Enterasys N Standalone (NSA) Series manual

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372

Go to page of

A good user manual

The rules should oblige the seller to give the purchaser an operating instrucion of Enterasys N Standalone (NSA) Series, along with an item. The lack of an instruction or false information given to customer shall constitute grounds to apply for a complaint because of nonconformity of goods with the contract. In accordance with the law, a customer can receive an instruction in non-paper form; lately graphic and electronic forms of the manuals, as well as instructional videos have been majorly used. A necessary precondition for this is the unmistakable, legible character of an instruction.

What is an instruction?

The term originates from the Latin word „instructio”, which means organizing. Therefore, in an instruction of Enterasys N Standalone (NSA) Series one could find a process description. An instruction's purpose is to teach, to ease the start-up and an item's use or performance of certain activities. An instruction is a compilation of information about an item/a service, it is a clue.

Unfortunately, only a few customers devote their time to read an instruction of Enterasys N Standalone (NSA) Series. A good user manual introduces us to a number of additional functionalities of the purchased item, and also helps us to avoid the formation of most of the defects.

What should a perfect user manual contain?

First and foremost, an user manual of Enterasys N Standalone (NSA) Series should contain:
- informations concerning technical data of Enterasys N Standalone (NSA) Series
- name of the manufacturer and a year of construction of the Enterasys N Standalone (NSA) Series item
- rules of operation, control and maintenance of the Enterasys N Standalone (NSA) Series item
- safety signs and mark certificates which confirm compatibility with appropriate standards

Why don't we read the manuals?

Usually it results from the lack of time and certainty about functionalities of purchased items. Unfortunately, networking and start-up of Enterasys N Standalone (NSA) Series alone are not enough. An instruction contains a number of clues concerning respective functionalities, safety rules, maintenance methods (what means should be used), eventual defects of Enterasys N Standalone (NSA) Series, and methods of problem resolution. Eventually, when one still can't find the answer to his problems, he will be directed to the Enterasys service. Lately animated manuals and instructional videos are quite popular among customers. These kinds of user manuals are effective; they assure that a customer will familiarize himself with the whole material, and won't skip complicated, technical information of Enterasys N Standalone (NSA) Series.

Why one should read the manuals?

It is mostly in the manuals where we will find the details concerning construction and possibility of the Enterasys N Standalone (NSA) Series item, and its use of respective accessory, as well as information concerning all the functions and facilities.

After a successful purchase of an item one should find a moment and get to know with every part of an instruction. Currently the manuals are carefully prearranged and translated, so they could be fully understood by its users. The manuals will serve as an informational aid.

Table of contents for the manual

  • Page 1

    Enterasys Matrix ® N Standalone (NSA) Series Configuration Guide Firmware V ersion 5.41.xx P/N 9034073-08 Rev .0C[...]

  • Page 2

    [...]

  • Page 3

    i Notice Enterasys Networks reserves the right to make changes in specifications a nd other information contained in this document and its web site withou t prior not ice. The reader should in all cases c onsult Enterasys Networks to determine whether any such cha nges have been made. The hardware, firmware, or software described in this document i[...]

  • Page 4

    ii ENTERASYS NETWORKS, INC. FIRMWARE LICENSE AGREEMENT BEFORE OPENING OR UTILIZING THE ENCLOS ED PRODUCT , CAREFULL Y READ THIS LICENSE AGREEMEN T . This document is an agreem ent (“Agreeme nt”) between t he e nd user (“Y ou”) and Enterasys Networks, I nc. on behalf of itself and its Affi liates (as here inafter def ined) (“Enterasys”) [...]

  • Page 5

    iii 3. APPLICABLE LAW. This Agreement shall be interpreted and governed under the laws and in the state and federal courts of the Commonwealth of Massachusetts without regard to its conflicts of laws pr ovisions. You accep t the personal jurisdiction and venue of the Commonwealth of Massachusetts courts. None of the 1980 United Nations Convention o[...]

  • Page 6

    iv 8. AUDIT RIGHTS. You hereby acknowledge that the inte llectual property rights associ ated with the Program are of critical value to Enterasys and, accord ingly, You hereby agree to maintain complete books, re cords and accounts showing (i) license fees due and paid, and (ii) the use, copying and deployment of the Pr ogram. You also grant to Ent[...]

  • Page 7

    Matrix NSA Series Configuration Guide v Content s Figures ............. ............. ......... ............. .......... ............. ......... ............. ............. .......... ....................... . xi Tables........ .......... ............. ............. ......... ............. .......... ............. .......... ............. .........[...]

  • Page 8

    Contents vi Matrix NSA Series C onfiguration Gu ide 2.2 General Configuration Command Set .............. ............. ............. ............ ....... 2-24 2.2.1 Setting User Accounts and Pa sswords .. ............. ............. .......... ... 2-24 2.2.2 Managing the Management Auth entication Notification MIB ........ 2-36 2.2.3 Setting Basic [...]

  • Page 9

    Contents Matrix NSA Series Configuration Guide vii 4.4 Configuring Port Mirroring .......... ............ ............. ............. ................ ............. 4-87 4.4.1 Supported Mirrors ......... ... ... ... .... ... ... .......... ... ... .... ... ... .......... ... ... ... 4-87 4.4.2 IDS Mirroring Considerations ..... ... ............. ..[...]

  • Page 10

    Contents viii Matrix NSA Series Configuration Guide 7 802.1Q VLAN CONFIGURATION 7.1 VLAN Configuration Summary ..... ............. ................ ............. ............. ............ 7-1 7.1.1 Port Assignment Scheme ......... ............. .......... ............. ......... ......... 7-1 7.1.2 Port String Syntax Used in the CLI ..............[...]

  • Page 11

    Contents Matrix NSA Series Configu ration Guide ix 11 LOGGING AND NETW ORK MANAGEMENT 11.1 Process Overview: Network Management ....... ... .... ... ... ... .... ... ... ... ... .... ... ... ... 11-1 11.2 Logging And Network M anagement Command Set ......... ............. ............. ... 11-2 11.2.1 Configuring System Logging ...... .............[...]

  • Page 12

    Contents x Matrix NSA Series Co nfiguration Guide 14 SECURITY CONFIGURATION 14.1 Overview of Security Methods ......... ... ......... ............. .......... ............. .......... ... 14-1 14.1.1 RADIUS Filter-ID Attrib ute and Dynamic Policy Profile Assignment14-3 14.2 Process Overview: Securi ty Configurat ion ....... ............. ......... [...]

  • Page 13

    Matrix NSA Series Configuration Guide xi Figures Figure Page 2-1 Sample CLI Default Des cription ............. ............. ............. ............. ................ ............. ..... 2-9 2-2 Matrix N Standalone Startu p Screen ............. ......... .... ... ... ... .... ......... .... ... ... ... ... .......... ... 2-14 2-3 Performing a Ke[...]

  • Page 14

    Figures xii Matrix NSA Series Configuration Guide[...]

  • Page 15

    Matrix NSA Series Configura tion Guide xiii Ta b l e s Ta b l e Page 2-1 Default Device Settings for Basic Switch Operation ... .......... ............. ......... ............. ..... 2-1 2-2 Default Device Settings for Router Mode O peration ..... ............. ............. .......... ........... 2-7 2-3 Basic Line Editing Emacs & vi Commands [...]

  • Page 16

    T ables xiv Matrix NSA Series Configurati on Guide 5-11 Basic SNMP Trap Configuration Command Set ............ ............. ............. ......... .......... 5-64 6-1 show spantree Output Deta ils ................ ............. .......... ............. ............. ......... .......... 6-10 6-2 Port-Specific show spantree stats Output Details ..[...]

  • Page 17

    Ta b l e s Matrix NSA Series Configuration Guide xv 12-13 show ip dhcp server statistic s Output Details ... .......... ............. .......... ............ ......... 12-138 13-1 RIP Configuration Task Li st and Commands ...... .... ... ... ... .... ......... .... ... ... ... ... .......... ... 13-2 13-2 OSPF Configuration Task List and Commands .[...]

  • Page 18

    T ables xvi Matrix NSA Series Configurati on Guide[...]

  • Page 19

    Enterasys Matrix ® N S tandalone (NSA) Series Configuration Guide xvii About This Guide W elcome to the Enterasys Enterasys Matrix ® N S tandalo ne (NSA) Series C onfiguration Gu ide . This manual explains how to access th e device’ s Command Line Interface (CLI) an d how to use it to configure Matrix Series switch/router devices. USING THIS GU[...]

  • Page 20

    xviii Enterasys Matrix ® N S tandalone (NSA) Series Configura tion Guide S TRUCTURE OF THIS GUIDE The guide is organized as follows: Chapter 1 , Introduction , provides an overview of the tasks th at can be accomplished using the CLI interface, an overview of local management requirements, and inform ation about obtaining technical support. Chapte[...]

  • Page 21

    Enterasys Matrix ® N S t andalone (NSA) Se ries Configurati on Guide xix Chapter 9 , Port Priority and Rate Limiting Configuration , describes how to set the transmit priority of each port, display the current traffic class mapping-to-priority of each port, set ports to either transmit frames according to selected prio rity transmit queues or perc[...]

  • Page 22

    xx Enterasys Matrix ® N S t andalone (NSA) Seri es Configuration Guide DOCUMENT CONVENTIONS This guide uses the following conventions: The following icons are used in this guide: bold typ e Bold type indicates requ ired user input, incl uding command keywords, that must be entered as shown for the command to execute. italic type When used in gener[...]

  • Page 23

    Matrix NSA Series Configu ration Guide 1-1 1 Introduction This chapter provides an overview of the Matrix Series’ unique features and functionality , an overview of the tasks that may be accomplished us ing the CLI interface, an overview of ways to manage the devi ce , and information on how to co ntact Enterasys Networks for technical support. 1[...]

  • Page 24

    Matrix Series CL I Overview 1-2 Matrix NSA Series Configuration Guide 1.2 MATRIX SERIES CLI OVERVIEW Enterasys Networks’ Matrix Series CLI interface allows you to perform a variety of network management tasks, includi ng the following: • Assign IP address and subnet mask. • Select a default gateway . • Assign a login password to th e device[...]

  • Page 25

    Device Management Meth ods Matrix NSA Series Configuration Gui de 1-3 1.3 DEVICE MANAGEMENT METHODS The Matrix Series device can be managed us ing the following me tho ds: • Locally using a VT type terminal connected to the console port. • Remotely using a VT type term inal conn ected throu gh a modem . • Remotely using an SNMP management sta[...]

  • Page 26

    Getting H elp 1-4 Matrix NSA Series Configuration Guide • A description of your network environm en t (for exampl e, la yout, cable type) • Network load and frame size at the time of trouble (if known) • The device history (for example, have you retu rned the device before, is this a recurring problem?) • Any previous Return Material Autho [...]

  • Page 27

    Matrix NSA Series Configu ration Guide 2-1 2 S t artup and General Configuration This chapter describes factory default settings an d the S tartup and General Configuration set of commands. 2.1 ST ARTUP AND GENERAL CONFIGURATION SUMMARY At startup, the Matrix Series de vice is configured with many defaults and standard feature s. The following sect[...]

  • Page 28

    S tartup a nd General Configu ration Summary Factory Default Settings 2-2 Matrix NSA Series Configuration Guide Does not apply to MA TRIX E7. Community name Public. Conver gence End Points phone detection Disabled globally and on all ports EAPOL Disabled. EAPOL authentication mode When enabled, set to auto for all ports. GARP timer Join timer set t[...]

  • Page 29

    S tartup and General Configuration Summary Factory Default Settings Matrix NSA Series Configuration Gui de 2-3 LLDP trap interval 5 seconds LLDP-MED fast repeat 3 fast start LLDPDUs LLDP traps Disabled LLDP-MED traps Disabled Lockout Set to disable Read-W rite and Read-Only users, an d to lockout the default admin (Super User) account for 15 minute[...]

  • Page 30

    S tartup a nd General Configu ration Summary Factory Default Settings 2-4 Matrix NSA Series Configuration Guide Policy classification Classification rules ar e automatically enabled when created. Port auto-negotiation Enabled on all ports. Port advertised ability Maximum ability advertised on all ports. Port broadcast suppression Disabled (no broad[...]

  • Page 31

    S tartup and General Configuration Summary Factory Default Settings Matrix NSA Series Configuration Gui de 2-5 Spanning T ree edge port delay Enabled. Spanning T ree forward delay Set to 15 secon ds. Spanning T ree hello interval Set to 2 seconds. Spanning T ree ID (SID) Set to 0 . Spanning T ree legacy path cost Disabled. Spanning T ree maximum ag[...]

  • Page 32

    S tartup a nd General Configu ration Summary Factory Default Settings 2-6 Matrix NSA Series Configuration Guide Spanning T ree Loop Protect event window 18 0 se conds. Spanning T ree Loop Protect traps Disabled. Spanning T ree disputed BPDU threshold Set to 0, meaning no traps are sent. SSH Disabled. System baud rate Set to 9600 baud. System contac[...]

  • Page 33

    S tartup and General Configuration Summary Factory Default Settings Matrix NSA Series Configuration Gui de 2-7 T able 2-2 Default Device Sett ings for Router Mode Oper at ion Device F eature Default Setti ng Access groups (IP security) None configured. Access lists (IP security) None configured. Area authentication (OSPF) Disabled. Area default cos[...]

  • Page 34

    S tartup a nd General Configu ration Summary Factory Default Settings 2-8 Matrix NSA Series Configuration Guide IP-directed broadcasts Disabled. IP forward-protoco l Enabled with no port specified. IP interfaces Disabled with no IP addresses specified. IRDP Disabled on all interfaces. When enabled, maximum advertisement interval is set to 600 secon[...]

  • Page 35

    S tartup and General Configuration Summary CLI “Command Defaults” Descriptions Matrix NSA Series Configuration Gui de 2-9 2.1.2 CLI “Command De fault s” Descriptions Each command description in this guide includes a section entitled “Command Defaults” which contains different informat ion than the factory default settings on the device [...]

  • Page 36

    S tartup a nd General Configu ration Summary Using WebView 2-10 Matrix NSA Series Configuration Guide well as view Read-Only commands. Administrators or Super Users will be allowed all Read-W rite and Read-Only privileges, and will be able to modify local user accounts. Th e Matri x Series device indicates which mode a user is logged in as by displ[...]

  • Page 37

    S tartup and General Configuration Summary Process Overview: CLI S tartup and General Configuration Matrix NSA Series Configuration Guide 2-1 1 This example shows how to set the W ebV iew TCP port to 10 0. 2.1.5 Process Overview: CLI St ar tup and General Configuration Use the following steps as a guide to the st artup and gene ral configuration p [...]

  • Page 38

    S tartup a nd General Configu ration Summary S tarti ng and Navigating the Command Lin e Interface 2-12 Matrix NSA Series Configuration Guide 2.1.6 St arting and Navigating the Command Line Interface 2.1.6.1 Using a Cons ole Port Connection Once you have connected a terminal to th e local console port as described in your Matrix Series Installation[...]

  • Page 39

    S tartup and General Configuration Summary S tarting and Navigating the Comman d Line Interface Matrix NSA Series Configuration Guide 2-13 2.1.6.3 L ogging in with Administ ratively Configured Account If the device’ s default user account settings have been changed, proceed as follows: 1. At the login prompt, enter your administra tively-assigned[...]

  • Page 40

    S tartup a nd General Configu ration Summary S tarti ng and Navigating the Command Lin e Interface 2-14 Matrix NSA Series Configuration Guide Figure 2-2 Matrix N St andalone St artup Screen 2.1.6.5 Getting Help with CLI Synt ax The Matrix Series device allows you to displa y usage and syntax information for individual commands by typin g help or ? [...]

  • Page 41

    S tartup and General Configuration Summary S tarting and Navigating the Comman d Line Interface Matrix NSA Series Configuration Guide 2-15 2.1.6.7 Performing Keyword Lookup s Entering a space and a question mark ( ?) after a keyword will display all commands beginning with the keyword. Figure 2-3 shows how to perform a keyword look up for the show [...]

  • Page 42

    S tartup a nd General Configu ration Summary S tarti ng and Navigating the Command Lin e Interface 2-16 Matrix NSA Series Configuration Guide 2.1.6.8 Displaying Scroll ing Screens If the CLI screen le ngth has been set using the se t length command as described in Section 2.2.3.30 , CLI output requiring more than one screen will display --More-- to[...]

  • Page 43

    S tartup and General Configuration Summary Configuring the Line Editor Matrix NSA Series Configuration Guide 2-17 2.1.6.9 Abbreviating and Completing Commands The Matrix Series device allows you to abbr ev iate CLI co mmands and keywords down to the number of characters that will allow for a unique abbreviation. Figure 2-6 shows how to abbreviate t[...]

  • Page 44

    S tartup a nd General Configu ration Summary Configuring the L ine Editor 2-18 Matrix NSA Series Configuration Guide T able 2-3 Basic Line Ed iting Emacs & vi Commands Key Sequence Emacs Command Ctrl+A Move cursor to begin ning of line. Ctrl+B Move cursor back one character . Ctrl+C Abort command. Ctrl+D Dele te a character . Ctrl+E Move cursor[...]

  • Page 45

    S tartup and General Configuration Summary Configuring the Line Editor Matrix NSA Series Configuration Guide 2-19 k Get previous shell command in history j Get next shell command in history $ Go to end of line 0 Go to beginning of line aA p p e n d A Append at end o f line c SP ACE Change character cl Change character cw Change word cc Change entir[...]

  • Page 46

    S tartup a nd General Configu ration Summary Configuring the L ine Editor 2-20 Matrix NSA Series Configuration Guide Commands The commands used to co nfigure the line-editor are listed belo w and described in the associated sections as shown. • show line-editor ( Section 2.1.7.1 ) • set line-editor ( Section 2.1.7.2 ) p Put last deletion after [...]

  • Page 47

    S tartup and General Configuration Summary Configuring the Line Editor Matrix NSA Series Configuration Guide 2-21 2.1.7.1 show line-editor Use this command to show curre nt and default line-edi tor mode and Dele te characte r mode. show line-editor Command Default s None. Command T ype Switch command. Command Mode Read-Only Example This example sho[...]

  • Page 48

    S tartup a nd General Configu ration Summary Configuring the L ine Editor 2-22 Matrix NSA Series Configuration Guide 2.1.7.2 set line-editor Use this command to set the curre nt and default line editing mode or the way the Delete character is treated by the line editor . Y ou can also set th e persistence of your line editing selections. set line-e[...]

  • Page 49

    S tartup and General Configuration Summary Configuring the Line Editor Matrix NSA Series Configuration Guide 2-23 This example sets the default line -editor to emacs mode and sets th e selection to persist for future sessions: Matrix(rw)-> set line-edit or emacs default[...]

  • Page 50

    General Configura tion Command Set Setting User Accounts and Passwords 2-24 Matrix NSA Series Configuration Guide 2.2 GENERAL CONFIG URATION COMMAND SET 2.2.1 Setting User A ccount s and Passwords Purpose T o change the device’ s default user login and password settings, and to ad d new user accounts and passwords. Commands The commands used to c[...]

  • Page 51

    General Configura tion Command Set Setting User Accounts and Passwords Matrix NSA Series Configuration Guide 2-25 2.2.1.1 sho w system login Use this command to display us er l ogin account informatio n. show system login Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Super User . Example This example s[...]

  • Page 52

    General Configura tion Command Set Setting User Accounts and Passwords 2-26 Matrix NSA Series Configuration Guide T able 2-4 show system lo gin Output Det ails Output What It Displays... Password h istory size Number of previously used us er login passwords that will be checked for duplication when the set password command is executed. Configured w[...]

  • Page 53

    General Configura tion Command Set Setting User Accounts and Passwords Matrix NSA Series Configuration Guide 2-27 2.2.1.2 set system login Use this command to create a new use r login acc ount , or to disable or enable an existing account. The Matrix Series device supports up to 16 us er accounts, including the admin account, which cannot be disabl[...]

  • Page 54

    General Configura tion Command Set Setting User Accounts and Passwords 2-28 Matrix NSA Series Configuration Guide 2.2.1.3 clear system login Use this command to remove a local login user account. clear system login username Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Super User . Example This example shows[...]

  • Page 55

    General Configura tion Command Set Setting User Accounts and Passwords Matrix NSA Series Configuration Guide 2-29 2.2.1.4 set p assword Use this command to change system default passwords or to set a new login password on the CLI. set password [ username ] Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W[...]

  • Page 56

    General Configura tion Command Set Setting User Accounts and Passwords 2-30 Matrix NSA Series Configuration Guide Examples This example shows how a super-user would ch ange the Read-W rite password from the system default (blank string): This example shows how a user with Read -W rite access would change his password: Matrix(su)-> set password r[...]

  • Page 57

    General Configura tion Command Set Setting User Accounts and Passwords Matrix NSA Series Configuration Guide 2-31 2.2.1.5 set system p assword length Use this command to set the mi nimu m user login password lengt h. set system password length characters Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Super Us[...]

  • Page 58

    General Configura tion Command Set Setting User Accounts and Passwords 2-32 Matrix NSA Series Configuration Guide 2.2.1.6 set system p assword agi ng Use this command to set th e number of days user passwords will remain valid before aging out, or to disable user acco unt password aging. set system password aging { days | disable } Synt ax Descript[...]

  • Page 59

    General Configura tion Command Set Setting User Accounts and Passwords Matrix NSA Series Configuration Guide 2-33 2.2.1.7 set system p assword hi story Use this command to set the number of previously used user logi n passwords that will be checked for password duplication. This prevents duplicat e passwords from being entered into the system with [...]

  • Page 60

    General Configura tion Command Set Setting User Accounts and Passwords 2-34 Matrix NSA Series Configuration Guide 2.2.1.8 show system lockout Use this command to display settings for locking out users after fail ed attempts to log in to the system. show system lockout Synt ax Description None. Command Default s None. Command T ype Switch command. C[...]

  • Page 61

    General Configura tion Command Set Setting User Accounts and Passwords Matrix NSA Series Configuration Guide 2-35 2.2.1.9 set system lockout Use this command to set the numb er of failed login attempts before locking out (disabling) a read-write or read-only user acco unt, and the nu mber of minutes to lockout the default admin super user account a[...]

  • Page 62

    General Configura tion Command Set Managing the Management Authen tica tion Notification MIB 2-36 Matrix NSA Series Configuration Guide 2.2.2 Managing the Management A uthentication Notification MIB Purpose This MIB provides controls for enabling/disabling th e sending of SNMP notifications when a user login authentication event occu rs for various[...]

  • Page 63

    General Configura tion Command Set Managing th e Management Authe ntication Notifica tion MIB Matrix NSA Series Configuration Guide 2-37 2.2.2.1 show mgmt-auth-notify Use this command to display th e current setting for the Manageme nt Authentication Notification MIB. show mgmt-auth-notify Synt ax Description None. Command Default s None. Command T[...]

  • Page 64

    General Configura tion Command Set Managing the Management Authen tica tion Notification MIB 2-38 Matrix NSA Series Configuration Guide 2.2.2.2 set mgmt-auth-notify Use this command to either enab le or disable the Man agement Authentication Notification MIB. By selecting the optional Mana gement access type, a u ser can specifically enable or disa[...]

  • Page 65

    General Configura tion Command Set Managing th e Management Authe ntication Notifica tion MIB Matrix NSA Series Configuration Guide 2-39 Examples This example shows how to set all the authentication types to b e disabled on the Management Authentication Notification MIB. That in formation is then displayed with the show comma nd: This example shows[...]

  • Page 66

    General Configura tion Command Set Managing the Management Authen tica tion Notification MIB 2-40 Matrix NSA Series Configuration Guide 2.2.2.3 clear mgmt-auth-notify Use this command to set the current setting for the Management Authenti cation Notification access types to the default setting of enabled. clear mgmt-auth-notify Synt ax Description [...]

  • Page 67

    General Configura tion Command Set Managing th e Management Authe ntication Notifica tion MIB Matrix NSA Series Configuration Guide 2-41 Example This example displays the state of Management Authentication No tification access types prior to using the clear command, then displays the sa me information after using the clea r command: Matrix(su)->[...]

  • Page 68

    General Configura tion Command Set Setting Basic Device Properties 2-42 Matrix NSA Series Configuration Guide 2.2.3 Setting Basic Device Pro perties Purpose T o display a nd set the system IP address a nd other basic system (device) pr operties, including time, contact name and alias, physical asset IDs for terminal output, timeout, and version inf[...]

  • Page 69

    General Configura tion Command Set Setting Basic Device Properties Matrix NSA Series Configuration Guide 2-43 • set summertime date ( Section 2.2.3.16 ) • set summertime recurring ( Section 2.2.3.17 ) • clear summertime ( Section 2.2.3.18 ) • set prompt ( Section 2.2.3.19 ) • set cli completion ( Section 2.2.3.20 ) • loop ( Section 2.2.[...]

  • Page 70

    General Configura tion Command Set Setting Basic Device Properties 2-44 Matrix NSA Series Configuration Guide 2.2.3.1 show ip address Use this command to display the sy stem IP address and subnet mask. show ip address Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-Only . Example This example shows [...]

  • Page 71

    General Configura tion Command Set Setting Basic Device Properties Matrix NSA Series Configuration Guide 2-45 2.2.3.2 set ip address Use this command to set the system IP ad dress, subnet mask and default gateway . set ip address ip-addr ess [ mask ip-mask ] [ gateway ip-gateway ] Synt ax Description Command Default s If not specified, ip-mask will[...]

  • Page 72

    General Configura tion Command Set Setting Basic Device Properties 2-46 Matrix NSA Series Configuration Guide 2.2.3.3 clear ip address Use this command to clear the system IP address. clear ip address Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example This example shows how to cl ear th[...]

  • Page 73

    General Configura tion Command Set Setting Basic Device Properties Matrix NSA Series Configuration Guide 2-47 2.2.3.4 show ip gratuitous-arp Use this command to disp lay the gratuitous ARP processing behavior . show ip gratuito us-arp Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-Only . Example Th[...]

  • Page 74

    General Configura tion Command Set Setting Basic Device Properties 2-48 Matrix NSA Series Configuration Guide 2.2.3.5 set ip gratuitous-arp Use this command to control the gr atuitous ARP processing be havior . set ip gratuitous-arp [request] [reply] [both] ] Synt ax Description Command Default s Disabled by default Command T ype Switch command. Co[...]

  • Page 75

    General Configura tion Command Set Setting Basic Device Properties Matrix NSA Series Configuration Guide 2-49 2.2.3.6 clear i p gratuitous-arp Use this command to stop a ll gratuitous ARP processing. clear ip gratuitous-arp Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example This example[...]

  • Page 76

    General Configura tion Command Set Setting Basic Device Properties 2-50 Matrix NSA Series Configuration Guide 2.2.3.7 show system Use this command to display system information, including contact informa tion, power an d fan tray status and uptime. show system Synt ax Description None. Command Default s None. Command T ype Switch command. Command M[...]

  • Page 77

    General Configura tion Command Set Setting Basic Device Properties Matrix NSA Series Configuration Guide 2-51 T able 2-6 show system Output Det ails Output What It Displays... System contact Contact person for the sy stem. Default of a blank string can be changed with the se t system contact command ( Section 2.2.3.28 ). System location Where the s[...]

  • Page 78

    General Configura tion Command Set Setting Basic Device Properties 2-52 Matrix NSA Series Configuration Guide 2.2.3.8 show system hardware Use this command to display the system’ s hardware configuration. show system hardware Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-Only . Example The examp[...]

  • Page 79

    General Configura tion Command Set Setting Basic Device Properties Matrix NSA Series Configuration Guide 2-53 Matrix(rw)-> show system h ardware CHASSIS HARDWARE INFORMATION ---------------------------- Chassis Type: Ma trix N Standalone Platfo rm Chassis Serial Number: 0001a300611b Power Supply 1: Not Installed Power Supply 2: Installed & O[...]

  • Page 80

    General Configura tion Command Set Setting Basic Device Properties 2-54 Matrix NSA Series Configuration Guide 2.2.3.9 show system utilization Use this command to display system resource utilization information. show system utilization [ cpu | process | storage ] [ slot slot ] Synt ax Description Command Default s • If not specified, CPU, process,[...]

  • Page 81

    General Configura tion Command Set Setting Basic Device Properties Matrix NSA Series Configuration Guide 2-55 ** Output continued from previous page ** Process Utilization: Slot: 1 CPU: 1 Name Pr ocID 5 sec 1 min 5 min --------------------------------- --------------------------- CLI 1 0.0% 0.0% 0.0% Chassis Data Synchronization 2 0.0% 0.0% 0.0% Co[...]

  • Page 82

    General Configura tion Command Set Setting Basic Device Properties 2-56 Matrix NSA Series Configuration Guide ** Output continued from previo us page ** Name ProcID 5 sec 1 min 5 min ------------------------------- ----------------------------- Switch Web Server 34 1.4% 1.4% 1.4% Router Misc. 35 0.0% 0.0% 0.0% Router Multicast 36 0.0% 0.0% 0.0% Rou[...]

  • Page 83

    General Configura tion Command Set Setting Basic Device Properties Matrix NSA Series Configuration Guide 2-57 2.2.3.10 set system utilization threshold Use this command to set the threshold for sending CPU utilization notification messages. Th e value range is [1..1000] and represents the % of system uti lization to use as the trap threshold. set s[...]

  • Page 84

    General Configura tion Command Set Setting Basic Device Properties 2-58 Matrix NSA Series Configuration Guide 2.2.3.1 1 clear system utilization Use this command to clear the threshold for sending CPU utilization notification messages. clear system utilization Synt ax Description None. Command Default s None. Command T ype Switch command. Command M[...]

  • Page 85

    General Configura tion Command Set Setting Basic Device Properties Matrix NSA Series Configuration Guide 2-59 2.2.3.12 show time Use this command to display the current time of day in the system clock. show time Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-Only . Example This example shows how to[...]

  • Page 86

    General Configura tion Command Set Setting Basic Device Properties 2-60 Matrix NSA Series Configuration Guide 2.2.3.13 set t ime Use this command to ch ange the time of day on the system cl ock. set time [ mm/dd/yyyy ] [ hh:mm:ss ] Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example This examp[...]

  • Page 87

    General Configura tion Command Set Setting Basic Device Properties Matrix NSA Series Configuration Guide 2-61 2.2.3.14 show summertime Use this command to display daylight savings time setti ngs. show summertime Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-Only . Example This example shows how to[...]

  • Page 88

    General Configura tion Command Set Setting Basic Device Properties 2-62 Matrix NSA Series Configuration Guide 2.2.3.15 set summertime Use this command to enable or disa ble the daylight savings time function. set summertime { enable | disable } [ zone ] Synt ax Description Command Default s If a zone name is not specified, none will be applied. Com[...]

  • Page 89

    General Configura tion Command Set Setting Basic Device Properties Matrix NSA Series Configuration Guide 2-63 2.2.3.16 set summertime date Use this command to configure specific dates to start and stop daylight savings time. These settings will be non-recurring and will have to be reset annuall y . set summertime date start_month start_date s tart_[...]

  • Page 90

    General Configura tion Command Set Setting Basic Device Properties 2-64 Matrix NSA Series Configuration Guide Example This example shows how to set a da ylight savings time start date of April 4, 2004 at 2 a.m. and an ending date of Octo ber 31, 2004 at 2 a.m. with an offset time of one hour: Matrix(rw)-> set summertime date April 4 2004 02:00 O[...]

  • Page 91

    General Configura tion Command Set Setting Basic Device Properties Matrix NSA Series Configuration Guide 2-65 2.2.3.17 set summertime recurring Use this command to configure recurring dayli ght savings time settings. These settings will start and stop daylight savings time at the specified day of the month and hour each year and will not have to be[...]

  • Page 92

    General Configura tion Command Set Setting Basic Device Properties 2-66 Matrix NSA Series Configuration Guide Example This example shows how set daylight savings time to recur start date of April 4, 2004 at 2 a .m. and an ending date of Octo ber 31, 2004 at 2 a.m. with an of fset time of one hour: Matrix(rw)-> set summertime recu rring first Sun[...]

  • Page 93

    General Configura tion Command Set Setting Basic Device Properties Matrix NSA Series Configuration Guide 2-67 2.2.3.18 clear summertime Use this command to clear the da ylight savings time configuration. clear summertime Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example This example sh[...]

  • Page 94

    General Configura tion Command Set Setting Basic Device Properties 2-68 Matrix NSA Series Configuration Guide 2.2.3.19 set p rompt Use this command to modi fy the command prompt. set prompt “pr ompt_string” Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example This example shows how to set t[...]

  • Page 95

    General Configura tion Command Set Setting Basic Device Properties Matrix NSA Series Configuration Guide 2-69 2.2.3.20 set cli completion Use this command to enable or disable the CLI comm and completion func tion . When enabled, t his allows you to complete a un ique CLI command fragment using the keyboard spacebar . set cli completion { enable | [...]

  • Page 96

    General Configura tion Command Set Setting Basic Device Properties 2-70 Matrix NSA Series Configuration Guide 2.2.3.21 loop Use this command to execute a command loop. loop count [ delay ] [ -r ] Synt ax Description Command Default s • If a delay is not specified, none will be set. • If not specified, the cu rsor will not refresh. Command T ype[...]

  • Page 97

    General Configura tion Command Set Setting Basic Device Properties Matrix NSA Series Configuration Guide 2-71 2.2.3.22 show banner mot d Use this command to show the banner message of the day tha t w ill display at session login. show banner motd Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-Only [...]

  • Page 98

    General Configura tion Command Set Setting Basic Device Properties 2-72 Matrix NSA Series Configuration Guide 2.2.3.23 set b anner mot d Use this command to set the banner messag e of the day displayed at session login. set banner motd message Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Exampl[...]

  • Page 99

    General Configura tion Command Set Setting Basic Device Properties Matrix NSA Series Configuration Guide 2-73 2.2.3.24 clear banner mot d Use this command to clear the banner message of the day displayed at ses sion login to a blank string. clear banner motd Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mod[...]

  • Page 100

    General Configura tion Command Set Setting Basic Device Properties 2-74 Matrix NSA Series Configuration Guide 2.2.3.25 show version Use this command to display hardware and firmware information. Refer to Section 2.2.5 for instructions on how to do wnload a firmware image. show version Synt ax Description None. Command Default s None. Command T ype [...]

  • Page 101

    General Configura tion Command Set Setting Basic Device Properties Matrix NSA Series Configuration Guide 2-75 2.2.3.26 set system name Use this command to config ure a name for the system. set system name [ string ] Synt ax Description Command Default s If string is not specified, the syst em name will be cleared. Command T ype Switch command. Comm[...]

  • Page 102

    General Configura tion Command Set Setting Basic Device Properties 2-76 Matrix NSA Series Configuration Guide 2.2.3.27 set syst em location Use this command to identify the location of the system. set system location [ string ] Synt ax Description Command Default s If string is not specified, the loca tion name will be cleared. Command T ype Switch[...]

  • Page 103

    General Configura tion Command Set Setting Basic Device Properties Matrix NSA Series Configuration Guide 2-77 2.2.3.28 set system cont act Use this command to identify a contact person for the system. set system contact [ string ] Synt ax Description Command Default s If string is not specified, the co ntact name will be cleared. Command T ype Swit[...]

  • Page 104

    General Configura tion Command Set Setting Basic Device Properties 2-78 Matrix NSA Series Configuration Guide 2.2.3.29 set w id th Use this command to set the number of columns for the terminal co nnected to the device’ s console port. The length of the CLI is set using the set length command as d esc r ibe d in Section 2.2.3.30 . set width scr e[...]

  • Page 105

    General Configura tion Command Set Setting Basic Device Properties Matrix NSA Series Configuration Guide 2-79 2.2.3.30 set length Use this command to set the number of lines the CLI will display . set length scr eenlength Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example This example shows h[...]

  • Page 106

    General Configura tion Command Set Setting Basic Device Properties 2-80 Matrix NSA Series Configuration Guide 2.2.3.31 show logout Use this command to display the time (in seconds) an idle console or T elnet CLI session will remain connected before timing out. show logout Synt ax Description None. Command Default s None. Command T ype Switch comman[...]

  • Page 107

    General Configura tion Command Set Setting Basic Device Properties Matrix NSA Series Configuration Guide 2-81 2.2.3.32 set logout Use this command to set the time (in minutes) an i dle console or T elnet CLI session will remain connected before timing out. set logout timeout Synt ax Description Command Default s None. Command T ype Switch command. [...]

  • Page 108

    General Configura tion Command Set Setting Basic Device Properties 2-82 Matrix NSA Series Configuration Guide 2.2.3.33 show physical alias Use this command to display th e alias, a text name, for one or more physical objects . show physical alias [ chassis ] | [ slot slot ] | [ backplane ba ckplane ] | [ module module ] |[ powersupply powersupply ][...]

  • Page 109

    General Configura tion Command Set Setting Basic Device Properties Matrix NSA Series Configuration Guide 2-83 Example This example shows how to display physical alia s information for the chassi s. In this case, the chassis entity is 1 and there is no al ias currently set for the chassis: Matrix(rw)-> show physical alias chassis chassis-1 alias=[...]

  • Page 110

    General Configura tion Command Set Setting Basic Device Properties 2-84 Matrix NSA Series Configuration Guide 2.2.3.34 set p hysical alias Use this command to set the alias, a text name, for a physical object. set physical alias { [ chassis ] [ slot slot ] [ backplane backplane ] [ mod ul e module ] [ powersupply powersupply ] [ powersupply-slot po[...]

  • Page 111

    General Configura tion Command Set Setting Basic Device Properties Matrix NSA Series Configuration Guide 2-85 Command Mode Read-W rite. Example This example shows how to set the alias for the chassis to “chassisone”: Matrix(rw)-> set physical alias chassis chassisone[...]

  • Page 112

    General Configura tion Command Set Setting Basic Device Properties 2-86 Matrix NSA Series Configuration Guide 2.2.3.35 clear physical alias Use this command to reset the alias for a physical object to a zero-length string. clear physical alias {[ chassis ] [ slot slot ] [ backplane backplane ] [ module module ] [ powersupply powersupply ] [ powersu[...]

  • Page 113

    General Configura tion Command Set Setting Basic Device Properties Matrix NSA Series Configuration Guide 2-87 2.2.3.36 show physical assetid Use this command to display the asset ID for a module. show physical assetid module module Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-Only . Example This exampl[...]

  • Page 114

    General Configura tion Command Set Setting Basic Device Properties 2-88 Matrix NSA Series Configuration Guide 2.2.3.37 set p hysical assetid Use this command to set the asset ID for a module. set physical assetid mod ule module string Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example This ex[...]

  • Page 115

    General Configura tion Command Set Setting Basic Device Properties Matrix NSA Series Configuration Guide 2-89 2.2.3.38 clear physical assetid Use this command to reset the asset ID for a moduleto a zero-length st ring. clear physical assetid module module Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W [...]

  • Page 116

    General Configura tion Command Set Activating Licensed Fe atures 2-90 Matrix NSA Series Configuration Guide 2.2.4 Activating Licensed F eatures In order to enable advanced features , such as ro uting proto cols, and extended ACLs on a Matrix Series device , you must purchase and activate a license key . If you have purchased a license, you can proc[...]

  • Page 117

    General Configura tion Command Set Activating Lice nsed Features Matrix NSA Series Configuration Guide 2-91 2.2.4.1 set license When an advanced license is available, use this command to activate licen sed features. If this is available on your Matrix Series device, a unique license key will display in the show license command output. Synt ax Descr[...]

  • Page 118

    General Configura tion Command Set Activating Licensed Fe atures 2-92 Matrix NSA Series Configuration Guide 2.2.4.2 show license When available and activated, use this command to display your license key . show license Synt ax Description None. Command T ype Switch command. Command Mode Read-W rite. Command Default s None. Example This example show[...]

  • Page 119

    General Configura tion Command Set Activating Lice nsed Features Matrix NSA Series Configuration Guide 2-93 2.2.4.3 clear l icense Use this command to clear license key settings. Synt ax Description Command T ype Switch command. Command Mode Read-W rite. Command Default s If not specified, the license settings will be cleared from all modules. Exam[...]

  • Page 120

    General Configura tion Command Set Downloading a New Firmware Image 2-94 Matrix NSA Series Configuration Guide 2.2.5 Downloading a New Firmware Image Y ou can upgrade the operational firmware in the M atrix Series device without ph ysically opening the device or being in the same location. There are three ways to download firmware to the device: ?[...]

  • Page 121

    General Configura tion Command Set Downloading a New F irmware Imag e Matrix NSA Series Configuration Guide 2-95 2.2.5.1 Downloading from an FTP or TFTP Server T o perform an FTP or TFTP do wnload, proceed as follows: 1. If you have not already done so, set the device’s IP address using the set ip address command as detailed in Section 2.2.3.2 . [...]

  • Page 122

    General Configura tion Command Set Downloading a New Firmware Image 2-96 Matrix NSA Series Configuration Guide 3. Type 2 . The following baud rate selection screen displays: 4. Type 8 to set the device baud rate to 115200 . The following message displays: 5. Set the terminal baud rate to 1152 00 and press ENTER. 6. Type download to start the ZMODEM[...]

  • Page 123

    General Configura tion Command Set Reviewing and Selecting a Boot Firmware Imag e Matrix NSA Series Configuration Guide 2-97 11. Type boot to reboot the device. The following mess ag e indicates the downloaded image booted successfully: 2.2.6 Reviewing and Selecting a Boot Firmware Image Purpose T o display and set the image file the device loads a[...]

  • Page 124

    General Configura tion Command Set Reviewing and Selecting a Bo ot Firmware Image 2-98 Matrix NSA Series Configuration Guide 2.2.6.1 show boot system Use this command to display the fi rmware image the system will load at the next system reset. The system must be reset by software for the new boot image to take ef fect at startup. If the chassis is[...]

  • Page 125

    General Configura tion Command Set Reviewing and Selecting a Boot Firmware Imag e Matrix NSA Series Configuration Guide 2-99 2.2.6.2 set boot system Use this command to set the firmwa re image the switch loads at startu p. This is the image that will be loaded automatically afte r th e system has been reset. Although it is not necessary to choose t[...]

  • Page 126

    General Configura tion Command Set S tarti ng and Configuring T elnet 2-100 Matrix NSA Series Configuration Guide 2.2.7 St arting and Configuring T e lnet Purpose T o enable or disable T elne t, and to start a T elnet session to a remote host. The Matrix Series device allows a total of four inbound and / or ou tbound T elnet session to run simultan[...]

  • Page 127

    General Configura tion Command Set S tarting and Configurin g T elnet Matrix NSA Series C onfiguration Guide 2 -101 2.2.7.1 show telnet Use this command to display the status of T elnet on the device. show telnet Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-Only . Example This example shows how t[...]

  • Page 128

    General Configura tion Command Set S tarti ng and Configuring T elnet 2-102 Matrix NSA Series Configuration Guide 2.2.7.2 set telnet Use this command to enable or disable T elnet on the device. set telnet { enable | disabl e }{ inbound | outbound | all } Synt ax Description Command Default s None. Command Mode Read-W rite. Example This example show[...]

  • Page 129

    General Configura tion Command Set S tarting and Configurin g T elnet Matrix NSA Series C onfiguration Guide 2 -103 2.2.7.3 telnet Use this command to start a T elnet connection to a remote host. Th e Matrix Series de vice allows a total of four inb ound and / or outbound T elnet session to run simultaneously . telnet host [ port ] Synt ax Descript[...]

  • Page 130

    General Configura tion Command Set S tarti ng and Configuring T elnet 2-104 Matrix NSA Series Configuration Guide 2.2.7.4 show router telnet Use this command to display the state of T elnet service to the router . show router telnet Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-Only . Example This[...]

  • Page 131

    General Configura tion Command Set S tarting and Configurin g T elnet Matrix NSA Series C onfiguration Guide 2 -105 2.2.7.5 set router telnet Use this command to enable or disable T elnet service to the router interface IP address. set router telnet { enable | disable } Synt ax Description None. Command Default s None. Command T ype Switch command.[...]

  • Page 132

    General Configura tion Command Set S tarti ng and Configuring T elnet 2-106 Matrix NSA Series Configuration Guide 2.2.7.6 clear router telnet Use this command to reset T elnet service to th e router to the default state of dis able d. clear router telnet Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Re[...]

  • Page 133

    General Configura tion Command Set Managing Confi guration and Image Files Matrix NSA Series C onfiguration Guide 2 -107 2.2.8 Managin g Co nfiguration and Image Files Matrix Series devices provide a single configura tion interface which allows you to perform both switch and router configuration with the same co mmand set. The Matrix Series devices[...]

  • Page 134

    General Configura tion Command Set Managing Configura tion and Image Files 2-108 Matrix NSA Series Configuration Guide 2.2.8.1 dir Use this command to list file s stored in the file system. dir [ filename ] Synt ax Description Command T ype Switc h. Command Mode Read-Only . Command Default s If filename is not specified, all files in the system wil[...]

  • Page 135

    General Configura tion Command Set Managing Confi guration and Image Files Matrix NSA Series C onfiguration Guide 2 -109 Location Modules on which this image resides. Compatibility Module types on which t his image is qualified to run. Attempting to run an incomp atible image on a given module will not succeed. Files User maintained files, such as [...]

  • Page 136

    General Configura tion Command Set Managing Configura tion and Image Files 2-1 10 Matrix NSA Series Configuration Guide 2.2.8.2 show file Use this command to display the contents of an image or configuration file. show file filename Synt ax Description Command T ype Switc h. Command Mode Read-Only . Command Default s None. Example This example (an [...]

  • Page 137

    General Configura tion Command Set Managing Confi guration and Image Files Matrix NSA Series Configuration Guide 2-1 1 1 2.2.8.3 show config Use this command to display the system config uration or write the configuration to a file. show config [ all ] [ facility ] [ outfile outfile ] Synt ax Description Command T ype Switch. Command Mode Read-W ri[...]

  • Page 138

    General Configura tion Command Set Managing Configura tion and Image Files 2-1 12 Matrix NSA Series Configuration Guide Example This example shows how to display th e current non-default device co nfiguration: Matrix(rw)-> show config This command shows non-default configurations only. Use 'show config all' to show b oth default and no[...]

  • Page 139

    General Configura tion Command Set Managing Confi guration and Image Files Matrix NSA Series Configuration Guide 2-1 13 2.2.8.4 configure Use this command to execute a pr eviously downloaded configuration file stored on the device. configure filename [ append ] Synt ax Description Command T ype Switch. Command Mode Read-W rite. Command Default s If[...]

  • Page 140

    General Configura tion Command Set Managing Configura tion and Image Files 2-1 14 Matrix NSA Series Configuration Guide 2.2.8.5 copy Use this command to upload or downloa d an image or a CLI configuration file. copy source destination Synt ax Description Command T ype Switc h. Command Mode Read-W rite. Command Default s None. Examples This example [...]

  • Page 141

    General Configura tion Command Set Managing Confi guration and Image Files Matrix NSA Series Configuration Guide 2-1 15 This example shows how to uplo ad a configuration file via A nonymous FTP from the module in slot 3: This example shows how to copy a configuratio n file from the slot 3 directory to the slot 5 directory: Matrix(rw)-> copy slot[...]

  • Page 142

    General Configura tion Command Set Managing Configura tion and Image Files 2-1 16 Matrix NSA Series Configuration Guide 2.2.8.6 delete Use this command to remove an image or a CL I configuration file from the Matrix system. delete filename Synt ax Description Command T ype Switc h. Command Mode Read-W rite. Command Default s None. Examples This exa[...]

  • Page 143

    General Configura tion Command Set Managing Confi guration and Image Files Matrix NSA Series Configuration Guide 2-1 17 2.2.8.7 script Use this command to execute a script file. The script file must first be created on a PC and copied to the Matrix device using the copy command ( Section 2.2.8.5 ) before the script can be executed. The file can con[...]

  • Page 144

    General Configura tion Command Set Managing Configura tion and Image Files 2-1 18 Matrix NSA Series Configuration Guide When the script command parses the file and performs the command line ar gument substitution, the commands are convert ed to the following: set port alias fe.1.1 scr ipt_set_port set port vlan fe.1.1 100 modify-egress set port jum[...]

  • Page 145

    General Configura tion Command Set Enabling or Disabli ng the Path MTU Discovery Proto c ol Matrix NSA Series Configuration Guide 2-1 19 2.2.9 Enabling or Disabling the Path MTU Discovery Protocol Purpose T o enable or disable the path MTU (Maximum T ransmission Unit) discovery protoco l on the device. Because ports with transmission speeds higher [...]

  • Page 146

    General Configura tion Command Set Enablin g or Di sabling t he Path MTU Discove ry Protoc ol 2-120 Matrix NSA Series Configuration Guide 2.2.9.1 show mtu Use this command to display the status of th e pat h MTU discovery protocol on the device. show mtu Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Re[...]

  • Page 147

    General Configura tion Command Set Enabling or Disabli ng the Path MTU Discovery Proto c ol Matrix NSA Series C onfiguration Guide 2 -121 2.2.9.2 set mtu Use this command to disable or re-enable pa th MTU discovery protocol on the device. set mtu { enable | disable } Synt ax Description Command Default s None. Command T ype Switch command. Command [...]

  • Page 148

    General Configura tion Command Set Enablin g or Di sabling t he Path MTU Discove ry Protoc ol 2-122 Matrix NSA Series Configuration Guide 2.2.9.3 clear mtu Use this command to reset the state of the path MTU discovery protocol back to enabled. clear mtu Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Rea[...]

  • Page 149

    General Configura tion Command Set Pausing, Clearing and Closing the CLI Matrix NSA Series C onfiguration Guide 2 -123 2.2.10 Pausing , Cleari ng and Closing the CLI Purpose T o pause or clear the CLI screen or to close your CLI session. Commands The commands used to pause , clear and close the CLI session are listed below and described in the asso[...]

  • Page 150

    General Configura tion Command Set Pausing, Clearing and Closing the CLI 2-124 Matrix NSA Series Configuration Guide 2.2.10.1 wait Use this command to pause the CLI for a specified number of seconds be fore executing the next command. wait seconds Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Ex[...]

  • Page 151

    General Configura tion Command Set Pausing, Clearing and Closing the CLI Matrix NSA Series C onfiguration Guide 2 -125 2.2.10.2 cls (clear screen) Use this command to clear the sc reen for the current CLI session. cls Synt ax Description None . Command Default s None. Command T ype Switch command. Command Mode Read-Only . Example This example shows[...]

  • Page 152

    General Configura tion Command Set Pausing, Clearing and Closing the CLI 2-126 Matrix NSA Series Configuration Guide 2.2.10.3 exit | q uit Use either of these comman ds to leave a CLI session. exit quit Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-Only . Example This example shows how to exit a C[...]

  • Page 153

    General Configura tion Command Set Resetting the Device Matrix NSA Series C onfiguration Guide 2 -127 2.2.1 1 Resetting the Device Purpose T o reset one or more device modules , to clear the user -defined switch an d router configuration parameters, or to sche dule a system re set in order to load a new boot image. Commands The commands used to res[...]

  • Page 154

    General Configura tion Command Set Resetting the Device 2-128 Matrix NSA Series Configuration Guide 2.2.1 1.1 show reset Use this command to display inform ation about scheduled device resets. show reset Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-Only . Example This command shows how to display[...]

  • Page 155

    General Configura tion Command Set Resetting the Device Matrix NSA Series C onfiguration Guide 2 -129 2.2.1 1 .2 reset Use this command to rese t the device without losing any user -d efined configuration settings or to display information ab out device resets. reset {[ mod | system | nemcpu { mod . nemcpu }] [ cancel ]} Synt ax Description Command[...]

  • Page 156

    General Configura tion Command Set Resetting the Device 2-130 Matrix NSA Series Configuration Guide This example shows how to cancel a scheduled system reset: This example shows how to reset a Matrix Secu rity Module installed on the DFE in slot 4. Matrix(rw)-> reset cancel Reset cancelled. Matrix(rw)-> reset nemcpu 4.1 This command will rese[...]

  • Page 157

    General Configura tion Command Set Resetting the Device Matrix NSA Series C onfiguration Guide 2 -131 2.2.1 1 .3 reset at Use this command to schedule a system reset at a sp ecific future time. This feature is useful for loading a new boot im age . reset at hh:mm [ mm/dd ] [ r eason ] Synt ax Description Command Default s • If month and day are n[...]

  • Page 158

    General Configura tion Command Set Resetting the Device 2-132 Matrix NSA Series Configuration Guide 2.2.1 1.4 reset in Use this command to schedule a system reset after a specific tim e. This fe ature is useful for loading a new boot image. reset in hh:mm [ re a s o n ] Synt ax Description Command Default s If a re a s o n is not specified, none wi[...]

  • Page 159

    General Configura tion Command Set Resetting the Device Matrix NSA Series C onfiguration Guide 2 -133 2.2.1 1 .5 clear config Use this command to clear the u ser -defined switch a nd router conf iguration parameters for one or more modules. Executing clear config on one Matrix module resets that modu le back to its factory defaults. For a list of f[...]

  • Page 160

    General Configura tion Command Set Gathering T echnical Support Information 2-134 Matrix NSA Series Configuration Guide 2.2.12 Gathering T echni cal Support Information Purpose T o gather common techni cal support information. Command The command used to display technical support-related info rmation is listed below and described in the associated [...]

  • Page 161

    General Configura tion Command Set Gathering T echnica l Support Info rmation Matrix NSA Series C onfiguration Guide 2 -135 2.2.12.1 show support Use this command to display output for technical support-related commands. show support [ filename ] Synt ax Description Command Default s The following commands are executed: • show version ( Section 2[...]

  • Page 162

    General Configura tion Command Set Gathering T echnical Support Information 2-136 Matrix NSA Series Configuration Guide Example This ex ample sh ows how to execute the show support command and save the results to slot 1 as a support3.txt file: There is no display example as the list of commands is quite lengthy . Click on the hyper-links in the “[...]

  • Page 163

    Preparing the Device for Router Mode Pre-Routing Configuration T asks Matrix NSA Series C onfiguration Guide 2 -137 2.3 PREP ARING THE DEVICE FOR ROUTER MODE 2.3.1 Pre-Routing Configuration T asks The following pre-routin g tasks, as detailed in Section 2.1 and Section 2.2.1 , must be performed from the switch CLI. • S tarting up the CLI. ( Secti[...]

  • Page 164

    Preparing the Device for Router Mode Pre-Routing Configuration T asks 2-138 Matrix NSA Series Configuration Guide The example in Figure 2-8 shows how to: • Configure module 1 as a ro uting module. T able 2-9 Enabling the Switch fo r Routing T o do thi s t ask... Ty p e t h i s command... At this prompt ... For det ails, see... Ste p 1 Configure a[...]

  • Page 165

    Preparing the Device for Router Mode Reviewing and Configu ri ng Rou ting Matrix NSA Series C onfiguration Guide 2 -139 • Configure VLAN 1 on IP address 182.127.63.1 255.255.255.0 as the routing interface for that module. Figure 2-8 Enabling the Switch for Routin g 2.3.2 Reviewing and Configuring Routing Purpose T o review and configure routing .[...]

  • Page 166

    Preparing the Device for Router Mode Reviewing and Configuring Ro uting 2-140 Matrix NSA Series Configuration Guide 2.3.2.1 show router Use this command to display which modules are configured for routing. show router Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example This example shows[...]

  • Page 167

    Preparing the Device for Router Mode Reviewing and Configu ri ng Rou ting Matrix NSA Series C onfiguration Guide 2 -141 2.3.2.2 set router Use this command to config ure routing on a module. set router module Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example This example shows how to se t mo[...]

  • Page 168

    Preparing the Device for Router Mode Reviewing and Configuring Ro uting 2-142 Matrix NSA Series Configuration Guide 2.3.2.3 clear router Use this command to disable ro utin g on a module. clear router module Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example This example shows how to set disa[...]

  • Page 169

    Preparing the Device for Router Mode Reviewing and Configu ri ng Rou ting Matrix NSA Series C onfiguration Guide 2 -143 2.3.2.4 router Use this command to enable routi ng mode on a module. This must be a module previously configured for routing using the set router command as de scribed in Section 2.3.2.2 . Routing may be configured on one or two m[...]

  • Page 170

    Preparing the Device for Router Mode Enabling Router C onfiguration Modes 2-144 Matrix NSA Series Configuration Guide 2.3.3 Enabling Router Configuration Modes The Matrix CLI provides dif ferent modes of router operation for issuing a subset of commands from each mode. Ta b l e 2 - 1 1 de scribes these modes of operation. NOTE: The command prompt s[...]

  • Page 171

    Preparing the Device for Router Mode Enabling Route r Confi guration Modes Matrix NSA Series C onfiguration Guide 2 -145 Router Configuration Mode Set IP protocol parameters. T ype route r and the pr otocol name (and, for OSPF , the instance ID ) from Global or Interface Configuration mode. Matrix>Router1 (config-router)# Key Chain Configuration[...]

  • Page 172

    Preparing the Device for Router Mode Enabling Router C onfiguration Modes 2-146 Matrix NSA Series Configuration Guide Server Load Balancing (SLB) Real Server Configuration Mode Configure an LSNA T real server . Ty p e real and the real server IP addr ess from SLB Server Farm Configuration Mode. Matrix>Router1 (config-slb-real)# Server Load Balan[...]

  • Page 173

    Matrix NSA Series Configu ration Guide 3-1 3 Configuring Discovery Protocols This chapter describes how to co nfigure the discovery pro tocols supported by the firmware using CLI commands. 3.1 OVERVIEW Currently , three discovery protcols are supported: • The Enterasys Discovery (CDP), described in Section 3.2.2 , “ Enterasys Discove ry Protoco[...]

  • Page 174

    Discovery Protocols Command Set Displaying Neigh bors 3-2 Matrix NSA Series Configuration Guide 3.2.1.1 show neighbors Use this command to display Network Neigh bor Discovery information from all supported discovery protcols. show neighbors [ port-string ] Synt ax Description Command Default s If port-string is not specified, all Network Neig hbor [...]

  • Page 175

    Discovery Protocols Command Set Displaying Neigh bors Matrix NSA Series Configuration Gui de 3-3 Matrix(rw)-> show neighbor s Port Device ID Port ID Type Netw ork Address --------------------------------- --------------------------------- ----------- ge.1.1 00-01-f4-00-71-9c g e.1.27 lldp ge.1.2 00-01-f4-00-71-9c g e.1.28 lldp ge.1.3 00-01-f4-96[...]

  • Page 176

    Discovery Protocols Command Set Enterasys Discove ry Protocol 3-4 Matrix NSA Series Configuration Guide 3.2.2 Enterasys Disco very Protocol Purpose T o enable and configure the En terasys Discove ry Protocol (CDP), used to discover ne twork topology . When enabled, CDP allows Enterasys de vic es to send periodic PDUs about themselve s to neighborin[...]

  • Page 177

    Discovery Protocols Command Set Enterasys Discovery Protocol Matrix NSA Series Configuration Gui de 3-5 3.2.2.1 show cdp Use this command to display the st atus of the CDP discovery protocol and message interval on one or more ports. show cdp [ port-string ] Synt ax Description Command Default s If port-string is not specified, all CDP information [...]

  • Page 178

    Discovery Protocols Command Set Enterasys Discove ry Protocol 3-6 Matrix NSA Series Configuration Guide Ta b l e 3 - 1 provides an explanation of th e command ou tput. T able 3-1 show cdp Output Details Output What It Displays... CDP Global Status Whether CDP is glob ally auto-enabled, enabled or di sabled. The default state of auto-enabled can be [...]

  • Page 179

    Discovery Protocols Command Set Enterasys Discovery Protocol Matrix NSA Series Configuration Gui de 3-7 3.2.2.2 set cd p state Use this command to enab le or dis able the CDP discovery prot oco l on one or more ports. set cdp state { auto | disable | enable } [ port-string ] Synt ax Description Command Default s If port-string is not specified, the[...]

  • Page 180

    Discovery Protocols Command Set Enterasys Discove ry Protocol 3-8 Matrix NSA Series Configuration Guide 3.2.2.3 set cd p auth Use this command to set a global CDP authentica tion code. This va lue determines a de vice’ s CDP domain. If two or more devices ha ve the same CDP authentication co de, t hey will be entered into each other's CDP ne[...]

  • Page 181

    Discovery Protocols Command Set Enterasys Discovery Protocol Matrix NSA Series Configuration Gui de 3-9 3.2.2.4 set cd p interval Use this command to set the message interval frequency (in seconds) of the C DP discovery protocol. set cdp interval fr equency Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-[...]

  • Page 182

    Discovery Protocols Command Set Enterasys Discove ry Protocol 3-10 Matrix NSA Series Configuration Guide 3.2.2.5 set cdp hold-time Use this command to set the hold time value fo r CDP discovery protocol configuration messages. set cdp hold-time hold-time Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W r[...]

  • Page 183

    Discovery Protocols Command Set Enterasys Discovery Protocol Matrix NSA Series Configuration Guide 3-1 1 3.2.2.6 clear cd p Use this command to reset CDP discove ry protocol settings to defaults. clear cdp {[ state ] [ port-state port-string ] [ interval ] [ hold-time ] [ auth-code ]} Synt ax Description Command Default s At least one optional para[...]

  • Page 184

    Discovery Protocols Command Set Cisco Discovery Protocol 3-12 Matrix NSA Series Configuration Guide 3.2.3 Cisco Discovery Protocol Purpose T o enable and configure the Cisco Discove ry Proto col, used to discov er network topology . When enabled, the Cisco Discovery Protocol allows Cisco devices to send periodic PDUs about themselves to neighbor in[...]

  • Page 185

    Discovery Protocols Command Set Cisco Discovery Protocol Matrix NSA Series Configuration Guide 3-13 3.2.3.1 sho w ciscod p Use this command to dis play global Cisco Discov ery Protocol info rma tion. show ciscodp Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-Only . Example This example shows how t[...]

  • Page 186

    Discovery Protocols Command Set Cisco Discovery Protocol 3-14 Matrix NSA Series Configuration Guide Holdtime (TTL) Number of seconds ne ighboring devices will hold PDU transmissions from the sending device. Default value of 180 can be changed with the s et ciscodp holdtim e command as described in Section 3.2.3.5 . Device ID The MAC address of the [...]

  • Page 187

    Discovery Protocols Command Set Cisco Discovery Protocol Matrix NSA Series Configuration Guide 3-15 3.2.3.2 sho w ciscod p po rt info Use this command to display summ ary information ab out the Cisco Discovery Protocol on one or more ports. show ciscodp port info [ port-string ] Synt ax Description Command Default s If port-string is not specified,[...]

  • Page 188

    Discovery Protocols Command Set Cisco Discovery Protocol 3-16 Matrix NSA Series Configuration Guide T able 3-3 show port ciscod p info Output Det ails Output What It Displays... Port Port design ation. S tate Whether CiscoDP is enabled or disabled on this port. Default state of enabled can be changed using the set ciscodp port command ( Section 3.2[...]

  • Page 189

    Discovery Protocols Command Set Cisco Discovery Protocol Matrix NSA Series Configuration Guide 3-17 3.2.3.3 set ciscod p st atus Use this command to enab le or dis able Cisco Discovery Protocol gl ob ally on the device. set ciscodp status { auto | enable | disable } Synt ax Description Command Default s None. Command T ype Switch command. Command M[...]

  • Page 190

    Discovery Protocols Command Set Cisco Discovery Protocol 3-18 Matrix NSA Series Configuration Guide 3.2.3.4 set ciscod p t imer Use this command to set the number of seconds between Cisco Discovery Protocol PDU transmissions. set ciscodp timer time Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. E[...]

  • Page 191

    Discovery Protocols Command Set Cisco Discovery Protocol Matrix NSA Series Configuration Guide 3-19 3.2.3.5 set ciscod p hold time Use this command to set the time to live (TTL) for Cisco Discovery Protoc ol PDUs. This is the amount of time (in seconds) neig hboring devices will hold PDU transmissions from the sending device. set ciscodp holdtime t[...]

  • Page 192

    Discovery Protocols Command Set Cisco Discovery Protocol 3-20 Matrix NSA Series Configuration Guide 3.2.3.6 set ciscod p p ort Use this command to set the st atus, voice VLAN, extended trus t mode, and CoS priority for untrusted traffic for the Cisco Discove ry Protocol on one or more ports. set ciscodp port { [ status { disable | enable }] [ vv id[...]

  • Page 193

    Discovery Protocols Command Set Cisco Discovery Protocol Matrix NSA Series Configuration Guide 3-21 Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. status Set the CiscoDP port operational status disable Do not transmit or process CiscoDP PDUs enable T ransmit and process CiscoDP PDUs vvid Set the [...]

  • Page 194

    Discovery Protocols Command Set Cisco Discovery Protocol 3-22 Matrix NSA Series Configuration Guide Examples This example shows how to set th e Cisco DP port voice VLAN ID to 3 on port fe.1. 6 and enable the port operational state: This example shows how to set th e Cisco DP extended trust mode to untrusted on port fe. 1.5 and set the CoS priority [...]

  • Page 195

    Discovery Protocols Command Set Cisco Discovery Protocol Matrix NSA Series Configuration Guide 3-23 3.2.3.7 clear ciscodp Use this command to clear the Cisco Discov ery Protocol back to the default values. clear ciscodp { [ status | timer | holdtime | port { status | vvid | trust-ext | cos-ext }] } < port-string> Synt ax Description Command D[...]

  • Page 196

    Discovery Protocols Command Set Cisco Discovery Protocol 3-24 Matrix NSA Series Configuration Guide This example shows how to clear the Ci sco DP port status on port fe.1.5: Matrix> clear ciscodp port statu s fe.1.5[...]

  • Page 197

    Discovery Protocols Command Set Link Layer Discovery Protocol and LLDP-MED Matrix NSA Series Configuration Guide 3-25 3.2.4 Link Layer Discover y Protocol and LLDP-MED The IEEE 802.1AB standard, common ly referred to as the Link Layer Discovery Protocol (LLDP), is described in “IEEE 802.1AB-2005 Edition, IEEE S tandard for Local and Metropolitan [...]

  • Page 198

    Discovery Protocols Command Set Link Layer Discovery Protocol and LLDP-MED 3-26 Matrix NSA Series Configuration Guide The standard specifies that certa in TL Vs are mand atory in transmitted LLDPDUs, while others are optional. Y o u can configure on a port-specific basis which optional LLDP and LLDP-MED TL Vs should be sent in LLDPDUs. Configuratio[...]

  • Page 199

    Discovery Protocols Command Set Link Layer Discovery Protocol and LLDP-MED Matrix NSA Series Configuration Guide 3-27 • show lldp port local-info ( Section 3.2.4.6 ) • show lldp port remote-info ( Section 3.2.4.7 ) • show lldp port network -policy ( Section 3.2.4.8 ) • set lldp tx-interval ( Section 3.2.4.9 ) • set lldp hold-multiplier ( [...]

  • Page 200

    Discovery Protocols Command Set Link Layer Discovery Protocol and LLDP-MED 3-28 Matrix NSA Series Configuration Guide 3.2.4.1 show lld p Use this command to display LLDP configuration information. show lldp Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-Only . Example This example shows how to disp[...]

  • Page 201

    Discovery Protocols Command Set Link Layer Discovery Protocol and LLDP-MED Matrix NSA Series Configuration Guide 3-29 3.2.4.2 show lld p port st atus Use this command to display the LLDP status of one or more ports. The command lists the ports that are enabled to send and receive LLDPPDUs . Ports are enabled or disabled w ith the set lldp port stat[...]

  • Page 202

    Discovery Protocols Command Set Link Layer Discovery Protocol and LLDP-MED 3-30 Matrix NSA Series Configuration Guide 3.2.4.3 show lld p port trap Use this command to display the ports that are en abled to send an LLDP no tification when a remote system change has been detected or an LLDP-MED notification when a change in th e topology has been sen[...]

  • Page 203

    Discovery Protocols Command Set Link Layer Discovery Protocol and LLDP-MED Matrix NSA Series Configuration Guide 3-31 3.2.4.4 show lld p port tx-tlv Use this command to display info rmation abou t which optional TL Vs have been configured to be transmitted on ports. Ports are configur ed to send optional T L Vs with the set lldp port tx-tlv command[...]

  • Page 204

    Discovery Protocols Command Set Link Layer Discovery Protocol and LLDP-MED 3-32 Matrix NSA Series Configuration Guide 3.2.4.5 show lld p port location-info Use this command to display conf igured location information for one or more ports. Ports are configured with a lo cation value using the set lldp port location-info command. show lldp port loca[...]

  • Page 205

    Discovery Protocols Command Set Link Layer Discovery Protocol and LLDP-MED Matrix NSA Series Configuration Guide 3-33 3.2.4.6 show lld p port local-info Use this command to display the lo cal system information stored for one or more ports. Y ou can use this information to detect misconfigurations or incompatibilities between the local port and the[...]

  • Page 206

    Discovery Protocols Command Set Link Layer Discovery Protocol and LLDP-MED 3-34 Matrix NSA Series Configuration Guide Ta b l e 3 - 4 describes the information displayed by the show lldp port local-info command. Operational Speed/Duplex/Type : 100 full tx Max Frame Size (bytes) : 1522 Vlan Id : 1 LAG Supported/Enabled/Id : no/no/0 Protocol Id : Span[...]

  • Page 207

    Discovery Protocols Command Set Link Layer Discovery Protocol and LLDP-MED Matrix NSA Series Configuration Guide 3-35 Chassis ID Mandatory basic LLDP TL V that identifies the chassis transmitting the LLDPDU. V alue is MAC address of chassis. Sys Name Optional basic LLDP TL V . V alu e is the administratively assigned name for the system. Sys Desc O[...]

  • Page 208

    Discovery Protocols Command Set Link Layer Discovery Protocol and LLDP-MED 3-36 Matrix NSA Series Configuration Guide Network Policy (app/tag/vlanId/cos/dscp) L LDP -MED Extensions Networ k Poli cy TL V . For all applications enabled on the port to be tran smitted in a TL V , displays the application name, VLAN t ype (tagged or untagged), VLAN Id, [...]

  • Page 209

    Discovery Protocols Command Set Link Layer Discovery Protocol and LLDP-MED Matrix NSA Series Configuration Guide 3-37 PoE Power Limit (mW) LLDP-MED Extensio ns Extended Powe r via MDI TL V . Displayed only when a port ha s PoE capabilities. Indicates the total power the po rt is capable of sourcing over a maximum length cable, based on its current [...]

  • Page 210

    Discovery Protocols Command Set Link Layer Discovery Protocol and LLDP-MED 3-38 Matrix NSA Series Configuration Guide 3.2.4.7 show lld p port remote-info Use this command to display the remote system information stored fo r a remote de vice connected to a local port. Y ou can use this information to detect misconfigura tions or incompatibilities be[...]

  • Page 211

    Discovery Protocols Command Set Link Layer Discovery Protocol and LLDP-MED Matrix NSA Series Configuration Guide 3-39 Note that the information fields displayed by the show lldp port remote-info command will vary , depending on the type of remote device that is co nnected to the port . Ta b l e 3 - 5 des cribes the output fields that are unique to [...]

  • Page 212

    Discovery Protocols Command Set Link Layer Discovery Protocol and LLDP-MED 3-40 Matrix NSA Series Configuration Guide 3.2.4.8 show lld p port network-policy Use this command to display LLDP port network policy config uration info rmation. Network policy information is configured using the set lldp port network - policy command. show lldp port netwo[...]

  • Page 213

    Discovery Protocols Command Set Link Layer Discovery Protocol and LLDP-MED Matrix NSA Series Configuration Guide 3-41 Command T ype Switch command. Command Mode Read-Only . Example This example shows how to display all LLD P network policy information for ge.1.1. Matrix(ro)->show lldp port networ k-policy all ge.1.1 Ports Application S tate Tag [...]

  • Page 214

    Discovery Protocols Command Set Link Layer Discovery Protocol and LLDP-MED 3-42 Matrix NSA Series Configuration Guide 3.2.4.9 set lld p tx-interval Use this command to set the time, in seconds , between successive LLDP frame transmissions initiated by changes in the LLDP local system information. set lldp tx-interval fr equenc y Synt ax Description[...]

  • Page 215

    Discovery Protocols Command Set Link Layer Discovery Protocol and LLDP-MED Matrix NSA Series Configuration Guide 3-43 3.2.4.10 set lld p hold-multiplier Use this command to set the time-to-live valu e used in LLDP frames sent by this device . The time-to-live for LLDPDU data is calculated by multiplying the transmit interval by the hold multiplier [...]

  • Page 216

    Discovery Protocols Command Set Link Layer Discovery Protocol and LLDP-MED 3-44 Matrix NSA Series Configuration Guide 3.2.4.1 1 set lld p trap-in terval Use this command to set the mini mum interval between LLDP notific ations sent by this de vice. LLDP notifications are sent when a remo te system change has been detected. s et lldp trap-interval f[...]

  • Page 217

    Discovery Protocols Command Set Link Layer Discovery Protocol and LLDP-MED Matrix NSA Series Configuration Guide 3-45 3.2.4.12 set lld p med-fast-repeat Network connectivity devices tran smit only LLDP TL Vs in LLDPDUs until they detect that an LLDP-MED endpoint device has connected to a port. At that point, the netw ork connectivity device starts [...]

  • Page 218

    Discovery Protocols Command Set Link Layer Discovery Protocol and LLDP-MED 3-46 Matrix NSA Series Configuration Guide 3.2.4.13 set lldp port st atus Use this command to enable or disable transmitting and processing received LLDPDUs on a port or range of p orts. set lldp port status { tx-enable | rx-enable | both | disable } port-string Synt ax Desc[...]

  • Page 219

    Discovery Protocols Command Set Link Layer Discovery Protocol and LLDP-MED Matrix NSA Series Configuration Guide 3-47 3.2.4.14 set lld p port trap Use this command to enable or disable sending LLDP notifications (traps) when a remote system change is detected. set lldp port trap { enable | disable } port-st ring Synt ax Description Command Default [...]

  • Page 220

    Discovery Protocols Command Set Link Layer Discovery Protocol and LLDP-MED 3-48 Matrix NSA Series Configuration Guide 3.2.4.15 set lld p port med-trap Use this command to enable or disable sending an LLDP-MED notification when a change in the topology has been sensed on the port (that is, a remote endp oint device has been attach ed or removed from[...]

  • Page 221

    Discovery Protocols Command Set Link Layer Discovery Protocol and LLDP-MED Matrix NSA Series Configuration Guide 3-49 3.2.4.16 set lld p port location-info Use this command to configure LLDP-MED location information on a port or range of ports. Currently , only Emergency Call Services (ECS ) Emer gency Location Ide ntifica tion Number (ELIN) is sup[...]

  • Page 222

    Discovery Protocols Command Set Link Layer Discovery Protocol and LLDP-MED 3-50 Matrix NSA Series Configuration Guide 3.2.4.17 set l ld p port tx-tlv Use this command to select the optional LLDP and LLDP-MED TL Vs to be transmitted in LLDPDUs by the specified port or ports. Use the show lldp port local-in fo command to display the values of these T[...]

  • Page 223

    Discovery Protocols Command Set Link Layer Discovery Protocol and LLDP-MED Matrix NSA Series Configuration Guide 3-51 mac-phy MAC-PHY Configuration/S tatus IEEE 802.3 Extensions TL V . V alue sent includes the operational MAU type, duplex, and speed of the port. poe Power via MDI IEEE 802.3 Extensions TL V . V alues sent include wh ether pair selec[...]

  • Page 224

    Discovery Protocols Command Set Link Layer Discovery Protocol and LLDP-MED 3-52 Matrix NSA Series Configuration Guide Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example This example configures the management address, MED capability , MED network policy , and MED location identification TL Vs to be sent in LLDPDU[...]

  • Page 225

    Discovery Protocols Command Set Link Layer Discovery Protocol and LLDP-MED Matrix NSA Series Configuration Guide 3-53 3.2.4.18 set lld p port network-policy Use this command to config ure network policy for a set of applica tions on a port or range of ports. The policies configured with th is comman d are s ent in LLDPD Us as LLDP-MED Network Polic[...]

  • Page 226

    Discovery Protocols Command Set Link Layer Discovery Protocol and LLDP-MED 3-54 Matrix NSA Series Configuration Guide Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Usage As described in the ANSI/TIA S tandards document 1057, the Network Policy TL V is “intended for use with applications that have specific real-ti[...]

  • Page 227

    Discovery Protocols Command Set Link Layer Discovery Protocol and LLDP-MED Matrix NSA Series Configuration Guide 3-55 Example This example configures the voice ap plication TL V on port fe.2.1 an d then configures the port to send the Network Policy TL V . Matrix(rw)->set lldp port network -policy voice state enable tag ta gged vlan dot1p fe.2.1[...]

  • Page 228

    Discovery Protocols Command Set Link Layer Discovery Protocol and LLDP-MED 3-56 Matrix NSA Series Configuration Guide 3.2.4.19 clear lldp Use this command to return LLDP parameters to their default values. clear lldp { all | tx-interval | hold-multipler | trap-interval | med-fast-repeat } Synt ax Description Command Default s None. Command T ype Sw[...]

  • Page 229

    Discovery Protocols Command Set Link Layer Discovery Protocol and LLDP-MED Matrix NSA Series Configuration Guide 3-57 3.2.4.20 clear lld p port st atus Use this command to return the port status to the default value of both (both transmitting and processing received LLDPDUs are enabled). clear lldp port status port-string Synt ax Description Comman[...]

  • Page 230

    Discovery Protocols Command Set Link Layer Discovery Protocol and LLDP-MED 3-58 Matrix NSA Series Configuration Guide 3.2.4.21 clear lldp port trap Use this command to return th e po rt LLDP trap setting to the default value of di sabled. clear lldp port trap port-string Synt ax Description Command Default s None. Command T ype Switch command. Comm[...]

  • Page 231

    Discovery Protocols Command Set Link Layer Discovery Protocol and LLDP-MED Matrix NSA Series Configuration Guide 3-59 3.2.4.22 clear lld p port med-trap Use this command to return the port LLDP-MED trap setting to the default value of disabled. clear lldp port med-trap port-string Synt ax Description Command Default s None. Command T ype Switch com[...]

  • Page 232

    Discovery Protocols Command Set Link Layer Discovery Protocol and LLDP-MED 3-60 Matrix NSA Series Configuration Guide 3.2.4.23 clear lld p port location-info Use this command to return th e port ECS E LIN location settin g to the default value of null. clear lldp port location-info elin port-string Synt ax Description Command Default s None. Comman[...]

  • Page 233

    Discovery Protocols Command Set Link Layer Discovery Protocol and LLDP-MED Matrix NSA Series Configuration Guide 3-61 3.2.4.24 clear lld p port network-policy Use this command to return networ k policy for a set of applications on a port or range of p orts to default values. clear lldp port network-policy { all | voice | voice-signaling | guest-voi[...]

  • Page 234

    Discovery Protocols Command Set Link Layer Discovery Protocol and LLDP-MED 3-62 Matrix NSA Series Configuration Guide Command Default s At least one application (or all ) and one policy parameter must be specified. Command T ype Switch command. Command Mode Read-W rite. Example This example returns all network policy values for a ll applications on[...]

  • Page 235

    Discovery Protocols Command Set Link Layer Discovery Protocol and LLDP-MED Matrix NSA Series Configuration Guide 3-63 3.2.4.25 clear lld p p ort tx-tlv Use this command to clear the optional LLDP and LLDP-MED TL Vs to be transmitted in LLDPDUs by the specified port or po rts to the default value of disabled. clear lldp port tx-tlv {[ all ] | [ port[...]

  • Page 236

    Discovery Protocols Command Set Link Layer Discovery Protocol and LLDP-MED 3-64 Matrix NSA Series Configuration Guide Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example This example disables the management address, MED capability , MED network policy , and MED location ident ification TL Vs from being sent in LL[...]

  • Page 237

    Matrix NSA Series Configu ration Guide 4-1 4 Port Configuration This chapter describes the Port Configuratio n set of commands and how to use them. 4.1 PORT CONFIGURATION SUMMARY Console Port(s) Each Matrix Series module or standalone devi ce includes a c onsole po rt through which local management of the device can be accessed using a terminal or [...]

  • Page 238

    Port Configuration Summary Port S t ring Syntax Used in the CLI 4-2 Matrix NSA Series Configuration Guide 4.1.1 Port St ring Synt ax Used in the CLI Commands requiring a port-string parameter use the following syntax to designate port type, slo t location, and port number: port type.port gr oup.port number Where port type can be: fe for 100-Mbps Et[...]

  • Page 239

    Port Configuration Summary Port S t ring Syntax Used in the CLI Matrix NSA Series Configuration Gui de 4-3 This example shows the port-string syntax for specifying the 1-Gigabit Ethernet port 14 in port group 3. This example shows the port-string syntax for specifying Fast Ethe rnet ports 1 and 3 and Gigabit Ethernet port 1 1 in the module in chass[...]

  • Page 240

    Process Overview: Port Configurati on Port S t ring Syntax Used in the CLI 4-4 Matrix NSA Series Configuration Guide 4.2 PROCESS OVERVIEW: PORT CONFIGURATION Use the following steps as a guide to conf iguringconsole and switch ports on the device: 6. Reviewing and setting console port properties ( Section 4.3.1 )Reviewing switch port status ( Secti[...]

  • Page 241

    Port Configuration Command Set Setting Console Port Properties Matrix NSA Series Configuration Gui de 4-5 4.3 PORT CONFIGURATION COMMAND SET 4.3.1 Setting Console Port Properties Purpose T o review and set parameters for on e or more of the device’ s console ports, including baud rate, auto baud detection, st op bits and parity . Commands The com[...]

  • Page 242

    Port Configuration Command Set Setting Console Port Properties 4-6 Matrix NSA Series Configuration Guide 4.3.1.1 show console Use this command to display propertie s set for one or more co nsole ports. show console [ port-string ] Synt ax Description Command Default s If port-string is not specified, properties for al l console ports will be displa[...]

  • Page 243

    Port Configuration Command Set Setting Console Port Properties Matrix NSA Series Configuration Gui de 4-7 4.3.1.2 clear conso le Use this command to clear the properti es set for one or more console ports. clear console [ port-string ] Synt ax Description Command Default s If port-string is not specified, properties for all console ports will be cl[...]

  • Page 244

    Port Configuration Command Set Setting Console Port Properties 4-8 Matrix NSA Series Configuration Guide 4.3.1.3 show console baud Use this command to display the baud rate for one or more console ports. show console baud [ port-string ] Synt ax Description Command Default s If port-string is not specified, baud rate for all console po rts will be [...]

  • Page 245

    Port Configuration Command Set Setting Console Port Properties Matrix NSA Series Configuration Gui de 4-9 4.3.1.4 set console baud Use this command to set the baud ra te for one or more console ports. set console baud rate [ port-st ring ] Synt ax Description Command Default s If port-string is not specified, baud rate will be set for all console p[...]

  • Page 246

    Port Configuration Command Set Setting Console Port Properties 4-10 Matrix NSA Series Configuration Guide 4.3.1.5 clear console baud Use this command to clear the baud rate for one or more console ports. clear console baud [ port-string ] Synt ax Description Command Default s If port-string is not specified, baud rate w ill be cleared for all conso[...]

  • Page 247

    Port Configuration Command Set Setting Console Port Properties Matrix NSA Series Configuration Guide 4-1 1 4.3.1.6 show console flowcontrol Use this command to display the type of flow control setting for one or more console ports. show console flowcontrol [ port-string ] Synt ax Description Command Default s If port-string is not specified, the fl[...]

  • Page 248

    Port Configuration Command Set Setting Console Port Properties 4-12 Matrix NSA Series Configuration Guide 4.3.1.7 set console flowcontrol Use this command to set the type of flo w control for one or more co nsole ports. set console flowcontrol { none | ctsrts | dsrdtr } [ port-string ] Synt ax Description Command Default s If port-string is not spe[...]

  • Page 249

    Port Configuration Command Set Setting Console Port Properties Matrix NSA Series Configuration Guide 4-13 4.3.1.8 clear console flowcontrol Use this command to clear the type of fl ow control for one or more console ports. clear console flowcontrol [ port-string ] Synt ax Description Command Default s If port-string is not specified, flow control w[...]

  • Page 250

    Port Configuration Command Set Setting Console Port Properties 4-14 Matrix NSA Series Configuration Guide 4.3.1.9 show console bit s Use this command to display the number of bits per character set for one or more console ports. show console bits [ port-string ] Synt ax Description Command Default s If port-string is not specified, the bits per cha[...]

  • Page 251

    Port Configuration Command Set Setting Console Port Properties Matrix NSA Series Configuration Guide 4-15 4.3.1.10 set console bit s Use this command to set the number of bits per character for one or more console ports. set console bits num-bits [ port-string ] Synt ax Description Command Default s If port-string is not specified, bits per charac [...]

  • Page 252

    Port Configuration Command Set Setting Console Port Properties 4-16 Matrix NSA Series Configuration Guide 4.3.1.1 1 clear console bi t s Use this command to clear the number of bits per character for one or more console ports. clear console bits [ port-string ] Synt ax Description Command Default s If port-string is not specified, bits per characte[...]

  • Page 253

    Port Configuration Command Set Setting Console Port Properties Matrix NSA Series Configuration Guide 4-17 4.3.1.12 show console stopbit s Use this command to display the co nsole port stop bits per character . show console stopbits [ port-string ] Synt ax Description Command Default s If port-string is not specified, stop bits per character will be[...]

  • Page 254

    Port Configuration Command Set Setting Console Port Properties 4-18 Matrix NSA Series Configuration Guide 4.3.1.13 set console stopbit s Use this command to set the stop bits pe r character for one or more console ports. set console stopbits { one | oneandhalf | two } [ port-stri ng ] Synt ax Description Command Default s If port-string is not spec[...]

  • Page 255

    Port Configuration Command Set Setting Console Port Properties Matrix NSA Series Configuration Guide 4-19 4.3.1.14 clear console stopbit s Use this command to clear the stop bits per character for one or more console ports. clear console stopbits [ port-string ] Synt ax Description Command Default s If port-string is not specified, stop bits per ch[...]

  • Page 256

    Port Configuration Command Set Setting Console Port Properties 4-20 Matrix NSA Series Configuration Guide 4.3.1.15 show con sole p arity Use this command to display the type of parity checking set for one or m ore console ports . show console parity [ port-string ] Synt ax Description Command Default s If port-string is not specified, parity type f[...]

  • Page 257

    Port Configuration Command Set Setting Console Port Properties Matrix NSA Series Configuration Guide 4-21 4.3.1.16 set console p arity Use this command to set the parity type for one or more console ports. set console parity { none | odd | ev en | mark | space } [ port-string ] Synt ax Description Command Default s If port-string is not specified, [...]

  • Page 258

    Port Configuration Command Set Setting Console Port Properties 4-22 Matrix NSA Series Configuration Guide 4.3.1.17 clear co nsole p a rity Use this command to clear the parity type for one or more console ports. clear console parity [ port-string ] Synt ax Description Command Default s If port-string is not specified, parity type w ill be cleared f[...]

  • Page 259

    Port Configuration Command Set Reviewing Port S tatus Matrix NSA Series Configuration Guide 4-23 4.3.2 Reviewing Port St atus Purpose T o display operating statu s, duplex mode, speed , po rt type, and statistical information about traf fic received and transmitted through one or all switch ports on the device. Commands The commands used to review [...]

  • Page 260

    Port Configuration Command Set Reviewin g Po rt S tat us 4-24 Matrix NSA Series Configuration Guide 4.3.2.1 show port Use this command to display whether or not one or more ports are enabled for switching. show port [ port-string ] Synt ax Description Command Default s If port-string is not specified, operational stat us information for all ports w[...]

  • Page 261

    Port Configuration Command Set Reviewing Port S tatus Matrix NSA Series Configuration Guide 4-25 4.3.2.2 show port st atus Use this command to display oper ating and admin status, speed , duplex mode and po rt type for one or more ports on the d evice. show port status [ port-string ] [ -interesting ] Synt ax Description Command Default s If no opt[...]

  • Page 262

    Port Configuration Command Set Reviewin g Po rt S tat us 4-26 Matrix NSA Series Configuration Guide T able 4- 1 s how po rt status Outpu t Details Output What It Displays... Port Port designation. For a detailed description of possible port-string values, refer to Section 4.1.1 . Alias (truncated) Alias configured for the port. For deta ils on usin[...]

  • Page 263

    Port Configuration Command Set Reviewing Port S tatus Matrix NSA Series Configuration Guide 4-27 4.3.2.3 show port counters Use this command to display port counter statis tics detailing traffic throug h the device and through all MIB2 network device s. show port counters [ port-string ] [ switch | mib2 ] Synt ax Description Command Default s • I[...]

  • Page 264

    Port Configuration Command Set Reviewin g Po rt S tat us 4-28 Matrix NSA Series Configuration Guide Examples This example shows how to display all counter stat istics, including MIB2 network traf fic and traffic through the device for fe.3.1: This example shows how to display all fe.3.1 port counter statistics related to traf fic through the device[...]

  • Page 265

    Port Configuration Command Set Reviewing Port S tatus Matrix NSA Series Configuration Guide 4-29 Ta b l e 4 - 2 provides an explanation of th e command ou tpu t. T able 4-2 show port counter s Output Det ails Output What It Displays... Port Port designation. For a de tailed description of possible port-string values, refer to Section 4.1.1 . MIB2 I[...]

  • Page 266

    Port Configuration Command Set Reviewin g Po rt S tat us 4-30 Matrix NSA Series Configuration Guide 4.3.2.4 show port operst atuscause Use this command to display the causes configured to place operating status to a down or dormant state for one or more ports. show port operstatuscause [ port-string ] [ any ] [ modifiable ][ admin ] [ linkloss ] [ [...]

  • Page 267

    Port Configuration Command Set Reviewing Port S tatus Matrix NSA Series Configuration Guide 4-31 Command Default s If no options are specified, c auses for a ll ports will be displayed. Command T ype Switch command. Command Mode Read-Only . Example This example shows how to display operation status causes for ports ge.1.1 through 6. In this case, p[...]

  • Page 268

    Port Configuration Command Set Reviewin g Po rt S tat us 4-32 Matrix NSA Series Configuration Guide 4.3.2.5 clear port operst atuscause Use this command to override the causes configured to place operating status to a down or dormant state for one or more ports. clear port operstatuscause [ port-string ] [ admin ] [ linkflap ] [ flowlimit ] [ polic[...]

  • Page 269

    Port Configuration Command Set Disabling / Enabling and Namin g Ports Matrix NSA Series Configuration Guide 4-33 4.3.3 Disabling / Enabling and Naming Port s Purpose T o disable and re-enable one or more ports, and to as sign an alias to a port. By default, all ports are enabled at device startup. Y ou may want to disa ble ports for security or to [...]

  • Page 270

    Port Configuration Command Set Disabling / Enabl ing and Naming Ports 4-34 Matrix NSA Series Configuration Guide 4.3.3.1 set port disable Use this command to administratively disable one or more ports. set port disable port-string Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example This exampl[...]

  • Page 271

    Port Configuration Command Set Disabling / Enabling and Namin g Ports Matrix NSA Series Configuration Guide 4-35 4.3.3.2 set port enable Use this command to administrativ ely enable one or more ports. set port enable port-string Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example This example [...]

  • Page 272

    Port Configuration Command Set Disabling / Enabl ing and Naming Ports 4-36 Matrix NSA Series Configuration Guide 4.3.3.3 show port alias Use this command to display alias name(s assigned to one or more ports. show port alias [ port-string ] Synt ax Description Command Default s If port-string is not specified, aliases for al l ports will be display[...]

  • Page 273

    Port Configuration Command Set Disabling / Enabling and Namin g Ports Matrix NSA Series Configuration Guide 4-37 4.3.3.4 set port alias Use this command to assign an alias name to a port. set port alias port-string [ string ] Synt ax Description Command Default s If string is not specified, the alias assign ed to the port will be cleared. Command T[...]

  • Page 274

    Port Configuration Command Set Disabling / Enabl ing and Naming Ports 4-38 Matrix NSA Series Configuration Guide 4.3.3.5 show forcelinkdown Use this command to display the stat us of the force link do wn function. show forcelinkdown Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-Only . Example This[...]

  • Page 275

    Port Configuration Command Set Disabling / Enabling and Namin g Ports Matrix NSA Series Configuration Guide 4-39 4.3.3.6 set forcelinkdown Use this command to enable or di sable th e force link do wn function . When enabled, this forces ports in the “operstatus down” state to be come disabled. set forcelinkdown { enable | disable } Synt ax Desc[...]

  • Page 276

    Port Configuration Command Set Disabling / Enabl ing and Naming Ports 4-40 Matrix NSA Series Configuration Guide 4.3.3.7 clear forcelinkdown Use this command to resets the force link down function to the default state of disabled. clear forcelinkdown Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-W[...]

  • Page 277

    Port Configuration Command Set Setting Speed and Dupl ex Mode Matrix NSA Series Configuration Guide 4-41 4.3.4 Setting Speed and Duplex Mode Purpose T o review and set the operational speed in Mbps and the default duplex mode: Half , for half duplex, or Full , for full duplex for one or more ports. Commands The commands used to review and set port [...]

  • Page 278

    Port Configuration Command Set Setting Speed and Duplex Mode 4-42 Matrix NSA Series Configuration Guide 4.3.4.1 show port speed Use this command to display the defaul t speed setting on one or more ports. show port speed [ port-string ] Synt ax Description Command Default s If port-string is not specified, default speed settings for all ports will [...]

  • Page 279

    Port Configuration Command Set Setting Speed and Dupl ex Mode Matrix NSA Series Configuration Guide 4-43 4.3.4.2 set port speed Use this command to set the defau lt speed of one or more ports. Th is setting only takes effect on ports that have auto-negotiation disabled. set port speed port-string { 10 | 100 | 1000 } Synt ax Description Command Defa[...]

  • Page 280

    Port Configuration Command Set Setting Speed and Duplex Mode 4-44 Matrix NSA Series Configuration Guide 4.3.4.3 show port duplex Use this command to display th e default duplex setting (half or full) for one or more ports. show port duplex [ port-string ] Synt ax Description Command Default s If port-string is not specified, default duplex setti ng[...]

  • Page 281

    Port Configuration Command Set Setting Speed and Dupl ex Mode Matrix NSA Series Configuration Guide 4-45 4.3.4.4 set port duplex Use this command to set the default d uplex type for one or more ports. set port duplex port-string { full | half } Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Examp[...]

  • Page 282

    Port Configuration Command Set Enabling / Disabl ing Jumbo Frame Supp ort 4-46 Matrix NSA Series Configuration Guide 4.3.5 Enabling / Disabli ng Jumbo Frame Support Purpose T o review , enable, and disable jumb o frame support on one or mo re ports. This all ows Gigabit Ethernet ports to transmit frames up to 10 KB in size. Commands The commands us[...]

  • Page 283

    Port Configuration Command Set Enabling / Disabling Jumbo F ra m e Support Matrix NSA Series Configuration Guide 4-47 4.3.5.1 show port jumbo Use this command to display the status of jumb o frame sup port and maximum transmission uni ts (MTU) on one or more ports. show port jumbo [ port-string ] Synt ax Description Command Default s If port-string[...]

  • Page 284

    Port Configuration Command Set Enabling / Disabl ing Jumbo Frame Supp ort 4-48 Matrix NSA Series Configuration Guide 4.3.5.2 set port jumbo Use this command to enable or disa ble jumbo frame supp ort on one or more ports. set port jumbo { enable | disable } [ port-string ] Synt ax Description Command Default s If port-string is not specified, jumbo[...]

  • Page 285

    Port Configuration Command Set Enabling / Disabling Jumbo F ra m e Support Matrix NSA Series Configuration Guide 4-49 4.3.5.3 clear p ort jumbo Use this command to reset jumb o frame support status to enabled on one or more ports. clear port jumbo [ port-string ] Synt ax Description Command Default s If port-string is not specified, jumbo frame sup[...]

  • Page 286

    Port Configuration Command Set Setting Auto-Negotiation an d Advertised Abil ity 4-50 Matrix NSA Series Configuration Guide 4.3.6 Setting Auto-Negotiati on and Advertised Ability Purpose T o review , disable or enable auto-negotiation, and to review o r set a port’ s advertised mode of operation. During auto-negotiation and adverti sed ability , [...]

  • Page 287

    Port Configuration Command Set Setting Auto -Negotiation and Advertised Ability Matrix NSA Series Configuration Guide 4-51 4.3.6.1 show port negotiation Use this command to display the status of auto-negotiation for one or more ports. show port negotiation [ port-string ] Synt ax Description Command Default s If port-string is not specified, auto-n[...]

  • Page 288

    Port Configuration Command Set Setting Auto-Negotiation an d Advertised Abil ity 4-52 Matrix NSA Series Configuration Guide 4.3.6.2 set port negotiation Use this command to ena ble or disable auto-negotiation on one or more ports. set port negotiation port-stri ng { enable | disab le } Synt ax Description Command Default s None. Command T ype Switc[...]

  • Page 289

    Port Configuration Command Set Setting Auto -Negotiation and Advertised Ability Matrix NSA Series Configuration Guide 4-53 4.3.6.3 show port mdix Use this command to display the MDI/MDIX mode on one or more ports. This function detects an d adapts to straight through (MDI) or c ross - over (MDIX) Ethernet cablin g on switch ports. show port mdix [ [...]

  • Page 290

    Port Configuration Command Set Setting Auto-Negotiation an d Advertised Abil ity 4-54 Matrix NSA Series Configuration Guide 4.3.6.4 set port mdix Use this command to set MDI/MDIX mode on one or more ports. set port mdix [ port-string ] { auto | mdi | mdix } Synt ax Description Command Default s If port-string is not specified, mode will be set for [...]

  • Page 291

    Port Configuration Command Set Setting Auto -Negotiation and Advertised Ability Matrix NSA Series Configuration Guide 4-55 4.3.6.5 clear p ort mdix Use this command to reset MDIX mode to the default sett ing of auto on one or more ports. clear port mdix [ port-string ] Synt ax Description Command Default s If port-string is not specified, mode will[...]

  • Page 292

    Port Configuration Command Set Setting Auto-Negotiation an d Advertised Abil ity 4-56 Matrix NSA Series Configuration Guide 4.3.6.6 show port advertise Use this command to display the adve rtised ability on one or more ports. show port advertise [ port-string ] Synt ax Description Command Default s If port-string is not specified, advertised ab ili[...]

  • Page 293

    Port Configuration Command Set Setting Auto -Negotiation and Advertised Ability Matrix NSA Series Configuration Guide 4-57 T able 4-3 show port advertis e Output Det ails Output What It Displays... capability Whether or not the port is capable of operating in the following modes: • 10t - 10BASE-T half duplex mode • 10tfd - 10BASE-T full duplex [...]

  • Page 294

    Port Configuration Command Set Setting Auto-Negotiation an d Advertised Abil ity 4-58 Matrix NSA Series Configuration Guide 4.3.6.7 set port advertise Use this command to enable or di sable and to configure the adverti sed ability on one or more ports. set port advertise port-string [ 10t ] [ 10tfd ] [ 100tx ] [ 100txfd ] [ 1000x ] [ 1000xfd ] [ 10[...]

  • Page 295

    Port Configuration Command Set Setting Auto -Negotiation and Advertised Ability Matrix NSA Series Configuration Guide 4-59 Command Mode Read-W rite. Example This example shows how to set fe.3.4 to advertise 100BASE-TX full dupl ex operation: Matrix(rw)-> set port adve rtise fe.3.4 100txfd[...]

  • Page 296

    Port Configuration Command Set Setting Auto-Negotiation an d Advertised Abil ity 4-60 Matrix NSA Series Configuration Guide 4.3.6.8 clear port advertise Use this command to reset advertised ability to the default setting on one or more ports. clear port advertise port-string [ 10t | 10tfd | 100tx | 100txfd | 1000x | 10 00txfd | 1000t | 1000tfd | pa[...]

  • Page 297

    Port Configuration Command Set Setting Auto -Negotiation and Advertised Ability Matrix NSA Series Configuration Guide 4-61 Command Default s If not specified, all modes of ad vertised ability will be cleared. Command T ype Switch command. Command Mode Read-W rite. Example This example shows how to re set all advertised ability to default settings o[...]

  • Page 298

    Port Configuration Command Set Setting Flow Control 4-62 Matrix NSA Series Configuration Guide 4.3.7 Setting Flow Control Purpose T o review , enable or disable port flow control. Flow control is used to manage the transmission between two devices as sp ecified by IEEE 802.3x to prevent receiving po rts from being overwhelmed by frames from transmi[...]

  • Page 299

    Port Configuration Command Set Setting Flow Control Matrix NSA Series Configuration Guide 4-63 4.3.7.1 show port flowcontrol Use this command to display the flow control state for one or more ports. show port flowcontrol [ port-string ] Synt ax Description Command Default s If port-string is not specified, flow control information for all ports wil[...]

  • Page 300

    Port Configuration Command Set Setting Flow Control 4-64 Matrix NSA Series Configuration Guide TX Oper Whether or not the port is operationally enabled or disabled for sending flow control frames. RX Admin Whether or not the port is administratively enabled or disabled for acknowledging recei ved flow control frames. RX Oper Whether or not th e por[...]

  • Page 301

    Port Configuration Command Set Setting Flow Control Matrix NSA Series Configuration Guide 4-65 4.3.7.2 set port flowcontrol Use this command to enable or disable fl ow control settings for one or more ports. set port flowcontrol port-string { r eceive | se nd | both }{ enable | disable } Synt ax Description Command Default s None. Command T ype Swi[...]

  • Page 302

    Port Configuration Command Set Configuring Link T raps and Link Flap Detection 4-66 Matrix NSA Series Configuration Guide 4.3.8 Configuring Link T rap s and Link Flap Detection Purpose T o disable or re -enable link traps and to configure the link flapping detection function. By default, all ports are enabled to send SNMP trap mes sages indica ting[...]

  • Page 303

    Port Configuration Command Set Configuring Link T ra ps and Link Flap Dete ctio n Matrix NSA Series Configuration Guide 4-67 4.3.8.1 show port trap Use this command to display whether the port is enabled for generating an SNMP trap message if its link state changes. show port trap [ port-string ] Synt ax Description Command Default s If port-string[...]

  • Page 304

    Port Configuration Command Set Configuring Link T raps and Link Flap Detection 4-68 Matrix NSA Series Configuration Guide 4.3.8.2 set port trap Use this command to enable or disable ports for sending SNMP tr ap messages when thei r link status changes. set port trap port-string { enable | disable } Synt ax Description Command Default s None. Comman[...]

  • Page 305

    Port Configuration Command Set Configuring Link T ra ps and Link Flap Dete ctio n Matrix NSA Series Configuration Guide 4-69 4.3.8.3 show linkflap Use this command to display link flap det ection state and config uration information. show linkflap { globalstate | portstate | parameters | metrics | portsupported | actsupported | maximum | downports [...]

  • Page 306

    Port Configuration Command Set Configuring Link T raps and Link Flap Detection 4-70 Matrix NSA Series Configuration Guide Command Default s • If not specified, information about all link flap detection settings will be displayed. • If port-string is not specified, information for all ports will be displayed. Command T ype Switch command. Comman[...]

  • Page 307

    Port Configuration Command Set Configuring Link T ra ps and Link Flap Dete ctio n Matrix NSA Series Configuration Guide 4-71 Ta b l e 4 - 5 provides an explanation of the show linkflap parameters command output. This example shows how to display the link flap metrics table : Ta b l e 4 - 6 provides an exp l an at ion of the sh ow linkfl ap metrics [...]

  • Page 308

    Port Configuration Command Set Configuring Link T raps and Link Flap Detection 4-72 Matrix NSA Series Configuration Guide T imeElapsed T ime (in seconds) since the last link down event. V iolations Number of link flap viola tions on listed po rts si nce system start. T able 4-6 show linkflap metrics Output Det ails (Continued) Output What It Displa[...]

  • Page 309

    Port Configuration Command Set Configuring Link T ra ps and Link Flap Dete ctio n Matrix NSA Series Configuration Guide 4-73 4.3.8.4 set linkflap globalstate Use this command to globally enable or disable the link flap detection fu nction. By default, the function is disable d globally and on all po rts. If disabled g lobally after per-port setting[...]

  • Page 310

    Port Configuration Command Set Configuring Link T raps and Link Flap Detection 4-74 Matrix NSA Series Configuration Guide 4.3.8.5 set linkflap Use this command to enable or disable lin k flap monitoring on one or more ports. set linkflap portstate { disable | enable } [ port-string ] Synt ax Description Command Default s If port-string is not speci[...]

  • Page 311

    Port Configuration Command Set Configuring Link T ra ps and Link Flap Dete ctio n Matrix NSA Series Configuration Guide 4-75 4.3.8.6 set linkflap interval Use this command to set the time interval (in seconds) for accumulatin g link down transitions. set linkflap interval port-string interval_value Synt ax Description Command Default s None. Comman[...]

  • Page 312

    Port Configuration Command Set Configuring Link T raps and Link Flap Detection 4-76 Matrix NSA Series Configuration Guide 4.3.8.7 set linkflap action Use this command to set reactions to a link flap violation. set linkflap action port-string { disableI nterface | gensyslo gentry | ge ntrap | all } Synt ax Description Command Default s None. Command[...]

  • Page 313

    Port Configuration Command Set Configuring Link T ra ps and Link Flap Dete ctio n Matrix NSA Series Configuration Guide 4-77 4.3.8.8 clear linkflap action Use this command to clear reac tions to a link flap violation. clear linkflap action [ port-string } { disableInterface | gensyslogentry | gentrap | all } Synt ax Description Command Default s If[...]

  • Page 314

    Port Configuration Command Set Configuring Link T raps and Link Flap Detection 4-78 Matrix NSA Series Configuration Guide 4.3.8.9 set linkflap threshold Use this command to set the link flap action trigger count. set linkflap threshold port-string thr eshold_value Synt ax Description Command Default s None. Command T ype Switch command. Command Mod[...]

  • Page 315

    Port Configuration Command Set Configuring Link T ra ps and Link Flap Dete ctio n Matrix NSA Series Configuration Guide 4-79 4.3.8.10 set linkflap downtime Use this command to set the time interval (in seconds) one or mo re ports will be held down after a link flap violation. set linkflap downtime port-string downtime_value Synt ax Description Comm[...]

  • Page 316

    Port Configuration Command Set Configuring Link T raps and Link Flap Detection 4-80 Matrix NSA Series Configuration Guide 4.3.8.1 1 clear linkflap down Use this command to toggle link fl ap disabled ports to operational. clear linkflap down [ port-string ] Synt ax Description Command Default s If port-string is not specified, all ports di sabled by[...]

  • Page 317

    Port Configuration Command Set Configuring Link T ra ps and Link Flap Dete ctio n Matrix NSA Series Configuration Guide 4-81 4.3.8.12 clear linkflap Use this command to clear all link flap options and / or statistics on one or more ports. clear linkflap { all | stats [ port-string ] | parameter port-string { threshold | interval | downtime | all } [...]

  • Page 318

    Port Configuration Command Set Configuring Broadcast Suppressio n 4-82 Matrix NSA Series Configuration Guide 4.3.9 Configuring Broa dcast Suppression Purpose T o review , disable or set the broadcast thresholds on one or more ports. This limits the amount of received broadcast frames that the specified port will be allowed to switch out to other po[...]

  • Page 319

    Port Configuration Command Set Configuring Broadcast Suppression Matrix NSA Series Configuration Guide 4-83 4.3.9.1 show port broadcast Use this command to disp lay port broadcast suppression information for one or more ports. show port broadcast [ port-string ] Synt ax Description Command Default s If port-string is not specified, broadcast stat u[...]

  • Page 320

    Port Configuration Command Set Configuring Broadcast Suppressio n 4-84 Matrix NSA Series Configuration Guide Peak Rate (pkts/s) Peak rate of broadcast transmission received on this port in packets per second. Peak Rate T ime (ddd:hh:mm:ss) T ime (in day , hours, minutes and seconds) the peak rate was reached on this port. T able 4-7 show port broad[...]

  • Page 321

    Port Configuration Command Set Configuring Broadcast Suppression Matrix NSA Series Configuration Guide 4-85 4.3.9.2 set port broadcast Use this command to set the broadcast suppression limit, in packets per second, on one or more ports. This sets a threshold on the broadcast traf fic that is received and sw itched out to other ports. set port broad[...]

  • Page 322

    Port Configuration Command Set Configuring Broadcast Suppressio n 4-86 Matrix NSA Series Configuration Guide 4.3.9.3 clear port broadcast Use this command to reset the broadcast threshold an d/or clear the peak ra te and peak time values on one or switch more ports. clear port broadcast port-string [ threshold ] [ peak ] Synt ax Description Command[...]

  • Page 323

    Configuring Port Mirroring Supported Mirrors Matrix NSA Series Configuration Guide 4-87 4.4 CONFIGURING PORT MIRRORING The Matrix device allows you to mirror (or redirect) the traffic be ing switch ed on a po rt or VL AN for the purposes of network traffic analysis and connection assurance. When port mirroring is enabled, one port becomes a monitor[...]

  • Page 324

    Configuring Port Mirroring IDS Mirroring Considerations 4-88 Matrix NSA Series Configuration Guide 4.4.2 IDS Mirro ring Considerations An IDS mirror is a one-to-many port mirror that has been designed for use with an Intrusion Detection System. The following c onsiderations must be t aken in to account when configuring IDS mirroring on the Matrix d[...]

  • Page 325

    Configuring Port Mirroring Setting Port Mirroring Matrix NSA Series Configuration Guide 4-89 4.4.4 Setting Port Mirroring Purpose T o review and configure port mirroring on the device. Commands The comm ands used to review an d configure p ort mirroring are listed below and described in the associated section as show n. • show port mirroring ( Se[...]

  • Page 326

    Configuring Port Mirroring Setting Port Mirroring 4-90 Matrix NSA Series Configuration Guide 4.4.4.1 show port mirroring Use this command to display the source and tar g et ports for mirroring, and whether mirroring is currently enabled or dis able d for those ports. show port mirroring Synt ax Description None. Command Default s None. Command T yp[...]

  • Page 327

    Configuring Port Mirroring Setting Port Mirroring Matrix NSA Series Configuration Guide 4-91 4.4.4.2 set port mirroring Use this command to create a ne w mirroring relationship or to en able or disable an existing mirroring relationshi p between two ports. set port mirroring { create | disable | enable } | igmp-mcast { enable | disable } sour ce de[...]

  • Page 328

    Configuring Port Mirroring Setting Port Mirroring 4-92 Matrix NSA Series Configuration Guide Example This example shows how to enable port mirroring of transmitted and received frames with fe.1.4 as the source port and fe.1.1 1 as the target port: Matrix(rw)-> set port mirroring enable fe.1.4 fe.1.11 both[...]

  • Page 329

    Configuring Port Mirroring Setting Port Mirroring Matrix NSA Series Configuration Guide 4-93 4.4.4.3 clear p ort mirroring Use this command to clear a port mirroring relationship. clear port mirroring { igmp-mcast | source destination } Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example This [...]

  • Page 330

    Configuring LACP LACP Operation 4-94 Matrix NSA Series Configuration Guide 4.5 CONFIGURING LACP Using multiple links simultaneously to increase bandw idth is a desirable switch feature, which can be accomplished if both sides agree on a set of ports that are being used as a Link Aggregation Group (LAG). Once a LAG is formed from selected ports, pro[...]

  • Page 331

    Configuring LACP LACP T erminology Matrix NSA Series Configuration Guide 4-95 The operation o f LACP invo lves the following activi ties: • Checking th at candidate links can actually be a ggregated. • Controlling the addition of a link to a LAG , and the creation of the group if necessary . • Monitoring the status of aggregated links to ensu[...]

  • Page 332

    Configuring LACP Matrix Series Usa ge Consideratio ns 4-96 Matrix NSA Series Configuration Guide 4.5.3 Matrix Series Usage Considerations In normal usage (and typical impl ementations) there is no need to modify any of th e default LACP parameters on the Matrix Series device. The defa ult values will result in the maximum number of aggregations pos[...]

  • Page 333

    Configuring LACP Matrix Series Usage Considerations Matrix NSA Series Configuration Guide 4-97 LACP uses a system priority value to build a LAG ID, whic h de termines aggregation precedenc e. If there are two partner devices competing for th e same aggregator , LACP compares the LAG IDs for each grouping of ports. The LAG with the lower LAG ID is g[...]

  • Page 334

    Configuring LACP Configuring Link Aggreg ation 4-98 Matrix NSA Series Configuration Guide 4.5.4 Configuring Link Aggregation Purpose T o di sable and re -enable the Link Ag gregation Control Protocol (LACP), to display an d configure LACP settings for one or more aggregator ports, and to display and config ure the LACP settings for underlying phys [...]

  • Page 335

    Configuring LACP Configuring Link Aggrega tion Matrix NSA Series Configuration Guide 4-99 • clear lacp outportAlgorithm ( Section 4.5.4.20 )[...]

  • Page 336

    Configuring LACP Configuring Link Aggreg ation 4-100 Matrix NSA Series Configuration Guide 4.5.4.1 show lacp Use this command to disp lay the global LACP enable state, or to display informa tion abou t one or more aggregator ports. Each Matr ix Series module provides virtua l link aggregator ports, which are designated in the CLI as lag.0.1 through[...]

  • Page 337

    Configuring LACP Configuring Link Aggrega tion Matrix NSA Series C onfiguration Guide 4 -101 T able 4-9 show lacp Output Det ails Output What It Displays... Aggregator LAG port designation. Each Matrix Series module provides 48 virtual link aggrega tor ports, which are de signated in the CLI as lag.0.1 throug h lag.0.48 . Once underlying physical p[...]

  • Page 338

    Configuring LACP Configuring Link Aggreg ation 4-102 Matrix NSA Series Configuration Guide 4.5.4.2 set lacp Use this command to disable or enable the Li nk Aggregation Control Pro tocol (LACP) on the device. LACP is enabled by default. set lacp { disable | enable } Synt ax Description Command Default s None. Command T ype Switch command. Command Mo[...]

  • Page 339

    Configuring LACP Configuring Link Aggrega tion Matrix NSA Series C onfiguration Guide 4 -103 4.5.4.3 clear l acp state Use this command to reset LACP to the default state of enabled. clear lacp state Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example This example shows how to reset LACP[...]

  • Page 340

    Configuring LACP Configuring Link Aggreg ation 4-104 Matrix NSA Series Configuration Guide 4.5.4.4 set lacp asyspri Use this command to set the LACP system priority . LACP uses this value to determine aggregation precedence. If there are two pa rtner devices comp eting for the same aggreg ator , LACP compares the LAG IDs for each grouping of po rts[...]

  • Page 341

    Configuring LACP Configuring Link Aggrega tion Matrix NSA Series C onfiguration Guide 4 -105 4.5.4.5 set lacp aadminkey Use this command to set the administratively assign ed key for one or more aggregator ports. LACP will use this value to form an oper key . Only un derlying physical ports wi th oper keys matching those of their aggregators will b[...]

  • Page 342

    Configuring LACP Configuring Link Aggreg ation 4-106 Matrix NSA Series Configuration Guide 4.5.4.6 clear lacp Use this command to clear LACP syst em priority or admin key settings. clear lacp {[ asyspri] [ aadminkey port-string ]} Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example This exampl[...]

  • Page 343

    Configuring LACP Configuring Link Aggrega tion Matrix NSA Series C onfiguration Guide 4 -107 4.5.4.7 set lacp st atic Use this command to assign one or more underlyi ng physical ports to a Link Aggregatio n Gro up (LAG). set lacp static lagportstring [ key ] port-string Synt ax Description Command Default s If not specified, a key will be assigned [...]

  • Page 344

    Configuring LACP Configuring Link Aggreg ation 4-108 Matrix NSA Series Configuration Guide Example This example shows how to add port fe.1 .6 to the LAG of agg regator port 48: Matrix(rw)-> set lacp static lag .0. 48 fe.1.6[...]

  • Page 345

    Configuring LACP Configuring Link Aggrega tion Matrix NSA Series C onfiguration Guide 4 -109 4.5.4.8 clear l acp static Use this command to remove specific ports from a Link Aggregation Group. clear lacp static lagportstring port-string Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example This [...]

  • Page 346

    Configuring LACP Configuring Link Aggreg ation 4-1 10 Matrix NSA Series Configuration Guide 4.5.4.9 show lacp singleportlag Use this command to display the stat us of the single port LAG function. show lacp singleportlag Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-Only . Example This example sho[...]

  • Page 347

    Configuring LACP Configuring Link Aggrega tion Matrix NSA Series Configuration Guide 4-1 1 1 4.5.4.10 set singlepo rtlag Use this command to enable or disable the form ation of single port LAGs. When enabled, this maintains LAGs when only one port is rece iving protoc ol transmissions from a partner . set lacp singleportlag { enable | disable } Syn[...]

  • Page 348

    Configuring LACP Configuring Link Aggreg ation 4-1 12 Matrix NSA Series Configuration Guide 4.5.4.1 1 clear si ngleportlag Use this command to reset the single port LAG function back to the default state of disabled. clear lacp singleportlag Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Ex[...]

  • Page 349

    Configuring LACP Configuring Link Aggrega tion Matrix NSA Series Configuration Guide 4-1 13 4.5.4.12 show port lacp Use this command to display link aggregation information for one or more underlying physical ports. show port lacp port port-string {[ status { detail | sum mary }] | [ counters ]} [ sort { port | lag }] Synt ax Description Command De[...]

  • Page 350

    Configuring LACP Configuring Link Aggreg ation 4-1 14 Matrix NSA Series Configuration Guide Examples This example shows how to display detailed LACP status information f or port fe.1.12: This example shows how to display summarized LACP status informa tion for port fe.1.12: Matrix(rw)-> show port lacp por t fe.1.12 status detail Port Instance: f[...]

  • Page 351

    Configuring LACP Configuring Link Aggrega tion Matrix NSA Series Configuration Guide 4-1 15 This example shows how to display LACP counters for port fe.1.12: Matrix(rw)-> show port lac p port fe.1.12 counters Port Instance: fe.1.12 LACPDUsRx: 0 MarkerPDUsRX: 0 LACPDUsTx: 0 MarkerPDUsTx: 0 IllegalRx: 0 MarkerResponsePDUsRx: 0 UnknownRx: 0 MarkerR[...]

  • Page 352

    Configuring LACP Configuring Link Aggreg ation 4-1 16 Matrix NSA Series Configuration Guide 4.5.4.13 set p ort lacp Use this command to set link aggr egation parameters for one or more ports. These settings will determine the specified underlying physical ports’ ability to join a LAG , and their administrative state once aggregated. set port lacp[...]

  • Page 353

    Configuring LACP Configuring Link Aggrega tion Matrix NSA Series Configuration Guide 4-1 17 asyspri asyspri Sets the port’ s actor system priority . The LACP implementation on the Matrix Series device uses this value to determine aggregation precedence when there are two devices competing for the same aggregator . V alid values are 0 - 65535 , wi[...]

  • Page 354

    Configuring LACP Configuring Link Aggreg ation 4-1 18 Matrix NSA Series Configuration Guide Command Default s • At least one parameter must be entered per port-string. • If enable or disabl e are not specified, port(s) w ill be enabled with the LACP parameters entered. Command T ype Switch command. Command Mode Read-W rite. Example This example[...]

  • Page 355

    Configuring LACP Configuring Link Aggrega tion Matrix NSA Series Configuration Guide 4-1 19 4.5.4.14 clear port lacp Use this command to clear link aggreg ation settings for one or more ports. clear port lacp port port-string {[ aadminkey ] [ ap ortpri ] [ asyspri ] [ aadminstate { lacpactive | lacptimeout | lacpagg | lacpsync | lacpcollec t | lacp[...]

  • Page 356

    Configuring LACP Configuring Link Aggreg ation 4-120 Matrix NSA Series Configuration Guide Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example This example shows how to clear all link aggregation parameters for port ge.3.16: padminstate lacpactive | lacptimeout | lacpagg | lacpsync | lacpcollect | lacpdist | lacp[...]

  • Page 357

    Configuring LACP Configuring Link Aggrega tion Matrix NSA Series C onfiguration Guide 4 -121 4.5.4.15 show lacp flowRegeneration Use this command to display th e LACP flow regeneration st ate. show lacp flowR egeneration Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-Only . Example This example sho[...]

  • Page 358

    Configuring LACP Configuring Link Aggreg ation 4-122 Matrix NSA Series Configuration Guide 4.5.4.16 set lacp flowRegeneration Use this command to enab le or disable LACP flow regeneration. When en abled and a ne w port joins a link aggregation group (LAG), LACP will redistribute all existing flows over the LAG . It will also attempt to load balance[...]

  • Page 359

    Configuring LACP Configuring Link Aggrega tion Matrix NSA Series C onfiguration Guide 4 -123 4.5.4.17 clear lacp flowRegeneration Use this command to reset LACP flow rege neration to its default state (disabled). clear lacp flowRegeneration Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Exa[...]

  • Page 360

    Configuring LACP Configuring Link Aggreg ation 4-124 Matrix NSA Series Configuration Guide 4.5.4.18 show lacp outportAlgorithm Use this command to display the current LACP outport algorithm. show lacp outportAlgorithm Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-Only . Example This example shows [...]

  • Page 361

    Configuring LACP Configuring Link Aggrega tion Matrix NSA Series C onfiguration Guide 4 -125 4.5.4.19 set lacp outportAlgorithm Use this command to set the algorithm L ACP will use for outport determination. set lacp outportAlgorithm {d ip-sip | da-sa | round-robin} Synt ax Description Command Default s None. Command T ype Switch command. Command M[...]

  • Page 362

    Configuring LACP Configuring Link Aggreg ation 4-126 Matrix NSA Series Configuration Guide 4.5.4.20 clear lacp outportAlgorithm Use this command to reset LACP to DI P-SIP , its de fault outport algorithm. clear lacp outportAlgorithm Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example Thi[...]

  • Page 363

    Matrix NSA Series Configu ration Guide 5-1 5 SNMP Configuration This chapter describes the Simple Network Mana gement Protoc ol (SNMP) set of command s and how to use them. 5.1 SNMP CONFIGURATION SUMMARY SNMP is an application-layer protocol that f acilitates the exchange of management information between network device s. SNMP enables network admi[...]

  • Page 364

    SNMP Configuration Summa ry SNMPv3 5-2 Matrix NSA Series Configuration Guide Does not apply to MA TRIX E7. 5.1.2 SNMPv3 SNMPv3 is an interoperable stan dards-based protocol tha t provid es secure access to de vices by authenticating and encrypting frames over the network. The adva nced security feat ures provided in SNMPv3 are as follows: • Messa[...]

  • Page 365

    SNMP Configuration Summary Using SNMP Contexts to Access Sp ecific MIBs or Routing Modu les Matrix NSA Series Configuration Gui de 5-3 5.1.4 Using SNMP Context s to Access Specific MIBs or Routing Modules By default, when operating from the switch CLI, Matrix Series devices allow access to all SNMP MIBs or contexts. A context is a collection of MI [...]

  • Page 366

    SNMP Configuration Summa ry Using SNMP Contexts to Access Specific MIBs or Ro uting Modules 5-4 Matrix NSA Series Configuration Guide All SNMP contexts known to the de vice ca n be di splayed us ing the show snmp context command as described in Section 5.3.4.2 . Examples This example permits the “powergroup” to manage all MIBs via SNMPv3: This [...]

  • Page 367

    Process Overview: SNMP Co nfiguration Reviewing SNMP St a tistics Matrix NSA Series Configuration Gui de 5-5 5.2 PROCESS OVERVIEW : SNMP CONFIGURATION Use the following steps as a guide to configuring SNMP on the devic e: 1. Reviewing SNMP statistics ( Section 5.3.1 ) 2. Configuring SNMP users, groups and communities ( Section 5.3.2 ) 3. Configurin[...]

  • Page 368

    SNMP Configuration Command Set Reviewing SNMP St a tistics 5-6 Matrix NSA Series Configuration Guide 5.3.1.1 show snmp engineid Use this command to display the SNMP local engine ID. This is the SNMP v3 engine’ s administratively unique identifier . show snmp engineid Synt ax Description None. Command Default s None. Command T ype Switch command. [...]

  • Page 369

    SNMP Configuration Command Set Reviewing SNMP St a tistics Matrix NSA Series Configuration Gui de 5-7 5.3.1.2 show snmp counters Use this command to display SNMP traf fic counter values. show snmp counters Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-Only . Example This example shows how to displ[...]

  • Page 370

    SNMP Configuration Command Set Reviewing SNMP St a tistics 5-8 Matrix NSA Series Configuration Guide Ta b l e 5 - 3 shows a detailed explanation of the co mmand output. snmpOutBadValues = 0 snmpOutGenErrs = 0 snmpOutGetRequests = 0 snmpOutGetNexts = 0 snmpOutSetRequests = 0 snmpOutGetResponses = 39660 1 snmpOutTraps = 0 snmpSilentDrops = 0 snmpProx[...]

  • Page 371

    SNMP Configuration Command Set Reviewing SNMP St a tistics Matrix NSA Series Configuration Gui de 5-9 snmpInASNParseErrs Number of ASN.1 (Abstract Syntax Notation) or BER (Bas ic Encoding R ule s) errors encountered by the SNMP entity when decoding received SNMP messages. snmpInTooBigs Number o f SNMP PDUs delivered to the SNMP protocol entity with[...]

  • Page 372

    SNMP Configuration Command Set Reviewing SNMP St a tistics 5-10 Matrix NSA Series Configuration Guide snmpInGetResponses Number of SN MP Get-Response PDUs a ccepted and processed by the SNMP protocol entity . snmpInTraps Number of SNMP T rap PDUs ac cepted and processed by the SNMP protocol entity . snmpOutTooBigs Number of SNMP PDUs generated by t[...]

  • Page 373

    SNMP Configuration Command Set Reviewing SNMP St a tistics Matrix NSA Series Configuration Guide 5-1 1 snmpProxyDrops Number of SNMP Get, Set, or Inform request error messages that were dropped because the reply was larger than the proxy tar g et’ s maximum message size. usmStatsUnsupporte dSec Levels Number of packets received by the SNMP engine[...]

  • Page 374

    SNMP Configuration Command Set Configuring SNMP Users, Groups and Communities 5-12 Matrix NSA Series Configuration Guide 5.3.2 Configuring SNMP Users, Group s and Communities Purpose T o review and configure SNMP users, groups an d v1 and v2 commun ities. These are defined as follows: • User — A person registered in SNMPv3 to access SNMP manage[...]

  • Page 375

    SNMP Configuration Command Set Configuring SNMP Users, Groups and Communities Matrix NSA Series Configuration Guide 5-13 5.3.2.1 sho w snmp user Use this command to display info rmation about SNMP users. These are people registered to access SNMP managemen t. show snmp user [ list ] | [ user ] | [ remote re m o t e ] [ volatile | nonvolatile | read[...]

  • Page 376

    SNMP Configuration Command Set Configuring SNMP Users, Groups and Communities 5-14 Matrix NSA Series Configuration Guide Examples This example shows how to di splay an SNMP user list: This example shows how to display in formation for the SNMP “guest” user: Ta b l e 5 - 4 shows a detailed explanation of the co mmand output. Matrix(rw)-> show[...]

  • Page 377

    SNMP Configuration Command Set Configuring SNMP Users, Groups and Communities Matrix NSA Series Configuration Guide 5-15 5.3.2.2 set snmp user Use this command to create a new SN MPv3 user . set snmp user user [ remote r emoteid ] [ authentication { md5 | sha }] [ authpasswor d ] [ privacy privpasswor d ] [ volatile | nonvolatile ] Synt ax Descript[...]

  • Page 378

    SNMP Configuration Command Set Configuring SNMP Users, Groups and Communities 5-16 Matrix NSA Series Configuration Guide Example This example shows how to create a new SNMP user named “netops ”. By default , this user will be registered on the local SNMP engine without authentication and encryption. Entries related to this user will be stored i[...]

  • Page 379

    SNMP Configuration Command Set Configuring SNMP Users, Groups and Communities Matrix NSA Series Configuration Guide 5-17 5.3.2.3 clear snmp user Use this command to remove a user from the SNMPv3 security-model list. clear snmp user user [ remote re m o t e ] Synt ax Description Command Default s If remote is not specified, the user will be removed [...]

  • Page 380

    SNMP Configuration Command Set Configuring SNMP Users, Groups and Communities 5-18 Matrix NSA Series Configuration Guide 5.3.2.4 show snmp group Use this command to display an SNMP group conf ig uration. An SNMP group i s a collection of SNMPv3 users who share the same access privileges . show snmp group [ groupname gr oupname ] [ user user ] [ sec[...]

  • Page 381

    SNMP Configuration Command Set Configuring SNMP Users, Groups and Communities Matrix NSA Series Configuration Guide 5-19 Example This example shows how to di splay SNMP group information: Ta b l e 5 - 5 shows a detailed explanatio n of the command output. Matrix(rw)-> show snmp group --- SNMP group information --- Security model = SNMPv1 Securit[...]

  • Page 382

    SNMP Configuration Command Set Configuring SNMP Users, Groups and Communities 5-20 Matrix NSA Series Configuration Guide 5.3.2.5 set snmp group Use this command to create an SN MP group. This associates SNMPv3 users to a group that shares common access privileges. set snmp group gr oupname user user security-model { v1 | v2c | usm } [ volatile | no[...]

  • Page 383

    SNMP Configuration Command Set Configuring SNMP Users, Groups and Communities Matrix NSA Series Configuration Guide 5-21 5.3.2.6 clear snmp group Use this command to clear SNMP group settings globally or fo r a specific SNMP group and user . clear snmp group gr oupname user [ security-model { v1 | v2c | usm }] Synt ax Description Command Default s [...]

  • Page 384

    SNMP Configuration Command Set Configuring SNMP Users, Groups and Communities 5-22 Matrix NSA Series Configuration Guide 5.3.2.7 show snmp community Use this command to display SNMP community names and status. In SNMPv1 and v2, community names act as passwor ds to remote managem ent. show snmp community [ name ] Synt ax Description Command Default [...]

  • Page 385

    SNMP Configuration Command Set Configuring SNMP Users, Groups and Communities Matrix NSA Series Configuration Guide 5-23 5.3.2.8 set snmp community Use this command to configur e an SNMP commun ity grou p. set snmp community community [ securityname securityname ] [ context context ] [ transport tran sport ] [ volatile | nonvolatile ] Synt ax Descr[...]

  • Page 386

    SNMP Configuration Command Set Configuring SNMP Users, Groups and Communities 5-24 Matrix NSA Series Configuration Guide Command Mode Read-W rite. Examples This example shows how to set an SNMP community name called “vip”: This example shows how to grant SNMP manageme nt privileges to “v ip ” community from routing module 1 when operating i[...]

  • Page 387

    SNMP Configuration Command Set Configuring SNMP Users, Groups and Communities Matrix NSA Series Configuration Guide 5-25 5.3.2.9 clear snmp community Use this command to delete an SNMP community name. clear snmp community name Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example This example sh[...]

  • Page 388

    SNMP Configuration Command Set Configuring SNMP Access Ri ghts 5-26 Matrix NSA Series Configuration Guide 5.3.3 Configuring SN MP Access Right s Purpose T o review and configure SN MP ac cess rights, assi gning viewing privileges and security levels to SNMP user group s. Commands The commands used to review and configure SNMP access are lis ted bel[...]

  • Page 389

    SNMP Configuration Command Set Configuring SNMP Access Rights Matrix NSA Series Configuration Guide 5-27 5.3.3.1 sho w snmp access Use this command to display access rights and secu rity levels configured for SNMP one or more groups. show snmp access [ gr oupname ] [security-model {v1 | v2c | usm} ] [noauthentication | authentication | privacy ] [ [...]

  • Page 390

    SNMP Configuration Command Set Configuring SNMP Access Ri ghts 5-28 Matrix NSA Series Configuration Guide Command Mode Read-Only . Example This example shows how to di splay SNMP access information: Ta b l e 5 - 6 shows a detailed explanation of the co mmand output. Matrix(rw)-> show snmp access Group = SystemAdmin Security model = USM Security [...]

  • Page 391

    SNMP Configuration Command Set Configuring SNMP Access Rights Matrix NSA Series Configuration Guide 5-29 Security level Security level applie d to this group. V alid levels are: • noAuthNoPrivacy ( no authentication required) • AuthNoPrivacy ( authentication required) • authPriv ( privacy -- most secure level) Read View Name of the view that [...]

  • Page 392

    SNMP Configuration Command Set Configuring SNMP Access Ri ghts 5-30 Matrix NSA Series Configuration Guide 5.3.3.2 set snmp access Use this command to set an SNMP access configuration. set snmp access gr oupn ame security-model { v1 | v2c | usm } [ noauthentication | authentication | privacy ] [ context context ] [ exact | prefix ] [ read re a d ] [[...]

  • Page 393

    SNMP Configuration Command Set Configuring SNMP Access Rights Matrix NSA Series Configuration Guide 5-31 Command Default s • If security level is not specified, no authentication will be applied. • If context is not specified, access will be enabled for the default context. If context is specified without a conte xt match, exact match will be a[...]

  • Page 394

    SNMP Configuration Command Set Configuring SNMP Access Ri ghts 5-32 Matrix NSA Series Configuration Guide 5.3.3.3 clear snmp access Use this command to clear the SNMP access entr y of a specific group, including its set SNMP security-model, and level of security . clear snmp access gr oupname security-model { v1 | v2c | usm } [ noauthentication | a[...]

  • Page 395

    SNMP Configuration Command Set Configuring SNMP MIB Views Matrix NSA Series Configuration Guide 5-33 5.3.4 Configuring SNMP MIB Vi ews Purpose T o review and configure SNMP MIB views. SNMP views map SNMP objects to access rights. Commands The commands used to review and configure SNMP MIB views are listed below and described in the associated secti[...]

  • Page 396

    SNMP Configuration Command Set Configuring SNMP MIB Views 5-34 Matrix NSA Series Configuration Guide 5.3.4.1 show snmp view Use this command to display the MIB configuration for SNMPv3 view-based access (V ACM). show snmp view [ viewname ] [ subtree oid-or-mibobject ] [ volatil e | nonvolatile | read-only ] Synt ax Description Command Default s If [...]

  • Page 397

    SNMP Configuration Command Set Configuring SNMP MIB Views Matrix NSA Series Configuration Guide 5-35 Example This example shows how to display SNMP MIB view configuration information: Ta b l e 5 - 7 provides an explanation of t he command output. For details on using the set snmp view command to assign variables, refer to Section 5.3.4.3 . Matrix(r[...]

  • Page 398

    SNMP Configuration Command Set Configuring SNMP MIB Views 5-36 Matrix NSA Series Configuration Guide 5.3.4.2 show snmp context Use this command to display the context list conf iguration for SNMP’ s view-based acces s control. An SNMP context is a collection of management information that can be accessed by an SNMP agent or entity . The default c[...]

  • Page 399

    SNMP Configuration Command Set Configuring SNMP MIB Views Matrix NSA Series Configuration Guide 5-37 5.3.4.3 set snmp view Use this command to set a MIB configur ation for SNMPv3 view-based access (V ACM). set snmp view viewname viewname subtree subtr ee [ mask mask ] [ included | excluded ] [ volatile | nonvolatile ] Synt ax Description Command De[...]

  • Page 400

    SNMP Configuration Command Set Configuring SNMP MIB Views 5-38 Matrix NSA Series Configuration Guide 5.3.4.4 clear snmp view Use this command to delete an SNMPv3 MIB view . clear snmp view viewname subtr ee Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example This example shows how to de lete S[...]

  • Page 401

    SNMP Configuration Command Set Configuring SNMP T arget Parameters Matrix NSA Series Configuration Guide 5-39 5.3.5 Configuring SNMP T arget Parameters Purpose T o review and configure SNMP tar get parame ters. This controls whe re and under what circumstances SNMP notifications will be sent. A t arget parameter entry can be bound to a tar get IP a[...]

  • Page 402

    SNMP Configuration Command Set Configuring SNMP T arget Parameters 5-40 Matrix NSA Series Configuration Guide 5.3.5.1 show snmp t a rgetp arams Use this command to display SNMP parameters used to generate a message to a target. show snmp targetparams [ tar getParams ] [ volatile | nonvolatile | read-only ] Synt ax Description Command Default s • [...]

  • Page 403

    SNMP Configuration Command Set Configuring SNMP T arget Parameters Matrix NSA Series Configuration Guide 5-41 Example This example shows how to display SN MP tar get parameters information: Ta b l e 5 - 8 shows a detailed explanatio n of the command output. Matrix(rw)-> show snmp targetparams --- SNMP TargetParams information --- Target Paramete[...]

  • Page 404

    SNMP Configuration Command Set Configuring SNMP T arget Parameters 5-42 Matrix NSA Series Configuration Guide S torage type Whether entry is stored in volatile , non volatile or read-only memory . Row status Status of this entry: active , notInService, or notReady . T a ble 5- 8 sho w snmp t a rgetparams Output Details (Contin ued) Output What It D[...]

  • Page 405

    SNMP Configuration Command Set Configuring SNMP T arget Parameters Matrix NSA Series Configuration Guide 5-43 5.3.5.2 set snmp t argetp arams Use this command to set SNMP tar get parameters , a named set of security/authorization criteria used to generate a message to a target. set snmp targetparams paramsname user user security-model { v1 | v2c | [...]

  • Page 406

    SNMP Configuration Command Set Configuring SNMP T arget Parameters 5-44 Matrix NSA Series Configuration Guide Example This example shows how to set SNMP target pa rameters named “v1ExampleParams” for a user named “fred” us ing version 3 security mode l and message processing, and authentication : Matrix(rw)-> set snmp targetparams v1Exam[...]

  • Page 407

    SNMP Configuration Command Set Configuring SNMP T arget Parameters Matrix NSA Series Configuration Guide 5-45 5.3.5.3 clear snmp t argetpa rams Use this command to clear the SNMP tar get paramete r config uratio n. clear snmp targetparams tar getParams Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rit[...]

  • Page 408

    SNMP Configuration Command Set Configuring SNMP T arget Addresses 5-46 Matrix NSA Series Configuration Guide 5.3.6 Configuring SNMP T arget Addresses Purpose T o review and configure SNMP target addresses which will receive SNMP notification messages. An address configur ation can be lin ked to optional SNMP transmit, or tar get, parameters (such a[...]

  • Page 409

    SNMP Configuration Command Set Configuring SNMP T arget Addresses Matrix NSA Series Configuration Guide 5-47 5.3.6.1 show snmp t arget addr Use this command to display SN MP tar get address information. show snmp targetaddr [ tar getAddr ] [ volatile | nonvolatile | read-only ] Synt ax Description Command Default s • If tar get Addr is not specif[...]

  • Page 410

    SNMP Configuration Command Set Configuring SNMP T arget Addresses 5-48 Matrix NSA Series Configuration Guide T a bl e 5- 9 sho w snm p target addr Outpu t Details Output What It Displays... Target Address Name Unique identifie r in the snmpT ar getAddressT able . Tag List T ags a loca tion to the tar get address as a place to send notifications. IP[...]

  • Page 411

    SNMP Configuration Command Set Configuring SNMP T arget Addresses Matrix NSA Series Configuration Guide 5-49 5.3.6.2 set snmp t arget addr Use this command to configure an SNMP tar get ad dress. The target address is a unique identifier and a specific IP address that will receive SN MP notification messages and determine which community strings wil[...]

  • Page 412

    SNMP Configuration Command Set Configuring SNMP T arget Addresses 5-50 Matrix NSA Series Configuration Guide Command Default s • If not specified, udpp ort will be set to 162 . • If not specified, mask will be set to 255.255.255.255 • If not specified, timeout will be set to 1500 . • If not specified, number of r etries will be set to 3 . ?[...]

  • Page 413

    SNMP Configuration Command Set Configuring SNMP T arget Addresses Matrix NSA Series Configuration Guide 5-51 5.3.6.3 clear snmp t argetaddr Use this command to delete an SNM P tar get addre ss entry . clear snmp targetaddr tar getAddr Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example This ex[...]

  • Page 414

    SNMP Configuration Command Set Configuring SNMP Notification Para meters 5-52 Matrix NSA Series Configuration Guide 5.3.7 Configuring SNMP Notification Parameters Purpose T o configure SNMP notification parameters and optional filters. Notifications are entities which handle the generation of SNMP v1 and v2 “traps ” or SNMP v3 “informs” mes[...]

  • Page 415

    SNMP Configuration Command Set Configuring SNMP Notifi cation Parameters Matrix NSA Series Configuration Guide 5-53 5.3.7.1 show snmp notify Use this command to display the SNMP notif y configurat ion, which determines which management tar gets will receive SNMP notifications. show snmp notify [ notify ] [ volatile | nonvolatile | read-only ] Synt [...]

  • Page 416

    SNMP Configuration Command Set Configuring SNMP Notification Para meters 5-54 Matrix NSA Series Configuration Guide Ta b l e 5 - 1 0 shows a detailed expla na tion of the comm an d output. T a ble 5- 10 sh ow snmp notify Output Deta ils Output What It Displays... Notify name A unique identifier us ed to index the SNMP notify table. Notify Tag Name [...]

  • Page 417

    SNMP Configuration Command Set Configuring SNMP Notifi cation Parameters Matrix NSA Series Configuration Guide 5-55 5.3.7.2 set snmp notify Use this command to set the SNMP notify configurat i on. This creates an entry in the SNMP notify table, which is used to select mana gement tar g ets who should receive notification messages. This command’ s[...]

  • Page 418

    SNMP Configuration Command Set Configuring SNMP Notification Para meters 5-56 Matrix NSA Series Configuration Guide 5.3.7.3 clear snmp notify Use this command to clear an SNMP notify configuration. clear snmp notify notify Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example This example shows [...]

  • Page 419

    SNMP Configuration Command Set Configuring SNMP Notifi cation Parameters Matrix NSA Series Configuration Guide 5-57 About SNMP Notify Filters Profiles indicating which tar gets should not receive SNMP notification messages are kept in the NotifyFilter table. If this table is empty , meaning that no filtering is associated with any SNMP targ et, the[...]

  • Page 420

    SNMP Configuration Command Set Configuring SNMP Notification Para meters 5-58 Matrix NSA Series Configuration Guide 5.3.7.4 show snmp notifyfilter Use this command to display SNMP notify filter informat ion, identifying which profiles will not receive SNMP notifications. show snmp notifyfilter [ pr ofile ] [subtree oid-or -mibobject ] [volatile | n[...]

  • Page 421

    SNMP Configuration Command Set Configuring SNMP Notifi cation Parameters Matrix NSA Series Configuration Guide 5-59 5.3.7.5 set snmp notifyfilter Use this command to create an SNMP notify filter configuration. This identifies which management targets should NOT receive notific ation messages, which is useful for fine-tuning the amount of SNMP traff[...]

  • Page 422

    SNMP Configuration Command Set Configuring SNMP Notification Para meters 5-60 Matrix NSA Series Configuration Guide 5.3.7.6 clear snmp notifyfilter Use this command to delete an SNMP notify filter configuration. clear snmp notifyfilter pr ofile subtree oid-or -mibobject Synt ax Description Command Default s None. Command T ype Switch command. Comma[...]

  • Page 423

    SNMP Configuration Command Set Configuring SNMP Notifi cation Parameters Matrix NSA Series Configuration Guide 5-61 5.3.7.7 show snmp notifyprofile Use this command to display SNMP notify profile information. Th is associates tar get parameters to an SNMP notify filter to determine who should not receive SNMP notifications. show snmp notifyprofile [...]

  • Page 424

    SNMP Configuration Command Set Configuring SNMP Notification Para meters 5-62 Matrix NSA Series Configuration Guide 5.3.7.8 set snmp notifyprofile Use this command to create an SNMP notify f ilter profile configuration. This associates a notification filter, created with the set snmp notifyfilter command ( Section 5 .3.7.5 ), to a set of SNMP targe[...]

  • Page 425

    SNMP Configuration Command Set Configuring SNMP Notifi cation Parameters Matrix NSA Series Configuration Guide 5-63 5.3.7.9 clear snmp notifyprofile Use this command to delete an SNM P notify profile configuratio n. clear snmp notifyprofile pr ofile target param tar g etparam Synt ax Description Command Default s None. Command T ype Switch command.[...]

  • Page 426

    SNMP Configuration Command Set Creating a Basic SNMP T rap Configuration 5-64 Matrix NSA Series Configuration Guide 5.3.8 Creating a Basic SN MP T rap Configuration T raps are notification messages sent by an SNMPv1 or v2 agent to a network management station, a console, or a terminal to indica te the occurrence of a significant event, such as when[...]

  • Page 427

    SNMP Configuration Command Set Creating a Basic SNMP T rap Configura tion Matrix NSA Series Configuration Guide 5-65 Example This example shows how to: • create an SNMP community called mgmt • configure a trap notification called TrapSink This trap notification will be sent with the communit y name mgmt to the workstation 192.168.190.8 0 (which[...]

  • Page 428

    SNMP Configuration Command Set Creating a Basic SNMP T rap Configuration 5-66 Matrix NSA Series Configuration Guide 4. Verifies that the v2ExampleParams description of how to step th rough the door is, in fact, there. The agent checks targetparams entries and determines this description was made with the set snmp targetparams command, which tells e[...]

  • Page 429

    Matrix NSA Series Configu ration Guide 6-1 6 Spanning T ree Configuration This chapter describes the Spanning T ree Config uration se t of commands and how to use them. 6.1 SP ANNING T REE CO NFIGURATION SUMMARY 6.1.1 Overview: Single, Rapid an d Multiple S panning T ree Protocols The IEEE 802.1D Spanning T ree Protocol (STP) resolves the problems [...]

  • Page 430

    Spanning T ree Configuration Summary Spanning T ree Fe atures 6-2 Matrix NSA Series Configuration Guide only if the forwarding link goe s do wn. MSTP assigns each VLAN present on the network to a particular Spanning T ree instance, allowing each switch port to be in a distinct state for each such instance: blocking for one Spanni ng T ree while for[...]

  • Page 431

    Spanning T ree Configuration Summary Loop Protect Matrix NSA Series Configuration Gui de 6-3 Both upstream and downstream facing ports are pr otected. When a root or alternate port loses its path to the root bridge due to a message age expi ration it takes on the role of designated port. It will not forward traffic until a BPDU is received. When a [...]

  • Page 432

    Spanning T ree Configuration Summary Process Overview: Spanning T ree Configuration 6-4 Matrix NSA Series Configuration Guide Message age expiration and the expiration of the Loop Protect timer are both Loop Protect events. A notice level syslog message is produced for each su ch event. T ra ps may be configured to report these events as well. A sy[...]

  • Page 433

    Spanning T ree Configuration Command Set Configuring Spanning T r ee Bridge Parameters Matrix NSA Series Configuration Gui de 6-5 6.2 SP ANNING T REE CONF IGURATION COMMAND SET 6.2.1 Configuring Sp anning T ree Bridge Parameters Purpose T o di spla y and set Spanning T ree bridge parame ters, including device priorities, hello time, maximum wait ti[...]

  • Page 434

    Spanning T ree Configuration Command Set Configuring Spanning T ree Brid ge Parameters 6-6 Matrix NSA Series Configuration Guide • set spantree mstcfgid ( Section 6.2.1.19 ) • clear spantree mstcfgid ( Section 6.2.1.20 ) • show spantree bridgeprioritymode ( Section 6.2.1.21 ) • set spantree bridgeprioritymode ( Section 6.2.1.22 ) • clear [...]

  • Page 435

    Spanning T ree Configuration Command Set Configuring Spanning T r ee Bridge Parameters Matrix NSA Series Configuration Gui de 6-7 • set spantree tctrapsuppress ( Section 6.2.1.46 ) • clear spantree tctrapsuppress ( Section 6.2.1.47 ) • show spantree txholdcount ( Section 6.2.1.48 ) • set spantree txholdcount ( Section 6.2.1.49 ) • clear s[...]

  • Page 436

    Spanning T ree Configuration Command Set Configuring Spanning T ree Brid ge Parameters 6-8 Matrix NSA Series Configuration Guide • clear spantree newroottrapenable ( Section 6.2.1.73 ) • clear spantree default ( Section 6.2.1.74 ) • show spantree debug ( Section 6.2.1.75 ) • clear spantree debug ( Section 6.2.1.76 )[...]

  • Page 437

    Spanning T ree Configuration Command Set Configuring Spanning T r ee Bridge Parameters Matrix NSA Series Configuration Gui de 6-9 6.2.1.1 show spantree st ats Use this command to display Spanning T ree information for one or more ports. show spantree stats [ port port-string ] [ sid sid ] [ active ] Synt ax Description Command Default s • If port[...]

  • Page 438

    Spanning T ree Configuration Command Set Configuring Spanning T ree Brid ge Parameters 6-10 Matrix NSA Series Configuration Guide Examples This example shows how to display the device’ s Spanning T ree configuration: Ta b l e 6 - 1 s hows a detailed explanation of command output. Matrix(rw)-> show spantree sta ts Spanning tree status - enabled[...]

  • Page 439

    Spanning T ree Configuration Command Set Configuring Spanning T r ee Bridge Parameters Matrix NSA Series Configuration Guide 6-1 1 Root Forward Delay Amount of time (in seconds) the root devi ce spends in listening or learn ing mode. Bridge ID MAC Address Unique bridge MAC address, recognized by all bridges in the network. Bridge ID Priority Bridge[...]

  • Page 440

    Spanning T ree Configuration Command Set Configuring Spanning T ree Brid ge Parameters 6-12 Matrix NSA Series Configuration Guide This example shows how to display port-specific Spanning T ree inform ation for port ge.1.1. Ta b l e 6 - 2 desc ribes the port-specific information displayed. Matrix(rw)-> show spantree sta ts port ge.1.1 Spanning tr[...]

  • Page 441

    Spanning T ree Configuration Command Set Configuring Spanning T r ee Bridge Parameters Matrix NSA Series Configuration Guide 6-13 Role Th e Spanning T ree role of the port. The port rol e is assigned b y the Spanning T ree protocol and determines the behavior of the port — eith er sending or receivin g BPDUs, and forwarding or blocking data traf [...]

  • Page 442

    Spanning T ree Configuration Command Set Configuring Spanning T ree Brid ge Parameters 6-14 Matrix NSA Series Configuration Guide 6.2.1.2 show sp antree versio n Use this command to display the current version of the Spanning Tree proto col running on the device. show spantree version Synt ax Description None. Command Default s None. Command T ype [...]

  • Page 443

    Spanning T ree Configuration Command Set Configuring Spanning T r ee Bridge Parameters Matrix NSA Series Configuration Guide 6-15 6.2.1.3 set sp antree version Use this command to set the version of the Span ning Tree protocol to MSTP (Multiple Spanning Tree Protocol), RSTP (Rapid Spanning Tree Protocol) or to STP 802.1D-compatible. set spantree ve[...]

  • Page 444

    Spanning T ree Configuration Command Set Configuring Spanning T ree Brid ge Parameters 6-16 Matrix NSA Series Configuration Guide 6.2.1.4 clear sp antree version Use this command to reset the Span ning T ree version to MSTP mode. clear spantree version Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read[...]

  • Page 445

    Spanning T ree Configuration Command Set Configuring Spanning T r ee Bridge Parameters Matrix NSA Series Configuration Guide 6-17 6.2.1.5 show spantree stpmode Use this command to display the Spanning T ree Protocol (STP) mode setting. show spantree st pmode Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mod[...]

  • Page 446

    Spanning T ree Configuration Command Set Configuring Spanning T ree Brid ge Parameters 6-18 Matrix NSA Series Configuration Guide 6.2.1.6 set sp an tree stpmode Use this command to globally enable or disable the Spanning T ree Protocol (STP) mode. set spantree stpmode { none | ieee8021 } Synt ax Description Command Default s None. Command T ype Swi[...]

  • Page 447

    Spanning T ree Configuration Command Set Configuring Spanning T r ee Bridge Parameters Matrix NSA Series Configuration Guide 6-19 6.2.1.7 clear spantree stpmode Use this command to reset the Sp anning T ree protocol mode to the default sett ing of IEEE802.1 . This re-enables Spanning T ree. clear spantree stpmode Synt ax Description None. Command D[...]

  • Page 448

    Spanning T ree Configuration Command Set Configuring Spanning T ree Brid ge Parameters 6-20 Matrix NSA Series Configuration Guide 6.2.1.8 show sp antree maxco nfigurablestps Use this command to display the setting for the maximum number of user configurable Spanning T ree instances. show spantree maxconfigurablestps Synt ax Description None. Comman[...]

  • Page 449

    Spanning T ree Configuration Command Set Configuring Spanning T r ee Bridge Parameters Matrix NSA Series Configuration Guide 6-21 6.2.1.9 set sp antree maxconfigu rablestp s Use this command to set the maximum number of user configurable Spanning T ree instances. set spantree maxconfigurablestps numstps Synt ax Description Command Default s None. C[...]

  • Page 450

    Spanning T ree Configuration Command Set Configuring Spanning T ree Brid ge Parameters 6-22 Matrix NSA Series Configuration Guide 6.2.1.10 clear sp antree maxconfigurablestp s Use this command to clear the setting for the maximu m number of user configurable Spanning T ree instances. clear spantree maxconfigurablestps Synt ax Description None. Comm[...]

  • Page 451

    Spanning T ree Configuration Command Set Configuring Spanning T r ee Bridge Parameters Matrix NSA Series Configuration Guide 6-23 6.2.1.1 1 show spantree mstilist Use this command to display a list of Multiple Sp anning T ree (MST) instan ces configured on the device. show spantree mstilist Synt ax Description None. Command Default s None. Command [...]

  • Page 452

    Spanning T ree Configuration Command Set Configuring Spanning T ree Brid ge Parameters 6-24 Matrix NSA Series Configuration Guide 6.2.1.12 set sp antree msti Use this command to create or delete a Multiple Spanning T ree instance. set spantree msti sid sid { create | delete } Synt ax Description Command Default s None. Command T ype Switch command.[...]

  • Page 453

    Spanning T ree Configuration Command Set Configuring Spanning T r ee Bridge Parameters Matrix NSA Series Configuration Guide 6-25 6.2.1.13 clear sp antree msti Use this command to delete one or mo re Multiple Spanning T ree instances. clear spantree msti sid Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read[...]

  • Page 454

    Spanning T ree Configuration Command Set Configuring Spanning T ree Brid ge Parameters 6-26 Matrix NSA Series Configuration Guide 6.2.1.14 show spantree mstmap Use this command to display the mapping of a f iltering database ID (FID) to a Spanning T rees. Since VLANs are mapped to FIDs, this shows to which SID a VLAN is mapped. show spantree mstmap[...]

  • Page 455

    Spanning T ree Configuration Command Set Configuring Spanning T r ee Bridge Parameters Matrix NSA Series Configuration Guide 6-27 6.2.1.15 set sp antree mstmap Use this command to map one or more fi ltering da tabase IDs (FIDs) to a SID. Since VLANs are mapped to FIDs, this essentially maps one or more VLAN IDs to a Spanning T ree (SID). set spantr[...]

  • Page 456

    Spanning T ree Configuration Command Set Configuring Spanning T ree Brid ge Parameters 6-28 Matrix NSA Series Configuration Guide 6.2.1.16 clear spantree mstmap Use this command to map a FID back to SID 0. clear spantree mstmap fid Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example This examp[...]

  • Page 457

    Spanning T ree Configuration Command Set Configuring Spanning T r ee Bridge Parameters Matrix NSA Series Configuration Guide 6-29 6.2.1.17 show sp antree vlanl ist Use this command to display the VLAN ID(s ) assigned to one or more Spanning T ree s. show spantree vlanlist [ vlan-list ] Synt ax Description Command Default s If not specified, SID ass[...]

  • Page 458

    Spanning T ree Configuration Command Set Configuring Spanning T ree Brid ge Parameters 6-30 Matrix NSA Series Configuration Guide 6.2.1.18 show spantree mstcfgid Use this command to display the MST configuration identifier elemen ts, including format selector , configuration name, revision level, and configuration digest. show spantree mstcfgid Syn[...]

  • Page 459

    Spanning T ree Configuration Command Set Configuring Spanning T r ee Bridge Parameters Matrix NSA Series Configuration Guide 6-31 6.2.1.19 set sp antree mstcfgi d Use this command to set the MST config urati on name and/or revision level. set spantree mstcfgid { cfgname name | rev level } Synt ax Description Command Default s None. Command T ype Sw[...]

  • Page 460

    Spanning T ree Configuration Command Set Configuring Spanning T ree Brid ge Parameters 6-32 Matrix NSA Series Configuration Guide 6.2.1.20 clear spantree mstcfgid Use this command to reset the MST revision level to a default value of 0, and the configuration name to a default string representing the bridge MAC address. clear spantree mstcfgid Synt [...]

  • Page 461

    Spanning T ree Configuration Command Set Configuring Spanning T r ee Bridge Parameters Matrix NSA Series Configuration Guide 6-33 6.2.1.21 show sp antree bridgeprioritymode Use this command to display the Spanning T ree bridge priority mode setting. show spantree bridgeprioritymode Synt ax Description None. Command Default s None. Command T ype Swi[...]

  • Page 462

    Spanning T ree Configuration Command Set Configuring Spanning T ree Brid ge Parameters 6-34 Matrix NSA Series Configuration Guide 6.2.1.22 set sp antree bridgeprioritymod e Use this command to set the Spanning Tree bridge pr iority mode to 802.1D (le gacy) or 802. 1t. This will af fect the range of priority values used to dete rmine which device is[...]

  • Page 463

    Spanning T ree Configuration Command Set Configuring Spanning T r ee Bridge Parameters Matrix NSA Series Configuration Guide 6-35 6.2.1.23 clear sp antree bridg epri oritymode Use this command to reset the Span ning T ree bridge priority mode to the default setting of 802.1t. clear spantree bridgeprioritymode Synt ax Description None. Command Defau[...]

  • Page 464

    Spanning T ree Configuration Command Set Configuring Spanning T ree Brid ge Parameters 6-36 Matrix NSA Series Configuration Guide 6.2.1.24 show spantree priority Use this command to display the Spanning T ree bridge priority . show spantree priority [ sid ] Synt ax Description Command Default s If sid is not specified, priority w ill be shown for S[...]

  • Page 465

    Spanning T ree Configuration Command Set Configuring Spanning T r ee Bridge Parameters Matrix NSA Series Configuration Guide 6-37 6.2.1.25 set sp antree pri ority Use this command to set the devi ce’ s Spanning T ree priority . The device with the highest priority (lowest numerical value) become s the Spanning T ree root device. If all devices ha[...]

  • Page 466

    Spanning T ree Configuration Command Set Configuring Spanning T ree Brid ge Parameters 6-38 Matrix NSA Series Configuration Guide This example shows how to set the bridge priority to 15 on all SIDs with 8021t priority mode enabled: This example shows how to set the bridge priority to 4000 on all SIDs with 8021t priority mode enabled: This example s[...]

  • Page 467

    Spanning T ree Configuration Command Set Configuring Spanning T r ee Bridge Parameters Matrix NSA Series Configuration Guide 6-39 6.2.1.26 clear sp antree priority Use this command to reset the Spanning T ree priority to the default value of 32768. clear spantree priority [ sid ] Synt ax Description Command Default s If sid is not specified, priori[...]

  • Page 468

    Spanning T ree Configuration Command Set Configuring Spanning T ree Brid ge Parameters 6-40 Matrix NSA Series Configuration Guide 6.2.1.27 show spantree bridgehellomode Use this command to display the status of bridge hello mode on the device. When enable d, a single bridge administrative hello time is being used. When disabled , pe r -port adminis[...]

  • Page 469

    Spanning T ree Configuration Command Set Configuring Spanning T r ee Bridge Parameters Matrix NSA Series Configuration Guide 6-41 6.2.1.28 set sp antree bri dgehellomode Use this command to enable or disabl e bridge hello mode on the devi ce. set spantree bridgehellomode { enable | disab le } Synt ax Description Command Default s None. Command T yp[...]

  • Page 470

    Spanning T ree Configuration Command Set Configuring Spanning T ree Brid ge Parameters 6-42 Matrix NSA Series Configuration Guide 6.2.1.29 clear spantree bridgehellomode Use this command to reset the Spanning T ree administrative hello mode to enabled. clear spantree bridgehellomode Synt ax Description None. Command Default s None. Command T ype Sw[...]

  • Page 471

    Spanning T ree Configuration Command Set Configuring Spanning T r ee Bridge Parameters Matrix NSA Series Configuration Guide 6-43 6.2.1.30 show sp antree h ello Use this command to display th e Spanning T ree hello time. show spantree hello Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-Only . Exam[...]

  • Page 472

    Spanning T ree Configuration Command Set Configuring Spanning T ree Brid ge Parameters 6-44 Matrix NSA Series Configuration Guide 6.2.1.31 set sp antree hello Use this command to set the device’ s Spanning T ree hello time, This is the time interval (in seconds) the device will transmit BP DUs indicating it is active. set spantree hello interval [...]

  • Page 473

    Spanning T ree Configuration Command Set Configuring Spanning T r ee Bridge Parameters Matrix NSA Series Configuration Guide 6-45 6.2.1.32 clear sp antree hello Use this command to reset the Spanning T ree hello time to th e default value of 2 sec onds. clear spantree hello Synt ax Description None. Command Default s None. Command T ype Switch comm[...]

  • Page 474

    Spanning T ree Configuration Command Set Configuring Spanning T ree Brid ge Parameters 6-46 Matrix NSA Series Configuration Guide 6.2.1.33 show spantree maxage Use this command to display the Sp anning T ree maximum aging time. show spantree maxage Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-Onl[...]

  • Page 475

    Spanning T ree Configuration Command Set Configuring Spanning T r ee Bridge Parameters Matrix NSA Series Configuration Guide 6-47 6.2.1.34 set sp antree maxag e Use this command to set the brid ge maximum aging time. This is the maximum time (in seconds) a device can wait without receiving a configuratio n message (bridge “hello”) before attemp[...]

  • Page 476

    Spanning T ree Configuration Command Set Configuring Spanning T ree Brid ge Parameters 6-48 Matrix NSA Series Configuration Guide 6.2.1.35 clear spantree maxage Use this command to reset the ma ximum aging time for a Spanning T r ee to the default value of 20 seconds. clear spantree maxage Synt ax Description None. Command Default s None. Command T[...]

  • Page 477

    Spanning T ree Configuration Command Set Configuring Spanning T r ee Bridge Parameters Matrix NSA Series Configuration Guide 6-49 6.2.1.36 show sp antree fw ddelay Use this command to display the Span ning T ree forward delay time. show spantree fwdde lay Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode R[...]

  • Page 478

    Spanning T ree Configuration Command Set Configuring Spanning T ree Brid ge Parameters 6-50 Matrix NSA Series Configuration Guide 6.2.1.37 set sp antree fwddelay Use this command to set the Spanning T ree forwar d delay . This is the maximum time (in seconds) the root device will wait before changing states (i.e., listening to learning to forwardin[...]

  • Page 479

    Spanning T ree Configuration Command Set Configuring Spanning T r ee Bridge Parameters Matrix NSA Series Configuration Guide 6-51 6.2.1.38 clear sp antree fwddelay Use this command to reset the Span ning T ree forward delay to the de fault setting of 15 seconds. clear spantree fwddelay Synt ax Description None. Command Default s None. Command T ype[...]

  • Page 480

    Spanning T ree Configuration Command Set Configuring Spanning T ree Brid ge Parameters 6-52 Matrix NSA Series Configuration Guide 6.2.1.39 show spantree autoedge Use this command to display the status of automatic edge port detection. show spantree autoedge Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode[...]

  • Page 481

    Spanning T ree Configuration Command Set Configuring Spanning T r ee Bridge Parameters Matrix NSA Series Configuration Guide 6-53 6.2.1.40 set sp antree aut oedge Use this command to enable or disable the au tomatic edge port detection function. set spantree autoedge { disable | enable } Synt ax Description Command Default s None. Command T ype Swi[...]

  • Page 482

    Spanning T ree Configuration Command Set Configuring Spanning T ree Brid ge Parameters 6-54 Matrix NSA Series Configuration Guide 6.2.1.41 clear sp antree autoedge Use this command to reset automatic edge port detection to the default state of enabled. clear spantree autoedge Synt ax Description None. Command Default s None. Command T ype Switch co[...]

  • Page 483

    Spanning T ree Configuration Command Set Configuring Spanning T r ee Bridge Parameters Matrix NSA Series Configuration Guide 6-55 6.2.1.42 show sp antree l egacyp athcost Use this command to display the defa ult S panning T ree path cost setting. show spantree legacypathcost Synt ax Description None. Command Default s None. Command T ype Switch com[...]

  • Page 484

    Spanning T ree Configuration Command Set Configuring Spanning T ree Brid ge Parameters 6-56 Matrix NSA Series Configuration Guide 6.2.1.43 set sp antree legacyp athcost Use this command to enable or disable legacy (802.1D) path cost values. set spantree legacypathcost { disable | enable } Synt ax Description Command Default s None. Command T ype Sw[...]

  • Page 485

    Spanning T ree Configuration Command Set Configuring Spanning T r ee Bridge Parameters Matrix NSA Series Configuration Guide 6-57 6.2.1.44 clear sp antree legacypathcost Use this command to set the Spanning T ree defau lt value for legacy path cost to 802.1t values. clear spantree legacypathcost Synt ax Description None. Command Default s None. Com[...]

  • Page 486

    Spanning T ree Configuration Command Set Configuring Spanning T ree Brid ge Parameters 6-58 Matrix NSA Series Configuration Guide 6.2.1.45 show sp antree tctrapsuppress Use this command to display the status of topo logy change trap suppression on Rapid Spanning Tree edge ports. show spantree tctrapsuppress Synt ax Description None. Command Default[...]

  • Page 487

    Spanning T ree Configuration Command Set Configuring Spanning T r ee Bridge Parameters Matrix NSA Series Configuration Guide 6-59 6.2.1.46 set sp antree tctrapsuppress Use this command to disable or enable topology change trap suppression on Rapid Spann ing Tree edge ports. By default, RSTP non-edge (bridge) ports that transition to forwardi ng or [...]

  • Page 488

    Spanning T ree Configuration Command Set Configuring Spanning T ree Brid ge Parameters 6-60 Matrix NSA Series Configuration Guide 6.2.1.47 clear sp antree tctrap suppress Use this command to clear topology change trap suppression settings. clear spantree tctrapsuppress Synt ax Description None. Command Default s None. Command T ype Switch command. [...]

  • Page 489

    Spanning T ree Configuration Command Set Configuring Spanning T r ee Bridge Parameters Matrix NSA Series Configuration Guide 6-61 6.2.1.48 show sp antree txholdcount Use this command to display the maxi mum BPDU transmission rate. show spantree txholdcount Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode [...]

  • Page 490

    Spanning T ree Configuration Command Set Configuring Spanning T ree Brid ge Parameters 6-62 Matrix NSA Series Configuration Guide 6.2.1.49 set sp antree txholdcou nt Use this command to set the maximum BPDU tran smission rate. This is the number of BPDUs which will be transmitted be fore transmissions are subject to a one-second timer . set spantre[...]

  • Page 491

    Spanning T ree Configuration Command Set Configuring Spanning T r ee Bridge Parameters Matrix NSA Series Configuration Guide 6-63 6.2.1.50 clear sp antree txhol dcou nt Use this command to reset the transmit hold count to the default value of 6. clear spantree txholdcount Synt ax Description None. Command Default s None. Command T ype Switch comman[...]

  • Page 492

    Spanning T ree Configuration Command Set Configuring Spanning T ree Brid ge Parameters 6-64 Matrix NSA Series Configuration Guide 6.2.1.51 show spantree maxhop s Use this command to display the Spannin g T ree maximum hop count. show spantree maxhops Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-O[...]

  • Page 493

    Spanning T ree Configuration Command Set Configuring Spanning T r ee Bridge Parameters Matrix NSA Series Configuration Guide 6-65 6.2.1.52 set sp antree maxhops Use this command to set the Spanning T ree maximum hop count. This is the maximum number of hops that the information for a particular Sp anning T ree instance may traverse (via relay of BP[...]

  • Page 494

    Spanning T ree Configuration Command Set Configuring Spanning T ree Brid ge Parameters 6-66 Matrix NSA Series Configuration Guide 6.2.1.53 clear spantree maxhop s Use this command to reset the maximum hop count to the default value of 20. clear spantree maxhops Synt ax Description None. Command Default s None. Command T ype Switch command. Command [...]

  • Page 495

    Spanning T ree Configuration Command Set Configuring Spanning T r ee Bridge Parameters Matrix NSA Series Configuration Guide 6-67 6.2.1.54 show sp antree sp anguard Use this command to display the status of the Spanning Tree span guard function. show spantree spanguard Synt ax Description None. Command Default s None. Command T ype Switch command. [...]

  • Page 496

    Spanning T ree Configuration Command Set Configuring Spanning T ree Brid ge Parameters 6-68 Matrix NSA Series Configuration Guide 6.2.1.55 set sp antree sp an guard Use this command to enable or disable the Spanni ng Tree span guard functio n. When enabled, th is prevents an un authorized bridge from becoming part of the activ e Spanning Tre e topo[...]

  • Page 497

    Spanning T ree Configuration Command Set Configuring Spanning T r ee Bridge Parameters Matrix NSA Series Configuration Guide 6-69 6.2.1.56 clear sp antree spanguard Use this command to resets the status of the Span ning Tree span guard function to disabled. clear spantree spanguard Synt ax Description None. Command Default s None. Command T ype Swi[...]

  • Page 498

    Spanning T ree Configuration Command Set Configuring Spanning T ree Brid ge Parameters 6-70 Matrix NSA Series Configuration Guide 6.2.1.57 show sp antree spanguard timeout Use this command to display the Span ning Tree span guard timeout setting. show spantree spanguardtimeout Synt ax Description None. Command Default s None. Command T ype Switch c[...]

  • Page 499

    Spanning T ree Configuration Command Set Configuring Spanning T r ee Bridge Parameters Matrix NSA Series Configuration Guide 6-71 6.2.1.58 set sp antree sp anguard timeout Use this command to set the amount of time (in sec onds) an edge port will remain lock ed by the span guard function. set spantree spanguardtimeout timeout Synt ax Description Co[...]

  • Page 500

    Spanning T ree Configuration Command Set Configuring Spanning T ree Brid ge Parameters 6-72 Matrix NSA Series Configuration Guide 6.2.1.59 clear spantree sp ang uard timeout Use this command to reset the Spanning Tree span guard timeout to the default value of 300 seconds. clear spantree spanguardtimeout Synt ax Description None. Command Default s [...]

  • Page 501

    Spanning T ree Configuration Command Set Configuring Spanning T r ee Bridge Parameters Matrix NSA Series Configuration Guide 6-73 6.2.1.60 show sp antree sp anguardlock Use this command to display the span gu ard lock status of one or more ports. show spantree spanguardlock port-string Synt ax Description Command Default s None. Command T ype Switc[...]

  • Page 502

    Spanning T ree Configuration Command Set Configuring Spanning T ree Brid ge Parameters 6-74 Matrix NSA Series Configuration Guide 6.2.1.61 clear / set sp antree sp anguardlock Use either of these commands to unlock one or more ports locked by the Spanning Tree span guard function. When sp an guard is enab led, it locks ports that receive BP DUs whe[...]

  • Page 503

    Spanning T ree Configuration Command Set Configuring Spanning T r ee Bridge Parameters Matrix NSA Series Configuration Guide 6-75 6.2.1.62 show sp antree sp anguard trapenable Use this command to displays the state of the Spanning Tree sp an guard trap functi on. show spantree spanguardtrapenable Synt ax Description None. Command Default s None. Co[...]

  • Page 504

    Spanning T ree Configuration Command Set Configuring Spanning T ree Brid ge Parameters 6-76 Matrix NSA Series Configuration Guide 6.2.1.63 set sp antree sp an guard trap enable Use this command to enable or disable the sending of an SNMP trap message when span guard detects that an unauthorized port has tried to join the Spanning Tree. set spantree[...]

  • Page 505

    Spanning T ree Configuration Command Set Configuring Spanning T r ee Bridge Parameters Matrix NSA Series Configuration Guide 6-77 6.2.1.64 clear sp antree spanguard trap enable Use this command to reset the Spanning Tree span guard trap functio n back to the default stat e of enabled. clear spantree spanguardtrapenable Synt ax Description None. Com[...]

  • Page 506

    Spanning T ree Configuration Command Set Configuring Spanning T ree Brid ge Parameters 6-78 Matrix NSA Series Configuration Guide 6.2.1.65 show spantree backuproot Use this command to display the state of the Spanning T ree backup root functio n. show spantree backuproot [ sid] Synt ax Description Command Default s If sid is not specified, status w[...]

  • Page 507

    Spanning T ree Configuration Command Set Configuring Spanning T r ee Bridge Parameters Matrix NSA Series Configuration Guide 6-79 6.2.1.66 set sp antree backup root Use this command to enable or di sable the Spanning T ree ba ckup root function. Ena bled by default on bridge(s) directly connected to the root brid ge, this prevents stale Spanning T [...]

  • Page 508

    Spanning T ree Configuration Command Set Configuring Spanning T ree Brid ge Parameters 6-80 Matrix NSA Series Configuration Guide 6.2.1.67 clear spantree backuproot Use this command to reset the Spanning T ree backup root function to the default state of disabled. clear spantree backuproot sid Synt ax Description Command Default s None. Command T y[...]

  • Page 509

    Spanning T ree Configuration Command Set Configuring Spanning T r ee Bridge Parameters Matrix NSA Series Configuration Guide 6-81 6.2.1.68 show sp antree backuproottrapendable Use this command to display the state of th e Spanning T ree backup root trap function. show spantree backuproottrapenable Synt ax Description None. Command Default s None. C[...]

  • Page 510

    Spanning T ree Configuration Command Set Configuring Spanning T ree Brid ge Parameters 6-82 Matrix NSA Series Configuration Guide 6.2.1.69 set sp antree backuproottrapenable Use this command to enable or disable the Spanning T ree backup root trap function. When SNMP trap messageing is configured, this sends a trap message whe n the back up root fu[...]

  • Page 511

    Spanning T ree Configuration Command Set Configuring Spanning T r ee Bridge Parameters Matrix NSA Series Configuration Guide 6-83 6.2.1.70 clear sp antree backuproottrapenable Use this command to resets the Spanning T ree ba ckup root trap function to the default state of disabled. clear spantree backuproottrapenable . Synt ax Description None. Com[...]

  • Page 512

    Spanning T ree Configuration Command Set Configuring Spanning T ree Brid ge Parameters 6-84 Matrix NSA Series Configuration Guide 6.2.1.71 show spantree newroottrapendable Use this command to display the state of the Spanning T ree new root trap function . show spantree newroottrapenable Synt ax Description None. Command Default s None. Command T y[...]

  • Page 513

    Spanning T ree Configuration Command Set Configuring Spanning T r ee Bridge Parameters Matrix NSA Series Configuration Guide 6-85 6.2.1.72 set sp antree new roottrapenable Use this command to enable or disable the Spannin g T ree ne w root trap function. When SNMP trap messaging is configured, this sends a trap message when a Spanning T ree becomes[...]

  • Page 514

    Spanning T ree Configuration Command Set Configuring Spanning T ree Brid ge Parameters 6-86 Matrix NSA Series Configuration Guide 6.2.1.73 clear sp antree newroottrapenable Use this command to reset the Spanning T ree new ro ot trap function back to the default state of enabled. clear spantree newroottrapenable Synt ax Description None. Command Def[...]

  • Page 515

    Spanning T ree Configuration Command Set Configuring Spanning T r ee Bridge Parameters Matrix NSA Series Configuration Guide 6-87 6.2.1.74 clear sp antree default Use this command to restore default values to a Spanning T ree. clear spantree default [ sid ] Synt ax Description Command Default s If sid is not specified, defaults will be restored on [...]

  • Page 516

    Spanning T ree Configuration Command Set Configuring Spanning T ree Brid ge Parameters 6-88 Matrix NSA Series Configuration Guide 6.2.1.75 show spantree debug Use this command to display Spanning T ree debug cou nters for one or more ports. show spantree debug [ port port-string ] [ sid sid ] [ active ] Synt ax Description Command Default s • If [...]

  • Page 517

    Spanning T ree Configuration Command Set Configuring Spanning T r ee Bridge Parameters Matrix NSA Series Configuration Guide 6-89 Example This example shows how to di spla y Spanning T ree debug counters for link ag gre gation port 3, SID 0: Matrix(rw)-> show spantree debug port lag.0.3 STP Diagnostic Common Counters fo r SID 0 -----------------[...]

  • Page 518

    Spanning T ree Configuration Command Set Configuring Spanning T ree Brid ge Parameters 6-90 Matrix NSA Series Configuration Guide 6.2.1.76 clear spantree debug Use this command to clear Spanning T ree debug counters. clear spantree debug Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Exampl[...]

  • Page 519

    Spanning T ree Configuration Command Set Configuring Spanning T re e Port Parameters Matrix NSA Series Configuration Guide 6-91 6.2.2 Configuring Sp anning T ree Port Parameters Purpose T o di spla y and set Spanning T ree port parameters, including en abling or disabling the Sp anning T ree algorithm on one or more ports, displaying des ignated br[...]

  • Page 520

    Spanning T ree Configuration Command Set Configuring Spanning T ree Port Parameters 6-92 Matrix NSA Series Configuration Guide • show spantree adminedge ( Section 6.2.2.19 ) • set spantree adminedge ( Section 6.2.2.20 ) • clear spantree adminedge ( Section 6.2.2.21 ) • show spantree operedge ( Section 6.2.2.22 ) • show spantree adminpoint[...]

  • Page 521

    Spanning T ree Configuration Command Set Configuring Spanning T re e Port Parameters Matrix NSA Series Configuration Guide 6-93 6.2.2.1 sho w sp antree porten able Use this command to display the port stat us on one or more Spanning T re e po rts. show spantree portenable [port port-string ] Synt ax Description Command Default s If port-string is n[...]

  • Page 522

    Spanning T ree Configuration Command Set Configuring Spanning T ree Port Parameters 6-94 Matrix NSA Series Configuration Guide 6.2.2.2 set sp an tree portenab le Use this command to set the port status on one or more Spanning T ree ports. set spantree portenable port-string { enable | disable } Synt ax Description Command Default s None. Command T [...]

  • Page 523

    Spanning T ree Configuration Command Set Configuring Spanning T re e Port Parameters Matrix NSA Series Configuration Guide 6-95 6.2.2.3 clear spantree portenable Use this command to reset the default value for one or more Spanning T ree ports to enabled. clear spantree portenable port-string Synt ax Description Command Default s None. Command T ype[...]

  • Page 524

    Spanning T ree Configuration Command Set Configuring Spanning T ree Port Parameters 6-96 Matrix NSA Series Configuration Guide 6.2.2.4 show sp antree po rt admin Use this command to display the status of th e Spann ing T ree algorithm on one or more ports. show spantree portadmin [ port port-string ] Synt ax Description Command Default s If port-st[...]

  • Page 525

    Spanning T ree Configuration Command Set Configuring Spanning T re e Port Parameters Matrix NSA Series Configuration Guide 6-97 6.2.2.5 set sp antree port admin Use this command to disable or enable the Sp anning T ree algorithm on one or more ports. set spantree portadmin port-stri ng {disable | enable} Synt ax Description Command Default s None. [...]

  • Page 526

    Spanning T ree Configuration Command Set Configuring Spanning T ree Port Parameters 6-98 Matrix NSA Series Configuration Guide 6.2.2.6 clear sp antree port ad min Use this command to reset the default Spanning T ree admin status to enable on one or more ports. clear spantree portadmin port-string Synt ax Description Command Default s None. Command [...]

  • Page 527

    Spanning T ree Configuration Command Set Configuring Spanning T re e Port Parameters Matrix NSA Series Configuration Guide 6-99 6.2.2.7 set sp antree pro tomigration Use this command to reset the protocol state migration machine for one or more Spanning T ree ports. When operating in RSTP mode, this forces a port to transmit MSTP BPDUs. set spantre[...]

  • Page 528

    Spanning T ree Configuration Command Set Configuring Spanning T ree Port Parameters 6-100 Matrix NSA Series Configuration Guide 6.2.2.8 show sp antree po rt state Use this command to display the state (blocking, forwarding, etc.) for a port on one or more Spanning T rees. show spantree portstate [ port port-string ] [ sid sid ] Synt ax Description [...]

  • Page 529

    Spanning T ree Configuration Command Set Configuring Spanning T re e Port Parameters Matrix NSA Series C onfiguration Guide 6 -101 6.2.2.9 sho w sp antree blockedport s Use this command to display the blocked ports in a Spanning T ree. A port in this state does not participate in the transmission of frames, thus preventing duplicat ion arising thro[...]

  • Page 530

    Spanning T ree Configuration Command Set Configuring Spanning T ree Port Parameters 6-102 Matrix NSA Series Configuration Guide 6.2.2.10 show spantree portpri Use this command to show the Spanning T ree priority for one or more ports. Port priority is a component of the port ID, which is one elemen t used in determinin g Spanning T ree port roles. [...]

  • Page 531

    Spanning T ree Configuration Command Set Configuring Spanning T re e Port Parameters Matrix NSA Series C onfiguration Guide 6 -103 6.2.2.1 1 set spantree portpri Use this command to set a port’ s Spanning T ree priority . set spantree portpri port-string priority [ sid sid ] Synt ax Description Command Default s If sid is not specified, port prio[...]

  • Page 532

    Spanning T ree Configuration Command Set Configuring Spanning T ree Port Parameters 6-104 Matrix NSA Series Configuration Guide 6.2.2.12 clear spantree portpri Use this command to reset the bridge priority of a Spanning T ree port to a default value of 128. clear spantree portpri port-string [ sid sid ] Synt ax Description Command Default s If sid [...]

  • Page 533

    Spanning T ree Configuration Command Set Configuring Spanning T re e Port Parameters Matrix NSA Series C onfiguration Guide 6 -105 6.2.2.13 set sp antree porthell o Use this command to set the hello tim e for one or more Spanning T ree ports. This is the time interval (in seconds) the port(s) will transmit BPDUs. set spantree porthello port-string [...]

  • Page 534

    Spanning T ree Configuration Command Set Configuring Spanning T ree Port Parameters 6-106 Matrix NSA Series Configuration Guide 6.2.2.14 clear spantree porthello Use this command to reset the hello time for one or more Spanning T ree ports to the default of 2 seconds. clear spantree porthello port-string Synt ax Description Command Default s None. [...]

  • Page 535

    Spanning T ree Configuration Command Set Configuring Spanning T re e Port Parameters Matrix NSA Series C onfiguration Guide 6 -107 6.2.2.15 show sp antree p ortcost Use this command to display cost values assign ed to one or m ore Spanning T re e ports. show spantree portcost [ port port-string ] [ sid sid ] Synt ax Description Command Default s ?[...]

  • Page 536

    Spanning T ree Configuration Command Set Configuring Spanning T ree Port Parameters 6-108 Matrix NSA Series Configuration Guide 6.2.2.16 show spantree adminp athcost Use this command to display the admin path cost for a port on one or more Spanning T rees. show spantree adminpathcost [ port port-string ] [ sid sid ] Synt ax Description Command Defa[...]

  • Page 537

    Spanning T ree Configuration Command Set Configuring Spanning T re e Port Parameters Matrix NSA Series C onfiguration Guide 6 -109 6.2.2.17 set sp antree adminpathcost Use this command to set the administrative path cost on a port and one or more Spanning T rees. set spantree adminpathcost port-string cost [ sid sid ] Synt ax Description Command De[...]

  • Page 538

    Spanning T ree Configuration Command Set Configuring Spanning T ree Port Parameters 6-1 10 Matrix NSA Series Configuration Guide 6.2.2.18 clear spantree adminp athcost Use this command to reset the Spanning T ree de fault value for port admin path cost to 0. clear spantree adminpathcost port-string [ sid sid ] Synt ax Description Command Default s [...]

  • Page 539

    Spanning T ree Configuration Command Set Configuring Spanning T re e Port Parameters Matrix NSA Series Configuration Guide 6-1 1 1 6.2.2.19 show sp antree admi nedge Use this command to display the edge port administrative status for a port. show spantree adminedge [ port port-string ] Synt ax Description Command Default s If port-string is not spe[...]

  • Page 540

    Spanning T ree Configuration Command Set Configuring Spanning T ree Port Parameters 6-1 12 Matrix NSA Series Configuration Guide 6.2.2.20 set sp antree adminedge Use this command to set the edge port administrative status on a Spanning T ree port. set spantree adminedge port-string {true | false} Synt ax Description Command Default s None. Command [...]

  • Page 541

    Spanning T ree Configuration Command Set Configuring Spanning T re e Port Parameters Matrix NSA Series Configuration Guide 6-1 13 6.2.2.21 clear sp antree adminedg e Use this command to reset a Spanning T ree port to non-edge status. clear spantree adminedge port-string Synt ax Description Command Default s None. Command T ype Switch command. Comma[...]

  • Page 542

    Spanning T ree Configuration Command Set Configuring Spanning T ree Port Parameters 6-1 14 Matrix NSA Series Configuration Guide 6.2.2.22 show spantree operedge Use this command to display the Spanning T r ee edge port operating status for a port. show spantree operedge [ port port-string] Synt ax Description Command Default s If port-string is not[...]

  • Page 543

    Spanning T ree Configuration Command Set Configuring Spanning T re e Port Parameters Matrix NSA Series Configuration Guide 6-1 15 6.2.2.23 show sp antree adminpoint Use this command to display the administrative poi nt-to-point status of the LAN segment attached to a Spanning T ree port. show spantree adminpoint [ port port-string] Synt ax Descript[...]

  • Page 544

    Spanning T ree Configuration Command Set Configuring Spanning T ree Port Parameters 6-1 16 Matrix NSA Series Configuration Guide 6.2.2.24 show spantree operpoint Use this command to display the op erating point-to-point status of the LAN segment attached to a port. show spantree operpoint [ port port-string] Synt ax Description Command Default s If[...]

  • Page 545

    Spanning T ree Configuration Command Set Configuring Spanning T re e Port Parameters Matrix NSA Series Configuration Guide 6-1 17 6.2.2.25 set sp antree adminp oint Use this command to set the administrativ e point-to-point status of the LAN segment attached to a Spanning T ree port. set spantree adminpoint port-string {true | false | auto} Synt ax[...]

  • Page 546

    Spanning T ree Configuration Command Set Configuring Spanning T ree Port Parameters 6-1 18 Matrix NSA Series Configuration Guide 6.2.2.26 clear spantree adminpoint Use this c ommand to reset the administrative point-to-poi nt status of the LAN se gment attached to a Spanning T ree port to auto mode. clear spantree adminpoint port-string Synt ax Des[...]

  • Page 547

    Spanning T ree Configuration Command Set Configuring Spanning T ree Loop Protect F eatures Matrix NSA Series Configuration Guide 6-1 19 6.2.3 Configuring Sp anning T ree Loop Protect Features Purpose T o display and set Spanning T ree Loop Protect pa ra meters, including the glob al parameters of Loop Protect threshold, window , enablin g traps, an[...]

  • Page 548

    Spanning T ree Configuration Command Set Configuring Spanning T ree L oop Protect Features 6-120 Matrix NSA Series Configuration Guide • set spantree disputedbpduthreshold ( Section 6.2.3.18 ) • show spantree disput edbpduthreshold ( Section 6.2.3.19 ) • clear spantree disputedbpduthreshold ( Section 6.2.3.20 ) • show spantree nonforwarding[...]

  • Page 549

    Spanning T ree Configuration Command Set Configuring Spanning T ree Loop Protect F eatures Matrix NSA Series C onfiguration Guide 6 -121 6.2.3.1 set sp antree lp Use this command to enable or disable the Loop Protect feature per port and optionally , per SID. The Loop Protect feature is d i sabled by default. See “Loo p Prote ct” on page 6-2 fo[...]

  • Page 550

    Spanning T ree Configuration Command Set Configuring Spanning T ree L oop Protect Features 6-122 Matrix NSA Series Configuration Guide 6.2.3.2 show sp antree lp Use this command to display the Loop Protect status p er port and/or per SID. show spantree lp [ port port-string ] [ sid sid ] Synt ax Description Command Default s If no port-string is sp[...]

  • Page 551

    Spanning T ree Configuration Command Set Configuring Spanning T ree Loop Protect F eatures Matrix NSA Series C onfiguration Guide 6 -123 6.2.3.3 clear spantree lp Use this command to return the Loop Protect st atus per port and optionally , per SID, to its default state of disabled. clear spantree lp port-string [ sid sid ] Synt ax Description Comm[...]

  • Page 552

    Spanning T ree Configuration Command Set Configuring Spanning T ree L oop Protect Features 6-124 Matrix NSA Series Configuration Guide 6.2.3.4 show sp antree lpl ock Use this command to display the Loop Protect lo ck status per port an d/or per SID. A port can become locked if a configure d number of Loop Protect events occur during the configured [...]

  • Page 553

    Spanning T ree Configuration Command Set Configuring Spanning T ree Loop Protect F eatures Matrix NSA Series C onfiguration Guide 6 -125 6.2.3.5 clear sp antree lplock Use this command to manually un lock a blocked port and optionally , per SID. The default state is unlocked . clear spantree lplock port-string [ sid sid ] Synt ax Description Comman[...]

  • Page 554

    Spanning T ree Configuration Command Set Configuring Spanning T ree L oop Protect Features 6-126 Matrix NSA Series Configuration Guide 6.2.3.6 set sp an tree lpcapablep artner Use this command to specify per port whether the link partner is Loop Protect capable. See “Loop Protect” on page 6-2 for more information. set spantree lpcapablepartner [...]

  • Page 555

    Spanning T ree Configuration Command Set Configuring Spanning T ree Loop Protect F eatures Matrix NSA Series C onfiguration Guide 6 -127 Example This example shows how to set the Loop Prot ect capable partner to true for ge.1.1: Matrix(rw)-> set spantree lpcapablepartner ge.1.1 true[...]

  • Page 556

    Spanning T ree Configuration Command Set Configuring Spanning T ree L oop Protect Features 6-128 Matrix NSA Series Configuration Guide 6.2.3.7 show sp antree lpcapablep artner Use this command to the Loop Protect capab ility of a link partner for one or more ports. show spantree lpcapablepartner [ port port-string ] Synt ax Description Command Defa[...]

  • Page 557

    Spanning T ree Configuration Command Set Configuring Spanning T ree Loop Protect F eatures Matrix NSA Series C onfiguration Guide 6 -129 6.2.3.8 clear spantree lpcap abl epartner Use this command to reset the Loop Protect capability of port link partners to the default state of false. clear spantree lpcapablepartner port-string Synt ax Description [...]

  • Page 558

    Spanning T ree Configuration Command Set Configuring Spanning T ree L oop Protect Features 6-130 Matrix NSA Series Configuration Guide 6.2.3.9 set spantree lpthreshold Use this command to set the Loop Protect event threshold. set spantree lpthreshold value Synt ax Description Command Default s None. The default event threshold is 3. Command T ype S[...]

  • Page 559

    Spanning T ree Configuration Command Set Configuring Spanning T ree Loop Protect F eatures Matrix NSA Series C onfiguration Guide 6 -131 6.2.3.10 show sp antree lpthreshold Use this command to display the current value of the Loop Protect event threshold. show spantree lpthre shold Synt ax Description None. Command Default s None. Command T ype Swi[...]

  • Page 560

    Spanning T ree Configuration Command Set Configuring Spanning T ree L oop Protect Features 6-132 Matrix NSA Series Configuration Guide 6.2.3.1 1 clear sp antree lp threshold Use this command to return the Loop Protect event threshold to its default value of 3. clear spantree lpthreshold Synt ax Description None. Command Default s None. Command T yp[...]

  • Page 561

    Spanning T ree Configuration Command Set Configuring Spanning T ree Loop Protect F eatures Matrix NSA Series C onfiguration Guide 6 -133 6.2.3.12 set sp antree lpw indow Use this command to set the Loop Pr otect event window value in seconds. set spantree lpwindow value Synt ax Description Command Default s None. Command T ype Switch command. Comma[...]

  • Page 562

    Spanning T ree Configuration Command Set Configuring Spanning T ree L oop Protect Features 6-134 Matrix NSA Series Configuration Guide 6.2.3.13 show spantree lpwindow Use this command to display the curre nt Loop Protect event window value. show spantree lpwindow Synt ax Description None. Command Default s None. Command T ype Switch command. Comman[...]

  • Page 563

    Spanning T ree Configuration Command Set Configuring Spanning T ree Loop Protect F eatures Matrix NSA Series C onfiguration Guide 6 -135 6.2.3.14 clear sp antree lpwin dow Use this command to reset the Loop Protect even t window to the default value of 180 seconds. clear spantree lpwindow Synt ax Description None. Command Default s None. Command T [...]

  • Page 564

    Spanning T ree Configuration Command Set Configuring Spanning T ree L oop Protect Features 6-136 Matrix NSA Series Configuration Guide 6.2.3.15 set sp antree lptrapenable Use this command to enable or disable Loop Protect event notification. set spantree lptrapenable { enable | disable } Synt ax Description Command Default s None. Command T ype Swi[...]

  • Page 565

    Spanning T ree Configuration Command Set Configuring Spanning T ree Loop Protect F eatures Matrix NSA Series C onfiguration Guide 6 -137 6.2.3.16 show sp antree l ptrapenable Use this command to display the current st atus of Loop Protect event notification. show spantree lptrapenable Synt ax Description None. Command Default s None. Command T ype [...]

  • Page 566

    Spanning T ree Configuration Command Set Configuring Spanning T ree L oop Protect Features 6-138 Matrix NSA Series Configuration Guide 6.2.3.17 clear spantree lptrapenable Use this command to return the Loop Protect e vent notification state to its default sta te of disabled. clear spantree lptrapenable Synt ax Description None. Command Default s N[...]

  • Page 567

    Spanning T ree Configuration Command Set Configuring Spanning T ree Loop Protect F eatures Matrix NSA Series C onfiguration Guide 6 -139 6.2.3.18 set sp antree disputedbp duthreshold Use this command to set the disp uted BPDU threshold, which is the number of disputed BPDUs that must be received on a given por t/SID until a disputed BPDU trap is se[...]

  • Page 568

    Spanning T ree Configuration Command Set Configuring Spanning T ree L oop Protect Features 6-140 Matrix NSA Series Configuration Guide Example This example shows how to set the disputed BPDU threshold value to 5: Matrix(rw)-> set spantree disput edbpduthreshold 5[...]

  • Page 569

    Spanning T ree Configuration Command Set Configuring Spanning T ree Loop Protect F eatures Matrix NSA Series C onfiguration Guide 6 -141 6.2.3.19 show sp antree disputedbpduthreshold Use this command to display the current value of the disputed BPDU threshold. show spantree disputedbpduthreshold Synt ax Description None. Command Default s None. Com[...]

  • Page 570

    Spanning T ree Configuration Command Set Configuring Spanning T ree L oop Protect Features 6-142 Matrix NSA Series Configuration Guide 6.2.3.20 clear sp antree disputedbp duthreshold Use this command to return the disputed BPDU thresh old to its de fault value of 0, meaning that disputed BPDU traps shou ld no t be sent. clear spantree disputedbpdut[...]

  • Page 571

    Spanning T ree Configuration Command Set Configuring Spanning T ree Loop Protect F eatures Matrix NSA Series C onfiguration Guide 6 -143 6.2.3.21 show sp antree nonforwardingreason Use this command to display the reason for placing a port in a non-forwarding state due to an exceptional condition. show spantree nonforwardingreason [ port port-string[...]

  • Page 572

    Spanning T ree Configuration Command Set Configuring Spanning T ree L oop Protect Features 6-144 Matrix NSA Series Configuration Guide[...]

  • Page 573

    Matrix NSA Series Configu ration Guide 7-1 7 802.1Q VLAN Configuration This chapter describes the Matrix system’ s ca pabilities to implement 802.1Q virtual LANs (VLANs). It documents how to: • Create, enable, disable and name a VLAN. • Review status and other in formation related to VLANs. • Assign ports to a VLAN and filter unwanted frame[...]

  • Page 574

    Process Overview: 802.1Q VLAN Configuration Port S t ring Syntax Used in the CLI 7-2 Matrix NSA Series Configuration Guide 7.1.2 Port St ring Synt ax Used in the CLI For information on how to designate port numbers in the CLI syntax, refer to Section 4.1.1 . 7.2 PROCESS OVERVIEW: 802 .1Q VLAN CONFIGURATION Use the following steps as a guid e to con[...]

  • Page 575

    VLAN Configura tion Command Set Reviewing Existing VLANs Matrix NSA Series Configuration Gui de 7-3 7.3 VLAN CONFIGURATION COMMAND SET 7.3.1 Reviewing Existing VLANs Purpose T o display a list of VLANs currently configured on the device , to determine how one or more VLANs were created, the ports allowed and disallo wed to transmit traffic belongin[...]

  • Page 576

    VLAN Configuration Command Set Reviewing Existing VL ANs 7-4 Matrix NSA Series Configuration Guide 7.3.1.1 show vlan Use this command to display all informatio n related to one or more VLANs. show vlan [static ] [ vlan-list ] Synt ax Description Command Default s If no options are specified, all information related to static and dynamic VLANs will [...]

  • Page 577

    VLAN Configura tion Command Set Reviewing Existing VLANs Matrix NSA Series Configuration Gui de 7-5 Example This example shows how to display informatio n for VLAN 1. In this case, VLAN 1 is named “DEF AUL T VLAN” and it is enabled to operate. Ports allowed to transmit frames belonging to VLAN 1 are listed as egress ports. Ports that won’ t i[...]

  • Page 578

    VLAN Configuration Command Set Creating and Naming S tatic VLANs 7-6 Matrix NSA Series Configuration Guide 7.3.2 Creating and Naming St atic VLANs Purpose T o create a ne w static VLAN, or to enable or disable existing VLAN(s). Commands The commands used to create and name static VLANs are list ed b elow and described in the associated section as s[...]

  • Page 579

    VLAN Configura tion Command Set Creating and Naming S tatic VLANs Matrix NSA Series Configuration Gui de 7-7 7.3.2.1 set vlan Use this command to create a new static IEEE 802 .1Q VLAN, or to enable or disable an existing VLAN. Once a VLAN is created, you can assign it a name using the set vlan name command described in Section 7.3.2.2 . set vlan {c[...]

  • Page 580

    VLAN Configuration Command Set Creating and Naming S tatic VLANs 7-8 Matrix NSA Series Configuration Guide 7.3.2.2 set vlan name Use this command to set or change the ASCII name for a new or existing VLAN. set vlan name vlan-list vlan-name Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example Th[...]

  • Page 581

    VLAN Configura tion Command Set Creating and Naming S tatic VLANs Matrix NSA Series Configuration Gui de 7-9 7.3.2.3 clear vlan Use this command to remove a static VLAN from the list of VLANs reco gnized by the device. clear vlan vlan-list Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example Th[...]

  • Page 582

    VLAN Configuration Command Set Creating and Naming S tatic VLANs 7-10 Matrix NSA Series Configuration Guide 7.3.2.4 clear vlan name Use this command to remove the name of a VLAN from the VLAN list. clear vlan name vlan-list Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example This example shows[...]

  • Page 583

    VLAN Configura tion Command Set Assigning Port VLAN ID s (PVID s) and Ingress Filterin g Matrix NSA Series Configuration Guide 7-1 1 7.3.3 Assigning Port VLAN IDs (P VIDs) and Ingress Filtering About P VIDs and Policy Classification to a VLAN Port VLAN IDs (PVIDs) assign VLAN IDs to untagg ed frames on one or more ports. Using the set port vlan com[...]

  • Page 584

    VLAN Configuration Command Set Assigning Port VLAN IDs (PVIDs) and Ingress Filtering 7-12 Matrix NSA Series Configuration Guide • show port discard ( Section 7.3.3.9 ) • set port discard ( Section 7.3.3.10 ) • clear port discard ( Section 7.3.3.1 1 )[...]

  • Page 585

    VLAN Configura tion Command Set Assigning Port VLAN ID s (PVID s) and Ingress Filterin g Matrix NSA Series Configuration Guide 7-13 7.3.3.1 sho w port vlan Use this command to display port VLAN identif ier (PVID) information. PVID determines the VLAN to which all untagged frames received on one or more ports will be classified. show port vlan [ por[...]

  • Page 586

    VLAN Configuration Command Set Assigning Port VLAN IDs (PVIDs) and Ingress Filtering 7-14 Matrix NSA Series Configuration Guide 7.3.3.2 set port vlan Use this command to configure the PVID (port VL AN identifier) for one or more ports. The PVID is used to classify untagged frames as they ingress into a given port. If the specified VLAN has not alre[...]

  • Page 587

    VLAN Configura tion Command Set Assigning Port VLAN ID s (PVID s) and Ingress Filterin g Matrix NSA Series Configuration Guide 7-15 Example This exampl e sho ws how to add fe.1. 10 to th e port VLAN list of VLAN 4 (PVID 4). Since VLAN 4 is a new VLAN, it is created. T hen port fe.1.1 0 is added to VLAN 4’ s untagged egress list, and is cleared fr[...]

  • Page 588

    VLAN Configuration Command Set Assigning Port VLAN IDs (PVIDs) and Ingress Filtering 7-16 Matrix NSA Series Configuration Guide 7.3.3.3 clear port vlan Use this command to reset a port’ s 802.1Q port VLAN ID (PVID) to the host VLAN ID 1. clear port vlan port-string Synt ax Description Command Default s None. Command T ype Switch command. Command [...]

  • Page 589

    VLAN Configura tion Command Set Assigning Port VLAN ID s (PVID s) and Ingress Filterin g Matrix NSA Series Configuration Guide 7-17 7.3.3.4 sho w vlan interface Use this command to display the MIB -II inter face entry mapped to a VLAN. show vlan interface [ vlan-list ] Synt ax Description Command Default s If vlan-list is not specified, MIB2 interf[...]

  • Page 590

    VLAN Configuration Command Set Assigning Port VLAN IDs (PVIDs) and Ingress Filtering 7-18 Matrix NSA Series Configuration Guide 7.3.3.5 set vlan interface Use this command to create, disable or enables a MIB-II interfa ce mapped to a VLAN. set vlan interface vlan-list { create | disable | enable } [ volatile ] Synt ax Description Command Default s [...]

  • Page 591

    VLAN Configura tion Command Set Assigning Port VLAN ID s (PVID s) and Ingress Filterin g Matrix NSA Series Configuration Guide 7-19 7.3.3.6 clear vlan interface Use this command to clear the MIB -II interface entry ma pped to a VLAN. clear vlan interface vlan-list Synt ax Description Command Default s None. Command T ype Switch command. Command Mod[...]

  • Page 592

    VLAN Configuration Command Set Assigning Port VLAN IDs (PVIDs) and Ingress Filtering 7-20 Matrix NSA Series Configuration Guide 7.3.3.7 show port ingress filter Use this command to show all ports that are en abled for port ingress filte ring, which limits incoming VLAN ID frames according to a port VLAN egress lis t. If the VLAN ID spec ified in th[...]

  • Page 593

    VLAN Configura tion Command Set Assigning Port VLAN ID s (PVID s) and Ingress Filterin g Matrix NSA Series Configuration Guide 7-21 7.3.3.8 set port ingress filter Use this command to discard all frames received w ith a VLAN ID that don’t match the port’ s VLAN egress list. When ingress filtering is enabled on a port, the VLAN IDs of incoming f[...]

  • Page 594

    VLAN Configuration Command Set Assigning Port VLAN IDs (PVIDs) and Ingress Filtering 7-22 Matrix NSA Series Configuration Guide 7.3.3.9 show port discard Use this command to display the frame discard mode for one or more ports. Ports can be set to discard frames based on whether or not they contain a VLAN tag. They can also be set to discard both f[...]

  • Page 595

    VLAN Configura tion Command Set Assigning Port VLAN ID s (PVID s) and Ingress Filterin g Matrix NSA Series Configuration Guide 7-23 7.3.3.10 set port discard Use this command to set the frame di scard mode on one or more ports. s et port discar d port-string { tagged | untagged | none | both } Synt ax Description Command Default s None. Command T y[...]

  • Page 596

    VLAN Configuration Command Set Assigning Port VLAN IDs (PVIDs) and Ingress Filtering 7-24 Matrix NSA Series Configuration Guide 7.3.3.1 1 clear po rt discard Use this command to reset the frame discard mode to the factory default setting (none). clear port discard port-string Synt ax Description Command Default s None. Command T ype Switch command.[...]

  • Page 597

    VLAN Configura tion Command Set Configuring the VLAN Egress List Matrix NSA Series Configuration Guide 7-25 7.3.4 Configuring the VLAN Egress List Purpose T o assign or remove ports on the egress list of a pa rticular VLAN. This dete rmines which ports will be eligible to transmit frames for a particular VLAN. For example, port s 1, 5, 9 , 8 could [...]

  • Page 598

    VLAN Configuration Command Set Configuring the VLAN Egress List 7-26 Matrix NSA Series Configuration Guide 7.3.4.1 show port egress Use this command to display the VLAN membership for one or more ports. show port egress [ port-string ] Synt ax Description Command Default s If port-string is not specified, VLAN membership will be displayed for all p[...]

  • Page 599

    VLAN Configura tion Command Set Configuring the VLAN Egress List Matrix NSA Series Configuration Guide 7-27 7.3.4.2 set vlan egress Use this command to add ports to the VLAN egress list for the device, or to prevent one or more ports from participating in a VLAN. This de termines which ports will transmit frames for a particular VLAN. set vlan egre[...]

  • Page 600

    VLAN Configuration Command Set Configuring the VLAN Egress List 7-28 Matrix NSA Series Configuration Guide This example shows how to forbid Fast Ethernet port s 13 through 1 5 in port group 1 fro m joining VLAN 7 and disallow egress on those ports: This example shows how to allo w Fast Ethernet port 2 in port group 1 to transmi t VLAN 7 frames as u[...]

  • Page 601

    VLAN Configura tion Command Set Configuring the VLAN Egress List Matrix NSA Series Configuration Guide 7-29 7.3.4.3 clear vlan egress Use this command to remove ports from a VLAN’ s egress list. clear vlan egress vlan-list port-strin g [ forb idden ] Synt ax Description Command Default s If forbidden is not specified, tagged and un tagged sett in[...]

  • Page 602

    VLAN Configuration Command Set Configuring the VLAN Egress List 7-30 Matrix NSA Series Configuration Guide 7.3.4.4 show vlan dynamic egress Use this command to display which VLANs are curre ntly enabled for VLAN dynamic egress. show vlan dynamicegre ss [ vlan-list ] Synt ax Description Command Default s If vlan-list is not specified, status for all[...]

  • Page 603

    VLAN Configura tion Command Set Configuring the VLAN Egress List Matrix NSA Series Configuration Guide 7-31 7.3.4.5 set vlan dynamicegress Use this command to set the administrative status of one or more VLANs’ dynamic egress capability . If VLAN dynamic egress is enabled, the device will ad d the port receiving a tagged frame to the VLAN egr ess[...]

  • Page 604

    VLAN Configuration Command Set Creating a Secure Ma nagement VLAN 7-32 Matrix NSA Series Configuration Guide 7.3.5 Creating a Secu re Management VLAN If the Matrix Series device is to be configur ed for multiple VL AN’ s, it may be desirable to configure a management-only VLAN. This allows a station connected to th e management VLAN to manage the[...]

  • Page 605

    VLAN Configura tion Command Set Enabling/Disablin g GVRP Matrix NSA Series Configuration Guide 7-33 7.3.6 Enabling/Disabling GVRP Purpose T o dynamically create VLAN s across a switche d network. The GVRP (GARP VLAN Registratio n Protocol) command set is used to display GVRP configuration informatio n, the current global GVRP state setting, individ[...]

  • Page 606

    VLAN Configuration Command Set Enabling/Disabli ng GVRP 7-34 Matrix NSA Series Configuration Guide Figure 7-1 Example of VLAN Prop agation via GVRP Configuring a VLAN on an 802.1Q switch creates a static VLAN entry . The entry will always remain registered and will not time out. Howe ver , dynamic entries will time-out and their registrations will [...]

  • Page 607

    VLAN Configura tion Command Set Enabling/Disablin g GVRP Matrix NSA Series Configuration Guide 7-35 Commands The commands used to configure GVRP are listed be low and described in the associated section as shown. • show gvrp ( Section 7.3.6.1 ) • show garp timer ( Section 7.3.6.2 ) • set gvrp ( Section 7.3.6.3 ) • clear gvrp ( Section 7.3.6[...]

  • Page 608

    VLAN Configuration Command Set Enabling/Disabli ng GVRP 7-36 Matrix NSA Series Configuration Guide 7.3.6.1 show gvrp Use this command to display GV RP configuration information. show gvrp [ port-string ] Synt ax Description Command Default s If port-string is not specified, GVRP confi guration information will be displayed for all ports and the dev[...]

  • Page 609

    VLAN Configura tion Command Set Enabling/Disablin g GVRP Matrix NSA Series Configuration Guide 7-37 GVRP status Whether GV RP is enabled or disabled on the port. Last PDU Origin MAC addres s of the la st GVRP frame received on the port. T able 7-4 show gvrp Output Det ails (Continued) Output What It Displays...[...]

  • Page 610

    VLAN Configuration Command Set Enabling/Disabli ng GVRP 7-38 Matrix NSA Series Configuration Guide 7.3.6.2 show garp timer Use this command to display GARP ti mer values for one or more ports. show garp timer [ port-string ] Synt ax Description Command Default s If port-string is not specified, GARP timer informa tion will be displayed for all port[...]

  • Page 611

    VLAN Configura tion Command Set Enabling/Disablin g GVRP Matrix NSA Series Configuration Guide 7-39 Ta b l e 7 - 5 provides an explanation of t he command output. For details on using the set gvrp command to enable or disable GVRP , refer to Section 7.3.6.3 . For details on using the set garp timer command to change defa u lt timer values, refer to[...]

  • Page 612

    VLAN Configuration Command Set Enabling/Disabli ng GVRP 7-40 Matrix NSA Series Configuration Guide 7.3.6.3 set gvrp Use this command to enable or disa ble GV RP globally on the device or on on e or more ports. set gvrp {enable | disable} [ port-string ] Synt ax Description Command Default s If port-string is not specified, GVRP will be disabled or [...]

  • Page 613

    VLAN Configura tion Command Set Enabling/Disablin g GVRP Matrix NSA Series Configuration Guide 7-41 7.3.6.4 clear g vrp Use this command to clear GVRP status or on one or more ports. clear gvrp [ port-string ] Synt ax Description Command Default s If port-string is not specified, GVRP status will be cleared for all ports. Command T ype Switch comma[...]

  • Page 614

    VLAN Configuration Command Set Enabling/Disabli ng GVRP 7-42 Matrix NSA Series Configuration Guide 7.3.6.5 set garp timer Use this command to adjust the values of the join, le ave, and leaveall timers. set garp timer {[j oin timer -value ] [leave timer-value ] [ leaveall timer -value ]} port-string Synt ax Description Command Default s None. Comman[...]

  • Page 615

    VLAN Configura tion Command Set Enabling/Disablin g GVRP Matrix NSA Series Configuration Guide 7-43 This example shows how to set the leaveall timer value to 20000 centiseconds for all ports: Matrix(rw)-> set garp time r leaveall 20000 *.*.*[...]

  • Page 616

    VLAN Configuration Command Set Enabling/Disabli ng GVRP 7-44 Matrix NSA Series Configuration Guide 7.3.6.6 clear garp timer Use this command to reset GARP timers back to default values. clear garp timer { [j oin ] [leave ] [ leaveall ]} port-string Synt ax Description Command Default s At least one optional para meter must be entered. Command T ype[...]

  • Page 617

    Matrix NSA Series Configu ration Guide 8-1 8 Policy Classification Configuration This chapter describes the Policy Classificati on set of commands and how to use them. 8.1 POLICY CLASSIFICATION CONFIGURATION SUMMARY Matrix Series devices support policy profile-based provisioning of network reso urces by all owing IT administrators to: • Create, c[...]

  • Page 618

    Process Overview: Policy Classification Configuratio n Configuring Policy Profil es 8-2 Matrix NSA Series Configuration Guide 8.2 PROCESS OVERVIEW: POLICY CLASSIFICATION CONFIGURATION Use the following steps as a guide to co nfigure policy classification on the device: 1. Configuring poli cy profiles ( Section 8.3.1 ) 2. Assigning classification ru[...]

  • Page 619

    Policy Classification Configura tion Command Set Configuring Po licy Pro files Matrix NSA Series Configuration Gui de 8-3 • show policy syslog ( Section 8.3.1.1 1 ) • set policy syslog ( Section 8.3.1.12 ) • clear policy syslog ( Section 8.3.1.13 ) • set policy maptable ( Section 8.3.1.14 ) • show policy maptable ( Section 8.3.1.15 ) • [...]

  • Page 620

    Policy Classification Con fig uration Command Set Configuring Policy Profil es 8-4 Matrix NSA Series Configuration Guide 8.3.1.1 show policy profile Use this command to display policy profile information. show policy profile { all | pr ofile-index [ consecutive-pids ] [ -verbose ]} Synt ax Description Command Default s If optional parameters are no[...]

  • Page 621

    Policy Classification Configura tion Command Set Configuring Po licy Pro files Matrix NSA Series Configuration Gui de 8-5 Ta b l e 8 - 1 provides an explanation of th e command ou tpu t. T able 8-1 show policy profile Output Det ails Output What It Displays... Profile Index Number of the prolicy p rofile. Profile Name User-supplied name assigned to[...]

  • Page 622

    Policy Classification Con fig uration Command Set Configuring Policy Profil es 8-6 Matrix NSA Series Configuration Guide 8.3.1.2 set policy profile Use this command to create a poli cy profile entry . set policy profile pr ofile-index [ name name ] [ pvid-status { enable | disable }] [ pvid pvid ] [ cos-status { enable | disable }] [ cos cos ] [ eg[...]

  • Page 623

    Policy Classification Configura tion Command Set Configuring Po licy Pro files Matrix NSA Series Configuration Gui de 8-7 Command Default s If optional parameters are not specified, none will be applied. Command T ype Switch command. Command Mode Read-W rite. Example This example shows how to create a policy profile 1 named “netadmin” with PVID[...]

  • Page 624

    Policy Classification Con fig uration Command Set Configuring Policy Profil es 8-8 Matrix NSA Series Configuration Guide 8.3.1.3 clear policy profile Use this command to dele te a policy profile entry . clear policy profile pr ofile-index Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example Thi[...]

  • Page 625

    Policy Classification Configura tion Command Set Configuring Po licy Pro files Matrix NSA Series Configuration Gui de 8-9 8.3.1.4 show policy invalid Displays information ab out the action the device will apply on an invalid or unknown policy . show policy invalid { action | count | all } Synt ax Description Command Default s None. Command T ype Sw[...]

  • Page 626

    Policy Classification Con fig uration Command Set Configuring Policy Profil es 8-10 Matrix NSA Series Configuration Guide 8.3.1.5 set policy invalid action Use this command to assign the action the device will apply to an invalid or unknown policy . set policy invalid action { default-policy | drop | forward } Synt ax Description Command Default s [...]

  • Page 627

    Policy Classification Configura tion Command Set Configuring Po licy Pro files Matrix NSA Series Configuration Guide 8-1 1 8.3.1.6 clear policy invalid action Use this command to reset the action the device wi ll apply to an invalid or unknown p olicy to the default action of app lying the default po licy . clear policy invalid action Synt ax Descr[...]

  • Page 628

    Policy Classification Con fig uration Command Set Configuring Policy Profil es 8-12 Matrix NSA Series Configuration Guide 8.3.1.7 set port tci overwrite Use this command to enable or disable the TCI overwrite function on o ne or more ports. When enabled, this allows policy rules to overwrite user priority and other cla ssification information in th[...]

  • Page 629

    Policy Classification Configura tion Command Set Configuring Po licy Pro files Matrix NSA Series Configuration Guide 8-13 8.3.1.8 show policy accounting Use this command to display th e statu s of policy accounting. show policy accounting Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-Only . Exampl[...]

  • Page 630

    Policy Classification Con fig uration Command Set Configuring Policy Profil es 8-14 Matrix NSA Series Configuration Guide 8.3.1.9 set policy accounting Use this command to enable or disa ble p olicy accounting, wh ic h controls the collection of classification rule statistics. This function is enabled by default. set policy accounting { enable | di[...]

  • Page 631

    Policy Classification Configura tion Command Set Configuring Po licy Pro files Matrix NSA Series Configuration Guide 8-15 8.3.1.10 clear policy accounting Use this command to restore policy acco unting to its default state of enabled. clear policy accounting Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mod[...]

  • Page 632

    Policy Classification Con fig uration Command Set Configuring Policy Profil es 8-16 Matrix NSA Series Configuration Guide 8.3.1.1 1 show policy syslog Use this command to show the formatting of rule usage messages . The messages will be either machine-readable or human-readable. show policy syslog machine-readable Synt ax Description Command Defaul[...]

  • Page 633

    Policy Classification Configura tion Command Set Configuring Po licy Pro files Matrix NSA Series Configuration Guide 8-17 8.3.1.12 set policy syslog Use this command to set the rule usage messages as either machin e-readable or human-readable. set policy syslog machine-re adable {enable | disable} Synt ax Description Command Default s None. Command[...]

  • Page 634

    Policy Classification Con fig uration Command Set Configuring Policy Profil es 8-18 Matrix NSA Series Configuration Guide 8.3.1.13 clear policy syslog Use this command to clear the rule usage messages to the default state of disabled (human-readable). clear policy syslog machine-readable Synt ax Description Command Default s None. Command T ype Swi[...]

  • Page 635

    Policy Classification Configura tion Command Set Configuring Po licy Pro files Matrix NSA Series Configuration Guide 8-19 8.3.1.14 set policy mapt able Use this command to set the Set VLAN ID - Policy Profile mappings table. set policy maptable { vlan-list profile-index | response {tunnel | policy | both}} Synt ax Description Command Default s None[...]

  • Page 636

    Policy Classification Con fig uration Command Set Configuring Policy Profil es 8-20 Matrix NSA Series Configuration Guide 8.3.1.15 show pol icy mapt able Use this command to display the VLAN ID - Policy Profile mappings table. show policy maptable vlan-list Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read.[...]

  • Page 637

    Policy Classification Configura tion Command Set Configuring Po licy Pro files Matrix NSA Series Configuration Guide 8-21 8.3.1.16 clear policy mapt able Use this command to clea r the VLAN ID - Policy Profile mappings table. clear policy maptable vlan-list | response Synt ax Description Command Default s None. Command T ype Switch command. Command[...]

  • Page 638

    Policy Classification Con fig uration Command Set Assigning Classifica ti on Rules to Policy Profiles 8-22 Matrix NSA Series Configuration Guide 8.3.2 Assignin g Classification Rules to Policy Profiles Purpose T o review , assign and unassign classification an d admin rules. Classification rules map policy profiles to protoc ol-based frame filte r [...]

  • Page 639

    Policy Classification Configura tion Command Set Assigning Classification Rules to Policy Profiles Matrix NSA Series Configuration Guide 8-23 8.3.2.1 show policy rule Use this command to display policy cla ssification and admin rule information. show policy rule [ attribute ] | [ all ] | [ admin-profile ] | [ pr ofile-index ] [ ether | ipdest | ipf[...]

  • Page 640

    Policy Classification Con fig uration Command Set Assigning Classifica ti on Rules to Policy Profiles 8-24 Matrix NSA Series Configuration Guide Command Default s • If port-string , rule status, storage type, Sys log state, trap, and usage-list are not specified, all rules related to othe r specifications will be displayed. • If verbose is not [...]

  • Page 641

    Policy Classification Configura tion Command Set Assigning Classification Rules to Policy Profiles Matrix NSA Series Configuration Guide 8-25 Examples This example shows how to display policy classif ication information for Ethernet type 2 rules: This example shows how to display admin rule information for the polic y profile with index number 1: T[...]

  • Page 642

    Policy Classification Con fig uration Command Set Assigning Classifica ti on Rules to Policy Profiles 8-26 Matrix NSA Series Configuration Guide PortStr Ingress port(s) to which this rule applies. RS Whether or not the status o f th is rule is active (A), not in service or not ready . ST Whether or not this rule’ s st orage type is non-volatile ([...]

  • Page 643

    Policy Classification Configura tion Command Set Assigning Classification Rules to Policy Profiles Matrix NSA Series Configuration Guide 8-27 8.3.2.2 show policy cap ability Use this command to display all policy classificati on capabilities su pported by your Matrix Series device. The output of this c ommand show s a table listing classifiable tra[...]

  • Page 644

    Policy Classification Con fig uration Command Set Assigning Classifica ti on Rules to Policy Profiles 8-28 Matrix NSA Series Configuration Guide Matrix(rw)-> show policy capabil ity The following supports related to policy are supported in this device: VLAN Forwarding Priorit y Permit Deny TCI Overwrite Rule-Use Notification Rules Table Rule-Us [...]

  • Page 645

    Policy Classification Configura tion Command Set Assigning Classification Rules to Policy Profiles Matrix NSA Series Configuration Guide 8-29 8.3.2.3 set policy classify Use this command to assign incomi ng untagged frames to a specif ic policy profile, classification and to VLAN or Class-of-Service classification rules. set policy classify pr ofil[...]

  • Page 646

    Policy Classification Con fig uration Command Set Assigning Classifica ti on Rules to Policy Profiles 8-30 Matrix NSA Series Configuration Guide Command Default s • If mask is not specified, all data bits will be considered relevant. Command T ype Switch command. Command Mode Read-W rite. Examples This example shows how to use Ta b l e 8 - 3 to c[...]

  • Page 647

    Policy Classification Configura tion Command Set Assigning Classification Rules to Policy Profiles Matrix NSA Series Configuration Guide 8-31 8.3.2.4 set policy rule Use this command to assign inco ming untagged frames to a specific policy profile and to VLAN or Class-of-Service classification rules. set policy rule admin-profile | pr ofile-index {[...]

  • Page 648

    Policy Classification Con fig uration Command Set Assigning Classifica ti on Rules to Policy Profiles 8-32 Matrix NSA Series Configuration Guide Command Default s • If mask is not specified, all data bits will be considered relevant. tcpsourceport Classifies based on TCP source port . udpdestport Classifies based on UDP destination port . udpsour[...]

  • Page 649

    Policy Classification Configura tion Command Set Assigning Classification Rules to Policy Profiles Matrix NSA Series Configuration Guide 8-33 • If port-string is not specified, rule will be scoped to all ports. Command T ype Switch command. Command Mode Read-W rite. Examples This example shows how to use Ta b l e 8 - 3 to cre ate (and enable) a c[...]

  • Page 650

    Policy Classification Con fig uration Command Set Assigning Classifica ti on Rules to Policy Profiles 8-34 Matrix NSA Series Configuration Guide ipfrag Not applicable. Not applicable. ippr oto Protocol field in IP packet: 0 - 255 1 - 8 iptos T ype of Service field in IP packet: 0 - 255 1 - 8 llcDsapSsap DSAP/SSAP/CTRL field in llc: a-b-c-ab 1 - 40 [...]

  • Page 651

    Policy Classification Configura tion Command Set Assigning Classification Rules to Policy Profiles Matrix NSA Series Configuration Guide 8-35 8.3.2.5 clear p olicy rule Use this command to delete one or all policy classification rule entries. clear policy rule admin-profile | pr ofile-index all-pid-entries | ether ipdest | ipfrag | ipproto | ipsour[...]

  • Page 652

    Policy Classification Con fig uration Command Set Assigning Classifica ti on Rules to Policy Profiles 8-36 Matrix NSA Series Configuration Guide Command Default s When applicable, data , mask , and port-string must be specified for indiv idual rules to be cleared. Command T ype Switch command. Command Mode Read-W rite. Example This example shows ho[...]

  • Page 653

    Policy Classification Configura tion Command Set Assigning Classification Rules to Policy Profiles Matrix NSA Series Configuration Guide 8-37 8.3.2.6 clear policy all-rules Use this command to remove all admin and classification rules. clear policy all-rules Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mod[...]

  • Page 654

    Policy Classification Con fig uration Command Set Assigning Classifica ti on Rules to Policy Profiles 8-38 Matrix NSA Series Configuration Guide 8.3.2.7 set policy port Use this command to assign an administrative rule to a port. set policy port port-name admin-id Synt ax Description Command Default s None. Command T ype Switch command. Command Mod[...]

  • Page 655

    Policy Classification Configura tion Command Set Assigning Classification Rules to Policy Profiles Matrix NSA Series Configuration Guide 8-39 8.3.2.8 show policy allowed-type Use this command to display a list of currently supported traffic rules applied to the admininstrative profile for one or more ports. show policy allowed-type port-string [ -v[...]

  • Page 656

    Policy Classification Con fig uration Command Set Assigning Classifica ti on Rules to Policy Profiles 8-40 Matrix NSA Series Configuration Guide Example This example shows how to sh ow information about policie s allowed on po rt ge.1.5: Matrix(rw)-> show policy allowed -type ge.1.5 SUPPORTED AND ALLOWED TRAFFIC R ULE TYPES o Means Traffic Rule [...]

  • Page 657

    Policy Classification Configura tion Command Set Assigning Classification Rules to Policy Profiles Matrix NSA Series Configuration Guide 8-41 8.3.2.9 set policy allowed-type Use this command to assign a list of traf fic rules that can be applie d to the admin profile for one or more ports. set policy allowed-type port-string traffic-rule rule-list [...]

  • Page 658

    Policy Classification Con fig uration Command Set Assigning Classifica ti on Rules to Policy Profiles 8-42 Matrix NSA Series Configuration Guide 8.3.2.10 clear policy allo wed-type Use this command to clear the list of traf fic rules currently assigned to the admin profil e for one or more ports. This will reassign the default setting, whic h is al[...]

  • Page 659

    Policy Classification Configura tion Command Set Assigning Classification Rules to Policy Profiles Matrix NSA Series Configuration Guide 8-43 8.3.2.1 1 clear policy port-hit Use this command to clear rule port hit indications on one or more ports. clear policy port-hit { all | port-list port-list } Synt ax Description Command Default s None. Comman[...]

  • Page 660

    Policy Classification Con fig uration Command Set Configuring Policy Class of Service (CoS) 8-44 Matrix NSA Series Configuration Guide 8.3.3 Configuring Policy Cl ass of Service (CoS) Using Port-Based or Policy-Based CoS Settings The Matrix Series device supports Class of Se rvice (CoS), which allows you to assign mission-critical data to higher pr[...]

  • Page 661

    Policy Classification Configura tion Command Set Configuring Policy Class of Service (CoS) Matrix NSA Series Configuration Guide 8-45 Y ou can add to these default configuratio ns by defining new port group ings, and assigning inbo und rate limiters or transmit queues and priorities. Whether you are specifying IR L or TXQ parameters, the process fo[...]

  • Page 662

    Policy Classification Con fig uration Command Set Configuring Policy Class of Service (CoS) 8-46 Matrix NSA Series Configuration Guide • show cos unit ( Section 8.3.3.4 ) • show cos port-config ( Section 8.3.3.5 ) • set cos port-config irl ( Section 8.3.3.6 ) • clear cos port-config irl ( Section 8.3.3.7 ) • set cos port-config txq ( Sect[...]

  • Page 663

    Policy Classification Configura tion Command Set Configuring Policy Class of Service (CoS) Matrix NSA Series Configuration Guide 8-47 8.3.3.1 show cos state Use this command to display the Class of Service enable state. show cos st ate Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-Only . Example T[...]

  • Page 664

    Policy Classification Con fig uration Command Set Configuring Policy Class of Service (CoS) 8-48 Matrix NSA Series Configuration Guide 8.3.3.2 set cos st ate Use this command to enable or disable Class of Service. set cos state { enable | disabl e } Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. [...]

  • Page 665

    Policy Classification Configura tion Command Set Configuring Policy Class of Service (CoS) Matrix NSA Series Configuration Guide 8-49 8.3.3.3 show cos port-type Use this command to display Class of Service po rt type c onfigurations. The Matrix Series CoS implementation provides two default port ty pe grou pings for design ating ava ilable rate lim[...]

  • Page 666

    Policy Classification Con fig uration Command Set Configuring Policy Class of Service (CoS) 8-50 Matrix NSA Series Configuration Guide Example This example shows how to display all Class of Serv ice por t type information. In this case, no new port groups have been configured: Ta b l e 8 - 5 provides an explanation of the command output . Matrix(rw[...]

  • Page 667

    Policy Classification Configura tion Command Set Configuring Policy Class of Service (CoS) Matrix NSA Series Configuration Guide 8-51 Numb T able 8-5 show cos port-t ype Output Det ails Output What It Displays... Index Port type index. Port type 0 designates the Matrix Platinum Series 7G4270 -12 module, and port ty pe 1 designates all other modules[...]

  • Page 668

    Policy Classification Con fig uration Command Set Configuring Policy Class of Service (CoS) 8-52 Matrix NSA Series Configuration Guide 8.3.3.4 show cos unit Use this command to display C lass of Service units of measure information, including rate type, minimum and maximum limits of the port groups, and their respective granularity . show cos unit [...]

  • Page 669

    Policy Classification Configura tion Command Set Configuring Policy Class of Service (CoS) Matrix NSA Series Configuration Guide 8-53 8.3.3.5 show cos port-config Use this command to display Class of Service port group configurations. show cos port-config [ irl | txq ] [ gr oup-type-index ] Synt ax Description Command Default s If not specified, al[...]

  • Page 670

    Policy Classification Con fig uration Command Set Configuring Policy Class of Service (CoS) 8-54 Matrix NSA Series Configuration Guide Example This example shows how to show all Class of Service port group configuration information: Matrix(rw)-> show cos port-confi g * Percentage/queue (if any) are approximations based on [(slices/queue) / total[...]

  • Page 671

    Policy Classification Configura tion Command Set Configuring Policy Class of Service (CoS) Matrix NSA Series Configuration Guide 8-55 8.3.3.6 set cos port-config irl Use this command to set the Class of Service inbound rate limiting port group configuration: set cos port-config irl gr oup-type-index [ name name ] [ ports port-list ] [ append ] | [ [...]

  • Page 672

    Policy Classification Con fig uration Command Set Configuring Policy Class of Service (CoS) 8-56 Matrix NSA Series Configuration Guide 8.3.3.7 clear cos port-config irl Use this command to clear a non-default Class of Service inbou nd rate limiting port group configuration: clear cos port-config irl all | gr oup-type-in dex {[ entry ] | [ name ] | [...]

  • Page 673

    Policy Classification Configura tion Command Set Configuring Policy Class of Service (CoS) Matrix NSA Series Configuration Guide 8-57 8.3.3.8 set cos port-config txq Use this command to set the Class of Servic e transmit queue port group configuration: set cos port-config txq gr oup-type-index [ name name ] [ ports port-list ] [ append ] | [ clear [...]

  • Page 674

    Policy Classification Con fig uration Command Set Configuring Policy Class of Service (CoS) 8-58 Matrix NSA Series Configuration Guide Example This example shows how to create a CoS transmit qu eue port group entry n amed “test txq” with a port group ID of 2 and a port type ID of 1: Matrix(rw)-> set cos port-config txq 2.1 name test txq[...]

  • Page 675

    Policy Classification Configura tion Command Set Configuring Policy Class of Service (CoS) Matrix NSA Series Configuration Guide 8-59 8.3.3.9 clear cos port-config txq Use this command to clear one or all non-defa ult Class of Service transmit queue port group configurations: clear cos port-config txq all | gr oup-type-index { entry | name | ports [...]

  • Page 676

    Policy Classification Con fig uration Command Set Configuring Policy Class of Service (CoS) 8-60 Matrix NSA Series Configuration Guide 8.3.3.10 show cos port-resource Use this command to display C lass of Serv ice port resource configuration information. show cos port-resource irl gr oup-type-index [ r esour ce ] [ violators ] Synt ax Description C[...]

  • Page 677

    Policy Classification Configura tion Command Set Configuring Policy Class of Service (CoS) Matrix NSA Series Configuration Guide 8-61 Example This example shows how to show all inbound rate limitin g port resource config uration information for port group 0 .1: Matrix(rw)-> show cos port -resource irl 0.1 '?' after the rate value indic[...]

  • Page 678

    Policy Classification Con fig uration Command Set Configuring Policy Class of Service (CoS) 8-62 Matrix NSA Series Configuration Guide 8.3.3.1 1 set cos port-resource irl Use this command to configure a Class of Serv ice inbound rate limiting port resource entry . set cos port-resource irl gr oup-ty pe-index irl-number {[ unit { percentage | kbps |[...]

  • Page 679

    Policy Classification Configura tion Command Set Configuring Policy Class of Service (CoS) Matrix NSA Series Configuration Guide 8-63 Command T ype Switch command. Command Mode Read-W rite. Example This example shows how to config ure Class of Service port resource IRL entry 0 for port group 0 .1 assigning an inbound rate limit of 512 kilobits pe r[...]

  • Page 680

    Policy Classification Con fig uration Command Set Configuring Policy Class of Service (CoS) 8-64 Matrix NSA Series Configuration Guide 8.3.3.12 clear cos po rt-resource irl Use this command to clear one or all Class of Service inbound rate limiting port resource configurations: clear cos port-resource irl all | gr ou p-type-index r esour ce [ uni t[...]

  • Page 681

    Policy Classification Configura tion Command Set Configuring Policy Class of Service (CoS) Matrix NSA Series Configuration Guide 8-65 8.3.3.13 set cos port-resource txq Use this command to configure a Cl ass of Service transmit queue port resource entry . set cos port-resource txq gr ou p-type-index transmit-queue {[ unit { percentage | kbps | mbps[...]

  • Page 682

    Policy Classification Con fig uration Command Set Configuring Policy Class of Service (CoS) 8-66 Matrix NSA Series Configuration Guide Example This example shows how to conf igure a Class of Service port resource entry for port group 0.1 assigning 50 percent of the total availabl e inbound bandwidth to transmit queue 7: Matrix(rw)-> set cos port[...]

  • Page 683

    Policy Classification Configura tion Command Set Configuring Policy Class of Service (CoS) Matrix NSA Series Configuration Guide 8-67 8.3.3.14 clear cos port-resource txq Use this command to clear one or all Class of Service transmit queue port resource entry . clear cos port-resource txq all | gr oup-type-index r esour ce [ unit ] [ rate ] [ algor[...]

  • Page 684

    Policy Classification Con fig uration Command Set Configuring Policy Class of Service (CoS) 8-68 Matrix NSA Series Configuration Guide 8.3.3.15 show cos referen ce Use this command to display Class of Service port reference information. show cos reference [ txq | irl gr oup-type-index [ re f e re n c e ]] Synt ax Description Command Default s If no[...]

  • Page 685

    Policy Classification Configura tion Command Set Configuring Policy Class of Service (CoS) Matrix NSA Series Configuration Guide 8-69 Example This example shows how to show all transmit queue reference conf iguration information for port group 0.1: Matrix(rw)-> show cos refe rence txq 0.1 Group Index Reference Type Que ue ----------- --------- -[...]

  • Page 686

    Policy Classification Con fig uration Command Set Configuring Policy Class of Service (CoS) 8-70 Matrix NSA Series Configuration Guide 8.3.3.16 set cos reference irl Use this command to set a Class of Service inbound rate limiting reference configuration. set cos reference irl gr oup-type-index re f e re n c e rate-limit number Synt ax Description [...]

  • Page 687

    Policy Classification Configura tion Command Set Configuring Policy Class of Service (CoS) Matrix NSA Series Configuration Guide 8-71 8.3.3.17 clear cos reference irl Use this command to clear one or all Class of Service inbound rate limiting reference configurations. clear cos reference irl { all | gr oup-type-index re f e re n c e } Synt ax Descr[...]

  • Page 688

    Policy Classification Con fig uration Command Set Configuring Policy Class of Service (CoS) 8-72 Matrix NSA Series Configuration Guide 8.3.3.18 set cos reference txq Use this command to set a Class of Service inbound rate limiting reference configuration. set cos reference txq gr ou p-type-index re f e re n c e queue number Synt ax Description Comm[...]

  • Page 689

    Policy Classification Configura tion Command Set Configuring Policy Class of Service (CoS) Matrix NSA Series Configuration Guide 8-73 8.3.3.19 clear cos reference txq Use this command to clear one or all non-defa ult Class of Service transmit queue reference configurations. clear cos reference txq { all | gr oup-type-index re f e re n c e } Synt ax[...]

  • Page 690

    Policy Classification Con fig uration Command Set Configuring Policy Class of Service (CoS) 8-74 Matrix NSA Series Configuration Guide 8.3.3.20 show cos settings Use this command to display C lass of Service parameters. show cos settings [ cos-list ] Synt ax Description Command Default s If not specified, all CoS entries will be displayed. Command [...]

  • Page 691

    Policy Classification Configura tion Command Set Configuring Policy Class of Service (CoS) Matrix NSA Series Configuration Guide 8-75 8.3.3.21 set cos settings Use this command to configure a Cl ass of Service entry . set cos settings cos-list [ priority priority ] [ tos-value to s-value ] [ txq-reference txq-r efer ence ] [ irl-reference irl-r e f[...]

  • Page 692

    Policy Classification Con fig uration Command Set Configuring Policy Class of Service (CoS) 8-76 Matrix NSA Series Configuration Guide 8.3.3.22 clear co s settings Use this command to clear Class of Service entry settings. clear cos settings cos-list {[ all ] | [ priority ] [ tos-value ] [ txq-reference ] [ irl-reference ]} Synt ax Description Comm[...]

  • Page 693

    Policy Classification Configura tion Command Set Configuring Policy Class of Service (CoS) Matrix NSA Series Configuration Guide 8-77 8.3.3.23 show cos violation irl Use this command to display Class of Service violation configurations. show cos violation irl [ violation-index] Synt ax Description Command Default s If no options are specified, all [...]

  • Page 694

    Policy Classification Con fig uration Command Set Configuring Policy Class of Service (CoS) 8-78 Matrix NSA Series Configuration Guide 8.3.3.24 clear co s violation irl Use this command to clear Class of Service in bound rate limi ting violation configurations. clear cos violation irl { all | disabled-ports | violation-index } { both | status | cou[...]

  • Page 695

    Policy Classification Configura tion Command Set Configuring Policy Class of Service (CoS) Matrix NSA Series Configuration Guide 8-79 8.3.3.25 clear cos all-entries Use this command to clears all Class of Serv ice entries except priority settings 0 - 7. clear cos all-entries Synt ax Description None. Command Default s None. Command T ype Switch com[...]

  • Page 696

    Policy Classification Con fig uration Command Set Configuring Policy Class of Service (CoS) 8-80 Matrix NSA Series Configuration Guide[...]

  • Page 697

    Matrix NSA Series Configu ration Guide 9-1 9 Port Priority and Rate Limiting Configuration This chapter describes the Port Pr iority and Rate Limiting set of commands and how to use them. 9.1 PORT PRIORITY CO NFIGURATION SUMMARY The Matrix Series device supports Class of Service (CoS), whic h allows you to assign mission-critical data to higher pr [...]

  • Page 698

    Process Overview: Port Priority and Rate Limiting Configuration Configuring Port Pri ority 9-2 Matrix NSA Series Configuration Guide 9.2 PROCESS OVERVIEW: PORT PRIORITY AND RATE LIMITING CONFIGURATION Use the following steps as a guide to the port prio rity , QoS, and rate lim iting configuration process: 1. Configuring Port Priority ( Section 9.3.[...]

  • Page 699

    Port Priority and Rate Limiting Configuration Command Set Configuring Port Priority Matrix NSA Series Configuration Gui de 9-3 9.3.1.1 show port priority Use this command to display the 802. 1D priority for one or more ports. show port priority [ port-strin g ] Synt ax Description Command Default s If port-string is not specified, priority fo r all[...]

  • Page 700

    Port Priority and Rate Limiting Confi guratio n Command Set Configuring Port Pri ority 9-4 Matrix NSA Series Configuration Guide 9.3.1.2 set port priority Use this command to set the 802. 1D (802.1p) Class-of-S ervice tr ansmit queue priority (0 through 7) on each port. A port receiving a frame without priority information in its tag header is assi[...]

  • Page 701

    Port Priority and Rate Limiting Configuration Command Set Configuring Port Priority Matrix NSA Series Configuration Gui de 9-5 9.3.1.3 clear p ort priority Use this command to reset the cu rrent CoS port priority setting to 0. This will cause all frames received without a priority value in its header to be set to priority 0. clear port priority por[...]

  • Page 702

    Port Priority and Rate Limiting Confi guratio n Command Set Configuring Priority to T ransmit Queue Mapping 9-6 Matrix NSA Series Configuration Guide 9.3.2 Configuring Priority to T ransmit Queue Mapping Purpose T o perform the following: • V iew the current priority to tr ansmit queue mapping o f each port, which includes b oth physical and virt[...]

  • Page 703

    Port Priority and Rate Limiting Configuration Command Set Configuring Priority to T ra nsmit Queue Ma ppin g Matrix NSA Series Configuration Gui de 9-7 9.3.2.1 show port priority-queue Use this command to display the port pri ority levels (0 through 7, with 0 as the lowest level) associated with the current transmit queue (0 - 15 depending on port [...]

  • Page 704

    Port Priority and Rate Limiting Confi guratio n Command Set Configuring Priority to T ransmit Queue Mapping 9-8 Matrix NSA Series Configuration Guide This example shows how to display the tran smit queues associated with priority 3. Matrix(rw)-> show port priority- queue 3 fe.1.7 Priority TxQueue ---------- -------- ------- 3 1 fe.1.8 Priority T[...]

  • Page 705

    Port Priority and Rate Limiting Configuration Command Set Configuring Priority to T ra nsmit Queue Ma ppin g Matrix NSA Series Configuration Gui de 9-9 9.3.2.2 set port priority-queue Use this comma nd to map 80 2.1D (802.1p ) priorities to transmit queues. This enables you to change the priority queue (0-7, depe nding on port type, wit h 0 being t[...]

  • Page 706

    Port Priority and Rate Limiting Confi guratio n Command Set Configuring Priority to T ransmit Queue Mapping 9-10 Matrix NSA Series Configuration Guide 9.3.2.3 clear port priority-queue Use this command to reset port priority queue se ttings back to defaults for one or more ports. clear port priority-queue port-string Synt ax Description Command Def[...]

  • Page 707

    Port Priority and Rate Limiting Configuration Command Set Configuring Port T raffic Rate Li mi ting Matrix NSA Series Configuration Guide 9-1 1 9.3.3 Configuring Port T raffic Rate Limiting Purpose T o limit the rate of inbound traffic on the Matrix Series device on a per port/priority basis. The allowable range for the rate limiting is kilo bytes [...]

  • Page 708

    Port Priority and Rate Limiting Confi guratio n Command Set Configuring Port T raffic Rate Limiting 9-12 Matrix NSA Series Configuration Guide 9.3.3.1 show port ratelimit Use this command to show the traf fic rate limiting configur ation on one or more ports. show port ratelimit [ port-string ] Synt ax Description Command Default s If port-string i[...]

  • Page 709

    Port Priority and Rate Limiting Configuration Command Set Configuring Port T raffic Rate Li mi ting Matrix NSA Series Configuration Guide 9-13 Ta b l e 9 - 1 shows a detailed explanatio n of the command output. T able 9-1 show port ratelimit Output Det ails Output What It Displays... Port Number Port designation. For a detailed description of possi[...]

  • Page 710

    Port Priority and Rate Limiting Confi guratio n Command Set Configuring Port T raffic Rate Limiting 9-14 Matrix NSA Series Configuration Guide 9.3.3.2 set port ratelimit Use this command to configure the traffic rate limiting st atus and threshold (in kilobytes per second) for one or more ports. set port ratelimit { disable | enable } | port-string[...]

  • Page 711

    Port Priority and Rate Limiting Configuration Command Set Configuring Port T raffic Rate Li mi ting Matrix NSA Series Configuration Guide 9-15 Command Mode Read-W rite. Example This example shows how to: • globally enable rate limiting • configure rate limiting for inboun d traffic on port fe .2.1, index 1, prio rity 5, to a threshold of 125 KB[...]

  • Page 712

    Port Priority and Rate Limiting Confi guratio n Command Set Configuring Port T raffic Rate Limiting 9-16 Matrix NSA Series Configuration Guide 9.3.3.3 clear port ratelimit Use this command to clear rate limiti ng parameters for one or more ports. clear port ratelimit port-string [ index ] Synt ax Description Command Default s If not specified, all [...]

  • Page 713

    Matrix NSA Series Configuration Guide 10 -1 10 IGMP Configuration This chapter describes the IGMP Configurati on set of commands and ho w to use them. 10.1 ABOUT IP MULTICA ST GROUP MANAGEMENT The Internet Group Management Proto co l (IGMP) runs between hosts and their imm edia tely neighboring mu ltic ast switch device. Th e protocol’ s mechanis[...]

  • Page 714

    IGMP Configuration Summary 10-2 Matrix NSA Series Configuration Gui de In addition to passively monitoring IGMP query a nd report messages, the Matrix Series device can also actively send IGMP query mes sages to lea rn locations of mult icast s witches and member hosts in multicast groups within each VLAN. However , note that IGMP neither alters no[...]

  • Page 715

    IGMP Configuration Command Set Enabling / Disabl ing IGMP Matrix NSA Series Configuration Guide 10-3 10.4 IGMP CONFIGURATION COMMAND SET 10.4.1 Enabling / Disabling IGMP Purpose T o display IGMP information and to enable or disable IGMP snooping on the device. Commands The commands used to display , enable and disable IGMP are listed below and desc[...]

  • Page 716

    IGMP Configuration Command Set Enabling / Disabl ing IGMP 10-4 Matrix NSA Series Configuration Gui de 10.4.1.1 show igmp enable Use this command to display the status of IGMP on one or more VLAN(s). show igmp enable vlan-list Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-Only . Example This example show[...]

  • Page 717

    IGMP Configuration Command Set Enabling / Disabl ing IGMP Matrix NSA Series Configuration Guide 10-5 10.4.1.2 set igmp enable Use this command to enable IGMP on one or more VLANs. set igmp enable vlan-list Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example This example shows how to enable IGM[...]

  • Page 718

    IGMP Configuration Command Set Enabling / Disabl ing IGMP 10-6 Matrix NSA Series Configuration Gui de 10.4.1.3 set igmp disable Use this command to disable IGMP on one or more VLANs. set igmp enable vlan-list Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example This example shows how to disable[...]

  • Page 719

    IGMP Configuration Command Set Configuring IGMP Matrix NSA Series Configuration Guide 10-7 10.4.2 Configuring IGMP Purpose T o display and se t IGMP configuration paramete rs, including query inte rval and response time settings, and to create and configure static IGMP entries. Commands The commands used to configure IGMP are listed below and descr[...]

  • Page 720

    IGMP Configuration Command Set Configuring IGMP 10-8 Matrix NSA Series Configuration Gui de 10.4.2.1 show igmp query Use this command to display the IGMP query status of one or more VLANs. show igmp query vlan-list Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-Only . Example This example shows how to di[...]

  • Page 721

    IGMP Configuration Command Set Configuring IGMP Matrix NSA Series Configuration Guide 10-9 10.4.2.2 set igmp query-enab le Use this command to enable IGMP querying on on e or more VLANs. set igmp qu ery-enable vlan-list Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example This example shows h o[...]

  • Page 722

    IGMP Configuration Command Set Configuring IGMP 10-10 Matrix NSA Series Configuration Guide 10.4.2.3 set igmp query-disabl e Use this command to disable IGMP querying on one or more VLANs. set igmp query-disable vlan-list Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example This example show s [...]

  • Page 723

    IGMP Configuration Command Set Configuring IGMP Matrix NSA Series Configuration Guide 10-1 1 10.4.2.4 show igmp grp-full-action Use this command to show what action to take with multicast frames when the multicast IGMP group table is full show igmp grp-full-action Command Default s None. Command T ype Switch command. Command Mode Read-Only . Exampl[...]

  • Page 724

    IGMP Configuration Command Set Configuring IGMP 10-12 Matrix NSA Series Configuration Guide 10.4.2.5 set igmp grp-full-action Use this command to determine wh at action to take with multicast frames when the mul ticast group table is full. set igmp grp-full-action action Synt ax Description Command Default s Flood multicast frames to the Vlan Comma[...]

  • Page 725

    IGMP Configuration Command Set Configuring IGMP Matrix NSA Series C onfiguration Guide 1 0-13 10.4.2.6 show igmp config Use this command to display IGMP configuration informa tion for one or more VLANs. show igmp config vlan-list Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-Only . Example This example [...]

  • Page 726

    IGMP Configuration Command Set Configuring IGMP 10-14 Matrix NSA Series Configuration Guide T a bl e 10 -1 sh o w ig mp co nfig Output Details Output What It Displays... VlanQueryInterval Frequency (in seconds) of host-query fra me transmissions. VlanS tatus Whether or not VLAN config uration is Active or Not in Service . Vlan IGMP V ersion Whether[...]

  • Page 727

    IGMP Configuration Command Set Configuring IGMP Matrix NSA Series C onfiguration Guide 1 0-15 10.4.2.7 set igmp config Use this command to configure IGMP settings on one or more VLANs. set igmp config vlan-list {[ query-interva l query-interval ] [igmp-version igmp-version ] [ max-resp-time max-r esp-time ] [ robustness r obustness ] [ last-mem-int[...]

  • Page 728

    IGMP Configuration Command Set Configuring IGMP 10-16 Matrix NSA Series Configuration Guide Example This example shows how to set the IGMP qu ery interval time to 25 0 seconds on VLAN 1: Matrix(rw)-> set igmp config 1 q uery-interval 250[...]

  • Page 729

    IGMP Configuration Command Set Configuring IGMP Matrix NSA Series C onfiguration Guide 1 0-17 10.4.2.8 set igmp delete Use this command to remove IGMP config uration settings for one or more VLANs. set igmp delete vlan-list Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example This example shows[...]

  • Page 730

    IGMP Configuration Command Set Configuring IGMP 10-18 Matrix NSA Series Configuration Guide 10.4.2.9 show igmp group s Use this command to display in formation ab out IGMP groups known to one or m ore VLANs. show igmp groups [group < gr oup > ] [vlan-list < vlan-list> ] [sip <sip> ] [-verbose] Synt ax Description Command Default s[...]

  • Page 731

    IGMP Configuration Command Set Configuring IGMP Matrix NSA Series C onfiguration Guide 1 0-19 10.4.2.10 show igmp st atic Use this command to display static IGMP po rts for one or more VLANs or IGMP groups. show igmp static vlan-list [ group gr oup ] Synt ax Description Command Default s If not specified, static IGMP information will be displayed f[...]

  • Page 732

    IGMP Configuration Command Set Configuring IGMP 10-20 Matrix NSA Series Configuration Guide 10.4.2.1 1 set igmp add-st atic Use this command to create a new static IGMP entry , or to add one or more new ports to an existing entry . set igmp add-static gr oup vlan-list [ modify ] [ include-ports ] [ exclude-ports ] Synt ax Description Command Defaul[...]

  • Page 733

    IGMP Configuration Command Set Configuring IGMP Matrix NSA Series C onfiguration Guide 1 0-21 10.4.2.12 set igmp remove-st atic Use this command to delete a sta tic IGMP entry , or to remove o ne or mo re ports from an existing entry . set igmp remove-static gr oup vlan-list [ modify ] [ include-ports ] [ exclude-ports ] Synt ax Description Command[...]

  • Page 734

    IGMP Configuration Command Set Configuring IGMP 10-22 Matrix NSA Series Configuration Guide 10.4.2.13 show igmp protocols Use this command to display the binding of IP protocol id to IGMP classification show igmp protocols Command Default s None. Command T ype Switch command. Command Mode Read-Only . Example This example shows how to display the bi[...]

  • Page 735

    IGMP Configuration Command Set Configuring IGMP Matrix NSA Series C onfiguration Guide 1 0-23 10.4.2.14 set igmp protocols Use this command to changes the IGMP classification of received IP frames set igmp protocols [ clas sification classification ] [ pr oto col-id pr otoco l-id ] [ modify ] Synt ax Description Command Default s None. Command T yp[...]

  • Page 736

    IGMP Configuration Command Set Configuring IGMP 10-24 Matrix NSA Series Configuration Guide 10.4.2.15 clear igmp protocols Use this command to clear the binding of IP protocol id to IGMP classification clear igmp pr otocols [ pr otocol-id pr otocol-id ] Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W ri[...]

  • Page 737

    IGMP Configuration Command Set Configuring IGMP Matrix NSA Series C onfiguration Guide 1 0-25 10.4.2.16 show igmp vlan Use this command to display IGMP information for a specific VLAN. show igmp vlan [ vlan-list ] Synt ax Description Command Default s None Command T ype Switch command. Command Mode Read-Only . Example This example shows how to disp[...]

  • Page 738

    IGMP Configuration Command Set Configuring IGMP 10-26 Matrix NSA Series Configuration Guide 10.4.2.17 show igmp reporters Use this command to display IGMP reporter information. show igmp reporters [ portlist portlist ] [ group gr oup ] [ vlan-list vlan-list ] [ sip sip ] Synt ax Description Command Default s None. Command T ype Switch command. Comm[...]

  • Page 739

    IGMP Configuration Command Set Configuring IGMP Matrix NSA Series C onfiguration Guide 1 0-27 10.4.2.18 show igmp flow Use this command to displa y IGMP flow information. show igmp flow s [ portlist portlist ] [ group gr ou p ] [ vlan-list vlan-list ] [ sip sip ] Synt ax Description Command Default s None. Command T ype Switch command. Command Mode[...]

  • Page 740

    IGMP Configuration Command Set Configuring IGMP 10-28 Matrix NSA Series Configuration Guide 10.4.2.19 show igmp counters Use this command to displa y IGMP counter information. show igmp counters Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-Only . Example This example shows how to display the IGMP[...]

  • Page 741

    IGMP Configuration Command Set Configuring IGMP Matrix NSA Series C onfiguration Guide 1 0-29 10.4.2.20 show igmp number-groups Use this command to display the number of multicast groups suppor ted by the Matrix devi ce. T he command displays both the currently active number of groups and the configured number that will take effect at the next rebo[...]

  • Page 742

    IGMP Configuration Command Set Configuring IGMP 10-30 Matrix NSA Series Configuration Guide[...]

  • Page 743

    Matrix NSA Series Configura tion Guide 1 1-1 11 Logging and Network Management This chapter describes switch-rela ted logging an d network ma nagement commands and how to use them. 1 1 .1 PROCESS OVERVIEW : NETWORK MANAGEMENT Switch-related network management tasks incl ude the following: • Configuring System Lo gging ( Section 1 1.2.1 ) • Moni[...]

  • Page 744

    Logging And Network Management Co mmand Set Configuring System Logging 1 1-2 Matrix NSA Series Configuration Guide 1 1.2 LOGGING AND NETWORK MANAGEMENT COMMAND SET 1 1.2.1 Configuring System Logging Purpose T o display and configure system lo gging, including Syslog server settings, logging severity levels for various applications, Syslog default s[...]

  • Page 745

    Logging And Network Management Command Set Configuring System Loggin g Matrix NSA Series Configuration Guide 1 1-3 1 1 .2.1.1 show logging all Use this command to display all config uration information for system logging. show logging all Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-Only .[...]

  • Page 746

    Logging And Network Management Co mmand Set Configuring System Logging 1 1-4 Matrix NSA Series Configuration Guide Example This example shows how to displa y all system logging information: Ta b l e 1 1 - 1 provides an explanation of th e command output. Matrix(rw)-> show logging all Application Current Severity Level Server List ---------------[...]

  • Page 747

    Logging And Network Management Command Set Configuring System Loggin g Matrix NSA Series Configuration Guide 1 1-5 T able 1 1-1 show logging all Output Det ails Output What It Displays... Application A mnemonic abbreviatio n of the textual description for applications being logged. Current Severity Level Severity level ( 1 - 8 ) at which the server[...]

  • Page 748

    Logging And Network Management Co mmand Set Configuring System Logging 1 1-6 Matrix NSA Series Configuration Guide 1 1.2.1.2 show logging server Use this command to display the Syslog configuration for a particular server . show logging server [ index ] Synt ax Description Command Default s If index is not specified, all Syslog se rver information [...]

  • Page 749

    Logging And Network Management Command Set Configuring System Loggin g Matrix NSA Series Configuration Guide 1 1-7 1 1 .2.1.3 set logging server Use this command to configure a Syslog server . s et logging server index [ ip-addr ip-addr ] [ facility facility ] [ severity severity ] [ descr descr ] [ port por t] [ state { enable | disable }] Synt ax[...]

  • Page 750

    Logging And Network Management Co mmand Set Configuring System Logging 1 1-8 Matrix NSA Series Configuration Guide Command Default s • If ip-addr is not specified, an entry in the Syslog server table will be created with the specified index number and a message will display indica ting that no IP address has been assigned. • If not specified, f[...]

  • Page 751

    Logging And Network Management Command Set Configuring System Loggin g Matrix NSA Series Configuration Guide 1 1-9 1 1 .2.1.4 clear logging server Use this command to remove a server from the Syslog server table. clear logging server index Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example Th[...]

  • Page 752

    Logging And Network Management Co mmand Set Configuring System Logging 1 1-10 Matrix NSA Series Configuration Guide 1 1.2.1.5 show logging default Use this command to display th e Syslog server default values. show logging default Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-Only . Example This c[...]

  • Page 753

    Logging And Network Management Command Set Configuring System Loggin g Matrix NSA Series Configuration Guide 1 1-1 1 1 1 .2.1.6 set logging default Use this command to set logging default values. set logging default {[ facility facility ] [ severity severity ] port port ]} Synt ax Description Command Default s None. Command T ype Switch command. Co[...]

  • Page 754

    Logging And Network Management Co mmand Set Configuring System Logging 1 1-12 Matrix NSA Series Configuration Guide 1 1.2.1.7 clear logging default Use this command to reset logging default values. clear logging defaul t {[ facility ] [ severity ] [ port ]} Synt ax Description Command Default s • At least one optional para meter must be entered. [...]

  • Page 755

    Logging And Network Management Command Set Configuring System Loggin g Matrix NSA Series Configuration Guide 1 1-13 1 1 .2.1.8 show logging application Use this command to display the severity level of Syslog messages for one or all applications configured for logging on your system. show logging application [ mnemonic | all ] Synt ax Description C[...]

  • Page 756

    Logging And Network Management Co mmand Set Configuring System Logging 1 1-14 Matrix NSA Series Configuration Guide Example This example shows how to display system logg ing information pertaining to the all supported applications. This example shows how to display system logging information pertaining to the SNMP application. Ta b l e 1 1 - 2 prov[...]

  • Page 757

    Logging And Network Management Command Set Configuring System Loggin g Matrix NSA Series Configuration Guide 1 1-15 T able 1 1-2 show logging application Output Det ails Output What It Displays... Application A mnemonic abbreviatio n of the textual description for applications being logged. Current Severity Level Severity level at which the server [...]

  • Page 758

    Logging And Network Management Co mmand Set Configuring System Logging 1 1-16 Matrix NSA Series Configuration Guide 1 1.2.1.9 set logging application Use this command to set the severity level of lo g messages and the server(s ) to which messages will be sent for one or all applications. set logging application {[ mnemonic | all ]} [ level level ] [...]

  • Page 759

    Logging And Network Management Command Set Configuring System Loggin g Matrix NSA Series Configuration Guide 1 1-17 Command Default s • If level is not specified, none will be applied. • If server is not specified, messages will be sent to all Syslog servers. Command T ype Switch command. T able 1 1-3 Sample Mnemonic V alues for Log ging Applic[...]

  • Page 760

    Logging And Network Management Co mmand Set Configuring System Logging 1 1-18 Matrix NSA Series Configuration Guide Command Mode Read-W rite. Example This example shows how to set the severity level for SSH (Secure Shell) to 4 so that error conditions will be logged for that application an d sent to Syslog server 1: Matrix(rw)-> set logging appl[...]

  • Page 761

    Logging And Network Management Command Set Configuring System Loggin g Matrix NSA Series Configuration Guide 1 1-19 1 1 .2.1.10 clear logging application Use this command to reset the logg ing severity level for one or all applications to the default value of 6 (notifications of significant conditions). clear logging application { mnemonic | all } [...]

  • Page 762

    Logging And Network Management Co mmand Set Configuring System Logging 1 1-20 Matrix NSA Series Configuration Guide 1 1.2.1.1 1 show logging local Use this command to display the state of messag e logging to the console and a persistent file. show logging local Synt ax Description None. Command Default s None. Command T ype Switch command. Command [...]

  • Page 763

    Logging And Network Management Command Set Configuring System Loggin g Matrix NSA Series Configuration Guide 1 1-21 1 1 .2.1.12 set logging local Use this command to config ure log messages to the console and a pe rsistent file. set logging local console { enable | disable } file { enable | disable } Synt ax Description Command Default s None. Comm[...]

  • Page 764

    Logging And Network Management Co mmand Set Configuring System Logging 1 1-22 Matrix NSA Series Configuration Guide 1 1.2.1.13 clear logging local Use this command to clear the console and pe rsistent store logging for the local session. clear logging local Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode[...]

  • Page 765

    Logging And Network Management Command Set Configuring System Loggin g Matrix NSA Series Configuration Guide 1 1-23 1 1 .2.1.14 set logging here Use this command to enable or disable the current CLI session as a Syslog destination. The ef fect of this command will be temporar y if the current CLI session is us ing T elnet or SSH, but persistent on [...]

  • Page 766

    Logging And Network Management Co mmand Set Configuring System Logging 1 1-24 Matrix NSA Series Configuration Guide 1 1.2.1.15 clear logging here Use this command to clear the logging state for the current CLI session. clear logging here Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Exampl[...]

  • Page 767

    Logging And Network Management Command Set Configuring System Loggin g Matrix NSA Series Configuration Guide 1 1-25 1 1 .2.1.16 show logging buffer Use this command to display the last 256 messages logged. show logging buffer Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-Only . Example This exampl[...]

  • Page 768

    Logging And Network Management Co mmand Set Monitoring Network Events and S tatus 1 1-26 Matrix NSA Series Configuration Guide 1 1.2.2 Monitoring Network Event s and S t atus Purpose T o display switch events and command history , to set the size of the history buf fer , and to display and disconnect current user sessions. Commands Commands to moni[...]

  • Page 769

    Logging And Network Management Command Set Monitoring Network Even ts and S tatus Matrix NSA Series Configuration Guide 1 1-27 1 1 .2.2.1 history Use this command to display the contents of the co mmand history buffer . The comma nd history buffer includes all the switch commands entere d up to a maximum of 50, as specified in the set history comma[...]

  • Page 770

    Logging And Network Management Co mmand Set Monitoring Network Events and S tatus 1 1-28 Matrix NSA Series Configuration Guide 1 1.2.2.2 show history Use this command to display the size (in lines) of the history buf fer . show history Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-Only . Example T[...]

  • Page 771

    Logging And Network Management Command Set Monitoring Network Even ts and S tatus Matrix NSA Series Configuration Guide 1 1-29 1 1.2.2.3 set history Use this command to set the size of the history buf fe r . set history size [ defaul t ] Synt ax Description Command Default s If default is not specified, the history setting will not be persistent. C[...]

  • Page 772

    Logging And Network Management Co mmand Set Monitoring Network Events and S tatus 1 1-30 Matrix NSA Series Configuration Guide 1 1.2.2.4 show netst at Use this command to display statistics fo r the switch’ s active network connections. show netstat [icmp | ip | routes | stats | tcp | udp ] Synt ax Description Command Default s If no parameters a[...]

  • Page 773

    Logging And Network Management Command Set Monitoring Network Even ts and S tatus Matrix NSA Series Configuration Guide 1 1-31 Ta b l e 1 1 - 4 provides an explanation of the command out put . T able 1 1-4 show net st at Output Det ails Output What It Displays... PCB Protocol Control Block designatio n. Proto T ype of protocol running on the conn e[...]

  • Page 774

    Logging And Network Management Co mmand Set Monitoring Network Events and S tatus 1 1-32 Matrix NSA Series Configuration Guide 1 1.2.2.5 ping Use this command to send ICMP echo-request packets to another node on the network from the switch CLI. ping [ -s ] host [ count ] Synt ax Description Command Default s • If -s is not specified, the ping wil[...]

  • Page 775

    Logging And Network Management Command Set Monitoring Network Even ts and S tatus Matrix NSA Series Configuration Guide 1 1-33 This example shows how to ping IP address 134.141.89.29 with 10 packets: This example shows a continuous pi ng of IP address 134.141. 89.29. In this case, entering Ctrl+C after 9 iterations caused command execution to stop [...]

  • Page 776

    Logging And Network Management Co mmand Set Monitoring Network Events and S tatus 1 1-34 Matrix NSA Series Configuration Guide 1 1.2.2.6 show users Use this command to display info rmation about the active console po rt or T elnet session(s) logged in to the switch. show users Synt ax Description None. Command Default s None. Command T ype Switch c[...]

  • Page 777

    Logging And Network Management Command Set Monitoring Network Even ts and S tatus Matrix NSA Series Configuration Guide 1 1-35 1 1 .2.2.7 tell Use this command to send a m ess age to one or all users. tell { dest | all } message Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example This example [...]

  • Page 778

    Logging And Network Management Co mmand Set Monitoring Network Events and S tatus 1 1-36 Matrix NSA Series Configuration Guide 1 1.2.2.8 disconnect Use this command to clos e an active console port or T elnet session from the switch CLI. disconnect { ip-addr | console } Synt ax Description Command Default s None. Command T ype Switch command. Comma[...]

  • Page 779

    Logging And Network Management Command Set Configuring SMON Matrix NSA Series Configuration Guide 1 1-37 1 1 .2.3 Configuring SMON Purpose T o configure SMON (Switched Network Mon itoring) on the device. Commands Commands to configure SMON are listed below an d described in the associated section as shown. • show smon priority ( Section 1 1.2.3.1[...]

  • Page 780

    Logging And Network Management Co mmand Set Configuring SMON 1 1-38 Matrix NSA Series Configuration Guide 1 1.2.3.1 show smon priority Use this command to display SMON user priority statistics. SMON generates aggregated statistics for IEEE 802.1 Q VLAN environments. show smon priority [ port-string ] [ priority priority ] Synt ax Description Comman[...]

  • Page 781

    Logging And Network Management Command Set Configuring SMON Matrix NSA Series Configuration Guide 1 1-39 1 1 .2.3.2 set smon priority Use this command to create, start, or stop priority-encoded SMON user statistics counting. set smon priority {create | enable | disable} port-string [ owner ] Synt ax Description Command Default s If owner is not spe[...]

  • Page 782

    Logging And Network Management Co mmand Set Configuring SMON 1 1-40 Matrix NSA Series Configuration Guide 1 1.2.3.3 clear smon priority Clears priority-encoded user stat istic s on one or more ports . clear smon priority [ port-string ] Synt ax Description Command Default s If port-string is not specified, priority stat istics will be cleared on al[...]

  • Page 783

    Logging And Network Management Command Set Configuring SMON Matrix NSA Series Configuration Guide 1 1-41 1 1 .2.3.4 show smon vlan Use this command to display SMON (Switc hed Network Monitori ng) VLAN statistics. show smon vlan [ port-string ] [ vlan vlan-id ] Synt ax Description Command Default s • If port-string is not specified, SMON statistic[...]

  • Page 784

    Logging And Network Management Co mmand Set Configuring SMON 1 1-42 Matrix NSA Series Configuration Guide 1 1.2.3.5 set smon vlan Use this command to create, start, or stop SNMP VLAN-related statistics counting. set smon vlan {create | enable | disable} port-string [ owner ] Synt ax Description Command Default s If owner is not specified, no ne wil[...]

  • Page 785

    Logging And Network Management Command Set Configuring SMON Matrix NSA Series Configuration Guide 1 1-43 1 1 .2.3.6 clear smon vlan Use this command to delete an SMON VLAN statistics counting configuration. clear smon vlan [ port-string ] Synt ax Description Command Default s If port-string is not specified, VLAN statisti cs counting configurations[...]

  • Page 786

    Logging And Network Management Co mmand Set Configuring RMON 1 1-44 Matrix NSA Series Configuration Guide 1 1.2.4 Configuring RMON RMON Monitoring Group Functions and Commands RMON (Remote Network Mon itoring) provides co mprehensive ne twork fault diagnosis, plannin g, and performance tuning informa tion and allows for interoperability between SNM[...]

  • Page 787

    Logging And Network Management Command Set Configuring RMON Matrix NSA Series Configuration Guide 1 1-45 Alarm Periodically gathers statistical samples from variables in the probe and compares them with previously configured thresholds. If the monitored variable crosses a threshold, an event is generated. Alarm type, interval, starting threshold, s[...]

  • Page 788

    Logging And Network Management Co mmand Set Configuring RMON 1 1-46 Matrix NSA Series Configuration Guide Host To p N Generates tables that describe hosts that top a list ordered by one of their statistics. These rate based statistics are samples of one of th eir base statistics over an interval specified by the management statio n. S tatistics, to[...]

  • Page 789

    Logging And Network Management Command Set Configuring RMON Matrix NSA Series Configuration Guide 1 1-47 Filter Allows packets to be matched by a filter equation. These ma tc hed packets f orm a data stream or “channel” that may be captured or ma y generate eve nts. Packets ma tc hin g the filter configuration. show rmon channel ( Section 1 1.2[...]

  • Page 790

    Logging And Network Management Co mmand Set Configuring RMON 1 1-48 Matrix NSA Series Configuration Guide 1 1.2.4.1 show rmon st at s Use this command to display RMON statistics measured for one or more ports. show rmon stats [ port-string ] [ wide ] [ bysize ] Synt ax Description Command Default s If port-string is not specified, RMON stats wil l [...]

  • Page 791

    Logging And Network Management Command Set Configuring RMON Matrix NSA Series Configuration Guide 1 1-49 Ta b l e 1 1 - 6 provides an explanation of the command out put . T able 1 1-6 show rmon st ats Output Det ails Output What It Displays... Port Port de sign ation. Owner Name of the entity that configured this entry . Monitor is default. Data So[...]

  • Page 792

    Logging And Network Management Co mmand Set Configuring RMON 1 1-50 Matrix NSA Series Configuration Guide Fragments Number of received frames that are not the minimum number of bytes in length, or received frames that had a bad or missing Frame Check Sequence (FCS), were less than 64 bytes in length (excludin g fra ming bits, but including FCS byte[...]

  • Page 793

    Logging And Network Management Command Set Configuring RMON Matrix NSA Series Configuration Guide 1 1-51 1 1 .2.4.2 set rmon st at s Use this command to configure an RMON statist ics entry . set rmon stats index port-string [ owner ] Synt ax Description Command Default s If owner is not specified, monitor will be applied. Command T ype Switch comma[...]

  • Page 794

    Logging And Network Management Co mmand Set Configuring RMON 1 1-52 Matrix NSA Series Configuration Guide 1 1.2.4.3 clear rmon st at s Use this command to delete one or more RMON st atistics entries. clear rmon stats { index-list | to-defaults } Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Exam[...]

  • Page 795

    Logging And Network Management Command Set Configuring RMON Matrix NSA Series Configuration Guide 1 1-53 1 1 .2.4.4 show rmon history Use this command to display RMON histo ry properties and statistics. The RMO N histo ry group records periodic statistical samples from a network. show rmon history [ port-string ] [ wide ] [ int erval ] Synt ax Desc[...]

  • Page 796

    Logging And Network Management Co mmand Set Configuring RMON 1 1-54 Matrix NSA Series Configuration Guide Matrix(rw)-> show rmon history f e.3.14 Port: fe.3.14 ------------------------------- -------- Index 1001 Status = 1 valid Owner = monitor Data Source = 1.3.6.1.2.1 .2.2.1.1.11001 Interval = 30 Buckets Requested = 50 Buckets Granted = 50 Sam[...]

  • Page 797

    Logging And Network Management Command Set Configuring RMON Matrix NSA Series Configuration Guide 1 1-55 1 1 .2.4.5 set rmon history Use this command to configure an RMON history entry . set rmon history index [ port-string ] [ buckets buckets ] [ interval interval ] [ owner owner ] Synt ax Description Command Default s • If buckets is not specif[...]

  • Page 798

    Logging And Network Management Co mmand Set Configuring RMON 1 1-56 Matrix NSA Series Configuration Guide 1 1.2.4.6 clear rmon history Use this command to delete one or more RMON hi story entries or reset one or more entries to default values. Fo r spec ific values, refer to Section 1 1.2.4.5 . clear rmon history { index-list | to-defaults } Synt a[...]

  • Page 799

    Logging And Network Management Command Set Configuring RMON Matrix NSA Series Configuration Guide 1 1-57 1 1 .2.4.7 show rmon alarm Use this command to display RMON alarm entrie s. The RMON alarm group periodically takes statistical samples from RMON variables and co mpares them with pr eviously configured thresholds. If the monitored va riable cro[...]

  • Page 800

    Logging And Network Management Co mmand Set Configuring RMON 1 1-58 Matrix NSA Series Configuration Guide T able 1 1-7 show rmon alarm Output Details Output What It Displays... Index Index number for this alarm entry . Owner T ext string identifying who configured this entry . S tatus Whether this e vent entry is enabled (valid) or disabled. V aria[...]

  • Page 801

    Logging And Network Management Command Set Configuring RMON Matrix NSA Series Configuration Guide 1 1-59 1 1 .2.4.8 set rmon alarm properties Use this command to configure an RMON alarm en try , or to create a new alarm entry with an unused alarm in dex number . set rmon alarm properties index [ interval interval ] [ object object ] [ type {absolut[...]

  • Page 802

    Logging And Network Management Co mmand Set Configuring RMON 1 1-60 Matrix NSA Series Configuration Guide Command Default s • interval - 3600 seconds • type - absolute • startup - rising • rthresh - 0 • fthresh - 0 • revent - 0 • fevent - 0 • owner - monitor Command T ype Switch command. Command Mode Read-W rite. Example This exampl[...]

  • Page 803

    Logging And Network Management Command Set Configuring RMON Matrix NSA Series Configuration Guide 1 1-61 1 1.2.4.9 set rmon alarm st atu s Use this command to enable an RMON alarm entry . An alarm is a notification that a statistical sample of a monitored variable has crossed a configured threshold. set rmon alarm status index enable Synt ax Descri[...]

  • Page 804

    Logging And Network Management Co mmand Set Configuring RMON 1 1-62 Matrix NSA Series Configuration Guide 1 1.2.4.10 clear rmon alarm Use this command to dele te an RMON alarm entry . clear rmon alarm index Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example This example shows how to clear RMO[...]

  • Page 805

    Logging And Network Management Command Set Configuring RMON Matrix NSA Series Configuration Guide 1 1-63 1 1 .2.4.1 1 show rmon event Use this command to display RMON event entry properties. show rmon ev ent [ index ] Synt ax Description Command Default s If index is not specified, information abou t all RMON entries will be displayed. Command T yp[...]

  • Page 806

    Logging And Network Management Co mmand Set Configuring RMON 1 1-64 Matrix NSA Series Configuration Guide Description T ext string d escription of this event. T ype Whether the event notification will be a log entry , and SNMP trap, both, or none. Community SN MP community name if message type is set to trap. Last T ime Se nt When an event notifi c[...]

  • Page 807

    Logging And Network Management Command Set Configuring RMON Matrix NSA Series Configuration Guide 1 1-65 1 1 .2.4.12 set rmon event properties Use this command to configure an RMON event entry , or to create a new event entry w ith an unused event index numb er . set rmon event properties index [ description description ] [ type {none | log | trap [...]

  • Page 808

    Logging And Network Management Co mmand Set Configuring RMON 1 1-66 Matrix NSA Series Configuration Guide Example This example shows how to create and enable an RMON event e ntry called “STP topology change” that will send both a log entr y and an SNMP trap message to the “public” community: Matrix(rw)-> set rmon event pr operties 2 desc[...]

  • Page 809

    Logging And Network Management Command Set Configuring RMON Matrix NSA Series Configuration Guide 1 1-67 1 1 .2.4.13 set rmon event st atus Use this command to enable an RMON event entry . An event entry describes the parameters of an RMON event that can be triggered. Events can be fired by RMON alarms and can be configured to create a log entry , [...]

  • Page 810

    Logging And Network Management Co mmand Set Configuring RMON 1 1-68 Matrix NSA Series Configuration Guide 1 1.2.4.14 clear rmon event Use this command to delete an RMON event entry and any associated log entries. clear rmon event index Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example This e[...]

  • Page 811

    Logging And Network Management Command Set Configuring RMON Matrix NSA Series Configuration Guide 1 1-69 1 1 .2.4.15 show rmon host Use this command to display RMON properti es and statistics as sociated with each host discovered on the network. show rmon host [ port-string ] [ address | creation ] Synt ax Description Command Default s • If port-[...]

  • Page 812

    Logging And Network Management Co mmand Set Configuring RMON 1 1-70 Matrix NSA Series Configuration Guide Example This example shows how to display RMON host properties and statistics. A control entry displays first, followed by actual entries corresponding to the control entry . For a description of the types of statistics shown, refer to Ta b l e[...]

  • Page 813

    Logging And Network Management Command Set Configuring RMON Matrix NSA Series Configuration Guide 1 1-71 1 1 .2.4.16 set rmon host properties Use this command to configure an RMON host entry . set rmon host properties index port-string [ owner ] Synt ax Description Command Default s If owner is not specified, monitor will be appli ed. Command T ype[...]

  • Page 814

    Logging And Network Management Co mmand Set Configuring RMON 1 1-72 Matrix NSA Series Configuration Guide 1 1.2.4.17 set rmon host st atus Use this command to enable an RMON host entry . set rmon host status index enable Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example This example shows ho[...]

  • Page 815

    Logging And Network Management Command Set Configuring RMON Matrix NSA Series Configuration Guide 1 1-73 1 1 .2.4.18 clear rmon host Use this command to dele te an RMON host entry . clear rmon host index Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example This example shows how to clear RMON h[...]

  • Page 816

    Logging And Network Management Co mmand Set Configuring RMON 1 1-74 Matrix NSA Series Configuration Guide 1 1.2.4.19 show rmon topN Use this command to displays RMON T opN proper ties and statistics. T opN monitoring prepares tables that describe the hosts topping a list ordered by one of their statistics. T opN lists are samples of one of the host[...]

  • Page 817

    Logging And Network Management Command Set Configuring RMON Matrix NSA Series Configuration Guide 1 1-75 Ta b l e 1 1 - 9 provides an explanation of the comm and output. Properties are set using the set rmon topN properties command as describe d in Section 1 1.2.4.20 . T able 1 1-9 show rmon topN Output Det ails Output What It Displays... Index Ind[...]

  • Page 818

    Logging And Network Management Co mmand Set Configuring RMON 1 1-76 Matrix NSA Series Configuration Guide 1 1.2.4.20 set rmon topN properties Use this command to configur e an RMON topN entry (report). set rmon topn properties index [ hindex hindex ] [ rate { inpackets | outpackets | inoctets | outoctets | errors | bcast | mc ast }] [ duration dura[...]

  • Page 819

    Logging And Network Management Command Set Configuring RMON Matrix NSA Series Configuration Guide 1 1-77 Command Mode Read-W rite. Example This example shows how to configur e RMON T opN en try 1, for host 1 with a sampling interval of 60 seconds and a maximum number o f entries of 20: Matrix(rw)-> set rmon topN propert ies 1 1 inpackets 60 20[...]

  • Page 820

    Logging And Network Management Co mmand Set Configuring RMON 1 1-78 Matrix NSA Series Configuration Guide 1 1.2.4.21 set rmon topN st atus Use this command to enab le an RMON topN entry . set rmon topN status index enable | Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example This example shows[...]

  • Page 821

    Logging And Network Management Command Set Configuring RMON Matrix NSA Series Configuration Guide 1 1-79 1 1 .2.4.22 clear rmon topN Use this command to delete an RMON T opN entry . clear rmon topN index Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example This example shows how to delete RMON [...]

  • Page 822

    Logging And Network Management Co mmand Set Configuring RMON 1 1-80 Matrix NSA Series Configuration Guide 1 1.2.4.23 show rmon matrix Use this command to display RM ON matrix properties and statis tics. The RMON matrix stores statistics for conversations between sets of two addresse s. show rmon matrix [ port-string ] [ source | dest ] Synt ax Desc[...]

  • Page 823

    Logging And Network Management Command Set Configuring RMON Matrix NSA Series Configuration Guide 1 1-81 T able 1 1-10 provides an explanation of the command output. Properties are set using the set rmon matrix properties command as described in Section 1 1.2.4.24 . T able 1 1-10 show rmon matrix Output Det ails Output What It Displays... Matrix In[...]

  • Page 824

    Logging And Network Management Co mmand Set Configuring RMON 1 1-82 Matrix NSA Series Configuration Guide 1 1.2.4.24 set rmon matrix properties Use this command to configure an RMON matrix ent ry . set rmon matrix properties index port-string [ owner ] Synt ax Description Command Default s If owner is not specified, monito r will be applied. Comman[...]

  • Page 825

    Logging And Network Management Command Set Configuring RMON Matrix NSA Series Configuration Guide 1 1-83 1 1 .2.4.25 set rmon matrix st atus Use this command to enable an RMON matrix entry . set rmon matrix status index enable Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example This example sh[...]

  • Page 826

    Logging And Network Management Co mmand Set Configuring RMON 1 1-84 Matrix NSA Series Configuration Guide 1 1.2.4.26 clear rmon matrix Use this command to delete an RMON matrix entry . clear rmon matrix index Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example This example shows how to delete [...]

  • Page 827

    Logging And Network Management Command Set Configuring RMON Matrix NSA Series Configuration Guide 1 1-85 1 1 .2.4.27 show rmon channel Use this command to display RMON channel entries for one or more ports. show rmon channe l [ port-string ] Synt ax Description Command Default s If port-string is not specified, information abou t all channels will [...]

  • Page 828

    Logging And Network Management Co mmand Set Configuring RMON 1 1-86 Matrix NSA Series Configuration Guide 1 1.2.4.28 set rmon channel Use this command to configure an RMON channel entry . set rmon channel index port-string [ accept { matched | failed }] [ control { on | off }] [ oneven t onevent ] [ offevent offevent ] [ event event ] [ estatus { r[...]

  • Page 829

    Logging And Network Management Command Set Configuring RMON Matrix NSA Series Configuration Guide 1 1-87 Command Default s • If an action is not specified, packets will be accepted on filter matches. • If not specified, control will be set to off . • If onevent and offevent are not specified, none will be applied. • If event status is not s[...]

  • Page 830

    Logging And Network Management Co mmand Set Configuring RMON 1 1-88 Matrix NSA Series Configuration Guide 1 1.2.4.29 clear rmon channel Use this command to clear an RMON channel entry . clear rmon channel index Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example This example shows how to clear[...]

  • Page 831

    Logging And Network Management Command Set Configuring RMON Matrix NSA Series Configuration Guide 1 1-89 1 1 .2.4.30 show rmon filter Use this command to display on e or more RMON filter entries. show rmon filter [ index index | channel channel ] Synt ax Description Command Default s If no options are specified, information for all filter entries w[...]

  • Page 832

    Logging And Network Management Co mmand Set Configuring RMON 1 1-90 Matrix NSA Series Configuration Guide 1 1.2.4.31 set rmon filter Use this command to conf igure an RMON filter entry . set rmon filter index channel_index [ offset offset ] [ status status ] [ smas k smask ] [ snotmask snotmask ] [ data data ] [ dmask dmask ] [ dnotmask dnotmask ] [...]

  • Page 833

    Logging And Network Management Command Set Configuring RMON Matrix NSA Series Configuration Guide 1 1-91 Command Mode Read-W rite. Example This example shows how to create RMON filter 1 and apply it to channel 9: Matrix(rw)-> set rmon fil ter 1 10 offset 30 data 0a1543 05 dmask ffffffff[...]

  • Page 834

    Logging And Network Management Co mmand Set Configuring RMON 1 1-92 Matrix NSA Series Configuration Guide 1 1.2.4.32 clear rmon filter Use this command to clear an RMON filter entry . clear rmon filter { index index | channel channel } Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example This e[...]

  • Page 835

    Logging And Network Management Command Set Configuring RMON Matrix NSA Series Configuration Guide 1 1-93 1 1 .2.4.33 show rmon capture Use this command to display RMON capture en tries and associated buffer control entries. show rmon captur e [ index ] [ nodata ] Synt ax Description Command Default s If no options are specified, a ll buffer control[...]

  • Page 836

    Logging And Network Management Co mmand Set Configuring RMON 1 1-94 Matrix NSA Series Configuration Guide Example This example shows how to display RMON captu re entries and associated buffer entries: Matrix(rw)-> show rmon capture Buf.control= 28062 Channel= 38 283 EntryStatus= valid ------------------------------- --------------------------- F[...]

  • Page 837

    Logging And Network Management Command Set Configuring RMON Matrix NSA Series Configuration Guide 1 1-95 1 1 .2.4.34 set rmon capture Use this command to configure an RMON capture entr y , or to enable or disable an existing entry . set rmon capture index { channel [ action { lock | wr ap }] [ slice slice ] [ loadsize loadsize ] [ offset offset ] [[...]

  • Page 838

    Logging And Network Management Co mmand Set Configuring RMON 1 1-96 Matrix NSA Series Configuration Guide Command T ype Switch command. Command Mode Read-W rite. Example This example shows how to create RMON ca pture entry 1 to “listen” on channel 628: Matrix(rw)-> set rmon capture 1 628[...]

  • Page 839

    Logging And Network Management Command Set Configuring RMON Matrix NSA Series Configuration Guide 1 1-97 1 1 .2.4.35 clear rmon capture Use this command to clears an RMON capture entry . clear rmon capture index Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example This example shows how to clea[...]

  • Page 840

    Logging And Network Management Co mmand Set Managing Switch Network Addresses and Routes 1 1-98 Matrix NSA Series Configuration Guide 1 1.2.5 Managing Switch Ne twork Addresses and Routes Purpose T o display , add or delete switch ARP table entr ies, to enable or disable RAD (Runtime Address Discovery) protocol, to display , add or delete IP routin[...]

  • Page 841

    Logging And Network Management Command Set Managing Switch Network Addresses and Routes Matrix NSA Series Configuration Guide 1 1-99 1 1 .2.5.1 show arp Use this command to displa y the swit ch’ s ARP table. show arp Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-Only . Example This example shows[...]

  • Page 842

    Logging And Network Management Co mmand Set Managing Switch Network Addresses and Routes 1 1-100 Matrix NSA Series Configuration Guide 1 1.2.5.2 set arp Use this command to ad d mapping entries to the switch’ s ARP table. set arp ip-address mac-address [{ temp | pub | trail} ] Synt ax Description Command Default s • If temp is not specified, th[...]

  • Page 843

    Logging And Network Management Command Set Managing Switch Network Addresses and Routes Matrix NSA Series Configuration Guide 1 1-1 01 1 1 .2.5.3 clear arp Use this command to delete a specific entry or all entries from the switch’ s ARP table. clear arp { ip | all } Synt ax Description Command Default s None. Command T ype Switch command. Comman[...]

  • Page 844

    Logging And Network Management Co mmand Set Managing Switch Network Addresses and Routes 1 1-102 Matrix NSA Series Configuration Guide 1 1.2.5.4 show rad Use this command to display the status of the RAD (Runtime Address Discovery) protoc ol on the switch. show rad Synt ax Description None. Command Default s None. Command T ype Switch command. Comm[...]

  • Page 845

    Logging And Network Management Command Set Managing Switch Network Addresses and Routes Matrix NSA Series Configuration Guide 1 1-1 03 1 1.2.5.5 set rad Use this command to enable or disable RAD (R untime Address Discovery) protocol. The Matrix Series device uses BOOTP/DHCP to obtain an IP address if one hasn’t been configured. RAD can also be us[...]

  • Page 846

    Logging And Network Management Co mmand Set Managing Switch Network Addresses and Routes 1 1-104 Matrix NSA Series Configuration Guide 1 1.2.5.6 show ip route Use this command to display the switch’ s IP routing table entries. show ip route Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-Only . Ex[...]

  • Page 847

    Logging And Network Management Command Set Managing Switch Network Addresses and Routes Matrix NSA Series Configuration Guide 1 1-1 05 Flags Route status. Possible valu es and their definiti ons include: U - route is usable (that is, "up") G - destination is a gateway H - host specific routing entry R - host or net unreachable D - created[...]

  • Page 848

    Logging And Network Management Co mmand Set Managing Switch Network Addresses and Routes 1 1-106 Matrix NSA Series Configuration Guide 1 1.2.5.7 tracerout e Use this command to display a hop -by-hop path throu gh an IP network from th e device to a specific destination host. Three UDP or ICMP pr obes will be transmitted fo r each hop between the so[...]

  • Page 849

    Logging And Network Management Command Set Managing Switch Network Addresses and Routes Matrix NSA Series Configuration Guide 1 1-1 07 Command Default s • If not specified, waittime will be set to 5 seconds. • If not specified, first-tt l will be set to 1 second. • If not specified, max-ttl will be set to 30 seconds. • If not specified, por[...]

  • Page 850

    Logging And Network Management Co mmand Set Managing Switch Network Addresses and Routes 1 1-108 Matrix NSA Series Configuration Guide Example This example shows how to use traceroute to d isplay a round trip p ath to host 192.1 67.252.17. In this case, hop 1 is the Matrix Series switch, hop 2 is 14.1.0.45, and hop 3 is back to the host IP address.[...]

  • Page 851

    Logging And Network Management Command Set Managing Switch Network Addresses and Routes Matrix NSA Series Configuration Guide 1 1-1 09 1 1 .2.5.8 set ip route Use this command to add a route to the switch’ s IP routing table. set ip route { destination | default} ga teway Synt ax Description Command Default s None. Command T ype Switch command. C[...]

  • Page 852

    Logging And Network Management Co mmand Set Managing Switch Network Addresses and Routes 1 1-1 10 Matrix NSA Series Configuration Guide 1 1.2.5.9 clear ip route Use this command to delete switch IP routing table ent ries. clear ip route destination | default Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read[...]

  • Page 853

    Logging And Network Management Command Set Managing Switch Network Addresses and Routes Matrix NSA Series Configu ration Guide 1 1-1 1 1 1 1 .2.5.10 show port mac Use this command to display the MAC address(es ) for one or more ports. These are port MAC addresses programmed into the device during manu facturing. T o show the MAC addresses learned o[...]

  • Page 854

    Logging And Network Management Co mmand Set Managing Switch Network Addresses and Routes 1 1-1 12 Matrix NSA Series Configuration Guide 1 1.2.5.1 1 show mac Use this command to display th e timeout period for aging learned M AC addresses, and to show MAC addresses in the sw itch’ s filtering data base. These are addresses lea rned on a port throu[...]

  • Page 855

    Logging And Network Management Command Set Managing Switch Network Addresses and Routes Matrix NSA Series Configu ration Guide 1 1-1 13 Examples This example shows how to displa y the MAC addr ess timeout period : This example shows how to display MAC address information for Fast Ethernet port 3 in port group 1: T able 1 1-13 provides an expla nati[...]

  • Page 856

    Logging And Network Management Co mmand Set Managing Switch Network Addresses and Routes 1 1-1 14 Matrix NSA Series Configuration Guide 1 1.2.5.12 set mac Use this command to set the timeo ut period for aging learned MA C entries, to define what ports a multicast address can be dynamically learned on or flooded to, and to make a static entry into t[...]

  • Page 857

    Logging And Network Management Command Set Managing Switch Network Addresses and Routes Matrix NSA Series Configu ration Guide 1 1-1 15 1 1 .2.5.13 clear mac Use this command to reset the timeout period for aging learned MAC entries to the default value of 300 seconds, or to clear MAC addresses out of the filte ring database(s). clear mac {[ all ] [...]

  • Page 858

    Logging And Network Management Co mmand Set Managing Switch Network Addresses and Routes 1 1-1 16 Matrix NSA Series Configuration Guide This example shows how to clear all the MAC addresses associated with port fe.1.3: Matrix(rw)-> clear mac port-stri ng fe.1.3[...]

  • Page 859

    Logging And Network Management Command Set Managing Switch Network Addresses and Routes Matrix NSA Series Configu ration Guide 1 1-1 17 1 1 .2.5.14 show newaddrtrap s Use this command to display the status of MAC address traps on one or more ports. show newaddrtrap [ port-string ] Synt ax Description Command Default s If port-string is not specifie[...]

  • Page 860

    Logging And Network Management Co mmand Set Managing Switch Network Addresses and Routes 1 1-1 18 Matrix NSA Series Configuration Guide 1 1.2.5.15 set newaddrtrap s Use this command to enable or disable SNMP trap messaging, globally or on one or more ports, when new source MAC addresses are detec te d. set newaddrtrap [ port-string ] { enable | dis[...]

  • Page 861

    Logging And Network Management Command Set Managing Switch Network Addresses and Routes Matrix NSA Series Configu ration Guide 1 1-1 19 1 1 .2.5.16 show movedaddrtrap Use this command to disp lay the status of mo ved MAC address traps on one or more ports. show movedaddrtrap [ port-string ] Synt ax Description Command Default s If port-string is no[...]

  • Page 862

    Logging And Network Management Co mmand Set Managing Switch Network Addresses and Routes 1 1-120 Matrix NSA Series Configuration Guide 1 1.2.5.17 set movedaddrtrap Use this command to enable or disable SNMP trap messaging, globally or on one or more ports, when moved source MAC addresses are detected. set movedaddrtrap [ port-string ] { enable | di[...]

  • Page 863

    Logging And Network Management Command Set Configuring Simple Network Time Protocol (SNTP) Matrix NSA Series Configuration Guide 1 1-1 21 1 1 .2.6 Configuring Simple Ne twork T ime Protocol (SNTP) Purpose T o configure the Simple Network T ime Protocol (SNTP ), which synchronizes device clo cks in a network. Commands Commands to configure SNTP are [...]

  • Page 864

    Logging And Network Management Co mmand Set Configuring Simple Network Time Protocol (SNTP) 1 1-122 Matrix NSA Series Configuration Guide 1 1.2.6.1 show snt p Use this command to disp lay SNTP client settings. show sntp Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-Only . Example This example show[...]

  • Page 865

    Logging And Network Management Command Set Configuring Simple Network Time Protocol (SNTP) Matrix NSA Series Configuration Guide 1 1-1 23 T able 1 1-14 show sntp Output Det ails Output What It Displays... SNTP V ersion SNTP version number . Current T ime Current time on the system clock. T imezone T ime zone name and am ount it is offset from UTC ([...]

  • Page 866

    Logging And Network Management Co mmand Set Configuring Simple Network Time Protocol (SNTP) 1 1-124 Matrix NSA Series Configuration Guide 1 1.2.6.2 set sntp client Use this command to set the SNTP operation mode. set sntp client { broadcast | unicast | disable } Synt ax Description Command Default s None. Command T ype Switch command. Command Mode [...]

  • Page 867

    Logging And Network Management Command Set Configuring Simple Network Time Protocol (SNTP) Matrix NSA Series Configuration Guide 1 1-1 25 1 1 .2.6.3 clear sntp client Use this command to clear the SNTP client’ s operational mode. clear sntp client Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-W [...]

  • Page 868

    Logging And Network Management Co mmand Set Configuring Simple Network Time Protocol (SNTP) 1 1-126 Matrix NSA Series Configuration Guide 1 1.2.6.4 set sntp server Use this command to add a server from which the SN TP client will retrieve the current time when operating in unicast mode. Up to 10 servers can be set as SNTP servers. set sntp server i[...]

  • Page 869

    Logging And Network Management Command Set Configuring Simple Network Time Protocol (SNTP) Matrix NSA Series Configuration Guide 1 1-1 27 1 1 .2.6.5 clear sntp server Use this command to remove one or all servers from the SNTP server list. clear sntp server { ip-addr ess | all } Synt ax Description Command Default s None. Command T ype Switch comma[...]

  • Page 870

    Logging And Network Management Co mmand Set Configuring Simple Network Time Protocol (SNTP) 1 1-128 Matrix NSA Series Configuration Guide 1 1.2.6.6 set sntp broadcast delay Use this command to set the ro u nd trip delay , in microseconds, for SNTP broadcast frames. set sntp broadcastde lay time Synt ax Description Command Default s None. Command T [...]

  • Page 871

    Logging And Network Management Command Set Configuring Simple Network Time Protocol (SNTP) Matrix NSA Series Configuration Guide 1 1-1 29 1 1 .2.6.7 clear sntp broadcast delay Use this command to clear the round tr ip delay time for SNTP broadcast frames. clear sntp broadcastdelay Synt ax Description None. Command Default s None. Command T ype Swit[...]

  • Page 872

    Logging And Network Management Co mmand Set Configuring Simple Network Time Protocol (SNTP) 1 1-130 Matrix NSA Series Configuration Guide 1 1.2.6.8 set sntp poll-interval Use this command to set the poll in terval between SNTP unicast requests. set sntp poll-interval interval Synt ax Description Command Default s None. Command T ype Switch command.[...]

  • Page 873

    Logging And Network Management Command Set Configuring Simple Network Time Protocol (SNTP) Matrix NSA Series Configuration Guide 1 1-1 31 1 1 .2.6.9 clear sntp poll-interval Use this command to clear the poll in terval between unicast SNTP requests. clear sntp poll-interval Synt ax Description None. Command Default s None. Command T ype Switch comm[...]

  • Page 874

    Logging And Network Management Co mmand Set Configuring Simple Network Time Protocol (SNTP) 1 1-132 Matrix NSA Series Configuration Guide 1 1.2.6.10 set sntp poll-retry Use this command to set the number of poll retries to a unicast SNTP server . set sntp poll-retry re t r y Synt ax Description Command Default s None. Command T ype Switch command. [...]

  • Page 875

    Logging And Network Management Command Set Configuring Simple Network Time Protocol (SNTP) Matrix NSA Series Configuration Guide 1 1-1 33 1 1 .2.6.1 1 clear sntp poll-retry Use this command to clear the number of poll retries to a unicast SNTP server . clear sntp poll-retry Synt ax Description None. Command Default s None. Command T ype Switch comm[...]

  • Page 876

    Logging And Network Management Co mmand Set Configuring Simple Network Time Protocol (SNTP) 1 1-134 Matrix NSA Series Configuration Guide 1 1.2.6.12 set sntp poll-timeout Use this command to set the po ll timeout (in seconds) for a response to a unicast SNTP request. set sntp poll-timeout timeout Synt ax Description Command Default s None. Command [...]

  • Page 877

    Logging And Network Management Command Set Configuring Simple Network Time Protocol (SNTP) Matrix NSA Series Configuration Guide 1 1-1 35 1 1 .2.6.13 clear sntp poll-timeout Use this command to clear the SNTP poll timeout. clear sntp poll-timeout Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-W rit[...]

  • Page 878

    Logging And Network Management Co mmand Set Configuring Simple Network Time Protocol (SNTP) 1 1-136 Matrix NSA Series Configuration Guide 1 1.2.6.14 show timezone Use this command to disp lay SNTP time zone settings. show timezone Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-Only . Example This e[...]

  • Page 879

    Logging And Network Management Command Set Configuring Simple Network Time Protocol (SNTP) Matrix NSA Series Configuration Guide 1 1-1 37 1 1 .2.6.15 set timezone Use this command to set the SNTP time zone name and the ho urs and minutes it is of fset from Coordinated Universal T ime (UTC). set timezone name [ hours ] [ minutes ] Synt ax Descriptio[...]

  • Page 880

    Logging And Network Management Co mmand Set Configuring Simple Network Time Protocol (SNTP) 1 1-138 Matrix NSA Series Configuration Guide 1 1.2.6.16 clear timezone Use this command to remove SN TP time zone adjustment values. clear timezone Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Exa[...]

  • Page 881

    Logging And Network Management Command Set Configuring Node Aliases Matrix NSA Series Configuration Guide 1 1-1 39 1 1 .2.7 Configuring Node Aliases Purpose T o review , configure, disable and re-enable node (port) alias functionality , which determines what network protoco l s are running on one or m ore ports. Commands Commands to configure node [...]

  • Page 882

    Logging And Network Management Co mmand Set Configuring Node Aliases 1 1-140 Matrix NSA Series Configuration Guide 1 1.2.7.1 show nodealias Use this command to display node alias prop erties for one or more ports. show nodealias [ port-string ] Synt ax Description Command Default s If port-string is not specified, node alias prop erties will be dis[...]

  • Page 883

    Logging And Network Management Command Set Configuring Node Aliases Matrix NSA Series Configuration Guide 1 1-1 41 Vlan ID VLAN ID assoc i ated with this a lias. MAC Address MAC addres s associated with this alias. Protocol Networking protocol running o n this port. Address / Source IP When applicable, a protoc ol-sp ecific address associated with [...]

  • Page 884

    Logging And Network Management Co mmand Set Configuring Node Aliases 1 1-142 Matrix NSA Series Configuration Guide 1 1.2.7.2 show nodealias mac Use this command to display node alias entries based on MAC address and protocol. show nodealias mac mac_addr ess [ ip | apl | mac | hsrp | dhc ps | dhcpc | bootps | bootpc | ospf | vrrp | ipx | xrip | xsap[...]

  • Page 885

    Logging And Network Management Command Set Configuring Node Aliases Matrix NSA Series Configuration Guide 1 1-1 43 Command Default s • If protocol is not specified, node alias entries for all protocols will be displayed. • If port-string is not specified, node alias entr ies will be displayed for all ports. Command Mode Read-Only . Example This[...]

  • Page 886

    Logging And Network Management Co mmand Set Configuring Node Aliases 1 1-144 Matrix NSA Series Configuration Guide 1 1.2.7.3 show nodealias protocol Use this command to display node alias entries based on protocol and protocol ad dress. show nodealias protocol { ip | apl | mac | hsrp | dhcps | dhcpc | bootps | bootpc | ospf | vrrp | ipx | xrip | xs[...]

  • Page 887

    Logging And Network Management Command Set Configuring Node Aliases Matrix NSA Series Configuration Guide 1 1-1 45 Example This example shows how to display node alias entr ies for IP traf fic on ge .3.16. Refer back to T able 1 1-15 for a description of the command output. Matrix(rw)-> show nodealia s protocol ip ge.3.16 Port: ge.3.16 Time: 1 d[...]

  • Page 888

    Logging And Network Management Co mmand Set Configuring Node Aliases 1 1-146 Matrix NSA Series Configuration Guide 1 1.2.7.4 show nodealias config Use this command to display node alias conf iguration settings on one or more ports. show nodealias config [ port-string ] Synt ax Description Command Default s If port-string is not specified, node alia[...]

  • Page 889

    Logging And Network Management Command Set Configuring Node Aliases Matrix NSA Series Configuration Guide 1 1-1 47 T able 1 1-16 show nodealias config Output Det ails Output What It Displays... Port Number Port designation. Max Entries Maximum nu mber of alias entries configured for this port. Set using the set nodealias maxentries command ( Sectio[...]

  • Page 890

    Logging And Network Management Co mmand Set Configuring Node Aliases 1 1-148 Matrix NSA Series Configuration Guide 1 1.2.7.5 set nodealias Use this command to enable or disable a node a lias agent on one or more ports . Upon packet reception, node aliases are dynamica lly assigned to ports enabled with an alias agent, which is the default setting o[...]

  • Page 891

    Logging And Network Management Command Set Configuring Node Aliases Matrix NSA Series Configuration Guide 1 1-1 49 1 1 .2.7.6 set nodea lias maxentries Use this command to set the maximum number of node alias en tries allowed for one or more ports. set nodealias maxentries val port-string Synt ax Description Command Default s None. Command T ype Sw[...]

  • Page 892

    Logging And Network Management Co mmand Set Configuring Node Aliases 1 1-150 Matrix NSA Series Configuration Guide 1 1.2.7.7 clear nodealias Use this command to remove one or more node alias entries. clear nodealias { port-string port-string | alias-id alias-id } Synt ax Description Command Default s None. Command T ype Switch command. Command Mode[...]

  • Page 893

    Logging And Network Management Command Set Configuring Node Aliases Matrix NSA Series Configuration Guide 1 1-1 51 1 1 .2.7.8 clear nodealias config Use this command to reset node alias state to enabled and clear the maximum entries value. clear nodealias config port-string Synt ax Description Command Default s None. Command T ype Switch command. C[...]

  • Page 894

    Logging And Network Management Co mmand Set Configuring NetFlow 1 1-152 Matrix NSA Series Configuration Guide 1 1.2.8 Configuring NetFlow NetFlow is a protocol developed for collecting IP traf fic information. Ne twork devices (switches and routers) with NetFlow enabled generate NetF low flow records, whic h are exported from th e device in UDP pac[...]

  • Page 895

    Logging And Network Management Command Set Configuring NetFlow Matrix NSA Series Configuration Guide 1 1-1 53 V ersion Support The Matrix DFE firmware supports NetFlow V ersion 5 and V ersion 9. For more information about V ersion 9 data export format, refer to RFC 3954, “Cisco Systems NetFlow Services Export V ersion 9.” When transmitting NetF[...]

  • Page 896

    Logging And Network Management Co mmand Set Configuring NetFlow 1 1-154 Matrix NSA Series Configuration Guide more often than once per second, as a minimum. For more information about setting the refresh rate, see the Usage discussion in Section 1 1.2.8.12 . Commands Commands to configure NetFlow ar e listed below and described in the associated se[...]

  • Page 897

    Logging And Network Management Command Set Configuring NetFlow Matrix NSA Series Configuration Guide 1 1-1 55 1 1 .2.8.1 show net f low Use this command to displa y NetFlow configur ation information and/or statistics. show netflow [ config [ port-string ]] [ statistics [ export ]] Synt ax Description Command Default s If no parameters are entered,[...]

  • Page 898

    Logging And Network Management Co mmand Set Configuring NetFlow 1 1-156 Matrix NSA Series Configuration Guide Disabled Ports: ----------------- lag.0.1-48 ge.1.1-10,12-22,24-52 Export Statistics: ------------------------------- ----- Network Packets Sampled: 232 Exported Packets: 43 Exported Records: 36 Export Packets Failed: 0 Export Records Dropp[...]

  • Page 899

    Logging And Network Management Command Set Configuring NetFlow Matrix NSA Series Configuration Guide 1 1-1 57 1 1 .2.8.2 set net flow cache Use this command to enab le (create) or disable (free up) a NetFlow cache on each DFE blade in the Matrix system. A NetFlow cache ma intains NetFlow information for all active flows. By default, NetFlow caches [...]

  • Page 900

    Logging And Network Management Co mmand Set Configuring NetFlow 1 1-158 Matrix NSA Series Configuration Guide 1 1.2.8.3 clear net flow cache Use this command to remove, or free up, the Ne tFlow caches on each DFE blade in the Matrix system. When this command is executed, NetF low is effectively disabled on the system. clear netflow cache Synt ax De[...]

  • Page 901

    Logging And Network Management Command Set Configuring NetFlow Matrix NSA Series Configuration Guide 1 1-1 59 1 1 .2.8.4 set net f low export-destination Use this command to configure the NetFlow collector destination. By default, no collector address is configured. Only one collector destination per Matrix system can be configured. set netflow exp[...]

  • Page 902

    Logging And Network Management Co mmand Set Configuring NetFlow 1 1-160 Matrix NSA Series Configuration Guide 1 1.2.8.5 clear netflo w export-destination Use this command to clear the NetFlow collector IP address. clear netflow export-destination [ ip-address [ udp-port ]] Synt ax Description Command Default s Since only one collector address per M[...]

  • Page 903

    Logging And Network Management Command Set Configuring NetFlow Matrix NSA Series Configuration Guide 1 1-1 61 1 1 .2.8.6 set net flow export-interval Use this command to configure the NetFlow export interval. set netflow export-interval interval Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite Usage[...]

  • Page 904

    Logging And Network Management Co mmand Set Configuring NetFlow 1 1-162 Matrix NSA Series Configuration Guide 1 1.2.8.7 clear netflow export-interval Use this command to clear NetFlow export interval to its default of 30 minutes. clear netflow export-interval Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mo[...]

  • Page 905

    Logging And Network Management Command Set Configuring NetFlow Matrix NSA Series Configuration Guide 1 1-1 63 1 1 .2.8.8 set net flow port Use this command to enable NetFlow collect ion on a port. set netflow port port-string { enable | disable } Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite Exam[...]

  • Page 906

    Logging And Network Management Co mmand Set Configuring NetFlow 1 1-164 Matrix NSA Series Configuration Guide 1 1.2.8.9 clear net flow port Use this command to return a port to the default NetFlow collection state of disabled. clear netflow port port-string Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-[...]

  • Page 907

    Logging And Network Management Command Set Configuring NetFlow Matrix NSA Series Configuration Guide 1 1-1 65 1 1 .2.8.10 set net flow export-version Use this command to set the NetFlow flow reco rd format used to ex port data. Refer to V ersion Support on page 153 for more information about Ne tFlow version support. Use the show netflow config com[...]

  • Page 908

    Logging And Network Management Co mmand Set Configuring NetFlow 1 1-166 Matrix NSA Series Configuration Guide 1 1.2.8.1 1 clear net flow export-version Use this command to return the NetFlow flow record format used to export data to the default of V ersion 5. Use the show netflow config comman d ( Section 1 1.2.8.1 ) to display the current NetFlow [...]

  • Page 909

    Logging And Network Management Command Set Configuring NetFlow Matrix NSA Series Configuration Guide 1 1-1 67 1 1 .2.8.12 set net flow template Use this command to configure th e NetFlow V ersion 9 template refresh rate and/or timeout values. set netflow template {[ refresh-rate packets ] [ timeout minutes ]} Synt ax Description Command Default s A[...]

  • Page 910

    Logging And Network Management Co mmand Set Configuring NetFlow 1 1-168 Matrix NSA Series Configuration Guide The refresh rate defines the maximum dela y a new or restarted NetFlow collector would experience until it learns the format of the data records being forwarded (from the template referenced by the data records). Refresh rates affect NetFlo[...]

  • Page 911

    Logging And Network Management Command Set Configuring NetFlow Matrix NSA Series Configuration Guide 1 1-1 69 1 1 .2.8.13 clear net flow template Use this command to reset the V ersion 9 template re fresh rate and/or timeout values to their default values. clear netflow template {[ refresh-rate ] [ timeout ]} Synt ax Description Command Default s A[...]

  • Page 912

    Logging And Network Management Co mmand Set Configuring NetFlow 1 1-170 Matrix NSA Series Configuration Guide[...]

  • Page 913

    Matrix NSA Series Configuration Guide 12 -1 12 IP Configuration This chapter describes the Internet Protocol (IP) configuration set of commands and how to use them. 12.1 PROCESS OVERVIEW: INTERNET PROTOCOL (IP) CONFIGURATION Use the following steps as a guide to configuring IP on the device: 1. Configuring routing interface settings ( Section 12.2.[...]

  • Page 914

    IP Configuration Command Set Configuring Routing Interface Settings 12-2 Matrix NSA Series Configuration Gui de 12.2 IP CONFIGURATION COMMAND SET 12.2.1 Configuring Routing Interface Settings About Loopback vs . VLAN Interfaces Loopback interfaces are different from VLAN routing interfaces because they allow you to disconnect the operation of routi[...]

  • Page 915

    IP Configuration Command Set Configuring Routing Interface Settings Matrix NSA Series Configuration Guide 12-3 Purpose T o enable routing interface configuration mod e on the device, to create VLAN or loopba ck routing interfaces, to review the usability status of interfaces configured for IP , to set IP addresses for interfaces, and to enable inte[...]

  • Page 916

    IP Configuration Command Set Configuring Routing Interface Settings 12-4 Matrix NSA Series Configuration Gui de 12.2.1.1 show interface Use this command to display in formation about one or more in terfaces (VLANs or loopbacks) configured on the router . show interface [ vlan vlan-id | loopback lo opback-id | lo local-id ] Synt ax Description Comma[...]

  • Page 917

    IP Configuration Command Set Configuring Routing Interface Settings Matrix NSA Series Configuration Guide 12-5 Example This example shows how to display information for all interfaces configured on the router . In this case, one loopback interface has been configured for routing. For a detailed description of this output, refer to T able 12-2 : Mat[...]

  • Page 918

    IP Configuration Command Set Configuring Routing Interface Settings 12-6 Matrix NSA Series Configuration Gui de 12.2.1.2 interface Use this command to configure interfaces for IP routing. This comm and enables interface configuration mode from global configuration mod e, and, if the interface h as not previously been created, this command creates a[...]

  • Page 919

    IP Configuration Command Set Configuring Routing Interface Settings Matrix NSA Series Configuration Guide 12-7 12.2.1.3 ip ecm- for warding-algorithm Use this command to enable ECM (Equal Cost Multipath) for forwarding I P packets on routing interfaces. ip ecm-forwarding-algorithm [ hash-thold | round-robin ] Synt ax Description Command Synt ax of [...]

  • Page 920

    IP Configuration Command Set Configuring Routing Interface Settings 12-8 Matrix NSA Series Configuration Gui de 12.2.1.4 show ip interf ace Use this command to display in formation, including administra tive status, IP address, MTU (Maximum T ransmissi on Unit) size and bandwi dth, and ACL config urations, for interfaces configured for IP . show ip[...]

  • Page 921

    IP Configuration Command Set Configuring Routing Interface Settings Matrix NSA Series Configuration Guide 12-9 T able 12-2 provides an explanatio n of the command ou tput. T able 12-2 show ip interfa ce Output Det ails Output What It Displays... Vlan | Lpbk | Lo N Whether the interface is admini stratively and operationally up or down. IP Address I[...]

  • Page 922

    IP Configuration Command Set Configuring Routing Interface Settings 12-10 Matrix NSA Series Configuration Guide 12.2.1.5 ip address Use this command to set, remove, or disable a pr imary or secondary IP address for an interface. Each Matrix Series routing module or standalone de vi ce supports up to ro uting interfaces, with up to 50 secondary addr[...]

  • Page 923

    IP Configuration Command Set Configuring Routing Interface Settings Matrix NSA Series Configuration Guide 12-1 1 12.2.1.6 no shut down Use this command to e nable an in terface for IP routing and to a llow the interface to automatically be enabled at device startup. no shutdown Synt ax Description None. Command T ype Router command. Command Mode In[...]

  • Page 924

    IP Configuration Command Set Managing Router C onfiguration Fi les 12-12 Matrix NSA Series Configuration Guide 12.2.2 Managing Router Configuration Files Each Matrix Series device provides a single c onf iguration interface which allows you to perform both switch and router configuration with th e same command set.This sec tion demonstrates managin[...]

  • Page 925

    IP Configuration Command Set Managing Router C onfiguration Fi les Matrix NSA Series C onfiguration Guide 1 2-13 12.2.2.1 sho w ru nning-config Use this command to display th e no n-default, user -supplied commands entered while configuring the device. show running-config Synt ax Description None. Command T ype Router command. Command Mode Any rout[...]

  • Page 926

    IP Configuration Command Set Managing Router C onfiguration Fi les 12-14 Matrix NSA Series Configuration Guide 12.2.2.2 write Use this command to save or delete the router ru nning configuration, or to display it to output devices. write [ erase | file [ filename config-file ] | terminal ] Synt ax Description Command T ype Router command. Command M[...]

  • Page 927

    IP Configuration Command Set Managing Router C onfiguration Fi les Matrix NSA Series C onfiguration Guide 1 2-15 Example This example shows how to display the rout er -s pe ci fic co nfig ura tion to the terminal: Matrix>Router1# write term inal Enable Config t interface vlan 1 iP Address 182.127.63.1 255.255. 255.0 no shutdown interface vlan 2 [...]

  • Page 928

    IP Configuration Command Set Managing Router C onfiguration Fi les 12-16 Matrix NSA Series Configuration Guide 12.2.2.3 no ip routing Use this command to disable IP routing on the device an d remove the routing configuration. By default, IP routing is enab led when interfaces are config ured for it as described in Section 12.2.1 . no ip routing Syn[...]

  • Page 929

    IP Configuration Command Set Performing a Basic Router Configura tion Matrix NSA Series C onfiguration Guide 1 2-17 12.2.3 Performing a Basi c Router Configuration 12.2.3.1 Usi ng Router-On ly Config Files Although the Matrix Series’ sing le configuration interface prov ides o ne set of co mmands to perform both switch and router configuration, i[...]

  • Page 930

    IP Configuration Command Set Performing a Basic Router Confi guration 12-18 Matrix NSA Series Configuration Guide 12.2.3.3 Configuring the Router Y ou can configure th e router usin g either of the following methods. Using a downloaded file... 1. Download a router config file to the standalone or chassis using the copy command as described in Secti[...]

  • Page 931

    IP Configuration Command Set Reviewing and Configuri ng th e ARP T able Matrix NSA Series C onfiguration Guide 1 2-19 12.2.4 Reviewing and Confi guring the ARP T able Purpose T o review and configure the rou tin g ARP table, to enable proxy ARP on an interface, and to set a MAC address on an interface. Commands The comm ands used to review an d con[...]

  • Page 932

    IP Configuration Command Set Reviewing and Configuring the ARP T able 12-20 Matrix NSA Series Configuration Guide 12.2.4.1 show ip arp Use this command to display entr ies in the ARP (Address Resolution Protocol) table. ARP converts an IP address into a physical address. show ip arp [ ip-addr ess ] [ vlan vlan-id ] [ output-modifier ] Synt ax Descr[...]

  • Page 933

    IP Configuration Command Set Reviewing and Configuri ng th e ARP T able Matrix NSA Series C onfiguration Guide 1 2-21 Example This example shows how to use the show ip arp command: T able 12-3 provides an explanatio n of the command ou tput. Matrix>Router1# show ip ar p Protocol Address Age (min) Hardwa re Addr Type Interface -------------------[...]

  • Page 934

    IP Configuration Command Set Reviewing and Configuring the ARP T able 12-22 Matrix NSA Series Configuration Guide 12.2.4.2 arp Use this command to add or remo ve permanent (static) ARP table en tries. Up to 1,000 static ARP entries are supported per Matrix Series routing module or standalone devi ce. A multicast MAC address can be used in a static [...]

  • Page 935

    IP Configuration Command Set Reviewing and Configuri ng th e ARP T able Matrix NSA Series C onfiguration Guide 1 2-23 12.2.4.3 ip gratuitous-arp Use this command to override the normal ARP updating process, that occurs by default. ip gratuitous-arp { ignore | reply | reque st } Synt ax Description Command Synt ax of the “no” Form The “no” f[...]

  • Page 936

    IP Configuration Command Set Reviewing and Configuring the ARP T able 12-24 Matrix NSA Series Configuration Guide 12.2.4.4 ip gratuitous-arp-learning Use this command to allow an interface to learn new ARP bindings using gratuitous ARP . This command wil l be in ef fect if the i p gratuitous-arp ign ore command ( Section 12.2.4.3 ) is used. There w[...]

  • Page 937

    IP Configuration Command Set Reviewing and Configuri ng th e ARP T able Matrix NSA Series C onfiguration Guide 1 2-25 12.2.4.5 ip p roxy-arp Use this command to enable proxy ARP on an interface. This varia tion of the ARP protocol allows the routing mo dule to send an ARP response on be half of an end node to th e requesting host. Proxy ARP can les[...]

  • Page 938

    IP Configuration Command Set Reviewing and Configuring the ARP T able 12-26 Matrix NSA Series Configuration Guide 12.2.4.6 ip mac-address Use this command to set a MAC address on an interface. ip mac-address addr ess Synt ax Description Command Synt ax of the “no” Form The “no” form of this command clears the MAC address: no ip mac-addr ess[...]

  • Page 939

    IP Configuration Command Set Reviewing and Configuri ng th e ARP T able Matrix NSA Series C onfiguration Guide 1 2-27 12.2.4.7 arp timeout Use this command to set the dura tion (in seconds) for entries to stay in the ARP table before expiring. The device can support up to 2000 outstan ding unresolved ARP entr ies. arp timeout seconds Synt ax Descri[...]

  • Page 940

    IP Configuration Command Set Reviewing and Configuring the ARP T able 12-28 Matrix NSA Series Configuration Guide 12.2.4.8 clear arp-cache Use this command to delete all nonstatic (dynamic) entries from the ARP table. clear arp-cache Synt ax Description None. Configuration Mode Privileged EXEC: Matrix>Router1# Command Default s None. Example Thi[...]

  • Page 941

    IP Configuration Command Set Configuring Broadcast Setti ngs Matrix NSA Series C onfiguration Guide 1 2-29 12.2.5 Configuring Broadcast Settings Purpose T o configure IP broadcast settings. Commands The commands used to configure IP broadcast settings are listed below and described in the associated section as show n: • ip directed-broadcast ( Se[...]

  • Page 942

    IP Configuration Command Set Configuring Broadcast Setting s 12-30 Matrix NSA Series Configuration Guide 12.2.5.1 ip directed-broadcast Use this command to enable or disable IP directed broadcasts on an interface. ip directed-broadcast Synt ax Description None. Command Synt ax of the “no” Form The “no” form of this command disables IP direc[...]

  • Page 943

    IP Configuration Command Set Configuring Broadcast Setti ngs Matrix NSA Series C onfiguration Guide 1 2-31 12.2.5.2 ip forward-protocol Use this command to enable UDP broadcast fo rwarding and specify which protocols will be forwarded. This co mmand wo rks in conjunction with the ip helper-address command to configure UDP broadcast forwarding. For [...]

  • Page 944

    IP Configuration Command Set Configuring Broadcast Setting s 12-32 Matrix NSA Series Configuration Guide Command Default s If port is not specified, default forwarding services will be performed as listed above. Example This example shows how to enable forwarding of Domain Naming Syste m UDP datagrams (port 53): About DHCP/BOOTP Relay DHCP/BOOTP re[...]

  • Page 945

    IP Configuration Command Set Configuring Broadcast Setti ngs Matrix NSA Series C onfiguration Guide 1 2-33 12.2.5.3 ip helper-address Use this command to enable DHCP/BOOTP relay and the forwarding of local UDP broadcasts specifying a new destination address. This command works in conjunction with the ip forward-proto col command ( Section 12.2.5.2 [...]

  • Page 946

    IP Configuration Command Set Reviewing IP T raffi c and Config uring Routes 12-34 Matrix NSA Series Configuration Guide 12.2.6 Reviewing IP T raffi c and Configuring Routes Purpose T o review IP protocol information about the device, to review IP traf fic and configure routes, to enable and send router ICMP (ping) messages, and to execute tracerout[...]

  • Page 947

    IP Configuration Command Set Reviewing IP T r affic and Con figuring Routes Matrix NSA Series C onfiguration Guide 1 2-35 12.2.6.1 show ip protocols Use this command to display information about IP protocols running on the device. show ip protocol s Synt ax Description None. Command T ype Router command. Command Mode Any router mode. Command Defaul[...]

  • Page 948

    IP Configuration Command Set Reviewing IP T raffi c and Config uring Routes 12-36 Matrix NSA Series Configuration Guide Example This example shows how t o display IP proto col information. In this case, the rou ting protocol is RIP (Routing Information Protocol). For more information on config uring RIP parameters, refer to Section 13.2.2 : Matrix&[...]

  • Page 949

    IP Configuration Command Set Reviewing IP T r affic and Con figuring Routes Matrix NSA Series C onfiguration Guide 1 2-37 12.2.6.2 sho w ip traffic Use this command to display IP traf fic statistics. show ip traffic [ softpath ] Synt ax Description Command T ype Router command. Command Mode Any router mode. Command Default s If softpath is not spec[...]

  • Page 950

    IP Configuration Command Set Reviewing IP T raffi c and Config uring Routes 12-38 Matrix NSA Series Configuration Guide Example This example shows how to display IP traffic statistics: Matrix>Router1# show ip traffic IP Statistics: Rcvd: 10 total, 6 local des tination 0 header errors 0 unknown protocol, 0 security failures Frags: 0 reassemble d,[...]

  • Page 951

    IP Configuration Command Set Reviewing IP T r affic and Con figuring Routes Matrix NSA Series C onfiguration Guide 1 2-39 12.2.6.3 clear ip stat s Use this command to clear all IP traffic co unters (IP , ICMP , UDP , TCP , IGMP , and ARP). clear ip stats Synt ax Description None. Configuration Mode Privileged EXEC: Matrix>Router1# Command Defaul[...]

  • Page 952

    IP Configuration Command Set Reviewing IP T raffi c and Config uring Routes 12-40 Matrix NSA Series Configuration Guide 12.2.6.4 show ip route Use this command to display information about IP routes. show ip ro ute [ destination pr efix destination pr efix mask longer -prefixes | connected | ospf | rip | static | su mmary ] Synt ax Description Comm[...]

  • Page 953

    IP Configuration Command Set Reviewing IP T r affic and Con figuring Routes Matrix NSA Series C onfiguration Guide 1 2-41 distributed to every mod ule for use by the router's distributed forwarding engin e on the ingress module as frames a re received. Command Default s If no parameters are specified, all IP route informatio n will be displaye[...]

  • Page 954

    IP Configuration Command Set Reviewing IP T raffi c and Config uring Routes 12-42 Matrix NSA Series Configuration Guide 12.2.6.5 ip route Use this command to add or remove a static IP route. ip route pr efix mask { forwar d-addr | vlan vlan-id } [ distance ] [ pe rmanent ] [ tag value ] Synt ax Description Command Synt ax of the “no” Form The ?[...]

  • Page 955

    IP Configuration Command Set Reviewing IP T r affic and Con figuring Routes Matrix NSA Series C onfiguration Guide 1 2-43 Examples This example shows how to set IP address 10.1.2.3 as the next hop gatewa y to destination address 10.0.0.0. The rou te is assigned a tag of 1: This example shows how to set IP address 10.1.2.3 as the next hop gatewa y t[...]

  • Page 956

    IP Configuration Command Set Reviewing IP T raffi c and Config uring Routes 12-44 Matrix NSA Series Configuration Guide 12.2.6.6 ip icmp Use this command to re-enable th e Internet Control Message Protoc ol (ICMP), allowing a router to reply to IP pin g requests. By default, ICMP m essaging is enabled on a ro uting interface for both echo-reply and[...]

  • Page 957

    IP Configuration Command Set Reviewing IP T r affic and Con figuring Routes Matrix NSA Series C onfiguration Guide 1 2-45 12.2.6.7 ping Use this command to test routing network connec tivity by sending IP ping requests. The ping utili ty (IP ping only) transmits a maximum of five echo requ es ts, with a packet size of 100. The applic ation stops wh[...]

  • Page 958

    IP Configuration Command Set Reviewing IP T raffi c and Config uring Routes 12-46 Matrix NSA Series Configuration Guide 12.2.6.8 traceroute Use this command to display a hop -by-hop path throu gh an IP network from th e device to a specific destination host. Three ICMP probes w ill be tr ansmitted for each hop between the source and the traceroute [...]

  • Page 959

    IP Configuration Command Set Configuring PIM Matrix NSA Series C onfiguration Guide 1 2-47 12.2.7 Configuring PIM Purpose T o review and configure Protoc ol Independent Multicast (PIM). Commands The commands used to review and configure PIM are listed below and described in the associated section as shown: • ip pim sparse mode ( Section 12.2.7.1 [...]

  • Page 960

    IP Configuration Command Set Configuring PIM 12-48 Matrix NSA Series Configuration Guide 12.2.7.1 ip pim sparse mode Use this command to enable Prot ocol Independent Multicast (PIM) Sparse Mode (SM) on a routing interface. ip pim sparse-mode Synt ax Description None. Command Synt ax of the “no” Form The no form of this command disables PIM on a[...]

  • Page 961

    IP Configuration Command Set Configuring PIM Matrix NSA Series C onfiguration Guide 1 2-49 12.2.7.2 ip pim bsr-candidate Use this command to enable th e router to announce its candid acy as a BootStrap Router (BSR). ip pim bsr-candidate pim-interface [ hash-mas k-length ] [ priority ]] Synt ax Description Command Synt ax of the “no” Form The no[...]

  • Page 962

    IP Configuration Command Set Configuring PIM 12-50 Matrix NSA Series Configuration Guide Example This example sets the hash mask length to 30 and DR priority to 77 on VLAN 1: Matrix>Router1(config)# interfac e vlan 1 Matrix>Router1(config-if(Vlan 1 )) #ip pim bsr-candidate vlan 1 p riority 77[...]

  • Page 963

    IP Configuration Command Set Configuring PIM Matrix NSA Series C onfiguration Guide 1 2-51 12.2.7.3 ip p im dr-priority Use this command to set the priority for which a rout er will be elected as the designated router (DR). ip pim dr-priority priority Synt ax Description Command Synt ax of the “no” Form The no form of this command di sables the[...]

  • Page 964

    IP Configuration Command Set Configuring PIM 12-52 Matrix NSA Series Configuration Guide 12.2.7.4 ip pim rp-address Use this command to set a static rend ezvous point (RP) for a multicast group. ip pim rp-address rp-addr ess gr oup-addr e ss group-mask [ priority priority ] Synt ax Description Command Synt ax of the “no” Form The no form of thi[...]

  • Page 965

    IP Configuration Command Set Configuring PIM Matrix NSA Series C onfiguration Guide 1 2-53 12.2.7.5 ip pim rp-candidate Use this command to enable the route r to advertise itself as a PI M candidate rendezvous point (RP) to the BSR. Only one RP candid ate can be configured per routing module or standalone dev ice. ip pim rp-candidate pim-interface [...]

  • Page 966

    IP Configuration Command Set Configuring PIM 12-54 Matrix NSA Series Configuration Guide 12.2.7.6 show ip pim b sr Use this command to display Boot Strap Router (BSR) information. show ip pim bsr Synt ax Description None. Command T ype Router command. Command Mode Privileged EXEC: Matrix>Router1# Command Default s None. Example This example show[...]

  • Page 967

    IP Configuration Command Set Configuring PIM Matrix NSA Series C onfiguration Guide 1 2-55 BSR Hash Mask Length Length of a mask (32 bits maximu m) that is to be added with the group address before the hash fu nction is called. This value is configured by the ip pim bsr-candidate command. BSR Uptime Interval that this router has been up (in hours:m[...]

  • Page 968

    IP Configuration Command Set Configuring PIM 12-56 Matrix NSA Series Configuration Guide 12.2.7.7 show ip pim i nterface Use this command to disp lay information about PIM interfaces tha t are curre ntly up (not shutdown). show ip pim interface [ interface ] Synt ax Description Command T ype Router command. Command Mode Privileged EXEC: Matrix>R[...]

  • Page 969

    IP Configuration Command Set Configuring PIM Matrix NSA Series C onfiguration Guide 1 2-57 Nbr -Count T otal number of PIM neighb ors on the interface, discovered by receiving PIM hello messages from other PIM routers on the interface. Query-Intvl Interval betwee n Hello messages. Default is 30 seconds. DR-Prior Designated router priority value on [...]

  • Page 970

    IP Configuration Command Set Configuring PIM 12-58 Matrix NSA Series Configuration Guide 12.2.7.8 show ip pim neighbor Use this command to display inform ation about discovered PIM neighbors. show ip pim neighb or [ interface ] Synt ax Description Command T ype Router command. Command Mode Privileged EXEC: Matrix>Router1# Command Default s If no[...]

  • Page 971

    IP Configuration Command Set Configuring PIM Matrix NSA Series C onfiguration Guide 1 2-59 Expires Interval in hours, minutes, and seconds until the entry will be removed from the IP multicast routing table. Mode Mode in which the interface is operating. (DR) Indicates that this neighbor is a designated router on the LAN. T able 12-6 show ip pim ne[...]

  • Page 972

    IP Configuration Command Set Configuring PIM 12-60 Matrix NSA Series Configuration Guide 12.2.7.9 show ip pim rp Use this command to display the active rendezvo us points (RPs) that are cached with associated multicast routing entries. show ip pim rp [ gr oup | mapping | multicast gr oup addr ess ] Synt ax Description Command T ype Router command. [...]

  • Page 973

    IP Configuration Command Set Configuring PIM Matrix NSA Series C onfiguration Guide 1 2-61 T able 12-7 provides an explanatio n of the command ou tput. T able 12-7 show ip pim rp Output Det ails Output What It Displays... Group(s) Address of the multicast group(s) about which to display RP data. RP Address of the RP for that group. Priority RP prio[...]

  • Page 974

    IP Configuration Command Set Configuring PIM 12-62 Matrix NSA Series Configuration Guide 12.2.7.10 show ip pim rp-hash Use this command to displa y the rendezvous point (RP) that is being selected for a specified group. show ip pim rp-hash gr oup-ad dr ess Synt ax Description Command T ype Router command. Command Mode Privileged EXEC: Matrix>Rou[...]

  • Page 975

    IP Configuration Command Set Configuring PIM Matrix NSA Series C onfiguration Guide 1 2-63 12.2.7.1 1 sho w ip mroute Use this command to display the IP multicast ro uting table. This table shows how a multicast routing protocol, such as PI M and DVMRP , will forw ard a multicast packet. In formation in the table includes source n etwork/mask and u[...]

  • Page 976

    IP Configuration Command Set Configuring PIM 12-64 Matrix NSA Series Configuration Guide Example This example shows a portion of the IP multicast ro uting table display . In this case, it shows there are nine source PIM sparse mode (PIMSM) multicast networks. PIMSM network 1 shows an incoming route at VLAN-999 and outgoing rou tes at VLANs 410, 555[...]

  • Page 977

    IP Configuration Command Set Configuring PIM Matrix NSA Series C onfiguration Guide 1 2-65 12.2.7.12 show ip mforward Use this command to display the IP multicast forw arding table. This table shows what multicast routes have actuall y b e en pr ogrammed into th e Matrix hardware. Although redundant to the show ip mroute display ( Section 12.2.7 .1[...]

  • Page 978

    IP Configuration Command Set Configuring PIM 12-66 Matrix NSA Series Configuration Guide 12.2.7.13 show ip rpf Use this command to display the reverse path of an address in the unicast table. show ip rfp Synt ax Description None. Command T ype Router command. Command Mode Any router mode. Command Default s None. Example This example shows the rever[...]

  • Page 979

    IP Configuration Command Set Configuring L oad Sharing Ne twork Add ress T ranslation (LSNA T) Matrix NSA Series C onfiguration Guide 1 2-67 12.2.8 Configuring Load Sharing Network A ddress T ranslation (LSNA T) About LSNA T As defined in RFC 2391, LSNA T supports networ k reliability and availab ility by enabling high traffic servers to load balan[...]

  • Page 980

    IP Configuration Command Set Configuring Load Sharing Network Address T ranslatio n (LSNA T) 12-68 Matrix NSA Series Configuration Guide • The virtual port us ed by the virt ual server (configured with the virtual command , Section 12.2.8.15 ) should match the rea l port used by the real server (configured with the re al command, Section 1 2.2.8.[...]

  • Page 981

    IP Configuration Command Set Configuring L oad Sharing Ne twork Add ress T ranslation (LSNA T) Matrix NSA Series C onfiguration Guide 1 2-69 • S ticky persistence — a binding is determined by matching the source and destination IP addresses only . This allows all requests from a clie nt to the same virtual address to be directed to the same loa[...]

  • Page 982

    IP Configuration Command Set Configuring Load Sharing Network Address T ranslatio n (LSNA T) 12-70 Matrix NSA Series Configuration Guide If you also want to provide direct client access to real servers configured as part of a server farm group, there are two mechanisms that can provide direct client ac cess . The first mechanism, configured wit hin[...]

  • Page 983

    IP Configuration Command Set Configuring L oad Sharing Ne twork Add ress T ranslation (LSNA T) Matrix NSA Series C onfiguration Guide 1 2-71 • (Optional) Specify a load ba lancing algorithm. predictor ( Section 12.2.8.5 ) • (Optional) Configure this server farm to use sticky session persistence. (See “Sticky Persistence Configura tion Conside[...]

  • Page 984

    IP Configuration Command Set Configuring Load Sharing Network Address T ranslatio n (LSNA T) 12-72 Matrix NSA Series Configuration Guide • (Optional) Allow specific clients direct acce ss to a real server without using LSNA T . allow accessservers ( Section 12.2.8.19 ) Configure global direct access: • (Optional) Allow all clients to directly a[...]

  • Page 985

    IP Configuration Command Set Configuring L oad Sharing Ne twork Add ress T ranslation (LSNA T) Matrix NSA Series C onfiguration Guide 1 2-73 12.2.8.1 show ip slb serverfarms Use this command to display server lo ad balancing server farm information. show ip slb server farms [ detail | serverfarmname [ detail ]] Synt ax Description Command T ype Rou[...]

  • Page 986

    IP Configuration Command Set Configuring Load Sharing Network Address T ranslatio n (LSNA T) 12-74 Matrix NSA Series Configuration Guide 12.2.8.2 ip slb f tpctrlport Use this command to specify an FTP cont rol port for load balancing functio nality. By default, this is port 21. ip slb ftpctrlport port-number Synt ax Description Command Synt ax of t[...]

  • Page 987

    IP Configuration Command Set Configuring L oad Sharing Ne twork Add ress T ranslation (LSNA T) Matrix NSA Series C onfiguration Guide 1 2-75 12.2.8.3 ip slb serverfarm Use this command to identify an LSNAT server farm and enab le server lo ad balancing (S LB) server farm configuration mode. ip slb serverfarm serverfarm name Synt ax Description Comm[...]

  • Page 988

    IP Configuration Command Set Configuring Load Sharing Network Address T ranslatio n (LSNA T) 12-76 Matrix NSA Series Configuration Guide 12.2.8.4 real Use this command to add a real LSNA T server to a server farm and to enable LSNA T real server configuration mode. real ip-addr ess po rt number Synt ax Description Command Synt ax of the “no” Fo[...]

  • Page 989

    IP Configuration Command Set Configuring L oad Sharing Ne twork Add ress T ranslation (LSNA T) Matrix NSA Series C onfiguration Guide 1 2-77 12.2.8.5 predictor Use this command to specify which load balancing algorith m to use for selecting a real server in an LSNA T server farm. predictor [ r oundrobin | leastcon ns ] Synt ax Description Command S[...]

  • Page 990

    IP Configuration Command Set Configuring Load Sharing Network Address T ranslatio n (LSNA T) 12-78 Matrix NSA Series Configuration Guide 12.2.8.6 sticky Use this command to configure sticky session persistence for this server farm. See “S ticky Persistence Configuration Considerations” on page 12-69 for more information. This command is used in[...]

  • Page 991

    IP Configuration Command Set Configuring L oad Sharing Ne twork Add ress T ranslation (LSNA T) Matrix NSA Series C onfiguration Guide 1 2-79 12.2.8.7 show ip slb reals Use this command to display info rmation about the real servers. show ip slb reals [ detail | serverfarm s erverfarmname [ detail ]] Synt ax Description Command T ype Router command.[...]

  • Page 992

    IP Configuration Command Set Configuring Load Sharing Network Address T ranslatio n (LSNA T) 12-80 Matrix NSA Series Configuration Guide T able 12-9 provides an explanation of the detailed command output. Matrix Router1(config)#> Router1 >show ip slb reals serverfarm te n detail Server Farm : ten Real Server IP : 10.3.0 .3 Real Server Por t :[...]

  • Page 993

    IP Configuration Command Set Configuring L oad Sharing Ne twork Add ress T ranslation (LSNA T) Matrix NSA Series C onfiguration Guide 1 2-81 T able 12-9 show ip slb reals Output Det ails Output What It Displays... Server Farm Name of the server farm associated with this server . Assigned using the ip slb server farm command as described in Section [...]

  • Page 994

    IP Configuration Command Set Configuring Load Sharing Network Address T ranslatio n (LSNA T) 12-82 Matrix NSA Series Configuration Guide 12.2.8.8 inservice (real server) Use this command to ena ble a real LSNA T se rver . inservice Synt ax Description None. Command Synt ax of the “no” Form The “no” form of this command removes the real serv[...]

  • Page 995

    IP Configuration Command Set Configuring L oad Sharing Ne twork Add ress T ranslation (LSNA T) Matrix NSA Series C onfiguration Guide 1 2-83 12.2.8.9 faildetect (real server) Use this command to conf igure which method (type) is used to detect whether an LSNA T server is up or down. faildetect { ping-int seconds ping-r etries number | app-int secon[...]

  • Page 996

    IP Configuration Command Set Configuring Load Sharing Network Address T ranslatio n (LSNA T) 12-84 Matrix NSA Series Configuration Guide Example This example shows how to set the ping interval to 10 seconds and the retry numb er to 6 for the real server at IP 10.1.2.3 in the “httpserver” server farm: Matrix>Router1(config)# ip slb s erverfar[...]

  • Page 997

    IP Configuration Command Set Configuring L oad Sharing Ne twork Add ress T ranslation (LSNA T) Matrix NSA Series C onfiguration Guide 1 2-85 12.2.8.10 maxconns Use this command to limit th e number of connections to a real LSNA T server . maxconns maximum-number Synt ax Description Command Synt ax of the “no” Form The “no” form of this comm[...]

  • Page 998

    IP Configuration Command Set Configuring Load Sharing Network Address T ranslatio n (LSNA T) 12-86 Matrix NSA Series Configuration Guide 12.2.8.1 1 weight Use this command to specify the we ight load number of a real server that is a member of an LSNA T server farm. weight weight-number Synt ax Description Command Synt ax of the “no” Form The ?[...]

  • Page 999

    IP Configuration Command Set Configuring L oad Sharing Ne twork Add ress T ranslation (LSNA T) Matrix NSA Series C onfiguration Guide 1 2-87 12.2.8.12 show ip slb vservers Use this command to display server load balancing virtual server information. show ip slb vse rvers [ detail | virtserve r -name [ detail ]] Synt ax Description Command T ype Rou[...]

  • Page 1000

    IP Configuration Command Set Configuring Load Sharing Network Address T ranslatio n (LSNA T) 12-88 Matrix NSA Series Configuration Guide This example shows how to display detailed in formation about the “t est” virtual server: T able 1 2-10 provides an explanation of the detailed command output. Matrix Router1(config)#> show ip slb vservers [...]

  • Page 1001

    IP Configuration Command Set Configuring L oad Sharing Ne twork Add ress T ranslation (LSNA T) Matrix NSA Series C onfiguration Guide 1 2-89 In Service Whether or not this vi rtual server is enabled (using the inservice command as des cribed in Section 12.2.8.16 ). Service Name Whether or not the service named can also be accessed through this virt[...]

  • Page 1002

    IP Configuration Command Set Configuring Load Sharing Network Address T ranslatio n (LSNA T) 12-90 Matrix NSA Series Configuration Guide 12.2.8.13 ip slb vserver Use this command to identify an LSNA T virtual server and to access or enable the virtual server load balance (SLB) confi guration mode. ip slb vserver vserver-name Synt ax Description Com[...]

  • Page 1003

    IP Configuration Command Set Configuring L oad Sharing Ne twork Add ress T ranslation (LSNA T) Matrix NSA Series C onfiguration Guide 1 2-91 12.2.8.14 serverfarm Use this command to associa te a virtual server with an LSN A T server farm. serverfarm se rverfarm-name Synt ax Description Command Synt ax of the “no” Form The “no” form of this [...]

  • Page 1004

    IP Configuration Command Set Configuring Load Sharing Network Address T ranslatio n (LSNA T) 12-92 Matrix NSA Series Configuration Guide 12.2.8.15 virtual Use this command to configure a virtual server IP address. virtual ip-addr ess { tcp | udp } port [ ser vice service-name ] Synt ax Description Command Synt ax of the “no” Form The “no” f[...]

  • Page 1005

    IP Configuration Command Set Configuring L oad Sharing Ne twork Add ress T ranslation (LSNA T) Matrix NSA Series C onfiguration Guide 1 2-93 Command Mode SLB V irtual Server Configuration mode: Matrix>Router1(config-slb-vserver)# Command Default s If a TCP service name is not specified, none will be applied. Example This example shows how to set[...]

  • Page 1006

    IP Configuration Command Set Configuring Load Sharing Network Address T ranslatio n (LSNA T) 12-94 Matrix NSA Series Configuration Guide 12.2.8.16 inservice (virtual server) Use this command to enable a virtual LSNA T server . inservice Synt ax Description None. Command Synt ax of the “no” Form The “no” form of this command re moves the vir[...]

  • Page 1007

    IP Configuration Command Set Configuring L oad Sharing Ne twork Add ress T ranslation (LSNA T) Matrix NSA Series C onfiguration Guide 1 2-95 12.2.8.17 client Use this command to allow a specific client to us e a virtual server . If no clients are specified with this command, all clients will be allowed to use a virtual server . client ip-addr ess n[...]

  • Page 1008

    IP Configuration Command Set Configuring Load Sharing Network Address T ranslatio n (LSNA T) 12-96 Matrix NSA Series Configuration Guide 12.2.8.18 persistence level Use this command to set the type of binding used and the time limit to allow clients to remai n bound to an LSNA T virtual server . See “Session Pe rsistence” on page 12-68 for more[...]

  • Page 1009

    IP Configuration Command Set Configuring L oad Sharing Ne twork Add ress T ranslation (LSNA T) Matrix NSA Series C onfiguration Guide 1 2-97 Command Default s If not specified, persistence level is set to TCP . Examples This example shows how to set the TCP session pers istence timeout to 360 seconds on the virtual server named “virtual-http”: [...]

  • Page 1010

    IP Configuration Command Set Configuring Load Sharing Network Address T ranslatio n (LSNA T) 12-98 Matrix NSA Series Configuration Guide 12.2.8.19 allow accessservers Use this command to allow specific clients to access the load balanc ing real servers in a pa rticular LSNA T server farm without address translation. Specif ied clients can set up co[...]

  • Page 1011

    IP Configuration Command Set Configuring L oad Sharing Ne twork Add ress T ranslation (LSNA T) Matrix NSA Series C onfiguration Guide 1 2-99 12.2.8.20 ip slb allowaccess_all Use this command to allow all clients to direct ly access all services provided by real servers EXCEP T FOR those services configured for server load balancing. The real server[...]

  • Page 1012

    IP Configuration Command Set Configuring Load Sharing Network Address T ranslatio n (LSNA T) 12-100 Matrix NSA Series Configuration Guide Matrix>Router1(config)# ip slb a llowaccess_all Matrix>Router1(config)#ip slb s erverfarm httpserver Matrix>Router1(config-slb-sfarm )#real 10.1.2.1 port 80 Matrix>Router1(config-slb-real) #inservice [...]

  • Page 1013

    IP Configuration Command Set Configuring L oad Sharing Ne twork Add ress T ranslation (LSNA T) Matrix NSA Series Configura tion Guide 12-101 12.2.8.21 show ip slb conns Use this command to display active server load balancing connections. show ip slb conns [ detail | vserver virtualse rver [ detail ] | client client-ip [ detail ]] Synt ax Descripti[...]

  • Page 1014

    IP Configuration Command Set Configuring Load Sharing Network Address T ranslatio n (LSNA T) 12-102 Matrix NSA Series Configuration Guide This example shows how to display detailed in formation about active se rver load balancing connections: T able 12-1 1 provides an explan atio n of the detailed comman d o utput. Matrix>Router1# show ip slb co[...]

  • Page 1015

    IP Configuration Command Set Configuring L oad Sharing Ne twork Add ress T ranslation (LSNA T) Matrix NSA Series Configura tion Guide 12-103 12.2.8.22 show ip slb st ats Use this command to display lo ad server balancing statistics. show ip slb stats Synt ax Description None. Command T ype Router command. Command Mode Any router mode. Command Defau[...]

  • Page 1016

    IP Configuration Command Set Configuring Load Sharing Network Address T ranslatio n (LSNA T) 12-104 Matrix NSA Series Configuration Guide 12.2.8.23 show ip slb sticky Use this command to display server lo ad balancing active sticky connections. show ip slb sticky [ client ip-address ] Synt ax Description Command T ype Router command. Command Mode A[...]

  • Page 1017

    IP Configuration Command Set Configuring L oad Sharing Ne twork Add ress T ranslation (LSNA T) Matrix NSA Series Configura tion Guide 12-105 12.2.8.24 clear ip slb Use this command to clear server load balancing counters or to remove server load balancing connections. clear ip slb {[ counters ] [ connections { all | flowid flowid | serverfarm serve[...]

  • Page 1018

    IP Configuration Command Set Configuring Load Sharing Network Address T ranslatio n (LSNA T) 12-106 Matrix NSA Series Configuration Guide 12.2.8.25 show rou ter limit s Use this command to disp lay LSNA T router limits. show router limits [ lsnat-bindings ] | [ lsnat-cache] | [ lsnat-configs ] Synt ax Description Command T ype Switch command. Comma[...]

  • Page 1019

    IP Configuration Command Set Configuring L oad Sharing Ne twork Add ress T ranslation (LSNA T) Matrix NSA Series Configura tion Guide 12-107 12.2.8.26 set router limit s Use this command to set LSNA T router limits. set router limits [ lsnat-bindings lsnat-bindings ] | [ lsnat-cache lsnat-cache ] | [ lsnat-configs lsnat-configs ] Synt ax Descriptio[...]

  • Page 1020

    IP Configuration Command Set Configuring Load Sharing Network Address T ranslatio n (LSNA T) 12-108 Matrix NSA Series Configuration Guide configured, and up to 500 rea l servers and 500 c lient access e ntries can be configured. Example This example shows how to set the LSNA T configur ation limit to 25. This means that up to 25 server farms, 25 vi[...]

  • Page 1021

    IP Configuration Command Set Configuring L oad Sharing Ne twork Add ress T ranslation (LSNA T) Matrix NSA Series Configura tion Guide 12-109 12.2.8.27 clear router limit s Use this command to reset chassis-b ased LSNA T limits to default values. clear router limits [ lsnat-bindings ] | [ lsnat-cache ] | [ lsnat-configs ] Synt ax Description Command[...]

  • Page 1022

    IP Configuration Command Set Configuring Dynamic Host Configuration Protocol (DHCP) 12-1 10 Matrix NSA Series Configuration Guide 12.2.9 Configuring Dynamic Ho st Configuration Protocol (DHCP) DHCP Overview The Dynamic Host Configuration Protocol (DHCP) provides services for allocating and delivering IP addresses and other configuration parameters [...]

  • Page 1023

    IP Configuration Command Set Configuring Dynamic Host C onfigurati on Protocol (DHCP) Matrix NSA Series Configu ration Guide 12 -1 1 1 DHCP T ask List The CLI commands for DHCP Serv er provide functionality for: 1. Configuring a DHCP local pool for a subnet (required) 2. Excluding IP addresses not to be assigned to the c lients by the DHCP server ([...]

  • Page 1024

    IP Configuration Command Set Configuring Dynamic Host Configuration Protocol (DHCP) 12-1 12 Matrix NSA Series Configuration Guide Commands The commands used to configure DHCP are liste d below and described in the ass ociated section as shown: • ip dhcp server ( Section 12.2.9.1 ) • ip local pool ( Section 12.2.9.2 ) • exclude ( Section 12.2.[...]

  • Page 1025

    IP Configuration Command Set Configuring Dynamic Host C onfigurati on Protocol (DHCP) Matrix NSA Series Configuration Guide 12-1 13 • client-class ( Section 12.2.9.17 ) • client-identifier ( Section 12.2.9. 18 ) • client-name ( Section 12.2.9.19 ) • hardware-address ( Section 12.2.9.20 ) • show ip dh cp binding ( Section 1 2.2.9.21 ) • [...]

  • Page 1026

    IP Configuration Command Set Configuring Dynamic Host Configuration Protocol (DHCP) 12-1 14 Matrix NSA Series Configuration Guide 12.2.9.1 ip dhcp server Use this command to enable DHCP server features on a routing interface. ip dhcp server Synt ax Description None. Command Synt ax of the “no” Form The “no” form of this command disables DHC[...]

  • Page 1027

    IP Configuration Command Set Configuring Dynamic Host C onfigurati on Protocol (DHCP) Matrix NSA Series Configuration Guide 12-1 15 12.2.9.2 ip l ocal pool Use this command to configure a lo cal address pool to use as a DHC P subnet. This defines the range of IP addresses to be used by DHCP server an d enables IP local pool configuration mode. ip l[...]

  • Page 1028

    IP Configuration Command Set Configuring Dynamic Host Configuration Protocol (DHCP) 12-1 16 Matrix NSA Series Configuration Guide 12.2.9.3 exclude Use this command to exclude one or more addresses from a DHCP local address pool. exclu de ip-addr ess number Synt ax Description Command Synt ax of the “no” Form The “no” form of this command re[...]

  • Page 1029

    IP Configuration Command Set Configuring Dynamic Host C onfigurati on Protocol (DHCP) Matrix NSA Series Configuration Guide 12-1 17 12.2.9.4 ip d hcp ping packet s Use this command to specify the number of pack ets a DHCP server sends to an IP address before assigning the address to a requesting client. ip dhcp ping packets number Synt ax Descripti[...]

  • Page 1030

    IP Configuration Command Set Configuring Dynamic Host Configuration Protocol (DHCP) 12-1 18 Matrix NSA Series Configuration Guide 12.2.9.5 ip dhcp ping timeout Use this command to specify the amount of time the DHCP server will wait for a ping reply from an IP address before timing out. ip dhcp ping timeout milliseconds Synt ax Description Command [...]

  • Page 1031

    IP Configuration Command Set Configuring Dynamic Host C onfigurati on Protocol (DHCP) Matrix NSA Series Configuration Guide 12-1 19 12.2.9.6 ip dhcp pool Use this command to assign a name to a DHCP server pool of addresses, and to enable DHCP address pool config uration mode. ip dhcp pool name Synt ax Description Command Synt ax of the “no” For[...]

  • Page 1032

    IP Configuration Command Set Configuring Dynamic Host Configuration Protocol (DHCP) 12-120 Matrix NSA Series Configuration Guide 12.2.9.7 domain-name Use this command to assign a do main name to a DHCP client. domain-n ame domain Synt ax Description Command Synt ax of the “no” Form The “no” form of this comman d deletes a DHCP domain name: [...]

  • Page 1033

    IP Configuration Command Set Configuring Dynamic Host C onfigurati on Protocol (DHCP) Matrix NSA Series Configura tion Guide 12-121 12.2.9.8 dns-server Use this command to assign one or more DNS servers to DHCP clients. dns-server addr ess [ addr ess2...addr ess8 ] Synt ax Description Command Synt ax of the “no” Form The “no” form of this c[...]

  • Page 1034

    IP Configuration Command Set Configuring Dynamic Host Configuration Protocol (DHCP) 12-122 Matrix NSA Series Configuration Guide 12.2.9.9 netbios-name-server Use this command to assign one or more NetBIOS WINS servers to DHCP clients. netbios-name-server addr ess [ addr ess 2...addr ess8 ] Synt ax Description Command Synt ax of the “no” Form Th[...]

  • Page 1035

    IP Configuration Command Set Configuring Dynamic Host C onfigurati on Protocol (DHCP) Matrix NSA Series Configura tion Guide 12-123 12.2.9.10 netbios-node-type Use this command to assign a NetBIOS node (server) type to DHCP clien ts. netbios-node-type type Synt ax Description Command Synt ax of the “no” Form The “no” form of this comman d d[...]

  • Page 1036

    IP Configuration Command Set Configuring Dynamic Host Configuration Protocol (DHCP) 12-124 Matrix NSA Series Configuration Guide 12.2.9.1 1 default-router Use this command to assign a default router list to DHCP clients. default-router addr ess [ addr ess2...addr ess8 ] Synt ax Description Command Synt ax of the “no” Form The “no” form of t[...]

  • Page 1037

    IP Configuration Command Set Configuring Dynamic Host C onfigurati on Protocol (DHCP) Matrix NSA Series Configura tion Guide 12-125 12.2.9.12 bootfile Use this command to specify the defa ult boot image for a DHCP client. bootfile filename Synt ax Description Command Synt ax of the “no” Form The “no” form of this command deletes the boot im[...]

  • Page 1038

    IP Configuration Command Set Configuring Dynamic Host Configuration Protocol (DHCP) 12-126 Matrix NSA Series Configuration Guide 12.2.9.13 next-server Use this command to specify the next server in the DHCP server boot process. The next server is the server the client will contact for the boot file if the primary server is not able to supply it. A [...]

  • Page 1039

    IP Configuration Command Set Configuring Dynamic Host C onfigurati on Protocol (DHCP) Matrix NSA Series Configura tion Guide 12-127 12.2.9.14 option Use this command to configure DHCP options. Th ese configuration parameters and oth er control information are carried in tagged data items that are stored in the options field of the DHCP message to n[...]

  • Page 1040

    IP Configuration Command Set Configuring Dynamic Host Configuration Protocol (DHCP) 12-128 Matrix NSA Series Configuration Guide This example shows how to configure DHCP optio n 72, which assigns one or more W eb servers for DHCP clients. In this case, two W e b server addresse s are configure d : Matrix>Router1(config)# ip dhcp pool localpool M[...]

  • Page 1041

    IP Configuration Command Set Configuring Dynamic Host C onfigurati on Protocol (DHCP) Matrix NSA Series Configura tion Guide 12-129 12.2.9.15 lease Use this command to specify the duration of the lea se for an IP addres s assigned by a DH CP server to a client. lease { days [ hours ] [ minutes ] | infinite } Synt ax Description Command Synt ax of t[...]

  • Page 1042

    IP Configuration Command Set Configuring Dynamic Host Configuration Protocol (DHCP) 12-130 Matrix NSA Series Configuration Guide 12.2.9.16 host Use this command to specify an IP ad dress and netwo rk mask for manual DHCP bindi ng. host addr ess [ mask | pr efix-length ] Synt ax Description Command Synt ax of the “no” Form The “no” form of t[...]

  • Page 1043

    IP Configuration Command Set Configuring Dynamic Host C onfigurati on Protocol (DHCP) Matrix NSA Series Configura tion Guide 12-131 12.2.9.17 client-class Use this command to identify an DH CP client c lass. Using this comman d to give a set of client cla ss properties a name, allows you to as sign properties to all DHCP clients within the class ra[...]

  • Page 1044

    IP Configuration Command Set Configuring Dynamic Host Configuration Protocol (DHCP) 12-132 Matrix NSA Series Configuration Guide 12.2.9.18 client-identifier Use this command to ena ble DHCP host configur ation mode and associa te a client c lass with a DHCP client. client-identifier mac-addr ess [ client-class name ] Synt ax Description Command Syn[...]

  • Page 1045

    IP Configuration Command Set Configuring Dynamic Host C onfigurati on Protocol (DHCP) Matrix NSA Series Configura tion Guide 12-133 12.2.9.19 client-name Use this command to assign a name to a DHCP client. client-name name [ client-class name ] Synt ax Description Command Synt ax of the “no” Form The “no” form of this comm and deletes a cli[...]

  • Page 1046

    IP Configuration Command Set Configuring Dynamic Host Configuration Protocol (DHCP) 12-134 Matrix NSA Series Configuration Guide 12.2.9.20 hardware-address Use this command to specify parameters for a new DHCP client address. This command also enables DHCP host configuration mode. hardware-address har dwar e-addr ess [ type ] Synt ax Description Co[...]

  • Page 1047

    IP Configuration Command Set Configuring Dynamic Host C onfigurati on Protocol (DHCP) Matrix NSA Series Configura tion Guide 12-135 12.2.9.21 show ip dhcp binding Use this command to display information about one or all DHCP address bindings. show ip dhcp binding [ ip - addr ess ] Synt ax Description Command T ype Router command. Command Mode Any D[...]

  • Page 1048

    IP Configuration Command Set Configuring Dynamic Host Configuration Protocol (DHCP) 12-136 Matrix NSA Series Configuration Guide 12.2.9.22 clear ip dhcp bin ding Use this command to delete one or all automatic DHCP address bindings. clear ip dhcp binding { addr ess | * } Synt ax Description Command T ype Router command. Command Mode Privileged EXEC[...]

  • Page 1049

    IP Configuration Command Set Configuring Dynamic Host C onfigurati on Protocol (DHCP) Matrix NSA Series Configura tion Guide 12-137 12.2.9.23 show ip dhcp server st atistics Use this command to display DHCP server statistics. show ip dhcp server statistics Synt ax Description None. Command T ype Router command. Command Mode Any DHCP configuration m[...]

  • Page 1050

    IP Configuration Command Set Configuring Dynamic Host Configuration Protocol (DHCP) 12-138 Matrix NSA Series Configuration Guide T able 1 2-13 provides an explanation of th e command output. T a ble 12 -13 s how ip dhcp s erver statistics Outp ut Details Output What It Displays... Memory usage Bytes of RAM allocated by the DHCP server . Address poo[...]

  • Page 1051

    IP Configuration Command Set Configuring Dynamic Host C onfigurati on Protocol (DHCP) Matrix NSA Series Configura tion Guide 12-139 12.2.9.24 clear ip dhcp server st atistics Use this command to reset all DHCP server counte rs. clear ip dhcp server statistics Synt ax Description None. Command T ype Router command. Command Mode Privileged EXEC: Matr[...]

  • Page 1052

    IP Configuration Command Set Configuring Dynamic Host Configuration Protocol (DHCP) 12-140 Matrix NSA Series Configuration Guide[...]

  • Page 1053

    Matrix NSA Series Configuration Guide 13 -1 13 Routing Protocol Configuration This chapter describes the Routing Protocol Config uration set of commands and how to use them. 13.1 PROCESS OVERVIEW: ROUTING PROTOCOL CONFIGURATION Use the following steps as a guide to conf iguring routing proto cols on the device: 1. Activating advanced routing featur[...]

  • Page 1054

    Routing Protocol Config uration Command Set Activating Advanced Routing Feature s 13-2 Matrix NSA Series Configuration Gui de 13.2 ROUTING PROTOCOL CONFIGURATION COMMAND SET 13.2.1 Activating Advanced Routing Features In order to enable ad va nced routing prot oc ols, such as OSPF and extend ed ACLs, on a Matrix Series device , you must purchase an[...]

  • Page 1055

    Routing Protocol Conf igura tion Command Set Configuring R IP Matrix NSA Series Configuration Guide 13-3 Specify a RIP version. ip rip send version ( Section 13.2.2.7 ) ip rip receive version ( Section 13. 2.2.8 ) Configure RIP authentication. key chain ( Section 13.2. 2.9 ) key ( Section 13.2.2.10 ) key-string ( Section 13.2.2. 1 1 ) accept-lifeti[...]

  • Page 1056

    Routing Protocol Config uration Command Set Configuring RIP 13-4 Matrix NSA Series Configuration Gui de 13.2.2.1 router rip Use this command to enable or disable RIP configuration mode. router rip Synt ax Description None. Command Synt ax of the “no” Form The “no” form of this command disables RIP: no router ri p Command T ype Router comman[...]

  • Page 1057

    Routing Protocol Conf igura tion Command Set Configuring R IP Matrix NSA Series Configuration Guide 13-5 13.2.2.2 netw ork Use this command to attac h a network of directly connected networks to a RIP routing process, or to remove a network from a RIP routing process. network ip-addr ess Synt ax Description Command Synt ax of the “no” Form The [...]

  • Page 1058

    Routing Protocol Config uration Command Set Configuring RIP 13-6 Matrix NSA Series Configuration Gui de 13.2.2.3 neighbor Use this command to instruct the router to send un icast RIP information to an IP addr ess. RIP is normally a broadcast protocol. In order for RIP r outing updates to reach nonbroadcast networks, the neighbor ’ s IP address mu[...]

  • Page 1059

    Routing Protocol Conf igura tion Command Set Configuring R IP Matrix NSA Series Configuration Guide 13-7 13.2.2.4 dist ance Use this command to configure th e administrative distance for RIP routes. If several routes (coming from different protocols) are presented to the Matrix Series Route T able Manager (R TM), the protocol with the lowest admini[...]

  • Page 1060

    Routing Protocol Config uration Command Set Configuring RIP 13-8 Matrix NSA Series Configuration Gui de Example This example shows how to ch ange the default administrative distance for RIP to 1001: Matrix>Router1(config)# router r ip Matrix>Router1(config-router)# d istance 100[...]

  • Page 1061

    Routing Protocol Conf igura tion Command Set Configuring R IP Matrix NSA Series Configuration Guide 13-9 13.2.2.5 ip rip off set Use this command to add or remove an of fset to the metric of an incoming or outg oing RIP route. Adding an offset on an interface is used fo r the purpose of making an interface a backup. ip rip offset { in | out } value[...]

  • Page 1062

    Routing Protocol Config uration Command Set Configuring RIP 13-10 Matrix NSA Series Configuration Guide 13.2.2.6 timers Use this command to adjust RIP routing timers determining the frequency of routing updates, the length of time before a route b ecomes invalid, and the interval du ring which routing information regarding better paths is suppress [...]

  • Page 1063

    Routing Protocol Conf igura tion Command Set Configuring R IP Matrix NSA Series Configuration Guide 13-1 1 13.2.2.7 ip rip send version Use this command to set the RIP version(s) for update packets transmitted on an interface. ip rip send version { 1 | 2 | r1compatible } Synt ax Description Command Synt ax of the “no” Form The “no” form of [...]

  • Page 1064

    Routing Protocol Config uration Command Set Configuring RIP 13-12 Matrix NSA Series Configuration Guide 13.2.2.8 ip rip receive version Use this command to set the RI P version(s) for update packets a ccepted on the interface . ip rip receive version { 1 | 2 | 1 2 | none } Synt ax Description Command Synt ax of the “no” Form The “no” form o[...]

  • Page 1065

    Routing Protocol Conf igura tion Command Set Configuring R IP Matrix NSA Series C onfiguration Guide 1 3-13 About RIP Authentication The following tasks must be completed to configur e RIP authentication on a Matrix Series routing module: 1. Create a key chain as described in Sectio n 13.2.2.9 . 2. Add a key to the chain as described in Section 13.[...]

  • Page 1066

    Routing Protocol Config uration Command Set Configuring RIP 13-14 Matrix NSA Series Configuration Guide 13.2.2.9 key chain Creates or deletes a key chain used globally for RIP authentication. key chai n name Synt ax Description Command Synt ax of the “no” Form The “no” form of this command deletes the specified key chain: no key chain name [...]

  • Page 1067

    Routing Protocol Conf igura tion Command Set Configuring R IP Matrix NSA Series C onfiguration Guide 1 3-15 13.2.2.10 key Use this command to identify a RIP authentication key on a key chain. key key-id Synt ax Description Command Synt ax of the “no” Form The “no” form of this comman d re moves the key from the key chain: no key key-id Comm[...]

  • Page 1068

    Routing Protocol Config uration Command Set Configuring RIP 13-16 Matrix NSA Series Configuration Guide 13.2.2.1 1 key-string Use this command to specify a RIP authentication string for a key . Once c onfigured, this string must be sent and received in RIP packets in order for them to be authenticated. key-string text Synt ax Description Command Sy[...]

  • Page 1069

    Routing Protocol Conf igura tion Command Set Configuring R IP Matrix NSA Series C onfiguration Guide 1 3-17 13.2.2.12 accept-lifeti me Use this command to speci fy the time period during which an authentication key on a key ch ain is valid to be received. accept-lifetime start-time month date year { duration seconds | end-time | infinite } Synt ax [...]

  • Page 1070

    Routing Protocol Config uration Command Set Configuring RIP 13-18 Matrix NSA Series Configuration Guide Command Mode Key chain key co nfig uration : Matrix>Router1(con fig-keychain-key)# Command Default s None. Examples This example shows how to allow the “password” au thentication key to be received as valid on its RIP-configured interface [...]

  • Page 1071

    Routing Protocol Conf igura tion Command Set Configuring R IP Matrix NSA Series C onfiguration Guide 1 3-19 13.2.2.13 send-lifetime Use this command to speci fy the time period during which an authentication key on a key ch ain is valid to be sent. send-lifetime start-time month date year { duration seconds | end-time | infinite } Synt ax Descripti[...]

  • Page 1072

    Routing Protocol Config uration Command Set Configuring RIP 13-20 Matrix NSA Series Configuration Guide Command Default s None. Example This example shows how to allow the “password” authentication key to be sent as valid on its RIP-configured interface beginnin g at 2:30 on November 30, 2002 with no ending time (infinitely): Matrix>Router1([...]

  • Page 1073

    Routing Protocol Conf igura tion Command Set Configuring R IP Matrix NSA Series C onfiguration Guide 1 3-21 13.2.2.14 ip rip authentication keychain Use this command to enable or disable a RIP au thentication key chain for use on an interface. ip rip authen tication keyc hain name Synt ax Description Command Synt ax of the “no” Form The “no?[...]

  • Page 1074

    Routing Protocol Config uration Command Set Configuring RIP 13-22 Matrix NSA Series Configuration Guide 13.2.2.15 ip rip aut hentication mode Use this command to set th e authentication mode when a key chain is present. ip rip authentication mode { text | md5 } Synt ax Description Command Synt ax of the “no” Form The “no” form of this comma[...]

  • Page 1075

    Routing Protocol Conf igura tion Command Set Configuring R IP Matrix NSA Series C onfiguration Guide 1 3-23 13.2.2.16 no auto-summary Use this command to disable automatic route summariz ation. By default, RIP ve rsion 2 supports automatic route summarization, which summarizes subprefixes to the classful network boundary when crossing network boun [...]

  • Page 1076

    Routing Protocol Config uration Command Set Configuring RIP 13-24 Matrix NSA Series Configuration Guide 13.2.2.17 ip rip disable-triggered-up dates Use this command to prevent RIP from sending trig gered up dates. T riggered updates are sent when there is a cha nge in the ne tw ork an d a new route with a lower metric is lea r ne d, or an old route[...]

  • Page 1077

    Routing Protocol Conf igura tion Command Set Configuring R IP Matrix NSA Series C onfiguration Guide 1 3-25 13.2.2.18 ip split-horizon poison Use this command to enable or disable split ho rizon poison-reverse mode for RIP packets. Split horizon prevents packets from exit ing through the same interface on which they were received. Poison-reverse ex[...]

  • Page 1078

    Routing Protocol Config uration Command Set Configuring RIP 13-26 Matrix NSA Series Configuration Guide 13.2.2.19 p assive-interface Use this command to prevent RIP from tran smitting update packets on an interface. passive-interface vlan vlan-id Synt ax Description Command Synt ax of the “no” Form The “no” form of this comm and disables pa[...]

  • Page 1079

    Routing Protocol Conf igura tion Command Set Configuring R IP Matrix NSA Series C onfiguration Guide 1 3-27 13.2.2.20 receive-interface Use this command to allow RIP to receive update pa cke ts on an interface. Th is does not affect the sending of RIP updates on the specified interface. receive-interface vlan vlan-id Synt ax Description Command Syn[...]

  • Page 1080

    Routing Protocol Config uration Command Set Configuring RIP 13-28 Matrix NSA Series Configuration Guide 13.2.2.21 distribute-list Use this command to filte r networks received and to suppress networks from being advertised in RIP updates. distribute-list access-list-number { in vlan vlan-id | out vlan vlan-id } Synt ax Description Command Synt ax o[...]

  • Page 1081

    Routing Protocol Conf igura tion Command Set Configuring R IP Matrix NSA Series C onfiguration Guide 1 3-29 13.2.2.22 redistribute Use this command to allow rout i ng information disco vered through non-RIP p rotocols to be distributed in RIP update messages. redistribute { connected | ospf pr ocess-id | static } [ metric metric value ] [ subnets ][...]

  • Page 1082

    Routing Protocol Config uration Command Set Configuring RIP 13-30 Matrix NSA Series Configuration Guide Example This example shows how to redistribute routing info rmation discovered th rough OSPF process ID 1 non-subnetted routes into RIP update messages: Matrix>Router1(config)# router r ip Matrix>Router1(config-router)# r edistribute ospf 1[...]

  • Page 1083

    Routing Protocol Conf igura tion Command Set Configuring OSPF Matrix NSA Series C onfiguration Guide 1 3-31 13.2.3 Configuring OSPF Purpose T o enable and configure th e Open Shortest Path First (OSPF) routing protocol. OSPF Configuration T ask List and Commands T able 13-2 lists the tasks and commands associated with OSPF configuration. Commands a[...]

  • Page 1084

    Routing Protocol Config uration Command Set Configuring OSPF 13-32 Matrix NSA Series Configuration Guide • Set a priority to help determine the OSPF designated router for the network. ip ospf priority ( Section 13 .2.3.5 ) • Adjust timers and message intervals. timers spf ( Section 1 3.2.3.6 ) ip ospf retransmit-interval ( Section 13.2.3.7 ) ip[...]

  • Page 1085

    Routing Protocol Conf igura tion Command Set Configuring OSPF Matrix NSA Series C onfiguration Guide 1 3-33 Limit link state database overflow . d atabase-overflow ( Section 13.2.3.22 ) Monitor and maintain OSPF . show ip ospf ( Section 13.2.3.23 ) show ip ospf database ( Section 13.2.3.24 ) show ip ospf border -routers ( Section 13.2.3.25 ) show i[...]

  • Page 1086

    Routing Protocol Config uration Command Set Configuring OSPF 13-34 Matrix NSA Series Configuration Guide 13.2.3.1 router osp f Use this command to enable or disable Open Sh ortest Path First (OSPF) configuration mode. r o uter ospf pr ocess-id Synt ax Description Command Synt ax of the “no” Form The “no” form of this command disables OSPF c[...]

  • Page 1087

    Routing Protocol Conf igura tion Command Set Configuring OSPF Matrix NSA Series C onfiguration Guide 1 3-35 13.2.3.2 netw ork Use this command to configur e area IDs for OSPF interfaces. network ip - addr ess wildcar d-mask area ar ea-id Synt ax Description Command Synt ax of the “no” Form The “no” form of this command removes OSPF routing [...]

  • Page 1088

    Routing Protocol Config uration Command Set Configuring OSPF 13-36 Matrix NSA Series Configuration Guide 13.2.3.3 router id Use this command to set the OSPF router ID for the device. The OSPF protocol uses the router ID as a tie-breaker for path selection. If not specified, this will be set to the lowest IP address of the interfaces configured for [...]

  • Page 1089

    Routing Protocol Conf igura tion Command Set Configuring OSPF Matrix NSA Series C onfiguration Guide 1 3-37 13.2.3.4 ip o sp f cost Use this command to set the cost of sending an OSPF packet on an interface. Each router interface that participates in OSPF routing is assigned a de fault cost. This command overwrites the default of 10. ip ospf cost c[...]

  • Page 1090

    Routing Protocol Config uration Command Set Configuring OSPF 13-38 Matrix NSA Series Configuration Guide 13.2.3.5 ip osp f priority Use this command to set the OSPF priority value for router interfaces. The priority value is communicated between routers by means of he llo messages and influen ces the election of a designated rout er . ip ospf prior[...]

  • Page 1091

    Routing Protocol Conf igura tion Command Set Configuring OSPF Matrix NSA Series C onfiguration Guide 1 3-39 13.2.3.6 timers sp f Use this command to change OSPF timer values to fine-tune the OSPF network. timers spf spf-delay spf-hold Synt ax Description Command Synt ax of the “no” Form The “no” form of this command res tores the default ti[...]

  • Page 1092

    Routing Protocol Config uration Command Set Configuring OSPF 13-40 Matrix NSA Series Configuration Guide 13.2.3.7 ip osp f retransmit- interval Use this command to set the amou nt of time between retransmissions of link state advertisements (LSAs) for adjacencies that belong to an interface. ip ospf r etransmit-interval seconds Synt ax Description [...]

  • Page 1093

    Routing Protocol Conf igura tion Command Set Configuring OSPF Matrix NSA Series C onfiguration Guide 1 3-41 13.2.3.8 ip ospf transmit-delay Use this command to set the amount of time requir ed to transmit a link state update packet on an interface. ip ospf transmit-delay seconds Synt ax Description Command Synt ax of the “no” Form The “no” [...]

  • Page 1094

    Routing Protocol Config uration Command Set Configuring OSPF 13-42 Matrix NSA Series Configuration Guide 13.2.3.9 ip osp f hello-interval Use this command to set th e number of seconds a ro uter must wait before sending a hello packet to neighbor routers on an interface. Each Matrix Series routing module or standa lone device can support communicat[...]

  • Page 1095

    Routing Protocol Conf igura tion Command Set Configuring OSPF Matrix NSA Series C onfiguration Guide 1 3-43 13.2.3.10 ip osp f dead -interval Use this command to set the numb er of seconds a router must wait to receive a hello packet from its neighbor before determining that the neighbor is out of service. ip ospf dead-interval seconds Synt ax Desc[...]

  • Page 1096

    Routing Protocol Config uration Command Set Configuring OSPF 13-44 Matrix NSA Series Configuration Guide 13.2.3.1 1 ip osp f authentication-key Use this command to assign a password to be us ed by neighboring rout ers using OSPF’ s simple password authentication. Th is password is used as a “key” that is inserted directly into the OSPF header[...]

  • Page 1097

    Routing Protocol Conf igura tion Command Set Configuring OSPF Matrix NSA Series C onfiguration Guide 1 3-45 13.2.3.12 ip osp f message digest key md5 Use this command to enable or disable OSPF MD 5 authentication on an in terface. This validates OSPF MD5 routing updates be tween neighboring routers. ip ospf message-digest-key keyid md5 key Synt ax [...]

  • Page 1098

    Routing Protocol Config uration Command Set Configuring OSPF 13-46 Matrix NSA Series Configuration Guide 13.2.3.13 dist ance osp f Use this command to configure the administrative distance for OSPF routes. If several routes (coming from different protocols) are presented to the Matrix Series Route T able Manager (R TM), the protocol with the lowest[...]

  • Page 1099

    Routing Protocol Conf igura tion Command Set Configuring OSPF Matrix NSA Series C onfiguration Guide 1 3-47 Command Default s If route type is not specifie d, the distance value will be applied to all OSPF routes. Example This example shows how to change the default administrative distan ce for external OSPF routes to 100: Matrix>Router1(config)[...]

  • Page 1100

    Routing Protocol Config uration Command Set Configuring OSPF 13-48 Matrix NSA Series Configuration Guide 13.2.3.14 area range Use this command to define the range of addresse s to be used by Area Border Routers (ABRs) when they communicate routes to other areas. Each Ma trix Series module or standalone device can support up to 6 OSPF areas and up t[...]

  • Page 1101

    Routing Protocol Conf igura tion Command Set Configuring OSPF Matrix NSA Series C onfiguration Guide 1 3-49 13.2.3.15 area authentication Use this command to enable or disa ble authenti cation for an OSPF area. area area-id authentication { simple | message-digest } Synt ax Description Command Synt ax of the “no” Form The “no” form of this [...]

  • Page 1102

    Routing Protocol Config uration Command Set Configuring OSPF 13-50 Matrix NSA Series Configuration Guide 13.2.3.16 area stub Use this command to define an OSPF area as a stub area. This is an area that carries no external routes. area ar ea-id stub [ no-summary ] Synt ax Description Command Synt ax of the “no” Form The “no” form of this com[...]

  • Page 1103

    Routing Protocol Conf igura tion Command Set Configuring OSPF Matrix NSA Series C onfiguration Guide 1 3-51 13.2.3.17 area default cost Use this command to set the cost va lue for the default route that is sent into a stub area by an Area Border Router (ABR). The use of this command is restricted to ABRs attached to stub areas. area area-id default[...]

  • Page 1104

    Routing Protocol Config uration Command Set Configuring OSPF 13-52 Matrix NSA Series Configuration Guide 13.2.3.18 area nssa Use this command to configure an area as a no t so stubby area (NSSA). An NSSA allows some external routes represented by external Link State Advertisements (LSAs) to be imported into it. This is in contrast to a stub area th[...]

  • Page 1105

    Routing Protocol Conf igura tion Command Set Configuring OSPF Matrix NSA Series C onfiguration Guide 1 3-53 13.2.3.19 area virtual-link Use this command to define an OSPF virtual lin k, which represents a lo gical connection between the backbone and a non-backbone OSPF area. area ar ea-id virtual-link ip-addr ess The options for using this syntax a[...]

  • Page 1106

    Routing Protocol Config uration Command Set Configuring OSPF 13-54 Matrix NSA Series Configuration Guide Command Synt ax of the “no” Form The “no” form of this comm and removes the virtual link: no area ar ea-id virtual-link ip-addr ess authentication-key key no area ar ea-id virtual-link ip-addr ess dead-interval seconds no area ar ea-id v[...]

  • Page 1107

    Routing Protocol Conf igura tion Command Set Configuring OSPF Matrix NSA Series C onfiguration Guide 1 3-55 13.2.3.20 p assive-interface Use this command to enable passiv e OSPF on an interface. This allo ws an interface to be included in the OSPF route table, but turns of f sending and receiving hellos for an interface. It also prevents OSPF adjac[...]

  • Page 1108

    Routing Protocol Config uration Command Set Configuring OSPF 13-56 Matrix NSA Series Configuration Guide 13.2.3.21 redistribute Use this command to allow rou ting inf ormation discovered through non-OSPF protocols to be distributed in OSPF update messages. redistribute { rip | static [ metric metric value ] [ metric-type type-value ] [ subnets ] [ [...]

  • Page 1109

    Routing Protocol Conf igura tion Command Set Configuring OSPF Matrix NSA Series C onfiguration Guide 1 3-57 Command Synt ax of the “no” Form The “no” form of this command clears redistribution parameters: no redistribute { connected | rip | static } Command Mode Router configuration: Matrix>Router1(config-router)# Command Default s • I[...]

  • Page 1110

    Routing Protocol Config uration Command Set Configuring OSPF 13-58 Matrix NSA Series Configuration Guide 13.2.3.22 dat abase-overflow Use this command to limit the size of OSPF lin k state database overflow , a condition where the router is unable to maintain the database in its entirety . Setting database ov erflow allows you to set a limit on the[...]

  • Page 1111

    Routing Protocol Conf igura tion Command Set Configuring OSPF Matrix NSA Series C onfiguration Guide 1 3-59 Command Default s None. Example This example shows how to set the OSPF database exit overflow interval to 240 seconds, the overflow limit to 3800 LSAs, an d the warning level to 2500 LSAs: Matrix->Router1(config)# r outer ospf 1 Matrix->[...]

  • Page 1112

    Routing Protocol Config uration Command Set Configuring OSPF 13-60 Matrix NSA Series Configuration Guide 13.2.3.23 show ip o sp f Use this command to di splay OSPF information. show ip ospf Synt ax Description None. Command T ype Router command. Command Mode Any router mode. Command Default s None.[...]

  • Page 1113

    Routing Protocol Conf igura tion Command Set Configuring OSPF Matrix NSA Series C onfiguration Guide 1 3-61 Example This example shows how to display OSPF information: Matrix>Router1# show ip os pf Routing Process "ospf 20 " with I D 134.141.7.2 Supports only single TOS(TOS0) ro ute It is an area border and autonomo us system boundary [...]

  • Page 1114

    Routing Protocol Config uration Command Set Configuring OSPF 13-62 Matrix NSA Series Configuration Guide 13.2.3.24 show ip o sp f database Use this command to display the OSPF link state database. show ip ospf database [ link-state-id ] The options for using this syntax ar e: • show ip ospf database ro uter [ link-state-id ] • show ip ospf data[...]

  • Page 1115

    Routing Protocol Conf igura tion Command Set Configuring OSPF Matrix NSA Series C onfiguration Guide 1 3-63 Command T ype Router command. Command Mode Any router mode. Command Default s If link-state-id is not specified, the specified ty pe of database records wi ll be displayed for all link st ate IDs. Example This example shows how to display a l[...]

  • Page 1116

    Routing Protocol Config uration Command Set Configuring OSPF 13-64 Matrix NSA Series Configuration Guide T able 13-3 show ip ospf dat abase Output Det ails Output What It Displays... Link ID Link ID, which varies as a function of the link state record type, as follows: • Net Link States - Shows the interface IP address of the designated rou t er [...]

  • Page 1117

    Routing Protocol Conf igura tion Command Set Configuring OSPF Matrix NSA Series C onfiguration Guide 1 3-65 13.2.3.25 show ip osp f bord er-routers Use this command to display in formation about OSPF internal entries to Area Border Routers (ABRs) and Autonomous System Boundary Routers (ASBRs). show ip ospf border-routers Synt ax Description None. C[...]

  • Page 1118

    Routing Protocol Config uration Command Set Configuring OSPF 13-66 Matrix NSA Series Configuration Guide 13.2.3.26 show ip o sp f interf ace Use this command to display OSPF interface related information, in cluding network type, priority , cost, hello interval, and dead interval. show ip ospf interface [ vlan vlan-id ] Synt ax Description Command [...]

  • Page 1119

    Routing Protocol Conf igura tion Command Set Configuring OSPF Matrix NSA Series C onfiguration Guide 1 3-67 T able 13-4 show ip osp f interface Output Det ails Output What It Disp lays... Vlan Interface (VLAN) administrative status as up or down. Internet Address IP address and mask assigned to this interface. Router ID Router ID, which O SPF selec[...]

  • Page 1120

    Routing Protocol Config uration Command Set Configuring OSPF 13-68 Matrix NSA Series Configuration Guide Adjacent neighbor count Number of adjacent (FULL state) neighbors over this interface. Adjacent with neighbor IP address of the adjacent neighbor . T able 13-4 show ip osp f interface Output Det ails (Continued) Output What It Displays...[...]

  • Page 1121

    Routing Protocol Conf igura tion Command Set Configuring OSPF Matrix NSA Series C onfiguration Guide 1 3-69 13.2.3.27 show ip ospf neighbor Use this command to disp lay the state of communic ation between an OSPF rout er and its neighbor routers. show ip ospf neighbor [ detail ] [ ip-addr ess ] [ vlan vlan-id ] Synt ax Description Command T ype Rou[...]

  • Page 1122

    Routing Protocol Config uration Command Set Configuring OSPF 13-70 Matrix NSA Series Configuration Guide T able 13-5 provides an expla natio n o f the command outp ut. T able 13-5 show ip ospf neighbor Output Det ails Output What It Displays... ID Neighbor ’ s router ID of the OSPF neighbor . Pri Neighbor ’ s priority over this interface. S tat[...]

  • Page 1123

    Routing Protocol Conf igura tion Command Set Configuring OSPF Matrix NSA Series C onfiguration Guide 1 3-71 13.2.3.28 show ip osp f virtual-links Use this command to display info rmation abou t the virtual link s configured on a rou ter . A virtual link represents a logical connection between the backbone and a non-backbone OS PF area. show ip ospf[...]

  • Page 1124

    Routing Protocol Config uration Command Set Configuring OSPF 13-72 Matrix NSA Series Configuration Guide T ransit Delay T ime (in sec onds) added to the LSA (Link S tate Advertisement) age field when the LSA is transmitted through the virtual link. S tate Interface state assigned to a virtual link, which is point-to-point. T imer intervals configur[...]

  • Page 1125

    Routing Protocol Conf igura tion Command Set Configuring OSPF Matrix NSA Series C onfiguration Guide 1 3-73 13.2.3.29 clear ip osp f pro cess Use this command to reset the OSPF process. This will require adjacencies to be reestablished a nd routes to be reconver ged. clear ip ospf process pr ocess-id Synt ax Description Command T ype Router command[...]

  • Page 1126

    Routing Protocol Config uration Command Set Configuring OSPF 13-74 Matrix NSA Series Configuration Guide 13.2.3.30 debug ip osp f Use this command to enable OSPF pro t oc ol debugging output. debug i p osp f { subsystem } Synt ax Description Command Synt ax of the “no” Form The “no” form of th is command disables OSPF protocol debugging out[...]

  • Page 1127

    Routing Protocol Conf igura tion Command Set Configuring OSPF Matrix NSA Series C onfiguration Guide 1 3-75 13.2.3.31 rfc1583comp atible Use this command to enable the O SPF router for RFC 1385 compatibility . rfc1583compatible Synt ax Description None Command Synt ax of the “no” Form The “no” form of this command re moves OSPF RFC 1583 com[...]

  • Page 1128

    Routing Protocol Config uration Command Set Configuring DVMRP 13-76 Matrix NSA Series Configuration Guide 13.2.4 Configuring DVMRP Purpose T o enable and configure the Distanc e V ector Mul ticast Routing Protocol (DVMRP) on an interface. DVMRP routes multicast traf fic using a techniqu e known as Reverse Path Forwarding. W hen a router receives a [...]

  • Page 1129

    Routing Protocol Conf igura tion Command Set Configuring DVMRP Matrix NSA Series C onfiguration Guide 1 3-77 13.2.4.1 ip dvmrp Use this command to enable or disable DVMRP on an interface. ip dvmrp Synt ax Description None. Command Synt ax of the “no” Form The “no” form of this command disables DVMRP: no ip dvmrp Command T ype Router command[...]

  • Page 1130

    Routing Protocol Config uration Command Set Configuring DVMRP 13-78 Matrix NSA Series Configuration Guide 13.2.4.2 ip dvmrp met ric Use this command to configure the metric associat ed with a set of destinations for DVMRP reports. ip dvmrp metric metric Synt ax Description Command T ype Router command. Command Mode Interface configuration: Matrix&g[...]

  • Page 1131

    Routing Protocol Conf igura tion Command Set Configuring DVMRP Matrix NSA Series C onfiguration Guide 1 3-79 13.2.4.3 show ip dvmrp route Use this command to displa y DVMRP routing information. show ip dvmrp route Synt ax Description None. Command T ype Router command. Command Mode Any router mode. Command Default s None. Example This example shows[...]

  • Page 1132

    Routing Protocol Config uration Command Set Configuring DVMRP 13-80 Matrix NSA Series Configuration Guide Matrix>Router1# show ip dvmrp ro ute flag characters used: ------------- V Neighbor is verified. P Neighbor supports pruning. G Neighbor supports generation ID. N Neighbor supports netmask in prunes and grafts. S Neighbor supports SNMP. M Ne[...]

  • Page 1133

    Routing Protocol Conf igura tion Command Set Configuring IRDP Matrix NSA Series C onfiguration Guide 1 3-81 13.2.5 Configuring IRDP Purpose T o enable and configure the ICMP Router Discovery Protocol (IRDP) on an interface. This protocol enables a host to determine the address of a router it can use as a default gateway . Commands The commands used[...]

  • Page 1134

    Routing Protocol Config uration Command Set Configuring IRDP 13-82 Matrix NSA Series Configuration Guide 13.2.5.1 ip ird p Use this command to enable or disable IRDP on an interface. ip ird p Synt ax Description None. Command Synt ax of the “no” Form The “no” form of this command disables IRDP on an interface: no ip irdp Command T ype Route[...]

  • Page 1135

    Routing Protocol Conf igura tion Command Set Configuring IRDP Matrix NSA Series C onfiguration Guide 1 3-83 13.2.5.2 ip ird p maxadvertinterval Use this command to set the maximum interv al in seconds between IRDP advertisements. ip irdp maxadvertinterval interval Synt ax Description Command Synt ax of the “no” Form The “no” form of this co[...]

  • Page 1136

    Routing Protocol Config uration Command Set Configuring IRDP 13-84 Matrix NSA Series Configuration Guide 13.2.5.3 ip ird p minadvertinterval Use this command to set the minimum interval in seco nds between IRDP advertisement s. ip irdp minadvertinterval interval Synt ax Description Command Synt ax of the “no” Form The “no” form of this comm[...]

  • Page 1137

    Routing Protocol Conf igura tion Command Set Configuring IRDP Matrix NSA Series C onfiguration Guide 1 3-85 13.2.5.4 ip ird p hold time Use this command to set the length of time in se conds IRDP advertisements are held valid. ip irdp holdtime holdtime Synt ax Description Command Synt ax of the “no” Form The “no” form of this command res et[...]

  • Page 1138

    Routing Protocol Config uration Command Set Configuring IRDP 13-86 Matrix NSA Series Configuration Guide 13.2.5.5 ip ird p preference Use this command to set the IRDP preference value for an interface. This valu e i s us e d b y I RD P t o determine the interface ’ s selection as a default gatewa y address. ip irdp preference pr efer ence Synt ax[...]

  • Page 1139

    Routing Protocol Conf igura tion Command Set Configuring IRDP Matrix NSA Series C onfiguration Guide 1 3-87 13.2.5.6 ip irdp address Use this command to add additional IP addresses for IRDP to advertise. ip irdp address ip-addr ess pr efer ence Synt ax Description Command Synt ax of the “no” Form The “no” form of this command clears an IP a[...]

  • Page 1140

    Routing Protocol Config uration Command Set Configuring IRDP 13-88 Matrix NSA Series Configuration Guide 13.2.5.7 no ip ird p multicast Use this command to enable the ro uter to send IRDP advertisements using broadcast rather than multicast transmissions. By default, the rout er sends IRDP advertisements via multicast. no ip irdp multicast Synt ax [...]

  • Page 1141

    Routing Protocol Conf igura tion Command Set Configuring IRDP Matrix NSA Series C onfiguration Guide 1 3-89 13.2.5.8 sho w ip ird p Use this command to display IRDP information. show ip irdp [ vlan vlan-id ] Synt ax Description Command T ype Router command. Command Mode Interface configuration: Matrix>Router1(config-if(Vlan 1))# Command Default [...]

  • Page 1142

    Routing Protocol Config uration Command Set Configuring VRRP 13-90 Matrix NSA Series Configuration Guide 13.2.6 Configuring VRRP Purpose T o enable and configure the V irtual Router Redundancy Proto col (VRRP). This protocol el iminates the single point of failure inherent in the static default routed environm ent by transferring the responsibility[...]

  • Page 1143

    Routing Protocol Conf igura tion Command Set Configuring VRRP Matrix NSA Series C onfiguration Guide 1 3-91 13.2.6.1 rout er vrrp Use this command to enable or disable VRRP configuration mode. router vrrp Synt ax Description None. Command Synt ax of the “no” Form The “no” form of this command rem o ves all VRRP config urations from the runn[...]

  • Page 1144

    Routing Protocol Config uration Command Set Configuring VRRP 13-92 Matrix NSA Series Configuration Guide 13.2.6.2 create Use this command to create a VRRP session. Each Matrix Series routing module or standalone device supports up to VRRP sessions. Up to four VRIDs can be as sociated with an individual routing interface. create vlan vlan-id vrid Sy[...]

  • Page 1145

    Routing Protocol Conf igura tion Command Set Configuring VRRP Matrix NSA Series C onfiguration Guide 1 3-93 13.2.6.3 address Use this command to configure a virtual router IP addres s. If the virtual router IP address is the same as the interface (VLAN) address owned by a VRRP router , then the router owning the address becomes the master . The mas[...]

  • Page 1146

    Routing Protocol Config uration Command Set Configuring VRRP 13-94 Matrix NSA Series Configuration Guide Command T ype Router command. Command Mode Router configuration: Matrix>Router1(config-router)# Command Default s None. Examples This example shows how to configure a virtual router address o f 182. 127.6 2.1 on VLAN 1, VRID 1, and to set the[...]

  • Page 1147

    Routing Protocol Conf igura tion Command Set Configuring VRRP Matrix NSA Series C onfiguration Guide 1 3-95 13.2.6.4 prio rity Use this command to set a priority value for a VRRP router . priority vlan vlan-id vrid priority-value Synt ax Description Command Synt ax of the “no” Form The “no” form of this command cl ears the VRRP priority con[...]

  • Page 1148

    Routing Protocol Config uration Command Set Configuring VRRP 13-96 Matrix NSA Series Configuration Guide 13.2.6.5 master-icmp-reply Use this command to enable ICMP replies for non-owner masters. Th is provides the ability for the virtual router maste r to respond to an ICMP echo even if it does not “own” the virtual IP address. W ithout this fu[...]

  • Page 1149

    Routing Protocol Conf igura tion Command Set Configuring VRRP Matrix NSA Series C onfiguration Guide 1 3-97 13.2.6.6 advertise-interval Use this command to set the interval in seconds between VRRP advertisements. These are sent by the master router to other routers participating in the VRRP master sel ection process, informing them of its configure[...]

  • Page 1150

    Routing Protocol Config uration Command Set Configuring VRRP 13-98 Matrix NSA Series Configuration Guide Example This example shows how set an advertise in terval of 3 seconds on VLAN 1, VRID 1: Matrix>Router1(config)# router v rrp Matrix>Router1(config-router)# a dvertise-interval vlan 1 1 3[...]

  • Page 1151

    Routing Protocol Conf igura tion Command Set Configuring VRRP Matrix NSA Series C onfiguration Guide 1 3-99 13.2.6.7 critical -ip Use this command to set a critical IP address for VRRP routing. A critical IP address defines an interface — in addition to the interface between hosts and a first-hop router — that will prevent the master router fro[...]

  • Page 1152

    Routing Protocol Config uration Command Set Configuring VRRP 13-100 Matrix NSA Series Configuration Guide Example This example shows how to set IP address 182.127.62.3 as a critic al IP address associated with VLAN 1, VRID 1: Matrix>Router1(config)# router v rrp Matrix>Router1(config-router)# c ritical-ip vlan 1 1 182.127.62.3[...]

  • Page 1153

    Routing Protocol Conf igura tion Command Set Configuring VRRP Matrix NSA Series Configura tion Guide 13-101 13.2.6.8 preempt Use this command to enable or disable preempt mode on a VRRP router . Preempt is enabled on VRRP routers by default, which allows a higher pr iority backup router to preempt a lower priority master . preempt vlan-id vrid Synt[...]

  • Page 1154

    Routing Protocol Config uration Command Set Configuring VRRP 13-102 Matrix NSA Series Configuration Guide 13.2.6.9 preempt-delay Use this command to set a preempt delay time on a VRRP router . When preempt mode is enabled this specifies a delay (in seconds) that a higher pr iority backup router must wait to preempt a lower priority master . For mor[...]

  • Page 1155

    Routing Protocol Conf igura tion Command Set Configuring VRRP Matrix NSA Series Configura tion Guide 13-103 Example This example shows how to set the preemp t delay to 60 seconds on VLAN 1 , VRID 1: Matrix>Router1(config)# ro uter vrrp Matrix>Router1(config-router)# preempt-delay vlan 1 1 60[...]

  • Page 1156

    Routing Protocol Config uration Command Set Configuring VRRP 13-104 Matrix NSA Series Configuration Guide 13.2.6.10 enable Use this command to ena ble VRRP on an inte rface. enable vlan vlan-id vrid Synt ax Description Command Synt ax of the “no” Form The “no” form of this command disables VRRP on an interface: no enable vlan vlan-id vrid C[...]

  • Page 1157

    Routing Protocol Conf igura tion Command Set Configuring VRRP Matrix NSA Series Configura tion Guide 13-105 13.2.6.1 1 ip vrrp authentication-key Use this command to set a VRRP auth entication password on an interface. ip vrrp authentication-key passwor d Synt ax Description Command Synt ax of the “no” Form The “no” form of this command cl [...]

  • Page 1158

    Routing Protocol Config uration Command Set Configuring VRRP 13-106 Matrix NSA Series Configuration Guide 13.2.6.12 ip vrrp message-digest-key Use this command to set a VRRP MD5 au thentication password on an interface. ip vrrp message-digest-key vrid md5 passwor d [ hmac-9 6] Synt ax Description Command Synt ax of the “no” Form The “no” fo[...]

  • Page 1159

    Routing Protocol Conf igura tion Command Set Configuring VRRP Matrix NSA Series Configura tion Guide 13-107 13.2.6.13 show ip vrrp Use this command to displa y VRRP routing information. show ip vrrp Synt ax Description None. Command T ype Router command. Command Mode Any router mode . Command Default s None. Example This example shows how to displa[...]

  • Page 1160

    Routing Protocol Config uration Command Set Configuring VRRP 13-108 Matrix NSA Series Configuration Guide[...]

  • Page 1161

    Matrix NSA Series Configuration Guide 14 -1 14 Security Configuration This chapter describes the Security Configura tion set of commands and how to use th em. 14.1 OVERVIEW OF SECURITY METHODS The following security methods are avai lable fo r controlling which users are allowed to access, monitor , and m anage the devic e. • Local user cred en t[...]

  • Page 1162

    Overview of Security Methods 14-2 Matrix NSA Series Configuration Gui de • MAC Locking — locks a port to one or mo re MAC addresses, preventing connection of unauthorized devices via the port. For details, refer to Section 14.3.9 . • Multiple User Multiple Authentication – allows multiple users on a given port to simultaneously authenticate[...]

  • Page 1163

    Overview of Security Methods RADIUS Filter-ID Attribute and Dynamic Policy Profile Assignment Matrix NSA Series Configuration Guide 14-3 14.1.1 RADIUS Filter-ID Attribut e and Dynamic Policy Profile Assignment If you configure an authentication method that requires communica tion with a RADIUS server , you can use the RADIUS Filter -ID attribute to[...]

  • Page 1164

    Process Overview: Security Configuration RADIUS Filter-ID Attribute and Dynamic Poli cy Profile Assignment 14-4 Matrix NSA Series Configuration Gui de 14.2 PROCESS OVERVIEW: SECURITY CONFIGURATION Use the following steps as a guide to co nfiguring security methods on the dev i ce: 1. Setting the Authentication Login Method ( Section 14.3.1 ) 2. Con[...]

  • Page 1165

    Security Configurati on Command Set Setting the Auth entication Login Me thod Matrix NSA Series Configuration Guide 14-5 14.3 SECURITY CONFIGURATION COMMAND SET 14.3.1 Setting the Authentication Login Method Purpose T o configure the authentication logi n method. Commands The commands used to configure the authentication login method ar e listed be[...]

  • Page 1166

    Security Configuration Command Set Setting the Authenticatio n Logi n Method 14-6 Matrix NSA Series Configuration Gui de 14.3.1.1 show authenti cation login Use this command to display the cu rrent authenticatio n login method. show aut hentication log in Synt ax Description None. Command T ype Switch command. Command Mode Read-Only . Command Defau[...]

  • Page 1167

    Security Configurati on Command Set Setting the Auth entication Login Me thod Matrix NSA Series Configuration Guide 14-7 14.3.1.2 set authentication login Use this command to set th e authentication login method. set authentication login { any | local | radius | tacacs } Synt ax Description Command T ype Switch command. Command Mode Read-W rite. Co[...]

  • Page 1168

    Security Configuration Command Set Setting the Authenticatio n Logi n Method 14-8 Matrix NSA Series Configuration Gui de 14.3.1.3 clear authenticat ion login Use this command to reset the authentication login method to the default setting of “any”. clear authentication login Synt ax Description None. Command T ype Switch command. Command Mode R[...]

  • Page 1169

    Security Configurati on Command Set Configuring RADIUS Matrix NSA Series Configuration Guide 14-9 14.3.2 Configuring RADIUS Purpose T o perform the following: • Review the RADIUS client/server configuration on the device. • Enable or disable the RADIUS client. • Set local and remote login options. • Set primary and secondary serve r paramet[...]

  • Page 1170

    Security Configuration Command Set Configuring RADIUS 14-10 Matrix NSA Series Configuration Guide 14.3.2.1 show radius Use this command to display the current RADIUS client/server configuration. show radius [ state | retries authtype || timeout | server [ index | all ]] Synt ax Description Command T ype Switch command. Command Mode Read-Only . Comm[...]

  • Page 1171

    Security Configurati on Command Set Configuring RADIUS Matrix NSA Series Configuration Guide 14-1 1 T able 14-1 provides an explanatio n of the command ou tput. T able 14-1 show radius Output De t ails Output What It Displays... RADIUS state Whether the RADIUS client is enabled or disabled . RADIUS retries Number of retry attemp ts before the RADIU[...]

  • Page 1172

    Security Configuration Command Set Configuring RADIUS 14-12 Matrix NSA Series Configuration Guide 14.3.2.2 set radius Use this command to enable, disable, or configure RADIUS authentication. set radius {[ enable | disable ] [ retries number-of-r etries ] [ timeout timeout ] [ server { index ip-addr ess port [ secr et-value ]} [ realm { management-a[...]

  • Page 1173

    Security Configurati on Command Set Configuring RADIUS Matrix NSA Series C onfiguration Guide 1 4-13 Command Default s • If secr et-value is not specified, none will be applied. • If realm is not specified, any authentication will be allowed. Examples This example shows how to enable the RADIUS client for authenticating with RADIUS server 1 at [...]

  • Page 1174

    Security Configuration Command Set Configuring RADIUS 14-14 Matrix NSA Series Configuration Guide 14.3.2.3 clear radius Use this command to clear RADIUS server settings. clear radius [ state ] [ retries ] [ timeout ] [ server [ index | all ] [ realm { index | all }] Synt ax Description Command T ype Switch command. Command Mode Read-W rite. Command[...]

  • Page 1175

    Security Configurati on Command Set Configuring RADIUS Matrix NSA Series C onfiguration Guide 1 4-15 14.3.2.4 show radi us accounting Use this command to display the RADIUS accoun ting configurat ion. This transmits accounting information between a network access se rver and a shared accounting server . show radius accounting [ updateinterval ] | [[...]

  • Page 1176

    Security Configuration Command Set Configuring RADIUS 14-16 Matrix NSA Series Configuration Guide For details on enabling and configuring RADIUS accounting, refer to Section 14.3. 2.5 : Matrix(rw)-> show radius account ing Accounting state: Enabled Accounting update interval: 1800 secs Accounting interval minimum: 600 secs Server Server A cct In[...]

  • Page 1177

    Security Configurati on Command Set Configuring RADIUS Matrix NSA Series C onfiguration Guide 1 4-17 14.3.2.5 set ra dius accounting Use this command to conf igure RADIUS accountin g. set radius accounting {[ enable ] [ disable ] [ intervalminimum value ] [ updateinterval value ] [ retries re t r i e s ] [ timeout timeou t ] [ server { index | all [...]

  • Page 1178

    Security Configuration Command Set Configuring RADIUS 14-18 Matrix NSA Series Configuration Guide Command Mode Read-W rite. Command Default s None. Examples This example shows how to enab le the RADIUS accounting client for authenticating with the accounting server 1 at IP address 10.2.4.1 2, UDP authentication port 1800. As previously noted , the [...]

  • Page 1179

    Security Configurati on Command Set Configuring RADIUS Matrix NSA Series C onfiguration Guide 1 4-19 14.3.2.6 clear radius accou nting Use this command to clear RADIUS accounting configuration settings. clear radius accounting {[ server { index | all }] [ retries { index | all }] [ timeout { index | all }] [ intervalminimum] [ updateinterval ]} Syn[...]

  • Page 1180

    Security Configuration Command Set Configuring RFC 358 0 14-20 Matrix NSA Series Configuration Guide 14.3.3 Configuring RFC 3580 About RFC 3580 RFC 3580 provides suggestions on how 802.1x Au thenticators sh ould leverage RADIUS as the backend AAA infrastruc ture. RFC 35 80 is divided into several major sec tio ns: RADIUS Accounting, RADIUS Authenti[...]

  • Page 1181

    Security Configurati on Command Set Configuring R FC 3580 Matrix NSA Series C onfiguration Guide 1 4-21 14.3.3.1 show vlanauthorization Use this command to display th e VLAN Authorization settings. show vlanauthorization [ port-list ] | [ all ] Synt ax Description Command T ype Switch command. Command Mode Read-Only . Command Default s If no parame[...]

  • Page 1182

    Security Configuration Command Set Configuring RFC 358 0 14-22 Matrix NSA Series Configuration Guide 14.3.3.2 set vlanauthorization Use this command to set the VLAN Authorization attributes. set vlanauthorization enable | disable | port port-list {[ enable | disable ] none | tagged | untagged | dynamic } Synt ax Description Command T ype Switch com[...]

  • Page 1183

    Security Configurati on Command Set Configuring R FC 3580 Matrix NSA Series C onfiguration Guide 1 4-23 14.3.3.3 clear vlanauthorization Use this command to clear the VLAN Authorization attributes to the defaults. clear vlanauthorization port-list all Synt ax Description Command T ype Switch command. Command Mode Read-W rite. Command Default s None[...]

  • Page 1184

    Security Configuration Command Set Configuring T ACACS+ 14-24 Matrix NSA Series Configuration Guide 14.3.4 Configuring T ACACS+ Purpose T o perform the following: • Review the T ACACS+ client and server configurations on the devic e. • Enable or disable the T ACACS+ client. • Set local and remote logi n options. • Set server parameters, inc[...]

  • Page 1185

    Security Configurati on Command Set Configuring T ACACS+ Matrix NSA Series C onfiguration Guide 1 4-25 14.3.4.1 show tacacs Use this command to display the current T A CACS+ configuration in formation and status. show tacacs [ state ] Synt ax Description Command Default s If state is not specified, all T ACACS+ configuration information will be dis[...]

  • Page 1186

    Security Configuration Command Set Configuring T ACACS+ 14-26 Matrix NSA Series Configuration Guide T able 14-2 show taca cs Output Det ails Output What It Displays... T ACACS+ state Whether the T ACACS+ client is enabled or disabled . T ACACS+ session accounting state Whether T ACACS+ session accounting is enabled or disabl ed. T ACACS+ command au[...]

  • Page 1187

    Security Configurati on Command Set Configuring T ACACS+ Matrix NSA Series C onfiguration Guide 1 4-27 14.3.4.2 set t acacs Use this command to enable or disable the T ACACS+ client. set tacacs { enable | disable } Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Usage The T ACACS+ client can be en[...]

  • Page 1188

    Security Configuration Command Set Configuring T ACACS+ 14-28 Matrix NSA Series Configuration Guide 14.3.4.3 show t acacs server Use this command to display the cu rrent T ACACS+ server configuration. show tacacs server { index | all } Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-Only . Example This ex[...]

  • Page 1189

    Security Configurati on Command Set Configuring T ACACS+ Matrix NSA Series C onfiguration Guide 1 4-29 14.3.4.4 set tacacs server Use this command to configure the T ACACS+ serve r(s) to be used by the T ACACS+ client. Y ou can configure the timeout value for all configured servers or a sing le serv er , or you can co nfigure the IP address, TCP po[...]

  • Page 1190

    Security Configuration Command Set Configuring T ACACS+ 14-30 Matrix NSA Series Configuration Guide 14.3.4.5 clear t acacs server Use this command to remove one or all configured T ACACS+ servers, or to return the timeout value to its default value for on e or all configured T AC ACS+ servers. clear tacacs server { all | index } [ timeout ] Synt ax[...]

  • Page 1191

    Security Configurati on Command Set Configuring T ACACS+ Matrix NSA Series C onfiguration Guide 1 4-31 14.3.4.6 show tacacs session Use this command to display the curre nt T ACACS+ client session settings. show tacacs session { authorization | accounting [ state ]} Synt ax Description Command Default s If state is not specified, all session accoun[...]

  • Page 1192

    Security Configuration Command Set Configuring T ACACS+ 14-32 Matrix NSA Series Configuration Guide 14.3.4.7 set t a cacs session Use this command to enable or disable T ACA CS + session accounting, or to configure T A CACS+ session authorization parameters. For simplicity , separate syntax formats are shown for configuring session accounting and s[...]

  • Page 1193

    Security Configurati on Command Set Configuring T ACACS+ Matrix NSA Series C onfiguration Guide 1 4-33 Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Usage When session accounting is enabled, the T ACACS+ server will log accounting information, such as start and stop times, IP address of the client, and so forth, fo[...]

  • Page 1194

    Security Configuration Command Set Configuring T ACACS+ 14-34 Matrix NSA Series Configuration Guide 14.3.4.8 clear t acacs sessio n Use this command to return the T ACACS+ session authorization settings to their default values. clear tacacs session authorization { [ service ] [ read-only ] [ read-write ] [ super-user ] } Synt ax Description Command[...]

  • Page 1195

    Security Configurati on Command Set Configuring T ACACS+ Matrix NSA Series C onfiguration Guide 1 4-35 14.3.4.9 show tacacs command Use this command to display the sta tus (enabled or disa bled ) of T ACACS+ accou ntin g or authorization on a per-command basis. show tacacs command { accounting | authorization } [ state ] Synt ax Description Command[...]

  • Page 1196

    Security Configuration Command Set Configuring T ACACS+ 14-36 Matrix NSA Series Configuration Guide 14.3.4.10 set t acacs command Use this command to enable or disable T ACACS + accounting or authori zation on a per-command basi s. set tacacs command { accounting | authorization } { enable | disable } Synt ax Description Command Default s None. Com[...]

  • Page 1197

    Security Configurati on Command Set Configuring T ACACS+ Matrix NSA Series C onfiguration Guide 1 4-37 14.3.4.1 1 sho w t acacs si ngleconnect Use this command to display the current status of the T ACACS+ client’ s ability to send multiple requests over a single TCP connection. show tacacs singleconnect [ state ] Synt ax Description Command Defa[...]

  • Page 1198

    Security Configuration Command Set Configuring T ACACS+ 14-38 Matrix NSA Series Configuration Guide 14.3.4.12 set t acacs singleconnect Use this command to enable or disable the ability of the T ACACS+ client to send multiple requests over a single TCP connection. When enabled, the T ACACS+ client will use a single TCP connection for all requ ests [...]

  • Page 1199

    Security Configurati on Command Set Configuring 802.1X Authentication Matrix NSA Series C onfiguration Guide 1 4-39 14.3.5 Configuring 802.1X Authentication About Multi-User Authentication Enterasys Networks’ enhanced version of the IEEE 802.1X-2001 specificati on decreases security vulnerabilities inherent with the standard implemen tation, and [...]

  • Page 1200

    Security Configuration Command Set Configuring 802.1X Authenticatio n 14-40 Matrix NSA Series Configuration Guide Commands The commands used to review and configure 802.1X are liste d below and described in the associated section as shown: • show dot1x ( Section 14.3.5. 1 ) • show dot1x auth-config ( Section 14.3.5. 2 ) • set dot1x ( Section [...]

  • Page 1201

    Security Configurati on Command Set Configuring 802.1X Authentication Matrix NSA Series C onfiguration Guide 1 4-41 14.3.5.1 sho w dot1x Use this command to display 802.1X status, di agnostics, statistics, and reauthentication or initialization control information for one or more ports. show dot1x [ auth-config | access -entity | auth-diag | auth-s[...]

  • Page 1202

    Security Configuration Command Set Configuring 802.1X Authenticatio n 14-42 Matrix NSA Series Configuration Guide • If port-string is not specified, information for all ports will be displayed. Examples This example shows how to display 802.1X status: This example shows how to di splay authentication diagnost ics information for fe.1.1: Matrix(rw[...]

  • Page 1203

    Security Configurati on Command Set Configuring 802.1X Authentication Matrix NSA Series C onfiguration Guide 1 4-43 This example shows how to display authen tication session statistics for fe.1.1: This example shows how to display authentication sta tistics for fe.1.1: Matrix(rw)-> show dot1x au th-session-stats fe.1.1 Port: 1 Auth-Session-Stats[...]

  • Page 1204

    Security Configuration Command Set Configuring 802.1X Authenticatio n 14-44 Matrix NSA Series Configuration Guide 14.3.5.2 show dot1x auth-config Use this command to display 802.1 X authentication configuration se ttings for one or more ports. show dot1x auth-config [ authcontrolled-portcontrol ] [ keytxenabled ] [ maxreq ] [ quietperiod ] [ reauth[...]

  • Page 1205

    Security Configurati on Command Set Configuring 802.1X Authentication Matrix NSA Series C onfiguration Guide 1 4-45 Command T ype Switch command. Command Mode Read-Only . Command Default s • If no parameters are specified, all 802.1X settin gs will be displayed. • If port-string is not specified, informa tion for all ports will be displayed. Ex[...]

  • Page 1206

    Security Configuration Command Set Configuring 802.1X Authenticatio n 14-46 Matrix NSA Series Configuration Guide 14.3.5.3 set dot1x Use this command to enable or disable 802.1X au thentication, to reauthenticate one or more access entities, or to reinitialize one or more supplicants. set dot1x {[ enable | disable ] [ init | reauth [ port-string ] [...]

  • Page 1207

    Security Configurati on Command Set Configuring 802.1X Authentication Matrix NSA Series C onfiguration Guide 1 4-47 14.3.5.4 set dot1 x auth-config Use this command to config u re 80 2.1 X authentica tio n. set dot1x auth-config {[ authcontrolled-portcontrol { auto | forced-auth | forced-unauth }] [ keytxenabled { false | true }] [ maxreq value ] [[...]

  • Page 1208

    Security Configuration Command Set Configuring 802.1X Authenticatio n 14-48 Matrix NSA Series Configuration Guide Command T ype Switch command. Command Mode Read-W rite. Command Default s If port-string is not specified, authentication pa rameters will be set on all ports Examples This example shows how to set EAPOL port control to forced authorize[...]

  • Page 1209

    Security Configurati on Command Set Configuring 802.1X Authentication Matrix NSA Series C onfiguration Guide 1 4-49 14.3.5.5 clear d ot1x auth-config Use this command to reset 802.1X authentication parameters to default values on one or more ports. clear dot1x auth-config [ authcontrolled-portcontrol ] [ keytxenabled ] [ maxreq ] [ quietperiod ] [ [...]

  • Page 1210

    Security Configuration Command Set Configuring 802.1X Authenticatio n 14-50 Matrix NSA Series Configuration Guide • If port-string is not specified, paramete rs will be set on all ports. Examples This example shows how to reset the 802.1X port control mode to auto on all ports: This example shows how to rese t reauthenticatio n control to disable[...]

  • Page 1211

    Security Configurati on Command Set Configuring Po rt Web Authenticati on (PWA) Matrix NSA Series C onfiguration Guide 1 4-51 14.3.6 Configuring Port Web Authentication (PW A ) About PW A PW A provides a way of authenticating us ers before allowing general access to the network. A PW A user ’ s access to the network is restricted until afte r the[...]

  • Page 1212

    Security Configuration Command Set Configuring Port Web Authentication (PWA) 14-52 Matrix NSA Series Configuration Guide Setting the port mode in this fashion will al low traffic to flow t hrough the port without authentication according to its configuration. By default, this would allow all traf fic to be forwarded. Conversely , you could configur[...]

  • Page 1213

    Security Configurati on Command Set Configuring Po rt Web Authenticati on (PWA) Matrix NSA Series C onfiguration Guide 1 4-53 Commands The comm ands need ed to review and configure PW A are listed belo w and de scribed in the associated section as show n: • show pwa ( Section 14.3.6.1 ) • set pwa ( Section 14.3.6.2 ) • set pwa hostname ( Sect[...]

  • Page 1214

    Security Configuration Command Set Configuring Port Web Authentication (PWA) 14-54 Matrix NSA Series Configuration Guide 14.3.6.1 show pwa Use this command to display por t web authen tication information fo r one or more ports. show pwa [ port-string ] Synt ax Description Command Default s If port-string is not specified, PW A informatio n will be[...]

  • Page 1215

    Security Configurati on Command Set Configuring Po rt Web Authenticati on (PWA) Matrix NSA Series C onfiguration Guide 1 4-55 T able 14-3 show pwa Output De t a ils Output What It Displays... PW A S tatus Whether or not port web authentication is enabled or disabled. Default state of disabled can be changed using the set pwa command as described in[...]

  • Page 1216

    Security Configuration Command Set Configuring Port Web Authentication (PWA) 14-56 Matrix NSA Series Configuration Guide Mode PW A po rt control mode. Auth S tatus Whether or no t the p ort state is disconnected, authenticating authenticated, or held (a uthentication has failed). Quiet Period Amount of time a port will be in the held state after a [...]

  • Page 1217

    Security Configurati on Command Set Configuring Po rt Web Authenticati on (PWA) Matrix NSA Series C onfiguration Guide 1 4-57 14.3.6.2 set pwa Use this command to enable or disable port web authe ntication. set pwa { enable | disable } Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example This e[...]

  • Page 1218

    Security Configuration Command Set Configuring Port Web Authentication (PWA) 14-58 Matrix NSA Series Configuration Guide 14.3.6.3 set pwa hostn ame Use this command to set a port web authenticatio n host name. This is a URL for accessing the PW A login p age. set pwa hostname name Synt ax Description Command Default s None. Command T ype Switch com[...]

  • Page 1219

    Security Configurati on Command Set Configuring Po rt Web Authenticati on (PWA) Matrix NSA Series C onfiguration Guide 1 4-59 14.3.6.4 clear p wa hostname Use this command to clear the po rt web authentication host name. clear pwa hostname Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Exam[...]

  • Page 1220

    Security Configuration Command Set Configuring Port Web Authentication (PWA) 14-60 Matrix NSA Series Configuration Guide 14.3.6.5 show pwa banner Use this command to display the port web authentication login banner string. show pwa banner Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-Only . Exampl[...]

  • Page 1221

    Security Configurati on Command Set Configuring Po rt Web Authenticati on (PWA) Matrix NSA Series C onfiguration Guide 1 4-61 14.3.6.6 set pwa ban ner Use this command to configure a string to be displayed as th e PW A login banne r . set pwa banner string Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W[...]

  • Page 1222

    Security Configuration Command Set Configuring Port Web Authentication (PWA) 14-62 Matrix NSA Series Configuration Guide 14.3.6.7 clear pwa banner Use this command to reset the PW A login banner to a blank string. clear pwa banner Synt ax Description None. Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example This [...]

  • Page 1223

    Security Configurati on Command Set Configuring Po rt Web Authenticati on (PWA) Matrix NSA Series C onfiguration Guide 1 4-63 14.3.6.8 set pwa displaylogo Use this command to set the display opt ions for the Enterasys Networks logo. set pwa displaylogo { display | hide } Synt ax Description Command Default s None. Command T ype Switch command. Comm[...]

  • Page 1224

    Security Configuration Command Set Configuring Port Web Authentication (PWA) 14-64 Matrix NSA Series Configuration Guide 14.3.6.9 set pwa redi rectt ime Use this command to set the PW A login success page redirect time. set pwa redirecttime time Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Exam[...]

  • Page 1225

    Security Configurati on Command Set Configuring Po rt Web Authenticati on (PWA) Matrix NSA Series C onfiguration Guide 1 4-65 14.3.6.10 set pwa ip address Use this command to set the PW A IP address. This is the IP addr ess of the end station from which PW A will prevent network access until the user is authenticated. set pwa ipaddress ip-addr ess [...]

  • Page 1226

    Security Configuration Command Set Configuring Port Web Authentication (PWA) 14-66 Matrix NSA Series Configuration Guide 14.3.6.1 1 set pwa proto col Use this command to set the po rt web authenticat ion protocol. set pwa protocol { chap | pap } Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Exam[...]

  • Page 1227

    Security Configurati on Command Set Configuring Po rt Web Authenticati on (PWA) Matrix NSA Series C onfiguration Guide 1 4-67 14.3.6.12 set pwa enhancedmode Use this command to enab le or dis able PW A enhanced mode. When enabled, use rs on unauthenticated PW A ports can type any URL into a browser and be presented th e PW A login page on their ini[...]

  • Page 1228

    Security Configuration Command Set Configuring Port Web Authentication (PWA) 14-68 Matrix NSA Series Configuration Guide 14.3.6.13 set pwa guestname Use this command to set a guest user name for PW A enhanced mo de networking . When enhanc ed mode is enabled (as des cribe d in Section 14.3.6.12 ), PW A will use this name to grant network access to [...]

  • Page 1229

    Security Configurati on Command Set Configuring Po rt Web Authenticati on (PWA) Matrix NSA Series C onfiguration Guide 1 4-69 14.3.6.14 clear pwa guestname Use this command to clear the PW A guest user name. clear pwa guestname Synt ax Description None. Command T ype Switch command. Command Default s None. Command Mode Read-W rite. Example This exa[...]

  • Page 1230

    Security Configuration Command Set Configuring Port Web Authentication (PWA) 14-70 Matrix NSA Series Configuration Guide 14.3.6.15 set pwa guestpassword Use this command to set the guest user passwo rd for PW A networking. When enh an ced mode is enabled, (as des cribed in Section 14.3.6 .12 ) PW A will use this pas sword and the guest user name to[...]

  • Page 1231

    Security Configurati on Command Set Configuring Po rt Web Authenticati on (PWA) Matrix NSA Series C onfiguration Guide 1 4-71 14.3.6.16 set pwa guest st atus Use this command to enable or disable guest networking for port we b authentication. When enhanced mode is enabled (as des cribed in Section 14.3.6.12 ), PW A will use a guest password and gue[...]

  • Page 1232

    Security Configuration Command Set Configuring Port Web Authentication (PWA) 14-72 Matrix NSA Series Configuration Guide 14.3.6.17 set pwa initialize Use this command to initializ e a PW A port to its defa ult unauthenticated state. set pwa initialize [ port-string ] Synt ax Description Command T ype Switch command. Command Default s If port-string[...]

  • Page 1233

    Security Configurati on Command Set Configuring Po rt Web Authenticati on (PWA) Matrix NSA Series C onfiguration Guide 1 4-73 14.3.6.18 set pwa quietperiod Use this command to set the amount of time a port will remain in the held state after a user unsuccessfully attempts to log on to the network. set pwa quietperiod time [ port-string ] Synt ax De[...]

  • Page 1234

    Security Configuration Command Set Configuring Port Web Authentication (PWA) 14-74 Matrix NSA Series Configuration Guide 14.3.6.19 set pwa maxrequ ests Use this command to set the maximum number of log on attempts all owed be fore transitioning the PW A port to a held state. set pwa maxrequests re q u e s t s [ port-string ] Synt ax Description Com[...]

  • Page 1235

    Security Configurati on Command Set Configuring Po rt Web Authenticati on (PWA) Matrix NSA Series C onfiguration Guide 1 4-75 14.3.6.20 set pwa portcontrol Use this command to set the PW A port control mode. s et pwa portcontrol { auto | forceauthorized | forceunauthorized | promiscuousauto } [ port-string ] Synt ax Description Command Default s If[...]

  • Page 1236

    Security Configuration Command Set Configuring Port Web Authentication (PWA) 14-76 Matrix NSA Series Configuration Guide Example This example shows how to set the PW A control mode to auto for all ports: Matrix(rw)-> set pwa portcontrol auto[...]

  • Page 1237

    Security Configurati on Command Set Configuring Po rt Web Authenticati on (PWA) Matrix NSA Series C onfiguration Guide 1 4-77 14.3.6.21 show pwa session Use this command to display info rmation about current PW A sessions. show pwa session [ port-string ] Synt ax Description Command T ype Switch command. Command Default s If port-string is not spec[...]

  • Page 1238

    Security Configuration Command Set Configuring MAC Authentica tion 14-78 Matrix NSA Series Configuration Guide 14.3.7 Configuring MAC Authentication Purpose T o review , disable, enable and configure MA C authentication. This allows the device to authenticate source MAC addresses in an exchange with an authen tication server . The authenticator (sw[...]

  • Page 1239

    Security Configurati on Command Set Configuring MAC Authen tication Matrix NSA Series C onfiguration Guide 1 4-79 • clear macauthentication reauthperiod ( Section 14.3.7.17 ) • set macauthentication quietperiod ( Section 14.3.7.18 ) • clear macauthentication quietperiod ( Section 14.3.7.1 9 )[...]

  • Page 1240

    Security Configuration Command Set Configuring MAC Authentica tion 14-80 Matrix NSA Series Configuration Guide 14.3.7.1 show macauthent ication Use this command to displa y MAC authentication information for one or more ports. show macauthentication [ port-string ] Synt ax Description Command T ype Switch command. Command Mode Read-Only . Command D[...]

  • Page 1241

    Security Configurati on Command Set Configuring MAC Authen tication Matrix NSA Series C onfiguration Guide 1 4-81 T able 14-4 show macauthentica tion Output Det ails Output What It Displays... MAC authentication Whether MAC auth entication is globally enabled or disabled. Set using the set macauthentication command as described in Se ction 14.3.7.3[...]

  • Page 1242

    Security Configuration Command Set Configuring MAC Authentica tion 14-82 Matrix NSA Series Configuration Guide 14.3.7.2 show macauthent ication session Use this command to display the active MAC authenticated sessions. show macauthentication session Synt ax Description None. Command T ype Switch command. Command Mode Read-Only . Command Default s I[...]

  • Page 1243

    Security Configurati on Command Set Configuring MAC Authen tication Matrix NSA Series C onfiguration Guide 1 4-83 Reauth Period Reauthentication peri od for this port, set using the set macauthentication reauthperiod command des cribed in Section 14.3.7.16 . Reauthentications Whether or not reauthentication is enabled or disabled on this port. Set [...]

  • Page 1244

    Security Configuration Command Set Configuring MAC Authentica tion 14-84 Matrix NSA Series Configuration Guide 14.3.7.3 set macauthentication Use this command to globally enab le or disable MAC authentication. set macauthentication { enable | disable } Synt ax Description Command T ype Switch command. Command Mode Read-W rite. Command Default s Non[...]

  • Page 1245

    Security Configurati on Command Set Configuring MAC Authen tication Matrix NSA Series C onfiguration Guide 1 4-85 14.3.7.4 set macauthentication p assword Use this command to set a MAC authentication password. set macauthentication password passwo r d Synt ax Description Command T ype Switch command. Command Mode Read-W rite. Command Default s None[...]

  • Page 1246

    Security Configuration Command Set Configuring MAC Authentica tion 14-86 Matrix NSA Series Configuration Guide 14.3.7.5 clear macauthentication password Use this command to clear the MAC authentication password. clear macauthentication password Synt ax Description None. Command T ype Switch command. Command Mode Read-W rite. Command Default s None.[...]

  • Page 1247

    Security Configurati on Command Set Configuring MAC Authen tication Matrix NSA Series C onfiguration Guide 1 4-87 14.3.7.6 set macauthenti cation significant-bit s Use this command to set the number of sign ificant bits of the MAC address to use for authentication. set macauthentication significant-bits number Synt ax Description Command T ype Swit[...]

  • Page 1248

    Security Configuration Command Set Configuring MAC Authentica tion 14-88 Matrix NSA Series Configuration Guide 14.3.7.7 clear macauthentication significant-bit s Use this command to clear the MAC au thentication significant bits setting. clear macauthenticat ion significant-bits Synt ax Description None. Command T ype Switch command. Command Mode R[...]

  • Page 1249

    Security Configurati on Command Set Configuring MAC Authen tication Matrix NSA Series C onfiguration Guide 1 4-89 14.3.7.8 set macauthentication port Use this command to enable or disable one or more ports for MAC authentication. set macauthentication port { enable | disable } port-string Synt ax Description Command T ype Switch command. Command Mo[...]

  • Page 1250

    Security Configuration Command Set Configuring MAC Authentica tion 14-90 Matrix NSA Series Configuration Guide 14.3.7.9 set macauthentication authallocated Use this command to set the numb er of MAC authentication s essions allowed for one or more ports. set macauthentication authallocated nu mber port-string Synt ax Description Command T ype Switc[...]

  • Page 1251

    Security Configurati on Command Set Configuring MAC Authen tication Matrix NSA Series C onfiguration Guide 1 4-91 14.3.7.10 clear macauthenti cation authallocated Use this command to clear the number of MAC authentication sessions allowed for one or more ports. clear macauthentication authallocated [ port-string ] Synt ax Description Command T ype [...]

  • Page 1252

    Security Configuration Command Set Configuring MAC Authentica tion 14-92 Matrix NSA Series Configuration Guide 14.3.7.1 1 set macauthentication portinitialize Use this command to force one or more MAC auth entication ports to re-initialize and remove any currently active sessions on those ports. set macauthentication portinitialize port -string Syn[...]

  • Page 1253

    Security Configurati on Command Set Configuring MAC Authen tication Matrix NSA Series C onfiguration Guide 1 4-93 14.3.7.12 set macauthentication macinitialize Use this command to force a current MAC authenticatio n session to re-initialize and remove the session. set macauthentication macinitialize mac_addr Synt ax Description Command T ype Switch[...]

  • Page 1254

    Security Configuration Command Set Configuring MAC Authentica tion 14-94 Matrix NSA Series Configuration Guide 14.3.7.13 set macauthentication reauthentication Use this command to enable or disable reauth entication of all currently authenticated MAC addresses on one or more ports. set macauthenticatio n reauthentication { enable | di sabl e } port[...]

  • Page 1255

    Security Configurati on Command Set Configuring MAC Authen tication Matrix NSA Series C onfiguration Guide 1 4-95 14.3.7.14 set macauthentication portreauthenticate Use this command to force an immediate reauthenti cation of the currently active sessions on one or more MAC authentication ports. set macauthentication portreauthenticate port-string S[...]

  • Page 1256

    Security Configuration Command Set Configuring MAC Authentica tion 14-96 Matrix NSA Series Configuration Guide 14.3.7.15 set macauthentication macreauthenticate Use this command to forc e an immediate rea uthentic ation of a MAC addre ss. set macauthenticatio n mac reauthe ntic ate mac_addr Synt ax Description Command T ype Switch command. Command [...]

  • Page 1257

    Security Configurati on Command Set Configuring MAC Authen tication Matrix NSA Series C onfiguration Guide 1 4-97 14.3.7.16 set macauthenti cation reauthperiod Use this command to set the MA C reauthentication period (in se conds). This is the time lapse between attempts to reauthenticate any curre nt MAC address authenticated to a port. set macaut[...]

  • Page 1258

    Security Configuration Command Set Configuring MAC Authentica tion 14-98 Matrix NSA Series Configuration Guide 14.3.7.17 clear macauthen tication reauthperiod Use this command to clear the MAC reauth entication period on one or more ports. clear macauthentication reauthperiod [ port-string ] Synt ax Description Command T ype Switch command. Command[...]

  • Page 1259

    Security Configurati on Command Set Configuring MAC Authen tication Matrix NSA Series C onfiguration Guide 1 4-99 14.3.7.18 set macauthe ntication quietperiod Use this command to enable a reauthentication atte mpt for failed entries at the period specified in seconds. De fault va lue is 0 (never). set macauthentication quietperiod time port-stri ng[...]

  • Page 1260

    Security Configuration Command Set Configuring MAC Authentica tion 14-100 Matrix NSA Series Configuration Guide 14.3.7.19 clear macauthen tication quietperiod Use this command to clear the macauthentication qu iet period on one or more ports to the default value. The default value is 0 (never). clear macauthentication quietperiod [ port-string ] Sy[...]

  • Page 1261

    Security Configurati on Command Set Configuring Con vergence End Points (CEP) Phone Detection Matrix NSA Series Configura tion Guide 14-101 14.3.8 Configuring Conver gence End Point s (C EP) Phone Detection About CEP Phone Detection Convergence is a method to detect a remote IP te lephony or video device and apply a policy to the connection port ba[...]

  • Page 1262

    Security Configuration Command Set Configuring Convergence End Points (CEP) Phone Detection 14-102 Matrix NSA Series Configuration Guide • show cep connections ( Section 14.3 .8.1 ) • show cep detection ( Section 14.3.8.2 ) • show cep policy ( Section 14. 3.8.3 ) • show cep port ( Section 14.3.8.4 ) • set cep ( Section 14.3.8. 5 ) • set[...]

  • Page 1263

    Security Configurati on Command Set Configuring Con vergence End Points (CEP) Phone Detection Matrix NSA Series Configura tion Guide 14-103 14.3.8.1 show cep connections Use this command to display all learned CEPs. show cep connections port-string Synt ax Description Command Default s None Command Mode Read-Only . Example This example shows how to[...]

  • Page 1264

    Security Configuration Command Set Configuring Convergence End Points (CEP) Phone Detection 14-104 Matrix NSA Series Configuration Guide 14.3.8.2 show cep detection Use this command to display CE P phone detection parameters. show cep detection [ detection-id ] Synt ax Description Command Default s If no detection-id is specified, all CEP detec tio[...]

  • Page 1265

    Security Configurati on Command Set Configuring Con vergence End Points (CEP) Phone Detection Matrix NSA Series Configura tion Guide 14-105 14.3.8.3 show cep po licy Use this command to display the global policies of all su pported CEP types. show cep policy Synt ax Description None. Command Default s None Command Mode Read-Only . Examples This exa[...]

  • Page 1266

    Security Configuration Command Set Configuring Convergence End Points (CEP) Phone Detection 14-106 Matrix NSA Series Configuration Guide 14.3.8.4 show cep port Use this command to disp lay enable status of all supp orted CEP types. show cep port port-string Synt ax Description Command Default s None Command Mode Read-Only . Examples This example sh[...]

  • Page 1267

    Security Configurati on Command Set Configuring Con vergence End Points (CEP) Phone Detection Matrix NSA Series Configura tion Guide 14-107 14.3.8.5 set cep Use this command to globally en able or disable CEP detection. set cep { enable | disable } Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. E[...]

  • Page 1268

    Security Configuration Command Set Configuring Convergence End Points (CEP) Phone Detection 14-108 Matrix NSA Series Configuration Guide 14.3.8.6 set cep port Use this command to enable or disable a CEP detection type on one or more ports. set cep port port-string { cisco | h323 | siemens | sip } { enable | disable } Synt ax Description Command Def[...]

  • Page 1269

    Security Configurati on Command Set Configuring Con vergence End Points (CEP) Phone Detection Matrix NSA Series Configura tion Guide 14-109 14.3.8.7 set cep policy Use this command to set a global defau lt policy for a CEP detection type. This is the policy that will be applied when a phone of the specified type is de tected on a port. It must be c[...]

  • Page 1270

    Security Configuration Command Set Configuring Convergence End Points (CEP) Phone Detection 14-1 10 Matrix NSA Series Configuration Guide 14.3.8.8 set cep detection-id Use this command to create a new H.323, Siemens, or SIP phone detectio n configuration grou p, or enable, disabl e or remove an existing group. set cep detection-id id { create | del[...]

  • Page 1271

    Security Configurati on Command Set Configuring Con vergence End Points (CEP) Phone Detection Matrix NSA Series Configu ration Guide 14 -1 1 1 14.3.8.9 set cep detection-id type Use this command to specify whether a phone detection group will use H.323, Siemens or SIP as its phone discovery type. set cep detection-id id type { h323 | siemens | sip [...]

  • Page 1272

    Security Configuration Command Set Configuring Convergence End Points (CEP) Phone Detection 14-1 12 Matrix NSA Series Configuration Guide 14.3.8.10 set cep detection-id address Use this command to set an H.323, Siemens, or SI P phone detection group’ s IP address or mask . By default, H.323 will use 22 4.0.1.41 as its IP address and Siemen s will[...]

  • Page 1273

    Security Configurati on Command Set Configuring Con vergence End Points (CEP) Phone Detection Matrix NSA Series Configuration Guide 14-1 13 14.3.8.1 1 set cep de tection-id protocol Use this command to specify an IP protocol type for H.323, Siemens, o r SIP convergence end points detection. If an IP address is not set fo r a phone detection group a[...]

  • Page 1274

    Security Configuration Command Set Configuring Convergence End Points (CEP) Phone Detection 14-1 14 Matrix NSA Series Configuration Guide 14.3.8.12 set cep detection-id porthigh | portlow Use this command to set the maximum and minimu m ports used for TCP or UDP convergence end points detection. Once UDP and/or TCP phon e detection has been specifi[...]

  • Page 1275

    Security Configurati on Command Set Configuring Con vergence End Points (CEP) Phone Detection Matrix NSA Series Configuration Guide 14-1 15 14.3.8.13 set cep initialize Use this command to clear all ex istin g CEP co nnections for one or more CEP-enable d ports. This command is similar to the clear cep users command. set cep initialize [ port-strin[...]

  • Page 1276

    Security Configuration Command Set Configuring Convergence End Points (CEP) Phone Detection 14-1 16 Matrix NSA Series Configuration Guide 14.3.8.14 clear cep Use this command to clear conver gence end points parameters. clear cep { all | policy | detection [ detection-id ] | users [ port-string ] | port [ port-string { all | cisco | h323 | siemens [...]

  • Page 1277

    Security Configurati on Command Set Configuring Con vergence End Points (CEP) Phone Detection Matrix NSA Series Configuration Guide 14-1 17 Examples This example shows how to clear all CEP policy parameters This example shows how to clear detection id 4 parameters This example shows how to clears ports fe .1.1-5 of Cisco phone d etection parameters[...]

  • Page 1278

    Security Configuration Command Set Configuring MAC Locking 14-1 18 Matrix NSA Series Configuration Guide 14.3.9 Configuring MAC Locking Purpose T o review , disable , enable and configure MAC locking. This lock s a MAC address to one or more ports, preventing connection of un authorized de vices via the port(s). When source MAC addresses are receiv[...]

  • Page 1279

    Security Configurati on Command Set Configuring MAC Lockin g Matrix NSA Series Configuration Guide 14-1 19 14.3.9.1 show maclo ck Use this command to display the status of MAC locking on one or more ports. show maclock [ port_string ] Synt ax Description Command Default s If port_string is not specified, MAC locking stat us will be displayed for al[...]

  • Page 1280

    Security Configuration Command Set Configuring MAC Locking 14-120 Matrix NSA Series Configuration Guide T able 14-6 show maclock Output Det ails Output What It Displays... Port Numbe r Port des ignation . For a detailed description of possible port_string values, refer to Section 4.1.1 . Port S tatus Whether MAC locking is enabled or disabled on th[...]

  • Page 1281

    Security Configurati on Command Set Configuring MAC Lockin g Matrix NSA Series Configura tion Guide 14-121 14.3.9.2 show maclo ck st atio ns Use this command to disp lay MAC locking information about en d stations connected to the device. show maclock stations [ firstarrival | static ][ port-string ] Synt ax Description Command Default s If no para[...]

  • Page 1282

    Security Configuration Command Set Configuring MAC Locking 14-122 Matrix NSA Series Configuration Guide T able 14-7 provides an explanation of the command output. T able 14-7 sho w mac lo c k stations Outp ut Details Output What It Displays... Port Numbe r Port des ignation . For a detailed description of possible port_string values, refer to Secti[...]

  • Page 1283

    Security Configurati on Command Set Configuring MAC Lockin g Matrix NSA Series Configura tion Guide 14-123 14.3.9.3 set maclock enable Use this command to enable MAC locking on one or more ports. When enab led and configured for a specific MAC address and port string, this lock s a port so that only designated end station addresses are allowed to p[...]

  • Page 1284

    Security Configuration Command Set Configuring MAC Locking 14-124 Matrix NSA Series Configuration Guide 14.3.9.4 set maclock disable Use this command to disable MAC locking on one or more ports. set maclock disable [ port_string ] Synt ax Description Command Default s If port_string is not specified, MAC locking w ill be disabled on all ports. Comm[...]

  • Page 1285

    Security Configurati on Command Set Configuring MAC Lockin g Matrix NSA Series Configura tion Guide 14-125 14.3.9.5 set maclock Use this command to create a static MAC addr ess and enable or disable MAC locking for the specific MAC address and port. When created and enabled, this allows only the end station designated by the MAC address to particip[...]

  • Page 1286

    Security Configuration Command Set Configuring MAC Locking 14-126 Matrix NSA Series Configuration Guide 14.3.9.6 set maclock first arrival Use this command to restrict MAC locking on a port to a maximum number of end station addresses first connected to that port. set maclock firstarrival port_string value Synt ax Description Command Default s None[...]

  • Page 1287

    Security Configurati on Command Set Configuring MAC Lockin g Matrix NSA Series Configura tion Guide 14-127 14.3.9.7 set maclock move Use this command to move all current first arrival MACs to static entries. set maclock move port-string Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W rite. Example This [...]

  • Page 1288

    Security Configuration Command Set Configuring MAC Locking 14-128 Matrix NSA Series Configuration Guide 14.3.9.8 clear maclock firstarrival Use this command to reset the number of first arri val MAC addresses allowed per port to the default value of 600. clear maclock firstarrival port-string Synt ax Description Command Default s None. Command T yp[...]

  • Page 1289

    Security Configurati on Command Set Configuring MAC Lockin g Matrix NSA Series Configura tion Guide 14-129 14.3.9.9 set maclock static Use this comm and to restrict MAC locking on a port to a maximum number of static (management defined) MAC addresses for end stations connected to that port. set maclock static port_string value Synt ax Description [...]

  • Page 1290

    Security Configuration Command Set Configuring MAC Locking 14-130 Matrix NSA Series Configuration Guide 14.3.9.10 clear maclock static Use this command to reset the number of static MA C addresses allowed per port to the default value of 20. clear maclock static port_string Synt ax Description Command Default s None. Command T ype Switch command. C[...]

  • Page 1291

    Security Configurati on Command Set Configuring MAC Lockin g Matrix NSA Series Configura tion Guide 14-131 14.3.9.1 1 set maclock trap Use this command to enable or disable MAC lock trap messaging. When enabled, this authorizes the device to send an SNMP tra p message if an end station is connected that exceeds the maximum values config ured using [...]

  • Page 1292

    Security Configuration Command Set Configuring MAC Locking 14-132 Matrix NSA Series Configuration Guide 14.3.9.12 clear maclock Use this command to clear MAC locking from one or more static MAC addresses. clear maclock { all | mac-addr ess port-string } Synt ax Description Command Default s None. Command T ype Switch command. Command Mode Read-W ri[...]

  • Page 1293

    Security Configurati on Command Set Configuring Multiple Authentica tio n Matrix NSA Series Configura tion Guide 14-133 14.3.10 Configuring Multiple Authentication About Multiple Authentication When enabled, multiple authentic ation allows multiple users to authenticate using up to three methods on the same port, and receive a policy traf fic profi[...]

  • Page 1294

    Security Configuration Command Set Configuring Multiple Authentication 14-134 Matrix NSA Series Configuration Guide Purpose T o configure multiple authentication. Commands The commands used to configure multiple authentication are listed below and d escribed in the associated section as shown: • set multiauth mode ( Section 14.3. 10.1 ) • clear[...]

  • Page 1295

    Security Configurati on Command Set Configuring Multiple Authentica tio n Matrix NSA Series Configura tion Guide 14-135 14.3.10.1 set multiauth mode Use this command to set the system authentic ation mode to use mu ltiple authenticators simultaneously or to strictly adhere to 802.1X. set multiauth mode { mu lti | strict } Synt ax Description Comman[...]

  • Page 1296

    Security Configuration Command Set Configuring Multiple Authentication 14-136 Matrix NSA Series Configuration Guide 14.3.10.2 clear multiau th mode Use this command to clear the system authentication mode. clear multiauth mode Synt ax Description None. Command T ype Switch command. Command Mode Read-W rite. Command Default s None. Examples This exa[...]

  • Page 1297

    Security Configurati on Command Set Configuring Multiple Authentica tio n Matrix NSA Series Configura tion Guide 14-137 14.3.10.3 set multiauth precedence Use this command to set the system’ s multiple authentication administra tive precedence.When a user is succes sfully authenticated by more than one method at the same tim e, the precedence of [...]

  • Page 1298

    Security Configuration Command Set Configuring Multiple Authentication 14-138 Matrix NSA Series Configuration Guide 14.3.10.4 clear multiau th precedence Use this command to clear the system’ s multip le authentication administrative precedence. clear multiauth precedence Synt ax Description None. Command T ype Switch command. Command Mode Read-W[...]

  • Page 1299

    Security Configurati on Command Set Configuring Multiple Authentica tio n Matrix NSA Series Configura tion Guide 14-139 14.3.10.5 show multiauth port Use this command to display multiple authen tication properties for one or more ports. show multiauth port [ port-string ] Synt ax Description Command T ype Switch command. Command Mode Read-Only . Co[...]

  • Page 1300

    Security Configuration Command Set Configuring Multiple Authentication 14-140 Matrix NSA Series Configuration Guide 14.3.10.6 set multiauth port Use this command to set mu ltiple authentication propertie s for one or more ports. set multiauth port mode {auth-opt | au th-reqd | force-auth | forc e-unauth} | numusers numusers port-string Synt ax Desc[...]

  • Page 1301

    Security Configurati on Command Set Configuring Multiple Authentica tio n Matrix NSA Series Configura tion Guide 14-141 14.3.10.7 clear multiauth port Use this command to clear multiple authen tication properties for one or more ports. clear multiauth port {[ mode ] [ numusers ] port-string } Synt ax Description Command T ype Switch command. Comman[...]

  • Page 1302

    Security Configuration Command Set Configuring Multiple Authentication 14-142 Matrix NSA Series Configuration Guide 14.3.10.8 show multiauth st ation Use this command to display multiple au thentication station (end user) entries. show multiauth station [ mac addr ess ] [ port port-string ] Synt ax Description Command T ype Switch command. Command [...]

  • Page 1303

    Security Configurati on Command Set Configuring Multiple Authentica tio n Matrix NSA Series Configura tion Guide 14-143 14.3.10.9 clear multiauth st ation Use this command to clear one or more multiple authentica tion station entries. clear multiauth station [ mac addr ess ] port port-string Synt ax Description Command T ype Switch command. Command[...]

  • Page 1304

    Security Configuration Command Set Configuring Multiple Authentication 14-144 Matrix NSA Series Configuration Guide 14.3.10.10 show multiauth sessi on Use this command to display multip le authentication session entries. show multiauth session [ all ] [ agent { dot1x | mac | pwa | cep }] [ mac addr ess ] [ port port-string ] Synt ax Description Com[...]

  • Page 1305

    Security Configurati on Command Set Configuring Multiple Authentica tio n Matrix NSA Series Configura tion Guide 14-145 Example This example shows how to display multiple auth entication session: Matrix(rw)-> show multiaut h session Multiple authentication session e ntries --------------------------------- -------- Port : fe.2.2 Station address [...]

  • Page 1306

    Security Configuration Command Set Configuring Multiple Authentication 14-146 Matrix NSA Series Configuration Guide 14.3.10.1 1 show multiauth idle-timeout Use this command to display the mu ltiple authentication timeout value for an idle session. This will display the idle-timeout vlaues, in seconds, for the following authentic ation types: dot1x,[...]

  • Page 1307

    Security Configurati on Command Set Configuring Multiple Authentica tio n Matrix NSA Series Configura tion Guide 14-147 14.3.10.12 set multiauth idle-timeout Use this command to set the multiple authentic ation timeout value for an idle session. This command can set the idle-time out vlaues, in second s, for the following auth entication types: dot[...]

  • Page 1308

    Security Configuration Command Set Configuring Multiple Authentication 14-148 Matrix NSA Series Configuration Guide 14.3.10.13 clear multiauth idle-timeout Use this command to clear multiple authentication idle-timeout values , for an idle session, back to the default values for one or all authentication type s. The default value is 300 seconds for[...]

  • Page 1309

    Security Configurati on Command Set Configuring Multiple Authentica tio n Matrix NSA Series Configura tion Guide 14-149 14.3.10.14 show mult iauth session-timeout Use this command to display mu ltiple authentication session-timeo ut values for an active session. This will display the session-timeo ut values, in seconds, for the following authentica[...]

  • Page 1310

    Security Configuration Command Set Configuring Multiple Authentication 14-150 Matrix NSA Series Configuration Guide 14.3.10.15 set multiauth session-timeout Use this command to set multiple authentication session-timeout values, for an active session. set multiauth session-timeout [ cep | dot1x | mac | pwa ] timeout Synt ax Description Command Defa[...]

  • Page 1311

    Security Configurati on Command Set Configuring Multiple Authentica tio n Matrix NSA Series Configura tion Guide 14-151 14.3.10.16 clear mult iauth session-timeout Use this command to clear multip le aut hentication session-timeout values, for an active session, back to the default values. clear multiauth session-timeout [ cep | dot1x | mac | pwa ][...]

  • Page 1312

    Security Configuration Command Set Configuring Secu re Shell (SSH) 14-152 Matrix NSA Series Configuration Guide 14.3.1 1 Configuring Se cure Shell (SSH) Purpose T o review , enable, disable, and configure the Secu re Shell (SSH) protoc ol, which provides secure Te l n e t . Commands The commands used to review and configure SSH are listed below and[...]

  • Page 1313

    Security Configurati on Command Set Configuring Secure Shell (SSH) Matrix NSA Series Configura tion Guide 14-153 14.3.1 1.1 show ssh state Use this command to display the cu rrent status of SSH on the device. show ssh stat e Synt ax Description None. Command T ype Switch command. Command Mode Read-Only . Command Default s None. Examples This exampl[...]

  • Page 1314

    Security Configuration Command Set Configuring Secu re Shell (SSH) 14-154 Matrix NSA Series Configuration Guide 14.3.1 1 .2 set ssh Use this command to enable, disable or reinitialize SSH server on the device. set ssh { enable | disable | reinitialize} Synt ax Description Command T ype Switch command. Command Mode Read-W rite. Command Default s Non[...]

  • Page 1315

    Security Configurati on Command Set Configuring Secure Shell (SSH) Matrix NSA Series Configura tion Guide 14-155 14.3.1 1.3 set ssh hostkey Use this command to set or rein itialize new SSH authentication keys. set ssh hostkey [ reinitialize ] Synt ax Description Command T ype Switch command. Command Mode Read-W rite. Command Default s None. Example[...]

  • Page 1316

    Security Configuration Command Set Configuring Secu re Shell (SSH) 14-156 Matrix NSA Series Configuration Guide 14.3.1 1 .4 show rou ter ssh Use this command to display the st ate of SSH service to the router . show router ssh Synt ax Description None. Command T ype Switch command. Command Mode Read-Only . Command Default s None. Example This examp[...]

  • Page 1317

    Security Configurati on Command Set Configuring Secure Shell (SSH) Matrix NSA Series Configura tion Guide 14-157 14.3.1 1.5 set router ssh Use this command to enables or di sable SSH service to the router . set router ssh { enable | disable } Synt ax Description Command T ype Switch command. Command Mode Read-W rite. Command Default s None. Example[...]

  • Page 1318

    Security Configuration Command Set Configuring Secu re Shell (SSH) 14-158 Matrix NSA Series Configuration Guide 14.3.1 1.6 clear router ssh Use this command to reset SSH service to the router to the default state of disabled. clear router ssh Synt ax Description None. Command T ype Switch command. Command Mode Read-W rite. Command Default s None. E[...]

  • Page 1319

    Security Configurati on Command Set Configuring Access Lists Matrix NSA Series Configura tion Guide 14-159 14.3.12 Con figuring Access L ist s Purpose T o review and configure security access contro l lists (ACLs), which permit or de ny access to routing interfaces based on protocol and source IP address restrictions. Commands The commands used to [...]

  • Page 1320

    Security Configuration Command Set Configuring Access Lists 14-160 Matrix NSA Series Configuration Guide 14.3.12.1 show access-lists Use this command to display c onfigured IP access lists w hen operating in router mode. show access-lists [ number ] Synt ax Description Command T ype Router command. Command Mode Any router mode. Command Default s If[...]

  • Page 1321

    Security Configurati on Command Set Configuring Access Lists Matrix NSA Series Configura tion Guide 14-161 14.3.12.2 access-list (standard) Use this command to define a standard IP access list by num be r when operating in router mode. Restrictions defined by an access list are applied by using the ip access-group comma nd ( Section 14.3.12.4 ). ac[...]

  • Page 1322

    Security Configuration Command Set Configuring Access Lists 14-162 Matrix NSA Series Configuration Guide Command Synt ax of the “no” Form The “no” form of this command re moves the defined access list or entry: no access-list access-list-num ber [ entry ] Command T ype Router command. Command Mode Global configuration: Matrix>Router1(con[...]

  • Page 1323

    Security Configurati on Command Set Configuring Access Lists Matrix NSA Series Configura tion Guide 14-163 This example moves entry 16 to the beginning of ACL 22: Matrix>Router1(config)# ac cess-list 22 move 1 16[...]

  • Page 1324

    Security Configuration Command Set Configuring Access Lists 14-164 Matrix NSA Series Configuration Guide 14.3.12.3 access-list (extended) Use this command to define an extended IP acce ss list by number when operating in router mode. Restrictions defined by an access list are applied by us ing the ip acc ess-group command as described in Sec tion 1[...]

  • Page 1325

    Security Configurati on Command Set Configuring Access Lists Matrix NSA Series Configura tion Guide 14-165 Synt ax Description access-list-number Specifies an extended access list number . V alid values are from 100 to 199 . insert | re place entry (Optional) Inserts this new entr y before a specified entry in an existing ACL, or replaces a specifi[...]

  • Page 1326

    Security Configuration Command Set Configuring Access Lists 14-166 Matrix NSA Series Configuration Guide destination Specifies the network or host to which the packet will be sent. V alid options for e xpressing destination are: • IP address (A.B.C.D) • any - Any destination host • host sour ce - IP address of a single destination host destin[...]

  • Page 1327

    Security Configurati on Command Set Configuring Access Lists Matrix NSA Series Configura tion Guide 14-167 Command Synt ax of the “no” Form The “no” form of this command removes the defined access list or entry: no access-list access-list-numbe r [ entry ] Command T ype Router command. Command Mode Global configuration: Matrix>Router1(co[...]

  • Page 1328

    Security Configuration Command Set Configuring Access Lists 14-168 Matrix NSA Series Configuration Guide This example shows how to defi ne access list 102 to deny TCP packets transmitted from any IP source port with a the Dif fServ value set to 55. Matrix>Router1(config)# access-l ist 102 deny tcp any any dscp 55[...]

  • Page 1329

    Security Configurati on Command Set Configuring Access Lists Matrix NSA Series Configura tion Guide 14-169 14.3.12.4 ip access-g roup Use this command to apply access restrictions to inbound or outbound fram es on an interface when operating in router mode. ip access-group access-list-number { in | out } Synt ax Description Command Synt ax of the ?[...]

  • Page 1330

    Security Configuration Command Set Configuring Policy-Based Rou ting 14-170 Matrix NSA Series Configuration Guide 14.3.13 Configuring Policy-Based Routing About Policy-Based Routing Normally , IP pac kets are forwarded ac cording to the route that has been selected by traditional routing pro tocols, such as RIP and OSPF , or by st atic routes. In t[...]

  • Page 1331

    Security Configurati on Command Set Configuring Policy-Ba sed Routing Matrix NSA Series Configura tion Guide 14-171 • ip policy pinger ( Section 14.3 .13.9 )[...]

  • Page 1332

    Security Configuration Command Set Configuring Policy-Based Rou ting 14-172 Matrix NSA Series Configuration Guide 14.3.13.1 show rou te-map Use this command to displa y a configured route map li st for policy-based rou ting. show route-map id-number Synt ax Description Command T ype Router command. Command Mode Global configuration: Matrix>Route[...]

  • Page 1333

    Security Configurati on Command Set Configuring Policy-Ba sed Routing Matrix NSA Series Configura tion Guide 14-173 14.3.13.2 route-map Use this command to create a route map for policy- based routin g and to enab le policy-based routing configuration mode. route-map id-number [ permit | deny ] [ sequence-number ] Synt ax Description Command Synt a[...]

  • Page 1334

    Security Configuration Command Set Configuring Policy-Based Rou ting 14-174 Matrix NSA Series Configuration Guide Command Default s • If permit or deny is not specified, this comm and will enable route map or policy based ro uting configuration mode. • If sequence-number is n ot s pecif ied, 10 will be applied. Example This example shows how to[...]

  • Page 1335

    Security Configurati on Command Set Configuring Policy-Ba sed Routing Matrix NSA Series Configura tion Guide 14-175 14.3.13.3 match i p address Use this command to match a packet source IP address against a PBR access list. Up to 5 access lists can be matched. match ip address access-list-number Synt ax Description Command Synt ax of the “no” F[...]

  • Page 1336

    Security Configuration Command Set Configuring Policy-Based Rou ting 14-176 Matrix NSA Series Configuration Guide 14.3.13.4 set next hop Use this command to set one or more next hop IP address for pac kets matching an extended access list in a co nfigured route map. Up to five n ext hops can be specif ied. set next hop { next-hop1 }[ next-hop2. ...[...]

  • Page 1337

    Security Configurati on Command Set Configuring Policy-Ba sed Routing Matrix NSA Series Configura tion Guide 14-177 14.3.13.5 show ip policy Use this command to display the po licy applied to a routing interface . show ip policy Synt ax Description None. Command T ype Router command. Command Mode Global configuration: Matrix>Router1(config)# Com[...]

  • Page 1338

    Security Configuration Command Set Configuring Policy-Based Rou ting 14-178 Matrix NSA Series Configuration Guide Pinger Whether PBR ne xt ho p pinging is on or off. Can be turned on and configured us ing the ip policy pinger command as described in Section 14.3.13.9 . Interval PB R next hop pi ng interval (in secon ds). Default of 3 can be reset u[...]

  • Page 1339

    Security Configurati on Command Set Configuring Policy-Ba sed Routing Matrix NSA Series Configura tion Guide 14-179 14.3.13.6 ip p olicy route-map Use this command to assign a rout e map list to a routing interface . ip policy route-map id-num ber Synt ax Description Command Synt ax of the “no” Form The “no” form of un-a ssigns a route map [...]

  • Page 1340

    Security Configuration Command Set Configuring Policy-Based Rou ting 14-180 Matrix NSA Series Configuration Guide 14.3.13.7 ip policy priority Use this command to prioritize P BR next hop behavior . ip policy priority {[ only ] [ first ] [ last ]} Synt ax Description Command Synt ax of the “no” Form The “no” form of this command resets the [...]

  • Page 1341

    Security Configurati on Command Set Configuring Policy-Ba sed Routing Matrix NSA Series Configura tion Guide 14-181 14.3.13.8 ip policy load-policy Use this command to configure PBR next h op behavior . When more than one next hop is co nfigured (using the set next hop command as described in Section 14.3.13.4 ) the load policy specifies choosing o[...]

  • Page 1342

    Security Configuration Command Set Configuring Policy-Based Rou ting 14-182 Matrix NSA Series Configuration Guide 14.3.13.9 ip policy pinger Use this command to configure behavior for p inging PBR next hops. ip policy pinger { off | on [ interva l interval ] [ retrie s re t r i e s } Synt ax Description Command Synt ax of the “no” Form The “n[...]

  • Page 1343

    Security Configurati on Command Set Configuring Denia l of Service (DoS ) Prevention Matrix NSA Series Configura tion Guide 14-183 14.3.14 Configuring Denial of Service (DoS) Prevention Purpose T o configure Denial of Service (DoS) prevention, which will protect the router from attacks and notify administrators via Sys l og . Commands The commands [...]

  • Page 1344

    Security Configuration Command Set Configuring Denial of Service (DoS) Prevention 14-184 Matrix NSA Series Configuration Guide 14.3.14.1 show host dos Use this command to display Denial of Service security status and counters. show hostdos Synt ax Description None, Command T ype Router command. Command Mode Global configuration: Matrix>Router1(c[...]

  • Page 1345

    Security Configurati on Command Set Configuring Denia l of Service (DoS ) Prevention Matrix NSA Series Configura tion Guide 14-185 14.3.14.2 host dos Use this command to enable or disabl e Denial of Service security features . hostdos { land | fragmicmp | largeicmp size | checkspoof | portscan } Synt ax Description Command Synt ax of the “no” F[...]

  • Page 1346

    Security Configuration Command Set Configuring Denial of Service (DoS) Prevention 14-186 Matrix NSA Series Configuration Guide Examples This example shows how to globa lly enable land attack and larg e ICMP packets protection for packet s lar ger than 2000 bytes: This example shows how to enable spoofed address checking on the VLAN 1 interface: Mat[...]

  • Page 1347

    Security Configurati on Command Set Configuring Denia l of Service (DoS ) Prevention Matrix NSA Series Configura tion Guide 14-187 14.3.14.3 clear host dos-counters Use this command to clear Denial of Service security counters. clear hostdos-counters Synt ax Description None. Command T ype Router command. Command Mode Global configuration: Matrix&g[...]

  • Page 1348

    Security Configuration Command Set Configuring Flow Setup Throttling (FST) 14-188 Matrix NSA Series Configuration Guide 14.3.15 Configuring Flow Setup Throttling (FST) About FST Flow Setup Throttling (FST) is a proactive feature d esigned to mitigate DoS attacks before the virus can wreak havoc on the network. FST di rectly co mbats the effects of [...]

  • Page 1349

    Security Configurati on Command Set Configuring Flow Setup Throttling (FST) Matrix NSA Series Configura tion Guide 14-189 • set flowlimit port ( Section 14.3. 15.8 ) • clear flowlimit port class ( Section 14.3.15.9 ) • set flowlimit shutdown ( Section 14. 3.15.10 ) • set flowlimit notification ( S ection 14.3.15.1 1 ) • clear flowlimit no[...]

  • Page 1350

    Security Configuration Command Set Configuring Flow Setup Throttling (FST) 14-190 Matrix NSA Series Configuration Guide 14.3.15.1 show flowlimit Use this command to display fl ow setup throttling information. show flowlimit [ port [ port-string ]] [ stats [ port-string ]] Synt ax Description Command T ype Switch command. Command Mode Read-Only . Co[...]

  • Page 1351

    Security Configurati on Command Set Configuring Flow Setup Throttling (FST) Matrix NSA Series Configura tion Guide 14-191 14.3.15.2 set flowlimit Use this command to globally enab le or disable flow setup throttling. set flowlimit { enable | disable } Synt ax Description Command T ype Switch command. Command Mode Read-W rite. Command Default s None[...]

  • Page 1352

    Security Configuration Command Set Configuring Flow Setup Throttling (FST) 14-192 Matrix NSA Series Configuration Guide 14.3.15.3 set flowli mit limit Use this command to set a flow lim it that will trigger an action for a port user classi fication. Once configured, this limit can be: • associated with an action using the set flowlimit action com[...]

  • Page 1353

    Security Configurati on Command Set Configuring Flow Setup Throttling (FST) Matrix NSA Series Configura tion Guide 14-193 Example This example shows how to set th e flow limit 1 to 12 flows on ports classified as user ports: Matrix(rw)-> set flowlimit limit1 12 userport[...]

  • Page 1354

    Security Configuration Command Set Configuring Flow Setup Throttling (FST) 14-194 Matrix NSA Series Configuration Guide 14.3.15.4 clear flowlimit limit Use this command to remove a flow limit configuration. clear flowlimit { limit1 | l imit2 } [ userport | serverport | aggregated user | interswitchlink | unspecified ] Synt ax Description Command T [...]

  • Page 1355

    Security Configurati on Command Set Configuring Flow Setup Throttling (FST) Matrix NSA Series Configura tion Guide 14-195 14.3.15.5 set flowlimit action Use this command to associate an action with a flow limit. This is the act ion that will occur once the associated flow limit is reached. set flowlimit { action1 | action2 } [ notify ] [ drop ] [ d[...]

  • Page 1356

    Security Configuration Command Set Configuring Flow Setup Throttling (FST) 14-196 Matrix NSA Series Configuration Guide Command Default s • If action is not specified, no action will be applied. • If classification port type is not specified, none will be applied. Example This example shows how to set flow limiting action 1 to discard all flows[...]

  • Page 1357

    Security Configurati on Command Set Configuring Flow Setup Throttling (FST) Matrix NSA Series Configura tion Guide 14-197 14.3.15.6 clear fl owlimit action Use this command to remove a fl ow limiting action configuration. clear flowlimit { action1 | action2 } [ notify ] [ drop ] [ disable ] [ userport | serverport | aggregateduser | interswitchlink[...]

  • Page 1358

    Security Configuration Command Set Configuring Flow Setup Throttling (FST) 14-198 Matrix NSA Series Configuration Guide 14.3.15.7 show flowlimit class Use this command to display flow lim iting classification configuration(s). show flowlimit class [ userport | se rverport | aggr egateduser | interswitchlink | unspecified ] Synt ax Description Comma[...]

  • Page 1359

    Security Configurati on Command Set Configuring Flow Setup Throttling (FST) Matrix NSA Series Configura tion Guide 14-199 Example This example shows how to show flow limits and as sociated actions c onfigured for the various port classifications: Matrix(rw)-> show flowlimi t class Flow setup throttling class confi guration: Class Limit Action --[...]

  • Page 1360

    Security Configuration Command Set Configuring Flow Setup Throttling (FST) 14-200 Matrix NSA Series Configuration Guide 14.3.15.8 set flowli mit port Use this command to: • enable or disable flow limiting on on e or more port(s), • assign a flow limiting user classifica tion to one or more port(s). On ce a classification is assigned, these port[...]

  • Page 1361

    Security Configurati on Command Set Configuring Flow Setup Throttling (FST) Matrix NSA Series Configura tion Guide 14-201 Example This example shows how to assign the user port classification type to Fast Ethernet ports 3-5 in port group 2: Matrix(rw)-> set flowlimit port class userport fe.2.3-5[...]

  • Page 1362

    Security Configuration Command Set Configuring Flow Setup Throttling (FST) 14-202 Matrix NSA Series Configuration Guide 14.3.15.9 clear flowlimit port class Use this command to remove flow lim iting port classif ication properties. clear flowlimit port class [ port-string ] Synt ax Description Command T ype Switch command. Command Mode Read-W rite.[...]

  • Page 1363

    Security Configurati on Command Set Configuring Flow Setup Throttling (FST) Matrix NSA Series Configura tion Guide 14-203 14.3.15.10 set flow limit shutdown Use this command to enable or disable the flow lim it shut down fu nction. When enabled, this allows ports configured with a “disable” action to shut down. For information on using the set [...]

  • Page 1364

    Security Configuration Command Set Configuring Flow Setup Throttling (FST) 14-204 Matrix NSA Series Configuration Guide 14.3.15.1 1 set flowlimit notification Use this command to enable or di sable flow limit notification, or to set a notification interval. When enabled, this allows ports configured with a “t rap” action to send an SNMP trap me[...]

  • Page 1365

    Security Configurati on Command Set Configuring Flow Setup Throttling (FST) Matrix NSA Series Configura tion Guide 14-205 14.3.15.12 clear flowlimit notification interval Use this command to reset the SNMP flow limit notifi cation interval to th e default value of 120 seconds. clear flowlimit notification interval Synt ax Description None. Command [...]

  • Page 1366

    Security Configuration Command Set Configuring Flow Setup Throttling (FST) 14-206 Matrix NSA Series Configuration Guide 14.3.15.13 clear flowlimit st at s Use this command to reset flow limiting statistics back to default values on one or more port(s). clear flowlimit stats [ port-st ring ] Synt ax Description Command T ype Switch command. Command [...]

  • Page 1367

    Matrix NSA Series Configuration Guide Index-1 Index Numerics 802.1D 6-1 802.1Q 7-1 802.1w 6-1 802.1x 14-12 , 14-27 A Access Groups 14-169 Access Lists 14-161 to 14-164 Addresses IP, adding to switch rou ting table 11 -1 0 9 MAC, adding entries to routing tabl e 12-10 MAC, setting for IP routing 12-26 setting the router ID address 13-36 Advertised A[...]

  • Page 1368

    Index Index-2 M atrix NSA Se ries Conf iguratio n Guide Contexts (SNM P) 5-3 Convergence En d Points (CEP) phone detection 14-101 Copying Configuratio n or Image Files 2-1 14 Cost area default 13-51 OSPF 13-37 , 13-51 Spanning T ree port 6-1 12 D Debugging OSPF 13-74 Defaults CLI behavior, describe d 2-9 factory installed 2-1 DHCP Server 12-1 10 DH[...]

  • Page 1369

    Index Matrix NSA Series Configuration Guide Index-3 L License key advanced routing 2-90 , 13-2 Line Editing C ommands 2-1 1 , 2-17 Link Aggrega tion (LACP) 4-98 Link Layer Discovery Pro tocol (LLDP) configuring 3-25 Link State Advert isements displaying 13-6 2 retransmit interval 13-40 transmit de lay 13-41 LLDP configuring 3-25 LLDP-MED configurin[...]

  • Page 1370

    Index Index-4 M atrix NSA Se ries Conf iguratio n Guide retransmit interval 13-40 timers 13-39 transmit de lay 13- 41 virtual links 13-53 , 13-71 P Password aging 2-32 history 2-32 , 2-33 set new 2-29 setting the login 2-29 Path MTU Di scovery Protocol 2-1 19 Phone detection Cisco, Siemens and H.323 14-101 PIM 12-47 Ping 11 - 3 2 , 12-45 Policy Man[...]

  • Page 1371

    Index Matrix NSA Series Configuration Guide Index-5 S Scrolling Screens 2-16 Secure Shell (SSH) 14-152 enabling 14- 154 regenerating new keys 14-155 Security methods, overview of 14-1 Serial Port downloading upgra des via 2-94 set policy classify 8- 29 set policy port 8-1 1 , 8-38 set policy syslog 8-17 , 8-19 , 8-20 SNMP access rights 5-26 accessi[...]

  • Page 1372

    Index Index-6 M atrix NSA Se ries Conf iguratio n Guide egress lists 7-25 enabling GVRP 7-33 ingress filtering 7-1 1 naming 7-8 reviewing existing 7-3 secure management, creating 7- 32 VRRP authentic ation 13-105 configuration mo de, enabling 13-91 creating a session 13-92 critical IP 13-99 enabling on an inte rface 13-104 priority 13- 95 virtual r[...]