How it Works
Enterasys Networks
Loading...
N Standalone NSA
User Manual
1372 pgs7.55 Mb0
Table of contents
Loading...

Enterasys Networks N Standalone NSA User Manual

Enterasys Matrix® N Standalone (NSA) Series
Configuration Guide
Firmware Version 5.41.xx
P/N 9034073-08 Rev.0C
Enterasys Networks reserves the right to make changes in specifications and other information contained in this document and its web site without prior notice. The reader should in all cases consult Enterasys Networks to determine whether any such changes have been made.
The hardware, firmware, or software described in this document is subject to change without notice.
IN NO EVENT SHALL ENTERASYS NETWORKS BE LIABLE FOR ANY INCIDENTAL, INDIRECT, SPECIAL, OR CONSEQUENTIAL DAMAGES WHATSOEVER (INCLUDING BUT NOT LIMITED TO LOST PROFITS) ARISING OUT OF OR RELATED TO THIS DOCUMENT, WEB SITE, OR THE INFORMATION CONTAINED IN THEM, EVEN IF ENTERASYS NETWORKS HAS BEEN ADVISED OF, KNEW OF, OR SHOULD HAVE KNOWN OF, THE POSSIBILITY OF SUCH DAMAGES.
Enterasys Networks, Inc. 50 Minuteman Road Andover, MA 01810
© 2008 Enterasys Networks, Inc. All rights reserved.
Part Number: 9034073-08 Rev.0C July 2008
ENTERASYS, ENTERASYS NETWORKS, ENTERASYS MATRIX, NETSIGHT, WEBVIEW, and any logos associated therewith, are trademarks or registered trademarks of Enterasys Networks, Inc. in the United States and other countries. For a complete list of Enterasys trademarks, see http://www.enterasys.com/company/trademarks.aspx.
All other product names mentioned in this manual may be trademarks or registered trademarks of their respective companies.
Documentation URL: http://www.enterasys.com/support/manuals
Version: Information in this guide refers to Matrix N Standalone Series firmware version
5.41.xx.
i
ENTERASYS NETWORKS, INC.
FIRMWARE LICENSE AGREEMENT
BEFORE OPENING OR UTILIZING THE ENCLOSED PRODUCT,
CAREFULLY READ THIS LICENSE AGREEMENT.
This document is an agreement (“Agreement”) between the end user (“You”) and Enterasys Networks, Inc. on behalf of itself and its Affiliates (as hereinafter defined) (“Enterasys”) that sets forth Your rights and obligations with respect to the Enterasys software program/firmware installed on the Enterasys product (including any accompanying documentation, hardware or media) (“Program”) in the package and prevails over any additional, conflicting or inconsistent terms and conditions appearing on any purchase order or other document submitted by You. “Affiliate” means any person, partnership, corporation, limited liability company, or other form of enterprise that directly or indirectly through one or more intermediaries, controls, or is controlled by, or is under common control with the party specified. This Agreement constitutes the entire understanding between the parties, and supersedes all prior discussions, representations, understandings or agreements, whether oral or in writing, between the parties with respect to the subject matter of this Agreement. The Program may be contained in firmware, chips or other media.
BY INSTALLING OR OTHERWISE USING THE PROGRAM, YOU REPRESENT THAT YOU ARE AUTHORIZED TO ACCEPT THESE TERMS ON BEHALF OF THE END USER (IF THE END USER IS AN ENTITY ON WHOSE BEHALF YOU ARE AUTHORIZED TO ACT, “YOU” AND “YOUR” SHALL BE DEEMED TO REFER TO SUCH ENTITY) AND THAT YOU AGREE THAT YOU ARE BOUND BY THE TERMS OF THIS AGREEMENT, WHICH INCLUDES, AMONG OTHER PROVISIONS, THE LICENSE, THE DISCLAIMER OF WARRANTY AND THE LIMITATION OF LIABILITY. IF YOU DO NOT AGREE TO THE TERMS OF THIS AGREEMENT OR ARE NOT AUTHORIZED TO ENTER INTO THIS AGREEMENT, ENTERASYS IS UNWILLING TO LICENSE THE PROGRAM TO YOU AND YOU AGREE TO RETURN THE UNOPENED PRODUCT TO ENTERASYS OR YOUR DEALER, IF ANY, WITHIN TEN (10) DAYS FOLLOWING THE DATE OF RECEIPT FOR A FULL REFUND.
IF YOU HAVE ANY QUESTIONS ABOUT THIS AGREEMENT, CONTACT ENTERASYS NETWORKS, LEGAL DEPARTMENT AT (978) 684-1000.
You and Enterasys agree as follows:
1. LICENSE. You have the non-exclusive and non-transferable right to use only the one (1) copy of the Program
provided in this package subject to the terms and conditions of this Agreement.
2. RESTRICTIONS. Except as otherwise authorized in writing by Enterasys, You may not, nor may You permit any third party to:
(i) Reverse engineer, decompile, disassemble or modify the Program, in whole or in part, including for reasons of
error correction or interoperability, except to the extent expressly permitted by applicable law and to the extent the parties shall not be permitted by that applicable law, such rights are expressly excluded. Information necessary to achieve interoperability or correct errors is available from Enterasys upon request and upon payment of Enterasys’ applicable fee.
(ii) Incorporate the Program, in whole or in part, in any other product or create derivative works based on the
Program, in whole or in part.
(iii) Publish, disclose, copy, reproduce or transmit the Program, in whole or in part.
(iv) Assign, sell, license, sublicense, rent, lease, encumber by way of security interest, pledge or otherwise transfer
the Program, in whole or in part.
(v) Remove any copyright, trademark, proprietary rights, disclaimer or warning notice included on or embedded in
any part of the Program.
ii
3. APPLICABLE LAW. This Agreement shall be interpreted and governed under the laws and in the state and federal courts of the Commonwealth of Massachusetts without regard to its conflicts of laws provisions. You accept the personal jurisdiction and venue of the Commonwealth of Massachusetts courts. None of the 1980 United Nations Convention on Contracts for the International Sale of Goods, the United Nations Convention on the Limitation Period in the International Sale of Goods, and the Uniform Computer Information Transactions Act shall apply to this Agreement.
4. EXPORT RESTRICTIONS. You understand that Enterasys and its Affiliates are subject to regulation by agencies of the U.S. Government, including the U.S. Department of Commerce, which prohibit export or diversion of certain technical products to certain countries, unless a license to export the Program is obtained from the U.S. Government or an exception from obtaining such license may be relied upon by the exporting party.
If the Program is exported from the United States pursuant to the License Exception CIV under the U.S. Export Administration Regulations, You agree that You are a civil end user of the Program and agree that You will use the Program for civil end uses only and not for military purposes.
If the Program is exported from the United States pursuant to the License Exception TSR under the U.S. Export Administration Regulations, in addition to the restriction on transfer set forth in Sections 1 or 2 of this Agreement, You agree not to (i) reexport or release the Program, the source code for the Program or technology to a national of a country in Country Groups D:1 or E:2 (Albania, Armenia, Azerbaijan, Belarus, Bulgaria, Cambodia, Cuba, Estonia, Georgia, Iraq, Kazakhstan, Kyrgyzstan, Laos, Latvia, Libya, Lithuania, Moldova, North Korea, the People’s Republic of China, Romania, Russia, Rwanda, Tajikistan, Turkmenistan, Ukraine, Uzbekistan, Vietnam, or such other countries as may be designated by the United States Government), (ii) export to Country Groups D:1 or E:2 (as defined herein) the direct product of the Program or the technology, if such foreign produced direct product is subject to national security controls as identified on the U.S. Commerce Control List, or (iii) if the direct product of the technology is a complete plant or any major component of a plant, export to Country Groups D:1 or E:2 the direct product of the plant or a major component thereof, if such foreign produced direct product is subject to national security controls as identified on the U.S. Commerce Control List or is subject to State Department controls under the U.S. Munitions List.
5. UNITED STATES GOVERNMENT RESTRICTED RIGHTS. The enclosed Program (i) was developed solely at private expense; (ii) contains “restricted computer software” submitted with restricted rights in accordance with section
52.227-19 (a) through (d) of the Commercial Computer Software-Restricted Rights Clause and its successors, and (iii) in all respects is proprietary data belonging to Enterasys and/or its suppliers. For Department of Defense units, the Program is considered commercial computer software in accordance with DFARS section 227.7202-3 and its successors, and use, duplication, or disclosure by the Government is subject to restrictions set forth herein.
6. DISCLAIMER OF WARRANTY. EXCEPT FOR THOSE WARRANTIES EXPRESSLY PROVIDED TO YOU IN WRITING BY ENTERASYS, ENTERASYS DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY, SATISFACTORY QUALITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON- INFRINGEMENT WITH RESPECT TO THE PROGRAM. IF IMPLIED WARRANTIES MAY NOT BE DISCLAIMED BY APPLICABLE LAW, THEN ANY IMPLIED WARRANTIES ARE LIMITED IN DURATION TO THIRTY (30) DAYS AFTER DELIVERY OF THE PROGRAM TO YOU.
7. LIMITATION OF LIABILITY. IN NO EVENT SHALL ENTERASYS OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF BUSINESS, PROFITS, BUSINESS INTERRUPTION, LOSS OF BUSINESS INFORMATION, SPECIAL, INCIDENTAL, CONSEQUENTIAL, OR RELIANCE DAMAGES, OR OTHER LOSS) ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM, EVEN IF ENTERASYS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THIS FOREGOING LIMITATION SHALL APPLY REGARDLESS OF THE CAUSE OF ACTION UNDER WHICH DAMAGES ARE SOUGHT.
THE CUMULATIVE LIABILITY OF ENTERASYS TO YOU FOR ALL CLAIMS RELATING TO THE PROGRAM, IN CONTRACT, TORT OR OTHERWISE, SHALL NOT EXCEED THE TOTAL AMOUNT OF FEES PAID TO ENTERASYS BY YOU FOR THE RIGHTS GRANTED HEREIN.
iii
8. AUDIT RIGHTS. You hereby acknowledge that the intellectual property rights associated with the Program are of critical value to Enterasys and, accordingly, You hereby agree to maintain complete books, records and accounts showing (i) license fees due and paid, and (ii) the use, copying and deployment of the Program. You also grant to Enterasys and its authorized representatives, upon reasonable notice, the right to audit and examine during Your normal business hours, Your books, records, accounts and hardware devices upon which the Program may be deployed to verify compliance with this Agreement, including the verification of the license fees due and paid Enterasys and the use, copying and deployment of the Program. Enterasys’ right of examination shall be exercised reasonably, in good faith and in a manner calculated to not unreasonably interfere with Your business. In the event such audit discovers non-compliance with this Agreement, including copies of the Program made, used or deployed in breach of this Agreement, You shall promptly pay to Enterasys the appropriate license fees. Enterasys reserves the right, to be exercised in its sole discretion and without prior notice, to terminate this license, effective immediately, for failure to comply with this Agreement. Upon any such termination, You shall immediately cease all use of the Program and shall return to Enterasys the Program and all copies of the Program.
9. OWNERSHIP. This is a license agreement and not an agreement for sale. You acknowledge and agree that the Program constitutes trade secrets and/or copyrighted material of Enterasys and/or its suppliers. You agree to implement reasonable security measures to protect such trade secrets and copyrighted material. All right, title and interest in and to the Program shall remain with Enterasys and/or its suppliers. All rights not specifically granted to You shall be reserved to Enterasys.
10. ENFORCEMENT. You acknowledge and agree that any breach of Sections 2, 4, or 9 of this Agreement by You may cause Enterasys irreparable damage for which recovery of money damages would be inadequate, and that Enterasys may be entitled to seek timely injunctive relief to protect Enterasys’ rights under this Agreement in addition to any and all remedies available at law.
11. ASSIGNMENT. You may not assign, transfer or sublicense this Agreement or any of Your rights or obligations under this Agreement, except that You may assign this Agreement to any person or entity which acquires substantially all of Your stock or assets. Enterasys may assign this Agreement in its sole discretion. This Agreement shall be binding upon and inure to the benefit of the parties, their legal representatives, permitted transferees, successors and assigns as permitted by this Agreement. Any attempted assignment, transfer or sublicense in violation of the terms of this Agreement shall be void and a breach of this Agreement.
12. WAIVER. A waiver by Enterasys of a breach of any of the terms and conditions of this Agreement must be in writing and will not be construed as a waiver of any subsequent breach of such term or condition. Enterasys’ failure to enforce a term upon Your breach of such term shall not be construed as a waiver of Your breach or prevent enforcement on any other occasion.
13. SEVERABILITY. In the event any provision of this Agreement is found to be invalid, illegal or unenforceable, the validity, legality and enforceability of any of the remaining provisions shall not in any way be affected or impaired thereby, and that provision shall be reformed, construed and enforced to the maximum extent permissible. Any such invalidity, illegality or unenforceability in any jurisdiction shall not invalidate or render illegal or unenforceable such provision in any other jurisdiction.
14. TERMINATION. Enterasys may terminate this Agreement immediately upon Your breach of any of the terms and conditions of this Agreement. Upon any such termination, You shall immediately cease all use of the Program and shall return to Enterasys the Program and all copies of the Program.
iv

Contents

Figures ............................................................................................................................................xi
Tables............................................................................................................................................xiii
ABOUT THIS GUIDE
Using This Guide..........................................................................................................xvii
Structure of This Guide.................... ... .... ... ... ... ....................................... ... ... .... ..........xviii
Related Documents.......................... ....................................... ... ... .... ............................xix
Document Conventions.............................. ... ... ... .... ... ....................................... ... ... ... ....xx
1
2
INTRODUCTION
1.1 Matrix Series Features............................................ ... ... ... ...............................1-1
1.2 Matrix Series CLI Overview.............................................................................1-2
1.3 Device Management Methods ........................................................................1-3
1.4 Getting Help....................................................................................................1-3
STARTUP AND GENERAL CONFIGURATION
2.1 Startup and General Configuration Summary.................................................2-1
2.1.1 Factory Default Settings............. ... ....................................... ... ... ... ..2-1
2.1.2 CLI “Command Defaults” Descriptions ...........................................2-9
2.1.3 CLI Command Modes.....................................................................2-9
2.1.4 Using WebView.............................................................................2-10
2.1.5 Process Overview: CLI Startup and General Configuration..........2-11
2.1.6 Starting and Navigating the Command Line Interface ..................2-12
2.1.6.1 Using a Console Port Connection.................................2-12
2.1.6.2 Logging in with a Default User Account........................2-12
2.1.6.3 Logging in with Administratively Configured Account...2-13
2.1.6.4 Using a Telnet Connection ...........................................2-13
2.1.6.5 Getting Help with CLI Syntax........................................2-14
2.1.6.6 Using Context-Sensitive Help.......................................2-14
2.1.6.7 Performing Keyword Lookups.......................................2-15
2.1.6.8 Displaying Scrolling Screens ........................................2-16
2.1.6.9 Abbreviating and Completing Commands ....................2-17
2.1.6.10 Using the Spacebar Auto Complete Function...............2-17
2.1.7 Configuring the Line Editor ...........................................................2-17
Matrix NSA Series Configuration Guide v
Contents
2.2 General Configuration Command Set...........................................................2-24
2.2.1 Setting User Accounts and Passwords.........................................2-24
2.2.2 Managing the Management Authentication Notification MIB........2-36
2.2.3 Setting Basic Device Properties....................................................2-42
2.2.4 Activating Licensed Features........................................................2-90
2.2.5 Dow nloading a New Firmware Image...........................................2-94
2.2.6 Reviewing and Selecting a Boot Firmware Image ........ ... ... ... .... ...2-97
2.2.7 Starting and Configuring Telnet..................................................2-100
2.2.8 Managing Configuration and Image Files........ ... ........................2-107
2.2.9 Enabling or Disabling the Path MTU Discovery Protocol....... .... .2-119
2.2.10 Pausing, Clearing and Closing the CLI.......................................2-123
2.2.11 Resetting the Device.................... .... ... ... ... .... ... ... ........................2-127
2.2.12 Gathering Technical Support Information...................................2-134
2.3 Preparing the Device for Router Mode........................................................2-137
2.3.1 P re-R outing Configuration Tasks................................................2-137
2.3.2 Reviewing and Configuring Routing ................................ ...........2-139
2.3.3 Enabling Router Configuration Modes........................................2-144
3
4
CONFIGURING DISCOVERY PROTOCOLS
3.1 Overview.........................................................................................................3-1
3.2 Discovery Protocols Command Set ................................................................3-1
3.2.1 Displaying Neighbors......................................................................3-1
3.2.2 E nt eras ys Discovery Protocol................... .... ... ... ... .... ...... ... ... .... ... ..3-4
3.2.3 Cisco Discovery Protocol..............................................................3-12
3.2.4 Link Layer Discovery Protocol and LLDP-MED............................3-25
PORT CONFIGURATION
4.1 Port Configuration Summary...........................................................................4-1
4.1.1 Port String Syntax Used in the CLI .................................................4-2
4.2 Process Overview: Port Configuration ............................................................4-4
4.3 Port Configuration Command Set...................................................................4-5
4.3.1 S et ting Console Port Properties............................. .... ...... ... ... .... ... ..4-5
4.3.2 Reviewing Port Status...................................................................4-23
4.3.3 Disabling / Enabling and Naming Ports ........................................4-33
4.3.4 Setting Speed and Duplex Mode..................................................4-41
4.3.5 Enabling / Disabling Jumbo Frame Support .................................4-46
4.3.6 Setting Auto-Negotiation and Advertised Ability ...........................4-50
4.3.7 Setting Flow Control......................................................................4-62
4.3.8 Configuring Link Traps and Link Flap Detection................. ... .... ...4-66
4.3.9 Configuring Broadcast Suppression .............................................4-82
vi Matrix NSA Series Configuration Guide
Contents
4.4 Configuring Port Mirroring.............................................................................4-87
4.4.1 Supported Mirrors......................................................... ... .... ... ......4-87
4.4.2 IDS Mirroring Considerations........................................................4-88
4.4.3 Active Destination Port Configurations .........................................4-88
4.4.4 Setting Port Mirroring.............................................. ... ... ................4-89
4.5 Configuring LACP .........................................................................................4-94
4.5.1 LACP Operation............................................................................4-94
4.5.2 LACP Terminology........................................................................4-95
4.5.3 Matrix Series Usage Considerations.............................................4-96
4.5.4 Configuring Link Aggregation........................................................4-98
5
6
SNMP CONFIGURATION
5.1 SNMP Configuration Summary.......................................................................5-1
5.1.1 SNMPv1 and SNMPv2c..................................................................5-1
5.1.2 SNMPv3..........................................................................................5-2
5.1.3 About SNMP Security Models and Levels......................................5-2
5.1.4 Using SNMP Contexts to Access Specific MIBs
or Routing Modules.........................................................................5-3
5.2 Process Overview: SNMP Configuration ........................................................5-5
5.3 SNMP Configuration Command Set ...............................................................5-5
5.3.1 Reviewing SNMP Statistics.............................................................5-5
5.3.2 Configuring SNMP Users, Groups and Communities...................5-12
5.3.3 Configuring SNMP Access Rights ................................................5-26
5.3.4 Configuring SNMP MIB Views......................................................5-33
5.3.5 Configuring SNMP Target Parameters.........................................5-39
5.3.6 Configuring SNMP Target Addresses...........................................5-46
5.3.7 Configuring SNMP Notification Parameters..................................5-52
5.3.8 Creating a Basic SNMP Trap Configuration ........................... ......5-64
SPANNING TREE CONFIGURATION
6.1 Spanning Tree Configuration Summary..................................... ... ... .... ... ... ... ..6-1
6.1.1 Overview: Single, Rapid and Multiple Spanning Tree Protocols.....6-1
6.1.2 Spanning Tree Features.................................................................6-2
6.1.3 Loop Protect........................... .... ...................................... .... ... ... .....6-2
6.1.4 Process Overview: Spanning Tree Configuration...........................6-4
6.2 Spanning Tree Configuration Command Set.......................... ... ... ....... ... ... ... ..6-5
6.2.1 Configuring Spanning Tree Bridge Parameters..............................6-5
6.2.2 Configuring Spanning Tree Port Parameters................................6-91
6.2.3 Configuring Spanning Tree Loop Protect Features ....................6-119
Matrix NSA Series Configuration Guide vii
Contents
7
8
9
802.1Q VLAN CONFIGURATION
7.1 VLAN Configuration Summary........................................................................7-1
7.1.1 Port Assignment Scheme ...............................................................7-1
7.1.2 Port String Syntax Used in the CLI .................................................7-2
7.2 Process Overview: 802.1Q VLAN Configuration.............................................7-2
7.3 VLAN Configuration Command Set ................................................................7-3
7.3.1 Reviewing Existing VLANs..............................................................7-3
7.3.2 C reating and Naming Static VLANs................................................7-6
7.3.3 Assigning Port VLAN IDs (PVIDs) and Ingress Filtering...............7-11
7.3.4 Configuring the VLAN Egress List ................................................7-25
7.3.5 Creating a Secure Management VLAN.........................................7-32
7.3.6 Enabling/Disabling GVRP.............................................................7-33
POLICY CLASSIFICATION CONFIGURATION
8.1 Policy Classification Configuration Summary................... ... ... .... ...... ... ... .... ... ..8-1
8.2 Process Overview: Policy Classification Configuration...................................8-2
8.3 Policy Classification Configuration Command Set..........................................8-2
8.3.1 C onfiguring Polic y Profiles........... .... ... ... ... .... ... ... ............................8-2
8.3.2 Assigning Classification Rules to Policy Profiles ..........................8-22
8.3.3 Configuring Policy Class of Service (CoS)....................................8-44
PORT PRIORITY AND RATE LIMITING CONFIGURATION
9.1 Port Priority Configuration Summary...............................................................9-1
9.2 Process Overview: Port Priority and Rate Limiting Configuration...................9-2
9.3 Port Priority and Rate Limiting Configuration Command Set..........................9-2
9.3.1 C onfiguring Port Priority......................................... .... ... ... ... ... .... .....9-2
9.3.2 Configuring Priorit y to Transmit Queue Mapping............................9-6
9.3.3 Configuring Port Traffic Rat e Li miting...........................................9-11
10
viii Matrix NSA Series Configuration Guide
IGMP CONFIGURATION
10.1 About IP Multicast Group Management........................................................10-1
10.2 IGMP Configuration Summary.. ... .... ... ... ... ... .... ...... ... .... ... ... ... .... ... ... ... ... .... ...10-2
10.3 Process Overview: IGMP Configuration........................................................10-2
10.4 IGMP Configuration Command Set...............................................................10-3
10.4.1 Enabling / Disabling IGMP............................................................10-3
10.4.2 Configuring IGMP ..................... ... .... ... ... .......................................10-7
Contents
11
12
LOGGING AND NETWORK MANAGEMENT
11.1 Process Overview: Network Management.............................. ... ... ... .... ... ... ...11-1
11.2 Logging And Network Management Command Set......................................11-2
11.2.1 Configuring System Logging.........................................................11-2
11.2.2 Monitoring Network Events and Status.......................................11-26
11.2.3 Configuring SMON......................................................................11-37
11.2.4 Configuring RMON......................................................................11-44
11.2.5 Managing Switch Network Addresses and Routes.....................11-98
11.2.6 Configuring Simple Network Time Protocol (SNTP) .................11-121
11.2.7 Configuring Node Aliases .........................................................11-139
11.2.8 Configuring NetFlow .................................................................11-152
IP CONFIGURATION
12.1 Process Overview: Internet Protocol (IP) Configuration................................12-1
12.2 IP Configuration Command Set . ... ... .............................................................12-2
12.2.1 Configuring Routing Interface Settings .........................................12-2
12.2.2 Managing Router Configuration Files .........................................12-12
12.2.3 Performing a Basic Router Configuration ...................................12-17
12.2.4 Reviewing and Configuring the ARP Table...................... .... ... ... .12-19
12.2.5 Configuring Broadcast Settings ..................................................12-29
12.2.6 Reviewing IP Traffic and Configuring Routes .............................12-34
12.2.7 Configuring PIM..........................................................................12-47
12.2.8 Configuring Load Sharing Network Address Translation
(LSNAT)......................................................................................12-67
12.2.9 Configuring Dynamic Host Configuration Protocol (DHCP)......12-110
13
ROUTING PROTOCOL CONFIGURATION
13.1 Process Overview: Routing Protocol Configuration......................................13-1
13.2 Routing Protocol Configuration Command Set.............................................13-2
13.2.1 Activating Advanced Routing Features.........................................13-2
13.2.2 Configuring RIP.............................................................................13-2
13.2.3 Configuring OSPF.......................................................................13-31
13.2.4 Configuring DVMRP....................................................................13-76
13.2.5 Configuring IRDP........................................................................13-81
13.2.6 Configuring VRRP.......................................................................13-90
Matrix NSA Series Configuration Guide ix
Contents
14
INDEX
SECURITY CONFIGURATION
14.1 Overview of Security Methods......................................................................14-1
14.1.1 RADIUS Filter-ID Attribute and Dynamic Policy Profile Assignment14-3
14.2 Process Overview: Security Configuration....................................................14-4
14.3 Security Configuration Command Set................................. ... .... ... ... ... ... .... ...14-5
14.3.1 Setting the Authentication Login Method ......................................14-5
14.3.2 Configuring RADIUS........................................................ ... ... .... ...14-9
14.3.3 Configuring RFC 3580................................................................14-20
14.3.4 Configuring TACACS+........... ... ..................................................14-24
14.3.5 Configuring 802.1X Authentication .............................................14-39
14.3.6 Configuring Port Web Authentication (PWA) ..............................14-51
14.3.7 Configuring MAC Authentication.................................................14-78
14.3.8 Configuring Convergence End Points (CEP) Phone Detection 14-101
14.3.9 Configuring MAC Locking.........................................................14-118
14.3.10 Configuring Multiple Authentication ..........................................14-133
14.3.11 Configuring Secure Shell (SSH) ...............................................14-152
14.3.12 Configuring Access Lists...........................................................14-159
14.3.13 Configuring Policy-Based Routing ............................................14-170
14.3.14 Configuring Denial of Service (DoS) Prevention.......................14-183
14.3.15 Configuring Flow Setup Throttling (FST) ..................................14-188
x Matrix NSA Series Configuration Guide

Figures

Figure Page
2-1 Sample CLI Default Description......................................................................................2-9
2-2 Matrix N Standalone Startup Screen................ ....................................... ... ... ... .............2-14
2-3 Performing a Keyword Lookup .. .... ... ... ... .... ... ................................................................2-15
2-4 Performing a Partial Keyword Lookup...........................................................................2-15
2-5 Scrolling Screen Output................................................................................................2-16
2-6 Abbreviating a Command..............................................................................................2-17
2-7 Completing a Partial Command....................................................................................2-17
2-8 Enabling the Switch for Routing..................................................................................2-139
7-1 Example of VLAN Propagation via GVRP.....................................................................7-34
12-1 Example of a Simple Matrix Series Router Config File ...............................................12-17
Matrix NSA Series Configuration Guide xi
Figures
xii Matrix NSA Series Configuration Guide

Tables

Table Page
2-1 Default Device Settings for Basic Switch Operation.....................................................2-1
2-2 Default Device Settings for Router Mode Operation ....................................................2-7
2-3 Basic Line Editing Emacs & vi Commands.................................................................2-18
2-4 show system login Output Details ..............................................................................2-26
2-5 show system lockout Output Details...........................................................................2-34
2-6 show system Output Details.......................................................................................2-51
2-7 show version Output Details.......................................................................................2-74
2-8 dir Output Details......................................................................................................2-108
2-9 Enabling the Switch for Routing ...............................................................................2-138
2-10 show router Output Details.......................................................................................2-140
2-11 Router CLI Configuration Modes..............................................................................2-144
3-1 show cdp Output Details...............................................................................................3-6
3-2 show ciscodp Output Details ......................................................................................3-13
3-3 show port ciscodp info Output Details ........................................................................3-16
3-4 show lldp port local-info Output Details ......................................................................3-34
3-5 show lldp port remote-info Output Display..................................................................3-39
4-1 show port status Output Details..................................................................................4-26
4-2 show port counters Output Details .............................................................................4-29
4-3 show port advertise Output Details.............................................................................4-57
4-4 show port flow control Output Details.........................................................................4-63
4-5 show linkflap parameters Output Details.................... ... ... ....................................... ...4-71
4-6 show linkflap metrics Output Details...........................................................................4-71
4-7 show port broadcast Output Details ...........................................................................4-83
4-8 LACP Terms and Definitions ......................................................................................4-95
4-9 show lacp Output Details..........................................................................................4-101
5-1 SNMP Security Levels..................................................................................................5-3
5-2 show snmp engineid Output Details.............................................................................5-6
5-3 show snmp counters Output Details.............................................................................5-8
5-4 show snmp user Output Details..................................................................................5-14
5-5 show snmp group Output Details ...............................................................................5-19
5-6 show snmp access Output Details .............................................................................5-28
5-7 show snmp view Output Details .................................................................................5-35
5-8 show snmp targetparams Output Details ...................................................................5-41
5-9 show snmp targetaddr Output Details ........................................................................5-48
5-10 show snmp notify Output Details................................................................................5-54
Matrix NSA Series Configuration Guide xiii
Tables
5-11 Basic SNMP Trap Configuration Command Set.........................................................5-64
6-1 show spantree Output Details ....................................................................................6-10
6-2 Port-Specific show spantree stats Output Details .................. .... ... ... ... .... ... ... ... ... .... ...6-12
7-1 show vlan Output Details..............................................................................................7-5
7-2 show vlan interface Output Details.............................................................................7-17
7-3 Command Set for Creating a Secure Management VLAN.........................................7-32
7-4 show gvrp Output Details ...........................................................................................7-36
7-5 show gvrp configuration Output Details......................................................................7-39
8-1 show policy profile Output Details ................................................................................8-5
8-2 show policy rule Output Details..................................................................................8-25
8-3 Valid Values for Policy Classification Rules ...............................................................8-33
8-4 Configuring User-Defined CoS...................................................................................8-45
8-5 show cos port-type Output Details..............................................................................8-51
9-1 show port ratelimit Output Details...............................................................................9-13
10-1 show igmp config Output Details ..............................................................................10-14
11-1 show logging all Output Details ..................................................................................11-5
11-2 show logging application Output Details...................................................................11-15
11-3 Sample Mnemonic Values for Logging Applications ................................................11-17
11-4 show netstat Output Details......................................................................................11-31
11-5 RMON Monitoring Group Functions and Commands...............................................11-44
11-6 show rmon stats Output Details................................................................................11-49
11-7 show rmon alarm Output Details ..............................................................................11-58
11-8 show rmon event Output Details ..............................................................................11-63
11-9 show rmon topN Output Details................................................................................11-75
11-10 show rmon matrix Output Details .............................................................................11-81
11-11 show arp Output Details ...........................................................................................11-99
11-12 show ip route Output Details ............... ...................................................................11-104
11-13 show mac Output Details........... ....... ... ... ................................................................11-113
11-14 show sntp Output Details.............. ....... ... ................................................................11-123
11-15 show nodealias Output Details...............................................................................11-140
11-16 show nodealias config Output Details ....................................................................11-147
12-1 VLAN and Loopback Interface Configuration Modes .................................................12-2
12-2 show ip interface Output Details.................................................................................12-9
12-3 show ip arp Output Details .......................................................................................12-21
12-4 show ip pim bsr Output Details.................................................................................12-54
12-5 show ip pim interface Output Details ... ... ....................................... ... ... .... .................12-56
12-6 show ip pim neighbor Output Details........................................................................12-58
12-7 show ip pim rp Output Details...................................................................................12-61
12-8 LSNAT Conf iguration Task List and Commands......................................................12-70
12-9 show ip slb reals Out put Det ails ............................................. .... ... ... ........................12-81
12-10 show ip slb vservers Output Details .........................................................................12-88
12-11 show ip slb conns Output Details ...........................................................................12-102
12-12 DHCP Command Modes........................................................................................12-111
xiv Matrix NSA Series Configuration Guide
Tables
12-13 show ip dhcp server statistics Output Details.........................................................12-138
13-1 RIP Configuration Task List and Commands ............................................. ... .... ... ......13-2
13-2 OS PF Conf iguration Task List and Commands....... ...................................... .... ... ... .13-31
13-3 show ip ospf database Output Details......................................................................13-64
13-4 show ip ospf interface Output Details.......................................................................13-67
13-5 show ip ospf neighbor Output Details.......................................................................13-70
13-6 show ip ospf virtual links Output Details...................................................................13-71
14-1 show radius Output Details.......................................................................................14-11
14-2 show tacacs Output Details......................................................................................14-26
14-3 show pwa Output Details..........................................................................................14-55
14-4 show macauthentication Output Details ...................................................................14-81
14-5 show macauthentication session Output Details......................................................14-82
14-6 show maclock Output Details .................................................................................14-120
14-7 show maclock stations Output Details....................................................................14-122
14-8 show ip policy Output Details .................................................................................14-177
Matrix NSA Series Configuration Guide xv
Tables
xvi Matrix NSA Series Configuration Guide

About This Guide

W elcome to the Enterasys Enterasys Matrix® N Standalone (NSA) Series Configuration Guide. This manual explains how to access the device’s Command Line Interface (CLI) and how to use it to configure Matrix Series switch/router devices.
Important Notice
Depending on the firmware version used in your Matrix Series device, some featur es described in this document may not be supported. Refer to the Release Notes shipped with your Matrix Series device to determine which features are supported.
USING THIS GUIDE
A general working knowledge of basic network operations and an unders tanding of CLI management applications is helpful before configuring the Matrix Series device.
This manual describes how to do the following:
Access the Matrix Series CLI.
Use CLI commands to perform network management and device configuration operations.
Establish and manage Virtual Local Area Networks (VLANs).
Manage static and dynamically-assigned user policies.
Establish and manage priority classification.
Configure IP routing and routing protocols, including RIP versions 1 and 2, OSPF, DVMRP,
IRDP, and VRRP.
Configure security protocols, including 802.1X and RADIUS, SSHv2, MAC locking, MAC
authentication, multiple authentication, DoS attack prevention, and flow setup throttling.
Configure policy-based routing.
Configure access control lists (ACLs).
Enterasys Matrix® N Standalone (NSA) Series Configuration Guide xvii
STRUCTURE OF THIS GUIDE
The guide is organized as follows:
Chapter 1, Introduction, provides an overview of the tasks that can be accomplished using the CLI
interface, an overview of local management requirements, and information about obtaining technical support.
Chapter 2, Startup and General Configuration, provides an overview of the device’s factory
default settings and describes how to start the CLI interface, how to set basic system properties, how to download a firmware image, how to configure WebView and Telnet, how to manage configuration files, how to set the login password, how to exit the CLI, and how to prepare the device for router mode operation.
Chapter 3, Configuring Discovery Protocols, describes how to configure the three discovery
protocols supported by the firmware using CLI commands, including the Enterasys Discovery Protocol, the Cisco Discovery Protocol, and the IEEE 802.1AB Link Layer Discovery Protocol (LLDP) and LLDP Media Endpoint Discovery Protcol (LLDP-MED).
Chapter 4, Port Configuration, describes how to review and configure console port settings, and
how to enable or disable switch ports and configure switch port settings, including port speed, duplex mode, auto-negotiation, flow control, port mirroring, link aggegatio n and broadcast suppression.
Chapter 5, SNMP Configuration, describes how to configure SNMP users and user groups, access
rights, target addresses, and notification parameters.
Chapter 6, Spanning Tree Configuration, describes how to review and set Spanning Tree bridge
parameters for the device, including bridge priority, hello time, maximum aging time and forward delay; and how to review and set Spanning Tree port parameters, including port priority and path costs. Also describes how to configure the Loop Protect feature.
Chapter 7, 802.1Q VLAN Configuration, describes how to create static VLANs, select the mode
of operation for each port, establish VLAN forwarding (egress) lists, route frames according to VLAN ID, display the current ports and port types associated with a VLAN and protocol, create a secure management VLAN, and configure ports on the device as GVRP-aware ports.
Chapter 8, Policy Classification Configuration, describes how to create, change or remove user
roles or profiles based on business-specific use of network services; how to permit or deny access to specific services by creating and assigning classification rules which map user profiles to frame filtering policies; how to classify frames to a VLAN or Class of Service (CoS); and how to assign or unassign ports to policy profiles so that only ports activated for a profile will be allowed to transmit frames accordingly.
xviii Enterasys Matrix® N Standalone (NSA) Series Configuration Guide
Chapter 9, Port Priority and Rate Limiting Configuration, describes how to set the transmit
priority of each port, display the current traffic class mapping-to-priority of each port, set ports to either transmit frames according to selected priority transmit queues or percentage of port transmission capacity for each queue, and configure a rate limit for a given port and list of priorities.
Chapter 10, IGMP Configuration, describes how to configure Internet Group Management
Protocol (IGMP) settings for multicast filtering, including IGMP query count, IGMP report delay and IGMP group status.
Chapter 11, Logging and Network Manageme nt, describes how to configure Syslog, how to
manage general switch settings, how to monitor network events and status while the device is in switch mode, including the eventlog, command history, netstats and RMON statistics, how to manage network addresses and routes, and how to configure SNTP and node aliases.
Chapter 12, IP Configuration, describes how to enable IP routing for router mode operation, how
to configure IP interface settings, how to review and configure the routing ARP table, how to review and configure routing broadcasts, how to configure PIM, how to configure LSNAT and DHCP server, and how to configure IP routes.
Chapter 13, Routing Protocol Configuration, describes how to configure RIP, OSPF, DVMRP,
IRDP and VRRP.
Chapter 14, Security Configuration, describes how to configure 802.1X authentication using
EAPOL, how to configure RADIUS server, TACACS +, RFC3580, Secure Shell server, MAC authentication, MAC locking, Port Web Authentication, multiple authentication, policy-based routing, and IP access control lists (ACLs), Denial of Service (DoS) prevention, and flow setup throttling.
RELATED DOCUMENTS
The following Enterasys Networks documents may help you to set up, control, and manage the Matrix Series device:
Ethernet Technology Guide
Cabling Guide
Matrix Series Installation Guide(s)
Matrix WebView User’s Guide
Documents listed above, can be obtained from the World Wide Web in Adobe Acrobat Portable Document Format (PDF) at the following web site:
http://www.enterasys.com/support/manuals/
Enterasys Matrix® N Standalone (NSA) Series Configuration Guide xix
DOCUMENT CONVENTIONS
This guide uses the following conventions: bold type Bold type indicates required user input, including command keywords, that
must be entered as shown for the command to execute.
italic type When used in general text, italic type indicates complete document titles.
When used in CLI command syntax, italic type indicates a user-supplied parameter, either required or optional, to be entered after the command keyword(s).
n.nn A period in numerals signals the decimal point indicator (e.g., 1.75 equals one
and three fourths). Or, periods used in numerals signal the decimal point in Dotted Decimal Notation (DDN) (e.g., 000.000.000.000 in an IP address).
x A lowercase italic x indicates the generic use of a letter (e.g., xxx indicates any
combination of three alphabetic characters).
n A lowercase italic n indicates the generic use of a number (e.g., 19nn indicates
a four-digit number in which the last two digits are unknown). [ ] Square brackets indicate optional parameters. { } Braces indicate required parameters. One or more parameters must be entered. {[ ]} Square brackets nested within braces indicate one or more optional parameters
must be chosen. | A bar indicates a choice in parameters.
The following icons are used in this guide:
NOTE: Calls the reader’s attention to any item of information that may be of special importance.
ROUTER: This symbol denotes router-only functions. Features, commands and information in this guide not differentiated by this symbol refer to switch-mode operation.
CAUTION: Warns the reader about actions that could affect network operation.
xx Enterasys Matrix® N Standalone (NSA) Series Configuration Guide
1

Introduction

This chapter provides an overview of the Matrix Series’ unique features and functionality, an overview of the tasks that may be accomplished using the CLI interface, an overview of ways to manage the device, and information on how to contact Enterasys Networks for technical support.

1.1 MATRIX SERIES FEATURES

Matrix Series devices support business-driven networking with:
Advanced QoS and policy-based frame classification, and bandwidth management featuring rate
limiting, CoS priority queueing and link aggregation.
Customized, single-source management and control with SNMP, port mirroring, Syslog,
RMON, multi-image support and configuration upload/download.
Matrix NSA Series Configuration Guide 1-1
Matrix Series CLI Overview

1.2 MATRIX SERIES CLI OVERVIEW

Enterasys Networks’ Matrix Series CLI interface allows you to perform a variety of network management tasks, including the following:
Assign IP address and subnet mask.
Select a default gateway.
Assign a login password to the device for additional security.
Download a new firmware image.
Designate which network management workstations receive SNMP traps from the device.
View device, interface, and RMON statistics.
Manage configuration files.
Assign ports to operate in the standard or full duplex mode.
Control the number of received broadcasts that are switched to the other interfaces.
Set flow control on a port-by-port basis.
Set port configurations and port-based VLANs.
Configure ports to prioritize and assign a VLAN or Class of Service to incoming frames based
on Layer 2, Layer 3, and Layer 4 information.
Configure the device to operate as a Generic Attribute Registration Protocol (GARP) device to
dynamically create VLANs across a switched network.
Redirect frames according to a port or VLAN and transmit them on a preselected destination
port.
Configure Spanning Trees.
Clear NVRAM.
Configure interfaces for IP routing.
Configure RIP, OSPF, DVMRP, IRDP and VRRP routing protocols.
Configure security methods, including 802.1X. RADIUS, TACACS, CEP, SSHv2, MAC
locking, and DoS attack prevention.
Configure access lists (ACLs).
1-2 Matrix NSA Series Configuration Guide
Device Management Methods

1.3 DEVICE MANAGEMENT METHODS

The Matrix Series device can be managed using the following methods:
Locally using a VT type terminal connected to the console port.
Remotely using a VT type terminal connected through a modem.
Remotely using an SNMP management station.
In-band through a Telnet connection.
In-band using Enterasys Networks’ NetSight
®
management application.
Remotely using WebView™, Enterasys Networks’ embedded web server application.
The Matrix Series Installation Guide provides setup instructions for connecting a terminal or modem to the Matrix Series device.

1.4 GETTING HELP

For additional support related to this device or document, contact Enterasys Networks using one of the following methods:
World Wide Web www.enterasys.com/services/support/ Phone 1-800-872-8440 (toll-free in U.S. and Canada)
or 1-978-684-1000 For the Enterasys Networks Support toll-free number in your country:
www.enterasys.com/services/support/contact/
Internet mail support@enterasys.com
To expedite your message, type [N-Series] in the subject line.
To send comments concerning this document to the Te chnical Publications Department:
techpubs@enterasys.com
Please include the document Part Number in your email message.
Before calling Enterasys Networks, have the following information ready:
Your Enterasys Networks service contract number
A description of the failure
A description of any action(s) already taken to resolve the problem
(for example, changing mode switches, rebooting the unit)
The serial and revision numbers of all involved Enterasys Networks products in the network
Matrix NSA Series Configuration Guide 1-3
Getting Help
A description of your network environment (for example, layout, cable type)
Network load and frame size at the time of trouble (if known)
The device history (for example, have you returned the device before, is this a recurring
problem?)
Any previous Return Material Authorization (RMA) numbers
1-4 Matrix NSA Series Configuration Guide
2

Startup and General Configuration

This chapter describes factory default settings and the Startup and General Configuration set of commands.

2.1 STARTUP AND GENERAL CONFIGURATION SUMMARY

At startup, the Matrix Series device is configured with many defaults and standard features. The following sections provide information on how to review and change factory defaults, how to customize basic system settings to adapt to your work environment, and how to prepare to run the device in router mode.

2.1.1 Factory Default Settings

The following tables list factory default device settings available on the Matrix Series device.
Table 2-1 lists default settings for Matrix Series switch operation. Table 2-2 lists default settings for
router mode operation.
Table 2-1 Default Device Settings for Basic Switch Operation
Device Feature Default Setting
CDP discovery protocol
CDP authentication code
CDP hold time Set to 180 seconds. CDP interval Transmit frequency of CDP messages set to 60 seconds. Cisco Discovery
Protocol
Auto enabled on all ports.
Set to 00-00-00-00-00-00-00-00
Globally auto-enabled, enabled on ports.
Matrix NSA Series Configuration Guide 2-1
Startup and General Configuration Summary Factory Default Settings
Table 2-1 Default Devi ce Settin g s for Basi c Swi tc h Ope rat io n (Co ntin u ed)
Device Feature Default Setting
Community name Public. Convergence End
Disabled globally and on all ports
Points phone detection EAPOL Disabled. EAPOL authentication
When enabled, set to auto for all ports.
mode GARP timer Join timer set to 20 centiseconds; leave timer set to 60 centiseconds;
leaveall timer set to 1000 centiseconds.
GVRP Globally enabled. IGMP Disabled. When enabled, query interval is set to 125seconds and
response time is set to 100 tenths of a second.
IP mask and gateway Subnet mask set to 255.0.0.0; default gateway set to 0.0.0.0 IP routes No static routes configured. Jumbo frame support Disabled on all ports. Link aggregation
Set to 32768 for all ports.
admin key Link aggregation flow
Does not apply to MATRIX E7.
Disabled.
regeneration Link aggregation
Set to 32768 for all ports.
system priority Link aggregation
Set to DIP-SIP.
outport algorithm Link Layer Discovery
Both transmitting and receiving LLDPDUs are enabled.
Protocol (LLDP) LLDP transmit interval 30 seconds LLDP hold multiplier 4
2-2 Matrix NSA Series Configuration Guide
Startup and General Configuration Summary
Factory Default Settings
Table 2-1 Default Device Settings for Basic Switch Operation (Continued)
Device Feature Default Setting
LLDP trap interval 5 seconds LLDP-MED fast repeat 3 fast start LLDPDUs LLDP traps Disabled LLDP-MED traps Disabled Lockout Set to disable Read-Write and Read-Only users, and to lockout the
default admin (Super User) account for 15 minutes, after 3 failed login attempts,
Logging Syslog port set to UDP port number 514. Logging severity level set
to 6 (significant conditions) for all applications.
MAC aging time Set to 300 seconds. MAC locking Disabled (globally and on all ports). Management
Enabled Authentication Notification
MTU discovery
Enabled. protocol
NetFlow collection Disabled NetFlow export version Version 5 NetFlow Version 9
20 packets template refresh rate
NetFlow Version 9
30 minutes template timeout
Passwords Set to an empty string for all default user accounts. User must press
ENTER at the password prompt to access CLI. Password aging Disabled. Password history No passwords are checked for duplication.
Matrix NSA Series Configuration Guide 2-3
Startup and General Configuration Summary Factory Default Settings
Table 2-1 Default Devi ce Settin g s for Basi c Swi tc h Ope rat io n (Co ntin u ed)
Device Feature Default Setting
Policy classification Classification rules are automatically enabled when created. Port auto-negotiation Enabled on all ports. Port advertised ability Maximum ability advertised on all ports. Port broadcast
Disabled (no broadcast limit).
suppression Port duplex mode Set to half duplex, except for 100BASE-FX and 1000BASE-X,
which is set to full duplex.
Port enable/disable Enabled. Port priority Set to 1. Port speed Set to 10 Mbps, except for 1000BASE-X, which is set to 1000 Mbps,
and 100BASE-FX, which is set to 100 Mbps.
Port trap All ports are enabled to send link traps. Priority classification Classification rules are automatically enabled when created. RADIUS client Disabled. RADIUS last resort
When the client is enabled, set to Challenge.
action RADIUS retries When the client is enabled, set to 3. RADIUS timeout When the client is enabled, set to 20 seconds. Rate limiting Disabled (globally and on all ports). SNMP Enabled. SNTP Disabled. Spanning Tree Globally enabled and enabled on all ports. Spanning Tree edge
Enabled. port administrative status
2-4 Matrix NSA Series Configuration Guide
Loading...
+ 1342 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use