===== To set port 8:27 to 100/full ===== configure port 8:27 auto off speed 100 duplex full ===== diagnostics ===== To view the log... show log To run extended diagnostics (takes switch offline)... run diagnostics extended slot backplane After which you can view the log, replace anything defective, and then to return the switch to normal operation... clear log diag-status reboot ===== To set port 49 to auto/auto ===== configure port 49 auto on ===== To show port information ===== show port info ===== To show the mac address table ===== show fdb ===== To show the arp table ===== show iparp ===== To show the switch configuration ===== show conf ===== To disable/enable port 7:22 ===== disable port 7:22 enable port 7:22 ===== To set the display string on port 7:20 to "engmail server" ===== configure port 7:20 display-string "engmail server" ===== To create a VLAN named EngMMNet with tag 100, and enable spanning tree on it ===== create vlan "EngMMNet" config vlan "EngMMNet" tag 100 configure stpd s0 add vlan "EngMMNet" ===== To add port 7:24 to VLAN SD2Net without tagging ===== configure vlan "SD2Net" add port 7:24 untagged ===== To delete port 7:24 from VLAN SD2Net ===== configure vlan "SD2Net" delete port 7:24 ===== To add port 7:24 to VLAN SD2Net with tagging (for a trunk line) ===== configure vlan "SD2Net" add port 7:24 tagged ===== To activate IP routing for CupidNet with router IP address 129.97.20.1 ===== config vlan "CupidNet" ipaddress 129.97.20.1 255.255.255.0 enable ipforwarding "CupidNet" configure rip add vlan "CupidNet" configure rip "CupidNet" cost 1 enable rip enable irdp vlan "CupidNet" config rip rxmode none vlan "CupidNet" config rip txmode v2only vlan "CupidNet" ===== To create a static route to the 68 subnet via 129.97.50.76 ===== configure iproute add 129.97.68.0 255.255.255.0 129.97.50.76 1 ===== To enable the export of static routes via RIP ===== enable rip export static cost 0 tag 0 ===== To enable/disable spanning tree ===== enable stpd s0 disable stpd s0 To disable/enable spanning tree on port 1:4 disable stpd s0 port 1:4 enable stpd s0 port 1:4 ===== To restrict port 32 to the single MAC address 00:02:b3:1d:74:91 on CupidNet (works with all ExtremeWare versions) ===== create fdbentry 00:02:b3:1d:74:91 vlan CupidNet port 32 disable learning ports 32 ===== To restrict port 7:24 to a single MAC address on SD2Net(ExtremeWare version 6 only) ===== configure vlan "SD2Net" add port 7:24 mac-limit 1 ===== To block all traffic from (and to) MAC address 00:50:BA:C7:2F:94 on CircuitNet ===== create fdbentry 00:50:BA:C7:2F:94 CircuitNet blackhole both *dest-mac* or source-mac can be specified instead of both which allows blocking independently on egress or ingress To block all traffic from 129.97.20.217 create access-list blocker1 ip destination any source 129.97.20.217 /32 deny ports any Use ''**show access-lis**''t to see hit counts etc, and delete access-list blocker1 to delete the access list. ===== To disable access to tcp port 22 (ssh) on host 129.97.50.123 connected to physical port 7:25 ===== create access-list temp_block_ssh tcp destination any ip-port any source 129.97.50.123/32 ip-port 22 deny ports 7:25 precedence 10 //Note: the access-list is applied to an ingress port, the above will allow an initial TCP packet to reach the target, but it will not be able to respond, and thus no TCP handshake will occur.// ===== To forward DHCP on "cupidnet" to 129.97.50.36 and 129.97.50.67 ===== create udp-profile engcompdhcp config engcompdhcp add 67 ipaddress 129.97.50.36 config engcompdhcp add 67 ipaddress 129.97.50.67 config cupidnet udp-profile engcompdhcp ===== To prevent most IP spoofing ===== create access-list spoof1 ip destination any source 129.97.0.0/16 permit ports any precedence 250 create access-list spoof2 ip destination 129.97.0.0/16 source any permit ports any precedence 251 create access-list spoof3 ip destination any source 0.0.0.0/32 permit ports any precedence 252 create access-list spoof4 ip destination 224.0.0.0/4 source any permit ports any precedence 253 create access-list spoof5 ip destination any source any deny ports any precedence 254 * 0.0.0.0/32 is for bootp * 224.0.0.0/4 is for IP multicast //The above allows IP spoofing onsite (129.97.0.0/16) but prevents spoofed IP from leaving the site, unless it is spoofed from an onsite address. This is probably adequate. More elaborate access lists would be required to keep spoofing local to a subnet.// ===== To get a GBIC port to talk to a BayStack ===== config port 5:1 auto off duplex full speed 1000