Alcatel-Lucent 7210 SAS Configuration Manual

Hide thumbs Also See for 7210 SAS:

Service manual (952 pages)

Configuration manual (558 pages)

Quality of service manual (404 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

page of 138

/ 138
Contents
Table of Contents
Bookmarks

Table of Contents

Quick Links

Download this manual See also: Service Manual, Configuration Manual

7210 SAS D, E OS

Router Configuration Guide

Software Version: 7210 SAS OS 4.0 Rev. 01

October 2011

Document Part Number: 93-0375-01-01

93-0375-01-01

Table of Contents

Summary of Contents for Alcatel-Lucent 7210 SAS

Page 1 7210 SAS D, E OS Router Configuration Guide Software Version: 7210 SAS OS 4.0 Rev. 01 October 2011 Document Part Number: 93-0375-01-01 93-0375-01-01...
Page 2 Except as specifically permitted herein, no portion of the provided information can be reproduced in any form, or by any means, without prior written permission from Alcatel-Lucent. Alcatel, Lucent, Alcatel-Lucent and the Alcatel-Lucent logo are trademarks of Alcatel-Lucent. All other trademarks are the property of their respective owners.
Page 3: Table Of Contents
Getting Started Alcatel-Lucent 7210 SAS-Series Router Configuration Process ....... .13 IP Router Configuration Configuring IP Router Parameters .
Page 4 ................137 Page 4 7210 SAS D, E OS Router Configuration Guide...
Page 5 Applying Filter Policies ............83 7210 SAS D, E OS Router Configuration Guide...
Page 6 List of Tables Page 6 7210 SAS D, E OS Router Configuration Guide...
Page 7 Applying an IP Filter to an Ingress Interface ........76 7210 SAS D, E OS Router Configuration Guide...
Page 8 7210 SAS D, E OS Router Configuration Guide Page 8...
Page 9: Preface
This guide describes logical IP routing interfaces, IP and MAC-based filtering support provided by the 7210 SAS D, E OS and presents configuration and implementation examples. This document is organized into functional chapters and provides concepts and descriptions of the implementation flow, as well as Command Line Interface (CLI) syntax and command usage.
Page 10: List Of Technical Publications
This guide describes how to configure features such as service mirroring and Operations, Administration and Management (OAM) tools. • 7210-SAS D, E OS Quality of Service Guide This guide describes how to configure Quality of Service (QoS) policy management. Page 10 7210 SAS D, E OS Router Configuration Guide...
Page 11: Technical Support
Preface Technical Support If you purchased a service agreement for your 7210 SAS router and related products from a distributor or authorized reseller, contact the technical support staff for that distributor or reseller for assistance. If you purchased an Alcatel-Lucent service agreement, contact your welcome center Web: http://www1.alcatel-lucent.com/comps/pages/carrier_support.jhtml...
Page 12 Preface Page 12 7210 SAS D, E OS Router Configuration Guide...
Page 13: Getting Started
IDs. IP and MAC filters Filter Policies on page 59 Reference List of IEEE, IETF, and other Standards and Protocol Support on page 825 proprietary entities. 7210 SAS D, E OS Router Configuration Guide Page 13...
Page 14: Getting Started
Getting Started Page 14 7210 SAS D, E OS Router Configuration Guide...
Page 15: Ip Router Configuration
This chapter provides information about commands required to configure basic router parameters. Topics in this chapter include: • Configuring IP Router Parameters on page 16 → Interfaces on page 16 • Configuration Notes on page 18 Page 15 7210 SAS D, E OS Router Configuration Guide...
Page 16: Configuring Ip Router Parameters
Configuring IP Router Parameters Configuring IP Router Parameters In order to provision services on a 7210 SAS device, logical IP routing interfaces must be configured to associate attributes such as an IP addressor the system with the IP interface. A special type of IP interface is the system interface. A system interface must have an IP address with a 32-bit subnet mask.
Page 17: Process Overview
The following items are components to configure basic router parameters. • System interface — This creates an association between the logical IP interface and the system (loopback) address. The system interface address is the circuitless address (loopback) 7210 SAS D, E OS Router Configuration Guide Page 17...
Page 18: Configuration Notes
The following information describes router configuration caveats. • A system interface and associated IP address should be specified. • Boot options file (BOF) parameters must be configured prior to configuring router parameters. Page 18 7210 SAS D, E OS Router Configuration Guide...
Page 19: Configuring An Ip Router With Cli
Service Management Tasks on page 24 → Changing the System Name on page 24 → Modifying Interface Parameters on page 36 → Deleting a Logical IP Interface on page 25 7210 SAS D, E OS Router Configuration Guide Page 19...
Page 20: Router Configuration Overview
Router Configuration Overview Router Configuration Overview In a 7210 SAS, an interface is a logical named entity. An interface is created by specifying an interface name under the context. This is the global router configuration configure>router context where objects like static routes are defined. An IP interface name can be up to 32 alphanumeric characters long, must start with a letter, and is case-sensitive;...
Page 21: Basic Configuration
System address The following example displays a router configuration: A:ALA-A> config# info . . . #------------------------------------------ # Router Configuration #------------------------------------------ router interface "system" address 10.10.10.103/32 exit exit exit #------------------------------------------ A:ALA-A> config# 7210 SAS D, E OS Router Configuration Guide Page 21...
Page 22: Common Configuration Tasks
A:ALA-A>config>system# info #------------------------------------------ # System Configuration #------------------------------------------ name "ALA-A" location "Mt.View, CA, NE corner of FERG 1 Building" coordinates "37.390, -122.05500 degrees lat." snmp exit . . . exit ---------------------------------------------- Page 22 7210 SAS D, E OS Router Configuration Guide...
Page 23: Configuring Interfaces
IP address to the interface in the IES context and create logical IP interfaces for inband management. Note that the system interface cannot be deleted. Configuring a System Interface To configure a system interface: CLI Syntax: config>router interface interface-name address {[ip-address/mask]|[ip-address] [netmask]} 7210 SAS D, E OS Router Configuration Guide Page 23...
Page 24: Service Management Tasks
"Mt.View, CA, NE corner of FERG 1 Building" coordinates "37.390, -122.05500 degrees lat." synchronize snmp exit security snmp community "private" rwa version both exit exit . . . ---------------------------------------------- A:TGIF>config>system# Page 24 7210 SAS D, E OS Router Configuration Guide...
Page 25: Deleting A Logical Ip Interface
2. After the interface has been shut down, it can then be deleted with the no interface command. CLI Syntax: config>router no interface ip-int-name Example config>router# interface test-interface config>router>if# shutdown config>router>if# exit config>router# no interface test-interface config>router# 7210 SAS D, E OS Router Configuration Guide Page 25...
Page 26 Service Management Tasks Page 26 7210 SAS D, E OS Router Configuration Guide...
Page 27: Ip Router Command Reference
Router Interface Commands on page 29 • Router Advertisement Commands on page 47 • Show Commands on page 30 • Clear Commands on page 31 • Debug Commands on page 31 7210 SAS D, E OS Router Configuration Guide Page 27...
Page 28 [enable | disable] next-hop ip-address — [no] static-route {ip-prefix/prefix-length | ip-prefix netmask} [preference preference] [met- ric metric] [enable | disable] black-hole — interface <interface-name> — no interface <interface-name> Page 28 7210 SAS D, E OS Router Configuration Guide...
Page 29 — icmp — redirects [number seconds] — no redirects — ttl-expired [number seconds] — no ttl-expired — unreachables [number seconds] — [no] filter — [no] loopback — [no] shutdown 7210 SAS D, E OS Router Configuration Guide Page 29...
Page 30 <ip-address | ip-int-name> stastistics — route-table[<ip-address[/mask]> [longer|exact]]|[summary] — static-arp [ip-address | ip-int-name | mac ieee-mac-addr] — static-route [family] [[ip-prefix /mask]| [preference preference] | [next-hop ip-address] | detail] — status Page 30 7210 SAS D, E OS Router Configuration Guide...
Page 31 — no icmp — [no] interface [ip-int-name | ip-address] — packet [ip-int-name | ip-address] [headers] [protocol-id] — no packet [ip-int-name | ip-address] — route-table [ip-prefix/prefix-length] [longer] — no route-table 7210 SAS D, E OS Router Configuration Guide Page 31...
Page 32 IP Router Command Reference Page 32 7210 SAS D, E OS Router Configuration Guide...
Page 33 — The description character string. Allowed values are any string up to 80 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed within double quotes. 7210 SAS D, E OS Router Configuration Guide Page 33...
Page 34: Router Global Commands
Values ipv4-address a.b.c.d (host bits must be 0) netmask — The subnet mask in dotted decimal notation. Values 0.0.0.0 — 255.255.255.255 (network bits all 1 and host bits all 0) Page 34 7210 SAS D, E OS Router Configuration Guide...
Page 35 IP address, mask, and any other parameter that is required to identify the exact static route. The administrative state is maintained in the configuration file. 7210 SAS D, E OS Router Configuration Guide Page 35...
Page 36 Configuration Commands Default enable Page 36 7210 SAS D, E OS Router Configuration Guide...
Page 37 IP interface. If ip-int-name does not exist, the interface is created and the context is changed to that interface for further command processing. 7210 SAS D, E OS Router Configuration Guide Page 37...
Page 38 0.0.0.0 — 255.255.255.255 (network bits all 1 and host bits all 0) broadcast {all-ones | host-ones} — The optional broadcast parameter overrides the default broadcast address used by the IP interface when sourcing IP broadcasts on the IP interface. If no Page 38 7210 SAS D, E OS Router Configuration Guide...
Page 39 IP interface. When multiple mac commands are entered, the last command overwrites the previous command. The no form of the command returns the MAC address of the IP interface to the default value. 7210 SAS D, E OS Router Configuration Guide Page 39...
Page 40 — Specifies the 48-bit MAC address for the IP interface in the form aa:bb:cc:dd:ee:ff or aa-bb-cc-dd-ee-ff, where aa, bb, cc, dd, ee and ff are hexadecimal numbers. Allowed values are any non-broadcast, non-multicast MAC and non-IEEE reserved MAC addresses. Page 40 7210 SAS D, E OS Router Configuration Guide...
Page 41 — The time frame, in seconds, used to limit the number of ICMP redirect messages that can be issued,expressed as a decimal integer. Values 1 — 60 ttl-expired Syntax ttl-expired [number seconds] no ttl-expired 7210 SAS D, E OS Router Configuration Guide Page 41...
Page 42 The seconds parameter must also be specified. Values 10 — 1000 seconds — The time frame, in seconds, used to limit the number of ICMP unreachable messages that can be issued, expressed as a decimal integer. Page 42 7210 SAS D, E OS Router Configuration Guide...
Page 43 No. of ARP Entries The number of ARP entries displayed in the list. Sample Output *B:7710-Red-RR# show router arp =============================================================================== ARP Table (Router: Base) =============================================================================== IP Address MAC Address Expiry Type Interface 7210 SAS D, E OS Router Configuration Guide Page 43...
Page 44 — No IP address has been assigned to the IP interface, so the IP address type is not applicable. Pri — The IP address for the IP interface is the Primary address on the IP interface. Page 44 7210 SAS D, E OS Router Configuration Guide...
Page 45 Detailed IP Interface Output — The following table describes the detailed output fields for an IP interface. Label Description If Name The IP interface name. Admin State Down — The IP interface is administratively disabled. 7210 SAS D, E OS Router Configuration Guide Page 45...
Page 46 If Type : IES SNTP B.Cast : False IES ID : 100 MAC Address : 2e:59:01:01:00:02 Arp Timeout : 14400 IP MTU : 1500 Arp Timeout : 14400 ICMP Details Page 46 7210 SAS D, E OS Router Configuration Guide...
Page 47 — Displays a route table summary information. Output Standard Route Table Output — The following table describes the standard output fields for the route table. Label Description Dest Address The route destination address and mask. 7210 SAS D, E OS Router Configuration Guide Page 47...
Page 48 Summary Route Table Output — Summary output for the route table displays the number of active routes and the number of routes learned by the router by protocol. Total active and available routes are also displayed. Sample Output A:ALA-A# show router route-table summary =============================================================================== Page 48 7210 SAS D, E OS Router Configuration Guide...
Page 49 The number of ARP entries displayed in the list. No. of ARP Entries Sample Output A:ALA-A# show router static-arp =============================================================================== ARP Table =============================================================================== IP Address MAC Address Type Interface ------------------------------------------------------------------------------- 10.200.0.253 00:00:5a:40:00:01 00:00:00 Sta to-ser1 7210 SAS D, E OS Router Configuration Guide Page 49...
Page 50 /mask — Displays static routes only matching the specified ip-prefix and mask. Values ipv4-prefix: a.b.c.d (host bits must be 0) ipv4-prefix-length:0 — 32 preference preference — Only displays static routes with the specified route preference. Values 0 — 65535 Page 50 7210 SAS D, E OS Router Configuration Guide...
Page 51 IP Addr/mask Pref Metric Type Nexthop Interface Active ------------------------------------------------------------------------------- 192.168.250.0/24 10.200.10.1 to-ser1 192.168.252.0/24 10.10.0.254 192.168.253.0/24 to-ser1 192.168.253.0/24 10.10.0.254 192.168.254.0/24 black-hole =============================================================================== A:ALA-A# A:ALA-A# show router static-route 192.168.250.0/24 =============================================================================== Route Table 7210 SAS D, E OS Router Configuration Guide Page 51...
Page 52 The maximum number of routes configured for the system. Total Routes The total number of routes in the route table. Sample Output A:DUT-B>show>router# show router status ================================================================ Router Status (Router: Base) Page 52 7210 SAS D, E OS Router Configuration Guide...
Page 53 IP Router Configuration ================================================================ Admin State Oper State ---------------------------------------------------------------- Router Max Routes 10000 Total IPv4 Routes ECMP Max Routes ================================================================ A:DUT-B>show>router# 7210 SAS D, E OS Router Configuration Guide Page 53...
Page 54 — Clears all ARP cache entries for the IP interface with the specified name. interface ip-addr — Clears all ARP cache entries for the specified IP interface with the specified IP address. Page 54 7210 SAS D, E OS Router Configuration Guide...
Page 55 Description This command configures debugging for IP. Syntax Context debug>router>ip Description This command configures route table debugging. icmp Syntax [no] icmp Context debug>router>ip Description This command enables ICMP debugging. 7210 SAS D, E OS Router Configuration Guide Page 55...
Page 56 ICMP(1), TCP(6), UDP(17). The no form the command removes the protocol from the criteria. Values 0 — 255 (values can be expressed in decimal, hexidecimal, or binary) * — udp/tcp wildcard Page 56 7210 SAS D, E OS Router Configuration Guide...
Page 57 0 — 32 longer — Specifies the prefix list entry matches any route that matches the specified ip-prefix and pre- fix mask length values greater than the specified mask. 7210 SAS D, E OS Router Configuration Guide Page 57...
Page 58 Debug Commands Page 58 7210 SAS D, E OS Router Configuration Guide...
Page 59: Filter Policies
Filter Policy Entities on page 61 → Redirect Policies on page 92 → VID Filters on page 97 • Creating and Applying Policies on page 63 • Configuration Notes on page 71 7210 SAS D, E OS Router Configuration Guide Page 59...
Page 60: Filter Policy Configuration Overview
The process stops when the first complete match is found and executes the action defined in the entry, either to drop or forward packets that match the criteria. Page 60 7210 SAS D, E OS Router Configuration Guide...
Page 61: Filter Policy Entities
Level Agreement (SLA) enforcement of service packets as they ingress a SAP according to the filter policy match criteria. SAP ingress policies can be applied on SAP created on access ports or access uplink ports. 7210 SAS D, E OS Router Configuration Guide Page 61...
Page 62 (SLA) enforcement for service packets as they egress on the SAP according to the filter policy match criteria. SAP egress policies can be applied on both access ports and access uplink ports. • IES interfaces — IP filter policies are applied to IES SAPs. Page 62 7210 SAS D, E OS Router Configuration Guide...
Page 63: Creating And Applying Policies
SPECIFY SCOPE, DEFAULT ACTION, DESCRIPTION CREATE AN IP OR MAC FILTER (FILTER ID) CREATE FILTER ENTRIES (ENTRY ID) SPECIFY ACTION, PACKET MATCHING CRITERIA CREATE SERVICE ASSOCIATE FILTER ID SAVE CONFIGURATION 7210 SAS D, E OS Router Configuration Guide Page 63...
Page 64: Packet Matching Criteria
IP options in the packet. Padding and EOOL are also considered as IP options. • TCP-ACK/SYN flags — Entering a TCP-SYN/TCP-ACK flag allows the filter to search for the TCP flags specified in these fields. Page 64 7210 SAS D, E OS Router Configuration Guide...
Page 65 Ethernet type field is a two-byte field used to identify the protocol carried by the Ethernet frame. The Ethertype accepts decimal, hex, or binary in the range of 1536 to 65535. 7210 SAS D, E OS Router Configuration Guide Page 65...
Page 66: Table 3: Dscp Name To Dscp Value Table
DSCP Name Decimal Hexadecimal Binary DSCP Value DSCP Value DSCP Value default af10 af11 af12 cp13 cp14 cp15 cp17 af21 cp19 af22 cp21 af23 cp23 cp25 af31 cp27 af32 cp29 Page 66 7210 SAS D, E OS Router Configuration Guide...
Page 67: Filter Policies
DSCP Value af33 cp21 cp33 af41 cp35 af42 cp37 af43 cp39 cp41 cp42 cp43 cp44 cp45 cp47 (cs6) cp49 cp50 cp51 cp52 cp53 cp54 cp55 cp56 cp57 (cs7) cp60 cp61 cp62 7210 SAS D, E OS Router Configuration Guide Page 67...
Page 68: Ordering Filter Entries
Filter matching ceases when a packet matches an entry. The entry action is performed on the packet. 7210 SAS supports either drop or forward action.To be considered a match, the packet must meet all the conditions defined in the entry.
Page 69 REMAINING PACKETS ARE DROPPED PER THE DEFAULT ACTION (DROP) SA: 10.10.10.103, DA: 10.10.10.107 SA: 10.10.10.103, DA: 10.10.10.108 SA: 10.10.10.192, DA: 10.10.10.16 SA: 10.10.10.155, DA: 10.10.10.21 Figure 1: Filtering Process Example 7210 SAS D, E OS Router Configuration Guide Page 69...
Page 70: Applying Filters
If the packet completely matches all criteria in an entry, the checking stops. If permitted, the traffic is forwarded. If the packets do not match, they are discarded or forwarded based on the default action specified in the policy. Page 70 7210 SAS D, E OS Router Configuration Guide...
Page 71: Configuration Notes
IP filters applied on an IES SAP cannot match against IP packets containing IP options. • The action keyword must be entered for the entry to be active. Any filter entry without the action keyword will be considered incomplete and be inactive. 7210 SAS D, E OS Router Configuration Guide Page 71...
Page 72: Mac Filters
Ethernet frame. Use the following table to determine the exclusivity of fields.In the 7210 SAS M, the default frame-format is “EthernetII” Table 4: MAC Match Criteria Exclusivity Rules Frame Format Etype Ethernet – II 802.3 802.3 – snap 802.3-llc Page 72 7210 SAS D, E OS Router Configuration Guide...
Page 73: Ip Filters
• Action — An action parameter must be specified for the entry to be active. Any filter entry without an action parameter specified will be considered incomplete and be inactive. 7210 SAS D, E OS Router Configuration Guide Page 73...
Page 74 Configuration Notes Page 74 7210 SAS D, E OS Router Configuration Guide...
Page 75: Configuring Filter Policies With Cli
Modifying an IP Filter Policy on page 87 → Deleting a Filter Policy on page 90 → Deleting a Filter Policy on page 90 → Copying Filter Policies on page 92 7210 SAS D, E OS Router Configuration Guide Page 75...
Page 76: Basic Configuration
6 tcp-syn true tcp-ack false exit action drop exit exit ---------------------------------------------- A:ALA-1>config>filter# Ingress Filter ALA-1 TCP Connection OSRG007 Figure 2: Applying an IP Filter to an Ingress Interface Page 76 7210 SAS D, E OS Router Configuration Guide...
Page 77: Common Configuration Tasks
At least one filter entry with matching criteria specified IP Filter Policy The following displays an exclusive filter policy configuration example: A:ALA-7>config>filter# info ---------------------------------------------- ip-filter 12 create description "IP-filter" scope exclusive exit ---------------------------------------------- A:ALA-7>config>filter# 7210 SAS D, E OS Router Configuration Guide Page 77...
Page 78: Ip Filter Entry
The following displays an IP filter entry configuration example. A:ALA-7>config>filter>ip-filter# info ---------------------------------------------- description "filter-main" scope exclusive entry 10 create description "no-91" match exit no action exit exit ---------------------------------------------- A:ALA-7>config>filter>ip-filter# Page 78 7210 SAS D, E OS Router Configuration Guide...
Page 79: Ip Entry Matching Criteria
The following displays an IP filter matching configuration. *A:ALA-48>config>filter>ip-filter# info ---------------------------------------------- description "filter-mail" scope exclusive entry 10 create description "no-91" match dst-ip 10.10.10.91/24 src-ip 10.10.10.103/24 exit action forward exit ---------------------------------------------- *A:ALA-48>config>filter>ip-filter# 7210 SAS D, E OS Router Configuration Guide Page 79...
Page 80: Creating A Mac Filter Policy
At least one filter entry. • Matching criteria specified. MAC Filter Policy The following displays an MAC filter policy configuration example: A:ALA-7>config>filter# info ---------------------------------------------- mac-filter 90 create description "filter-west" scope exclusive exit ---------------------------------------------- A:ALA-7>config>filter# Page 80 7210 SAS D, E OS Router Configuration Guide...
Page 81: Mac Filter Entry
Specify matching criteria. The following displays a MAC filter entry configuration example: A:sim1>config>filter# info ---------------------------------------------- mac-filter 90 create entry 1 create description "allow-104" match exit action drop exit exit ---------------------------------------------- A:sim1>config>filter# 7210 SAS D, E OS Router Configuration Guide Page 81...
Page 82: Mac Entry Matching Criteria
The following displays a filter matching configuration example. A;ALA-7>config>filter>mac-filter# info ---------------------------------------------- description "filter-west" scope exclusive entry 1 create description "allow-104" match src-mac 00:dc:98:1d:00:00 ff:ff:ff:ff:ff:ff dst-mac 02:dc:98:1d:00:01 ff:ff:ff:ff:ff:ff exit action drop exit ---------------------------------------------- A:ALA-7>config>filter# Page 82 7210 SAS D, E OS Router Configuration Guide...
Page 83: Applying Filter Policies
The following output displays IP and MAC filters assigned to an ingress and egress SAP: A:ALA-48>config>service>epipe# info ---------------------------------------------- sap 1/1/1.1.1 create ingress filter ip 10 exit egress filter mac 92 exit exit no shutdown ---------------------------------------------- A:ALA-48>config>service>epipe# 7210 SAS D, E OS Router Configuration Guide Page 83...
Page 84: Apply Filter Policies To An Ies Interface
The following displays an IP filter applied to an IES sap at ingress. A:ALA-48>config>service>ies# info ---------------------------------------------- interface "to-104" create address 10.1.2.1/24 sap lag-2:0.* create ingress filter ip 10 exit exit ---------------------------------------------- A:ALA-48>config>service>ies# Page 84 7210 SAS D, E OS Router Configuration Guide...
Page 85: Filter Management Tasks
Use the following CLI syntax to renumber existing MAC or IP filter entries to re-sequence filter entries: CLI Syntax: config>filter ip-filter filter-id renum old-entry-number new-entry-number mac-filter filter-id renum old-entry-number new-entry-number Example config>filter>ip-filter# renum 10 15 config>filter>ip-filter# renum 20 10 config>filter>ip-filter# renum 40 1 7210 SAS D, E OS Router Configuration Guide Page 85...
Page 86 40 create entry 30 create match match dst-ip 10.10.10.91/24 dst-ip 10.10.10.91/24 src-ip 10.10.10.106/24 src-ip 10.10.0.200/24 exit exit action drop action forward exit exit exit exit ---------------------------------------------- ---------------------------------------------- A:ALA-7>config>filter# A:ALA-7>config>filter# Page 86 7210 SAS D, E OS Router Configuration Guide...
Page 87: Modifying An Ip Filter Policy
10 create match dst-ip 10.10.10.91/24 src-ip 10.10.0.100/24 exit action drop exit entry 15 create description "no-91" match dst-ip 10.10.10.91/24 src-ip 10.10.10.103/24 exit action forward exit entry 30 create match 7210 SAS D, E OS Router Configuration Guide Page 87...
Page 88 Filter Management Tasks dst-ip 10.10.10.91/24 src-ip 10.10.0.200/24 exit action forward exit exit ---------------------------------------------- A:ALA-7>config>filter# Page 88 7210 SAS D, E OS Router Configuration Guide...
Page 89: Modifying A Mac Filter Policy
1 create description "New entry info" match src-mac 00:dc:98:1d:00:00 ff:ff:ff:ff:ff:ff dst-mac 02:dc:98:1d:00:01 ff:ff:ff:ff:ff:ff exit action forward exit entry 2 create match dot1p 7 7 exit action drop exit exit ---------------------------------------------- A:ALA-7>config>filter# 7210 SAS D, E OS Router Configuration Guide Page 89...
Page 90: Deleting A Filter Policy
To remove a filter from an egress SAP, enter the following CLI commands: CLI Syntax: config>service# [epipe | ies | vpls] service-id sap port-id[:encap-val] egress no filter Example config>service# epipe 5 config>service>epipe# sap 1/1/2:3 config>service>epipe>sap# egress config>service>epipe>sap>egress# no filter Page 90 7210 SAS D, E OS Router Configuration Guide...
Page 91: From The Filter Configuration
After you have removed the filter from the SAP, use the following CLI syntax to delete the filter. CLI Syntax: config>filter# no ip-filter filter-id CLI Syntax: config>filter# no mac-filter filter-id Example config>filter# no ip-filter 11 config>filter# no mac-filter 7210 SAS D, E OS Router Configuration Guide Page 91...
Page 92: Copying Filter Policies
2 create ip-filter 12 create description "This is new" scope exclusive entry 1 create match dst-ip 10.10.10.91/24 src-ip 10.10.10.106/24 exit action drop exit entry 2 create ---------------------------------------------- A:ALA-7>config>filter# Page 92 7210 SAS D, E OS Router Configuration Guide...
Page 93: Filter Command Reference
{eq} dst-port-number — no dst-port — fragment {true | false} — no fragment — icmp-code icmp-code — no icmp-code — icmp-type icmp-type — no icmp-type — option-present {true | false} 7210 SAS D, E OS Router Configuration Guide Page 93...
Page 94: Mac-Filter Filter-Id
[ieee-address-mask] — no dst-mac — etype 0x0600..0xffff — no etype — src-mac ieee-address [ieee-address-mask] — no src-mac — renum old-entry-id new-entry-id — scope {exclusive | template} — no scope Page 94 7210 SAS D, E OS Router Configuration Guide...
Page 95 [entry entry-id] [ingress | egress] Monitor Commands monitor — filter — ip-filter-id entry entry-id [interval seconds] [repeat repeat] [absolute | rate] — mac-filter-id entry entry-id [interval seconds] [repeat repeat] [absolute | rate] 7210 SAS D, E OS Router Configuration Guide Page 95...
Page 96: 7210 Sas D, E Os Router Configuration Guide
Filter Command Reference Page 96 7210 SAS D, E OS Router Configuration Guide...
Page 97 — The description character string. Allowed values are any string up to 80 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed within double quotes. 7210 SAS D, E OS Router Configuration Guide Page 97...
Page 98: Global Filter Commands
That work-in-progress policy can be modified until complete and then written over the original filter Page 98 7210 SAS D, E OS Router Configuration Guide...
Page 99 — The MAC filter policy ID number. Values 1 — 65535 create — Keyword required when first creating the configuration context. Once the context is created, one can navigate into the context without the create keyword. 7210 SAS D, E OS Router Configuration Guide Page 99...
Page 100: Filter Policy Commands
If the policy is removed from the entity, it will become available for assignment to another entity. template — When the scope of a policy is defined as template, the policy can be applied to multiple SAPs or . Page 100 7210 SAS D, E OS Router Configuration Guide...
Page 101: General Filter Entry Commands
32 characters in length. The time-range name must already exist in the config>cron context. create — Keyword required when first creating the configuration context. Once the context is created, one can navigate into the context without the create keyword. 7210 SAS D, E OS Router Configuration Guide Page 101...
Page 102: Ip Filter Entry Commands
— The protocol keyword configures an IP protocol to be used as an IP filter match criterion. The protocol type such as TCP or UDP is identified by its respective protocol number. Page 102 7210 SAS D, E OS Router Configuration Guide...
Page 103 Virtual Router Redundancy Protocol l2tp Layer Two Tunneling Protocol Spanning Tree Protocol Performance Transparency Protocol isis ISIS over IPv4 crtp Combat Radio Transport Protocol crudp Combat Radio User Datagram 7210 SAS D, E OS Router Configuration Guide Page 103...
Page 104: Mac Filter Entry Commands
A match context may consist of multiple match criteria, but multiple match statements cannot be entered per entry. The no form of the command removes the match criteria for the entry-id. Page 104 7210 SAS D, E OS Router Configuration Guide...
Page 105 — The frame-type keyword configures an Ethernet frame type to be used for the MAC filter match criteria. ethernet_II — Specifies the frame type is Ethernet Type II. 7210 SAS D, E OS Router Configuration Guide Page 105...
Page 106: Ip Filter Match Criteria
0.0.0.0 — 255.255.255.255 mask — The subnet mask length expressed as a decimal integer. Values 0 — 32 netmask — Any mask epressed in dotted quad notation. Values 0.0.0.0 — 255.255.255.255 Page 106 7210 SAS D, E OS Router Configuration Guide...
Page 107 Configures matching on ICMP code field in the ICMP header of an IPpacket as a filter match criterion. Note that an entry containing L4 match criteria will not match non-initial (2nd, 3rd, etc) 7210 SAS D, E OS Router Configuration Guide Page 107...
Page 108 — Specifies matching on all IP packets that contain the option field in the header. A match will occur for all packets that have the option field present. false — Specifies matching on IP packets that do not have any option field present in the IP header. Page 108 7210 SAS D, E OS Router Configuration Guide...
Page 109 The no form of the command removes the source port match criterion. Default no src-port Parameters src-port-number — The source port number to be used as a match criteria expressed as a decimal integer. Values 0 — 65535 7210 SAS D, E OS Router Configuration Guide Page 109...
Page 110 — Specifies matching on IP packets that have the SYN bit set in the control bits of the TCP header. false — Specifies matching on IP packets that do not have the SYN bit set in the control bits of the TCP header. Page 110 7210 SAS D, E OS Router Configuration Guide...
Page 111: Mac Filter Match Criteria
To select a range from 4 up to 7 specify p-value of 4 and a mask of 0b100 for value and mask. Default 7 (decimal) Values 1 — 7 (decimal) Values 7210 SAS D, E OS Router Configuration Guide Page 111...
Page 112 The Ethernet type field is used by the Ethernet version-II frames. IEEE 802.3 Ethernet frames do not use the type field.The no form of the command removes the previously entered etype field as the match criteria. Default no etype Page 112 7210 SAS D, E OS Router Configuration Guide...
Page 113 To configure so that all packets with a source MAC OUI value of 00-03-FA are subject to a match condition then the entry should be specified as: 003FA000000 0xFFFFFF000000 Default 0xFFFFFFFFFFFF (exact match) Values 0x00000000000000 — 0xFFFFFFFFFFFF 7210 SAS D, E OS Router Configuration Guide Page 113...
Page 114: Policy And Entry Maintenance Commands
This requires that entries be sequenced correctly from most to least explicit. Parameters old-entry-id — Enter the entry number of an existing entry. Values 1 — 65535 Page 114 7210 SAS D, E OS Router Configuration Guide...
Page 115 Filter Policies new-entry-id — Enter the new entry-number to be assigned to the old entry. Values 1 — 65535 7210 SAS D, E OS Router Configuration Guide Page 115...
Page 116 Configuration Commands Page 116 7210 SAS D, E OS Router Configuration Guide...
Page 117 — Displays detailed information for the specified filter ID and its filter entries. Values 1 — 65535 entry entry-id — Displays information on the specified filter entry ID for the specified filter ID only. Values 1 — 65535 7210 SAS D, E OS Router Configuration Guide Page 117...
Page 118 *A:Dut-C>config>filter# show filter ip =============================================================================== IP Filters Total: =============================================================================== Filter-Id Scope Applied Description ------------------------------------------------------------------------------- 10001 Template Yes fSpec-1 Template Yes BGP FlowSpec filter for the Base router ------------------------------------------------------------------------------- Num IP filters: 2 =============================================================================== Page 118 7210 SAS D, E OS Router Configuration Guide...
Page 119 If the filter entry ID indicates the entry is , the filter entry is incomplete, no action was specified. Inactive Drop packets matching the filter entry. Drop — 7210 SAS D, E OS Router Configuration Guide Page 119...
Page 120 : Undefined ICMP Code : Undefined TCP-syn : Off TCP-ack : Off Match action : Drop Ing. Matches : 0 Egr. Matches =============================================================================== A:ALA-49>config>filter# *A:Dut-C>config>filter# show filter ip fSpec-1 associations =============================================================================== Page 120 7210 SAS D, E OS Router Configuration Guide...
Page 121 : Undefined Fragment : Off Option-present : Off Sampling : Off Int. Sampling : On IP-Option : 0/0 Multiple Option: Off TCP-syn : Off TCP-ack : Off Match action : Drop 7210 SAS D, E OS Router Configuration Guide Page 121...
Page 122 : Undefined ICMP Code : Undefined Fragment : Off Option-present : Off TCP-syn : Off TCP-ack : Off Match action : Forward Ing. Matches : 0 Egr. Matches =============================================================================== A:ALA-49# Page 122 7210 SAS D, E OS Router Configuration Guide...
Page 123 : Drop Entries ------------------------------------------------------------------------------- Filter Association : IP ------------------------------------------------------------------------------- Service Id : 1001 Type : VPLS - SAP 1/1/1:1001 (Ingress) Service Id : 2000 Type - SAP 1/1/1:2000 (Ingress) =============================================================================== A:ALA-49# 7210 SAS D, E OS Router Configuration Guide Page 123...
Page 124 The number of egress filter matches/hits for the filter entry. Note that egress counters count the packets without Layer 2 encapsula- tion. Ingress counters count the packets with Layer 2 encapsulation. Page 124 7210 SAS D, E OS Router Configuration Guide...
Page 125 The filter policy is of type Exclusive. Exclusiv — The IP filter policy description. Description The filter policy ID has not been applied. Applied No — The filter policy ID is applied. Yes — 7210 SAS D, E OS Router Configuration Guide Page 125...
Page 126 : 200 Applied : No Scope : Exclusive D. Action : Drop Description : Forward SERVER sourced packets ------------------------------------------------------------------------------- Filter Match Criteria : Mac ------------------------------------------------------------------------------- Entry : 200 FrameType : 802.2SNAP Page 126 7210 SAS D, E OS Router Configuration Guide...
Page 127 Filter ID : 3 Applied : Yes Scope : Template Def. Action : Drop Entries ------------------------------------------------------------------------------- Filter Association : Mac ------------------------------------------------------------------------------- Service Id: 1001 Type : VPLS - SAP 1/1/1:1001 (Egress) =============================================================================== A:ALA-49# 7210 SAS D, E OS Router Configuration Guide Page 127...
Page 128 Filter Match Criteria : Mac ------------------------------------------------------------------------------- Entry FrameType : Ethernet Ing. Matches: 80 pkts Egr. Matches: 62 pkts Entry : 10 FrameType : Ethernet Ing. Matches: 80 pkts Egr. Matches: 80 pkts Page 128 7210 SAS D, E OS Router Configuration Guide...
Page 129 — The filter log ID destination expressed as a decimal integer. Values 101 — 199 Syntax mac mac-filter-id [entry entry-id] [ingress | egress] Context clear>filter Clears the counters associated with the MAC filter policy. 7210 SAS D, E OS Router Configuration Guide Page 129...
Page 130 — Specifies that only the counters associated with the specified filter policy entry will be cleared. Values 1 — 65535 ingress — Specifies to only clear the ingress counters. egress — Specifies to only clear the egress counters. Page 130 7210 SAS D, E OS Router Configuration Guide...
Page 131 — The MAC filter policy ID. Values 1 — 65535 entry-id — Specifies that only the counters associated with the specified filter policy entry will be cleared. Values 1 — 65535 7210 SAS D, E OS Router Configuration Guide Page 131...
Page 132 No calculations are performed on the delta or rate statistics. rate — When the rate keyword is specified, the rate-per-second for each statistic is displayed instead of the delta. Page 132 7210 SAS D, E OS Router Configuration Guide...
Page 133: Common Cli Command Descriptions
Common CLI Command Descriptions In This Chapter This section provides information about common Command Line Interface (CLI) syntax and command usage. Topics in this chapter include: • SAP syntax on page 134 7210 SAS D, E OS Router Configuration Guide Page 133...
Page 134: Common Service Commands
0 — 4094 The SAP is identified by two 802.1Q tags on the port. qtag2: 0 — 4094 Note that a 0 qtag1 value also accepts untagged packets on the Dot1q port. Page 134 7210 SAS D, E OS Router Configuration Guide...
Page 135: Standards And Protocol Support
Identification Codes RFC 2574 SNMP-USER-BASED- draft-grant-tacacs-02.txt RFC 4115 A Differentiated Service Two- SMMIB Rate, Three-Color Marker with RFC 2575 SNMP-VIEW-BASEDACM- TCP/IP Efficient Handling of in-Profile Traffic [ Only for 7210 SAS-D ] RFC 768 UDP Standards and Protocols Page 135...
Page 136 MIB.mib [Only for 7210 SAS-E] RFC 2328 TFTP Blocksize Option TIMETRA-SAS-IEEE8021-CFM- MIB.mib RFC 2349 TFTP Timeout Interval and Transfer Size option TIMETRA-SAS-GLOBAL-MIB.mib Timing (Only on 7210 SAS-D ETR) TIMETRA-SAS-PORT-MIB.mib ITU-T G.781 Telecommunication TIMETRA-SAS-QOS-MIB.mib Standardization Section of ITU, TIMETRA-SAS-SYSTEM-MIB.mib Synchronization layer functions, TIMETRA-SCHEDULER-MIB.mib...
Page 137: Index
IP filter policy MAC filter policy management tasks IP Router overview interfaces system configuring basic command reference interfaces overview service management tasks system interface system name 7210 SAS D, E OS Router Configuration Guide Page 137...
Page 138 7210 SAS D, E OS Router Configuration Guide Page 138...

Alcatel-Lucent 7210 SAS Configuration Manual

Preface

Getting Started

Getting Started

IP Router Configuration

Filter Policies

Filter Policies

Common CLI Command Descriptions

Standards and Protocol Support

Index

Quick Links

Related Manuals for Alcatel-Lucent 7210 SAS

Summary of Contents for Alcatel-Lucent 7210 SAS

Table of Contents