User Reference Manual.book

More documents

Recommendations

Info

Contents Chapter 22: Access Control List Configuration Guide..................................371 ACL Basics ............................................................................................................................ 372 Defining Selection Criteria in ACL Rules ...................................................................... 372 How ACL Rules are Evaluated....................................................................................... 373 Implicit Deny Rule.......................................................................................................... 374 Allowing External Responses to Established TCP Connections .................................... 375 Creating ACLs........................................................................................................................ 376 In-line Editing .......................................................................................................... 377 Wildcards ................................................................................................................. 377 Applying ACLs ...................................................................................................................... 377 Applying ACLs to Interfaces .......................................................................................... 378 Applying ACLs to Services ............................................................................................ 379 Applying ACLs to Layer-4 Bridging Ports..................................................................... 379 Using ACLs as Profiles................................................................................................... 379 Using Profile ACLs with the IP Policy Facility ...................................................... 380 Using Profile ACLs with the Traffic Rate Limiting Facility................................... 381 Using Profile ACLs with Dynamic NAT ................................................................ 382 Using Profile ACLs with the Port Mirroring Facility.............................................. 382 Using Profile ACLs with the Web Caching Facility ............................................... 383 Modifying ACLs .................................................................................................................... 384 Maintaining ACLs Using the ACL Editor ...................................................................... 384 Editing ACLs Offline...................................................................................................... 385 Enabling ACL Logging.......................................................................................................... 386 Monitoring ACLs ................................................................................................................... 387 Chapter 23: Security Configuration Guide .....................................................389 Security Overview.................................................................................................................. 389 Configuring X-Pedition Access Security ............................................................................... 390 RADIUS..........................................................................................................................390 Configuring RADIUS .............................................................................................. 390 Monitoring RADIUS ............................................................................................... 391 Configuring Passwords ............................................................................................ 391 TACACS Plus................................................................................................................. 392 Configuring TACACS Plus ..................................................................................... 392 Monitoring TACACS Plus....................................................................................... 393 Configuring Passwords ............................................................................................ 393 Password Policy Management ........................................................................................ 394 Single-User Mode .................................................................................................... 394 Multi-User Mode ..................................................................................................... 395 SNMP.............................................................................................................................. 396 SNMPv1, SNMPv2c, and SNMPv3 Agent Overview............................................. 396 Security .................................................................................................................... 396 Access Control......................................................................................................... 397 Reliability................................................................................................................. 398 Supported SNMPv3 MIBs ....................................................................................... 398 Configuration Overview ................................................................................................. 400 Creating Users.......................................................................................................... 400 Creating Communities ............................................................................................. 401 Creating Groups....................................................................................................... 403 xviii Enterasys X-Pedition User Reference Manual
Contents Assigning Users........................................................................................................403 Defining Views.........................................................................................................404 Defining Targets .......................................................................................................405 Configuring Target Parameters ................................................................................406 Creating Notification Filters.....................................................................................406 Configuring Informs .................................................................................................407 Configuration Notes .................................................................................................408 Assigning Aliases to Interfaces ................................................................................408 Layer-2 Security Filters ..........................................................................................................409 Configuring Layer-2 Address Filters...............................................................................410 Configuring Layer-2 Port-to-Address Lock Filters .........................................................410 Configuring Layer-2 Static-Entry Filters.........................................................................411 Configuring Layer-2 Secure Port Filters .........................................................................411 Monitoring Layer-2 Security Filters ................................................................................412 Layer-2 Filter Examples ..................................................................................................413 Example 1: Address Filters.......................................................................................413 Example 2: Secure Ports...........................................................................................414 Layer-3 Security Controls.......................................................................................................415 Access Control Lists (ACLs)...........................................................................................415 Rate Limiting ...................................................................................................................415 Features Available ....................................................................................................415 Configuration............................................................................................................416 Output .......................................................................................................................419 Enable / Disable........................................................................................................419 Broadcast Monitor ...........................................................................................................419 Detection...................................................................................................................419 Reaction ....................................................................................................................420 Configuration............................................................................................................420 Output .......................................................................................................................421 Enable / Disable........................................................................................................421 Port Mirroring ..................................................................................................................422 Features Available ....................................................................................................422 Configuration............................................................................................................422 Sample configurations ..............................................................................................423 Output .......................................................................................................................424 Diagrams...................................................................................................................424 Enable / Disable........................................................................................................424 Layer-4 Bridging and Filtering ...............................................................................................424 Creating an IP or IPX VLAN for Layer-4 Bridging........................................................425 Placing the Ports on the Same VLAN .............................................................................425 Enabling Layer-4 Bridging on the VLAN .......................................................................426 Creating ACLs to Specify Selection Criteria for Layer-4 Bridging ................................427 Applying a Layer-4 Bridging ACL to a Port ...................................................................427 Notes ................................................................................................................................428 Chapter 24: QoS Configuration Guide............................................................429 QoS, Layer-2, Layer-3, and Layer-4 Flow Overview.............................................................429 Queuing Policies ..............................................................................................................430 Layer-2, Layer-3, and Layer-4 Flow Specification .........................................................430 Layer-2......................................................................................................................430 Enterasys X-Pedition User Reference Manual xix
Page 1 and 2: 9032578-24 User Reference Manual Re
Page 3 and 4: ENTERASYS NETWORKS, INC. PROGRAM LI
Page 5 and 6: 9. OWNERSHIP. This is a license agr
Page 7 and 8: Contents About this Manual ........
Page 9 and 10: Contents Set Up an Audit Trail on t
Page 11 and 12: Contents Associate a Virtual Channe
Page 13 and 14: Contents Configuring RIP Interfaces
Page 15 and 16: Contents Example 1: Importing from
Page 17: Contents Setting Timeouts for Load
Page 21 and 22: Contents RMON CLI Filters..........
Page 23 and 24: What’s New About this Manual This
Page 25 and 26: Getting Help Getting Help For addit
Page 27 and 28: Chapter 1 Maintaining Configuration
Page 29 and 30: Configuration Files the show active
Page 31 and 32: Configuration Files 2. Enter the fo
Page 33 and 34: Backing up and Restoring the System
Page 35 and 36: Remote File Boot With this feature,
Page 37 and 38: Configuring System Settings negate
Page 39 and 40: Chapter 2 Virtual File Systems This
Page 41 and 42: PCMCIA Virtual File System (VFS) If
Page 43 and 44: Hot Swapping Overview Chapter 3 Hot
Page 45 and 46: Removing the Line Card Line Cards
Page 47 and 48: Control Modules Note: On an XP-8000
Page 49 and 50: 3. Press the Hot Swap button or ent
Page 51 and 52: Switching Fabric Module (XP-8600 on
Page 53 and 54: GBICs (ER16 only) GBICs (ER16 only)
Page 55 and 56: Chapter 4 Using the CLI This chapte
Page 57 and 58: Native and Common CLI Modes Command
Page 59 and 60: Types of passwords to avoid: - User
Page 61 and 62: Password Policy Management Single-U
Page 63 and 64: • Whether or not to disable the u
Page 65 and 66: Note: SSH client requires firmware
Page 67 and 68: Server Keys Secure Shell (SSH) Serv
Page 69 and 70:
Secure Shell (SSH) Server You may a
Page 71 and 72:
Setting CLI Parameters By default,
Page 73 and 74:
sfs - Show SecureFast Switching (SF
Page 75 and 76:
Table 4. CLI Line Editing Commands
Page 77 and 78:
Port Names • et.(1-3).(1-8) refer
Page 79 and 80:
Introduction Facility Support Chapt
Page 81 and 82:
PHY_POLL Physical ports PIM Protoco
Page 83 and 84:
Logging Methods Logging Methods The
Page 85 and 86:
Syslog Logging Remote Syslog Server
Page 87 and 88:
Audit Trail Audit Messages Audit Tr
Page 89 and 90:
Set Up an Audit Trail on a Syslog S
Page 91 and 92:
ACL Logging ACL Logging The report-
Page 93 and 94:
Overview Chapter 6 SmartTRUNK Confi
Page 95 and 96:
To create a SmartTRUNK, enter the f
Page 97 and 98:
Monitoring SmartTRUNKs Monitoring S
Page 99 and 100:
Configuring the Link Aggregation Co
Page 101 and 102:
Configuring the Link Aggregation Co
Page 103 and 104:
Bridging Overview Chapter 7 Bridgin
Page 105 and 106:
Port-based VLANs VLAN Overview Deta
Page 107 and 108:
VLAN Overview The XP switching rout
Page 109 and 110:
Configuring XP Bridging Functions T
Page 111 and 112:
Configuring XP Bridging Functions N
Page 113 and 114:
Defining the Maximum Age Configurin
Page 115 and 116:
Configuring VLANs for Bridging Conf
Page 117 and 118:
First, create an IP VLAN named ‘B
Page 119 and 120:
ATM Overview Chapter 8 ATM Configur
Page 121 and 122:
Virtual channel and IPX Routing Vir
Page 123 and 124:
Service Profile Definition rt-vbr R
Page 125 and 126:
Cell Mapping Cell Mapping Note: Ref
Page 127 and 128:
Peer Address Mapping Peer Address M
Page 129 and 130:
• Operational Status Shows whethe
Page 131 and 132:
Displaying ATM Port Information esf
Page 133 and 134:
ATM Sample Configuration 1 Apply an
Page 135 and 136:
ATM Sample Configuration 1 11.1.2.1
Page 137 and 138:
ATM Sample Configuration 2 bandwidt
Page 139 and 140:
Step 5: Applying an ATM Service Pro
Page 141 and 142:
The following command applies the I
Page 143 and 144:
ATM Sample Configuration 3 The foll
Page 145 and 146:
ATM Sample Configuration 4 To try a
Page 147 and 148:
Overview Chapter 9 Packet-over-SONE
Page 149 and 150:
Configuring Automatic Protection Sw
Page 151 and 152:
Force a switch to the specified por
Page 153 and 154:
Example Configurations This section
Page 155 and 156:
The following is the configuration
Page 157 and 158:
DHCP Overview Chapter 10 DHCP Confi
Page 159 and 160:
Table 8. Client Parameters Paramete
Page 161 and 162:
DHCP Configuration Examples DHCP Co
Page 163 and 164:
DHCP Configuration Examples resides
Page 165 and 166:
Chapter 11 IP Routing Configuration
Page 167 and 168:
Configuring IP Interfaces to Ports
Page 169 and 170:
xp(config)# port set gi.3.1 mtu 500
Page 171 and 172:
Local Proxy ARP Configuring IP Inte
Page 173 and 174:
Specifying IP Interfaces for RARP C
Page 175 and 176:
Configuring IP Interfaces and Param
Page 177 and 178:
To display additional IP informatio
Page 179 and 180:
3. The interface on which router ad
Page 181 and 182:
VRRP Overview Chapter 12 VRRP Confi
Page 183 and 184:
Configuring VRRP • The XP support
Page 185 and 186:
Figure 9. Symmetrical VRRP Configur
Page 187 and 188:
Master for VRID=1 1st Backup for VR
Page 189 and 190:
The following table shows the prior
Page 191 and 192:
The following table shows the prior
Page 193 and 194:
Hashing Configuring VRRP increment
Page 195 and 196:
Additional Configuration Configurin
Page 197 and 198:
Monitoring VRRP Monitoring VRRP The
Page 199 and 200:
To display VRRP statistics for virt
Page 201 and 202:
VRRP Configuration Notes • These
Page 203 and 204:
RIP Overview Chapter 13 RIP Configu
Page 205 and 206:
Authentication None Update interval
Page 207 and 208:
To monitor RIP information, enter t
Page 209 and 210:
OSPF Overview Chapter 14 OSPF Confi
Page 211 and 212:
Enabling OSPF OSPF is disabled by d
Page 213 and 214:
Specify the identifier of the key c
Page 215 and 216:
To configure virtual links, enter t
Page 217 and 218:
To display OSPF information, enter
Page 219 and 220:
Exporting all Interfaces and Static
Page 221 and 222:
Example 2 OSPF Configuration Exampl
Page 223 and 224:
160.1.5.2/24 202.1.2.2/16 R2 160.1.
Page 225 and 226:
BGP Overview Chapter 15 BGP Configu
Page 227 and 228:
Setting the Autonomous System Numbe
Page 229 and 230:
Adding and Removing a BGP Peer Star
Page 231 and 232:
To import all routes (.* matches al
Page 233 and 234:
BGP Configuration Examples paramete
Page 235 and 236:
The gated.conf file for router X-Pe
Page 237 and 238:
BGP Configuration Examples In this
Page 239 and 240:
Figure 14 illustrates a sample IBGP
Page 241 and 242:
The configuration for router C1 (a
Page 243 and 244:
The gated.conf file for router X-Pe
Page 245 and 246:
Community Attribute Example BGP Con
Page 247 and 248:
In Figure 16, router X-Pedition11 h
Page 249 and 250:
BGP Configuration Examples The spec
Page 251 and 252:
10.200.12.1/24 10.200.13.1/24 10.20
Page 253 and 254:
BGP Configuration Examples groups.
Page 255 and 256:
BGP Configuration Examples Note: Be
Page 257 and 258:
Sample Configuration 1 BGP Configur
Page 259 and 260:
EBGP Aggregation Example BGP Config
Page 261 and 262:
BGP Configuration Examples In this
Page 263 and 264:
BGP Configuration Examples • If t
Page 265 and 266:
Chapter 16 Routing Policy Configura
Page 267 and 268:
Import-Source Route-Filter • Rout
Page 269 and 270:
Route-Filter Route Import and Expor
Page 271 and 272:
Aggregate-Source Route-Filter Authe
Page 273 and 274:
Configuring Simple Routing Policies
Page 275 and 276:
Redistributing Aggregate Routes Con
Page 277 and 278:
The following configuration command
Page 279 and 280:
Configuring Advanced Routing Polici
Page 281 and 282:
Page 283 and 284:
Page 285 and 286:
Page 287 and 288:
Page 289 and 290:
Page 291 and 292:
Page 293 and 294:
Page 295 and 296:
Page 297 and 298:
Page 299 and 300:
IP Multicast Overview Chapter 17 Mu
Page 301 and 302:
IGMP Overview To configure the IGMP
Page 303 and 304:
DVMRP Overview To support backward
Page 305 and 306:
DVMRP Tunnels TTL = 1 Threshold = 1
Page 307 and 308:
Protocol Independent Multicast (PIM
Page 309 and 310:
Sparse Mode Protocol Independent Mu
Page 311 and 312:
Page 313 and 314:
Example 1 Protocol Independent Mult
Page 315 and 316:
RIPv2 Protocol Independent Multicas
Page 317 and 318:
OSPF Protocol Independent Multicast
Page 319 and 320:
BGP Protocol Independent Multicast
Page 321 and 322:
The RIB as seen from R4: Protocol I
Page 323 and 324:
Example 2 Protocol Independent Mult
Page 325 and 326:
R3 configuration: interface create
Page 327 and 328:
PIM DR Protocol Independent Multica
Page 329 and 330:
Page 331 and 332:
Page 333 and 334:
Static RPs Protocol Independent Mul
Page 335 and 336:
Now CLIENT 3 joins to the 239.1.1.1
Page 337 and 338:
Multiple Clients Joining Protocol I
Page 339 and 340:
References The information in this
Page 341 and 342:
Overview Chapter 18 IP Policy-Based
Page 343 and 344:
Configuring IP Policies For example
Page 345 and 346:
IP Policy Configuration Examples IP
Page 347 and 348:
IP Policy Configuration Examples Tr
Page 349 and 350:
The following is the configuration
Page 351 and 352:
12. The rule to apply to the packet
Page 353 and 354:
Overview Chapter 19 Network Address
Page 355 and 356:
The XP allows you to create the fol
Page 357 and 358:
Managing Dynamic Bindings enabled (
Page 359 and 360:
NAT and VRRP enabled (nat set secur
Page 361 and 362:
Using Dynamic NAT The first step is
Page 363 and 364:
Configuration Examples are created;
Page 365 and 366:
Configuration Examples Then, define
Page 367 and 368:
Overview Chapter 20 Web Hosting Con
Page 369 and 370:
Adding Servers to the Load Balancin
Page 371 and 372:
Load Balancing session, the source
Page 373 and 374:
Verifying Extended Content You can
Page 375 and 376:
Setting Timeouts for Load Balancing
Page 377 and 378:
Load Balancing The read-till-index
Page 379 and 380:
The network shown in the previous e
Page 381 and 382:
Specifying the Client(s) for the Ca
Page 383 and 384:
Bypassing Cache Servers Web Caching
Page 385 and 386:
IPX Routing Overview Chapter 21 IPX
Page 387 and 388:
Configuring IPX RIP & SAP IPX RIP I
Page 389 and 390:
Specifying IPX Encapsulation Method
Page 391 and 392:
Controlling Access to IPX Networks
Page 393 and 394:
Creating an IPX RIP Access Control
Page 395 and 396:
! !Add static sap ipx add sap 0004
Page 397 and 398:
Chapter 22 Access Control List Conf
Page 399 and 400:
The following syntax description sh
Page 401 and 402:
ACL Basics If a packet comes in fro
Page 403 and 404:
In-line Editing Wildcards Applying
Page 405 and 406:
Applying ACLs to Services Applying
Page 407 and 408:
Applying ACLs policy command to spe
Page 409 and 410:
Applying ACLs The following command
Page 411 and 412:
Modifying ACLs If you edit and save
Page 413 and 414:
Monitoring ACLs All This will repor
Page 415 and 416:
Security Overview Chapter 23 Securi
Page 417 and 418:
Monitoring RADIUS Configuring Passw
Page 419 and 420:
Monitoring TACACS Plus Configuring
Page 421 and 422:
Multi-User Mode Configuring X-Pedit
Page 423 and 424:
Access Control Configuring X-Pediti
Page 425 and 426:
• RFC 2011 Internet Protocol (IP)
Page 427 and 428:
Creating Communities Configuring X-
Page 429 and 430:
Creating Groups Assigning Users Con
Page 431 and 432:
Defining Targets Configuring X-Pedi
Page 433 and 434:
Configuring Informs Configuring X-P
Page 435 and 436:
Layer-2 Security Filters X-Pedition
Page 437 and 438:
Layer-2 Security Filters To configu
Page 439 and 440:
Layer-2 Filter Examples Example 1:
Page 441 and 442:
Layer-3 Security Controls Destinati
Page 443 and 444:
Layer-3 Security Controls Define an
Page 445 and 446:
Output Enable / Disable Layer-3 Sec
Page 447 and 448:
Output Enable / Disable Layer-3 Sec
Page 449 and 450:
Sample configurations Example 1: On
Page 451 and 452:
Layer-4 Bridging and Filtering You
Page 453 and 454:
Creating ACLs to Specify Selection
Page 455 and 456:
Chapter 24 QoS Configuration Guide
Page 457 and 458:
Layer-3 Layer-4 Traffic Prioritizat
Page 459 and 460:
Traffic Prioritization You can crea
Page 461 and 462:
Setting an IP QoS Policy Traffic Pr
Page 463 and 464:
Weighted Random Early Detection (WR
Page 465 and 466:
ToS Rewrite ToS Rewrite To enable W
Page 467 and 468:
Monitoring QoS ToS Rewrite The foll
Page 469 and 470:
Traffic Profiles Burst-Compensating
Page 471 and 472:
Limiting Traffic Rate To define a p
Page 473 and 474:
Flow-Aggregate Rate Limiting Limiti
Page 475 and 476:
Limiting Traffic Rate To define a V
Page 477 and 478:
Performance Monitoring Overview Cha
Page 479 and 480:
Configuring the X-Pedition for Port
Page 481 and 482:
RMON Overview Chapter 26 RMON Confi
Page 483 and 484:
120-port XP-8600 with lite, standar
Page 485 and 486:
Standard RMON Groups Configuring an
Page 487 and 488:
Using RMON Using RMON RMON on the X
Page 489 and 490:
Configuring RMON Groups To configur
Page 491 and 492:
Displaying RMON Information Display
Page 493 and 494:
Displaying RMON Information The fol
Page 495 and 496:
5. Make sure that RMON has not run
Page 497 and 498:
Introduction Chapter 27 NetFlow Con
Page 499 and 500:
Usage Accounting Traffic Profiling
Page 501 and 502:
NetFlow Data Warehousing and Mining
Page 503 and 504:
NetFlow Architecture A NetFlow desi
Page 505 and 506:
How does NetFlow Account for a Flow
Page 507 and 508:
Export Policy As demonstrated in th
Page 509 and 510:
Prerequisites Before configure NetF
Page 511 and 512:
Overriding Default Parameters appea
Page 513 and 514:
Show Command Output Show Command Ou
Page 515 and 516:
Field Description Show Command Outp
Page 517 and 518:
Chapter 28 WAN Configuration Guide
Page 519 and 520:
Static Addresses Mapped Addresses D
Page 521 and 522:
Average Packet Size Nature of the D
Page 523 and 524:
Source Filtering and ACLs WAN Overv
Page 525 and 526:
Configuring Frame Relay Interfaces
Page 527 and 528:
Display MIBII statistics for frame
Page 529 and 530:
Defining the Type and Location of a
Page 531 and 532:
Monitoring PPP WAN Ports Monitoring
Page 533 and 534:
Multi-Router WAN Configuration Fram
Page 535 and 536:
ip set interface all version 2 rip
Page 537 and 538:
frame-relay create vc port hs.3.1.1
show all

User Reference Manual.book

Create successful ePaper yourself

Delete template?

Save as template?