Manuals / Brands / Computer Equipment / Switch / Enterasys Networks / Computer Equipment / Switch

Enterasys Networks DFE-Gold Series Configuring Flow Setup Throttling (FST)

1 944

Download 944 pages, 7.36 Mb

clear hostdos-counters Configuring Flow Setup Throttling (FST)

Enterasys Matrix DFE-Gold Series Configuration Guide 24-25

Configuring Flow Setup Throttling (FST)

About FST

FlowSetupThrottling(FST)isaproactivefeaturedesignedtomitigateDoSattacksbeforethe

viruscanwreakhavoconthenetwork.FSTdirectlycombatstheeffectsofDoSattacksbylimiting

thenumberofneworestablishedflowsthatcanbeprogrammedonanyindividualswitchport.

Thisisachievedbymonitoringthenewflowarrivalrateand/orcontrollingthemaximumnumber

ofallowableflows.

FSTlimitsthevulnerabilityofconnectionattacksonthenetworkbyallowingadministratorsto:

• GloballyenableFSTontheswitchandonaport‐by‐portbasis.

• Configurethemaximumflowsallowedperuserclassification(porttype)andtheactionsthat

willoccurwhenflowlimitsarereached.

• Assignauserclassificationtoeachinterface.

• ControlthegenerationofSNMPnotifications.

• Controlthetime(inseconds)towaitbeforegeneratinganothernotificationofthesametype

onthesameinterface.

• Controllinkstatus.

Purpose

ToreviewandconfigureFlowSetupThrottling.

Commands

For information about... Refer to page...

show flowlimit 24-26

set flowlimit 24-26

set flowlimit limit 24-27

clear flowlimit limit 24-28

set flowlimit action 24-28

clear flowlimit action 24-29

show flowlimit class 24-30

set flowlimit port 24-31

clear flowlimit port class 24-32

set flowlimit shutdown 24-32

set flowlimit notification 24-33

clear flowlimit notification interval 24-34

clear flowlimit stats 24-34

Contents

Main Page Notice Enterasys Networks, Inc. Software License Agreement Page Page Contents About This Guide Chapter 1: Introduction Chapter 2: Startup and General Configuration Page Page Chapter 3: Discovery Protocols Configuration Chapter 4: Port Configuration Page Chapter 5: SNMP Configuration Chapter 6: Spanning Tree Configuration Page Page Chapter 7: 802.1Q VLAN Configuration Chapter 8: Policy Classification Configuration Page Chapter 9: IGMP Configuration Chapter 10: System Logging Configuration Chapter 11: Network Monitoring Configuration Chapter 12: Network Address and Route Management Configuration Chapter 13: SNTP Configuration Chapter 14: Node Alias Configuration Chapter 15: NetFlow Configuration Chapter 16: IP Configuration Chapter 17: PIM Configuration Chapter 18: Network Address Translation (NAT) Configuration Chapter 19: LSNAT Configuration Chapter 20: DHCP Configuration Chapter 21: Routing Protocol Configuration Page Chapter 22: Port Priority and Rate Limiting Configuration Chapter 23: Transparent Web Cache Balancing Configuration Chapter 24: Security Configuration Chapter 25: Authentication Configuration Page Chapter 26: RADIUS Snooping Configuration Chapter 27: MultiAuth Configuration Index Figures Tables Page Page About This Guide Using This Guide Structure of This Guide Page Related Documents Conventions Used in This Guide Thefollowingconventionsareusedinthetextofthisdocument: Thefollowingiconsareusedinthisguide: Convention Description Getting Help Page Introduction Matrix DFE Series Features Matrix Series CLI Overview Device Management Methods Startup and General Configuration Startup and General Configuration Summary Factory Default Settings Table 2-1 Default Device Settings for Basic Switch Operation Page Page Table 2-2 Default Device Settings for Router Mode Operation CLI Defaults Descriptions CLI Command Modes Using WebView Displaying WebView status: Enabling / disabling WebView: Starting and Navigating the Command Line Interface Using a Console Port Connection Logging in with Administratively Configured Account Using a Telnet Connection Getting Help with CLI Syntax Using Context-Sensitive Help Performing Keyword Lookups Displaying Scrolling Screens Abbreviating and Completing Commands Using the Spacebar Auto Complete Function Configuring the Line Editor Figure 2-7 Basic Line Editing Emacs & vi Commands (continued) show line-editor set line-editor Setting User Accounts and Passwords show system login set system login clear system login set password show system password set system password Page clear system password show system lockout set system lockout Page Managing the Management Authentication Notification MIB show mgmt-auth-notify set mgmt-auth-notify clear mgmt-auth-notify Page Setting Basic Device Properties show ip address set ip address clear ip address show ip gratuitous-arp set ip gratuitous-arp clear ip gratuitous-arp show system Table 25providesanexplanationofthecommandoutput. show system hardware Usethiscommandtodisplaythesystemshardwareconfiguration. Table 2-5 Show System Output Display Page show system utilization Page set system utilization threshold clear system utilization show time set time show summertime set summertime set summertime date set summertime recurring clear summertime set prompt set cli completion loop show banner set banner motd message Specifiesamessageofthedaydisplayedpostsessionlogin.Thisisa clear banner show version Table 26providesanexplanationofthecommandoutput. Table 2-6 show version Output Details set system name set system location set system contact set width set length show logout set logout show physical alias set physical alias clear physical alias show physical assetid set physical assetid clear physical assetid Page Activating Licensed Features About Redundant Management on Matrix DFE-Gold Series Modules set license show license clear license Configuring Power over Ethernet (PoE) show inlinepower UsethiscommandtodisplaydevicePoEproperties. set inlinepower mode Usethiscommandtosetthechassispowerallocationmode. clear inlinepower mode set inlinepower available clear inlinepower available set inlinepower powertrap clear inlinepower powertrap set inlinepower assigned clear inlinepower assigned set inlinepower threshold clear inlinepower threshold set inlinepower management clear inlinepower management set inlinepower psetrap clear inlinepower psetrap show port inlinepower set port inlinepower clear port inlinepower Reviewing and Selecting a Boot Firmware Image Downloading a New Firmware Image Downloading from an FTP or TFTP Server Downloading via the Serial Port Page show boot system set boot system Starting and Configuring Telnet show telnet set telnet telnet show router telnet set router telnet clear router telnet Managing Configuration and Image Files dir Usethiscommandtolistfilesstoredinthefilesystem. filename (Optional)Specifiesthefilenameordirectorytolist. Iffilenameisnotspecified,allfilesinthesystemwillbedisplayed. Switch,ReadOnly. Table 27providesanexplanationofthecommandoutput. Table 2-7 dir Output Details show file Usethiscommandtodisplaythecontentsofanimageorconfigurationfile. filename Specifiesthefilenametodisplay. None. Switch,ReadOnly. Page show config configure copy delete sour ce destinat ion script Page Enabling or Disabling the Path MTU Discovery Protocol show mtu set mtu clear mtu Pausing, Clearing and Closing the CLI cls (clear screen) exit | quit Page Resetting the Device show reset reset reset at reset in clear config Gathering Technical Support Information show support Page Preparing the Device for Router Mode Pre-Routing Configuration Tasks Reviewing and Configuring Routing Toreviewandconfigurerouting. Table 2-8 Enabling the Switch for Routing show router clear router router UsethiscommandtoenterrouterCLImode. Switchcommand,ReadWrite. Thisexampleshowshowtoenableroutingonthisrouter: Enabling Router Configuration Modes Page Table 2-9 Router CLI Configuration Modes (continued) Page Discovery Protocols Configuration Displaying Neighbors show neighbors Ifportstringisnotspecified,allNetworkNeighborDiscoveryinformationwillbedisplayed. ThisexampleshowshowtodisplayNetworkNeighborDiscoveryinformation: Enterasys Discovery Protocol show cdp Table 31providesanexplanationofthecommandoutput. set cdp state UsethiscommandtoenableordisabletheCDPdiscoveryprotocolononeormoreports. Table 3-1 show cdp Output Details set cdp auth set cdp interval set cdp hold-time clear cdp Cisco Discovery Protocol show ciscodp show ciscodp port info set ciscodp status set ciscodp timer set ciscodp holdtime set ciscodp port clear ciscodp Page Link Layer Discovery Protocol and LLDP-MED LLDP Frames Configuration Tasks Page show lldp UsethiscommandtodisplayLLDPconfigurationinformation. ThisexampleshowshowtodisplayLLDPconfigurationinformation. show lldp port status show lldp port trap show lldp port tx-tlv show lldp port location-info show lldp port local-info Page Table 3-4 show lldp port local-info Output Details (continued) show lldp port remote-info port-string show lldp port network-policy port-string set lldp tx-interval set lldp hold-multiplier set lldp trap-interval set lldp med-fast-repeat set lldp port status set lldp port trap set lldp port med-trap set lldp port location-info set lldp port tx-tlv Page set lldp port network-policy Page clear lldp clear lldp port status clear lldp port trap clear lldp port med-trap clear lldp port location-info clear lldp port network-policy clear lldp port tx-tlv port-string Port Configuration Port Configuration Summary Console Port(s) Switch Ports Port String Syntax Used in the CLI port type.slot location.port number Examples Setting Console Port Properties show console clear console show console baud set console baud clear console baud show console flowcontrol set console flowcontrol clear console flowcontrol show console bits set console bits clear console bits show console stopbits set console stopbits clear console stopbits show console parity set console parity clear console parity Reviewing Port Status show port show port status show port counters Table 42providesanexplanationofthecommandoutput. Table 4-2 show port counters Output Details show port operstatuscause clear port operstatuscause Page Disabling / Enabling and Naming Ports set port disable port-string set port enable show port alias set port alias show forcelinkdown set forcelinkdown clear forcelinkdown Setting Speed and Duplex Mode show port speed set port speed show port duplex set port duplex Enabling / Disabling Jumbo Frame Support show port jumbo set port jumbo clear port jumbo Page Setting Auto-Negotiation and Advertised Ability show port negotiation set port negotiation show port mdix set port mdix clear port mdix show port advertise Table 43providesanexplanationofthecommandoutput. set port advertise Usethiscommandtoenableordisableandtoconfiguretheadvertisedabilityononeormore ports. Table 4-3 show port advertise Output Details clear port advertise port-string Page Setting Flow Control show port flowcontrol set port flowcontrol Configuring Link Traps and Link Flap Detection show port trap set port trap show linkflap Page Table 45providesanexplanationoftheshowlinkflapparameterscommandoutput. Thisexampleshowshowtodisplaythelinkflapmetricstable: Table 46providesanexplanationoftheshowlinkflapmetricscommandoutput. Table 4-5 show linkflap parameters Output Details Table 4-6 show linkflap metrics Output Details set linkflap globalstate set linkflap set linkflap interval set linkflap action clear linkflap action set linkflap threshold set linkflap downtime clear linkflap down clear linkflap Page Configuring Broadcast Suppression show port broadcast port-string set port broadcast clear port broadcast port-string Page Configuring Port Mirroring Supported Mirrors Active Destination Port Configurations Commands show port mirroring set port mirroring clear port mirroring Configuring LACP LACP Operation LACP Terminology Matrix Series Usage Considerations Page show lacp Table 49providesanexplanationofthecommandoutput. set lacp disable|enable DisablesorenablesLACP. Table 4-9 show lacp Output Details DFE-Gold Series devices allow for up to four ports per aggregator. clear lacp state set lacp asyspri set lacp aadminkey clear lacp set lacp static clear lacp static show lacp singleportlag set singleportlag clear singleportlag show port lacp set port lacp Page clear port lacp show lacp flowRegeneration set lacp flowRegeneration clear lacp flowRegeneration show lacp outportAlgorithm set lacp outportAlgorithm clear lacp outportAlgorithm Page SNMP Configuration SNMP Configuration Summary SNMPv1 and SNMPv2c SNMPv3 unauthorized source. About SNMP Security Models and Levels Using SNMP Contexts to Access Specific MIBs Creating a Basic SNMP Trap Configuration How SNMP Will Use This Configuration Reviewing SNMP Statistics show snmp engineid show snmp counters Page Page Table 5-4 show snmp counters Output Details (continued) Configuring SNMP Users, Groups and Communities show snmp user Page set snmp user clear snmp user show snmp group set snmp group clear snmp group show snmp community set snmp community clear snmp community Configuring SNMP Access Rights show snmp access ThisexampleshowshowtodisplaySNMPaccessinformation: set snmp access context name match) or a partial match with a given prefix. clear snmp access Configuring SNMP MIB Views show snmp view show snmp context UsethiscommandtodisplaythecontextlistconfigurationforSNMPsviewbasedaccesscontrol. Table 5-8 show snmp view Output Details set snmp view clear snmp view Configuring SNMP Target Parameters show snmp targetparams set snmp targetparams clear snmp targetparams Configuring SNMP Target Addresses show snmp targetaddr set snmp targetaddr clear snmp targetaddr Page Configuring SNMP Notification Parameters About SNMP Notify Filters show snmp notify Page set snmp notify clear snmp notify show snmp notifyfilter set snmp notifyfilter clear snmp notifyfilter show snmp notifyprofile set snmp notifyprofile clear snmp notifyprofile Page Configuring SNMP Walk Behavior set snmp timefilter break Page Spanning Tree Configuration Overview: Single, Rapid and Multiple Spanning Tree Protocols RSTP MSTP Spanning Tree Features Loop Protect Configuring Spanning Tree Bridge Parameters Page Page show spantree stats Table 61showsadetailedexplanationofcommandoutput. Table 6-1 show spantree Output Details Table 6-2 Port-Specific show spantree stats Output Details show spantree version set spantree version clear spantree version show spantree stpmode set spantree stpmode clear spantree stpmode show spantree maxconfigurablestps set spantree maxconfigurablestps clear spantree maxconfigurablestps show spantree mstilist set spantree msti clear spantree msti show spantree mstmap set spantree mstmap clear spantree mstmap show spantree vlanlist show spantree mstcfgid set spantree mstcfgid clear spantree mstcfgid show spantree bridgeprioritymode set spantree bridgeprioritymode clear spantree bridgeprioritymode show spantree priority set spantree priority Page clear spantree priority show spantree bridgehellomode set spantree bridgehellomode clear spantree bridgehellomode show spantree hello set spantree hello clear spantree hello show spantree maxage set spantree maxage clear spantree maxage show spantree fwddelay set spantree fwddelay clear spantree fwddelay show spantree autoedge set spantree autoedge clear spantree autoedge show spantree legacypathcost set spantree legacypathcost clear spantree legacypathcost show spantree tctrapsuppress set spantree tctrapsuppress clear spantree tctrapsuppress show spantree txholdcount set spantree txholdcount clear spantree txholdcount show spantree maxhops set spantree maxhops clear spantree maxhops show spantree spanguard set spantree spanguard clear spantree spanguard show spantree spanguardtimeout set spantree spanguardtimeout clear spantree spanguardtimeout show spantree spanguardlock clear / set spantree spanguardlock show spantree spanguardtrapenable set spantree spanguardtrapenable clear spantree spanguardtrap enable show spantree backuproot set spantree backuproot clear spantree backuproot show spantree backuproottrapendable set spantree backuproottrapenable clear spantree backuproottrapenable show spantree newroottrapendable set spantree newroottrapenable clear spantree newroottrapenable clear spantree default show spantree debug ThisexampleshowshowtodisplaySpanningTreedebugcountersforlinkaggregationport3, SID 0: clear spantree debug Configuring Spanning Tree Port Parameters show spantree portenable set spantree portenable clear spantree portenable show spantree portadmin set spantree portadmin clear spantree portadmin set spantree protomigration show spantree portstate show spantree blockedports show spantree portpri set spantree portpri clear spantree portpri set spantree porthello clear spantree porthello show spantree portcost show spantree adminpathcost set spantree adminpathcost clear spantree adminpathcost show spantree adminedge set spantree adminedge clear spantree adminedge show spantree operedge show spantree adminpoint show spantree operpoint set spantree adminpoint clear spantree adminpoint Configuring Spanning Tree Loop Protect Features set spantree lp UsethiscommandtoenableordisabletheLoopProtectfeatureperportandoptionally,perSID. show spantree lp clear spantree lp show spantree lplock clear spantree lplock set spantree lpcapablepartner show spantree lpcapablepartner clear spantree lpcapablepartner set spantree lpthreshold show spantree lpthreshold clear spantree lpthreshold set spantree lpwindow show spantree lpwindow clear spantree lpwindow set spantree lptrapenable show spantree lptrapenable clear spantree lptrapenable set spantree disputedbpduthreshold show spantree disputedbpduthreshold clear spantree disputedbpduthreshold show spantree nonforwardingreason Page 802.1Q VLAN Configuration VLAN Configuration Summary Port Assignment Scheme Port String Syntax Used in the CLI Preparing for VLAN Configuration About PVIDs and Policy Classification to a VLAN Creating a Secure Management VLAN Reviewing Existing VLANs show vlan Page Page Creating and Naming Static VLANs set vlan set vlan name clear vlan clear vlan name Assigning Port VLAN IDs (PVIDs) and Ingress Filtering show port vlan set port vlan clear port vlan show vlan interface set vlan interface clear vlan interface show port ingress filter set port ingress filter show port discard set port discard clear port discard Configuring the VLAN Egress List show port egress set vlan egress clear vlan egress show vlan dynamic egress set vlan dynamicegress Page Enabling/Disabling GVRP GARP VLAN Registration Protocol (GVRP) Operation Overview How It Works set vlan dynamicegress Enabling/Disabling GVRP RD Switch 3 1R show gvrp show garp timer Page set gvrp clear gvrp set garp timer clear garp timer Page Policy Classification Configuration Policy Classification Configuration Summary Configuring Policy Profiles show policy profile Table 81providesanexplanationofthecommandoutput. set policy profile Usethiscommandtocreateapolicyprofileentry. Table 8-1 show policy profile Output Details vlans If append is not used, previous VLAN settings are replaced. clear policy profile show policy invalid set policy invalid action clear policy invalid action Assigning Classification Rules to Policy Profiles show policy rule Page Table 82providesanexplanationofthecommandoutput. Table 8-2 show policy rule Output Details show policy capability set policy classify pr ofile-index classify-in dex set policy rule set policy port port-string admin-id clear policy rule clear policy all-rules set policy port show policy allowed-type set policy allowed-type clear policy allowed-type clear policy port-hit Page Configuring Policy Class of Service (CoS) Using Port-Based or Policy-Based CoS Settings About Policy-Based CoS Default and User-Defined Configurations ToconfigurepolicybasedClassofService. Table 8-4 Configuring User-Defined CoS show cos state set cos state show cos port-type Table 85providesanexplanationofthecommandoutput. Table 8-5 show cos port-type Output Details show cos unit show cos port-config set cos port-config irl clear cos port-config irl set cos port-config txq clear cos port-config txq show cos port-resource set cos port-resource irl irl-numbe r clear cos port-resource irl set cos port-resource txq clear cos port-resource txq show cos reference set cos reference irl clear cos reference irl set cos reference txq clear cos reference txq show cos settings set cos settings clear cos settings show cos violation irl clear cos violation irl clear cos all-entries Configuring Policy-Based Routing About Policy-Based Routing show route-map route-map match ip address set next hop show ip policy ip policy route-map ip policy priority ip policy load-policy ip policy pinger Page Page IGMP Configuration About IP Multicast Group Management IGMP Configuration Summary Enabling / Disabling IGMP show igmp enable set igmp enable set igmp disable Page Configuring IGMP vlanlist SpecifiestheVLAN(s)forwhichtodisplayIGMPquerystate. show igmp query UsethiscommandtodisplaytheIGMPquerystatusofoneormoreVLANs. set igmp query-enable set igmp query-disable show igmp grp-full-action set igmp grp-full-action show igmp config set igmp config set igmp delete show igmp groups show igmp static set igmp add-static set igmp remove-static show igmp protocols set igmp protocols clear igmp protocols show igmp vlan show igmp reporters show igmp flows show igmp counters show igmp number-groups Page System Logging Configuration Thischapterdescribessystemloggingcommandsandhowtousethem. Configuring System Logging show logging all Usethiscommandtodisplayallconfigurationinformationforsystemlogging. Thisexampleshowshowtodisplayallsystemlogginginformation: Table 101providesanexplanationofthecommandoutput. show logging server UsethiscommandtodisplaytheSyslogconfigurationforaparticularserver. Table 10-1 show logging all Output Details set logging server clear logging server show logging default set logging default clear logging default show logging application Page set logging application Page clear logging application show logging local set logging local clear logging local set logging here clear logging here show logging buffer Network Monitoring Configuration ThischapterdescribesNetworkMonitoringcommandsandhowtousethem. Monitoring Network Events and Status history Usethiscommandtodisplaythecontentsofthecommandhistorybuffer. show history set history show netstat ping Switchcommand,ReadWrite. Matrix(rw)>ping134.141.89.255Inthisexample,thehostatIPaddressisnotresponding: ThisexampleshowshowtopingIPaddress134.141.89.29with10packets: show users tell disconnect Configuring SMON show smon priority set smon priority clear smon priority show smon vlan set smon vlan clear smon vlan Page Configuring RMON RMON Monitoring Group Functions and Commands and notification of events from the device. Table 11-2 RMON Monitoring Group Functions and Commands (continued) show rmon stats Table 11-3 show rmon stats Output Details set rmon stats clear rmon stats show rmon history set rmon history clear rmon history show rmon alarm set rmon alarm properties set rmon alarm status clear rmon alarm show rmon event set rmon event properties set rmon event status clear rmon event show rmon host set rmon host properties set rmon host status clear rmon host show rmon topN Page set rmon topN properties set rmon topN status clear rmon topN show rmon matrix Page set rmon matrix properties set rmon matrix status clear rmon matrix show rmon channel set rmon channel clear rmon channel show rmon filter set rmon filter clear rmon filter show rmon capture set rmon capture clear rmon capture Network Address and Route Management Configuration Managing Switch Network Addresses and Routes show arp set arp clear arp S - manually configured entry (static) P - respond to ARP requests for this entry show rad set rad show ip route traceroute Page set ip route clear ip route show port mac show mac set mac clear mac port disable - Treats static unicast MAC addresses as unicast addresses. show newaddrtraps set newaddrtraps show movedaddrtrap set movedaddrtrap Page SNTP Configuration ThischapterdescribesSimpleNetworkTimeProtocol(SNTP)commandsandhowtousethem. Configuring Simple Network Time Protocol (SNTP) show sntp set sntp client clear sntp client set sntp server clear sntp server set sntp broadcastdelay clear sntp broadcast delay set sntp poll-interval clear sntp poll-interval set sntp poll-retry clear sntp poll-retry set sntp poll-timeout clear sntp poll-timeout show timezone set timezone clear timezone Node Alias Configuration Configuring Node Aliases show nodealias show nodealias mac Page show nodealias protocol Usethiscommandtodisplaynodealiasentriesbasedonprotocolandprotocoladdress. show nodealias config set nodealias set nodealias maxentries clear nodealias clear nodealias config NetFlow Configuration Configuring NetFlow Enterasys Matrix DFE Implementation Operation Version Support Commands show netflow set netflow cache clear netflow cache set netflow export-destination clear netflow export-destination set netflow export-interval clear netflow export-interval set netflow port clear netflow port set netflow export-version clear netflow export-version set netflow template The value of packets can range from 1 to 600. The default value is 20 packets. The value of minutes can range from 1 to 3600. The default value is 30 minutes. clear netflow template Page IP Configuration Configuring Routing Interface Settings About Loopback Versus VLAN Interfaces show interface interface ip ecm-forwarding-algorithm show ip interface ip address no shutdown Managing Router Configuration Files show running-config write no ip routing Performing a Basic Router Configuration Using Router-Only Config Files Displaying or Writing the Current Config to a File Configuring the Router Using a downloaded file... Reviewing and Configuring the ARP Table show ip arp the specified IP address. specified IP address. specified IP address. arp ip gratuitous-arp ip gratuitous-arp-learning ip proxy-arp ip mac-address arp timeout clear arp-cache Configuring Broadcast Settings Applying DHCP/BOOTP Relay ip directed-broadcast ip forward-protocol ip helper-address Reviewing IP Traffic and Configuring Routes show ip protocols show ip traffic Sent:0requests,1replies clear ip stats PrivilegedEXEC:Matrix>Router# UsethiscommandtoclearallIPtrafficcounters(IP,ICMP,UDP,TCP,IGMP,andARP). show ip route ip route ip icmp ping traceroute Page Configuring Debug IP Packet debug ip packet access-group debug ip packet restart show debugging no debug ip packet Page Page PIM Configuration Configuring PIM ip pim sparse mode ip pim bsr-candidate ip pim dr-priority ip pim rp-address ip pim rp-candidate show ip pim bsr Routercommand,PrivilegedEXEC:Matrix>Router# ThisexampleshowshowtodisplayBootStrapRouter(BSR)information: Table 171providesanexplanationofthecommandoutput. show ip pim interface UsethiscommandtodisplayinformationaboutPIMinterfacesthatarecurrentlyup(not shutdown). Table 17-1 show ip pim bsr Output Details show ip pim neighbor show ip pim rp Page show ip pim rp-hash show ip mroute show ip mforward show ip rpf Network Address Translation (NAT) Configuration Configuring Network Address Translation (NAT) NAT Configuration Task List and Commands ip nat ip nat pool ip nat inside source list ip nat inside source static (NAT) ip nat inside source static (NAPT) ip nat ftp-control-port ip nat secure-plus ip nat translation max-entries ip nat translation (timeouts) show ip nat translations Thisexampleshowsaportionoftheverboseversionoftheaboveexample: show ip nat statistics Routercommand,Globalconfiguration:Matrix>Router(config)# UsethiscommandtodisplayNATtranslationstatistics. Ifverboseisnotspecified,thestandardoutputisdisplayed. ThisexampledisplaystheNATstatisticsforthisrouter: Thisexampledisplaysaportionoftheverboseversionoftheaboveexample: clear ip nat translation clear ip nat translation inside (NAT) clear ip nat translation inside (NAPT) set router limits (NAT) show router limits (NAT) clear router limits (NAT) Page Page LSNAT Configuration Configuring Load Sharing Network Address Translation (LSNAT) About LSNAT LSNAT Configuration Considerations Session Persistence Sticky Persistence Configuration Considerations Configuring Direct Access to Real Servers Service Verification Application Content Verification (ACV) ToreviewandconfigureLoadSharingNetworkAddressTranslation(LSNAT). LSNAT Configuration Task List and Commands show ip slb serverfarms Usethiscommandtodisplayserverloadbalancingserverfarminformation. Table 19-1 LSNAT Configuration Task List and Commands (continued) ip slb ftpctrlport ip slb serverfarm real predictor sticky show ip slb reals Page Page inservice (real server) faildetect (real server) Page faildetect acv-command faildetect acv-reply faildetect acv-quit faildetect read-till-index maxconns weight show ip slb vservers Thisexampleshowshowtodisplaydetailedinformationaboutthetestvirtualserver: ip slb vserver serverfarm (Virtual Server) virtual Currently, only ftp may be specified. inservice (virtual server) client persistence level Page allow accessservers ip slb allowaccess_all show ip slb conns Table 194providesanexplanationofthedetailedcommandoutput. show ip slb stats Usethiscommandtodisplayloadserverbalancingstatistics. Table 19-4 show ip slb conns Output Details show ip slb sticky clear ip slb show router limits (LSNAT) set router limits (LSNAT) configured clear router limits (LSNAT) Page Page DHCP Configuration DHCP Overview Configuring DHCP DHCP Supported Options Table 20-1 DHCP Server Supported Options DHCP Command Modes Page ip dhcp server ip local pool exclude ip dhcp ping packets ip dhcp ping timeout ip dhcp pool domain-name dns-server netbios-name-server netbios-node-type default-router bootfile next-server option lease host client-class client-identifier client-name hardware-address show ip dhcp binding clear ip dhcp binding show ip dhcp server statistics Routercommand,AnyDHCPconfigurationmode. ThisexampleshowshowtodisplayDHCPserverstatistics: clear ip dhcp server statistics Routing Protocol Configuration Activating Advanced Routing Features Configuring RIP RIP Configuration Task List and Commands router rip UsethiscommandtoenableordisableRIPconfigurationmode. Table 21-1 RIP Configuration Task List and Commands network neighbor distance ip rip offset timers ip rip send version ip rip receive version key chain key key-string accept-lifetime send-lifetime ip rip authentication keychain ip rip authentication mode no auto-summary ip rip disable-triggered-updates ip split-horizon poison passive-interface receive-interface distribute-list redistribute Page Configuring OSPF Understanding Graceful Restart Graceful Restart and High Availability Rest of Routed Network 100.1.1.0/24 100.1.1.0/24 OSPF Configuration Task List and Commands Table 21-2 OSPF Configuration Task List and Commands router ospf UsethiscommandtoenableordisableOpenShortestPathFirst(OSPF)configurationmode. Table 21-2 OSPF Configuration Task List and Commands (continued) network router id ip ospf cost ip ospf priority timers spf ip ospf retransmit-interval ip ospf transmit-delay ip ospf hello-interval ip ospf dead-interval ip ospf authentication-key ip ospf message digest key md5 distance ospf area range area authentication area stub area default cost area nssa area virtual-link passive-interface redistribute database-overflow graceful-restart enable graceful-restart helper-disable graceful-restart restart-interval graceful-restart strict-lsa-checking-disable ThisexampleshowshowtodisablestrictLSAcheckingonthisrouter: show ip ospf UsethiscommandtodisplayOSPFinformation. Routercommand,Anyroutermode. ThisexampleshowshowtodisplayOSPFinformation: show ip ospf database Page show ip ospf border-routers show ip ospf interface Page show ip ospf neighbor show ip ospf virtual-links clear ip ospf process debug ip ospf rfc1583compatible Page Configuring DVMRP ip dvmrp ip dvmrp metric show ip dvmrp route Page Configuring IRDP ip irdp ip irdp maxadvertinterval ip irdp minadvertinterval ip irdp holdtime ip irdp preference ip irdp address no ip irdp multicast show ip irdp Page Configuring VRRP router vrrp create address priority master-icmp-reply advertise-interval critical-ip preempt preempt-delay enable ip vrrp authentication-key ip vrrp message-digest-key show ip vrrp Table 21-7 show ip vrrp Output Details Port Priority and Rate Limiting Configuration Port Priority Configuration Summary Configuring Port Priority show port priority set port priority clear port priority Page Configuring Priority to Transmit Queue Mapping show port priority-queue set port priority-queue clear port priority-queue Page Configuring Port Traffic Rate Limiting show port ratelimit set port ratelimit clear port ratelimit Page Transparent Web Cache Balancing Configuration Understanding Transparent Web Cache Balancing (TWCB) Page ip twcb wcserverfarm predictor roundrobin cache faildetect type faildetect maxconns inservice ip twcb webcache http-port serverfarm bypass-list range hosts redirect range ip twcb redirect out show ip twcb wcserverfarm show ip twcb webcache show ip twcb conns show ip twcb stats clear ip twcb statistics show limits set router limits (TWCB) show router limits (TWCB) clear router limits (TWCB) Page TWCB Configuration Example Configure the s1Server Server Farm Configuretheendusersthatwillusethisserverfarmbysettingtheroundrobinpredictor ranges: Configurecacheserver186.89.10.51: Configurecacheserver186.89.10.55: Configure the s2Server Server Farm Configureserverfarms2Server: Configurecacheserver176.89.10.20: Configure the cache1 Web Cache Configure the Switch and Router Page Security Configuration Overview of Security Methods Configuring MAC Locking show maclock Page show maclock stations set maclock enable set maclock disable set maclock set maclock firstarrival set maclock move clear maclock firstarrival set maclock static clear maclock static set maclock trap clear maclock Configuring Secure Shell (SSH) show ssh state set ssh set ssh hostkey show router ssh set router ssh clear router ssh Page Configuring Access Lists show access-lists access-list (standard) To insert or replace an ACL entry: To move entries within an ACL: access-list (extended) To insert or replace an ACL entry: To move entries within an ACL: To log entries within an ACL: To apply ACL restrictions to IP, UDP, or ICMP packets: To apply ACL restrictions to TCP packets: Page ip access-group Page Configuring Denial of Service (DoS) Prevention show hostdos hostdos clear hostdos-counters Configuring Flow Setup Throttling (FST) About FST show flowlimit set flowlimit set flowlimit limit clear flowlimit limit set flowlimit action clear flowlimit action show flowlimit class set flowlimit port clear flowlimit port class set flowlimit shutdown set flowlimit notification clear flowlimit notification interval clear flowlimit stats Authentication Configuration Overview of Authentication Methods Configuring 802.1X Authentication About Multi-User Authentication show dot1x Thisexampleshowshowtodisplay802.1Xstatus: Thisexampleshowshowtodisplayauthenticationdiagnosticsinformationforfe.1.1: Thisexampleshowshowtodisplayauthenticationstatisticsforfe.1.1: Thisexampleshowshowtodisplayauthenticationsessionstatisticsforfe.1.1: show dot1x auth-config Page set dot1x set dot1x auth-config Page clear dot1x auth-config Page Configuring Port Web Authentication (PWA) About PWA PWA Configuration Considerations Page show pwa Table 25-1 show pwa Output Details set pwa set pwa hostname clear pwa hostname show pwa banner set pwa banner set pwa displaylogo hide clear pwa banner set pwa displaylogo set pwa redirecttime set pwa ipaddress set pwa protocol set pwa enhancedmode set pwa guestname clear pwa guestname set pwa guestpassword set pwa gueststatus set pwa initialize set pwa quietperiod set pwa maxrequests set pwa portcontrol show pwa session Configuring MAC Authentication show macauthentication Page show macauthentication session set macauthentication set macauthentication password clear macauthentication password set macauthentication significant-bits clear macauthentication significant-bits set macauthentication port set macauthentication authallocated clear macauthentication authallocated set macauthentication portinitialize set macauthentication macinitialize set macauthentication reauthentication set macauthentication portreauthenticate set macauthentication macreauthenticate set macauthentication reauthperiod clear macauthentication reauthperiod set macauthentication quietperiod clear macauthentication quietperiod Page Configuring Convergence End Points (CEP) Phone Detection About CEP Phone Detection Commands show cep connections show cep detection show cep policy show cep port set cep set cep port set cep policy set cep detection-id set cep detection-id type set cep detection-id address set cep detection-id protocol set cep detection-id porthigh | portlow set cep initialize clear cep RADIUS Filter-ID Attribute and Dynamic Policy Profile Assignment Filter-ID Attribute Formats Setting the Authentication Login Method show authentication login set authentication login clear authentication login Configuring RADIUS show radius set radius clear radius show radius accounting set radius accounting clear radius accounting Page Configuring RFC 3580 About RFC 3580 show vlanauthorization set vlanauthorization disable - Disable VLAN Authorization. disable - Disable port VLAN Authorization. clear vlanauthorization Configuring TACACS+ show tacacs ThisexampleshowshowtodisplayallTACACSconfigurationinformation: Table 255providesanexplanationofthecommandoutput. Table 25-5 show tacacs Output Details set tacacs show tacacs server set tacacs server clear tacacs server show tacacs session set tacacs session clear tacacs session show tacacs command set tacacs command show tacacs singleconnect set tacacs singleconnect RADIUS Snooping Configuration Understanding RADIUS Snooper set radius-snooping set radius-snooping timeout set radius-snooping port set radius-snooping flow set radius-snooping initialize clear radius-snooping all clear radius-snooping flow show radius-snooping show radius-snooping port show radius-snooping flow show radius-snooping session Table 26-3 Radius-Snooping Flow Settings ReadOnly. ThisexampledisplaysRADIUSconfigurationinformationforportfe.1.1: Table 26-4 Radius-Snooping Session Port Settings Table 26-5 Radius-Snooping Session MAC Settings Page MultiAuth Configuration Configuring Multiple Authentication About Multiple Authentication DFE-Gold Multi-User Capacities Commands set multiauth mode strict Setsthesystemauthenticationmodetostrict802.1X. multi Allowsthesystemtousemultipleauthenticatorssimultaneously. clear multiauth mode show multiauth show multiauth counters set multiauth precedence clear multiauth precedence show multiauth port set multiauth port clear multiauth port show multiauth station clear multiauth station show multiauth session show multiauth idle-timeout set multiauth idle-timeout clear multiauth idle-timeout show multiauth session-timeout set multiauth session-timeout clear multiauth session-timeout set multiauth trap clear multiauth trap show multiauth trap Page Page Index Numerics A B C M N O P R T U V W