solution review from network and security perspective. For a single user, single authentication 802.1x port configuration, set MultiAuth mode to strict. set snmp user user [remote remoteid] [privacy privpassword] [authentication {md5 | sha}] [authpassword] If remote is not specified, the user will be registered for the local SNMP engine. set sntp poll-interval value The poll interval is 2 to the power of value in seconds, where value can range from 6 to 10. Software troubleshooting . Display MAC authentication configuration or status of active sessions. Link Aggregation Configuration Example Table 11-6 LAG and Physical Port Admin Key Assignments Device LAG LAG Admin Key Physical Port Physical Port Admin Key S8 Distribution Switch 1 100 ge.1.1 100 ge.2.1 100 ge.3.1 100 ge.4.1 100 ge.1.2 200 ge.2.2 200 ge.3.2 200 ge.4.2 200 ge.1.21 100 ge.1.22 100 ge.2.23 100 ge.3.24 100 ge.1.21 200 ge.1.22 200 ge.1.23 200 ge.1.24 200 ge.2.17 300 ge.2.19 300 ge.2.22 300 ge.2. 1 macdest Classifies based on MAC destination address. Type router, then C5(su)->router> Type enable. The following example configures DHCP snooping and dynamic ARP inspection in a routing environment using RIP. 1.4 IP switch Discovery MIB Port Device ge. When enabled, this indicates that a port is on the edge of a bridged LAN. Use the ping ipv6 interface command to ping a link-local or global IPv6 address of an interface, specifying a loopback, tunnel, or logical interface as the source. (Optional on C5 only) Set the power redundancy mode on the system if two power supplies are installed. Spanning Tree Basics designated port (Figure 15-6, call out 6), takes the role of backup port. The [state] option is valid only for S-Series and Matrix N-Series devices. 1518 capture loadsize The RMON capture maximum number of cotets from each packet to be downloaded from the buffer. Setting target addresses to control where SNMP notifications are sent 6. RSTP is defined in the IEEE 802.1w standard. Since MAC-based authentication authenticates the device, not the user, and is subject to MAC address spoofing attacks, it should not be considered a secure authentication method. 3. Configuring VRRP 2. Using the Command Line Interface commands without optional parameters, the defaults section lists None. By default, security audit logging is disabled. Default Settings Configuring OSPF Interface Timers The following OSPF timers are configured at the interface level in interface configuration mode: Hello Interval Dead Interval Retransmit Interval Transmit Delay Use the hello interval (ip ospf hello-interval) and dead interval (ip ospf dead-interval) timers to ensure efficient adjacency between OSPF neighbors. Nokia SRA -#367- and Cisco CCNP certified engineer with 5 years of experience. STP Operation Figure 15-3 Multiple Spanning Tree Overview Common and Internal Spanning Tree (CIST) ROOT Bridge MST Region MSTCentral MST Region Root S1 Root Non-Regional Bridge KEY: CIST Region SID 0 SID 1 Blocked Port SID 0 is the default Spanning Tree and interconnects all bridges to the Root Bridge. Basic OSPF Topology Configuration 1. 4. To display additional screen output: Press any key other than ENTER to advance the output one screen at a time. Configuring OSPF Areas Example Figure 22-5 OSPF NSSA Topology Area 1 RIP Backbone Router 1 Router 2 Router 3 Router 4 Router 5 Using the topology shown in Figure 22-5, the following code examples will configure Router 2 as the ABR between Area 1 and the backbone area 0. Display the routing table, including static routes. Connecting to the Switch If the adapter cable requires a driver, install the driver on your computer. Table 16-5 Displaying Policy Configuration and Statistics Task Command(s) Display policy role information. split-horizon poison 5. i . 2. Managing the Firmware Image Downloading from a TFTP or SFTP Server This procedure assumes that the switch or stack of switches has been assigned an IP address and that it is connected to the network. Configuration of static IGMP groups using the set igmpsnooping add-static on the fixed switches. Type 2. set ipsec encryption {3des | aes128 | aes192 | aes256} 4. Configuring VLANs the device. This procedure would typically be used when the system is NOT configured for routing. Link Aggregation Control Protocol (LACP) is described in Chapter 11, Configuring Link Aggregation. MAC Locking Response Validation When the MS-CHAP2-Success attribute is received in an access accept RADIUS response frame, it will be validated according to RFC2548 and RFC2759. SNTP Configuration Unicast Polling Mode When an SNTP client is operating in unicast mode, SNTP update requests are made directly to a server, configured using the set sntp server command. You can enable link flap detection globally on your Enterasys switch or on specific ports, such as uplink ports. Boot up the switch. Basic Switch Configuration - YouTube 0:00 / 28:31 Introduction Basic Switch Configuration StormWind Studios 53.3K subscribers Subscribe 2.1K Share 759K views 9 years ago Learn the basics of. In router configuration mode, optionally enable split horizon poison reverse. Procedure 5-4 Configuring Management Authentication Notification MIB Settings Step Task Command(s) 1. Hosts on the link discover the addresses of their neighboring routers by listening for advertisements. ICMP Enabled for echo-reply and mask-reply modes. Table 11-5 describes how to display link aggregation information and statistics. C5(su)->router(Config)#show access-lists 120 Extended IP access list 120 1: deny ip any 2: deny ip any 3: deny ip any 4: permit ip any any C5(su)->router(Config)#no access-list 120 2 3 C5(su)->router(Config)#show access-lists 120 Extended IP access list 120 1: deny ip 0.0.255. Ctrl+H Delete character to left of cursor. With LACP, if a set of links can aggregate, they will aggregate. Additional Configuration Tasks current.log Deleting a Backup Image File Since the stackable and standalone switches can store only two firmware images at a time, you may have to delete a backup image, if one exists, before you can manually download a new firmware image. P/N 9034314-07 Notice Enterasys Networks reserves the right to make changes in specifications and other information contained in this document and its web site without prior notice. System contact Set to empty string. SNTP Configuration Use the set sntp authentication key command to configure an authentication key instance. Copying One Switch's Configuration to Another Switch Using USB Zero Touch Provisioning (ZTP) Criteria for USB Zero Touch Provisioning; show mgmt-auth-notify 2. Table 24-2 Output of show ipv6 dhcp statistics Command (Continued). set mac agetime time 4. The default value of 0 may be administratively changed. 1.4 IP phone ge. This allows VLANs to share addressing information. Can you upload files from other sources? Project with a 2nd level client. For detailed information about the CLI commands used in this book, refer to the CLI Reference for your Fixed Switch platform. Extensible Authentication Protocol (EAP) A protocol that provides the means for communicating the authentication information in an IEEE 802.1x context. Routing Interfaces Example The following example shows how to enable RIP on the switch, then configure VLAN 1 with IP address as a routing interface and enable RIP on the interface. By enabling the link flap detection feature on your Enterasys switch, you can monitor and act upon link flapping to avoid these recalculations. 14 Configuring Syslog This chapter describes how System Logging, or Syslog, operates on Enterasys fixed stackable and standalone switches, and how to configure Syslog. Setting the Loop Protect Event Threshold and Window 15-34 Enabling or Disabling Loop Protect Event Notifications 15-35 Setting the Disputed BPDU Threshold 15-35 Monitoring Loop Protect Status and Settings 15-35 Enabling or Disabling Loop Protect By default, Loop Protect is disabled on all ports. Getting Help The following icons are used in this guide: Note: Calls the readers attention to any item of information that may be of special importance. Configuring PoE Procedure 7-2 PoE Configuration for Stackable B5 and C5 Devices (continued) Step Task Command(s) 6. Is it reachable? show lldp Display the LLDP status of one or more ports. set txqmonitor downtime seconds The default value is 0, meaning that disabled ports will remain disabled until cleared manually or until their next link state transition. Diffserv Disabled. Counters are only added to the datagram if the sources are within a short period, 5 seconds say, of failing to meet the required sampling interval. Basic OSPF Topology Configuration Router 1(su)->router(Config-if(Vlan 2))#no shutdown Router 1(su)->router(Config-if(Vlan 2))#exit Router 1(su)->router(Config)#interface loopback 0 Router 1(su)->router(Config-if(Lpbk 0))#ip address Router 1(su)->router(Config-if(Lpbk 0))#no shutdown Router 1(su)->router(Config-if(Lpbk 0))#exit Router 1(su)->router(Config)#router id 10.10.10. Since the admin key for the LAG and its associated ports must agree for the LAG to form, an easy way to ensure that LAGs do not automatically form is to set the admin key for all LAGS on all devices to a nondefault value. Default is 300 seconds. ThisexampleshowshowtodisplayPWAinformationforge.2.1: portstring (Optional)DisplaysPWAinformationforspecificport(s). Version 2 (SNMPv2c) The second release of SNMP, described in RFC 1907, has additions and enhancements to data types, counter size, and protocol operations. This overrides the specified timeout variable: set spantree spanguardlock port-string Monitoring SpanGuard Status and Settings Use the commands in Table 15-9 to review SpanGuard status and settings. If it is not, then the sending device proceeds no further. Condition Default Value IPv6 DHCP Disabled IPv6 DHCP Relay Agent Information Option 32 IPv6 DHCP Relay Agent Information Remote ID Sub-option 1 IPv6 DHCP Preferred Lifetime 2592000 seconds IPv6 DHCP Valid Lifetime 604800 seconds Configuration Examples Procedure 25-6 describes the tasks to configure a Fixed Switch interface as a DHCPv6 relay agent. Procedures Perform the following steps to configure and monitor port mirroring using SMON MIB objects. set igmpsnooping interfacemode port-string {enable | disable} Configure the IGMP group membership interval time for the system. Configuring PoE Stackable A4, B3, and C3 Devices Procedure 7-1 PoE Configuration for Stackable A4, B3, and C3 Devices Step Task Command(s) 1. OSPFv2 is available only on those fixed switch platforms that support advanced routing and on which an advanced feature license has been enabled. 26 Configuring Security Features This chapter. SNMP Support on Enterasys Switches Versions Supported Enterasys devices support three versions of SNMP: Version 1 (SNMPv1) This is the initial implementation of SNMP. If the address is a multicast or link-local address, then you must also specify the interface to be used to contact the DHCPv6 server. Transferring switch configurations Using the CLI commands described in the section beginning with TFTP: Copying a configuration file to a remote host (CLI), you can copy switch configurations to and from a switch, or copy a software image to configure or replace an ACL in the switch configuration. set system lockout emergency-access username 5. User Authentication Overview Implementing User Authentication Take the following steps to implement user authentication: Determine the types of devices to be authenticated. Use the area virtual-link authentication-key command in OSPF router configuration command mode to configure simple authentication on this area virtual-link. Can be no less than the max advertisement interval. STP Operation Rapid Spanning Tree Operation Rapid Spanning Tree (RSTP) optimizes convergence in a properly configured network by significantly reducing the time to reconfigure the networks active topology when physical topology or configuration parameter changes occur. Examples 17-18 Chapter 18: Configuring Network Monitoring Basic Network Monitoring Features .. 18-1 Console/Telnet History Buffer . Chapter 20: IP Configuration Enabling the Switch for Routing . 20-1 Router Configuration Modes 20-1 Entering Router Configuration Modes . 20-2 Example Configuring Area Virtual-Link Authentication . 22-14 Configuring Area Virtual-Link Timers. 22-14 Configuring Route Redistribution 22-14 Configuring Passive Interfaces .. Extended IPv4 ACL Configuration .. 24-12 MAC ACL Configuration .. 24-13 Chapter 25: Configuring and Managing IPv6 Managing IPv6 . Disabling and Enabling Ports .. 26-9 MAC Locking Defaults . 26-9 MAC Locking Configuration .. 26-10 TACACS+ .. 11-3 13-1 13-2 13-3 14-1 15-1 15-2 15-3 15-4 15-5 15-6 15-7 15-8 15-9 15-10 15-11 15-12 15-13 15-14 15-15 15-16 15-17 16-1 17-1 17-2 17-3 17-4 17-5 19-1 19-2 19-3 19-4 19-5 19-6 22-1 22-2 22-3 22-4 22-5 22-6 23-1 23-2 23-3 25-1 Link Aggregation Example.. 11-12 Communication between LLDP-enabled Devices . 13-3 LLDP-MED .. 4-7 4-8 5-1 6-1 7-1 7-2 7-3 8-1 8-2 8-3 8-4 9-1 9-2 9-3 10-1 10-2 10-3 10-4 11-1 11-2 11-3 11-4 11-5 11-6 11-7 12-1 12-2 12-3 12-4 12-5 13-1 13-2 13-3 13-4 13-5 13-6 14-1 14-2 14-3 14-4 15-1 15-2 15-3 15-4 15-5 15-6 15-7 15-8 15-9 15-10 15-11 16-1 16-2 16-3 16-4 16-5 xx Default DHCP Server Parameters . 4-20 Configuring Pool Parameters 16-6 17-1 18-1 18-2 18-3 18-4 18-5 18-6 18-7 18-8 19-1 19-2 19-3 19-4 19-5 19-6 19-7 19-8 19-9 19-10 20-1 20-2 20-3 21-1 21-2 21-3 22-1 22-2 23-1 23-2 24-1 25-1 25-2 25-3 25-4 25-5 25-6 26-1 26-2 26-3 26-4 26-5 26-6 26-7 26-8 26-9 26-10 26-11 26-12 26-13 26-14 Policy Configuration Terms and Definitions 16-18 CoS Configuration Terminology About This Guide This guide provides basic configuration information for the Enterasys Networks Fixed Switch platforms using the Command Line Interface (CLI0, including procedures and code examples. Configuring a Stack of New Switches 1. This guarantees that the default behavior of a bridge is to not be part of an MST region. set port vlan port-string vlan-id [modify-egress | no-modify-egress] Optionally, specify whether or not the ports should be added to the VLANs untagged egress list and removed from other untagged egress lists. Each timer value is in centiseconds. RADIUS Management Authentication Procedure 26-2 Configuring IPsec Step Task Command(s) 1. Only the Encapsulating Security Payload (ESP) mode of operation is supported. Port Configuration Overview Auto-Negotiation and Advertised Ability Auto-negotiation is an Ethernet feature that facilitates the selection of port speed, duplex, and flow control between the two members of a link, by first sharing these capabilities and then selecting the fastest transmission mode that both ends of the link support. System Priority Value used to build a LAG ID, which determines aggregation precedence. When a faculty member authenticates through the RADIUS server, the name of the faculty policy is returned in the RADIUS Access-Accept response message and that policy is applied by the switch to the faculty user. Determine an appropriate policy best suited for the use of that device on your network. Configuring PoE Stackable B5 and C5 Devices Procedure 7-2 PoE Configuration for Stackable B5 and C5 Devices Step Task Command(s) 1. See Chapter 17, Configuring Quality of Service in this book for a complete discussion of QoS configuration. set system login username {readwrite|read-only} enable (All other parameters are optional.) VLAN Support on Enterasys Switches If a unicast untagged frame is received on Port 5, it would be classified for VLAN 50. Autodidacte dans de multiples domaines informatique, je suis passionn par la scurit informatique.<br>actuellement technicien et admin systme, j'envisage long terme une rorientation (via des formations o diplme scolaire) dans le domaine de l'audit et du pentest. Basic OSPF Topology Configuration Router 1(su)->router(Config-if(Vlan 1))#ip ospf areaid Router 1(su)->router(Config-if(Vlan 1))#ip ospf enable Router 1(su)->router(Config-if(Vlan 1))#exit Router 2 CLI Input Router 2(su)->router(Config)#interface vlan 1 Router 2(su)->router(Config-if(Vlan 1))#ip ospf priority 10 Router 2(su)->router(Config-if(Vlan 1))#ip ospf areaid 0.0.0. 14881000 for 10- Gigabit ports Use the show port broadcast command to display current threshold settings. Table 11-3 lists link aggregation parameters and their default values. If you need to use multiple license keys on members of a stack, use the optional unit number parameter with the set license command. Enter router interface configuration command mode for the specified interface from global configuration command mode. show system password 3. This document presents policy configuration from the perspective of the Fixed Switch CLI. If it is, then the sending device proceeds as follows. Chapter 23, Configuring VRRP Configure IPv6 Chapter 25, Configuring and Managing IPv6 Security and General Management Configure Access Control Lists (ACLs). 22 Configuring OSPFv2 This chapter gives a brief overview of OSPFv2 and then presents several configuration scenarios. Setting SNMP Management Information Base (MIB) view attributes 4. A DHCP server manages a user-configured pool of IP addresses from which it can make assignments upon client requests. ThisexampleclearsDHCPv6statisticsforVLAN80. Configuring IGMP Table 19-4 Layer 3 IGMP Configuration Commands Task Command Set the maximum response time being inserted into group-specific queries sent in response to leave group messages. OSPF defines four router types: Area border router (ABR) An ABR is a router that connects one or more areas to the backbone area, and is a member of every area to which it is connected. First, the module is verified as present in Slot 2, and the port status is shown as operating as a 1000BASE-SX port. Only DHCP clients associated with this VLAN will be served IP addresses from the DHCP address pool associated with this routed interface (VLAN). set-request Stores a value in a specific variable. Searches for the doors matching such a key and verifies that the door is available. set snmp community community_name 2. Configuring PoE Refer to the switchs CLI Reference Guide for more information about each command. DHCP Configuration The subnet of the IP address being issued should be on the same subnet as the ingress interface (that is, the subnet of the host IP address of the switch, or if routing interfaces are configured, the subnet of the routing interface). Enabling IGMP on the device and on the VLANs. It provides for the authentication of routing updates, and utilizes IP multicast when sending and receiving the updates. Database contains 1 Enterasys S8-Chassis Manuals (available for free online viewing or downloading in PDF): Hardware installation manual . Supervise the activation of network interfaces on access switches, support the default . RESTRICTIONS. Configure PoE parameters on ports to which PDs are attached. Multicast Operation Multicast allows a source to send a single copy of data using a single IP address from a welldefined range for an entire group of recipients (a multicast group). 4. TACACS+ Procedure 26-4 TACACS+ Configuration (continued) Step Task Command(s) 8. Configuring Authentication dynamic Egress formatting will be based upon information contained in the authentication response. Setup and maintained DNS, WINS and DHCP servers. Guide the actions of Level 1 and Level 2 teams focus on configuration changes, software updates, and preventive/ corrective maintenance, define and develop together with Management team, the initial performance procedures that should be used by the NOC. IPv6 Routing Configuration C5(su)->router(Config)#show ipv6 interface vlan 100 Vlan Vlan IPv6 IPv6 100 Administrative Mode 100 IPv6 Routing Operational Mode is Prefix is Enabled Enabled Enabled FE80::211:88FF:FE55:4A7F/128 3FFE:501:FFFF:101:211:88FF:FE55:4A7F/64 Routing Mode Enabled Interface Maximum Transmit Unit 1500 Router Duplicate Address Detection Transmits 1 Router Advertisement NS Interval 0 Router Advertisement Lifetime Interval 1800 Router Advertisement Reachable Time 0 Router Advertisement Min. Table 8-3 Link Flap Detection Show Commands Task Command Display whether the port is enabled for generating an SNMP trap message if its link state changes. show tacacs session {authorization | accounting} [state] Displays only the current status for TACACS+ per-command authorization and accounting. Use the set sntp trustedkey command to add an authentication key to the trusted key list. Resolution of incidents of 2nd level. See Procedure 20-2 on page 20-4. ip address ip-address ip-mask [secondary] 2. The router with the highest priority is elected the DR, and the router with the next highest priority is elected the BDR. Ports assigned to a new port group cannot belong to another non-default port group entry and must be comprised of the same port type as defined by the port group you are associating it with. clear cdp {[state] [port-state portstring] [interval] [hold-time] [authcode]} Refer to your devices CLI Reference Guide for more information about each command. Untagged. This is useful for troubleshooting or problem solving when network management through the console port, telnet, or SSH is not feasible. If the upstream routers outbound list is now empty, it may send a prune message to its upstream router. FIPS mode can be cleared using the clear security profile command. It also assumes that the network has a TFTP or SFTP server to which you have access. In router configuration mode, optionally disable automatic route summarization (necessary for enabling CIDR). Basic OSPF Topology Configuration OSPF Router Types OSPF router type is an attribute of an OSPF process. If a RADIUS Filter-ID exists for the user account, the RADIUS protocol returns it in the RADIUS Accept message and the firmware applies the policy to the user. . 1. . Create a community name. When bridges are added to or removed from the network, root election takes place and port roles are recalculated. UsethiscommandtodisplaySNTPclientsettings. If you clear a license from a member unit in a stack while the master unit has a activated license, the status of the member will change to ConfigMismatch and its ports will be detached from the stack. Determines if the keys for trap doors do exist. If not specified, SID 0 will be assumed. Only a system administrator (super-user) may enable the security audit logging function, and only a system administrator has the ability to retrieve, copy, or upload the secure.log file. Use the disconnect command to close a console or Telnet session. Policy is applied using the port level default configuration. For information on the command syntax and parameters, refer to the online help or the CLL Reference for your platform. Ultimate Pi-hole configuration guide, SSL . You can do this by doing the following: Connect the switch to PuTTY with a 9-pin serial cable. Ctrl+I or TAB Complete word. If you have different switches with VLANs and want to connect them together you have to set the egress state of the ports where the switches are connect together: example: Switch A is connected with Switch B (let's say the uplink port between both is ge.1.1 then you have to: - create the VLAN : set vlan create 20 Configuration Digest 16-octet HMAC-MD5 signature created from the configured VLAN Identification (VID)/Filtering Identification (FID) to Multiple Spanning Tree Instances (MSTI) mappings. sFlow Using sFlow in Your Network The advantages of using sFlow include: sFlow makes it possible to monitor ports of a switch, with no impact on the distributed switching performance. 2 ipsourcesocket Classifies based on source IP address and optional post-fixed L4 TCP/UDP port. Caution: Contains information essential to avoid damage to the equipment. Achtung: Verweit auf wichtige Informationen zum Schutz gegen Beschdigungen. with the switch, but you must provide your own RJ45 to RJ45 straight-through console cable. DHCPv6 Configuration Relay Remote ID Option Flags Procedure 25-7 on page 25-17 describes the tasks to configure a Fixed Switch interface as a DHCPv6 server. C5(su)->set telnet disable inbound C5(su)->show telnet Telnet inbound is currently: DISABLED Telnet outbound is currently: ENABLED 3. Use the no command to reset the IGMP last member query interval to the default value of 1 second. Optionally, choose to discard tagged or untagged, (or both) frames on selected ports. 1. IPsec Configuration IPsec and IKE (Internet Key Exchange protocol) are defined for the RADIUS host application only. ieee The Enterasys device uses only the IEEE 802. Whether the switch enforces aging of system passwords. Telnet Enabled inbound and outbound. Enterasys Core Switch/Router Commands Enable Untagged Vlans: set port vlan ge.2.1-30 20 set vlan egress 20 ge.2.1-30 untagged reload Enable jumbo frame support: show port jumbo set port jumbo enable ge.2.22-30 Enable LACP: show lacp state <=== to discover global lacp setting status set lacp {disable|enable} access-list ipv6 name {deny | permit} protocol {srcipv6-addr/ prefix-length | any} [eq port] {dstipv6-addr/prefix-length | any} [eq port] [dscp dscp] [flow-label label-value] [assign-queue queue-id] 4. 3. Quality of Service Overview Preferential Queue Treatment for Packet Forwarding There are three types of preferential queue treatments for packet forwarding: strict priority, weighted fair, and hybrid. The ARP Table This example shows output from a successful ping to IP address C5(su)->router#ping is alive Use the traceroute command to display a hop-by-hop path through an IP network from the device to a specific destination host. Add the virtual switch to the stack using the set switch member command. Example CLI Properties Configuration In this example, the prompt is changed and a login banner is added. When changing between Normal and FIPS mode, a system reboot is required, indicated by a warning message: Warning: Changing the security profile requires system reset. Note: The Cisco Discovery Protocol must be globally enabled using the set ciscodp status command before operational status can be set on individual ports. set multiauth mode multi 3. Thisexampleshowshowtoenableportwebauthentication: Table 26-8 show pwa Output Details (Continued). Super-users can copy the secure.log file using SCP, SFTP, or TFTP. Chapter 22, Configuring OSPFv2 Configure multicast protocols IGMP, DVMRP, and PIM, and general multicast parameters. Note: When configuring any string or name parameter input for any command, do not use any letters with diacritical marks (an ancillary glyph added to a letter). Factory Default Settings Table 4-1 Default Settings for Basic Switch Operation (continued) Feature Default Setting Spanning Tree topology change trap suppression Enabled. For a subnet with the address, the directed broadcast address would be