On which related note - MobaXterm (Windows app) will let you open multiple terminal tabs - ie. an ssh session into (for example) 4 switches, then click the "MultiExec" button and then whatever command you type, will type on all 4 terminal windows simultaneously, which can be a neat feature in some scenarios.
Just be 100% certain you have a recent firmware on your switches or you'll hit the openSSH bug that causes the switch to reset. N. On Fri, May 25, 2012 at 2:49 PM, Hawkins, Mike "The Original" Stephen < [email protected]> wrote: > Jason: > > I have one comment on your question and several comments on the related > topic of managing vlans on Enterasys switches. > > The IEEE 801.1 vlan standard will not let you assign more than one vlan > per port where both are untagged. The only way to have two or more vlans > on a port is to have them tagged. However, this means that the device(s) > on that port must be setup to recognize that traffic for each vlan that it > needs. Each OS does this by various commands to setup 801.1Q trunking. > While I am no expert on this (setting up servers, etc), see > http://www.arrfab.net/blog/?p=40 for more information. It may also vary > according to the nic driver for your nic. Thus when packets come in for > vlan 200, your system/nic knows that things tagged with vlan 200 are what > it is interested in to send to the vlan 200 portion (if you will) of the > nic/system. > > At UNC we do lots of interesting things with vlans that I see very few > other sites doing. These things save time and prevent errors. > > One of the things we do is set a PVID on each vlan that is tagged. Here > are the mibs in question: > > dot1qPvid OBJECT-TYPE > SYNTAX VlanIndex > MAX-ACCESS read-write > STATUS current > DESCRIPTION > "The PVID, the VLAN ID assigned to untagged frames or > Priority-Tagged frames received on this port." > REFERENCE > "IEEE 802.1Q/D11 Section 12.10.1.1" > DEFVAL { 1 } > ::= { dot1qPortVlanEntry 1 } > > dot1qPortAcceptableFrameTypes OBJECT-TYPE > SYNTAX INTEGER { > admitAll(1), > admitOnlyVlanTagged(2) > } > MAX-ACCESS read-write > STATUS current > DESCRIPTION > "When this is admitOnlyVlanTagged(2) the device will > discard untagged frames or Priority-Tagged frames > received on this port. When admitAll(1), untagged > frames or Priority-Tagged frames received on this port > will be accepted and assigned to the PVID for this port. > > This control does not affect VLAN independent BPDU > frames, such as GVRP and STP. It does affect VLAN > dependent BPDU frames, such as GMRP." > REFERENCE > "IEEE 802.1Q/D11 Section 12.10.1.3" > DEFVAL { admitAll } > ::= { dot1qPortVlanEntry 2 } > > > As I said, setting a PVID buys you much. We setup all tagged vlans on a > port with a PVID of a value 999. This is what we consider to be a junk > vlan. Thus if for some reason on a tagged port there are packets that are > tagged with a vlan you do not want to see on that port or then those > packets get dropped into the 999 vlan which is in effect a black hole that > does not get off the switch port. We do not want end system setting vlan > tagging on packets, we believe that to be the function of the network. > Thus we can keep unwanted traffic off the network if there is something > not configured correctly on a system or if there is a bug with an > application. This one little feature has saved our bacon more than a time > or two. > > GVRP > Another big time saver for us at UNC when it comes to vlan is the protocol > GVRP. We are big users of GVRP on our network. Enterasys switch have an > excellent implementation of GVRP. This allows for dynamic trunks to be > setup between ports such that you can always be assured that the vlan(s) > you want are going down a trunk. It saves tremendous amounts of network > manager time over having to tag many links to get a vlan where you need it > to go. > > ATGTools - vlanConfig > One final big time saver for us at UNC is a command called "vlanConfig" > which is part of the ATGTools set that Enterasys gives away on their web > site. This "vlanConfig" command is an executable command (Windows and > various Linux, unix versions available) is a program that sends commands to > a switch or list of switches to make vlan changes on a switch. It is much > faster especially when you want to make changes on a number of switches at > one time. The deal with this is kind of odd in that many of the field > engineers in Enterasys do not know about this/these tools much less use > them. There is the belief in much of Enterasys is that the average network > manager will shoot themselves in the foot too often. Officially Enterasys > does not want to support this however at UNC we find it invaluable at time > savings. We use it one command at a time we use it extensively in scripts > to setup switches and to make massive vlan changes on groups of switches. > The vlanConfig command is the main way we set tagged vlans on ports with > the 999 Pvid. See below the output of help for this command: > > $ vlanConfig -h > > VlanConfig creates/deletes a VLAN and adds/removes ports to its egress list > as either untagged or tagged, using dot1qVlan mibs. It also sets the port > VLAN for the specified ports. Use the -ctron option to use ctVlanConfig > mibs. > > See the HTML help file for usage notes on the XP platform. > > PLATFORM SUPPORT: > Matrix E6/E7 > Matrix E1 > Matrix E5 > Matrix N3/N7 > Matrix C1 > XP series > > > USAGE: > vlanConfig { -s X1 | -l X2 } [ options ] > -s X1 : where X1 is the IP address or hostname of the device > -l X2 : where X2 is the name of a list of IP addresses to read > > > OPTIONS: > -add : creates a VLAN; used with -vlan > -del : deletes a VLAN; used with -vlan > -vlan X3 : where X3 is the VLAN ID > -name X4 : where X4 is the VLAN name; used with -add (default=VLAN > #) > -addPorts X5 : where X5 is a list of dot1dBridge port numbers > (1-3,7) > or port names (fe.1.1-3,7;ge.3.1-5) to add > -delPorts X6 : where X6 is a list of dot1dBridge port numbers > (1-3,7) > or port names (fe.1.1-3,7;ge.3.1-5) to delete > -addHost : to add the host data port, if supported > -delHost : to delete the host data port, if supported > -tagged : adds/deletes ports to tagged egress list (otherwise > untagged) > Note: that if -addPorts or -delPorts value equals > BP then all Backplane > ports will be added or deleted > -pvid X7 : used with -addPorts and -tagged to specify the port VLAN > (default=1) > -status : displays the VLAN status of each device > -portStatus : displays the port status of each device > -isl : adds ISL ports (with CDP neighbors) to tagged egress list > of all VLANs, or the specified VLAN if used with -vlan > -ctron : uses the ctVlanConfig MIBs > -dbof X8 : write database import friendly output to X8.dbo > -dbo : write database import friendly output to screen > -gui : causes the optional GUI to be spawned > -allPorts : allows all ports to be displayed (GUI-only) > -aports : shows IP list in ascending port order (GUI-only) > -dports : shows IP list in descending port order (GUI-only) > -a : will discover all devices in the cloud. Only meaningful when > entering a seed IP. > -h : Display argument descriptions > -v : Display tool version > -realTime : causes all timeticks values to be resolved to the > workstation's clock > -tee X9 : will tee output to the screen and the file specified by X9 > -noCons : will suppress output to the screen > -addr2name : attempts to resolve addresses to names (IP-DNS only) > -grep X10 : where X10 is a regular expression to grep for > -snmpStack X11 : where X11 is "old" or "new". The old stack is a > Ctron > implementation that only supports SNMPv1. The new stack is > a UCDavis implementation that can support SNMPv1, v2c, and > v3. > (default=new) > -snmpVer X12 : where X12 is the SNMP version to use (1, 2c, 3, or > h). > Only applies when using the new SNMP stack. Use "h" for the > highest version that succeeds, per device. (default=h) > -n X13 : where X13 is the community string > -usmUser X14 : where X14 is the USM user name > -authType X15 : where X15 is the authorization protocol (MD5 or > SHA1). > Only used if -auth password is specified. (default=MD5) > -auth X16 : where X16 is the authorization password. If not > specified, > no authorization will be used. > -priv X17 : where X17 is the privacy password. If not specified, no > encryption will be used. > -throttle X18 : where X18 is the # SNMP requests / second > (default=20) > -to X19 : where X19 is the SNMP timeout (in seconds) (default=2) > -rt X20 : where X20 is the number of times to retry in case of SNMP > failure (default=1) > -args X21 : where X21 specifies a command line arg default file. > Optionally a section within the file can be specified using > a > colon (e.g. filename:section). The filename portion of X21 > should NOT include the '.args' extension. (default=default) > > One word of caution. With this command you can shoot yourself in the foot > easily. You are making immediate changes on a switch when you use it. > Enterasys Support discourages it for this reason. However, if you get the > tools and practice a bit with it, you start to see what a real time saver > this is over doing a telnet or SSH to one switch at a time. Consider > yourself warned but look into it if you really want to gain some time back > from day to day management of vlans on your network. Yes, Enterasys GTAC, > I know you do not officially support these tools but if you have a customer > that wants to manage as best they can then they can make the choice to > investigate these capabilities. We are all supposed to be adults here, > right?!!! LOL! > > Well Jason, I hope some of this helps you. I was very long winded; > sometime I get going and I just can't stop. Take what you like and leave > the rest. > > Have a good holiday everybody - be sure to remember all those who made the > sacrifice for our country. > > > Mike Hawkins > Associate Director of Networking > University of North Carolina at Chapel Hill > > > -----Original Message----- > From: Jason Grubbs [mailto:[email protected]] > Sent: Friday, May 25, 2012 7:51 AM > To: Enterasys Customer Mailing List > Subject: [enterasys] Configure a port to use two VLANs > > We are replacing a Cisco 3750 with an C5K. This switch serves as our > phone switch. Some of the Cisco phones have devices that connect through > the phones secondary port. How can I configure the ports on the C5K so > they use both vlan 200 and vlan 1? > > I used this command to set them to 200: > > Set port vlan ge.1.1-47 200 > > But I am then asked if I want to remove the ports from all other VLANs > untagged egress lists? Should I say no if I want to allow traffic on both > 200 and 1? > > Jason Grubbs > Network Engineer > Pottsgrove School District > > ________________________________ > This email and any files transmitted with it are to be treated as > confidential and as such are not to be used or disclosed except for the > purpose for which it has been sent. Any views or opinions presented in this > e-mail are solely those of the author and do not represent those of the > Pottsgrove School District. The School District accepts no liability for > any damage caused by this e-mail. The recipient is required to indemnify > the School District against any claims for loss or damage caused by any > viruses or otherwise. > > --- > To unsubscribe from enterasys, send email to [email protected] with the > body: unsubscribe enterasys [email protected] > > --- > To unsubscribe from enterasys, send email to [email protected] with the > body: unsubscribe enterasys [email protected] > -- This e-mail is intended only for the named person or entity to which it is addressed and contains valuable business information that is proprietary, privileged, confidential and/or otherwise protected from disclosure. If you received this e-mail in error, any review, use, dissemination, distribution or copying of this e-mail is strictly prohibited. Please notify us immediately of the error via e-mail to [email protected] and please delete the e-mail from your system, retaining no copies in any media. We appreciate your cooperation. --- To unsubscribe from enterasys, send email to [email protected] with the body: unsubscribe enterasys [email protected]
