EnterasysGeneralities

From LLL
Revision as of 04:55, 24 November 2010 by 10.0.9.34 (talk | contribs)
Jump to navigationJump to search

Connecting for the first time.

  • Start Knoppix with option <code>failsafe</code> at boot prompt to boot it on Portier's computer
  • When booted, start <code>minicom -s</code> in a terminal (konsole) or virtual console (Alt+F1)
  • In <code>minicom</code> , <code>Serial port setup</code>, configure the following items:
    • A - <code>Serial Device</code> <code> </code>/dev/ttyS0=
    • E - <code>Bps/Par/Bits</code> <code> </code>9600 8N1=
    • F - <code>Hardware Flow Control</code> <code> </code>no=
  • <code>Exit</code> from config, the switches login screen should appear
  • Log in with username <code>rw</code> and password the same as on the server
  • Set IP address using the following command: <code>set ip address</code> address <code>mask</code> netmask

Example: <code>set ip address 10.0.90.2 mask 255.0.0.0</code>

Connecting later on

  • <code>telnet 10.0.90.2</code>

Useful commands

  • Display mac address table (which address is behind which port?): <code>show mac</code>
  • Display VLAN config: <code>show vlan</code> n

VLAN philosophy

VLANs are relevant both for frames (packets) received from a port (sent by the computer(s) connected to that port), and for frames sent to that port (i.e. sent by computers connected to one of the other ports). VLANs are created using the following command:

<code>set vlan</code> n <code>create</code>

VLANs are named using the following command (names are only for comment purpose):

<code>set vlan name</code> n name


Frames sent to a port

Each VLAN has two egress lists <code>tagged</code> (default) and <code>untagged</code>. Frames belonging to that VLAN are output to all ports in the VLAN. Packets sent to a <code>tagged</code> port will receive a tag indicating to which VLAN the packet belongs (useful for the link connecting both switches between each other).

There is also a <code>forbidden</code> list; this however is only useful for automatic configuration (GVRP): a port in the forbidden list may not be registered to the VLAN by GVRP.

Add a port to VLAN egress list, and set it to be tagged:

<code>set vlan egress 2 fe.1.47 tagged</code>


Add a port to VLAN egress list, and set it to be untagged:

<code>set vlan egress 2 ge.1.1 untagged</code>


Remove a port from both <code>tagged</code> and <code>untagged</code> lists:

<code>clear vlan egress 2 fe.1.1</code>


Frames received by a port

Frames bearing no tag (the normal case) received on a port will be put into that port's default VLAN (usually 1). Default VLAN can be chosen by the following command:

<code>set port vlan fe.1.47 2</code>

Frames having a tag will be put into the VLAN corresponding to that tag. However, if <code>ingress-filtering</code> is enabled on that port, packets are only accepted if the frame's VLAN corresponds to one of the VLAN's on whose egress list the port is (i.e. port accepts packet only for VLAN for which it would also send packets to this port)

<code>set port ingress-filter fe.1.47 enable</code>

CAUTION: ingress-filter also applies to default VLAN of port (i.e. if port is not in its default VLAN's egress list, it may not receive any untagged packets whatsoever from computer(s) connected to this port!)