Enterasys Networks N Standalone NSA User Manual

Download

Page 1

Enterasys Matrix® N Standalone (NSA) Series

Configuration Guide

Firmware Version 5.41.xx

P/N 9034073-08 Rev.0C

Page 2

Page 3

Notice

Enterasys Networks reserves the right to make changes in specifications and other information contained in this document and its web site without prior notice. The reader should in all cases consult Enterasys Networks to determine whether any such changes have been made.

The hardware, firmware, or software described in this document is subject to change without notice.

IN NO EVENT SHALL ENTERASYS NETWORKS BE LIABLE FOR ANY INCIDENTAL, INDIRECT, SPECIAL, OR CONSEQUENTIAL DAMAGES WHATSOEVER (INCLUDING BUT NOT LIMITED TO LOST PROFITS) ARISING OUT OF OR RELATED TO THIS DOCUMENT, WEB SITE, OR THE INFORMATION CONTAINED IN THEM, EVEN IF ENTERASYS NETWORKS HAS BEEN ADVISED OF, KNEW OF, OR SHOULD HAVE KNOWN OF, THE POSSIBILITY OF SUCH DAMAGES.

Enterasys Networks, Inc. 50 Minuteman Road Andover, MA 01810

Part Number: 9034073-08 Rev.0C July 2008

ENTERASYS, ENTERASYS NETWORKS, ENTERASYS MATRIX, NETSIGHT, WEBVIEW, and any logos associated therewith, are trademarks or registered trademarks of Enterasys Networks, Inc. in the United States and other countries. For a complete list of Enterasys trademarks, see http://www.enterasys.com/company/trademarks.aspx.

All other product names mentioned in this manual may be trademarks or registered trademarks of their respective companies.

Documentation URL: http://www.enterasys.com/support/manuals

Version: Information in this guide refers to Matrix N Standalone Series firmware version

5.41.xx.

Page 4

ENTERASYS NETWORKS, INC.

FIRMWARE LICENSE AGREEMENT

BEFORE OPENING OR UTILIZING THE ENCLOSED PRODUCT,

CAREFULLY READ THIS LICENSE AGREEMENT.

This document is an agreement (“Agreement”) between the end user (“You”) and Enterasys Networks, Inc. on behalf of itself and its Affiliates (as hereinafter defined) (“Enterasys”) that sets forth Your rights and obligations with respect to the Enterasys software program/firmware installed on the Enterasys product (including any accompanying documentation, hardware or media) (“Program”) in the package and prevails over any additional, conflicting or inconsistent terms and conditions appearing on any purchase order or other document submitted by You. “Affiliate” means any person, partnership, corporation, limited liability company, or other form of enterprise that directly or indirectly through one or more intermediaries, controls, or is controlled by, or is under common control with the party specified. This Agreement constitutes the entire understanding between the parties, and supersedes all prior discussions, representations, understandings or agreements, whether oral or in writing, between the parties with respect to the subject matter of this Agreement. The Program may be contained in firmware, chips or other media.

BY INSTALLING OR OTHERWISE USING THE PROGRAM, YOU REPRESENT THAT YOU ARE AUTHORIZED TO ACCEPT THESE TERMS ON BEHALF OF THE END USER (IF THE END USER IS AN ENTITY ON WHOSE BEHALF YOU ARE AUTHORIZED TO ACT, “YOU” AND “YOUR” SHALL BE DEEMED TO REFER TO SUCH ENTITY) AND THAT YOU AGREE THAT YOU ARE BOUND BY THE TERMS OF THIS AGREEMENT, WHICH INCLUDES, AMONG OTHER PROVISIONS, THE LICENSE, THE DISCLAIMER OF WARRANTY AND THE LIMITATION OF LIABILITY. IF YOU DO NOT AGREE TO THE TERMS OF THIS AGREEMENT OR ARE NOT AUTHORIZED TO ENTER INTO THIS AGREEMENT, ENTERASYS IS UNWILLING TO LICENSE THE PROGRAM TO YOU AND YOU AGREE TO RETURN THE UNOPENED PRODUCT TO ENTERASYS OR YOUR DEALER, IF ANY, WITHIN TEN (10) DAYS FOLLOWING THE DATE OF RECEIPT FOR A FULL REFUND.

IF YOU HAVE ANY QUESTIONS ABOUT THIS AGREEMENT, CONTACT ENTERASYS NETWORKS, LEGAL DEPARTMENT AT (978) 684-1000.

You and Enterasys agree as follows:

1. LICENSE. You have the non-exclusive and non-transferable right to use only the one (1) copy of the Program

provided in this package subject to the terms and conditions of this Agreement.

2. RESTRICTIONS. Except as otherwise authorized in writing by Enterasys, You may not, nor may You permit any third party to:

(i) Reverse engineer, decompile, disassemble or modify the Program, in whole or in part, including for reasons of

error correction or interoperability, except to the extent expressly permitted by applicable law and to the extent the parties shall not be permitted by that applicable law, such rights are expressly excluded. Information necessary to achieve interoperability or correct errors is available from Enterasys upon request and upon payment of Enterasys’ applicable fee.

(ii) Incorporate the Program, in whole or in part, in any other product or create derivative works based on the

Program, in whole or in part.

(iii) Publish, disclose, copy, reproduce or transmit the Program, in whole or in part.

(iv) Assign, sell, license, sublicense, rent, lease, encumber by way of security interest, pledge or otherwise transfer

the Program, in whole or in part.

(v) Remove any copyright, trademark, proprietary rights, disclaimer or warning notice included on or embedded in

any part of the Program.

Page 5

3. APPLICABLE LAW. This Agreement shall be interpreted and governed under the laws and in the state and federal courts of the Commonwealth of Massachusetts without regard to its conflicts of laws provisions. You accept the personal jurisdiction and venue of the Commonwealth of Massachusetts courts. None of the 1980 United Nations Convention on Contracts for the International Sale of Goods, the United Nations Convention on the Limitation Period in the International Sale of Goods, and the Uniform Computer Information Transactions Act shall apply to this Agreement.

4. EXPORT RESTRICTIONS. You understand that Enterasys and its Affiliates are subject to regulation by agencies of the U.S. Government, including the U.S. Department of Commerce, which prohibit export or diversion of certain technical products to certain countries, unless a license to export the Program is obtained from the U.S. Government or an exception from obtaining such license may be relied upon by the exporting party.

If the Program is exported from the United States pursuant to the License Exception CIV under the U.S. Export Administration Regulations, You agree that You are a civil end user of the Program and agree that You will use the Program for civil end uses only and not for military purposes.

If the Program is exported from the United States pursuant to the License Exception TSR under the U.S. Export Administration Regulations, in addition to the restriction on transfer set forth in Sections 1 or 2 of this Agreement, You agree not to (i) reexport or release the Program, the source code for the Program or technology to a national of a country in Country Groups D:1 or E:2 (Albania, Armenia, Azerbaijan, Belarus, Bulgaria, Cambodia, Cuba, Estonia, Georgia, Iraq, Kazakhstan, Kyrgyzstan, Laos, Latvia, Libya, Lithuania, Moldova, North Korea, the People’s Republic of China, Romania, Russia, Rwanda, Tajikistan, Turkmenistan, Ukraine, Uzbekistan, Vietnam, or such other countries as may be designated by the United States Government), (ii) export to Country Groups D:1 or E:2 (as defined herein) the direct product of the Program or the technology, if such foreign produced direct product is subject to national security controls as identified on the U.S. Commerce Control List, or (iii) if the direct product of the technology is a complete plant or any major component of a plant, export to Country Groups D:1 or E:2 the direct product of the plant or a major component thereof, if such foreign produced direct product is subject to national security controls as identified on the U.S. Commerce Control List or is subject to State Department controls under the U.S. Munitions List.

5. UNITED STATES GOVERNMENT RESTRICTED RIGHTS. The enclosed Program (i) was developed solely at private expense; (ii) contains “restricted computer software” submitted with restricted rights in accordance with section

52.227-19 (a) through (d) of the Commercial Computer Software-Restricted Rights Clause and its successors, and (iii) in all respects is proprietary data belonging to Enterasys and/or its suppliers. For Department of Defense units, the Program is considered commercial computer software in accordance with DFARS section 227.7202-3 and its successors, and use, duplication, or disclosure by the Government is subject to restrictions set forth herein.

6. DISCLAIMER OF WARRANTY. EXCEPT FOR THOSE WARRANTIES EXPRESSLY PROVIDED TO YOU IN WRITING BY ENTERASYS, ENTERASYS DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY, SATISFACTORY QUALITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON- INFRINGEMENT WITH RESPECT TO THE PROGRAM. IF IMPLIED WARRANTIES MAY NOT BE DISCLAIMED BY APPLICABLE LAW, THEN ANY IMPLIED WARRANTIES ARE LIMITED IN DURATION TO THIRTY (30) DAYS AFTER DELIVERY OF THE PROGRAM TO YOU.

7. LIMITATION OF LIABILITY. IN NO EVENT SHALL ENTERASYS OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF BUSINESS, PROFITS, BUSINESS INTERRUPTION, LOSS OF BUSINESS INFORMATION, SPECIAL, INCIDENTAL, CONSEQUENTIAL, OR RELIANCE DAMAGES, OR OTHER LOSS) ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM, EVEN IF ENTERASYS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THIS FOREGOING LIMITATION SHALL APPLY REGARDLESS OF THE CAUSE OF ACTION UNDER WHICH DAMAGES ARE SOUGHT.

THE CUMULATIVE LIABILITY OF ENTERASYS TO YOU FOR ALL CLAIMS RELATING TO THE PROGRAM, IN CONTRACT, TORT OR OTHERWISE, SHALL NOT EXCEED THE TOTAL AMOUNT OF FEES PAID TO ENTERASYS BY YOU FOR THE RIGHTS GRANTED HEREIN.

iii

Page 6

8. AUDIT RIGHTS. You hereby acknowledge that the intellectual property rights associated with the Program are of critical value to Enterasys and, accordingly, You hereby agree to maintain complete books, records and accounts showing (i) license fees due and paid, and (ii) the use, copying and deployment of the Program. You also grant to Enterasys and its authorized representatives, upon reasonable notice, the right to audit and examine during Your normal business hours, Your books, records, accounts and hardware devices upon which the Program may be deployed to verify compliance with this Agreement, including the verification of the license fees due and paid Enterasys and the use, copying and deployment of the Program. Enterasys’ right of examination shall be exercised reasonably, in good faith and in a manner calculated to not unreasonably interfere with Your business. In the event such audit discovers non-compliance with this Agreement, including copies of the Program made, used or deployed in breach of this Agreement, You shall promptly pay to Enterasys the appropriate license fees. Enterasys reserves the right, to be exercised in its sole discretion and without prior notice, to terminate this license, effective immediately, for failure to comply with this Agreement. Upon any such termination, You shall immediately cease all use of the Program and shall return to Enterasys the Program and all copies of the Program.

9. OWNERSHIP. This is a license agreement and not an agreement for sale. You acknowledge and agree that the Program constitutes trade secrets and/or copyrighted material of Enterasys and/or its suppliers. You agree to implement reasonable security measures to protect such trade secrets and copyrighted material. All right, title and interest in and to the Program shall remain with Enterasys and/or its suppliers. All rights not specifically granted to You shall be reserved to Enterasys.

10. ENFORCEMENT. You acknowledge and agree that any breach of Sections 2, 4, or 9 of this Agreement by You may cause Enterasys irreparable damage for which recovery of money damages would be inadequate, and that Enterasys may be entitled to seek timely injunctive relief to protect Enterasys’ rights under this Agreement in addition to any and all remedies available at law.

11. ASSIGNMENT. You may not assign, transfer or sublicense this Agreement or any of Your rights or obligations under this Agreement, except that You may assign this Agreement to any person or entity which acquires substantially all of Your stock or assets. Enterasys may assign this Agreement in its sole discretion. This Agreement shall be binding upon and inure to the benefit of the parties, their legal representatives, permitted transferees, successors and assigns as permitted by this Agreement. Any attempted assignment, transfer or sublicense in violation of the terms of this Agreement shall be void and a breach of this Agreement.

12. WAIVER. A waiver by Enterasys of a breach of any of the terms and conditions of this Agreement must be in writing and will not be construed as a waiver of any subsequent breach of such term or condition. Enterasys’ failure to enforce a term upon Your breach of such term shall not be construed as a waiver of Your breach or prevent enforcement on any other occasion.

13. SEVERABILITY. In the event any provision of this Agreement is found to be invalid, illegal or unenforceable, the validity, legality and enforceability of any of the remaining provisions shall not in any way be affected or impaired thereby, and that provision shall be reformed, construed and enforced to the maximum extent permissible. Any such invalidity, illegality or unenforceability in any jurisdiction shall not invalidate or render illegal or unenforceable such provision in any other jurisdiction.

14. TERMINATION. Enterasys may terminate this Agreement immediately upon Your breach of any of the terms and conditions of this Agreement. Upon any such termination, You shall immediately cease all use of the Program and shall return to Enterasys the Program and all copies of the Program.

Page 7

Figures ............................................................................................................................................xi

Tables............................................................................................................................................xiii

ABOUT THIS GUIDE

Using This Guide..........................................................................................................xvii

Structure of This Guide.................... ... .... ... ... ... ....................................... ... ... .... ..........xviii

Related Documents.......................... ....................................... ... ... .... ............................xix

Document Conventions.............................. ... ... ... .... ... ....................................... ... ... ... ....xx

INTRODUCTION

1.1 Matrix Series Features............................................ ... ... ... ...............................1-1

1.2 Matrix Series CLI Overview.............................................................................1-2

1.3 Device Management Methods ........................................................................1-3

1.4 Getting Help....................................................................................................1-3

STARTUP AND GENERAL CONFIGURATION

2.1 Startup and General Configuration Summary.................................................2-1

2.1.1 Factory Default Settings............. ... ....................................... ... ... ... ..2-1

2.1.2 CLI “Command Defaults” Descriptions ...........................................2-9

2.1.3 CLI Command Modes.....................................................................2-9

2.1.4 Using WebView.............................................................................2-10

2.1.5 Process Overview: CLI Startup and General Configuration..........2-11

2.1.6 Starting and Navigating the Command Line Interface ..................2-12

2.1.6.1 Using a Console Port Connection.................................2-12

2.1.6.2 Logging in with a Default User Account........................2-12

2.1.6.3 Logging in with Administratively Configured Account...2-13

2.1.6.4 Using a Telnet Connection ...........................................2-13

2.1.6.5 Getting Help with CLI Syntax........................................2-14

2.1.6.6 Using Context-Sensitive Help.......................................2-14

2.1.6.7 Performing Keyword Lookups.......................................2-15

2.1.6.8 Displaying Scrolling Screens ........................................2-16

2.1.6.9 Abbreviating and Completing Commands ....................2-17

2.1.6.10 Using the Spacebar Auto Complete Function...............2-17

2.1.7 Configuring the Line Editor ...........................................................2-17

Matrix NSA Series Configuration Guide v

Page 8

Contents

2.2 General Configuration Command Set...........................................................2-24

2.2.1 Setting User Accounts and Passwords.........................................2-24

2.2.2 Managing the Management Authentication Notification MIB........2-36

2.2.3 Setting Basic Device Properties....................................................2-42

2.2.4 Activating Licensed Features........................................................2-90

2.2.5 Dow nloading a New Firmware Image...........................................2-94

2.2.6 Reviewing and Selecting a Boot Firmware Image ........ ... ... ... .... ...2-97

2.2.7 Starting and Configuring Telnet..................................................2-100

2.2.8 Managing Configuration and Image Files........ ... ........................2-107

2.2.9 Enabling or Disabling the Path MTU Discovery Protocol....... .... .2-119

2.2.10 Pausing, Clearing and Closing the CLI.......................................2-123

2.2.11 Resetting the Device.................... .... ... ... ... .... ... ... ........................2-127

2.2.12 Gathering Technical Support Information...................................2-134

2.3 Preparing the Device for Router Mode........................................................2-137

2.3.1 P re-R outing Configuration Tasks................................................2-137

2.3.2 Reviewing and Configuring Routing ................................ ...........2-139

2.3.3 Enabling Router Configuration Modes........................................2-144

CONFIGURING DISCOVERY PROTOCOLS

3.1 Overview.........................................................................................................3-1

3.2 Discovery Protocols Command Set ................................................................3-1

3.2.1 Displaying Neighbors......................................................................3-1

3.2.2 E nt eras ys Discovery Protocol................... .... ... ... ... .... ...... ... ... .... ... ..3-4

3.2.3 Cisco Discovery Protocol..............................................................3-12

3.2.4 Link Layer Discovery Protocol and LLDP-MED............................3-25

PORT CONFIGURATION

4.1 Port Configuration Summary...........................................................................4-1

4.1.1 Port String Syntax Used in the CLI .................................................4-2

4.2 Process Overview: Port Configuration ............................................................4-4

4.3 Port Configuration Command Set...................................................................4-5

4.3.1 S et ting Console Port Properties............................. .... ...... ... ... .... ... ..4-5

4.3.2 Reviewing Port Status...................................................................4-23

4.3.3 Disabling / Enabling and Naming Ports ........................................4-33

4.3.4 Setting Speed and Duplex Mode..................................................4-41

4.3.5 Enabling / Disabling Jumbo Frame Support .................................4-46

4.3.6 Setting Auto-Negotiation and Advertised Ability ...........................4-50

4.3.7 Setting Flow Control......................................................................4-62

4.3.8 Configuring Link Traps and Link Flap Detection................. ... .... ...4-66

4.3.9 Configuring Broadcast Suppression .............................................4-82

vi Matrix NSA Series Configuration Guide

Page 9

Contents

4.4 Configuring Port Mirroring.............................................................................4-87

4.4.1 Supported Mirrors......................................................... ... .... ... ......4-87

4.4.2 IDS Mirroring Considerations........................................................4-88

4.4.3 Active Destination Port Configurations .........................................4-88

4.4.4 Setting Port Mirroring.............................................. ... ... ................4-89

4.5 Configuring LACP .........................................................................................4-94

4.5.1 LACP Operation............................................................................4-94

4.5.2 LACP Terminology........................................................................4-95

4.5.3 Matrix Series Usage Considerations.............................................4-96

4.5.4 Configuring Link Aggregation........................................................4-98

SNMP CONFIGURATION

5.1 SNMP Configuration Summary.......................................................................5-1

5.1.1 SNMPv1 and SNMPv2c..................................................................5-1

5.1.2 SNMPv3..........................................................................................5-2

5.1.3 About SNMP Security Models and Levels......................................5-2

5.1.4 Using SNMP Contexts to Access Specific MIBs

or Routing Modules.........................................................................5-3

5.2 Process Overview: SNMP Configuration ........................................................5-5

5.3 SNMP Configuration Command Set ...............................................................5-5

5.3.1 Reviewing SNMP Statistics.............................................................5-5

5.3.2 Configuring SNMP Users, Groups and Communities...................5-12

5.3.3 Configuring SNMP Access Rights ................................................5-26

5.3.4 Configuring SNMP MIB Views......................................................5-33

5.3.5 Configuring SNMP Target Parameters.........................................5-39

5.3.6 Configuring SNMP Target Addresses...........................................5-46

5.3.7 Configuring SNMP Notification Parameters..................................5-52

5.3.8 Creating a Basic SNMP Trap Configuration ........................... ......5-64

SPANNING TREE CONFIGURATION

6.1 Spanning Tree Configuration Summary..................................... ... ... .... ... ... ... ..6-1

6.1.1 Overview: Single, Rapid and Multiple Spanning Tree Protocols.....6-1

6.1.2 Spanning Tree Features.................................................................6-2

6.1.3 Loop Protect........................... .... ...................................... .... ... ... .....6-2

6.1.4 Process Overview: Spanning Tree Configuration...........................6-4

6.2 Spanning Tree Configuration Command Set.......................... ... ... ....... ... ... ... ..6-5

6.2.1 Configuring Spanning Tree Bridge Parameters..............................6-5

6.2.2 Configuring Spanning Tree Port Parameters................................6-91

6.2.3 Configuring Spanning Tree Loop Protect Features ....................6-119

Matrix NSA Series Configuration Guide vii

Page 10

Contents

802.1Q VLAN CONFIGURATION

7.1 VLAN Configuration Summary........................................................................7-1

7.1.1 Port Assignment Scheme ...............................................................7-1

7.1.2 Port String Syntax Used in the CLI .................................................7-2

7.2 Process Overview: 802.1Q VLAN Configuration.............................................7-2

7.3 VLAN Configuration Command Set ................................................................7-3

7.3.1 Reviewing Existing VLANs..............................................................7-3

7.3.2 C reating and Naming Static VLANs................................................7-6

7.3.3 Assigning Port VLAN IDs (PVIDs) and Ingress Filtering...............7-11

7.3.4 Configuring the VLAN Egress List ................................................7-25

7.3.5 Creating a Secure Management VLAN.........................................7-32

7.3.6 Enabling/Disabling GVRP.............................................................7-33

POLICY CLASSIFICATION CONFIGURATION

8.1 Policy Classification Configuration Summary................... ... ... .... ...... ... ... .... ... ..8-1

8.2 Process Overview: Policy Classification Configuration...................................8-2

8.3 Policy Classification Configuration Command Set..........................................8-2

8.3.1 C onfiguring Polic y Profiles........... .... ... ... ... .... ... ... ............................8-2

8.3.2 Assigning Classification Rules to Policy Profiles ..........................8-22

8.3.3 Configuring Policy Class of Service (CoS)....................................8-44

PORT PRIORITY AND RATE LIMITING CONFIGURATION

9.1 Port Priority Configuration Summary...............................................................9-1

9.2 Process Overview: Port Priority and Rate Limiting Configuration...................9-2

9.3 Port Priority and Rate Limiting Configuration Command Set..........................9-2

9.3.1 C onfiguring Port Priority......................................... .... ... ... ... ... .... .....9-2

9.3.2 Configuring Priorit y to Transmit Queue Mapping............................9-6

9.3.3 Configuring Port Traffic Rat e Li miting...........................................9-11

viii Matrix NSA Series Configuration Guide

IGMP CONFIGURATION

10.1 About IP Multicast Group Management........................................................10-1

10.2 IGMP Configuration Summary.. ... .... ... ... ... ... .... ...... ... .... ... ... ... .... ... ... ... ... .... ...10-2

10.3 Process Overview: IGMP Configuration........................................................10-2

10.4 IGMP Configuration Command Set...............................................................10-3

10.4.1 Enabling / Disabling IGMP............................................................10-3

10.4.2 Configuring IGMP ..................... ... .... ... ... .......................................10-7

Page 11

Contents

LOGGING AND NETWORK MANAGEMENT

11.1 Process Overview: Network Management.............................. ... ... ... .... ... ... ...11-1

11.2 Logging And Network Management Command Set......................................11-2

11.2.1 Configuring System Logging.........................................................11-2

11.2.2 Monitoring Network Events and Status.......................................11-26

11.2.3 Configuring SMON......................................................................11-37

11.2.4 Configuring RMON......................................................................11-44

11.2.5 Managing Switch Network Addresses and Routes.....................11-98

11.2.6 Configuring Simple Network Time Protocol (SNTP) .................11-121

11.2.7 Configuring Node Aliases .........................................................11-139

11.2.8 Configuring NetFlow .................................................................11-152

IP CONFIGURATION

12.1 Process Overview: Internet Protocol (IP) Configuration................................12-1

12.2 IP Configuration Command Set . ... ... .............................................................12-2

12.2.1 Configuring Routing Interface Settings .........................................12-2

12.2.2 Managing Router Configuration Files .........................................12-12

12.2.3 Performing a Basic Router Configuration ...................................12-17

12.2.4 Reviewing and Configuring the ARP Table...................... .... ... ... .12-19

12.2.5 Configuring Broadcast Settings ..................................................12-29

12.2.6 Reviewing IP Traffic and Configuring Routes .............................12-34

12.2.7 Configuring PIM..........................................................................12-47

12.2.8 Configuring Load Sharing Network Address Translation

(LSNAT)......................................................................................12-67

12.2.9 Configuring Dynamic Host Configuration Protocol (DHCP)......12-110

ROUTING PROTOCOL CONFIGURATION

13.1 Process Overview: Routing Protocol Configuration......................................13-1

13.2 Routing Protocol Configuration Command Set.............................................13-2

13.2.1 Activating Advanced Routing Features.........................................13-2

13.2.2 Configuring RIP.............................................................................13-2

13.2.3 Configuring OSPF.......................................................................13-31

13.2.4 Configuring DVMRP....................................................................13-76

13.2.5 Configuring IRDP........................................................................13-81

13.2.6 Configuring VRRP.......................................................................13-90

Matrix NSA Series Configuration Guide ix

Page 12

Contents

INDEX

SECURITY CONFIGURATION

14.1 Overview of Security Methods......................................................................14-1

14.1.1 RADIUS Filter-ID Attribute and Dynamic Policy Profile Assignment14-3

14.2 Process Overview: Security Configuration....................................................14-4

14.3 Security Configuration Command Set................................. ... .... ... ... ... ... .... ...14-5

14.3.1 Setting the Authentication Login Method ......................................14-5

14.3.2 Configuring RADIUS........................................................ ... ... .... ...14-9

14.3.3 Configuring RFC 3580................................................................14-20

14.3.4 Configuring TACACS+........... ... ..................................................14-24

14.3.5 Configuring 802.1X Authentication .............................................14-39

14.3.6 Configuring Port Web Authentication (PWA) ..............................14-51

14.3.7 Configuring MAC Authentication.................................................14-78

14.3.8 Configuring Convergence End Points (CEP) Phone Detection 14-101

14.3.9 Configuring MAC Locking.........................................................14-118

14.3.10 Configuring Multiple Authentication ..........................................14-133

14.3.11 Configuring Secure Shell (SSH) ...............................................14-152

14.3.12 Configuring Access Lists...........................................................14-159

14.3.13 Configuring Policy-Based Routing ............................................14-170

14.3.14 Configuring Denial of Service (DoS) Prevention.......................14-183

14.3.15 Configuring Flow Setup Throttling (FST) ..................................14-188

x Matrix NSA Series Configuration Guide

Page 13

Figures

Figure Page

2-1 Sample CLI Default Description......................................................................................2-9

2-2 Matrix N Standalone Startup Screen................ ....................................... ... ... ... .............2-14

2-3 Performing a Keyword Lookup .. .... ... ... ... .... ... ................................................................2-15

2-4 Performing a Partial Keyword Lookup...........................................................................2-15

2-5 Scrolling Screen Output................................................................................................2-16

2-6 Abbreviating a Command..............................................................................................2-17

2-7 Completing a Partial Command....................................................................................2-17

2-8 Enabling the Switch for Routing..................................................................................2-139

7-1 Example of VLAN Propagation via GVRP.....................................................................7-34

12-1 Example of a Simple Matrix Series Router Config File ...............................................12-17

Matrix NSA Series Configuration Guide xi

Page 14

Figures

xii Matrix NSA Series Configuration Guide

Page 15

Tables

Table Page

2-1 Default Device Settings for Basic Switch Operation.....................................................2-1

2-2 Default Device Settings for Router Mode Operation ....................................................2-7

2-3 Basic Line Editing Emacs & vi Commands.................................................................2-18

2-4 show system login Output Details ..............................................................................2-26

2-5 show system lockout Output Details...........................................................................2-34

2-6 show system Output Details.......................................................................................2-51

2-7 show version Output Details.......................................................................................2-74

2-8 dir Output Details......................................................................................................2-108

2-9 Enabling the Switch for Routing ...............................................................................2-138

2-10 show router Output Details.......................................................................................2-140

2-11 Router CLI Configuration Modes..............................................................................2-144

3-1 show cdp Output Details...............................................................................................3-6

3-2 show ciscodp Output Details ......................................................................................3-13

3-3 show port ciscodp info Output Details ........................................................................3-16

3-4 show lldp port local-info Output Details ......................................................................3-34

3-5 show lldp port remote-info Output Display..................................................................3-39

4-1 show port status Output Details..................................................................................4-26

4-2 show port counters Output Details .............................................................................4-29

4-3 show port advertise Output Details.............................................................................4-57

4-4 show port flow control Output Details.........................................................................4-63

4-5 show linkflap parameters Output Details.................... ... ... ....................................... ...4-71

4-6 show linkflap metrics Output Details...........................................................................4-71

4-7 show port broadcast Output Details ...........................................................................4-83

4-8 LACP Terms and Definitions ......................................................................................4-95

4-9 show lacp Output Details..........................................................................................4-101

5-1 SNMP Security Levels..................................................................................................5-3

5-2 show snmp engineid Output Details.............................................................................5-6

5-3 show snmp counters Output Details.............................................................................5-8

5-4 show snmp user Output Details..................................................................................5-14

5-5 show snmp group Output Details ...............................................................................5-19

5-6 show snmp access Output Details .............................................................................5-28

5-7 show snmp view Output Details .................................................................................5-35

5-8 show snmp targetparams Output Details ...................................................................5-41

5-9 show snmp targetaddr Output Details ........................................................................5-48

5-10 show snmp notify Output Details................................................................................5-54

Matrix NSA Series Configuration Guide xiii

Page 16

Tables

5-11 Basic SNMP Trap Configuration Command Set.........................................................5-64

6-1 show spantree Output Details ....................................................................................6-10

6-2 Port-Specific show spantree stats Output Details .................. .... ... ... ... .... ... ... ... ... .... ...6-12

7-1 show vlan Output Details..............................................................................................7-5

7-2 show vlan interface Output Details.............................................................................7-17

7-3 Command Set for Creating a Secure Management VLAN.........................................7-32

7-4 show gvrp Output Details ...........................................................................................7-36

7-5 show gvrp configuration Output Details......................................................................7-39

8-1 show policy profile Output Details ................................................................................8-5

8-2 show policy rule Output Details..................................................................................8-25

8-3 Valid Values for Policy Classification Rules ...............................................................8-33

8-4 Configuring User-Defined CoS...................................................................................8-45

8-5 show cos port-type Output Details..............................................................................8-51

9-1 show port ratelimit Output Details...............................................................................9-13

10-1 show igmp config Output Details ..............................................................................10-14

11-1 show logging all Output Details ..................................................................................11-5

11-2 show logging application Output Details...................................................................11-15

11-3 Sample Mnemonic Values for Logging Applications ................................................11-17

11-4 show netstat Output Details......................................................................................11-31

11-5 RMON Monitoring Group Functions and Commands...............................................11-44

11-6 show rmon stats Output Details................................................................................11-49

11-7 show rmon alarm Output Details ..............................................................................11-58

11-8 show rmon event Output Details ..............................................................................11-63

11-9 show rmon topN Output Details................................................................................11-75

11-10 show rmon matrix Output Details .............................................................................11-81

11-11 show arp Output Details ...........................................................................................11-99

11-12 show ip route Output Details ............... ...................................................................11-104

11-13 show mac Output Details........... ....... ... ... ................................................................11-113

11-14 show sntp Output Details.............. ....... ... ................................................................11-123

11-15 show nodealias Output Details...............................................................................11-140

11-16 show nodealias config Output Details ....................................................................11-147

12-1 VLAN and Loopback Interface Configuration Modes .................................................12-2

12-2 show ip interface Output Details.................................................................................12-9

12-3 show ip arp Output Details .......................................................................................12-21

12-4 show ip pim bsr Output Details.................................................................................12-54

12-5 show ip pim interface Output Details ... ... ....................................... ... ... .... .................12-56

12-6 show ip pim neighbor Output Details........................................................................12-58

12-7 show ip pim rp Output Details...................................................................................12-61

12-8 LSNAT Conf iguration Task List and Commands......................................................12-70

12-9 show ip slb reals Out put Det ails ............................................. .... ... ... ........................12-81

12-10 show ip slb vservers Output Details .........................................................................12-88

12-11 show ip slb conns Output Details ...........................................................................12-102

12-12 DHCP Command Modes........................................................................................12-111

xiv Matrix NSA Series Configuration Guide

Page 17

Tables

12-13 show ip dhcp server statistics Output Details.........................................................12-138

13-1 RIP Configuration Task List and Commands ............................................. ... .... ... ......13-2

13-2 OS PF Conf iguration Task List and Commands....... ...................................... .... ... ... .13-31

13-3 show ip ospf database Output Details......................................................................13-64

13-4 show ip ospf interface Output Details.......................................................................13-67

13-5 show ip ospf neighbor Output Details.......................................................................13-70

13-6 show ip ospf virtual links Output Details...................................................................13-71

14-1 show radius Output Details.......................................................................................14-11

14-2 show tacacs Output Details......................................................................................14-26

14-3 show pwa Output Details..........................................................................................14-55

14-4 show macauthentication Output Details ...................................................................14-81

14-5 show macauthentication session Output Details......................................................14-82

14-6 show maclock Output Details .................................................................................14-120

14-7 show maclock stations Output Details....................................................................14-122

14-8 show ip policy Output Details .................................................................................14-177

Matrix NSA Series Configuration Guide xv

Page 18

Tables

xvi Matrix NSA Series Configuration Guide

Page 19

About This Guide

W elcome to the Enterasys Enterasys Matrix® N Standalone (NSA) Series Configuration Guide. This manual explains how to access the device’s Command Line Interface (CLI) and how to use it to configure Matrix Series switch/router devices.

Important Notice

Depending on the firmware version used in your Matrix Series device, some featur es described in this document may not be supported. Refer to the Release Notes shipped with your Matrix Series device to determine which features are supported.

USING THIS GUIDE

A general working knowledge of basic network operations and an unders tanding of CLI management applications is helpful before configuring the Matrix Series device.

This manual describes how to do the following:

• Access the Matrix Series CLI.

• Use CLI commands to perform network management and device configuration operations.

• Establish and manage Virtual Local Area Networks (VLANs).

• Manage static and dynamically-assigned user policies.

• Establish and manage priority classification.

• Configure IP routing and routing protocols, including RIP versions 1 and 2, OSPF, DVMRP,

IRDP, and VRRP.

• Configure security protocols, including 802.1X and RADIUS, SSHv2, MAC locking, MAC

authentication, multiple authentication, DoS attack prevention, and flow setup throttling.

• Configure policy-based routing.

• Configure access control lists (ACLs).

Enterasys Matrix® N Standalone (NSA) Series Configuration Guide xvii

Page 20

STRUCTURE OF THIS GUIDE

The guide is organized as follows:

Chapter 1, Introduction, provides an overview of the tasks that can be accomplished using the CLI

interface, an overview of local management requirements, and information about obtaining technical support.

Chapter 2, Startup and General Configuration, provides an overview of the device’s factory

default settings and describes how to start the CLI interface, how to set basic system properties, how to download a firmware image, how to configure WebView and Telnet, how to manage configuration files, how to set the login password, how to exit the CLI, and how to prepare the device for router mode operation.

Chapter 3, Configuring Discovery Protocols, describes how to configure the three discovery

protocols supported by the firmware using CLI commands, including the Enterasys Discovery Protocol, the Cisco Discovery Protocol, and the IEEE 802.1AB Link Layer Discovery Protocol (LLDP) and LLDP Media Endpoint Discovery Protcol (LLDP-MED).

Chapter 4, Port Configuration, describes how to review and configure console port settings, and

how to enable or disable switch ports and configure switch port settings, including port speed, duplex mode, auto-negotiation, flow control, port mirroring, link aggegatio n and broadcast suppression.

Chapter 5, SNMP Configuration, describes how to configure SNMP users and user groups, access

rights, target addresses, and notification parameters.

Chapter 6, Spanning Tree Configuration, describes how to review and set Spanning Tree bridge

parameters for the device, including bridge priority, hello time, maximum aging time and forward delay; and how to review and set Spanning Tree port parameters, including port priority and path costs. Also describes how to configure the Loop Protect feature.

Chapter 7, 802.1Q VLAN Configuration, describes how to create static VLANs, select the mode

of operation for each port, establish VLAN forwarding (egress) lists, route frames according to VLAN ID, display the current ports and port types associated with a VLAN and protocol, create a secure management VLAN, and configure ports on the device as GVRP-aware ports.

Chapter 8, Policy Classification Configuration, describes how to create, change or remove user

roles or profiles based on business-specific use of network services; how to permit or deny access to specific services by creating and assigning classification rules which map user profiles to frame filtering policies; how to classify frames to a VLAN or Class of Service (CoS); and how to assign or unassign ports to policy profiles so that only ports activated for a profile will be allowed to transmit frames accordingly.

xviii Enterasys Matrix® N Standalone (NSA) Series Configuration Guide

Page 21

Chapter 9, Port Priority and Rate Limiting Configuration, describes how to set the transmit

priority of each port, display the current traffic class mapping-to-priority of each port, set ports to either transmit frames according to selected priority transmit queues or percentage of port transmission capacity for each queue, and configure a rate limit for a given port and list of priorities.

Chapter 10, IGMP Configuration, describes how to configure Internet Group Management

Protocol (IGMP) settings for multicast filtering, including IGMP query count, IGMP report delay and IGMP group status.

Chapter 11, Logging and Network Manageme nt, describes how to configure Syslog, how to

manage general switch settings, how to monitor network events and status while the device is in switch mode, including the eventlog, command history, netstats and RMON statistics, how to manage network addresses and routes, and how to configure SNTP and node aliases.

Chapter 12, IP Configuration, describes how to enable IP routing for router mode operation, how

to configure IP interface settings, how to review and configure the routing ARP table, how to review and configure routing broadcasts, how to configure PIM, how to configure LSNAT and DHCP server, and how to configure IP routes.

Chapter 13, Routing Protocol Configuration, describes how to configure RIP, OSPF, DVMRP,

IRDP and VRRP.

Chapter 14, Security Configuration, describes how to configure 802.1X authentication using

EAPOL, how to configure RADIUS server, TACACS +, RFC3580, Secure Shell server, MAC authentication, MAC locking, Port Web Authentication, multiple authentication, policy-based routing, and IP access control lists (ACLs), Denial of Service (DoS) prevention, and flow setup throttling.

Introduction

This chapter provides an overview of the Matrix Series’ unique features and functionality, an overview of the tasks that may be accomplished using the CLI interface, an overview of ways to manage the device, and information on how to contact Enterasys Networks for technical support.

1.1 MATRIX SERIES FEATURES

Matrix Series devices support business-driven networking with:

• Advanced QoS and policy-based frame classification, and bandwidth management featuring rate

limiting, CoS priority queueing and link aggregation.

• Customized, single-source management and control with SNMP, port mirroring, Syslog,

RMON, multi-image support and configuration upload/download.

Matrix NSA Series Configuration Guide 1-1

Page 24

Matrix Series CLI Overview

1.2 MATRIX SERIES CLI OVERVIEW

Enterasys Networks’ Matrix Series CLI interface allows you to perform a variety of network management tasks, including the following:

• Assign IP address and subnet mask.

• Select a default gateway.

• Assign a login password to the device for additional security.

• Download a new firmware image.

• Designate which network management workstations receive SNMP traps from the device.

• View device, interface, and RMON statistics.

• Manage configuration files.

• Assign ports to operate in the standard or full duplex mode.

• Control the number of received broadcasts that are switched to the other interfaces.

• Set flow control on a port-by-port basis.

• Set port configurations and port-based VLANs.

• Configure ports to prioritize and assign a VLAN or Class of Service to incoming frames based

on Layer 2, Layer 3, and Layer 4 information.

• Configure the device to operate as a Generic Attribute Registration Protocol (GARP) device to

dynamically create VLANs across a switched network.

• Redirect frames according to a port or VLAN and transmit them on a preselected destination

port.

• Configure Spanning Trees.

• Clear NVRAM.

• Configure interfaces for IP routing.

• Configure RIP, OSPF, DVMRP, IRDP and VRRP routing protocols.

• Configure security methods, including 802.1X. RADIUS, TACACS, CEP, SSHv2, MAC

locking, and DoS attack prevention.

• Configure access lists (ACLs).

1-2 Matrix NSA Series Configuration Guide

Page 25

Device Management Methods

1.3 DEVICE MANAGEMENT METHODS

The Matrix Series device can be managed using the following methods:

• Locally using a VT type terminal connected to the console port.

• Remotely using a VT type terminal connected through a modem.

• Remotely using an SNMP management station.

• In-band through a Telnet connection.

• In-band using Enterasys Networks’ NetSight

management application.

• Remotely using WebView™, Enterasys Networks’ embedded web server application.

The Matrix Series Installation Guide provides setup instructions for connecting a terminal or modem to the Matrix Series device.

1.4 GETTING HELP

For additional support related to this device or document, contact Enterasys Networks using one of the following methods:

World Wide Web www.enterasys.com/services/support/ Phone 1-800-872-8440 (toll-free in U.S. and Canada)

or 1-978-684-1000 For the Enterasys Networks Support toll-free number in your country:

www.enterasys.com/services/support/contact/

Internet mail support@enterasys.com

To expedite your message, type [N-Series] in the subject line.

To send comments concerning this document to the Te chnical Publications Department:

techpubs@enterasys.com

Please include the document Part Number in your email message.

Before calling Enterasys Networks, have the following information ready:

• Your Enterasys Networks service contract number

• A description of the failure

• A description of any action(s) already taken to resolve the problem

(for example, changing mode switches, rebooting the unit)

• The serial and revision numbers of all involved Enterasys Networks products in the network

Matrix NSA Series Configuration Guide 1-3

Page 26

Getting Help

• A description of your network environment (for example, layout, cable type)

• Network load and frame size at the time of trouble (if known)

• The device history (for example, have you returned the device before, is this a recurring

problem?)

• Any previous Return Material Authorization (RMA) numbers

1-4 Matrix NSA Series Configuration Guide

Page 27

Startup and General Configuration

This chapter describes factory default settings and the Startup and General Configuration set of commands.

2.1 STARTUP AND GENERAL CONFIGURATION SUMMARY

At startup, the Matrix Series device is configured with many defaults and standard features. The following sections provide information on how to review and change factory defaults, how to customize basic system settings to adapt to your work environment, and how to prepare to run the device in router mode.

2.1.1 Factory Default Settings

The following tables list factory default device settings available on the Matrix Series device.

Table 2-1 lists default settings for Matrix Series switch operation. Table 2-2 lists default settings for

router mode operation.

Table 2-1 Default Device Settings for Basic Switch Operation

Device Feature Default Setting

CDP discovery protocol

CDP authentication code

CDP hold time Set to 180 seconds. CDP interval Transmit frequency of CDP messages set to 60 seconds. Cisco Discovery

Protocol

Auto enabled on all ports.

Set to 00-00-00-00-00-00-00-00

Globally auto-enabled, enabled on ports.

Matrix NSA Series Configuration Guide 2-1

Page 28

Startup and General Configuration Summary Factory Default Settings

Table 2-1 Default Devi ce Settin g s for Basi c Swi tc h Ope rat io n (Co ntin u ed)

Device Feature Default Setting

Community name Public. Convergence End

Disabled globally and on all ports

Points phone detection EAPOL Disabled. EAPOL authentication

When enabled, set to auto for all ports.

mode GARP timer Join timer set to 20 centiseconds; leave timer set to 60 centiseconds;

leaveall timer set to 1000 centiseconds.

GVRP Globally enabled. IGMP Disabled. When enabled, query interval is set to 125seconds and

response time is set to 100 tenths of a second.

IP mask and gateway Subnet mask set to 255.0.0.0; default gateway set to 0.0.0.0 IP routes No static routes configured. Jumbo frame support Disabled on all ports. Link aggregation

Set to 32768 for all ports.

admin key Link aggregation flow

Does not apply to MATRIX E7.

Disabled.

regeneration Link aggregation

Set to 32768 for all ports.

system priority Link aggregation

Set to DIP-SIP.

outport algorithm Link Layer Discovery

Both transmitting and receiving LLDPDUs are enabled.

Protocol (LLDP) LLDP transmit interval 30 seconds LLDP hold multiplier 4

2-2 Matrix NSA Series Configuration Guide

Page 29

Startup and General Configuration Summary

Factory Default Settings

Table 2-1 Default Device Settings for Basic Switch Operation (Continued)

Device Feature Default Setting

LLDP trap interval 5 seconds LLDP-MED fast repeat 3 fast start LLDPDUs LLDP traps Disabled LLDP-MED traps Disabled Lockout Set to disable Read-Write and Read-Only users, and to lockout the

default admin (Super User) account for 15 minutes, after 3 failed login attempts,

Logging Syslog port set to UDP port number 514. Logging severity level set

to 6 (significant conditions) for all applications.

MAC aging time Set to 300 seconds. MAC locking Disabled (globally and on all ports). Management

Enabled Authentication Notification

MTU discovery

Enabled. protocol

NetFlow collection Disabled NetFlow export version Version 5 NetFlow Version 9

20 packets template refresh rate

NetFlow Version 9

30 minutes template timeout

Passwords Set to an empty string for all default user accounts. User must press

ENTER at the password prompt to access CLI. Password aging Disabled. Password history No passwords are checked for duplication.

Matrix NSA Series Configuration Guide 2-3

Page 30

Startup and General Configuration Summary Factory Default Settings

Table 2-1 Default Devi ce Settin g s for Basi c Swi tc h Ope rat io n (Co ntin u ed)

Device Feature Default Setting

Policy classification Classification rules are automatically enabled when created. Port auto-negotiation Enabled on all ports. Port advertised ability Maximum ability advertised on all ports. Port broadcast

Disabled (no broadcast limit).

suppression Port duplex mode Set to half duplex, except for 100BASE-FX and 1000BASE-X,

which is set to full duplex.

Port enable/disable Enabled. Port priority Set to 1. Port speed Set to 10 Mbps, except for 1000BASE-X, which is set to 1000 Mbps,

and 100BASE-FX, which is set to 100 Mbps.

Port trap All ports are enabled to send link traps. Priority classification Classification rules are automatically enabled when created. RADIUS client Disabled. RADIUS last resort

When the client is enabled, set to Challenge.

action RADIUS retries When the client is enabled, set to 3. RADIUS timeout When the client is enabled, set to 20 seconds. Rate limiting Disabled (globally and on all ports). SNMP Enabled. SNTP Disabled. Spanning Tree Globally enabled and enabled on all ports. Spanning Tree edge

Enabled. port administrative status

2-4 Matrix NSA Series Configuration Guide

Page 31

Startup and General Configuration Summary

Factory Default Settings

Table 2-1 Default Device Settings for Basic Switch Operation (Continued)

Device Feature Default Setting

Spanning Tree edge

Enabled.

port delay Spanning Tree forward

Set to 15 seconds.

delay Spanning Tree hello

Set to 2 seconds.

interval Spanning Tree ID

Set to 0.

(SID) Spanning Tree legacy

Disabled.

path cost Spanning Tree

Set to 20 seconds.

maximum aging time Spanning Tree

Set to auto for all Spanning Tree ports.

point-to-point Spanning Tree port

All ports with bridge priority are set to 128 (medium priority).

priority Spanning Tree priority Bridge priority is set to 32768. Spanning Tree

Enabled. topology change trap suppression

Spanning Tree transmit

Set to 3. hold count

Spanning Tree version Set to mstp (Multiple Spanning Tree Protocol). Spanning Tree Loop

Disabled per port and per SID. Protect

Spanning Tree Loop

3 events. Protect event threshold

Matrix NSA Series Configuration Guide 2-5

Page 32

Startup and General Configuration Summary Factory Default Settings

Table 2-1 Default Devi ce Settin g s for Basi c Swi tc h Ope rat io n (Co ntin u ed)

Device Feature Default Setting

Spanning Tree Loop

180 seconds.

Protect event window Spanning Tree Loop

Disabled.

Protect traps Spanning Tree disputed

Set to 0, meaning no traps are sent.

BPDU threshold SSH Disabled. System baud rate Set to 9600 baud. System contact Set to empty string. System location Set to empty string. System name Set to empty string. Terminal CLI display set to 80 columns and 24 rows. Timeout Set to 15 minutes. User names Login accounts set to ro for Read-Only access; rw for Read-Write

access; and admin for Super User access.

VLAN dynamic egress Disabled on all VLANs. VLAN ID All ports use a VLAN identifier of 1. WebView (HTTP) Enabled on TCP port 80.

2-6 Matrix NSA Series Configuration Guide

Page 33

Startup and General Configuration Summary

Table 2-2 Default Device Settings for Router Mode Operation

Device Feature Default Setting

Factory Default Settings

Access groups (IP

None configured. security)

Access lists (IP

None configured. security)

Area authentication

Disabled. (OSPF)

Area default cost

Set to 1. (OSPF)

Area NSSA (OSPF) None configured. Area range (OSPF) None configured. ARP table No permanent entries configured. ARP timeout Set to 14,400 seconds. Authentication key

None configured. (RIP and OSPF)

Authentication mode

None configured. (RIP and OSPF)

Dead interval (OSPF) Set to 40 seconds. Disable triggered

Triggered updates allowed. updates (RIP)

Distribute list (RIP) No filters applied. DoS prevention Disabled. DVMRP Disabled. Metric set to 1. Hello interval (OSPF) Set to 10 seconds for broadcast and point-to-point networks. Set to

30 seconds for non-broadcast and point-to-multipo i nt networks. ICMP Enabled for echo-reply and mask-reply modes.

Matrix NSA Series Configuration Guide 2-7

Page 34

Startup and General Configuration Summary Factory Default Settings

Table 2-2 Default Device Settings for Router Mode Operation (Continued)

Device Feature Default Setting

IP-directed broadcasts Disabled. IP forward-protocol En abled with no port specified. IP interfaces Disabled with no IP addresses specified. IRDP Disabled on all interfaces. When enabled, maximum advertisement

interval is set to 600 seconds, minimum advertisement interval is set to 450 seconds, holdtime is set to 1800 seconds, and address preference is set to 0.

MD5 authentication

Disabled with no password set.

(OSPF) MTU size Set to 1500 bytes on all interfaces. OSPF Disabled. OSPF cost Set to 10 for all interfaces. OSPF network None configured. OSPF priority Set to 1. Passive interfaces

None configured.

(RIP) Proxy ARP Enabled on all interfaces. Receive interfaces

Enabled on all interfaces.

(RIP) Retransmit delay

Set to 1 second.

(OSPF) Retransmit interval

Set to 5 seconds.

(OSPF) RIP receive version Set to accept both version 1 and version 2. RIP send version Set to version 1. RIP offset No value applied.

2-8 Matrix NSA Series Configuration Guide

Page 35

Startup and General Configuration Summary

CLI “Command Defaults” Descriptions

Table 2-2 Default Device Settings for Router Mode Operation (Continued)

Device Feature Default Setting

SNMP Enabled. Split horizon Enabled for RIP packets without poison reverse. Stub area (OSPF) None configured. Telnet Enabled. Telnet port (IP) Set to port number 23. Timers (OSPF) SPF delay set to 5 seconds. SPF holdtime set to 10 seconds. Transmit delay (OSPF) Set to 1 second. VRRP Disabled.

2.1.2 CLI “Command Defaults” Descriptions

Each command description in this guide includes a section entitled “Command Defaults” which contains different information than the factory default settings on the device as described in

Table 2-1 and Table 2-2. The command defaults section de fines CLI behavior if the user enters a

command without typing optional parameters (indicated by square brackets [ ]). For commands without optional parameters, the defaults section lists “None”. For commands with optional parameters, this section describes how the CLI responds if the user opts to enter only the keywords of the command syntax. Figure 2-1 provides an example.

Figure 2-1 Sample CLI Default Description

show port status [port-string]

Command Defaults

If port-string is not specified, status information for all ports will be displayed.

2.1.3 CLI Command Modes

Each command description in this guide includes a section entitled “Command Mode” which states whether the command is executable in Admin (Super User), Read-Write or Read-Only mode. Users with Read-Only access will only be permitted to view Read-Only (show) commands. Users with Read-Write access will be able to modify all modifiable parameters in set and show commands, as

Matrix NSA Series Configuration Guide 2-9

Page 36

Startup and General Configuration Summary Using WebView

well as view Read-Only commands. Administrators or Super Users will be allowed all Read-W rite and Read-Only privileges, and will be able to modify local user accounts. The Matrix Series device indicates which mode a user is logged in as by displaying one of the following prompts:

• Admin: Matrix(su)->

• Read-Write: Matrix(rw)->

• Read-Only: Matrix(ro)->

NOTE: Depending on which Matrix Series device you are using, your default command prompt may be different than the examples shown.

2.1.4 Using WebView

By default WebView (Enterasys Networks’ embedded web server for device configuration and management tasks) is enabled on TCP port number 80 of the Matrix Series device. You can verify WebView status, enable or disable WebView, and reset the WebView port as described in the following section.

Displaying WebView status:

To display WebView status, enter show webview at the CLI command prompt. This example shows that WebView is enabled on TCP port 80, the default port number.

Matrix(rw)->show webview

WebView is Enabled. Configured listen port is 80.

Enabling / disabling WebView:

T o enable or disable WebV iew , enter set webview {enable o disable} at the CLI command prompt. This example shows how to enable WebView.

Matrix(rw)->set webview enable

Setting the WebView port:

To set a different TCP port through which to run WebV iew, enter set webview port webview_port at the CLI command prompt. Webview_port must be a number value from 1 to 65535; specifying the WebView TCP port.

2-10 Matrix NSA Series Configuration Guide

Page 37

Startup and General Configuration Summary

Process Overview: CLI Startup and General Configuration

This example shows how to set the WebView TCP port to 100.

Matrix(rw)->set webview port 100

2.1.5 Process Overview: CLI Startup and General Configuration

Use the following steps as a guide to the startup and general configuration process:

1. Starting and navigating the Command Line Interface (CLI) (Section 2.1.6)

2. Configuring the Line Editor (Section 2.1.7)

3. Setting user accounts and passwords (Section 2.2.1)

4. Enabling or disabling of the management authentication notification MIB (Section 2.2.2)

5. Setting basic device properties (Section 2.2.3)

6. Activating licensed features (Section 2.2.4)

7. Downloading a new firmware image (Section 2.2.5)

8. Reviewing and selecting the boot firmware image (Section 2.2.6)

9. Starting and configuring Telnet (Section 2.2.7)

10.Managing image and configuration files (Section 2.2.8)

11.Enabling or disabling the MTU discovery protocol (Section 2.2.9)

12.Pausing, clearing and closing the CLI (Section 2.2.10)

13.Resetting the device (Section 2.2.11)

14.Gathering Technical Support Information (Section 2.2.12)

15.Preparing the device for router mode (Section 2.3)

Matrix NSA Series Configuration Guide 2-11

Page 38

Startup and General Configuration Summary Starting and Navigating the Command Line Interface

2.1.6 Starting and Navigating the Command Line Interface

2.1.6.1 Using a Console Port Connection

NOTE: By default, the Matrix Series device is configured with three user login

accounts: ro for Read-Only access; rw for Read-Write access; and admin for super-user access to all modifiable parameters. The default password is set to a blank string. For information on changing these default settings, refer to Section 2.2.1.

Once you have connected a terminal to the local console port as described in your Matrix Series Installation Guide, the startup screen, Figure 2-2, will display. You can now start the Command

Line Interface (CLI) by

• Using a default user account, as described in Section 2.1.6.2, or

• Using an administratively-assigned user account as described in Section 2.1.6.3.

2.1.6.2 Logging in with a Default User Account

If this is the first time your are logging in to the Matrix Series device, or if the default user accounts have not been administratively changed, proceed as follows:

1. At the login prompt, enter one of the following default user names:

• ro for Read-Only access,

• rw for Read-Write access.

• admin for Super User access.

2. Press ENTER. The Password prompt displays.

3. Leave this string blank and press ENTER. The device information and Matrix prompt displays

as shown in Figure 2-2.

2-12 Matrix NSA Series Configuration Guide

Page 39

Startup and General Configuration Summary

Starting and Navigating the Command Line Interface

2.1.6.3 Logging in with Administratively Configured Account

If the device’s default user account settings have been changed, proceed as follows:

1. At the login prompt, enter your administratively-assigned user name and press ENTER.

2. At the Password prompt, enter your password and press ENTER.

The notice of authorization and the Matrix prompt displays as shown in Figure 2-2.

NOTE: Users with Read-Write (rw) and Read-Only access can use the set password command (Section 2.2.1.4) to change their own passwords. Administrators with Super User (su) access can use the set system login command (Section 2.2.1.2) to create and change user accounts, and the set password command to change any local account password.

2.1.6.4 Using a Telnet Connection

Once the Matrix Series device has a valid IP address, you can establish a Telnet session from any TCP/IP based node on the network as follows.

1. Telnet to the device’s IP address.

2. Enter login (user name) and password information in one of the following ways:

• If the device’s default login and password settings have not been changed, follow the steps

listed in Section 2.1.6.2, or

• Enter an administratively-configured user name and password.

The notice of authorization and the Matrix prompt displays as shown in Figure 2-2. For information about setting the IP address, refer to Section 2.2.3.2. For information about configuring Telnet settings, refer to Section 2.2.7. Refer to the instructions included with the Telnet application for information about establishing a

Telnet session.

Matrix NSA Series Configuration Guide 2-13

Page 40

Startup and General Configuration Summary Starting and Navigating the Command Line Interface

Figure 2-2 Matrix N Standalone Startup Screen

M A T R I X N S T A N D A L O N E P L A T I N U M Command Line Interface

Enterasys Networks, Inc. 50 Minuteman Rd. Andover, MA 01810-1008 U.S.A.

Phone: +1 978 684 1000 E-mail: support@enterasys.com WWW: http://www.enterasys.com

Chassis Serial Number: 1234567 Chassis Firmware Revision: 05.11.00

Matrix NSA(su)->

2.1.6.5 Getting Help with CLI Syntax

The Matrix Series device allows you to display usage and syntax information for individual commands by typing help or ? after the command.

2.1.6.6 Using Context-Sensitive Help

Entering help after a specific command will display usage and syntax information for that command. This example shows how to display context-sensitive help for the set length command:

Matrix(rw)->set length help Command: set length Number of lines Usage: set length <screenlength> screenlength Length of the screen (5..512, 0 to disable 'more')

2-14 Matrix NSA Series Configuration Guide

Page 41

Startup and General Configuration Summary

Starting and Navigating the Command Line Interface

2.1.6.7 Performing Keyword Lookups

Entering a space and a question mark (?) after a keyword will display all commands beginning with the keyword. Figure 2-3 shows how to perform a keyword lookup for the show snmp command. In this case, 13 additional keywords are used by the show snmp command. Entering a space and a question mark (?) after any of these parameters (such as show snmp user) will display additional parameters nested within the syntax.

Figure 2-3 Performing a Keyword Lookup

Matrix(rw)->show snmp ? access SNMP VACM access configuration community SNMP v1/v2c community name configuration context SNMP VACM context list counters SNMP counters engineid SNMP engine properties group SNMP VACM security to group configuration notify SNMP notify configuration notifyfilter SNMP notify filter configuration notifyprofile SNMP notify profile configuration targetaddr SNMP target address configuration targetparams SNMP target parameters configuration user SNMP USM user configuration view SNMP VACM view tree configuration Matrix(rw)->show snmp Matrix(rw)->show snmp user ? list List usernames <user> User name remote Show users with remote SNMP engine ID volatile Show temporary entries nonvolatile Show permanent entries read-only Show r/o entries <cr> Matrix(rw)->show snmp user

Entering a question mark (?) without a space after a partial keyword will display a list of commands that begin with the partial keyword. Figure 2-4 shows how to use this function for all commands beginning with co:

Figure 2-4 Performing a Partial Keyword Lookup

Matrixrw)->co? configure Execute a configuration file copy Upload or download an image or configuration file Matrix(rw)->co

Matrix NSA Series Configuration Guide 2-15

Page 42

Startup and General Configuration Summary Starting and Navigating the Command Line Interface

NOTE: At the end of the lookup display, the system will repeat the command you entered without the ?.

2.1.6.8 Displaying Scrolling Screens

If the CLI screen length has been set using the set length command as described in Section 2.2.3.30, CLI output requiring more than one screen will display To display additional screen output:

• Press any key other than ENTER to advance the output one screen at a time.

• Press ENTER to advance the output one line at a time.

The example in Figure 2-5 shows how the show mac command indicates that output continues on more than one screen.

Figure 2-5 Scrolling Screen Output

Matrix(rw)->show mac

MAC Address FID Port Type

--------------------------------------------------------- 00-00-1d-67-68-69 1 host.0.1 learned 00-00-02-00-00-00 1 fe.1.2 learned 00-00-02-00-00-01 1 fe.1.3 learned 00-00-02-00-00-02 1 fe.1.4 learned 00-00-02-00-00-03 1 fe.1.5 learned 00-00-02-00-00-04 1 fe.1.6 learned 00-00-02-00-00-05 1 fe.1.7 learned 00-00-02-00-00-06 1 fe.1.8 learned 00-00-02-00-00-07 1 fe.1.9 learned 00-00-02-00-00-08 1 fe.1.10 learned

--More--

--More-- to indicate continuing screens.

2-16 Matrix NSA Series Configuration Guide

Page 43

Startup and General Configuration Summary

Configuring the Line Editor

2.1.6.9 Abbreviating and Completing Commands

The Matrix Series device allows you to abbreviate CLI commands and keywords down to the number of characters that will allow for a unique abbreviation. Figure 2-6 shows how to abbreviate the show netstat command to sh net.

Figure 2-6 Abbreviating a Command

Matrix(rw)->sh net Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address State

----- ------ ------ --------------------- --------------------- ------- TCP 0 0 10.21.73.13.23 134.141.190.94.51246 ESTABLISHED TCP 0 275 10.21.73.13.23 134.141.192.119.4724 ESTABLISHED TCP 0 0 *.80 *.* LISTEN TCP 0 0 *.23 *.* LISTEN UDP 0 0 10.21.73.13.1030 134.141.89.113.514 UDP 0 0 *.161 *.* UDP 0 0 *.1025 *.* UDP 0 0 *.123 *.*

2.1.6.10 Using the Spacebar Auto Complete Function

When the spacebar auto complete function is enabled, pressing the spacebar after a CLI command fragment will allow you to determine if the fragment is unique. If it is, the CLI will complete the fragment on the current display line.

By default, this function is disabled. For more information on enabling it using the set cli completion command, refer to Section 2.2.3.20. Figure 2-7 shows how, when the function is enabled, entering conf and pressing the spacebar would be completed as configure:

Figure 2-7 Completing a Partial Command

Matrix(rw)->conf<SPACEBAR> Matrix(rw)->configure

2.1.7 Configuring the Line Editor

The command line editor determines which key sequences can be used in the CLI. Example: Ctrl+A will move the cursor to beginning of the command line when in Emacs mode. The CLI supports both vi and Emacs-like line editing commands. By default, the “default” line-editing mode is configured, with no special key sequences. See Table 2-3 lists some commonly used Emacs and vi commands. Use the set line-editor command (Section 2.1.7.2) to change the line-editor mode.

Matrix NSA Series Configuration Guide 2-17

Page 44

Startup and General Configuration Summary Configuring the Line Editor

Table 2-3 Basic Line Editing Emacs & vi Commands

Key Sequence Emacs Command

Ctrl+A Move cursor to beginning of line. Ctrl+B Move cursor back one character. Ctrl+C Abort command. Ctrl+D Delete a character. Ctrl+E Move cursor to end of line. Ctrl+F Move cursor forward one character. Ctrl+H Delete character to left of cursor. Ctrl+I or TAB Complete word. Ctrl+K Delete all characters after cursor. Ctrl+L or Ctrl+R Re-display line. Ctrl+N Scroll to next command in command history (use the CLI history

command to display the history). Ctrl+P Scroll to previous command in command history. Ctr1+Q Resume the CLI process. Ctr1+S Pause the CLI process (for scrolling). Ctrl+T Transpose characters. Ctrl+U or Ctrl+X Delete all characters before cursor. Ctrl+W Delete word to the left of cursor. Ctrl+Y Restore the most recently deleted item.

Key Sequence vi Command

h Move left one character l Move right one character

2-18 Matrix NSA Series Configuration Guide

Page 45

Startup and General Configuration Summary

Key Sequence vi Command

k Get previous shell command in history j Get next shell command in history $ Go to end of line 0 Go to beginning of line aAppend A Append at end of line c SPACE Change character cl Change character cw Change word cc Change entire line c$ Change everything from cursor to end of line

Configuring the Line Editor

i Insert I Insert at beginning of line R Type over characters

nrc Replace the following n characters with c nx Delete n characters starting at cursor nX Delete n characters to the left of the cursor

d SPACE Delete character dl Delete character dw Delete word dd Delete entire line d$ Delete everything from cursor to end of line D Same as “d$”

Matrix NSA Series Configuration Guide 2-19

Page 46

Startup and General Configuration Summary Configuring the Line Editor

Key Sequence vi Command

p Put last deletion after the cursor P Put last deletion before the cursor u Undo last command ~ Toggle case, lower to upper or vice versa

Commands

The commands used to configure the line-editor are listed below and described in the associated sections as shown.

• show line-editor (Section 2.1.7.1)

• set line-editor (Section 2.1.7.2)

2-20 Matrix NSA Series Configuration Guide

Page 47

Startup and General Configuration Summary

Configuring the Line Editor

2.1.7.1 show line-editor

Use this command to show current and default line-editor mode and Delete character mode.

show line-editor

Command Defaults

None.

Command Type

Switch command.

Command Mode

Read-Only

Example

This example shows how to view the current and default line-editor mode and Delete mode:

Matrix(rw)->show line-editor Current Line-Editor mode is set to: EMACS Default Line-Editor mode is set to: Default

Current DEL mode is set to: delete System DEL mode is set to: delete

Matrix NSA Series Configuration Guide 2-21

Page 48

Startup and General Configuration Summary Configuring the Line Editor

2.1.7.2 set line-editor

Use this command to set the current and default line editing mode or the way the Delete character is treated by the line editor. You can also set the persistence of your line editing selections.

set line-editor {emacs | vi | default | delete {backspace | delete}} [default]

Syntax Description

emacs Selects emacs command line editing mode. See

Table 2-3 for some commonly used e macs commands.

vi Selects vi command line editing mode. default Selects default line editing mode. delete

{backspace | delete}

Sets the way the line editor treats the Delete ASCII character.

delete backspace — the line editor will treat Delete (0x7f) as a Backspace (0x08) character.

delete delete — the line editor will treat Delete as the Delete character (the default condition).

default (Optional) Make the line editor or Delete mode setting

persist for all future sessions.

Command Defaults

If default is not entered after selecting a line editing or Delete mode, the selection will apply only to the current session and will not persist for future sessions.

Command Type

Switch command.

Command Mode

Read-Write.

Examples

This example sets the current line-editor to vi mode:

Matrix(rw)->set line-editor vi

2-22 Matrix NSA Series Configuration Guide

Page 49

Startup and General Configuration Summary

Configuring the Line Editor

This example sets the default line-editor to emacs mode and sets the selection to persist for future sessions:

Matrix(rw)->set line-editor emacs default

Matrix NSA Series Configuration Guide 2-23

Page 50

General Configuration Command Set Setting User Accounts and Passwords

2.2 GENERAL CONFIGURATION COMMAND SET

2.2.1 Setting User Accounts and Passwords

Purpose

T o change the device’s default user login and password settings, and to add new user accounts and passwords.

Commands

The commands used to configure user accounts and passwords are listed below and described in the associated section as shown.

• show system login (Section 2.2.1.1)

• set system login (Section 2.2.1.2)

• clear system login (Section 2.2.1.3)

• set password (Section 2.2.1.4)

• set system password length (Section 2.2.1.5)

• set system password aging (Section 2.2.1.6)

• set system password history (Section 2.2.1.7)

• show system lockout (Section 2.2.1.8)

• set system lockout (Section 2.2.1.9)

2-24 Matrix NSA Series Configuration Guide

Page 51

General Configuration Command Set

Setting User Accounts and Passwords

2.2.1.1 show system login

Use this command to display user login account information.

show system login

Syntax Description

None.

Command Defaults

None.

Command Type

Switch command.

Command Mode

Super User.

Example

This example shows how to display login account information. In this case, device defaults have not been changed:

Matrix(su)->show system login Password history size: 0 Password aging : disabled

Username Access State

admin super-user enabled ro read-only enabled rw read-write enabled

Table 2-4 provides an explanation of the command output.

Matrix NSA Series Configuration Guide 2-25

Page 52

General Configuration Command Set Setting User Accounts and Passwords

Table 2-4 show system login Output Details

Output What It Displays...

Password history size

Number of previously used user login passwords that will be checked for duplication when the set password command is executed. Configured with set system password history (Section 2.2.1.7).

Password aging Number of days user passwords will remain valid before

aging out. Configured with set system password aging (Section 2.2.1.6).

Username Login user names. Access Access assigned to this user account: super-user,

read-write or read-only.

State Whether this user account is enabled or disabled.

2-26 Matrix NSA Series Configuration Guide

Page 53

General Configuration Command Set

Setting User Accounts and Passwords

2.2.1.2 set system login

Use this command to create a new user login account, or to disable or enable an existing account. The Matrix Series device supports up to 16 user accounts, including the admin account, which cannot be disabled or deleted.

set system login username {super-user | read-write | read-only} {enable | disable}

Syntax Description

username Specifies a login name for a new or existing user. This

string can be a maximum of 80 characters, although a maximum of 16 characters is recommended for proper viewing in the show system login display.

super-user |

Specifies the access privileges for this user.

read-write | read-only

enable | disable Enables or disables the user account.

NOTE: The default admin (su) account cannot be disabled.

Command Defaults

None.

Command Type

Switch command.

Command Mode

Super User.

Example

This example shows how to e nable a new user account with the login name “netops” with super user access privileges:

Matrix(su)->set system login netops super-user enable

Matrix NSA Series Configuration Guide 2-27

Page 54

General Configuration Command Set Setting User Accounts and Passwords

2.2.1.3 clear system login

Use this command to remove a local login user account.

clear system login username

Syntax Description

username Specifies the login name of the account to be cleared.

NOTE: The default admin (su) account cannot be deleted.

Command Defaults

None.

Command Type

Switch command.

Command Mode

Super User.

Example

This example shows how to remove the “netops” user account:

Matrix(su)->clear system login netops

2-28 Matrix NSA Series Configuration Guide

Page 55

General Configuration Command Set

Setting User Accounts and Passwords

2.2.1.4 set password

Use this command to change system default passwords or to set a new login password on the CLI.

set password [username]

NOTES: Only users with admin (su) access privileges can change any password on the system.

Users with Read-Write (rw) access privileges can change their own passwords, but cannot enter or modify other system passwords.

Passwords must be a minimum of 8 characters and a maximum of 40 characters. IIf configured, password length must conform to the minimum number of characters set

with the set system password length command (Section 2.2.1.5). The admin password can be reset by toggling dip switch 8 on the device as described

in your Matrix Series Installation Guide.

Syntax Description

username (Only available to users with super-user access.)

Specifies a system default or a user-configured login account name. By default, the Matrix Series device provides the following account names:

Command Defaults

None.

Command Type

Switch command.

Command Mode

Read-Write users can change their own passwords. Super Users (Admin) can change any password on the system.

• ro for Read-Only access,

• rw for Read-Write access.

• admin for Super User access. (This access level allows

Read-Write access to all modifiable parameters, including user accounts.)

Matrix NSA Series Configuration Guide 2-29

Page 56

General Configuration Command Set Setting User Accounts and Passwords

Examples

This example shows how a super-user would change the Read-Write password from the system default (blank string):

Matrix(su)->set password rw Please enter new password: ******** Please re-enter new password: ******** Password changed. Matrix(su)->

This example shows how a user with Read-Write access would change his password:

Matrix(rw)->set password Please enter old password: ******** Please enter new password: ******** Please re-enter new password: ******** Password changed. Matrix(rw)->

2-30 Matrix NSA Series Configuration Guide

Page 57

General Configuration Command Set

Setting User Accounts and Passwords

2.2.1.5 set system password length

Use this command to set the minimum user login password length.

set system password length characters

Syntax Description

characters Specifies the minimum number of characters for a user

account password. Valid values are 0 to 40.

Command Defaults

None.

Command Type

Switch command.

Command Mode

Super User.

Examples

This example shows how to set the minimum system password length to 8 characters:

Matrix(su)->set system password length 8

Matrix NSA Series Configuration Guide 2-31

Page 58

General Configuration Command Set Setting User Accounts and Passwords

2.2.1.6 set system password aging

Use this command to set the number of days user passwords will remain valid before aging out, or to disable user account password aging.

set system password aging {days | disable}

Syntax Description

days Specifies the number of days user passwords will remain

valid before aging out. Valid values are 1 to 365.

disable Disables password aging.

Command Defaults

None.

Command Type

Switch command.

Command Mode

Super User.

Example

This example shows how to set the system password age time to 45 days:

Matrix(su)->set system password aging 45

2-32 Matrix NSA Series Configuration Guide

Page 59

General Configuration Command Set

Setting User Accounts and Passwords

2.2.1.7 set system password history

Use this command to set the number of previously used user login passwords that will be checked for password duplication. This prevents duplicate passwords from being entered into the system with the set password command.

set system password history size

Syntax Description

size Specifies the number of passwords checked for

duplication. Valid values are 0 to 10.

Command Defaults

None.

Command Type

Switch command.

Command Mode

Super User.

Example

This example shows how to configure the system to check the last 10 passwords for duplication

Matrix(su)->set system password history 10

Matrix NSA Series Configuration Guide 2-33

Page 60

General Configuration Command Set Setting User Accounts and Passwords

2.2.1.8 show system lockout

Use this command to display settings for locking out users after failed attempts to log in to the system.

show system lockout

Syntax Description

None.

Command Defaults

None.

Command Type

Switch command.

Command Mode

Super User.

Example

This example shows how to display user lockout settings. In this case, device defaults have not been changed:

Matrix(su)->show system lockout Lockout attempts: 3 Lockout time: 15 minutes.

Table 2-5 provides an explanation of the command output. These settings are

configured with the set system lockout command (Section 2.2.1.9).

Table 2-5 show system lockout Output Details

Output What It Displays...

Lockout attempts Number of failed login attempts allowed before a

read-write or read-only user’s account will be disabled.

Lockout time Number of minutes the default admin user account will be

locked out after the maximum login attempts.

2-34 Matrix NSA Series Configuration Guide

Page 61

General Configuration Command Set

Setting User Accounts and Passwords

2.2.1.9 set system lockout

Use this command to set the number of failed login attempts before locking out (disabling) a read-write or read-only user account, and the number of minutes to lockout the default admin super user account after maximum login attempts. Once a user account is locked out, it can only be re-enabled by a super user with the set system login command (Section 2.2.1.2).

set system lockout {[attempts attempts] [time time]}

Syntax Description

attempts attempts Specifies the number of failed login attempts allowed

before a read-write or read-only user’s account will be disabled. Valid values are 1 to 10.

time time Specifies the number of minutes the default admin user

account will be locked out after the maximum login attempts. Valid values are 0 to 60.

Command Defaults

None.

Command Type

Switch command.

Command Mode

Super User.

Examples

This example shows how to set login attempts to 5 and lockout time to 30 minutes:

Matrix(su)->set system lockout attempts 5 time 30

Matrix NSA Series Configuration Guide 2-35

Page 62

General Configuration Command Set Managing the Management Authentication Notification MIB

2.2.2 Managing the Management Authentication Notification MIB

Purpose

This MIB provides controls for enabling/disabling the sending of SNMP notifications when a user login authentication event occurs for various management access types. The types of access currently supported by the MIB include console, telnet, ssh, and web.

Commands

The CLI commands used to set the Management Authentication Notification are listed below and described in the associated section as shown.

• show mgmt-auth-notify (Section 2.2.3.1)

• set mgmt-auth-notify (Section 2.2.3.2)

• clear mgmt-auth-notify (Section 2.2.3.3)

NOTE: Ensure that SNMP is correctly configured on the DFE in order to send these notifications. Refer to

Chapter 5 for SNMP configuration information.

2-36 Matrix NSA Series Configuration Guide

Page 63

General Configuration Command Set

Managing the Management Authentication Notification MIB

2.2.2.1 show mgmt-auth-notify

Use this command to display the current setting for the Management Authentication Notification MIB.

show mgmt-auth-notify

Syntax Description

None.

Command Defaults

None.

Command Type

Switch command.

Command Mode

Read-Only.

Example

This example shows how to display the current information for the Management Authentication Notification.:

Matrix(su)->show mgmt-auth-notify

Management Type Status

--------------- -------console enabled ssh enabled telnet enabled web enabled

Matrix NSA Series Configuration Guide 2-37

Page 64

General Configuration Command Set Managing the Management Authentication Notification MIB

2.2.2.2 set mgmt-auth-notify

Use this command to either enable or disable the Management Authentication Notification MIB. By selecting the optional Management access type, a user can specifically enable or disable a single access type, multiple access types or all of the access types. The default setting is that all Management Authentication Notification types are enabled.

set mgmt-auth-notify {enable | disable}{console | ssh | telnet | web}

NOTE: Insure that SNMP is correctly configured on the DFE in order to send these notifications, refer to the following chapter for configuring SNMP

Syntax Description

enable Enable selected or all notifications. disable Disable selected or all notifications. console (Optional) console authentications ssh (Optional) ssh authentications

(Chapter 5).

telnet (Optional) telnet authentications web (Optional) web authentications

Command Defaults

If none of the optional Management Authentication Access types are entered, than all authentications types listed above will either be enabled or disabled.

Command Type

Switch command.

Command Mode

Read-Write.

2-38 Matrix NSA Series Configuration Guide

Page 65

General Configuration Command Set

Managing the Management Authentication Notification MIB

Examples

This example shows how to set all the authentication types to be disabled on the Management Authentication Notification MIB. That information is then displayed with the show command:

Matrix(su)->set mgmt-auth-notify disable Matrix(su)->show mgmt-auth-notify

Management Type Status

--------------- -------console disabled ssh disabled telnet disabled web disabled

This example shows how to set only the console and telnet authentication access types to be enabled on the Management Authentication Notification MIB. That information is then displayed with the show command.:

Matrix(su)->set mgmt-auth-notify enable console telnet Matrix(su)->show mgmt-auth-notify

Management Type Status

--------------- -------console enabled ssh disabled telnet enabled web disabled

Matrix NSA Series Configuration Guide 2-39

Page 66

General Configuration Command Set Managing the Management Authentication Notification MIB

2.2.2.3 clear mgmt-auth-notify

Use this command to set the current setting for the Management Authentication Notification access types to the default setting of enabled.

clear mgmt-auth-notify

NOTE: Ensure that SNMP is correctly configured on the DFE in order to send these notifications. Refer to

Syntax Description

None.

Command Defaults

None.

Command Type

Switch command.

Command Mode

Read-Write.

Chapter 5 for SNMP configuration information.

2-40 Matrix NSA Series Configuration Guide

Page 67

General Configuration Command Set

Managing the Management Authentication Notification MIB

Example

This example displays the state of Management Authentication Notification access types prior to using the clear command, then displays the same information after using the clear command:

Matrix(su)->show mgmt-auth-notify

Management Type Status

--------------- -------console enabled ssh disabled telnet enabled web disabled

Matrix(su)->clear mgmt-auth-notify

Matrix(su)->show mgmt-auth-notify

Management Type Status

--------------- -------console enabled ssh enabled telnet enabled web enabled

Matrix NSA Series Configuration Guide 2-41

Page 68

General Configuration Command Set Setting Basic Device Properties

2.2.3 Setting Basic Device Properties

Module / Slot Parameters in the NSA CLI

Module, slot, and certain other hardware-based parameters in the Matrix N Series Standalone (NSA) CLI support only chassis based N Series devices, such as the N7, N5, N3 or N1. Executing commands in the NSA CLI with modular parameters not supported by the standalone will result in an error message.

Purpose

T o display and set the system IP address and other basic system (device) properties, including time, contact name and alias, physical asset IDs for terminal output, timeout, and version information.

Commands

The commands used to set basic system information are listed below and described in the associated section as shown.

• show ip address (Section 2.2.3.1)

• set ip address (Section 2.2.3.2)

• clear ip address (Section 2.2.3.3)

• show ip gratuitous-arp (Section 2.2.3.4)

• set ip gratuitous-arp (Section 2.2.3.5)

• clear ip gratuitous-arp (Section 2.2.3.6)

• show system (Section 2.2.3.7)

• show system hardware (Section 2.2.3.8)

• show system utilization (Section 2.2.3.9)

• set system utilization threshold (Section 2.2.3.10)

• clear system utilization (Section 2.2.3.11)

• show time (Section 2.2.3.12)

• set time (Section 2.2.3.13)

• show summertime (Section 2.2.3.14)

• set summertime (Section 2.2.3.15)

2-42 Matrix NSA Series Configuration Guide

Page 69

• set summertime date (Section 2.2.3.16)

• set summertime recurring (Section 2.2.3.17)

• clear summertime (Section 2.2.3.18)

• set prompt (Section 2.2.3.19)

• set cli completion (Section 2.2.3.20)

• loop (Section 2.2.3.21)

• show banner motd (Section 2.2.3.22)

• set banner motd (Section 2.2.3.23)

• clear banner motd (Section 2.2.3.24)

• show version (Section 2.2.3.25)

• set system name (Section 2.2.3.26)

• set system location (Section 2.2.3.27)

• set system contact (Section 2.2.3.28)

• set width (Section 2.2.3.29)

General Configuration Command Set

Setting Basic Device Properties

• set length (Section 2.2.3.30)

• show logout (Section 2.2.3.31)

• set logout (Section 2.2.3.32)

• show physical alias (Section 2.2.3.33)

• set physical alias (Section 2.2.3.34)

• clear physical alias (Section 2.2.3.35)

• show physical assetid (Section 2.2.3.36)

• set physical assetid (Section 2.2.3.37)

• clear physical assetid (Section 2.2.3.38)

Matrix NSA Series Configuration Guide 2-43

Page 70

General Configuration Command Set Setting Basic Device Properties

2.2.3.1 show ip address

Use this command to display the system IP address and subnet mask.

show ip address

Syntax Description

None.

Command Defaults

None.

Command Type

Switch command.

Command Mode

Read-Only.

Example

This example shows how to display the system IP address and subnet mask:

Matrix(rw)->show ip address Name Address Mask

---------------- ---------------- ---------------host 10.42.13.20 255.255.0.0

2-44 Matrix NSA Series Configuration Guide

Page 71

General Configuration Command Set

Setting Basic Device Properties

2.2.3.2 set ip address

Use this command to set the system IP address, subnet mask and default gateway.

set ip address ip-address [mask ip-mask] [gateway ip-gateway]

Syntax Description

ip-address Sets the IP address for the system. mask ip-mask (Optional) Sets the system’s subnet mask. gateway ip-gateway (Optional) Sets the system’s default gateway (next-hop

device).

Command Defaults

If not specified, ip-mask will be set to the natural mask of the ip-address and ip-gateway will be set to the ip-address.

Command Type

Switch command.

Command Mode

Read-Write.

Example

This example shows how to set the system IP address to

10.1.10.1 with a mask of 255.255.128.0

and a default gateway of 10.1.0.1:

Matrix(rw)->set ip address 10.1.10.1 mask 255.255.128.0 gateway 10.1.10.1

Matrix NSA Series Configuration Guide 2-45

Page 72

General Configuration Command Set Setting Basic Device Properties

2.2.3.3 clear ip address

Use this command to clear the system IP address.

clear ip address

Syntax Description

None.

Command Defaults

None.

Command Type

Switch command.

Command Mode

Read-Write.

Example

This example shows how to clear the system IP address:

Matrix(rw)->clear ip address

2-46 Matrix NSA Series Configuration Guide

Page 73

General Configuration Command Set

2.2.3.4 show ip gratuitous-arp

Use this command to display the gratuitous ARP processing behavior.

show ip gratuitous-arp

Syntax Description

None.

Command Defaults

None.

Command Type

Switch command.

Command Mode

Read-Only.

Example

This example shows how to display the IP gratuitous-arp process

Matrix(rw)->show ip gratuitous-arp Processing gratuitous ARP requests and replies.

for both requests and replies.

Setting Basic Device Properties

Matrix NSA Series Configuration Guide 2-47

Page 74

General Configuration Command Set Setting Basic Device Properties

2.2.3.5 set ip gratuitous-arp

Use this command to control the gratuitous ARP processing behavior.

set ip gratuitous-arp [request] [reply] [both]]

Syntax Description

request Process only gratuitous ARP requests. reply Process only gratuitous ARP replies. both Process both requests and replies.

Command Defaults

Disabled by default

Command Type

Switch command.

Command Mode

Read-Write.

Example

This example sets both gratuitous ARP requests and replies:

Matrix(rw)->set ip gratuitous-arp both

2-48 Matrix NSA Series Configuration Guide

Page 75

2.2.3.6 clear ip gratuitous-arp

Use this command to stop all gratuitous ARP processing.

clear ip gratuitous-arp

Syntax Description

None.

Command Defaults

None.

Command Type

Switch command.

Command Mode

Read-Write.

Example

This example shows how to clear the gratuitous-arp processing:

Matrix(rw)->clear ip gratuitous-arp

General Configuration Command Set

Setting Basic Device Properties

Matrix NSA Series Configuration Guide 2-49

Page 76

General Configuration Command Set Setting Basic Device Properties

2.2.3.7 show system

Use this command to display system information, including contact information, power and fan tray status and uptime.

show system

Syntax Description

None.

Command Defaults

None.

Command Type

Switch command.

Command Mode

Read-Only.

Example

This example shows how to display system information:

Matrix(rw)->show system System contact: System location: System name:

PS1-Status PS2-Status

------------- ------------- ok not installed

Fan1-Status

------------- ok Temp-Alarm Uptime d,h:m:s Logout

------------- -------------- ------------off 0,19:40:00 10 min

PS1-Type PS2-Type

------------- ------------- 6C207-1 not installed

Table 2-6 provides an explanation of the command output.

2-50 Matrix NSA Series Configuration Guide

Page 77

General Configuration Command Set

Setting Basic Device Properties

Table 2-6 show system Output Details

Output What It Displays...

System contact Contact person for the system. Default of a blank string can

be changed with the set system contact command (Section 2.2.3.28).

System location Where the system is located. Default of a blank string can

be changed with the set system location command (Section 2.2.3.27).

System name Name identifying the system. Default of a blank string can

be changed with the set system name command (Section 2.2.3.26).

PS1 and PS2-Status

Operational status for power supply 1 and, if installed,

power supply 2. Fan Status Operational status of the fan tray. Temp-Alarm Whether or not the system temperature alarm is off (within

normal temperature range) or on. Uptime d,h:m:s System uptime. Logout Time an idle console or Telnet CLI session will remain

connected before timing out. Default of 15 minutes can be

changed with the set logout command (Section 2.2.3.32). PS1 and

PS2-Type

Model number of power supply 1 and, if installed, power

supply 2.

Matrix NSA Series Configuration Guide 2-51

Page 78

General Configuration Command Set Setting Basic Device Properties

2.2.3.8 show system hardware

Use this command to display the system’s hardware configuration.

show system hardware

Syntax Description

None.

Command Defaults

None.

Command Type

Switch command.

Command Mode

Read-Only.

Example

The example on the following page shows a portion of the information displayed with the show system hardware command.

NOTE: Depending on the hardware configuration of your Matrix system, your output will vary from the example shown.

2-52 Matrix NSA Series Configuration Guide

Page 79

General Configuration Command Set

Setting Basic Device Properties

Matrix(rw)->show system hardware

CHASSIS HARDWARE INFORMATION

---------------------------Chassis Type: Matrix N Standalone Platform Chassis Serial Number: 0001a300611b Power Supply 1: Not Installed Power Supply 2: Installed & Operating, AC, Not Redundant Chassis Fan: Installed & Operating

SLOT HARDWARE INFORMATION

------------------------SLOT 1 Model: 2G4072-52 Serial Number: 0123456789AB Part Number: 6543210 Vendor ID: 1 Base MAC Address: 11-22-33-44-55-66 Router MAC Address: 11-22-33-44-55-67 Hardware Version: 5 Firmware Version: 02.00.13 BootCode Version: 01.00.07 CPU Version: 8 (PPC 740/750) UpLink: Not Present SDRAM: 128 MB NVRAM: 8 KB Flash System: 32 MB /flash0 free space: 11 MB /flash1 free space: 14 MB

Dip Switch Bank 1 2 3 4 5 6 7 8

Position: OFF OFF OFF OFF OFF OFF OFF OFF HOST CHIP Revision: 1.0 FABRIC CHIP 0 1 Revision: 1.0 1.0 SWITCH CHIP 0 1 2 Block ID: 0 1 3 Revision: 1.50/150 1.50/150 1.50/150 Lookup DDR: 8 MB 8 MB 8 MB Transmit DDR: 8 MB 8 MB 8 MB Receive DDR: 8 MB 8 MB 8 MB Routing DDR: 8 MB 8 MB 8 MB MAC CHIP 0 1 2 Model: FastEnet FastEnet FTM1 Revision: 1 1 0 PHY CHIP 0 Model: BCM5226 Revision: 2

Matrix NSA Series Configuration Guide 2-53

Page 80

General Configuration Command Set Setting Basic Device Properties

2.2.3.9 show system utilization

Use this command to display system resource utilization information.

show system utilization [cpu | process | storage] [slot slot]

Syntax Description

cpu | process | storage

(Optional) Displays total CPU, individual process, or storage resource utilization only.

slot slot (Optional) Displays system resource utilization for a

specific module.

Command Defaults

• If not specified, CPU, process, and storage system utilization information will

be displayed.

• If not specified, information for all modules will be displayed.

Command Type

Switch command.

Command Mode

Read-Only.

Example

This example shows how to display all system utilization information for the module in slot 1:

Matrix(rw)->show system utilization slot 1

CPU Utilization Threshold Traps enabled: Threshold = 80.0%

Total CPU Utilization:

Slot CPU 5 sec 1 min 5 min

--------------------------------------------------1 1 3.6% 3.0% 3.0%

** Output continued on next page **

2-54 Matrix NSA Series Configuration Guide

Page 81

General Configuration Command Set

Setting Basic Device Properties

** Output continued from previous page **

Process Utilization:

Slot: 1 CPU: 1

Name ProcID 5 sec 1 min 5 min

----------------------------------------------------------- CLI 1 0.0% 0.0% 0.0% Chassis Data Synchronization 2 0.0% 0.0% 0.0% Connection Maintenance 3 1.0% 0.5% 0.5% Hardware Maintenece 4 0.0% 0.0% 0.0% Image & Config Management 5 0.0% 0.0% 0.0% Persistent Data Management 6 0.0% 0.0% 0.0% Runtime Diagnostics 7 0.0% 0.0% 0.0% SNMP 8 0.0% 0.0% 0.0% Syslog 9 0.0% 0.0% 0.0% Switch 10 0.0% 0.0% 0.0% Switch CDP 11 0.0% 0.0% 0.0% Switch Dot1x 12 0.0% 0.0% 0.0% Switch Filter Database 13 0.0% 0.0% 0.0% Switch GVRP 14 0.0% 0.0% 0.0% Switch Host IP 15 0.1% 0.1% 0.1% Switch IGMP 16 0.0% 0.0% 0.0% Switch LACP 17 0.0% 0.0% 0.0% Switch MAC Authentication 18 0.0% 0.0% 0.0% Switch MAC Locking 19 0.0% 0.0% 0.0% Switch MTU Discovery 20 0.0% 0.0% 0.0% Switch Node & Alias 21 0.0% 0.0% 0.0% Switch Packet Processing 22 0.1% 0.1% 0.1% Switch POE 23 0.0% 0.0% 0.0% Switch Port Management 24 0.0% 0.0% 0.0% Switch PWA 25 0.0% 0.0% 0.0% Switch Radius 26 0.0% 0.0% 0.0% Switch Radius Accounting 27 0.0% 0.0% 0.0% Switch RMON 28 0.0% 0.0% 0.0% Switch RMON Capture 29 0.0% 0.0% 0.0% Switch SMON 30 0.0% 0.0% 0.0% Switch SNTP 31 0.0% 0.0% 0.0% Switch STP 32 0.0% 0.0% 0.0%

Switch UPN 33 0.0% 0.0% 0.0%

** Output continued on next page **

Matrix NSA Series Configuration Guide 2-55

Page 82

General Configuration Command Set Setting Basic Device Properties

** Output continued from previous page **

Name ProcID 5 sec 1 min 5 min

-----------------------------------------------------------Switch Web Server 34 1.4% 1.4% 1.4%

Router Misc. 35 0.0% 0.0% 0.0% Router Multicast 36 0.0% 0.0% 0.0% Router Control Plane 37 0.0% 0.0% 0.0% Router IP 38 0.0% 0.0% 0.0% Router DHCPS 39 0.0% 0.0% 0.0% Router OSPF 40 0.0% 0.0% 0.0% Router RIP 41 0.0% 0.0% 0.0% Router VRRP 42 0.0% 0.0% 0.0% Router DVMRP 43 0.0% 0.0% 0.0% Router PIM 44 0.0% 0.0% 0.0% Router PIMDM 45 0.0% 0.0% 0.0% Router ARP 46 0.0% 0.0% 0.0% Router LSNAT 47 0.0% 0.0% 0.0% Interrupts 48 0.0% 0.0% 0.0% OTHER 49 0.0% 0.0% 0.0% IDLE 50 96.4% 97.0% 97.0%

Storage Utilization:

Slot: 1

Type Description Size (Kb) Available (Kb)

-----------------------------------------------------------------

RAM RAM device 1 131072 22192 Flash Images & Miscellaneous 16384 4138 Flash Nonvolatile Data Storage 16384 14308

2-56 Matrix NSA Series Configuration Guide

Page 83

General Configuration Command Set

Setting Basic Device Properties

2.2.3.10 set system utilization threshold

Use this command to set the threshold for sending CPU utilization notification messages. The

value range is [1..1000] and represents the % of system utilization to use as the trap threshold.

set system utilization threshold threshold

Syntax Description

threshold Specifies a threshold value (in 1/10 of a percent).Valid

range is 1 - 1000. A value of 0 will disable utilization notification messages.

Command Defaults

None.

Command Type

Switch command.

Command Mode

Read-Write.

Example

This example shows how to set the system utilization threshold to 100%:

Matrix(rw)->set system utilization threshold 1000

Matrix NSA Series Configuration Guide 2-57

Page 84

General Configuration Command Set Setting Basic Device Properties

2.2.3.11 clear system utilization

Use this command to clear the threshold for sending CPU utilization notification messages.

clear system utilization

Syntax Description

None.

Command Defaults

None.

Command Type

Switch command.

Command Mode

Read-Write.

Example

This example shows how to clear the system utilization threshold:

Matrix(rw)->clear system utilization 1000

2-58 Matrix NSA Series Configuration Guide

Page 85

General Configuration Command Set

Setting Basic Device Properties

2.2.3.12 show time

Use this command to display the current time of day in the system clock.

show time

Syntax Description

None.

Command Defaults

None.

Command Type

Switch command.

Command Mode

Read-Only.

Example

This example shows how to display the current time. The output shows the day of the week, month, day, and the time of day in hours, minutes, and seconds and the year:

Matrix(rw)->show time THU SEP 05 09:21:57 2002

Matrix NSA Series Configuration Guide 2-59

Page 86

General Configuration Command Set Setting Basic Device Properties

2.2.3.13 set time

Use this command to change the time of day on the system clock.

set time [mm/dd/yyyy] [hh:mm:ss]

Syntax Description

[mm/dd/yyyy] [hh:mm:ss]

Sets the time in:

• month, day, year and/or

• 24-hour format

At least one set of time parameters must be entered.

Command Defaults

None.

Command Type

Switch command.

Command Mode

Read-Write.

Example

This example shows how to set the system clock to 7:50 a.m:

Matrix(rw)->set time 7:50:00

2-60 Matrix NSA Series Configuration Guide

Page 87

General Configuration Command Set

2.2.3.14 show summertime

Use this command to display daylight savings time settings.

show summertime

Syntax Description

None.

Command Defaults

None.

Command Type

Switch command.

Command Mode

Read-Only.

Example

This example shows how to display daylight savings time settings:

Matrix(rw)->show summertime

Setting Basic Device Properties

Summertime is disabled and set to '' Start : SUN MAR 11 02:00:00 2007 End : SUN NOV 04 02:00:00 2007 Offset: 60 minutes (1 hours 0 minutes) Recurring: yes, starting at 2:00 of the second Sunday of March and ending at 2:00 of the first Sunday of November

Matrix NSA Series Configuration Guide 2-61

Page 88

General Configuration Command Set Setting Basic Device Properties

2.2.3.15 set summertime

Use this command to enable or disable the daylight savings time function.

set summertime {enable | disable} [zone]

Syntax Description

enable | disable Enables or disables the daylight savings time function.

zone (Optional) Applies a name to the daylight savings time

settings.

Command Defaults

If a zone name is not specified, none will be applied.

Command Type

Switch command.

Command Mode

Read-Write.

Example

This example shows how to enable daylight savings time function:

Matrix(rw)->set summertime enable

2-62 Matrix NSA Series Configuration Guide

Page 89

General Configuration Command Set

Setting Basic Device Properties

2.2.3.16 set summertime date

Use this command to configure specific dates to start and stop daylight savings time. These settings will be non-recurring and will have to be reset annually.

set summertime date start_month start_date start_year start_hr_min end_month end_date end_year end_hr_min [offset_minutes]

Syntax Description

start_month Specifies the month of the year to start daylight savings

time.

start_date Specifies the day of the month to start daylight savings

time.

start_year Specifies the year to start daylight savings time. start_hr_min Specifies the time of day to start daylight savings time.

Format is hh:mm.

end_month Specifies the month of the year to end daylight savings

time.

end_date Specifies the day of the month to end daylight savings

end_year Specifies the year to end daylight savings time. end_hr_min Specifies the time of day to end daylight savings time.

offset_minutes (Optional) Specifies the amount of time in minutes to

Command Defaults

If an offset is not specified, none will be applied.

Command Type

Switch command.

Command Mode

Read-Write.

time.

Format is hh:mm.

offset daylight savings time from the non-daylight savings time system setting. Valid values are 1 - 1440.

Matrix NSA Series Configuration Guide 2-63

Page 90

General Configuration Command Set Setting Basic Device Properties

Example

This example shows how to set a daylight savings time start date of April 4, 2004 at 2 a.m. and an ending date of October 31, 2004 at 2 a.m. with an offset time of one hour:

Matrix(rw)->set summertime date April 4 2004 02:00 October 31 2004 02:00 60

2-64 Matrix NSA Series Configuration Guide

Page 91

General Configuration Command Set

Setting Basic Device Properties

2.2.3.17 set summertime recurring

Use this command to configure recurring daylight savings time settings. These settings will start and stop daylight savings time at the specified day of the month and hour each year and will not have to be reset annually.

set summertime recurring start_week start_day start_month start_hr_min end_week end_day end_month end_hr_min [offset_minutes]

Syntax Description

start_week Specifies the week of the month to restart daylight

savings time. Valid values are: first, second, third, fourth, and last.

start_day Specifies the day of the week to restart daylight savings

time.

start_hr_min Specifies the time of day to restart daylight savings time.

Format is hh:mm.

end_week Specifies the week of the month to end daylight savings

time.

end_day Specifies the day of the week to end daylight savings

end_hr_min Specifies the time of day to end daylight savings time.

offset_minutes (Optional) Specifies the amount of time in minutes to

Command Defaults

If an offset is not specified, none will be applied.

Command Type

Switch command.

Command Mode

Read-Write.

time.

Format is hh:mm.

offset daylight savings time from the non-daylight savings time system setting. Valid values are 1 - 1440.

Matrix NSA Series Configuration Guide 2-65

Page 92

General Configuration Command Set Setting Basic Device Properties

Example

This example shows how set daylight savings time to recur start date of April 4, 2004 at 2 a.m. and an ending date of October 31, 2004 at 2 a.m. with an offset time of one hour:

Matrix(rw)->set summertime recurring first Sunday April 02:00 last Sunday October 02:00 60

2-66 Matrix NSA Series Configuration Guide

Page 93

General Configuration Command Set

Setting Basic Device Properties

2.2.3.18 clear summertime

Use this command to clear the daylight savings time configuration.

clear summertime

Syntax Description

None.

Command Defaults

None.

Command Type

Switch command.

Command Mode

Read-Write.

Example

This example shows how to clear the daylight savings time configuration:

Matrix(rw)->clear summertime

Matrix NSA Series Configuration Guide 2-67

Page 94

General Configuration Command Set Setting Basic Device Properties

2.2.3.19 set prompt

Use this command to modify the command prompt.

set prompt “prompt_string”

Syntax Description

prompt_string Specifies a text string for the command prompt.

Command Defaults

None.

Command Type

Switch command.

Command Mode

Read-Write.

NOTE: A prompt string containing a space in the text must be enclosed in quotes as shown in the example below.

Example

This example shows how to set the command prompt to Switch 1:

Matrix(rw)->set prompt “Switch 1” Switch 1(rw)->

2-68 Matrix NSA Series Configuration Guide

Page 95

General Configuration Command Set

Setting Basic Device Properties

2.2.3.20 set cli completion

Use this command to enable or disable the CLI command completion function. When enabled, this allows you to complete a unique CLI command fragment using the keyboard spacebar.

set cli completion {enable | disable} [default]

Syntax Description

enable | disable Enables or disables the CLI command completion

function.

default (Optional) Maintains the status for all future sessions.

Command Defaults

If not specified, the status setting will not be maintained as the default.

Command Type

Switch command.

Command Mode

Read-Write.

Example

This example shows how to enable the CLI command completion function and maintain it as the default setting:

Matrix(rw)->set cli completion enable default

Matrix NSA Series Configuration Guide 2-69

Page 96

General Configuration Command Set Setting Basic Device Properties

2.2.3.21 loop

Use this command to execute a command loop.

loop count [delay] [-r]

Syntax Description

count Specifies the number of times to loop. A value of 0 will

make the command loop forever.

delay (Optional) Specifies the number of seconds to delay

between executions.

-r (Optional) Refreshes the cursor to the home position on

the screen.

Command Defaults

• If a delay is not specified, none will be set.

• If not specified, the cursor will not refresh.

Command Type

Switch command.

Command Mode

Read-Write.

Example

This example shows how to execute a command loop 10 times with a 30 second delay:

Matrix(rw)->loop 10 30

2-70 Matrix NSA Series Configuration Guide

Page 97

General Configuration Command Set

Setting Basic Device Properties

2.2.3.22 show banner motd

Use this command to show the banner message of the day that will display at session login.

show banner motd

Syntax Description

None.

Command Defaults

None.

Command Type

Switch command.

Command Mode

Read-Only.

Example

This example shows how to display the banner message of the day:

Matrix(rw)->show banner motd Not one hundred percent efficient, of course ... but nothing ever is.

-- Kirk, "Metamorphosis", stardate 3219.8

Matrix NSA Series Configuration Guide 2-71

Page 98

General Configuration Command Set Setting Basic Device Properties

2.2.3.23 set banner motd

Use this command to set the banner message of the day displayed at session login.

set banner motd message

Syntax Description

message Specifies a message of the day. This is a text string that

can be formatted with tabs (\t) and new line escape (\n) characters. The \t tabs will be converted into 8 spaces in the banner output.

Command Defaults

None.

Command Type

Switch command.

Command Mode

Read-Write.

Example

This example shows how to set the message of the day banner to read “Change is the price of survival.

-- Winston Churchill” :

Matrix(rw)->set banner motd Change is the price of survival. n/ /t--Winston Churchill

2-72 Matrix NSA Series Configuration Guide

Page 99

General Configuration Command Set

Setting Basic Device Properties

2.2.3.24 clear banner motd

Use this command to clear the banner message of the day displayed at session login to a blank string.

clear banner motd

Syntax Description

None.

Command Defaults

None.

Command Type

Switch command.

Command Mode

Read-Write.

Example

This example shows how to clear the message of the day banner to a blank string:

Matrix(rw)->clear banner motd

Matrix NSA Series Configuration Guide 2-73

Page 100

General Configuration Command Set Setting Basic Device Properties

2.2.3.25 show version

Use this command to display hardware and firmware information. Refer to Section 2.2.5 for instructions on how to download a firmware image.

show version

Syntax Description

None.

Command Defaults

None.

Command Type

Switch command.

Command Mode

Read-Only.

Example

This example shows how to display version information:

Slot Model Serial # Versions 1 2G4072-52 041405833244 Hw: 0

Table 2-7 provides an explanation of the command output.

Table 2-7 show version Output Details

Output What It Displays...

Slot Slot (port group) location designation. For details on how

port groups are numbered, refer to Section 4.1.1. Model Device’s model number. Serial # Device’s serial number of the device. Versions

• Hw: Hardware version number.

• Bp: BootPROM version

• Fw: Current firmware version number.

2-74 Matrix NSA Series Configuration Guide

Bp: 01.00.15 Fw: 05.01.57

Enterasys Networks N Standalone NSA User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual

Notice

Contents

Figures

Tables

About This Guide

Introduction

1.1 MATRIX SERIES FEATURES

1.2 MATRIX SERIES CLI OVERVIEW

1.3 DEVICE MANAGEMENT METHODS

1.4 GETTING HELP

Startup and General Configuration

2.1 STARTUP AND GENERAL CONFIGURATION SUMMARY

2.1.1 Factory Default Settings

2.1.2 CLI “Command Defaults” Descriptions

2.1.3 CLI Command Modes

2.1.4 Using WebView

2.1.5 Process Overview: CLI Startup and General Configuration

2.1.6 Starting and Navigating the Command Line Interface

2.1.6.1 Using a Console Port Connection

2.1.6.2 Logging in with a Default User Account

2.1.6.3 Logging in with Administratively Configured Account

2.1.6.4 Using a Telnet Connection

2.1.6.5 Getting Help with CLI Syntax

2.1.6.6 Using Context-Sensitive Help

2.1.6.7 Performing Keyword Lookups

2.1.6.8 Displaying Scrolling Screens

2.1.6.9 Abbreviating and Completing Commands

2.1.6.10 Using the Spacebar Auto Complete Function

2.1.7 Configuring the Line Editor

2.1.7.1 show line-editor

2.1.7.2 set line-editor

2.2 GENERAL CONFIGURATION COMMAND SET

2.2.1 Setting User Accounts and Passwords

2.2.1.1 show system login

2.2.1.2 set system login

2.2.1.3 clear system login

2.2.1.4 set password

2.2.1.5 set system password length

2.2.1.6 set system password aging

2.2.1.7 set system password history

2.2.1.8 show system lockout

2.2.1.9 set system lockout

2.2.2 Managing the Management Authentication Notification MIB

2.2.2.1 show mgmt-auth-notify

2.2.2.2 set mgmt-auth-notify

2.2.2.3 clear mgmt-auth-notify

2.2.3 Setting Basic Device Properties

2.2.3.1 show ip address

2.2.3.2 set ip address

2.2.3.3 clear ip address

2.2.3.4 show ip gratuitous-arp

2.2.3.5 set ip gratuitous-arp

2.2.3.6 clear ip gratuitous-arp

2.2.3.7 show system

2.2.3.8 show system hardware

2.2.3.9 show system utilization

2.2.3.10 set system utilization threshold

2.2.3.11 clear system utilization

2.2.3.12 show time

2.2.3.13 set time

2.2.3.14 show summertime

2.2.3.15 set summertime

2.2.3.16 set summertime date

2.2.3.17 set summertime recurring

2.2.3.18 clear summertime

2.2.3.19 set prompt

2.2.3.20 set cli completion

2.2.3.21 loop

2.2.3.22 show banner motd

2.2.3.23 set banner motd

2.2.3.24 clear banner motd

2.2.3.25 show version