Commands, Ps enabledisable | GE ML1200 guide

CHAPTER 6: ACCESS CONSIDERATIONS

ACCESS CONSIDERATIONS

6.2Configuring Port Security through the Command Line Interface

6.2.1Commands

To configure port security, login as a level 2 user or as a manager. Once logged in, get to the port-security configuration level to setup and configure port security with the following command syntax:

configure port-security port-security

For example, using the configure port-securitycommand:

ML1200# configure port-security

ML1200(port-security)##

Alternately, the port-securitycommand can also be used to enter the port-security configuration mode:

ML1200# port-security

ML1200#(port-security)##

From the port security configuration mode, the switch can be configured to:

1.Auto-learn the MAC addresses.

2.Specify individual MAC addresses to allow access to the network.

3.Validate or change the settings.

The command syntax for the above actions are:

allow mac=<addresslistrange> port=<numlistrange>

learn port=<number-list> <enabledisable> show port-security

action port=<numlistrange> <nonedisabledrop>

signal port=<numlistrange> <nonelogtraplogandtrap>

ps <enabledisable>

remove mac=<alladdresslistrange> port=<numlistrange>

signal port=<numlistrange> <nonelogtraplogandtrap>

Where the following hold:

•allow mac - configures the switch to setup allowed MAC addresses on specific ports

•learn port - configures the switch to learn the MAC addresses associated with specific port or a group of ports

•show port-security- shows the information on port security programmed or learnt

•action port - specifies the designated action to take in case of a non authorized access

•ps - port security - allows port security to be enable or disabled

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

6–3

Image 109

GE ML1200 instruction manual Commands, For example, using the configure port-securitycommand, Ps enabledisable

Contents

GE Multilin MultiLink ML1200 Managed Field Switch Canadian Emissions Statement Electrical Safety requirements Table of Contents Access 10-3 10-110-5 10-12 10-710-13 10-19 15-1 14-915-4 15-5 17-16 17-1418-1 18-3 Getting Started Multilink ML1200 Managed Field Switch IntroductionInspecting the Package and Product ML1200 Order Codes Performance Specifications Alarm Relay Contacts Sinusoidal Vibration DNV To 4 G Interrupts CE Compliance Low voltage directive EN60950-1 EMC Directive Applicable Council Directive According toNorth America CULus UL60950-1 C22.2 No ISO9001 Console Setup Command Line Interface FirmwareConsole Connection Console Screen Automatic IP Address ConfigurationLogging In for the First Time Step Setting the IP Parameters Using Console Port ML1200# reboot Ipconfig ip=ip-address mask=subnet-mask dgw=gatewayAn example is shown below ML1200# save Privilege Levels Enable user-name User Management Command Enter Help command stringCommand string TAB First character of the command TAB Help Exiting Following example, the TAB key completes the commandLogout Following example illustrates logging out from a session EnerVista Secure Web Management Secure site will issue the certificate check shown belowMake sure you use Https secure Http and not Http in the URL Example shown in the previous section, the URL is Login screen To add a user, use the add button Select the Administration User Mgmt User Accounts menu item Introduction Introduction Introduction Modifying the Privilege Level To exit or logout, click on the logout button Confirm the logout by selecting OK in the pop-up window Updating through the Command Line ML1200 Firmware UpdatesUpdating Multilink ML1200 Firmware Selecting the Proper Version ML1200# xmodem get type=app Https//IP address of the switch Introduction Introduction Overview Multilink ML1200 Managed Field Switch Product Description Product Description Product Description Four-Port Copper Module, C1 Module Mdix PoE power pass-through, C2 Module MDIX, 10/100Mb 4-port Two -Port 10 Mb mm Fiber ST Modules Two-Port Fiber Modules, 2@ 100Mb fiber Packet Prioritization, 802.1p QOS SFP Gigabit 1000Mbps port modules Managed Network Firmware for Multilink ML1200-Series Frame Buffering and Flow Control Managed switching for high performance Ethernet LANs Features and BenefitsFeatures Fiber-Built-In Management Software included Product Description Applications Example Example Locating Multilink ML1200 Switches Multilink ML1200 Managed Field Switch InstallationPreparation Fiber Connecting Ethernet MediaCopper Twisted Pair CAT Twisted Pair CAT 3, 4 Gigabit SFP Small Form-factor Pluggable Optical Transceivers HE HJ Module H7 Module H8 HD ModuleHK Module DIN-Rail Mounting the Multilink ML1200 Mechanical Installation Installation Powering the Multilink ML1200 Managed Field Switch Electrical Installation 3 ML1200 Port Module PM Installation Request to Send Pinout information for above connectorTransceiver Data Ground Switching Functionality Multilink ML1200 Managed Field Switch OperationFunctionality Auto-Cross Mdix and Auto-negotiation, for RJ-45 ports Status LEDsFor Multilink ML1200 models /ML1200 Flow-control, Ieee 802.3x standard Typical Power Budget Calculations for ML1200 PM’s with Fiber Media H4, HH Mb FX 2 ML1200 Modules Multilink ML1200 Managed Field Switch Port Modules 2.2 C7 Module, 2@10Mb multi-mode FX-ST twist lock Module CB Module, 2 Ports @100Mbps single-mode FX-SC-type, Sgl.M CC Module, 4 @100Mb multi-mode FX , Mtrj Small-Form-factor 2.10 C1 Module Twisted Pair, 10/100Mb, 4-Port PoE LEDs Summary SFPs, Gigabit 1000Mbps port modules Before Calling for Assistance Operation IP Address and System Information Multilink ML1200 Managed Field Switch IP AddressingOverview Edit the IP address information Bootp Database Dhcp and bootpConfiguring DHCP/bootp/Manual/AUTO Importance of an IP Address Click Edit Select the Administration System menu item Telnet enabledisable Using TelnetML1200access## telnet enable ML1200access## exit ML1200# Default port for telnet is Select the Administration Telnet menu itemTelnet ipaddress port=port number Show session Kill session id=session ML1200# show session For example Setting Serial Port Parameters Setting ParametersSystem Parameters Snmp Date and TimeSetvar sysnamesyscontactsyslocation =string Set timezone GMT=+ or hour=0-14 min=0-59 Following command sequence sets the daylight location Syntax for other date and time commands areNetwork Time Set timeformat format=1224 ML1200# sntp ML1200sntp## sync hour=5 ML1200sntp## sntp enableML1200sntp## exit IP Addressing IP Addressing Saving and Loading Command Line System ConfigurationConfig file # Restricted Rights System Syntax show config module=module-name Displaying configurationWhere module-name can be Names, passwords More ’show config’ command output ML1200# show config module=snmp Hardware Select Y. The ML1200 will prompt Saving ConfigurationSelect N Save format=v2v3 Show host command displays the host table entries # Restricted Rights Script File Saving and Loading EnerVista Software IP Addressing Host Names IP Addressing Kill Config option using SWM Erasing Configuration IP Addressing Port/Tag Vlan settings STP, Rstp settingsIP-Access and Host Table settings Lacp settings ML1200# kill config Introduction to IPv6 IPv6What’s changed in IPV6? 3 IPv6 Addressing Syntax ping6 IPv6 address pings an IPv6 station Configuring IPv6Syntax show ipv6 displays the IPv6 information Syntax ftp IPv6 address ftp to an IPv6 station Syntax telnet IPv6 address telnet to an IPv6 station List of commands in this chapter Securing Access Multilink ML1200 Managed Field Switch Access ConsiderationsPasswords Description Port Security Feature For example, using the configure port-securitycommand CommandsLearn port=number-list enabledisable show port-security Ps enabledisable ML1200port-security## ps disable ML1200port-security## ps enableAllowing MAC Addresses ML1200port-security## allow ML1200port-security## learn port=3 enable Example 6-1 Viewing the port security settingsTo deny a mac address, use the following Example 6-2 Enabling learning on a port ML1200port-security## signal port=3 logandtrap Save the port-security configuration use the save commandExample 6-4 Removing MAC addresses from specific ports Access Considerations Security Logs Example 6-5 Configuring port security Set logsize size=1-1000 Example 6-6 Security log commandsML1200# show log Show ip-access AccessAuthorized Managers Removeall ML1200access## exit ML1200# accessExample 6-7 Allowing/blocking specific IP addresses After enabling the EnerVista Secure Web Management software Configuring Port Security with EnerVista Software Access Considerations Access Considerations Logs Authorized Managers Access Considerations Access Considerations Introduction to Multilink ML1200 Managed Field Switch Access Using Radius2 802.1x Protocol 802.1x network components 802.1x authentication details Show auth configports Configuring 802.1x through the Command Line InterfaceAuth enabledisable Auth Show-stats port=num Show-statscommand displays 802.1x related statisticsTrigger-reauthport=numlistrange Example Example 7-1 Setting port control parametersOn following ML1200auth## show-port backend Setting port control parameters ML1200auth## ML1200auth## shoW-port reauth Commands To edit the port settings, click on the edit icon Select the Configuration Radius Port Access menu item Access Using Radius Access Using Radius After all the port characteristics are enabled Introduction to TACACS+ Multilink ML1200 Managed Field Switch Access using TACACS+ TACACS+ Packet TACACS+ Flow Tacacs packet format Packet type Possible values are Tacplus enabledisable Configuring TACACS+ through the Command Line InterfaceExample 8-1 below, illustrates how to configure TACACS+ Show tacplus statusservers ML1200user## tacplus enable Example 8-1 Configuring TACACS+ML1200user## tacplus disable Access Using TACACS+ Access Using TACACS+ Access Using TACACS+ Port Mirroring Multilink ML1200 Managed Field Switch Port Mirroring Setup Prtmr enabledisable Port Mirroring using the Command Line InterfaceShow port-mirror Port-mirror Device command enters the device configuration mode Port SetupSetport command configures the port characteristics Device ML1200# device Example 9-1 Port setupML1200device## show port ML1200device## exit ML1200# Flow Control Where the rxthreshold value can be from 4 to 30 default isBack Pressure Flowcontrol xonlimit=value xofflimit=value ML1200device## show port=11 Back pressure and flow control Broadcast Storms Rate-thresholdport=portlistrange rate=frames/sec Broadcast-protect enabledisableShow broadcast-protect Example 9-3 Preventing broadcast storms Link Loss Alert ML1200device## show port=3 Example 9-4 Link loss alert Select the Configuration Port Mirroring menu item Port Setup Port Mirroring and Setup Port Mirroring and Setup Broadcast Storm menu Port Mirroring and Setup Vlan Description Multilink ML1200 Managed Field Switch Vlan Vlan Tag Vlan vs. Port Vlan Multilink ML1200 supports up to 32 VLANs per switch 10-4 Set vlan type=porttagnone Configuring Port VLANs through the Command Line InterfaceAdd id=vlan Id name=vlan name port=numberlistrange Save Start vlan=namenumberlistrangeEdit id=vlan Id name=vlan name port=numberlistrange Show vlan type=porttag id=vlanid Vlan VID=1 Currently assigned Port VLANs are displayed as follows Select the Configuration Vlan Port-Based menu item 10-9 10-10 10-11 Show-port port=portlistrange Configuring Tag VLANs through the Command Line Interface 10-13 Example 10-1 Converting Port Vlan to Tag Vlan ML1200tag-vlan##add id=20 name=marketing port=3-5 Converting Port Vlan to Tag Vlan ML1200tag-vlan##set-port port=3-5 filter status=enable Name engineering Status Active Port Mode Status Tagged 10-19 Next step is to define the VLANs needed. To do that Click On Configuration vlan tag-based Menu 10-21 Select the Configuration Vlan Tag-Based Tagging menu 10-23 10-24 Gvrp Concepts Vlan Registration over Garp Vlan Registration Over Garp Gvrp Operations Vlan assignment in Gvrp enabled switches Show-vlan Port settings for Gvrp operationsStatic vlan=VID Example 11-1 Converting a dynamic Vlan to a static Vlan Gvrp optionsML1200# gvrp ML1200gvrp## show-vlan ML1200gvrp## static vlan=10 ML1200gvrp## show-vlan 11-6 Gvrp Operation Notes Configuring Gvrp through the Command Line InterfaceShow gvrp Show-forbid Example 11-2 Configuring Gvrp Select the Configuration Vlan Gvrp menu item To configure GvrpGvrp options on 11-10 Features and Operation Spanning Tree Protocol STP STP default values Show stp configports Configuring STP Example 12-2 Viewing STP ports Example 12-1 Viewing STP configuration Stp Stp enabledisableSet stp type=stprstp Show active-stp Example 12-3 Enabling STP Example 12-3shows how to enable STP using the above commands Timers forward-delay=4-30 hello=1-10 age=6-40 ML1200stp##show stp ports Example 12-4 Configuring STP parameters Configuring STP parameters ML1200stp##cost port=2 value=20 ML1200stp##port port=1 status=enable Designated Root Priority 15535 Rstp concepts Rapid Spanning Tree Protocol Transition from STP to Rstp 13-3 Rstp enabledisable Configuring Rstp through the Command Line InterfaceNormal Rstp Rstp 13-5 Example 13-2 Reviewing the Rstp port parameters Forceversion stprstp Path cost as defined in Ieee 802.1d / 802.1wShow-forceversion Port port=numberlistrange status=enabledisable Show-timers ML1200rstp##show stp config Example 13-4 Configuring Rstp Configuring Rstp ML1200rstp##priority port=2 value=100 ML1200rstp##port port=1 status=disable Romode add port=portlistrange romode del port=portlistrange Syntax for the romode command on Rstp is shown below ML1200rstp##romode add port=1,2 Example 13-5 Configuring smart RSTP, ring-only mode 13-15 Status Indicates whether STP or Rstp is enabled 13-17 Path cost defined in Ieee 802.1d and 802.1w 13-19 Click the Edit button to configure Rstp Then Save Enable Status 13-22 QoS Overview Multilink ML1200 Managed Field Switch Quality of ServiceQoS Concepts IP Precedence DiffServ and QoS IP Precedence ToS Field in an IP Packet Header Set-weightweight=0-7 Configuring QoS through the Command Line InterfaceShow-portweight Qos Show qos command displays the QoS settings Port weight settingsShow qos type=porttagtos port=portlistrange Set-untagport=portlistrange priority=highlow tag=0-7 Example 14-1 Configuring QoS Following example shows how to configure QoS Configuring QoS ML1200qos##set-weight weight=4 ML1200qos##show-portweight 14-9 14-10 14-11 14-12 Igmp Concepts Multilink ML1200 Managed Field Switch Igmp Igmp Figure below shows a network running Igmp Isolating multicast traffic in a network IP Multicast Filters Igmp Support Reserved Addresses Excluded from IP Multicast Igmp Filtering Igmp enable/disable Configuring Igmp through the Command Line InterfaceShow igmp command displays the Igmp status Igmp Show-port Show-groupShow-router Example 15-1 Configuring Igmp Following example shows how to configure IgmpML1200igmp## show-port ML1200igmp## show-router Configuring Igmp ML1200igmp## mcast enable ML1200igmp## mcast disable 15-11 15-12 Snmp Concepts Multilink ML1200 Managed Field Switch Snmp Snmp Standards TrapsEnterprise Traps Intruder SNMPv1 standards RFC 2271-2275 SNMPv3 Configuring Snmp through the Command Line Interface Show-trap id=id# Following example shows how to configure SnmpShow-group id=id Show-view id=id Example 16-1 Configuring Snmp Configuring Snmp ML1200snmpv3## show-group id=1 ML1200snmpv3## show-groupML1200snmpv3## show-view ML1200snmpv3## show-view id=1 ML1200snmpv3## show-access id=1 ML1200snmpv3## show-accessML1200snmpv3## show-user ML1200snmpv3## show-user id=2 16-11 Multiple managers can be added as shown below 16-13 16-14 Rmon Configuring Rmon ML1200rmon## exit ML1200# ML1200rmon## show rmon event Mail Multilink ML1200 Managed Field Switch Miscellaneous Show smtp configrecipients Smtp enabledisableSmtp Delete id=1-5 Server command configures the global Smtp server settingsServer ip=ip-addr port=1-65535 retry=0-3 domain=domain ML1200smtp##show smtp config Statistics Following figure displays the port statistics for group Optimizing serial connection in HyperTerminal Serial Connectivity Show history HistoryShow version Ping Ping through the Command Line InterfacePing through EnerVista Secure Web Management software Prompt Changing the Command Line PromptSet prompt prompt string System Events Command Line Interface ExampleFollowing example illustrates a typical event log Example 17-2 Typical system event log EnerVista Example Select the Configuration Statistics Log Statistics menu item 17-13 Main Commands Command Reference Set password sets the current user password Set commands are listed belowSet timeout sets the system inactivity time out Snmp enables or disables Snmp Configuration commandsAlarm commands are shown below Authorization commands are shown below Vlan Registration over Garp for details Device commands are shown below Rapid Spanning Tree Protocol for additional details Setqos configures QOS configuration usage Spanning Tree Protocol STP for additional details Passwd change the user password 17-20 Modbus Configuration Multilink ML1200 Managed Field Switch Modbus ProtocolCommand Line Interface Settings Following command-line interface settings are available ML1200access## show modbus ML1200# access ML1200access## modbus enableML1200access## modbus port=602 Select the Configuration Access Modbus menu item EnerVista Settings Modbus Memory Map Memory MappingModbus memory map Sheet 1 Modbus memory map Sheet 2 Modbus memory map Sheet 3 Modbus memory map Sheet 4 Modbus memory map Sheet 5 Modbus memory map Sheet 6 Modbus memory map Sheet 7 Modbus memory map Sheet 8 Modbus memory map Sheet 9 Modbus memory map Sheet 10 Modbus memory map Sheet 11 Modbus memory map Sheet 12 Modbus memory map Sheet 13 Modbus memory map Sheet 14 Modbus memory map Sheet 15 Modbus memory map Sheet 16 Modbus memory map Sheet 17 Modbus memory map Sheet 18 Modbus memory map Sheet 19 Modbus memory map Sheet 20 Modbus memory map Sheet 21 Modbus memory map Sheet 22 Modbus memory map Sheet 23 Modbus memory map Sheet 24 Modbus memory map Sheet 25 Modbus memory map Sheet 26 Modbus memory map Sheet 27 Modbus memory map Sheet 28 Modbus memory map Sheet 29 Modbus memory map Sheet 30 Modbus memory map Sheet 31 Modbus memory map Sheet 32 Modbus memory map Sheet 33 Format Codes 18-38 Revision History Multilink ML1200 Managed Field Switch Appendix aChange Notes Changes to the Manual GE Multilin Warranty Statement Warranty Multilin Power Consumption 48 V DC, 24 V DC and 125 V DC Power, Theory of Operation Applications for DC Powered Ethernet Switches ML1200, -48 V, 24 V, 125 V DC Installation UL Requirements for DC-powered units Operation DC Power Input Appendix C Internal DC Dual- Source Power Input Power Supply Internal, -48VDC Dual-Source Specifications for Multilink ML1200 Field Switch Chapter C Internal DC DUAL-SOURCE Power Input Option Dual-Source Option Theory of Operation Features and Benefits of the Dual-Source Design Installation