Enterasys C5G124-24 Configuration manual

®

Enterasys

Fixed Switching

Configuration Guide

Firmware 6.61.xx and Higher

P/N 9034662-02

Notice

Enterasys Networks reserves the right to make changes in specifications and other information contained in this document and
its web site without prior notice. The reader should in all cases consult Enterasys Networks to determine whether any such
changes have been made.

The hardware, firmware, or software described in this document is subject to change without notice.

IN NO EVENT SHALL ENTERASYS NETWORKS BE LIABLE FOR ANY INCIDENTAL, INDIRECT, SPECIAL, OR
CONSEQUENTIAL DAMAGES WHATSOEVER (INCLUDING BUT NOT LIMITED TO LOST PROFITS) ARISING OUT OF
OR RELATED TO THIS DOCUMENT, WEB SITE, OR THE INFORMATION CONTAINED IN THEM, EVEN IF
ENTERASYS NETWORKS HAS BEEN ADVISED OF, KNEW OF, OR SHOULD HAVE KNOWN OF, THE POSSIBILITY OF
SUCH DAMAGES.

Enterasys Networks, Inc.
50 Minuteman Road
Andover, MA 01810

 2012 Enterasys Networks, Inc. All rights reserved.

Part Number: 9034662-02 October 2012

ENTERASYS, ENTERASYS NETWORKS, ENTERASYS SECURE NETWORKS, NETSIGHT, ENTERASYS NETSIGHT, and any
logos associated therewith, are trademarks or registered trademarks of Enterasys Networks, Inc., in the United States and/or
other countries. For a complete list of Enterasys trademarks, see http://www.enterasys.com/company/trademarks.aspx.

All other product names mentioned in this manual may be trademarks or registered trademarks of their respective companies.

Documentation URL: https://extranet.enterasys.com/downloads/

i

Enterasys Networks, Inc. Firmware License Agreement

BEFORE OPENING OR UTILIZING THE ENCLOSED PRODUCT,

CAREFULLY READ THIS LICENSE AGREEMENT.

This document is an agreement (“Agreement”) between the end user (“You”) and Enterasys Networks, Inc., on behalf of itself
and its Affiliates (as hereinafter defined) (“Enterasys”) that sets forth Your rights and obligations with respect to the Enterasys
software program/firmware (including any accompanying documentation, hardware or media) (“Program”) in the package
and prevails over any additional, conflicting or inconsistent terms and conditions appearing on any purchase order or other
document submitted by You. “Affiliate” means any person, partnership, corporation, limited liability company, other form of
enterprise that directly or indirectly through one or more intermediaries, controls, or is controlled by, or is under common
control with the party specified. This Agreement constitutes the entire understanding between the parties, with respect to the
subject matter of this Agreement. The Program may be contained in firmware, chips or other media.

BY INSTALLING OR OTHERWISE USING THE PROGRAM, YOU REPRESENT THAT YOU ARE AUTHORIZED TO ACCEPT
THESE TERMS ON BEHALF OF THE END USER (IF THE END USER IS AN ENTITY ON WHOSE BEHALF YOU ARE
AUTHORIZED TO ACT, “YOU” AND “YOUR” SHALL BE DEEMED TO REFER TO SUCH ENTITY) AND THAT YOU
AGREE THAT YOU ARE BOUND BY THE TERMS OF THIS AGREEMENT, WHICH INCLUDES, AMONG OTHER
PROVISIONS, THE LICENSE, THE DISCLAIMER OF WARRANTY AND THE LIMITATION OF LIABILITY. IF YOU DO NOT
AGREE TO THE TERMS OF THIS AGREEMENT OR ARE NOT AUTHORIZED TO ENTER INTO THIS AGREEMENT,
ENTERASYS IS UNWILLING TO LICENSE THE PROGRAM TO YOU AND YOU AGREE TO RETURN THE UNOPENED
PRODUCT TO ENTERASYS OR YOUR DEALER, IF ANY, WITHIN TEN (10) DAYS FOLLOWING THE DATE OF RECEIPT
FOR A FULL REFUND.

IF YOU HAVE ANY QUESTIONS ABOUT THIS AGREEMENT, CONTACT ENTERASYS NETWORKS, LEGAL
DEPARTMENT AT (978) 684-1000.

You and Enterasys agree as follows:

1. LICENSE. You have the non-exclusive and non-transferable right to use only the one (1) copy of the Program provided in
this package subject to the terms and conditions of this Agreement.

2. RESTRICTIONS. Except as otherwise authorized in writing by Enterasys, You may not, nor may You permit any third
party to:

(a) Reverse engineer, decompile, disassemble or modify the Program, in whole or in part, including for reasons of error

correction or interoperability, except to the extent expressly permitted by applicable law and to the extent the parties
shall not be permitted by that applicable law, such rights are expressly excluded. Information necessary to achieve
interoperability or correct errors is available from Enterasys upon request and upon payment of Enterasys’ applicable
fee.

(b) Incorporate the Program in whole or in part, in any other product or create derivative works based on the Program, in

whole or in part.

(c) Publish, disclose, copy reproduce or transmit the Program, in whole or in part.

(d) Assign, sell, license, sublicense, rent, lease, encumber by way of security interest, pledge or otherwise transfer the

Program, in whole or in part.

(e) Remove any copyright, trademark, proprietary rights, disclaimer or warning notice included on or embedded in any

part of the Program.

3. APPLICABLE LAW. This Agreement shall be interpreted and governed under the laws and in the state and federal courts
of the Commonwealth of Massachusetts without regard to its conflicts of laws provisions. You accept the personal jurisdiction
and venue of the Commonwealth of Massachusetts courts. None of the 1980 United Nations Convention on the Limitation Period
in the International Sale of Goods, and the Uniform Computer Information Transactions Act shall apply to this Agreement.

4. EXPORT RESTRICTIONS. You understand that Enterasys and its Affiliates are subject to regulation by agencies of the
U.S. Government, including the U.S. Department of Commerce, which
to certain countries, unless a license to export the product is obtained from the U.S. Government or an exception from obtaining
such license may be relied upon by the exporting party.

If the Program is exported from the United States pursuant to the License Exception CIV under the U.S. Export
Administration Regulations, You agree that You are a civil end user of the Program and agree that You will use the Program for
civil end uses only and not for military purposes.

If the Program is exported from the United States pursuant to the License Exception TSR under the U.S. Export
Administration Regulations, in addition to the restriction on transfer set forth in Section 1 or 2 of this Agreement, You agree not
to (i) reexport or release the Program, the source code for the Program or technology to a national of a country in Country
Groups D:1 or E:2 (Albania, Armenia, Azerbaijan, Belarus, Cambodia, Cuba, Georgia, Iraq, Kazakhstan, Laos, Libya, Macau,

prohibit export or diversion of certain technical products

ii

Moldova, Mongolia, North Korea, the People’s Republic of China, Russia, Tajikistan, Turkmenistan, Ukraine, Uzbekistan,
Vietnam, or such other countries as may be designated by the United States Government), (ii) export to Country Groups D:1 or
E:2 (as defined herein) the direct product of the Program or the technology, if such foreign produced direct product is subject to
national security controls as identified on the U.S. Commerce Control List, or (iii) if the direct product of the technology is a
complete plant or any major component of a plant, export to Country Groups D:1 or E:2 the direct product of the plant or a
major component thereof, if such foreign produced direct product is subject to national security controls as identified on the
U.S. Commerce Control List or is subject to State Department controls under the U.S. Munitions List.

5. UNITED STATES GOVERNMENT RESTRICTED RIGHTS. The enclosed Program (i) was developed solely at private
expense; (ii) contains “restricted computer software” submitted with restricted rights in accordance with section 52.227-19 (a)
through (d) of the Commercial Computer Software-Restricted Rights Clause and its successors, and (iii) in all respects is
proprietary data belonging to Enterasys and/or its suppliers. For Department of Defense units, the Program is considered
commercial computer software in accordance with DFARS section 227.7202-3 and its successors, and use, duplication, or
disclosure by the U.S. Government is subject to restrictions set forth herein.

6. DISCLAIMER OF WARRANTY. EXCEPT FOR THOSE WARRANTIES EXPRESSLY PROVIDED TO YOU IN WRITING
BY ENTERASYS, ENTERASYS DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT
LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY, SATISFACTORY QUALITY, FITNESS FOR A PARTICULAR
PURPOSE, TITLE AND NON-INFRINGEMENT WITH RESPECT TO THE PROGRAM. IF IMPLIED WARRANTIES MAY NOT
BE DISCLAIMED BY APPLICABLE LAW, THEN ANY IMPLIED WARRANTIES ARE LIMITED IN DURATION TO THIRTY
(30) DAYS AFTER DELIVERY OF THE PROGRAM TO YOU.

7. LIMITATION OF LIABILITY. IN NO EVENT SHALL ENTERASYS OR ITS SUPPLIERS BE LIABLE FOR ANY
DAMAGES WHATSOEVER (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF BUSINESS, PROFITS,
BUSINESS INTERRUPTION, LOSS OF BUSINESS INFORMATION, SPECIAL, INCIDENTAL, CONSEQUENTIAL, OR
RELIANCE DAMAGES, OR OTHER LOSS) ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM, EVEN IF
ENTERASYS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THIS FOREGOING LIMITATION SHALL
APPLY REGARDLESS OF THE CAUSE OF ACTION UNDER WHICH DAMAGES ARE SOUGHT.

THE CUMULATIVE LIABILITY OF ENTERASYS TO YOU FOR ALL CLAIMS RELATING TO THE PROGRAM, IN
CONTRACT, TORT OR OTHERWISE, SHALL NOT EXCEED THE TOTAL AMOUNT OF FEES PAID TO ENTERASYS BY
YOU FOR THE RIGHTS GRANTED HEREIN.

8. AUDIT RIGHTS. You hereby acknowledge that the intellectual property rights associated with the Program are of critical
value to Enterasys, and, accordingly, You hereby agree to maintain complete books, records and accounts showing (i) license
fees due and paid, and (ii) the use, copying and deployment of the Program. You also grant to Enterasys and its authorized
representatives, upon reasonable notice, the right to audit and examine during Your normal business hours, Your books, records,
accounts and hardware devices upon which the Program may be deployed to verify compliance with this Agreement, including
the verification of the license fees due and paid Enterasys and the use, copying and deployment of the Program. Enterasys’ right
of examination shall be exercised reasonably, in good faith and in a manner calculated to not unreasonably interfere with Your
business. In the event such audit discovers non-compliance with this Agreement, including copies of the Program made, used
or deployed in breach of this Agr
the right, to be exercised in its sole discretion and without prior notice, to terminate this license, effective immediately, for failure
to comply with this Agreement. Upon any such termination, You shall immediately cease all use of the Program and shall return
to Enterasys the Program and all copies of the Program.

9. OWNERSHIP. This is a license agreement and not an agreement for sale. You acknowledge and agree that the Program
constitutes trade secrets and/or copyrighted material of Enterasys and/or its suppliers. You agree to implement reasonable
security measures to protect such trade secrets and copyrighted material. All right, title and interest in and to the Program shall
remain with Enterasys and/or its suppliers. All rights not specifically granted to You shall be reserved to Enterasys.

10. ENFORCEMENT. You acknowledge and agree that any breach of Sections 2, 4, or 9 of this Agreement by You may cause
Enterasys irreparable damage for which recovery of money damages would be inadequate, and that Enterasys may be entitled
to seek timely injunctive relief to protect Enterasys’ rights under this Agreement in addition to any and all remedies available at
law.

11. ASSIGNMENT. You may not assign, transfer or sublicense this Agreement or any of Your rights or obligations under this
Agreement, except that You may assign this Agreement to any person or entity which acquires substantially all of Your stock
assets. Enterasys may assign this Agreement in its sole discretion. This Agreement shall be binding upon and inure to the benefit
of the parties, their legal representatives, permitted transferees, successors and assigns as permitted by this Agreement. Any
attempted assignment, transfer or sublicense in violation of the terms of this Agreement shall be void and a breach of this
Agreement.

12. WAIVER. A waiver by Enterasys of a breach of any of the terms and conditions of this Agreement must be in writing and
will not be construed as a waiver of any subsequent breach of such term or condition. Enterasys’ failure to enforce a term upon
Your breach of such term shall not be construed as a waiver of Your breach or prevent enforcement on any other occasion.

eement, You shall promptly pay to Enterasys the appropriate license fees. Enterasys reserves

iii

13. SEVERABILITY. In the event any provision of this Agreement is found to be invalid, illegal or unenforceable, the validity,
legality and enforceability of any of the remaining provisions shall not in any way be affected or impaired thereby, and that
provision shall be reformed, construed and enforced to the maximum extent permissible. Any such invalidity, illegality, or
unenforceability in any jurisdiction shall not invalidate or render illegal or unenforceable such provision in any other
jurisdiction.

14. TERMINATION. Enterasys may terminate this Agreement immediately upon Your breach of any of the terms and
conditions of this Agreement. Upon any such termination, You shall immediately cease all use of the Program and shall return
to Enterasys the Program and all copies of the Program.

iv

v

Contents

Chapter 1: Setting Up a Switch for the First Time

Before You Begin ...........................................................................................................................................1-1

Connecting to the Switch .............................. ... ... ... ... .... ... ... ... .... ... ... ... ............................................................1-2

Downloading New Firmware ........................................................................................................................... 1-3

Deleting a Backup Image File .................................................................................................................. 1-5

Additional Configuration Tasks ........................... ... ... .... ... ... ... .... ... ... ... .... ... ... ... ...............................................1-5

Setting User Accounts and Passwords ........... ... .... ... ... ... .... ... ... ... .... ... ... ... ... .... ... ..................................... 1-5

Controlling In-band Access to the Switch .................................................................................................1-6

Changing SNMP Defaults ........................................................................................................................1-7

Saving the Configuration and Connecting Devices ........................................................................................ 1-7

Configuring a Stack of New Switches ............................................................................................................. 1-8

Where to Go Next ...........................................................................................................................................1-9

Getting Help ..................................................................................................................................................1-10

Downloading Firmware via the Serial Port ................................................................................................... 1-10

Chapter 2: Configuring Switches in a Stack

About Switch Operation in a Stack ................................................................................................................. 2-1

Stack Initialization ........ ... ... ... .... ... ... ... .... ... ... ... ... ....................................... ... .... ... ... ... .... ...........................2-1

Configuration Management ... .... ... ....................................... ... ... ... .... ... ... ... ... .... ... ... ... .... ... ........................2-2

Installing a New Stackable System of Up to Eight Units ................................................................................ 2-2

Installing Previously-Configured Systems in a Stack .....................................................................................2-3

Adding a New Unit to an Existing Stack .........................................................................................................2-3

Removing Units from an Existing Stack ......................................................................................................... 2-4

Stack Disruption Times ............................................. ... ... .... ... ... ... .... ........................................................2-4

Creating a Virtual Switch Configuration .......................................................................................................... 2-4

Example ...................................................................................................................................................2-5

Considerations About Using “clear config” in a Stack ............................... ... ... ... .... ... ... ... .... ...........................2-5

Configuring Standalone A4 Stack Ports .........................................................................................................2-6

When Uplink Ports are Configured as Ethernet Ports ............ .... ... ... ... ... .... ... ... ..................................2-6

Chapter 3: CLI Basics

Switch Management Methods ............................... ... .... ... ... ............................................................................3-1

Using the Command Line Interface ................................................................................................................3-1

Starting a CLI Session ............................................................................................................................. 3-1

Connecting Using the Console Port ...................................................................................................3-2

Connecting Using Telnet or SSH............ ... ... .... ... ... ....................................... ... ... .... ... ... ... ... .... ... ........3-2

Logging In ................................................................................................................................................3-3

Using a Default User Account ............................................................................................................3-3

Using an Administratively Configured User Account..........................................................................3-3

Clearing and Closing the CLI ................................................................................................................... 3-3

Navigating the Command Line Interface ..................................................................................................3-3

Getting Help with CLI Syntax..............................................................................................................3-3

CLI Command Defaults Descriptions .................................................................................................3-3

CLI Command Modes.........................................................................................................................3-4

Performing Keyword Lookups ................................ ... .... ... ... ... .... ... ... ..................................................3-4

Displaying Scrolling Screens..............................................................................................................3-5

Abbreviating and Completing Commands..........................................................................................3-5

Basic Line Editing Commands............................................................................................................3-6

Configuring CLI Properties ............................................................................................................................. 3-6

Example CLI Properties Configuration ..................................................................................................... 3-7

CLI Properties Display Commands ..........................................................................................................3-7

Chapter 4: System Configuration

Factory Default Settings ................................................................................................................................. 4-1

Initial Configuration Overview .........................................................................................................................4-5

Advanced Configuration Overview .................................................................................................................4-6

Licensing Advanced Features ............................ ... ... .... ... ... ... .... ... ... ...............................................................4-8

License Implementation Differences ...................... ................................................................ ..................4-8

Node-Locked Licensing......................................................................................................................4-9

Non-Node-Locked Licensing ..............................................................................................................4-9

Licensing in a Stack Environment ... ... .... ... ... ... .........................................................................................4-9

Applying Node-Locked Licenses in a Stack .....................................................................................4-10

Applying Non-Node-Locked Licenses in a Stack..............................................................................4-10

Adding a New Member to a Licensed Stack.....................................................................................4-11

Displaying and Clearing Licenses ..........................................................................................................4-11

SNTP Configuration ...................................................................................................................................... 4-11

Unicast Polling Mode ......... ... .... ... ... ... .... ...................................... .... ... ... ... ... .......................................... 4-12

Broadcast Listening Mode ......................................................................................................................4-12

SNTP Authentication ..............................................................................................................................4-12

Authentication Key and Trusted Key List..........................................................................................4-12

SNTP Defaults .......................................................................................................................................4-13

Configuring SNTP ..................................................................................................................................4-13

SNTP Configuration Example ................................................................................................................ 4-15

DHCP Configuration ..................................................................................................................................... 4-16

DHCP Relay Agent ................................................................................................................................ 4-16

DHCP Server .........................................................................................................................................4-16

IP Address Pools .................................... ... ... ... ....................................... ... ... .... ... ... ... .............................4-17

Automatic IP Address Pools.............................................................................................................4-17

Manual IP Address Pools .................................................................................................................4-17

Configuring a DHCP Server ...................................................................................................................4-17

DHCP Configuration on a Non-Routing System...............................................................................4-18

DHCP Configuration on a Routing System.......................................................................................4-18

Managing and Displaying DHCP Server Parameters ..... .... ... ... ... .... ... ... ... ... .... ... ... ... .... ... ...... ... .... ... ... ... 4-20

DHCP Server Defaults ...........................................................................................................................4-20

Configuring DHCP IP Address Pools .....................................................................................................4-21

Automatic IP Address Pool Configuration ........................................................................................4-21

Manual IP Pool Configuration...........................................................................................................4-21

Configuring Additional Pool Parameters .....................................................................................4-23

Telnet Overview ............................................................................................................................................4-23

Configuring Telnet ..................................................................................................................................4-24

SSH Overview .......................... ... .... ... ....................................... ... ... ... ..........................................................4-24

Configuring SSH ....................................................................................................................................4-24

MAC Address Settings .................................................................................................................................4-24

Age Time ................................................................................................................................................4-24

Limiting MAC Addresses to Specific VLANs ..........................................................................................4-25

Setting the MAC Algorithm Mode . ... ... .... ... ... ... ... .... ... ... ... .... ... ....................................... ... ... ... ... .............4-25

New MAC Address Detection .................................................................................................................4-25

Configuring Node Aliases ............................................................................................................................. 4-26

Chapter 5: User Account and Password Management

User Account Overview ......................................................... .... ...................................... .... ...........................5-1

Emergency Access User Account ... ... .... ... ... ... ... .... .................................................................................. 5-2

Account Lockout ....................................................................................................................................... 5-3

Port Lockout ..................................... ... ... ... ... .... ...................................... .... ... ... ... .... ... ........................5-3

User Account Configuration ......................................... ... .... ... ... ... .... ... ... ..................................................5-3

vi

Password Management Overview ..................................................................................................................5-6

System Level Password Settings ............................................................................................................. 5-6

Defaults ..............................................................................................................................................5-7

System Password Settings Configuration .................... ................................................................. ...........5-8

Password Reset Button Functionality .............................................................................................................5-9

Management Authentication Notification MIB Functionality ...........................................................................5-9

Chapter 6: Firmware Image and File Management

Managing the Firmware Image ................................. .... ... ... ... .... ... ... .......................................... .....................6-1

Downloading a Firmware Image ..............................................................................................................6-1

Downloading from a TFTP or SFTP Server........................................................................................6-2

Setting the Boot Firmware .................................. .... ... ... ... .... ... ... ... ....................................... .....................6-3

Reverting to a Previous Image ................................................................................................................. 6-3

Setting TFTP Parameters ......... ... ... ... .... ... ... ....................................... ... ... ... .... ... ... ... .... ... ... ... ..................6-4

Managing Switch Configuration and Files ......................................................................................................6-4

Configuration Persistence Mode ........ ....... ... ... .........................................................................................6-4

Using an I-Series Memory Card ...............................................................................................................6-5

Memory Card Operation................................................... ... ... .... ... ... ... ... .... ... ... ... .... ...........................6-5

Displaying and Saving the Configuration and Creating a Backup ............................................................ 6-5

Displaying the Configuration...............................................................................................................6-6

Creating a Backup Configuration File.................................................................................................6-6

Applying a Saved Configuration ............................................................................................................... 6-7

Managing Files ...... ....................................... ... ... .... ... ... ... ....................................... ... .... ...........................6-8

Chapter 7: Configuring System Power and PoE

Configuring Redundant Power Supplies .........................................................................................................7-1

Power over Ethernet Overview ........................... ... ... .... ... ... ... .... ... ..................................................................7-1

Implementing PoE ....................................................................................................................................7-2

Allocation of PoE Power to Modules ............................ ............................................................................7-2

When Manual Mode is Configured .....................................................................................................7-3

Management of PoE Power to PDs .........................................................................................................7-3

Configuring PoE .............................................................................................................................................7-4

Stackable A4, B3, and C3 Devices ..........................................................................................................7-5

Stackable B5 and C5 Devices .................................................................................................................. 7-6

G-Series Devices .....................................................................................................................................7-7

Example PoE Configuration ................................................................................................................... 7-10

PoE Display Commands ........................................................................................................................7-10

Chapter 8: Port Configuration

Port Configuration Overview ..................... ......................................................................................................8-1

Port String Syntax Used in the CLI ........... ... ... ... .... ... ... ... .... ... ... ... .... ... ... ..................................................8-1

Examples............................................................................................................................................8-2

Console Port Settings .............................................................................................................................. 8-2

VT100 Terminal Mode........................................................................................................................8-3

Port Settings .............................. ... ... ....................................... ... ... .... ........................................................8-3

Port Status....................... .... ... ... ... ....................................... ... .... ... ... ... ... ............................................8-3

Port Name or Alias .................................... ... .... ... ... ....................................... ... ... .... ... ... .....................8-3

Auto-Negotiation and Advertised Ability .............................................................................................8-4

Port Speed and Duplex Mode ................................... .... ... ... ... .... ... ... ... ... .... ... ... ..................................8-4

MDI / MDIX Cable Type......................................................................................................................8-4

Port Flow Control....................... ... .... ...................................... .... ... ... ... ... .... ........................................8-5

Jumbo Frame Support........................................................................................................................8-5

Broadcast Suppression Threshold .....................................................................................................8-5

Protected Port Mode...........................................................................................................................8-6

Displaying Port Status ..............................................................................................................................8-6

vii

Displaying Cable Status .....................................................................................................................8-7

Configuring SFP Ports for 100BASE-FX ..................................................................................................8-7

Example..............................................................................................................................................8-8

Configuring Port Link Flap Detection ..............................................................................................................8-8

Basic Link Flap Detection Configuration .................................................................................................. 8-9

Example .................................................................................................................................................8-10

Link Flap Detection Display Commands ................................................................................................8-11

Transmit Queue Monitoring .......................................................................................................................... 8-11

Port Mirroring ............................... .... ... ... ... .... ... ....................................... ... ... ... ... .... ... ................................... 8-12

Mirroring Features ..................................................................................................................................8-12

Configuring Port Mirroring ................................................................................................................8-13

Remote Port Mirroring ............................................................................................................................8-13

Configuring Remote Port Mirroring...................................................................................................8-14

Configuring SMON MIB Port Mirroring ................................................................................................... 8-15

Procedures.......................................................................................................................................8-15

Chapter 9: Configuring VLANs

VLAN Overview .............................................................................................................................................. 9-1

Using VLANs to Partition Your Network ................................................................................................... 9-1

Implementing VLANs ...................................................................................................................................... 9-2

Preparing for VLAN Configuration ............................................................................................................ 9-3

Understanding How VLANs Operate ........................ ................................................. .....................................9-3

Learning Modes and Filtering Databases ................................................................................................9-3

VLAN Assignment and Forwarding .......................................................................................................... 9-4

Receiving Frames from VLAN Ports...................................................................................................9-4

Forwarding Decisions.........................................................................................................................9-5

Example of a VLAN Switch in Operation .................................................................................................. 9-5

VLAN Support on Enterasys Switches ...........................................................................................................9-6

Maximum Active VLANs ...........................................................................................................................9-6

Configurable Range .................................................................................................................................9-6

VLAN Types .............................................................................................................................................9-6

Static and Dynamic VLANs ................................................................................................................9-6

Port-Based VLANs .............................................................................................................................9-6

Policy-Based VLANs ..........................................................................................................................9-7

GARP VLAN Registration Protocol (GVRP) Support ...............................................................................9-7

How It Works ......................................................................................................................................9-7

Configuring VLANs ......................................................................................................................................... 9-8

Default Settings ........................................................................................................................................9-9

Configuring Static VLANs .........................................................................................................................9-9

Example Configuration .....................................................................................................................9-11

Creating a Secure Management VLAN .. ... ... ... ... .... ... ... .......................................................................... 9-11

Configuring Dynamic VLANs ..................................................................................................................9-12

Configuring Protocol-Based VLAN Classification ...................................................................................9-13

Example Configuration .....................................................................................................................9-13

Monitoring VLANs ..................................... ... ... ... ....................................... ... .... ... ... ... .... .........................9-14

Terms and Definitions ................................................................................................................................... 9-14

Chapter 10: Configuring User Authentication

User Authentication Overview ......................... ....................................... ... ... ... ... .... ... ... ... .... ... ......................10-1

Implementing User Authentication ......................................................................................................... 10-2

Authentication Methods ................................... ... .... ... ... ... .... ... ....................................... ... ... ...................10-2

IEEE 802.1x Using EAP ...................................................................................................................10-2

MAC-Based Authentication (MAC)...................................................................................................10-2

Port Web Authentication (PWA) .......................................................................................................10-3

Multi-User And MultiAuth Authentication..........................................................................................10-3

viii

Remote Authentication Dial-In Service (RADIUS) .................................... ... .... ... ...................................10-7

How RADIUS Data Is Used..............................................................................................................10-8

The RADIUS Filter-ID.......................................................................................................................10-8

RFC 3580 — VLAN Authorization ....................................................................................................10-8

Policy Maptable Response.............................................................................................................10-10

Configuring Authentication .........................................................................................................................10-12

Configuring IEEE 802.1x ...................................................................................................................... 10-14

Configuring MAC-based Authentication ............................................................................................... 10-15

Configuring Port Web Authentication (PWA) .......................................................................................10-16

Optionally Enable Guest Network Privileges.......................................... .... ... ... ... ...........................10-17

Configuring MultiAuth Authentication ...................................................................................................10-17

Setting MultiAuth Authentication Mode...........................................................................................10-17

Setting MultiAuth Authentication Precedence ................................................................................10-18

Setting MultiAuth Authentication Port Properties............................................................................10-18

Setting MultiAuth Authentication Timers.........................................................................................10-19

Displaying MultiAuth Configuration Information..............................................................................10-20

Configuring VLAN Authorization ..........................................................................................................10-20

Configuring RADIUS ............................................................................................................................10-21

Configuring the Authentication Server.................... ... .... ... ... ... .... ... ... ... ... .... ... ... ..............................10-21

Configuring User + IP Phone Authentication .......................................................................................10-22

Example..........................................................................................................................................10-23

Authentication Configuration Example ............................................ ... .... ... ... ... ... .... ... ................................. 10-25

Configuring MultiAuth Authentication ...................................................................................................10-26

Enabling RADIUS On the Switch ......................................................................................................... 10-26

Creating RADIUS User Accounts on the Authentication Server .......................................................... 10-26

Configuring the Engineering Group 802.1x End-User Stations ............................................................10-26

Configuring the Printer Cluster for MAC-Based Authentication ...........................................................10-27

Configuring the Public Area PWA Station .......... .... ... ... ... .... ... ... ... .... ... ... ... ... .... ... ... ... ...........................10-28

Terms and Definitions ................................................................................................................................. 10-28

Chapter 11: Configuring Link Aggregation

Link Aggregation Overview .................... ... .... ... ... ....................................... ... ... ... .... ... ... ... .... .........................11-1

Using Link Aggregation in a Network ..................................................................................................... 11-1

Implementing Link Aggregation ..............................................................................................................11-2

LACP Operation .....................................................................................................................................11-2

How a LAG Forms ..................................................................................................................................11-3

Attached Ports ................................. ... .... ... ... ... ... .... ... ....................................... ... ... ... .... .........................11-5

Single Port Attached State Rules .....................................................................................................11-7

LAG Port Parameters .............................................................................................................................11-7

Static Port Assignment .... ... ... ....................................... ... .... ... ... ... .... ... ... ... ... .......................................... 11-8

Flexible Link Aggregation Groups ..........................................................................................................11-8

Configuring Link Aggregation .......................................................................................................................11-9

Link Aggregation Configuration Example ...................................................................................................11-11

Configuring the S8 Distribution Switch ............. ... ... ... .... .................................................................11-14

Configuring the Fixed Switch Stack 1.............................................................................................11-14

Configuring the Fixed Switch Stack 2.............................................................................................11-14

Configuring the Server....................................................................................................................11-15

Terms and Definitions ................................................................................................................................. 11-15

Chapter 12: Configuring SNMP

SNMP Overview ...........................................................................................................................................12-1

Implementing SNMP .............................................................................................................................. 12-1

SNMP Concepts ...........................................................................................................................................12-2

Manager/Agent Model Components ......................................................................................................12-2

Message Functions ................................................................................................................................ 12-2

ix

Trap Versus Inform Messages ................................................................... ... ... ... .... ... ... ... ... .... ... ......12-3

Access to MIB Objects ...........................................................................................................................12-3

Community Name Strings.................................................................................................................12-3

User-Based.......................................................................................................................................12-3

SNMP Support on Enterasys Switches ........................................................................................................12-3

Versions Supported ................................................................................................................................12-4

SNMPv1 andv2c Network Management Components .....................................................................12-4

SNMPv3 User-Based Security Model (USM) Enhancements ..........................................................12-4

Terms and Definitions ............................................................................................................................12-5

Security Models and Levels ...................................................................................................................12-6

Access Control .......................................................................................................................................12-6

Configuring SNMP ........................................................................................................................................ 12-7

Configuration Basics .................................... ... ... .... ... ... ... .... ... ... ... ..........................................................12-7

How SNMP Processes a Notification Configuration ............................................................................... 12-7

SNMP Defaults ....................................................................................................................................... 12-8

Device Start Up Configuration..........................................................................................................12-8

Configuring SNMPv1/SNMPv2c .............................................................................................................12-9

Creating a New Configuration ..........................................................................................................12-9

Adding to or Modifying the Default Configuration...........................................................................12-10

Configuring SNMPv3 ............................................................................................................................12-10

Configuring an SNMPv3 Inform or Trap Engine ID ........................................................................12-13

Configuring an SNMP View............................................................................................................12-14

Configuring Secure SNMP Community Names ...................................................................................12-15

Example..........................................................................................................................................12-17

Reviewing SNMP Settings .......................................................................................................................... 12-18

Chapter 13: Configuring Neighbor Discovery

Neighbor Discovery Overview ...................................................................................................................... 13-1

Neighbor Discovery Operation ...............................................................................................................13-1

LLDP-MED ...................................... .................................................................... ...................................13-3

LLDPDU Frames ....................................................................................................................................13-5

Configuring LLDP ......................................................................................................................................... 13-7

LLDP Configuration Commands .. .......................................................................................................... 13-7

Basic LLDP Configuration ...................................................................................................................... 13-9

Example LLDP Configuration: Time to Live......................................................................................13-9

Example LLDP Configuration: Location Information.........................................................................13-9

LLDP Display Commands ............ ... ... .... ... ....................................... ... ... ... ... .... ... ... ... .... ... ....................13-10

Configuring Enterasys Discovery Protocol .................................................................................................13-10

Enterasys Discovery Protocol Configuration Commands .................................................................... 13-10

Example Enterasys Discovery Protocol Configuration .........................................................................13-11

Enterasys Discovery Protocol Show Commands ................................... ... ... .... ... ... ... .... ... ... ... ... .... ... ... . 1 3-11

Configuring Cisco Discovery Protocol ........................................................................................................13-11

Cisco Discovery Protocol Configuration Commands ...........................................................................13-12

Example Cisco Discovery Protocol Configuration ................................................................................13-12

Cisco Discovery Protocol Configuration Commands ...........................................................................13-12

Chapter 14: Configuring Syslog

System Logging Overview ............................................................................................................................ 14-1

Syslog Operation .......................................................................................................................................... 14-2

Syslog Operation on Enterasys Devices ................................................................................................ 14-2

Filtering by Severity and Facility ........ .... ... ... ... ... .... ... ... ... .... ... ... ... .... ... ...................................................14-2

Syslog Components and Their Use ..............................................................................................................14-3

Basic Syslog Scenario ........................................................................................................................... 14-5

Interpreting Messages .................................................................................................................................. 14-6

Example .................................................................................................................................................14-6

x

About Security Audit Logging .......................................................................................................................14-6

Security Events Logged .........................................................................................................................14-7

Trap Generation .............. ... ... .... ... ... ... ....................................... ... .... ... ... ... ... .... ... ... ... .............................14-7

Format Examples ............ ... ... .... ...................................... .... ... ... ... .... ... ...................................................14-8

Configuring Syslog ....................................................................................................................................... 14-8

Syslog Command Precedence ...............................................................................................................14-8

About Server and Application Severity Levels ....................................................................................... 14-9

Configuring Syslog Server(s) .................................................................................................................14-9

Example............................................................................................................................................14-9

Modifying Syslog Server Defaults ........................................................................................................ 14-10

Displaying System Logging Defaults..............................................................................................14-10

Modifying Default Settings..............................................................................................................14-10

Reviewing and Configuring Logging for Applications ...........................................................................14-10

Displaying Current Application Severity Levels..............................................................................14-11

Enabling Console Logging and File Storage ............................. ... .... ... ... ... ... .... .................................... 14-11

Displaying to the Console and Saving to a File............................................................. ... ... .... .......14-11

Configuration Examples ........ .... ... ... ... .... ...................................... .... ... ... ... ... .... ... ... ... .... .......................14-12

Enabling a Server and Console Logging........................................................................................14-12

Adjusting Settings to Allow for Logging at the Debug Level ...........................................................14-12

Chapter 15: Configuring Spanning Tree

Spanning Tree Protocol Overview ................................................................................................................15-1

Why Use Spanning Trees? ....................................................................................................................15-2

Spanning Tree on Enterasys Platforms .................................................................................................15-2

STP Operation .............................................................................................................................................. 15-3

Rapid Spanning Tree Operation ............................................................................................................15-4

Multiple Spanning Tree Operation ......................................................................................................... 15-4

Functions and Features Supported on Enterasys Devices ..........................................................................15-6

Spanning Tree Versions ..................................... .... ... ... ... .... ... ... ... ....................................... ...................15-6

Maximum SID Capacities .......................................................................................................................15-6

Network Diameter ..................................................................................................................................15-6

Port Forwarding ...................................... ... ... ... ... .... ... ... ... .... ...................................... .... .........................15-6

Disabling Spanning Tree ........................................................................................................................ 15-7

STP Features .........................................................................................................................................15-7

SpanGuard.......................................................................................................................................15-7

Loop Protect.................... .... ... ... ... .... ... ... ... ....................................... ... ... .... ... ... ... .............................15-7

Updated 802.1t.................................................................................................................................15-8

Multisource Detection................................................................................. ... ... ... .... ... ... ...................15-8

Spanning Tree Basics ..................................................................................................................................15-9

Spanning Tree Bridge Protocol Data Units ......................................... ... ... ............................................. 15-9

Electing the Root Bridge ........... ... ... ... .... ... ... ... ... .... ...................................... .... ... ... ... .... ... ... ...................15-9

Assigning Path Costs ............................................................................................................................. 15-9

Paths to Root .......................................................................................................................................15-10

Identifying Designated, Alternate, and Backup Port Roles ..................................................................15-12

Assigning Port States ...........................................................................................................................15-13

RSTP Operation ...................................................................................................................................15-14

MSTP Operation ..................................................................................................................................15-14

Common and Internal Spanning Tree (CIST).................................................................................15-14

MST Region............... ... ... .... ... ... ....................................... ... ... .... ... ... ..............................................15-15

Multiple Spanning Tree Instances (MSTI) ......................................................................................15-16

Configuring STP and RSTP ........................................................................................................................ 15-19

Reviewing and Enabling Spanning Tree ..............................................................................................15-20

Example..........................................................................................................................................15-20

Adjusting Spanning Tree Parameters ..................................................................................................15-20

Setting Bridge Priority Mode and Priority........................................................................................15-21

xi

Setting a Port Priority................................................. .... ... ... ... .... ....................................................15-21

Assigning Port Costs ......................................................................................................................15-22

Adjusting Bridge Protocol Data Unit (BPDU) Intervals ...................................................................15-22

Enabling the Backup Root Function .....................................................................................................15-23

Adjusting RSTP Parameters ................................................................................................................15-23

Defining Edge Port Status ..............................................................................................................1 5-24

Configuring MSTP ...................................................................................................................................... 15-24

Example 1: Configuring MSTP for Traffic Segregation ........................................................................15-25

Example 2: Configuring MSTP for Maximum Bandwidth Utilization ..................................................... 15-27

Adjusting MSTP Parameters ................................................................................................................ 15-28

Monitoring MSTP ..... ....................................... ... .... ... ....................................... ... ... ... ...........................15-29

Understanding and Configuring SpanGuard ..............................................................................................15-29

What Is SpanGuard? ............................................................................................................................15-29

How Does It Operate? ..........................................................................................................................15-30

Configuring SpanGuard ....................................................................................................................... 15-30

Reviewing and Setting Edge Port Status................ ... .... ... ... ... .... ... ... ... ... .... ... ... ... .... .......................15-30

Enabling and Adjusting SpanGuard ...............................................................................................15-30

Monitoring SpanGuard Status and Settings..................... ... ... .... ... ... ... ... .... ... ... ... .... ... ... ... ... .... ... ....15-31

Understanding and Configuring Loop Protect ............................................................................................15-31

What Is Loop Protect? ..........................................................................................................................15-31

How Does It Operate? ..........................................................................................................................15-31

Port Modes and Event Triggers......................................................................................................15-32

Example: Basic Loop Protect Configuration...................................................................................15-32

..................................................................................................................... Configuring Loop Protect 15-33

Enabling or Disabling Loop Protect ................................................................................................15-34

Specifying Loop Protect Partners...................................................................................................15-34

Setting the Loop Protect Event Threshold and Window................................................ ... ... .... ... ... .15-34

Enabling or Disabling Loop Protect Event Notifications .................................................................15-35

Setting the Disputed BPDU Threshold...........................................................................................15-35

Monitoring Loop Protect Status and Settings......................... .... ... ... ... ... .... ... ... ... .... ... ... ... ... .... ... ... .15-35

Terms and Definitions ................................................................................................................................. 15-36

Chapter 16: Configuring Policy

Using Policy in Your Network ....................................................................................................................... 16-1

Standard and Enhanced Policy on Enterasys Platforms ........................................................................16-2

Implementing Policy ............................................................................................................................... 16-2

Policy Configuration Overview ...................................................................................................................... 16-2

Using the Enterasys NetSight Policy Manager ......................................................................................16-2

Understanding Roles in a Secure Network ............................................................................................ 16-3

The Policy Role ................................................................................................................................16-3

Defining Policy Roles .............................................................................................................................16-3

Setting a Default VLAN for a Role....................................................................................................16-4

Adding Tagged, Untagged, and Forbidden Ports to the VLAN Egress Lists....................................16-4

Assigning a Class of Service to a Role.............................................................................................16-4

Defining Policy Rules .............................................................................................................................16-5

Admin Rules.....................................................................................................................................16-5

Traffic Classification Rules ...............................................................................................................16-5

Applying Policy .......................................................................................................................................16-7

Applying a Default Policy..................................................................................................................16-8

Applying Policies Dynamically..........................................................................................................16-8

Blocking Non-Edge Protocols at the Edge Network Layer ...............................................................16-8

Configuring Policy ......................................................................................................................................... 16-9

Policy Configuration Example ..................................................................................................................... 16-12

Roles .................................. .............................................................. ....................................................16-13

Policy Domains ....................................................................................................................................16-13

xii

Basic Edge .....................................................................................................................................16-13

Standard Edge................................................................................................................................16-14

Premium Edge................................................................................................................................16-14

Premium Distribution ......................................................................................................................16-14

Platform Configuration ......................................................................................................................... 16-14

Configuring Guest Policy on Edge Platforms .................................................................................16-15

Configuring Policy for the Edge Student Fixed Switch ...................................................................16-15

Configuring PhoneFS Policy for the Edge Fixed Switch.................................................................16-16

Configuring Policy for the Edge Faculty Fixed Switch....................................................................16-17

Terms and Definitions ................................................................................................................................. 16-18

Chapter 17: Configuring Quality of Service

Quality of Service Overview ............................... ... ... .... ... ... ... .... ... ... ... ..........................................................17-1

Implementing QoS ................................................................................................................................. 17-1

Quality of Service Operation .................................. ... ... ... .... ...................................... .... ... ... ...................17-2

Class of Service (CoS) .................................... ... .... ... ... ... .... ...................................... .... ... ......................17-2

CoS Settings ..........................................................................................................................................17-3

CoS Hardware Resource Reference................................................................................................17-3

CoS Flood Control State...................................................................................................................17-3

CoS Priority and ToS Rewrite...........................................................................................................17-3

CoS Reference .......................................................................................................................................17-4

Port Group and Type........................................................................................................................17-4

CoS Settings Reference to Port Resource Mapping ........................................................................17-5

Port Resources ........ .... ... ... ... .... ...................................... .... ... ... ... .... ......................................................17-5

Port Configuration ........................................ ... ... .... ... ... ... .... ... ... ... ..........................................................17-5

Preferential Queue Treatment for Packet Forwarding ........................................................................... 17-6

Strict Priority Queuing.......... ... ... ... .... ... ... ... ....................................... ... ... .... ... ... ... .............................17-6

Weighted Fair Queuing.............. ... .... ... ... ... ... .... ... ... ... .... ... ....................................... ... ... ... ... .............17-6

Hybrid Queuing.................................................................................................................................17-7

Rate Limiting ..........................................................................................................................................17-8

Flood Control ................................... ... .... ...................................... .... ... ... ................................................17-9

CoS Hardware Resource Configuration ....................................................................................................... 17-9

IRL Configuration ...................................................................................................................................17-9

CoS Port Configuration Layer...........................................................................................................17-9

CoS Port Resource Layer...............................................................................................................17-10

CoS Reference Layer.....................................................................................................................17-10

CoS Settings Layer.........................................................................................................................17-10

Enable CoS State...................................................... .... ... ... ....................................... ... ... ..............17-10

IRL Configuration Example Show Command Output .....................................................................17-10

Flood Control Configuration ......................................... ... .... ... ... ... .... ... ... .............................................. 17-12

CoS Port Configuration Layer.........................................................................................................17-12

CoS Port Resource Layer...............................................................................................................17-12

CoS Reference Layer.....................................................................................................................17-12

CoS Settings Layer.........................................................................................................................17-12

Enable CoS State...................................................... .... ... ... ....................................... ... ... ..............17-12

Flood Control Configuration Example Show Command Output .... ... ... ... .... ... ... ... .... ... ... .................17-12

Enabling CoS State ..............................................................................................................................17-13

The QoS CLI Command Flow ....................................................................................................................17-14

Port Priority and Transmit Queue Configuration .........................................................................................17-15

Setting Port Priority ...................................... ... ... .... ... ... ... .... ... ... ...........................................................17-15

Example..........................................................................................................................................17-15

Mapping Port Priority to Transmit Queues ........................................................................................... 17-15

Example..........................................................................................................................................17-16

Setting Transmit Queue Arbitration ...................................................................................................... 17-16

Port Traffic Rate Limiting ............................................................................................................................17-17

xiii

Examples ............................................................................................................................................. 17-18

Chapter 18: Configuring Network Monitoring

Basic Network Monitoring Features ..............................................................................................................18-1

Console/Telnet History Buffer ................................................................................................................18-1

Network Diagnostics .............................................................................................................................. 18-2

Switch Connection Statistics . ....................................... ... .... ... ... ... ....................................... ...................18-2

Users .................................. ............................. ................................. ......................................................18-3

RMON .................................... ................ ................ ................ ................. ................ ......................................18-3

RMON Design Considerations ...............................................................................................................18-4

Configuring RMON .................................................................................................................................18-5

sFlow ............................................................................................................................................................18-9

Using sFlow in Your Network ............................. .................................................................... ..............18-10

Definitions ............................................................................................................................................18-10

sFlow Agent Functionality ....................................................................................................................18-11

Sampling Mechanisms ......................................................................................................................... 18-11

Packet Flow Sampling....................................................................................................................18-11

Counter Sampling................... ... ... .... ... ... ... ... ....................................... ... .... ... ... ... .... .......................18-11

Sampling Implementation Notes.....................................................................................................1 8-12

Configuring sFlow ................................................................................................................................18-12

Overview.........................................................................................................................................18-12

Procedure.......................................................................................................................................18-14

Chapter 19: Configuring Multicast

Using Multicast in Your Network ................................................................................................................... 19-1

Implementing Multicast .......................................................................................................................... 19-1

Multicast Operation ................................................................................................................................ 19-2

Internet Group Management Protocol (IGMP) .......................................................................................19-2

Overview...........................................................................................................................................19-2

IGMP Support on Enterasys Devices...............................................................................................19-3

Example: Sending a Multicast Stream..............................................................................................19-4

Distance Vector Multicast Routing Protocol (DVMRP) ........................................................................... 19-5

Overview...........................................................................................................................................19-5

DVMRP Support on Enterasys Devices ...........................................................................................19-5

Protocol Independent Multicast (PIM) .................................................................................................. 19-11

Overview.........................................................................................................................................19-11

PIM Support on Enterasys Devices................................................................................................19-13

PIM Terms and Definitions.............................................................................................................19-14

Configuring IGMP .......................................................................................................................................19-15

Basic IGMP Configuration ....................................................................................................................19-17

Example IGMP Configuration on Layer 3.......................................................................................19-17

IGMP Display Commands ....................................................................................................................19-18

Configuring DVMRP ................................................................................................................................... 19-18

DVMRP Configuration Commands ........... ... ... ... ..................................................................................19-18

Basic DVMRP Configuration ................................................................................................................19-19

Example DVMRP Configuration .....................................................................................................19-19

Displaying DVMRP Information ............................................................................................................19-20

Configuring PIM-SM ................................................................................................................................... 19-21

Design Considerations .......... .... ... ... ... .... ...................................... .... ... ... ... ... .... ... ... ... .... .......................19-21

PIM-SM Configuration Commands .... .... ... ... ... ... .... ... ... ........................................................................ 19-21

Basic PIM-SM Configuration ................................................................................................................19-22

Example Configuration ...................................................................................................................19-22

PIM-SM Display Commands ........................................ ... .... ... ... ... .... ... ... ... ... .... .................................... 19-24

xiv

Chapter 20: IP Configuration

Enabling the Switch for Routing ................................................................................................................... 20-1

Router Configuration Modes .................................................................................................................. 20-1

Entering Router Configuration Modes .... ... .............................................................................................20-2

Example .................................................................................................................................................20-3

Routing Interfaces ........................................................................................................................................ 20-3

IPv4 Interface Addresses .......................................................................................................................20-3

IP Static Routes ............................... ... ... ... .... ... ... ....................................... ... ... ... .... ... ... ................................ 20-4

Configuring Static Routes ...................................................................................................................... 20-5

Testing Network Connectivity ....................................................................................................................... 20-5

The ARP Table ............................................................................................................................................. 20-6

Proxy ARP .............................................................................................................................................. 20-7

ARP Configuration .......... ... ... .... ... ... ... .... ... ....................................... ... ... ... ... .... ... ... ... .... ... ......................20-7

IP Broadcast Settings ............................................................ ....................................... ... ............................. 20-7

Directed Broadcast .................................................................................................................................20-7

UDP Broadcast Forwarding ...... ... ... ... .... ... ... ... ... .... ... ... ....................................... ... ... .... ... ... ... ................20-8

DHCP and BOOTP Relay ......................................................................................................................20-9

IP Broadcast Configuration ....................................... ... ....................................... ... ... .... ... ... ...................20-9

Configuring ICMP Redirects ....................................................................................................................... 20-10

Terms and Definitions ................................................................................................................................. 20-10

Chapter 21: IPv4 Basic Routing Protocols

Configuring RIP ............................................................................................................................................ 21-1

Using RIP in Your Network .................................................................................................................... 21-1

RIP Configuration Overview ...................................................................................................................21-1

RIP Router Configuration .................................................................................................................21-1

RIP Interface Configuration ..............................................................................................................21-2

RIP Configuration Example ....................................................................................................................21-3

Configuring IRDP ..........................................................................................................................................21-5

Using IRDP in Your Network ..................................................................................................................21-5

IRDP Configuration Overview ................................................................................................................21-5

IRDP Configuration Example ................................................................................................................. 21-5

Chapter 22: Configuring OSPFv2

OSPF Overview ..................... ... ... .... ... ... ... .... ... ....................................... ... ... ... ............................................. 22-1

OSPF Areas .... ... ... ... .... ... ... ... .... ...................................... .... ... ....................................... .........................22-2

OSPF Router Types . .... ... ... ... ....................................... ... .... ... ....................................... ... ... ...................22-3

Designated Router ....................................... ... ... .... ... ... ... .... ... ... ... ..........................................................22-3

Authentication ........................................................................................................................................22-3

Basic OSPF Topology Configuration ............................ ................................................ ................................22-3

Configuring the Router ID ...................................................................................................................... 22-4

Configuring the Designated Router ........ ... ... ... ... .... ... ... ... .... ... .......................................... ... ... ... .............22-5

Configuring Router Priority ...............................................................................................................22-6

Example............................................................................................................................................22-6

Configuring the Administrative Distance for OSPF Routes .............. ...................................... ................22-7

Configuring SPF Timers ......................................................................................................................... 22-7

Configuring OSPF Areas .............................................................................................................................. 22-8

Configuring Area Range ......................................................................................................................... 22-8

Example............................................................................................................................................22-8

Configuring a Stub Area ........ .... ... ... ....................................... ... ... .... ... ... ... ... .... ... ... ................................ 22-9

Stub Area Default Route Cost ........................................................................................................22-10

Example..........................................................................................................................................22-10

Configuring a Not So Stubby Area (NSSA) ..........................................................................................22-11

Example..........................................................................................................................................22-12

Configuring Area Virtual-Links ............................................................................................................. 22-12

xv

Configuring Area Virtual-Link Authentication..................................................................................22-14

Configuring Area Virtual-Link Timers..............................................................................................22-14

Configuring Route Redistribution .........................................................................................................22-14

Configuring Passive Interfaces ............................................................................................................22-14

Configuring OSPF Interfaces ...................................................................................................................... 22-15

Configuring Interface Cost ...................................................................................................................22-15

Configuring Interface Priority ................................................................................................................ 22-15

Configuring Authentication ................................................................................................................... 22-15

Configuring OSPF Interface Timers ..................................................................................................... 22-16

Default Settings .......................................................................................................................................... 22-16

Configuration Procedures ......................... .... ... ... ... ... .... ... ... ... .... ... ....................................... .......................22-17

Basic OSPF Router Configuration .......................................................................................................22-17

OSPF Interface Configuration ......... ... ................................................................................. .................22-18

OSPF Area Configuration ......... ... ... ... .... ... ... ........................................................................................ 22-18

Managing and Displaying OSPF Configuration and Statistics .............................................................22-19

Chapter 23: Configuring VRRP

VRRP Overview ............................................................................................................................................23-1

VRRP Virtual Router Creation ................................................................................................................23-2

VRRP Master Election ........................................................................................................................... 23-2

Enabling Master Preemption .................................................................................................................. 23-3

Enabling ICMP Replies ..........................................................................................................................23-3

Configuring VRRP Authentication ..........................................................................................................23-3

Enabling the VRRP Virtual Router ......................................................................................................... 23-3

Configuring VRRP ........................................................................................................................................ 23-3

Configuration Examples ........ .... ... ... ... .... ...................................... .... ... ... ... ... .... ... ... ... .... .........................23-4

Basic VRRP Configuration ...............................................................................................................23-4

Multiple Backup VRRP Configuration...............................................................................................23-6

Terms and Definitions ................................................................................................................................... 23-8

Chapter 24: Configuring Access Control Lists

Using Access Control Lists (ACLs) in Your Network ....................................................................................24-1

Implementing ACLs ...................................................................................................................................... 24-1

ACL Configuration Overview ........................................................................................................................24-2

Creating IPv4 ACLs ................................... ... ....................................... ... ... ... .... ... ... ................................ 24-2

Creating IPv6 and MAC ACLs ................................................................................................................24-2

Creating ACL Rules ........... ... .... ... ... ... .... ... ... ....................................... ... ... ... .... ... ... ... .... ... ......................24-3

IPv4 Rules ........................................................................................................................................24-3

IPv6 Rules ........................................................................................................................................24-4

MAC Rules .......................................................................................................................................24-4

Managing ACLs ...................................... ... ... ... ... .... ...................................... .... ... ... ... .... ... ......................24-4

Deleting ACLs and Rules .................................................................................................................24-4

Moving ACL Rules............................................................................................................................24-5

Replacing ACL Rules .......................................................................................................................24-5

Inserting ACL Rules..........................................................................................................................24-6

Applying ACLs ........................................................................................................................................24-6

Configuring ACLs .........................................................................................................................................24-7

Configuring IPv4 ACLs ...........................................................................................................................24-7

Example............................................................................................................................................24-8

Configuring IPv6 ACLs ...........................................................................................................................24-8

Example............................................................................................................................................24-9

Configuring MAC ACLs ........................................................................................................................24-10

Example..........................................................................................................................................24-10

Access Control Lists on the A4 ................................................................................................................... 24-11

Configuring A4 ACLs ............................................................................................................................24-12

xvi

Extended IPv4 ACL Configuration..................................................................................................24-12

MAC ACL Configuration .................................................................................................................24-13

Chapter 25: Configuring and Managing IPv6

Managing IPv6 .......................... ... .... ... ....................................... ... ... ... .... ... ... ................................................ 25-1

Configuring IPv6 Management ......................................................................................................... ......25-2

Example............................................................................................................................................25-2

Monitoring Network Connections ........................................ ... ... ... .... ......................................................25-3

IPv6 Routing Configuration ........................................................................................................................... 25-3

Overview ................................................................................................................................................ 25-3

Defaults ................................. .............................................................. ...................................................25-4

Setting Routing General Parameters ..................................................................................................... 25-5

Configuring Routing Interfaces ...............................................................................................................25-5

IPv6 Addressing ...............................................................................................................................25-5

Enabling an Interface for IPv6 Routing.............................................................................................25-6

Configuration Examples ............................... .... ... ... ... .... ... ... ....................................... ... ... ... .............25-6

Creating Tunnel Interfaces .... .... ... ... ... .... ... .............................................................................................25-7

Configuring Static Routes ...................................................................................................................... 25-9

Viewing Routing Information ................................................................................................................ 25-10

Testing Network Connectivity ...............................................................................................................25-11

IPv6 Neighbor Discovery ............................................................................................................................25-11

Duplicate Address Detection ................................................................................................................25-11

Neighbor Solicitation Messages ........................................................................................................... 25-12

Router Advertisements .........................................................................................................................25-12

Cache Management ..... ... ....................................... ... ... ... .... ... ... ....................................... ... .................25-12

Neighbor Discovery Configuration .......................................................................................................25-13

DHCPv6 Configuration ...............................................................................................................................25-14

DHCPv6 Relay Agent Configuration .................................................................................................... 25-14

DHCPv6 Server Configuration ............................................................................................................. 25-15

Pool Configuration..........................................................................................................................25-15

Server Configuration............ ... ... ... .... ... ....................................... ... ... ... ... .... ....................................25-15

Default Conditions ................................................................................................................................25-16

Configuration Examples ........ .... ... ... ... .... ...................................... .... ... ... ... ... .... ... ... ... .... .......................25-16

Viewing DHCPv6 Statistics ..................................................................................................................25-18

Chapter 26: Configuring Security Features

Security Mode Configuration ........................ ... ... ... ... .... ... ... ... .... ... ... ... .... ......................................................26-1

About the Security Mode ........................................................................................................................ 26-1

Configuring the Security Mode .................. ... .... ... ... ... .... ... ................................................................26-2

Security Mode and SNMP ...................................................................................................................... 26-2

Security Mode and User Authentication and Passwords .......................................................................26-3

Security Mode and System Logging ...................................................................................................... 26-3

Security Mode and File Management ....................................................................................................26-4

IPsec Configuration ..................... .... ... ... ... .... ... ... ... ... .... ...................................... .... ... ... ... .............................26-4

About IPsec ............................................................................................................................................ 26-4

IPsec Defaults ....... ... .... ...................................... .... ... ... ....................................... ... ... .... .........................26-5

IPsec Configuration .. .... ...................................... .... ... ... ... .... ... ....................................... ... ......................26-5

RADIUS Management Authentication .......................................................................................................... 26-6

Request Transmission ........................................................................................................................... 26-6

Response Validation .............................................................................................................................. 26-7

Password Changing ............................................................................................................................... 26-7

Example .................................................................................................................................................26-7

MAC Locking ................................................................................................................................................26-7

First Arrival Configuration .......................................................................................................................26-8

MAC Locking Notifications ..................................................................................................................... 26-8

xvii

Disabling and Enabling Ports ................................................................................................................. 26-9

MAC Locking Defaults ..................................... ... .... ... ... ... .... ... ... ....................................... ... ...................26-9

MAC Locking Configuration ................................................................................................................. 26-10

TACACS+ ................................. .......................................................... ........................................................ 26-11

TACACS+ Client Functionality .............................................................................................................26-12

Session Authorization and Accounting...........................................................................................26-12

Command Authorization and Accounting .......................................................................................26-12

Configuring the Source Address............. ... ... .... ... ... ........................................................................26-13

Default Settings ....................................................................................................................................26-13

Basic TACACS+ Configuration ............................................................................................................26-14

Example TACACS+ Configuration .......................................................................................................26-15

TACACS+ Display Commands ............................................................................................................26-15

Service ACLs ..............................................................................................................................................26-16

Restricting Management Access to the Console Port ............................... ... .... ... ... ... .... ... ... .................26-17

Configuring a Service Access Control List ...........................................................................................26-17

DHCP Snooping ........................................................................................................................................ 26-18

DHCP Message Processing .................................................................................................................26-18

Building and Maintaining the Database ........................... ....................................... ... .... .......................26-19

Rate Limiting ........................................................................................................................................26-19

Basic Configuration .............................................................................................................................. 26-19

Configuration Notes................... ... .... ... ....................................... ... ... ... ... .... ... .................................26-20

Default Parameter Values ..............................................................................................................26-20

Managing DHCP Snooping ............. ... ................................................................................. .................26-21

Dynamic ARP Inspection ........................................................................................................................... 26-22

Functional Description .................................. ... ... .... ... ... ... .... ...................................... .... ... ....................26-22

Static Mappings...................................................... ... .... ... ....................................... ... ... .................26-22

Optional ARP Packet Validation.....................................................................................................26-22

Logging Invalid Packets..................................................................................................................26-23

Packet Forwarding..........................................................................................................................26-23

Rate Limiting...................................................................................................................................26-23

Eligible Interfaces ...........................................................................................................................26-23

Interaction with Other Functions.....................................................................................................26-23

Basic Configuration .............................................................................................................................. 26-24

Default Parameter Values ..............................................................................................................26-24

Managing Dynamic ARP Inspection ............................. ... .... ... ... ... .... ... ... ... ... .... ... ... ... .... .......................26-24

Example Configuration ......................................................................................................................... 26-25

Non-Routing Example ....................................................................................................................26-25

Routing Example ............................................................................................................................26-26

Figures

3-1 CLI Startup Screen............................................................................................................................. 3-2

3-2 Sample CLI Defaults Description........................................................................................................3-4

3-3 Performing a Keyword Lookup .................. ... .... ... ... ... .... ... ... ... .... ... .....................................................3-4

3-4 Performing a Partial Keyword Lookup................................................................................................3-4

3-5 Scrolling Screen Output......................................................................................................................3-5

3-6 Abbreviating a Command...................................................................................................................3-5

9-1 VLAN Business Scenario ...................................................................................................................9-2

9-2 Inside the Switch ................................. ... ... ....................................... ... ... .... ... ... ... ...............................9-5

9-3 Example of VLAN Propagation Using GVRP ..................................................................................... 9-8

10-1 Applying Policy to Multiple Users on a Single Port........................ ... ... ... .... ... ... ... ............................. 10-5

10-2 Authenticating Multiple Users With Different Methods on a Single Port........................................... 10-6

10-3 Selecting Authentication Method When Multiple Methods are Validated ......................................... 10-7

10-4 Stackable Fixed Switch Authentication Configuration Example Overview ..................................... 10-25

11-1 LAG Formation ................................................................................................................................. 11-4

11-2 LAGs Moved to Attached State ........................................................................................................11-6

xviii

11-3 Link Aggregation Example............ .... ... ... ........................................................................................11-12

13-1 Communication between LLDP-enabled Devices ............................................................................ 13-3

13-2 LLDP-MED .......................................................................................................................................13-5

13-3 Frame Format................................................................................................................................... 13-6

14-1 Basic System Scenario..................................................................................................................... 14-5

15-1 Redundant Link Causes a Loop in a Non-STP Network .................................................................. 15-2

15-2 Loop Avoided When STP Blocks a Duplicate Path .......................................................................... 15-2

15-3 Multiple Spanning Tree Overview.....................................................................................................15-5

15-4 Root Port Selection Based On Lowest Cost or Bridge ID............................................................... 15-10

15-5 Root Port Selection Based On Lowest Port ID...............................................................................15-11

15-6 Spanning Tree Port Role Overview.................................................. ... ... .... ... ... ... .... ... ... .................15-12

15-7 Example of an MST Region............................................................................................................15-15

15-8 MSTI 1 in a Region.........................................................................................................................15-18

15-9 MSTI2 in the Same Region ............................................................................................................ 15-18

15-10 Example of Multiple Regions and MSTIs........................................................................................15-19

15-11 Traffic Segregation in a Single STP Network Configuration........................................................... 15-25

15-12 Traffic Segregation in an MSTP Network Configuration.................................................................15-26

15-13 Maximum Bandwidth Utilization in a Single STP Network Configuration .......................................15-27

15-14 Maximum Bandwidth in an MSTP Network Configuration..............................................................15-28

15-15 Basic Loop Protect Scenario ..........................................................................................................15-33

15-16 Spanning Tree Without Loop Protect ..................................... .... ... ... ... ... .... ... ... ... .... ... ... ... ... .... ....... 15-33

15-17 Spanning Tree with Loop Protect ...................................................................................................15-33

16-1 College-Based Policy Configuration...............................................................................................16-12

17-1 Assigning and Marking Traffic with a Priority....................................................................................17-4

17-2 Strict Priority Queuing Packet Behavior ........................................................................................... 17-6

17-3 Weighted Fair Queuing Packet Behavior ......................................................................................... 17-7

17-4 Hybrid Queuing Packet Behavior ..................................................................................................... 17-8

17-5 Rate Limiting Clipping Behavior ....................................................................................................... 17-9

19-1 IGMP Querier Determining Group Membership ............................................................................... 19-3

19-2 Sending a Multicast Stream with No Directly Attached Hosts ..........................................................19-4

19-3 DVMRP Pruning and Grafting ........................................................................................................ 19-11

19-4 PIM Traffic Flow.............................................................................................................................. 19-12

19-5 DVMRP Configuration on Two Routers..........................................................................................19-19

19-6 PIM-SM Configuration ............... ... .... ... ... ... ... .... ... ... ... .... ... ... ...........................................................19-23

22-1 Basic OSPF Topology ...................................................................................................................... 22-4

22-2 OSPF Designated Router Topology................................................. ... ... .... ... ... ... .... ... ... ... ... .... ... ...... 22-6

22-3 OSPF Summarization Topology.................................................... ... ... ... .... ... ... ... .... ... ... ... ... .... ......... 22-9

22-4 OSPF Stub Area Topology..................................................... .... ... ... ... ... .... ... ... ..............................22-10

22-5 OSPF NSSA Topology................................................................................................................... 22-12

22-6 Virtual Link Topology...................................................................................................................... 22-13

23-1 Basic VRRP Topology.........................................................................................................

23-2 Basic Configuration Example ........................................................................................................... 23-5

23-3 Multi-Backup VRRP Configuration Example ....................................................................................23-6

25-1 Basic IPv6 Over IPv4 Tunnel............................................................................................................ 25-8

.............23-2

Tables

3-1 Basic Line Editing Commands............................................................................................................ 3-6

3-2 CLI Properties Configuration Commands...........................................................................................3-6

3-3 CLI Properties Show Commands ................. .... ... ... ... .... ... ... ... .... ... ... ... ... .... ... ... ... .... ... ... ... ..................3-7

4-1 Default Settings for Basic Switch Operation.......................................................................................4-1

4-2 Default Settings for Router Operation ................................................................................................ 4-4

4-3 Advanced Configuration .....................................................................................................................4-6

4-4 Default SNTP Parameters................................................................................................................ 4-13

4-5 Managing and Displaying SNTP............. ... ....... ... ............................................................................. 4-14

4-6 Managing and Displaying DHCP Server ..........................................................................................4-20

xix

4-7 Default DHCP Server Parameters....................................................................................................4-20

4-8 Configuring Pool Parameters ........................................................................................................... 4-23

5-1 User Account and Password Parameter Defaults by Security Mode .................................................5-7

6-1 File Management Commands ............................. ... ... .... ... ... ... .... ... ... ... ... ............................................6-8

7-1 PoE Powered Device Classes............................................................................................................7-2

7-2 PoE Settings Supported on Enterasys Devices ................................................................................. 7-4

7-3 PoE Show Commands .....................................................................................................................7-10

8-1 Displaying Port Status ....................................................................................................................... 8-7

8-2 Linkflap Default Parameters ...............................................................................................................8-9

8-3 Link Flap Detection Show Commands ............................................................................................. 8-11

8-4 Transmit Queue Monitoring Tasks ................................................................................................... 8-11

9-1 Default VLAN Parameters ..................................................................................................................9-9

9-2 Displaying VLAN Information............................................................................................................ 9-14

9-3 VLAN Terms and Definitions ............................................................................................................9-14

10-1 Default Authentication Parameters...................................................... ... .... ... ... ... .... .......................10-12

10-2 PWA Guest Networking Privileges Configuration........................................................................... 10-17

10-3 Displaying MultiAuth Authentication Configuration.........................................................................10-20

10-4 Authentication Configuration Terms and Definitions ......................................................................10-28

11-1 LAG2 Port Priority Assignments....................................................................................................... 11-5

11-2 LAG Port Parameters ....................................................................................................................... 11-7

11-3 Default Link Aggregation Parameters...............................................................................................11-9

11-4 Managing Link Aggregation................. ... ... ... .... ... ... ... .... ... ... ... .... ... ... ... ... .... ... ... ... ...........................11-10

11-5 Displaying Link Aggregation Information and Statistics.................................................................. 11-11

11-6 LAG and Physical Port Admin Key Assignments ........................................................................... 11-13

11-7 Link Aggregation Configuration Terms and Definitions ..................................................................11-15

12-1 SNMP Message Functions...............................................................................................................12-2

12-2 SNMP Terms and Definitions...........................................................................................................12-5

12-3 SNMP Security Models and Levels ..................................................................................................12-6

12-4 Default Enterasys SNMP Configuration ........................................................................................... 12-8

12-5 Commands to Review SNMP Settings...........................................................................................12-18

13-1 LLDP Configuration Commands.......................................................................................................13-7

13-2 LLDP Show Commands...................... ... ... ... .... .............................................................................. 13-10

13-3 Enterasys Discovery Protocol Configuration Commands...............................................................13-10

13-4 Enterasys Discovery Protocol Show Commands ........................................................................... 13-11

13-5 Cisco Discovery Protocol Configuration Commands......................................................................13-12

13-6 Cisco Discovery Protocol Show Commands ..................................................................................13-12

14-1 Syslog Terms and Definitions...........................................................................................................14-3

14-2 Syslog Message Components..........................................................................................................14-6

14-3 Syslog Command Precedence.........................................................................................................14-8

14-4 Syslog Server Default Settings.............................................................................................

15-1

15-2 Spanning Tree Port Roles...................... ... ... .... ... ... ... .... ... ... ... .... ... ... ... ... .... ... ... ... .... ... ... .................15-13

15-3 Spanning Tree Port States........................... .... ... ... ... .... .......................................... ... ... ... ..............15-13

15-4 Multiple Spanning Tree Instance Support ......................................................................................15-16

15-5 MSTI Characteristics for Figure 15-10............................................................................................ 15-19

15-6 Spanning Tree Port Default Settings................................................... ... ........................................ 15-21

15-7 BPDU Interval Defaults................................................................................................................... 15-22

15-8 Commands for Monitoring MSTP ...................................................................................................15-29

15-9 Commands for Monitoring SpanGuard...........................................................................................15-31

15-10 Commands for Monitoring Loop Protect.........................................................................................15-35

15-11 Spanning Tree Terms and Definitions............................................................................................15-36

16-1 Admin Rule Parameters ................................................................................................................... 16-5

16-2 Policy Rule Traffic Descriptions/Classifications................................................................................16-6

16-3 Valid Data Values for Traffic Classification Rules ............................................................................16-6

16-4 Non-Edge Protocols .........................................................................................................................16-8

16-5 Displaying Policy Configuration and Statistics................................................................................ 16-11

Maximum SID Capacities Per Platform ............................................................................................15-6

..........14-10

xx

16-6 Policy Configuration Terms and Definitions....................................................................................16-18

17-1 CoS Configuration Terminology ....................................................................................................... 17-3

18-1 RMON Monitoring Group Functions and Commands....................................................................... 18-3

18-2 Default RMON Parameters...............................................................................................................18-5

18-3 Managing RMON.................... ....................................... ... ... ... .... ... ... ... ... .... ... ................................... 18-9

18-4 Displaying RMON Information and Statistics....................................................................................18-9

18-5 sFlow Definitions ............................................................................................................................18-10

18-6 Default sFlow Parameters ..............................................................................................................18-13

18-7 Displaying sFlow Information..........................................................................................................18-15

18-8 Managing sFlow .................................. ... ....................................... ... ... ... .... ... ... ... .... ... ... .................18-15

19-1 PIM-SM Message Types ........... ... ....................................... ... .... ... ... ... ... .... ... ... ... ...........................19-13

19-2 PIM Terms and Definitions.............................................................................................................19-14

19-3 Layer 2 IGMP Configuration Commands........................................................................................19-16

19-4 Layer 3 IGMP Configuration Commands........................................................................................19-16

19-5 Layer 2 IGMP Show Commands....................................................................................................19-18

19-6 Layer 3 IGMP Show Commands....................................................................................................19-18

19-7 DVMRP Configuration Commands...................... ........................................................................... 19-18

19-8 DVMRP Show Commands .................. ... ... ... .... ... ... ... .... ... ... ...........................................................19-21

19-9 PIM-SM Set Commands............... ....................................... ... .... ... ... ... ... .... ... ... ... ...........................19-21

19-10 PIM-SM Show Commands ........... .... ... ... ... ... .... ... ... ....................................... ... ... .... ... ... ... ... ...........19-24

20-1 Router CLI Configuration Modes......................................................................................................20-2

20-2 UDP Broadcast Forwarding Port Default..........................................................................................20-8

20-3 IP Routing Terms and Definitions................................................................................................... 20-10

21-1 Routing Protocol Route Preferences................................................................................................21-2

21-2 RIP Default Values ........................................................................................................................... 21-3

21-3 IRDP Default Values......................................................................................................................... 21-5

22-1 Default OSPF Parameters.............................................................................................................. 22-16

22-2 OSPF Management Tasks. .............. ... ... ... ... .................................................................................. 22-19

23-1 Default VRRP Parameters................................................................................................................23-3

23-2 VRRP Configuration Terms and Definitions ..................................................................................... 23-8

24-1 ACL Rule Precedence....................................................................................................................24-11

25-1 Monitoring Network Connections at the Switch Level ......................................................................25-3

25-2 IPv6 Default Conditions.................................................................................................................... 25-4

25-3 Setting Routing General Parameters................................................................................................25-5

25-4 Displaying Routing Information.......................................................................................................25-10

25-5 Testing Network Connectivity......................................................................................................... 25-11

25-6 Displaying DHCPv6 Statistics ....................................................................................................... 25-18

26-1 SNMP Commands Affected by Security Mode Settings...................................................................26-2

26-2 User Account and Password Parameter Defaults by Security Mode ...............................................26-3

26-3 Logging Commands Affected by Security Mode Settings ................................................................26-4

26-4 File Management Commands

26-5 IPsec Defaults .............................. .... ...................................... .... ... ... ... ... .... ...................................... 26-5

26-6 MAC Locking Defaults...................................................................................................................... 26-9

26-7 TACACS+ Parameters ................................................................................................................... 26-13

26-8 TACACS+ Show Commands..........................................................................................................26-15

26-9 DHCP Snooping Default Parameters .............................................................................................26-20

26-10 Displaying DHCP Snooping Information.........................................................................................26-21

26-11 Managing DHCP Snooping ............................................................................................................26-21

26-12 Dynamic ARP Inspection Default Parameters................................................................................26-24

26-13 Displaying Dynamic ARP Inspection Information ........................................................................... 26-24

26-14 Managing Dynamic ARP Inspection...............................................................................................26-25

Affected by Security Mode Settings .............................. ... ... .... ... ... ... 26-4

xxi

xxii

Technical Publications Style Guide xxiii

About This Guide

This guide provides basic configuration information for the Enterasys Networks Fixed Switch
platforms using the Command Line Interface (CLI0, including procedures and code examples.

For detailed information about the CLI commands used in this book, refer to the CLI Reference for
your Fixed Switch platform.

How to Use This Guide

Read through this guide completely to familiarize yourself with its contents and to gain an
understanding of the features and capabilities of the Enterasys Networks Fixed Switches. A
general working knowledge of data communications networks is helpful when setting up these
switches.

Related Documents

The CLI Reference manuals and Hardware Installation Guides for each platform can be obtained from
the World Wide Web in Adobe Acrobat Portable Document Format (PDF) at the following site:

http://extranet.enterasys.com/downloads/

Conventions Used in This Guide

The following conventions are used in the text of this document:

Important Notice

Depending on the firmware version used on your Fixed Switch platform, some features described in this
document may not be supported. Refer to the most recent Release Notes for your product to determine which
features are supported. Release Notes are available at this link: https://extranet.enterasys.com/downloads

Convention Description

Bold font Indicates mandatory keywords, parameters or keyboard keys.

italic font Indicates complete document titles.

Courier font Used for examples of information displayed on the screen.

Courier font in italics Indicates a user-supplied value, either required or optional.
[ ] Square brackets indicate an optional value.
{ } Braces indicate required values. One or more values may be required.
| A vertical bar indicates a choice in values.
[x | y | z] Square brackets with a vertical bar indicates a choice of a value.
{x | y | z} Braces with a vertical bar indicate a choice of a required value.
[x {y | z} ] A combination of square brackets with braces and vertical bars indicates a

required choice of an optional value.

Getting Help

xxiv About This Guide

The following icons are used in this guide:

Getting Help

For additional support related to the product or this document, contact Enterasys Networks using
one of the following methods:

Before contacting Enterasys Networks for technical support, have the following data ready:

• Your Enterasys Networks service contract number

• A description of the failure

• A description of any action(s) already taken to resolve the problem (for example, changing
mode switches or rebooting the unit)

• The serial and revision numbers of all involved Enterasys Networks products in the network

• A description of your network environment (such as layout, cable type, other relevant
environmental information)

• Network load and frame size at the time of trouble (if known)

• The device history (for example, if you have returned the device before, or if this is a recurring
problem)

• Any previous Return Material Authorization (RMA) numbers

Note: Calls the reader’s attention to any item of information that may be of special importance.

Router: Calls the reader’s attention to router-specific commands and information.

Caution: Contains information essential to avoid damage to the equipment.
Precaución: Contiene información esencial para prevenir dañar el equipo.
Achtung: Verweißt auf wichtige Informationen zum Schutz gegen Beschädigungen.

World Wide Web www.enterasys.com/support
Phone 1-800-872-8440 (toll-free in U.S. and Canada)

or 1-978-684-1000
To find the Enterasys Networks Support toll-free number in your country:

www.enterasys.com/support

Email support@enterasys.com

To expedite your message, type [insert correct indicator here] in the subject line.

Fixed Switch Configuration Guide 1-1

1

Setting Up a Switch for the First Time

This chapter describes how to configure an Enterasys stackable or standalone Fixed Switch
received from the factory that has not been previously configured. Most of the procedures assume
that you are configuring a single switch that has not been connected to a network, and they
require that you have physical access to the console port on the switch.

If you are configuring multiple new switches in a stack, review the procedures that apply to a
single switch first, then refer to “Configuring a Stack of New Switches” on page 1-8.

Before You Begin

The procedures in this chapter assume that:

• You have installed a terminal emulation program on the PC or laptop computer that you will
use to configure the switch. Commonly used (and often free) terminal emulation programs
available on the Internet include:

–HyperTeminal

–Tera Term

– PuTTY

• You can connect your PC or laptop to the (DB9 male) console port on the switch.

If your PC or laptop has a DB9 communications port, use the DB9 female-to-DB9 female cable
that was shipped with the switch to connect your computer to the switch console port.

If your PC or laptop does not have a DB9 communications port but does provide a USB port:

– Obtain a USB to RS 232 DB9 (Male) Serial Interface adapter cable.

For information about... Refer to page...

Before You Begin 1-1
Connecting to the Switch 1-2
Downloading New Firmware 1-3
Additional Configuration Tasks 1-5
Saving the Configuration and Connecting Devices 1-7
Configuring a Stack of New Switches 1-8
Where to Go Next 1-9
Getting Help 1-10
Downloading Firmware via the Serial Port 1-10

Connecting to the Switch

1-2 Setting Up a Switch for the First Time

If the adapter cable requires a driver, install the driver on your computer. (These drivers
are usually provided by the vendor of the adapter cable.)

– Connect the adapter cable’s USB connector to a USB port on your PC or laptop and

determine which COM port has been assigned to that USB port.

(On Windows 7, this information is displayed in the Device Manager window.)

– Connect the adapter cable’s DB9 male connector to the DB9 female-to-DB9 female cable

shipped with the switch.

– Connect the free end of the DB9 female-to-DB9 female cable to the switch console port.

• You have access to a TFTP server. Since this procedure assumes that the switch is not
connected to a network, the TFTP server application should be locally installed on your PC or
laptop. TFTP servers are available on the Internet for purchase or free download.

Review your TFTP server documentation for information about how to configure the server.
In particular, you must configure the upload/download directory used by the TFTP server.

• You have downloaded the latest firmware for the switch from the Enterasys web site to your
computer, unzipped/uncompressed the firmware, and copied the firmware to the upload/
download directory configured for your TFTP server (see previous bullet). The firmware is
available at this Enterasys location:

https://extranet.enterasys.com/downloads

Review the Release Notes for the downloaded firmware to check for any upgrade notices or
limitations that may apply to your switch.

Connecting to the Switch

Follow these steps to connect to the switch and set its IP address:

1. Connect your PC or laptop to the console port of the switch, as described above.

2. On your computer, start your terminal emulation program and set the serial session
parameters, including the following:

– Transmit speed or baud rate = 9600

– Data bits = 8

– Parity = None

– Stop bits = 1

– Mode = 7 bit control, if available

– Specify the appropriate COM port

3. Open the terminal emulation session, then power up the switch.

4. In the window of the terminal emulation session, you will see switch boot up output.

5. When the boot up output is complete, the system prints a Username prompt.

6. Log in to the system by typing the default username admin, then pressing the Enter key at the
Password prompt. You will see a Welcome screen similar to the following.

Username:admin
Password:

Note: Using TFTP to copy the latest firmware to the switch is recommended because it is faster.
However, if you cannot use a TFTP server, you can download the firmware over the console port.
That procedure is described in “Downloading Firmware via the Serial Port” on page 1-10 .

Downloading New Firmware

Fixed Switch Configuration Guide 1-3

Enterasys C5
Command Line Interface

Enterasys Networks, Inc.
50 Minuteman Rd.
Andover, MA 01810-1008 U.S.A.

Phone: +1 978 684 1000
E-mail: support@enterasys.com
WWW: http://www.enterasys.com

(c) Copyright Enterasys Networks, Inc. 2011

Chassis Serial Number: 093103209001

Chassis Firmware Revision: 06.61.01.0017

Last successful login : WED DEC 07 20:23:20 2011
Failed login attempts since last login : 0

C5(su)->

7. Note the firmware version displayed in the Welcome screen — it is most likely earlier than the
latest version you downloaded from the Enterasys web site, so you will need to upgrade the
firmware on the switch.

8. Set a static system IP address on the switch to be used to download the new firmware. For
example:

C5(su)->set ip address 192.168.1.1 mask 255.255.255.0

Setting a mask and gateway address are optional. If they are not specified, mask will be set to
the natural mask of the address and gateway will stay at the default value of 0.0.0.0.

9. On your computer, set an IP address in the same subnet you gave to the switch. For example:

192.168.1.2.

10. Set up in-band access between your computer and the switch by connecting an Ethernet cable
from the network port on your computer to one of the front panel fixed ports on the switch.
(Pings and the TFTP transfer will occur via this in-band connection.)

11. From within the switch session, ping the IP address you gave to your computer, to ensure
connectivity between the switch and your computer. For example:

C5(su)->ping 192.168.1.2

Then, from your computer, ping the switch.

Downloading New Firmware

On stackable and standalone switches, the system Flash can store up to two firmware images at a
time. A new switch should have only one firmware image installed, which allows you to
download the new firmware image as described below. If you are installing a replacement switch

Note: If the pings are unsuccessful, there may be fire wall or other configuration issues on your
computer. As a first step, try disabling the fire wall on your computer. If that does not resolve the
problem, contact your IT group for assistance.

Downloading New Firmware

1-4 Setting Up a Switch for the First Time

or just want to verify the contents of the images directory, refer to “Deleting a Backup Image File”
on page 1-5 for more information.

After you have established your connection to the switch, follow these steps to download the
latest firmware:

1. Start the TFTP application.

2. In the terminal emulation session window, use the copy command to TFTP transfer the
firmware file from the TFTP server location to the images directory on the switch. For
example:

C5(su)->copy tftp://192.168.1.2/c5-series_06.61.01.0031 system:image

3. Set the new firmware to be active and reboot the system with the set boot system command.
When the command asks if you want to reset the system now, reply y. For example:

C5(su)->set boot system c5-series_06.61.01.0031
This command can optionally reset the system to boot the new image.
Do you want to reset now (y/n) [n]y

Resetting system ...

4. After the switch reboots, log in again and use the dir command to confirm that the new
firmware is the “active” and “boot” firmware. For example:

C5(su)->dir
Images:
==================================================================
Filename: c5-series_06.42.06.0008
Version: 06.42.06.0008
Size: 6862848 (bytes)
Date: Thu Apr 14 18:46:53 2011
CheckSum: 120a983d5fe5d1514553b585557b32cd
Compatibility: C5G124-24, C5G124-24P2, C5G124-48, C5G124-48P2, C5K125-24
C5K125-24P2, C5K125-48, C5K125-48P2, C5K175-24

Filename: c5-series_06.61.01.0031 (Active) (Boot)
Version: 06.61.01.0031
Size: 7213056 (bytes)
Date: Thu Dec 22 18:19:16 2011
CheckSum: 7d7e4851337db5088094764c7ba2b05a
Compatibility: C5G124-24, C5G124-24P2, C5G124-48, C5G124-48P2, C5K125-24
C5K125-24P2, C5K125-48, C5K125-48P2, C5K175-24

Files: Size
================================ ========
configs:
logs:

Note: If this switch will be added to an existing stack, you should install the primary and backup
firmware versions that are currently installed on the stack units.

Note: If you receive the error message “Error: No space left on the device. Please remove backup
file.”, refer to “Deleting a Backup Image File” on page 1-5 before proceeding.