, MTU (Maximum Transmission Unit) size and bandwidth, and ACL configurations, for interfaces configured for IP.
Page 611: Ip Address
(Optional) Specifies that the configured IP address is a secondary address. Defaults If secondary is not specified, the configured address will be the primary address for the interface. Mode Router interface configuration: C3(su)->router(Config-if(Vlan 1))# Enterasys C3 Configuration Guide 25-5...
Page 612: No Shutdown
no shutdown Usage Refer to the Router Capacities table in the Release Notes for this product for the number of primary and secondary IP interfaces supported by this product. Example This example sets the IP address to 192.168.1.1 and the network mask to 255.255.255.0 for VLAN 1: C3(su)->router(Config)#interface vlan 1 C3(su)->router(Config-if(Vlan 1))#ip address 192.168.1.1 255.255.255.0 no shutdown...
Page 613: Show Running-Config
Parameters None. Defaults None. Mode Any router mode. Example This example shows how to display the current router operating configuration: C3(su)->router#show running-config interface vlan 1 interface vlan 10 ip address 192.168.2.10 255.255.255.0 no shutdown Enterasys C3 Configuration Guide 25-7...
Page 614: Configuring Tunnel Interfaces
Automatic tunnels, in contrast, infer the endpoint of the tunnel from the destination address of packets routed into the tunnel. The Enterasys Fixed Switches that support IPv6 allow you to manually configure an IPv6 over IPv4 point-to-point tunnel, specifying both the source and destination endpoints of the tunnel.
Page 615: Tunnel Source
The no form of this command removes the source IPv4 address for the tunnel interface being configured. Example The following example configures the source IPv4 address for tunnel 1. C3(su)->router(Config)# interface tunnel 1 C3(su)->router(Config-if(Tnnl 1))# (su)->router(Config-if(Tnnl 1))# tunnel source 192.168.10.10 Enterasys C3 Configuration Guide 25-9...
Page 616: Tunnel Destination
tunnel destination tunnel destination This command specifies the IPv4 destination transport address of the tunnel. Syntax tunnel destination ipv4-addr no tunnel destination Parameters ipv4-addr The IPv4 destination address of the tunnel. Defaults None. Mode Router interface configuration: C3(su)->router(Config-if(Tnnl 1))# Usage The no form of this command removes the destination IPv4 address for the tunnel interface being configured.
Page 617: Show Interface Tunnel
Example This example shows the output of this command. C3(su)->router(Config)#show interface tunnel 1 Tunnel 1 is Operationally DOWN The name of this device is Tunnel 1 The MTU is 1480 bytes Enterasys C3 Configuration Guide 25-11...
Page 618: Reviewing And Configuring The Arp Table
Reviewing and Configuring the ARP Table Reviewing and Configuring the ARP Table Purpose To review and configure the routing ARP table, to enable proxy ARP on an interface, and to set a MAC address on an interface. Commands For information about... Refer to page...
Page 619: Arp
Parameters ip-address Specifies the IP address of a device on the network. Valid values are IP addresses in dotted decimal notation. mac-address Specifies the 48-bit hardware address corresponding to the ip-address expressed in hexadecimal notation. Enterasys C3 Configuration Guide 25-13...
Page 620: Ip Proxy-Arp
Proxy ARP can be used to resolve routing issues on end stations that are unable to route in the subnetted environment. The Enterasys C3 will answer to ARP requests on behalf of targeted end stations on neighboring networks. It is disabled by default.
Page 621: Arp Timeout
Use this command to delete all nonstatic (dynamic) entries from the ARP table. clear arp-cache Parameters None. Mode Privileged EXEC: C3(su)->router# Defaults None. Example This example shows how to delete all dynamic entries from the ARP table: C3(su)->router#clear arp-cache Enterasys C3 Configuration Guide 25-15...
Page 622: Configuring Broadcast Settings
If the ability to send directed broadcasts to a network is required, you should enable directed broadcasts only on the one interface that will be transmitting the datagrams. For example, if a Enterasys C3 has five routed interfaces for the 10, 20, 30, 40, and 50 networks, enabling directed 25-16 IP Configuration...
Page 623: Ip Forward-Protocol
Time Service EN-116 Name Service TACACS Service Domain Naming System Trivial File Transfer Protocol (TFTP) NetBIOS Name Server NetBIOS Datagram Server 4011 Alternate Service Boot Mode Router command, Global configuration: C3(su)->router(Config)# Router interface configuration: C3(su)->router(Config-if(Vlan 1)# Enterasys C3 Configuration Guide 25-17...
Page 624: Ip Helper-Address
C3(su)->router(Config)#interface vlan 10 C3(su)->router(Config-if(Vlan 10))#no ip forward-protocol udp 69 ip helper-address Use this command to enable the DHCP/BOOTP relay agent on a Enterasys C3 routed interface and/or to forward broadcast traffic identified with the ip forward-protocol command to a unicast address.
Page 625: Reviewing Ip Traffic And Configuring Routes
(Optional) Displays any routes that match the prefix. connected (Optional) Displays connected routes. ospf (Optional) Displays routes configured for the OSPF routing protocol. For details on configuring OSPF, refer to “Configuring OSPF” on page 27-2. Enterasys C3 Configuration Guide 25-19...
Page 626 show ip route (Optional) Displays routes configured for the RIP routing protocol. For details on configuring RIP, refer to “Configuring RIP” on page 26-1. static (Optional) Displays static routes. summary (Optional) Displays a summary of the IP routing table. Defaults If no parameters are specified, all IP route information will be displayed.
Page 627: Ip Route
This example shows how to set IP address 10.1.2.3 as the next hop gateway to destination address 10.0.0.0: C3(su)->router(Config)#ip route 10.0.0.0 255.0.0.0 10.1.2.3 ping Use this command to test routing network connectivity by sending IP ping requests. Syntax ping ip-address Parameters ip-address Specifies the IP address of the system to ping. Enterasys C3 Configuration Guide 25-21...
Page 628: Traceroute
traceroute Defaults None. Mode Privileged EXEC: C3(su)->router# Usage This command is also available in switch mode. Examples This example shows output from a successful ping to IP address 182.127.63.23: C3(su)->router#ping 182.127.63.23 182.127.63.23 is alive This example shows output from an unsuccessful ping to IP address 182.127.63.24: C3(su)->router#ping 182.127.63.24 no answer from 182.127.63.24 traceroute...
Page 629: Configuring Icmp Redirects
You can use this command in router global configuration mode to enable or disable sending ICMP redirects globally on the switch. You can use this command in router interface configuration mode to enable or disable sending ICMP redirects only on specific interfaces. Enterasys C3 Configuration Guide 25-23...
Page 630: Show Ip Icmp Redirect
show ip icmp redirect Examples This example disables sending ICMP redirects on the interface VLAN 5. C3(su)->router#configure C3(su)->router(Config)#interface vlan 5 C3(su)->Router1(Config-if(Vlan 5))# no ip icmp redirect enable This example disables sending ICMP redirects globally. C3(su)->router#configure C3(su)->router(Config)#no ip icmp redirect enable show ip icmp redirect Use this command to display the status of sending ICMP redirects at a global or interface level.
Page 631: Chapter 26: Ipv4 Basic Routing Protocol Configuration
26-8 Configure RIP simple authentication. “ip rip authentication-key” on page 26-9 Configure RIP encrypted authentication. “ip rip message-digest-key” on page 26-10 Disable automatic route summarization “no auto-summary” on page 26-4 (necessary for enabling CIDR) Enterasys C3 Configuration Guide 26-1...
Page 632: Router Configuration Commands
router rip Table 26-1 RIP Configuration Task List and Commands (Continued) To do this... Use these commands... Activate split horizon or poison-reverse. “split-horizon poison” on page 26-4 Suppress sending routing updates. “passive-interface” on page 26-5 Control reception of routing updates “receive-interface”...
Page 633: Distance
Router configuration: C3(su)->router(Config-router)# Usage If several routes (coming from different protocols) are presented to the Enterasys C3, the protocol with the lowest administrative distance will be chosen for route installation. By default, RIP administrative distance is set to 120. The distance command can be used to change this value, resetting RIP’s route preference in relation to other routes as shown in the table below.
Page 634: No Auto-Summary
Disabling automatic route summarization enables CIDR, allowing RIP to advertise all subnets and host routing information on the Enterasys C3 device. To verify which routes are summarized for an interface, use the show ip route command as described in “show ip...
Page 635: Passive-Interface
This command does not prevent RIP from monitoring updates on the interface. Example This example shows how to set VLAN 2 as a passive interface. No RIP updates will be transmitted on VLAN 2: C3(su)->router(Config)#router rip C3(su)->router(Config-router)#passive-interface vlan 2 Enterasys C3 Configuration Guide 26-5...
Page 636: Receive-Interface
receive-interface receive-interface Use this command to allow RIP to receive update packets on an interface. The no form of this command denies the reception of RIP updates. By default, receiving is enabled on all routing interfaces. Syntax receive-interface vlan vlan-id no receive-interface vlan vlan-id Parameters vlan vlan-id...
Page 637: Interface Configuration Commands
Use this command to enable RIP on an interface. The no form of this command disables RIP on an interface: By default, RIP is disabled on all interfaces. Syntax ip rip enable no ip rip enable Parameters None. Defaults None. Enterasys C3 Configuration Guide 26-7...
Page 638: Ip Rip Send Version
ip rip send version Mode Interface configuration: C3 (su)->router(Config-if(Vlan 1))# Example This example shows how to enable RIP on the VLAN 1 interface: C3(su)->router(Config)#interface vlan 1 C3(su)->router(Config-if(Vlan 1))#ip rip enable ip rip send version Use this command to set the RIP version for RIP update packets transmitted out an interface. The no version of this command sets the version of the RIP update packets to RIPv1.
Page 639: Ip Rip Authentication-Key
Specifies the password to enable or disable for RIP authentication. Defaults None. Mode Interface configuration: C3(su)->router(Config-if(Vlan 1))# Example This example shows how to set the RIP authentication key chain to “password” on the VLAN 1 interface: C3(su)->router(Config)#interface vlan 1 C3(su)->router(Config-if(Vlan 1))#ip rip authentication-key password Enterasys C3 Configuration Guide 26-9...
Page 640: Ip Rip Message-Digest-Key
ip rip message-digest-key ip rip message-digest-key Use this command to enable or disable a RIP MD5 authentication key (password) for use on an interface. The no form of this command prevents RIP from using authentication. Syntax ip rip message-digest-key keyid md5 key no ip rip message-digest-key keyid Parameters keyid...
Page 641: Configuring Irdp
Parameters None. Defaults None. Mode Interface configuration: C3 (su)->router(Config-if(Vlan 1))# Example This example shows how to enable IRDP on the VLAN 1 interface: C3(su)->router(Config)#interface vlan 1 C3(su)->router(Config-if(Vlan 1))#ip irdp enable Enterasys C3 Configuration Guide 26-11...
Page 642: Ip Irdp Maxadvertinterval
ip irdp maxadvertinterval ip irdp maxadvertinterval Use this command to set the maximum interval in seconds between IRDP advertisements. The no form of this command resets the maximum advertisement interval to the default value of 600 seconds. Syntax ip irdp maxadvertinterval interval no irdp maxadvertinterval Parameters interval...
Page 643: Ip Irdp Holdtime
Specifies the value to indicate the interface’s use as a default router address. Valid values are -2147483648 to 2147483647. The minimum value indicates that the address, even though it may be advertised, is not to be used by neighboring hosts as a default router address. Enterasys C3 Configuration Guide 26-13...
Page 644: Ip Irdp Broadcast
ip irdp broadcast Defaults None. Mode Interface configuration: C3 (su)->router(Config-if(Vlan 1))# Example This example shows how to set IRDP preference on the VLAN 1 interface so that the interface’s address may still be advertised, but cannot be used by neighboring hosts as a default router address: C3(su)->router(Config)#interface vlan 1 C3(su)->router(Config-if(Vlan 1))#ip irdp preference -2147483648...
Page 645 C3(su)->router#show ip irdp vlan 1 Interface vlan 1 has router discovery enabled Advertisements will occur between 450 and 600 seconds Advertisements are sent with broadcasts Advertisements are valid for 1800 seconds Default preference will be 0 Enterasys C3 Configuration Guide 26-15...
Page 646 show ip irdp 26-16 IPv4 Basic Routing Protocol Configuration...
Page 647: Chapter 27: Ipv4 Advanced Routing Protocol Configuration
In order to enable advanced routing protocols, such as OSPF, DVMRP, VRRP, and PIM-SM, on a Enterasys C3 device, you must purchase and activate a license key. If you have purchased an advanced routing license, and have enabled routing on the device, you can activate your license as described in the chapter entitled “Activating Licensed Features.”...
Page 648: Configuring Ospf
“Activating Licensed Features” in order to enable the OSPF command set. If you wish to purchase an advanced routing license, contact Enterasys Networks Sales. Purpose To enable and configure the Open Shortest Path First (OSPF) routing protocol.
Page 649: Router Id
(AS). If the router ID is not explicitly configured, the highest configured loopback IP address, if one exists, is used, or the highest routing VLAN IP address is used. Enterasys C3 Configuration Guide 27-3...
Page 650: Router Ospf
For details on enabling configuration modes, refer to Table 24-2 page 24-2. Only one OSPF process (process-id) is allowed per Enterasys C3 router. Example This example shows how to enable routing for OSPF process 1: C3(su)->router#conf terminal C3(su)->router(Config)#router ospf 1...
Page 651: Ip Ospf Enable
Parameters None. Defaults None. Mode Interface configuration: C3 (su)->router(Config-if(Vlan 1))# Example This example shows how to enable OSPF on the VLAN 1 interface: C3(su)->router(Config)#interface vlan 1 C3(su)->router(Config-if(Vlan 1))#ip ospf enable Enterasys C3 Configuration Guide 27-5...
Page 652: Ip Ospf Areaid
ip ospf areaid ip ospf areaid Use this command to configure area IDs for OSPF interfaces. If OSPF is enabled on an interface as described in “ip ospf enable” on page 27-5, the OSPF area will default to 0.0.0.0. The no form of this command removes OSPF routing for the interfaces.
Page 653: Ip Ospf Priority
Use this command to change OSPF timer values to fine-tune the OSPF network. The no form of this command restores the default timer values (5 seconds for delay and 10 seconds for holdtime). Syntax timers spf spf-delay spf-hold no timers spf Enterasys C3 Configuration Guide 27-7...
Page 654: Ip Ospf Retransmit-Interval
ip ospf retransmit-interval Parameters spf-delay Specifies the delay, in seconds, between the receipt of an update and the SPF execution. Valid values are 0 to 4294967295. spf-hold Specifies the minimum amount of time, in seconds, between two consecutive OSPF calculations. Valid values are 0 to 4294967295. A value of 0 means that two consecutive OSPF calculations are performed one immediately after the other.
Page 655: Ip Ospf Transmit-Delay
Specifies the hello interval in seconds. Hello interval must be the same on neighboring routers (on a specific subnet), but can vary between subnets. This parameter is an unsigned integer with valid values between 1 and 65535. Defaults None. Mode Interface configuration: C3 (su)->router(Config-if(Vlan 1))# Enterasys C3 Configuration Guide 27-9...
Page 656: Ip Ospf Dead-Interval
ip ospf dead-interval Example This example shows how to set the hello interval to 5 for the VLAN 1 interface: C3(su)->router(Config)#interface vlan 1 C3(su)->router(Config-if(Vlan 1))#ip ospf hello-interval 5 ip ospf dead-interval Use this command to set the number of seconds a router must wait to receive a hello packet from its neighbor before determining that the neighbor is out of service.
Page 657: Ip Ospf Message Digest Key Md5
This example shows how to enable OSPF MD5 authentication on the VLAN 1 interface, set the key identifier to 20, and set the password to “passone”: C3(su)->router(Config)#interface vlan 1 C3(su)->router(Config-if(Vlan 1))#ip ospf message-digest-key 20 md5 passone Enterasys C3 Configuration Guide 27-11...
Page 658: Distance Ospf
Refer to the latest firmware Release Notes for the number of OSPF areas that can be supported by the Enterasys C3. The no form of this command stops the routes from being summarized.
Page 659: Area Stub
Mode Router configuration: C3(su)->router(Config-router)# Defaults If no-summary is not specified, the stub area will be able to receive LSAs. Enterasys C3 Configuration Guide 27-13...
Page 660: Area Default-Cost
area default-cost Example The following example shows how to define OSPF area 10 as a stub area: C3(su)->router(Config)#router ospf 1 C3(su)->router(Config-router)#area 10 stub area default-cost Use this command to set the cost value for the default route that is sent into a stub area and NSSA by an Area Border Router (ABR).
Page 661: Area Virtual-Link
Enterasys C3 Configuration Guide 27-15...
Page 662: Passive-Interface
passive-interface Parameters area-id Specifies the transit area for the virtual link. Valid values are decimal values or IP addresses. A transit area is an area through which a virtual link is established. router-id Specifies the router ID of the virtual link neighbor. authentication- Specifies a password to be used by the virtual link.
Page 663: Redistribute
RIP or static route advertised into the OSPF routing domain. Valid values are 1 for type 1 external route, and 2 for type 2 external route. subnets (Optional) Specifies that connected, RIP, or static routes that are subnetted routes will be redistributed. Enterasys C3 Configuration Guide 27-17...
Page 664: Show Ip Ospf
show ip ospf Defaults If metric value is not specified, 0 will be applied. If type value is not specified, type 2 (external route) will be applied. If subnets is not specified, only the shortest prefix matching routes will be redistributed. Mode Router configuration: C3(su)->router(Config-router)# Example...
Page 665: Show Ip Ospf Area
Defaults None. Mode Any router mode. Example This example shows how to display all OSPF link state database information. This is a portion of the command output: C3(su)->router#show ip ospf database OSPF Router with ID(155.155.155.155) Enterasys C3 Configuration Guide 27-19...
Page 666: Show Ip Ospf Database Output Details
show ip ospf database Displaying Ipnet Sum Link States(Area 0.0.0.0) LinkID ADV Router Seq# Checksum 192.168.16.0 155.155.155.155 1751 0x80000036 0x18a Displaying As External Link States(Area 0.0.0.0) LinkID ADV Router Seq# Checksum 191.2.2.0 155.155.155.155 1306 0x8000003c 0x9096 191.3.3.3 155.155.155.155 1306 0x8000003c 0x5bc6 191.3.3.4 155.155.155.155...
Page 667: Show Ip Ospf Interface
The interface priority value, which is either default, or assigned with the ip ospf priority command. For details, refer to “ip ospf priority” on page 27-7. Designated Router The router ID of the designated router on this subnet, if one exists, in which case Err will be displayed. Enterasys C3 Configuration Guide 27-21...
Page 668: Show Ip Ospf Neighbor
show ip ospf neighbor Table 27-3 show ip ospf interface Output Details (Continued) Output Field What It Displays... Interface Addr IP address of the designated router on this interface. Backup Designated IP address of the backup designated router on this interface, if one exists, in which Router id case Err will be displayed.
Page 669: Show Ip Ospf Virtual-Links
ID of the transit area through which the virtual link is configured. Transmit delay Amount of time required to transmit a link state update packet on an interface. State Whether the state of this interface is down or point-to-point. Enterasys C3 Configuration Guide 27-23...
Page 670: Clear Ip Ospf Process
clear ip ospf process Table 27-5 show ip ospf virtual links Output Details (Continued) Output Field What It Displays... Timer intervals Timer intervals configured for the virtual link, including Hello, Wait, and Retransmit configured intervals. Adjacency State State of adjacency between this router and the virtual link neighbor of this router. clear ip ospf process Use this command to reset the OSPF process.
Page 671: Configuring Dvmrp
“Activating Licensed Features” in order to enable the DVMRP command set. If you wish to purchase an advanced routing license, contact Enterasys Networks Sales. Note: An Enterasys Networks Feature Guide document containing an in-depth discussion of multicast configuration is located on the Enterasys Networks web site: https://extranet.enterasys.com/downloads/...
Page 672: Ip Dvmrp
ip dvmrp See also show ip mroute on page 27-47, which can be used to display the IP multicast routing table. ip dvmrp Use this command to enable the DVMRP process. The no form of this command disables the DVMRP process: Syntax ip dvmrp no ip dvmrp...
Page 673: Ip Dvmrp Metric
If no optional parameters are specified, status information will be displayed. Mode Any router mode. Example This example shows how to display DVMRP status information: C3(su)->router#show ip dvmrp Vlan Id Metric Admin Status Oper. Status Enterasys C3 Configuration Guide 27-27...
Page 674 show ip dvmrp ------- ------- ------------ ------------ Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Disabled 27-28 IPv4 Advanced Routing Protocol Configuration...
Page 675: Configuring Vrrp
“Activating Licensed Features” in order to enable the VRRP command set. If you wish to purchase an advanced routing license, contact Enterasys Networks Sales. Purpose To enable and configure the Virtual Router Redundancy Protocol (VRRP).
Page 676 C3(su)->router#configure C3(su)->router(Config)#router vrrp C3(su)->router(Config-router)# create Use this command to create a VRRP session. Each Enterasys C3 system supports up to 20 VRRP sessions. The no form of this command disables the VRRP session. Syntax create vlan vlan-id vrid no create vlan vlan-id vrid...
Page 677: Address
This example shows how to configure a virtual router address of 182.127.62.1 on the VLAN 1 interface, VRID 1, and to set the router connected to the VLAN via this interface as the master: C3(su)->router(Config)#router vrrp C3(su)->router(Config-router)#address vlan 1 1 182.127.62.1 1 Enterasys C3 Configuration Guide 27-31...
Page 678: Priority
priority priority Use this command to set a priority value for a VRRP router. The no form of this command clears the VRRP priority configuration. Syntax priority vlan vlan-id vrid priority-value no priority vlan vlan-id vrid priority-value Parameters vlan vlan-id Specifies the number of the VLAN on which to configure VRRP priority.
Page 679: Advertise-Interval
None. Mode Router configuration: C3(su)->router(Config-router)# Usage VRRP advertisements are sent by the master router to other routers participating in the VRRP master selection process, informing them of its configured values. Once the master is selected, Enterasys C3 Configuration Guide 27-33...
Page 680: Preempt
preempt then advertisements are sent every advertising interval to let other VRRP routers in this VLAN/ VRID know the router is still acting as master of the VLAN/VRID. All routers with the same VRID should be configured with the same advertisement interval. Example This example shows how set an advertise interval of 3 seconds on the VLAN 1 interface, VRID 1: C3(su)->router(Config)#router vrrp...
Page 681: Enable
The no form of this command prevents VRRP from using authentication. Syntax ip vrrp authentication-key name no ip vrrp authentication-key Parameters name Specifies the password to enable or disable for VRRP authentication. Defaults None. Mode Interface configuration: C3(su)->router(Config-if(Vlan 1))# Enterasys C3 Configuration Guide 27-35...
Page 682: Show Ip Vrrp
show ip vrrp Example This example shows how to set the VRRP authentication key chain to “password” on the VLAN 1 interface: C3(su)->router(Config)#interface vlan 1 C3(su)->router(Config-if(Vlan 1))#ip vrrp authentication-key password show ip vrrp Use this command to display VRRP routing information. Syntax show ip vrrp Parameters...
Page 683: Configuring Pim-Sm
A Enterasys C3 cannot be configured as a Candidate-RP or a Candidate-BSR. • A Enterasys C3 should not be the first hop router for a multicast stream. In other words, the multicast stream should not originate on a Enterasys C3.
Page 684: Ip Pimsm
ip pimsm For information about... Refer to page... Display commands show ip pimsm 27-40 show ip pimsm componenttable 27-41 show ip pimsm interface 27-42 show ip pimsm neighbor 27-43 show ip pimsm rp 27-44 show ip pimsm rphash 27-45 show ip pimsm staticrp 27-46 show ip mroute 27-47...
Page 685: Ip Pimsm Enable
Parameters None. Defaults None. Mode Interface configuration: C3 (su)->router(Config-if(Vlan 1))# Example This example shows how to enable PIM on IP interface for VLAN 1. C3(su)->router(Config)#interface vlan 1 C3(su)->router(Config-if(Vlan 1))#ip pimsm enable Enterasys C3 Configuration Guide 27-39...
Page 686: Ip Pimsm Query-Interval
ip pimsm query-interval ip pimsm query-interval This command configures the transmission frequency of hello messages in seconds between PIM-enabled neighbors. The no form of this command resets the hello interval to the default, 30 seconds. Syntax ip pimsm query-interval seconds no ip pimsm query-interval Parameters seconds...
Page 687: Show Ip Pimsm Componenttable
Syntax show ip pimsm componenttable Parameters None. Defaults None. Mode Any router mode. Example This example shows how to display PIM router information: C3(su)->router> show ip pimsm componenttable Enterasys C3 Configuration Guide 27-41...
Page 688: Show Ip Pimsm Interface
show ip pimsm interface COMPONENT TABLE Component Component Component Component Index BSR Address BSR Expiry Time CRP Hold Time (hh:mm:ss) (hh:mm:ss) ---------- --------------- --------------- ------------- 192.168.30.2 00:02:10 00:00:00 Table 27-8 provides an explanation of the command output. Table 27-8 show ip pimsm componenettable Output Details Output Field What it displays Component Index...
Page 689: Show Ip Pimsm Neighbor
Designated Router IP Address of the Designated Router for this interface. Neighbor Count The number of neighbors on the PIM-SM interface. show ip pimsm neighbor Display the router’s PIM neighbors. Syntax show ip pimsm neighbor [vlan-id] Enterasys C3 Configuration Guide 27-43...
Page 690: Show Ip Pimsm Rp
show ip pimsm rp Parameters vlan-id (Optional) Display all neighbors discovered on a specific Interface. Mode Any router mode. Defaults If the VLAN id is omitted, all neighbors off all interfaces will be displayed. Example This example shows how to display PIM information: C3(su)->router>...
Page 691: Show Ip Pimsm Rphash
Displays the Rendezvous Point router that will be selected from the set of active RP routers. The RP router, for the group, is selected by using the hash algorithm defined in RFC 2362. Syntax show ip pimsm rphash group-address Enterasys C3 Configuration Guide 27-45...
Page 692: Show Ip Pimsm Staticrp
show ip pimsm staticrp Parameters group-address The Group Address for the RP. Defaults None. Mode Any router mode. Example This example shows how to display RP that will be selected for group address 224.0.0.0: C3(su)->router> show ip pimsm rphash 224.0.0.0 192.168.129.223 show ip pimsm staticrp Display the PIM-SM static Rendezvous Point information.
Page 693: Show Ip Mroute
: 0.0.0.0 MultiCast Group : 239.1.8.9 Uptime : 6336 Upstream Neighbor: 0.0.0.0 Upstream Vlan : 111 Downstream Vlans : 8 Source Network : 192.168.111.10 Source Mask : 0.0.0.0 MultiCast Group : 239.1.7.105 Uptime : 6336 Enterasys C3 Configuration Guide 27-47...
Page 694 show ip mroute Upstream Neighbor: 0.0.0.0 Upstream Vlan : 111 Downstream Vlans : 8 Source Network : 192.168.111.10 Source Mask : 0.0.0.0 MultiCast Group : 239.1.8.169 Uptime : 6582 Upstream Neighbor: 0.0.0.0 Upstream Vlan : 111 Downstream Vlans : 8 Source Network : 192.168.111.10 Source Mask...
Page 695 28-7 show ipv6 netstat 28-7 ping ipv6 28-9 traceroute ipv6 28-10 show ipv6 status Use this command to display the status of the IPv6 management function. Syntax show ipv6 status Parameters None. Enterasys C3 Configuration Guide 28-1...
Page 696: Chapter 28: Ipv6 Management
set ipv6 Defaults None. Mode Switch mode, read-only. Example This example shows how to display IPv6 management function status. C3(ro)->show ipv6 status IPv6 Administrative Mode: Disabled set ipv6 Use this command to globally enable or disable the IPv6 management function. Syntax set ipv6 {enable | disable} Parameters...
Page 697: Set Ipv6 Address
2001:DB8:1234:5555::9876:2/64 This example shows how to use the eui64 parameter to configure the lower order 64 bits: C3(su)->set ipv6 address 2001:0db8:1234:5555::/64 eui64 C3(su)->show ipv6 address Name IPv6 Address ------------ ---------------------------------------- host FE80::201:F4FF:FE5C:2880/64 host 2001:DB8:1234:5555:201:F4FF:FE5C:2880/64 Enterasys C3 Configuration Guide 28-3...
Page 698: Show Ipv6 Address
show ipv6 address show ipv6 address Use this command to display the system IPv6 address(es) and IPv6 gateway address (default router), if configured. Syntax show ipv6 address Parameters None. Defaults None. Mode Switch command, read-only. Usage This command displays the IPv6 addresses configured automatically and with the set ipv6 address and set ipv6 gateway commands.
Page 699: Set Ipv6 Gateway
The IPv6 address to be configured. The address can be a global unicast or link-local IPv6 address, in the form documented in RFC 4291, with the address specified in hexadecimal using 16-bit values between colons. Defaults None. Mode Switch mode, read-write. Enterasys C3 Configuration Guide 28-5...
Page 700: Clear Ipv6 Gateway
clear ipv6 gateway Usage This command configures the IPv6 gateway address. Only one IPv6 gateway address can be configured for the switch, so executing this command when a gateway address has already been configured will overwrite the previously configured address. Use the show ipv6 address command to display a configured IPv6 gateway address.
Page 701: Show Ipv6 Neighbors
Usage The network connection information displayed by this command can be used to find problems in the network. Example This example shows the output of this command. Table 28-1 describes the output of this command. Enterasys C3 Configuration Guide 28-7...
Page 702: Show Ipv6 Netstat Output Display
show ipv6 netstat C3(su)->show ipv6 netstat Prot Local Address State Foreign Address ---- -------------------------------------------- ----------- 3333::211:88FF:FE59:4424.22 ESTABLISHED 2020::D480:1384:F58C:B114.1049 3333::211:88FF:FE59:4424.443 TIME_WAIT 2020::D480:1384:F58C:B114.1056 ::.23 LISTEN ::.* 3333::211:88FF:FE59:4424.22 ESTABLISHED 2020::D480:1384:F58C:B114.1050 3333::211:88FF:FE59:4424.22 ESTABLISHED 3333::2117:F1C0:90B:910D.1045 ::.80 LISTEN ::.* ::.22 LISTEN ::.* 3333::211:88FF:FE59:4424.80 ESTABLISHED 2020::D480:1384:F58C:B114.1053 3333::211:88FF:FE59:4424.80 ESTABLISHED 2020::D480:1384:F58C:B114.1054 ::.443...
Page 703: Ping Ipv6
C3(su)->ping ipv6 2001:0db8:1234:5555::1234:1 2001:DB8:1234:5555::1234:1 is alive This example shows output from an unsuccessful ping to IPv6 address 2001:0db8:1234:5555::1234:1. C3(su)->ping ipv6 2001:0db8:1234:5555::1234:1 no answer from 2001:DB8:1234:5555::1234:1 This example pings a link local address. C3(su)->ping ipv6 interface host FE80::21F:45FF:FE09:E757 Enterasys C3 Configuration Guide 28-9...
Page 704: Traceroute Ipv6
traceroute ipv6 traceroute ipv6 Use this command to discover the routes that packets actually take when traveling to their destination through the network on a hop-by-hop basis. Syntax traceroute ipv6 ipv6-addr Parameters ipv6-addr Specifies a host to which the route of an IPv6 packet will be traced. Enter the address in the form documented in RFC 4291, with the address specified in hexadecimal using 16-bit values between colons.
Page 705: Chapter 29: Ipv6 Configuration
29-22 Overview IPv6 and IPv4 coexist on the Enterasys C3. As with IPv4, IPv6 routing can be enabled on VLAN interfaces. Each Layer 3 routing interface can be used for IPv4, IPv6, or both. The Enterasys C3 supports all IPv6 address formats, including global unicast addresses, link-local unicast, global multicast, scoped multicast (including local scoped multicast), IPv4 compatible addresses, unspecified addresses, loopback addresses, and anycast addresses.
Page 706: Overview
Overview autoconfiguration is part of Router Advertisement and the Enterasys C3 can support both stateless and stateful autoconfiguration of end nodes. The Enterasys C3 supports both EUI-64 interface identifiers and manually configured interface IDs. Refer to the following RFCs for more information about Neighbor Discovery and stateless address autoconfiguration: •...
Page 707: General Configuration Commands
This example disables IPv6 forwarding. C3(su)->router(Config)# no ipv6 forwarding ipv6 hop-limit This command sets the maximum number of IPv6 hops used in IPv6 packets and router advertisements generated by this device. Syntax ipv6 hop-limit hops no ipv6 hop-limit Enterasys C3 Configuration Guide 29-3...
Page 708: Ipv6 Route
ipv6 route Parameters hops Specifies the maximum number of IPv6 hops used in IPv6 packets and router advertisements generated by this device. Value can range from 1 to 255. The default value is 64. Defaults The default maximum number of IPv6 hops is 64. Mode Router global configuration: C3(su)->router(Config)# Usage...
Page 709: Ipv6 Route Distance
A distance value used when no distance is specified when a static route is configured. The value can range from 1 to 255. Lower route distance values are preferred when determining the best route. Defaults Default preference or administrative distance is 1. Enterasys C3 Configuration Guide 29-5...
Page 710: Ipv6 Unicast-Routing
Mode Router global configuration: C3(su)->router(Config)# Usage Use this command to enable forwarding of IPv6 unicast datagrams on the Enterasys C3. Use the no form of the command to disable forwarding of IPv6 unicast datagrams. Example This command enables forwarding of IPv6 unicast datagrams on the router.
Page 711: Ping Ipv6 Interface
Specifies a VLAN interface as the source. tunnel tunnel-id Specifies a tunnel interface as the source. loopback loop-id Specifies a loopback interface as the source. link-local-address Specifies a link-local IPv6 address to ping. ipv6-lladdr Enterasys C3 Configuration Guide 29-7...
Page 712: Traceroute Ipv6
traceroute ipv6 ipv6-addr Specifies the global IPv6 address of the system to ping. Enter the address in the form documented in RFC 4291, with the address specified in hexadecimal using 16-bit values between colons. size num (Optional) Specifies the size of the datagram packet. The value of num can range from 48 to 2048 bytes.
Page 713 This example shows how to use traceroute to display a round trip path to host 2001:0db8:1234:5555::1 C3(su)->router#traceroute ipv6 2001:0db8:1234:5555::1 Traceroute to 2001:0db8:1234:5555::1, 30 hops max, 40 byte packets 1 2001:0db8:1234:5555::1 1.000000e+00 ms 1.000000e+00 ms 1.000000e+00 ms Enterasys C3 Configuration Guide 29-9...
Page 714: Interface Configuration Commands
128-bit address and prefix, or use the eui64 parameter to configure a global IPv6 address using an EUI-64 identifier in the low order 64 bits of the address. When using the eui64 parameter, you specify only the network prefix and length, and the Enterasys C3 generates the low order 64 bits.
Page 715: Ipv6 Enable
This command enables IPv6 routing on an interface that has not been configured with an explicit IPv6 address. Syntax ipv6 enable no ipv6 enable Parameters None. Defaults IPv6 is disabled. Mode Router interface configuration: C3(su)->router(Config-if(Vlan 1))# Enterasys C3 Configuration Guide 29-11...
Page 716: Ipv6 Mtu
ipv6 mtu Usage When this command is executed, an IPv6 link-local unicast address is configured on the interface and IPv6 processing is enabled. You do not need to use this command if you configured an IPv6 global address on an interface with the ipv6 address command. The no ipv6 enable command disables IPv6 routing on an interface that has been enabled with the ipv6 enable command, but it does not disable IPv6 processing on an interface that is configured with an explicit IPv6 address.
Page 717 Note: All interfaces attached to the same physical medium must be configured with the same MTU to operate properly. Example This example sets the MTU value to 1500 bytes. C3(su)->router(Config-if(Vlan 1))# ipv6 mtu 1500 Enterasys C3 Configuration Guide 29-13...
Page 718: Neighbor Cache And Neighbor Discovery Commands
Neighbor Cache and Neighbor Discovery Commands Neighbor Cache and Neighbor Discovery Commands The IPv6 Neighbor Cache functions similarly to the IPv4 ARP table. Entries can be made to the Neighbor Cache by the Neighbor Discovery protocol. The Neighbor Discovery commands allow you to set protocol parameters on an interface basis. For information about...
Page 719: Ipv6 Nd Dad Attempts
3 on this interface. C3(su)->router(Config-if(Vlan 1))# ipv6 nd dad attempts 3 ipv6 nd ns-interval This command configures the interval between Neighbor Solicitations sent on an interface. Syntax ipv6 nd ns-interval {msec | 0} no ipv6 nd ns-interval Enterasys C3 Configuration Guide 29-15...
Page 720: Ipv6 Nd Reachable-Time
ipv6 nd reachable-time Parameters msec Sets the interval in milliseconds between retransmissions of Neighbor Solicitation messages on the interface. The value can range from 1000 (one second) to 3,600,000 (one hour) milliseconds. An advertised value of 0 means the interval is unspecified. Defaults By default, a value of 0 is advertised in RA messages.
Page 721: Ipv6 Nd Other-Config-Flag
Refer to RFC 4862, “IPv6 Stateless Address Autoconfiguration,” for more information. Use the no form of this command to reset the flag to false. Example This example sets the other stateful configuration flag to true. C3(su)->router(Config-if(Vlan 1))# ipv6 nd other-config-flag Enterasys C3 Configuration Guide 29-17...
Page 722: Ipv6 Nd Ra-Interval
ipv6 nd ra-interval ipv6 nd ra-interval This command sets the transmission interval between router advertisements. Syntax ipv6 nd ra-interval sec no ipv6 nd ra-interval Parameters Specifies the value in seconds of the router advertisement transmission interval. The value can range from 4 to 1800 seconds. Defaults 600 seconds.
Page 723: Ipv6 Nd Suppress-Ra
This command configures the IPv6 prefixes to be included in router advertisements sent by this interface. Syntax ipv6 nd prefix {ipv6-prefix/prefix-length} [{valid-lifetime | infinite} {preferred-lifetime | infinite}] [no-autoconfig] [off-link] no ipv6 nd prefix {ipv6-prefix/prefix-length} Enterasys C3 Configuration Guide 29-19...
Page 724 ipv6 nd prefix Parameters ipv6-prefix/prefix-length The IPv6 network prefix and the prefix length being configured. The prefix must be in the form documented in RFC 4291, with the address specified in hexadecimal using 16-bit values between colons. The prefix length is a decimal number indicating the number of high- order contiguous bits of the address that comprise the network portion of the address.
Page 725 Example This example configures a prefix that can be used for both on-link determination and autoconfiguration, using the default values for valid lifetime and preferred lifetime. (su)->router(Config-if(Vlan 1))# ipv6 nd prefix 2001:0db8:4444:5555/64 Enterasys C3 Configuration Guide 29-21...
Page 726: Query Commands
Query Commands Query Commands For information about... Refer to page... show ipv6 interface 29-22 show ipv6 neighbors 29-23 show ipv6 route 29-25 show ipv6 route preferences 29-26 show ipv6 route summary 29-27 show ipv6 traffic 29-28 clear ipv6 statistics 29-33 show ipv6 interface This command displays information about one or all configured IPv6 interfaces.
Page 727: Show Ipv6 Neighbors
Router Advertisement Max Interval Router Advertisement Managed Config Flag Disabled Router Advertisement Other Config Flag Disabled Router Advertisement Suppress Flag Disabled show ipv6 neighbors This command displays IPv6 Neighbor Cache information. Syntax show ipv6 neighbors Parameters None. Enterasys C3 Configuration Guide 29-23...
Page 728: Show Ipv6 Neighbor Output Details
show ipv6 neighbors Defaults None. Mode Router privileged execution: C3(su)->router# Usage Use this command to display the contents of the Neighbor Cache. Example This example displays the neighbors in the cache. C3(su)->router>show ipv6 neighbors Neighbor Last IPv6 Address MAC Address isRtr State Updated Interface...
Page 729: Show Ipv6 Route
This example displays all active IPv6 routes. C3(su)->router>show ipv6 route IPv6 Routing Table - 5 entries Codes: C - connected, S - static O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF Ext 1, OE2 - OSPF Ext 2 Enterasys C3 Configuration Guide 29-25...
Page 730: Show Ipv6 Route Preferences
show ipv6 route preferences ON1 - OSPF NSSA Ext Type 1, ON2 - OSPF NSSA Ext Type 2 ::/0 [1/0] via FE80::2D0:B7FF:FE2C:7694, Vlan 6 3FFE:501:FFFF:100::/64 [0/0] via ::, Vlan 6 3FFE:501:FFFF:101::/64 [0/0] via ::, Vlan 7 3FFE:501:FFFF:108::/64 [0/0] via ::, Vlan 6 3FFE:501:FFFF:109::/64 [1/0] via 3FFE:501:FFFF:100:200:FF:FE00:A1A1,...
Page 731: Show Ipv6 Route Summary
Preference of OSPF NSSA Type 2 routes. show ipv6 route summary This command displays the summary of the routing table. Syntax show ipv6 route summary [all] Parameters (Optional) Display the count summary for all routes, including best and non-best routes. Enterasys C3 Configuration Guide 29-27...
Page 732: Show Ipv6 Traffic
show ipv6 traffic Defaults None. Mode Router privileged execution: C3(su)->router# Router user execution: C3(su)->router> Usage Use the command without parameters to display the count summary for only the best routes. Use all to display the count summary for all routes, including best and non-best routes. Example This example illustrates the summary information displayed by this command.
Page 733 ICMPv6 Messages Prohibited Administratively Received..0 ICMPv6 Time Exceeded Messages Received....0 ICMPv6 Parameter Problem Messages Received....0 ICMPv6 Packet Too Big Messages Received....0 ICMPv6 Echo Request Messages Received..... 52 ICMPv6 Echo Reply Messages Received....... 0 Enterasys C3 Configuration Guide 29-29...
Page 734: Show Ipv6 Traffic Output Details
show ipv6 traffic ICMPv6 Router Solicit Messages Received....0 ICMPv6 Router Advertisement Messages Received..... 5 ICMPv6 Neighbor Solicit Messages Received....31 ICMPv6 Neighbor Advertisement Messages Received... 28 ICMPv6 Redirect Messages Received......0 ICMPv6 Group Membership Query Messages Received... 0 ICMPv6 Group Membership Response Messages Received..0 ICMPv6 Group Membership Reduction Messages Received..
Page 735 Number of IPv6 datagrams that have been successfully fragmented at this output interface. Datagrams Failed To Fragment Number of IPv6 datagrams that have been discarded because they needed to be fragmented at this output interface but could not Enterasys C3 Configuration Guide 29-31...
Page 736 show ipv6 traffic Table 29-5 show ipv6 traffic Output Details (Continued) Output Field What It Displays... Fragments Created Number of output datagram fragments that have been generated as a result of fragmentation at this output interface. Multicast Datagrams Received Number of multicast packets received by the interface. Multicast Datagrams Transmitted Number of multicast packets transmitted by the interface.
Page 737: Clear Ipv6 Statistics
Messages Transmitted sent. ICMPv6 Duplicate Address Detects Number of duplicate addresses detected by the interface clear ipv6 statistics This command clears IPv6 statistics for all interfaces or a specific interface. Syntax clear ipv6 statistics [interface] Enterasys C3 Configuration Guide 29-33...
Page 738 clear ipv6 statistics Parameters interface (Optional) Specifies the interface for statistics should be cleared. Interface can be of the form: vlan vlan-id tunnel tunnel-id loopback loop-id Defaults If no interface is specified, statistics are cleared (reset to 0) for all interfaces. Mode Router privileged executionC3(su)->router# Usage...
Page 739: Chapter 30: Dhcpv6 Configuration
“Activating Licensed Features” in order to enable the DHCPv6 configuration command set. If you wish to purchase an advanced routing license, contact Enterasys Networks Sales. The commands described in this chapter perform configuration of the Dynamic Host Configuration Protocol for IPv6 (DHCPv6) on the Enterasys C3.
Page 740: Default Conditions
Global Configuration Commands RFC 3315 also describes DHCPv6 Relay Agent interactions, which are very much like DHCPv4 Relay Agent. RFC 3046 describes the DHCPv6 Relay Agent Information Option, which employs very similar capabilities as those described by DHCPv4 Relay Agent Option in RFC 2132. With the larger address space inherent to IPv6, addresses within a network can be allocated more effectively in a hierarchical fashion.
Page 741: Ipv6 Dhcp Relay-Agent-Info-Opt
DHCPv6 client. Refer to RFC 3046 for more information. Example This example sets the Relay Agent Information Option value to 82. C3(su)->router(Config)# ipv6 dhcp relay-agent-info-opt 82 Enterasys C3 Configuration Guide 30-3...
Page 742: Ipv6 Dhcp Relay-Agent-Info-Remote-Id-Subopt
ipv6 dhcp relay-agent-info-remote-id-subopt ipv6 dhcp relay-agent-info-remote-id-subopt This command configures a number to represent the DHCPv6 Relay Agent Remote-ID sub-option. Syntax ipv6 dhcp relay-agent-info-remote-id-subopt option Parameters option The value of option may range from 1 to 65535. The default value is 1. Defaults The default value of the DHCPv6 Relay Agent Remote-ID sub-option is 1.
Page 743 Commands” on page 30-6. Use the no form of this command to remove a specified pool. Example This example enters DHCP pool configuration mode to configure the pool named “PoolA.” C3(su)->router(Config)# ipv6 dhcp pool PoolA C3(su)->router(Config-dhcp6s-pool)# Enterasys C3 Configuration Guide 30-5...
Page 744: Address Pool Configuration Commands
The no form of this command will remove the domain name from the DHCPv6 pool being configured. Example This example specifies the domain name “enterasys.com” for the pool named PoolA. C3(su)->router(Config)# ipv6 dhcp pool PoolA C3(su)->router(Config-dhcp6s-pool)# domain-name enterasys.com 30-6 DHCPv6 Configuration...
Page 745: Dns-Server
C3(su)->router(Config-dhcp6s-pool)# dns-server 2001:0db8:1234:5678::A prefix-delegation This command configures a numeric prefix to be delegated to a specified prefix delegation client. Syntax prefix-delegation prefix/prefix-length DUID [name hostname] [valid-lifetime {secs | infinite}] [preferred-lifetime {secs | infinite}] no prefix-delegation prefix/prefix-length DUID Enterasys C3 Configuration Guide 30-7...
Page 746: Exit
exit Parameters prefix/prefix-length This prefix must be in the form documented in RFC 4291, with the address specified in hexadecimal using 16-bit values between colons. The value of prefix-length is a decimal number indicating the number of high-order contiguous bits of the address that comprise the prefix. DUID The DHCP Unique Identifier (DUID) of the prefix delegation client, as described in RFC 3315.
Page 747 Defaults None. Mode Router DHCPv6 pool configuration mode: C3(su)->router(Config-dhcp6s-pool)# Example This example illustrates how to exit DHCPv6 pool configuration mode. C3(su)->router(Config-dhcp6s-pool)# exit C3(su)->router(Config)# Enterasys C3 Configuration Guide 30-9...
Page 748: Interface Configuration Commands
Interface Configuration Commands Interface Configuration Commands Purpose These commands are used to configure an interface as either a DHCPv6 server or a DHCPv6 relay agent. Commands For information about... Refer to page... ipv6 dhcp server 30-10 ipv6 dhcp relay 30-11 ipv6 dhcp server This command configures DHCPv6 server functionality on an interface.
Page 749: Ipv6 Dhcp Relay
Use this command to configure a routing interface as a DHCPv6 relay agent. An interface can be configured as either a DHCPv6 server or a DHCPv6 relay agent, but not both. Use the no form of this command to remove DHCPv6 relay agent functionality from an interface. Enterasys C3 Configuration Guide 30-11...
Page 750 ipv6 dhcp relay Examples This example configures interface VLAN 8 as a DHCPv6 relay agent that relays DHCPv6 messages to the DHCPv6 server at the global address 2001:0db8:1234:5555::122:10. C3(su)->router(Config)# interface vlan 8 C3(su)->router(Config-if(Vlan 8))# ipv6 dhcp relay destination 2001:0db8:1234:5555::122:10/64 This example configures interface VLAN 8 as a DHCPv6 relay agent by configuring the interface through which the relay agent relays messages using the DHCPV6-ALL-AGENTS multicast address.
Page 751: Dhcpv6 Show Commands
Parameters None. Defaults None. Mode Router privileged execution: C3(su)->router# Example This example illustrates the output of this command when DHCPv6 is enabled on the switch. C3(su)->router# show ipv6 dhcp DHCPv6 is enabled Server DUID: 00:01:00:06:90:83:57:c7:00:11:88:56:5d:58 Enterasys C3 Configuration Guide 30-13...
Page 752: Show Ipv6 Dhcp Interface
show ipv6 dhcp interface show ipv6 dhcp interface This command displays DHCPv6 configuration information or DHCPv6 statistics for the specified routing interface. Syntax show ipv6 dhcp interface vlan vlan-id [statistics] Parameters vlan vlan-id Specifies the ID of the routing interface for which to display DHCPv6 information.
Page 753: Output Of Show Ipv6 Dhcp Interface Command
Total DHCPv6 Packets Received DHCPv6 Advertisement Packets Transmitted DHCPv6 Reply Packets Transmitted DHCPv6 Reconfig Packets Transmitted DHCPv6 Relay-reply Packets Transmitted DHCPv6 Relay-forward Packets Transmitted Total DHCPv6 Packets Transmitted Table 30-2 provides an explanation of the command output. Enterasys C3 Configuration Guide 30-15...
Page 754: Show Ipv6 Dhcp Statistics
show ipv6 dhcp statistics show ipv6 dhcp statistics This command displays IPv6 DHCP statistics for all interfaces. Syntax show ipv6 dhcp statistics Parameters None. Defaults None. Mode Router privileged execution: C3(su)->router# Example This example displays the output of this command. C3(su)->router# show ipv6 dhcp statistics DHCPv6 Interface Global Statistics ------------------------------------...
Page 755: Clear Ipv6 Dhcp Statistics
Defaults If no interface is specified, IPv6 DHCP statistics for all interfaces are cleared. Mode Router privileged execution: C3(su)->router# Example This example clears DHCPv6 statistics for VLAN 80. C3(su)->router# clear ipv6 dhcp statistics vlan 80 Enterasys C3 Configuration Guide 30-17...
Page 756: Show Ipv6 Dhcp Pool
This example displays the output for PoolA that was not configured for prefix delegation. C3(su)->router# show ipv6 dhcp pool PoolA DHCPv6 Pool: PoolA DNS Server: 2001:db8:1234:5678::A Domain Name: enterasys.com This example displays the output for PoolB that was configured for prefix delegation. C3(su)->router# show ipv6 dhcp pool PoolB DHCPv6 Pool: PoolB...
Page 757 This example displays all bindings for the client with the IPv6 address FE80::111:FCF1:DEA5:10. C3(su)->router# show ipv6 dhcp binding FE80::111:FCF1:DEA5:10 DHCP Client Address: FE80::111:FCF1:DEA5:10 DUID: 000300010002FCA5DC1C IA ID: 0x00040001, T1 0, T2 0 Prefix/Prefix Length: 3FFE:C00:C18:11::/68 Prefix Type: IPPD Expiration: 12320 seconds Valid Lifetime: 12345 Preferred Lifetime: 180 Enterasys C3 Configuration Guide 30-19...
Page 758 show ipv6 dhcp binding 30-20 DHCPv6 Configuration...
Page 759: Chapter 31: Ospfv3 Configuration
“Activating Licensed Features” in order to enable the OSPFv3 protocol configuration command set. If you wish to purchase an advanced routing license, contact Enterasys Networks Sales.
Page 760: Default Conditions
Area ID and Router ID remain 32 bit identifiers. OSPFv3 identifies Neighbors by router ID instead of the interface address used in OSPFv2. Note that both OSPFv3 and OSPFv2 can be enabled and run on the Enterasys C3. Default Conditions The following table lists the default OSPFv3 conditions.
Page 761: Global Ospfv3 Configuration Commands
Syntax ipv6 router id ip-address Parameters ip-address Specifies the ID of the OSPFv3 router, in 32-bit dotted-quad notation. Defaults None. Mode Router global configuration: C3(su)->router(Config)# Usage Use this command to configure the OSPFv3 router ID. Enterasys C3 Configuration Guide 31-3...
Page 762: Ipv6 Router Ospf
ipv6 router ospf Example This example illustrates configuring the OSPFv3 router ID as 2.2.2.2. C3(su)->router(Config)# ipv6 router id 2.2.2.2 ipv6 router ospf This command enters Router OSPFv3 configuration mode. Syntax ipv6 router ospf Parameters None. Defaults None. Mode Router global configuration: C3(su)->router(Config)# Usage Use this command to enter OSPFv3 configuration mode so you can configure global OSPFv3 parameters.
Page 763: Default-Metric
Use this command to cause the same metric value to be used for all redistributed routes. Use the no form of this command to remove a configured default metric. Example This example configures a metric of 100 to be used for all redistributed routes. C3(su)->router(Config-router)# default-metric 100 Enterasys C3 Configuration Guide 31-5...
Page 764: Distance Ospf
distance ospf distance ospf This command sets the route preference value of OSPFv3. Syntax distance ospf {intra | inter | type1 | type2} preference no distance ospf {intra | inter | type1 | type2} Parameters intra Specifies the preference for intra-area routes (all routes within an area) inter Specifies the preference for inter-area routes (all routes between areas) type1...
Page 765: Exit-Overflow-Interval
Parameters limit Specifies the limit, which can range from -1 to 2147483647. A value of -1 means that there is no limit. Defaults The default value is -1. Mode Router OSPFv3 configuration: C3(su)->router(Config-router)# Enterasys C3 Configuration Guide 31-7...
Page 766: Maximum-Paths
maximum-paths Usage When the number of non-default AS-external-LSAs in a router's link-state database reaches the external LSDB limit, the router enters overflow state. The router never holds more than the external LSDB limit non-default AS-external-LSAs in it database. The external LSDB limit MUST be set identically in all routers attached to the OSPFv3 backbone and/or any regular OSPFv3 area.
Page 767: Passive-Interface
{default | vlan vlan-id} no passive-interface {default | vlan vlan-id} Parameters default Configure the default mode of operation for all interfaces. vlan vlan-id Specifies the interface on which to enable passive OSPF mode. Defaults None. Enterasys C3 Configuration Guide 31-9...
Page 768: Area Configuration Commands
Area Configuration Commands Mode Router configuration: C3(su)->router(Config-router)# Usage Passive mode allows an interface to be included in the OSPF route table, but turns off sending and receiving hellos for the interface. It also prevents OSPF adjacencies from being formed on an interface.
Page 769: Area Default-Cost
This command configures the specified area to function as a not so stubby area (NSSA). Syntax area areaid nssa no area areaid nssa Parameters areaid Specifies the area ID in IP address format (dotted-quad) or as a decimal value. Defaults None. Mode Router OSPFv3 configuration: C3(su)->router(Config-router)# Enterasys C3 Configuration Guide 31-11...
Page 770: Area Nssa Default-Info-Originate
area nssa default-info-originate Usage An NSSA allows some external routes represented by external Link State Advertisements (LSAs) to be imported into it. This is in contrast to a stub area that does not allow any external routes. External routes that are not imported into an NSSA can be represented by means of a default route.
Page 771: Area Nssa No-Redistribute
This command configures the NSSA area border router to not advertise summary routes into the NSSA. Syntax area areaid nssa no-summary no area areaid nssa no-summary Parameters areaid Specifies the area ID in IP address format (dotted-quad) or as a decimal value. Enterasys C3 Configuration Guide 31-13...
Page 772: Area Nssa Translator Role
area nssa translator role Defaults None. Mode Router OSPFv3 configuration: C3(su)->router(Config-router)# Usage Use this command to prevent the advertising of summary routes into the specified NSSA by this router. Use the no form of this command to enable advertising of summary routes into the NSSA. Example This example the router to not advertise summary routes into NSSA 20.
Page 773: Area Nssa Translator-Stab-Intv
This example sets the translator stability interval to 60 seconds for NSSA 20. C3(su)->router(Config-router)# area 20 nssa translator-stab-intv 60 area range This command creates an address range for the specified NSSA. Syntax area areaid range ipv6-prefix/prefix-length {summarylink | nssaexternallink} [advertise | not-advertise] no area areaid range ipv6-prefix/prefix-length Enterasys C3 Configuration Guide 31-15...
Page 774: Area Stub
area stub Parameters areaid Specifies the area ID in IP address format (dotted-quad) or as a decimal value. ipv6-prefix/prefix-length Specifies IPv6 prefix and the length of the IPv6 prefix for the address range. The prefix must be specified in hexadecimal using 16-bit values between colons.
Page 775: Area Stub No-Summary
Use the no form of this command to set the summary LSA import mode to the default for the specified stub area. Example The example disables the import of summary LSAs into stub area 30. C3(su)->router(Config-router)# area 30 stub no-summary Enterasys C3 Configuration Guide 31-17...
Page 776: Area Virtual-Link
area virtual-link area virtual-link This command creates the OSPFv3 virtual interface for the specified area and neighbor. Syntax area areaid virtual-link neighborid no area areaid virtual-link neighborid Parameters areaid Specifies the area ID in IP address format (dotted-quad) or as a decimal value.
Page 777: Area Virtual-Link Hello-Interval
Use the no form of this command to return a configured value to the default value of 10 seconds. Example This example configures a hello interval of 30 seconds for the specified OSPFv3 virtual interface. C3(su)->router(Config-router)# area 20 virtual-link 2.2.2.2 hello-interval 30 Enterasys C3 Configuration Guide 31-19...
Page 778: Area Virtual-Link Retransmit-Interval
area virtual-link retransmit-interval area virtual-link retransmit-interval This command configures the retransmit interval for the specified OSPFv3 virtual interface. Syntax area areaid virtual-link neighborid retransmit-interval seconds no area areaid virtual-link neighborid retransmit-interval Parameters areaid Specifies the area ID in IP address format (dotted-quad) or as a decimal value.
Page 779 Use the no form of this command to reset the transmit delay to the default of 1 second. Example This example sets the transmit delay to 2 seconds for the specified OSPFv3 virtual interface. C3(su)->router(Config-router)# area 20 virtual-link 2.2.2.2 transmit-delay 2 Enterasys C3 Configuration Guide 31-21...
Page 780: Interface Configuration Commands
Interface Configuration Commands Interface Configuration Commands Purpose These commands can be used to configure OSPF v3 routing interface parameters. Commands For information about... Refer to page... ipv6 ospf enable 31-22 ipv6 ospf areaid 31-23 ipv6 ospf cost 31-23 ipv6 ospf dead-interval 31-24 ipv6 ospf hello-interval 31-25...
Page 781: Ipv6 Ospf Areaid
This example assigns VLAN 7 to area 20, expressed as a decimal number. C3(su)->router(Config-if(Vlan 7))# ipv6 ospf areaid 20 ipv6 ospf cost This command configures the cost of sending a packet on an OSPFv3 interface. Syntax ipv6 ospf cost cost no ipv6 ospf cost cost Enterasys C3 Configuration Guide 31-23...
Page 782: Ipv6 Ospf Dead-Interval
ipv6 ospf dead-interval Parameters cost Specifies the cost of sending a packet on this interface. The value can range from 1 to 65535. Defaults The default cost is 10. Mode Router interface configuration: C3(su)->router(Config-if(Vlan 1))# Usage Use this command to explicitly specify the cost of sending a packet on the interface being configured for OSPFv3.
Page 783: Ipv6 Ospf Hello-Interval
This example sets the hello interval for router interface VLAN 7 to 20 seconds. C3(su)->router(Config)# interface vlan 7 C3(su)->router(Config-if(Vlan 7))# ipv6 ospf hello-interval 20 ipv6 ospf mtu-ignore This command disables OSPFv3 maximum transmission unit (MTU) mismatch detection. Syntax ipv6 ospf mtu-ignore no ipv6 ospf mtu-ignore Parameters None. Enterasys C3 Configuration Guide 31-25...
Page 784: Ipv6 Ospf Network
ipv6 ospf network Defaults By default, MTU mismatch detection is enabled. Mode Router interface configuration: C3(su)->router(Config-if(Vlan 1))# Usage OSPF Database Description packets specify the size of the largest IP packet that can be sent without fragmentation on the interface. When a router receives a Database Description packet, it examines the MTU advertised by the neighbor.
Page 785: Ipv6 Ospf Priority
This example sets the priority for router interface VLAN 7 to 5. C3(su)->router(Config)# interface vlan 7 C3(su)->router(Config-if(Vlan 7))# ipv6 ospf priority 5 ipv6 ospf retransmit-interval This command configures the OSPFv3 retransmit interval for the router interface. Syntax ipv6 ospf retransmit-interval seconds no ipv6 ospf retransmit-interval Enterasys C3 Configuration Guide 31-27...
Page 786: Ipv6 Ospf Transmit-Delay
ipv6 ospf transmit-delay Parameters seconds Specifies the retransmit interval value, which can range from 0 to 3600 seconds. Defaults Default value is 4 seconds. Mode Router interface configuration: C3(su)->router(Config-if(Vlan 1))# Usage The retransmit interval is the number of seconds between link-state advertisement retransmissions for adjacencies belonging to this router interface.
Page 787 Example This example sets the transmit delay value to 4 seconds for router interface VLAN 7. C3(su)->router(Config)# interface vlan 7 C3(su)->router(Config-if(Vlan 7))# ipv6 ospf transmit-delay 4 Enterasys C3 Configuration Guide 31-29...
Page 788: Ospfv3 Show Commands
OSPFv3 Show Commands OSPFv3 Show Commands Purpose These commands are used to display OSPFv3 information and statistics. Commands For information about... Refer to page... show ipv6 ospf 31-30 show ipv6 ospf area 31-32 show ipv6 ospf abr 31-33 show ipv6 ospf asbr 31-34 show ipv6 ospf database 31-35...
Page 789: Show Ipv6 Ospf Output Details
Default value for redistributed routes. Maximum Paths The maximum number of paths that OSPF can report for a given destination. Default Route Advertise Whether the default routes received from other source protocols are advertised or not. Enterasys C3 Configuration Guide 31-31...
Page 790: Show Ipv6 Ospf Area
show ipv6 ospf area Table 31-1 show ipv6 ospf Output Details Output Field What It Displays... Always Whether default routes are always advertised. Metric The metric for the advertised default routes. If the metric is not configured, this field is blank. Metric Type Whether the routes are External Type 1 or External Type 2.
Page 791: Show Ipv6 Ospf Abr
INTRA — Intra-area route INTER — Inter-area route Router ID Router ID of the destination. Cost Cost of using this route. Area ID The area ID of the area from which this route is learned. Enterasys C3 Configuration Guide 31-33...
Page 792: Show Ipv6 Ospf Asbr
show ipv6 ospf asbr Table 31-3 show ipv6 ospf abr Output Details (Continued) Output Field What It Displays... Next Hop Intf Address of the next hop toward the destination. Next Hop Intf The outgoing router interface to use when forwarding traffic to the next hop.
Page 793: Show Ipv6 Ospf Database
Examples This example displays the output when an area ID is specified. C3(su)->router#show ipv6 ospf 10 database Inter Network States (Area 0.0.0.10) Enterasys C3 Configuration Guide 31-35...
Page 794 show ipv6 ospf database Adv Router Link Id Sequence Csum Options Rtr Opt --------------- --------------- ----- -------- ---- ------- ------- 2.2.2.2 1 153 80000026 A8F2 Intra Prefix States (Area 0.0.0.10) Adv Router Link Id Sequence Csum Options Rtr Opt --------------- --------------- ----- -------- ---- ------- ------- 2.2.2.2 0 506 80000027 DD00...
Page 795: Show Ipv6 Ospf Database Output Details
The IPv6 route with prefix mask being displayed. This example shows how to display OSPF database summary information. C3(su)->router#show ipv6 ospf database database-summary OSPF Router with ID (2.2.2.2) Area 0.0.0.0 Database Summary Router Network Inter-area Prefix Inter-area Router Type-7 Ext Link Enterasys C3 Configuration Guide 31-37...
Page 796: Show Ipv6 Ospf Database Database-Summary Output Details
show ipv6 ospf database Intra-area Prefix Link Unknown Area Unknown AS Unknown AS Unknown Self Originated Type-7 Subtotal Area 0.0.0.10 Database Summary Router Network Inter-area Prefix Inter-area Router Type-7 Ext Link Intra-area Prefix Link Unknown Area Unknown AS Unknown AS Unknown Self Originated Type-7 Subtotal Router database summary...
Page 797: Show Ipv6 Ospf Interface
This example displays information about OSPFv3 routing interface VLAN 80. C3(su)->router>show ipv6 ospf interface vlan 80 IPv6 Address FE80::211:88FF:FE56:5D8F ifIndex OSPF Admin Mode Enable OSPF Area ID 0.0.0.20 Router Priority Retransmit Interval Hello Interval Dead Interval LSA Ack Interval Iftransit Delay Interval Enterasys C3 Configuration Guide 31-39...
Page 798: Show Ipv6 Ospf Interface Command Output Details
show ipv6 ospf interface Authentication Type None Metric Cost (computed) OSPF Mtu-ignore Disable OSPF Interface Type broadcast State designated-router Designated Router 2.2.2.2 Backup Designated Router 0.0.0.0 Number of Link Events This example displays information about tunnel interface 0. Table 31-7 on page 31-40 explains the content of the output fields.
Page 799: Show Ipv6 Ospf Interface Stats
Spf Runs Area Border Router Count AS Border Router Count Area LSA Count IPv6 Address FE80::211:88FF:FE56:5D8F/128 OSPF Interface Events Virtual Events Neighbor Events External LSA Count LSAs Received 1903 Originate New LSAs 4198 Sent Packets 1053 Enterasys C3 Configuration Guide 31-41...
Page 800: Show Ipv6 Ospf Interface Stats Output Details
show ipv6 ospf interface stats Received Packets Discards Bad Version Virtual Link Not Found Area Mismatch Invalid Destination Address No Neighbor at Source Address Invalid OSPF Packet Type Packet Type Sent Received -------------------- ---------- ---------- Hello 1053 Database Description LS Request LS Update LS Acknowledgement Table 31-8...
Page 801: Show Ipv6 Ospf Neighbor
C3(su)->router#show ipv6 ospf neighbor Router ID Priority Intf Interface State Dead Time ---------------- -------- ----- ----------- ---------------- ---- 3.3.3.3 Vlan 36 Full/DR 6.6.6.6 Tunnel 0 Full/PtP Table 31-9 provides an explanation of the command output. Enterasys C3 Configuration Guide 31-43...
Page 802: Show Ipv6 Ospf Neighbor Output Details
show ipv6 ospf neighbor Table 31-9 show ipv6 ospf neighbor Output Details Output Field What It Displays... Router ID The 4-digit dotted-decimal number of the neighbor router. Priority OSPFv3 priority for the specified interface. The priority of an interface is a priority integer from 0 to 255. A value of '0' indicates that the router is not eligible to become the designated router on this network.
Page 803: Show Ipv6 Ospf Range
This example displays range information for area 20. C3(su)->router#show ipv6 ospf range 20 Area ID IPv6 Prefix/Prefix Length Lsdb Type Advertisement --------------- ------------------------- --------------- ------------- 0.0.0.20 3345:1234::/64 Summary Link Enabled Table 31-11 provides an explanation of the command output. Enterasys C3 Configuration Guide 31-45...
Page 804: Show Ipv6 Ospf Stub Table
show ipv6 ospf stub table Table 31-11 show ipv6 ospf range Output Details Output Field What It Displays... Area ID The area ID of the requested OSPFv3 area. IPv6 Prefix/Prefix Length An IPv6 prefix and length which represents a configured area range.
Page 805: Show Ipv6 Ospf Virtual-Link
Retransmit Interval The configured retransmit interval for the OSPFv3 virtual interface. State The OSPFv3 Interface States are: down, loopback, waiting, point- to-point, designated router, and backup designated router. This is the state of the OSPFv3 interface. Enterasys C3 Configuration Guide 31-47...
Page 806 show ipv6 ospf virtual-link Table 31-13 show ipv6 ospf virtual-link Output Details (Continued) Output Field What It Displays... Metric The metric of this virtual link. Neighbor State The state of the neighbor. States are: down, loopback, waiting, point-to-point, designated router, and backup designated router. 31-48 OSPFv3 Configuration...
Page 807: Chapter 32: Authentication And Authorization Configuration
Configuring Port Web Authentication (PWA) 32-77 Configuring Secure Shell (SSH) 32-89 Note: An Enterasys Networks Feature Guide document containing an in-depth discussion of authentication and authorization configuration is located on the Enterasys Networks web site: https://extranet.enterasys.com/downloads/ Overview of Authentication and Authorization Methods The following methods are available for controlling which users are allowed to access, monitor, and manage the switch.
Page 808 RADIUS” on page 32-6. • SNMP user or community names – allows access to the Enterasys C3 switch via a network SNMP management application. To access the switch, you must enter an SNMP user or community name string. The level of management access is dependent on the associated access policy.
Page 809: Radius Filter-Id Attribute And Dynamic Policy Profile Assignment
Filter-ID Attribute Formats Enterasys Networks supports two Filter-ID formats — “decorated” and “undecorated.” The decorated format has three forms: •...
Page 810: Setting The Authentication Login Method
Setting the Authentication Login Method Setting the Authentication Login Method Purpose To configure the authentication login method to be used for management. Commands The commands used to configure the authentication login method are listed below. For information about... Refer to page... show authentication login 32-4 set authentication login...
Page 811: Clear Authentication Login
Parameters None. Defaults None. Mode Switch command, read-write, if security profile = normal. Switch command, super-user, if security profile = c2 Example This example shows how to reset the authentication login method. C3(rw)->clear authentication login Enterasys C3 Configuration Guide 32-5...
Page 812: Configuring Radius
Configuring RADIUS Configuring RADIUS Purpose To perform the following: • Review the RADIUS client/server configuration on the switch. • Enable or disable the RADIUS client. • Set local and remote login options. • Set primary and secondary server parameters, including IP address, timeout period, authentication realm, and number of user login attempts allowed.
Page 813: Show Radius Output Details
“set radius” on page 32-8. RADIUS attribute Whether RADIUS password authentication management is configured as standard mgmt password: or MS-CHAPv2. Configured with the command “set radius attribute mgmt password” on page 32-16. Enterasys C3 Configuration Guide 32-7...
Page 814: Set Radius
set radius Table 32-1 show radius Output Details (Continued) Output Field What It Displays... RADIUS Server RADIUS server’s index number, IP address, and UDP authentication port. Realm-Type Realm defines who has to go through the RADIUS server for authentication. • Management-access: This means that anyone trying to access the switch (Telnet, SSH, Local Management) has to authenticate through the RADIUS server.
Page 815 Switch command, read-write. Usage The Enterasys C3 device allows up to 10 RADIUS servers to be configured, with up to two servers active at any given time. The RADIUS client can only be enabled on the switch once a RADIUS server is online, and its IP address(es) has been configured with the same password the RADIUS client will use.
Page 816: Set Radius Ipsec
set radius ipsec This example shows how to force any management-access to the switch (Telnet, web, SSH) to authenticate through a RADIUS server. The all parameter at the end of the command means that any of the defined RADIUS servers can be used for this Authentication. C3(rw)->set radius realm management-access all set radius ipsec Use this command to enable or disable IPsec on one or all RADIUS servers.
Page 817: Clear Radius Ipsec
If no RADIUS server is specified, IPsec is disabled on all RADIUS servers. Mode Switch command, read-write, if security profile = normal. Switch command, super-user, if security profile = c2 Example This example disables IPsec on the RADIUS server specified by index 2. C3(su)->clear radius ipsec 2 Enterasys C3 Configuration Guide 32-11...
Page 818: Show Radius Accounting
show radius accounting show radius accounting Use this command to display the RADIUS accounting configuration. This transmits accounting information between a network access server and a shared accounting server. Syntax show radius accounting [server] | [counter ip-address] | [retries] | [timeout] Parameters server (Optional) Displays one or all RADIUS accounting server configurations.
Page 819: Clear Radius Accounting
| Clears the configuration on one or all accounting servers. retries Resets the retries to the default value of 3. timeout Resets the timeout to 5 seconds. counter Clears counters. Mode Switch command, read-write. Enterasys C3 Configuration Guide 32-13...
Page 820: Show Radius Interface
show radius interface Defaults None. Example This example shows how to reset the RADIUS accounting timeout to 5 seconds. C3(su)->clear radius accounting timeout show radius interface Use this command to display the interface used for the source IP address of the RADIUS application when generating RADIUS packets.
Page 821: Clear Radius Interface
Host interface, if configured. If no Host address is configured, the source IP address will be the address of the routed interface on which the packet egresses. Syntax clear radius interface Parameters None. Defaults None. Mode Switch command, read-write. Enterasys C3 Configuration Guide 32-15...
Page 822: Set Radius Attribute Mgmt Password
set radius attribute mgmt password Example This command returns the interface used for the source IP address of the RADIUS application back to the default of the Host interface. C3(rw)->show radius interface vlan 100 192.168.10.1 C3(rw)->clear radius interface C3(rw)-> set radius attribute mgmt password Use this command to configure RADIUS management authentication.
Page 823: Show Radius Attribute Mgmt Password
Use this command to display the currently configured RADIUS management authentication mode. The current state can also be displayed with the show radius command. Syntax show radius attribute mgmt password Enterasys C3 Configuration Guide 32-17...
Page 824 show radius attribute mgmt password Parameters None. Defaults None. Mode Switch command, read-only. Example This example displays the current RADIUS management authentication mode. C3(su)->show radius attribute mgmt password Attribute mgmt password is mschapv2 32-18 Authentication and Authorization Configuration...
Page 825: Configuring 802.1X Authentication
(Optional) Displays information for specific port(s). For a detailed description of possible port-string values, refer to “Port String Syntax Used in the CLI” on page 11-1. Defaults If no parameters are specified, 802.1X status will be displayed. Enterasys C3 Configuration Guide 32-19...
Page 826 show dot1x If port-string is not specified, information for all ports will be displayed. Mode Switch command, read-only. Examples This example shows how to display 802.1X status: C3(su)->show dot1x DOT1X is disabled. This example shows how to display authentication diagnostics information for ge.1.1: C3(su)->show dot1x auth-diag .1.1 Port : 1...
Page 827: Show Dot1X Auth-Config
This example shows how to display the 802.1X quiet period settings for .1.1: C3(su)->show dot1x auth-config quietperiod ge.1.1 Port 1: Quiet period: This example shows how to display all 802.1X authentication configuration settings for .1.1: C3(ro)->show dot1x auth-config ge.1.1 Enterasys C3 Configuration Guide 32-21...
Page 828: Set Dot1X
set dot1x Port : 1 Auth-Config PAE state: Initialize Backend auth state: Initialize Admin controlled directions: Both Oper controlled directions: Both Auth controlled port status: Authorized Auth controlled port control: Auto Quiet period: Transmission period: Supplicant timeout: Server timeout: Maximum requests: Reauthentication period: 3600 Reauthentication control:...
Page 829: Set Dot1X Auth-Config
For a detailed description of possible port-string values, refer “Port String Syntax Used in the CLI” on page 11-1. Defaults If port-string is not specified, authentication parameters will be set on all ports. Mode Switch command, read-write. Enterasys C3 Configuration Guide 32-23...
Page 830: Clear Dot1X Auth-Config
clear dot1x auth-config Examples This example shows how to enable reauthentication control on ports .1.1-3: C3(su)->set dot1x auth-config reauthenabled true ge.1.1-3 This example shows how to set the 802.1X quiet period to 120 seconds on ports .1.1-3: C3(su)->set dot1x auth-config quietperiod 120 ge.1.1-3 clear dot1x auth-config Use this command to reset 802.1X authentication parameters to default values on one or more ports.
Page 831: Show Eapol
Initialize Auto Table 32-2 provides an explanation of the command output. For details on using the set eapol command to enable the protocol and assign an authentication mode, refer to “set eapol” on page 32-27. Enterasys C3 Configuration Guide 32-25...
Page 832: Show Eapol Output Details
show eapol Table 32-2 show eapol Output Details Output Field What It Displays... Port Port designation. For a detailed description of possible port-string values, refer to “Port String Syntax Used in the CLI” on page 11-1. Authentication State Current EAPOL authentication state for each port. Possible internal states for the authenticator (switch) are: •...
Page 833: Set Eapol
This example shows how to enable EAPOL with forced authorized mode on port .1.1: C3(su)->set eapol auth-mode forced-auth ge.1.1 clear eapol Use this command to globally clear the EAPOL authentication mode, or to clear settings for one or more ports. Syntax clear eapol [auth-mode] [port-string] Enterasys C3 Configuration Guide 32-27...
Page 834 clear eapol Parameters auth-mode (Optional) Globally clears the EAPOL authentication mode. port-string Specifies the port(s) on which to clear EAPOL parameters. For a detailed description of possible port-string values, refer to “Port String Syntax Used in the CLI” on page 11-1. Defaults If auth-mode is not specified, all EAPOL settings will be cleared.
Page 835: Configuring Mac Authentication
32-37 clear macauthentication reauthperiod 32-38 set macauthentication significant-bits 32-39 clear macauthentication significant-bits 32-39 show macauthentication Use this command to display MAC authentication information for one or more ports. Syntax show macauthentication [port-string] Enterasys C3 Configuration Guide 32-29...
Page 836: Show Macauthentication Output Details
show macauthentication Parameters port-string (Optional) Displays MAC authentication information for specific port(s). For a detailed description of possible port-string values, refer to “Port String Syntax Used in the CLI” on page 11-1. Defaults If port-string is not specified, MAC authentication information will be displayed for all ports. Mode Switch command, read-only.
Page 837: Show Macauthentication Session
Port designation. For a detailed description of possible port-string values, refer to “Port String Syntax Used in the CLI” on page 11-1. MAC Address MAC address associated with the session. Duration Time this session has been active. Enterasys C3 Configuration Guide 32-31...
Page 838: Set Macauthentication
set macauthentication Table 32-4 show macauthentication session Output Details (Continued) Output Field What It Displays... Reauth Period Reauthentication period for this port, set using the set macauthentication reauthperiod command described in “set macauthentication reauthperiod” on page 32-37. Reauthentications Whether or not reauthentication is enabled or disabled on this port. Set using the set macauthentication reauthentication command described in “set macauthentication...
Page 839: Clear Macauthentication Password
Specifies port(s) on which to enable or disable MAC authentication. For a detailed description of possible port-string values, refer to “Port String Syntax Used in the CLI” on page 11-1. Defaults None. Mode Switch command, read-write. Enterasys C3 Configuration Guide 32-33...
Page 840: Set Macauthentication Portinitialize
set macauthentication portinitialize Usage Enabling port(s) for MAC authentication requires globally enabling MAC authentication on the switch as described in “set macauthentication” on page 32-32, and then enabling it on a port-by- port basis. By default, MAC authentication is globally disabled and disabled on all ports. Example This example shows how to enable MAC authentication on .2.1 though 5:...
Page 841: Clear Macauthentication Portquietperiod
Use this command to force a current MAC authentication session to re-initialize and remove the session. Syntax set macauthentication macinitialize mac-addr Parameters mac-addr Specifies the MAC address of the session to re-initialize. Enterasys C3 Configuration Guide 32-35...
Page 842: Set Macauthentication Reauthentication
set macauthentication reauthentication Mode Switch command, read-write. Defaults None. Example This example shows how to force the MAC authentication session for address 00-60-97-b5-4c-07 to re-initialize: C3(su)->set macauthentication macinitialize 00-60-97-b5-4c-07 set macauthentication reauthentication Use this command to enable or disable reauthentication of all currently authenticated MAC addresses on one or more ports.
Page 843: Set Macauthentication Macreauthenticate
Use this command to set the MAC reauthentication period (in seconds). This is the time lapse between attempts to reauthenticate any current MAC address authenticated to a port. Syntax set macauthentication reauthperiod time port-string Enterasys C3 Configuration Guide 32-37...
Page 844: Clear Macauthentication Reauthperiod
clear macauthentication reauthperiod Parameters time Specifies the number of seconds between reauthentication attempts. Valid values are 1 - 4294967295. port-string Specifies the port(s) on which to set the MAC reauthentication period. For a detailed description of possible port-string values, refer to “Port String Syntax Used in the CLI”...
Page 845: Set Macauthentication Significant-Bits
C3(su)->set macauthentication significant-bits 24 clear macauthentication significant-bits Use this command to reset the number of significant bits of the MAC address to use for authentication to the default of 48. Syntax clear macauthentication significant-bits Parameters None. Defaults None. Enterasys C3 Configuration Guide 32-39...
Page 846 clear macauthentication significant-bits Mode Switch command, read-write. Example This example resets the MAC authentication significant bits to 48. C3(su)->clear macauthentication significant-bits 32-40 Authentication and Authorization Configuration...
Page 847: Configuring Multiple Authentication Methods
For information about... Refer to page... show multiauth 32-42 set multiauth mode 32-43 clear multiauth mode 32-43 set multiauth precedence 32-44 clear multiauth precedence 32-44 show multiauth port 32-45 set multiauth port 32-45 clear multiauth port 32-46 Enterasys C3 Configuration Guide 32-41...
Page 848: Show Multiauth
show multiauth For information about... Refer to page... show multiauth station 32-47 show multiauth session 32-47 show multiauth idle-timeout 32-48 set multiauth idle-timeout 32-49 clear multiauth idle-timeout 32-50 show multiauth session-timeout 32-50 set multiauth session-timeout 32-51 clear multiauth session-timeout 32-52 show multiauth Use this command to display multiple authentication system configuration.
Page 849: Set Multiauth Mode
This example shows how to enable simultaneous multiple authentications: C3(rw)->set multiauth mode multi clear multiauth mode Use this command to clear the system authentication mode. Syntax clear multiauth mode Parameters None. Defaults None. Mode Switch command, read-write. Enterasys C3 Configuration Guide 32-43...
Page 850: Set Multiauth Precedence
set multiauth precedence Example This example shows how to clear the system authentication mode: C3(rw)->clear multiauth mode set multiauth precedence Use this command to set the system’s multiple authentication administrative precedence. Syntax set multiauth precedence {[dot1x] [mac] [pwa]} Parameters dot1x Sets precedence for 802.1X authentication.
Page 851: Show Multiauth Port
Use this command to set multiple authentication properties for one or more ports. Syntax set multiauth port mode {auth-opt | auth-reqd | force-auth | force-unauth} | numusers numusers port-string Enterasys C3 Configuration Guide 32-45...
Page 852: Clear Multiauth Port
clear multiauth port Parameters mode Specifies the port(s)’ multiple authentication mode as: auth-opt | • auth-opt — Authentication optional (“non-strict” behavior). If a user auth-reqd | does not attempt to authenticate using 802.1x, or if 802.1x force-auth | authentication fails, the port will allow traffic to be forwarded force-unauth according to the defined default VLAN.
Page 853: Show Multiauth Station
Address ------------ ------------ ------------------------ ge.1.20 00-10-a4-9e-24-87 ge.2.16 00-b0-d0-e5-0c-d0 show multiauth session Use this command to display multiple authentication session entries. Syntax show multiauth session [all] [agent {dot1x | mac | pwa}] [mac address] [port port-string] Enterasys C3 Configuration Guide 32-47...
Page 854: Show Multiauth Idle-Timeout
show multiauth idle-timeout Parameters (Optional) Displays information about all sessions, including those with terminated status. agent dot1x | mac | (Optional) Displays 802.1X, or MAC, or port web authentication session information. mac address (Optional) Displays multiple authentication session entries for specific MAC address(es).
Page 855: Set Multiauth Idle-Timeout
(Optional) Specifies the Enterasys MAC authentication method for which to set the timeout value. (Optional) Specifies the Enterasys Port Web Authentication method for which to set the timeout value. timeout Specifies the timeout value in seconds. The value can range from 0 to 65535.
Page 856: Clear Multiauth Idle-Timeout
(Optional) Specifies the Enterasys MAC authentication method for which to reset the timeout value to its default. (Optional) Specifies the Enterasys Port Web Authentication method for which to reset the timeout value to its default. Defaults If no authentication method is specified, the idle timeout value is reset to its default value of 0 for all authentication methods.
Page 857: Set Multiauth Session-Timeout
(Optional) Specifies the Enterasys MAC authentication method for which to set the session timeout value. (Optional) Specifies the Enterasys Port Web Authentication method for which to set the session timeout value. timeout Specifies the timeout value in seconds.
Page 858: Clear Multiauth Session-Timeout
This special application of multi-user authentication was inherited from legacy platforms (such as the B2 and C2) that could not natively support multiple users per port. The Enterasys C3 can support multiple users per port so the User + IP phone application should only be used if you are integrating Enterasys C3s into a legacy deployment.
Page 859: Configuring Vlan Authorization (Rfc 3580)
Note: A policy license, if applicable, is not required to deploy RFC 3580 dynamic VLAN assignment. Commands For information about... Refer to page... set vlanauthorization 32-54 set vlanauthorization egress 32-54 clear vlanauthorization 32-55 show vlanauthorization 32-55 Enterasys C3 Configuration Guide 32-53...
Page 860: Set Vlanauthorization
set vlanauthorization set vlanauthorization Enable or disable the use of the RADIUS VLAN tunnel attribute to put a port into a particular VLAN based on the result of authentication. Syntax set vlanauthorization {enable | disable} [port-string] Parameters enable | disable Enables or disables vlan authorization/tunnel attributes.
Page 861: Clear Vlanauthorization
This example show how to clear VLAN authorization for all ports on slots 3, 4, and 5: C3(rw)->clear vlanauthorization ge.3-5.* show vlanauthorization Displays the VLAN authentication status and configuration information for the specified ports. Syntax show vlanauthorization [port-string] Enterasys C3 Configuration Guide 32-55...
Page 862: Configuring Policy Maptable Response
Configuring Policy Maptable Response Parameters port-string (Optional) Displays VLAN authentication status for the specified ports. If no port string is entered, then the global status of the setting is displayed. For a detailed description of possible port-string values, refer to “Port String Syntax Used in the CLI”...
Page 863: Operational Description
– If the VLAN-to-policy mapping table is invalid, then the etsysPolicyRFC3580MapInvalidMapping MIB is incremented and the VLAN specified by the tunnel attributes will be applied to the authenticating user. Enterasys C3 Configuration Guide 32-57...
Page 864: Commands
show policy maptable If VLAN authorization is not enabled, the tunnel attributes are ignored. When Policy Maptable Response is “Policy” When the switch is configured to use only Filter-ID attributes, by setting the set policy maptable command response parameter to policy: •...
Page 865: Set Policy Maptable
Sets the maptable response to tunnel mode. The system will look at only the tunnel attributes in a RADIUS Access-Accept reply to determine how to handle an authenticating user. Enterasys C3 Configuration Guide 32-59...
Page 866: Clear Policy Maptable
clear policy maptable Defaults No mapping table entries are configured. The default policy maptable response setting is policy mode. Mode Switch command, read-write. Usage This command can be used to create entries in the VLAN-to-policy mapping table and also to set the switch’s maptable response.
Page 867: Configuring Mac Locking
In the meantime the system administrator would be receiving a maclock trap notification. Purpose To review, disable, enable, and configure MAC locking. Commands For information about... Refer to page... show maclock 32-62 show maclock stations 32-64 Enterasys C3 Configuration Guide 32-61...
Page 868: Show Maclock
show maclock For information about... Refer to page... set maclock enable 32-65 set maclock disable 32-65 set maclock 32-66 clear maclock 32-67 set maclock static 32-67 clear maclock static 32-68 set maclock firstarrival 32-68 clear maclock firstarrival 32-69 set maclock agefirstarrival 32-70 clear maclock agefirstarrival 32-70...
Page 869: Show Maclock Output Details
The maximum end station MAC addresses allowed locked to the port. For details on setting this value, refer to “set maclock firstarrival” on page 32-68. Last Violating MAC Most recent MAC address(es) violating the maximum static and first arrival value(s) Address set for the port. Enterasys C3 Configuration Guide 32-63...
Page 870: Show Maclock Stations
show maclock stations show maclock stations Use this command to display MAC locking information about end stations connected to the switch. Syntax show maclock stations [firstarrival | static] [port-string] Parameters firstarrival (Optional) Displays MAC locking information about end stations first connected to MAC locked ports.
Page 871: Set Maclock Enable
(Optional) Disables MAC locking on specific port(s). For a detailed description of possible port-string values, refer to “Port String Syntax Used in the CLI” on page 11-1. Defaults If port-string is not specified, MAC locking will be disabled globally on the switch. Enterasys C3 Configuration Guide 32-65...
Page 872 set maclock Mode Switch command, read-write. Example This example shows how to disable MAC locking on .2.3: C3(su)->set maclock disable ge.2.3 set maclock Use this command to create a static MAC address-to-port locking, and to enable or disable MAC locking for the specified MAC address and port. Syntax set maclock mac-address port-string {create | enable | disable} Parameters...
Page 873: Clear Maclock
For a detailed description of possible port-string values, refer to “Port String Syntax Used in the CLI” on page 11-1. value Specifies the maximum number of static MAC addresses allowed per port. Valid values are 0 to 20. Enterasys C3 Configuration Guide 32-67...
Page 874: Clear Maclock Static
clear maclock static Defaults None. Mode Switch command, read-write. Example This example shows how to set the maximum number of allowable static MACs to 2 on .3.1: C3(rw)->set maclock static ge.3.1 2 clear maclock static Use this command to reset the number of static MAC addresses allowed per port to the default value of 20.
Page 875: Clear Maclock Firstarrival
Specifies the port on which to reset the first arrival value. For a detailed description of possible port-string values, refer to “Port String Syntax Used in the CLI” on page 11-1. Defaults None. Mode Switch command, read-write. Enterasys C3 Configuration Guide 32-69...
Page 876: Set Maclock Agefirstarrival
set maclock agefirstarrival Example This example shows how to reset MAC first arrivals on .2.3: C3(su)->clear maclock firstarrival ge.2.3 set maclock agefirstarrival Use this command to enable or disable the aging of first arrival MAC addresses. When enabled, first arrival MAC addresses that are aged out of the forwarding database will be removed from the associated port MAC lock.
Page 877: Set Maclock Clearonlinkchange
Use this command to return the behavior of First Arrival MAC locking with link state change to its default value of enabled. Syntax clear maclock clearonlinkchange port-string Parameters port-string Specifies the port or ports on which to apply the command. Enterasys C3 Configuration Guide 32-71...
Page 878: Set Maclock Move
set maclock move Defaults Clear on link change is enabled by default. Mode Switch command, read-write. Example This example returns clear on link change to its default value on ge.1.1. C3(su)->clear maclock clearonlinkchange ge.1.1 set maclock move Use this command to move all current first arrival MACs to static entries. Syntax set maclock move port-string Parameters...
Page 879: Set Maclock Syslog
(Optional) Send a syslog message when the MAC address table threshold is reached. violation (Optional) Send a syslog message if a connected end station exceeds the maximum values configured with the set maclock firstarrival maclock static commands. Enterasys C3 Configuration Guide 32-73...
Page 880: Set Maclock Disable-Port
set maclock disable-port Defaults Syslog messages are disabled by default. When a set maclock syslock enable command is executed without the threshold or violation parameter, violation is assumed. Mode Switch mode, read-write. Usage When violation is enabled, this feature authorizes the switch to send a syslog message if an end station is connected that exceeds the maximum values configured using the set maclock firstarrival and set maclock static commands.
Page 881: Clear Maclock Disable-Port
Parameters port-string Specifies the port or ports to clear. Defaults None. Mode Switch command, read-write. Usage This command will clear the operstatus down caused by a MAC lock disable-port threshold and clear the port’s etsMacLockingShutdownState. Enterasys C3 Configuration Guide 32-75...
Page 882 clear maclock violation disabled-port Example This example how to clear a port disabled due to a MAC lock violation. C3(su)->clear maclock violation disabled-port ge.2.3 32-76 Authentication and Authorization Configuration...
Page 883: Configuring Port Web Authentication (Pwa)
32-83 set pwa guestpassword 32-84 set pwa gueststatus 32-84 set pwa initialize 32-85 set pwa quietperiod 32-85 set pwa maxrequest 32-86 set pwa portcontrol 32-86 show pwa session 32-87 set pwa enhancedmode 32-88 Enterasys C3 Configuration Guide 32-77...
Page 884: Show Pwa
show pwa show pwa Use this command to display port web authentication information for one or more ports. Syntax show pwa [port-string] Parameters port-string (Optional) Displays PWA information for specific port(s). Defaults If port-string is not specified, PWA information will be displayed for all ports. Mode Switch command, read-only.
Page 885 Table 32-8 show pwa Output Details (Continued) Output Field What It Displays... PWA Logo Whether the Enterasys logo will be displayed or hidden at user login. Default state of enabled (displayed) can be changed using the set pwa displaylogo command as described in “set pwa displaylogo”...
Page 886: Show Pwa Banner
Specifies the PWA login banner. Defaults None. Mode Switch command, read-write. Example This example shows how to set the PWA login banner to “Welcome to Enterasys Networks ”: C3(su)->set pwa banner “Welcome to Enterasys Networks” 32-80 Authentication and Authorization Configuration...
Page 887: Clear Pwa Banner
This example shows how to reset the PWA login banner to a blank string C3(su)->clear pwa banner set pwa displaylogo Use this command to set the display options for the Enterasys Networks logo. Syntax set pwa displaylogo {display | hide}...
Page 888: Set Pwa Ipaddress
set pwa ipaddress set pwa ipaddress Use this command to set the PWA IP address. This is the IP address of the end station from which PWA will prevent network access until the user is authenticated. Syntax set pwa ipaddress ip-address Parameters ip-address Specifies a globally unique IP address.
Page 889: Set Pwa Guestname
Use this command to clear the PWA guest user name. Syntax clear pwa guestname Parameters None. Defaults None. Mode Switch command, read-write. Example This example shows how to clear the PWA guest user name C3(su)->clear pwa guestname Enterasys C3 Configuration Guide 32-83...
Page 890: Set Pwa Guestpassword
set pwa guestpassword set pwa guestpassword Use this command to set the guest user password for PWA networking. Syntax set pwa guestpassword Parameters None. Defaults None. Mode Switch command, read-write. Usage PWA will use this password and the guest user name to grant network access to guests without established login names and passwords.
Page 891: Set Pwa Initialize
Specifies quiet time in seconds. port-string (Optional) Sets the quiet period for specific port(s). For a detailed description of possible port-string values, refer to “Port String Syntax Used in the CLI” on page 11-1. Enterasys C3 Configuration Guide 32-85...
Page 892: Set Pwa Maxrequest
set pwa maxrequest Defaults If port-string is not specified, quiet period will be set for all ports. Mode Switch command, read-write. Example This example shows how to set the PWA quiet period to 30 seconds for ports .1.5-7: C3(su)->set pwa quietperiod 30 ge.1.5-7 set pwa maxrequest Use this command to set the maximum number of log on attempts allowed before transitioning the PWA port to a held state.
Page 893: Show Pwa Session
This example shows how to display PWA session information: C3(su)->show pwa session Port User Duration Status -------- ----------------- --------------- ------------- ------------ --------- ge.2.19 00-c0-4f-20-05-4b 172.50.15.121 pwachap10 0,14:46:55 active ge.2.19 00-c0-4f-24-51-70 172.50.15.120 pwachap1 0,15:43:30 active ge.2.19 00-00-f8-78-9c-a7 172.50.15.61 pwachap11 0,14:47:58 active Enterasys C3 Configuration Guide 32-87...
Page 894: Set Pwa Enhancedmode
set pwa enhancedmode set pwa enhancedmode This command enables PWA URL redirection. The switch intercepts all HTTP packets on port 80 from the end user, and sends the end user a refresh page destined for the PWA IP Address configured. Syntax set pwa enhancedmode {enable | disable} Parameters...
Page 895: Configuring Secure Shell (Ssh)
Use this command to enable, disable or reinitialize SSH server on the switch. By default, the SSH server is disabled. The switch can support up to two concurrent SSH sessions. Syntax set ssh {enabled | disabled | reinitialize} Enterasys C3 Configuration Guide 32-89...
Page 896: Set Ssh Hostkey
set ssh hostkey Parameters enabled | disabled Enables or disables SSH, or reinitializes the SSH server. reinitialize Reinitializes the SSH server. Defaults None. Mode Switch command, read-write. Example This example shows how to disable SSH: C3(su)->set ssh disable set ssh hostkey Use this command to reinitialize new SSH authentication keys.
Page 897: Chapter 33: Configuring Ipsec
Authentication Header (AH) and the Encapsulating Security Payload (ESP), and through the use of cryptographic key management procedures and protocols. The current IPsec implementation on the Enterasys C3 provides the following functionality: • IPsec and IKE (Internet Key Exchange protocol) are defined for the RADIUS host application only.
Page 898: Implementation Defaults
Configuring IPsec Commands Implementation Defaults • IPsec is disabled by default for RADIUS transactions. • The default authentication protocol is HMAC-SHA1. • The default encryption method is AES128. • The default IKE Diffie-Hellman group is group-1 (768 bits). • The default IKE lifetime main mode interval is 60 minutes. •...
Page 899: Set Ipsec Authentication
{3des | aes128 | aes192 | aes256} Parameters 3des Select Triple DES as the encryption type. aes128 Select AES-128 as the encryption type. This is the default. aes192 Select AES-192 as the encryption type. aes256 Select AES-256 as the encryption type. Enterasys C3 Configuration Guide 33-3...
Page 900: Set Ipsec Ike Dh-Group
Configuring IPsec set ipsec ike dh-group Defaults AES-128 is the default encryption type. Mode Switch command, read-write, if the security profile = normal. Switch command, super-user, if the security profile = C2. Example This example selects AES-192 as the IPsec encryption type. C3(su)->set ipsec encryption aes192 set ipsec ike dh-group Use this command to configure the IKE Diffie-Hellman key exchange group.
Page 901: Set Ipsec Ike Lifetime
The more secure mode that uses three separate message exchanges for a total of six messages. The first two messages negotiate policy, the next two exchange Diffie-Hellman data, and the last two authenticate the Diffie-Hellman exchange. Enterasys C3 Configuration Guide 33-5...
Page 902: Set Ipsec Ike Version
Configuring IPsec set ipsec ike version aggressive A faster, less secure, mode that uses only three messages, which exchange Diffie-Hellman data and identify the two VPN endpoints. Defaults The default Phase 1 mode is main. Mode Switch command, read-write, if the security profile = normal. Switch command, super-user, if the security profile = C2.
Page 903: Chapter 34: Configuring Access Control Lists
Policy configurations will not be accepted when the switch is in ipv6mode. When ipv6mode is enabled or disabled, a system reset is required to change the mode. The configuration of ipv6mode is persistent and is shown in the running configuration. Enterasys C3 Configuration Guide 34-1...
Page 904: Rule Actions
Configuring Access Control Lists Commands Rule Actions Rule actions have been enhanced to include: • Deny - drop the packet. • Permit - allow the frame to be switched. • Assign to queue - assign the packet to a queue All ACLs are terminated by an implicit deny all rule.
Page 905: Show Access-Lists
ICMP, UDP and IP frames based on restrictions configured with one of the access-list commands. For details on configuring standard access lists, refer to “access-list (standard)” on page 34-4. For details on configuring extended access lists, refer to “access-list (extended)” on page 34-6 C3(su)->router#show access-lists 145 Enterasys C3 Configuration Guide 34-3...
Page 906: Access-List (Standard)
Configuring Access Control Lists access-list (standard) Extended IP access list 145 1: permit icmp host 88.255.255.254 any 2: permit icmp any host 11.11.16.16 3: deny icmp any any 4: permit tcp host 88.255.255.254 any eq 22 5: permit udp 88.255.128.0 0.0.127.255 eq 161 any 6: permit tcp any host 230.10.230.10 eq 1234 7: deny tcp any any eq 23 8: permit ip 88.255.128.0 0.0.127.255 any...
Page 907 This example shows how to create access list 1 with three entries that allow access to only those hosts on the three specified networks. The wildcard bits apply to the host portions of the network Enterasys C3 Configuration Guide 34-5...
Page 908: Access-List (Extended)
Configuring Access Control Lists access-list (extended) addresses. Any host with a source address that does not match the access list entries will be rejected: C3(su)->router(Config)#access-list 1 permit 192.5.34.0 0.0.0.255 C3(su)->router(Config)#access-list 1 permit 128.88.0.0 0.0.255.255 C3(su)->router(Config)#access-list 1 permit 36.0.0.0 0.255.255.255 This example moves entry 16 to the beginning of ACL 22: C3(su)->router(Config)#access-list 22 move 1 16 access-list (extended) Use this command to define an extended IP access list by number when operating in router mode.
Page 909 - cs7 – Class Selector • ef – Expedited Forwarding assign-queue (Optional) Specifies the queue to which a packet matching the permit rule queue-id will be assigned. Valid values for queue-id are from 0 to 5. Enterasys C3 Configuration Guide 34-7...
Page 910: Access-List Mac
Configuring Access Control Lists access-list mac Defaults If insert, replace, or move are not specified, the new entry will be appended to the access list. If source2 is not specified with move, only one entry will be moved. If eq port is not specified, TCP/UDP ports are not used for filtering. Only the protocol, source, and destination are used for applying the rule.
Page 911 Valid values for queue-id are from 0 to 5. Defaults If insert, replace, or move are not specified, the new entry will be appended to the access list. Mode Global configuration: C3(su)->router(Config)# Enterasys C3 Configuration Guide 34-9...
Page 912: Access-List Ipv6
Configuring Access Control Lists access-list ipv6 Usage In order to create a MAC-based access list, the switch must be put into access list “ipv6mode” with the access-list ipv6mode command (page 34-2). The no form of this command removes the defined access list or entry. MAC-based access lists are applied to VLAN interfaces by using the ip access-group command (page 34-12) and to ports with the access-list interface command (page 34-14).
Page 913 Valid values for queue-id are from 0 to 5. Defaults If insert, replace, or move are not specified, the new entry will be appended to the access list. Mode Global configuration: C3(su)->router(Config)# Enterasys C3 Configuration Guide 34-11...
Page 914: Ip Access-Group
Configuring Access Control Lists ip access-group Usage In order to create an IPv6 access control list, the switch must be put into access list “ipv6mode” with the access-list ipv6mode command (page 34-2). The no form of this command removes the defined access list or entry. IPv6 access lists are applied to VLAN interfaces by using the ipv6 access-group command (page 34-13) and to ports with the access-list interface command (page 34-14).
Page 915: Ipv6 Access-Group
Access lists can be applied to routed VLANs which incorporate LAGs. Example This example creates an IPv6 access control list and applies it to VLAN 1. C3(su)->router(Config)#access-list ipv6 ipv6list1 deny icmpv6 2001:db08:10::1/64 any flow-label 11111 C3(su)->router(Config)#interface vlan 1 C3(su)->router(Config-if(Vlan 1))#ipv6 access-group ipv6list1 in Enterasys C3 Configuration Guide 34-13...
Page 916: Access-List Interface
Configuring Access Control Lists access-list interface access-list interface Use this command to apply access control lists to ports. Syntax access-list interface {acl-name | acl-number} port-string [in | out] [sequence sequence] no access-list interface {acl-name | acl-number} port-string [in | out] Parameters acl-number | acl- Specifies the name or number of the access list to be applied to the port.
Page 917: Chapter 35: Configuring Service Access Control Lists
A trap is sent if a packet is dropped due to a service ACL rule hit. A trap will not be generated if traffic is dropped due to the "console-only" option (see Restricting Management Access to the Console Port below). The Enterasys Threat Notification MIB is used for trap generation. Enterasys C3 Configuration Guide 35-1...
Page 918: Restricting Management Access To The Console Port
Configuring Service Access Control Lists Commands Restricting Management Access to the Console Port You can restrict access to system management to the switch’s serial port only. This is done using the set system service-class console-only command. When console-only access is configured, all TCP SYN packets and UDP packets are dropped, with the exception of UDP packets sent to the DHCP Server or DHCP Client ports.
Page 919 C3(su)->set system service-acl my-sacl permit ip-source 10.10.22.2 port 123 This command denies SSH access from source IPv4 address 192.168.10.10 and sets the priority of the rule to 1. C3(su)->set system service-acl my-sacl deny service ssh ip-source 192.168.10.10 priority 1 Enterasys C3 Configuration Guide 35-3...
Page 920: Show System Service-Acl
Configuring Service Access Control Lists show system service-acl show system service-acl Use this command to display the contents of the service ACL configured on the switch. Syntax show system service-acl [name] Parameters name (Optional) Specifies the service ACL to display. Defaults If no name is specified, all service ACLs are displayed.
Page 921: Set System Service-Class
This example restricts management to the console port only. C3(su)->set system service-class console-only show system service-class Use this command to display the current system service ACL status, or class. Syntax show system service-class Parameters None. Defaults None. Enterasys C3 Configuration Guide 35-5...
Page 922: Clear System Service-Class
Configuring Service Access Control Lists clear system service-class Mode Switch command, read-only. Example This example activates the service ACL named my-sacl, then displays the service class status. C3(su)->set system service-class my-sacl C3(su)->show system service-class system service-class is enabled, using access list my-sacl. clear system service-class Use this command to de-activate a service ACL or remove the restriction of management to the console port.
Page 923: Chapter 36: Tacacs+ Configuration
Based on the now obsolete TACACS protocol (defined in RFC 1492), TACACS+ is defined in an un-published and expired Internet Draft draft-grant-tacacs-02.txt, “The TACACS+ Protocol Version 1.78,” January, 1997. For detailed information about using TACACS+ in your network, refer to the Enterasys Feature Guide “TACACS+ Configuration” located on the Enterasys web site: https://extranet.enterasys.com/downloads/ For information about...
Page 924: Show Tacacs
show tacacs show tacacs Use this command to display the current TACACS+ configuration information and status. Syntax show tacacs [state] Parameters state (Optional) Displays only the TACACS+ client status. Defaults If state is not specified, all TACACS+ configuration information will be displayed. Mode Switch command, Read-Only.
Page 925: Set Tacacs
RADIUS or local, if enabled. Examples This example shows how to enable the TACACS+ client. C3(rw)->set tacacs enable show tacacs server Use this command to display the current TACACS+ server configuration. Syntax show tacacs server {index | all} Enterasys C3 Configuration Guide 36-3...
Page 926: Set Tacacs Server
set tacacs server Parameters Display the configuration of the TACACS+ server identified by index index The value of index can range from 1 to 2,147,483,647. Display the configuration for all configured TACACS+ servers. Defaults None. Mode Switch command, Read-Only. Example This example displays configuration information for TACACS+ server 1.
Page 927: Clear Tacacs Server
Specifies one TACACS+ server to be affected. index timeout (Optional) Return the timeout value to its default value of 10 seconds. Defaults If timeout is not specified, the affected TACACS+ servers will be removed. Mode Switch command, Read-Write. Enterasys C3 Configuration Guide 36-5...
Page 928: Show Tacacs Session
show tacacs session Examples This example removes TACACS+ server 1. C3(rw)->clear tacacs server 1 This example resets the timeout value to its default value of 10 seconds for all configured TACACS+ servers. C3(rw)->clear tacacs server all timeout show tacacs session Use this command to display the current TACACS+ client session settings.
Page 929: Set Tacacs Session
TACACS+ server when a session is initiated on the switch. The parameter values must match a service and access level attribute-value pairs configured on the server for the session to be authorized. If the parameter values do not match, the session will not be allowed. Enterasys C3 Configuration Guide 36-7...
Page 930: Clear Tacacs Session
clear tacacs session The service name and attribute-value pairs can be any character string, and are determined by your TACACS+ server configuration. Since a task ID is associated with each accounting session, if there is a failover to a backup server, the accounting information will still be associated with the correct session using the task ID.
Page 931: Show Tacacs Command
Enable or disable accounting or authorization on a per-command basis. Defaults None. Mode Switch command, Read-Write. Usage In order for per-command accounting or authorization by a TACACS+ server to take place, the command must be executed within an authorized session. Enterasys C3 Configuration Guide 36-9...
Page 932: Show Tacacs Singleconnect
show tacacs singleconnect When per-command accounting is enabled, the TACACS+ server will log accounting information, such as start and stop times, IP address of the client, and so forth, for each command executed during the session. When per-command authorization is enabled, the TACACS+ server will check whether each command is permitted for that authorized session and return a success or fail.
Page 933: Show Tacacs Interface
Use this command to specify the interface used for the source IP address of the TACACS+ packets generated by the switch. Syntax set tacacs interface {loopback loop-ID | vlan vlan-ID} Parameters loopback loop-ID Specifies the loopback interface to be used. The value of loop-ID can range from 0 to 7. Enterasys C3 Configuration Guide 36-11...
Page 934: Clear Tacacs Interface
clear tacacs interface vlan vlan-ID Specifies the VLAN interface to be used. The value of vlan-ID can range from 1 to 4093. Defaults None. Mode Switch command, read-write. Usage This command allows you to configure the source IP address used by the TACACS+ application on the switch when generating packets for management purposes.
Page 935 Switch command, read-write. Example This command returns the interface used for the source IP address of the TACACS+ client back to the default of the Host interface. C3(rw)->show tacacs interface vlan 100 192.168.10.1 C3(rw)->clear tacacs interface C3(rw)-> Enterasys C3 Configuration Guide 36-13...
Page 936 clear tacacs interface 36-14 TACACS+ Configuration...
Page 937: Chapter 37: Sflow Configuration
The sFlow Collector can analyze traffic patterns for whatever protocols are found in the packet headers (for example, TCP/IP, IPX, Ethernet, AppleTalk). There is no need for the layer 2 switch to decode and understand all protocols. Enterasys C3 Configuration Guide 37-1...
Page 938: Definitions
Overview Definitions The following table describes some of the main sFlow terms and concepts. Table 37-1 sFlow Definitions Term Definition Data Source A Data Source refers to a location within a Network Device that can make traffic measurements. Possible Data Sources include interfaces and VLANs.
Page 939: Packet Flow Sampling
32. There is no limitation on the number of pollers that can be configured. Under certain circumstances, the switch will drop packet samples that the sFlow implementation is not able to count and therefore cannot correctly report sample_pool and drops fields of flow Enterasys C3 Configuration Guide 37-3...
Page 940: Example Configuration
The following is an example of the commands used to configure sFlow: # configure sFlow Collector 1 # accept defaults for datagram size and port set sflow receiver 1 owner enterasys timeout 180000 set sflow receiver 1 ip 192.168.16.91 #configure packet sampling instances on ports 1 through 12 #assign to sFlow Collector 1 set sflow port ge.1.1-12 sampler 1...
Page 941: Show Sflow Receivers
String Size -------- -------- ---------- ------------ ----- ------------------- ets1 17766 1400 6343 10.1.2.117 This example displays information about the Collector with index 1. C3(su)->show sflow receivers 1 Receiver Index Owner String ets1 Time out 17758 Enterasys C3 Configuration Guide 37-5...
Page 942: Show Sflow Receivers Output Descriptions
show sflow receivers IP Address: 10.1.2.117 Address Type IPv4 Port 6343 Datagram Version Maximum Datagram Size 1400 The following table describes the output fields. Table 37-2 show sflow receivers Output Descriptions Output... What it displays... Receiver Index Index number of a specific Collector entry in the sFlow Receivers Table.
Page 943: Set Sflow Receiver Owner
(su)->set sflow receiver 1 owner ets1 timeout 180000 set sflow receiver ip Use this command to configure the IP address of an sFlow Collector in the switch’s sFlow Receivers Table. Syntax set sflow receiver index ip ipaddr Enterasys C3 Configuration Guide 37-7...
Page 944: Set Sflow Receiver Maxdatagram
set sflow receiver maxdatagram Parameters index Index number in the sFlow Receivers Table for the receiver/Collector being configured. The index can range from 1 to 8. ip ipaddr The IP address of the receiver/Collector being configured. Defaults None. Mode Switch command, read-write. Usage In order for an sFlow Collector to be assigned to receive sample datagrams from the sFlow Agent on the switch, an entry for that Collector must be configured in the switch’s sFlow Receivers Table.
Page 945: Set Sflow Receiver Port
(Optional) Return the maximum datagram size to 1400 bytes. owner (Optional) Clear the owner identity string. Entries in the sFlow Receiver Table without an identity string are considered unclaimed. timeout (Optional) Clear the timeout value of the specified entry. Enterasys C3 Configuration Guide 37-9...
Page 946: Set Sflow Port Poller
set sflow port poller port port (Optional) Clear the UDP port on the receiver/Collector to which the sample datagrams should be sent. The value is reset to the default of 6343. Defaults If no optional parameters are specified, the entire entry is cleared. Mode Switch command, read-write.
Page 947: Show Sflow Pollers
None. Mode Switch command, read-only. Example This example displays the output of this command. C3(su)->show sflow pollers Poller Receiver Poller Data Source Index Interval ----------- ------- ------- ge.1.1 ge.1.2 ge.1.3 ge.1.4 ge.1.5 ge.1.6 ge.1.7 ge.1.8 Enterasys C3 Configuration Guide 37-11...
Page 948: Clear Sflow Port Poller
clear sflow port poller clear sflow port poller Use this command to change the poller interval or to remove poller instances. Syntax clear sflow port port-string poller [interval] Parameters port-string Specifies the port or ports on which the poller instance is being cleared. interval (Optional) Specifies that the polling interval should be cleared to 0.
Page 949: Show Sflow Samplers
Defaults None. Mode Switch command, read-only. Example This example displays the output of this command. C3(su)->show sflow samplers Sampler Receiver Packet Max Header Data Source Index Sampling Rate Size ----------- ------- ------------- ---------- ge.1.1 1024 Enterasys C3 Configuration Guide 37-13...
Page 950: Clear Sflow Port Sampler
clear sflow port sampler ge.1.2 1024 ge.1.3 1024 ge.1.4 1024 ge.1.5 1024 ge.1.6 1024 ge.1.7 1024 ge.1.8 1024 clear sflow port sampler Use this command to change the sampler rate or maximum header size, or to remove sampler instances. Syntax clear sflow port port-string sampler [maxheadersize | rate] Parameters port-string...
Page 951: Show Sflow Interface
C3(rw)->set sflow interface vlan 100 C3(rw)->show sflow interface vlan 100 192.168.10.1 show sflow interface Use this command to display the interface used by the sFlow Agent when sending sampling datagrams to the sFlow Collector. Syntax show sflow interface Enterasys C3 Configuration Guide 37-15...
Page 952: Clear Sflow Interface
clear sflow interface Parameters None. Defaults None. Mode Switch mode, read-only. Example This example displays the output of this command. In this case, the IP address assigned to loopback interface 1 will be used as the source IP address of the sFlow Agent. C3(rw)->show sflow interface loopback 1 192.168.10.1...
Page 953: Show Sflow Agent
Use this command to display information about the sFlow Agent. Syntax show sflow agent Parameters None. Defaults None. Mode Switch command, read-only. Example This example displays the output of this command. C3(rw)->show sflow agent sFlow Version 1.3;Enterasys Networks.;06.41.01.0017 IP Address 192.168.0.100 Enterasys C3 Configuration Guide 37-17...
Page 954 show sflow agent 37-18 sFlow Configuration...

This manual is also suitable for:

Enterasys c3

Enterasys C3G124-24 Configuration Manual

About this Guide

Chapter 1: Introduction

Chapter 2 : Configuring Switches in a Stack

Chapter 3: Basic Configuration

Chapter 4: Activating Licensed Features

Chapter 5: Setting User Accounts and Passwords

Chapter 6: Management Authentication Notification MIB Commands

Chapter 7: Setting the Security Mode

Chapter 8 : Configuring System Power and Poe

Chapter 9 : Transmit Queue Monitoring Configuration

Chapter 10 : Discovery Protocol Configuration

Chapter 11 : Port Configuration

Quick Links

Related Manuals for Enterasys C3G124-24

Summary of Contents for Enterasys C3G124-24