Enterasys Networks N Standalone (NSA) Series manuel d'utilisation

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372

Aller à la page of

Un bon manuel d’utilisation

Les règles imposent au revendeur l'obligation de fournir à l'acheteur, avec des marchandises, le manuel d’utilisation Enterasys Networks N Standalone (NSA) Series. Le manque du manuel d’utilisation ou les informations incorrectes fournies au consommateur sont à la base d'une plainte pour non-conformité du dispositif avec le contrat. Conformément à la loi, l’inclusion du manuel d’utilisation sous une forme autre que le papier est autorisée, ce qui est souvent utilisé récemment, en incluant la forme graphique ou électronique du manuel Enterasys Networks N Standalone (NSA) Series ou les vidéos d'instruction pour les utilisateurs. La condition est son caractère lisible et compréhensible.

Qu'est ce que le manuel d’utilisation?

Le mot vient du latin "Instructio", à savoir organiser. Ainsi, le manuel d’utilisation Enterasys Networks N Standalone (NSA) Series décrit les étapes de la procédure. Le but du manuel d’utilisation est d’instruire, de faciliter le démarrage, l'utilisation de l'équipement ou l'exécution des actions spécifiques. Le manuel d’utilisation est une collection d'informations sur l'objet/service, une indice.

Malheureusement, peu d'utilisateurs prennent le temps de lire le manuel d’utilisation, et un bon manuel permet non seulement d’apprendre à connaître un certain nombre de fonctionnalités supplémentaires du dispositif acheté, mais aussi éviter la majorité des défaillances.

Donc, ce qui devrait contenir le manuel parfait?

Tout d'abord, le manuel d’utilisation Enterasys Networks N Standalone (NSA) Series devrait contenir:
- informations sur les caractéristiques techniques du dispositif Enterasys Networks N Standalone (NSA) Series
- nom du fabricant et année de fabrication Enterasys Networks N Standalone (NSA) Series
- instructions d'utilisation, de réglage et d’entretien de l'équipement Enterasys Networks N Standalone (NSA) Series
- signes de sécurité et attestations confirmant la conformité avec les normes pertinentes

Pourquoi nous ne lisons pas les manuels d’utilisation?

Habituellement, cela est dû au manque de temps et de certitude quant à la fonctionnalité spécifique de l'équipement acheté. Malheureusement, la connexion et le démarrage Enterasys Networks N Standalone (NSA) Series ne suffisent pas. Le manuel d’utilisation contient un certain nombre de lignes directrices concernant les fonctionnalités spécifiques, la sécurité, les méthodes d'entretien (même les moyens qui doivent être utilisés), les défauts possibles Enterasys Networks N Standalone (NSA) Series et les moyens de résoudre des problèmes communs lors de l'utilisation. Enfin, le manuel contient les coordonnées du service Enterasys Networks en l'absence de l'efficacité des solutions proposées. Actuellement, les manuels d’utilisation sous la forme d'animations intéressantes et de vidéos pédagogiques qui sont meilleurs que la brochure, sont très populaires. Ce type de manuel permet à l'utilisateur de voir toute la vidéo d'instruction sans sauter les spécifications et les descriptions techniques compliquées Enterasys Networks N Standalone (NSA) Series, comme c’est le cas pour la version papier.

Pourquoi lire le manuel d’utilisation?

Tout d'abord, il contient la réponse sur la structure, les possibilités du dispositif Enterasys Networks N Standalone (NSA) Series, l'utilisation de divers accessoires et une gamme d'informations pour profiter pleinement de toutes les fonctionnalités et commodités.

Après un achat réussi de l’équipement/dispositif, prenez un moment pour vous familiariser avec toutes les parties du manuel d'utilisation Enterasys Networks N Standalone (NSA) Series. À l'heure actuelle, ils sont soigneusement préparés et traduits pour qu'ils soient non seulement compréhensibles pour les utilisateurs, mais pour qu’ils remplissent leur fonction de base de l'information et d’aide.

Table des matières du manuel d’utilisation

  • Page 1

    Enterasys Matrix ® N Standalone (NSA) Series Configuration Guide Firmware V ersion 5.41.xx P/N 9034073-08 Rev .0C[...]

  • Page 2

    [...]

  • Page 3

    i Notice Enterasys Networks reserves the right to make changes in specifications a nd other information contained in this document and its web site without p rior not ice. The reader should in all cases c onsult Enterasys Networks to determine whether any such cha nges have been made. The hardware, firmware, or software described in this document i[...]

  • Page 4

    ii ENTERASYS NETWORKS, INC. FIRMWARE LICENSE AGREEMENT BEFORE OPENING OR UTILIZING THE ENCLOSED PRODUCT , CAREFULL Y READ THI S LICENSE AGREEMENT . This document is an agreement (“Agreement”) between the e nd user (“Y ou”) and Enterasys Networks, Inc. on behalf of itself and its Affili ates (as here inafter defined) (“Enterasys”) that s[...]

  • Page 5

    iii 3. APPLICABLE LAW. This Agreement shall be interpreted and governed under the laws and in the state and federal courts of the Commonwealth of Massachusetts without regard to its conflicts of laws pr ovisions. You accep t the personal jurisdiction and venue of the Commonwealth of Massachusetts courts. None of the 1980 United Nations Convention o[...]

  • Page 6

    iv 8. AUDIT RIGHTS. You hereby acknowledge that the inte llectual property rights associ ated with the Program are of critical value to Enterasys and, accord ingly, You hereby agree to maintain complete books, re cords and accounts showing (i) license fees due and paid, and ( ii) the use, copying and deployment of the Pr ogram. You also grant to En[...]

  • Page 7

    Matrix NSA Series Configuration Guide v Content s Figures ................ ............. ............. ............. ................ ............. ............. ............. ......................... ..... xi Tables........... ............. ............. ............. ............. ................ ............. ............. ............. ... ..[...]

  • Page 8

    Contents vi Matrix NSA Series Configu ration Guide 2.2 General Configuration Command Set .................... ................ ................ ....... 2-24 2.2.1 Setting User Accounts and Pa ssw ords ......... ............. ............ ....... 2-24 2.2.2 Managing the Management Auth entication Notification MIB ........ 2-36 2.2.3 Setting Basic De[...]

  • Page 9

    Contents Matrix NSA Series Configuration Guide vii 4.4 Configuring Port Mirroring ................ ................ ................ ................ ............. 4-87 4.4.1 Supported Mirrors ...................... ... ... ... ............. .... ... ............. ... ... ... 4-87 4.4.2 IDS Mirroring Considerations ..... ...... ............. ......[...]

  • Page 10

    Contents viii Matrix NSA Series Configuration Guide 7 802.1Q VLAN CONFIGURATION 7.1 VLAN Configuration Summary ............... ................ ................ ................ ......... 7-1 7.1.1 Port Assignment Scheme ... ................ ............. ............. ............. ..... 7-1 7.1.2 Port String Syntax Used in the CLI ........... ...[...]

  • Page 11

    Contents Matrix NSA Series Configuration Guide ix 11 LOGGING AND NETW ORK MANAGEMENT 11.1 Process Overview: Network Management .............. ... ... ... .... ... ... ... ....... ... ... ... 11-1 11.2 Logging And Network M anagement Command Set ............. ................ ......... 11-2 11.2.1 Configuring System Logging ...... ... ............. [...]

  • Page 12

    Contents x Matrix NSA Series Configura tion Guide 14 SECURITY CONFIGURATION 14.1 Overview of Security Methods ......... ......... ............. ................ ............. .......... 14-1 14.1.1 RADIUS Filter-ID Attrib ute and Dynamic Policy Profile Assignment14-3 14.2 Process Overview: Securi ty Configuration ............. ............. .......[...]

  • Page 13

    Matrix NSA Series Configuration Guide xi Figures Figure Page 2-1 Sample CLI Default Description ............. ................ ................. ................ ................ ........ 2-9 2-2 Matrix N Standalone Startu p Screen ... ... .... ............ .... ............. ... ... ............. ... ... ............. 2-14 2-3 Performing a Keyword[...]

  • Page 14

    Figures xii Matrix NSA Series Configuration Guide[...]

  • Page 15

    Matrix NSA Series Configuration Guide xiii Ta b l e s Ta b l e Page 2-1 Default Device Settings for Basic Switch Operation ......... ............. ................ ............. .. 2-1 2-2 Default Device Settings for Router Mode O peration ............ ............. ............ ............. .. 2-7 2-3 Basic Line Editing Emacs & vi Commands . [...]

  • Page 16

    T ables xiv Matrix NSA Series Configu ration Guide 5-11 Basic SNMP Trap Configuration Command Set ............... ............. ............. ............. ... 5-64 6-1 show spantree Output Deta ils ................... ............. ............. ................ ............. .......... 6-10 6-2 Port-Specific show spantree stats Output Details ...[...]

  • Page 17

    Ta b l e s Matrix NSA Series Configuration Guide xv 12-13 show ip dhcp server statistics Ou tput Details ............. ............. ................ ............. .. 12-138 13-1 RIP Configuration Task Li st and Commands .......... ............. ... ... ............. ... ... ............. 13-2 13-2 OSPF Configuration Task List and Commands ... ....[...]

  • Page 18

    T ables xvi Matrix NSA Series Configur ation Guide[...]

  • Page 19

    Enterasys Matrix ® N S tandalone (NSA) Series Configuration Guide xvii About This Guide W elcome to the Enterasys Enterasys Matrix ® N S tandalone (NS A) Series Config uration Guide . This manual explains how to access th e device’ s Command Line Interface (CLI) and how to use it to configure Matrix Series switch/router devices. USING THIS GUID[...]

  • Page 20

    xviii Enterasys Matrix ® N S tandalone (NSA) Series Configura tio n Guide S TRUCTURE OF THIS GUIDE The guide is organized as follows: Chapter 1 , Intr oduction , provides an overview of the tasks th at can be accomplished using the CLI interface, an overview of lo cal management requirements, and inform ation about obtaining technical support. Cha[...]

  • Page 21

    Enterasys Matrix ® N St andalone (NSA) Series Configuration Guide xix Chapter 9 , Port Priority and Rate Limiting Configuration , describes how to s et the transmit priority of each port, display the current traffic class mapping-to-priority of each port, set ports to either transmit frames according to selected prio rity transmit queues or percen[...]

  • Page 22

    xx Enterasys Matrix ® N St andalo ne (NSA) Series Configu ration Guide DOCUMENT CONVENTIONS This guide uses the following conventions: The following icons are used in this guide: bold type Bold type indicates required user input, including command keywords, that must be entered as shown for the command to execute. italic type When used in general [...]

  • Page 23

    Matrix NSA Series Configurati on Guide 1-1 1 Introduction This chapter provides an overview of the Matrix Series’ unique features and functionality , an overview of the tasks that may be accomplished us ing the CLI interface, an overview of ways to manage the device , an d information on ho w to co ntact Enterasys Networks for technical support. [...]

  • Page 24

    Matrix Series CLI Overview 1-2 Matrix NSA Series Configuration Guide 1.2 MATRIX SERIES CLI OVERVIEW Enterasys Networks’ Matrix Series CLI interface allows you to perform a variety of network management tasks, including the following: • Assign IP address and subnet mask. • Select a default gateway . • Assign a login password to th e device f[...]

  • Page 25

    Device Management Methods Matrix NSA Series Configuration Guide 1-3 1.3 DEVICE MANAGEMENT METHODS The Matrix Series device can be m anaged using the fo llo wing methods: • Locally using a VT type terminal connected to the console port. • Remotely using a VT type term inal connec ted through a modem. • Remotely using an SNMP management station[...]

  • Page 26

    Getting H elp 1-4 Matrix NSA Series Configuration Guide • A description of yo ur network environm ent (for example, la yout, cable type) • Network load and frame size at the time of trouble (if known) • The device history (for example, have you retu rned the device before, is this a recurring problem?) • Any previous Return Material Author [...]

  • Page 27

    Matrix NSA Series Configurati on Guide 2-1 2 S tartup and General Configuration This chapter describes factory default settings an d the S tartup and General Configuration set of commands. 2.1 ST ARTUP AND GENERAL CONFIGURATION SUMMARY At startup, the Matrix Series de vice is configured with many defaults and standard features. The following sectio[...]

  • Page 28

    S t artup a nd General Configu ration Summary Factory Default Settings 2-2 Matrix NSA Series Configuration Guide Does not apply to MA TRIX E7. Community name Public. Conver gence End Points phone detection Disabled globally and on all ports EAPOL Disabled. EAPOL authentication mode When enabled, set to auto for all ports. GARP timer Join timer set [...]

  • Page 29

    S tartup and General Configuration Summary Factory Default Settings Matrix NSA Series Configuration Guide 2-3 LLDP trap interval 5 seconds LLDP-MED fast repeat 3 fast start LLDPDUs LLDP traps Disabled LLDP-MED traps Disabled Lockout Set to disable Read-W rite and Read-Only users, an d to lockout the default admin (Super User) account for 15 minutes[...]

  • Page 30

    S t artup a nd General Configu ration Summary Factory Default Settings 2-4 Matrix NSA Series Configuration Guide Policy classification Classification rules ar e automatically enabled when created. Port auto-negotiation Enabled on all ports. Port advertised ability Maximum ability advertised on all ports. Port broadcast suppression Disabled (no broa[...]

  • Page 31

    S tartup and General Configuration Summary Factory Default Settings Matrix NSA Series Configuration Guide 2-5 Spanning T ree edge port delay Enabled. Spanning T ree forward delay Set to 15 seconds . Spanning T ree hello interval Set to 2 seconds. Spanning T ree ID (SID) Set to 0 . Spanning T ree legacy path cost Disabled. Spanning T ree maximum agi[...]

  • Page 32

    S t artup a nd General Configu ration Summary Factory Default Settings 2-6 Matrix NSA Series Configuration Guide Spanning T ree Loop Protect event window 180 se conds. Spanning T ree Loop Protect traps Disabled. Spanning T ree disputed BPDU threshold Set to 0, meaning no traps are sent. SSH Disabled. System baud rate Set to 9600 baud. System contac[...]

  • Page 33

    S tartup and General Configuration Summary Factory Default Settings Matrix NSA Series Configuration Guide 2-7 T able 2-2 Default Device Settings f or Router Mode Operation Device Fe ature Default Setting Access groups (IP security) None configured. Access lists (IP security) None configured. Area authentication (OSPF) Disabled. Area default cost (O[...]

  • Page 34

    S t artup a nd General Configu ration Summary Factory Default Settings 2-8 Matrix NSA Series Configuration Guide IP-directed broadcasts Disabled. IP forward-protocol Enabled with no po rt specified. IP interfaces Disabled with no IP addresses specified. IRDP Disabled on all interfaces. When enabled, maximum advertisement interval is set to 600 seco[...]

  • Page 35

    S tartup and General Configuration Summary CLI “Command Defaults” Descriptions Matrix NSA Series Configuration Guide 2-9 2.1.2 CLI “Command De fault s” Descriptions Each command description in this guide includes a section entitled “Command Defaults” which contains different information than the factory default settings on the device as[...]

  • Page 36

    S t artup a nd General Configu ration Summary Using WebView 2-10 Matrix NSA Series Configuration Gui de well as view Read-Only commands. Administrators or Super Users will be allowed al l Read-W rite and Read-Only privileges, and will be able to modify local user accounts. Th e Matrix Series device indicates which mode a user is logged in as by dis[...]

  • Page 37

    S tartup and General Configuration Summary Process Overview: CLI St artup and General Configuration Matrix NSA Series Configuration Guide 2-1 1 This example shows how to set the W ebV iew TCP port to 100. 2.1.5 Process Overview: CLI St ar tup and General Configuration Use the following steps as a guide to the st artup and general co nfiguration pro[...]

  • Page 38

    S t artup a nd General Configu ration Summary S tarting and Navigatin g the Command Line In terface 2-12 Matrix NSA Series Configuration Gui de 2.1.6 St arting and Navigating the Command Line Interface 2.1.6.1 Using a Cons ole Port Connection Once you have connected a terminal to th e local console port as described in your Matrix Series Installati[...]

  • Page 39

    S tartup and General Configuration Summary S tarting and Navigating the Command Line Interface Matrix NSA Series Configuration Guide 2-13 2.1.6.3 Logging in with Administ ratively Configured Account If the device’ s default user account settings have been changed, proceed as follows: 1. At the login prompt, enter your administra tively-assigned u[...]

  • Page 40

    S t artup a nd General Configu ration Summary S tarting and Navigatin g the Command Line In terface 2-14 Matrix NSA Series Configuration Gui de Figure 2-2 Matrix N S tandalone S tart up Screen 2.1.6.5 Getting Help with CLI Syntax The Matrix Series device allows you to display usage and syntax information for individual commands by typing help or ? [...]

  • Page 41

    S tartup and General Configuration Summary S tarting and Navigating the Command Line Interface Matrix NSA Series Configuration Guide 2-15 2.1.6.7 Performing Keyword Lookups Entering a space and a question mark ( ?) after a keyword will display all commands beginning with the keyword. Figure 2-3 shows how to perform a keyword lookup for the show snm[...]

  • Page 42

    S t artup a nd General Configu ration Summary S tarting and Navigatin g the Command Line In terface 2-16 Matrix NSA Series Configuration Gui de 2.1.6.8 Displaying Scrolling Screens If the CLI screen length has been set using the set length command a s described in Section 2.2.3.30 , CLI output requiring more than one screen will display --More-- to[...]

  • Page 43

    S tartup and General Configuration Summary Configuring the Line Editor Matrix NSA Series Configuration Guide 2-17 2.1.6.9 Abb reviating and Complet ing Commands The Matrix Series device allows you to abbrev iate CLI commands and keywords down to the number of characters that will allow for a unique abbreviation. Figure 2-6 shows how to abbreviate t[...]

  • Page 44

    S t artup a nd General Configu ration Summary Configuring the Li ne Editor 2-18 Matrix NSA Series Configuration Gui de T able 2-3 Basic Line Edit ing Emacs & vi Commands Key Sequence Emacs Command Ctrl+A Move cursor to beginning o f line. Ctrl+B Move cursor back one character . Ctrl+C Abort command. Ctrl+D Delete a cha racter . Ctrl+E Move curs[...]

  • Page 45

    S tartup and General Configuration Summary Configuring the Line Editor Matrix NSA Series Configuration Guide 2-19 k Get previous shell command in history j Get next shell command in history $ Go to end of line 0 Go to beginning of line aA p p e n d A Append at end of lin e c SP ACE Change character cl Change character cw Change word cc Change entir[...]

  • Page 46

    S t artup a nd General Configu ration Summary Configuring the Li ne Editor 2-20 Matrix NSA Series Configuration Gui de Commands The commands used to co nfigure the line-editor are listed belo w and described in the associated sections as shown. • show line-editor ( Section 2.1.7.1 ) • set line-editor ( Section 2.1.7.2 ) p Put last deletion afte[...]

  • Page 47

    S tartup and General Configuration Summary Configuring the Line Editor Matrix NSA Series Configuration Guide 2-21 2.1.7.1 s how line-editor Use this command to show curre nt and default line-editor mode and Delete character m ode. show line-editor Command Default s None. Command T ype Switch command. Command Mode Read-Only Example This example show[...]

  • Page 48

    S t artup a nd General Configu ration Summary Configuring the Li ne Editor 2-22 Matrix NSA Series Configuration Gui de 2.1.7.2 set line-editor Use this command to set the curre nt and default line editing mode or the way the Delete character is treated by the line editor . Y ou can also set th e persistence of your line editing selections. set line[...]

  • Page 49

    S tartup and General Configuration Summary Configuring the Line Editor Matrix NSA Series Configuration Guide 2-23 This example sets the default line -editor to emacs mode and sets th e selection to persist for future sessions: Matrix(rw)-> set line-editor emacs default[...]

  • Page 50

    General Configurati on Command Set Setting User Accounts and Passwords 2-24 Matrix NSA Series Configuration Gui de 2.2 GENERAL CONFIG URATION COMMAND SET 2.2.1 Setting User A cco unt s and Passwords Purpose T o change the device’ s default user login and password settings, and to ad d new user accounts and passwords. Commands The commands used to[...]

  • Page 51

    General Configurati on Command Set Setting User Accounts and Passwords Matrix NSA Series Configuration Guide 2-25 2.2.1.1 show system login Use this command to display us er logi n account information. show system login Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Super User . Example This example sho[...]

  • Page 52

    General Configurati on Command Set Setting User Accounts and Passwords 2-26 Matrix NSA Series Configuration Gui de T able 2-4 show system login Output Details Output What It Displays... Password hist ory size Number of previously used us er login passwords that will be checked for duplication when the set password command is executed. Configured wi[...]

  • Page 53

    General Configurati on Command Set Setting User Accounts and Passwords Matrix NSA Series Configuration Guide 2-27 2.2.1.2 set system login Use this command to create a new user login acc ount , or to disable or enable an existing account. The Matrix Series device supports up to 16 us er accounts, including the admin account, which cannot be disable[...]

  • Page 54

    General Configurati on Command Set Setting User Accounts and Passwords 2-28 Matrix NSA Series Configuration Gui de 2.2.1.3 clear system login Use this command to remove a local login user account. clear system login username Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Super User . Example This example show[...]

  • Page 55

    General Configurati on Command Set Setting User Accounts and Passwords Matrix NSA Series Configuration Guide 2-29 2.2.1.4 set p assword Use this command to change system default passwords or to set a new login password on the CLI. set password [ username ] Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W[...]

  • Page 56

    General Configurati on Command Set Setting User Accounts and Passwords 2-30 Matrix NSA Series Configuration Gui de Examples This example shows how a super-user would ch ange the Read-W rite password from the syste m default (blank string): This example shows how a user with Read -W rite acc ess would cha nge his password: Matrix(su)-> set passwo[...]

  • Page 57

    General Configurati on Command Set Setting User Accounts and Passwords Matrix NSA Series Configuration Guide 2-31 2.2.1.5 set system p assword length Use this command to set the mi nimum u ser login password length. set system password length characters Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Super Use[...]

  • Page 58

    General Configurati on Command Set Setting User Accounts and Passwords 2-32 Matrix NSA Series Configuration Gui de 2.2.1.6 set system p assword aging Use this command to set th e number of days user passwords will remain valid before aging out, or to disable user acco unt password aging. set system password aging { days | disable } Synt ax Descript[...]

  • Page 59

    General Configurati on Command Set Setting User Accounts and Passwords Matrix NSA Series Configuration Guide 2-33 2.2.1.7 set system p assword history Use this command to set the number of previously used user logi n passwords that will be checked for password duplication. This prevents duplicat e passwords from being entered into the system with t[...]

  • Page 60

    General Configurati on Command Set Setting User Accounts and Passwords 2-34 Matrix NSA Series Configuration Gui de 2.2.1.8 show system lockout Use this command to display settings for locking out users after fail ed attempts to log in to the system. show system lockout Synt ax Description None. Command Default s None. Command T ype Switch command. [...]

  • Page 61

    General Configurati on Command Set Setting User Accounts and Passwords Matrix NSA Series Configuration Guide 2-35 2.2.1.9 set system lockout Use this command to set the numb er of failed login attempts before locking out (disabling) a read-write or read-only user acco unt, and the numb er of minutes to lockout the default admin super user account a[...]

  • Page 62

    General Configurati on Command Set Managing the Management Authentica ti on Notification MIB 2-36 Matrix NSA Series Configuration Gui de 2.2.2 Managing the Management A uthentication Notification MIB Purpose This MIB provides controls for enabling/disabling th e sending of SNMP notifications when a user login authentication event occu rs for variou[...]

  • Page 63

    General Configurati on Command Set Managing the Ma nagement Authentication No tification MIB Matrix NSA Series Configuration Guide 2-37 2.2.2.1 s how mgmt-auth-notify Use this command to display th e current setting for the Manageme nt Authentication Notification MIB. show mgmt-auth-notify Synt ax Description None. Command Default s None. Command T[...]

  • Page 64

    General Configurati on Command Set Managing the Management Authentica ti on Notification MIB 2-38 Matrix NSA Series Configuration Gui de 2.2.2.2 set mgmt-auth-notify Use this command to either enab le or disable the Management Authentication Notification MIB. By selecting the optional Manage ment access type, a u ser c an specifically enable or dis[...]

  • Page 65

    General Configurati on Command Set Managing the Ma nagement Authentication No tification MIB Matrix NSA Series Configuration Guide 2-39 Examples This example shows how to set all the authentication types to be disabled on the Management Authentication Notification MIB. That in formation is then displayed with the show comma nd: This example shows h[...]

  • Page 66

    General Configurati on Command Set Managing the Management Authentica ti on Notification MIB 2-40 Matrix NSA Series Configuration Gui de 2.2.2.3 c lear mgmt-auth-notify Use this command to set the current setting for the Management Authenti cation Notification ac cess types to the default setting of enabled. clear mgmt-auth-notify Synt ax Descripti[...]

  • Page 67

    General Configurati on Command Set Managing the Ma nagement Authentication No tification MIB Matrix NSA Series Configuration Guide 2-41 Example This example displays the state of Management Authentication No tification access types prior to using the clear command, then displays the sa me i nformation after using the clear command: Matrix(su)->s[...]

  • Page 68

    General Configurati on Command Set Setting Basic Device Properties 2-42 Matrix NSA Series Configuration Gui de 2.2.3 Setting Basic Device Properti es Purpose T o display and set the system IP address a nd other basic system (device) pr operties, including time, contact name and alias, physical asset IDs for terminal output, timeout, and version inf[...]

  • Page 69

    General Configurati on Command Set Setting Basic Device Properties Matrix NSA Series Configuration Guide 2-43 • set summertime date ( Section 2.2.3.16 ) • set summertime recurring ( Section 2.2.3.17 ) • clear summertime ( Section 2.2.3.18 ) • set prompt ( Section 2.2.3.19 ) • set cli completion ( Section 2.2.3.20 ) • loop ( Section 2.2.[...]

  • Page 70

    General Configurati on Command Set Setting Basic Device Properties 2-44 Matrix NSA Series Configuration Gui de 2.2.3.1 show ip address Use this command to display the sy stem IP address and subnet ma sk. show ip address Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-Only . Example This example show[...]

  • Page 71

    General Configurati on Command Set Setting Basic Device Properties Matrix NSA Series Configuration Guide 2-45 2.2.3.2 set ip address Use this command to set the system IP ad dress, subnet mask and default gateway . set ip address ip-addr ess [ mask ip-mask ] [ gateway ip-gateway ] Synt ax Description Command Default s If not specified, ip-mask will[...]

  • Page 72

    General Configurati on Command Set Setting Basic Device Properties 2-46 Matrix NSA Series Configuration Gui de 2.2.3.3 clear ip address Use this command to clear the system IP address. clear ip address Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example This example shows how to cl ear t[...]

  • Page 73

    General Configurati on Command Set Setting Basic Device Properties Matrix NSA Series Configuration Guide 2-47 2.2.3.4 s how ip gratuitous-arp Use this command to display th e gratuitous ARP processing behavior . show ip gratuitous -arp Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-Only . Example T[...]

  • Page 74

    General Configurati on Command Set Setting Basic Device Properties 2-48 Matrix NSA Series Configuration Gui de 2.2.3.5 set ip gratuitous-arp Use this command to control the gr atuitous ARP processing beha vior . set ip gratuitous-arp [request] [reply] [both] ] Synt ax Description Command Default s Disabled by default Command T ype Switch command. C[...]

  • Page 75

    General Configurati on Command Set Setting Basic Device Properties Matrix NSA Series Configuration Guide 2-49 2.2.3.6 clear ip gratuitous-arp Use this command to stop a ll gratuitous ARP processing. clear ip gratuitous-arp Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example This example [...]

  • Page 76

    General Configurati on Command Set Setting Basic Device Properties 2-50 Matrix NSA Series Configuration Gui de 2.2.3.7 show system Use this command to display system information, including contact informa tion, power and fan tray status and uptime. show system Synt ax Description None. Command Default s None. Command T ype Switch command. Command M[...]

  • Page 77

    General Configurati on Command Set Setting Basic Device Properties Matrix NSA Series Configuration Guide 2-51 T able 2-6 show system Output Det ails Output What It Displays... System contact Contact person for the sy stem. Default of a blank string can be changed with the set s ystem contact command ( Section 2.2.3.28 ). System location Where the s[...]

  • Page 78

    General Configurati on Command Set Setting Basic Device Properties 2-52 Matrix NSA Series Configuration Gui de 2.2.3.8 show system hardware Use this command to display the system’ s hardware configuration. show system hardware Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-Only . Example The exam[...]

  • Page 79

    General Configurati on Command Set Setting Basic Device Properties Matrix NSA Series Configuration Guide 2-53 Matrix(rw)-> show system hardware CHASSIS HARDWARE INFORMATION ---------------------------- Chassis Type: Matrix N Standalone Platform Chassis Serial Number: 0001a300611b Power Supply 1: Not Installed Power Supply 2: Installed & Oper[...]

  • Page 80

    General Configurati on Command Set Setting Basic Device Properties 2-54 Matrix NSA Series Configuration Gui de 2.2.3.9 show system utilization Use this command to display system resource utilization information. show system utilization [ cpu | process | storage ] [ slot slot ] Synt ax Description Command Default s • If not specified, CPU, process[...]

  • Page 81

    General Configurati on Command Set Setting Basic Device Properties Matrix NSA Series Configuration Guide 2-55 ** Output continued from previous page ** Process Utilization: Slot: 1 CPU: 1 Name Pr ocID 5 sec 1 min 5 min --------------------------------- --------------------------- CLI 1 0.0% 0.0% 0.0% Chassis Data Synchronization 2 0.0% 0.0% 0.0% Co[...]

  • Page 82

    General Configurati on Command Set Setting Basic Device Properties 2-56 Matrix NSA Series Configuration Gui de ** Output continued from previo us page ** Name ProcID 5 sec 1 min 5 min ------------------------------- ----------------------------- Switch Web Server 34 1.4% 1.4% 1.4% Router Misc. 35 0.0% 0.0% 0.0% Router Multicast 36 0.0% 0.0% 0.0% Ro[...]

  • Page 83

    General Configurati on Command Set Setting Basic Device Properties Matrix NSA Series Configuration Guide 2-57 2.2.3.10 set system utilization threshold Use this command to set the threshold for sending CPU utilization notification messages. The value range is [1..1000] and represents the % of system uti lization to use as the trap threshold. set sy[...]

  • Page 84

    General Configurati on Command Set Setting Basic Device Properties 2-58 Matrix NSA Series Configuration Gui de 2.2.3.1 1 clear system utilization Use this command to clear the threshold for sending CPU utilization notification messages. clear system utilization Synt ax Description None. Command Default s None. Command T ype Switch command. Command [...]

  • Page 85

    General Configurati on Command Set Setting Basic Device Properties Matrix NSA Series Configuration Guide 2-59 2.2.3.12 show time Use this command to display the current time of day in the system clock. show time Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-Only . Example This example shows how to[...]

  • Page 86

    General Configurati on Command Set Setting Basic Device Properties 2-60 Matrix NSA Series Configuration Gui de 2.2.3.13 set time Use this command to ch ange the time of day on the system cl ock. set time [ mm/dd/yyyy ] [ hh:mm:ss ] Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example This examp[...]

  • Page 87

    General Configurati on Command Set Setting Basic Device Properties Matrix NSA Series Configuration Guide 2-61 2.2.3.14 show summertime Use this command to display daylight savings time settings. show summertime Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-Only . Example This example shows how to [...]

  • Page 88

    General Configurati on Command Set Setting Basic Device Properties 2-62 Matrix NSA Series Configuration Gui de 2.2.3.15 set summertime Use this command to enable or disa ble the daylight savings time function. set summertime { enable | disable } [ zone ] Synt ax Description Command Default s If a zone name is not specified, none will be applied. Co[...]

  • Page 89

    General Configurati on Command Set Setting Basic Device Properties Matrix NSA Series Configuration Guide 2-63 2.2.3.16 set summertime date Use this command to configure specific dates to start and stop daylight savings time. These settings will be non-recurring and will have to be reset annuall y . set summertime date start_month start_date start_ [...]

  • Page 90

    General Configurati on Command Set Setting Basic Device Properties 2-64 Matrix NSA Series Configuration Gui de Example This example shows how to set a da ylight savings time start date of April 4, 2004 at 2 a.m. and an ending date of Octobe r 31, 2004 at 2 a.m. with an offset time of one hour: Matrix(rw)-> set summertime date April 4 2004 02:00 [...]

  • Page 91

    General Configurati on Command Set Setting Basic Device Properties Matrix NSA Series Configuration Guide 2-65 2.2.3.17 set summertime recurring Use this command to configure recurring dayli ght savings time settings. These settings will start and stop daylight savings time at the specified day of the month and hour each year and will not have to be[...]

  • Page 92

    General Configurati on Command Set Setting Basic Device Properties 2-66 Matrix NSA Series Configuration Gui de Example This example shows how set daylight savings time to recur start date of April 4, 2004 at 2 a.m. and an ending date of October 31 , 2004 at 2 a.m. with an offset ti me of one hour: Matrix(rw)-> set summertime recurring fi rst Sun[...]

  • Page 93

    General Configurati on Command Set Setting Basic Device Properties Matrix NSA Series Configuration Guide 2-67 2.2.3.18 clear summertime Use this command to clear the da ylight savings time configuration. clear summertime Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example This example sh[...]

  • Page 94

    General Configurati on Command Set Setting Basic Device Properties 2-68 Matrix NSA Series Configuration Gui de 2.2.3.19 set prompt Use this command to modi fy the command prompt. set prompt “prompt_string” Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example This example shows how to set th[...]

  • Page 95

    General Configurati on Command Set Setting Basic Device Properties Matrix NSA Series Configuration Guide 2-69 2.2.3.20 set cli completion Use this command to enable or disable the CLI command completion function . When enabled, this allows you to complete a un ique CLI command fragment using the keyboard spacebar . set cli completion { enable | dis[...]

  • Page 96

    General Configurati on Command Set Setting Basic Device Properties 2-70 Matrix NSA Series Configuration Gui de 2.2.3.21 loop Use this command to execute a command loop. loop count [ delay ] [ -r ] Synt ax Description Command Default s • If a delay is not specified, none will be set. • If not specified, the cu rsor will not refresh. Command T yp[...]

  • Page 97

    General Configurati on Command Set Setting Basic Device Properties Matrix NSA Series Configuration Guide 2-71 2.2.3.22 show banner mot d Use this command to show the banner message of the day that w ill display at session login. show banner motd Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-Only .[...]

  • Page 98

    General Configurati on Command Set Setting Basic Device Properties 2-72 Matrix NSA Series Configuration Gui de 2.2.3.23 set bann er mot d Use this command to set the banner messag e of the day displayed at session login. set banner motd message Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Examp[...]

  • Page 99

    General Configurati on Command Set Setting Basic Device Properties Matrix NSA Series Configuration Guide 2-73 2.2.3.24 clear banner mot d Use this command to clear the banner message of the day displayed at session login to a blank string. clear banner motd Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode[...]

  • Page 100

    General Configurati on Command Set Setting Basic Device Properties 2-74 Matrix NSA Series Configuration Gui de 2.2.3.25 show versio n Use this command to display hardware and firmware information. Refer to Section 2.2.5 for instructions on how to do wnload a firmware image. show version Synt ax Description None. Command Default s None. Command T yp[...]

  • Page 101

    General Configurati on Command Set Setting Basic Device Properties Matrix NSA Series Configuration Guide 2-75 2.2.3.26 set system name Use this command to config ure a name for the system. set system name [ string ] Synt ax Description Command Default s If string is not specified, the syst em name wil l be cleared. Command T ype Switch command. Com[...]

  • Page 102

    General Configurati on Command Set Setting Basic Device Properties 2-76 Matrix NSA Series Configuration Gui de 2.2.3.27 set system l ocation Use this command to identify the loca tion of the system. set system location [ string ] Synt ax Description Command Default s If string is not specified, the loca tion name will be cleared. Command T ype Swit[...]

  • Page 103

    General Configurati on Command Set Setting Basic Device Properties Matrix NSA Series Configuration Guide 2-77 2.2.3.28 set system contact Use this command to identify a contact person for the system. set system contact [ string ] Synt ax Description Command Default s If string is not specified, the co ntact name will be cleared. Command T ype Switc[...]

  • Page 104

    General Configurati on Command Set Setting Basic Device Properties 2-78 Matrix NSA Series Configuration Gui de 2.2.3.29 set width Use this command to set the number of columns for the terminal co nnected to the device’ s console port. The length of the CLI is set using the set length co mm an d as described in Section 2.2.3.30 . set width scr een[...]

  • Page 105

    General Configurati on Command Set Setting Basic Device Properties Matrix NSA Series Configuration Guide 2-79 2.2.3.30 set length Use this command to set the number of lines the CLI will display . set length scr eenlength Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example This example shows h[...]

  • Page 106

    General Configurati on Command Set Setting Basic Device Properties 2-80 Matrix NSA Series Configuration Gui de 2.2.3.31 show log out Use this command to display the time (in seconds) an idle console or T elnet CLI session will remain connected before timing out. show logout Synt ax Description None. Command Default s None. Command T ype Switch comm[...]

  • Page 107

    General Configurati on Command Set Setting Basic Device Properties Matrix NSA Series Configuration Guide 2-81 2.2.3.32 set logout Use this command to set the time (in minutes) an idle console or T elnet CLI session will remain connected before timing out. set logout timeout Synt ax Description Command Default s None. Command T ype Switch command. C[...]

  • Page 108

    General Configurati on Command Set Setting Basic Device Properties 2-82 Matrix NSA Series Configuration Gui de 2.2.3.33 show physical alias Use this command to display th e alias, a text name, for one or more physical objects. show physical alias [ chassis ] | [ sl ot slot ] | [ backplane backplane ] | [ module module ] |[ powersupply powersupply ][...]

  • Page 109

    General Configurati on Command Set Setting Basic Device Properties Matrix NSA Series Configuration Guide 2-83 Example This example shows how to display physical alia s information for the chassi s. In this case, the chassis entity is 1 and there is no al ias currently set for the chassis: Matrix(rw)-> show physical alias c hassis chassis-1 alias[...]

  • Page 110

    General Configurati on Command Set Setting Basic Device Properties 2-84 Matrix NSA Series Configuration Gui de 2.2.3.34 set physical alias Use this command to set the alias, a text name, for a physical object. set physical alias { [ chassis ] [ slot slot ] [ backplane backplane ] [ mod ul e module ] [ powersupply powersupply ] [ powersupply-slot po[...]

  • Page 111

    General Configurati on Command Set Setting Basic Device Properties Matrix NSA Series Configuration Guide 2-85 Command Mode Read-W rite. Example This example shows how to set the alias for the chassis to “chassisone”: Matrix(rw)-> set physical alias ch assis chassisone[...]

  • Page 112

    General Configurati on Command Set Setting Basic Device Properties 2-86 Matrix NSA Series Configuration Gui de 2.2.3.35 clear physical alias Use this command to reset the alias for a physical object to a zero-length string. clear physical alias {[ chassis ] [ slot slot ] [ backplane backplane ] [ module module ] [ powersupply powersupply ] [ powers[...]

  • Page 113

    General Configurati on Command Set Setting Basic Device Properties Matrix NSA Series Configuration Guide 2-87 2.2.3.36 show physical assetid Use this command to display the asset ID for a module. show physical assetid module module Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-Only . Example This exampl[...]

  • Page 114

    General Configurati on Command Set Setting Basic Device Properties 2-88 Matrix NSA Series Configuration Gui de 2.2.3.37 set physical assetid Use this command to set the asset ID for a module. set physical assetid module module string Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example This exa[...]

  • Page 115

    General Configurati on Command Set Setting Basic Device Properties Matrix NSA Series Configuration Guide 2-89 2.2.3.38 clear physical assetid Use this command to reset the asset ID for a moduleto a zero-length string . clear physical assetid module module Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W [...]

  • Page 116

    General Configurati on Command Set Activating Licensed Features 2-90 Matrix NSA Series Configuration Gui de 2.2.4 Activating Licensed F eatures In order to enable advanced features, such as ro uting protocols, and extended ACLs on a Matrix Series device, you must purchase and activate a license key . If you have purchased a license, you can proceed[...]

  • Page 117

    General Configurati on Command Set Activating Licensed F eatures Matrix NSA Series Configuration Guide 2-91 2.2.4.1 set license When an advanced license is available, use this command to activate licen sed features. If this is available on your Matrix Series device, a unique license key will display in the show license command output. Synt ax Descr[...]

  • Page 118

    General Configurati on Command Set Activating Licensed Features 2-92 Matrix NSA Series Configuration Gui de 2.2.4.2 show license When available and activated, use this command to display your license key . show license Synt ax Description None. Command T ype Switch command. Command Mode Read-W rite. Command Default s None. Example This example show[...]

  • Page 119

    General Configurati on Command Set Activating Licensed F eatures Matrix NSA Series Configuration Guide 2-93 2.2.4.3 clear license Use this command to clear license key settings. Synt ax Description Command T ype Switch command. Command Mode Read-W rite. Command Default s If not specified, the license settings will be cleared from all modules. Examp[...]

  • Page 120

    General Configurati on Command Set Downloading a Ne w Firmware Image 2-94 Matrix NSA Series Configuration Gui de 2.2.5 Downloading a New Firmware Image Y ou can upgrade the op erational firmware in the Matrix Series device without physicall y opening the device or being in the same location. There are three ways to download firmware to the device: [...]

  • Page 121

    General Configurati on Command Set Downloading a New Firmware Imag e Matrix NSA Series Configuration Guide 2-95 2.2.5.1 D ownloading from an FTP or TFTP Server T o perform an FTP or TFTP do wnload, proceed as follows: 1. If you have not already done so, set the device’s IP address using the set ip address command as detailed in Section 2.2.3.2 . [...]

  • Page 122

    General Configurati on Command Set Downloading a Ne w Firmware Image 2-96 Matrix NSA Series Configuration Gui de 3. Type 2 . The following baud rate selection screen displays: 4. Type 8 to set the device baud rate to 115200 . The following message displays: 5. Set the terminal baud rate to 115200 and pres s ENTER. 6. Type download to start the ZMOD[...]

  • Page 123

    General Configurati on Command Set Reviewing and Selecting a Boot Firmware Image Matrix NSA Series Configuration Guide 2-97 11. Type boot to reboot the device. The following messag e indicates the downloaded image booted successfully: 2.2.6 Reviewing and Selecting a Boot Firmware Image Purpose T o display and set the image file the device loads at [...]

  • Page 124

    General Configurati on Command Set Reviewing and Sele cting a Boot Firmware Image 2-98 Matrix NSA Series Configuration Gui de 2.2.6.1 show boot system Use this command to display the fi rmware image t he system will load at the next system reset. The system must be reset by software for the new boot image to take effect at startup. If the chassis i[...]

  • Page 125

    General Configurati on Command Set Reviewing and Selecting a Boot Firmware Image Matrix NSA Series Configuration Guide 2-99 2.2.6.2 set boot system Use this command to set the firmwa re image the switch loads at startu p. This is the image t hat will be loaded automatically afte r th e system has been reset. Although it is not necessary to choose t[...]

  • Page 126

    General Configurati on Command Set S tarting and Configuri ng T elnet 2-100 Matrix NSA Series Configuration Guide 2.2.7 St arting and Configuring T e lnet Purpose T o enable or disable T elne t, and to start a T elnet s ession to a remote host. The Matrix Serie s device allows a total of four inbound and / or ou tbound T elnet session to run simult[...]

  • Page 127

    General Configurati on Command Set S tarting and Configurin g T e lnet Matrix NSA Series Configu ration Guide 2-1 01 2.2.7.1 show telnet Use this command to display the status of T elnet on the device. show telnet Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-Only . Example This example shows how [...]

  • Page 128

    General Configurati on Command Set S tarting and Configuri ng T elnet 2-102 Matrix NSA Series Configuration Guide 2.2.7.2 set telnet Use this command to enable or disable T elnet on the device. set telnet { enable | disabl e }{ inbound | outbound | all } Synt ax Description Command Default s None. Command Mode Read-W rite. Example This example show[...]

  • Page 129

    General Configurati on Command Set S tarting and Configurin g T e lnet Matrix NSA Series Configu ration Guide 2-1 03 2.2.7.3 telnet Use this command to start a T elnet connection to a remote host. Th e Matrix Series device allows a total of four inbou nd and / or outbound T elnet session to run simultaneously . telnet host [ port ] Synt ax Descript[...]

  • Page 130

    General Configurati on Command Set S tarting and Configuri ng T elnet 2-104 Matrix NSA Series Configuration Guide 2.2.7.4 show rou ter telnet Use this command to display the state of T elnet service to the router . show router telnet Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-Only . Example Thi[...]

  • Page 131

    General Configurati on Command Set S tarting and Configurin g T e lnet Matrix NSA Series Configu ration Guide 2-1 05 2.2.7.5 set router telnet Use this command to enable or disable T elnet service to the router interface IP address. set router telnet { enable | disable } Synt ax Description None. Command Default s None. Command T ype Switch command[...]

  • Page 132

    General Configurati on Command Set S tarting and Configuri ng T elnet 2-106 Matrix NSA Series Configuration Guide 2.2.7.6 clear router telnet Use this command to reset T elnet service to th e router to the default state of disabled. clear router telnet Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read[...]

  • Page 133

    General Configurati on Command Set Managing Configuration and Image Files Matrix NSA Series Configu ration Guide 2-1 07 2.2.8 Managing Co nfiguration and Image Files Matrix Series devices provide a single configura tion interface which allows you to perform both switch and router configuration with the same co mma nd set. The Matrix Series devices [...]

  • Page 134

    General Configurati on Command Set Managing Configuratio n and Image Files 2-108 Matrix NSA Series Configuration Guide 2.2.8.1 dir Use this command to list file s stored in the file system. dir [ filename ] Synt ax Description Command T ype Switc h. Command Mode Read-Only . Command Default s If filename is not specified, all files in the system wil[...]

  • Page 135

    General Configurati on Command Set Managing Configuration and Image Files Matrix NSA Series Configu ration Guide 2-1 09 Location Modules on which this image resides. Compatibility Module types on which this image is qualified to run. Attempting to run an incomp atible image on a given module will not succeed. Files User maintained files, such as CL[...]

  • Page 136

    General Configurati on Command Set Managing Configuratio n and Image Files 2-1 10 Matrix NSA Series C onfiguration Guide 2.2.8.2 show file Use this command to display the contents of an image or configuration file. show file filename Synt ax Description Command T ype Switc h. Command Mode Read-Only . Command Default s None. Example This example (an[...]

  • Page 137

    General Configurati on Command Set Managing Configuration and Image Files Matrix NSA Series Configuration Guide 2-1 1 1 2.2.8.3 show config Use this command to display the system config uration or write the configuration to a file. show config [ all ] [ facility ] [ outfile outfile ] Synt ax Description Command T ype Switch. Command Mode Read-W rit[...]

  • Page 138

    General Configurati on Command Set Managing Configuratio n and Image Files 2-1 12 Matrix NSA Series C onfiguration Guide Example This example shows how to display the cu rrent non-default device configuration: Matrix(rw)-> show config This command shows non-default configurations only. Use 'show config all' to show b oth default and no[...]

  • Page 139

    General Configurati on Command Set Managing Configuration and Image Files Matrix NSA Series Configuration Guide 2-1 13 2.2.8.4 configure Use this command to execute a pr eviously downloaded configuration file stored on the device. configure filename [ append ] Synt ax Description Command T ype Switch. Command Mode Read-W rite. Command Default s If [...]

  • Page 140

    General Configurati on Command Set Managing Configuratio n and Image Files 2-1 14 Matrix NSA Series C onfiguration Guide 2.2.8.5 copy Use this command to upload or download an image or a CLI configuration file. copy source destination Synt ax Description Command T ype Switc h. Command Mode Read-W rite. Command Default s None. Examples This example [...]

  • Page 141

    General Configurati on Command Set Managing Configuration and Image Files Matrix NSA Series Configuration Guide 2-1 15 This example shows how to uplo ad a configuration file via A nonymous FTP from the module in slot 3: This example shows how to copy a configuration file from the slot 3 directory to the slot 5 directory: Matrix(rw)-> copy slot3/[...]

  • Page 142

    General Configurati on Command Set Managing Configuratio n and Image Files 2-1 16 Matrix NSA Series C onfiguration Guide 2.2.8.6 delete Use this command to remove an image or a CL I configuration file from the Matrix system. delete filename Synt ax Description Command T ype Switc h. Command Mode Read-W rite. Command Default s None. Examples This ex[...]

  • Page 143

    General Configurati on Command Set Managing Configuration and Image Files Matrix NSA Series Configuration Guide 2-1 17 2.2.8.7 script Use this command to execute a script file. The script file must first be created on a PC and copied to the Matrix device using the copy command ( Section 2.2.8.5 ) before the sc ript can be e xecuted. The file can co[...]

  • Page 144

    General Configurati on Command Set Managing Configuratio n and Image Files 2-1 18 Matrix NSA Series C onfiguration Guide When the script command parses the file and performs the command line argument substitution, the commands are convert ed to the following: set port alias fe.1.1 scr ipt_set_port set port vlan fe.1.1 100 modify-egress set port jum[...]

  • Page 145

    General Configurati on Command Set Enabling or Disabling th e Path MTU Discovery Protocol Matrix NSA Series Configuration Guide 2-1 19 2.2.9 Enabling or Disabling the Path MTU Discovery Protocol Purpose T o enable or disable the path MTU (Maximum T ransmission Unit) discovery prot ocol on the device. Because ports with transmission speeds higher th[...]

  • Page 146

    General Configurati on Command Set Enabling or Disabling the Path MTU Discovery P rotocol 2-120 Matrix NSA Series Configuration Guide 2.2.9.1 show mtu Use this command to display the status of th e path MT U discovery protocol on the device. show mtu Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-O[...]

  • Page 147

    General Configurati on Command Set Enabling or Disabling th e Path MTU Discovery Protocol Matrix NSA Series Configu ration Guide 2-1 21 2.2.9.2 set mtu Use this command to disable or re-enab le pa th MTU discovery protocol on the device. set mtu { enable | disable } Synt ax Description Command Default s None. Command T ype Switch command. Command M[...]

  • Page 148

    General Configurati on Command Set Enabling or Disabling the Path MTU Discovery P rotocol 2-122 Matrix NSA Series Configuration Guide 2.2.9.3 clear mtu Use this command to reset the state of the path MTU discovery protocol back to enabled. clear mtu Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-W [...]

  • Page 149

    General Configurati on Command Set Pausing, Clearing and Closing the CLI Matrix NSA Series Configu ration Guide 2-1 23 2.2.10 Pausing , Cleari ng and Closing the CLI Purpose T o pause or clear the CLI screen or to close your CLI session. Commands The commands used to pause, clear and close the CLI session are listed below and described in the assoc[...]

  • Page 150

    General Configurati on Command Set Pausing, Clearing and Closing the CLI 2-124 Matrix NSA Series Configuration Guide 2.2.10.1 wait Use this command to pause the CLI for a specified number of seconds before executing the nex t command. wait seconds Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Ex[...]

  • Page 151

    General Configurati on Command Set Pausing, Clearing and Closing the CLI Matrix NSA Series Configu ration Guide 2-1 25 2.2.10.2 cls (clear screen) Use this command to clear the sc reen for the current CLI s ession. cls Synt ax Description None . Command Default s None. Command T ype Switch command. Command Mode Read-Only . Example This example show[...]

  • Page 152

    General Configurati on Command Set Pausing, Clearing and Closing the CLI 2-126 Matrix NSA Series Configuration Guide 2.2.10.3 exit | quit Use either of these comman ds to leave a CLI session. exit quit Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-Only . Example This example shows how to exit a CL[...]

  • Page 153

    General Configurati on Command Set Resetting the Device Matrix NSA Series Configu ration Guide 2-1 27 2.2.1 1 Resetting the Device Purpose T o reset one or more device modules, to clear the user -defined switch an d router configura tion parameters, or to schedule a system re set in order to load a new boot image. Commands The commands used to rese[...]

  • Page 154

    General Configurati on Command Set Resetting the Device 2-128 Matrix NSA Series Configuration Guide 2.2.1 1.1 show reset Use this command to display inform ation about scheduled device resets. show reset Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-Only . Example This command shows how to display[...]

  • Page 155

    General Configurati on Command Set Resetting the Device Matrix NSA Series Configu ration Guide 2-1 29 2.2.1 1.2 reset Use this command to rese t the device without losing any user -d efined configuration settings or to display information ab out device resets. reset {[ mod | system | nemcpu { mod . nemcpu }] [ cancel ]} Synt ax Description Command [...]

  • Page 156

    General Configurati on Command Set Resetting the Device 2-130 Matrix NSA Series Configuration Guide This example shows how to cancel a scheduled system reset: This example shows how to reset a Matrix Secu rity Module installed on the DFE in slot 4. Matrix(rw)-> reset cancel Reset cancelled. Matrix(rw)-> reset nemcpu 4.1 This command will rese[...]

  • Page 157

    General Configurati on Command Set Resetting the Device Matrix NSA Series Configu ration Guide 2-1 31 2.2.1 1.3 reset at Use this command to schedule a system reset a t a sp ecific future time. This feature is useful for loading a new boot image . reset at hh:mm [ mm/dd ] [ r eason ] Synt ax Description Command Default s • If month and day are no[...]

  • Page 158

    General Configurati on Command Set Resetting the Device 2-132 Matrix NSA Series Configuration Guide 2.2.1 1.4 reset in Use this command to schedule a system reset after a specific tim e. This feature is useful for loading a new boot image. reset in hh:mm [ re a s o n ] Synt ax Description Command Default s If a re a s o n is not specified, none wil[...]

  • Page 159

    General Configurati on Command Set Resetting the Device Matrix NSA Series Configu ration Guide 2-1 33 2.2.1 1.5 clear config Use this command to clear the u ser -defined switch and router c onf iguration parameters for one or more modules. Executing clear config on one Matrix module resets that modu le back to its factory defaults. For a list of fa[...]

  • Page 160

    General Configurati on Command Set Gathering T echnical Support Information 2-134 Matrix NSA Series Configuration Guide 2.2.12 Gathering T echni cal Support Information Purpose T o gather common techni cal support information. Command The command used to display technical support-related info rmation is listed below and described in the associated [...]

  • Page 161

    General Configurati on Command Set Gathering T echnical Suppo rt Information Matrix NSA Series Configu ration Guide 2-1 35 2.2.12.1 show support Use this command to display output for technical support-related commands. show support [ filename ] Synt ax Description Command Default s The following commands are executed: • show version ( Section 2.[...]

  • Page 162

    General Configurati on Command Set Gathering T echnical Support Information 2-136 Matrix NSA Series Configuration Guide Example This exa mple sho ws how to execute the show support command and s ave the results to slot 1 as a support3.txt file: There is no display example as the list of commands is quite lengthy . Click on the hyper -links in the ?[...]

  • Page 163

    Preparing the Device fo r Router Mode Pre-Routing Configuration T asks Matrix NSA Series Configu ration Guide 2-1 37 2.3 PREP ARING THE DEVICE FOR ROUTER MODE 2.3.1 Pre-Routing Configuration T asks The following pre-routin g tasks, as detailed in Section 2.1 and Sect ion 2.2.1 , must be performed from the switch CLI. • Star ting up the CLI. ( Sec[...]

  • Page 164

    Preparing the Device for Router Mode Pre-Routing Configuration T asks 2-138 Matrix NSA Series Configuration Guide The example in Figure 2-8 shows how to: • Configure module 1 as a routin g module. T able 2-9 Enabling the Switch for Ro uting T o do this task... Ty p e t h i s command... At this prompt.. . For details , see... Ste p 1 Configure a r[...]

  • Page 165

    Preparing the Device fo r Router Mode Reviewing and Configuring Rou ting Matrix NSA Series Configu ration Guide 2-1 39 • Configure VLAN 1 on IP address 182.127.63.1 255.255.255.0 as the routing interface for that module. Figure 2-8 Enabling the Switch for Routing 2.3.2 Reviewing and Configuring Routing Purpose T o review and configure routin g . [...]

  • Page 166

    Preparing the Device for Router Mode Reviewing and Con figuring Routing 2-140 Matrix NSA Series Configuration Guide 2.3.2.1 show rou ter Use this command to display which modules are configured for routing. show router Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example This example show[...]

  • Page 167

    Preparing the Device fo r Router Mode Reviewing and Configuring Rou ting Matrix NSA Series Configu ration Guide 2-1 41 2.3.2.2 set router Use this command to config ure routing on a module. set router module Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example This example shows how to se t mod[...]

  • Page 168

    Preparing the Device for Router Mode Reviewing and Con figuring Routing 2-142 Matrix NSA Series Configuration Guide 2.3.2.3 clear router Use this command to disable routin g on a module. clear router module Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example This example shows how to set disab[...]

  • Page 169

    Preparing the Device fo r Router Mode Reviewing and Configuring Rou ting Matrix NSA Series Configu ration Guide 2-1 43 2.3.2.4 router Use this command to enable routi ng mode on a module. This must be a module previously configured for routing using the set router command as described in Section 2.3.2.2 . Routing may be configured on one or two mod[...]

  • Page 170

    Preparing the Device for Router Mode Enabling Router Configu ration Modes 2-144 Matrix NSA Series Configuration Guide 2.3.3 Enabling Router Configuration Modes The Matrix CLI provides dif ferent modes of router operation for issuing a subset of commands from each mode. Ta b l e 2 - 1 1 describes these modes of ope ration. NOTE: The command prompt s[...]

  • Page 171

    Preparing the Device fo r Router Mode Enabling Router Confi guration Modes Matrix NSA Series Configu ration Guide 2-1 45 Router Configuration Mode Set IP protocol parameters. T ype router and the pr otocol name (and, for OSPF , the instance ID ) from Global or Interface Configuration mode. Matrix>Router1 (config-router)# Key Chain Configuration [...]

  • Page 172

    Preparing the Device for Router Mode Enabling Router Configu ration Modes 2-146 Matrix NSA Series Configuration Guide Server Load Balancing (SLB) Real Server Configuration Mode Configure an LSNA T real server . Ty p e real and the real server IP addr ess from SLB Server Farm Configuration Mode. Matrix>Router1 (config-slb-real)# Server Load Balan[...]

  • Page 173

    Matrix NSA Series Configurati on Guide 3-1 3 Configuring Discovery Protocols This chapter describes how to config ure the discovery protocols supported by the firmware using CLI commands. 3.1 OVERVIEW Currently , three discovery protcols are supported: • The Enterasys Discovery (CDP), described in Section 3.2.2 , “ Enterasys Discovery Protocol [...]

  • Page 174

    Discovery Protocols Command Set Displaying Neighbors 3-2 Matrix NSA Series Configuration Guide 3.2.1.1 show neighbors Use this command to display Network Neigh bor Discovery information from all supported discovery protcols. show neighbors [ port-string ] Synt ax Description Command Default s If port-string is not specified, all Network Neig hbor D[...]

  • Page 175

    Discovery Protocols Command Set Displaying Neighbors Matrix NSA Series Configuration Guide 3-3 Matrix(rw)-> show neighbors Port Device ID Port ID Type Network Address --------------------------------- -------------------------------------------- ge.1.1 00-01-f4-00-71-9c g e.1.27 lldp ge.1.2 00-01-f4-00-71-9c g e.1.28 lldp ge.1.3 00-01-f4-96-0f-f[...]

  • Page 176

    Discovery Protocols Command Set Enterasys Discove ry Protocol 3-4 Matrix NSA Series Configuration Guide 3.2.2 Enterasys Discovery Pro tocol Purpose T o enable and configure the En terasys Discovery Protocol (CDP), used to disc ov er network topology . When enabled, CDP a llows Enterasys de vices to send periodic PDUs about thems elve s to neighbori[...]

  • Page 177

    Discovery Protocols Command Set Enterasys Discovery Protocol Matrix NSA Series Configuration Guide 3-5 3.2.2.1 show cd p Use this command to display the st atus of the CDP discovery protocol and message interval on one or more ports. show cdp [ port-string ] Synt ax Description Command Default s If port-string is not specified, all CDP information [...]

  • Page 178

    Discovery Protocols Command Set Enterasys Discove ry Protocol 3-6 Matrix NSA Series Configuration Guide Ta b l e 3 - 1 provides an explanation of the command output. T abl e 3- 1 s ho w cdp Output Details Output What It Displays... CDP Global Status Whether CDP is globall y auto-enabled, enabled or disabl ed. The default state of auto-enabled can b[...]

  • Page 179

    Discovery Protocols Command Set Enterasys Discovery Protocol Matrix NSA Series Configuration Guide 3-7 3.2.2.2 set cdp st ate Use this command to enable or dis able the CDP discovery protocol on on e or more ports. set cdp state { auto | disable | enable } [ port-string ] Synt ax Description Command Default s If port-string is not specified, the CD[...]

  • Page 180

    Discovery Protocols Command Set Enterasys Discove ry Protocol 3-8 Matrix NSA Series Configuration Guide 3.2.2.3 set cdp auth Use this command to set a global CDP authentica tion code. This va lue determines a device’ s CDP domain. If two or more devices ha ve the same CDP authentication co de, t h ey will be entered into each other's CDP nei[...]

  • Page 181

    Discovery Protocols Command Set Enterasys Discovery Protocol Matrix NSA Series Configuration Guide 3-9 3.2.2.4 set cdp interval Use this command to set the message interval frequency (in seconds) of the C DP discovery protocol. set cdp interval fr equency Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W [...]

  • Page 182

    Discovery Protocols Command Set Enterasys Discove ry Protocol 3-10 Matrix NSA Series Configuration Gui de 3.2.2.5 set cd p hold-time Use this command to set the hold time value fo r CDP discovery protocol configuration messages. set cdp hold-time hold-time Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W[...]

  • Page 183

    Discovery Protocols Command Set Enterasys Discovery Protocol Matrix NSA Series Configuration Guide 3-1 1 3.2.2.6 clear cd p Use this command to reset CDP discove ry protocol settings to defaults. clear cdp {[ state ] [ port-state port-string ] [ interval ] [ hold-time ] [ auth-code ]} Synt ax Description Command Default s At least one optional para[...]

  • Page 184

    Discovery Protocols Command Set Cisco Discovery Protocol 3-12 Matrix NSA Series Configuration Gui de 3.2.3 Cisco Discovery Protocol Purpose T o enable and configure the Cisco Discovery Protocol, used to discover network topology . When enabled, the Cisco Discovery Protocol allows Cisco devices to send periodic PDUs about themselves to neighboring d[...]

  • Page 185

    Discovery Protocols Command Set Cisco Discovery Protocol Matrix NSA Series Configuration Guide 3-13 3.2.3.1 show ciscodp Use this command to display glo bal Cisco Discovery Pro t oc ol information . show ciscodp Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-Only . Example This example shows how to[...]

  • Page 186

    Discovery Protocols Command Set Cisco Discovery Protocol 3-14 Matrix NSA Series Configuration Gui de Holdtime (TTL) Number of seconds ne ighboring devices will hold PDU transmissions from the sending device. Default value of 180 can be changed with the s et ciscodp holdtime command as described in Section 3.2.3.5 . Device ID The MAC address of the [...]

  • Page 187

    Discovery Protocols Command Set Cisco Discovery Protocol Matrix NSA Series Configuration Guide 3-15 3.2.3.2 show ciscodp port info Use this command to display summ ary information about the Cisco Discovery Protocol on on e or more ports. show ciscodp port info [ port-string ] Synt ax Description Command Default s If port-string is not specified, Ci[...]

  • Page 188

    Discovery Protocols Command Set Cisco Discovery Protocol 3-16 Matrix NSA Series Configuration Gui de T able 3-3 show port ciscod p info Output Det ails Output What It Displays... Port Po rt designati on. State W hether CiscoDP is enabled or disabled on this port. Default state of enabled can be changed using the set ciscodp port command ( Section 3[...]

  • Page 189

    Discovery Protocols Command Set Cisco Discovery Protocol Matrix NSA Series Configuration Guide 3-17 3.2.3.3 set ciscodp st atus Use this command to enable or dis able Cisco Discovery Protocol globally on the device. set ciscodp status { auto | enable | disable } Synt ax Description Command Default s None. Command T ype Switch command. Command Mode [...]

  • Page 190

    Discovery Protocols Command Set Cisco Discovery Protocol 3-18 Matrix NSA Series Configuration Gui de 3.2.3.4 set ciscodp timer Use this command to set the number of seconds between Cisco Discovery Protocol PDU transmissions. set ciscodp timer time Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Ex[...]

  • Page 191

    Discovery Protocols Command Set Cisco Discovery Protocol Matrix NSA Series Configuration Guide 3-19 3.2.3.5 set ciscodp hold time Use this command to set the time to live (TTL) for Cis co Dis covery Protocol PDUs. This is the amount of time (in seconds) neig hboring devices will hold PDU transmissions from the sending device. set ciscodp holdtime t[...]

  • Page 192

    Discovery Protocols Command Set Cisco Discovery Protocol 3-20 Matrix NSA Series Configuration Gui de 3.2.3.6 set ciscodp port Use this command to set the st atus, voice VLAN, extended trus t mode, and CoS priority for untrusted traffic for the Cisco Discove ry Protocol on on e or more ports. set ciscodp port { [ status { disable | enable }] [ vvid [...]

  • Page 193

    Discovery Protocols Command Set Cisco Discovery Protocol Matrix NSA Series Configuration Guide 3-21 Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. status Set the CiscoDP port operational status disable Do not transmit or process CiscoDP PDUs enable T ransmit and process CiscoDP PDUs vvid Set the [...]

  • Page 194

    Discovery Protocols Command Set Cisco Discovery Protocol 3-22 Matrix NSA Series Configuration Gui de Examples This example shows how to set th e Cisco DP port voice VLAN ID to 3 on port fe.1.6 and enable the port operational state: This example shows how to set th e Cisco DP extended trust mode to unt rusted on port fe.1.5 and set the CoS priority [...]

  • Page 195

    Discovery Protocols Command Set Cisco Discovery Protocol Matrix NSA Series Configuration Guide 3-23 3.2.3.7 clear ciscod p Use this command to clear the Cisco Discov ery Protocol back to the default values. clear ciscodp { [ status | timer | holdtime | port { status | vvid | trust-ext | cos-ext }] } < port-string> Synt ax Description Command [...]

  • Page 196

    Discovery Protocols Command Set Cisco Discovery Protocol 3-24 Matrix NSA Series Configuration Gui de This example shows how to clear the Ci sco DP port status on port fe.1.5: Matrix> clear ciscodp port status fe.1.5[...]

  • Page 197

    Discovery Protocols Command Set Link Layer Discovery Protocol and LLDP-MED Matrix NSA Series Configuration Guide 3-25 3.2.4 Link Layer Discover y Protocol and LLDP-MED The IEEE 802.1AB standard, common ly referred to as the Link Layer Discovery Protocol (LLDP), is described in “IEEE 802.1AB-2005 Edition, IEEE S tandard for Local and Metropolitan [...]

  • Page 198

    Discovery Protocols Command Set Link Layer Discovery Protocol and LLDP-MED 3-26 Matrix NSA Series Configuration Gui de The standard specifies that certai n TL Vs are mand atory in transmitted LLDPDUs, while others are optional. Y ou can co nfigure on a port-specific basis which optional LLDP and LLDP-MED TL Vs should be sent in LLDPDUs. Configurati[...]

  • Page 199

    Discovery Protocols Command Set Link Layer Discovery Protocol and LLDP-MED Matrix NSA Series Configuration Guide 3-27 • show lldp port local-info ( Section 3.2.4.6 ) • show lldp port remote-info ( Section 3.2.4.7 ) • show lldp port network-po licy ( Section 3.2.4.8 ) • set lldp tx-interval ( Section 3.2.4.9 ) • set lldp hold-multiplier ( [...]

  • Page 200

    Discovery Protocols Command Set Link Layer Discovery Protocol and LLDP-MED 3-28 Matrix NSA Series Configuration Gui de 3.2.4.1 show lldp Use this command to display LLDP configuration information. show lldp Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-Only . Example This example shows how to disp[...]

  • Page 201

    Discovery Protocols Command Set Link Layer Discovery Protocol and LLDP-MED Matrix NSA Series Configuration Guide 3-29 3.2.4.2 show lld p port status Use this command to display the LLDP status of one or more ports. The command lists the ports that are enabled to send and receive LLDPPDUs . Ports are enabled or disabled with the set lldp port status[...]

  • Page 202

    Discovery Protocols Command Set Link Layer Discovery Protocol and LLDP-MED 3-30 Matrix NSA Series Configuration Gui de 3.2.4.3 show lld p port trap Use this command to display the ports that are en abled to send an LLDP no tification when a remote system change has been detected or an LLDP-MED notification when a change in th e topology has been se[...]

  • Page 203

    Discovery Protocols Command Set Link Layer Discovery Protocol and LLDP-MED Matrix NSA Series Configuration Guide 3-31 3.2.4.4 show lld p port tx-tlv Use this command to display info rmation about whi ch optional TL Vs have been configured to be transmitted on ports. Ports are configur ed to send optional TL Vs with the set lldp port tx-tlv command.[...]

  • Page 204

    Discovery Protocols Command Set Link Layer Discovery Protocol and LLDP-MED 3-32 Matrix NSA Series Configuration Gui de 3.2.4.5 show lld p port location-info Use this command to display conf igured location information for one or more ports. Ports are configured with a lo cation value using the set lldp port location-info command. show lldp port loc[...]

  • Page 205

    Discovery Protocols Command Set Link Layer Discovery Protocol and LLDP-MED Matrix NSA Series Configuration Guide 3-33 3.2.4.6 show lld p port local-info Use this command to display the lo cal system information stored for one or more ports. Y ou can use this information to detect misconfigurations or incompatibilities between the local port and the[...]

  • Page 206

    Discovery Protocols Command Set Link Layer Discovery Protocol and LLDP-MED 3-34 Matrix NSA Series Configuration Gui de Ta b l e 3 - 4 describes the information displayed by the show lldp port local-info command. Operational Speed/Duplex/Type : 100 full tx Max Frame Size (bytes) : 1522 Vlan Id : 1 LAG Supported/Enabled/Id : no/no/0 Protocol Id : Spa[...]

  • Page 207

    Discovery Protocols Command Set Link Layer Discovery Protocol and LLDP-MED Matrix NSA Series Configuration Guide 3-35 Chassis ID Mandatory basic LLDP TL V that identifies the chassis transmitting the LLDPDU. V alue is MAC address of chassis. Sys Name Optional basic LLDP TL V . V alu e is the administratively assigned name for the system. Sys Desc O[...]

  • Page 208

    Discovery Protocols Command Set Link Layer Discovery Protocol and LLDP-MED 3-36 Matrix NSA Series Configuration Gui de Network Policy (app/tag/vlanId/cos/dscp) L LDP-MED Extensio ns Network Poli cy T L V . For all applications enabled on the port to be tran smitted in a TL V , displays the application name, VLAN type (tag ged or untagged), VLAN Id,[...]

  • Page 209

    Discovery Protocols Command Set Link Layer Discovery Protocol and LLDP-MED Matrix NSA Series Configuration Guide 3-37 PoE Power Limit (mW) LLDP-MED Extensio ns Extended Powe r via MDI TL V . Displayed only when a port ha s PoE capabilities. Indicates the total power the port is cap able of sourcing o ver a maximum length cable, based on its current[...]

  • Page 210

    Discovery Protocols Command Set Link Layer Discovery Protocol and LLDP-MED 3-38 Matrix NSA Series Configuration Gui de 3.2.4.7 show lld p port remote-info Use this command to display the remote system information stored for a remote device co nnected to a local port. Y ou can use this information to detect misconfigura tions or incompatibilities be[...]

  • Page 211

    Discovery Protocols Command Set Link Layer Discovery Protocol and LLDP-MED Matrix NSA Series Configuration Guide 3-39 Note that the information fields displayed by the show lldp port remote-info command will vary , depending on the ty pe of remote device that is connected to the port. Ta b l e 3 - 5 describes the output fields that are unique to th[...]

  • Page 212

    Discovery Protocols Command Set Link Layer Discovery Protocol and LLDP-MED 3-40 Matrix NSA Series Configuration Gui de 3.2.4.8 show lld p port network-policy Use this command to display LLDP port network policy configuratio n info rmation. Network policy information is configured using the set lldp port network-po licy command. show lldp port netwo[...]

  • Page 213

    Discovery Protocols Command Set Link Layer Discovery Protocol and LLDP-MED Matrix NSA Series Configuration Guide 3-41 Command T ype Switch command. Command Mode Read-Only . Example This example shows how to display all LLD P network policy information for ge.1.1. Matrix(ro)->show lldp port networ k-policy all ge.1.1 Ports Application S tate Tag [...]

  • Page 214

    Discovery Protocols Command Set Link Layer Discovery Protocol and LLDP-MED 3-42 Matrix NSA Series Configuration Gui de 3.2.4.9 set lldp tx-interval Use this command to set the time, in seconds , between successive LLDP frame transmissions initiated by changes in the LLDP local system information. set lldp tx-interval fr equency Synt ax Description [...]

  • Page 215

    Discovery Protocols Command Set Link Layer Discovery Protocol and LLDP-MED Matrix NSA Series Configuration Guide 3-43 3.2.4.10 set lld p hold-multiplier Use this command to set the time-to-live valu e used in LLDP frames sent by this device. The time-to-live for LLDPDU data is calculated by multiplying the transmit interval by the hold multiplier v[...]

  • Page 216

    Discovery Protocols Command Set Link Layer Discovery Protocol and LLDP-MED 3-44 Matrix NSA Series Configuration Gui de 3.2.4.1 1 set lldp trap-interval Use this command to set the mini mum interval between LLDP notific ations sent by this device. LLDP notifications are sent when a remo te system change has been detected. s et lldp trap-interval fr [...]

  • Page 217

    Discovery Protocols Command Set Link Layer Discovery Protocol and LLDP-MED Matrix NSA Series Configuration Guide 3-45 3.2.4.12 set lld p med -fast -repeat Network connectivity devices tran smit only LLDP TL Vs in LLDPDUs until they detect that an LLDP-MED endpoint device has connected to a port. At that point, the netw ork connectivity device start[...]

  • Page 218

    Discovery Protocols Command Set Link Layer Discovery Protocol and LLDP-MED 3-46 Matrix NSA Series Configuration Gui de 3.2.4.13 set lldp port st atus Use this command to enable or disable transmitting and processing received LLDPDUs on a port or range of ports. set lldp port status { tx-enable | rx-enable | both | disable } port-string Synt ax Desc[...]

  • Page 219

    Discovery Protocols Command Set Link Layer Discovery Protocol and LLDP-MED Matrix NSA Series Configuration Guide 3-47 3.2.4.14 set lld p port trap Use this command to enable or disable sending LLDP notifications (traps) when a remote system change is detected. set lldp port trap { enable | disable } port-string Synt ax Description Command Default s[...]

  • Page 220

    Discovery Protocols Command Set Link Layer Discovery Protocol and LLDP-MED 3-48 Matrix NSA Series Configuration Gui de 3.2.4.15 set lld p port med-trap Use this command to enable or disable sending an LLDP-MED notification when a change in the topology has been sensed on the port (that is, a remote endpoint device has been attached or removed from [...]

  • Page 221

    Discovery Protocols Command Set Link Layer Discovery Protocol and LLDP-MED Matrix NSA Series Configuration Guide 3-49 3.2.4.16 set lld p port location-info Use this command to configure LLDP-MED location information on a port or range of ports. Currently , only Emergency Call Services (ECS ) Emergency Location Identification Number (ELIN) is suppor[...]

  • Page 222

    Discovery Protocols Command Set Link Layer Discovery Protocol and LLDP-MED 3-50 Matrix NSA Series Configuration Gui de 3.2.4.17 set lldp port tx-tlv Use this command to select the optional LLDP and LLDP-MED TL Vs to be transmitted in LLDPDUs by the specified port or ports. Use the show lldp port local-info command to display the values of these TL [...]

  • Page 223

    Discovery Protocols Command Set Link Layer Discovery Protocol and LLDP-MED Matrix NSA Series Configuration Guide 3-51 mac-phy MAC-PHY Configuration/St atus IEEE 802.3 Extensions TL V . V alue sent includes the operational MAU type, duplex, and speed of the port. poe Power via MDI IEEE 802.3 Extensions TL V . V alues sent include whether pair select[...]

  • Page 224

    Discovery Protocols Command Set Link Layer Discovery Protocol and LLDP-MED 3-52 Matrix NSA Series Configuration Gui de Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example This example configures the management address, MED capability , MED network policy , and MED location identification TL Vs to be sent in LLDPD[...]

  • Page 225

    Discovery Protocols Command Set Link Layer Discovery Protocol and LLDP-MED Matrix NSA Series Configuration Guide 3-53 3.2.4.18 set lld p port network-policy Use this command to configure network policy for a set of applicatio ns on a port or range of ports. The policies configured with th is co mmand are se nt in LLDPDU s as LLDP-MED Network Poli c[...]

  • Page 226

    Discovery Protocols Command Set Link Layer Discovery Protocol and LLDP-MED 3-54 Matrix NSA Series Configuration Gui de Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Usage As described in the ANSI/TIA S tandards document 1057, the Network Policy TL V is “intended for use with applications that have specific real-t[...]

  • Page 227

    Discovery Protocols Command Set Link Layer Discovery Protocol and LLDP-MED Matrix NSA Series Configuration Guide 3-55 Example This example configures the voice ap plication TL V on port fe.2.1 an d then configures the port to send the Network Policy TL V . Matrix(rw)->set lldp port network -policy voice state enable tag tagged vlan dot1p fe.2.1 [...]

  • Page 228

    Discovery Protocols Command Set Link Layer Discovery Protocol and LLDP-MED 3-56 Matrix NSA Series Configuration Gui de 3.2.4.19 clear lldp Use this command to return LLDP parameters to their default values. clear lldp { all | tx-interval | hold-multipler | trap-interval | med-fas t-repeat } Synt ax Description Command Default s None. Command T ype [...]

  • Page 229

    Discovery Protocols Command Set Link Layer Discovery Protocol and LLDP-MED Matrix NSA Series Configuration Guide 3-57 3.2.4.20 clear lld p port st atus Use this command to return the port status to the default value of both (both transmitting and processing received LLDPDUs are enabled). clear lldp port status port-string Synt ax Description Comman[...]

  • Page 230

    Discovery Protocols Command Set Link Layer Discovery Protocol and LLDP-MED 3-58 Matrix NSA Series Configuration Gui de 3.2.4.21 clear lldp port trap Use this command to return th e port LLDP t rap setting to the default value of disabl ed. clear lldp port trap port-string Synt ax Description Command Default s None. Command T ype Switch command. Com[...]

  • Page 231

    Discovery Protocols Command Set Link Layer Discovery Protocol and LLDP-MED Matrix NSA Series Configuration Guide 3-59 3.2.4.22 clear lld p port med-trap Use this command to return the port LLDP-MED trap setting to the default value of disabled. clear lldp port med-trap port-string Synt ax Description Command Default s None. Command T ype Switch com[...]

  • Page 232

    Discovery Protocols Command Set Link Layer Discovery Protocol and LLDP-MED 3-60 Matrix NSA Series Configuration Gui de 3.2.4.23 clear lldp port location-info Use this command to return th e port ECS ELIN location settin g to the default value of null. clear lldp port location-info elin port-string Synt ax Description Command Default s None. Command[...]

  • Page 233

    Discovery Protocols Command Set Link Layer Discovery Protocol and LLDP-MED Matrix NSA Series Configuration Guide 3-61 3.2.4.24 clear lld p port network-policy Use this command to return networ k policy for a set o f applications on a port or range of ports to default values. clear lldp port network-policy { all | voice | voice-signaling | guest-voi[...]

  • Page 234

    Discovery Protocols Command Set Link Layer Discovery Protocol and LLDP-MED 3-62 Matrix NSA Series Configuration Gui de Command Default s At least one application (or all ) and one policy parameter must be specified. Command T ype Switch command. Command Mode Read-W rite. Example This example returns all network policy values for a ll applications o[...]

  • Page 235

    Discovery Protocols Command Set Link Layer Discovery Protocol and LLDP-MED Matrix NSA Series Configuration Guide 3-63 3.2.4.25 clear lld p port tx-tlv Use this command to clear the optional LLDP and LLDP-MED TL Vs to be transmitted in LLDPDUs by the specified po rt or po rts to the default value of disabled. clear lldp port tx-tlv {[ all ] | [ port[...]

  • Page 236

    Discovery Protocols Command Set Link Layer Discovery Protocol and LLDP-MED 3-64 Matrix NSA Series Configuration Gui de Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example This example disables the management address, MED capability , MED network policy , and MED location identificatio n TL Vs from being sent in L[...]

  • Page 237

    Matrix NSA Series Configurati on Guide 4-1 4 Port Configuration This chapter describes the Port Configuratio n set of commands and how to use them. 4.1 PORT CONFIGURATION SUMMARY Console Port(s) Each Matrix Series module or standalone devi ce includes a console po rt through which local management of the device can be accessed using a terminal or m[...]

  • Page 238

    Port Configuration Summary Port S tring Syntax Used in the CLI 4-2 Matrix NSA Series Configuration Guide 4.1.1 Port String Synt ax Used in the CLI Commands requiring a port-string parameter use the following syntax to designate port type, slot location, and po rt number: port type.port gr oup.port number Where port type can be: fe for 100-Mbps Ethe[...]

  • Page 239

    Port Configuration Summary Port S tring Syntax Used in the CLI Matrix NSA Series Configuration Guide 4-3 This example shows the port-string syntax for specifying the 1-Gigabit Ethernet port 14 in port group 3. This example shows the port-string syntax for specifying Fast Ethe rnet ports 1 and 3 and Gigabit Ethernet port 1 1 in the module in chassis[...]

  • Page 240

    Process Overview: Port Configuration Port S tring Syntax Used in the CLI 4-4 Matrix NSA Series Configuration Guide 4.2 PROCESS OVERVIEW: PORT CONFIGURATION Use the following steps as a guide to conf iguringconsole and switch ports on the device: 6. Reviewing and setting console port properties ( Section 4.3.1 )Reviewing switch port status ( Section[...]

  • Page 241

    Port Configuration Command Set Setting Console Port Properties Matrix NSA Series Configuration Guide 4-5 4.3 PORT CONFIGURATION COMMAND SET 4.3.1 Setting Console Port Properties Purpose T o review and set parameters for on e or more of the device’ s console ports, including baud rate, auto baud detection, stopbits an d parity . Commands The comma[...]

  • Page 242

    Port Configuration Command Set Setting Console Port Properties 4-6 Matrix NSA Series Configuration Guide 4.3.1.1 show con sole Use this command to display propertie s set for one or more console p orts. show console [ port-string ] Synt ax Description Command Default s If port-string is not specified, properties for al l console ports will be d isp[...]

  • Page 243

    Port Configuration Command Set Setting Console Port Properties Matrix NSA Series Configuration Guide 4-7 4.3.1.2 clear console Use this command to clear the properti es set for one or more console ports. clear console [ port-string ] Synt ax Description Command Default s If port-string is not specified, properties for all console ports will be clea[...]

  • Page 244

    Port Configuration Command Set Setting Console Port Properties 4-8 Matrix NSA Series Configuration Guide 4.3.1.3 show console baud Use this command to d isplay the baud rate for one or more console ports. show console baud [ port-string ] Synt ax Description Command Default s If port-string is not specified, baud rate for al l console ports will be[...]

  • Page 245

    Port Configuration Command Set Setting Console Port Properties Matrix NSA Series Configuration Guide 4-9 4.3.1.4 set console baud Use this command to set the baud ra te for one or more console ports. set console baud rate [ port-st ring ] Synt ax Description Command Default s If port-string is not specified, baud rate will be set for all console po[...]

  • Page 246

    Port Configuration Command Set Setting Console Port Properties 4-10 Matrix NSA Series Configuration Gui de 4.3.1.5 clear console baud Use this command to clear the baud rate for one or more console ports. clear console baud [ port-string ] Synt ax Description Command Default s If port-string is not specified, baud rate w ill be cleared for all cons[...]

  • Page 247

    Port Configuration Command Set Setting Console Port Properties Matrix NSA Series Configuration Guide 4-1 1 4.3.1.6 show console flowcontrol Use this command to display the type of flow control setting for one or more console ports. show console flowcontrol [ port-string ] Synt ax Description Command Default s If port-string is not specified, the fl[...]

  • Page 248

    Port Configuration Command Set Setting Console Port Properties 4-12 Matrix NSA Series Configuration Gui de 4.3.1.7 set console flowcontrol Use this command to set th e type of flow control for one or more console p o rts. set console flowcontrol { none | ctsrts | dsrdtr } [ port-string ] Synt ax Description Command Default s If port-string is not s[...]

  • Page 249

    Port Configuration Command Set Setting Console Port Properties Matrix NSA Series Configuration Guide 4-13 4.3.1.8 clear console flowcontrol Use this command to clear the type of fl ow control for one or more console ports. clear console flowcontrol [ port-string ] Synt ax Description Command Default s If port-string is not specified, flow control w[...]

  • Page 250

    Port Configuration Command Set Setting Console Port Properties 4-14 Matrix NSA Series Configuration Gui de 4.3.1.9 show console bits Use this command to display the number of bits per character set for one or more console ports. show console bits [ port-string ] Synt ax Description Command Default s If port-string is not specified, the bits per cha[...]

  • Page 251

    Port Configuration Command Set Setting Console Port Properties Matrix NSA Series Configuration Guide 4-15 4.3.1.10 set console bit s Use this command to set the number of bits per character for one or more console ports. set console bits num-bits [ port-string ] Synt ax Description Command Default s If port-string is not specified, bits per charac [...]

  • Page 252

    Port Configuration Command Set Setting Console Port Properties 4-16 Matrix NSA Series Configuration Gui de 4.3.1.1 1 clear console bi t s Use this command to clear the number of bits per character for one or more console ports. clear console bits [ port-string ] Synt ax Description Command Default s If port-string is not specified, bits per charact[...]

  • Page 253

    Port Configuration Command Set Setting Console Port Properties Matrix NSA Series Configuration Guide 4-17 4.3.1.12 show console stopbit s Use this command to display the co nso le port stop bits per character . show console stopbits [ port-string ] Synt ax Description Command Default s If port-string is not specified, stop bits per character will b[...]

  • Page 254

    Port Configuration Command Set Setting Console Port Properties 4-18 Matrix NSA Series Configuration Gui de 4.3.1.13 set console stopbit s Use this command to set the stop bits pe r character for one or more console ports. set console stopbits { one | onean dhalf | two } [ port-string ] Synt ax Description Command Default s If port-string is not spe[...]

  • Page 255

    Port Configuration Command Set Setting Console Port Properties Matrix NSA Series Configuration Guide 4-19 4.3.1.14 clear console stopbit s Use this command to clear the stop bits per character for one or more console ports. clear console stopbits [ port-string ] Synt ax Description Command Default s If port-string is not specified, stop bits per ch[...]

  • Page 256

    Port Configuration Command Set Setting Console Port Properties 4-20 Matrix NSA Series Configuration Gui de 4.3.1.15 show console parity Use this command to display the type of parity checking set for one or more c on sole ports. show console parity [ port-string ] Synt ax Description Command Default s If port-string is not specified, parity type fo[...]

  • Page 257

    Port Configuration Command Set Setting Console Port Properties Matrix NSA Series Configuration Guide 4-21 4.3.1.16 set console p ari ty Use this command to set the parity ty pe for one or more console ports. set console parity { none | odd | ev en | mark | spac e } [ port-string ] Synt ax Description Command Default s If port-string is not specifie[...]

  • Page 258

    Port Configuration Command Set Setting Console Port Properties 4-22 Matrix NSA Series Configuration Gui de 4.3.1.17 clear consol e p arity Use this command to clear the parity type for one or more con sole ports. clear console parity [ port-string ] Synt ax Description Command Default s If port-string is not specified, parity type w ill be cleared [...]

  • Page 259

    Port Configuration Command Set Reviewing Port S tatus Matrix NSA Series Configuration Guide 4-23 4.3.2 Reviewing Port St atus Purpose T o display operating status, dupl ex mode, sp eed, po rt type, and statistical information about traf fic received and transmitted through one or all switch ports on the device. Commands The commands used to review [...]

  • Page 260

    Port Configuration Command Set Reviewing Po rt S tat us 4-24 Matrix NSA Series Configuration Gui de 4.3.2.1 show port Use this command to display whether or not one or more ports are enabled for switching. show port [ port-string ] Synt ax Description Command Default s If port-string is not specified, operational stat us information for al l ports [...]

  • Page 261

    Port Configuration Command Set Reviewing Port S tatus Matrix NSA Series Configuration Guide 4-25 4.3.2.2 show port st atus Use this command to display oper ating and admin status, speed, du plex mode and port type fo r one or more ports on the de vice. show port status [ port-string ] [ -interesting ] Synt ax Description Command Default s If no opt[...]

  • Page 262

    Port Configuration Command Set Reviewing Po rt S tat us 4-26 Matrix NSA Series Configuration Gui de T abl e 4-1 show port s tatus Output Details Output What It Displays... Port Port designation. For a detailed description of possible port-string values, refer to Section 4.1.1 . Alias (truncated) Alias configured for the port. For deta ils on using [...]

  • Page 263

    Port Configuration Command Set Reviewing Port S tatus Matrix NSA Series Configuration Guide 4-27 4.3.2.3 show port counters Use this command to display port counter statistic s detailing traffic throug h the device and throug h all MIB2 network device s. show port counters [ port-string ] [ switch | mib2 ] Synt ax Description Command Default s • [...]

  • Page 264

    Port Configuration Command Set Reviewing Po rt S tat us 4-28 Matrix NSA Series Configuration Gui de Examples This example shows how to display all counter stat istics, including MIB2 network traffic and traf fic through the device for fe.3.1: This example shows how to display all fe.3.1 port counter statistics related to traffic through the device.[...]

  • Page 265

    Port Configuration Command Set Reviewing Port S tatus Matrix NSA Series Configuration Guide 4-29 Ta b l e 4 - 2 provides an explanation of the co mma nd output. T able 4-2 show port counters Out put Details Output What It Displays... Port Port designation. For a de tailed description of possible port-string values, refer to Section 4.1.1 . MIB2 Int[...]

  • Page 266

    Port Configuration Command Set Reviewing Po rt S tat us 4-30 Matrix NSA Series Configuration Gui de 4.3.2.4 show port operst atuscause Use this command to display the causes configured to place operating status to a down or dormant state for one or more ports. show port operstatuscause [ port-string ] [ any ] [ modifiable ][ admin ] [ linkloss ] [ [...]

  • Page 267

    Port Configuration Command Set Reviewing Port S tatus Matrix NSA Series Configuration Guide 4-31 Command Default s If no options are specified, causes for all ports w ill be displayed. Command T ype Switch command. Command Mode Read-Only . Example This example shows how to display operation status causes for ports ge.1.1 through 6. In this case, po[...]

  • Page 268

    Port Configuration Command Set Reviewing Po rt S tat us 4-32 Matrix NSA Series Configuration Gui de 4.3.2.5 clear port operst atuscause Use this command to override the causes configured to place operating status to a down or dormant state for one or more ports. clear port operstatuscause [ port-string ] [ admin ] [ linkflap ] [ flowlimit ] [ polic[...]

  • Page 269

    Port Configuration Command Set Disabling / Enabling and Namin g Po rts Matrix NSA Series Configuration Guide 4-33 4.3.3 Disabling / Enabling and Naming Port s Purpose T o disable and re-enable one or more ports, and to as sign an alias to a port. By default, all ports are enabled at device startup. Y ou may want to disa ble ports for security or to[...]

  • Page 270

    Port Configuration Command Set Disabling / Enabling and Naming Po rts 4-34 Matrix NSA Series Configuration Gui de 4.3.3.1 set port d isable Use this command to administratively disable one or more ports. set port disable port-string Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example This exam[...]

  • Page 271

    Port Configuration Command Set Disabling / Enabling and Namin g Po rts Matrix NSA Series Configuration Guide 4-35 4.3.3.2 set port enable Use this command to administrativ ely enable one or more ports. set port enable port-string Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example This example[...]

  • Page 272

    Port Configuration Command Set Disabling / Enabling and Naming Po rts 4-36 Matrix NSA Series Configuration Gui de 4.3.3.3 show port alias Use this command to display alias name(s assigned to one or more ports. show port alias [ port-string ] Synt ax Description Command Default s If port-string is not specified, aliases for all ports will be display[...]

  • Page 273

    Port Configuration Command Set Disabling / Enabling and Namin g Po rts Matrix NSA Series Configuration Guide 4-37 4.3.3.4 set port alias Use this command to assign an alias name to a port. set port alias port-string [ string ] Synt ax Description Command Default s If string is not specified, the alias assign ed to the port will be cleared. Command [...]

  • Page 274

    Port Configuration Command Set Disabling / Enabling and Naming Po rts 4-38 Matrix NSA Series Configuration Gui de 4.3.3.5 show forcelinkdown Use this command to display the stat us of the force link do wn function. show forcelinkdown Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-Only . Example Thi[...]

  • Page 275

    Port Configuration Command Set Disabling / Enabling and Namin g Po rts Matrix NSA Series Configuration Guide 4-39 4.3.3.6 set forcelinkdown Use this command to enable or di sable th e force link down function. When e nabled, this forces ports in the “operstatus down” state to become disabled. set forcelinkdown { enable | disable } Synt ax Descr[...]

  • Page 276

    Port Configuration Command Set Disabling / Enabling and Naming Po rts 4-40 Matrix NSA Series Configuration Gui de 4.3.3.7 clear forcelinkdown Use this command to resets the force link down function to the default state of disabled. clear forcelinkdown Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-[...]

  • Page 277

    Port Configuration Command Set Setting Speed and Duplex Mode Matrix NSA Series Configuration Guide 4-41 4.3.4 Setting Speed and Duplex Mode Purpose T o review and set the operational speed in Mbps and the default duplex mode: Half , for half duplex, or Full , for full duplex for one or more ports. Commands The commands used to review and set port s[...]

  • Page 278

    Port Configuration Command Set Setting Speed and Duplex Mode 4-42 Matrix NSA Series Configuration Gui de 4.3.4.1 show port speed Use this command to display the defaul t speed setting on one or more ports. show port speed [ port-string ] Synt ax Description Command Default s If port-string is not specified, default speed settings for all ports will[...]

  • Page 279

    Port Configuration Command Set Setting Speed and Duplex Mode Matrix NSA Series Configuration Guide 4-43 4.3.4.2 set port speed Use this command to set the defau lt speed of one or more ports. Th is setting only takes effect on ports that have auto-negotiation disabled. set port speed port-string { 10 | 100 | 1000 } Synt ax Description Command Defau[...]

  • Page 280

    Port Configuration Command Set Setting Speed and Duplex Mode 4-44 Matrix NSA Series Configuration Gui de 4.3.4.3 show port duplex Use this command to display th e default duplex setting (half or full) for one or more ports. show port duplex [ port-string ] Synt ax Description Command Default s If port-string is not specified, default duplex setti n[...]

  • Page 281

    Port Configuration Command Set Setting Speed and Duplex Mode Matrix NSA Series Configuration Guide 4-45 4.3.4.4 set port duplex Use this command to set the default d uplex type for one or more ports. set port duplex port-string { full | half } Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Exampl[...]

  • Page 282

    Port Configuration Command Set Enabling / Disabling Jumbo Frame Support 4-46 Matrix NSA Series Configuration Gui de 4.3.5 Enabling / Disabli ng Jumbo Frame Support Purpose T o review , enable, and disable jumbo frame suppo rt on one or more ports. This allows Gigabit Ethernet ports to transmit frames up to 10 KB in size. Commands The commands used [...]

  • Page 283

    Port Configuration Command Set Enabling / Disabling Jumbo Fram e Support Matrix NSA Series Configuration Guide 4-47 4.3.5.1 show port jumbo Use this command to display the status of jumb o frame suppor t and maximum transmission units (MTU) on one or more ports. show port jumbo [ port-string ] Synt ax Description Command Default s If po rt-string i[...]

  • Page 284

    Port Configuration Command Set Enabling / Disabling Jumbo Frame Support 4-48 Matrix NSA Series Configuration Gui de 4.3.5.2 set port j umbo Use this command to enable or disa ble ju mbo frame support on on e or more ports. set port jumbo { enable | disable } [ port-string ] Synt ax Description Command Default s If port-string is not specified, jumb[...]

  • Page 285

    Port Configuration Command Set Enabling / Disabling Jumbo Fram e Support Matrix NSA Series Configuration Guide 4-49 4.3.5.3 clear port jumbo Use this command to reset jumb o frame support status to enabled on one or more ports. clear port jumbo [ port-string ] Synt ax Description Command Default s If port-string is not specified, jumbo frame suppor[...]

  • Page 286

    Port Configuration Command Set Setting Auto-Negotiation and Ad vertised Ability 4-50 Matrix NSA Series Configuration Gui de 4.3.6 Setting Auto-Negotiati on and Advertised Ability Purpose T o review , disable or enable auto-neg otiation, and to review or set a port’ s advertised mode of operation. During auto-negotiation and adverti sed ability , [...]

  • Page 287

    Port Configuration Command Set Setting Auto-N egotiation and Advertised Abili ty Matrix NSA Series Configuration Guide 4-51 4.3.6.1 show port negotiation Use this command to display the status of auto-negotiation for one or more ports. show port negotiation [ port-string ] Synt ax Description Command Default s If port-string is not specified, auto-[...]

  • Page 288

    Port Configuration Command Set Setting Auto-Negotiation and Ad vertised Ability 4-52 Matrix NSA Series Configuration Gui de 4.3.6.2 set port negotiation Use this command to enable or disable auto-negotiation on one or more ports. set port negotiation port-string { enable | disable } Synt ax Description Command Default s None. Command T ype Switch c[...]

  • Page 289

    Port Configuration Command Set Setting Auto-N egotiation and Advertised Abili ty Matrix NSA Series Configuration Guide 4-53 4.3.6.3 show port mdix Use this command to display the MDI/MDIX mode on one or more ports. This function detects and adapts to straight through (MDI) or cross - over (MDIX) Ethernet cabling o n switch ports. show port mdix [ p[...]

  • Page 290

    Port Configuration Command Set Setting Auto-Negotiation and Ad vertised Ability 4-54 Matrix NSA Series Configuration Gui de 4.3.6.4 set port mdix Use this command to set MDI/M D IX mode on one or more ports. set port mdix [ port-string ] { auto | mdi | mdix } Synt ax Description Command Default s If port-string is not specified, mode will be set fo[...]

  • Page 291

    Port Configuration Command Set Setting Auto-N egotiation and Advertised Abili ty Matrix NSA Series Configuration Guide 4-55 4.3.6.5 clear port mdix Use this command to reset MDIX mode to the default sett ing of auto on on e or more ports. clear port mdix [ port-string ] Synt ax Description Command Default s If port-string is not specified, mode wil[...]

  • Page 292

    Port Configuration Command Set Setting Auto-Negotiation and Ad vertised Ability 4-56 Matrix NSA Series Configuration Gui de 4.3.6.6 show port advertise Use this command to display the adve rtised ability on one or more ports. show port advertise [ port-string ] Synt ax Description Command Default s If port-string is not specified, advertised ab ili[...]

  • Page 293

    Port Configuration Command Set Setting Auto-N egotiation and Advertised Abili ty Matrix NSA Series Configuration Guide 4-57 T able 4-3 show port advertise Out put Details Output What It Displays... capability Whether or not the port is capable of operating in the following modes: • 10t - 10BASE-T half duplex mode • 10tfd - 10BASE-T full duplex [...]

  • Page 294

    Port Configuration Command Set Setting Auto-Negotiation and Ad vertised Ability 4-58 Matrix NSA Series Configuration Gui de 4.3.6.7 set port advertise Use this command to enable or di sable and to configure the adverti sed ability on one or more ports. set port advertise port-string [ 10t ] [ 10tfd ] [ 100tx ] [ 100txfd ] [ 1000x ] [ 1000xfd ] [ 10[...]

  • Page 295

    Port Configuration Command Set Setting Auto-N egotiation and Advertised Abili ty Matrix NSA Series Configuration Guide 4-59 Command Mode Read-W rite. Example This example shows how to set fe.3.4 to advertise 100BASE-TX full dupl ex operation: Matrix(rw)-> set port advertise fe .3.4 100txfd[...]

  • Page 296

    Port Configuration Command Set Setting Auto-Negotiation and Ad vertised Ability 4-60 Matrix NSA Series Configuration Gui de 4.3.6.8 clear port ad vertise Use this command to reset advertised ability to the default setting on one or more ports. clear port advertise port-string [ 10t | 10tfd | 100tx | 100txfd | 1000x | 1000 txfd | 1000t | 1000tfd | p[...]

  • Page 297

    Port Configuration Command Set Setting Auto-N egotiation and Advertised Abili ty Matrix NSA Series Configuration Guide 4-61 Command Default s If not specified, all modes of ad vertised ability will be cleared. Command T ype Switch command. Command Mode Read-W rite. Example This example shows how to re set all advertised ability to default settings [...]

  • Page 298

    Port Configuration Command Set Setting Flow Control 4-62 Matrix NSA Series Configuration Gui de 4.3.7 Setting Flow Control Purpose T o review , enable or dis able port flow control. Flow control is used to manage the transmission between two devices as specifie d by IEEE 802.3x to prevent receiving ports from being overwhelmed by frames from transm[...]

  • Page 299

    Port Configuration Command Set Setting Flow Control Matrix NSA Series Configuration Guide 4-63 4.3.7.1 show port flowcontrol Use this command to display the flow control state for one or more ports. show port flowcontrol [ port-string ] Synt ax Description Command Default s If port-string is not specified, flow control information for all ports wil[...]

  • Page 300

    Port Configuration Command Set Setting Flow Control 4-64 Matrix NSA Series Configuration Gui de TX Oper Whether or not the port is operationally enabled or disabled for sending flow control frames. RX Admin Whether or not the port is administratively enabled or disabled for acknowledging recei ved flow control frames. RX Oper Wh ether or not th e p[...]

  • Page 301

    Port Configuration Command Set Setting Flow Control Matrix NSA Series Configuration Guide 4-65 4.3.7.2 set port flowcontrol Use this command to enable or disable fl ow control settings for one or more ports. set port flowcontrol po rt-string { receive | send | both }{ enable | disable } Synt ax Description Command Default s None. Command T ype Swit[...]

  • Page 302

    Port Configuration Command Set Configuring Link T raps and Link Flap Detection 4-66 Matrix NSA Series Configuration Gui de 4.3.8 Configuring Link T raps and Link Flap Detection Purpose T o disable or re-enable link traps and to configure the link flapping detection function. By default, all ports are enabled to send SNMP trap messages indicating c [...]

  • Page 303

    Port Configuration Command Set Configuring Link T raps and Link Flap Detection Matrix NSA Series Configuration Guide 4-67 4.3.8.1 show port trap Use this command to display whether the port is e na bled for gene rating an SNMP trap message if its link state changes. show port trap [ port-string ] Synt ax Description Command Default s If port-string[...]

  • Page 304

    Port Configuration Command Set Configuring Link T raps and Link Flap Detection 4-68 Matrix NSA Series Configuration Gui de 4.3.8.2 set port trap Use this command to enable or disable ports for sending SNMP tr ap messages when their link status changes. set port trap port-string { enable | disable } Synt ax Description Command Default s None. Comman[...]

  • Page 305

    Port Configuration Command Set Configuring Link T raps and Link Flap Detection Matrix NSA Series Configuration Guide 4-69 4.3.8.3 show linkflap Use this command to display link flap det ection state and config uration information. show linkflap { globalstate | portstate | parameters | metrics | portsupported | actsupported | maximum | down ports | [...]

  • Page 306

    Port Configuration Command Set Configuring Link T raps and Link Flap Detection 4-70 Matrix NSA Series Configuration Gui de Command Default s • If not specified, information about all link flap detection settings will be displayed. • If port-string is not specified, information for all ports will be displayed. Command T ype Switch command. Comma[...]

  • Page 307

    Port Configuration Command Set Configuring Link T raps and Link Flap Detection Matrix NSA Series Configuration Guide 4-71 Ta b l e 4 - 5 provides an explanation of the show linkflap parameters command output. This example shows how to display the link flap metrics table: Ta b l e 4 - 6 provides an exp lan ation of the show linkflap metrics command [...]

  • Page 308

    Port Configuration Command Set Configuring Link T raps and Link Flap Detection 4-72 Matrix NSA Series Configuration Gui de T imeElapsed T ime (in seconds) since the last link down event. V iolations Number of link flap viola tions on listed po rts since sy s t em start. T able 4-6 show lin kflap metrics Output Det ails (Continued) Output What It Di[...]

  • Page 309

    Port Configuration Command Set Configuring Link T raps and Link Flap Detection Matrix NSA Series Configuration Guide 4-73 4.3.8.4 set linkflap globalst ate Use this command to globally enable or disable the link flap detection fu nction. By default, the function is disable d globally and on a ll ports. If disab led globally after per-port settings [...]

  • Page 310

    Port Configuration Command Set Configuring Link T raps and Link Flap Detection 4-74 Matrix NSA Series Configuration Gui de 4.3.8.5 set linkfl ap Use this command to enable or disable lin k flap mo nitoring on one or more ports. set linkflap portstate { disable | enable } [ port-string ] Synt ax Description Command Default s If port-string is not sp[...]

  • Page 311

    Port Configuration Command Set Configuring Link T raps and Link Flap Detection Matrix NSA Series Configuration Guide 4-75 4.3.8.6 set linkflap interval Use this command to set the time interval (in seconds) for accumulatin g link down transitions. set linkflap interval port-string interval_value Synt ax Description Command Default s None. Command T[...]

  • Page 312

    Port Configuration Command Set Configuring Link T raps and Link Flap Detection 4-76 Matrix NSA Series Configuration Gui de 4.3.8.7 set linkfl ap action Use this command to set reactions to a link flap violation. set linkflap action port-string { disableInterface | ge nsyslogentr y | gentrap | all } Synt ax Description Command Default s None. Comman[...]

  • Page 313

    Port Configuration Command Set Configuring Link T raps and Link Flap Detection Matrix NSA Series Configuration Guide 4-77 4.3.8.8 clear linkflap action Use this command to clear reac tions to a link flap violation. clear linkflap action [ port-string } { disableInterface | gensyslogentry | gentrap | all } Synt ax Description Command Default s If po[...]

  • Page 314

    Port Configuration Command Set Configuring Link T raps and Link Flap Detection 4-78 Matrix NSA Series Configuration Gui de 4.3.8.9 set linkfl ap threshold Use this command to set the link flap action trigger count. set linkflap threshold port-string thr eshold_value Synt ax Description Command Default s None. Command T ype Switch command. Command M[...]

  • Page 315

    Port Configuration Command Set Configuring Link T raps and Link Flap Detection Matrix NSA Series Configuration Guide 4-79 4.3.8.10 set linkflap downtime Use this command to set the time interval (in seconds) one or mo re ports will be held down after a link flap violation. set linkflap downtime port-string downtime_value Synt ax Description Command[...]

  • Page 316

    Port Configuration Command Set Configuring Link T raps and Link Flap Detection 4-80 Matrix NSA Series Configuration Gui de 4.3.8.1 1 clear linkflap down Use this command to toggle link fl ap disabled ports to operational. clear linkflap down [ port-string ] Synt ax Description Command Default s If port-string is not specified, all po rts disabled b[...]

  • Page 317

    Port Configuration Command Set Configuring Link T raps and Link Flap Detection Matrix NSA Series Configuration Guide 4-81 4.3.8.12 clear linkflap Use this command to clear all link flap options and / or statistics on one or more ports. clear linkflap { all | stats [ port-string ] | parameter port-string { threshold | interval | downtime | all } Syn[...]

  • Page 318

    Port Configuration Command Set Configuring Broadcast Suppression 4-82 Matrix NSA Series Configuration Gui de 4.3.9 Configuring Broa dcast Suppression Purpose T o review , disable or set the broadcast thresholds on one or more ports. This limits the amount of received broadcast frames that the specified port will be allowed to switch out to other po[...]

  • Page 319

    Port Configuration Command Set Configuring Broadcast Suppression Matrix NSA Series Configuration Guide 4-83 4.3.9.1 show port broadcast Use this command to display p ort broadcast suppression information for one or more p orts. show port broadcast [ port-string ] Synt ax Description Command Default s If port-string is not specified, broadcast stat [...]

  • Page 320

    Port Configuration Command Set Configuring Broadcast Suppression 4-84 Matrix NSA Series Configuration Gui de Peak Rate (pkts/s) Peak rate of broadcast transmission received on this port in packets per second. Peak Rate T ime (ddd:hh:mm:ss) T ime (in day , hours, minutes and seconds) the peak rate was reached on this port. T able 4-7 show por t broa[...]

  • Page 321

    Port Configuration Command Set Configuring Broadcast Suppression Matrix NSA Series Configuration Guide 4-85 4.3.9.2 set port broadcast Use this command to set the broadcast suppression limit, in packets per second, on one or more ports. This sets a threshold on the broadcast traffic that is received and sw itched out to othe r ports. set port broad[...]

  • Page 322

    Port Configuration Command Set Configuring Broadcast Suppression 4-86 Matrix NSA Series Configuration Gui de 4.3.9.3 clear port broadcast Use this command to reset the broadcast threshold an d/or clear the peak rate and peak time values on one or switch more ports. clear port broadcast port-string [ threshold ] [ peak ] Synt ax Description Command [...]

  • Page 323

    Configuring Port Mirroring Supported Mirrors Matrix NSA Series Configuration Guide 4-87 4.4 CONFIGURING PORT MIRRORING The Matrix device allows you to mirror (or redirect) the traffic be ing switch ed on a po rt or VL AN for the purposes of network traffic analysis and connection assurance. When port mirroring is enabled, one port becomes a monitor[...]

  • Page 324

    Configuring Port Mi rroring IDS Mirroring Considerations 4-88 Matrix NSA Series Configuration Gui de 4.4.2 IDS Mirro ring Consideration s An IDS mirror is a one-to-many port mirror that ha s be en designed for use with an Intrusion Detection System. The following c onsiderations must be taken in to account when configuring IDS mirroring on the Matr[...]

  • Page 325

    Configuring Port Mirroring Setting Port Mirroring Matrix NSA Series Configuration Guide 4-89 4.4.4 Setting Port Mirroring Purpose T o review and configure port mirror ing on the device. Commands The comma nds used to review and configure port mirroring are listed below and described in the associated section as shown. • show port mirroring ( Sect[...]

  • Page 326

    Configuring Port Mi rroring Setting Port Mirroring 4-90 Matrix NSA Series Configuration Gui de 4.4.4.1 show port mirroring Use this command to display the source and tar g et ports for mirroring, and whether mirroring is currently enabled or disable d fo r those ports. show port mirroring Synt ax Description None. Command Default s None. Command T [...]

  • Page 327

    Configuring Port Mirroring Setting Port Mirroring Matrix NSA Series Configuration Guide 4-91 4.4.4.2 set port mirroring Use this command to create a ne w mirroring relatio nship or to enable or disable an existing mirroring relationshi p between two ports. set port mirroring { create | disable | enable } | igmp-mcast { enable | disable } sour ce de[...]

  • Page 328

    Configuring Port Mi rroring Setting Port Mirroring 4-92 Matrix NSA Series Configuration Gui de Example This example shows how to enable port mirroring of transmitted and received frames with fe.1.4 as the source port and fe.1.1 1 as the target port: Matrix(rw)-> set port mirroring enable f e.1.4 fe.1.11 both[...]

  • Page 329

    Configuring Port Mirroring Setting Port Mirroring Matrix NSA Series Configuration Guide 4-93 4.4.4.3 clear port mirroring Use this command to clear a port mirroring relationship. clear port mirroring { igmp-mcast | source destination } Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example This e[...]

  • Page 330

    Configuring LACP LACP Operation 4-94 Matrix NSA Series Configuration Gui de 4.5 CONFIGURING LACP Using multiple links simultaneously to increase bandw idth is a desirable switch feature, which can be accomplished if both sides agree on a set of ports that are being used as a Link Aggregation Group (LAG). Once a LAG is formed from selected ports, pr[...]

  • Page 331

    Configuring LACP LACP T erminology Matrix NSA Series Configuration Guide 4-95 The operation of LACP invo lves the following activities: • Checking that candidate links can actua lly be a ggregated. • Controlling the addition of a link to a LAG , and the creation of the group if necessary . • Monitoring the status of aggregated links to ensure[...]

  • Page 332

    Configuring LACP Matrix Series Usage Considerations 4-96 Matrix NSA Series Configuration Gui de 4.5.3 Matrix Series Usage Consideration s In normal usage (and typical impl ementations) there is no need to modify any of th e default LACP parameters on the Matrix Series device. The defa ult values will result in the maximum number of aggregations pos[...]

  • Page 333

    Configuring LACP Matrix Series Usage Considerations Matrix NSA Series Configuration Guide 4-97 LACP uses a system priority va lue to build a LAG ID, which de te rmines aggregation precedence. If there are two partner devices competing for th e same aggregator, LACP compares the LAG IDs for each grouping of ports. The LAG with the lower LAG ID is gi[...]

  • Page 334

    Configuring LACP Configuring Link Aggregation 4-98 Matrix NSA Series Configuration Gui de 4.5.4 Configuring Link Aggregation Purpose T o disable and re-enable the Link Aggregation Control Protocol (LACP), to display and configure LACP settings for one or more aggregator ports, and to display and config ure the LACP settings for underlying phys ical[...]

  • Page 335

    Configuring LACP Configuring Link Aggregatio n Matrix NSA Series Configuration Guide 4-99 • clear lacp outportAlgorithm ( Section 4.5.4.20 )[...]

  • Page 336

    Configuring LACP Configuring Link Aggregation 4-100 Matrix NSA Series Configuration Guide 4.5.4.1 show lacp Use this command to disp lay the global LACP enable state, or to display informa tion abou t one or more aggregator ports. Each Matr ix Series module provides virtua l link aggregator ports, which are designated in the CLI as lag.0.1 through [...]

  • Page 337

    Configuring LACP Configuring Link Aggregatio n Matrix NSA Series Configu ration Guide 4-1 01 T able 4-9 show lacp Ou tput Detail s Output What It Displays... Aggregator LAG port designation. Each Matrix Series module provides 48 virtual link aggregat or ports, which are designated in the CLI as lag.0.1 through l ag.0.48 . Once underlying physical p[...]

  • Page 338

    Configuring LACP Configuring Link Aggregation 4-102 Matrix NSA Series Configuration Guide 4.5.4.2 set lacp Use this command to disable or enable the Li nk Ag gregation Control Protocol (LACP) on the device. LACP is enabled by default. set lacp { disable | enable } Synt ax Description Command Default s None. Command T ype Switch command. Command Mod[...]

  • Page 339

    Configuring LACP Configuring Link Aggregatio n Matrix NSA Series Configu ration Guide 4-1 03 4.5.4.3 clear lacp state Use this command to reset LACP to the default state of enabled. clear lacp state Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example This example shows how to reset LACP [...]

  • Page 340

    Configuring LACP Configuring Link Aggregation 4-104 Matrix NSA Series Configuration Guide 4.5.4.4 set lacp asyspri Use this command to set the LACP system priority . LACP uses this value to determine aggregation precedence. If there are two partner devices comp eting for the same aggreg a tor, LACP compares the LAG IDs for each grouping of ports. T[...]

  • Page 341

    Configuring LACP Configuring Link Aggregatio n Matrix NSA Series Configu ration Guide 4-1 05 4.5.4.5 set lacp aadminkey Use this command to set the administratively assign ed key for one or more aggregator po rts. LACP will use this value to form an oper key . Only un derlying physical ports wi th oper keys matching those of their aggregators will [...]

  • Page 342

    Configuring LACP Configuring Link Aggregation 4-106 Matrix NSA Series Configuration Guide 4.5.4.6 clear lacp Use this command to clear LACP syst em priority or admin key settings. clear lacp {[ asyspri] [ aadminkey port-string ]} Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example This example[...]

  • Page 343

    Configuring LACP Configuring Link Aggregatio n Matrix NSA Series Configu ration Guide 4-1 07 4.5.4.7 set lacp static Use this command to assign one o r more underlyi ng physical ports to a Link Aggregation Gro up (LAG). set lacp static lagportstring [ key ] port-string Synt ax Description Command Default s If not specified, a key will be assigned a[...]

  • Page 344

    Configuring LACP Configuring Link Aggregation 4-108 Matrix NSA Series Configuration Guide Example This example shows how to add port fe.1 .6 to the LAG of aggr egator port 48: Matrix(rw)-> set lacp static lag.0. 48 fe.1.6[...]

  • Page 345

    Configuring LACP Configuring Link Aggregatio n Matrix NSA Series Configu ration Guide 4-1 09 4.5.4.8 clear lacp static Use this command to remove specific ports from a Link Aggregation Group. clear lacp static lagportstring port-string Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example This e[...]

  • Page 346

    Configuring LACP Configuring Link Aggregation 4-1 10 Matrix NSA Series C onfiguration Guide 4.5.4.9 show lacp singleportlag Use this command to display the stat us of the single port LAG function. show lacp singleportlag Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-Only . Example This example sho[...]

  • Page 347

    Configuring LACP Configuring Link Aggregatio n Matrix NSA Series Configuration Guide 4-1 1 1 4.5.4.10 set singleportlag Use this command to enable or disable the form ation of single port LAGs. When enabled, this maintains LAGs when only one port is rece iving protocol tran smissions from a partner . set lacp singleportlag { enable | disable } Synt[...]

  • Page 348

    Configuring LACP Configuring Link Aggregation 4-1 12 Matrix NSA Series C onfiguration Guide 4.5.4.1 1 clear singleportlag Use this command to reset the single port LAG function back to the default state of disabled. clear lacp singleportlag Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Exa[...]

  • Page 349

    Configuring LACP Configuring Link Aggregatio n Matrix NSA Series Configuration Guide 4-1 13 4.5.4.12 show port lacp Use this command to display link aggregation information for one or more underlying physical ports. show port lacp port port-string {[ status { detail | sum mary }] | [ counters ]} [ sort { port | lag }] Synt ax Description Command De[...]

  • Page 350

    Configuring LACP Configuring Link Aggregation 4-1 14 Matrix NSA Series C onfiguration Guide Examples This example shows how to display detailed LACP status information f or port fe.1.12: This example shows how to display summarized LACP status informa tion for port fe.1.12: Matrix(rw)-> show port lacp port fe.1.1 2 status detail Port Instance: f[...]

  • Page 351

    Configuring LACP Configuring Link Aggregatio n Matrix NSA Series Configuration Guide 4-1 15 This example shows how to display LACP counters for port fe.1.12: Matrix(rw)-> show port lacp port f e.1.12 counters Port Instance: fe.1.12 LACPDUsRx: 0 MarkerPDUsRX: 0 LACPDUsTx: 0 MarkerPDUsTx: 0 IllegalRx: 0 MarkerResponsePDUsRx: 0 UnknownRx: 0 MarkerR[...]

  • Page 352

    Configuring LACP Configuring Link Aggregation 4-1 16 Matrix NSA Series C onfiguration Guide 4.5.4.13 set port l acp Use this command to set link aggr egation parameters for one or more ports. These settings will determine the specified underlying physical ports’ ability to join a LAG , and their administrative state once aggregated. set port lacp[...]

  • Page 353

    Configuring LACP Configuring Link Aggregatio n Matrix NSA Series Configuration Guide 4-1 17 asyspri asyspri Sets the port’ s actor system priority . The LACP implementation on the Matrix Series device uses this value to determine aggregation precedence when there are two devices competing for the same aggregator . V alid values are 0 - 65535 , wi[...]

  • Page 354

    Configuring LACP Configuring Link Aggregation 4-1 18 Matrix NSA Series C onfiguration Guide Command Default s • At least one parameter must be entered per port-string. • If enable or disable are not specified, port(s) w ill be enabled with the LACP parameters entered. Command T ype Switch command. Command Mode Read-W rite. Example This example [...]

  • Page 355

    Configuring LACP Configuring Link Aggregatio n Matrix NSA Series Configuration Guide 4-1 19 4.5.4.14 clear port lacp Use this command to clear link aggreg ation settings for one or more ports. clear port lacp port port-string {[ aadminkey ] [ ap ortpri ] [ asyspri ] [ aadminstate { lacpactive | lacptimeout | lacpagg | lacpsync | lacpcollec t | lacp[...]

  • Page 356

    Configuring LACP Configuring Link Aggregation 4-120 Matrix NSA Series Configuration Guide Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example This example shows how to clear all link aggregation parameters for port ge.3.16: padminstate lacpactive | lacptimeout | lacpagg | lacpsync | lacpcollect | lacpdist | lacpd[...]

  • Page 357

    Configuring LACP Configuring Link Aggregatio n Matrix NSA Series Configu ration Guide 4-1 21 4.5.4.15 show lacp flowRegeneration Use this command to display th e LACP flow regeneration state. show lacp flowRege neration Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-Only . Example This example show[...]

  • Page 358

    Configuring LACP Configuring Link Aggregation 4-122 Matrix NSA Series Configuration Guide 4.5.4.16 set lacp flowRegeneration Use this command to enab le or disable LACP flow regeneration. When enab led and a new port joins a link aggregation group (LAG), LACP will redistribute all existing flows over the LAG . It will also attempt to load balance e[...]

  • Page 359

    Configuring LACP Configuring Link Aggregatio n Matrix NSA Series Configu ration Guide 4-1 23 4.5.4.17 clear lacp flowRegeneration Use this command to reset LACP flow rege neration to its def ault state (disabled). clear lacp flowRegeneration Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Ex[...]

  • Page 360

    Configuring LACP Configuring Link Aggregation 4-124 Matrix NSA Series Configuration Guide 4.5.4.18 show lacp outportAlgorithm Use this command to display the current LACP outport algorithm. show lacp outportAlgorithm Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-Only . Example This example shows h[...]

  • Page 361

    Configuring LACP Configuring Link Aggregatio n Matrix NSA Series Configu ration Guide 4-1 25 4.5.4.19 set lacp outportAlgorithm Use this command to set the algorithm LACP will use for outport determination. set lacp outportAlgorithm {d ip-sip | da-sa | round-robin} Synt ax Description Command Default s None. Command T ype Switch command. Command Mo[...]

  • Page 362

    Configuring LACP Configuring Link Aggregation 4-126 Matrix NSA Series Configuration Guide 4.5.4.20 clear lacp outportAlgorithm Use this command to reset LACP to DI P-SIP , its default outport algorithm. clear lacp outportAlgorithm Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example This [...]

  • Page 363

    Matrix NSA Series Configurati on Guide 5-1 5 SNMP Configuration This chapter describes the Simple Network Manage ment Protocol (SNMP) se t of commands and how to use them. 5.1 SNMP CONFIGURATION SUMMARY SNMP is an application-layer protocol that f acilitates the exchange of management information between network devices. SNMP enables network admini[...]

  • Page 364

    SNMP Configuration Summa ry SNMPv3 5-2 Matrix NSA Series Configuration Guide Does not apply to MA TRIX E7. 5.1.2 SNMPv3 SNMPv3 is an interoperable stan dards-based protocol that provid es sec ure access to device s by authenticating and encrypting frames over the network. The adva nced security features provided in SNMPv3 are as follows: • Messag[...]

  • Page 365

    SNMP Configuration Summary Using SNMP Contexts to Access Sp ecific MIBs or Routing Modules Matrix NSA Series Configuration Guide 5-3 5.1.4 Using SNMP Context s to Access Specific MIBs or Routing Modules By default, when operating from the switch CLI, Matrix Series devices allow access to all SNMP MIBs or contexts. A context is a collection of MI B [...]

  • Page 366

    SNMP Configuration Summa ry Using SNMP Contexts to Access Specific MIBs or Routi ng Modules 5-4 Matrix NSA Series Configuration Guide All SNMP contexts known to the de vice ca n be displaye d using th e show snmp context command as described in Section 5.3.4.2 . Examples This example permits the “powergroup” to manage all MIBs via SNMPv3: This [...]

  • Page 367

    Process Overview: SNMP Configura tion Reviewing SNMP St atistics Matrix NSA Series Configuration Guide 5-5 5.2 PROCESS OVERVIEW : SNMP CONFIGURATION Use the following steps as a guide to configuring SNMP on the device: 1. Reviewing SNMP statistics ( Section 5.3.1 ) 2. Configuring SNMP users, groups and communities ( Section 5.3.2 ) 3. Configuring S[...]

  • Page 368

    SNMP Configuration Command Set Reviewing SNMP St atistics 5-6 Matrix NSA Series Configuration Guide 5.3.1.1 show snmp engineid Use this command to display the SNMP local engine ID. This is the SNMP v3 engine’ s administratively unique identifier . show snmp engineid Synt ax Description None. Command Default s None. Command T ype Switch command. C[...]

  • Page 369

    SNMP Configuration Command Set Reviewing SNMP St atistics Matrix NSA Series Configuration Guide 5-7 5.3.1.2 show snmp counters Use this command to display SNMP traf fic counter va lues . show snmp counters Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-Only . Example This example shows how to displ[...]

  • Page 370

    SNMP Configuration Command Set Reviewing SNMP St atistics 5-8 Matrix NSA Series Configuration Guide Ta b l e 5 - 3 shows a detailed explanation of the command output. snmpOutBadValues = 0 snmpOutGenErrs = 0 snmpOutGetRequests = 0 snmpOutGetNexts = 0 snmpOutSetRequests = 0 snmpOutGetResponses = 39660 1 snmpOutTraps = 0 snmpSilentDrops = 0 snmpProxyD[...]

  • Page 371

    SNMP Configuration Command Set Reviewing SNMP St atistics Matrix NSA Series Configuration Guide 5-9 snmpInASNParseErrs Number of ASN.1 (Abstract Syntax Notation) or BER (Basic Encoding Rule s) errors encountered by the SNMP entity when decoding received SNMP messages. snmpInTooBigs N umber of SN MP PDUs delivered to the SNMP protocol entity with th[...]

  • Page 372

    SNMP Configuration Command Set Reviewing SNMP St atistics 5-10 Matrix NSA Series Configuration Gui de snmpInGetResponses Number of SN MP Get-Response PDUs accepted and processed by the SNMP protocol entity . snmpInTraps Number of SNMP T rap PDUs accepted and processed by the SNMP protocol entity . snmpOutTooBigs Number of SNMP PDUs generated by the[...]

  • Page 373

    SNMP Configuration Command Set Reviewing SNMP St atistics Matrix NSA Series Configuration Guide 5-1 1 snmpProxyDrops Number of SNMP Get, Set, or Inform request error messages that were dropped because the reply was larger than the proxy tar get’ s maximum message size. usmStatsUnsupportedSec Levels Number of packets received by the SNMP engine th[...]

  • Page 374

    SNMP Configuration Command Set Configuring SNMP Users, Groups and Communities 5-12 Matrix NSA Series Configuration Gui de 5.3.2 Configuring SNMP Users, Group s and Communities Purpose T o review and configure SNMP users, groups an d v1 and v2 communities. These are defined as follows: • User — A person registered in SNMPv3 to access SNMP manage[...]

  • Page 375

    SNMP Configuration Command Set Configuring SNMP Users, Groups and Communities Matrix NSA Series Configuration Guide 5-13 5.3.2.1 show snmp user Use this command to display info rmation about SNMP users. These are people registered to access SNMP management . show snmp user [ list ] | [ user ] | [ remote re m o t e ] [ volatile | nonvolatile | read-[...]

  • Page 376

    SNMP Configuration Command Set Configuring SNMP Users, Groups and Communities 5-14 Matrix NSA Series Configuration Gui de Examples This example shows how to di splay an SNMP user list: This example shows how to display in formation for the SNMP “guest” user: Ta b l e 5 - 4 shows a detailed explanation of the command output. Matrix(rw)-> show[...]

  • Page 377

    SNMP Configuration Command Set Configuring SNMP Users, Groups and Communities Matrix NSA Series Configuration Guide 5-15 5.3.2.2 set snmp user Use this command to create a new SNMPv3 user . set snmp user user [ remote r emoteid ] [ authentication { md5 | sha }] [ authpassword ] [ pri vacy privpasswor d ] [ volatile | nonvolatile ] Synt ax Descripti[...]

  • Page 378

    SNMP Configuration Command Set Configuring SNMP Users, Groups and Communities 5-16 Matrix NSA Series Configuration Gui de Example This example shows how to create a new SNMP user named “netops ”. By default, this user will be registered on the local SNMP engine without authentication and encryption. Entries related to this user will be stored i[...]

  • Page 379

    SNMP Configuration Command Set Configuring SNMP Users, Groups and Communities Matrix NSA Series Configuration Guide 5-17 5.3.2.3 clear snmp user Use this command to remove a user from the SNMPv3 security-model list. clear snmp user user [ remote re m o t e ] Synt ax Description Command Default s If remote is not specified, the user will be removed [...]

  • Page 380

    SNMP Configuration Command Set Configuring SNMP Users, Groups and Communities 5-18 Matrix NSA Series Configuration Gui de 5.3.2.4 show snmp group Use this command to display an SNMP group conf ig uration. An SNMP group is a collection of SNMPv3 users who share the same access privileges . show snmp group [ groupname gr oupname ] [ user user ] [ sec[...]

  • Page 381

    SNMP Configuration Command Set Configuring SNMP Users, Groups and Communities Matrix NSA Series Configuration Guide 5-19 Example This example shows how to di splay SNMP group information: Ta b l e 5 - 5 shows a detailed explanatio n of the command output. Matrix(rw)-> show snmp group --- SNMP group information --- Security model = SNMPv1 Securit[...]

  • Page 382

    SNMP Configuration Command Set Configuring SNMP Users, Groups and Communities 5-20 Matrix NSA Series Configuration Gui de 5.3.2.5 set snmp gro up Use this command to create an SN MP group. This associates SNMPv3 users to a group that shares common access privileges. set snmp group gr oupname user user security-model { v1 | v2c | usm } [ volatile | [...]

  • Page 383

    SNMP Configuration Command Set Configuring SNMP Users, Groups and Communities Matrix NSA Series Configuration Guide 5-21 5.3.2.6 clear snmp group Use this command to clear SNMP group settings globally or fo r a specific SNMP group and user . clear snmp group gr oupname user [ security-model { v1 | v2c | usm }] Synt ax Description Command Default s [...]

  • Page 384

    SNMP Configuration Command Set Configuring SNMP Users, Groups and Communities 5-22 Matrix NSA Series Configuration Gui de 5.3.2.7 show snmp community Use this command to display SNMP community names and status. In SNMPv1 and v2, community names act as passwords to remote managemen t . show snmp community [ name ] Synt ax Description Command Default[...]

  • Page 385

    SNMP Configuration Command Set Configuring SNMP Users, Groups and Communities Matrix NSA Series Configuration Guide 5-23 5.3.2.8 set snmp commu nity Use this command to configur e an SNMP community grou p. set snmp community community [ securityname securityname ] [ context cont ext ] [ transport transp ort ] [ volatile | nonvolatile ] Synt ax Desc[...]

  • Page 386

    SNMP Configuration Command Set Configuring SNMP Users, Groups and Communities 5-24 Matrix NSA Series Configuration Gui de Command Mode Read-W rite. Examples This example shows how to set an SNMP community name called “vip”: This example shows how to grant SNMP manageme nt privileges to “vip ” community from routing module 1 when operating i[...]

  • Page 387

    SNMP Configuration Command Set Configuring SNMP Users, Groups and Communities Matrix NSA Series Configuration Guide 5-25 5.3.2.9 clear snmp community Use this command to delete an SNMP community name. clear snmp community name Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example This example sh[...]

  • Page 388

    SNMP Configuration Command Set Configuring SNMP Access Ri ghts 5-26 Matrix NSA Series Configuration Gui de 5.3.3 Configuring SN MP Access Rights Purpose T o review and configure SNMP access rights, as si gning viewing privileges and security levels to SNMP user groups. Commands The commands used to review and configure SNMP access are lis ted below[...]

  • Page 389

    SNMP Configuration Command Set Configuring SNMP Access Rights Matrix NSA Series Configuration Guide 5-27 5.3.3.1 show snmp access Use this command to display access rights and secu rity levels configured for SNMP one or more groups. show snmp access [ gr oupname ] [security-model {v1 | v2c | usm} ] [noauthentication | authentication | privacy ] [ c[...]

  • Page 390

    SNMP Configuration Command Set Configuring SNMP Access Ri ghts 5-28 Matrix NSA Series Configuration Gui de Command Mode Read-Only . Example This example shows how to di splay SNMP access information: Ta b l e 5 - 6 shows a detailed explanation of the command output. Matrix(rw)-> show snmp access Group = SystemAdmin Security model = USM Security [...]

  • Page 391

    SNMP Configuration Command Set Configuring SNMP Access Rights Matrix NSA Series Configuration Guide 5-29 Security level Security level applie d to this group. V alid levels are: • noAuthNoPrivacy ( no authentication required) • AuthNoPrivacy ( authentication required) • authPriv ( privacy -- most secure level) Read View Name of the view that [...]

  • Page 392

    SNMP Configuration Command Set Configuring SNMP Access Ri ghts 5-30 Matrix NSA Series Configuration Gui de 5.3.3.2 set snmp access Use this command to set an SNMP access configuration. set snmp access gr oupn ame security-model { v1 | v2c | usm } [ noauthentication | authentication | privacy ] [ context context ] [ exact | prefix ] [ read re a d ] [...]

  • Page 393

    SNMP Configuration Command Set Configuring SNMP Access Rights Matrix NSA Series Configuration Guide 5-31 Command Default s • If security level is not specified, no authentication will be applied. • If context is not specified, access will be enabled for the default context. If context is specified without a conte xt match, exact match will be a[...]

  • Page 394

    SNMP Configuration Command Set Configuring SNMP Access Ri ghts 5-32 Matrix NSA Series Configuration Gui de 5.3.3.3 clear snmp access Use this command to clear the SNMP access entr y of a specific group, including its set SNMP security-model, and level of security . clear snmp access groupname security-model { v1 | v2c | usm } [ noauthentication | a[...]

  • Page 395

    SNMP Configuration Command Set Configuring SNMP MIB Views Matrix NSA Series Configuration Guide 5-33 5.3.4 Configuring SNMP MIB Views Purpose T o review and configure SNMP MIB views. SNMP views map SNMP objects to access rights. Commands The commands used to review and configure SNMP MIB views are listed below and described in the associated sectio[...]

  • Page 396

    SNMP Configuration Command Set Configuring SNMP MIB Views 5-34 Matrix NSA Series Configuration Gui de 5.3.4.1 show snmp view Use this command to display the MIB configuration for SNMPv3 view-based access (V ACM). show snmp view [ viewname ] [ subtree oid-or-mibobject ] [ volatil e | nonvolatile | read-only ] Synt ax Description Command Default s If[...]

  • Page 397

    SNMP Configuration Command Set Configuring SNMP MIB Views Matrix NSA Series Configuration Guide 5-35 Example This example shows how to display SNMP MIB view configuration information: Ta b l e 5 - 7 provides an explanation of t he command output. For detai ls on using the set snmp view command to assign variables, refer to Section 5.3.4.3 . Matrix([...]

  • Page 398

    SNMP Configuration Command Set Configuring SNMP MIB Views 5-36 Matrix NSA Series Configuration Gui de 5.3.4.2 show snmp context Use this command to display the context list conf iguration for SNMP’ s view-based access control. An SNMP context is a collection of management information that can be accessed by an SNMP agent or entity . The de fault [...]

  • Page 399

    SNMP Configuration Command Set Configuring SNMP MIB Views Matrix NSA Series Configuration Guide 5-37 5.3.4.3 set snmp view Use this command to set a MIB configur ation for SNMPv3 view-based access (V ACM). set snmp view viewname viewname subtree subtr ee [ mask mask ] [ included | excluded ] [ volatile | nonvolatile ] Synt ax Description Command De[...]

  • Page 400

    SNMP Configuration Command Set Configuring SNMP MIB Views 5-38 Matrix NSA Series Configuration Gui de 5.3.4.4 clear snmp view Use this command to delete an SNMPv3 MIB view . clear snmp view viewname subtr ee Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example This example shows how to de lete [...]

  • Page 401

    SNMP Configuration Command Set Configuring SNMP T arget Parameters Matrix NSA Series Configuration Guide 5-39 5.3.5 Configuring SNMP T arget Parameters Purpose T o review and configure SNMP tar get parame ters. This controls where and under what circumstances SNMP notifications will be sent. A tar get parameter entry can be bound to a tar get IP ad[...]

  • Page 402

    SNMP Configuration Command Set Configuring SNMP T a rget Parameters 5-40 Matrix NSA Series Configuration Gui de 5.3.5.1 show snmp targetp arams Use this command to display SNMP parameters used to generate a message to a target. show snmp targetparams [ tar getParams ] [ volatile | nonvolatile | read-only ] Synt ax Description Command Default s • [...]

  • Page 403

    SNMP Configuration Command Set Configuring SNMP T arget Parameters Matrix NSA Series Configuration Guide 5-41 Example This example shows how to display SN MP tar get parameters information: Ta b l e 5 - 8 shows a detailed explanatio n of the command output. Matrix(rw)-> show snmp targetparams --- SNMP TargetParams information --- Target Paramete[...]

  • Page 404

    SNMP Configuration Command Set Configuring SNMP T a rget Parameters 5-42 Matrix NSA Series Configuration Gui de Storage type Whether entry is stored in volatile , nonvol atile or read-only memory . Row status Status of this entry: active , notInService, or notReady . T able 5-8 show s nmp targetp arams Output De ta i ls (Contin ued) Output What It [...]

  • Page 405

    SNMP Configuration Command Set Configuring SNMP T arget Parameters Matrix NSA Series Configuration Guide 5-43 5.3.5.2 set snmp targetp a rams Use this command to set SNMP tar get parameters , a named set of security/authorization criteria used to generate a message to a target. set snmp targetparams paramsname user user security-model { v1 | v2c | [...]

  • Page 406

    SNMP Configuration Command Set Configuring SNMP T a rget Parameters 5-44 Matrix NSA Series Configuration Gui de Example This example shows how to set SNMP target pa rameters named “v1ExampleParams” for a user named “fred” using version 3 security mode l and message processing, and authentication : Matrix(rw)-> set snmp targetparams v1Exa[...]

  • Page 407

    SNMP Configuration Command Set Configuring SNMP T arget Parameters Matrix NSA Series Configuration Guide 5-45 5.3.5.3 clear snmp ta rg etp arams Use this command to clear the SNMP tar get paramete r configuratio n. clear snmp targetparams tar getParams Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rit[...]

  • Page 408

    SNMP Configuration Command Set Configuring SNMP T arget Addresses 5-46 Matrix NSA Series Configuration Gui de 5.3.6 Configuring SNMP T arget Addresses Purpose T o review and configure SNMP target addresses which will receive SNMP notification messages. An address configurati on can be linked to optional SNMP transmit, or target, parameters (such as[...]

  • Page 409

    SNMP Configuration Command Set Configuring SNMP T arget Addresses Matrix NSA Series Configuration Guide 5-47 5.3.6.1 show snmp t arget addr Use this command to display SN MP tar get address information. show snmp targetaddr [ tar getAddr ] [ volatile | nonvolatile | read-only ] Synt ax Description Command Default s • If tar getA ddr is not specif[...]

  • Page 410

    SNMP Configuration Command Set Configuring SNMP T arget Addresses 5-48 Matrix NSA Series Configuration Gui de T able 5- 9 s ho w snm p targetaddr Output Details Output What It Displays... Target Address Name Unique identifie r in the snmpT argetAddressT able . Tag List T ags a location to the target address as a place to send notifications. IP Addr[...]

  • Page 411

    SNMP Configuration Command Set Configuring SNMP T arget Addresses Matrix NSA Series Configuration Guide 5-49 5.3.6.2 set snmp target addr Use this command to configure an SNMP tar get ad dress. The target address is a unique identifier and a specific IP address that will receive SN MP notification messages and determine which community strings will[...]

  • Page 412

    SNMP Configuration Command Set Configuring SNMP T arget Addresses 5-50 Matrix NSA Series Configuration Gui de Command Default s • If not specified, udppor t will be set to 162 . • If not specified, mask will be set to 255.255.255.255 • If not specified, timeout will be set to 1500 . • If not specified, number of r etries will be set to 3 . [...]

  • Page 413

    SNMP Configuration Command Set Configuring SNMP T arget Addresses Matrix NSA Series Configuration Guide 5-51 5.3.6.3 clear snmp target addr Use this command to delete an SNMP ta rget address entry . clear snmp targetaddr tar getAddr Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example This exam[...]

  • Page 414

    SNMP Configuration Command Set Configuring SNMP Notification Parame ters 5-52 Matrix NSA Series Configuration Gui de 5.3.7 Configuring SNMP Notification Parameters Purpose T o configure SNMP notification parameters and optional filters. Notifications are entities which handle the generation of SNMP v1 and v2 “traps ” or SNMP v3 “informs” me[...]

  • Page 415

    SNMP Configuration Command Set Configuring SNMP Notifi cati on Parameters Matrix NSA Series Configuration Guide 5-53 5.3.7.1 show snmp notify Use this command to display the SNMP notif y configuration, which determines which management targets will recei ve SNMP notifications. show snmp notify [ notify ] [ volatile | nonvolatile | read-only ] Synt [...]

  • Page 416

    SNMP Configuration Command Set Configuring SNMP Notification Parame ters 5-54 Matrix NSA Series Configuration Gui de Ta b l e 5 - 1 0 shows a detailed explanation o f the command o utput. T able 5-10 show snmp noti fy Output Details Output What It Displays... Notify name A unique identifier us ed to index the SNMP notify table. Notify Tag Name of t[...]

  • Page 417

    SNMP Configuration Command Set Configuring SNMP Notifi cati on Parameters Matrix NSA Series Configuration Guide 5-55 5.3.7.2 set snmp notify Use this command to set the SNMP notify configurat ion. This creates an entry in the SNMP notify table, which is used to select management targ ets who should receive notification messages. This command’ s t[...]

  • Page 418

    SNMP Configuration Command Set Configuring SNMP Notification Parame ters 5-56 Matrix NSA Series Configuration Gui de 5.3.7.3 clear snmp n otify Use this command to clear an SNMP notify co nfiguration. clear snmp notify notify Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example This example sho[...]

  • Page 419

    SNMP Configuration Command Set Configuring SNMP Notifi cati on Parameters Matrix NSA Series Configuration Guide 5-57 About SNMP Notify Filters Profiles indicating which tar gets should not receive SNMP notification messages are kept in the NotifyFilter table. If this table is empty , meaning that no filtering is associated with any SNMP target , th[...]

  • Page 420

    SNMP Configuration Command Set Configuring SNMP Notification Parame ters 5-58 Matrix NSA Series Configuration Gui de 5.3.7.4 show snmp notifyfilter Use this command to display SNMP notify filter information, identifying which profiles will not receive SNMP notifications. show snmp notifyfilter [ pr ofile ] [subtree oid-or -mibobject ] [volatile | n[...]

  • Page 421

    SNMP Configuration Command Set Configuring SNMP Notifi cati on Parameters Matrix NSA Series Configuration Guide 5-59 5.3.7.5 set snmp notifyfil ter Use this command to create an SNMP notify filter configuration. This identifies which management targets should NOT receive notific ation messages, which is useful for fine-tuning the amount of SNMP tra[...]

  • Page 422

    SNMP Configuration Command Set Configuring SNMP Notification Parame ters 5-60 Matrix NSA Series Configuration Gui de 5.3.7.6 clear snmp notifyfilter Use this command to delete an SNMP notify filter configuration. clear snmp notifyfilter pr ofile subtree oid-or-mib object Synt ax Description Command Default s None. Command T ype Switch command. Comm[...]

  • Page 423

    SNMP Configuration Command Set Configuring SNMP Notifi cati on Parameters Matrix NSA Series Configuration Guide 5-61 5.3.7.7 show snmp notifyprofile Use this command to display SNMP notify profile information. Th is associates target parameters to an SNMP notify filter to determine who should not receive SNMP notifications. show snmp notifyprofile [...]

  • Page 424

    SNMP Configuration Command Set Configuring SNMP Notification Parame ters 5-62 Matrix NSA Series Configuration Gui de 5.3.7.8 set snmp notifyprofile Use this command to create an SNMP notify f ilter profile configuration. This associates a notification filter, created with the set snmp notifyfilter command ( Section 5.3.7.5 ), to a set of SNMP targe[...]

  • Page 425

    SNMP Configuration Command Set Configuring SNMP Notifi cati on Parameters Matrix NSA Series Configuration Guide 5-63 5.3.7.9 clear snmp notifyprofile Use this command to delete an SNMP no tify profile configuration. clear snmp notifyprofile pr ofile targetpar am targetparam Synt ax Description Command Default s None. Command T ype Switch command. C[...]

  • Page 426

    SNMP Configuration Command Set Creating a Basic SNMP T rap Configuration 5-64 Matrix NSA Series Configuration Gui de 5.3.8 Creating a Basic SN MP T r ap Configuration T raps are notification messages sent by an SNMPv1 or v2 agent to a network management station, a console, or a terminal to indica te the occurrence of a significant event, such as wh[...]

  • Page 427

    SNMP Configuration Command Set Creating a Basic SNMP T rap Co nfiguration Matrix NSA Series Configuration Guide 5-65 Example This example shows how to: • create an SNMP community called mgmt • configure a trap notification called TrapSink This trap notification will be sent with the community name mgmt to the workstation 192.168.190.80 (which i[...]

  • Page 428

    SNMP Configuration Command Set Creating a Basic SNMP T rap Configuration 5-66 Matrix NSA Series Configuration Gui de 4. Verifies that the v2ExampleParams description of how to step th rough the door is, in fact, there. The agent checks targetparams entries and determines this description was made with the set snmp targetparams command, which tells [...]

  • Page 429

    Matrix NSA Series Configurati on Guide 6-1 6 Spanning T ree Configuration This chapter describes the Spanning T ree Config uration set of commands and how to use them. 6.1 SP ANNING T REE CO NFIGURATION SUMMARY 6.1.1 Overview: Single, Rapid an d Multiple S panning T ree Protocols The IEEE 802.1D Spanning T ree Protocol (STP) resolves the problems o[...]

  • Page 430

    Spanning T ree Configuration Summary Spanning T ree Features 6-2 Matrix NSA Series Configuration Guide only if the forwarding link goes do wn. MSTP assigns each VLAN present on the network to a particular Spanning T ree instance, allowing each switch port to be in a distinct state for each such instance: blocking for one Spanni ng T re e while forw[...]

  • Page 431

    Spanning T ree Configuration Summary Loop Protect Matrix NSA Series Configuration Guide 6-3 Both upstream and downstream facing ports are pr otected. When a root or alternate port loses its path to the root bridge due to a message age expi ration it takes on the role of designated port. It will not forward traffic until a BPDU is received. When a p[...]

  • Page 432

    Spanning T ree Configuration Summary Process Overview: Spanning T ree Configuration 6-4 Matrix NSA Series Configuration Guide Message age expiration and the expiration of the Loop Protect timer are both Loop Protect events. A notice level syslog message is produced for each su ch event. T raps ma y be configured to report these events as well. A sy[...]

  • Page 433

    Spanning T ree Configura ti on Command Set Configuring Spanning T ree Bridge Parameters Matrix NSA Series Configuration Guide 6-5 6.2 SP ANNING T REE CONF IGURATION COMMAND SET 6.2.1 Configuring Sp anning T ree Bridge Parameters Purpose T o display and se t Spanning T ree bridge parame ters, including device priorities, hello time, maximum wait tim[...]

  • Page 434

    Spanning T ree Configuration Comma nd Set Configuring Spanning T ree Bridge Parameters 6-6 Matrix NSA Series Configuration Guide • set spantree mstcfgid ( Section 6.2.1.19 ) • clear spantree mstcfgid ( Section 6.2.1.20 ) • show spantree bridgeprioritymode ( Section 6.2.1.21 ) • set spantree bridgeprioritymode ( Section 6.2.1.22 ) • clear [...]

  • Page 435

    Spanning T ree Configura ti on Command Set Configuring Spanning T ree Bridge Parameters Matrix NSA Series Configuration Guide 6-7 • set spantree tctrapsuppress ( Section 6.2.1.46 ) • clear spantree tctrapsuppress ( Section 6.2.1.47 ) • show spantree txholdcount ( Section 6.2.1.48 ) • set spantree txholdcount ( Section 6.2.1.49 ) • clear s[...]

  • Page 436

    Spanning T ree Configuration Comma nd Set Configuring Spanning T ree Bridge Parameters 6-8 Matrix NSA Series Configuration Guide • clear spantree newroottrapenable ( Section 6.2.1.73 ) • clear spantree default ( Section 6.2.1.74 ) • show spantree debug ( Section 6.2.1.75 ) • clear spantree debug ( Section 6.2.1.76 )[...]

  • Page 437

    Spanning T ree Configura ti on Command Set Configuring Spanning T ree Bridge Parameters Matrix NSA Series Configuration Guide 6-9 6.2.1.1 show sp antree stat s Use this command to display Spanning T ree information for one or more por ts. show spantree stats [ port port-string ] [ sid sid ] [ active ] Synt ax Description Command Default s • If po[...]

  • Page 438

    Spanning T ree Configuration Comma nd Set Configuring Spanning T ree Bridge Parameters 6-10 Matrix NSA Series Configuration Gui de Examples This example shows how to display the device’ s Spanning T ree configuration: Ta b l e 6 - 1 s hows a de tailed explanation of command output. Matrix(rw)-> show spantree stats Spanning tree status - enable[...]

  • Page 439

    Spanning T ree Configura ti on Command Set Configuring Spanning T ree Bridge Parameters Matrix NSA Series Configuration Guide 6-1 1 Root Forward Delay Amount of time (in secon d s) the root device spends in listening or learning mode. Bridge ID MAC Address Unique bridge MAC address, recognized by all bridges in the network. Bridge ID Priority Bridg[...]

  • Page 440

    Spanning T ree Configuration Comma nd Set Configuring Spanning T ree Bridge Parameters 6-12 Matrix NSA Series Configuration Gui de This example shows how to display port-specific Spanning T ree inform ation for port ge.1.1. Ta b l e 6 - 2 desc ribes the port-specific information displayed. Matrix(rw)-> show spantree stats port ge.1.1 Spanning tr[...]

  • Page 441

    Spanning T ree Configura ti on Command Set Configuring Spanning T ree Bridge Parameters Matrix NSA Series Configuration Guide 6-13 Role The Spanning T ree role of the port. The port role i s assigned by the Spanning T ree protocol and determi nes the behavior of the port — either sending or receiving BPDUs, and forwarding or blocking data traf fi[...]

  • Page 442

    Spanning T ree Configuration Comma nd Set Configuring Spanning T ree Bridge Parameters 6-14 Matrix NSA Series Configuration Gui de 6.2.1.2 show spantree version Use this command to display the current version of the Spanning Tree proto col running on the device. show spantree version Synt ax Description None. Command Default s None. Command T ype S[...]

  • Page 443

    Spanning T ree Configura ti on Command Set Configuring Spanning T ree Bridge Parameters Matrix NSA Series Configuration Guide 6-15 6.2.1.3 set spantree version Use this command to set the version of the Span ning Tree protocol to MSTP (Multiple Spanning Tree Protocol), RSTP (Rapid Spanning Tree Protocol) or to STP 802.1D-compatible. set spantree ve[...]

  • Page 444

    Spanning T ree Configuration Comma nd Set Configuring Spanning T ree Bridge Parameters 6-16 Matrix NSA Series Configuration Gui de 6.2.1.4 clear spantree version Use this command to reset the Span ning T ree version to MSTP mode. clear spantree version Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read[...]

  • Page 445

    Spanning T ree Configura ti on Command Set Configuring Spanning T ree Bridge Parameters Matrix NSA Series Configuration Guide 6-17 6.2.1.5 show sp antree stpmo de Use this command to display the Spanning T ree Protocol (STP) mode setting. show spantree stpmode Synt ax Description None. Command Default s None. Command T ype Switch command. Command M[...]

  • Page 446

    Spanning T ree Configuration Comma nd Set Configuring Spanning T ree Bridge Parameters 6-18 Matrix NSA Series Configuration Gui de 6.2.1.6 set spantree stpmode Use this command to globally enable or disable the Spanning T ree Protocol (STP) mode. set spantree stpmode { none | ieee8021 } Synt ax Description Command Default s None. Command T ype Swit[...]

  • Page 447

    Spanning T ree Configura ti on Command Set Configuring Spanning T ree Bridge Parameters Matrix NSA Series Configuration Guide 6-19 6.2.1.7 clear sp antree stpmode Use this command to reset the Sp an ning T ree protocol mode to the default setting of IEEE802.1. This re-enables Spanning Tree. clear spantree stpmode Synt ax Description None. Command D[...]

  • Page 448

    Spanning T ree Configuration Comma nd Set Configuring Spanning T ree Bridge Parameters 6-20 Matrix NSA Series Configuration Gui de 6.2.1.8 show spantree maxconfigurablestp s Use this command to display the setting for the maximum number of user configurable Spanning T ree instances. show spantree maxconfigurablestps Synt ax Description None. Comman[...]

  • Page 449

    Spanning T ree Configura ti on Command Set Configuring Spanning T ree Bridge Parameters Matrix NSA Series Configuration Guide 6-21 6.2.1.9 set spantree maxconfigurablestp s Use this command to set the maximum number of user configurable Spanning T ree instances. set spantree maxconfigurablestps numstps Synt ax Description Command Default s None. Co[...]

  • Page 450

    Spanning T ree Configuration Comma nd Set Configuring Spanning T ree Bridge Parameters 6-22 Matrix NSA Series Configuration Gui de 6.2.1.10 clear spantree maxconfigurablestp s Use this command to clear the setting for the maximu m number of user configurable Spanning Tree instances. clear spantree maxconfigurablestps Synt ax Description None. Comma[...]

  • Page 451

    Spanning T ree Configura ti on Command Set Configuring Spanning T ree Bridge Parameters Matrix NSA Series Configuration Guide 6-23 6.2.1.1 1 show sp antree mstilist Use this command to display a list of Multiple Sp anning T ree (MST) instan ces configured on the device. show spantree mstilist Synt ax Description None. Command Default s None. Comman[...]

  • Page 452

    Spanning T ree Configuration Comma nd Set Configuring Spanning T ree Bridge Parameters 6-24 Matrix NSA Series Configuration Gui de 6.2.1.12 set spantree msti Use this command to create or delete a Multiple Spanning Tree instance. set spantree msti sid sid { create | delete } Synt ax Description Command Default s None. Command T ype Switch command. [...]

  • Page 453

    Spanning T ree Configura ti on Command Set Configuring Spanning T ree Bridge Parameters Matrix NSA Series Configuration Guide 6-25 6.2.1.13 clear sp antree msti Use this command to delete one or mo re Multiple Spanning Tree i nstances. clear spantree msti sid Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Rea[...]

  • Page 454

    Spanning T ree Configuration Comma nd Set Configuring Spanning T ree Bridge Parameters 6-26 Matrix NSA Series Configuration Gui de 6.2.1.14 show spantree mstmap Use this command to display the mapping of a f iltering database ID (FID) to a Spanning T rees. Since VLANs are mapped to FIDs, this shows to which SID a VLAN is mapped. show spantree mstma[...]

  • Page 455

    Spanning T ree Configura ti on Command Set Configuring Spanning T ree Bridge Parameters Matrix NSA Series Configuration Guide 6-27 6.2.1.15 set sp antree mstmap Use this command to map one or more filteri ng da tabase IDs (FIDs) to a SID. Since VLANs are mapped to FIDs, this essentially maps one or more VLAN IDs to a Spanning T ree (SID). set spant[...]

  • Page 456

    Spanning T ree Configuration Comma nd Set Configuring Spanning T ree Bridge Parameters 6-28 Matrix NSA Series Configuration Gui de 6.2.1.16 clear spantree mstmap Use this command to map a FID back to SID 0. clear spantree mstmap fid Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example This exam[...]

  • Page 457

    Spanning T ree Configura ti on Command Set Configuring Spanning T ree Bridge Parameters Matrix NSA Series Configuration Guide 6-29 6.2.1.17 show sp antree vlanlist Use this command to display the VLAN ID(s ) assigned to one or more Spanning T rees. show spantree vlanlist [ vlan-list ] Synt ax Description Command Default s If not specified, SID assi[...]

  • Page 458

    Spanning T ree Configuration Comma nd Set Configuring Spanning T ree Bridge Parameters 6-30 Matrix NSA Series Configuration Gui de 6.2.1.18 show spantree mstcfgid Use this command to display the MST configuration identifier elemen ts, including format selector , configuration name, revision level, and configuration digest. show spantree mstcfgid Sy[...]

  • Page 459

    Spanning T ree Configura ti on Command Set Configuring Spanning T ree Bridge Parameters Matrix NSA Series Configuration Guide 6-31 6.2.1.19 set sp antree mstcfgid Use this command to set the MST config urati on name and/or rev ision level. set spantree mstcfgid { cfgname name | rev level } Synt ax Description Command Default s None. Command T ype S[...]

  • Page 460

    Spanning T ree Configuration Comma nd Set Configuring Spanning T ree Bridge Parameters 6-32 Matrix NSA Series Configuration Gui de 6.2.1.20 clear spantree mstcfgid Use this command to reset the MST revision level to a default value of 0, and the configuration name to a default string representing the bridge MAC address. clear spantree mstcfgid Synt[...]

  • Page 461

    Spanning T ree Configura ti on Command Set Configuring Spanning T ree Bridge Parameters Matrix NSA Series Configuration Guide 6-33 6.2.1.21 show sp antree bridgeprioritymode Use this command to display the Spanning T ree bridge priority mode setting. show spantree bridgeprioritymode Synt ax Description None. Command Default s None. Command T ype Sw[...]

  • Page 462

    Spanning T ree Configuration Comma nd Set Configuring Spanning T ree Bridge Parameters 6-34 Matrix NSA Series Configuration Gui de 6.2.1.22 set spantree bridgeprioritymode Use this command to set the Spanning Tree bridge pr iority mode to 8 02.1D (legacy) or 802.1t. This will af fect the range of priority values used to dete rmine which device is s[...]

  • Page 463

    Spanning T ree Configura ti on Command Set Configuring Spanning T ree Bridge Parameters Matrix NSA Series Configuration Guide 6-35 6.2.1.23 clear sp antree bridgepri oritymode Use this command to reset the Span ning Tree bridge priority mode to the default setting of 802.1t. clear spantree bridgeprioritymode Synt ax Description None. Command Defaul[...]

  • Page 464

    Spanning T ree Configuration Comma nd Set Configuring Spanning T ree Bridge Parameters 6-36 Matrix NSA Series Configuration Gui de 6.2.1.24 show spantree priority Use this command to display the Spanning T ree bridge priority . show spantree priority [ sid ] Synt ax Description Command Default s If sid is not specified, pri ority w ill be shown for[...]

  • Page 465

    Spanning T ree Configura ti on Command Set Configuring Spanning T ree Bridge Parameters Matrix NSA Series Configuration Guide 6-37 6.2.1.25 set sp antree priority Use this command to set the devi ce’ s Spanning Tree priority . The device with the highest priority (lowest numerical value) become s the Spanning T ree root device. If all devices hav[...]

  • Page 466

    Spanning T ree Configuration Comma nd Set Configuring Spanning T ree Bridge Parameters 6-38 Matrix NSA Series Configuration Gui de This example shows how to set the bridge priority to 15 on all SIDs with 8021t priority mode enabled: This example shows how to set the bridge priority to 4000 on all SIDs with 8021t priority mode enabled: This example [...]

  • Page 467

    Spanning T ree Configura ti on Command Set Configuring Spanning T ree Bridge Parameters Matrix NSA Series Configuration Guide 6-39 6.2.1.26 clear sp antree priority Use this command to reset the Spanning T ree priority to the default value of 32768. clear spantree priority [ sid ] Synt ax Description Command Default s If sid is not specified, prior[...]

  • Page 468

    Spanning T ree Configuration Comma nd Set Configuring Spanning T ree Bridge Parameters 6-40 Matrix NSA Series Configuration Gui de 6.2.1.27 show spantree bridgehellomode Use this command to display the status of bridge hello mode on the device. When enabled, a s ingle bridge administrative hello time is being used. When disabled, pe r-port administ[...]

  • Page 469

    Spanning T ree Configura ti on Command Set Configuring Spanning T ree Bridge Parameters Matrix NSA Series Configuration Guide 6-41 6.2.1.28 set sp antree bridgeh ellomode Use this command to enable or disabl e brid ge hello mode on the device. set spantree bridgehellomode { enable | disable } Synt ax Description Command Default s None. Command T yp[...]

  • Page 470

    Spanning T ree Configuration Comma nd Set Configuring Spanning T ree Bridge Parameters 6-42 Matrix NSA Series Configuration Gui de 6.2.1.29 clear spantree bridgehellomode Use this command to reset the Spanning T ree administrative hello mode to enabled. clear spantree bridgehellomode Synt ax Description None. Command Default s None. Command T ype S[...]

  • Page 471

    Spanning T ree Configura ti on Command Set Configuring Spanning T ree Bridge Parameters Matrix NSA Series Configuration Guide 6-43 6.2.1.30 show sp antree hello Use this command to display th e Spanning T ree hello time. show spantree hello Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-Only . Exam[...]

  • Page 472

    Spanning T ree Configuration Comma nd Set Configuring Spanning T ree Bridge Parameters 6-44 Matrix NSA Series Configuration Gui de 6.2.1.31 set spantree hello Use this command to set the device’ s Spanning T ree hello time, This is the time interval (in seconds) the device will transmit BPDUs indicating it is active. set spantree hello interval S[...]

  • Page 473

    Spanning T ree Configura ti on Command Set Configuring Spanning T ree Bridge Parameters Matrix NSA Series Configuration Guide 6-45 6.2.1.32 clear sp antree hello Use this command to reset the Spanning T ree hello time to th e default va lue of 2 seconds . clear spantree hello Synt ax Description None. Command Default s None. Command T ype Switch co[...]

  • Page 474

    Spanning T ree Configuration Comma nd Set Configuring Spanning T ree Bridge Parameters 6-46 Matrix NSA Series Configuration Gui de 6.2.1.33 show spantree maxage Use this command to display the Sp anning T ree maximum aging time. show spantree maxage Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-On[...]

  • Page 475

    Spanning T ree Configura ti on Command Set Configuring Spanning T ree Bridge Parameters Matrix NSA Series Configuration Guide 6-47 6.2.1.34 set sp antree maxage Use this command to set the brid ge maximum aging time. This is the maximum time (in seconds) a device can wait without receiving a configuratio n message (bridge “hello”) before attemp[...]

  • Page 476

    Spanning T ree Configuration Comma nd Set Configuring Spanning T ree Bridge Parameters 6-48 Matrix NSA Series Configuration Gui de 6.2.1.35 clear spantree maxage Use this command to reset the ma ximum aging time for a Spanning T r ee to the default value of 20 seconds. clear spantree maxage Synt ax Description None. Command Default s None. Command [...]

  • Page 477

    Spanning T ree Configura ti on Command Set Configuring Spanning T ree Bridge Parameters Matrix NSA Series Configuration Guide 6-49 6.2.1.36 show sp antree fwddelay Use this command to display the Spannin g Tree forward delay time. show spantree fwddelay Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Rea[...]

  • Page 478

    Spanning T ree Configuration Comma nd Set Configuring Spanning T ree Bridge Parameters 6-50 Matrix NSA Series Configuration Gui de 6.2.1.37 set spantree fwddelay Use this command to set the Spanning T ree forwar d delay . This is the maximum time (in seconds) the root device will wait before changing states (i.e., listening to learning to forwardin[...]

  • Page 479

    Spanning T ree Configura ti on Command Set Configuring Spanning T ree Bridge Parameters Matrix NSA Series Configuration Guide 6-51 6.2.1.38 clear sp antree fwddelay Use this command to reset the Span n ing T ree forward delay to the default se tting of 15 second s. clear spantree fwddelay Synt ax Description None. Command Default s None. Command T [...]

  • Page 480

    Spanning T ree Configuration Comma nd Set Configuring Spanning T ree Bridge Parameters 6-52 Matrix NSA Series Configuration Gui de 6.2.1.39 show spantree autoedge Use this command to display the status of automatic edge port detection. show spantree autoedge Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mod[...]

  • Page 481

    Spanning T ree Configura ti on Command Set Configuring Spanning T ree Bridge Parameters Matrix NSA Series Configuration Guide 6-53 6.2.1.40 set sp antree autoedg e Use this command to enable or disable the au tomatic edge port detection function. set spantree autoedge { disable | enable } Synt ax Description Command Default s None. Command T ype Sw[...]

  • Page 482

    Spanning T ree Configuration Comma nd Set Configuring Spanning T ree Bridge Parameters 6-54 Matrix NSA Series Configuration Gui de 6.2.1.41 clear spantree autoedge Use this command to reset automatic edge port detection to the default state of enabled. clear spantree autoedge Synt ax Description None. Command Default s None. Command T ype Switch co[...]

  • Page 483

    Spanning T ree Configura ti on Command Set Configuring Spanning T ree Bridge Parameters Matrix NSA Series Configuration Guide 6-55 6.2.1.42 show sp antree legacypathcost Use this command to display the defa ult Spanning T ree path cost setting. show spantree legacypathcost Synt ax Description None. Command Default s None. Command T ype Switch comma[...]

  • Page 484

    Spanning T ree Configuration Comma nd Set Configuring Spanning T ree Bridge Parameters 6-56 Matrix NSA Series Configuration Gui de 6.2.1.43 set spantree legacyp athcost Use this command to enable or disable legacy (802.1D) path cost values. set spantree legacypathcost { disable | enable } Synt ax Description Command Default s None. Command T ype Sw[...]

  • Page 485

    Spanning T ree Configura ti on Command Set Configuring Spanning T ree Bridge Parameters Matrix NSA Series Configuration Guide 6-57 6.2.1.44 clear sp antree legacypathcost Use this command to set the Spanning T ree defau lt value for legacy path cost to 802.1t values. clear spantree legacypathcost Synt ax Description None. Command Default s None. Co[...]

  • Page 486

    Spanning T ree Configuration Comma nd Set Configuring Spanning T ree Bridge Parameters 6-58 Matrix NSA Series Configuration Gui de 6.2.1.45 show sp antree tctrapsuppress Use this command to display the status of topo logy change trap suppression on Rapid Spanning Tree edge ports. show spantree tctrapsuppress Synt ax Description None. Command Defaul[...]

  • Page 487

    Spanning T ree Configura ti on Command Set Configuring Spanning T ree Bridge Parameters Matrix NSA Series Configuration Guide 6-59 6.2.1.46 set sp antree tctrapsuppress Use this command to disable or enable topology change trap suppression on Rapid Spanning Tree edge ports. By default, RSTP non-edge (bridge) ports that transition to forwarding or b[...]

  • Page 488

    Spanning T ree Configuration Comma nd Set Configuring Spanning T ree Bridge Parameters 6-60 Matrix NSA Series Configuration Gui de 6.2.1.47 clear spantree tctrap suppress Use this command to clear topology change trap suppression settings. clear spantree tctrapsuppress Synt ax Description None. Command Default s None. Command T ype Switch command. [...]

  • Page 489

    Spanning T ree Configura ti on Command Set Configuring Spanning T ree Bridge Parameters Matrix NSA Series Configuration Guide 6-61 6.2.1.48 show sp antree txholdcount Use this command to display the maximu m BPDU transmission rate. show spantree txholdcount Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode[...]

  • Page 490

    Spanning T ree Configuration Comma nd Set Configuring Spanning T ree Bridge Parameters 6-62 Matrix NSA Series Configuration Gui de 6.2.1.49 set spantree txholdcount Use this command to set the maximum BPDU tran smission rate. This is the number of BPDUs which will be transmitted be fore transmissions are subject to a one-second timer . set spantree[...]

  • Page 491

    Spanning T ree Configura ti on Command Set Configuring Spanning T ree Bridge Parameters Matrix NSA Series Configuration Guide 6-63 6.2.1.50 clear sp antree txholdcou nt Use this command to reset the transmit hold count to the default value of 6. clear spantree txholdcount Synt ax Description None. Command Default s None. Command T ype Switch comman[...]

  • Page 492

    Spanning T ree Configuration Comma nd Set Configuring Spanning T ree Bridge Parameters 6-64 Matrix NSA Series Configuration Gui de 6.2.1.51 show spantree maxhop s Use this command to d isplay the Spanning T ree maximum hop count. show spantree maxhops Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-[...]

  • Page 493

    Spanning T ree Configura ti on Command Set Configuring Spanning T ree Bridge Parameters Matrix NSA Series Configuration Guide 6-65 6.2.1.52 set sp antree maxhops Use this command to set the Spanning T ree maximum hop count. This is the maximum number of hops that the information for a particular Sp anning T ree instance may traverse (via relay of B[...]

  • Page 494

    Spanning T ree Configuration Comma nd Set Configuring Spanning T ree Bridge Parameters 6-66 Matrix NSA Series Configuration Gui de 6.2.1.53 clear spantree maxhop s Use this command to reset the maximum hop count to the default value of 20. clear spantree maxhops Synt ax Description None. Command Default s None. Command T ype Switch command. Command[...]

  • Page 495

    Spanning T ree Configura ti on Command Set Configuring Spanning T ree Bridge Parameters Matrix NSA Series Configuration Guide 6-67 6.2.1.54 show sp antree spanguard Use this command to display the status of the Spanning Tree span guard function. show spantree s panguard Synt ax Description None. Command Default s None. Command T ype Switch command.[...]

  • Page 496

    Spanning T ree Configuration Comma nd Set Configuring Spanning T ree Bridge Parameters 6-68 Matrix NSA Series Configuration Gui de 6.2.1.55 set spantree sp anguard Use this command to enable or disable the Spanni ng Tree span guard functio n. When enabled, this prevents an unauth orized bridge from b ecoming part of the active Spanning Tree topolog[...]

  • Page 497

    Spanning T ree Configura ti on Command Set Configuring Spanning T ree Bridge Parameters Matrix NSA Series Configuration Guide 6-69 6.2.1.56 clear sp antree spanguard Use this command to resets the status of the Spannin g Tree span guard function to disabled. clear spantree spanguard Synt ax Description None. Command Default s None. Command T ype Sw[...]

  • Page 498

    Spanning T ree Configuration Comma nd Set Configuring Spanning T ree Bridge Parameters 6-70 Matrix NSA Series Configuration Gui de 6.2.1.57 show spantree sp anguard ti meout Use this command to display the Span ning Tree span guard timeout setting. show spantree spanguardtimeout Synt ax Description None. Command Default s None. Command T ype Switch[...]

  • Page 499

    Spanning T ree Configura ti on Command Set Configuring Spanning T ree Bridge Parameters Matrix NSA Series Configuration Guide 6-71 6.2.1.58 set sp antree sp anguardtimeout Use this command to set the amount of time (in sec onds) an edge port will remain lock ed by the span guard function. set spantree spanguardtimeout timeout Synt ax Description Co[...]

  • Page 500

    Spanning T ree Configuration Comma nd Set Configuring Spanning T ree Bridge Parameters 6-72 Matrix NSA Series Configuration Gui de 6.2.1.59 clear spantree sp anguard timeout Use this command to reset the Spanning Tree span guard timeout to the default value of 300 seconds. clear spantree spanguardtimeout Synt ax Description None. Command Default s [...]

  • Page 501

    Spanning T ree Configura ti on Command Set Configuring Spanning T ree Bridge Parameters Matrix NSA Series Configuration Guide 6-73 6.2.1.60 show sp antree spanguardlock Use this command to display the span gu ard lock status of one or more ports. show spantree s panguardlock port-string Synt ax Description Command Default s None. Command T ype Swit[...]

  • Page 502

    Spanning T ree Configuration Comma nd Set Configuring Spanning T ree Bridge Parameters 6-74 Matrix NSA Series Configuration Gui de 6.2.1.61 clear / set spantree sp anguardlock Use either of these commands to unlock one or more ports locked by the Spanning Tree span guard function. When span guard is enab led, it locks ports that receive BP DUs when[...]

  • Page 503

    Spanning T ree Configura ti on Command Set Configuring Spanning T ree Bridge Parameters Matrix NSA Series Configuration Guide 6-75 6.2.1.62 show sp antree spanguard trapenable Use this command to displays the state of the Spanning Tree span guard trap function. show spantree spanguardtrapenable Synt ax Description None. Command Default s None. Comm[...]

  • Page 504

    Spanning T ree Configuration Comma nd Set Configuring Spanning T ree Bridge Parameters 6-76 Matrix NSA Series Configuration Gui de 6.2.1.63 set spantree sp anguard trapenable Use this command to enable or disable the sending of an SNMP trap message when span guard detects that an unauthorized port has tried to join the Spanning Tree. set spantree s[...]

  • Page 505

    Spanning T ree Configura ti on Command Set Configuring Spanning T ree Bridge Parameters Matrix NSA Series Configuration Guide 6-77 6.2.1.64 clear sp antree spanguard trap enable Use this command to reset the Spanning Tree span guard trap functio n back to the default state of enabled. clear spantree spanguardtrapenable Synt ax Description None. Com[...]

  • Page 506

    Spanning T ree Configuration Comma nd Set Configuring Spanning T ree Bridge Parameters 6-78 Matrix NSA Series Configuration Gui de 6.2.1.65 show spantree backuproot Use this command to display the state of the Spanning Tree backup root function. show spantree backuproot [ sid] Synt ax Description Command Default s If sid is not specified, status wi[...]

  • Page 507

    Spanning T ree Configura ti on Command Set Configuring Spanning T ree Bridge Parameters Matrix NSA Series Configuration Guide 6-79 6.2.1.66 set sp antree backuproot Use this command to enable or di sable the Spanning T ree backu p root function. Enabled by default on bridge(s) directly connected to the root brid ge, this prevents stale Spanning T r[...]

  • Page 508

    Spanning T ree Configuration Comma nd Set Configuring Spanning T ree Bridge Parameters 6-80 Matrix NSA Series Configuration Gui de 6.2.1.67 clear spantree backuproot Use this command to reset the Spanning T ree backup root function to the default state of disabled. clear spantree backuproot sid Synt ax Description Command Default s None. Command T [...]

  • Page 509

    Spanning T ree Configura ti on Command Set Configuring Spanning T ree Bridge Parameters Matrix NSA Series Configuration Guide 6-81 6.2.1.68 show sp antree backuproottrapendable Use this command to display the state of th e Spanning T ree backup root trap function. show spantree backuproottrapenable Synt ax Description None. Command Default s None. [...]

  • Page 510

    Spanning T ree Configuration Comma nd Set Configuring Spanning T ree Bridge Parameters 6-82 Matrix NSA Series Configuration Gui de 6.2.1.69 set sp antree backuproottrapenable Use this command to enable or disable the Spanning T ree backup root trap function. When SNMP trap messageing is configured, this sends a trap message when the ba ck up root f[...]

  • Page 511

    Spanning T ree Configura ti on Command Set Configuring Spanning T ree Bridge Parameters Matrix NSA Series Configuration Guide 6-83 6.2.1.70 clear sp antree backuproottrapenable Use this command to resets the Spanning T ree ba ckup root trap function to the default state of disabled. clear spantree backuproottrapenable . Synt ax Description None. Co[...]

  • Page 512

    Spanning T ree Configuration Comma nd Set Configuring Spanning T ree Bridge Parameters 6-84 Matrix NSA Series Configuration Gui de 6.2.1.71 show spantree newroottrapendable Use this command to display the state of the Spanning T ree new root trap function . show spantree newroottrapenable Synt ax Description None. Command Default s None. Command T [...]

  • Page 513

    Spanning T ree Configura ti on Command Set Configuring Spanning T ree Bridge Parameters Matrix NSA Series Configuration Guide 6-85 6.2.1.72 set sp antree new roottrapenable Use this command to enable or disable the Spanning Tree ne w root trap function. When SNMP trap messaging is configured, this sends a trap message when a Spanning T ree becomes [...]

  • Page 514

    Spanning T ree Configuration Comma nd Set Configuring Spanning T ree Bridge Parameters 6-86 Matrix NSA Series Configuration Gui de 6.2.1.73 clear spantree newroottrapenable Use this command to reset the Spanning T ree new ro ot trap function back to the default state of enabled. clear spantree newroottrapenable Synt ax Description None. Command Def[...]

  • Page 515

    Spanning T ree Configura ti on Command Set Configuring Spanning T ree Bridge Parameters Matrix NSA Series Configuration Guide 6-87 6.2.1.74 clear sp antree default Use this command to restore default values to a Spanning T ree. clear spantree default [ sid ] Synt ax Description Command Default s If sid is not specified, defaults will be restored on[...]

  • Page 516

    Spanning T ree Configuration Comma nd Set Configuring Spanning T ree Bridge Parameters 6-88 Matrix NSA Series Configuration Gui de 6.2.1.75 show spantree debug Use this command to display Spanning Tree debug counters for one or more ports. show spantree debug [ port port-string ] [ sid sid ] [ active ] Synt ax Description Command Default s • If p[...]

  • Page 517

    Spanning T ree Configura ti on Command Set Configuring Spanning T ree Bridge Parameters Matrix NSA Series Configuration Guide 6-89 Example This example shows how to displa y Spanning T ree debug counters for link aggregatio n p ort 3, SID 0: Matrix(rw)-> show spantree debug port lag.0.3 STP Diagnostic Common Counters fo r SID 0 -----------------[...]

  • Page 518

    Spanning T ree Configuration Comma nd Set Configuring Spanning T ree Bridge Parameters 6-90 Matrix NSA Series Configuration Gui de 6.2.1.76 clear spantree debug Use this command to clear Spanning T ree debug counters. clear spantree debug Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Examp[...]

  • Page 519

    Spanning T ree Configura ti on Command Set Configuring Spanning T ree Port Parameters Matrix NSA Series Configuration Guide 6-91 6.2.2 Configuring Sp anning T ree Port Parameters Purpose T o display and se t Spanning T ree port para mete rs, including enabling or disabling the Spanning T ree algorithm on one or mo re p orts, displaying designated b[...]

  • Page 520

    Spanning T ree Configuration Comma nd Set Configuring Spanning T ree Port Parameters 6-92 Matrix NSA Series Configuration Gui de • show spantree adminedge ( Section 6.2.2.19 ) • set spantree adminedge ( Section 6.2.2.20 ) • clear spantree adminedge ( Section 6.2.2.21 ) • show spantree operedge ( Section 6.2.2.22 ) • show spantree adminpoi[...]

  • Page 521

    Spanning T ree Configura ti on Command Set Configuring Spanning T ree Port Parameters Matrix NSA Series Configuration Guide 6-93 6.2.2.1 show spantree portenable Use this command to display the port stat us on one or more Spanning T ree po rts. show spantree portenable [port port-string ] Synt ax Description Command Default s If port-string is not [...]

  • Page 522

    Spanning T ree Configuration Comma nd Set Configuring Spanning T ree Port Parameters 6-94 Matrix NSA Series Configuration Gui de 6.2.2.2 set spantree portenable Use this command to set the port status on one or more Spanning T ree ports. set spantree portenable port-string { enable | disable } Synt ax Description Command Default s None. Command T y[...]

  • Page 523

    Spanning T ree Configura ti on Command Set Configuring Spanning T ree Port Parameters Matrix NSA Series Configuration Guide 6-95 6.2.2.3 clear sp antree portenabl e Use this command to reset the default value for one or more Spanning T ree ports to enabled. clear spantree portenable port-string Synt ax Description Command Default s None. Command T [...]

  • Page 524

    Spanning T ree Configuration Comma nd Set Configuring Spanning T ree Port Parameters 6-96 Matrix NSA Series Configuration Gui de 6.2.2.4 show spantree port admin Use this command to display the status of th e Spanning Tree algorithm on one or more ports. show spantree portadmin [ port port-string ] Synt ax Description Command Default s If port-stri[...]

  • Page 525

    Spanning T ree Configura ti on Command Set Configuring Spanning T ree Port Parameters Matrix NSA Series Configuration Guide 6-97 6.2.2.5 set spantree port admin Use this command to disable or enable the Sp anning T ree algorithm on one or more ports. set spantree portadmin port-stri ng {disable | enable} Synt ax Description Command Default s None. [...]

  • Page 526

    Spanning T ree Configuration Comma nd Set Configuring Spanning T ree Port Parameters 6-98 Matrix NSA Series Configuration Gui de 6.2.2.6 clear spantree port admin Use this command to reset the default Spanning T ree admin status to enable on one or more ports. clear spantree portadmin port-string Synt ax Description Command Default s None. Command [...]

  • Page 527

    Spanning T ree Configura ti on Command Set Configuring Spanning T ree Port Parameters Matrix NSA Series Configuration Guide 6-99 6.2.2.7 set spantree protomigration Use this command to reset the protocol state migration machine for one or more Spanning T ree ports. When operating in RSTP mode, this forces a port to transmit MSTP BPDUs. set spantree[...]

  • Page 528

    Spanning T ree Configuration Comma nd Set Configuring Spanning T ree Port Parameters 6-100 Matrix NSA Series Configuration Guide 6.2.2.8 show spantree port st ate Use this command to display the state (blocking, forwarding, etc.) for a port on one or more Spanning T rees. show spantree portstate [ port port-string ] [ sid sid ] Synt ax Description [...]

  • Page 529

    Spanning T ree Configura ti on Command Set Configuring Spanning T ree Port Parameters Matrix NSA Series Configu ration Guide 6-1 01 6.2.2.9 show spantree blocked port s Use this command to display the blocked ports in a Spanning T ree. A port in this state does not participate in the transmission of frames, thus preventing duplicat ion arising thro[...]

  • Page 530

    Spanning T ree Configuration Comma nd Set Configuring Spanning T ree Port Parameters 6-102 Matrix NSA Series Configuration Guide 6.2.2.10 show spantree portpri Use this command to show the Spanning T ree priority for one or more ports. Port priority is a component of the port ID, which is one elemen t used in determining Sp anning T ree port roles.[...]

  • Page 531

    Spanning T ree Configura ti on Command Set Configuring Spanning T ree Port Parameters Matrix NSA Series Configu ration Guide 6-1 03 6.2.2.1 1 set sp antree portpri Use this command to set a port’ s Spanning T ree priority . set spantree portpri port-string priority [ sid sid ] Synt ax Description Command Default s If sid is not specified, port pr[...]

  • Page 532

    Spanning T ree Configuration Comma nd Set Configuring Spanning T ree Port Parameters 6-104 Matrix NSA Series Configuration Guide 6.2.2.12 clear spantree portpri Use this command to reset the bridge priority of a Spanning T ree port to a default value of 128. clear spantree portpri port-stri ng [ sid sid ] Synt ax Description Command Default s If si[...]

  • Page 533

    Spanning T ree Configura ti on Command Set Configuring Spanning T ree Port Parameters Matrix NSA Series Configu ration Guide 6-1 05 6.2.2.13 set sp antree porthello Use this command to set the hello tim e for one or more Spanning T ree ports. This is the time interval (in seconds) the port(s) will transmit BPDUs. set spantree porthello port-string [...]

  • Page 534

    Spanning T ree Configuration Comma nd Set Configuring Spanning T ree Port Parameters 6-106 Matrix NSA Series Configuration Guide 6.2.2.14 clear spantree porthello Use this command to reset the hello time for one or more Spanning T ree ports to the default of 2 seconds. clear spantree porthello port-string Synt ax Description Command Default s None.[...]

  • Page 535

    Spanning T ree Configura ti on Command Set Configuring Spanning T ree Port Parameters Matrix NSA Series Configu ration Guide 6-1 07 6.2.2.15 show sp antree portco st Use this command to display cost values assign ed to one or more Spanning T ree ports. show spantree portcost [ port port-string ] [ sid sid ] Synt ax Description Command Default s •[...]

  • Page 536

    Spanning T ree Configuration Comma nd Set Configuring Spanning T ree Port Parameters 6-108 Matrix NSA Series Configuration Guide 6.2.2.16 show spantree adminp athcost Use this command to display the admin path cost for a port on one or more Spanning T rees. show spantree adminpathcost [ port port-string ] [ sid sid ] Synt ax Description Command Def[...]

  • Page 537

    Spanning T ree Configura ti on Command Set Configuring Spanning T ree Port Parameters Matrix NSA Series Configu ration Guide 6-1 09 6.2.2.17 set sp antree adminpathcost Use this command to set the administrative path cost on a port and one or more Spanning T rees. set spantree adminpathcost port-string cost [ sid sid ] Synt ax Description Command D[...]

  • Page 538

    Spanning T ree Configuration Comma nd Set Configuring Spanning T ree Port Parameters 6-1 10 Matrix NSA Series C onfiguration Guide 6.2.2.18 clear spantree adminp athcost Use this command to reset the Spanning T ree de fault value for port admin path cost to 0. clear spantree adminpathcost port-string [ sid sid ] Synt ax Description Command Default [...]

  • Page 539

    Spanning T ree Configura ti on Command Set Configuring Spanning T ree Port Parameters Matrix NSA Series Configuration Guide 6-1 1 1 6.2.2.19 show sp antree adminedg e Use this command to display the edge port administrative status for a port. show spantree adminedge [ port port-string ] Synt ax Description Command Default s If port-string is not sp[...]

  • Page 540

    Spanning T ree Configuration Comma nd Set Configuring Spanning T ree Port Parameters 6-1 12 Matrix NSA Series C onfiguration Guide 6.2.2.20 set spantree adminedge Use this command to set the edge port administrative status on a Spanning T ree port. set spantree adminedge port-string {true | false} Synt ax Description Command Default s None. Command[...]

  • Page 541

    Spanning T ree Configura ti on Command Set Configuring Spanning T ree Port Parameters Matrix NSA Series Configuration Guide 6-1 13 6.2.2.21 clear sp antree adminedge Use this command to reset a Spanning Tr ee port to non-edge status. clear spantree adminedge port-string Synt ax Description Command Default s None. Command T ype Switch command. Comma[...]

  • Page 542

    Spanning T ree Configuration Comma nd Set Configuring Spanning T ree Port Parameters 6-1 14 Matrix NSA Series C onfiguration Guide 6.2.2.22 show spantree operedge Use this command to display the Spanning T r ee edge port operating status for a port. show spantree operedge [ port port-string] Synt ax Description Command Default s If port-string is n[...]

  • Page 543

    Spanning T ree Configura ti on Command Set Configuring Spanning T ree Port Parameters Matrix NSA Series Configuration Guide 6-1 15 6.2.2.23 show sp antree adminpoint Use this command to display the administrative poi nt-to-point status of the LAN segment attached to a Spanning T ree port. show spantree adminpoint [ port port-string] Synt ax Descrip[...]

  • Page 544

    Spanning T ree Configuration Comma nd Set Configuring Spanning T ree Port Parameters 6-1 16 Matrix NSA Series C onfiguration Guide 6.2.2.24 show spantree operpoint Use this command to display the op erating point-to-point status of the LAN segment attached to a port. show spantree operpoint [ port port-string] Synt ax Description Command Default s [...]

  • Page 545

    Spanning T ree Configura ti on Command Set Configuring Spanning T ree Port Parameters Matrix NSA Series Configuration Guide 6-1 17 6.2.2.25 set sp antree adminpoint Use this command to set the administrativ e point-to-point stat us of the LAN segment attached to a Spanning T ree port. set spantree adminpoint port-string {true | false | auto} Synt a[...]

  • Page 546

    Spanning T ree Configuration Comma nd Set Configuring Spanning T ree Port Parameters 6-1 18 Matrix NSA Series C onfiguration Guide 6.2.2.26 clear spantree adminpoint Use this command to reset the administrative point-to-poi nt status of the LAN segment attached to a Spanning T ree port to auto mode. clear spantree adminpoint port-string Synt ax Des[...]

  • Page 547

    Spanning T ree Configura ti on Command Set Configuring Spanning T ree Loop Protect Features Matrix NSA Series Configuration Guide 6-1 19 6.2.3 Configuring Sp anning T ree Loop Protect Features Purpose T o display and set Spanning T ree Loop Protect para meters, including the glob al parameters of Loop Protect threshold, window , enablin g traps, an[...]

  • Page 548

    Spanning T ree Configuration Comma nd Set Configuring Spanning T ree Loop Protect Features 6-120 Matrix NSA Series Configuration Guide • set spantree disputedbpduthreshold ( Section 6.2.3.18 ) • show spantree disputed bpduthreshold ( Section 6.2.3.19 ) • clear spantree disputedbpduthreshold ( Section 6.2.3.20 ) • show spantree nonforwarding[...]

  • Page 549

    Spanning T ree Configura ti on Command Set Configuring Spanning T ree Loop Protect Features Matrix NSA Series Configu ration Guide 6-1 21 6.2.3.1 set spantree lp Use this command to enable or disable the Loop Protect feature per port and optionally , per SID. The Loop Protect feature is disab led by default. See “Loop Prote ct” on page 6-2 for [...]

  • Page 550

    Spanning T ree Configuration Comma nd Set Configuring Spanning T ree Loop Protect Features 6-122 Matrix NSA Series Configuration Guide 6.2.3.2 show spantree lp Use this command to d isplay the Loop Protect status per port and/or per SID. show spantree lp [ port port-string ] [ sid sid ] Synt ax Description Command Default s If no port-string is spe[...]

  • Page 551

    Spanning T ree Configura ti on Command Set Configuring Spanning T ree Loop Protect Features Matrix NSA Series Configu ration Guide 6-1 23 6.2.3.3 clear sp antree lp Use this command to return the Loop Protect st atus per port and optionally , per SID, to its default state of disabled. clear spantree lp port-string [ sid sid ] Synt ax Description Co[...]

  • Page 552

    Spanning T ree Configuration Comma nd Set Configuring Spanning T ree Loop Protect Features 6-124 Matrix NSA Series Configuration Guide 6.2.3.4 show spantree lplock Use this command to d isplay the Loop Protect lock status per port and/o r per SID. A port can become locked if a configured numb er of Loop Protect events occur during the configured wi[...]

  • Page 553

    Spanning T ree Configura ti on Command Set Configuring Spanning T ree Loop Protect Features Matrix NSA Series Configu ration Guide 6-1 25 6.2.3.5 clear sp antree lplock Use this command to manually un lock a blocked port and optionally , per SID. The default state is unlocked . clear spantree lplock port-string [ sid sid ] Synt ax Description Comma[...]

  • Page 554

    Spanning T ree Configuration Comma nd Set Configuring Spanning T ree Loop Protect Features 6-126 Matrix NSA Series Configuration Guide 6.2.3.6 set spantree lpcap ablep artner Use this command to specify per port whether the link partner is Loop Protect capable. See “Loop Protect” on page 6-2 for more information. set spantree lpcapablepartner p[...]

  • Page 555

    Spanning T ree Configura ti on Command Set Configuring Spanning T ree Loop Protect Features Matrix NSA Series Configu ration Guide 6-1 27 Example This example shows how to set the Loop Prot ect capable partner to true for ge.1.1: Matrix(rw)-> set spantree lpcapabl epartner ge.1.1 true[...]

  • Page 556

    Spanning T ree Configuration Comma nd Set Configuring Spanning T ree Loop Protect Features 6-128 Matrix NSA Series Configuration Guide 6.2.3.7 show spantree lpcap ablep artner Use this command to the Loop Protect capab ility of a link partner for one or more ports. show spantree lpcapablepartner [ port port-string ] Synt ax Description Command Defa[...]

  • Page 557

    Spanning T ree Configura ti on Command Set Configuring Spanning T ree Loop Protect Features Matrix NSA Series Configu ration Guide 6-1 29 6.2.3.8 clear sp antree lpcapablep artner Use this command to reset the Loop Protect capabilit y of port link partners to the default state of false. clear spantree lpcapablepartner port-string Synt ax Descriptio[...]

  • Page 558

    Spanning T ree Configuration Comma nd Set Configuring Spanning T ree Loop Protect Features 6-130 Matrix NSA Series Configuration Guide 6.2.3.9 set sp antree lpthreshold Use this command to set the Loop Pr otect event threshold. set spantree lpthreshold value Synt ax Description Command Default s None. The default event threshold is 3. Command T ype[...]

  • Page 559

    Spanning T ree Configura ti on Command Set Configuring Spanning T ree Loop Protect Features Matrix NSA Series Configu ration Guide 6-1 31 6.2.3.10 show sp antree lpthreshold Use this command to display the current value of the Loop Prote ct event threshold. show spantree lpthreshold Synt ax Description None. Command Default s None. Command T ype Sw[...]

  • Page 560

    Spanning T ree Configuration Comma nd Set Configuring Spanning T ree Loop Protect Features 6-132 Matrix NSA Series Configuration Guide 6.2.3.1 1 clear spantree lpthreshold Use this command to return the Loop Protect event threshol d to its default value of 3. clear spantree lpthreshold Synt ax Description None. Command Default s None. Command T ype[...]

  • Page 561

    Spanning T ree Configura ti on Command Set Configuring Spanning T ree Loop Protect Features Matrix NSA Series Configu ration Guide 6-1 33 6.2.3.12 set sp antree lpwindo w Use this command to set the Loop Pr otect event window value in seconds. set spantree lpwindow value Synt ax Description Command Default s None. Command T ype Switch command. Comm[...]

  • Page 562

    Spanning T ree Configuration Comma nd Set Configuring Spanning T ree Loop Protect Features 6-134 Matrix NSA Series Configuration Guide 6.2.3.13 show spantree lpwindow Use this command to display the curre nt Loop Protect event window value. show spantree lpwindow Synt ax Description None. Command Default s None. Command T ype Switch command. Comman[...]

  • Page 563

    Spanning T ree Configura ti on Command Set Configuring Spanning T ree Loop Protect Features Matrix NSA Series Configu ration Guide 6-1 35 6.2.3.14 clear sp antree lpwindow Use this command to reset the Loop Protect even t window to the default value of 180 seconds. clear spantree lpwindow Synt ax Description None. Command Default s None. Command T [...]

  • Page 564

    Spanning T ree Configuration Comma nd Set Configuring Spanning T ree Loop Protect Features 6-136 Matrix NSA Series Configuration Guide 6.2.3.15 set spantree lptrapenable Use this command to enable or disable Loop Protect event notification. set spantree lptrapenable { enable | disable } Synt ax Description Command Default s None. Command T ype Swit[...]

  • Page 565

    Spanning T ree Configura ti on Command Set Configuring Spanning T ree Loop Protect Features Matrix NSA Series Configu ration Guide 6-1 37 6.2.3.16 show sp antree lptrap enable Use this command to display the current st atus of Loop Protect event notification. show spantree lptrapenable Synt ax Description None. Command Default s None. Command T ype[...]

  • Page 566

    Spanning T ree Configuration Comma nd Set Configuring Spanning T ree Loop Protect Features 6-138 Matrix NSA Series Configuration Guide 6.2.3.17 clear spantree lptrapenable Use this command to return the Loop Protect event notifica tion state to its default state of disabled. clear spantree lptrapenable Synt ax Description None. Command Default s No[...]

  • Page 567

    Spanning T ree Configura ti on Command Set Configuring Spanning T ree Loop Protect Features Matrix NSA Series Configu ration Guide 6-1 39 6.2.3.18 set sp antree disputedbp duthreshold Use this command to set the disp uted BPDU threshold, which is the number of disputed BPDUs that must be received on a given por t/SID until a disputed BPDU trap is s[...]

  • Page 568

    Spanning T ree Configuration Comma nd Set Configuring Spanning T ree Loop Protect Features 6-140 Matrix NSA Series Configuration Guide Example This example shows how to set the disputed BPDU threshold value to 5: Matrix(rw)-> set spantree disputedbpduth reshold 5[...]

  • Page 569

    Spanning T ree Configura ti on Command Set Configuring Spanning T ree Loop Protect Features Matrix NSA Series Configu ration Guide 6-1 41 6.2.3.19 show sp antree disputedbpduthreshold Use this command to display the current value of the disputed BPDU threshold. show spantree disputedbpduthreshold Synt ax Description None. Command Default s None. Co[...]

  • Page 570

    Spanning T ree Configuration Comma nd Set Configuring Spanning T ree Loop Protect Features 6-142 Matrix NSA Series Configuration Guide 6.2.3.20 clear spantree disputedbp duthreshold Use this command to return the disputed BPDU threshold to its de fault value of 0, meaning that disputed BPDU traps should no t be sent. clear spantree disputedbpduthre[...]

  • Page 571

    Spanning T ree Configura ti on Command Set Configuring Spanning T ree Loop Protect Features Matrix NSA Series Configu ration Guide 6-1 43 6.2.3.21 show sp antree nonforwardingreason Use this command to display the reason for placing a port in a non-forwarding state due to an exceptional condition. show spantree nonforwardingreason [ port port-strin[...]

  • Page 572

    Spanning T ree Configuration Comma nd Set Configuring Spanning T ree Loop Protect Features 6-144 Matrix NSA Series Configuration Guide[...]

  • Page 573

    Matrix NSA Series Configurati on Guide 7-1 7 802.1Q VLAN Configuration This chapter describes the Matrix system’ s ca pabilities to implement 802.1Q virtual LANs (VLANs). It documents how to: • Create, enable, disable and name a VLAN. • Review status and other in formation related to VLANs. • Assign ports to a VLAN and filter unwanted frame[...]

  • Page 574

    Process Overview: 802.1Q VLAN Configuration Port S tring Syntax Used in the CLI 7-2 Matrix NSA Series Configuration Guide 7.1.2 Port String Synt ax Used in the CLI For information on how to designate port numbers in the CLI syntax, refer to Section 4.1.1 . 7.2 PROCESS OVERVIEW: 802 .1Q VLAN CONFIGURATION Use the following steps as a guid e to confi[...]

  • Page 575

    VLAN Configurati on Command Set Reviewing Existing VLANs Matrix NSA Series Configuration Guide 7-3 7.3 VLAN CONFIGURATION COMMAND SET 7.3.1 Reviewing Existing VLANs Purpose T o display a list of VLANs currently configured on the device, to determine how on e or more VLANs were created, the ports allowed and disallo wed to transmit traffic belonging[...]

  • Page 576

    VLAN Configuration Command Set Reviewing Existing VLAN s 7-4 Matrix NSA Series Configuration Guide 7.3.1.1 show vlan Use this command to display all informatio n related to one or more VLANs. show vlan [static ] [ vlan-list ] Synt ax Description Command Default s If no options are specified, all information related to static and dynamic VLANs will [...]

  • Page 577

    VLAN Configurati on Command Set Reviewing Existing VLANs Matrix NSA Series Configuration Guide 7-5 Example This example shows how to display informatio n for VLAN 1. In this case, V LAN 1 is named “DEF AUL T VLAN” and it is enabled to operate. Ports allowed to transmit frames belonging to VLAN 1 are listed as egress ports. Ports that won’ t i[...]

  • Page 578

    VLAN Configuration Command Set Creating and Naming St atic VLANs 7-6 Matrix NSA Series Configuration Guide 7.3.2 Creating and Naming St atic VLANs Purpose T o create a new static VLAN, or to enable or disable existing VLAN(s ). Commands The commands used to create and name static VLANs are list ed below and described in the associated section as sh[...]

  • Page 579

    VLAN Configurati on Command Set Creating and Naming St atic VLANs Matrix NSA Series Configuration Guide 7-7 7.3.2.1 set vlan Use this command to create a new static IEEE 802 .1Q VLAN, or to enable or disable an existing VLAN. Once a VLAN is created, you can assign it a name using the set vlan name command described in Section 7.3.2.2 . set vlan {cr[...]

  • Page 580

    VLAN Configuration Command Set Creating and Naming St atic VLANs 7-8 Matrix NSA Series Configuration Guide 7.3.2.2 set vlan name Use this command to set or change the ASCII name for a new or existing VLAN. set vlan name vlan-list vlan-name Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example Th[...]

  • Page 581

    VLAN Configurati on Command Set Creating and Naming St atic VLANs Matrix NSA Series Configuration Guide 7-9 7.3.2.3 clear vlan Use this command to remove a static VLAN from the list of VLANs reco gnized by the device. clear vlan vlan-list Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example Thi[...]

  • Page 582

    VLAN Configuration Command Set Creating and Naming St atic VLANs 7-10 Matrix NSA Series Configuration Gui de 7.3.2.4 clear vlan n ame Use this command to remove the name of a VLAN from the VLAN list. clear vlan name vlan-list Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example This example sho[...]

  • Page 583

    VLAN Configurati on Command Set Assigning Port VLAN IDs (PVID s) and Ingress Filtering Matrix NSA Series Configuration Guide 7-1 1 7.3.3 Assigning Port VLAN IDs (P VIDs) and Ingress Filtering About P V IDs and Policy Classification to a VLAN Port VLAN IDs (PVIDs) assign VLAN IDs to untagg ed frames on one or more ports. Using the set port vlan comm[...]

  • Page 584

    VLAN Configuration Command Set Assigning Port VLAN IDs (PVIDs) and Ingress Filtering 7-12 Matrix NSA Series Configuration Gui de • show port discard ( Section 7.3.3.9 ) • set port discard ( Section 7.3.3.10 ) • clear port discard ( Section 7.3.3.1 1 )[...]

  • Page 585

    VLAN Configurati on Command Set Assigning Port VLAN IDs (PVID s) and Ingress Filtering Matrix NSA Series Configuration Guide 7-13 7.3.3.1 show port vlan Use this command to display port VLAN identif ier (PVID) information. PVID determines the VLAN to which all untagged frames received on one or more ports will be classified. show port vlan [ port-s[...]

  • Page 586

    VLAN Configuration Command Set Assigning Port VLAN IDs (PVIDs) and Ingress Filtering 7-14 Matrix NSA Series Configuration Gui de 7.3.3.2 set port vlan Use this command to configure the PVID (port VL AN identifier) for one or more ports. The PVID is used to classify untagged frames as they ingress into a given port. If the specified VLAN has not alr[...]

  • Page 587

    VLAN Configurati on Command Set Assigning Port VLAN IDs (PVID s) and Ingress Filtering Matrix NSA Series Configuration Guide 7-15 Example This exampl e shows h ow to ad d fe.1.10 to th e port VLAN list of VLAN 4 (PVID 4). Since VLAN 4 is a new VLAN, it is created. Then port fe.1.1 0 is added to VLAN 4’ s untagged egress list, and is cleared from [...]

  • Page 588

    VLAN Configuration Command Set Assigning Port VLAN IDs (PVIDs) and Ingress Filtering 7-16 Matrix NSA Series Configuration Gui de 7.3.3.3 clear port vlan Use this command to reset a port’ s 802.1Q port VLAN ID (PVID) to the host VLAN ID 1. clear port vlan port-string Synt ax Description Command Default s None. Command T ype Switch command. Command[...]

  • Page 589

    VLAN Configurati on Command Set Assigning Port VLAN IDs (PVID s) and Ingress Filtering Matrix NSA Series Configuration Guide 7-17 7.3.3.4 show vlan interface Use this command to display the MIB -II interface entry mapped to a VLAN. show vlan interface [ vlan-list ] Synt ax Description Command Default s If vlan-list is not specified, MIB2 interface [...]

  • Page 590

    VLAN Configuration Command Set Assigning Port VLAN IDs (PVIDs) and Ingress Filtering 7-18 Matrix NSA Series Configuration Gui de 7.3.3.5 set vlan interface Use this command to create, disable or enables a MIB-II interfa ce mapped to a VLAN. set vlan interface vlan-list { create | disable | enable } [ volatile ] Synt ax Description Command Default s[...]

  • Page 591

    VLAN Configurati on Command Set Assigning Port VLAN IDs (PVID s) and Ingress Filtering Matrix NSA Series Configuration Guide 7-19 7.3.3.6 clear vlan interface Use this command to clear the MIB -II interface entry ma pped to a VLAN. clear vlan interface vlan-list Synt ax Description Command Default s None. Command T ype Switch command. Command Mode [...]

  • Page 592

    VLAN Configuration Command Set Assigning Port VLAN IDs (PVIDs) and Ingress Filtering 7-20 Matrix NSA Series Configuration Gui de 7.3.3.7 show port ingress filter Use this command to show all ports that are en abled for port ingress filte ring, which limits incoming VLAN ID frames according to a port VLAN egress lis t. If the VLAN ID spec ified in t[...]

  • Page 593

    VLAN Configurati on Command Set Assigning Port VLAN IDs (PVID s) and Ingress Filtering Matrix NSA Series Configuration Guide 7-21 7.3.3.8 set port ingress filter Use this command to discard all frames received w ith a VLAN ID that don’t match the port’ s VLAN egress list. When ingress filtering is enabled on a port, the VLAN IDs of incoming fra[...]

  • Page 594

    VLAN Configuration Command Set Assigning Port VLAN IDs (PVIDs) and Ingress Filtering 7-22 Matrix NSA Series Configuration Gui de 7.3.3.9 show port discard Use this command to display the frame discard mode for one or more ports. Ports can be set to discard frames based on whether or not they contain a VLAN tag. They can also be set to discard both [...]

  • Page 595

    VLAN Configurati on Command Set Assigning Port VLAN IDs (PVID s) and Ingress Filtering Matrix NSA Series Configuration Guide 7-23 7.3.3.10 set port discard Use this command to set the frame di scard mode on one or more ports. s et port discard port-string { tagged | untagged | none | both } Synt ax Description Command Default s None. Command T ype [...]

  • Page 596

    VLAN Configuration Command Set Assigning Port VLAN IDs (PVIDs) and Ingress Filtering 7-24 Matrix NSA Series Configuration Gui de 7.3.3.1 1 clear port discard Use this command to reset the frame discard mode to the factory default setting (none). clear port discard port-string Synt ax Description Command Default s None. Command T ype Switch command.[...]

  • Page 597

    VLAN Configurati on Command Set Configuring the VLAN Egre ss List Matrix NSA Series Configuration Guide 7-25 7.3.4 Configuring the VLAN Egress List Purpose T o assign or remove ports on the egress list of a pa rticular VLAN. This dete rmines which ports will be eligible to transmit frames for a particular VLAN. For example, port s 1, 5, 9, 8 could [...]

  • Page 598

    VLAN Configuration Command Set Configuring the VLAN Egress List 7-26 Matrix NSA Series Configuration Gui de 7.3.4.1 show port egress Use this command to display the VLAN membership for one or more ports. show port egress [ port-string ] Synt ax Description Command Default s If port-string is not specified, VLAN membership will be displayed for all [...]

  • Page 599

    VLAN Configurati on Command Set Configuring the VLAN Egre ss List Matrix NSA Series Configuration Guide 7-27 7.3.4.2 set vlan egress Use this command to add ports to the VLAN egress list for the device, or to prevent one or more ports from participating in a VLAN. This de termines which ports will transmit frames for a particular VLAN. set vlan egr[...]

  • Page 600

    VLAN Configuration Command Set Configuring the VLAN Egress List 7-28 Matrix NSA Series Configuration Gui de This example shows how to forbid Fast Ethernet ports 13 through 15 in port group 1 from joining VLAN 7 and disallow egress on those ports: This example shows how to allow Fast Ethernet p ort 2 in port group 1 to transmit VLAN 7 frames as unta[...]

  • Page 601

    VLAN Configurati on Command Set Configuring the VLAN Egre ss List Matrix NSA Series Configuration Guide 7-29 7.3.4.3 clear vlan egress Use this command to remove ports from a VLAN’ s egress list. clear vlan egress vlan-list port-string [ forb idden ] Synt ax Description Command Default s If forbidden is not specified, tagged and un tagged setting[...]

  • Page 602

    VLAN Configuration Command Set Configuring the VLAN Egress List 7-30 Matrix NSA Series Configuration Gui de 7.3.4.4 show vlan dynamic egress Use this command to display which VLANs are currently enabled for VLAN dynamic egress. show vlan dynamicegress [ vlan-list ] Synt ax Description Command Default s If vlan-list is not specified, status for all [...]

  • Page 603

    VLAN Configurati on Command Set Configuring the VLAN Egre ss List Matrix NSA Series Configuration Guide 7-31 7.3.4.5 set vlan dynamicegress Use this command to set the administrative status of one or more VLANs’ dynamic egress capability . If VLAN dynamic egress is enabled, the device will ad d the port receiving a tagged frame to the VLAN egress[...]

  • Page 604

    VLAN Configuration Command Set Creating a Secure Manag ement VLAN 7-32 Matrix NSA Series Configuration Gui de 7.3.5 Creating a Secu re Management VLAN If the Matrix Series device is to be configur ed for multiple VLAN’ s, it may be desirable to configure a management-only VLAN. This allows a station connected to the managemen t VLAN to manage the[...]

  • Page 605

    VLAN Configurati on Command Set Enabling/Disabling GVRP Matrix NSA Series Configuration Guide 7-33 7.3.6 Enabling/Disabling GVRP Purpose T o dynamically create VLANs across a switc he d network. The GVRP (GARP VLAN Reg istration Protocol) command set is used to display GVRP configuration informatio n, the current global GVRP state setting, individu[...]

  • Page 606

    VLAN Configuration Command Set Enabling/Disabling GVRP 7-34 Matrix NSA Series Configuration Gui de Figure 7-1 Example of VLAN Prop agation via GVRP Configuring a VLAN on an 802.1Q switch creates a static VLAN entry . The entry will always remain registered and will not time out. Howe ver, dynamic entries will ti me-out and their registrations will [...]

  • Page 607

    VLAN Configurati on Command Set Enabling/Disabling GVRP Matrix NSA Series Configuration Guide 7-35 Commands The commands used to configure GVRP are listed be low and described in the associated section as shown. • show gvrp ( Section 7.3.6.1 ) • show garp timer ( Section 7.3.6.2 ) • set gvrp ( Section 7.3.6.3 ) • clear gvrp ( Section 7.3.6.[...]

  • Page 608

    VLAN Configuration Command Set Enabling/Disabling GVRP 7-36 Matrix NSA Series Configuration Gui de 7.3.6.1 show gvrp Use this command to display GV RP configuration information. show gvrp [ port-string ] Synt ax Description Command Default s If port-string is not specified, GVRP configuration i nformation will be displayed for all ports and the dev[...]

  • Page 609

    VLAN Configurati on Command Set Enabling/Disabling GVRP Matrix NSA Series Configuration Guide 7-37 GVRP status Whether GV RP is enabled or disable d on the port. Last PDU Origin MAC address of the la st GVRP frame received on the port. T able 7-4 show gvrp Out put Details ( Continued) Output What It Displays...[...]

  • Page 610

    VLAN Configuration Command Set Enabling/Disabling GVRP 7-38 Matrix NSA Series Configuration Gui de 7.3.6.2 show garp timer Use this command to display GARP ti mer values for one or more ports. show garp timer [ port-string ] Synt ax Description Command Default s If port-string is not specified, GARP timer informa tion will be displayed for all port[...]

  • Page 611

    VLAN Configurati on Command Set Enabling/Disabling GVRP Matrix NSA Series Configuration Guide 7-39 Ta b l e 7 - 5 provides an explanation of t he command output. For detai ls on using the set gvrp command to enable or disable GVRP , refer to Section 7.3.6.3 . For details on using the set garp timer command to change defau lt timer values, refer to [...]

  • Page 612

    VLAN Configuration Command Set Enabling/Disabling GVRP 7-40 Matrix NSA Series Configuration Gui de 7.3.6.3 set gvrp Use this command to enable or disable GV RP globally on the device or on one or more p orts. set gvrp {enable | disable} [ port-string ] Synt ax Description Command Default s If port-string is not specified, GVRP will be disabled or e[...]

  • Page 613

    VLAN Configurati on Command Set Enabling/Disabling GVRP Matrix NSA Series Configuration Guide 7-41 7.3.6.4 clear gvrp Use this command to clear GVRP status or on one or more ports. clear gvrp [ port-string ] Synt ax Description Command Default s If port-string is not specified, GVRP status will be cleared for all ports. Command T ype Switch command[...]

  • Page 614

    VLAN Configuration Command Set Enabling/Disabling GVRP 7-42 Matrix NSA Series Configuration Gui de 7.3.6.5 set garp timer Use this command to adjust the values of the join, le ave, and leaveall timers. set garp timer {[j oin timer -value ] [leave timer-value ] [ leaveall timer -value ]} port-string Synt ax Description Command Default s None. Comman[...]

  • Page 615

    VLAN Configurati on Command Set Enabling/Disabling GVRP Matrix NSA Series Configuration Guide 7-43 This example shows how to set the leaveall timer value to 20000 centiseconds for all ports: Matrix(rw)-> set garp timer leavea ll 20000 *.*.*[...]

  • Page 616

    VLAN Configuration Command Set Enabling/Disabling GVRP 7-44 Matrix NSA Series Configuration Gui de 7.3.6.6 clear garp timer Use this command to reset GARP timers back to default values. clear garp timer { [j oin ] [leave ] [ leaveall ]} port-string Synt ax Description Command Default s At least one optional para meter must be entered. Command T ype[...]

  • Page 617

    Matrix NSA Series Configurati on Guide 8-1 8 Policy Classification Configuration This chapter describes the Policy Classificati on set of commands and how to use them. 8.1 POLICY CLASSIFICATION CONFIGURATION SUMMARY Matrix Series devices support policy profile-based provisioning of network reso urces by all owing IT administrators to: • Create, c[...]

  • Page 618

    Process Overview: Policy Classification Configuration Configuring Policy Profiles 8-2 Matrix NSA Series Configuration Guide 8.2 PROCESS OVERVIEW: POLICY CLASSIFICATION CONFIGURATION Use the following steps as a guide to co nfigure policy clas sification on the device: 1. Configuring policy profiles ( Section 8.3.1 ) 2. Assigning classification rule[...]

  • Page 619

    Policy Classification Configurati on Command Set Configuring Policy Pro fi les Matrix NSA Series Configuration Guide 8-3 • show policy syslog ( Section 8.3.1.1 1 ) • set policy syslog ( Section 8.3.1.12 ) • clear policy syslog ( Section 8.3.1.13 ) • set policy maptable ( Section 8.3.1.14 ) • show policy maptable ( Section 8.3.1.15 ) • c[...]

  • Page 620

    Policy Classification Config uration Command Set Configuring Policy Profiles 8-4 Matrix NSA Series Configuration Guide 8.3.1.1 show policy profile Use this command to display policy profile information. show policy profile { all | profile-index [ consecutive-pids ] [ -verbose ]} Synt ax Description Command Default s If optional parameters are no t [...]

  • Page 621

    Policy Classification Configurati on Command Set Configuring Policy Pro fi les Matrix NSA Series Configuration Guide 8-5 Ta b l e 8 - 1 provides an explanation of the co mma nd output. T able 8-1 show policy profile Output Det ails Output What It Displays... Profile Index Number of the prolicy profile. Profile Name User-supplied name assigned to th[...]

  • Page 622

    Policy Classification Config uration Command Set Configuring Policy Profiles 8-6 Matrix NSA Series Configuration Guide 8.3.1.2 set policy profile Use this command to create a poli cy profile entry . set policy profile pr ofile-index [ name na me ] [ pvid-status { enable | disable }] [ pvid pvid ] [ cos-status { enable | disable }] [ cos cos ] [ egr[...]

  • Page 623

    Policy Classification Configurati on Command Set Configuring Policy Pro fi les Matrix NSA Series Configuration Guide 8-7 Command Default s If optional parameters are not specified, none will be applied. Command T ype Switch command. Command Mode Read-W rite. Example This example shows how to create a policy profile 1 named “netadmin” with PVID [...]

  • Page 624

    Policy Classification Config uration Command Set Configuring Policy Profiles 8-8 Matrix NSA Series Configuration Guide 8.3.1.3 clear policy profile Use this command to dele te a policy profile entry . clear policy profile pr ofile-index Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example This [...]

  • Page 625

    Policy Classification Configurati on Command Set Configuring Policy Pro fi les Matrix NSA Series Configuration Guide 8-9 8.3.1.4 show policy invalid Displays information ab out the action the device will apply on an invalid or unknown policy . show policy invalid { action | count | all } Synt ax Description Command Default s None. Command T ype Swi[...]

  • Page 626

    Policy Classification Config uration Command Set Configuring Policy Profiles 8-10 Matrix NSA Series Configuration Gui de 8.3.1.5 set policy in valid action Use this command to assign the action the device will apply to an invalid or unknown policy . set policy invalid action { default-policy | drop | forward } Synt ax Description Command Default s [...]

  • Page 627

    Policy Classification Configurati on Command Set Configuring Policy Pro fi les Matrix NSA Series Configuration Guide 8-1 1 8.3.1.6 clear policy invalid action Use this command to reset the action the device wi ll apply to an invalid or unknown policy to the default action of applyi ng the default policy . clear policy invalid action Synt ax Descrip[...]

  • Page 628

    Policy Classification Config uration Command Set Configuring Policy Profiles 8-12 Matrix NSA Series Configuration Gui de 8.3.1.7 set port tci overwrite Use this command to enable or disable the TCI overwrite function on one or more ports. When enabled, this allows policy rules to overwrite user priority and other cla ssification information in the [...]

  • Page 629

    Policy Classification Configurati on Command Set Configuring Policy Pro fi les Matrix NSA Series Configuration Guide 8-13 8.3.1.8 show policy accounting Use this command to display th e status of policy accounting. show policy accounting Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-Only . Example[...]

  • Page 630

    Policy Classification Config uration Command Set Configuring Policy Profiles 8-14 Matrix NSA Series Configuration Gui de 8.3.1.9 set policy accou nting Use this command to enable or disable p olicy acc ounting, whic h controls the collection of classification rule statistics. This function is enabled by default. set policy accounting { enable | dis[...]

  • Page 631

    Policy Classification Configurati on Command Set Configuring Policy Pro fi les Matrix NSA Series Configuration Guide 8-15 8.3.1.10 clear policy accounting Use this command to restore policy acco unting to its default state of enabled. clear policy accounting Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mod[...]

  • Page 632

    Policy Classification Config uration Command Set Configuring Policy Profiles 8-16 Matrix NSA Series Configuration Gui de 8.3.1.1 1 show policy syslog Use this command to show the formatting of rule usage messages . The messages will be either machine-readable or human-readable. show policy syslog machine-readable Synt ax Description Command Default[...]

  • Page 633

    Policy Classification Configurati on Command Set Configuring Policy Pro fi les Matrix NSA Series Configuration Guide 8-17 8.3.1.12 set policy syslog Use this command to set the rule usage messages as either machin e-readable or human-readable. set policy syslog machine-re adable {enable | disable} Synt ax Description Command Default s None. Command[...]

  • Page 634

    Policy Classification Config uration Command Set Configuring Policy Profiles 8-18 Matrix NSA Series Configuration Gui de 8.3.1.13 clear policy syslog Use this command to clear the rule usage messages to the default state of disabled (human-readable). clear policy syslog machine-readable Synt ax Description Command Default s None. Command T ype Swit[...]

  • Page 635

    Policy Classification Configurati on Command Set Configuring Policy Pro fi les Matrix NSA Series Configuration Guide 8-19 8.3.1.14 set policy maptable Use this command to set the Set VLAN ID - Policy Profile mappings table. set policy maptable { vlan-list profile-index | response {tunnel | policy | both}} Synt ax Description Command Default s None.[...]

  • Page 636

    Policy Classification Config uration Command Set Configuring Policy Profiles 8-20 Matrix NSA Series Configuration Gui de 8.3.1.15 show pol icy mapt able Use this command to display the VLAN ID - Policy Profile mappings table. show policy maptable vlan-list Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read. [...]

  • Page 637

    Policy Classification Configurati on Command Set Configuring Policy Pro fi les Matrix NSA Series Configuration Guide 8-21 8.3.1.16 clear policy mapt able Use this command to clea r the VLAN ID - Policy Profile mappings table. clear policy maptable vlan-list | response Synt ax Description Command Default s None. Command T ype Switch command. Command[...]

  • Page 638

    Policy Classification Config uration Command Set Assigning Classificati on Rule s to Policy Profiles 8-22 Matrix NSA Series Configuration Gui de 8.3.2 Assigning Classi fication Rules to Policy Profiles Purpose T o review , assign and unassign classification an d admin rules. Classification rules map policy profiles to protocol-b ased frame filterin[...]

  • Page 639

    Policy Classification Configurati on Command Set Assigning Classification Rules to Policy Profiles Matrix NSA Series Configuration Guide 8-23 8.3.2.1 show policy rule Use this command to display policy cla ssification and admin rule information. show policy rule [ attribute ] | [ all ] | [ admin-profile ] | [ pr ofile-index ] [ ether | ipdest | ipf[...]

  • Page 640

    Policy Classification Config uration Command Set Assigning Classificati on Rule s to Policy Profiles 8-24 Matrix NSA Series Configuration Gui de Command Default s • If port-string , rule status, storage type, Syslog state, trap, and usage-list are not specified, all rules related to othe r specifications will be displayed. • If verbose is not s[...]

  • Page 641

    Policy Classification Configurati on Command Set Assigning Classification Rules to Policy Profiles Matrix NSA Series Configuration Guide 8-25 Examples This example shows how to display policy classif ication information for Ethernet type 2 rules: This example shows how to display admin rule information for the polic y profile with index number 1: T[...]

  • Page 642

    Policy Classification Config uration Command Set Assigning Classificati on Rule s to Policy Profiles 8-26 Matrix NSA Series Configuration Gui de PortStr Ingress port(s) to which this rule applies. RS Whether or not the status of th is rule is active (A), not in service or not ready . ST Whether or not this rule’ s st orage type is non-volatile (N[...]

  • Page 643

    Policy Classification Configurati on Command Set Assigning Classification Rules to Policy Profiles Matrix NSA Series Configuration Guide 8-27 8.3.2.2 show policy cap ability Use this command to display all policy classification capabilities su pported by your Matrix S eries device. The o utput of this comma nd shows a tabl e listing classifiable tr[...]

  • Page 644

    Policy Classification Config uration Command Set Assigning Classificati on Rule s to Policy Profiles 8-28 Matrix NSA Series Configuration Gui de Matrix(rw)-> show policy capability The following supports related to policy are supported in this device: VLAN Forwarding Priorit y Permit Deny TCI Overwrite Rule-Use Notification Rules Table Rule-Us e[...]

  • Page 645

    Policy Classification Configurati on Command Set Assigning Classification Rules to Policy Profiles Matrix NSA Series Configuration Guide 8-29 8.3.2.3 set policy classify Use this command to assign incomi ng un tagged frames to a specif ic policy profile, classification and to VLAN or Class-of-Service classification rules. set policy classify pr ofi[...]

  • Page 646

    Policy Classification Config uration Command Set Assigning Classificati on Rule s to Policy Profiles 8-30 Matrix NSA Series Configuration Gui de Command Default s • If mask is not specified, all data bits will be considered relevant. Command T ype Switch command. Command Mode Read-W rite. Examples This example shows how to use Ta b l e 8 - 3 to c[...]

  • Page 647

    Policy Classification Configurati on Command Set Assigning Classification Rules to Policy Profiles Matrix NSA Series Configuration Guide 8-31 8.3.2.4 set policy rule Use this command to assign inco ming untagged frames to a specific policy profile and to VLAN or Class-of-Service classification rules. set policy rule admin-profile | pr ofile-index {[...]

  • Page 648

    Policy Classification Config uration Command Set Assigning Classificati on Rule s to Policy Profiles 8-32 Matrix NSA Series Configuration Gui de Command Default s • If mask is not specified, all data bits will be considered relevant. tcpsourceport Classifies based on TCP source port . udpdestport Classifies based on UDP destination port . udpsour[...]

  • Page 649

    Policy Classification Configurati on Command Set Assigning Classification Rules to Policy Profiles Matrix NSA Series Configuration Guide 8-33 • If port-string is not specified, rule will be scoped to all ports. Command T ype Switch command. Command Mode Read-W rite. Examples This example shows how to use Ta b l e 8 - 3 to create (and enable) a cl[...]

  • Page 650

    Policy Classification Config uration Command Set Assigning Classificati on Rule s to Policy Profiles 8-34 Matrix NSA Series Configuration Gui de ipfrag Not applicable. Not appl icable. ippr oto Protocol field in IP packet: 0 - 255 1 - 8 iptos T ype of Service field in IP packet: 0 - 255 1 - 8 llcDsapSsap DSAP/SSAP/CTRL field in llc: a-b-c-ab 1 - 40[...]

  • Page 651

    Policy Classification Configurati on Command Set Assigning Classification Rules to Policy Profiles Matrix NSA Series Configuration Guide 8-35 8.3.2.5 clear policy rule Use this command to delete one or all policy classification rule entries. clear policy rule admin-profile | pr ofile-index all-pid-entries | ether ip dest | ipfrag | ipproto | ipsour[...]

  • Page 652

    Policy Classification Config uration Command Set Assigning Classificati on Rule s to Policy Profiles 8-36 Matrix NSA Series Configuration Gui de Command Default s When applicable, data , mask , and port-string must be specified for in dividual rules to be cle ared. Command T ype Switch command. Command Mode Read-W rite. Example This example shows h[...]

  • Page 653

    Policy Classification Configurati on Command Set Assigning Classification Rules to Policy Profiles Matrix NSA Series Configuration Guide 8-37 8.3.2.6 clear policy all-rules Use this command to remove all admin and classification rules. clear policy all-rules Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mod[...]

  • Page 654

    Policy Classification Config uration Command Set Assigning Classificati on Rule s to Policy Profiles 8-38 Matrix NSA Series Configuration Gui de 8.3.2.7 set policy po rt Use this command to assign an administrative rule to a port. set policy port port-name admin-id Synt ax Description Command Default s None. Command T ype Switch command. Command Mo[...]

  • Page 655

    Policy Classification Configurati on Command Set Assigning Classification Rules to Policy Profiles Matrix NSA Series Configuration Guide 8-39 8.3.2.8 show policy allowed-type Use this command to display a list of currently supported traffic rules applied to the admininstrative profile for one or more ports. show policy allowed-type port-string [ -v[...]

  • Page 656

    Policy Classification Config uration Command Set Assigning Classificati on Rule s to Policy Profiles 8-40 Matrix NSA Series Configuration Gui de Example This example shows how to sh ow information about policie s allowed on port ge.1 .5: Matrix(rw)-> show policy allowed-type ge .1.5 SUPPORTED AND ALLOWED TRAFFIC R ULE TYPES o Means Traffic Rule [...]

  • Page 657

    Policy Classification Configurati on Command Set Assigning Classification Rules to Policy Profiles Matrix NSA Series Configuration Guide 8-41 8.3.2.9 set policy allowed-type Use this command to assign a list of traffic rules that can be applie d to the admin profile for one or more ports. set policy allowed-type port-string traffic-rule rule-list [[...]

  • Page 658

    Policy Classification Config uration Command Set Assigning Classificati on Rule s to Policy Profiles 8-42 Matrix NSA Series Configuration Gui de 8.3.2.10 clear policy allo wed-type Use this command to clear the list of traf fic rules currently assigned to the admin profile fo r one or more ports. This will reassign the default setting, which is all[...]

  • Page 659

    Policy Classification Configurati on Command Set Assigning Classification Rules to Policy Profiles Matrix NSA Series Configuration Guide 8-43 8.3.2.1 1 clear policy port-hit Use this command to clear rule port hit indications on one or more ports. clear policy port-hit { all | port-list port-list } Synt ax Description Command Default s None. Comman[...]

  • Page 660

    Policy Classification Config uration Command Set Configuring Policy Class of Service (CoS) 8-44 Matrix NSA Series Configuration Gui de 8.3.3 Configuring Policy Cl ass of Service (CoS) Using Port-Based or Policy-Based CoS Settings The Matrix Series device supports Class of Se rvice (CoS), which allows you to assign mission-critical data to higher pr[...]

  • Page 661

    Policy Classification Configurati on Command Set Configuring Policy Class of Service (CoS) Matrix NSA Series Configuration Guide 8-45 Y ou can add to these default configurations by defining new port groupings, and assigning inboun d rate limiters or transmit queues and priorities. Whether you are specifying IRL o r TXQ parameters, the process for [...]

  • Page 662

    Policy Classification Config uration Command Set Configuring Policy Class of Service (CoS) 8-46 Matrix NSA Series Configuration Gui de • show cos unit ( Section 8.3.3.4 ) • show cos port-config ( Section 8.3.3.5 ) • set cos port-config irl ( Section 8.3.3.6 ) • clear cos port-config irl ( Section 8.3.3.7 ) • set cos port-config txq ( Sect[...]

  • Page 663

    Policy Classification Configurati on Command Set Configuring Policy Class of Service (CoS) Matrix NSA Series Configuration Guide 8-47 8.3.3.1 show cos st ate Use this command to display the Class of Service enable state. show cos st ate Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-Only . Example [...]

  • Page 664

    Policy Classification Config uration Command Set Configuring Policy Class of Service (CoS) 8-48 Matrix NSA Series Configuration Gui de 8.3.3.2 set cos state Use this command to enable or disable Class of Service. set cos state { enable | disable } Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Ex[...]

  • Page 665

    Policy Classification Configurati on Command Set Configuring Policy Class of Service (CoS) Matrix NSA Series Configuration Guide 8-49 8.3.3.3 show cos port-type Use this command to display Class of Service po rt type configurations. The Matrix Series CoS implementation provides two default port type gro u pings for designating ava ilable rate limit[...]

  • Page 666

    Policy Classification Config uration Command Set Configuring Policy Class of Service (CoS) 8-50 Matrix NSA Series Configuration Gui de Example This example shows how to display all Class of Serv ice por t type information. In this case, no new port groups have been configured: Ta b l e 8 - 5 provides an explanation of the command output. Matrix(rw)[...]

  • Page 667

    Policy Classification Configurati on Command Set Configuring Policy Class of Service (CoS) Matrix NSA Series Configuration Guide 8-51 Numb T able 8-5 show cos port-type Output Det ails Output What It Displays... Index Port type index. Port type 0 designates the Matrix Platinum Series 7G4270-12 mo dule, and port type 1 d esignates all other modules.[...]

  • Page 668

    Policy Classification Config uration Command Set Configuring Policy Class of Service (CoS) 8-52 Matrix NSA Series Configuration Gui de 8.3.3.4 show cos unit Use this command to display Class of Service units of measure information, including rate type, minimum and maximum limits of the port groups, and their respective granularity . show cos unit [[...]

  • Page 669

    Policy Classification Configurati on Command Set Configuring Policy Class of Service (CoS) Matrix NSA Series Configuration Guide 8-53 8.3.3.5 show cos port-config Use this command to display Class of Service port group configurations. show cos port-config [ irl | txq ] [ gr oup-type-index ] Synt ax Description Command Default s If not specified, al[...]

  • Page 670

    Policy Classification Config uration Command Set Configuring Policy Class of Service (CoS) 8-54 Matrix NSA Series Configuration Gui de Example This example shows how to show all Class of Service port group configuration information: Matrix(rw)-> show cos port-config * Percentage/queue (if any) are approximations based on [(slices/queue) / total [...]

  • Page 671

    Policy Classification Configurati on Command Set Configuring Policy Class of Service (CoS) Matrix NSA Series Configuration Guide 8-55 8.3.3.6 set cos port-config irl Use this command to set the Class of Service inbound rate limiting port group configuration: set cos port-config irl gr oup-type-index [ name name ] [ ports port-list ] [ append ] | [ [...]

  • Page 672

    Policy Classification Config uration Command Set Configuring Policy Class of Service (CoS) 8-56 Matrix NSA Series Configuration Gui de 8.3.3.7 clear cos po rt-config irl Use this command to clear a no n-default Class of Service inbound rate limiting po rt group configuration: clear cos port-config irl all | gr oup-type-inde x {[ entry ] | [ name ] [...]

  • Page 673

    Policy Classification Configurati on Command Set Configuring Policy Class of Service (CoS) Matrix NSA Series Configuration Guide 8-57 8.3.3.8 set cos port-config txq Use this command to set the Class of Servic e transmit queue port group configuration: set cos port-config txq gr oup-type-index [ name name ] [ ports port-list ] [ append ] | [ clear [...]

  • Page 674

    Policy Classification Config uration Command Set Configuring Policy Class of Service (CoS) 8-58 Matrix NSA Series Configuration Gui de Example This example shows how to create a CoS transmit qu eue port group entry nam ed “test txq” with a port group ID of 2 and a po rt type ID of 1: Matrix(rw)-> set cos port-config txq 2.1 name test txq[...]

  • Page 675

    Policy Classification Configurati on Command Set Configuring Policy Class of Service (CoS) Matrix NSA Series Configuration Guide 8-59 8.3.3.9 clear cos port-config txq Use this command to clear one or all non-defa ult Class of Service transmit queue port group configurations: clear cos port-config txq all | gr oup-type-index { entry | name | ports [...]

  • Page 676

    Policy Classification Config uration Command Set Configuring Policy Class of Service (CoS) 8-60 Matrix NSA Series Configuration Gui de 8.3.3.10 show cos port-resource Use this command to display Class of Serv ice port resource configuration information. show cos port-resource irl gr oup-type-index [ r esour ce ] [ violators ] Synt ax Description Co[...]

  • Page 677

    Policy Classification Configurati on Command Set Configuring Policy Class of Service (CoS) Matrix NSA Series Configuration Guide 8-61 Example This example shows how to show all inbound rate limitin g port resource config uration information for port group 0.1: Matrix(rw)-> show cos port-resourc e irl 0.1 '?' after the rate value indica[...]

  • Page 678

    Policy Classification Config uration Command Set Configuring Policy Class of Service (CoS) 8-62 Matrix NSA Series Configuration Gui de 8.3.3.1 1 set cos port-resource irl Use this command to configure a Class of Serv ice inbound rate limiting port resource entry . set cos port-resource irl gr oup-type-in dex irl-number {[ unit { percentage | kbps |[...]

  • Page 679

    Policy Classification Configurati on Command Set Configuring Policy Class of Service (CoS) Matrix NSA Series Configuration Guide 8-63 Command T ype Switch command. Command Mode Read-W rite. Example This example shows how to config ure Class of Service port resource IRL entry 0 for port group 0.1 assigning an inbound rate limit of 512 k ilobits pe r[...]

  • Page 680

    Policy Classification Config uration Command Set Configuring Policy Class of Service (CoS) 8-64 Matrix NSA Series Configuration Gui de 8.3.3.12 clear cos po rt-resource irl Use this command to clear one or all Class of Service inbound rate limiting port resource configurations: clear cos port-resource irl all | gr oup-typ e-index r esource [ unit ][...]

  • Page 681

    Policy Classification Configurati on Command Set Configuring Policy Class of Service (CoS) Matrix NSA Series Configuration Guide 8-65 8.3.3.13 set cos port-resource txq Use this command to configure a Cl ass of Service transmit queue port resource entry . set cos port-resource txq gr oup-typ e-index transmit-queue {[ unit { percentage | kbps | mbps[...]

  • Page 682

    Policy Classification Config uration Command Set Configuring Policy Class of Service (CoS) 8-66 Matrix NSA Series Configuration Gui de Example This example shows how to conf igure a Class of Service port resource entry for port group 0.1 assigning 50 percent of the total availabl e inbound bandwidth to transmit queue 7: Matrix(rw)-> set cos port[...]

  • Page 683

    Policy Classification Configurati on Command Set Configuring Policy Class of Service (CoS) Matrix NSA Series Configuration Guide 8-67 8.3.3.14 clear cos port-resource txq Use this command to clear one or all Class of Service transmit queue port resource entry . clear cos port-resource txq all | gr oup-type-index r esource [ unit ] [ rate ] [ algori[...]

  • Page 684

    Policy Classification Config uration Command Set Configuring Policy Class of Service (CoS) 8-68 Matrix NSA Series Configuration Gui de 8.3.3.15 show cos reference Use this command to display Class of Service port reference information. show cos reference [ txq | irl gr oup-type-index [ re f e re n c e ]] Synt ax Description Command Default s If no [...]

  • Page 685

    Policy Classification Configurati on Command Set Configuring Policy Class of Service (CoS) Matrix NSA Series Configuration Guide 8-69 Example This example shows how to show all transmit queue reference conf iguration information for port group 0.1: Matrix(rw)-> show cos reference tx q 0.1 Group Index Reference Type Que ue ----------- --------- -[...]

  • Page 686

    Policy Classification Config uration Command Set Configuring Policy Class of Service (CoS) 8-70 Matrix NSA Series Configuration Gui de 8.3.3.16 set cos reference irl Use this command to set a Class of Service inbound rate limiting reference configuration. set cos reference irl gr oup-type-index re f e re n c e rate-limit number Synt ax Description [...]

  • Page 687

    Policy Classification Configurati on Command Set Configuring Policy Class of Service (CoS) Matrix NSA Series Configuration Guide 8-71 8.3.3.17 clear cos reference irl Use this command to clear one or all Class of Service inbound rate limiting reference configurations. clear cos reference irl { all | gro up-type-index re f e re n c e } Synt ax Descr[...]

  • Page 688

    Policy Classification Config uration Command Set Configuring Policy Class of Service (CoS) 8-72 Matrix NSA Series Configuration Gui de 8.3.3.18 set cos reference txq Use this command to set a Class of Service inbound rate limiting reference configuration. set cos reference txq gr oup-typ e-index re f e re n c e queue number Synt ax Description Comm[...]

  • Page 689

    Policy Classification Configurati on Command Set Configuring Policy Class of Service (CoS) Matrix NSA Series Configuration Guide 8-73 8.3.3.19 clear cos reference txq Use this command to clear one or all non-defa ult Class of Service transmit queue reference configurations. clear cos reference txq { all | gr oup-type-index re f e re n c e } Synt ax[...]

  • Page 690

    Policy Classification Config uration Command Set Configuring Policy Class of Service (CoS) 8-74 Matrix NSA Series Configuration Gui de 8.3.3.20 show cos settings Use this command to display Class of Service parameters. show cos settings [ cos-list ] Synt ax Description Command Default s If not specified, all CoS entries will be displayed. Command T[...]

  • Page 691

    Policy Classification Configurati on Command Set Configuring Policy Class of Service (CoS) Matrix NSA Series Configuration Guide 8-75 8.3.3.21 set cos settings Use this command to configure a Cl ass of Service entry . set cos settings cos-list [ priority priority ] [ tos-value to s-value ] [ txq-re ference txq-r efer ence ] [ irl-reference irl-r ef[...]

  • Page 692

    Policy Classification Config uration Command Set Configuring Policy Class of Service (CoS) 8-76 Matrix NSA Series Configuration Gui de 8.3.3.22 clear cos setting s Use this command to clear Class of Service entry settings. clear cos settings cos-list {[ all ] | [ priority ] [ tos-value ] [ txq-reference ] [ irl-reference ]} Synt ax Description Comm[...]

  • Page 693

    Policy Classification Configurati on Command Set Configuring Policy Class of Service (CoS) Matrix NSA Series Configuration Guide 8-77 8.3.3.23 show cos violation irl Use this command to display Class of Service violation configurations. show cos violation irl [ violation-index] Synt ax Description Command Default s If no options are specified, all [...]

  • Page 694

    Policy Classification Config uration Command Set Configuring Policy Class of Service (CoS) 8-78 Matrix NSA Series Configuration Gui de 8.3.3.24 clear cos vi olation irl Use this command to clear Class of Service in bound rate limiting violation conf igurations. clear cos violation irl { all | disabled-ports | violation-index } { both | status | cou[...]

  • Page 695

    Policy Classification Configurati on Command Set Configuring Policy Class of Service (CoS) Matrix NSA Series Configuration Guide 8-79 8.3.3.25 clear cos all-entries Use this command to clears all Class of Serv ice entries except priority settings 0 - 7. clear cos all-entries Synt ax Description None. Command Default s None. Command T ype Switch com[...]

  • Page 696

    Policy Classification Config uration Command Set Configuring Policy Class of Service (CoS) 8-80 Matrix NSA Series Configuration Gui de[...]

  • Page 697

    Matrix NSA Series Configurati on Guide 9-1 9 Port Priority and Rate Limiting Configuration This chapter describes the Port Pr iority and Rate Limiting set of commands and how to use them. 9.1 PORT PRIORITY CO NFIGURATION SUMMARY The Matrix Series device supports Class of Service (CoS), whic h allows you to assign mission-critical data to higher pr [...]

  • Page 698

    Process Overview: Port Priority and Rate Limiting Configuration Configuring Port Pri ority 9-2 Matrix NSA Series Configuration Guide 9.2 PROCESS OVERVIEW: PORT PRIORITY AND RATE LIMITING CONFIGURATION Use the following steps as a guide to the port prio rity , QoS, and rate lim iting configuration process: 1. Configuring Port Priority ( Section 9.3.[...]

  • Page 699

    Port Priority and Rate Limiting Configuration Command Set Configuring Port Priority Matrix NSA Series Configuration Guide 9-3 9.3.1.1 show port priority Use this command to display the 802. 1D priority for one or more ports. show port priority [ port-string ] Synt ax Description Command Default s If port-string is not specified, priority fo r all p[...]

  • Page 700

    Port Priority and Rate Limiting Configuratio n Command Set Configuring Port Pri ority 9-4 Matrix NSA Series Configuration Guide 9.3.1.2 set port p riority Use this command to set the 802. 1D (802.1p) Class-of-Serv ice tr ansmit queue priority (0 through 7) on each port. A port receiving a frame without priority information in its tag header is assi[...]

  • Page 701

    Port Priority and Rate Limiting Configuration Command Set Configuring Port Priority Matrix NSA Series Configuration Guide 9-5 9.3.1.3 clear port priority Use this command to reset the cu rrent CoS port priority setting to 0. This will cause all frames received without a priority value in its header to be set to priority 0. clear port priority port-[...]

  • Page 702

    Port Priority and Rate Limiting Configuratio n Command Set Configuring Priority to T r ansmit Qu eue Mapping 9-6 Matrix NSA Series Configuration Guide 9.3.2 Configuring Priority to T ransmit Queue Mapping Purpose T o perform the following: • V iew the current priority to tr ansmit queue mapping of each port, wh ich includes both physical and virt[...]

  • Page 703

    Port Priority and Rate Limiting Configuration Command Set Configuring Priority to T ransmit Queue Mapping Matrix NSA Series Configuration Guide 9-7 9.3.2.1 show port priority-queue Use this command to display the port priority levels (0 through 7, with 0 as the lowest level) associated with the current transmit queue (0 - 15 depending on port type,[...]

  • Page 704

    Port Priority and Rate Limiting Configuratio n Command Set Configuring Priority to T r ansmit Qu eue Mapping 9-8 Matrix NSA Series Configuration Guide This example shows how to display the tran smit queues associated with priority 3. Matrix(rw)-> show port priority-queue 3 fe.1.7 Priority TxQueue ---------- -------- ------- 3 1 fe.1.8 Priority T[...]

  • Page 705

    Port Priority and Rate Limiting Configuration Command Set Configuring Priority to T ransmit Queue Mapping Matrix NSA Series Configuration Guide 9-9 9.3.2.2 set port priority-queue Use this command to map 802.1D (8 02.1p) priorities to transmit queues. This enables you to change the priority queue (0-7, dependi ng on port type, with 0 being the lowe[...]

  • Page 706

    Port Priority and Rate Limiting Configuratio n Command Set Configuring Priority to T r ansmit Qu eue Mapping 9-10 Matrix NSA Series Configuration Gui de 9.3.2.3 clear port priority-queue Use this command to reset port priority queue se ttings back to defaults for one or more ports. clear port priority-queue port-string Synt ax Description Command D[...]

  • Page 707

    Port Priority and Rate Limiting Configuration Command Set Configuring Port T raffic Rate Limiting Matrix NSA Series Configuration Guide 9-1 1 9.3.3 Configuring Port T raffic Rate Limiting Purpose T o limit the rate of inbound traffic on the Matrix Se ries devic e on a per port/priority basis. The allowable range for the rate limiting is kilo bytes [...]

  • Page 708

    Port Priority and Rate Limiting Configuratio n Command Set Configuring Port T raffic Rate Limiting 9-12 Matrix NSA Series Configuration Gui de 9.3.3.1 show port ratelimit Use this command to show the traf fic rate limiting configur ation on one or more ports. show port ratelimit [ port-string ] Synt ax Description Command Default s If port-string i[...]

  • Page 709

    Port Priority and Rate Limiting Configuration Command Set Configuring Port T raffic Rate Limiting Matrix NSA Series Configuration Guide 9-13 Ta b l e 9 - 1 shows a detailed explanatio n of the command output. T able 9-1 show port ratelimit Output Det ails Output What It Displays... Port Number Port designation. For a detailed description of possibl[...]

  • Page 710

    Port Priority and Rate Limiting Configuratio n Command Set Configuring Port T raffic Rate Limiting 9-14 Matrix NSA Series Configuration Gui de 9.3.3.2 set port rateli mit Use this command to configure the traffic rate limiting st atus and threshold (in kilobytes per second) for one or more ports. set port ratelimit { disable | enable } | port-strin[...]

  • Page 711

    Port Priority and Rate Limiting Configuration Command Set Configuring Port T raffic Rate Limiting Matrix NSA Series Configuration Guide 9-15 Command Mode Read-W rite. Example This example shows how to: • globally enable rate limiting • configure rate limiting for inbound traffic on port fe .2.1, index 1, priority 5, to a threshold of 125 KBps: [...]

  • Page 712

    Port Priority and Rate Limiting Configuratio n Command Set Configuring Port T raffic Rate Limiting 9-16 Matrix NSA Series Configuration Gui de 9.3.3.3 clear port ratelimit Use this command to clear rate limiti ng parameters for one or more ports. clear port ratelimit port-string [ index ] Synt ax Description Command Default s If not specified, all [...]

  • Page 713

    Matrix NSA Series Configuration Guide 10-1 10 IGMP Configuration This chapter describes the IGMP Configurati on set of commands and how to use them. 10.1 ABOUT IP MULTICA ST GROUP MANAGEMENT The Internet Group Management Protocol (IGMP) run s between hosts and their immediat ely neighboring multic ast switch device. The pro t ocol’ s mechanisms a[...]

  • Page 714

    IGMP Configuration Summary 10-2 Matrix N SA Series Configuration Guide In addition to passively monitoring IGMP query a nd report messages, the Matrix Ser ies device can also actively send IGMP query mes sages to learn loca tions of mult icast switches and me mber hosts in multicast groups within each VLAN. However , note that IGMP neither alters n[...]

  • Page 715

    IGMP Configuration Command Set Enabling / Disabling IGMP Matrix NSA Series Configuration Guide 10-3 10.4 IGMP CONFIGURATION COMMAND SET 10.4.1 Enabling / Disabling IGMP Purpose T o display IGMP information and to enable or disable IGMP snooping on the device. Commands The commands used to display , enable and disable IGMP are listed below and descr[...]

  • Page 716

    IGMP Configuration Command Set Enabling / Disabling IGMP 10-4 Matrix N SA Series Configuration Guide 10.4.1.1 show igmp enable Use this command to display the status of IGMP on one or more VLAN(s). show igmp enable vlan-list Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-Only . Example This example shows[...]

  • Page 717

    IGMP Configuration Command Set Enabling / Disabling IGMP Matrix NSA Series Configuration Guide 10-5 10.4.1.2 set igmp en able Use this command to enable IGMP on one or more VLANs. set igmp enable vlan-list Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example This example shows how to enable IGM[...]

  • Page 718

    IGMP Configuration Command Set Enabling / Disabling IGMP 10-6 Matrix N SA Series Configuration Guide 10.4.1.3 set igmp disable Use this command to disable IGMP on one or more VLANs. set igmp enable vlan-list Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example This example shows how to disable [...]

  • Page 719

    IGMP Configuration Command Set Configuring IGMP Matrix NSA Series Configuration Guide 10-7 10.4.2 Configuring IGMP Purpose T o display and set IGMP configuration paramete rs, including query inte rval and response time settings, and to create and configure static IGMP entries. Commands The commands used to configure IGMP are listed below and descri[...]

  • Page 720

    IGMP Configuration Command Set Configuring IGMP 10-8 Matrix N SA Series Configuration Guide 10.4.2.1 show igmp query Use this command to display the IGMP query status of one or more VLANs. show igmp query vlan-list Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-Only . Example This example shows how to di[...]

  • Page 721

    IGMP Configuration Command Set Configuring IGMP Matrix NSA Series Configuration Guide 10-9 10.4.2.2 set igmp query-enab le Use this command to enable IGMP querying on one or more VLANs. set igmp query -enable vlan-list Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example This example shows how [...]

  • Page 722

    IGMP Configuration Command Set Configuring IGMP 10-10 M atrix NSA Series Configurati on Guide 10.4.2.3 set igmp query-disable Use this command to disable IGMP querying on one or more VLANs. set igmp query-disable vlan-list Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example This example show s[...]

  • Page 723

    IGMP Configuration Command Set Configuring IGMP Matrix NSA Series Configuration Guide 10-1 1 10.4.2.4 show igmp grp-full-action Use this command to show what action to take with multicast frames when the multicast IGMP group table is full show igmp grp-full-action Command Default s None. Command T ype Switch command. Command Mode Read-Only . Exampl[...]

  • Page 724

    IGMP Configuration Command Set Configuring IGMP 10-12 M atrix NSA Series Configurati on Guide 10.4.2.5 set igmp grp-full-action Use this command to determine wh at action to take with multicast frames when the multicast group table is full. set igmp grp-full-action action Synt ax Description Command Default s Flood multicast frames to the Vlan Comm[...]

  • Page 725

    IGMP Configuration Command Set Configuring IGMP Matrix NSA Series Configu ration Guide 10-13 10.4.2.6 show igmp config Use this command to display IGMP configuration informa tion for one or more VLANs. show igmp config vlan-list Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-Only . Example This example s[...]

  • Page 726

    IGMP Configuration Command Set Configuring IGMP 10-14 M atrix NSA Series Configurati on Guide T able 10 -1 show igmp co nfig Output Details Output What It Displays... VlanQueryInterval Frequency (in seconds) of host-query frame transmissions. VlanStatus Whether or not VLAN configuratio n is Active or Not in Service . Vlan IGMP V ersion Whether or n[...]

  • Page 727

    IGMP Configuration Command Set Configuring IGMP Matrix NSA Series Configu ration Guide 10-15 10.4.2.7 set igmp co nfig Use this command to configure IGMP settings on one or more VLANs. set igmp config vlan-list {[ query-interva l query-interval ] [igmp-version igmp-version ] [ max-resp-time max-r esp-time ] [ robustness r obustness ] [ last-mem-int[...]

  • Page 728

    IGMP Configuration Command Set Configuring IGMP 10-16 M atrix NSA Series Configurati on Guide Example This example shows how to set the IGMP qu ery interval time to 25 0 se conds on VLAN 1: Matrix(rw)-> set igmp config 1 query-int erval 250[...]

  • Page 729

    IGMP Configuration Command Set Configuring IGMP Matrix NSA Series Configu ration Guide 10-17 10.4.2.8 set igmp delete Use this command to remove IGMP config uration settings for one or more VLANs. set igmp delete vlan-list Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example This example shows [...]

  • Page 730

    IGMP Configuration Command Set Configuring IGMP 10-18 M atrix NSA Series Configurati on Guide 10.4.2.9 show igmp group s Use this command to display in formation abou t IGMP groups known to one or more VLANs. show igmp groups [group < gr oup > ] [vlan-list < vlan-list> ] [sip <sip> ] [-verbose] Synt ax Description Command Default [...]

  • Page 731

    IGMP Configuration Command Set Configuring IGMP Matrix NSA Series Configu ration Guide 10-19 10.4.2.10 sho w igmp static Use this command to display static IGMP po rts for one or more VLANs or IGMP groups. show igmp static vlan-list [ gr oup gr ou p ] Synt ax Description Command Default s If not specified, static IGMP information will be displayed [...]

  • Page 732

    IGMP Configuration Command Set Configuring IGMP 10-20 M atrix NSA Series Configurati on Guide 10.4.2.1 1 set igmp add-st atic Use this command to create a new static IGMP entry , or to add one or more new ports to an existing entry . set igmp add-static gr oup vlan-list [ modify ] [ include-ports ] [ exclude-ports ] Synt ax Description Command Defa[...]

  • Page 733

    IGMP Configuration Command Set Configuring IGMP Matrix NSA Series Configu ration Guide 10-21 10.4.2.12 set igmp remove-st atic Use this command to delete a sta tic IGMP entry , or to re move one or more ports from an existing entry . set igmp remove-static gr oup vlan-list [ modify ] [ include-ports ] [ exclude-ports ] Synt ax Description Command D[...]

  • Page 734

    IGMP Configuration Command Set Configuring IGMP 10-22 M atrix NSA Series Configurati on Guide 10.4.2.13 show igmp protocols Use this command to display the binding of IP protocol id to IGMP classification show igmp protocols Command Default s None. Command T ype Switch command. Command Mode Read-Only . Example This example shows how to display the [...]

  • Page 735

    IGMP Configuration Command Set Configuring IGMP Matrix NSA Series Configu ration Guide 10-23 10.4.2.14 set igmp protocols Use this command to changes the IGMP classification of received IP frames set igmp protocols [ classi fication classification ] [ pr otocol-id protocol-id ] [ modify ] Synt ax Description Command Default s None. Command T ype Sw[...]

  • Page 736

    IGMP Configuration Command Set Configuring IGMP 10-24 M atrix NSA Series Configurati on Guide 10.4.2.15 clear igmp protocols Use this command to clear the binding of IP protocol id to IGMP classification clear igmp pr otocols [ protocol-id pr otocol-id ] Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W r[...]

  • Page 737

    IGMP Configuration Command Set Configuring IGMP Matrix NSA Series Configu ration Guide 10-25 10.4.2.16 show igmp vlan Use this command to display IGMP information for a specific VLAN. show igmp vlan [ vlan-list ] Synt ax Description Command Default s None Command T ype Switch command. Command Mode Read-Only . Example This example shows how to displ[...]

  • Page 738

    IGMP Configuration Command Set Configuring IGMP 10-26 M atrix NSA Series Configurati on Guide 10.4.2.17 show igmp reporters Use this command to display IGMP reporter information. show igmp reporters [ portlist portlist ] [ group gr oup ] [ vlan-list vlan-list ] [ sip sip ] Synt ax Description Command Default s None. Command T ype Switch command. Co[...]

  • Page 739

    IGMP Configuration Command Set Configuring IGMP Matrix NSA Series Configu ration Guide 10-27 10.4.2.18 show igmp flow Use this command to displa y IGMP flow information. show igmp flows [ portlist portlist ] [ group gr oup ] [ vlan-list vlan-list ] [ sip sip ] Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Re[...]

  • Page 740

    IGMP Configuration Command Set Configuring IGMP 10-28 M atrix NSA Series Configurati on Guide 10.4.2.19 show igmp counters Use this command to displa y IGMP counter information. show igmp counters Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-Only . Example This example shows how to display the IG[...]

  • Page 741

    IGMP Configuration Command Set Configuring IGMP Matrix NSA Series Configu ration Guide 10-29 10.4.2.20 show igmp number-groups Use this command to display the number of multicast groups suppor ted by the Matrix device. T he command displays both the currently active number of groups and the configured number that will take effect at the next re boo[...]

  • Page 742

    IGMP Configuration Command Set Configuring IGMP 10-30 M atrix NSA Series Configurati on Guide[...]

  • Page 743

    Matrix NSA Series Configura tion Guide 1 1-1 11 Logging and Network Management This chapter describes switch-rela ted logging and network mana gement comman ds and how to use them. 1 1.1 PROCESS OVERVIEW : NETWORK MANAGEMENT Switch-related network management tasks include the following: • Configuring System Logg ing ( Section 1 1.2.1 ) • Monito[...]

  • Page 744

    Logging And Network Ma nagement Command Set Configuring System Logging 1 1-2 Matrix NSA Series Configuration Gui de 1 1.2 LOGGING AND NETWORK MANAGEMENT COMMAND SET 1 1.2.1 Configuring System Logging Purpose T o display and configure system lo gging, including Syslog server settings, logging severity levels for various applications, Syslog default [...]

  • Page 745

    Logging And Network Management Command Set Configuring System Logging Matrix NSA Series Configuration Guide 1 1-3 1 1.2.1.1 show logging all Use this command to display all config uration information for system logging. show logging a ll Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-Only .[...]

  • Page 746

    Logging And Network Ma nagement Command Set Configuring System Logging 1 1-4 Matrix NSA Series Configuration Gui de Example This example shows how to displa y all system logging information: Ta b l e 1 1 - 1 provides an explanati on of the command output. Matrix(rw)-> show logging all Application Current Severity Level Server List --------------[...]

  • Page 747

    Logging And Network Management Command Set Configuring System Logging Matrix NSA Series Configuration Guide 1 1-5 T able 1 1-1 show logging all Output Det ails Output What It Displays... Application A mnemonic abbreviatio n of the textual description for applications being logged. Current Severity Level Severity level ( 1 - 8 ) at which the server [...]

  • Page 748

    Logging And Network Ma nagement Command Set Configuring System Logging 1 1-6 Matrix NSA Series Configuration Gui de 1 1.2.1.2 show logging server Use this command to display the Syslog configuration for a particular server . show logging server [ index ] Synt ax Description Command Default s If index is not specified, all Syslog se rver information[...]

  • Page 749

    Logging And Network Management Command Set Configuring System Logging Matrix NSA Series Configuration Guide 1 1-7 1 1.2.1.3 set logging server Use this command to configure a Syslog server . s et logging server index [ ip-addr ip-addr ] [ facility facility ] [ severity severity ] [ descr descr ] [ port por t] [ state { enable | disable }] Synt ax D[...]

  • Page 750

    Logging And Network Ma nagement Command Set Configuring System Logging 1 1-8 Matrix NSA Series Configuration Gui de Command Default s • If ip-addr is not specified, an entry in the Syslog server table will be created with the specified index number and a message will display indica ting that no IP address has been assigned. • If not specified, [...]

  • Page 751

    Logging And Network Management Command Set Configuring System Logging Matrix NSA Series Configuration Guide 1 1-9 1 1.2.1.4 clear logging server Use this command to remove a server from the Syslog server table. clear logging server index Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example This[...]

  • Page 752

    Logging And Network Ma nagement Command Set Configuring System Logging 1 1-10 Matrix NSA Series C onfiguration Guide 1 1.2.1.5 show logging default Use this command to display th e Syslog server default values. show logging default Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-Only . Example This [...]

  • Page 753

    Logging And Network Management Command Set Configuring System Logging Matrix NSA Series Configuration Guide 1 1-1 1 1 1.2.1.6 set logging default Use this command to set logging default values. set logging default {[ facility f acility ] [ se verity severity ] port port ]} Synt ax Description Command Default s None. Command T ype Switch command. Co[...]

  • Page 754

    Logging And Network Ma nagement Command Set Configuring System Logging 1 1-12 Matrix NSA Series C onfiguration Guide 1 1.2.1.7 clear logging default Use this command to reset logging default values. clear logging default {[ facility ] [ severity ] [ port ]} Synt ax Description Command Default s • At least one optional para meter must be entered. [...]

  • Page 755

    Logging And Network Management Command Set Configuring System Logging Matrix NSA Series Configuration Guide 1 1-13 1 1.2.1.8 show logging application Use this command to display the severity level of Syslog messages for one or all applications configured for logging on your system. show logging application [ mnemonic | all ] Synt ax Description Com[...]

  • Page 756

    Logging And Network Ma nagement Command Set Configuring System Logging 1 1-14 Matrix NSA Series C onfiguration Guide Example This example shows how to display system logg ing information pertaining to the all supported applications. This example shows how to display system logging information pertaining to the SNMP application. Ta b l e 1 1 - 2 pro[...]

  • Page 757

    Logging And Network Management Command Set Configuring System Logging Matrix NSA Series Configuration Guide 1 1-15 T able 1 1-2 show logging application Output Details Output What It Displays... Application A mnemonic abbreviatio n of the textual description for applications being logged. Current Severity Level Severity level at which the server is[...]

  • Page 758

    Logging And Network Ma nagement Command Set Configuring System Logging 1 1-16 Matrix NSA Series C onfiguration Guide 1 1.2.1.9 set logging application Use this command to set the severity level of lo g messages and the server(s ) to which messages will be sent for one or all applications. set logging application {[ mnemonic | all ]} [ level level ][...]

  • Page 759

    Logging And Network Management Command Set Configuring System Logging Matrix NSA Series Configuration Guide 1 1-17 Command Default s • If level is not specified, none will be applied. • If server is not specified, messages will be sent to all Syslog servers. Command T ype Switch command. T able 1 1-3 Sample M nemonic V alues for Loggin g Applic[...]

  • Page 760

    Logging And Network Ma nagement Command Set Configuring System Logging 1 1-18 Matrix NSA Series C onfiguration Guide Command Mode Read-W rite. Example This example shows how to set the severity level for SSH (Secure Shell) to 4 so that error conditions will be logged for that application and sent to Syslog server 1: Matrix(rw)-> set logging appl[...]

  • Page 761

    Logging And Network Management Command Set Configuring System Logging Matrix NSA Series Configuration Guide 1 1-19 1 1.2.1.10 clear logging application Use this command to reset the logg ing severity level for one or all applications to the default value of 6 (notifications of significant conditions). clear logging application { mnemonic | all } Sy[...]

  • Page 762

    Logging And Network Ma nagement Command Set Configuring System Logging 1 1-20 Matrix NSA Series C onfiguration Guide 1 1.2.1.1 1 show logging local Use this command to display the state of messag e logging to the console and a persistent file. show logging local Synt ax Description None. Command Default s None. Command T ype Switch command. Command[...]

  • Page 763

    Logging And Network Management Command Set Configuring System Logging Matrix NSA Series Configuration Guide 1 1-21 1 1.2.1.12 set logging local Use this command to config ure log messages to the console and a persistent file. set logging local console { enable | disable } file { enable | disable } Synt ax Description Command Default s None. Command[...]

  • Page 764

    Logging And Network Ma nagement Command Set Configuring System Logging 1 1-22 Matrix NSA Series C onfiguration Guide 1 1.2.1.13 clear logging local Use this command to clear the console and pe rsistent store logging for the local session. clear logging local Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mod[...]

  • Page 765

    Logging And Network Management Command Set Configuring System Logging Matrix NSA Series Configuration Guide 1 1-23 1 1.2.1.14 set logging here Use this command to enable or disable the current CLI session as a Syslog destination. The effect of this command will be temporar y if the current CLI session is us ing T elnet or SSH, but persistent on the[...]

  • Page 766

    Logging And Network Ma nagement Command Set Configuring System Logging 1 1-24 Matrix NSA Series C onfiguration Guide 1 1.2.1.15 clear logging here Use this command to clear the logging state for the current CLI session. clear logging here Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Examp[...]

  • Page 767

    Logging And Network Management Command Set Configuring System Logging Matrix NSA Series Configuration Guide 1 1-25 1 1.2.1.16 show logging buffer Use this command to display the last 256 messages logged. show logging buffer Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-Only . Example This example [...]

  • Page 768

    Logging And Network Ma nagement Command Set Monitoring Network Events and S tatus 1 1-26 Matrix NSA Series C onfiguration Guide 1 1.2.2 Monitoring Network Events and S t atus Purpose T o display switch events and command history , to set the size of the history buffer , and to displa y and disconnect current user sessions. Commands Commands to moni[...]

  • Page 769

    Logging And Network Management Command Set Monitoring Network Events and Status Matrix NSA Series Configuration Guide 1 1-27 1 1.2.2.1 history Use this command to display the contents of the co mmand history buffer . The command history buffer includes all the switch commands entere d up to a maximum of 50, as specified in the set history command ([...]

  • Page 770

    Logging And Network Ma nagement Command Set Monitoring Network Events and S tatus 1 1-28 Matrix NSA Series C onfiguration Guide 1 1.2.2.2 show history Use this command to display the size (in lines) of the history buf fer . show history Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-Only . Example [...]

  • Page 771

    Logging And Network Management Command Set Monitoring Network Events and Status Matrix NSA Series Configuration Guide 1 1-29 1 1.2.2.3 set history Use this command to set the size of the history buf fer . set history size [ default ] Synt ax Description Command Default s If default is not specified, the history setting will not be persistent. Comma[...]

  • Page 772

    Logging And Network Ma nagement Command Set Monitoring Network Events and S tatus 1 1-30 Matrix NSA Series C onfiguration Guide 1 1.2.2.4 show net stat Use this command to display statistics fo r the switch’ s active network connections. show netstat [icmp | ip | routes | stats | tcp | udp ] Synt ax Description Command Default s If no parameters [...]

  • Page 773

    Logging And Network Management Command Set Monitoring Network Events and Status Matrix NSA Series Configuration Guide 1 1-31 Ta b l e 1 1 - 4 provides an explanation of the comman d out put . T able 1 1-4 show net st at Output Det ails Output What It Displays... PCB Protocol Control Block designation. Proto T ype of protocol running on the connecti[...]

  • Page 774

    Logging And Network Ma nagement Command Set Monitoring Network Events and S tatus 1 1-32 Matrix NSA Series C onfiguration Guide 1 1.2.2.5 ping Use this command to send ICMP echo-request packets to another node on the network from the switch CLI. ping [ -s ] host [ count ] Synt ax Description Command Default s • If -s is not specified, the ping wi[...]

  • Page 775

    Logging And Network Management Command Set Monitoring Network Events and Status Matrix NSA Series Configuration Guide 1 1-33 This example shows how to ping IP address 134.141.89.29 with 10 packets: This example shows a continuous pi ng of IP address 134.141. 89.29. In this case, entering Ctrl+C after 9 iterations caused command execution to stop : [...]

  • Page 776

    Logging And Network Ma nagement Command Set Monitoring Network Events and S tatus 1 1-34 Matrix NSA Series C onfiguration Guide 1 1.2.2.6 show users Use this command to display info rmation about the active console po rt or T elnet session(s) logged in to the switch. show users Synt ax Description None. Command Default s None. Command T ype Switch [...]

  • Page 777

    Logging And Network Management Command Set Monitoring Network Events and Status Matrix NSA Series Configuration Guide 1 1-35 1 1.2.2.7 tell Use this command to send a m ess age to one or all users. tell { dest | all } message Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example This example sho[...]

  • Page 778

    Logging And Network Ma nagement Command Set Monitoring Network Events and S tatus 1 1-36 Matrix NSA Series C onfiguration Guide 1 1.2.2.8 disconnect Use this command to close an active console port or T elnet session from the switch CLI. disconnect { ip-addr | console } Synt ax Description Command Default s None. Command T ype Switch command. Comma[...]

  • Page 779

    Logging And Network Management Command Set Configuring SMON Matrix NSA Series Configuration Guide 1 1-37 1 1.2.3 Configuring SMON Purpose T o configure SMON (Switched Network Monitoring) on the device. Commands Commands to configure SMON are listed below an d described in the associated section as shown. • show smon priority ( Section 11 .2.3.1 )[...]

  • Page 780

    Logging And Network Ma nagement Command Set Configuring SMON 1 1-38 Matrix NSA Series C onfiguration Guide 1 1.2.3.1 show smon priority Use this command to display SMON user priority statistics. SMON generates aggregated statistics for IEEE 802.1Q VLAN environments. show smon priority [ port-string ] [ priority priority ] Synt ax Description Comman[...]

  • Page 781

    Logging And Network Management Command Set Configuring SMON Matrix NSA Series Configuration Guide 1 1-39 1 1.2.3.2 set smon priority Use this command to create, start, or stop priority-encoded SMON user statistics counting. set smon priority {create | enable | disable} port-string [ owner ] Synt ax Description Command Default s If owner is not spec[...]

  • Page 782

    Logging And Network Ma nagement Command Set Configuring SMON 1 1-40 Matrix NSA Series C onfiguration Guide 1 1.2.3.3 clear smon priority Clears priority-encoded user stat istic s on one or more ports. clear smon priority [ port-string ] Synt ax Description Command Default s If port-string is not specified, priority stat istics will be cleared on al[...]

  • Page 783

    Logging And Network Management Command Set Configuring SMON Matrix NSA Series Configuration Guide 1 1-41 1 1.2.3.4 show smon vlan Use this command to display SMON (Switc hed Network Monitoring) VLAN statistics. show smon vlan [ port-string ] [ vlan vlan-id ] Synt ax Description Command Default s • If port-string is not specified, SMON statistics [...]

  • Page 784

    Logging And Network Ma nagement Command Set Configuring SMON 1 1-42 Matrix NSA Series C onfiguration Guide 1 1.2.3.5 set smon vlan Use this command to create, start, or stop SNMP VLAN-related statistics counting. set smon vlan {create | enable | disable} port-string [ owner ] Synt ax Description Command Default s If owner is not specified, no ne wi[...]

  • Page 785

    Logging And Network Management Command Set Configuring SMON Matrix NSA Series Configuration Guide 1 1-43 1 1.2.3.6 clear smon vlan Use this command to delete an SMON VL AN statistics counting configuration. clear smon vlan [ port-string ] Synt ax Description Command Default s If port-string is not specified, VLAN statisti cs counting configurations[...]

  • Page 786

    Logging And Network Ma nagement Command Set Configuring RMON 1 1-44 Matrix NSA Series C onfiguration Guide 1 1.2.4 Configuring RMON RMON Monitoring Group Functions and Commands RMON (Remote Network Monito ring) provides comprehe nsive network fault diagno sis, planning, and performance tuning informa tion and allows for interoperability between SNM[...]

  • Page 787

    Logging And Network Management Command Set Configuring RMON Matrix NSA Series Configuration Guide 1 1-45 Alarm Periodically gathers statistical samples from variables in the probe and compares them with previously configured thresholds. If the monitored variable crosses a threshold, an event is generated. Alarm type, interval, starting threshold, s[...]

  • Page 788

    Logging And Network Ma nagement Command Set Configuring RMON 1 1-46 Matrix NSA Series C onfiguration Guide Host To p N G enerates tables that describe hosts that top a list ordered by one of their statistics. These rate based statistics are samples of one of their base statistics over an interval specified by the management station. Stati stics, to[...]

  • Page 789

    Logging And Network Management Command Set Configuring RMON Matrix NSA Series Configuration Guide 1 1-47 Filter Allows packets to be matched by a filter equation. These matc hed packets f orm a data stream or “channel” that may be captured or ma y generate events. Packets matc hin g the filter configuration. show rmon channel ( Section 1 1.2.4.[...]

  • Page 790

    Logging And Network Ma nagement Command Set Configuring RMON 1 1-48 Matrix NSA Series C onfiguration Guide 1 1.2.4.1 show rmon st at s Use this command to display RMON statistics measured for one or more ports. show rmon stats [ port-string ] [ wide ] [ bysize ] Synt ax Description Command Default s If port-string is not specified, RMON stats wil l[...]

  • Page 791

    Logging And Network Management Command Set Configuring RMON Matrix NSA Series Configuration Guide 1 1-49 Ta b l e 1 1 - 6 provides an explanation of the comman d out put . T able 1 1-6 show rmon s tat s Output Det ails Output What It Displays... Port Port designatio n. Owner Name of the entity that configured this entry . Monitor is default. Data S[...]

  • Page 792

    Logging And Network Ma nagement Command Set Configuring RMON 1 1-50 Matrix NSA Series C onfiguration Guide Fragments Number of received frames that are not the minimum number of bytes in length, or received frames that had a bad or missing Frame Check Sequence (FCS), were less than 64 bytes in length (excluding fra ming bits, but including FCS byte[...]

  • Page 793

    Logging And Network Management Command Set Configuring RMON Matrix NSA Series Configuration Guide 1 1-51 1 1.2.4.2 set rmon st ats Use this command to configure an RMON statist ics entry . set rmon stats index port-string [ owner ] Synt ax Description Command Default s If owner is not specified, monitor will be applied. Command T ype Switch command[...]

  • Page 794

    Logging And Network Ma nagement Command Set Configuring RMON 1 1-52 Matrix NSA Series C onfiguration Guide 1 1.2.4.3 clear rmon st ats Use this command to delete one or more RMON statistics entries. clear rmon stats { index-list | to-defaults } Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Examp[...]

  • Page 795

    Logging And Network Management Command Set Configuring RMON Matrix NSA Series Configuration Guide 1 1-53 1 1.2.4.4 show rmon history Use this command to display RMON histor y p roperties and statistics. The RMON history g roup records periodic statistical samples from a network. show rmon history [ port-string ] [ wide ] [ interval ] Synt ax Descri[...]

  • Page 796

    Logging And Network Ma nagement Command Set Configuring RMON 1 1-54 Matrix NSA Series C onfiguration Guide Matrix(rw)-> show rmon history fe.3.14 Port: fe.3.14 ------------------------------- -------- Index 1001 Status = 1 valid Owner = monitor Data Source = 1.3.6.1.2.1 .2.2.1.1.11001 Interval = 30 Buckets Requested = 50 Buckets Granted = 50 Sam[...]

  • Page 797

    Logging And Network Management Command Set Configuring RMON Matrix NSA Series Configuration Guide 1 1-55 1 1.2.4.5 set rmon history Use this command to configure an RMON history entry . set rmon history index [ port-string ] [ buckets buckets ] [ interval interval ] [ owner owner ] Synt ax Description Command Default s • If buckets is not specifi[...]

  • Page 798

    Logging And Network Ma nagement Command Set Configuring RMON 1 1-56 Matrix NSA Series C onfiguration Guide 1 1.2.4.6 clear rmon history Use this command to delete one or more RMON hi story entries or reset one or more entries to default values. For spec ific values, refer to Section 1 1.2.4.5 . clear rmon history { index-list | to-defaults } Synt a[...]

  • Page 799

    Logging And Network Management Command Set Configuring RMON Matrix NSA Series Configuration Guide 1 1-57 1 1.2.4.7 show rmon alarm Use this command to display RMON alarm entrie s. The RMON alarm group periodically takes statistical samples from RMON variables and co mpares them with pr eviously configured thresholds. If the monitored variable cros [...]

  • Page 800

    Logging And Network Ma nagement Command Set Configuring RMON 1 1-58 Matrix NSA Series C onfiguration Guide T able 1 1-7 show rmon alarm Output Det ails Output What It Displays... Index Index number for this alarm entry . Owner T ext string identifying who configured this entry . Status Whether this event entry is enabled (valid) or disabled. V aria[...]

  • Page 801

    Logging And Network Management Command Set Configuring RMON Matrix NSA Series Configuration Guide 1 1-59 1 1.2.4.8 set rmon alarm properties Use this command to configure an RMON alarm en try , or to create a new alarm entry with an unused alarm index nu mber . set rmon alarm properties index [ interval interval ] [ object object ] [ type {absolute[...]

  • Page 802

    Logging And Network Ma nagement Command Set Configuring RMON 1 1-60 Matrix NSA Series C onfiguration Guide Command Default s • interval - 3600 seconds • type - absolute • startup - rising • rthresh - 0 • fthresh - 0 • revent - 0 • fevent - 0 • owner - monitor Command T ype Switch command. Command Mode Read-W rite. Example This examp[...]

  • Page 803

    Logging And Network Management Command Set Configuring RMON Matrix NSA Series Configuration Guide 1 1-61 1 1.2.4.9 set rmon alarm status Use this command to enable an RMON alarm entry . An alarm is a notification that a statistical sample of a monitored variable has crossed a configured threshold. set rmon alarm status index enable Synt ax Descript[...]

  • Page 804

    Logging And Network Ma nagement Command Set Configuring RMON 1 1-62 Matrix NSA Series C onfiguration Guide 1 1.2.4.10 clear rmon alarm Use this command to dele te an RMON alarm entry . clear rmon alarm index Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example This example shows how to clear RM[...]

  • Page 805

    Logging And Network Management Command Set Configuring RMON Matrix NSA Series Configuration Guide 1 1-63 1 1.2.4.1 1 show rmon event Use this command to display RMON event entry properties. show rmon ev en t [ index ] Synt ax Description Command Default s If index is not specified, information abou t all RMON entries will be displayed. Command T yp[...]

  • Page 806

    Logging And Network Ma nagement Command Set Configuring RMON 1 1-64 Matrix NSA Series C onfiguration Guide Description T ext string d escription of this event. T ype Whether the event notification will be a log entry , and SNMP trap, both, or none. Community SNMP community name if messa ge type is set to trap. Last T ime Se nt When an event notifi [...]

  • Page 807

    Logging And Network Management Command Set Configuring RMON Matrix NSA Series Configuration Guide 1 1-65 1 1.2.4.12 set rmon event properties Use this command to configure an RMON event entry , or to create a new event entry w ith an unused event index number . set rmon event properties index [ description des cription ] [ type {none | log | trap |[...]

  • Page 808

    Logging And Network Ma nagement Command Set Configuring RMON 1 1-66 Matrix NSA Series C onfiguration Guide Example This example shows how to create and enable an RMON event entry calle d “STP topology change” that will send both a log entr y and an SNMP trap message to the “public” community: Matrix(rw)-> set rmon event properties 2 desc[...]

  • Page 809

    Logging And Network Management Command Set Configuring RMON Matrix NSA Series Configuration Guide 1 1-67 1 1.2.4.13 set rmon event status Use this command to enable an RMON event entry . An event entry describes the parameters of an RMON event that can be triggered. Events can be fired by RMON alarms and can be configured to create a log entry , ge[...]

  • Page 810

    Logging And Network Ma nagement Command Set Configuring RMON 1 1-68 Matrix NSA Series C onfiguration Guide 1 1.2.4.14 clear rmon event Use this command to delete an RMON event entry and any associated log entries. clear rmon event index Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example This [...]

  • Page 811

    Logging And Network Management Command Set Configuring RMON Matrix NSA Series Configuration Guide 1 1-69 1 1.2.4.15 show rmon host Use this command to display RMON properties and statistics associated with each host discovered on the network. show rmon host [ port-string ] [ address | c reation ] Synt ax Description Command Default s • If port-st[...]

  • Page 812

    Logging And Network Ma nagement Command Set Configuring RMON 1 1-70 Matrix NSA Series C onfiguration Guide Example This example shows how to display RMON host properties and statistics. A control entry displays first, followed by actual entries corresponding to the control entry . For a description of the types of statistics shown, refer to Ta b l [...]

  • Page 813

    Logging And Network Management Command Set Configuring RMON Matrix NSA Series Configuration Guide 1 1-71 1 1.2.4.16 set rmon host properties Use this command to configure an RMON host entry . set rmon host properties index port-string [ owner ] Synt ax Description Command Default s If owner is not specified, monitor will be applied. Command T ype S[...]

  • Page 814

    Logging And Network Ma nagement Command Set Configuring RMON 1 1-72 Matrix NSA Series C onfiguration Guide 1 1.2.4.17 set rmon host status Use this command to enable an RMON host entry . set rmon host status index enable Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example This example shows ho[...]

  • Page 815

    Logging And Network Management Command Set Configuring RMON Matrix NSA Series Configuration Guide 1 1-73 1 1.2.4.18 clear rmon host Use this command to dele te an RMON host entry . clear rmon host index Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example This example shows how to clear RMON ho[...]

  • Page 816

    Logging And Network Ma nagement Command Set Configuring RMON 1 1-74 Matrix NSA Series C onfiguration Guide 1 1.2.4.19 show rmon topN Use this command to d isplays RMON T opN proper ties and statistics. T opN monitoring prepares tables that describe the hosts topping a list ordered by one of their statistics. T opN lists are samples of one of the ho[...]

  • Page 817

    Logging And Network Management Command Set Configuring RMON Matrix NSA Series Configuration Guide 1 1-75 Ta b l e 1 1 - 9 provides an explanation of the comm and output. Properties are set usin g the set rmon topN properties command as describe d in Section 1 1.2.4.20 . T able 1 1-9 show rmon topN Output Det ails Output What It Displays... Index In[...]

  • Page 818

    Logging And Network Ma nagement Command Set Configuring RMON 1 1-76 Matrix NSA Series C onfiguration Guide 1 1.2.4.20 set rmon topN properties Use this command to configur e an RMON topN entry (report). set rmon topn properties index [ hindex hindex ] [ rate { inpackets | outpackets | inoctets | outoctets | errors | bcast | mcas t }] [ duration dur[...]

  • Page 819

    Logging And Network Management Command Set Configuring RMON Matrix NSA Series Configuration Guide 1 1-77 Command Mode Read-W rite. Example This example shows how to configur e RMON T opN entry 1, for host 1 with a sampling interval of 60 seconds and a max i mu m number of entries of 20 : Matrix(rw)-> set rmon topN propert ies 1 1 inpackets 60 20[...]

  • Page 820

    Logging And Network Ma nagement Command Set Configuring RMON 1 1-78 Matrix NSA Series C onfiguration Guide 1 1.2.4.21 set rmon topN status Use this command to enab le an RMON topN entry . set rmon topN status index enable | Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example This example shows[...]

  • Page 821

    Logging And Network Management Command Set Configuring RMON Matrix NSA Series Configuration Guide 1 1-79 1 1.2.4.22 clear rmon topN Use this command to delete an RMON T opN entry . clear rmon topN index Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example This example shows how to delete RMON T[...]

  • Page 822

    Logging And Network Ma nagement Command Set Configuring RMON 1 1-80 Matrix NSA Series C onfiguration Guide 1 1.2.4.23 show rmon matrix Use this command to display RM ON matrix properties and statis tics. The RMON matrix stores statistics for conversations between sets of two addresses. show rmon matrix [ port-string ] [ source | dest ] Synt ax Desc[...]

  • Page 823

    Logging And Network Management Command Set Configuring RMON Matrix NSA Series Configuration Guide 1 1-81 T able 1 1-10 provides an explanation of the command output. Properties are set using the set rmon matrix properties command as described in Section 11.2.4.24 . T able 1 1-10 show rmon matrix Output Det ails Output What It Displays... Matrix Ind[...]

  • Page 824

    Logging And Network Ma nagement Command Set Configuring RMON 1 1-82 Matrix NSA Series C onfiguration Guide 1 1.2.4.24 set rmon matrix properties Use this command to configure an RMON matrix ent ry . set rmon matrix properties index port-string [ owner ] Synt ax Description Command Default s If owner is not specified, monitor will be applied. Comman[...]

  • Page 825

    Logging And Network Management Command Set Configuring RMON Matrix NSA Series Configuration Guide 1 1-83 1 1.2.4.25 set rmon matrix status Use this command to enable an RMON matrix entry . set rmon matrix status index enable Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example This example show[...]

  • Page 826

    Logging And Network Ma nagement Command Set Configuring RMON 1 1-84 Matrix NSA Series C onfiguration Guide 1 1.2.4.26 clear rmon matrix Use this command to delete an RMON matrix entry . clear rmon matrix index Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example This example shows how to delete[...]

  • Page 827

    Logging And Network Management Command Set Configuring RMON Matrix NSA Series Configuration Guide 1 1-85 1 1.2.4.27 show rmon channel Use this command to display RMON channel entries for one or more ports. show rmon channel [ port-string ] Synt ax Description Command Default s If port-string is not specified, information abou t all channels will be[...]

  • Page 828

    Logging And Network Ma nagement Command Set Configuring RMON 1 1-86 Matrix NSA Series C onfiguration Guide 1 1.2.4.28 set rmon channel Use this command to configure an RMON channel entry . set rmon channel index port-string [ accept { matched | failed }] [ control { on | off }] [ onevent onevent ] [ offevent offevent ] [ ev ent event ] [ estatus { [...]

  • Page 829

    Logging And Network Management Command Set Configuring RMON Matrix NSA Series Configuration Guide 1 1-87 Command Default s • If an action is not specified, packets wi ll be accepted on filter matches. • If not specified, control will be set to off . • If onevent and offevent are not specified, none will be applied. • If event status is not [...]

  • Page 830

    Logging And Network Ma nagement Command Set Configuring RMON 1 1-88 Matrix NSA Series C onfiguration Guide 1 1.2.4.29 clear rmon channel Use this command to clear an RMON channel entry . clear rmon channel index Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example This example shows how to clea[...]

  • Page 831

    Logging And Network Management Command Set Configuring RMON Matrix NSA Series Configuration Guide 1 1-89 1 1.2.4.30 show rmon filter Use this command to display on e or more RMON filter entries. show rmon filter [ index index | channel channel ] Synt ax Description Command Default s If no options are specified, information for all filter entries wi[...]

  • Page 832

    Logging And Network Ma nagement Command Set Configuring RMON 1 1-90 Matrix NSA Series C onfiguration Guide 1 1.2.4.31 set rmon filter Use this command to conf igure an RMON filter entry . set rmon filter index channel_index [ offset offset ] [ status status ] [ smask smask ] [ snotmask snotmask ] [ data data ] [ dmask dmask ] [ dnotmask dnotmask ] [...]

  • Page 833

    Logging And Network Management Command Set Configuring RMON Matrix NSA Series Configuration Guide 1 1-91 Command Mode Read-W rite. Example This example shows how to create RMON filter 1 and apply it to channel 9: Matrix(rw)-> set rmon filter 1 1 0 offset 30 data 0a154305 dmask ffffffff[...]

  • Page 834

    Logging And Network Ma nagement Command Set Configuring RMON 1 1-92 Matrix NSA Series C onfiguration Guide 1 1.2.4.32 clear rmon filter Use this command to clear an RMON filter entry . clear rmon filter { index index | channel channel } Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example This [...]

  • Page 835

    Logging And Network Management Command Set Configuring RMON Matrix NSA Series Configuration Guide 1 1-93 1 1.2.4.33 show rmon capture Use this command to display RMON capture en tries and associated buffer control entries. show rmon capture [ index ] [ nodata ] Synt ax Description Command Default s If no options are specified, all buffer control en[...]

  • Page 836

    Logging And Network Ma nagement Command Set Configuring RMON 1 1-94 Matrix NSA Series C onfiguration Guide Example This example shows how to display RMON captu re entries and associated buffer entries: Matrix(rw)-> show rmon capture Buf.control= 28062 Channel= 38 283 EntryStatus= valid ------------------------------- --------------------------- [...]

  • Page 837

    Logging And Network Management Command Set Configuring RMON Matrix NSA Series Configuration Guide 1 1-95 1 1.2.4.34 set rmon capture Use this command to configure an RMON capture entr y , or to enable or disable an existing entry . set rmon capture index { channel [ action { lock | wrap }] [ slice slice ] [ loadsize loadsize ] [ offset offset ] [ a[...]

  • Page 838

    Logging And Network Ma nagement Command Set Configuring RMON 1 1-96 Matrix NSA Series C onfiguration Guide Command T ype Switch command. Command Mode Read-W rite. Example This example shows how to create RMON ca pture entry 1 to “listen” on channel 628: Matrix(rw)-> set rmon capture 1 628[...]

  • Page 839

    Logging And Network Management Command Set Configuring RMON Matrix NSA Series Configuration Guide 1 1-97 1 1.2.4.35 clear rmon capture Use this command to clears an RMON capture entry . clear rmon capture index Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example This example shows how to clear[...]

  • Page 840

    Logging And Network Ma nagement Command Set Managing Switch Network Addresses and Routes 1 1-98 Matrix NSA Series C onfiguration Guide 1 1.2.5 Managing Switch Ne twork Addresses and Routes Purpose T o display , add or delete switch ARP table entr ies, to enable or disable RAD (Runtime Address Discovery) protocol, to display , add or delete IP routi[...]

  • Page 841

    Logging And Network Management Command Set Managing Switch Network Addresses and Routes Matrix NSA Series Configuration Guide 1 1-99 1 1.2.5.1 show arp Use this command to displa y the switch’ s ARP table. show arp Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-Only . Example This example shows h[...]

  • Page 842

    Logging And Network Ma nagement Command Set Managing Switch Network Addresses and Routes 1 1-100 Matrix NSA Series Configuration Guide 1 1.2.5.2 set arp Use this command to ad d mapping entries to the switch’ s ARP table. set arp ip-address mac-address [{ temp | pub | trail} ] Synt ax Description Command Default s • If temp is not specified, th[...]

  • Page 843

    Logging And Network Management Command Set Managing Switch Network Addresses and Routes Matrix NSA Series Co nfiguration Guide 1 1 -101 1 1.2.5.3 clear arp Use this command to delete a specific entry or all entries from the switch’ s ARP table. clear arp { ip | all } Synt ax Description Command Default s None. Command T ype Switch command. Comman[...]

  • Page 844

    Logging And Network Ma nagement Command Set Managing Switch Network Addresses and Routes 1 1-102 Matrix NSA Series Configuration Guide 1 1.2.5.4 show rad Use this command to display the status of the RAD (Runtime Address Discovery) protocol o n the switch. show rad Synt ax Description None. Command Default s None. Command T ype Switch command. Comm[...]

  • Page 845

    Logging And Network Management Command Set Managing Switch Network Addresses and Routes Matrix NSA Series Co nfiguration Guide 1 1 -103 1 1.2.5.5 set rad Use this command to enable or disable RAD (R untime Address Discovery) protocol. The Matrix Series device uses BOOTP/DHCP to obtain an IP address if one hasn’t been configured. RAD can also be u[...]

  • Page 846

    Logging And Network Ma nagement Command Set Managing Switch Network Addresses and Routes 1 1-104 Matrix NSA Series Configuration Guide 1 1.2.5.6 show ip route Use this command to display the switch’ s IP routing table entries. show ip route Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-Only . Ex[...]

  • Page 847

    Logging And Network Management Command Set Managing Switch Network Addresses and Routes Matrix NSA Series Co nfiguration Guide 1 1 -105 Flags Route status. Possible values and their definitions include: U - route is usable (that is, "up") G - destination is a gateway H - host specific routing entry R - host or net unreachable D - created [...]

  • Page 848

    Logging And Network Ma nagement Command Set Managing Switch Network Addresses and Routes 1 1-106 Matrix NSA Series Configuration Guide 1 1.2.5.7 traceroute Use this command to d isplay a hop-by-hop path through an IP network from the device to a specific destination host. Three UDP or ICMP pr obes will be t ransmitted fo r each hop between the sour[...]

  • Page 849

    Logging And Network Management Command Set Managing Switch Network Addresses and Routes Matrix NSA Series Co nfiguration Guide 1 1 -107 Command Default s • If not specified, waittime will be set to 5 sec onds. • If not specified, first-tt l will be set to 1 second. • If not specified, max-ttl will be set to 30 seconds. • If not specified, p[...]

  • Page 850

    Logging And Network Ma nagement Command Set Managing Switch Network Addresses and Routes 1 1-108 Matrix NSA Series Configuration Guide Example This example shows how to use traceroute to disp lay a round trip path to host 192.167 .252.17. In this case, hop 1 is the Matrix Series switch, hop 2 is 14.1.0.45, and hop 3 is back to the host IP address. [...]

  • Page 851

    Logging And Network Management Command Set Managing Switch Network Addresses and Routes Matrix NSA Series Co nfiguration Guide 1 1 -109 1 1.2.5.8 set ip route Use this command to add a route to the switch’ s IP routing table. set ip route { destination | default} ga teway Synt ax Description Command Default s None. Command T ype Switch command. C[...]

  • Page 852

    Logging And Network Ma nagement Command Set Managing Switch Network Addresses and Routes 1 1-1 10 Matrix NSA Seri es Configu ration Guide 1 1.2.5.9 clear ip route Use this command to delete switch IP routing table entries. clear ip route destination | default Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Rea[...]

  • Page 853

    Logging And Network Management Command Set Managing Switch Network Addresses and Routes Matrix NSA Series Configurati on Guide 1 1-1 1 1 1 1.2.5.10 show port mac Use this command to display the MAC address(es ) for one or more ports. These are port MAC addresses programmed into the device during manu facturing. T o show the MAC addresses learned on[...]

  • Page 854

    Logging And Network Ma nagement Command Set Managing Switch Network Addresses and Routes 1 1-1 12 Matrix NSA Seri es Configu ration Guide 1 1.2.5.1 1 show mac Use this command to display th e timeout period for aging learned MAC ad dresses, and to show MAC addresses in the switc h’ s filtering database. These are addresses learned on a port throu[...]

  • Page 855

    Logging And Network Management Command Set Managing Switch Network Addresses and Routes Matrix NSA Series Configuration Guide 1 1-1 13 Examples This example shows how to displa y the MAC address timeout period: This example shows how to display MAC address information for Fast Ethernet port 3 in port grou p 1: T able 1 1-13 provides an explanation [...]

  • Page 856

    Logging And Network Ma nagement Command Set Managing Switch Network Addresses and Routes 1 1-1 14 Matrix NSA Seri es Configu ration Guide 1 1.2.5.12 set mac Use this command to set the timeout period for aging learned MA C entries, to define what ports a multicast address can be dynamically learned on or flooded to, and to make a static entry into [...]

  • Page 857

    Logging And Network Management Command Set Managing Switch Network Addresses and Routes Matrix NSA Series Configuration Guide 1 1-1 15 1 1.2.5.13 clear mac Use this command to reset the timeout period for aging learned MAC entries to the default value of 300 seconds, or to clear MAC addresses out of the filtering database(s). clear mac {[ all ] | [[...]

  • Page 858

    Logging And Network Ma nagement Command Set Managing Switch Network Addresses and Routes 1 1-1 16 Matrix NSA Seri es Configu ration Guide This example shows how to clear all the MAC addresses associated with port fe.1.3: Matrix(rw)-> clear mac port-string fe.1. 3[...]

  • Page 859

    Logging And Network Management Command Set Managing Switch Network Addresses and Routes Matrix NSA Series Configuration Guide 1 1-1 17 1 1.2.5.14 show newaddrtraps Use this command to display the status of MAC address traps on one or more ports. show newaddrtrap [ port-string ] Synt ax Description Command Default s If port-string is not specified, [...]

  • Page 860

    Logging And Network Ma nagement Command Set Managing Switch Network Addresses and Routes 1 1-1 18 Matrix NSA Seri es Configu ration Guide 1 1.2.5.15 set newaddrtraps Use this command to enable or disable SNMP trap messaging, globally or on one or more ports, when new source MAC addresses are detected. set newaddrtrap [ port-string ] { enable | disa[...]

  • Page 861

    Logging And Network Management Command Set Managing Switch Network Addresses and Routes Matrix NSA Series Configuration Guide 1 1-1 19 1 1.2.5.16 show movedaddrtrap Use this command to display th e status of moved MAC address traps on one or more ports. show movedaddrtrap [ port-string ] Synt ax Description Command Default s If port-string is not s[...]

  • Page 862

    Logging And Network Ma nagement Command Set Managing Switch Network Addresses and Routes 1 1-120 Matrix NSA Series Configuration Guide 1 1.2.5.17 set movedaddrtrap Use this command to enable or disable SNMP trap messaging, globally or on one or more ports, when moved source MAC addresses are dete cted. set movedaddrtrap [ port-string ] { enable | d[...]

  • Page 863

    Logging And Network Management Command Set Configuring Simple Network Time Protocol (SNTP) Matrix NSA Series Co nfiguration Guide 1 1 -121 1 1.2.6 Configuring Simple Ne twork T ime Protocol (SNTP) Purpose T o configure the Simple Network T ime Protocol (S NTP), which synchronizes device clocks in a network. Commands Commands to configure SNTP are l[...]

  • Page 864

    Logging And Network Ma nagement Command Set Configuring Simple Network Time Protocol (SNTP) 1 1-122 Matrix NSA Series Configuration Guide 1 1.2.6.1 show sntp Use this command to disp lay SNTP client settings. show sntp Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-Only . Example This example shows[...]

  • Page 865

    Logging And Network Management Command Set Configuring Simple Network Time Protocol (SNTP) Matrix NSA Series Co nfiguration Guide 1 1 -123 T able 1 1-14 show sntp Output Det ails Output What It Displays... SNTP V e rsion SNTP version number . Current T ime Current time on the system clock. T imezone T im e zone name and amou nt it is offset from UT[...]

  • Page 866

    Logging And Network Ma nagement Command Set Configuring Simple Network Time Protocol (SNTP) 1 1-124 Matrix NSA Series Configuration Guide 1 1.2.6.2 set sntp client Use this command to set the SNTP operation mode. set sntp client { broadcast | unicast | disable } Synt ax Description Command Default s None. Command T ype Switch command. Command Mode [...]

  • Page 867

    Logging And Network Management Command Set Configuring Simple Network Time Protocol (SNTP) Matrix NSA Series Co nfiguration Guide 1 1 -125 1 1.2.6.3 clear sntp client Use this command to clear the SNTP client’ s operational mode. clear sntp client Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-W [...]

  • Page 868

    Logging And Network Ma nagement Command Set Configuring Simple Network Time Protocol (SNTP) 1 1-126 Matrix NSA Series Configuration Guide 1 1.2.6.4 set sntp server Use this command to add a server from which the SN TP client will retrieve the current time when operating in unicast mode. Up to 10 servers can be set as SNTP servers. set sntp server i[...]

  • Page 869

    Logging And Network Management Command Set Configuring Simple Network Time Protocol (SNTP) Matrix NSA Series Co nfiguration Guide 1 1 -127 1 1.2.6.5 clear sntp server Use this command to remove one or all servers from the SNTP server list. clear sntp server { ip-addr ess | all } Synt ax Description Command Default s None. Command T ype Switch comma[...]

  • Page 870

    Logging And Network Ma nagement Command Set Configuring Simple Network Time Protocol (SNTP) 1 1-128 Matrix NSA Series Configuration Guide 1 1.2.6.6 set sntp broadcast delay Use this command to set the ro und trip delay , in microseconds, for SNTP broadcast frames. set sntp broadcastdel ay time Synt ax Description Command Default s None. Command T y[...]

  • Page 871

    Logging And Network Management Command Set Configuring Simple Network Time Protocol (SNTP) Matrix NSA Series Co nfiguration Guide 1 1 -129 1 1.2.6.7 clear sntp broadcast delay Use this command to clear the round tr ip delay time for SNTP broadcast frames. clear sntp broadcastdelay Synt ax Description None. Command Default s None. Command T ype Swit[...]

  • Page 872

    Logging And Network Ma nagement Command Set Configuring Simple Network Time Protocol (SNTP) 1 1-130 Matrix NSA Series Configuration Guide 1 1.2.6.8 set sntp poll-interval Use this command to set the poll in terval between SNTP unicast requests. set sntp poll-interval interval Synt ax Description Command Default s None. Command T ype Switch command.[...]

  • Page 873

    Logging And Network Management Command Set Configuring Simple Network Time Protocol (SNTP) Matrix NSA Series Co nfiguration Guide 1 1 -131 1 1.2.6.9 clear sntp poll-interval Use this command to clear the poll in terval between unicast SNTP requests. clear sntp poll-interval Synt ax Description None. Command Default s None. Command T ype Switch comm[...]

  • Page 874

    Logging And Network Ma nagement Command Set Configuring Simple Network Time Protocol (SNTP) 1 1-132 Matrix NSA Series Configuration Guide 1 1.2.6.10 set sntp poll-retry Use this command to set the number of poll retries to a unicast SNTP server . set sntp poll-retry re t r y Synt ax Description Command Default s None. Command T ype Switch command. [...]

  • Page 875

    Logging And Network Management Command Set Configuring Simple Network Time Protocol (SNTP) Matrix NSA Series Co nfiguration Guide 1 1 -133 1 1.2.6.1 1 clear sntp poll-retry Use this command to clear the number of poll retries to a unicast SNTP server . clear sntp poll-retry Synt ax Description None. Command Default s None. Command T ype Switch comm[...]

  • Page 876

    Logging And Network Ma nagement Command Set Configuring Simple Network Time Protocol (SNTP) 1 1-134 Matrix NSA Series Configuration Guide 1 1.2.6.12 set sntp poll-timeout Use this command to set the po ll time out (in seconds) for a response to a unicast SNTP request. set sntp poll-timeout timeout Synt ax Description Command Default s None. Command[...]

  • Page 877

    Logging And Network Management Command Set Configuring Simple Network Time Protocol (SNTP) Matrix NSA Series Co nfiguration Guide 1 1 -135 1 1.2.6.13 clear sntp poll-timeout Use this command to clear the SNTP poll timeout. clear sntp poll-timeout Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-W rit[...]

  • Page 878

    Logging And Network Ma nagement Command Set Configuring Simple Network Time Protocol (SNTP) 1 1-136 Matrix NSA Series Configuration Guide 1 1.2.6.14 show timezone Use this command to disp lay SNTP time zone settings. show timezone Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-Only . Example This e[...]

  • Page 879

    Logging And Network Management Command Set Configuring Simple Network Time Protocol (SNTP) Matrix NSA Series Co nfiguration Guide 1 1 -137 1 1.2.6.15 set timezone Use this command to set the SNTP time zone name and the hours and minutes it is of fset from Coordinated Universal T ime (UTC). set timezone name [ hours ] [ minutes ] Synt ax Description[...]

  • Page 880

    Logging And Network Ma nagement Command Set Configuring Simple Network Time Protocol (SNTP) 1 1-138 Matrix NSA Series Configuration Guide 1 1.2.6.16 clear timezone Use this command to remove SN TP time zone adjustment values. clear timezone Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Exa[...]

  • Page 881

    Logging And Network Management Command Set Configuring Node Aliases Matrix NSA Series Co nfiguration Guide 1 1 -139 1 1.2.7 Configuring Node Aliases Purpose T o review , configure, disable and re-enable node (port) alias functionality , which determines what network protocols are running on one or more p orts. Commands Commands to configure node al[...]

  • Page 882

    Logging And Network Ma nagement Command Set Configuring Node Alia ses 1 1-140 Matrix NSA Series Configuration Guide 1 1.2.7.1 show nodealias Use this command to d isplay node alias properties for one or more ports. show nodealias [ port-string ] Synt ax Description Command Default s If port-string is not specified, node alias prop erties will be di[...]

  • Page 883

    Logging And Network Management Command Set Configuring Node Aliases Matrix NSA Series Co nfiguration Guide 1 1 -141 Vlan ID VLAN ID associated with this a lias. MAC Address MAC address associa ted with this alias. Protocol Networking protocol running on this po rt. Address / Source IP When applicable, a protoc ol-sp ecific address associated with t[...]

  • Page 884

    Logging And Network Ma nagement Command Set Configuring Node Alia ses 1 1-142 Matrix NSA Series Configuration Guide 1 1.2.7.2 show nodealias mac Use this command to display node alias entries based on MAC address and protocol. show nodealias mac mac_addr ess [ ip | apl | mac | hsrp | dhcps | dhcpc | bootps | bootpc | ospf | vrrp | ipx | xrip | xsap[...]

  • Page 885

    Logging And Network Management Command Set Configuring Node Aliases Matrix NSA Series Co nfiguration Guide 1 1 -143 Command Default s • If protocol is not specified, node alias entries for all protocols will be displayed. • If port-string is not specified, node alias entr ies will be displayed for all ports. Command Mode Read-Only . Example Thi[...]

  • Page 886

    Logging And Network Ma nagement Command Set Configuring Node Alia ses 1 1-144 Matrix NSA Series Configuration Guide 1 1.2.7.3 show nodealias protocol Use this command to display node alias entries based on protocol an d protocol address. show nodealias protocol { ip | apl | mac | hsrp | dhcps | dhcpc | bootps | bootpc | ospf | vrrp | ipx | xrip | x[...]

  • Page 887

    Logging And Network Management Command Set Configuring Node Aliases Matrix NSA Series Co nfiguration Guide 1 1 -145 Example This example shows how to display node alias entr ies for IP traffic on ge .3.16. Refer back to T able 1 1-15 for a description of the command output. Matrix(rw)-> show nodealias protoc ol ip ge.3.16 Port: ge.3.16 Time: 1 d[...]

  • Page 888

    Logging And Network Ma nagement Command Set Configuring Node Alia ses 1 1-146 Matrix NSA Series Configuration Guide 1 1.2.7.4 show nodealias config Use this command to display node alias conf iguration settings on one or more ports. show nodealias config [ port-string ] Synt ax Description Command Default s If port-string is not specified, node ali[...]

  • Page 889

    Logging And Network Management Command Set Configuring Node Aliases Matrix NSA Series Co nfiguration Guide 1 1 -147 T able 1 1-16 show nodealias con fig Output Details Output What It Displays... Port Number Port de signation. Max Entries Maximum number of a lia s entries configured for this port. Set using the set nodealias maxentries command ( Sec[...]

  • Page 890

    Logging And Network Ma nagement Command Set Configuring Node Alia ses 1 1-148 Matrix NSA Series Configuration Guide 1 1.2.7.5 set nodealias Use this command to enable or disable a node a lias agent on one or more ports. Upon pa cket reception, node aliases are dyna mica lly assigned to ports enabled with an alias agent, which is the default setting[...]

  • Page 891

    Logging And Network Management Command Set Configuring Node Aliases Matrix NSA Series Co nfiguration Guide 1 1 -149 1 1.2.7.6 set nodea lias maxentries Use this command to set the maximum number of node alias en tries allowed for one or more ports. set nodealias maxentries val port-string Synt ax Description Command Default s None. Command T ype Sw[...]

  • Page 892

    Logging And Network Ma nagement Command Set Configuring Node Alia ses 1 1-150 Matrix NSA Series Configuration Guide 1 1.2.7.7 clear nodealias Use this command to remove one or more node alias entries. clear nodealias { port-string port-string | alias-id alias-id } Synt ax Description Command Default s None. Command T ype Switch command. Command Mod[...]

  • Page 893

    Logging And Network Management Command Set Configuring Node Aliases Matrix NSA Series Co nfiguration Guide 1 1 -151 1 1.2.7.8 clear nodealias config Use this command to reset node alias state to enabled and clear the maximum entries value. clear nodealias config port-string Synt ax Description Command Default s None. Command T ype Switch command. C[...]

  • Page 894

    Logging And Network Ma nagement Command Set Configuring NetFlow 1 1-152 Matrix NSA Series Configuration Guide 1 1.2.8 Configuring NetFlow NetFlow is a protocol developed for collecting IP traffic information. Ne twork devices (switches and routers) with NetFlow enabled generate NetF low flow records, whic h are ex ported from the device in UDP pack[...]

  • Page 895

    Logging And Network Management Command Set Configuring NetFlow Matrix NSA Series Co nfiguration Guide 1 1 -153 V ersion Support The Matrix DFE firmware supports NetFlow V ersion 5 and V ersion 9. For more information about V ersion 9 data export format, refer to RFC 3954, “Cisco Systems NetFlow Services Export V ersion 9.” When transmitting Net[...]

  • Page 896

    Logging And Network Ma nagement Command Set Configuring NetFlow 1 1-154 Matrix NSA Series Configuration Guide more often than once per second, as a minimum. For more information about setting the refresh rate, see the Usage discussion in Section 1 1.2.8.12 . Commands Commands to configure NetFlow ar e listed below and described in the associated se[...]

  • Page 897

    Logging And Network Management Command Set Configuring NetFlow Matrix NSA Series Co nfiguration Guide 1 1 -155 1 1.2.8.1 show net flow Use this command to displa y NetFlow configur ation information and/or statistics. show netflow [ config [ port-string ]] [ statistics [ export ]] Synt ax Description Command Default s If no parameters are entered, [...]

  • Page 898

    Logging And Network Ma nagement Command Set Configuring NetFlow 1 1-156 Matrix NSA Series Configuration Guide Disabled Ports: ----------------- lag.0.1-48 ge.1.1-10,12-22,24-52 Export Statistics: ------------------------------- ----- Network Packets Sampled: 232 Exported Packets: 43 Exported Records: 36 Export Packets Failed: 0 Export Records Dropp[...]

  • Page 899

    Logging And Network Management Command Set Configuring NetFlow Matrix NSA Series Co nfiguration Guide 1 1 -157 1 1.2.8.2 set net flow cache Use this command to enab le (create) or disable (free up) a NetFlow cache on each DFE blade in the Matrix system. A NetFlow cache ma intains NetFlow information for all active flows. By default, NetFlow caches [...]

  • Page 900

    Logging And Network Ma nagement Command Set Configuring NetFlow 1 1-158 Matrix NSA Series Configuration Guide 1 1.2.8.3 clear net flow cache Use this command to remove, or free up, the Ne tFlow caches on each DFE blade in the Matrix system. When this command is executed, NetF low is effectively disabled on the system. clear netflow cache Synt ax De[...]

  • Page 901

    Logging And Network Management Command Set Configuring NetFlow Matrix NSA Series Co nfiguration Guide 1 1 -159 1 1.2.8.4 set net flow export-destination Use this command to configure the NetFlow collector destination. By default, no collector address is configured. Only one collector destination per Matrix system can be configured. set netflow expo[...]

  • Page 902

    Logging And Network Ma nagement Command Set Configuring NetFlow 1 1-160 Matrix NSA Series Configuration Guide 1 1.2.8.5 clear net flo w export-destination Use this command to clear the NetFlow collector IP address. clear netflow export-destination [ ip-address [ udp-port ]] Synt ax Description Command Default s Since only one collector address per [...]

  • Page 903

    Logging And Network Management Command Set Configuring NetFlow Matrix NSA Series Co nfiguration Guide 1 1 -161 1 1.2.8.6 set net flow export-interval Use this command to configure the NetFlow export interval. set netflow export-interval interval Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite Usage[...]

  • Page 904

    Logging And Network Ma nagement Command Set Configuring NetFlow 1 1-162 Matrix NSA Series Configuration Guide 1 1.2.8.7 clear net flow export-in terval Use this command to clear NetFlow export interval to its default of 30 minutes. clear netflow export-interval Synt ax Description None. Command Default s None. Command T ype Switch command. Command [...]

  • Page 905

    Logging And Network Management Command Set Configuring NetFlow Matrix NSA Series Co nfiguration Guide 1 1 -163 1 1.2.8.8 set net flow port Use this command to enable NetFlow collection on a port. set netflow port port-string { enable | disabl e } Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite Exam[...]

  • Page 906

    Logging And Network Ma nagement Command Set Configuring NetFlow 1 1-164 Matrix NSA Series Configuration Guide 1 1.2.8.9 clear net flow port Use this command to return a port to the default NetFlow collect ion state of disabled. clear netflow port port-string Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read[...]

  • Page 907

    Logging And Network Management Command Set Configuring NetFlow Matrix NSA Series Co nfiguration Guide 1 1 -165 1 1.2.8.10 set net flow export-version Use this command to set the NetFlow flow reco rd format used to ex port data. Refer to V ersion Support on page 153 for more information about Ne tFlow version support. Use the show netflow config com[...]

  • Page 908

    Logging And Network Ma nagement Command Set Configuring NetFlow 1 1-166 Matrix NSA Series Configuration Guide 1 1.2.8.1 1 clear net flow export-version Use this command to return the NetFlow flow record format used to export data to the default of V ersion 5. Use the show netflow config command ( Section 1 1.2.8.1 ) to display the current NetFlow v[...]

  • Page 909

    Logging And Network Management Command Set Configuring NetFlow Matrix NSA Series Co nfiguration Guide 1 1 -167 1 1.2.8.12 set net flow template Use this command to configure th e NetFlow V ersion 9 template refresh rate and/or timeout values. set netflow template {[ refresh-rate packets ] [ timeout minutes ]} Synt ax Description Command Default s A[...]

  • Page 910

    Logging And Network Ma nagement Command Set Configuring NetFlow 1 1-168 Matrix NSA Series Configuration Guide The refresh rate defines the maximum dela y a new or restarted NetFlow collector would experience until it learns the format of the data records being forwarded (from the template referenced by the data records). Refresh rates af fect NetFl[...]

  • Page 911

    Logging And Network Management Command Set Configuring NetFlow Matrix NSA Series Co nfiguration Guide 1 1 -169 1 1.2.8.13 clear netflow template Use this command to reset the V ersion 9 template re fresh rate and/or timeout va lues to their default values. clear netflow template {[ refresh-rate ] [ timeout ]} Synt ax Description Command Default s A[...]

  • Page 912

    Logging And Network Ma nagement Command Set Configuring NetFlow 1 1-170 Matrix NSA Series Configuration Guide[...]

  • Page 913

    Matrix NSA Series Configuration Guide 12-1 12 IP Configuration This chapter describes the Internet Protocol (IP) configuration set of commands and how to use them. 12.1 PROCESS OVERVIEW: INTERNET PROTOCOL (IP) CONFIGURATION Use the following steps as a guide to configuring IP on the device: 1. Configuring routing interface settings ( Section 12.2.1[...]

  • Page 914

    IP Configuration Command Set Configuring Routing Interface Settin gs 12-2 Matrix N SA Series Configuration Guide 12.2 IP CONFIGURATION COMMAND SET 12.2.1 Configuring Routing Interface Settings About Loopback vs . VLAN Interfaces Loopback interfaces are different from VLAN routing interfaces because they allow you to disconnect the operation of rout[...]

  • Page 915

    IP Configuration Command Set Configuring Routing Interface Settings Matrix NSA Series Configuration Guide 12-3 Purpose T o enable routing interface configuratio n mode on the device, to create VLAN or lo opback routing interfaces, to review the usability status of interfaces configured for IP , to set IP addresses for interfaces, and to enable inte[...]

  • Page 916

    IP Configuration Command Set Configuring Routing Interface Settin gs 12-4 Matrix N SA Series Configuration Guide 12.2.1.1 show interface Use this command to display in formation about one or more in terfaces (VLANs or loopbacks) configured on the router . show interface [ vlan vlan-id | loopback loop back-id | lo local-id ] Synt ax Description Comm[...]

  • Page 917

    IP Configuration Command Set Configuring Routing Interface Settings Matrix NSA Series Configuration Guide 12-5 Example This example shows how to display information for all interfaces configured on the router . In this case, one loopback interface has been configured for routing. For a detailed description of this output, refer to T able 12-2 : Mat[...]

  • Page 918

    IP Configuration Command Set Configuring Routing Interface Settin gs 12-6 Matrix N SA Series Configuration Guide 12.2.1.2 interface Use this command to configure interfaces for IP routing. This comm and enables interface configuration mode from glob al co nfiguration mode, and, if the interface h as not previously been created, this command creates[...]

  • Page 919

    IP Configuration Command Set Configuring Routing Interface Settings Matrix NSA Series Configuration Guide 12-7 12.2.1.3 ip ecm-for warding-algorithm Use this command to enable ECM (Equal Cost Multipath) for forwarding IP packets on routing interfaces. ip ecm-forwarding-algorithm [ hash-thold | round-robin ] Synt ax Description Command Synt ax of th[...]

  • Page 920

    IP Configuration Command Set Configuring Routing Interface Settin gs 12-8 Matrix N SA Series Configuration Guide 12.2.1.4 show ip interf ace Use this command to display in formation, including administra tive status, IP address, MTU (Maximum T ransmission U nit) size and bandwi dth, and ACL co nfigurations, for interfaces configured for IP . show i[...]

  • Page 921

    IP Configuration Command Set Configuring Routing Interface Settings Matrix NSA Series Configuration Guide 12-9 T able 12-2 provides an explan ation of the command output. T able 12-2 show ip interface Ou tput Details Output What It Displays... Vlan | Lpbk | Lo N Whether the interface is admini stratively and operationally up or down. IP Address Int[...]

  • Page 922

    IP Configuration Command Set Configuring Routing Interface Settin gs 12-10 M atrix NSA Series Configurati on Guide 12.2.1.5 ip address Use this command to set, remove, or disable a pr imary or secondary IP address for an interface. Each Matrix Series routing module or standalone de vice sup ports up to ro uting interfaces, with up to 50 secondary a[...]

  • Page 923

    IP Configuration Command Set Configuring Routing Interface Settings Matrix NSA Series Configuration Guide 12-1 1 12.2.1.6 no shutdown Use this command to ena ble an in terface for IP routing and to a llow the interface to automatically be enabled at device st artup . no shutdown Synt ax Description None. Command T ype Router command. Command Mode I[...]

  • Page 924

    IP Configuration Command Set Managing Router Configu ration Files 12-12 M atrix NSA Series Configurati on Guide 12.2.2 Managing Router Configuration Files Each Matrix Series device provides a single conf iguration interface which allows you to perform both switch and router configuration with th e s ame command set.This section demonstrates managin[...]

  • Page 925

    IP Configuration Command Set Managing Router Configu ration Files Matrix NSA Series Configu ration Guide 12-13 12.2.2.1 show ru nning-config Use this command to display th e non-d efault, user-supplied commands entered while co nfiguring the device. show running-config Synt ax Description None. Command T ype Router command. Command Mode Any router [...]

  • Page 926

    IP Configuration Command Set Managing Router Configu ration Files 12-14 M atrix NSA Series Configurati on Guide 12.2.2.2 write Use this command to save or delete the router ru nning confi guration, or to display it to output devices. write [ erase | file [ filename config-file ] | terminal ] Synt ax Description Command T ype Router command. Command[...]

  • Page 927

    IP Configuration Command Set Managing Router Configu ration Files Matrix NSA Series Configu ration Guide 12-15 Example This example shows how to display the rout er-s pe ci fic co nfigura tion to the terminal: Matrix>Router1# write terminal Enable Config t interface vlan 1 iP Address 182.127.63.1 255.255. 255.0 no shutdown interface vlan 2 iP Ad[...]

  • Page 928

    IP Configuration Command Set Managing Router Configu ration Files 12-16 M atrix NSA Series Configurati on Guide 12.2.2.3 no ip routing Use this command to disable IP routing on the device and rem ove the routing configuration. By default, IP routing is enab led when interfaces are config ured for it as described in Section 12.2.1 . no ip routing Sy[...]

  • Page 929

    IP Configuration Command Set Performing a Basic Rou ter Configuration Matrix NSA Series Configu ration Guide 12-17 12.2.3 Performing a Basi c Router Configuration 12.2.3.1 Using Ro uter-On ly Config Files Although the Matrix Series’ sing le configuration interface prov ides one set of commands to perform both switch and router configuration, it i[...]

  • Page 930

    IP Configuration Command Set Performing a Basic Router Configuration 12-18 M atrix NSA Series Configurati on Guide 12.2.3.3 Configuring the Router Y ou can configure the rou ter usin g either of the following methods. Using a downloaded file... 1. Download a router config file to the standalone or chassis using the copy command as described in Sect[...]

  • Page 931

    IP Configuration Command Set Reviewing and Configuring th e ARP T able Matrix NSA Series Configu ration Guide 12-19 12.2.4 Reviewing and Confi guring the ARP T able Purpose T o review and configure the routin g ARP table, to enable proxy ARP on an interface, and to set a MAC address on an interface. Commands The comma nds used to review and configu[...]

  • Page 932

    IP Configuration Command Set Reviewing and Con figuring the ARP T able 12-20 M atrix NSA Series Configurati on Guide 12.2.4.1 show ip arp Use this command to display entr ies in the ARP (Address Resolution Protocol) table. ARP converts an IP address into a physical address. show ip arp [ ip-addr ess ] [ vlan vlan-id ] [ outpu t-modifier ] Synt ax D[...]

  • Page 933

    IP Configuration Command Set Reviewing and Configuring th e ARP T able Matrix NSA Series Configu ration Guide 12-21 Example This example shows how to use the show ip arp command: T able 12-3 provides an explan ation of the command output. Matrix>Router1# show ip arp Protocol Address Age (min) Hardware Addr Type Inte rface -----------------------[...]

  • Page 934

    IP Configuration Command Set Reviewing and Con figuring the ARP T able 12-22 M atrix NSA Series Configurati on Guide 12.2.4.2 arp Use this command to add or remo ve permanent (static) ARP table en tries. Up to 1,000 static ARP entries are supported per Matrix Series routing mod ule or standalone device. A multicast MAC address can be used in a stat[...]

  • Page 935

    IP Configuration Command Set Reviewing and Configuring th e ARP T able Matrix NSA Series Configu ration Guide 12-23 12.2.4.3 ip gratuitous-arp Use this command to override the normal ARP updating process, that occurs by default. ip gratuitous-arp { ignore | reply | request } Synt ax Description Command Synt ax of the “no” Form The “no” form[...]

  • Page 936

    IP Configuration Command Set Reviewing and Con figuring the ARP T able 12-24 M atrix NSA Series Configurati on Guide 12.2.4.4 ip gratuitous-arp-learning Use this command to allow an interface to learn new ARP bindings using gratuitous ARP . This command will be in effect if the i p gratuitous-arp ignor e command ( Section 12.2.4.3 ) is used. There [...]

  • Page 937

    IP Configuration Command Set Reviewing and Configuring th e ARP T able Matrix NSA Series Configu ration Guide 12-25 12.2.4.5 ip proxy-arp Use this command to enable proxy ARP on an interface. This varia tion of the ARP protocol allows the routing modu le to send an ARP response on be half of an end node to the requ esting host. Proxy ARP can lessen[...]

  • Page 938

    IP Configuration Command Set Reviewing and Con figuring the ARP T able 12-26 M atrix NSA Series Configurati on Guide 12.2.4.6 ip mac-address Use this command to set a MAC address on an interface. ip mac-address ad dress Synt ax Description Command Synt ax of the “no” Form The “no” form of this command clears the MAC address: no ip mac-addr [...]

  • Page 939

    IP Configuration Command Set Reviewing and Configuring th e ARP T able Matrix NSA Series Configu ration Guide 12-27 12.2.4.7 arp timeout Use this command to set the dura tion (in seconds) for entr ies to stay in the ARP table before expiring. The device can support up to 2000 outstandin g unresolved ARP entries. arp timeout seconds Synt ax Descript[...]

  • Page 940

    IP Configuration Command Set Reviewing and Con figuring the ARP T able 12-28 M atrix NSA Series Configurati on Guide 12.2.4.8 clear arp-cache Use this command to delete all nonstatic (dynamic) entries from the ARP table. clear arp-cache Synt ax Description None. Configuration Mode Privileged EXEC: Matrix>Router1# Command Default s None. Example [...]

  • Page 941

    IP Configuration Command Set Configuring Broadcast Settings Matrix NSA Series Configu ration Guide 12-29 12.2.5 Configuring Broadcast Settings Purpose T o configure IP broadcast settings. Commands The commands used to configure IP broadcast settings are listed below and described in the associated section as shown: • ip directed-broadcast ( Secti[...]

  • Page 942

    IP Configuration Command Set Configuring Broadcast Settings 12-30 M atrix NSA Series Configurati on Guide 12.2.5.1 ip directed-broadcast Use this command to enable or disable IP directed broadcasts on an interface. ip directed-broadcast Synt ax Description None. Command Synt ax of the “no” Form The “no” form of this command disables IP dire[...]

  • Page 943

    IP Configuration Command Set Configuring Broadcast Settings Matrix NSA Series Configu ration Guide 12-31 12.2.5.2 ip forward-protocol Use this command to enable UDP broadcast fo rwarding and specify which protocols will be forwarded. This comm and wo rks in conjunction with the ip helper-address command to configure UDP broadcast forwarding. For in[...]

  • Page 944

    IP Configuration Command Set Configuring Broadcast Settings 12-32 M atrix NSA Series Configurati on Guide Command Default s If port is not specified, default forwarding services will be performed as listed above. Example This example shows how to enable forwarding of Domain Naming Syste m UDP da tagrams (port 53): About DHCP/BOOTP Relay DHCP/BOOTP [...]

  • Page 945

    IP Configuration Command Set Configuring Broadcast Settings Matrix NSA Series Configu ration Guide 12-33 12.2.5.3 ip helper-address Use this command to enable DHCP/BOOTP relay and the forwarding of local UDP broadcasts specifying a new destination address. This command works in conjunction with the ip forward-protoco l command ( Section 12.2. 5.2 )[...]

  • Page 946

    IP Configuration Command Set Reviewing IP T raffic and Configuring Routes 12-34 M atrix NSA Series Configurati on Guide 12.2.6 Reviewing IP T raffi c and Configuring Routes Purpose T o review IP protocol information about the device, to review IP traffic an d configure routes, to enable and send router ICMP (ping) messages, and to execute tracerout[...]

  • Page 947

    IP Configuration Command Set Reviewing IP T raffic and Configuring Routes Matrix NSA Series Configu ration Guide 12-35 12.2.6.1 show ip protocols Use this command to display information about IP protocols running on the device. show ip protocols Synt ax Description None. Command T ype Router command. Command Mode Any router mode. Command Default s [...]

  • Page 948

    IP Configuration Command Set Reviewing IP T raffic and Configuring Routes 12-36 M atrix NSA Series Configurati on Guide Example This example shows how t o display IP protocol information. In this case, the routing protocol is RIP (Routing Information Protocol). For more information on config uring RIP parameters, refer to Section 13.2.2 : Matrix>[...]

  • Page 949

    IP Configuration Command Set Reviewing IP T raffic and Configuring Routes Matrix NSA Series Configu ration Guide 12-37 12.2.6.2 show ip traffic Use this command to display IP traf fic statistics. show ip traffic [ softpath ] Synt ax Description Command T ype Router command. Command Mode Any router mode. Command Default s If softpath is not specifie[...]

  • Page 950

    IP Configuration Command Set Reviewing IP T raffic and Configuring Routes 12-38 M atrix NSA Series Configurati on Guide Example This example shows how to display IP traffic statistics: Matrix>Router1# show ip traffic IP Statistics: Rcvd: 10 total, 6 local des tination 0 header errors 0 unknown protocol, 0 security failures Frags: 0 reassemble d,[...]

  • Page 951

    IP Configuration Command Set Reviewing IP T raffic and Configuring Routes Matrix NSA Series Configu ration Guide 12-39 12.2.6.3 clear ip stat s Use this command to clear all IP traffic co unters (IP , ICMP , UDP , TCP , IGMP , and ARP). clear ip stats Synt ax Description None. Configuration Mode Privileged EXEC: Matrix>Router1# Command Default s[...]

  • Page 952

    IP Configuration Command Set Reviewing IP T raffic and Configuring Routes 12-40 M atrix NSA Series Configurati on Guide 12.2.6.4 show ip route Use this command to display information about IP routes. show ip route [ destination pr efix destination prefix mask longer -pr efixes | connected | ospf | rip | static | su mmary ] Synt ax Description Comma[...]

  • Page 953

    IP Configuration Command Set Reviewing IP T raffic and Configuring Routes Matrix NSA Series Configu ration Guide 12-41 distributed to every module for use by the router's distributed forwarding engin e on the ingress module as frames are received. Command Default s If no parameters are specified, all IP route information will be displayed. Exa[...]

  • Page 954

    IP Configuration Command Set Reviewing IP T raffic and Configuring Routes 12-42 M atrix NSA Series Configurati on Guide 12.2.6.5 ip route Use this command to add or remove a static IP route. ip route pr efix mask { forwar d-addr | vlan vlan-id } [ distance ] [ perm anent ] [ tag value ] Synt ax Description Command Synt ax of the “no” Form The ?[...]

  • Page 955

    IP Configuration Command Set Reviewing IP T raffic and Configuring Routes Matrix NSA Series Configu ration Guide 12-43 Examples This example shows how to set IP address 10.1.2.3 as the next hop gatewa y to destination address 10.0.0.0. The route is assig ned a tag of 1: This example shows how to set IP address 10.1.2.3 as the next hop gatewa y to d[...]

  • Page 956

    IP Configuration Command Set Reviewing IP T raffic and Configuring Routes 12-44 M atrix NSA Series Configurati on Guide 12.2.6.6 ip icmp Use this command to re-enable th e Internet Control Message Protocol (ICMP), allowing a router to reply to IP ping requ ests. By default, ICMP m essaging is enabled on a ro uting interface for both echo-reply and [...]

  • Page 957

    IP Configuration Command Set Reviewing IP T raffic and Configuring Routes Matrix NSA Series Configu ration Guide 12-45 12.2.6.7 ping Use this command to test routing network connec tivity by sending IP ping requests. The ping utility (IP ping only) transmits a maximum of five echo requ ests, with a packet size of 100. The application stops when the[...]

  • Page 958

    IP Configuration Command Set Reviewing IP T raffic and Configuring Routes 12-46 M atrix NSA Series Configurati on Guide 12.2.6.8 traceroute Use this command to d isplay a hop-by-hop path through an IP network from the device to a specific destination host. Three ICMP probes w ill be tr ansmitted for each hop between the source and the traceroute de[...]

  • Page 959

    IP Configuration Command Set Configuring PIM Matrix NSA Series Configu ration Guide 12-47 12.2.7 Configuring PIM Purpose T o review and configure Protoc ol Independent Multicast (PIM). Commands The commands used to review and configure PIM are listed below and described in the associated section as shown: • ip pim sparse mode ( Section 12.2.7.1 )[...]

  • Page 960

    IP Configuration Command Set Configuring PIM 12-48 M atrix NSA Series Configurati on Guide 12.2.7.1 ip pim sparse mode Use this command to enable Prot ocol Independent Multicast (PIM) Sparse Mode (SM) on a routing interface. ip pim sparse-mode Synt ax Description None. Command Synt ax of the “no” Form The no form of this command disables PIM on[...]

  • Page 961

    IP Configuration Command Set Configuring PIM Matrix NSA Series Configu ration Guide 12-49 12.2.7.2 ip pim bsr-candidate Use this command to enable th e router to a nnounce its candid acy as a BootStrap Router (BSR). ip pim bsr-candidate pim-interface [ hash-mask-len gth ] [ priority ]] Synt ax Description Command Synt ax of the “no” Form The no[...]

  • Page 962

    IP Configuration Command Set Configuring PIM 12-50 M atrix NSA Series Configurati on Guide Example This example sets the hash mask length to 30 and DR priority to 77 on VLAN 1: Matrix>Router1(config)# interface vlan 1 Matrix>Router1(config-if(Vlan 1 )) #ip pim bsr-candidate vlan 1 priority 7 7[...]

  • Page 963

    IP Configuration Command Set Configuring PIM Matrix NSA Series Configu ration Guide 12-51 12.2.7.3 ip pim d r-priority Use this command to set the priority for which a rout er will be elected as the designated router (DR). ip pim dr-priority priority Synt ax Description Command Synt ax of the “no” Form The no form of this command di sables the [...]

  • Page 964

    IP Configuration Command Set Configuring PIM 12-52 M atrix NSA Series Configurati on Guide 12.2.7.4 ip pim rp-address Use this command to set a static rend ezvous point (RP) for a multicast group. ip pim rp-address rp-address gr oup-addr ess group-mask [ priority priority ] Synt ax Description Command Synt ax of the “no” Form The no form of thi[...]

  • Page 965

    IP Configuration Command Set Configuring PIM Matrix NSA Series Configu ration Guide 12-53 12.2.7.5 ip pim rp-candidate Use this command to enable the router to advertise itself as a PI M candidate rendezvous point (RP) to the BSR. Only one RP candid ate can be configured per routing module or standalone device. ip pim rp-candidate pim-interface gr [...]

  • Page 966

    IP Configuration Command Set Configuring PIM 12-54 M atrix NSA Series Configurati on Guide 12.2.7.6 show ip pim b sr Use this command to display Boot Strap Router (BSR) information. show ip pim bs r Synt ax Description None. Command T ype Router command. Command Mode Privileged EXEC: Matrix>Router1# Command Default s None. Example This example s[...]

  • Page 967

    IP Configuration Command Set Configuring PIM Matrix NSA Series Configu ration Guide 12-55 BSR Hash Mask Length Length of a mask (32 bits maximu m) that is to be added with the group ad dress before the hash function is called. This value is configured by the ip pim bsr-candidate command. BSR Uptime Interval that this router has been up (in hours:mi[...]

  • Page 968

    IP Configuration Command Set Configuring PIM 12-56 M atrix NSA Series Configurati on Guide 12.2.7.7 show ip pim i nterface Use this command to disp lay information about PIM interfaces that are c urre ntly up (not shutdown). show ip pim interface [ interface ] Synt ax Description Command T ype Router command. Command Mode Privileged EXEC: Matrix>[...]

  • Page 969

    IP Configuration Command Set Configuring PIM Matrix NSA Series Configu ration Guide 12-57 Nbr -Count T otal number of PIM neighb ors on the interface, discovered by receiving PIM hello messages from other PIM routers on the interface. Query-Intvl Interval between Hello messages. Defa ult is 30 seconds. DR-Prior Designated router priority value on t[...]

  • Page 970

    IP Configuration Command Set Configuring PIM 12-58 M atrix NSA Series Configurati on Guide 12.2.7.8 show ip pim neighbor Use this command to display inform ation about discovered PIM neighbors. show ip pim ne ighbor [ interface ] Synt ax Description Command T ype Router command. Command Mode Privileged EXEC: Matrix>Router1# Command Default s If [...]

  • Page 971

    IP Configuration Command Set Configuring PIM Matrix NSA Series Configu ration Guide 12-59 Expires Interval in hours, minutes, and seconds until the entry will be removed from the IP multicast routing table. Mode Mode in which the interface is operating. (DR) Indicates that this neighbor is a designated router on the LAN. T able 12-6 show ip pim nei[...]

  • Page 972

    IP Configuration Command Set Configuring PIM 12-60 M atrix NSA Series Configurati on Guide 12.2.7.9 show ip pim rp Use this command to d isplay the active rendezvous points (RPs) that are cached with associated multicast routing entries. show ip pim rp [ group | map ping | multicast gr oup addr ess ] Synt ax Description Command T ype Router command[...]

  • Page 973

    IP Configuration Command Set Configuring PIM Matrix NSA Series Configu ration Guide 12-61 T able 12-7 provides an explan ation of the command output. T able 12-7 show ip pim rp Output Det ails Output What It Displays... Group(s) Address of the multicast group(s) about which to display RP data. RP Address of the RP for that group. Priority RP priori[...]

  • Page 974

    IP Configuration Command Set Configuring PIM 12-62 M atrix NSA Series Configurati on Guide 12.2.7.10 show ip pim rp-hash Use this command to displa y the rendezvous point (RP) that is being selected for a specified group. show ip pim rp-hash gr oup-ad dr ess Synt ax Description Command T ype Router command. Command Mode Privileged EXEC: Matrix>R[...]

  • Page 975

    IP Configuration Command Set Configuring PIM Matrix NSA Series Configu ration Guide 12-63 12.2.7.1 1 show ip mroute Use this command to display the IP multicast ro uting table. This table shows how a multicast routing protocol, such as PIM and DVMRP , will forw ard a multicast packet. In formation in the table includes source netwo rk/mask and upst[...]

  • Page 976

    IP Configuration Command Set Configuring PIM 12-64 M atrix NSA Series Configurati on Guide Example This example shows a portion of the IP multicast ro uting table display . In this case, it shows there are nine source PIM sparse mode (PIMSM) multicast networks. PIMSM network 1 shows an incoming route at VLAN-999 and outgoing routes at VLANs 410, 55[...]

  • Page 977

    IP Configuration Command Set Configuring PIM Matrix NSA Series Configu ration Guide 12-65 12.2.7.12 sho w ip mforward Use this command to display the IP multicast forw arding table. This table shows what multicast routes have actually b e en pr ogrammed into th e Matrix hardware. Although redundant to the show ip mroute display ( Section 12.2.7.1 1[...]

  • Page 978

    IP Configuration Command Set Configuring PIM 12-66 M atrix NSA Series Configurati on Guide 12.2.7.13 show ip rpf Use this command to display the reverse path of an address in the unicast table. show ip rfp Synt ax Description None. Command T ype Router command. Command Mode Any router mode. Command Default s None. Example This example shows the rev[...]

  • Page 979

    IP Configuration Command Set Configuring Load Sharing Netwo rk Address T ranslation (LSNA T) Matrix NSA Series Configu ration Guide 12-67 12.2.8 Configuring Load Sharing Network Address T ranslation (LSNA T) About LSNA T As defined in RFC 2391, LSNA T supports networ k reliability and availab ility by enabling high traffic servers to load balance. [...]

  • Page 980

    IP Configuration Command Set Configuring Load Sharing Network Address T ranslation (LSNA T) 12-68 M atrix NSA Series Configurati on Guide • The virtual port used by the virt ual server (configured with the virtual co mmand, Section 12.2.8.15 ) should match the real port used by the real server (configured with the rea l command, Section 12.2 .8.4[...]

  • Page 981

    IP Configuration Command Set Configuring Load Sharing Netwo rk Address T ranslation (LSNA T) Matrix NSA Series Configu ration Guide 12-69 • Sticky persistence — a binding is determined by matching the source and destination IP addresses only . This allows all requests from a clie nt to the same virtual addres s to be directed to the same load b[...]

  • Page 982

    IP Configuration Command Set Configuring Load Sharing Network Address T ranslation (LSNA T) 12-70 M atrix NSA Series Configurati on Guide If you also want to provide direct client access to real servers configured as part of a server farm group, there are two mechanisms that can provide direct client access . The first mechanism, configured within [...]

  • Page 983

    IP Configuration Command Set Configuring Load Sharing Netwo rk Address T ranslation (LSNA T) Matrix NSA Series Configu ration Guide 12-71 • (Optional) Specify a load ba lancing algorithm. predictor ( Section 12.2.8.5 ) • (Optional) Configure this server farm to use sticky session persistence. (See “Sticky Persistence Configura tion Considerat[...]

  • Page 984

    IP Configuration Command Set Configuring Load Sharing Network Address T ranslation (LSNA T) 12-72 M atrix NSA Series Configurati on Guide • (Optional) Allow specific clients direct access to a real server without using LSNA T . allow accessservers ( Section 12.2.8.19 ) Configure global direct access: • (Optional) Allow all clients to directly a[...]

  • Page 985

    IP Configuration Command Set Configuring Load Sharing Netwo rk Address T ranslation (LSNA T) Matrix NSA Series Configu ration Guide 12-73 12.2.8.1 show ip slb serverfarms Use this command to display server lo ad balancing server farm information. show ip slb serverfarms [ detail | serverfarmname [ detail ]] Synt ax Description Command T ype Router [...]

  • Page 986

    IP Configuration Command Set Configuring Load Sharing Network Address T ranslation (LSNA T) 12-74 M atrix NSA Series Configurati on Guide 12.2.8.2 ip slb f tpctrlport Use this command to specify an FTP control port for load balancing functio nality. By default, this is port 21. ip slb ftpctrlport port-number Synt ax Description Command Synt ax of t[...]

  • Page 987

    IP Configuration Command Set Configuring Load Sharing Netwo rk Address T ranslation (LSNA T) Matrix NSA Series Configu ration Guide 12-75 12.2.8.3 ip slb serverfarm Use this command to identify an LSNAT server farm and enable server load balancing (SLB) server farm configuration mode. ip slb serverfarm serverfarm name Synt ax Description Command Sy[...]

  • Page 988

    IP Configuration Command Set Configuring Load Sharing Network Address T ranslation (LSNA T) 12-76 M atrix NSA Series Configurati on Guide 12.2.8.4 real Use this command to add a real LSNA T server to a server farm and to enable LSNA T real server configuration mode. real ip-addr ess port number Synt ax Description Command Synt ax of the “no” Fo[...]

  • Page 989

    IP Configuration Command Set Configuring Load Sharing Netwo rk Address T ranslation (LSNA T) Matrix NSA Series Configu ration Guide 12-77 12.2.8.5 predictor Use this command to specify which load balancing algorith m to use for selecting a real server in an LSNA T server farm. predictor [ r oundrobin | leastconns ] Synt ax Description Command Synt [...]

  • Page 990

    IP Configuration Command Set Configuring Load Sharing Network Address T ranslation (LSNA T) 12-78 M atrix NSA Series Configurati on Guide 12.2.8.6 sticky Use this command to configure sticky session persistence for this server farm. See “Sticky Persistence Configuration Considerations” on page 12-69 for more information. This command is used in[...]

  • Page 991

    IP Configuration Command Set Configuring Load Sharing Netwo rk Address T ranslation (LSNA T) Matrix NSA Series Configu ration Guide 12-79 12.2.8.7 show ip slb reals Use this command to display info rmation about the real servers. show ip slb reals [ detail | serverfarm s erverfarmname [ detail ]] Synt ax Description Command T ype Router command. Co[...]

  • Page 992

    IP Configuration Command Set Configuring Load Sharing Network Address T ranslation (LSNA T) 12-80 M atrix NSA Series Configurati on Guide T able 12-9 provides an explanation of the detailed command output. Matrix Router1(config)#> Router1>show ip slb reals serverfarm ten detail Server Farm : ten Real Server IP : 10.3.0 .3 Real Server Por t : [...]

  • Page 993

    IP Configuration Command Set Configuring Load Sharing Netwo rk Address T ranslation (LSNA T) Matrix NSA Series Configu ration Guide 12-81 T able 12-9 show ip slb reals Output Det ails Output What It Displays... Server Farm Name of the server farm associated with this server . Assigned using the ip slb serverfarm comma nd as described in Section 12.[...]

  • Page 994

    IP Configuration Command Set Configuring Load Sharing Network Address T ranslation (LSNA T) 12-82 M atrix NSA Series Configurati on Guide 12.2.8.8 inservice (real server) Use this command to enable a real LSNA T server . inservice Synt ax Description None. Command Synt ax of the “no” Form The “no” form of this command removes the real serve[...]

  • Page 995

    IP Configuration Command Set Configuring Load Sharing Netwo rk Address T ranslation (LSNA T) Matrix NSA Series Configu ration Guide 12-83 12.2.8.9 faildetect (real server) Use this command to configur e which method (typ e) is used to detect whether an LSNA T server is up or down. faildetect { ping-int seconds ping-re tries number | app-int seconds[...]

  • Page 996

    IP Configuration Command Set Configuring Load Sharing Network Address T ranslation (LSNA T) 12-84 M atrix NSA Series Configurati on Guide Example This example shows how to set the ping interval to 10 seconds and the retry number to 6 for the real server at IP 10.1.2.3 in the “httpserver” server farm: Matrix>Router1(config)# ip slb serverfar [...]

  • Page 997

    IP Configuration Command Set Configuring Load Sharing Netwo rk Address T ranslation (LSNA T) Matrix NSA Series Configu ration Guide 12-85 12.2.8.10 maxconns Use this command to limit th e number of connections to a real LSNA T server . maxconns maximum-number Synt ax Description Command Synt ax of the “no” Form The “no” fo rm of this comman[...]

  • Page 998

    IP Configuration Command Set Configuring Load Sharing Network Address T ranslation (LSNA T) 12-86 M atrix NSA Series Configurati on Guide 12.2.8.1 1 weight Use this command to specify the we ight load number of a real server that is a member of an LSNA T server farm. weight weight-number Synt ax Description Command Synt ax of the “no” Form The [...]

  • Page 999

    IP Configuration Command Set Configuring Load Sharing Netwo rk Address T ranslation (LSNA T) Matrix NSA Series Configu ration Guide 12-87 12.2.8.12 show ip slb vservers Use this command to display server load balancing virtual server information. show ip slb vservers [ detail | virtserver-name [ detail ]] Synt ax Description Command T ype Router co[...]

  • Page 1000

    IP Configuration Command Set Configuring Load Sharing Network Address T ranslation (LSNA T) 12-88 M atrix NSA Series Configurati on Guide This example shows how to display detailed in formation about the “t est” virtual server: T able 12-10 provides an explanation of the detailed command output. Matrix Router1(config)#> show ip slb vse rvers[...]

  • Page 1001

    IP Configuration Command Set Configuring Load Sharing Netwo rk Address T ranslation (LSNA T) Matrix NSA Series Configu ration Guide 12-89 In Service Whether or not this vi rtual server is enabled (using the inservice command as describe d in Section 12.2.8.16 ). Service Name Whether or not the service named can also be acce ssed through this virtua[...]

  • Page 1002

    IP Configuration Command Set Configuring Load Sharing Network Address T ranslation (LSNA T) 12-90 M atrix NSA Series Configurati on Guide 12.2.8.13 ip slb vserver Use this command to identify an LSNA T virtual server and to access or enable the virtual server load balance (SLB) configuratio n mode. ip slb vserver vserver-name Synt ax Description Co[...]

  • Page 1003

    IP Configuration Command Set Configuring Load Sharing Netwo rk Address T ranslation (LSNA T) Matrix NSA Series Configu ration Guide 12-91 12.2.8.14 serverfarm Use this command to associate a virtual server with an LSN A T se rver farm. serverfarm se rverfarm-name Synt ax Description Command Synt ax of the “no” Form The “no” fo rm of this co[...]

  • Page 1004

    IP Configuration Command Set Configuring Load Sharing Network Address T ranslation (LSNA T) 12-92 M atrix NSA Series Configurati on Guide 12.2.8.15 virtual Use this command to configure a virtual server IP address. virtual ip-addr ess { tcp | udp } port [ service servic e-name ] Synt ax Description Command Synt ax of the “no” Form The “no” [...]

  • Page 1005

    IP Configuration Command Set Configuring Load Sharing Netwo rk Address T ranslation (LSNA T) Matrix NSA Series Configu ration Guide 12-93 Command Mode SLB V irtual Server Configuration mode: Matrix>Router1(config-slb-vserver)# Command Default s If a TCP service name is not specified, none will be applied. Example This example shows how to set th[...]

  • Page 1006

    IP Configuration Command Set Configuring Load Sharing Network Address T ranslation (LSNA T) 12-94 M atrix NSA Series Configurati on Guide 12.2.8.16 inservice (virtual server) Use this command to enable a virtual LSNA T server . inservice Synt ax Description None. Command Synt ax of the “no” Form The “no” form of this command re moves the vi[...]

  • Page 1007

    IP Configuration Command Set Configuring Load Sharing Netwo rk Address T ranslation (LSNA T) Matrix NSA Series Configu ration Guide 12-95 12.2.8.17 client Use this command to allow a specific client to us e a virtual server . If no clients are specified with this command, all clients will be allowed to use a virtual server . client ip-addr ess netw[...]

  • Page 1008

    IP Configuration Command Set Configuring Load Sharing Network Address T ranslation (LSNA T) 12-96 M atrix NSA Series Configurati on Guide 12.2.8.18 persistence level Use this command to set the type of binding used and the time limit to allow clients to remain bound to an LSNA T virtual server . See “Session Pe rsistence” on page 12-68 for more[...]

  • Page 1009

    IP Configuration Command Set Configuring Load Sharing Netwo rk Address T ranslation (LSNA T) Matrix NSA Series Configu ration Guide 12-97 Command Default s If not specified, persistence level is set to TCP . Examples This example shows how to set the TCP session pers istence timeout to 360 seconds on the virtual server named “virtual-http”: Thi[...]

  • Page 1010

    IP Configuration Command Set Configuring Load Sharing Network Address T ranslation (LSNA T) 12-98 M atrix NSA Series Configurati on Guide 12.2.8.19 allow accessservers Use this command to allow specific clients to a ccess the load balancing real servers in a particular LSNA T server farm without address translation. Specif ied clients can set up co[...]

  • Page 1011

    IP Configuration Command Set Configuring Load Sharing Netwo rk Address T ranslation (LSNA T) Matrix NSA Series Configu ration Guide 12-99 12.2.8.20 ip slb allow access_all Use this command to allow all clients to direct ly access all services provided by real servers EXCEP T FOR those services configured for server load balancing. The real servers [...]

  • Page 1012

    IP Configuration Command Set Configuring Load Sharing Network Address T ranslation (LSNA T) 12-100 Matrix NSA Series Configuration Guide Matrix>Router1(config)# ip slb allowacce ss_all Matrix>Router1(config)#ip slb s erverfarm httpserver Matrix>Router1(config-slb-sfarm )#real 10.1.2.1 port 80 Matrix>Router1(config-slb-real) #inservice M[...]

  • Page 1013

    IP Configuration Command Set Configuring Load Sharing Netwo rk Address T ranslation (LSNA T) Matrix NSA Series Configura tion Guide 12-1 01 12.2.8.21 show ip slb conns Use this command to display active server load balancing connections. show ip slb conns [ detail | vserver virtualserver [ detail ] | client client-i p [ detail ]] Synt ax Descriptio[...]

  • Page 1014

    IP Configuration Command Set Configuring Load Sharing Network Address T ranslation (LSNA T) 12-102 Matrix NSA Series Configuration Guide This example shows how to display detailed in formation about active se rver load balancing connections: T able 12-1 1 provides an explanation of the detailed c ommand output. Matrix>Router1# show ip slb conns [...]

  • Page 1015

    IP Configuration Command Set Configuring Load Sharing Netwo rk Address T ranslation (LSNA T) Matrix NSA Series Configura tion Guide 12-1 03 12.2.8.22 show ip slb st ats Use this command to display lo ad server balancing statistics. show ip slb stats Synt ax Description None. Command T ype Router command. Command Mode Any router mode. Command Defaul[...]

  • Page 1016

    IP Configuration Command Set Configuring Load Sharing Network Address T ranslation (LSNA T) 12-104 Matrix NSA Series Configuration Guide 12.2.8.23 show ip slb sticky Use this command to display server lo ad balancing active sticky connections. show ip slb sticky [ client ip-address ] Synt ax Description Command T ype Router command. Command Mode An[...]

  • Page 1017

    IP Configuration Command Set Configuring Load Sharing Netwo rk Address T ranslation (LSNA T) Matrix NSA Series Configura tion Guide 12-1 05 12.2.8.24 clear ip slb Use this command to clear server load balancing counters or to remove server load balancing connections. clear ip slb {[ counters ] [ connections { all | flowid flowid | serverfarm server[...]

  • Page 1018

    IP Configuration Command Set Configuring Load Sharing Network Address T ranslation (LSNA T) 12-106 Matrix NSA Series Configuration Guide 12.2.8.25 show router l imit s Use this command to disp lay LSNA T router limits. show router limits [ lsnat-bindings ] | [ lsnat-cache] | [ lsnat-configs ] Synt ax Description Command T ype Switch command. Comman[...]

  • Page 1019

    IP Configuration Command Set Configuring Load Sharing Netwo rk Address T ranslation (LSNA T) Matrix NSA Series Configura tion Guide 12-1 07 12.2.8.26 set router limits Use this command to set LSNA T router limits. set router limits [ lsnat-bindings lsnat-bindings ] | [ lsnat-cache lsnat-cache ] | [ lsnat-configs lsnat-configs ] Synt ax Description [...]

  • Page 1020

    IP Configuration Command Set Configuring Load Sharing Network Address T ranslation (LSNA T) 12-108 Matrix NSA Series Configuration Guide configured, and up to 500 real s ervers and 500 client access entries can be configured. Example This example shows how to set the LSNA T configur ation limit to 25. This means that up to 25 server farms, 25 virtu[...]

  • Page 1021

    IP Configuration Command Set Configuring Load Sharing Netwo rk Address T ranslation (LSNA T) Matrix NSA Series Configura tion Guide 12-1 09 12.2.8.27 clear router limits Use this command to reset chassis-b ased LSNA T limits to default values. clear router limits [ lsnat-bindings ] | [ lsnat-cache ] | [ lsnat-configs ] Synt ax Description Command T[...]

  • Page 1022

    IP Configuration Command Set Configuring Dynamic Host Configuration Protocol (DHCP) 12-1 10 Matrix NSA Series Configuration Guide 12.2.9 Configuring Dynamic Ho st Configuration Protocol (DHCP) DHCP Overview The Dynamic Host Configuration Protocol (DHCP) provides services for allocating and delivering IP addresses and other configuration parameters [...]

  • Page 1023

    IP Configuration Command Set Configuring Dynamic Host C onfiguration Protocol (DHCP) Matrix NSA Series Configuration Guide 12-1 1 1 DHCP T a sk List The CLI commands for DHCP Serv er provide functionality for: 1. Configuring a DHCP local pool for a subnet (required) 2. Excluding IP addresses not to be as signed to the clients by the DHCP server (op[...]

  • Page 1024

    IP Configuration Command Set Configuring Dynamic Host Configuration Protocol (DHCP) 12-1 12 Matrix NSA Series Configuration Guide Commands The commands used to configure DHCP are liste d below and described in the associa ted section as shown: • ip dhcp server ( Section 12.2.9.1 ) • ip local pool ( Section 12.2.9.2 ) • exclude ( Section 12.2.[...]

  • Page 1025

    IP Configuration Command Set Configuring Dynamic Host C onfiguration Protocol (DHCP) Matrix NSA Series Co nfiguration Guide 12-1 13 • client-class ( Section 12.2.9.17 ) • client-identifier ( Section 12.2.9.18 ) • client-name ( Section 12.2.9.19 ) • hardware-address ( Section 12.2.9.20 ) • show ip dhcp binding ( Section 12.2.9.21 ) • cle[...]

  • Page 1026

    IP Configuration Command Set Configuring Dynamic Host Configuration Protocol (DHCP) 12-1 14 Matrix NSA Series Configuration Guide 12.2.9.1 ip dhcp server Use this command to enable DHCP server features on a routing interface. ip dhcp server Synt ax Description None. Command Synt ax of the “no” Form The “no” form of this command di sables DH[...]

  • Page 1027

    IP Configuration Command Set Configuring Dynamic Host C onfiguration Protocol (DHCP) Matrix NSA Series Co nfiguration Guide 12-1 15 12.2.9.2 ip local pool Use this command to configure a lo cal address pool to us e as a DHCP subnet. This defines the range of IP addresses to be used by DHCP server an d enables IP local pool configuration mode. ip lo[...]

  • Page 1028

    IP Configuration Command Set Configuring Dynamic Host Configuration Protocol (DHCP) 12-1 16 Matrix NSA Series Configuration Guide 12.2.9.3 exclude Use this command to exclude one or more addresses from a DHCP local address pool. exclude ip-addr ess number Synt ax Description Command Synt ax of the “no” Form The “no” form of this command rem[...]

  • Page 1029

    IP Configuration Command Set Configuring Dynamic Host C onfiguration Protocol (DHCP) Matrix NSA Series Co nfiguration Guide 12-1 17 12.2.9.4 ip dhcp ping packet s Use this command to specify the number of pack ets a DHCP server sends to an IP address before assigning the address to a requesting client. ip dhcp ping packets number Synt ax Descriptio[...]

  • Page 1030

    IP Configuration Command Set Configuring Dynamic Host Configuration Protocol (DHCP) 12-1 18 Matrix NSA Series Configuration Guide 12.2.9.5 ip dhcp ping timeout Use this command to specify the amount of time the DHCP server will wait for a ping reply from an IP address before timing out. ip dhcp ping timeout milliseconds Synt ax Description Command [...]

  • Page 1031

    IP Configuration Command Set Configuring Dynamic Host C onfiguration Protocol (DHCP) Matrix NSA Series Co nfiguration Guide 12-1 19 12.2.9.6 ip dhcp pool Use this command to assign a name to a DHCP server pool of addresses, and to enable DHCP address pool configura tion mode. ip dhcp pool name Synt ax Description Command Synt ax of the “no” For[...]

  • Page 1032

    IP Configuration Command Set Configuring Dynamic Host Configuration Protocol (DHCP) 12-120 Matrix NSA Series Configuration Guide 12.2.9.7 domain-name Use this command to assign a do main name to a DHCP client. domain-nam e domain Synt ax Description Command Synt ax of the “no” Form The “no” form of this comman d deletes a DHCP domain name: [...]

  • Page 1033

    IP Configuration Command Set Configuring Dynamic Host C onfiguration Protocol (DHCP) Matrix NSA Series Configura tion Guide 12-1 21 12.2.9.8 dns-server Use this command to assign one or more DNS servers to DHCP clients. dns-server addr ess [ addr ess2...addr ess8 ] Synt ax Description Command Synt ax of the “no” Form The “no” fo rm of this [...]

  • Page 1034

    IP Configuration Command Set Configuring Dynamic Host Configuration Protocol (DHCP) 12-122 Matrix NSA Series Configuration Guide 12.2.9.9 netbios-name-server Use this command to assign one or more NetBIOS WINS servers to DHCP clients. netbios-name-server addr ess [ addr ess2...address8 ] Synt ax Description Command Synt ax of the “no” Form The [...]

  • Page 1035

    IP Configuration Command Set Configuring Dynamic Host C onfiguration Protocol (DHCP) Matrix NSA Series Configura tion Guide 12-1 23 12.2.9.10 netbios-node-type Use this command to assign a NetBIOS node (server) type to DHCP clients. netbios-node-type type Synt ax Description Command Synt ax of the “no” Form The “no” fo rm of this comman d d[...]

  • Page 1036

    IP Configuration Command Set Configuring Dynamic Host Configuration Protocol (DHCP) 12-124 Matrix NSA Series Configuration Guide 12.2.9.1 1 default-router Use this command to assign a default router list to DHCP clients. default-router addr ess [ addr ess2...addr ess8 ] Synt ax Description Command Synt ax of the “no” Form The “no” form of t[...]

  • Page 1037

    IP Configuration Command Set Configuring Dynamic Host C onfiguration Protocol (DHCP) Matrix NSA Series Configura tion Guide 12-1 25 12.2.9.12 bootfile Use this command to specify the defa ult boot image for a DHCP client. bootfile filename Synt ax Description Command Synt ax of the “no” Form The “no” form of this command deletes the boot im[...]

  • Page 1038

    IP Configuration Command Set Configuring Dynamic Host Configuration Protocol (DHCP) 12-126 Matrix NSA Series Configuration Guide 12.2.9.13 next-server Use this command to specify the next server in the DHCP server boot process. The next server is the server the client will contact for the boot file if the primary server is not able to supply it. A [...]

  • Page 1039

    IP Configuration Command Set Configuring Dynamic Host C onfiguration Protocol (DHCP) Matrix NSA Series Configura tion Guide 12-1 27 12.2.9.14 option Use this command to configure DHCP options. Th ese configuration parameters and other cont rol information are carried in tagged data items that are stored in the options field of the DHCP message to n[...]

  • Page 1040

    IP Configuration Command Set Configuring Dynamic Host Configuration Protocol (DHCP) 12-128 Matrix NSA Series Configuration Guide This example shows how to configure DHCP optio n 72, which assigns one or more W eb servers for DHCP clients. In this case, two W e b server addresses are configure d : Matrix>Router1(config)# ip dhcp pool loc alpool M[...]

  • Page 1041

    IP Configuration Command Set Configuring Dynamic Host C onfiguration Protocol (DHCP) Matrix NSA Series Configura tion Guide 12-1 29 12.2.9.15 lease Use this command to specify the duration of the lea se for an IP address assigned by a DHCP serve r to a client. lease { days [ hours ] [ minutes ] | infinite } Synt ax Description Command Synt ax of th[...]

  • Page 1042

    IP Configuration Command Set Configuring Dynamic Host Configuration Protocol (DHCP) 12-130 Matrix NSA Series Configuration Guide 12.2.9.16 host Use this command to sp ecify an IP address and network mask for manual DHCP binding. host addr ess [ mask | pr efix-length ] Synt ax Description Command Synt ax of the “no” Form The “no” form of thi[...]

  • Page 1043

    IP Configuration Command Set Configuring Dynamic Host C onfiguration Protocol (DHCP) Matrix NSA Series Configura tion Guide 12-1 31 12.2.9.17 client-class Use this command to identify an DH CP client class. Us ing this comman d to give a set of client class properties a name, allows you to as sign properties to all DHCP clients within the class rat[...]

  • Page 1044

    IP Configuration Command Set Configuring Dynamic Host Configuration Protocol (DHCP) 12-132 Matrix NSA Series Configuration Guide 12.2.9.18 client-identifier Use this command to enable D HCP host configur ation mode and associate a client class with a DHCP client. client-identifier mac-addr ess [ client-class name ] Synt ax Description Command Synt [...]

  • Page 1045

    IP Configuration Command Set Configuring Dynamic Host C onfiguration Protocol (DHCP) Matrix NSA Series Configura tion Guide 12-1 33 12.2.9.19 client-name Use this command to assign a name to a DHCP client. client-name name [ client-class name ] Synt ax Description Command Synt ax of the “no” Form The “no” fo rm of this comm and deletes a cl[...]

  • Page 1046

    IP Configuration Command Set Configuring Dynamic Host Configuration Protocol (DHCP) 12-134 Matrix NSA Series Configuration Guide 12.2.9.20 hardware-address Use this command to specify parameters for a new DHCP client address. This command also enables DHCP host configuration mode. hardware-address har dwar e-addr ess [ type ] Synt ax Description Co[...]

  • Page 1047

    IP Configuration Command Set Configuring Dynamic Host C onfiguration Protocol (DHCP) Matrix NSA Series Configura tion Guide 12-1 35 12.2.9.21 show ip dhcp binding Use this command to display information about one or all DHCP address bindings. show ip dhcp binding [ ip - addr ess ] Synt ax Description Command T ype Router command. Command Mode Any D[...]

  • Page 1048

    IP Configuration Command Set Configuring Dynamic Host Configuration Protocol (DHCP) 12-136 Matrix NSA Series Configuration Guide 12.2.9.22 clear ip dhcp binding Use this command to delete one or all automatic DHCP address bindings. clear ip dhcp binding { addr ess | * } Synt ax Description Command T ype Router command. Command Mode Privileged EXEC:[...]

  • Page 1049

    IP Configuration Command Set Configuring Dynamic Host C onfiguration Protocol (DHCP) Matrix NSA Series Configura tion Guide 12-1 37 12.2.9.23 sho w ip dhcp server st atistics Use this command to display DHCP server statistics. show ip dhcp server statistics Synt ax Description None. Command T ype Router command. Command Mode Any DHCP configuration [...]

  • Page 1050

    IP Configuration Command Set Configuring Dynamic Host Configuration Protocol (DHCP) 12-138 Matrix NSA Series Configuration Guide T able 12-13 provides an explanation o f the command output. T able 12-13 show ip dhcp server statistics Outp ut Details Output What It Displays... Memory usage Bytes of RAM allocated by the DHCP se rver . Address pools C[...]

  • Page 1051

    IP Configuration Command Set Configuring Dynamic Host C onfiguration Protocol (DHCP) Matrix NSA Series Configura tion Guide 12-1 39 12.2.9.24 clear i p dhcp server st atistics Use this command to reset all DHCP server counte rs. clear ip dhcp server statistics Synt ax Description None. Command T ype Router command. Command Mode Privileged EXEC: Mat[...]

  • Page 1052

    IP Configuration Command Set Configuring Dynamic Host Configuration Protocol (DHCP) 12-140 Matrix NSA Series Configuration Guide[...]

  • Page 1053

    Matrix NSA Series Configuration Guide 13-1 13 Routing Protocol Configuration This chapter describes the Routing Protocol Config uration set of commands and how to use them. 13.1 PROCESS OVERVIEW: ROUTING PROTOCOL CONFIGURATION Use the following steps as a guide to conf iguring routing protocols on the device: 1. Activating advanced routing features[...]

  • Page 1054

    Routing Protocol Configuration Comman d Set Activating Advanced Routing Features 13-2 Matrix N SA Series Configuration Guide 13.2 ROUTING PROTOCOL CONFIGURATION COMMAND SET 13.2.1 Activating Advanced Routing Features In order to enable adva nce d routing protocols, su ch as OSPF and extended AC Ls, on a Matrix Series device, you must purchase and a[...]

  • Page 1055

    Routing Protocol Conf igura ti on Command Set Configuring RIP Matrix NSA Series Configuration Guide 13-3 Specify a RIP version. ip rip send version ( Section 13.2.2.7 ) ip rip receive version ( Section 13.2. 2.8 ) Configure RIP authentication. key chain ( Section 13.2.2.9 ) key ( Section 13.2.2.10 ) key-string ( Section 13.2.2. 11 ) accept-lifetime[...]

  • Page 1056

    Routing Protocol Configuration Comman d Set Configuring RIP 13-4 Matrix N SA Series Configuration Guide 13.2.2.1 router rip Use this command to enable or disable RIP configuration mode. router rip Synt ax Description None. Command Synt ax of the “no” Form The “no” form of this command disables RIP: no router rip Command T ype Router command[...]

  • Page 1057

    Routing Protocol Conf igura ti on Command Set Configuring RIP Matrix NSA Series Configuration Guide 13-5 13.2.2.2 network Use this command to attach a network of directly connected networks to a RIP routing process , or to remove a network from a RIP routing process. network ip-address Synt ax Description Command Synt ax of the “no” Form The ?[...]

  • Page 1058

    Routing Protocol Configuration Comman d Set Configuring RIP 13-6 Matrix N SA Series Configuration Guide 13.2.2.3 neighbor Use this command to instruct the router to send un icast RIP information to an IP addr ess. RIP is normally a broadcast protocol. In order for RIP r outing updates to reach nonbroadcast networks, the neighbor ’ s IP address mu[...]

  • Page 1059

    Routing Protocol Conf igura ti on Command Set Configuring RIP Matrix NSA Series Configuration Guide 13-7 13.2.2.4 distance Use this command to configure th e administrative distance for RIP routes. If several routes (coming from different protocols) are presented to the Matrix Series Route T able Manager (R TM), the protocol with the lowest adminis[...]

  • Page 1060

    Routing Protocol Configuration Comman d Set Configuring RIP 13-8 Matrix N SA Series Configuration Guide Example This example shows how to ch ange the default administrative distance for RIP to 1001: Matrix>Router1(config)# router rip Matrix>Router1(config-router)# distance 100[...]

  • Page 1061

    Routing Protocol Conf igura ti on Command Set Configuring RIP Matrix NSA Series Configuration Guide 13-9 13.2.2.5 ip rip offset Use this command to add or remove an of fset to the metric of an incoming or outgoin g RIP route. Adding an offset on an interface is used fo r the purpose of making an interface a backup. ip rip offset { in | out } value [...]

  • Page 1062

    Routing Protocol Configuration Comman d Set Configuring RIP 13-10 M atrix NSA Series Configurati on Guide 13.2.2.6 timers Use this command to adjust RIP routing timers determining the frequency of routing updates, the length of time before a route b ecomes invalid, and the interval du ring which routing information regarding better paths is suppres[...]

  • Page 1063

    Routing Protocol Conf igura ti on Command Set Configuring RIP Matrix NSA Series Configuration Guide 13-1 1 13.2.2.7 ip rip send version Use this command to set the RIP version(s) for update packets tran smitted on an interface. ip rip send version { 1 | 2 | r1compatible } Synt ax Description Command Synt ax of the “no” Form The “no” fo rm o[...]

  • Page 1064

    Routing Protocol Configuration Comman d Set Configuring RIP 13-12 M atrix NSA Series Configurati on Guide 13.2.2.8 ip rip receive version Use this command to set the RI P version(s) for update packets accepted on the interface. ip rip receive version { 1 | 2 | 1 2 | none } Synt ax Description Command Synt ax of the “no” Form The “no” form o[...]

  • Page 1065

    Routing Protocol Conf igura ti on Command Set Configuring RIP Matrix NSA Series Configu ration Guide 13-13 About RIP Authentication The following tasks must be completed to configur e RIP authentication on a Matrix Series rout ing module: 1. Create a key chain as described in Section 13.2 .2.9 . 2. Add a key to the chain as described in Section 13.[...]

  • Page 1066

    Routing Protocol Configuration Comman d Set Configuring RIP 13-14 M atrix NSA Series Configurati on Guide 13.2.2.9 key chain Creates or deletes a key chain used globally for RIP authentication. key chain name Synt ax Description Command Synt ax of the “no” Form The “no” form of this command deletes the specified key chain: no key chain name[...]

  • Page 1067

    Routing Protocol Conf igura ti on Command Set Configuring RIP Matrix NSA Series Configu ration Guide 13-15 13.2.2.10 key Use this command to identify a RIP authentication key on a key chain. key key-id Synt ax Description Command Synt ax of the “no” Form The “no” form of this command re mo ves the key from the key ch ain: no key key-id Comm[...]

  • Page 1068

    Routing Protocol Configuration Comman d Set Configuring RIP 13-16 M atrix NSA Series Configurati on Guide 13.2.2.1 1 key-string Use this command to specify a RIP authentication string for a key . Once configured, this string must be sent and received in RIP packets in order for them to be authenticated. key-string text Synt ax Description Command S[...]

  • Page 1069

    Routing Protocol Conf igura ti on Command Set Configuring RIP Matrix NSA Series Configu ration Guide 13-17 13.2.2.12 accept-lifeti me Use this command to speci fy the time period during which an authentication key on a key chain is valid to be received. accept-lifetime start-time month date year { duration seconds | end-time | infinite } Synt ax De[...]

  • Page 1070

    Routing Protocol Configuration Comman d Set Configuring RIP 13-18 M atrix NSA Series Configurati on Guide Command Mode Key chain key config ura tion: Matrix>Router1(con fig-keychain-key)# Command Default s None. Examples This example shows how to allow the “password” au thentication key to be received as valid on its RIP-configured interface[...]

  • Page 1071

    Routing Protocol Conf igura ti on Command Set Configuring RIP Matrix NSA Series Configu ration Guide 13-19 13.2.2.13 send-lifetime Use this command to speci fy the time period during which an authentication key on a key chain is valid to be sent. send-lifetime start-time month date year { duration seconds | end-time | infinite } Synt ax Description[...]

  • Page 1072

    Routing Protocol Configuration Comman d Set Configuring RIP 13-20 M atrix NSA Series Configurati on Guide Command Default s None. Example This example shows how to allow the “password” authentication key to be sent as valid on its RIP-configured interface beginning at 2:30 on No vember 30, 2002 with no ending time (infinitely): Matrix>Router[...]

  • Page 1073

    Routing Protocol Conf igura ti on Command Set Configuring RIP Matrix NSA Series Configu ration Guide 13-21 13.2.2.14 ip rip au thentication keychain Use this command to enable or disable a RIP au thentication key chain for use on an interface. ip rip authen tication keychain name Synt ax Description Command Synt ax of the “no” Form The “no”[...]

  • Page 1074

    Routing Protocol Configuration Comman d Set Configuring RIP 13-22 M atrix NSA Series Configurati on Guide 13.2.2.15 ip rip authenti cation mode Use this command to set th e authentication mode when a key chain is present. ip rip authentication mode { text | md5 } Synt ax Description Command Synt ax of the “no” Form The “no” form of this com[...]

  • Page 1075

    Routing Protocol Conf igura ti on Command Set Configuring RIP Matrix NSA Series Configu ration Guide 13-23 13.2.2.16 no auto-summary Use this command to disable automa tic route summarization. By de fau lt, RIP version 2 supports automatic route summarization, which summarizes subprefixes to the classful network boundary when crossing network bound[...]

  • Page 1076

    Routing Protocol Configuration Comman d Set Configuring RIP 13-24 M atrix NSA Series Configurati on Guide 13.2.2.17 ip rip disable-triggered-updates Use this command to prevent RIP from sending trig gered updates. T riggered updates are sent when there is a change in the ne tw ork an d a new route with a lower metric is learned, or an old route is [...]

  • Page 1077

    Routing Protocol Conf igura ti on Command Set Configuring RIP Matrix NSA Series Configu ration Guide 13-25 13.2.2.18 ip split-horizon poison Use this command to enable or disable split ho rizon poison-reverse mode for RIP packets. Split horizon prevents packets from exit ing through the same interface on which they were received. Poison-reverse exp[...]

  • Page 1078

    Routing Protocol Configuration Comman d Set Configuring RIP 13-26 M atrix NSA Series Configurati on Guide 13.2.2.19 p assive-interface Use this command to prevent RIP from tran smitting update packets on an interface. passive-interface vlan vlan-id Synt ax Description Command Synt ax of the “no” Form The “no” form of this comm and disables [...]

  • Page 1079

    Routing Protocol Conf igura ti on Command Set Configuring RIP Matrix NSA Series Configu ration Guide 13-27 13.2.2.20 receive-interface Use this command to allow RIP to receive update pa ckets on an inte rface. Th is does not affect the sending of RIP updates on the specified interface. receive-interface vlan vlan-id Synt ax Description Command Synt[...]

  • Page 1080

    Routing Protocol Configuration Comman d Set Configuring RIP 13-28 M atrix NSA Series Configurati on Guide 13.2.2.21 distribute-list Use this command to filter networks received and to suppress networks from being advertised in RIP updates. distribute-list access-list-number { in vlan vlan-id | out vlan vlan-id } Synt ax Description Command Synt ax [...]

  • Page 1081

    Routing Protocol Conf igura ti on Command Set Configuring RIP Matrix NSA Series Configu ration Guide 13-29 13.2.2.22 redistribute Use this command to allow rout ing information discovered through non-RIP proto cols to be distributed in RIP update messages. redistribute { connected | ospf process-id | static } [ metric metric value ] [ subnets ] Syn[...]

  • Page 1082

    Routing Protocol Configuration Comman d Set Configuring RIP 13-30 M atrix NSA Series Configurati on Guide Example This example shows how to redistribute routing info rmation discovered throu gh OSPF process ID 1 non-subnetted routes into RIP update messages: Matrix>Router1(config)# router rip Matrix>Router1(config-router)# redistrib ute ospf [...]

  • Page 1083

    Routing Protocol Conf igura ti on Command Set Configuring OSPF Matrix NSA Series Configu ration Guide 13-31 13.2.3 Configuring OSPF Purpose T o enable and configure th e Open Shortest Path First (OSPF) routing protocol. OSPF Configuration T ask List and Commands T able 13-2 lists the tasks and commands associated with OSPF configuration. Commands a[...]

  • Page 1084

    Routing Protocol Configuration Comman d Set Configuring OSPF 13-32 M atrix NSA Series Configurati on Guide • Set a priority to help determine the OSPF designated router for the network. ip ospf priority ( Section 13. 2.3.5 ) • Adjust timers and message intervals. timers spf ( Section 13.2 .3.6 ) ip ospf retransmit-interval ( Section 13.2.3.7 ) [...]

  • Page 1085

    Routing Protocol Conf igura ti on Command Set Configuring OSPF Matrix NSA Series Configu ration Guide 13-33 Limit link state database overflow . database-overflow ( Section 13.2.3.22 ) Monitor and maintain OSPF . show ip ospf ( Section 13.2.3.23 ) show ip ospf database ( Sectio n 13.2.3.24 ) show ip ospf border -routers ( Section 13.2.3.25 ) show i[...]

  • Page 1086

    Routing Protocol Configuration Comman d Set Configuring OSPF 13-34 M atrix NSA Series Configurati on Guide 13.2.3.1 router osp f Use this command to enable or disable Open Sh ortest Path First (OSPF) configuration mode. ro uter ospf pr ocess-id Synt ax Description Command Synt ax of the “no” Form The “no” form of this command di sables OSPF[...]

  • Page 1087

    Routing Protocol Conf igura ti on Command Set Configuring OSPF Matrix NSA Series Configu ration Guide 13-35 13.2.3.2 network Use this command to configur e area IDs for OSPF interfaces. network ip - addr ess wildcard-mask ar ea ar ea-id Synt ax Description Command Synt ax of the “no” Form The “no” form of this command removes OSPF routing f[...]

  • Page 1088

    Routing Protocol Configuration Comman d Set Configuring OSPF 13-36 M atrix NSA Series Configurati on Guide 13.2.3.3 router id Use this command to set the OSPF router ID for the device. The OSPF protocol uses the router ID as a tie-breaker for path selection. If not specified, this will be set to the lowest IP address of the interfaces configured fo[...]

  • Page 1089

    Routing Protocol Conf igura ti on Command Set Configuring OSPF Matrix NSA Series Configu ration Guide 13-37 13.2.3.4 ip ospf cost Use this command to set the cost of sending an O SPF packet on an interface. Each router interface that participates in OSPF routing is assigned a de fault cost. This command overwrites the default of 10. ip ospf cost co[...]

  • Page 1090

    Routing Protocol Configuration Comman d Set Configuring OSPF 13-38 M atrix NSA Series Configurati on Guide 13.2.3.5 ip osp f priority Use this command to set the OSPF priority value for router interfaces. The priority value is communicated between routers by means of he llo messages and influen ces the election of a designated rout er . ip ospf pri[...]

  • Page 1091

    Routing Protocol Conf igura ti on Command Set Configuring OSPF Matrix NSA Series Configu ration Guide 13-39 13.2.3.6 timers spf Use this command to change OSPF timer values to fine-t une the OSPF network. timers spf spf-delay spf-hold Synt ax Description Command Synt ax of the “no” Form The “no” fo rm of this command rest ores the default t[...]

  • Page 1092

    Routing Protocol Configuration Comman d Set Configuring OSPF 13-40 M atrix NSA Series Configurati on Guide 13.2.3.7 ip osp f retransmit-interval Use this command to set the amou nt of time between retransmissions of link state advertisements (LSAs) for adjacencies that belong to an interface. ip ospf r e transmit-interval seconds Synt ax Descriptio[...]

  • Page 1093

    Routing Protocol Conf igura ti on Command Set Configuring OSPF Matrix NSA Series Configu ration Guide 13-41 13.2.3.8 ip ospf transmit-delay Use this command to set the amount of time requir ed to transmit a link state upda te pa cket on an interface. ip ospf transmit-delay seconds Synt ax Description Command Synt ax of the “no” Form The “no?[...]

  • Page 1094

    Routing Protocol Configuration Comman d Set Configuring OSPF 13-42 M atrix NSA Series Configurati on Guide 13.2.3.9 ip osp f hello-interval Use this command to set th e number of seconds a ro uter must wait be fore sending a hello packet to neighbor routers on an in te rface. Each Matrix Series routing m od ule or standalone de vice can support com[...]

  • Page 1095

    Routing Protocol Conf igura ti on Command Set Configuring OSPF Matrix NSA Series Configu ration Guide 13-43 13.2.3.10 ip osp f dead -interval Use this command to set the numb er of seconds a router must wait to receive a hello packet from its neighbor before determining that the neighbor is out of service. ip ospf dead-interval seconds Synt ax Desc[...]

  • Page 1096

    Routing Protocol Configuration Comman d Set Configuring OSPF 13-44 M atrix NSA Series Configurati on Guide 13.2.3.1 1 ip ospf authentication-key Use this command to assign a password to be us ed by neighboring rout ers using OSPF’ s simple password authentication. Th is password is used as a “key” that is inserted directly into the OSPF heade[...]

  • Page 1097

    Routing Protocol Conf igura ti on Command Set Configuring OSPF Matrix NSA Series Configu ration Guide 13-45 13.2.3.12 ip o sp f message digest key md5 Use this command to enable or disable OSPF MD 5 authentication on an in terface . This validates OSPF MD5 routing up dates be tween neighborin g routers. ip ospf message-digest-key keyid md5 key Synt[...]

  • Page 1098

    Routing Protocol Configuration Comman d Set Configuring OSPF 13-46 M atrix NSA Series Configurati on Guide 13.2.3.13 distance osp f Use this command to configure the administrative distance for OSPF routes. If several routes (coming from different protocols) are presented to the Matrix Series Route T able Manager (R TM), the protocol with the lowes[...]

  • Page 1099

    Routing Protocol Conf igura ti on Command Set Configuring OSPF Matrix NSA Series Configu ration Guide 13-47 Command Default s If route type is not specifie d, the distance value will be applied to all OSPF routes. Example This example shows how to c hange the default administrative distan ce for external OSPF routes to 100: Matrix>Router1(config[...]

  • Page 1100

    Routing Protocol Configuration Comman d Set Configuring OSPF 13-48 M atrix NSA Series Configurati on Guide 13.2.3.14 area range Use this command to define the range of addresses to be used by Area Border Routers (ABRs) when they communicate routes to other areas. Each Ma trix Series module or standalone device can support up to 6 OSPF areas and up [...]

  • Page 1101

    Routing Protocol Conf igura ti on Command Set Configuring OSPF Matrix NSA Series Configu ration Guide 13-49 13.2.3.15 area authentication Use this command to enable or disa b le authentication for an OS PF area. area area-id authentication { simple | message-digest } Synt ax Description Command Synt ax of the “no” Form The “no” form of this[...]

  • Page 1102

    Routing Protocol Configuration Comman d Set Configuring OSPF 13-50 M atrix NSA Series Configurati on Guide 13.2.3.16 area stub Use this command to define an OSPF area as a stub area. This is an area that carries no external routes. area ar ea-id stub [ no-summary ] Synt ax Description Command Synt ax of the “no” Form The “no” form of this c[...]

  • Page 1103

    Routing Protocol Conf igura ti on Command Set Configuring OSPF Matrix NSA Series Configu ration Guide 13-51 13.2.3.17 area defaul t cost Use this command to set the cost va lue for the default route that is sent into a stub area by an Area Border Router (ABR). The use of this command is restricted to ABRs attached to stub areas. area area-id defaul[...]

  • Page 1104

    Routing Protocol Configuration Comman d Set Configuring OSPF 13-52 M atrix NSA Series Configurati on Guide 13.2.3.18 area nssa Use this command to configure an area as a no t so stubby area (NSSA). An NSSA allows some external routes represented by external Link State Advertisements (LSAs) to be imported into it. This is in contrast to a stub area [...]

  • Page 1105

    Routing Protocol Conf igura ti on Command Set Configuring OSPF Matrix NSA Series Configu ration Guide 13-53 13.2.3.19 area virtual-link Use this command to define an OSPF virtual lin k, which represents a lo gical connection between the backbone and a non-backbone OSPF area. area ar ea-id virtual-link ip-addr ess The options for using this syntax a[...]

  • Page 1106

    Routing Protocol Configuration Comman d Set Configuring OSPF 13-54 M atrix NSA Series Configurati on Guide Command Synt ax of the “no” Form The “no” form of this comm and removes the virtual link: no area ar ea-id virtual-link ip-addr ess authentication-key key no area ar ea-id virtual-link ip-addr ess dead-interval seconds no area ar ea-id[...]

  • Page 1107

    Routing Protocol Conf igura ti on Command Set Configuring OSPF Matrix NSA Series Configu ration Guide 13-55 13.2.3.20 passive-interface Use this command to enable passiv e OSPF on an interface. This allo ws an interface to be included in the OSPF route table, but turns of f sending and receiving hellos for an interface. It also prevents OSPF adjace[...]

  • Page 1108

    Routing Protocol Configuration Comman d Set Configuring OSPF 13-56 M atrix NSA Series Configurati on Guide 13.2.3.21 redistribute Use this command to allow rou ting informatio n discovered through non-OSPF protocols to b e distributed in OSPF update messages. redistribute { rip | static [ metric metric value ] [ metric-type type-value ] [ subnets ][...]

  • Page 1109

    Routing Protocol Conf igura ti on Command Set Configuring OSPF Matrix NSA Series Configu ration Guide 13-57 Command Synt ax of the “no” Form The “no” fo rm of this command clears redistribution parameters: no redistribute { connected | rip | static } Command Mode Router configuration: Matrix>Router1(config-router)# Command Default s • [...]

  • Page 1110

    Routing Protocol Configuration Comman d Set Configuring OSPF 13-58 M atrix NSA Series Configurati on Guide 13.2.3.22 dat abase-overflow Use this command to limit the size of OSPF lin k state database overflow , a condition where the router is unable to maintain the database in its entirety . Setting database ov erflow allows you to set a limit on t[...]

  • Page 1111

    Routing Protocol Conf igura ti on Command Set Configuring OSPF Matrix NSA Series Configu ration Guide 13-59 Command Default s None. Example This example shows how to set the OSPF database exit overflow interval to 240 seconds, the overflow limit to 3800 LSAs, an d the warning level to 2500 LSAs: Matrix->Router1(config)# router os pf 1 Matrix->[...]

  • Page 1112

    Routing Protocol Configuration Comman d Set Configuring OSPF 13-60 M atrix NSA Series Configurati on Guide 13.2.3.23 show ip ospf Use this command to di splay OSPF information. show ip ospf Synt ax Description None. Command T ype Router command. Command Mode Any router mode. Command Default s None.[...]

  • Page 1113

    Routing Protocol Conf igura ti on Command Set Configuring OSPF Matrix NSA Series Configu ration Guide 13-61 Example This example shows how to display OSPF information: Matrix>Router1# show ip ospf Routing Process "ospf 20 " with I D 134.141.7.2 Supports only single TOS(TOS0) ro ute It is an area border and autonomo us system boundary r[...]

  • Page 1114

    Routing Protocol Configuration Comman d Set Configuring OSPF 13-62 M atrix NSA Series Configurati on Guide 13.2.3.24 show ip ospf dat abase Use this command to display the OSPF link state database. show ip ospf database [ link-state-id ] The options for using this syntax are: • show ip ospf database router [ link-stat e-id ] • show ip ospf data[...]

  • Page 1115

    Routing Protocol Conf igura ti on Command Set Configuring OSPF Matrix NSA Series Configu ration Guide 13-63 Command T ype Router command. Command Mode Any router mode. Command Default s If link-state-id is not specified, the specified ty pe of database records will be displayed for all link st ate IDs. Example This example shows how to display a ll[...]

  • Page 1116

    Routing Protocol Configuration Comman d Set Configuring OSPF 13-64 M atrix NSA Series Configurati on Guide T able 13-3 show ip ospf dat abase Output Det ails Output What It Displays... Link ID Link ID, which varies as a function of the link state record type, as follows: • Net Link States - Shows the interface IP address of the designated router [...]

  • Page 1117

    Routing Protocol Conf igura ti on Command Set Configuring OSPF Matrix NSA Series Configu ration Guide 13-65 13.2.3.25 sho w ip ospf border-routers Use this command to display in formation about OSPF internal entries to Area Border Routers (ABRs) and Autonomous System Boundary Routers (ASBRs). show ip ospf border-routers Synt ax Description None. Co[...]

  • Page 1118

    Routing Protocol Configuration Comman d Set Configuring OSPF 13-66 M atrix NSA Series Configurati on Guide 13.2.3.26 show ip o sp f interface Use this command to display OSPF interface related information, in cluding network type, priority , cost, hello interval, and dead interval. show ip ospf interface [ vlan vlan-id ] Synt ax Description Command[...]

  • Page 1119

    Routing Protocol Conf igura ti on Command Set Configuring OSPF Matrix NSA Series Configu ration Guide 13-67 T able 13-4 show ip osp f interface Output Det ails Output What It Displa ys... Vlan Interface (VLAN) administrative status as up or down. Internet Address IP address and mask assigned to this interface. Router ID Router ID, which O SPF selec[...]

  • Page 1120

    Routing Protocol Configuration Comman d Set Configuring OSPF 13-68 M atrix NSA Series Configurati on Guide Adjacent neighbor count Number of adjacent (FULL state) neighbors over this interface. Adjacent with neighbor IP address of the adjacent neighbor . T able 13-4 show ip osp f interface Output Det ails (Continued) Output What It Di splays...[...]

  • Page 1121

    Routing Protocol Conf igura ti on Command Set Configuring OSPF Matrix NSA Series Configu ration Guide 13-69 13.2.3.27 show ip ospf neighbor Use this command to disp lay the state of communic ation between an OSPF router and its neighbor routers. show ip ospf neighbor [ detail ] [ ip-addr ess ] [ vlan vlan-id ] Synt ax Description Command T ype Rout[...]

  • Page 1122

    Routing Protocol Configuration Comman d Set Configuring OSPF 13-70 M atrix NSA Series Configurati on Guide T able 13-5 provides an explanation of the comm and output. T able 13-5 show ip ospf neighb or Output Details Output What It Displays... ID Neighbor ’ s router ID of the OSPF neig hb or . Pri Neighbor ’ s priority over this interface. Stat[...]

  • Page 1123

    Routing Protocol Conf igura ti on Command Set Configuring OSPF Matrix NSA Series Configu ration Guide 13-71 13.2.3.28 show ip ospf virtual-links Use this command to display info rmation about th e virtual links configured on a router . A virtual link represents a logical connection between the backbone and a non-backbone OSPF area. show ip ospf vir[...]

  • Page 1124

    Routing Protocol Configuration Comman d Set Configuring OSPF 13-72 M atrix NSA Series Configurati on Guide T ransit Delay T ime (in seconds) a dded to the LSA (Link S tate Advertisement) age field when the LSA is transmitted through the virtual link. State Interface state assigned to a virtual link, which is point-to-point. T imer intervals configu[...]

  • Page 1125

    Routing Protocol Conf igura ti on Command Set Configuring OSPF Matrix NSA Series Configu ration Guide 13-73 13.2.3.29 clear ip osp f process Use this command to reset the OSPF process. This will require adjacencies to be reestablished and routes to be reconver ged. clear ip ospf process pr ocess-id Synt ax Description Command T ype Router command. [...]

  • Page 1126

    Routing Protocol Configuration Comman d Set Configuring OSPF 13-74 M atrix NSA Series Configurati on Guide 13.2.3.30 debug ip ospf Use this command to enable OSPF prot oc ol debugging ou tput. debug i p ospf { subsystem } Synt ax Description Command Synt ax of the “no” Form The “no” form of this command disables OSPF protocol debugging ou t[...]

  • Page 1127

    Routing Protocol Conf igura ti on Command Set Configuring OSPF Matrix NSA Series Configu ration Guide 13-75 13.2.3.31 rfc1583compatible Use this command to enable the O SPF router for RFC 1385 compatibility . rfc1583compatible Synt ax Description None Command Synt ax of the “no” Form The “no” form of this command remo ves OSPF RFC 1583 comp[...]

  • Page 1128

    Routing Protocol Configuration Comman d Set Configuring DVMRP 13-76 M atrix NSA Series Configurati on Guide 13.2.4 Configuring DVMRP Purpose T o enable and configure the Distance V ector Mul ticast Routing Protocol (DVMRP) on an interface. DVMRP routes multicast traf fic using a techniqu e known as Reverse Path F orwarding. When a router receives a[...]

  • Page 1129

    Routing Protocol Conf igura ti on Command Set Configuring DVMRP Matrix NSA Series Configu ration Guide 13-77 13.2.4.1 ip dvmrp Use this command to enable or disable DVMRP on an interface. ip dvmrp Synt ax Description None. Command Synt ax of the “no” Form The “no” form of this command disables DVMRP: no ip dvmrp Command T ype Router command[...]

  • Page 1130

    Routing Protocol Configuration Comman d Set Configuring DVMRP 13-78 M atrix NSA Series Configurati on Guide 13.2.4.2 ip dvmrp metric Use this command to configure the metric associat ed with a set of destinations for DVMRP reports. ip dvmrp metric metric Synt ax Description Command T ype Router command. Command Mode Interface configuration: Matrix&[...]

  • Page 1131

    Routing Protocol Conf igura ti on Command Set Configuring DVMRP Matrix NSA Series Configu ration Guide 13-79 13.2.4.3 show ip dvmrp route Use this command to displa y DVMRP routing information. show ip dvmrp route Synt ax Description None. Command T ype Router command. Command Mode Any router mode. Command Default s None. Example This example shows[...]

  • Page 1132

    Routing Protocol Configuration Comman d Set Configuring DVMRP 13-80 M atrix NSA Series Configurati on Guide Matrix>Router1# show ip dvmrp route flag characters used: ------------- V Neighbor is verified. P Neighbor supports pruning. G Neighbor supports generation ID. N Neighbor supports netmask in prunes and grafts. S Neighbor supports SNMP. M N[...]

  • Page 1133

    Routing Protocol Conf igura ti on Command Set Configuring IRDP Matrix NSA Series Configu ration Guide 13-81 13.2.5 Configuring IRDP Purpose T o enable and configure the ICMP Router Discovery Protocol (IRDP) on an interface. This protocol enables a host to determine the address of a router it can use as a default gateway . Commands The commands used[...]

  • Page 1134

    Routing Protocol Configuration Comman d Set Configuring IRDP 13-82 M atrix NSA Series Configurati on Guide 13.2.5.1 ip irdp Use this command to enable or disable IRDP on an interface. ip irdp Synt ax Description None. Command Synt ax of the “no” Form The “no” form of this command disables IRDP on an interface: no ip irdp Command T ype Route[...]

  • Page 1135

    Routing Protocol Conf igura ti on Command Set Configuring IRDP Matrix NSA Series Configu ration Guide 13-83 13.2.5.2 ip irdp maxadvertinterval Use this command to set the maximum interv al in seconds between IRDP advertisements. ip irdp maxadvertinterval interval Synt ax Description Command Synt ax of the “no” Form The “no” form of this com[...]

  • Page 1136

    Routing Protocol Configuration Comman d Set Configuring IRDP 13-84 M atrix NSA Series Configurati on Guide 13.2.5.3 ip irdp minadvertinterval Use this command to set the min imum interval in seconds between IRDP advertisements. ip irdp minadvertinterval interval Synt ax Description Command Synt ax of the “no” Form The “no” form of this comm[...]

  • Page 1137

    Routing Protocol Conf igura ti on Command Set Configuring IRDP Matrix NSA Series Configu ration Guide 13-85 13.2.5.4 ip irdp hold time Use this command to set the length of time in seconds IRDP advertise ments are held valid. ip irdp holdtime holdtime Synt ax Description Command Synt ax of the “no” Form The “no” fo rm of this command rese t[...]

  • Page 1138

    Routing Protocol Configuration Comman d Set Configuring IRDP 13-86 M atrix NSA Series Configurati on Guide 13.2.5.5 ip irdp preference Use this command to set the IRDP preference va lue for an interface. This valu e i s u s e d b y I R D P t o determine the interface’ s selection as a default gateway addre ss. ip irdp preference pr efer ence Synt[...]

  • Page 1139

    Routing Protocol Conf igura ti on Command Set Configuring IRDP Matrix NSA Series Configu ration Guide 13-87 13.2.5.6 ip irdp address Use this command to add additional IP addresses for IRDP to advertise. ip irdp address ip-address pr eference Synt ax Description Command Synt ax of the “no” Form The “no” form of this command clears an IP add[...]

  • Page 1140

    Routing Protocol Configuration Comman d Set Configuring IRDP 13-88 M atrix NSA Series Configurati on Guide 13.2.5.7 no ip irdp multicast Use this command to enable the ro uter to se nd IRDP advertisements using broadcast rather than multicast transmissions. By default, the rout er sends IRDP advertisements via multicast. no ip irdp multicast Synt a[...]

  • Page 1141

    Routing Protocol Conf igura ti on Command Set Configuring IRDP Matrix NSA Series Configu ration Guide 13-89 13.2.5.8 show ip ird p Use this command to display IRDP information. show ip irdp [ vlan vlan-id ] Synt ax Description Command T ype Router command. Command Mode Interface configuration: Matrix>Router1(config-if(Vlan 1))# Command Default s[...]

  • Page 1142

    Routing Protocol Configuration Comman d Set Configuring VRRP 13-90 M atrix NSA Series Configurati on Guide 13.2.6 Configuring VRRP Purpose T o enable an d configure the V irtual Router Redundancy P rotocol (VRRP). This protocol eliminates the single point of failure inherent in the stati c default routed environm ent by transferring the responsibil[...]

  • Page 1143

    Routing Protocol Conf igura ti on Command Set Configuring VRRP Matrix NSA Series Configu ration Guide 13-91 13.2.6.1 router vrrp Use this command to enable or disable VRRP configuration mode. router vrrp Synt ax Description None. Command Synt ax of the “no” Form The “no” fo rm of this command remo ves all VRRP config urations from the runni[...]

  • Page 1144

    Routing Protocol Configuration Comman d Set Configuring VRRP 13-92 M atrix NSA Series Configurati on Guide 13.2.6.2 create Use this command to create a VRRP session. Each Matrix Series routing module or standalone device supports up to VRRP sessions. Up to four VRIDs can be assoc iated with an individual routing interface. create vlan vlan-id vrid [...]

  • Page 1145

    Routing Protocol Conf igura ti on Command Set Configuring VRRP Matrix NSA Series Configu ration Guide 13-93 13.2.6.3 address Use this command to configure a virtual router IP address. If the virtual router IP address is the same as the interface (VLAN) address owned by a VRRP router , then the route r owning the address becomes the master . The mas[...]

  • Page 1146

    Routing Protocol Configuration Comman d Set Configuring VRRP 13-94 M atrix NSA Series Configurati on Guide Command T ype Router command. Command Mode Router configuration: Matrix>Router1(config-router)# Command Default s None. Examples This example shows how to configure a virtual router address of 1 82.127 .62.1 on VLAN 1, VRID 1, and to set th[...]

  • Page 1147

    Routing Protocol Conf igura ti on Command Set Configuring VRRP Matrix NSA Series Configu ration Guide 13-95 13.2.6.4 priority Use this command to set a priority value for a VRRP router . priority vlan vlan-id vrid priority-value Synt ax Description Command Synt ax of the “no” Form The “no” fo rm of this command cl ears the VRRP priority con[...]

  • Page 1148

    Routing Protocol Configuration Comman d Set Configuring VRRP 13-96 M atrix NSA Series Configurati on Guide 13.2.6.5 master-icmp-reply Use this command to enable ICMP replies for non-owner masters. Th is provides the ability for the virtual router maste r to respond to an ICMP echo even if it does not “own” the virtual IP address. W ithout this [...]

  • Page 1149

    Routing Protocol Conf igura ti on Command Set Configuring VRRP Matrix NSA Series Configu ration Guide 13-97 13.2.6.6 advertise-interval Use this command to set the interval in seconds between VRRP advertisements. These are sent by the master router to other routers participating in the VRRP master sel ection process, informing them of its configure[...]

  • Page 1150

    Routing Protocol Configuration Comman d Set Configuring VRRP 13-98 M atrix NSA Series Configurati on Guide Example This example shows how set an advertise in terval of 3 seconds on VLAN 1, VRID 1: Matrix>Router1(config)# router vrrp Matrix>Router1(config-router)# advertise -interval vlan 1 1 3[...]

  • Page 1151

    Routing Protocol Conf igura ti on Command Set Configuring VRRP Matrix NSA Series Configu ration Guide 13-99 13.2.6.7 critical -ip Use this command to set a critical IP address for VRRP routing. A critical IP address defines an interface — in addition to the interface between hosts and a first-hop router — that will prevent the master router fro[...]

  • Page 1152

    Routing Protocol Configuration Comman d Set Configuring VRRP 13-100 Matrix NSA Series Configuration Guide Example This example shows how to set IP address 182.127.62.3 as a critic al IP address associated wi th VLAN 1, VRID 1: Matrix>Router1(config)# router vrrp Matrix>Router1(config-router)# critical- ip vlan 1 1 182.127.62.3[...]

  • Page 1153

    Routing Protocol Conf igura ti on Command Set Configuring VRRP Matrix NSA Series Configura tion Guide 13-1 01 13.2.6.8 preempt Use this command to enable or disable preempt mode on a VRRP router . Preempt is enabled on VRRP routers by default, which allows a higher pr iority backup router to preempt a lower priority master . preempt vlan-id vrid Sy[...]

  • Page 1154

    Routing Protocol Configuration Comman d Set Configuring VRRP 13-102 Matrix NSA Series Configuration Guide 13.2.6.9 preempt-delay Use this command to set a preempt delay time on a VRRP router . When preempt mode is enabled this specifies a delay (in seconds) that a higher pr iority backup router must wait to preempt a lower priority master . For mor[...]

  • Page 1155

    Routing Protocol Conf igura ti on Command Set Configuring VRRP Matrix NSA Series Configura tion Guide 13-1 03 Example This example shows how to set the preemp t delay to 60 seconds on VLAN 1, VRID 1: Matrix>Router1(config)# router vrr p Matrix>Router1(config-router)# pre empt-delay vlan 1 1 60[...]

  • Page 1156

    Routing Protocol Configuration Comman d Set Configuring VRRP 13-104 Matrix NSA Series Configuration Guide 13.2.6.10 enable Use this command to enable V RRP on an interface. enable vlan vlan-id vrid Synt ax Description Command Synt ax of the “no” Form The “no” form of this command disables VRRP on an interface: no enable vlan vlan-id vrid Co[...]

  • Page 1157

    Routing Protocol Conf igura ti on Command Set Configuring VRRP Matrix NSA Series Configura tion Guide 13-1 05 13.2.6.1 1 ip vrrp authentication-key Use this command to set a VRRP auth entication password on an interface. ip vrrp authentication-key passwor d Synt ax Description Command Synt ax of the “no” Form The “no” fo rm of this command [...]

  • Page 1158

    Routing Protocol Configuration Comman d Set Configuring VRRP 13-106 Matrix NSA Series Configuration Guide 13.2.6.12 ip vrrp message-digest-key Use this command to set a VRRP MD5 au thentication password on an i nterface. ip vrrp message-digest-key vrid md5 passwor d [ hmac-96] Synt ax Description Command Synt ax of the “no” Form The “no” fo[...]

  • Page 1159

    Routing Protocol Conf igura ti on Command Set Configuring VRRP Matrix NSA Series Configura tion Guide 13-1 07 13.2.6.13 show ip vrrp Use this command to displa y VRRP routing information. show ip vrrp Synt ax Description None. Command T ype Router command. Command Mode Any router mode . Command Default s None. Example This example shows how to disp[...]

  • Page 1160

    Routing Protocol Configuration Comman d Set Configuring VRRP 13-108 Matrix NSA Series Configuration Guide[...]

  • Page 1161

    Matrix NSA Series Configuration Guide 14-1 14 Security Configuration This chapter describes the Security Configura tion set of commands and how to use them. 14.1 OVERVIEW OF SECURITY METHODS The following security methods are available fo r controlling which users are allowed to access, monitor , and mana ge the device. • Local user creden tia ls[...]

  • Page 1162

    Overview of Security Methods 14-2 Matrix N SA Series Configuration Guide • MAC Locking — locks a port to one or mo re MAC addresses, preventing connection of unauthorized devices via the port. For details, refer to Section 14.3.9 . • Multiple User Multiple Authentication – allows multiple users on a given port to simultaneously authenticate[...]

  • Page 1163

    Overview of Security Methods RADIUS Filter-ID Attribute and Dynamic Policy Profile Assignment Matrix NSA Series Configuration Guide 14-3 14.1.1 RADIUS Filter-ID Attribut e and Dynamic Policy Profile Assignment If you configure an authentication method that requires communica tion with a RADIUS server , you can use the RADIUS Filter -ID attribute to[...]

  • Page 1164

    Process Overview: Security Configuration RADIUS Filter-ID Attribute and Dynamic Policy Profile Assignment 14-4 Matrix N SA Series Configuration Guide 14.2 PROCESS OVERVIEW: SECURITY CONFIGURATION Use the following steps as a guide to co nfig uring security methods on the device: 1. Setting the Authentication Login Method ( Section 14.3.1 ) 2. Confi[...]

  • Page 1165

    Security Configuration Command Set Setting the Auth enticatio n Login Method Matrix NSA Series Configuration Guide 14-5 14.3 SECURITY CONFIGURATION COMMAND SET 14.3.1 Setting the Authentication Login Method Purpose T o configure the authentication logi n method. Commands The commands used to configure the authentication login method ar e listed bel[...]

  • Page 1166

    Security Configuration Comman d Set Setting the Authentication Logi n Method 14-6 Matrix N SA Series Configuration Guide 14.3.1.1 show authenticati on login Use this command to display the current authenticatio n login method. show authen tication login Synt ax Description None. Command T ype Switch command. Command Mode Read-Only . Command Default[...]

  • Page 1167

    Security Configuration Command Set Setting the Auth enticatio n Login Method Matrix NSA Series Configuration Guide 14-7 14.3.1.2 set auth entication login Use this command to set th e authentication login method. set authentication login { any | local | radius | tacacs } Synt ax Description Command T ype Switch command. Command Mode Read-W rite. Co[...]

  • Page 1168

    Security Configuration Comman d Set Setting the Authentication Logi n Method 14-8 Matrix N SA Series Configuration Guide 14.3.1.3 clear authenticat ion login Use this command to reset the authentication login method to the default setting of “any”. clear authentication login Synt ax Description None. Command T ype Switch command. Command Mode R[...]

  • Page 1169

    Security Configuration Command Set Configuring RADIUS Matrix NSA Series Configuration Guide 14-9 14.3.2 Configuring RADIUS Purpose T o perform the following: • Review the RADIUS client/server configuration on the device. • Enable or disable the RADIUS client. • Set local and remote login options. • Set primary and secondary serve r para met[...]

  • Page 1170

    Security Configuration Comman d Set Configuring RADIUS 14-10 M atrix NSA Series Configurati on Guide 14.3.2.1 show radius Use this command to display the current RADIUS client/server configuration. show radius [ state | retries authtype || timeout | server [ index | all ]] Synt ax Description Command T ype Switch command. Command Mode Read-Only . C[...]

  • Page 1171

    Security Configuration Command Set Configuring RADIUS Matrix NSA Series Configuration Guide 14-1 1 T able 14-1 provides an explan ation of the command output. T able 14-1 show radius Output De tails Output What It Displays... RADIUS state Whether the RADIUS client is enabled or disabled . RADIUS retries Number of retry attemp ts before the RADIUS s[...]

  • Page 1172

    Security Configuration Comman d Set Configuring RADIUS 14-12 M atrix NSA Series Configurati on Guide 14.3.2.2 set radius Use this command to enable, disable, or configure RADIUS authentication. set radius {[ enable | disable ] [ retries number-of-r etries ] [ timeout timeout ] [ server { index ip-address port [ secr et-value ]} [ realm { management[...]

  • Page 1173

    Security Configuration Command Set Configuring RADIUS Matrix NSA Series Configu ration Guide 14-13 Command Default s • If secr et-value is not specified, none will be applied. • If realm is not specified, any authentication will be allowed. Examples This example shows how to enable the RADIUS client for authenticating with RADIUS server 1 at IP[...]

  • Page 1174

    Security Configuration Comman d Set Configuring RADIUS 14-14 M atrix NSA Series Configurati on Guide 14.3.2.3 clear radius Use this command to clear RADIUS server settings. clear radius [ state ] [ retries ] [ timeout ] [ server [ index | all ] [ real m { index | all }] Synt ax Description Command T ype Switch command. Command Mode Read-W rite. Com[...]

  • Page 1175

    Security Configuration Command Set Configuring RADIUS Matrix NSA Series Configu ration Guide 14-15 14.3.2.4 show radi us accounting Use this command to display the RADIUS accoun ting configurat ion. This transmits accounting information between a network access se rver and a shared accounting server . show radius accounting [ updateinterval ] | [ i[...]

  • Page 1176

    Security Configuration Comman d Set Configuring RADIUS 14-16 M atrix NSA Series Configurati on Guide For details on enabling and configuring RADIUS accounting, refer to Section 14.3. 2.5 : Matrix(rw)-> show radius accounting Accounting state: Enabled Accounting update interval: 1800 secs Accounting interval minimum: 600 secs Server Server A cct [...]

  • Page 1177

    Security Configuration Command Set Configuring RADIUS Matrix NSA Series Configu ration Guide 14-17 14.3.2.5 set ra dius accounting Use this command to conf igure RADIUS accounting. set radius accounting {[ enable ] [ disable ] [ intervalminimum value ] [ updateinterval value ] [ retries re t r i e s ] [ timeout timeou t ] [ server { index | all } i[...]

  • Page 1178

    Security Configuration Comman d Set Configuring RADIUS 14-18 M atrix NSA Series Configurati on Guide Command Mode Read-W rite. Command Default s None. Examples This example shows how to enab le the RADIUS accounting client for authenticating with the accounting server 1 at IP address 10.2.4.12, UDP authentication port 18 00. As previously noted, t [...]

  • Page 1179

    Security Configuration Command Set Configuring RADIUS Matrix NSA Series Configu ration Guide 14-19 14.3.2.6 clear radius accounting Use this command to clear RADIUS accounting configuration settings. clear radius accounting {[ server { index | all }] [ retries { index | all }] [ timeout { index | all }] [ intervalminimum] [ updateinterval ]} Synt a[...]

  • Page 1180

    Security Configuration Comman d Set Configuring RFC 3580 14-20 M atrix NSA Series Configurati on Guide 14.3.3 Configuring RFC 3580 About RFC 3580 RFC 3580 pro vides suggestions on how 802.1x Authent icators should leverage RADIUS as the backend AAA infrastructure. RFC 35 80 is divided into several ma jor sections: RADIUS Accounting, RADIUS Authenti[...]

  • Page 1181

    Security Configuration Command Set Configuring RFC 3580 Matrix NSA Series Configu ration Guide 14-21 14.3.3.1 show vlanauthorization Use this command to display th e VLAN Authorization settings. show vlanauthorization [ port-list ] | [ all ] Synt ax Description Command T ype Switch command. Command Mode Read-Only . Command Default s If no parameter[...]

  • Page 1182

    Security Configuration Comman d Set Configuring RFC 3580 14-22 M atrix NSA Series Configurati on Guide 14.3.3.2 set vlanauthorization Use this command to set the VL AN Authorization attributes. set vlanauthorization enable | disable | port port-list {[ enable | disable ] none | tagged | untagged | dynamic } Synt ax Description Command T ype Switch [...]

  • Page 1183

    Security Configuration Command Set Configuring RFC 3580 Matrix NSA Series Configu ration Guide 14-23 14.3.3.3 clear vlanauthorization Use this command to clear the VLAN Authorization attributes to the defaults. clear vlanauthorization port-list all Synt ax Description Command T ype Switch command. Command Mode Read-W rite. Command Default s None. E[...]

  • Page 1184

    Security Configuration Comman d Set Configuring T ACACS+ 14-24 M atrix NSA Series Configurati on Guide 14.3.4 Configuring T ACACS+ Purpose T o perform the following: • Review the T ACACS+ client and server configurations on the device. • Enable or disable the T ACACS+ client. • Set local and remote login options. • Set server parameters, in[...]

  • Page 1185

    Security Configuration Command Set Configuring T ACACS+ Matrix NSA Series Configu ration Guide 14-25 14.3.4.1 show tacacs Use this command to display the current T A CACS+ configuration in formation and status. show tacacs [ state ] Synt ax Description Command Default s If state is not specified, all T A CACS+ configuration information will be disp[...]

  • Page 1186

    Security Configuration Comman d Set Configuring T ACACS+ 14-26 M atrix NSA Series Configurati on Guide T able 14-2 show t acacs Output Det ails Output What It Displays... T ACACS+ state Whether the T ACACS+ client is enabled or disabled . T ACACS+ session accounting state Whether T ACACS+ sess ion accounting is enabled or disabled . T ACACS+ comman[...]

  • Page 1187

    Security Configuration Command Set Configuring T ACACS+ Matrix NSA Series Configu ration Guide 14-27 14.3.4.2 set tacacs Use this command to enable or disable the T ACACS+ client. set tacacs { enable | disable } Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Usage The T ACACS+ client can be enab [...]

  • Page 1188

    Security Configuration Comman d Set Configuring T ACACS+ 14-28 M atrix NSA Series Configurati on Guide 14.3.4.3 show ta cacs server Use this command to display the cu rrent T ACACS+ server configuration. show tacacs server { index | all } Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-Only . Example This[...]

  • Page 1189

    Security Configuration Command Set Configuring T ACACS+ Matrix NSA Series Configu ration Guide 14-29 14.3.4.4 set tacacs server Use this command to configure the T ACACS+ serve r(s) to be used by the T ACACS+ client. Y ou can configure the timeout value for all configured servers or a single server, or you can configure the IP address, TCP port, an[...]

  • Page 1190

    Security Configuration Comman d Set Configuring T ACACS+ 14-30 M atrix NSA Series Configurati on Guide 14.3.4.5 clear t acacs server Use this command to remove one or all configured T ACACS+ servers, or to return the timeout value to its default value for one or all configured T ACACS+ servers. clear tacacs server { all | index } [ timeout ] Synt a[...]

  • Page 1191

    Security Configuration Command Set Configuring T ACACS+ Matrix NSA Series Configu ration Guide 14-31 14.3.4.6 show tacacs session Use this command to display the curre nt T ACACS+ client session settings. show tacacs session { authorization | accounting [ state ]} Synt ax Description Command Default s If state is not specified, all session accounti[...]

  • Page 1192

    Security Configuration Comman d Set Configuring T ACACS+ 14-32 M atrix NSA Series Configurati on Guide 14.3.4.7 set t a cacs session Use this command to enable or disable T ACACS + session accounting, or to configure T ACACS+ session authorization parameters. For simplicity , separate syntax formats are shown for configuring session accounting and [...]

  • Page 1193

    Security Configuration Command Set Configuring T ACACS+ Matrix NSA Series Configu ration Guide 14-33 Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Usage When session accounting is enabled, the T ACACS+ server will log accounting information, such as start and stop times, IP address of the client, and so forth, for [...]

  • Page 1194

    Security Configuration Comman d Set Configuring T ACACS+ 14-34 M atrix NSA Series Configurati on Guide 14.3.4.8 clear t acacs session Use this command to return the T ACACS+ session authorization settings to their default values. clear tacacs session authorization { [ service ] [ read-only ] [ read-write ] [ super-user ] } Synt ax Description Comma[...]

  • Page 1195

    Security Configuration Command Set Configuring T ACACS+ Matrix NSA Series Configu ration Guide 14-35 14.3.4.9 show tacacs command Use this command to display the sta t us (enabled or disabled) of T ACACS+ acc ounting or authorization on a per-command basis. show tacacs command { ac counting | authorization } [ state ] Synt ax Description Command De[...]

  • Page 1196

    Security Configuration Comman d Set Configuring T ACACS+ 14-36 M atrix NSA Series Configurati on Guide 14.3.4.10 set tacacs command Use this command to enable or disable T ACACS + accounting or authori zation on a per-command basis. set tacacs command { accounting | authorization } { enable | disable } Synt ax Description Command Default s None. Co[...]

  • Page 1197

    Security Configuration Command Set Configuring T ACACS+ Matrix NSA Series Configu ration Guide 14-37 14.3.4.1 1 show t acacs si ngleconnect Use this command to display the current status of the T ACACS+ client’ s ability to send multiple requests over a single TCP connection. show tacacs singleconnect [ state ] Synt ax Description Command Default[...]

  • Page 1198

    Security Configuration Comman d Set Configuring T ACACS+ 14-38 M atrix NSA Series Configurati on Guide 14.3.4.12 set tacacs singleconnect Use this command to enable or disable the ability of the T ACACS+ client to send multiple requests over a single TCP connection. When enabled, the T ACACS+ client will use a single TCP connection for all requests[...]

  • Page 1199

    Security Configuration Command Set Configuring 802.1X Authentication Matrix NSA Series Configu ration Guide 14-39 14.3.5 Configuring 802.1X Authentication About Multi-User Authentication Enterasys Networks’ enhanced version of the IEEE 802.1X-2001 specificati on decreases security vulnerabilities inherent with the standard implemen tation, and al[...]

  • Page 1200

    Security Configuration Comman d Set Configuring 802.1X Authentication 14-40 M atrix NSA Series Configurati on Guide Commands The commands used to review and configure 802.1X are liste d below and described in the associated section as shown: • show dot1x ( Section 14.3.5. 1 ) • show dot1x auth-config ( S ection 14.3.5.2 ) • set dot1x ( Sectio[...]

  • Page 1201

    Security Configuration Command Set Configuring 802.1X Authentication Matrix NSA Series Configu ration Guide 14-41 14.3.5.1 show do t1x Use this command to display 802.1X status, di agnostics, statistics, and reauthentication or initialization control information for one or more ports. show dot1x [ auth-config | access -entity | auth-diag | auth-ses[...]

  • Page 1202

    Security Configuration Comman d Set Configuring 802.1X Authentication 14-42 M atrix NSA Series Configurati on Guide • If port-string is not specified, information for all ports will be displayed. Examples This example shows how to display 802.1X status: This example shows how to di splay authentication diagnost ics information for fe.1.1: Matrix([...]

  • Page 1203

    Security Configuration Command Set Configuring 802.1X Authentication Matrix NSA Series Configu ration Guide 14-43 This example shows how to display authen tication session statistics for fe.1.1: This example shows how to display authentication sta tistics for fe.1.1: Matrix(rw)-> show dot1x auth-sessi on-stats fe.1.1 Port: 1 Auth-Session-Stats: [...]

  • Page 1204

    Security Configuration Comman d Set Configuring 802.1X Authentication 14-44 M atrix NSA Series Configurati on Guide 14.3.5.2 show dot1x auth-config Use this command to display 802.1 X authentication configuration se ttings for one or more ports. show dot1x auth-config [ authcontrolled-portcontrol ] [ keytxenabled ] [ maxreq ] [ quietperiod ] [ reau[...]

  • Page 1205

    Security Configuration Command Set Configuring 802.1X Authentication Matrix NSA Series Configu ration Guide 14-45 Command T ype Switch command. Command Mode Read-Only . Command Default s • If no parameters are specified, all 802.1X settin gs will be displayed. • If port-string is not specified, informa tion for all ports will be displayed. Exam[...]

  • Page 1206

    Security Configuration Comman d Set Configuring 802.1X Authentication 14-46 M atrix NSA Series Configurati on Guide 14.3.5.3 set dot1x Use this command to enable or disable 802.1X au thentication, to reauthenticate one or more access entities, or to reinitialize one or more supplicants. set dot1x {[ enable | disable ] [ init | reauth [ port-string [...]

  • Page 1207

    Security Configuration Command Set Configuring 802.1X Authentication Matrix NSA Series Configu ration Guide 14-47 14.3.5.4 set dot1 x auth-config Use this command to config ure 80 2.1 X authentication. set dot1x auth-config {[ authcontrolled-portcontrol { auto | forced-auth | forced-unauth }] [ keytxenabled { false | true }] [ maxreq value ] [ quie[...]

  • Page 1208

    Security Configuration Comman d Set Configuring 802.1X Authentication 14-48 M atrix NSA Series Configurati on Guide Command T ype Switch command. Command Mode Read-W rite. Command Default s If port-string is not specified, authentication pa rameters wi ll be set on all ports Examples This example shows how to set EAPOL port control to forced author[...]

  • Page 1209

    Security Configuration Command Set Configuring 802.1X Authentication Matrix NSA Series Configu ration Guide 14-49 14.3.5.5 clear d ot1x auth-config Use this command to reset 802.1X authentication parameters to default values on one or more ports. clear dot1x auth-config [ authcontrolled-portcontrol ] [ keytxenabled ] [ maxreq ] [ quietperiod ] [ re[...]

  • Page 1210

    Security Configuration Comman d Set Configuring 802.1X Authentication 14-50 M atrix NSA Series Configurati on Guide • If port-string is not specified, paramete rs will be set on all ports. Examples This example shows how to reset the 802.1X port control mode to auto on all ports: This example shows how to rese t reauthentication co ntro l to disa[...]

  • Page 1211

    Security Configuration Command Set Configuring Port Web Authentication (PWA) Matrix NSA Series Configu ration Guide 14-51 14.3.6 Configuring Port Web Authentication (PW A) About PW A PW A provides a way of authenticating users before allowing general access to the network. A PW A user ’ s access to the network is restricted until afte r the user [...]

  • Page 1212

    Security Configuration Comman d Set Configuring Port Web Authentication (PWA) 14-52 M atrix NSA Series Configurati on Guide Setting the port mode in this fashion will al l ow traffic to flow through the port without authentication according to its configuration. By default, this would allow all traffic to be forwarded. Co nversely , you could confi[...]

  • Page 1213

    Security Configuration Command Set Configuring Port Web Authentication (PWA) Matrix NSA Series Configu ration Guide 14-53 Commands The comma nds needed to review and configure PW A are listed below and described in the associated section as shown: • show pwa ( Section 14.3.6.1 ) • set pwa ( Section 14.3.6.2 ) • set pwa hostname ( Section 14.3[...]

  • Page 1214

    Security Configuration Comman d Set Configuring Port Web Authentication (PWA) 14-54 M atrix NSA Series Configurati on Guide 14.3.6.1 show pwa Use this command to display por t web authen tication information fo r one or more ports. show pwa [ port-string ] Synt ax Description Command Default s If port-string is not specified, PW A informatio n will[...]

  • Page 1215

    Security Configuration Command Set Configuring Port Web Authentication (PWA) Matrix NSA Series Configu ration Guide 14-55 T able 14-3 show pwa Output Det ails Output What It Displays... PW A Status Whether or not port web authentication is enabled or disabled. Default state of disabled can be changed using the set pwa command as described in Sectio[...]

  • Page 1216

    Security Configuration Comman d Set Configuring Port Web Authentication (PWA) 14-56 M atrix NSA Series Configurati on Guide Mode PW A port co ntrol mode. Auth Status Whether or not the port state is disconnected, authenticating authenticated, or held (a uthentication has failed). Quiet Period Amount of time a port will be in the held state after a [...]

  • Page 1217

    Security Configuration Command Set Configuring Port Web Authentication (PWA) Matrix NSA Series Configu ration Guide 14-57 14.3.6.2 set pwa Use this command to enable or disable port web authentica tion. set pwa { enable | disable } Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example This examp[...]

  • Page 1218

    Security Configuration Comman d Set Configuring Port Web Authentication (PWA) 14-58 M atrix NSA Series Configurati on Guide 14.3.6.3 set pwa hostname Use this command to set a port web authenticatio n host name. This is a URL for accessing the PW A login pag e. set pwa hostname name Synt ax Description Command Default s None. Command T ype Switch c[...]

  • Page 1219

    Security Configuration Command Set Configuring Port Web Authentication (PWA) Matrix NSA Series Configu ration Guide 14-59 14.3.6.4 clear pwa h ostname Use this command to clear the po rt web authentication host name. clear pwa hostname Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example [...]

  • Page 1220

    Security Configuration Comman d Set Configuring Port Web Authentication (PWA) 14-60 M atrix NSA Series Configurati on Guide 14.3.6.5 show pwa banner Use this command to display the port web authentication login banner string. show pwa banner Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-Only . Exa[...]

  • Page 1221

    Security Configuration Command Set Configuring Port Web Authentication (PWA) Matrix NSA Series Configu ration Guide 14-61 14.3.6.6 set pwa ban ner Use this command to configure a string to be displayed as the PW A login banner . set pwa banner string Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite.[...]

  • Page 1222

    Security Configuration Comman d Set Configuring Port Web Authentication (PWA) 14-62 M atrix NSA Series Configurati on Guide 14.3.6.7 clear pwa banner Use this command to reset the PW A login banner to a blank string. clear pwa banner Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example Th[...]

  • Page 1223

    Security Configuration Command Set Configuring Port Web Authentication (PWA) Matrix NSA Series Configu ration Guide 14-63 14.3.6.8 set pwa displaylogo Use this command to set the display opt ions for the Enterasys Networks logo. set pwa displaylogo { display | hide } Synt ax Description Command Default s None. Command T ype Switch command. Command [...]

  • Page 1224

    Security Configuration Comman d Set Configuring Port Web Authentication (PWA) 14-64 M atrix NSA Series Configurati on Guide 14.3.6.9 set pwa redirectt ime Use this command to set the PW A login succe ss pa ge redirect time. set pwa redirecttime time Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. [...]

  • Page 1225

    Security Configuration Command Set Configuring Port Web Authentication (PWA) Matrix NSA Series Configu ration Guide 14-65 14.3.6.10 set pwa ip address Use this command to set the PW A IP addre ss. This is the IP addr es s of the end station from which PW A will prevent network access until the user is authenticated. set pwa ipaddress ip-addr ess Sy[...]

  • Page 1226

    Security Configuration Comman d Set Configuring Port Web Authentication (PWA) 14-66 M atrix NSA Series Configurati on Guide 14.3.6.1 1 set p wa protocol Use this command to set the po rt web authentication protocol. set pwa protocol { chap | pap } Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Ex[...]

  • Page 1227

    Security Configuration Command Set Configuring Port Web Authentication (PWA) Matrix NSA Series Configu ration Guide 14-67 14.3.6.12 set pwa enhancedmode Use this command to enable or dis able PW A en hanced mode. When enabled, users on unauthenticated PW A ports can type any URL into a browser and be presented the PW A login pag e on their initial [...]

  • Page 1228

    Security Configuration Comman d Set Configuring Port Web Authentication (PWA) 14-68 M atrix NSA Series Configurati on Guide 14.3.6.13 set pwa guestname Use this command to set a guest user name for PW A en hanced mode networking. When e nhanced mode is enabled (as describe d in Section 14.3.6.12 ), PW A will use this name to grant network access to[...]

  • Page 1229

    Security Configuration Command Set Configuring Port Web Authentication (PWA) Matrix NSA Series Configu ration Guide 14-69 14.3.6.14 clear p wa guestname Use this command to clear the PW A guest user name. clear pwa guestname Synt ax Description None. Command T ype Switch command. Command Default s None. Command Mode Read-W rite. Example This exampl[...]

  • Page 1230

    Security Configuration Comman d Set Configuring Port Web Authentication (PWA) 14-70 M atrix NSA Series Configurati on Guide 14.3.6.15 set pwa guestpassword Use this command to set the guest user password for PW A network ing. When enhanced mode is enabled, (as describe d in Section 14.3.6.12 ) PW A will use this password and the guest user name to [...]

  • Page 1231

    Security Configuration Command Set Configuring Port Web Authentication (PWA) Matrix NSA Series Configu ration Guide 14-71 14.3.6.16 set pwa guest status Use this command to enable or disable guest networking for port we b authentication. When enhanced mode is enabled (as describe d in Section 1 4.3.6.12 ), PW A will use a guest password and guest u[...]

  • Page 1232

    Security Configuration Comman d Set Configuring Port Web Authentication (PWA) 14-72 M atrix NSA Series Configurati on Guide 14.3.6.17 set pwa initialize Use this command to initializ e a PW A port to its defa ult unauthenticated state. set pwa initialize [ port-string ] Synt ax Description Command T ype Switch command. Command Default s If port-str[...]

  • Page 1233

    Security Configuration Command Set Configuring Port Web Authentication (PWA) Matrix NSA Series Configu ration Guide 14-73 14.3.6.18 set pwa quietperiod Use this command to set the amount of time a port will remain in the held state after a user unsuccessfully attempts to log on to the network. set pwa quietperiod time [ port-string ] Synt ax Descri[...]

  • Page 1234

    Security Configuration Comman d Set Configuring Port Web Authentication (PWA) 14-74 M atrix NSA Series Configurati on Guide 14.3.6.19 set pwa maxrequests Use this command to set the maximum number of log on attempts allowed be fore transitioning the PW A port to a held state. set pwa maxrequests re q u e s t s [ port-string ] Synt ax Description Co[...]

  • Page 1235

    Security Configuration Command Set Configuring Port Web Authentication (PWA) Matrix NSA Series Configu ration Guide 14-75 14.3.6.20 set pwa portcontrol Use this command to set the PW A port control mode. s et pwa portcontrol { auto | forceauthorized | forceunauthorized | promiscuousauto } [ port-string ] Synt ax Description Command Default s If por[...]

  • Page 1236

    Security Configuration Comman d Set Configuring Port Web Authentication (PWA) 14-76 M atrix NSA Series Configurati on Guide Example This example shows how to set the PW A control mode to auto for all ports: Matrix(rw)-> set pwa portcontrol auto[...]

  • Page 1237

    Security Configuration Command Set Configuring Port Web Authentication (PWA) Matrix NSA Series Configu ration Guide 14-77 14.3.6.21 sho w pwa session Use this command to display info rmation about current PW A sessions . show pwa session [ port-string ] Synt ax Description Command T ype Switch command. Command Default s If port-string is not specif[...]

  • Page 1238

    Security Configuration Comman d Set Configuring MAC Authenticatio n 14-78 M atrix NSA Series Configurati on Guide 14.3.7 Configuring MAC Authentication Purpose T o review , disable , enable and configure MA C authentication. This allows the device to authenticate source MAC addresses in an exchange w ith an authen tication server . The authenticato[...]

  • Page 1239

    Security Configuration Command Set Configuring MAC Authentica tion Matrix NSA Series Configu ration Guide 14-79 • clear macauthentication reauthperiod ( Section 14.3.7.17 ) • set macauthentication quietperiod ( Section 14.3.7.18 ) • clear macauthentication quietperiod ( Section 14.3.7.19 )[...]

  • Page 1240

    Security Configuration Comman d Set Configuring MAC Authenticatio n 14-80 M atrix NSA Series Configurati on Guide 14.3.7.1 show macauthent ication Use this command to displa y MAC authentication information for one or more ports. show macauthentication [ port-string ] Synt ax Description Command T ype Switch command. Command Mode Read-Only . Comman[...]

  • Page 1241

    Security Configuration Command Set Configuring MAC Authentica tion Matrix NSA Series Configu ration Guide 14-81 T able 14-4 show macauthentication Ou tput Details Output What It Displays... MAC authentication Whether MAC authen tication is globally enabled or disabled. Set using the set macauthentication command as described in Section 14 .3.7.3 . [...]

  • Page 1242

    Security Configuration Comman d Set Configuring MAC Authenticatio n 14-82 M atrix NSA Series Configurati on Guide 14.3.7.2 show macauthenticati on session Use this command to display the active MAC authenticated sessions. show macauthentication session Synt ax Description None. Command T ype Switch command. Command Mode Read-Only . Command Default [...]

  • Page 1243

    Security Configuration Command Set Configuring MAC Authentica tion Matrix NSA Series Configu ration Guide 14-83 Reauth Period Reauthentication peri od for this port, set using the set macauthentication reauthperiod command describe d in Section 14.3.7.16 . Reauthentications Whether or not reau thentication is enabled or disabled on this port. Set u[...]

  • Page 1244

    Security Configuration Comman d Set Configuring MAC Authenticatio n 14-84 M atrix NSA Series Configurati on Guide 14.3.7.3 set macauthentication Use this command to globally enab le or disable MAC authentication. set macauthentication { enable | disable } Synt ax Description Command T ype Switch command. Command Mode Read-W rite. Command Default s [...]

  • Page 1245

    Security Configuration Command Set Configuring MAC Authentica tion Matrix NSA Series Configu ration Guide 14-85 14.3.7.4 set macauth entication p a ssword Use this command to set a MAC authentication password. set macauthentication password passwor d Synt ax Description Command T ype Switch command. Command Mode Read-W rite. Command Default s None.[...]

  • Page 1246

    Security Configuration Comman d Set Configuring MAC Authenticatio n 14-86 M atrix NSA Series Configurati on Guide 14.3.7.5 clear macauthentication password Use this command to clear the MAC authentication password. clear macauthentication password Synt ax Description None. Command T ype Switch command. Command Mode Read-W rite. Command Default s No[...]

  • Page 1247

    Security Configuration Command Set Configuring MAC Authentica tion Matrix NSA Series Configu ration Guide 14-87 14.3.7.6 set macauthenti cation significant-bit s Use this command to set the number of sign ificant bits of the MAC address to use for authentication. set macauthentication significant-bits number Synt ax Description Command T ype Switch[...]

  • Page 1248

    Security Configuration Comman d Set Configuring MAC Authenticatio n 14-88 M atrix NSA Series Configurati on Guide 14.3.7.7 clear macauthentication significant-bit s Use this command to clear the MAC au thentication significant bits setting. clear macauthenticat ion significant-bits Synt ax Description None. Command T ype Switch command. Command Mod[...]

  • Page 1249

    Security Configuration Command Set Configuring MAC Authentica tion Matrix NSA Series Configu ration Guide 14-89 14.3.7.8 set macauth entication port Use this command to enable or disable one or more ports for MAC authentication. set macauthentication port { enable | disable } port-string Synt ax Description Command T ype Switch command. Command Mod[...]

  • Page 1250

    Security Configuration Comman d Set Configuring MAC Authenticatio n 14-90 M atrix NSA Series Configurati on Guide 14.3.7.9 set macauthentication authallocated Use this command to set the numb er of MAC authentication sessions allowed for one or more ports. set macauthentication authallocated number port- string Synt ax Description Command T ype Swi[...]

  • Page 1251

    Security Configuration Command Set Configuring MAC Authentica tion Matrix NSA Series Configu ration Guide 14-91 14.3.7.10 clear macauthenti cation authallocated Use this command to clear the number of MAC authentication sessions allowed for one or more ports. clear macauthentication authallocated [ port-string ] Synt ax Description Command T ype Sw[...]

  • Page 1252

    Security Configuration Comman d Set Configuring MAC Authenticatio n 14-92 M atrix NSA Series Configurati on Guide 14.3.7.1 1 set macauthentication portinitialize Use this command to force one or more MAC auth entication ports to re-initialize and remove any currently active sessions on thos e ports. set macauthentication portinitialize port -string[...]

  • Page 1253

    Security Configuration Command Set Configuring MAC Authentica tion Matrix NSA Series Configu ration Guide 14-93 14.3.7.12 set macauthentication macinitiali ze Use this command to force a current MAC authenticatio n session to re-initialize and remove the session. set macauthentication macinitialize mac_addr Synt ax Description Command T ype Switch [...]

  • Page 1254

    Security Configuration Comman d Set Configuring MAC Authenticatio n 14-94 M atrix NSA Series Configurati on Guide 14.3.7.13 set macauthentication reauthentication Use this command to enable or disable reauth entication of all currently authenticated MAC addresses on one or more ports. set macauthenticatio n reauthentication { enable | dis able } po[...]

  • Page 1255

    Security Configuration Command Set Configuring MAC Authentica tion Matrix NSA Series Configu ration Guide 14-95 14.3.7.14 set macauthentication portreauthenticate Use this command to force an immediate reauthenti cation of the currently active sessions on one or more MAC authentication ports. set macauthentication portreauthenticate port-string Syn[...]

  • Page 1256

    Security Configuration Comman d Set Configuring MAC Authenticatio n 14-96 M atrix NSA Series Configurati on Guide 14.3.7.15 set macauthentication macreauthenticate Use this command to forc e an immediate reauthentication of a MAC addre ss. set macauthenticatio n mac reauthen ticate mac_addr Synt ax Description Command T ype Switch command. Command [...]

  • Page 1257

    Security Configuration Command Set Configuring MAC Authentica tion Matrix NSA Series Configu ration Guide 14-97 14.3.7.16 set macauthenti cation reauthperiod Use this command to set the MA C reauthentication period (in se conds). This is the time lapse between attempts to reauthenticate any curre nt MAC address authenticated to a port. set macauthe[...]

  • Page 1258

    Security Configuration Comman d Set Configuring MAC Authenticatio n 14-98 M atrix NSA Series Configurati on Guide 14.3.7.17 clear macauthentication reaut hperiod Use this command to clear the MAC reauth entication period on one or more ports. clear macauthentication reauthperiod [ port-string ] Synt ax Description Command T ype Switch command. Comm[...]

  • Page 1259

    Security Configuration Command Set Configuring MAC Authentica tion Matrix NSA Series Configu ration Guide 14-99 14.3.7.18 set macauthe ntication quietperiod Use this command to enable a reauthentication atte mpt for failed entries at the period specified in seconds. Default v a lue is 0 (never). set macauthentication quietperiod time port-string Sy[...]

  • Page 1260

    Security Configuration Comman d Set Configuring MAC Authenticatio n 14-100 Matrix NSA Series Configuration Guide 14.3.7.19 clear macauthentication q uietperiod Use this command to clear the macauthentication qu iet period on one or more ports to the default value. The default value is 0 (never). clear macauthentication quietperiod [ port-string ] S[...]

  • Page 1261

    Security Configuration Command Set Configuring Conver gence End Points (CEP) Phone De tection Matrix NSA Series Configura tion Guide 14-1 01 14.3.8 Configuring Conver gence End Points (C EP) Phone Detection About CEP Phone Detection Convergence is a method to detect a remote IP te lephony or video device and app ly a policy to the connection port b[...]

  • Page 1262

    Security Configuration Comman d Set Configuring Convergence End Points (CEP) Phone Detection 14-102 Matrix NSA Series Configuration Guide • show cep connections ( Section 14.3. 8.1 ) • show cep detection ( Section 14.3.8.2 ) • show cep policy ( Section 14.3.8 .3 ) • show cep port ( Section 14.3.8.4 ) • set cep ( Section 14.3.8. 5 ) • se[...]

  • Page 1263

    Security Configuration Command Set Configuring Conver gence End Points (CEP) Phone De tection Matrix NSA Series Configura tion Guide 14-1 03 14.3.8.1 show cep connections Use this command to display all learned CEPs. show cep connections port-string Synt ax Description Command Default s None Command Mode Read-Only . Example This example shows how t[...]

  • Page 1264

    Security Configuration Comman d Set Configuring Convergence End Points (CEP) Phone Detection 14-104 Matrix NSA Series Configuration Guide 14.3.8.2 show cep detection Use this command to display CE P phone detection parameters. show cep detection [ detection-id ] Synt ax Description Command Default s If no detection-id is specified, all CEP detec ti[...]

  • Page 1265

    Security Configuration Command Set Configuring Conver gence End Points (CEP) Phone De tection Matrix NSA Series Configura tion Guide 14-1 05 14.3.8.3 show cep po licy Use this command to display the global policies of all su pported CEP types. show cep policy Synt ax Description None. Command Default s None Command Mode Read-Only . Examples This ex[...]

  • Page 1266

    Security Configuration Comman d Set Configuring Convergence End Points (CEP) Phone Detection 14-106 Matrix NSA Series Configuration Guide 14.3.8.4 show cep port Use this command to disp lay enable status of all supported CEP types. show cep port port-string Synt ax Description Command Default s None Command Mode Read-Only . Examples This example sh[...]

  • Page 1267

    Security Configuration Command Set Configuring Conver gence End Points (CEP) Phone De tection Matrix NSA Series Configura tion Guide 14-1 07 14.3.8.5 set cep Use this command to globally en able or disable CEP detection. set cep { enable | disable } Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. [...]

  • Page 1268

    Security Configuration Comman d Set Configuring Convergence End Points (CEP) Phone Detection 14-108 Matrix NSA Series Configuration Guide 14.3.8.6 set cep port Use this command to enable or disable a CEP detection type on one or more ports. set cep port port-string { cisco | h323 | siemens | sip } { enable | disable } Synt ax Description Command De[...]

  • Page 1269

    Security Configuration Command Set Configuring Conver gence End Points (CEP) Phone De tection Matrix NSA Series Configura tion Guide 14-1 09 14.3.8.7 set cep policy Use this command to set a global defau lt policy for a CEP detection type. This is the policy that will be applied when a phone of the specified type is de tected on a port. It must be [...]

  • Page 1270

    Security Configuration Comman d Set Configuring Convergence End Points (CEP) Phone Detection 14-1 10 Matrix NSA Series Configuration Guide 14.3.8.8 set cep detection-id Use this command to create a new H.323, Siemens, or SIP phone detection co nfiguration group, or enable, disable o r remove an existing group. set cep detection-id id { create | del[...]

  • Page 1271

    Security Configuration Command Set Configuring Conver gence End Points (CEP) Phone De tection Matrix NSA Series Configuration Guide 14-1 1 1 14.3.8.9 set cep detection-id type Use this command to specify wh ether a phone detection group will use H.323, Siemens or SIP as its phone discovery typ e. set cep detection-id id type { h323 | siemens | sip [...]

  • Page 1272

    Security Configuration Comman d Set Configuring Convergence End Points (CEP) Phone Detection 14-1 12 Matrix NSA Series Configuration Guide 14.3.8.10 set cep detection-id address Use this command to set an H.323, Siemens, or SI P phone detection group’ s IP address or mask. By default, H.323 will use 22 4.0.1.41 as its IP address and Siemen s will[...]

  • Page 1273

    Security Configuration Command Set Configuring Conver gence End Points (CEP) Phone De tection Matrix NSA Series Co nfiguration Guide 14-1 13 14.3.8.1 1 set cep de tection-id protocol Use this command to specify an IP protocol type for H.323, Siemens, or SIP conv ergence end points detection. If an IP address is not set fo r a phone detection group [...]

  • Page 1274

    Security Configuration Comman d Set Configuring Convergence End Points (CEP) Phone Detection 14-1 14 Matrix NSA Series Configuration Guide 14.3.8.12 set cep detection-id porthigh | portlow Use this command to set the maximum and minimu m ports used for TCP or UDP convergence end points detection. Once UDP and/or TCP phon e detection has been specif[...]

  • Page 1275

    Security Configuration Command Set Configuring Conver gence End Points (CEP) Phone De tection Matrix NSA Series Co nfiguration Guide 14-1 15 14.3.8.13 set cep initialize Use this command to clear all ex isting CEP conn ections for one or more CEP-enabled p orts. This command is similar to the clear cep users command. set cep initialize [ port-strin[...]

  • Page 1276

    Security Configuration Comman d Set Configuring Convergence End Points (CEP) Phone Detection 14-1 16 Matrix NSA Series Configuration Guide 14.3.8.14 clear cep Use this command to clear conver gence end points para meters. clear cep { all | policy | detection [ detection-id ] | users [ port-string ] | port [ port-string { all | cisco | h323 | siemen[...]

  • Page 1277

    Security Configuration Command Set Configuring Conver gence End Points (CEP) Phone De tection Matrix NSA Series Co nfiguration Guide 14-1 17 Examples This example shows how to clear all CEP policy parameters This example shows how to clear detection id 4 parameters This example shows how to clears ports fe .1.1-5 of Cisco phone d e tection paramete[...]

  • Page 1278

    Security Configuration Comman d Set Configuring MAC Locking 14-1 18 Matrix NSA Series Configuration Guide 14.3.9 Configuring MAC Locking Purpose T o review , dis able, enable and configure MAC locking. This lock s a MAC address to one or more ports, preventing con nection of unau thorized de vices via the port(s). When source MAC addresses are rece[...]

  • Page 1279

    Security Configuration Command Set Configuring MAC Locking Matrix NSA Series Co nfiguration Guide 14-1 19 14.3.9.1 show maclo ck Use this command to display the status of MAC locking on one or more ports. show maclock [ port_string ] Synt ax Description Command Default s If port_string is not specified, MAC locking stat us will be displayed for all[...]

  • Page 1280

    Security Configuration Comman d Set Configuring MAC Locking 14-120 Matrix NSA Series Configuration Guide T able 14-6 show maclock Output Det ails Output What It Displays... Port Number Port des i gnation. Fo r a detailed description of possible port_string values, refer to Section 4.1.1 . Port S tatus Whether MAC locking is enabled or disabled on t[...]

  • Page 1281

    Security Configuration Command Set Configuring MAC Locking Matrix NSA Series Configura tion Guide 14-1 21 14.3.9.2 show maclo ck stations Use this command to disp lay MAC locking information about en d stations connected to the device. show maclock stations [ firstarrival | static ][ port-string ] Synt ax Description Command Default s If no paramet[...]

  • Page 1282

    Security Configuration Comman d Set Configuring MAC Locking 14-122 Matrix NSA Series Configuration Guide T able 14-7 provides an explanation of the command output. T able 14 -7 show maclo c k stations Outp ut Details Output What It Displays... Port Number Port des i gnation. Fo r a detailed description of possible port_string values, refer to Secti[...]

  • Page 1283

    Security Configuration Command Set Configuring MAC Locking Matrix NSA Series Configura tion Guide 14-1 23 14.3.9.3 set maclock en able Use this command to enable MAC locking on on e or more ports. When enabled and configured for a specific MAC address and port string, this lock s a port so that only designated end station addresses are allowed to p[...]

  • Page 1284

    Security Configuration Comman d Set Configuring MAC Locking 14-124 Matrix NSA Series Configuration Guide 14.3.9.4 set maclock disable Use this command to disable MAC locking on one or more ports. set maclock disable [ port_string ] Synt ax Description Command Default s If port_string is not specified, MAC locking w ill be disabled on all ports. Com[...]

  • Page 1285

    Security Configuration Command Set Configuring MAC Locking Matrix NSA Series Configura tion Guide 14-1 25 14.3.9.5 set maclock Use this command to create a static MAC addr ess and enable or disable MAC locking for the specific MAC address and port. When created and enabled, this allows only the end station designated by the MAC address to participa[...]

  • Page 1286

    Security Configuration Comman d Set Configuring MAC Locking 14-126 Matrix NSA Series Configuration Guide 14.3.9.6 set maclock first arrival Use this command to restrict MAC locking on a port to a maximum number of end station addresses first connected to that port. set maclock firstarrival port_string value Synt ax Description Command Default s Non[...]

  • Page 1287

    Security Configuration Command Set Configuring MAC Locking Matrix NSA Series Configura tion Guide 14-1 27 14.3.9.7 set maclock mo ve Use this command to move all current first arrival MACs to static entries. set maclock move port-string Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example This [...]

  • Page 1288

    Security Configuration Comman d Set Configuring MAC Locking 14-128 Matrix NSA Series Configuration Guide 14.3.9.8 clear maclock firstarrival Use this command to reset the number of first arri val MAC addresses allowed per port to the default value of 600. clear maclock firstarrival port-string Synt ax Description Command Default s None. Command T y[...]

  • Page 1289

    Security Configuration Command Set Configuring MAC Locking Matrix NSA Series Configura tion Guide 14-1 29 14.3.9.9 set maclock static Use this comma nd to restrict MAC locking on a port to a maximum number of static (management defined) MAC addresses for end stations connected to that port. set maclock static port_string value Synt ax Description C[...]

  • Page 1290

    Security Configuration Comman d Set Configuring MAC Locking 14-130 Matrix NSA Series Configuration Guide 14.3.9.10 clear maclock static Use this command to reset the number of s tatic MA C addresses allowed per port to the default value of 20. clear maclock static port_string Synt ax Description Command Default s None. Command T ype Switch command.[...]

  • Page 1291

    Security Configuration Command Set Configuring MAC Locking Matrix NSA Series Configura tion Guide 14-1 31 14.3.9.1 1 set maclock trap Use this command to enable or disable MAC lock trap messaging. When enabled, this authorizes the device to send an SNMP trap messa ge if an end station is connected that exceeds the maximum values configure d using t[...]

  • Page 1292

    Security Configuration Comman d Set Configuring MAC Locking 14-132 Matrix NSA Series Configuration Guide 14.3.9.12 clear maclock Use this command to clear MAC locking from one or more static MAC addresses. clear maclock { all | mac-addr ess port-string } Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W r[...]

  • Page 1293

    Security Configuration Command Set Configuring Multiple Authenticatio n Matrix NSA Series Configura tion Guide 14-1 33 14.3.10 Configuring Multiple Authentication About Multiple Authentication When enabled, multiple authentic ation allows multiple users to authenticate using up to three methods on the same port, and receive a policy traf fic profil[...]

  • Page 1294

    Security Configuration Comman d Set Configuring Multiple Authen tication 14-134 Matrix NSA Series Configuration Guide Purpose T o configure multiple authentication. Commands The commands used to configure multiple authentication are listed below and d escribed in the associated section as shown: • set multiauth mode ( Section 14.3.10 .1 ) • cle[...]

  • Page 1295

    Security Configuration Command Set Configuring Multiple Authenticatio n Matrix NSA Series Configura tion Guide 14-1 35 14.3.10.1 set multiauth mode Use this command to set the system authentic ation mode to use mu ltiple authenticators simultaneously or to strictly adhere to 802.1X. set multiauth mode { multi | s trict } Synt ax Description Command[...]

  • Page 1296

    Security Configuration Comman d Set Configuring Multiple Authen tication 14-136 Matrix NSA Series Configuration Guide 14.3.10.2 clear multiauth mode Use this command to clear the system authentication mode. clear multiauth mode Synt ax Description None. Command T ype Switch command. Command Mode Read-W rite. Command Default s None. Examples This ex[...]

  • Page 1297

    Security Configuration Command Set Configuring Multiple Authenticatio n Matrix NSA Series Configura tion Guide 14-1 37 14.3.10.3 set multiauth precedence Use this command to set the system’ s multiple authentication administra tive precedence.When a user is successfully authe nticated by more than one method at the same tim e, the precede nce of [...]

  • Page 1298

    Security Configuration Comman d Set Configuring Multiple Authen tication 14-138 Matrix NSA Series Configuration Guide 14.3.10.4 clear multiauth precedence Use this command to clear the system’ s multip le authentication administrative precedence. clear multiauth precedence Synt ax Description None. Command T ype Switch command. Command Mode Read-[...]

  • Page 1299

    Security Configuration Command Set Configuring Multiple Authenticatio n Matrix NSA Series Configura tion Guide 14-1 39 14.3.10.5 show multiauth port Use this command to display multiple authen tication properties for one or more ports. show multiauth port [ port-string ] Synt ax Description Command T ype Switch command. Command Mode Read-Only . Com[...]

  • Page 1300

    Security Configuration Comman d Set Configuring Multiple Authen tication 14-140 Matrix NSA Series Configuration Guide 14.3.10.6 set multiauth port Use this command to set mu ltiple authentication propertie s for one or more ports. set multiauth port mode {auth-opt | au th-reqd | force-auth | force-unauth} | numusers numusers port-string Synt ax Des[...]

  • Page 1301

    Security Configuration Command Set Configuring Multiple Authenticatio n Matrix NSA Series Configura tion Guide 14-1 41 14.3.10.7 clear multiauth port Use this command to clear multiple authen tication properties for one or more ports. clear multiauth port {[ mode ] [ numusers ] port-string } Synt ax Description Command T ype Switch command. Command[...]

  • Page 1302

    Security Configuration Comman d Set Configuring Multiple Authen tication 14-142 Matrix NSA Series Configuration Guide 14.3.10.8 show multiauth station Use this command to display multiple au thentication station (end user) entries. show multiauth station [ mac addr ess ] [ port port-string ] Synt ax Description Command T ype Switch command. Command[...]

  • Page 1303

    Security Configuration Command Set Configuring Multiple Authenticatio n Matrix NSA Series Configura tion Guide 14-1 43 14.3.10.9 clear multiauth station Use this command to clear one or more multiple authentica tion station entries. clear multiauth station [ mac addr ess ] port port-string Synt ax Description Command T ype Switch command. Command M[...]

  • Page 1304

    Security Configuration Comman d Set Configuring Multiple Authen tication 14-144 Matrix NSA Series Configuration Guide 14.3.10.10 show mu ltiauth session Use this command to display multip le authentication session entries. show multiauth session [ all ] [ agent { dot1x | mac | pwa | cep }] [ mac addr ess ] [ port port-string ] Synt ax Description C[...]

  • Page 1305

    Security Configuration Command Set Configuring Multiple Authenticatio n Matrix NSA Series Configura tion Guide 14-1 45 Example This example shows how to display multiple auth entication session: Matrix(rw)-> show multiauth sessio n Multiple authentication session e ntries --------------------------------- -------- Port : fe.2.2 Station address :[...]

  • Page 1306

    Security Configuration Comman d Set Configuring Multiple Authen tication 14-146 Matrix NSA Series Configuration Guide 14.3.10.1 1 show multiauth idle-timeout Use this command to display the mu ltiple authentication timeout value for an idle session. This will display the idle-timeout vlaues, in seconds, for the following authentic ation types: dot1[...]

  • Page 1307

    Security Configuration Command Set Configuring Multiple Authenticatio n Matrix NSA Series Configura tion Guide 14-1 47 14.3.10.12 set multiauth idle-timeout Use this command to set the multiple authentic ation timeout value for an idle session. This command can set the idle-timeout vla ues, in second s, for the following auth entication types: dot1[...]

  • Page 1308

    Security Configuration Comman d Set Configuring Multiple Authen tication 14-148 Matrix NSA Series Configuration Guide 14.3.10.13 clear multiauth idle-timeout Use this command to clear multiple authentication idle-timeout values , for an idle session, back to the default values for one or all authentication type s. The default value is 300 seconds f[...]

  • Page 1309

    Security Configuration Command Set Configuring Multiple Authenticatio n Matrix NSA Series Configura tion Guide 14-1 49 14.3.10.14 show mult iauth session-timeout Use this command to display mu ltiple authentication session-timeo ut values for an active session. This will display the session-timeo ut values, in seconds, for the following authenticat[...]

  • Page 1310

    Security Configuration Comman d Set Configuring Multiple Authen tication 14-150 Matrix NSA Series Configuration Guide 14.3.10.15 set multiauth session-timeout Use this command to set multiple authentication session-timeout values, for an active session. set multiauth session-timeout [ cep | dot1x | mac | pwa ] timeout Synt ax Description Command De[...]

  • Page 1311

    Security Configuration Command Set Configuring Multiple Authenticatio n Matrix NSA Series Configura tion Guide 14-1 51 14.3.10.16 clear mult iauth session-timeout Use this command to clear multip le authentication session-timeout values, for an active session, back to the default values. clear multiauth session-timeout [ cep | dot1x | mac | pwa ] S[...]

  • Page 1312

    Security Configuration Comman d Set Configuring Secure Shell (SSH) 14-152 Matrix NSA Series Configuration Guide 14.3.1 1 Configuring Se cure Shell (SSH) Purpose T o review , enable, disable, and configure the Secu re Shell (SSH) protoc ol, which provides secure Te l n e t . Commands The commands used to review and configure SSH a re listed below an[...]

  • Page 1313

    Security Configuration Command Set Configuring Secure Shell (SSH) Matrix NSA Series Configura tion Guide 14-1 53 14.3.1 1.1 show ssh st ate Use this command to display the cu rrent status of SSH on the device. show ssh state Synt ax Description None. Command T ype Switch command. Command Mode Read-Only . Command Default s None. Examples This exampl[...]

  • Page 1314

    Security Configuration Comman d Set Configuring Secure Shell (SSH) 14-154 Matrix NSA Series Configuration Guide 14.3.1 1.2 set ssh Use this command to enable, disable or reinitialize SSH server on the device. set ssh { enable | disable | reinitialize} Synt ax Description Command T ype Switch command. Command Mode Read-W rite. Command Default s None[...]

  • Page 1315

    Security Configuration Command Set Configuring Secure Shell (SSH) Matrix NSA Series Configura tion Guide 14-1 55 14.3.1 1.3 set ssh hostkey Use this command to set or rein itialize new SSH authentication keys. set ssh hostkey [ reinitialize ] Synt ax Description Command T ype Switch command. Command Mode Read-W rite. Command Default s None. Example[...]

  • Page 1316

    Security Configuration Comman d Set Configuring Secure Shell (SSH) 14-156 Matrix NSA Series Configuration Guide 14.3.1 1.4 show router ssh Use this command to display the st ate of SSH service to the router . show router ssh Synt ax Description None. Command T ype Switch command. Command Mode Read-Only . Command Default s None. Example This example[...]

  • Page 1317

    Security Configuration Command Set Configuring Secure Shell (SSH) Matrix NSA Series Configura tion Guide 14-1 57 14.3.1 1.5 set router ssh Use this command to enables or di sable SSH service to the rout er . set router ssh { enable | disable } Synt ax Description Command T ype Switch command. Command Mode Read-W rite. Command Default s None. Exampl[...]

  • Page 1318

    Security Configuration Comman d Set Configuring Secure Shell (SSH) 14-158 Matrix NSA Series Configuration Guide 14.3.1 1.6 clear ro uter ssh Use this command to reset SSH service to the router to the default state of disabled. clear router ssh Synt ax Description None. Command T ype Switch command. Command Mode Read-W rite. Command Default s None. [...]

  • Page 1319

    Security Configuration Command Set Configuring Access Lists Matrix NSA Series Configura tion Guide 14-1 59 14.3.12 Configuring Access L ist s Purpose T o review and configure security access contro l lists (ACLs), which permit or deny access to routing interfaces based on protocol and source IP address restrictions. Commands The commands used to re[...]

  • Page 1320

    Security Configuration Comman d Set Configuring Access Lists 14-160 Matrix NSA Series Configuration Guide 14.3.12.1 show access-lists Use this command to display configured IP ac cess lists when operating in router mode. show access-lists [ number ] Synt ax Description Command T ype Router command. Command Mode Any router mode. Command Default s If[...]

  • Page 1321

    Security Configuration Command Set Configuring Access Lists Matrix NSA Series Configura tion Guide 14-1 61 14.3.12.2 access-list (standard) Use this command to define a standard IP access list by numbe r when op erating in router mode. Restrictions defined by an access list are applied by using the ip ac ces s-group command ( Section 14.3.12.4 ). a[...]

  • Page 1322

    Security Configuration Comman d Set Configuring Access Lists 14-162 Matrix NSA Series Configuration Guide Command Synt ax of the “no” Form The “no” form of this command re moves the defined access list or entry: no access-list access-list-num ber [ entry ] Command T ype Router command. Command Mode Global configuration: Matrix>Router1(co[...]

  • Page 1323

    Security Configuration Command Set Configuring Access Lists Matrix NSA Series Configura tion Guide 14-1 63 This example moves entry 16 to the beginning of ACL 22: Matrix>Router1(config)# access-lis t 22 move 1 16[...]

  • Page 1324

    Security Configuration Comman d Set Configuring Access Lists 14-164 Matrix NSA Series Configuration Guide 14.3.12.3 access-list (extended) Use this command to define an extended IP acce ss list by number when operating in router mode. Restrictions defined by an access list are applied by using the ip access-group command as described in Sectio n 14[...]

  • Page 1325

    Security Configuration Command Set Configuring Access Lists Matrix NSA Series Configura tion Guide 14-1 65 Synt ax Description access-list-number Specifies an extended access list number . V alid values are from 100 to 199 . insert | replace entry (Optional) Inserts this new entr y before a specified entry in an existing ACL, or replaces a specifie[...]

  • Page 1326

    Security Configuration Comman d Set Configuring Access Lists 14-166 Matrix NSA Series Configuration Guide destination Specifies the network or host to which the packet will be sent. V alid options for e xpressing destination are: • IP address (A.B.C.D) • any - Any destination host • host sour ce - IP address of a single destination host desti[...]

  • Page 1327

    Security Configuration Command Set Configuring Access Lists Matrix NSA Series Configura tion Guide 14-1 67 Command Synt ax of the “no” Form The “no” form of this command removes the defined access list or entry: no access-list access-list-number [ entry ] Command T ype Router command. Command Mode Global configuration: Matrix>Router1(con[...]

  • Page 1328

    Security Configuration Comman d Set Configuring Access Lists 14-168 Matrix NSA Series Configuration Guide This example shows how to defi ne access list 102 to deny TCP packets transmitted from any IP source port with a the Dif fServ value set to 55. Matrix>Router1(config)# access-list 102 deny tcp any any dscp 55[...]

  • Page 1329

    Security Configuration Command Set Configuring Access Lists Matrix NSA Series Configura tion Guide 14-1 69 14.3.12.4 ip access-g roup Use this command to apply access restrictions to inbound or outbound fram es on an interface when operating in router mode. ip access-group access-list-number { in | out } Synt ax Description Command Synt ax of the ?[...]

  • Page 1330

    Security Configuration Comman d Set Configuring Policy-Based Routi ng 14-170 Matrix NSA Series Configuration Guide 14.3.13 Configuring Policy-Based Routing About Policy-Based Routing Normally , IP packets are forw arde d according to the route that has been selected by traditional routing protocols, such as RIP and OSPF , or by st atic routes. In t[...]

  • Page 1331

    Security Configuration Command Set Configuring Policy-Based Routing Matrix NSA Series Configura tion Guide 14-1 71 • ip policy pinger ( Sec tion 14.3 .13.9 )[...]

  • Page 1332

    Security Configuration Comman d Set Configuring Policy-Based Routi ng 14-172 Matrix NSA Series Configuration Guide 14.3.13.1 show route-map Use this command to displa y a configured route map list for policy-based routing. show route-map id-number Synt ax Description Command T ype Router command. Command Mode Global configuration: Matrix>Router1[...]

  • Page 1333

    Security Configuration Command Set Configuring Policy-Based Routing Matrix NSA Series Configura tion Guide 14-1 73 14.3.13.2 route-map Use this command to create a route map for policy- based routing and to enab le policy-based routing configuration mode. route-map id-number [ permit | deny ] [ sequence-number ] Synt ax Description Command Synt ax [...]

  • Page 1334

    Security Configuration Comman d Set Configuring Policy-Based Routi ng 14-174 Matrix NSA Series Configuration Guide Command Default s • If permit or deny is not specified, this comm and will enable route map or policy based routin g configuration mode. • If sequence-number is n ot spec ified, 10 will be applied. Example This example shows how to[...]

  • Page 1335

    Security Configuration Command Set Configuring Policy-Based Routing Matrix NSA Series Configura tion Guide 14-1 75 14.3.13.3 match ip ad dress Use this command to match a packet source IP address against a PBR access list. Up to 5 access lists can be matched. match ip address access-list-number Synt ax Description Command Synt ax of the “no” Fo[...]

  • Page 1336

    Security Configuration Comman d Set Configuring Policy-Based Routi ng 14-176 Matrix NSA Series Configuration Guide 14.3.13.4 set next hop Use this command to set one or more ne xt hop IP address for packets matching an exte nded access list in a config ured route map. Up to five next hops can be specified. set next hop { next-hop1 }[ next-hop2. ...[...]

  • Page 1337

    Security Configuration Command Set Configuring Policy-Based Routing Matrix NSA Series Configura tion Guide 14-1 77 14.3.13.5 sho w ip policy Use this command to display the po licy applied to a routing interface . show ip policy Synt ax Description None. Command T ype Router command. Command Mode Global configuration: Matrix>Router1(config)# Com[...]

  • Page 1338

    Security Configuration Comman d Set Configuring Policy-Based Routi ng 14-178 Matrix NSA Series Configuration Guide Pinger Whether PBR next ho p p inging is on or off. Can be turned on and configured us ing the ip policy pinger command as described in Section 14.3.13.9 . Interval PB R next hop ping interv al (in seconds). D efault of 3 can be reset [...]

  • Page 1339

    Security Configuration Command Set Configuring Policy-Based Routing Matrix NSA Series Configura tion Guide 14-1 79 14.3.13.6 ip p olicy route-map Use this command to assign a rout e map list to a routing interface . ip policy route-map id-number Synt ax Description Command Synt ax of the “no” Form The “no” form of un-a ssigns a route map li[...]

  • Page 1340

    Security Configuration Comman d Set Configuring Policy-Based Routi ng 14-180 Matrix NSA Series Configuration Guide 14.3.13.7 ip policy priority Use this command to prioritize PBR next hop behavior . ip policy priority {[ only ] [ first ] [ last ]} Synt ax Description Command Synt ax of the “no” Form The “no” form of this command resets the [...]

  • Page 1341

    Security Configuration Command Set Configuring Policy-Based Routing Matrix NSA Series Configura tion Guide 14-1 81 14.3.13.8 ip policy load-policy Use this command to co nfigure PBR next hop behav ior . When more than one next ho p is configured (using the set next hop command as described in Section 14.3.13.4 ) the load policy specifies choosing o[...]

  • Page 1342

    Security Configuration Comman d Set Configuring Policy-Based Routi ng 14-182 Matrix NSA Series Configuration Guide 14.3.13.9 ip policy pinger Use this command to co nfigure behavior for pinging PBR next hops. ip policy pinger { off | on [ interva l interval ] [ retries re t r i e s } Synt ax Description Command Synt ax of the “no” Form The “n[...]

  • Page 1343

    Security Configuration Command Set Configuring Denial of Service (DoS) Preven tion Matrix NSA Series Configura tion Guide 14-1 83 14.3.14 Configuring Denial of Service (DoS) Prevention Purpose T o configure Denial of Service (DoS) prevention, which will protect the router from attacks and notify administrators via Syslog . Commands The commands use[...]

  • Page 1344

    Security Configuration Comman d Set Configuring Denial of Service (DoS) Prevention 14-184 Matrix NSA Series Configuration Guide 14.3.14.1 show hostdos Use this command to display Denial of Service security status and counters. show hostdos Synt ax Description None, Command T ype Router command. Command Mode Global configuration: Matrix>Router1(c[...]

  • Page 1345

    Security Configuration Command Set Configuring Denial of Service (DoS) Preven tion Matrix NSA Series Configura tion Guide 14-1 85 14.3.14.2 host dos Use this command to enable or disabl e Denial of Service security features. hostdos { land | fragmicmp | largeicmp size | checkspoof | portscan } Synt ax Description Command Synt ax of the “no” For[...]

  • Page 1346

    Security Configuration Comman d Set Configuring Denial of Service (DoS) Prevention 14-186 Matrix NSA Series Configuration Guide Examples This example shows how to globa lly enable land attack and larg e ICMP packets protection for packet s larger th an 2000 bytes: This example shows how to enable spoofed address checking on the VLAN 1 interface: Ma[...]

  • Page 1347

    Security Configuration Command Set Configuring Denial of Service (DoS) Preven tion Matrix NSA Series Configura tion Guide 14-1 87 14.3.14.3 clear hostdos-counters Use this command to clear Denial of Service security counters. clear hostdos-counters Synt ax Description None. Command T ype Router command. Command Mode Global configuration: Matrix>[...]

  • Page 1348

    Security Configuration Comman d Set Configuring Flow Setup Throttling (FST) 14-188 Matrix NSA Series Configuration Guide 14.3.15 Configuring Flow Setup Throttling (FST) About FST Flow Setup Throttling (FST) is a proactive feature d esigned to mitigate DoS attacks before the virus can wreak havoc on the network. FST directly co mbats the ef fects of[...]

  • Page 1349

    Security Configuration Command Set Configuring Flow Setup Throttling (FST) Matrix NSA Series Configura tion Guide 14-1 89 • set flowlimit port ( Section 14.3.15 .8 ) • clear flowlimit port class ( Section 14.3.15.9 ) • set flowlimit shutdown ( Section 14. 3.15.10 ) • set flowlimit notification ( Sectio n 14.3.15.1 1 ) • clear flowlimit no[...]

  • Page 1350

    Security Configuration Comman d Set Configuring Flow Setup Throttling (FST) 14-190 Matrix NSA Series Configuration Guide 14.3.15.1 show flowlimit Use this command to display fl ow setup throttling information. show flowlimit [ port [ port-string ]] [ stats [ port-string ]] Synt ax Description Command T ype Switch command. Command Mode Read-Only . C[...]

  • Page 1351

    Security Configuration Command Set Configuring Flow Setup Throttling (FST) Matrix NSA Series Configura tion Guide 14-1 91 14.3.15.2 set flowlimit Use this command to globally enab le or disable flow setup throttling. set flowlimit { enable | disable } Synt ax Description Command T ype Switch command. Command Mode Read-W rite. Command Default s None[...]

  • Page 1352

    Security Configuration Comman d Set Configuring Flow Setup Throttling (FST) 14-192 Matrix NSA Series Configuration Guide 14.3.15.3 set flowli mit limit Use this command to set a flow lim it that will trigger an action for a port user classi fication. Once configured, this limit can be: • associated with an action using the set flowlimit action co[...]

  • Page 1353

    Security Configuration Command Set Configuring Flow Setup Throttling (FST) Matrix NSA Series Configura tion Guide 14-1 93 Example This example shows how to set th e flow limit 1 to 12 flows on ports classified as user ports: Matrix(rw)-> set flowlimit limit1 12 userport[...]

  • Page 1354

    Security Configuration Comman d Set Configuring Flow Setup Throttling (FST) 14-194 Matrix NSA Series Configuration Guide 14.3.15.4 clear flowlimit limit Use this command to remove a flow limit configuration. clear flowlimit { limit1 | l imit2 } [ userport | serverport | aggregated user | interswitchlink | unspecified ] Synt ax Description Command T[...]

  • Page 1355

    Security Configuration Command Set Configuring Flow Setup Throttling (FST) Matrix NSA Series Configura tion Guide 14-1 95 14.3.15.5 set flowlimit action Use this command to associate an action with a flow limit. This is the action that will occur once the associated flow limit is reached. set flowlimit { action1 | action2 } [ notify ] [ drop ] [ di[...]

  • Page 1356

    Security Configuration Comman d Set Configuring Flow Setup Throttling (FST) 14-196 Matrix NSA Series Configuration Guide Command Default s • If action is not specified, no action will be applied. • If classification port type is not specified, none will be applied. Example This example shows how to set flow limiting action 1 to discard all flow[...]

  • Page 1357

    Security Configuration Command Set Configuring Flow Setup Throttling (FST) Matrix NSA Series Configura tion Guide 14-1 97 14.3.15.6 clear flowli mit action Use this command to remove a fl ow limit ing action configuration. clear flowlimit { action1 | action2 } [ notify ] [ drop ] [ disable ] [ userport | serverport | aggregateduser | interswitchlin[...]

  • Page 1358

    Security Configuration Comman d Set Configuring Flow Setup Throttling (FST) 14-198 Matrix NSA Series Configuration Guide 14.3.15.7 show flowlimit class Use this command to display flow lim iting classification configuration(s). show flowlimit class [ user port | serverport | aggregateduser | interswitchlink | unspecified ] Synt ax Description Comma[...]

  • Page 1359

    Security Configuration Command Set Configuring Flow Setup Throttling (FST) Matrix NSA Series Configura tion Guide 14-1 99 Example This example shows how to show flow limits and as sociated actions configured for the various port classifications: Matrix(rw)-> show flowlimit class Flow setup throttling class confi guration: Class Limit Action ----[...]

  • Page 1360

    Security Configuration Comman d Set Configuring Flow Setup Throttling (FST) 14-200 Matrix NSA Series Configuration Guide 14.3.15.8 set flowli mit port Use this command to: • enable or disable flow limiti ng on one or more port(s), • assign a flow limiting user classifica tion to one or more port(s). On ce a classification is assigned, these por[...]

  • Page 1361

    Security Configuration Command Set Configuring Flow Setup Throttling (FST) Matrix NSA Series Configura tion Guide 14-2 01 Example This example shows how to assign the user port classification type to Fast Ethernet ports 3-5 in port group 2: Matrix(rw)-> set flowlimit port cl ass userport fe.2.3-5[...]

  • Page 1362

    Security Configuration Comman d Set Configuring Flow Setup Throttling (FST) 14-202 Matrix NSA Series Configuration Guide 14.3.15.9 clear flowlimit port class Use this command to remove flow lim iting port classif ication properties. clear flowlimit port class [ port-string ] Synt ax Description Command T ype Switch command. Command Mode Read-W rite[...]

  • Page 1363

    Security Configuration Command Set Configuring Flow Setup Throttling (FST) Matrix NSA Series Configura tion Guide 14-2 03 14.3.15.10 set flowlimit shutdown Use this command to enable or disable the flow lim it shut down functio n. When enabled, this allows ports configured with a “disable” action to shut down. For i nformation on using the set [...]

  • Page 1364

    Security Configuration Comman d Set Configuring Flow Setup Throttling (FST) 14-204 Matrix NSA Series Configuration Guide 14.3.15.1 1 set flowlimit notification Use this command to enable or di sable flow limit notification, or to set a notification interval. When enabled, this allows ports configured with a “t rap” action to send an SNMP trap m[...]

  • Page 1365

    Security Configuration Command Set Configuring Flow Setup Throttling (FST) Matrix NSA Series Configura tion Guide 14-2 05 14.3.15.12 clear flowlimit notification interval Use this command to reset the SNMP flow limit notification interval to th e default value of 120 seconds. clear flowlimit notification interval Synt ax Description None. Command T[...]

  • Page 1366

    Security Configuration Comman d Set Configuring Flow Setup Throttling (FST) 14-206 Matrix NSA Series Configuration Guide 14.3.15.13 clear flowlimit stat s Use this command to reset flow limiting statistics back to default values on one or more port(s). clear flowlimit stats [ port-st ring ] Synt ax Description Command T ype Switch command. Command [...]

  • Page 1367

    Matrix NSA Series Configuration Guide Index-1 Index Numerics 802.1D 6-1 802.1Q 7-1 802.1w 6-1 802.1x 14-12 , 14- 27 A Access Groups 14-169 Access Lists 14-161 to 14-164 Addresses IP, adding to switch routing table 11 -1 0 9 MAC, adding entries to routing table 12-10 MAC, setting for IP routing 12-26 setting the router ID address 13-36 Advertised Ab[...]

  • Page 1368

    Index Index-2 M atrix NSA Series Config uration Guide Contexts (SNMP) 5-3 Convergence End Points (CEP) phone detection 14-101 Copying Configuratio n or Image Files 2-1 14 Cost area default 13-51 OSPF 13-37 , 13-51 Spanning Tre e port 6-1 12 D Debugging OSPF 13-74 Defaults CLI behavior, described 2-9 factory installed 2-1 DHCP Server 12-1 1 0 DHCP/B[...]

  • Page 1369

    Index Matrix NSA Series Configuration Guide Index-3 L License key advanced routing 2-90 , 13-2 Line Editing Com mands 2-1 1 , 2-17 Link Aggregatio n (LACP) 4-98 Link Layer Discovery Protocol (LLDP) configuring 3-25 Link State Advertise ments displaying 13-62 retransmit interval 13-40 transmit del ay 13-41 LLDP configuring 3-25 LLDP-MED configuring [...]

  • Page 1370

    Index Index-4 M atrix NSA Series Config uration Guide retransmit interval 13-40 timers 13-39 transmit del ay 13-41 virtual links 13-53 , 13-71 P Password aging 2-32 history 2-32 , 2-33 set new 2-29 setting the login 2-29 Path MTU Dis covery Protocol 2-1 19 Phone detection Cisco, Siemens and H.323 14-101 PIM 12-47 Ping 11 - 3 2 , 12-45 Policy Manage[...]

  • Page 1371

    Index Matrix NSA Series Configuration Guide Index-5 S Scrolling Screens 2-16 Secure Shell (SSH) 14-152 enabling 14-154 regenerating new keys 14-155 Security methods, overview of 14 -1 Serial Port downloading upgrade s via 2-94 set policy classify 8-29 set policy port 8-1 1 , 8-38 set policy syslog 8-17 , 8-19 , 8-20 SNMP access rights 5-26 accessin[...]

  • Page 1372

    Index Index-6 M atrix NSA Series Config uration Guide egress lists 7-25 enabling GVRP 7- 33 ingress filtering 7-1 1 naming 7-8 reviewing existing 7-3 secure management, creating 7-32 VRRP authenticat ion 13-105 configuration mode , enabling 13-91 creating a session 13-92 critical IP 13-99 enabling on an interface 13 -104 priority 13-95 virtual rout[...]