General Port Administration tasks on Enterasys Products

  • 0
  • 1
  • Article
  • Updated 5 years ago
  • (Edited)
Article ID: 5298 

Related to
MIBs
MAU-MIB 

Goals
Enable user ports
Disable user ports
Disable backplane ports
Change port speed
Change port duplex mode
Hard-set port speed and duplex
Auto-negotiate speed and duplex 

Solution

Disabling a port 

Switch ports are typically enabled by default, and cannot be readily disabled. 

The first option is disabling the Port or Spanning Tree status in either local/Telnet management or higher-level GUI tool (such as the NetSight products). Such a step generally manipulates only the dot1dStpPortEnable MIB, which, when disabled, disables Spanning Tree on that port while also preventing trafic from being transmitted - but not preventing it from being received
Note: NetSight Atlas (vs Element Manager) products toggle ifAdminStatus as expected, when the Port status is disabled/enabled in the GUI - making the remainder of this document unnecessary for Atlas users. 

The simplest way to effectively stop all switched traffic on a port without resorting to MIB manipulation, is to administer all of the following 802.1Q VLAN configuration changes on the port:
  1. ensure that it is not an "802.1Q-Trunk" mode port (disabled by default, applicable to only SmartSwitch 2000/6000 and Vertical Horizon);
  2. enable Ingress Filtering (aka "Filter using VLAN List", generally disabled by default);
  3. disable GVRP (generally enabled by default);
  4. disable Dynamic VLAN Egress (generally disabled by default);
  5. remove all static VLAN egresses (generally VLAN 1 by default).
Caution: Since 802.1D/W Spanning Tree operation is unaffected by VLAN manipulations, this will still appear to be a viable path to STP. If a true network path is inappropriately STP-blocking in favor of this one, disable STP on this port as well - Combine the first two suggestions. 

Miscellaneous Port MIB manipulations 

Moving on to MIB possibilities, a port may be fully disabled by setting its ifAdminStatus MIB to a value of "2". 

Most of our older products (SmartSwitch 9000, SmartSwitch 2000, SmartSwitch 6000/Matrix E7) use MIBs
  • ifAdminStatus, to administratively enable/disable a port;
  • dot1dStpPortEnable, to STP/traffic enable/disable a port;
  • ctAutoNegAdminStatus, to enable/disable auto-neg;
  • ctAutoNegAdvertisedTechnologyAbility, to control auto-neg advertisements;
  • ctEtherSpeedAdminStatus, to set a port's default speed;
  • ctEtherDuplexAdminStatus, to set a port's default duplex.
Our newer products (Vertical Horizon, Matrix DFE/E1/V2/C1/C2) use MIBs
  • ifAdminStatus, to administratively enable/disable a port;
  • dot1dStpPortEnable, to STP/traffic enable/disable a port;
  • ifMauAutoNegAdminStatus, to enable/disable auto-neg;
  • ifMauAutoNegCapAdvertisedBits, to control auto-neg advertisements;
  • ifMauDefaultType, to set a port's default speed/duplex.
Further detail, for the MIBs discussed: 

                        ifAdminStatus=1.3.6.1.2.1.2.2.1.7
(1=enable, 2=disable)

dot1dStpPortEnable=1.3.6.1.2.1.17.2.15.1.4
(1=enable, 2=disable)

ifMauDefaultType=1.3.6.1.2.1.26.2.1.1.11
(=one of dot3MauType entry OIDs)

dot3MauType=1.3.6.1.2.1.26.4
dot3MauTypeAUI=1.3.6.1.2.1.26.4.1
. . .
dot3MauType1000BaseTFD=1.3.6.1.2.1.26.4.30

ifMauAutoNegAdminStatus=1.3.6.1.2.1.26.5.1.1.1
(1=enable, 2=disable)

ifMauAutoNegCapAdvertisedBits=1.3.6.1.2.1.26.5.1.1.10.11013.1
(value based on bit manipulation)

ctAutoNegAdminStatus=1.3.6.1.4.1.52.4.1.2.4.2.1.1.1.1
(1=enable, 2=disable)

ctAutoNegAdvertisedTechnologyAbility=1.3.6.1.4.1.52.4.1.2.4.2.1.1.1.5
(value based on bit manipulation)

ctEtherSpeedAdminStatus=1.3.6.1.4.1.52.4.1.2.4.2.3.1.1.2
(ex: 2=10Mb, 3=100Mb, 4=1000Mb)
ctEtherDuplexAdminStatus=1.3.6.1.4.1.52.4.1.2.4.2.3.1.1.5
(2=HalfDuplex, 3=FullDuplex)

For any device, the MIB ifDescr=1.3.6.1.2.1.2.2.1.2 can be used to help ensure that the port being modified is the proper port instance. 

See also: 5277 and 14477.
Photo of FAQ User

FAQ User, Official Rep

  • 13,610 Points 10k badge 2x thumb

Posted 5 years ago

  • 0
  • 1

There are no replies.

This conversation is no longer open for comments or replies.