Enterasys C5G124-24 Configuration manual

P/N 9034662-02

Enterasys

®

Fixed Switching

Configuration Guide

Firmware 6.61.xx and Higher

i

Notice

Enterasys Networks reserves the right to make changes in specifications and other information contained in this document and

its web site without prior notice. The reader should in all cases consult Enterasys Networks to determine whether any such

changes have been made.

The hardware, firmware, or software described in this document is subject to change without notice.

IN NO EVENT SHALL ENTERASYS NETWORKS BE LIABLE FOR ANY INCIDENTAL, INDIRECT, SPECIAL, OR

CONSEQUENTIAL DAMAGES WHATSOEVER (INCLUDING BUT NOT LIMITED TO LOST PROFITS) ARISING OUT OF

OR RELATED TO THIS DOCUMENT, WEB SITE, OR THE INFORMATION CONTAINED IN THEM, EVEN IF

ENTERASYS NETWORKS HAS BEEN ADVISED OF, KNEW OF, OR SHOULD HAVE KNOWN OF, THE POSSIBILITY OF

SUCH DAMAGES.

Enterasys Networks, Inc.

50 Minuteman Road

Andover, MA 01810

Part Number: 9034662-02 October 2012

ENTERASYS, ENTERASYS NETWORKS, ENTERASYS SECURE NETWORKS, NETSIGHT, ENTERASYS NETSIGHT, and any

logos associated therewith, are trademarks or registered trademarks of Enterasys Networks, Inc., in the United States and/or

other countries. For a complete list of Enterasys trademarks, see http://www.enterasys.com/company/trademarks.aspx.

All other product names mentioned in this manual may be trademarks or registered trademarks of their respective companies.

Documentation URL: https://extranet.enterasys.com/downloads/

ii

Enterasys Networks, Inc. Firmware License Agreement

BEFORE OPENING OR UTILIZING THE ENCLOSED PRODUCT,

CAREFULLY READ THIS LICENSE AGREEMENT.

This document is an agreement (“Agreement”) between the end user (“You”) and Enterasys Networks, Inc., on behalf of itself

and its Affiliates (as hereinafter defined) (“Enterasys”) that sets forth Your rights and obligations with respect to the Enterasys

software program/firmware (including any accompanying documentation, hardware or media) (“Program”) in the package

and prevails over any additional, conflicting or inconsistent terms and conditions appearing on any purchase order or other

document submitted by You. “Affiliate” means any person, partnership, corporation, limited liability company, other form of

enterprise that directly or indirectly through one or more intermediaries, controls, or is controlled by, or is under common

control with the party specified. This Agreement constitutes the entire understanding between the parties, with respect to the

subject matter of this Agreement. The Program may be contained in firmware, chips or other media.

BY INSTALLING OR OTHERWISE USING THE PROGRAM, YOU REPRESENT THAT YOU ARE AUTHORIZED TO ACCEPT

THESE TERMS ON BEHALF OF THE END USER (IF THE END USER IS AN ENTITY ON WHOSE BEHALF YOU ARE

AUTHORIZED TO ACT, “YOU” AND “YOUR” SHALL BE DEEMED TO REFER TO SUCH ENTITY) AND THAT YOU

AGREE THAT YOU ARE BOUND BY THE TERMS OF THIS AGREEMENT, WHICH INCLUDES, AMONG OTHER

PROVISIONS, THE LICENSE, THE DISCLAIMER OF WARRANTY AND THE LIMITATION OF LIABILITY. IF YOU DO NOT

AGREE TO THE TERMS OF THIS AGREEMENT OR ARE NOT AUTHORIZED TO ENTER INTO THIS AGREEMENT,

ENTERASYS IS UNWILLING TO LICENSE THE PROGRAM TO YOU AND YOU AGREE TO RETURN THE UNOPENED

PRODUCT TO ENTERASYS OR YOUR DEALER, IF ANY, WITHIN TEN (10) DAYS FOLLOWING THE DATE OF RECEIPT

FOR A FULL REFUND.

IF YOU HAVE ANY QUESTIONS ABOUT THIS AGREEMENT, CONTACT ENTERASYS NETWORKS, LEGAL

DEPARTMENT AT (978) 684-1000.

You and Enterasys agree as follows:

1. LICENSE. You have the non-exclusive and non-transferable right to use only the one (1) copy of the Program provided in

this package subject to the terms and conditions of this Agreement.

2. RESTRICTIONS. Except as otherwise authorized in writing by Enterasys, You may not, nor may You permit any third

party to:

(a) Reverse engineer, decompile, disassemble or modify the Program, in whole or in part, including for reasons of error

correction or interoperability, except to the extent expressly permitted by applicable law and to the extent the parties

shall not be permitted by that applicable law, such rights are expressly excluded. Information necessary to achieve

interoperability or correct errors is available from Enterasys upon request and upon payment of Enterasys’ applicable

fee.

(b) Incorporate the Program in whole or in part, in any other product or create derivative works based on the Program, in

whole or in part.

(c) Publish, disclose, copy reproduce or transmit the Program, in whole or in part.

(d) Assign, sell, license, sublicense, rent, lease, encumber by way of security interest, pledge or otherwise transfer the

Program, in whole or in part.

(e) Remove any copyright, trademark, proprietary rights, disclaimer or warning notice included on or embedded in any

part of the Program.

3. APPLICABLE LAW. This Agreement shall be interpreted and governed under the laws and in the state and federal courts

of the Commonwealth of Massachusetts without regard to its conflicts of laws provisions. You accept the personal jurisdiction

and venue of the Commonwealth of Massachusetts courts. None of the 1980 United Nations Convention on the Limitation Period

in the International Sale of Goods, and the Uniform Computer Information Transactions Act shall apply to this Agreement.

4. EXPORT RESTRICTIONS. You understand that Enterasys and its Affiliates are subject to regulation by agencies of the

U.S. Government, including the U.S. Department of Commerce, which prohibit export or diversion of certain technical products

to certain countries, unless a license to export the product is obtained from the U.S. Government or an exception from obtaining

such license may be relied upon by the exporting party.

If the Program is exported from the United States pursuant to the License Exception CIV under the U.S. Export

Administration Regulations, You agree that You are a civil end user of the Program and agree that You will use the Program for

civil end uses only and not for military purposes.

If the Program is exported from the United States pursuant to the License Exception TSR under the U.S. Export

Administration Regulations, in addition to the restriction on transfer set forth in Section 1 or 2 of this Agreement, You agree not

to (i) reexport or release the Program, the source code for the Program or technology to a national of a country in Country

Groups D:1 or E:2 (Albania, Armenia, Azerbaijan, Belarus, Cambodia, Cuba, Georgia, Iraq, Kazakhstan, Laos, Libya, Macau,

iii

Moldova, Mongolia, North Korea, the People’s Republic of China, Russia, Tajikistan, Turkmenistan, Ukraine, Uzbekistan,

Vietnam, or such other countries as may be designated by the United States Government), (ii) export to Country Groups D:1 or

E:2 (as defined herein) the direct product of the Program or the technology, if such foreign produced direct product is subject to

national security controls as identified on the U.S. Commerce Control List, or (iii) if the direct product of the technology is a

complete plant or any major component of a plant, export to Country Groups D:1 or E:2 the direct product of the plant or a

major component thereof, if such foreign produced direct product is subject to national security controls as identified on the

U.S. Commerce Control List or is subject to State Department controls under the U.S. Munitions List.

5. UNITED STATES GOVERNMENT RESTRICTED RIGHTS. The enclosed Program (i) was developed solely at private

expense; (ii) contains “restricted computer software” submitted with restricted rights in accordance with section 52.227-19 (a)

through (d) of the Commercial Computer Software-Restricted Rights Clause and its successors, and (iii) in all respects is

proprietary data belonging to Enterasys and/or its suppliers. For Department of Defense units, the Program is considered

commercial computer software in accordance with DFARS section 227.7202-3 and its successors, and use, duplication, or

disclosure by the U.S. Government is subject to restrictions set forth herein.

6. DISCLAIMER OF WARRANTY. EXCEPT FOR THOSE WARRANTIES EXPRESSLY PROVIDED TO YOU IN WRITING

BY ENTERASYS, ENTERASYS DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT

LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY, SATISFACTORY QUALITY, FITNESS FOR A PARTICULAR

PURPOSE, TITLE AND NON-INFRINGEMENT WITH RESPECT TO THE PROGRAM. IF IMPLIED WARRANTIES MAY NOT

BE DISCLAIMED BY APPLICABLE LAW, THEN ANY IMPLIED WARRANTIES ARE LIMITED IN DURATION TO THIRTY

(30) DAYS AFTER DELIVERY OF THE PROGRAM TO YOU.

7. LIMITATION OF LIABILITY. IN NO EVENT SHALL ENTERASYS OR ITS SUPPLIERS BE LIABLE FOR ANY

DAMAGES WHATSOEVER (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF BUSINESS, PROFITS,

BUSINESS INTERRUPTION, LOSS OF BUSINESS INFORMATION, SPECIAL, INCIDENTAL, CONSEQUENTIAL, OR

RELIANCE DAMAGES, OR OTHER LOSS) ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM, EVEN IF

ENTERASYS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THIS FOREGOING LIMITATION SHALL

APPLY REGARDLESS OF THE CAUSE OF ACTION UNDER WHICH DAMAGES ARE SOUGHT.

THE CUMULATIVE LIABILITY OF ENTERASYS TO YOU FOR ALL CLAIMS RELATING TO THE PROGRAM, IN

CONTRACT, TORT OR OTHERWISE, SHALL NOT EXCEED THE TOTAL AMOUNT OF FEES PAID TO ENTERASYS BY

YOU FOR THE RIGHTS GRANTED HEREIN.

8. AUDIT RIGHTS. You hereby acknowledge that the intellectual property rights associated with the Program are of critical

value to Enterasys, and, accordingly, You hereby agree to maintain complete books, records and accounts showing (i) license

fees due and paid, and (ii) the use, copying and deployment of the Program. You also grant to Enterasys and its authorized

representatives, upon reasonable notice, the right to audit and examine during Your normal business hours, Your books, records,

accounts and hardware devices upon which the Program may be deployed to verify compliance with this Agreement, including

the verification of the license fees due and paid Enterasys and the use, copying and deployment of the Program. Enterasys’ right

of examination shall be exercised reasonably, in good faith and in a manner calculated to not unreasonably interfere with Your

business. In the event such audit discovers non-compliance with this Agreement, including copies of the Program made, used

or deployed in breach of this Agreement, You shall promptly pay to Enterasys the appropriate license fees. Enterasys reserves

the right, to be exercised in its sole discretion and without prior notice, to terminate this license, effective immediately, for failure

to comply with this Agreement. Upon any such termination, You shall immediately cease all use of the Program and shall return

to Enterasys the Program and all copies of the Program.

9. OWNERSHIP. This is a license agreement and not an agreement for sale. You acknowledge and agree that the Program

constitutes trade secrets and/or copyrighted material of Enterasys and/or its suppliers. You agree to implement reasonable

security measures to protect such trade secrets and copyrighted material. All right, title and interest in and to the Program shall

remain with Enterasys and/or its suppliers. All rights not specifically granted to You shall be reserved to Enterasys.

10. ENFORCEMENT. You acknowledge and agree that any breach of Sections 2, 4, or 9 of this Agreement by You may cause

Enterasys irreparable damage for which recovery of money damages would be inadequate, and that Enterasys may be entitled

to seek timely injunctive relief to protect Enterasys’ rights under this Agreement in addition to any and all remedies available at

law.

11. ASSIGNMENT. You may not assign, transfer or sublicense this Agreement or any of Your rights or obligations under this

Agreement, except that You may assign this Agreement to any person or entity which acquires substantially all of Your stock

assets. Enterasys may assign this Agreement in its sole discretion. This Agreement shall be binding upon and inure to the benefit

of the parties, their legal representatives, permitted transferees, successors and assigns as permitted by this Agreement. Any

attempted assignment, transfer or sublicense in violation of the terms of this Agreement shall be void and a breach of this

Agreement.

12. WAIVER. A waiver by Enterasys of a breach of any of the terms and conditions of this Agreement must be in writing and

will not be construed as a waiver of any subsequent breach of such term or condition. Enterasys’ failure to enforce a term upon

Your breach of such term shall not be construed as a waiver of Your breach or prevent enforcement on any other occasion.

iv

13. SEVERABILITY. In the event any provision of this Agreement is found to be invalid, illegal or unenforceable, the validity,

legality and enforceability of any of the remaining provisions shall not in any way be affected or impaired thereby, and that

provision shall be reformed, construed and enforced to the maximum extent permissible. Any such invalidity, illegality, or

unenforceability in any jurisdiction shall not invalidate or render illegal or unenforceable such provision in any other

jurisdiction.

14. TERMINATION. Enterasys may terminate this Agreement immediately upon Your breach of any of the terms and

conditions of this Agreement. Upon any such termination, You shall immediately cease all use of the Program and shall return

to Enterasys the Program and all copies of the Program.

v

Contents

Chapter 1: Setting Up a Switch for the First Time

Before You Begin ...........................................................................................................................................1-1

Connecting to the Switch ................................................................................................................................1-2

Downloading New Firmware ...........................................................................................................................1-3

Deleting a Backup Image File ..................................................................................................................1-5

Additional Configuration Tasks .......................................................................................................................1-5

Setting User Accounts and Passwords ....................................................................................................1-5

Controlling In-band Access to the Switch .................................................................................................1-6

Changing SNMP Defaults ........................................................................................................................1-7

Saving the Configuration and Connecting Devices ........................................................................................1-7

Configuring a Stack of New Switches .............................................................................................................1-8

Where to Go Next ...........................................................................................................................................1-9

Getting Help ..................................................................................................................................................1-10

Downloading Firmware via the Serial Port ...................................................................................................1-10

Chapter 2: Configuring Switches in a Stack

About Switch Operation in a Stack .................................................................................................................2-1

Stack Initialization ....................................................................................................................................2-1

Configuration Management ......................................................................................................................2-2

Installing a New Stackable System of Up to Eight Units ................................................................................2-2

Installing Previously-Configured Systems in a Stack .....................................................................................2-3

Adding a New Unit to an Existing Stack .........................................................................................................2-3

Removing Units from an Existing Stack .........................................................................................................2-4

Stack Disruption Times ............................................................................................................................2-4

Creating a Virtual Switch Configuration ..........................................................................................................2-4

Example ...................................................................................................................................................2-5

Considerations About Using “clear config” in a Stack ....................................................................................2-5

Configuring Standalone A4 Stack Ports .........................................................................................................2-6

When Uplink Ports are Configured as Ethernet Ports ........................................................................2-6

Chapter 3: CLI Basics

Switch Management Methods ........................................................................................................................3-1

Using the Command Line Interface ................................................................................................................3-1

Starting a CLI Session .............................................................................................................................3-1

Connecting Using the Console Port ...................................................................................................3-2

Connecting Using Telnet or SSH........................................................................................................3-2

Logging In ................................................................................................................................................3-3

Using a Default User Account ............................................................................................................3-3

Using an Administratively Configured User Account..........................................................................3-3

Clearing and Closing the CLI ...................................................................................................................3-3

Navigating the Command Line Interface ..................................................................................................3-3

Getting Help with CLI Syntax..............................................................................................................3-3

CLI Command Defaults Descriptions .................................................................................................3-3

CLI Command Modes.........................................................................................................................3-4

Performing Keyword Lookups ............................................................................................................3-4

Displaying Scrolling Screens..............................................................................................................3-5

Abbreviating and Completing Commands..........................................................................................3-5

Basic Line Editing Commands............................................................................................................3-6

Configuring CLI Properties .............................................................................................................................3-6

Example CLI Properties Configuration .....................................................................................................3-7

vi

CLI Properties Display Commands ..........................................................................................................3-7

Chapter 4: System Configuration

Factory Default Settings .................................................................................................................................4-1

Initial Configuration Overview .........................................................................................................................4-5

Advanced Configuration Overview .................................................................................................................4-6

Licensing Advanced Features ........................................................................................................................4-8

License Implementation Differences ........................................................................................................4-8

Node-Locked Licensing......................................................................................................................4-9

Non-Node-Locked Licensing ..............................................................................................................4-9

Licensing in a Stack Environment ............................................................................................................4-9

Applying Node-Locked Licenses in a Stack .....................................................................................4-10

Applying Non-Node-Locked Licenses in a Stack..............................................................................4-10

Adding a New Member to a Licensed Stack.....................................................................................4-11

Displaying and Clearing Licenses ..........................................................................................................4-11

SNTP Configuration ......................................................................................................................................4-11

Unicast Polling Mode .............................................................................................................................4-12

Broadcast Listening Mode ......................................................................................................................4-12

SNTP Authentication ..............................................................................................................................4-12

Authentication Key and Trusted Key List..........................................................................................4-12

SNTP Defaults .......................................................................................................................................4-13

Configuring SNTP ..................................................................................................................................4-13

SNTP Configuration Example ................................................................................................................4-15

DHCP Configuration .....................................................................................................................................4-16

DHCP Relay Agent ................................................................................................................................4-16

DHCP Server .........................................................................................................................................4-16

IP Address Pools ....................................................................................................................................4-17

Automatic IP Address Pools.............................................................................................................4-17

Manual IP Address Pools .................................................................................................................4-17

Configuring a DHCP Server ...................................................................................................................4-17

DHCP Configuration on a Non-Routing System...............................................................................4-18

DHCP Configuration on a Routing System.......................................................................................4-18

Managing and Displaying DHCP Server Parameters ............................................................................4-20

DHCP Server Defaults ...........................................................................................................................4-20

Configuring DHCP IP Address Pools .....................................................................................................4-21

Automatic IP Address Pool Configuration ........................................................................................4-21

Manual IP Pool Configuration...........................................................................................................4-21

Configuring Additional Pool Parameters .....................................................................................4-23

Telnet Overview ............................................................................................................................................4-23

Configuring Telnet ..................................................................................................................................4-24

SSH Overview ..............................................................................................................................................4-24

Configuring SSH ....................................................................................................................................4-24

MAC Address Settings .................................................................................................................................4-24

Age Time ................................................................................................................................................4-24

Limiting MAC Addresses to Specific VLANs ..........................................................................................4-25

Setting the MAC Algorithm Mode ...........................................................................................................4-25

New MAC Address Detection .................................................................................................................4-25

Configuring Node Aliases .............................................................................................................................4-26

Chapter 5: User Account and Password Management

User Account Overview ..................................................................................................................................5-1

Emergency Access User Account ............................................................................................................5-2

Account Lockout .......................................................................................................................................5-3

Port Lockout .......................................................................................................................................5-3

User Account Configuration .....................................................................................................................5-3

vii

Password Management Overview ..................................................................................................................5-6

System Level Password Settings .............................................................................................................5-6

Defaults ..............................................................................................................................................5-7

System Password Settings Configuration ................................................................................................5-8

Password Reset Button Functionality .............................................................................................................5-9

Management Authentication Notification MIB Functionality ...........................................................................5-9

Chapter 6: Firmware Image and File Management

Managing the Firmware Image .......................................................................................................................6-1

Downloading a Firmware Image ..............................................................................................................6-1

Downloading from a TFTP or SFTP Server........................................................................................6-2

Setting the Boot Firmware ........................................................................................................................6-3

Reverting to a Previous Image .................................................................................................................6-3

Setting TFTP Parameters ........................................................................................................................6-4

Managing Switch Configuration and Files ......................................................................................................6-4

Configuration Persistence Mode ..............................................................................................................6-4

Using an I-Series Memory Card ...............................................................................................................6-5

Memory Card Operation.....................................................................................................................6-5

Displaying and Saving the Configuration and Creating a Backup ............................................................6-5

Displaying the Configuration...............................................................................................................6-6

Creating a Backup Configuration File.................................................................................................6-6

Applying a Saved Configuration ...............................................................................................................6-7

Managing Files .........................................................................................................................................6-8

Chapter 7: Configuring System Power and PoE

Configuring Redundant Power Supplies .........................................................................................................7-1

Power over Ethernet Overview .......................................................................................................................7-1

Implementing PoE ....................................................................................................................................7-2

Allocation of PoE Power to Modules ........................................................................................................7-2

When Manual Mode is Configured .....................................................................................................7-3

Management of PoE Power to PDs .........................................................................................................7-3

Configuring PoE .............................................................................................................................................7-4

Stackable A4, B3, and C3 Devices ..........................................................................................................7-5

Stackable B5 and C5 Devices ..................................................................................................................7-6

G-Series Devices .....................................................................................................................................7-7

Example PoE Configuration ...................................................................................................................7-10

PoE Display Commands ........................................................................................................................7-10

Chapter 8: Port Configuration

Port Configuration Overview ...........................................................................................................................8-1

Port String Syntax Used in the CLI ..........................................................................................................8-1

Examples............................................................................................................................................8-2

Console Port Settings ..............................................................................................................................8-2

VT100 Terminal Mode........................................................................................................................8-3

Port Settings .............................................................................................................................................8-3

Port Status..........................................................................................................................................8-3

Port Name or Alias .............................................................................................................................8-3

Auto-Negotiation and Advertised Ability .............................................................................................8-4

Port Speed and Duplex Mode ............................................................................................................8-4

MDI / MDIX Cable Type......................................................................................................................8-4

Port Flow Control................................................................................................................................8-5

Jumbo Frame Support........................................................................................................................8-5

Broadcast Suppression Threshold .....................................................................................................8-5

Protected Port Mode...........................................................................................................................8-6

Displaying Port Status ..............................................................................................................................8-6

viii

Displaying Cable Status .....................................................................................................................8-7

Configuring SFP Ports for 100BASE-FX ..................................................................................................8-7

Example..............................................................................................................................................8-8

Configuring Port Link Flap Detection ..............................................................................................................8-8

Basic Link Flap Detection Configuration ..................................................................................................8-9

Example .................................................................................................................................................8-10

Link Flap Detection Display Commands ................................................................................................8-11

Transmit Queue Monitoring ..........................................................................................................................8-11

Port Mirroring ................................................................................................................................................8-12

Mirroring Features ..................................................................................................................................8-12

Configuring Port Mirroring ................................................................................................................8-13

Remote Port Mirroring ............................................................................................................................8-13

Configuring Remote Port Mirroring...................................................................................................8-14

Configuring SMON MIB Port Mirroring ...................................................................................................8-15

Procedures.......................................................................................................................................8-15

Chapter 9: Configuring VLANs

VLAN Overview ..............................................................................................................................................9-1

Using VLANs to Partition Your Network ...................................................................................................9-1

Implementing VLANs ......................................................................................................................................9-2

Preparing for VLAN Configuration ............................................................................................................9-3

Understanding How VLANs Operate ..............................................................................................................9-3

Learning Modes and Filtering Databases ................................................................................................9-3

VLAN Assignment and Forwarding ..........................................................................................................9-4

Receiving Frames from VLAN Ports...................................................................................................9-4

Forwarding Decisions.........................................................................................................................9-5

Example of a VLAN Switch in Operation ..................................................................................................9-5

VLAN Support on Enterasys Switches ...........................................................................................................9-6

Maximum Active VLANs ...........................................................................................................................9-6

Configurable Range .................................................................................................................................9-6

VLAN Types .............................................................................................................................................9-6

Static and Dynamic VLANs ................................................................................................................9-6

Port-Based VLANs .............................................................................................................................9-6

Policy-Based VLANs ..........................................................................................................................9-7

GARP VLAN Registration Protocol (GVRP) Support ...............................................................................9-7

How It Works ......................................................................................................................................9-7

Configuring VLANs .........................................................................................................................................9-8

Default Settings ........................................................................................................................................9-9

Configuring Static VLANs .........................................................................................................................9-9

Example Configuration .....................................................................................................................9-11

Creating a Secure Management VLAN ..................................................................................................9-11

Configuring Dynamic VLANs ..................................................................................................................9-12

Configuring Protocol-Based VLAN Classification ...................................................................................9-13

Example Configuration .....................................................................................................................9-13

Monitoring VLANs ..................................................................................................................................9-14

Terms and Definitions ...................................................................................................................................9-14

Chapter 10: Configuring User Authentication

User Authentication Overview ......................................................................................................................10-1

Implementing User Authentication .........................................................................................................10-2

Authentication Methods ..........................................................................................................................10-2

IEEE 802.1x Using EAP ...................................................................................................................10-2

MAC-Based Authentication (MAC)...................................................................................................10-2

Port Web Authentication (PWA) .......................................................................................................10-3

Multi-User And MultiAuth Authentication..........................................................................................10-3

ix

Remote Authentication Dial-In Service (RADIUS) .................................................................................10-7

How RADIUS Data Is Used..............................................................................................................10-8

The RADIUS Filter-ID.......................................................................................................................10-8

RFC 3580 — VLAN Authorization ....................................................................................................10-8

Policy Maptable Response.............................................................................................................10-10

Configuring Authentication .........................................................................................................................10-12

Configuring IEEE 802.1x ......................................................................................................................10-14

Configuring MAC-based Authentication ...............................................................................................10-15

Configuring Port Web Authentication (PWA) .......................................................................................10-16

Optionally Enable Guest Network Privileges..................................................................................10-17

Configuring MultiAuth Authentication ...................................................................................................10-17

Setting MultiAuth Authentication Mode...........................................................................................10-17

Setting MultiAuth Authentication Precedence ................................................................................10-18

Setting MultiAuth Authentication Port Properties............................................................................10-18

Setting MultiAuth Authentication Timers.........................................................................................10-19

Displaying MultiAuth Configuration Information..............................................................................10-20

Configuring VLAN Authorization ..........................................................................................................10-20

Configuring RADIUS ............................................................................................................................10-21

Configuring the Authentication Server............................................................................................10-21

Configuring User + IP Phone Authentication .......................................................................................10-22

Example..........................................................................................................................................10-23

Authentication Configuration Example .......................................................................................................10-25

Configuring MultiAuth Authentication ...................................................................................................10-26

Enabling RADIUS On the Switch .........................................................................................................10-26

Creating RADIUS User Accounts on the Authentication Server ..........................................................10-26

Configuring the Engineering Group 802.1x End-User Stations ............................................................10-26

Configuring the Printer Cluster for MAC-Based Authentication ...........................................................10-27

Configuring the Public Area PWA Station ............................................................................................10-28

Terms and Definitions .................................................................................................................................10-28

Chapter 11: Configuring Link Aggregation

Link Aggregation Overview ...........................................................................................................................11-1

Using Link Aggregation in a Network .....................................................................................................11-1

Implementing Link Aggregation ..............................................................................................................11-2

LACP Operation .....................................................................................................................................11-2

How a LAG Forms ..................................................................................................................................11-3

Attached Ports ........................................................................................................................................11-5

Single Port Attached State Rules .....................................................................................................11-7

LAG Port Parameters .............................................................................................................................11-7

Static Port Assignment ...........................................................................................................................11-8

Flexible Link Aggregation Groups ..........................................................................................................11-8

Configuring Link Aggregation .......................................................................................................................11-9

Link Aggregation Configuration Example ...................................................................................................11-11

Configuring the S8 Distribution Switch ...........................................................................................11-14

Configuring the Fixed Switch Stack 1.............................................................................................11-14

Configuring the Fixed Switch Stack 2.............................................................................................11-14

Configuring the Server....................................................................................................................11-15

Terms and Definitions .................................................................................................................................11-15

Chapter 12: Configuring SNMP

SNMP Overview ...........................................................................................................................................12-1

Implementing SNMP ..............................................................................................................................12-1

SNMP Concepts ...........................................................................................................................................12-2

Manager/Agent Model Components ......................................................................................................12-2

Message Functions ................................................................................................................................12-2

x

Trap Versus Inform Messages .........................................................................................................12-3

Access to MIB Objects ...........................................................................................................................12-3

Community Name Strings.................................................................................................................12-3

User-Based.......................................................................................................................................12-3

SNMP Support on Enterasys Switches ........................................................................................................12-3

Versions Supported ................................................................................................................................12-4

SNMPv1 andv2c Network Management Components .....................................................................12-4

SNMPv3 User-Based Security Model (USM) Enhancements ..........................................................12-4

Terms and Definitions ............................................................................................................................12-5

Security Models and Levels ...................................................................................................................12-6

Access Control .......................................................................................................................................12-6

Configuring SNMP ........................................................................................................................................12-7

Configuration Basics ..............................................................................................................................12-7

How SNMP Processes a Notification Configuration ...............................................................................12-7

SNMP Defaults .......................................................................................................................................12-8

Device Start Up Configuration..........................................................................................................12-8

Configuring SNMPv1/SNMPv2c .............................................................................................................12-9

Creating a New Configuration ..........................................................................................................12-9

Adding to or Modifying the Default Configuration...........................................................................12-10

Configuring SNMPv3 ............................................................................................................................12-10

Configuring an SNMPv3 Inform or Trap Engine ID ........................................................................12-13

Configuring an SNMP View............................................................................................................12-14

Configuring Secure SNMP Community Names ...................................................................................12-15

Example..........................................................................................................................................12-17

Reviewing SNMP Settings ..........................................................................................................................12-18

Chapter 13: Configuring Neighbor Discovery

Neighbor Discovery Overview ......................................................................................................................13-1

Neighbor Discovery Operation ...............................................................................................................13-1

LLDP-MED .............................................................................................................................................13-3

LLDPDU Frames ....................................................................................................................................13-5

Configuring LLDP .........................................................................................................................................13-7

LLDP Configuration Commands ............................................................................................................13-7

Basic LLDP Configuration ......................................................................................................................13-9

Example LLDP Configuration: Time to Live......................................................................................13-9

Example LLDP Configuration: Location Information.........................................................................13-9

LLDP Display Commands ....................................................................................................................13-10

Configuring Enterasys Discovery Protocol .................................................................................................13-10

Enterasys Discovery Protocol Configuration Commands ....................................................................13-10

Example Enterasys Discovery Protocol Configuration .........................................................................13-11

Enterasys Discovery Protocol Show Commands .................................................................................13-11

Configuring Cisco Discovery Protocol ........................................................................................................13-11

Cisco Discovery Protocol Configuration Commands ...........................................................................13-12

Example Cisco Discovery Protocol Configuration ................................................................................13-12

Cisco Discovery Protocol Configuration Commands ...........................................................................13-12

Chapter 14: Configuring Syslog

System Logging Overview ............................................................................................................................14-1

Syslog Operation ..........................................................................................................................................14-2

Syslog Operation on Enterasys Devices ................................................................................................14-2

Filtering by Severity and Facility ............................................................................................................14-2

Syslog Components and Their Use ..............................................................................................................14-3

Basic Syslog Scenario ...........................................................................................................................14-5

Interpreting Messages ..................................................................................................................................14-6

Example .................................................................................................................................................14-6

xi

About Security Audit Logging .......................................................................................................................14-6

Security Events Logged .........................................................................................................................14-7

Trap Generation .....................................................................................................................................14-7

Format Examples ...................................................................................................................................14-8

Configuring Syslog .......................................................................................................................................14-8

Syslog Command Precedence ...............................................................................................................14-8

About Server and Application Severity Levels .......................................................................................14-9

Configuring Syslog Server(s) .................................................................................................................14-9

Example............................................................................................................................................14-9

Modifying Syslog Server Defaults ........................................................................................................14-10

Displaying System Logging Defaults..............................................................................................14-10

Modifying Default Settings..............................................................................................................14-10

Reviewing and Configuring Logging for Applications ...........................................................................14-10

Displaying Current Application Severity Levels..............................................................................14-11

Enabling Console Logging and File Storage ........................................................................................14-11

Displaying to the Console and Saving to a File..............................................................................14-11

Configuration Examples .......................................................................................................................14-12

Enabling a Server and Console Logging........................................................................................14-12

Adjusting Settings to Allow for Logging at the Debug Level...........................................................14-12

Chapter 15: Configuring Spanning Tree

Spanning Tree Protocol Overview ................................................................................................................15-1

Why Use Spanning Trees? ....................................................................................................................15-2

Spanning Tree on Enterasys Platforms .................................................................................................15-2

STP Operation ..............................................................................................................................................15-3

Rapid Spanning Tree Operation ............................................................................................................15-4

Multiple Spanning Tree Operation .........................................................................................................15-4

Functions and Features Supported on Enterasys Devices ..........................................................................15-6

Spanning Tree Versions .........................................................................................................................15-6

Maximum SID Capacities .......................................................................................................................15-6

Network Diameter ..................................................................................................................................15-6

Port Forwarding ......................................................................................................................................15-6

Disabling Spanning Tree ........................................................................................................................15-7

STP Features .........................................................................................................................................15-7

SpanGuard.......................................................................................................................................15-7

Loop Protect.....................................................................................................................................15-7

Updated 802.1t.................................................................................................................................15-8

Multisource Detection.......................................................................................................................15-8

Spanning Tree Basics ..................................................................................................................................15-9

Spanning Tree Bridge Protocol Data Units ............................................................................................15-9

Electing the Root Bridge ........................................................................................................................15-9

Assigning Path Costs .............................................................................................................................15-9

Paths to Root .......................................................................................................................................15-10

Identifying Designated, Alternate, and Backup Port Roles ..................................................................15-12

Assigning Port States ...........................................................................................................................15-13

RSTP Operation ...................................................................................................................................15-14

MSTP Operation ..................................................................................................................................15-14

Common and Internal Spanning Tree (CIST).................................................................................15-14

MST Region....................................................................................................................................15-15

Multiple Spanning Tree Instances (MSTI) ......................................................................................15-16

Configuring STP and RSTP ........................................................................................................................15-19

Reviewing and Enabling Spanning Tree ..............................................................................................15-20

Example..........................................................................................................................................15-20

Adjusting Spanning Tree Parameters ..................................................................................................15-20

Setting Bridge Priority Mode and Priority........................................................................................15-21

xii

Setting a Port Priority......................................................................................................................15-21

Assigning Port Costs ......................................................................................................................15-22

Adjusting Bridge Protocol Data Unit (BPDU) Intervals ...................................................................15-22

Enabling the Backup Root Function .....................................................................................................15-23

Adjusting RSTP Parameters ................................................................................................................15-23

Defining Edge Port Status ..............................................................................................................15-24

Configuring MSTP ......................................................................................................................................15-24

Example 1: Configuring MSTP for Traffic Segregation ........................................................................15-25

Example 2: Configuring MSTP for Maximum Bandwidth Utilization .....................................................15-27

Adjusting MSTP Parameters ................................................................................................................15-28

Monitoring MSTP .................................................................................................................................15-29

Understanding and Configuring SpanGuard ..............................................................................................15-29

What Is SpanGuard? ............................................................................................................................15-29

How Does It Operate? ..........................................................................................................................15-30

Configuring SpanGuard .......................................................................................................................15-30

Reviewing and Setting Edge Port Status........................................................................................15-30

Enabling and Adjusting SpanGuard ...............................................................................................15-30

Monitoring SpanGuard Status and Settings...................................................................................15-31

Understanding and Configuring Loop Protect ............................................................................................15-31

What Is Loop Protect? ..........................................................................................................................15-31

How Does It Operate? ..........................................................................................................................15-31

Port Modes and Event Triggers......................................................................................................15-32

Example: Basic Loop Protect Configuration...................................................................................15-32

..................................................................................................................... Configuring Loop Protect 15-33

Enabling or Disabling Loop Protect ................................................................................................15-34

Specifying Loop Protect Partners...................................................................................................15-34

Setting the Loop Protect Event Threshold and Window.................................................................15-34

Enabling or Disabling Loop Protect Event Notifications .................................................................15-35

Setting the Disputed BPDU Threshold...........................................................................................15-35

Monitoring Loop Protect Status and Settings.................................................................................15-35

Terms and Definitions .................................................................................................................................15-36

Chapter 16: Configuring Policy

Using Policy in Your Network .......................................................................................................................16-1

Standard and Enhanced Policy on Enterasys Platforms ........................................................................16-2

Implementing Policy ...............................................................................................................................16-2

Policy Configuration Overview ......................................................................................................................16-2

Using the Enterasys NetSight Policy Manager ......................................................................................16-2

Understanding Roles in a Secure Network ............................................................................................16-3

The Policy Role ................................................................................................................................16-3

Defining Policy Roles .............................................................................................................................16-3

Setting a Default VLAN for a Role....................................................................................................16-4

Adding Tagged, Untagged, and Forbidden Ports to the VLAN Egress Lists....................................16-4

Assigning a Class of Service to a Role.............................................................................................16-4

Defining Policy Rules .............................................................................................................................16-5

Admin Rules.....................................................................................................................................16-5

Traffic Classification Rules ...............................................................................................................16-5

Applying Policy .......................................................................................................................................16-7

Applying a Default Policy..................................................................................................................16-8

Applying Policies Dynamically..........................................................................................................16-8

Blocking Non-Edge Protocols at the Edge Network Layer ...............................................................16-8

Configuring Policy .........................................................................................................................................16-9

Policy Configuration Example .....................................................................................................................16-12

Roles ....................................................................................................................................................16-13

Policy Domains ....................................................................................................................................16-13

xiii

Basic Edge .....................................................................................................................................16-13

Standard Edge................................................................................................................................16-14

Premium Edge................................................................................................................................16-14

Premium Distribution ......................................................................................................................16-14

Platform Configuration .........................................................................................................................16-14

Configuring Guest Policy on Edge Platforms .................................................................................16-15

Configuring Policy for the Edge Student Fixed Switch ...................................................................16-15

Configuring PhoneFS Policy for the Edge Fixed Switch.................................................................16-16

Configuring Policy for the Edge Faculty Fixed Switch....................................................................16-17

Terms and Definitions .................................................................................................................................16-18

Chapter 17: Configuring Quality of Service

Quality of Service Overview .........................................................................................................................17-1

Implementing QoS .................................................................................................................................17-1

Quality of Service Operation ..................................................................................................................17-2

Class of Service (CoS) ...........................................................................................................................17-2

CoS Settings ..........................................................................................................................................17-3

CoS Hardware Resource Reference................................................................................................17-3

CoS Flood Control State...................................................................................................................17-3

CoS Priority and ToS Rewrite...........................................................................................................17-3

CoS Reference .......................................................................................................................................17-4

Port Group and Type........................................................................................................................17-4

CoS Settings Reference to Port Resource Mapping ........................................................................17-5

Port Resources ......................................................................................................................................17-5

Port Configuration ..................................................................................................................................17-5

Preferential Queue Treatment for Packet Forwarding ...........................................................................17-6

Strict Priority Queuing.......................................................................................................................17-6

Weighted Fair Queuing.....................................................................................................................17-6

Hybrid Queuing.................................................................................................................................17-7

Rate Limiting ..........................................................................................................................................17-8

Flood Control ..........................................................................................................................................17-9

CoS Hardware Resource Configuration .......................................................................................................17-9

IRL Configuration ...................................................................................................................................17-9

CoS Port Configuration Layer...........................................................................................................17-9

CoS Port Resource Layer...............................................................................................................17-10

CoS Reference Layer.....................................................................................................................17-10

CoS Settings Layer.........................................................................................................................17-10

Enable CoS State...........................................................................................................................17-10

IRL Configuration Example Show Command Output .....................................................................17-10

Flood Control Configuration .................................................................................................................17-12

CoS Port Configuration Layer.........................................................................................................17-12

CoS Port Resource Layer...............................................................................................................17-12

CoS Reference Layer.....................................................................................................................17-12

CoS Settings Layer.........................................................................................................................17-12

Enable CoS State...........................................................................................................................17-12

Flood Control Configuration Example Show Command Output .....................................................17-12

Enabling CoS State ..............................................................................................................................17-13

The QoS CLI Command Flow ....................................................................................................................17-14

Port Priority and Transmit Queue Configuration .........................................................................................17-15

Setting Port Priority ..............................................................................................................................17-15

Example..........................................................................................................................................17-15

Mapping Port Priority to Transmit Queues ...........................................................................................17-15

Example..........................................................................................................................................17-16

Setting Transmit Queue Arbitration ......................................................................................................17-16

Port Traffic Rate Limiting ............................................................................................................................17-17

xiv

Examples .............................................................................................................................................17-18

Chapter 18: Configuring Network Monitoring

Basic Network Monitoring Features ..............................................................................................................18-1

Console/Telnet History Buffer ................................................................................................................18-1

Network Diagnostics ..............................................................................................................................18-2

Switch Connection Statistics ..................................................................................................................18-2

Users ......................................................................................................................................................18-3

RMON ...........................................................................................................................................................18-3

RMON Design Considerations ...............................................................................................................18-4

Configuring RMON .................................................................................................................................18-5

sFlow ............................................................................................................................................................18-9

Using sFlow in Your Network ...............................................................................................................18-10

Definitions ............................................................................................................................................18-10

sFlow Agent Functionality ....................................................................................................................18-11

Sampling Mechanisms .........................................................................................................................18-11

Packet Flow Sampling....................................................................................................................18-11

Counter Sampling...........................................................................................................................18-11

Sampling Implementation Notes.....................................................................................................18-12

Configuring sFlow ................................................................................................................................18-12

Overview.........................................................................................................................................18-12

Procedure.......................................................................................................................................18-14

Chapter 19: Configuring Multicast

Using Multicast in Your Network ...................................................................................................................19-1

Implementing Multicast ..........................................................................................................................19-1

Multicast Operation ................................................................................................................................19-2

Internet Group Management Protocol (IGMP) .......................................................................................19-2

Overview...........................................................................................................................................19-2

IGMP Support on Enterasys Devices...............................................................................................19-3

Example: Sending a Multicast Stream..............................................................................................19-4

Distance Vector Multicast Routing Protocol (DVMRP) ...........................................................................19-5

Overview...........................................................................................................................................19-5

DVMRP Support on Enterasys Devices ...........................................................................................19-5

Protocol Independent Multicast (PIM) ..................................................................................................19-11

Overview.........................................................................................................................................19-11

PIM Support on Enterasys Devices................................................................................................19-13

PIM Terms and Definitions.............................................................................................................19-14

Configuring IGMP .......................................................................................................................................19-15

Basic IGMP Configuration ....................................................................................................................19-17

Example IGMP Configuration on Layer 3.......................................................................................19-17

IGMP Display Commands ....................................................................................................................19-18

Configuring DVMRP ...................................................................................................................................19-18

DVMRP Configuration Commands ......................................................................................................19-18

Basic DVMRP Configuration ................................................................................................................19-19

Example DVMRP Configuration .....................................................................................................19-19

Displaying DVMRP Information ............................................................................................................19-20

Configuring PIM-SM ...................................................................................................................................19-21

Design Considerations .........................................................................................................................19-21

PIM-SM Configuration Commands ......................................................................................................19-21

Basic PIM-SM Configuration ................................................................................................................19-22

Example Configuration ...................................................................................................................19-22

PIM-SM Display Commands ................................................................................................................19-24

xv

Chapter 20: IP Configuration

Enabling the Switch for Routing ...................................................................................................................20-1

Router Configuration Modes ..................................................................................................................20-1

Entering Router Configuration Modes ....................................................................................................20-2

Example .................................................................................................................................................20-3

Routing Interfaces ........................................................................................................................................20-3

IPv4 Interface Addresses .......................................................................................................................20-3

IP Static Routes ............................................................................................................................................20-4

Configuring Static Routes ......................................................................................................................20-5

Testing Network Connectivity .......................................................................................................................20-5

The ARP Table .............................................................................................................................................20-6

Proxy ARP ..............................................................................................................................................20-7

ARP Configuration .................................................................................................................................20-7

IP Broadcast Settings ...................................................................................................................................20-7

Directed Broadcast .................................................................................................................................20-7

UDP Broadcast Forwarding ...................................................................................................................20-8

DHCP and BOOTP Relay ......................................................................................................................20-9

IP Broadcast Configuration ....................................................................................................................20-9

Configuring ICMP Redirects .......................................................................................................................20-10

Terms and Definitions .................................................................................................................................20-10

Chapter 21: IPv4 Basic Routing Protocols

Configuring RIP ............................................................................................................................................21-1

Using RIP in Your Network ....................................................................................................................21-1

RIP Configuration Overview ...................................................................................................................21-1

RIP Router Configuration .................................................................................................................21-1

RIP Interface Configuration ..............................................................................................................21-2

RIP Configuration Example ....................................................................................................................21-3

Configuring IRDP ..........................................................................................................................................21-5

Using IRDP in Your Network ..................................................................................................................21-5

IRDP Configuration Overview ................................................................................................................21-5

IRDP Configuration Example .................................................................................................................21-5

Chapter 22: Configuring OSPFv2

OSPF Overview ............................................................................................................................................22-1

OSPF Areas ...........................................................................................................................................22-2

OSPF Router Types ...............................................................................................................................22-3

Designated Router .................................................................................................................................22-3

Authentication ........................................................................................................................................22-3

Basic OSPF Topology Configuration ............................................................................................................22-3

Configuring the Router ID ......................................................................................................................22-4

Configuring the Designated Router ........................................................................................................22-5

Configuring Router Priority ...............................................................................................................22-6

Example............................................................................................................................................22-6

Configuring the Administrative Distance for OSPF Routes ....................................................................22-7

Configuring SPF Timers .........................................................................................................................22-7

Configuring OSPF Areas ..............................................................................................................................22-8

Configuring Area Range .........................................................................................................................22-8

Example............................................................................................................................................22-8

Configuring a Stub Area .........................................................................................................................22-9

Stub Area Default Route Cost ........................................................................................................22-10

Example..........................................................................................................................................22-10

Configuring a Not So Stubby Area (NSSA) ..........................................................................................22-11

Example..........................................................................................................................................22-12

Configuring Area Virtual-Links .............................................................................................................22-12

xvi

Configuring Area Virtual-Link Authentication..................................................................................22-14

Configuring Area Virtual-Link Timers..............................................................................................22-14

Configuring Route Redistribution .........................................................................................................22-14

Configuring Passive Interfaces ............................................................................................................22-14

Configuring OSPF Interfaces ......................................................................................................................22-15

Configuring Interface Cost ...................................................................................................................22-15

Configuring Interface Priority ................................................................................................................22-15

Configuring Authentication ...................................................................................................................22-15

Configuring OSPF Interface Timers .....................................................................................................22-16

Default Settings ..........................................................................................................................................22-16

Configuration Procedures ...........................................................................................................................22-17

Basic OSPF Router Configuration .......................................................................................................22-17

OSPF Interface Configuration ..............................................................................................................22-18

OSPF Area Configuration ....................................................................................................................22-18

Managing and Displaying OSPF Configuration and Statistics .............................................................22-19

Chapter 23: Configuring VRRP

VRRP Overview ............................................................................................................................................23-1

VRRP Virtual Router Creation ................................................................................................................23-2

VRRP Master Election ...........................................................................................................................23-2

Enabling Master Preemption ..................................................................................................................23-3

Enabling ICMP Replies ..........................................................................................................................23-3

Configuring VRRP Authentication ..........................................................................................................23-3

Enabling the VRRP Virtual Router .........................................................................................................23-3

Configuring VRRP ........................................................................................................................................23-3

Configuration Examples .........................................................................................................................23-4

Basic VRRP Configuration ...............................................................................................................23-4

Multiple Backup VRRP Configuration...............................................................................................23-6

Terms and Definitions ...................................................................................................................................23-8

Chapter 24: Configuring Access Control Lists

Using Access Control Lists (ACLs) in Your Network ....................................................................................24-1

Implementing ACLs ......................................................................................................................................24-1

ACL Configuration Overview ........................................................................................................................24-2

Creating IPv4 ACLs ................................................................................................................................24-2

Creating IPv6 and MAC ACLs ................................................................................................................24-2

Creating ACL Rules ...............................................................................................................................24-3

IPv4 Rules ........................................................................................................................................24-3

IPv6 Rules ........................................................................................................................................24-4

MAC Rules .......................................................................................................................................24-4

Managing ACLs ......................................................................................................................................24-4

Deleting ACLs and Rules .................................................................................................................24-4

Moving ACL Rules............................................................................................................................24-5

Replacing ACL Rules .......................................................................................................................24-5

Inserting ACL Rules..........................................................................................................................24-6

Applying ACLs ........................................................................................................................................24-6

Configuring ACLs .........................................................................................................................................24-7

Configuring IPv4 ACLs ...........................................................................................................................24-7

Example............................................................................................................................................24-8

Configuring IPv6 ACLs ...........................................................................................................................24-8

Example............................................................................................................................................24-9

Configuring MAC ACLs ........................................................................................................................24-10

Example..........................................................................................................................................24-10

Access Control Lists on the A4 ...................................................................................................................24-11

Configuring A4 ACLs ............................................................................................................................24-12

xvii

Extended IPv4 ACL Configuration..................................................................................................24-12

MAC ACL Configuration .................................................................................................................24-13

Chapter 25: Configuring and Managing IPv6

Managing IPv6 ..............................................................................................................................................25-1

Configuring IPv6 Management ...............................................................................................................25-2

Example............................................................................................................................................25-2

Monitoring Network Connections ...........................................................................................................25-3

IPv6 Routing Configuration ...........................................................................................................................25-3

Overview ................................................................................................................................................25-3

Defaults ..................................................................................................................................................25-4

Setting Routing General Parameters .....................................................................................................25-5

Configuring Routing Interfaces ...............................................................................................................25-5

IPv6 Addressing ...............................................................................................................................25-5

Enabling an Interface for IPv6 Routing.............................................................................................25-6

Configuration Examples ...................................................................................................................25-6

Creating Tunnel Interfaces .....................................................................................................................25-7

Configuring Static Routes ......................................................................................................................25-9

Viewing Routing Information ................................................................................................................25-10

Testing Network Connectivity ...............................................................................................................25-11

IPv6 Neighbor Discovery ............................................................................................................................25-11

Duplicate Address Detection ................................................................................................................25-11

Neighbor Solicitation Messages ...........................................................................................................25-12

Router Advertisements .........................................................................................................................25-12

Cache Management .............................................................................................................................25-12

Neighbor Discovery Configuration .......................................................................................................25-13

DHCPv6 Configuration ...............................................................................................................................25-14

DHCPv6 Relay Agent Configuration ....................................................................................................25-14

DHCPv6 Server Configuration .............................................................................................................25-15

Pool Configuration..........................................................................................................................25-15

Server Configuration.......................................................................................................................25-15

Default Conditions ................................................................................................................................25-16

Configuration Examples .......................................................................................................................25-16

Viewing DHCPv6 Statistics ..................................................................................................................25-18

Chapter 26: Configuring Security Features

Security Mode Configuration ........................................................................................................................26-1

About the Security Mode ........................................................................................................................26-1

Configuring the Security Mode .........................................................................................................26-2

Security Mode and SNMP ......................................................................................................................26-2

Security Mode and User Authentication and Passwords .......................................................................26-3

Security Mode and System Logging ......................................................................................................26-3

Security Mode and File Management ....................................................................................................26-4

IPsec Configuration ......................................................................................................................................26-4

About IPsec ............................................................................................................................................26-4

IPsec Defaults ........................................................................................................................................26-5

IPsec Configuration ................................................................................................................................26-5

RADIUS Management Authentication ..........................................................................................................26-6

Request Transmission ...........................................................................................................................26-6

Response Validation ..............................................................................................................................26-7

Password Changing ...............................................................................................................................26-7

Example .................................................................................................................................................26-7

MAC Locking ................................................................................................................................................26-7

First Arrival Configuration .......................................................................................................................26-8

MAC Locking Notifications .....................................................................................................................26-8

xviii

Disabling and Enabling Ports .................................................................................................................26-9

MAC Locking Defaults ............................................................................................................................26-9

MAC Locking Configuration .................................................................................................................26-10

TACACS+ ...................................................................................................................................................26-11

TACACS+ Client Functionality .............................................................................................................26-12

Session Authorization and Accounting...........................................................................................26-12

Command Authorization and Accounting .......................................................................................26-12

Configuring the Source Address.....................................................................................................26-13

Default Settings ....................................................................................................................................26-13

Basic TACACS+ Configuration ............................................................................................................26-14

Example TACACS+ Configuration .......................................................................................................26-15

TACACS+ Display Commands ............................................................................................................26-15

Service ACLs ..............................................................................................................................................26-16

Restricting Management Access to the Console Port ..........................................................................26-17

Configuring a Service Access Control List ...........................................................................................26-17

DHCP Snooping ........................................................................................................................................26-18

DHCP Message Processing .................................................................................................................26-18

Building and Maintaining the Database ................................................................................................26-19

Rate Limiting ........................................................................................................................................26-19

Basic Configuration ..............................................................................................................................26-19

Configuration Notes........................................................................................................................26-20

Default Parameter Values ..............................................................................................................26-20

Managing DHCP Snooping ..................................................................................................................26-21

Dynamic ARP Inspection ...........................................................................................................................26-22

Functional Description ..........................................................................................................................26-22

Static Mappings..............................................................................................................................26-22

Optional ARP Packet Validation.....................................................................................................26-22

Logging Invalid Packets..................................................................................................................26-23

Packet Forwarding..........................................................................................................................26-23

Rate Limiting...................................................................................................................................26-23

Eligible Interfaces ...........................................................................................................................26-23

Interaction with Other Functions.....................................................................................................26-23

Basic Configuration ..............................................................................................................................26-24

Default Parameter Values ..............................................................................................................26-24

Managing Dynamic ARP Inspection .....................................................................................................26-24

Example Configuration .........................................................................................................................26-25

Non-Routing Example ....................................................................................................................26-25

Routing Example ............................................................................................................................26-26

Figures

3-1 CLI Startup Screen.............................................................................................................................3-2

3-2 Sample CLI Defaults Description........................................................................................................3-4

3-3 Performing a Keyword Lookup ...........................................................................................................3-4

3-4 Performing a Partial Keyword Lookup................................................................................................3-4

3-5 Scrolling Screen Output......................................................................................................................3-5

3-6 Abbreviating a Command...................................................................................................................3-5

9-1 VLAN Business Scenario ...................................................................................................................9-2

9-2 Inside the Switch ................................................................................................................................9-5

9-3 Example of VLAN Propagation Using GVRP .....................................................................................9-8

10-1 Applying Policy to Multiple Users on a Single Port...........................................................................10-5

10-2 Authenticating Multiple Users With Different Methods on a Single Port...........................................10-6

10-3 Selecting Authentication Method When Multiple Methods are Validated .........................................10-7

10-4 Stackable Fixed Switch Authentication Configuration Example Overview .....................................10-25

11-1 LAG Formation .................................................................................................................................11-4

11-2 LAGs Moved to Attached State ........................................................................................................11-6

Page is loading ...