Page 1 v2.2 Web Interface User Guide For RuggedBackbone™ RX5000 November 24, 2011...
Page 2 We have checked the contents of this manual against the hardware and software described. However, deviations from the description cannot be completely ruled out. RuggedCom shall not be liable for any errors or omissions contained herein or for consequential damages in connection with the furnishing, performance, or use of this material.
Page 3: Table Of Contents
2.8.2. Upgrading Feature Levels in the field ............52 2.8.3. When a File-based featurekey does not Match the Hardware ..... 52 2.8.4. Viewing RuggedCom Serial Numbers ............53 2.8.5. Uploading a Featurekey ................54 2.8.6. Backing Up a Featurekey Using the Web User Interface ......55 2.9.
Page 4 ROX™ 3.2.9. Configuring an NTP Client using Broadcast ..........67 3.2.10. Checking NTP Status ................68 4. Basic Network Configuration ..................69 4.1. IP Interfaces ..................... 69 4.1.1. Configuring an IP Address ..............69 4.1.2. Simple Network Setup with the Default IPv4 Addresses ......70 4.1.3.
Page 5 ROX™ 10.1.3. RADIUS on ROX™ ................115 10.1.4. RADIUS, ROX™, and Services ............115 10.1.5. RADIUS Authentication Configuration ........... 115 11. NETCONF ....................... 118 12. Chassis Management ....................122 12.1. Power Controller .................... 123 12.2. Slot Hardware ....................124 12.3. Slot Identification ................... 125 12.4.
Page 6 ROX™ 19.2. Sample Use Case ..................185 19.3. Virtual Switch Configuration and Status ............186 20. Link Aggregation ...................... 192 20.1. Link Aggregation Operation ................192 20.1.1. Link Aggregation Rules ............... 192 20.1.2. Link Aggregation Limitations ..............193 20.2. Link Aggregation Configuration ............... 194 20.2.1.
Page 7 ROX™ 25.4.2. Port RSTP Parameters ................ 247 25.4.3. Bridge MSTI Parameters ..............249 25.4.4. Port MSTI Parameters ................ 251 25.5. Spanning Tree Statistics ................253 25.5.1. Bridge RSTP Statistics ................ 253 25.5.2. Port RSTP Statistics ................255 25.5.3. MSTI Status ..................258 25.5.4.
Page 8 ROX™ 29.2.2. Creating Static ARP Table Entries ............297 29.2.3. Viewing Static and Dynamic ARP Table Entries ........298 29.2.4. Viewing Routing Rules ................ 298 29.2.5. Flushing Dynamic Hardware Routing Rules .......... 301 30. Tunnelling ........................ 302 30.1. IPsec ......................302 30.1.1.
Page 9 ROX™ 35.4.1. Policy-based Virtual Private Networking ..........376 35.4.2. Virtual Private Networking to a DMZ ............ 377 35.5. Firewall Configuration ..................377 35.5.1. Adding a Firewall ................378 35.5.2. Working with Firewall Configurations ............ 379 35.5.3. Zone Configuration ................380 35.5.4.
Page 10 ROX™ D.3. Swapping a Module with an Identical Backup Module ........433 D.4. Swapping a Module with a Different Type of Module ......... 433 D.5. Swapping a Switch Module (SM) with a Different Type of SM ......434 E. GNU General Public License ..................435 E.1.
Page 11 ROX™ List of Figures 1.1. The ROX™ Login Form ....................25 1.2. The ROX™ Web Interface ....................25 1.3. Top-level Menu ......................... 27 1.4. Example of Edit Private Mode ................... 29 1.5. Adding Key Information ..................... 30 1.6. Key Information in a Table ....................31 1.7.
Page 12 ROX™ 2.42. Backup Files forms ......................57 2.43. Delete-logs menu ......................58 2.44. Delete Log Files form ...................... 58 2.45. Save-full-configuration menu .................... 58 2.46. Save Full Configuration forms ..................59 2.47. Load-full-configuration menu .................... 59 2.48. Load Full Configuration forms ..................59 3.1.
Page 13 ROX™ 8.1. Logging menu ........................94 8.2. Remote Server table ......................94 8.3. Remote Server form ......................95 8.4. Remote Server Selector table .................... 95 8.5. Selector menu ........................95 8.6. Remote Server Selector form ..................... 96 9.1. Adding an SNMP User ID ....................100 9.2.
Page 14 ROX™ 12.21. Module Database form ....................131 12.22. Configurable Modules table ..................132 12.23. Configurable Modules form ..................132 13.1. PPP menu ........................133 13.2. Dial-in PPP Users table ....................133 13.3. Dial-in Users form ......................134 13.4. Dial-out PPP Users table ....................134 13.5.
Page 15 ROX™ 16.23. Interface Status table ....................167 16.24. Interface Status form ....................167 16.25. Port Security Status form ..................... 168 16.26. Reset Ethernet Port form ..................... 169 16.27. Reset All Switched Ports menu ..................169 16.28. Reset All Switched Ports form ..................169 17.1.
Page 16 ROX™ 21.2. 802.1X Packet Exchange ....................202 21.3. Port Security RADIUS Primary form ................203 21.4. Port Security RADIUS Secondary form ................203 21.5. Port Security menu ......................204 21.6. Port Security form ......................204 21.7. 802.1x Parameters form ....................205 22.1.
Page 17 ROX™ 25.10. Interface/switch/{line module}/spanning-tree submenu ............ 247 25.11. Port RSTP Parameter form ..................247 25.12. Key Settings form ......................249 25.13. MSTP Instance form ....................249 25.14. MSTP Instance table ....................250 25.15. MSTP ID table ......................250 25.16. MSTI Configuration table ....................251 25.17.
Page 18 ROX™ 29.5. Layer 3 Switching menu ....................295 29.6. Layer 3 Switching form ....................295 29.7. Layer 3 Switching form ....................296 29.8. ARP Table Configuration form ..................298 29.9. ARP Table Summary form ..................... 298 29.10. Routing Rules Summary table ..................299 29.11.
Page 19 ROX™ 30.47. GRE Example ......................327 30.48. Generic Routing Encapsulation (GRE) menu ..............327 30.49. Generic Routing Encapsulation Interfaces table ............. 328 30.50. Generic Routing Encapsulation Interfaces form ............. 328 31.1. OSPF and VRRP Example .................... 334 31.2. Dynamic Routing Menu ....................335 31.3.
Page 20 ROX™ 34.4. Multicast Groups Configuration table ................366 34.5. Multicast Groups Configuration form ................367 34.6. Outgoing Interfaces table ....................367 34.7. Multicast Routing Status table ..................368 34.8. Multicast Routing Status form ..................368 35.1. Security Menu ....................... 377 35.2.
Page 21 ROX™ 37.2. VRRP Group Example ....................411 37.3. VRRP Menu ........................411 37.4. Virtual Router Redundancy Protocol (VRRP) Form ............412 37.5. VRRP Group Table ....................... 412 37.6. VRRP Instance Table ....................412 37.7. VRRP Instance Form ..................... 413 37.8. Monitor Interface Form ....................414 37.9.
Page 22: Preface
This guide describes the web-based user interface for the ROX™ version 2.2 Operating System running on the RuggedBackbone™ RX5000 family of products. Supported Platforms ROX™2.2 is designed to work on RuggedCom's RuggedBackbone™ and RuggedRouter® hardware platforms. This ensures a consistent user experience when migrating from one product model in the family to another.
Page 23: Administration
Part I. Administration Part I. Administration Part I describes the administration of a ROX™-based networking device: The ROX Web Interface Chapter 1, The ROX™ Web Interface System Administration Chapter 2, System Administration Time Synchronization Chapter 3, Time Synchronization Basic Networking Configuration Chapter 4, Basic Network Configuration Advanced Networking Chapter 5, IP Network Interfaces...
Page 24: The Rox™ Web Interface
1. The ROX™ Web Interface 1. The ROX™ Web Interface ROX™ features two primary user interfaces: a web-based interface and a command line interface (CLI). This user guide documents the usage and structure of the web-based user interface. For details of the CLI, please refer to the ROX™...
Page 25: The Structure Of The Web Interface
1. The ROX™ Web Interface Start a web browser session and open a connection to the switch by entering a URL that specifies its IP address (https://192.168.1.2, to continue with the example above). Once the web browser makes contact with the switch, The resulting page should be the login prompt displayed below: Figure 1.1.
Page 26 This icon is usually found on a form where there are parameters to enter. Every web page in the ROX™ user interface has a header, illustrated above, containing: • The ROX™ and RuggedCom logos and a Logout button, which terminates the current web session.
Page 27: Top-Level Menu Categories
1. The ROX™ Web Interface • Tcpdump: a packet analyzer for TCP/IP and other packets • Traceroute: a tool for displaying route or path information and packet transit delays between IPv4 addresses • Traceroute6: a tool for displaying route or path information and packet transit delays between IPv6 addresses •...
Page 28: Making Configuration Changes
1. The ROX™ Web Interface interfaces The interfaces menu displays the status of functions configured via the interface menu. For example, eth functions can be configured using the eth submenu that is accessible from the interface menu. The eth status can be viewed by clicking on the eth submenu of the interfaces menu. switch The switch menu is used for configuring Layer 2 packet switching functions.
Page 29: Example Of Edit Private Mode
1. The ROX™ Web Interface Figure 1.4. Example of Edit Private Mode The example above depicts the process of adding a VLAN ID to an interface. The interface/eth/cm1 menu can be seen to contain: • A configuration entry, followed by a "delete" icon, , which removes the corresponding entry.
Page 30: Configuring Tables Using Key Settings Forms
1. The ROX™ Web Interface Exit Transaction Exit from configuration editing mode. If there are pending changes, a prompt will be presented to verify the discarding of all pending changes. 1.3.1. Configuring Tables Using Key Settings Forms Much of the information in ROX™ is organized into tables. Each table is indexed or sorted by a key, which is a piece of information such as a name, address, or other variable.
Page 31: Key Information In A Table
1. The ROX™ Web Interface Figure 1.6. Key Information in a Table The information entered in the key settings form will now appear in the table. Note that the table appears on the server screen, while the key settings form appears on the address screen, which is a submenu linked to the server screen (see below).
Page 32: Viewing More Information In Tables
1. The ROX™ Web Interface Figure 1.8. Example of Key Settings 2 The submenus that display the key settings forms appear in the far right column of the screen. Sometimes, it will be necessary to traverse several menu screens to get to a key settings form. 1.3.2.
Page 33: First Table Of Information
1. The ROX™ Web Interface Figure 1.9. First Table of Information Figure 1.10. Second Table of Information The second table of information shows the balance of the entries and contains a link back to the previous entries. ROX™ v2.2 User Guide RuggedBackbone™...
Page 34: System Administration
2. System Administration 2. System Administration This chapter describes administration-related functions and the Administration menu. Information on the Administration submenus is found throughout Part 1 of this guide. 2.1. Administration menu Figure 2.1. Administration menu The Administration (Admin) menu is accessible from the main menu. Use this menu to link to submenus related to alarms, DNS, logging, SNMP, authentication, user IDs and passwords, software versions (upgraded) and netconf.
Page 35: Shutdown The Device Menu Action Form
2. System Administration To acknowledge all alarms, click on the acknowledge-all-alarms menu action and then click the Perform button on the Acknowledge All Alarms form. Figure 2.4. Shutdown the Device Menu Action form To shut down the device, click on the shutdown menu action and then click the Perform button on the Shutdown the Device form.
Page 36: Administration Form
2. System Administration Figure 2.8. Restore-factory-defaults Trigger Action form To restore factory defaults to the system, click on the restore-factory-defaults menu action and then click the Perform button on the Restore-factory-defaults Trigger Action form. The Administration, Hostname, Timezone and Current System Time forms are accessible from the Admin menu.
Page 37: Timezone Form
2. System Administration The hostname is the name of the product. (This can be changed, though.) name Synopsis: A string conforming to: "[A-Za-z0-9]([A-Za-z0-9-]*[A-Za-z0-9])*" Default: ruggedcom The hostname is the name of this device. domain Synopsis: Domain name (RFC 1034) Default: localdomain The domain for this hostname.
Page 38: Administrative Access Control
2. System Administration The current local time 2.3. Administrative Access Control The following access control forms are accessible from the Administration menu - by clicking on the main menu under admin. Figure 2.14. CLI Sessions form enabled Synopsis: boolean Default: true Provides the ability to configure CLI features on the device.
Page 39: Idle-Timeout Field
2. System Administration Maximum Number of CLI Sessions Synopsis: unsigned integer Synopsis: - the keyword { unbounded } Default: 10 The maximum number of concurrent CLI sessions Idle Timeout Default: PT30M Maximum idle time before terminating a NETCONF session. If the session is waiting for notifications, or has a pending confirmed commit, the idle timeout is not used.
Page 40: Stfp Sessions Form
2. System Administration Figure 2.17. STFP Sessions form The SFTP Sessions form sets the parameters for Secure File Transfer Protocol (SFTP) sessions. enabled Synopsis: boolean Default: false Enable/Disable the SFTP user interface Listen IP Synopsis: IPv4 address in dotted-decimal notation Synopsis: IPv6 address in colon-separated hexadecimal notation Default: 0.0.0.0 The IP Address the SFTP will listen on for SFTP requests (default 0.0.0.0).
Page 41: Www Interface Sessions
2. System Administration Figure 2.18. WWW Interface Sessions The WWW Interface Sessions form provides control of WWW User Interface settings. enabled Synopsis: boolean Default: true Provides the ability to configure WebUI features on the device. Listen IP Synopsis: IPv4 address in dotted-decimal notation Synopsis: IPv6 address in colon-separated hexadecimal notation Default: 0.0.0.0 The IP Address the CLI will listen on for WebUI requests (default 0.0.0.0).
Page 42: User Accounts
2. System Administration Idle Timeout Default: PT30M Maximum idle time before terminating a WebUI session. If the session is waiting for notifications, or has a pending confirmed commit, the idle timeout is not used. The default value is 0, which means no timeout.
Page 43: Users Form
2. System Administration Figure 2.22. Users form name Synopsis: string User Name password Synopsis: A string User Password role Synopsis: string - one of the following keywords { guest, operator, administrator } Default: guest User Role Figure 2.23. Users Screen in Edit Private View Passwords can be managed, added and deleted while in the Edit Private view.
Page 44: Software Upgrade
2. System Administration 2.5. Software Upgrade ROX™ supports two system partitions. One is always active and the other is inactive. ROX™ always applies software upgrades to the inactive partition, providing the following advantages: 1. The current system is unaffected and can operate normally while the upgrade is in progress 2.
Page 45: Upgrade Monitoring
2. System Administration target-version Figure 2.26. Upgrade Monitoring The Upgrade Monitoring form displays the status of the current upgrade operation. software-partition Synopsis: A string The current active partition number. The unit has two software partitions: #1 and #2. Upgrades are always peformed to the other partition.
Page 46: Launch Upgrade
2. System Administration Phase 3: Package Installation (% complete) Synopsis: integer Phase 3 of the upgrade installs all packages that require an update. This reflects the estimated percent complete. Last Attempt Synopsis: A string The date and time of completion of the last upgrade attempt. Last Result Synopsis: string - one of the following keywords { Interrupted, Declined, Not Applicable, Reboot Pending, Unknown, Upgrade Failed, Upgrade Successful }...
Page 47: Roxflash Cross-Partition Imaging Tool - Software Downgrade
ROX™ software version to the inactive partition. To obtain a flash image, contact your RuggedCom sales representative. Place the flash image in a location on your network accessible to the ROX™. On the ROXflash form, enter the URL for the flash image and flash it to the inactive partition.
Page 48: Roxflash Menu
2. System Administration The ROX-Imaging menu is accessible from the main menu under admin. The ROXflash Monitoring form appears on the same screen as this menu. Figure 2.31. ROXflash Monitoring form This form shows the progress and state of the roxflash operation (during an upgrade or downgrade). ROXflash Phase Synopsis: string - one of the following keywords { Failed, Completed successfully, Unknown state, Imaging partition, Downloading image, Inactive }...
Page 49: Scheduling Jobs
2. System Administration Figure 2.33. ROXFlash forms To perform a ROXFlash operation, enter the URL into the ROXflash form and then click the Perform button. Next, monitor the progress by returning to the ROXflash Monitoring form. 2.7. Scheduling Jobs Use job scheduling to execute CLI (command line interface) commands at a specified time and date or in response to configuration changes.
Page 50: Scheduled-Jobs Table
2. System Administration Figure 2.35. Scheduled-jobs table To add a scheduled job: • Enter edit mode, navigate to admin/scheduler, and click <Add scheduled-jobs>. • On the Key settings form, enter a name for the job and click Add. • On the Scheduled Jobs form, set the job parameters. Figure 2.36.
Page 51 2. System Administration • To specify a range of values, enter the range as comma-separated values. For example, to launch the job every minute between 30 and 45 minutes past the hour, enter 30-45 Hour Synopsis: A string For periodic jobs, sets the hour portion of the job launch time, in the 24-hour clock format. Valid values are in the range of 0 to 23.
Page 52: The Featurekey
CM moves the feature level to the new CM. If you want the upgraded feature level to be tied to a specific CM, contact your RuggedCom sales representative to arrange for an RMA (Return to Manufacturer Authorization) to have the featurekey programmed into the CM.
Page 53: Viewing Ruggedcom Serial Numbers
2.8.4. Viewing RuggedCom Serial Numbers When you order a new featurekey, you need to provide RuggedCom with the control module and backplane serial numbers. This section describes how to view your device’s serial numbers through the CLI screen in the ROX™...
Page 54: Uploading A Featurekey
RuggedCom. main 2.8.5. Uploading a Featurekey After receiving your featurekey file from RuggedCom, save the file to a computer that is accessible to your device through your network. 2.8.5.1. Uploading a Featurekey Using the Web User Interface Install Featurekey files using the Install Files forms found under the admin menu.
Page 55: Backing Up A Featurekey Using The Web User Interface
For example: file scp-featurekey-from-url wsmith@10.200.20.39:/files/keys/1_cmRX1K-12-11-0015.key 1_cmRX1K-12-11-0015.key Type the command with your parameters and press Enter. When prompted, type the user’s password and press Enter. The system uploads the featurekey file: ruggedcom# file scp-featurekey-from-url wsmith@10.200.20.39:/files/keys/ 1_cmRX1K-12-11-0015.key 1_cmRX1K-12-11-0015.key wsmith@10.200.20.39's password: 1_cmRX1K-12-11-0015.key 100% 0.2KB/s...
Page 56: Installing And Backing Up Files
2. System Administration Figure 2.39. Backup Files forms For more information on backing up files, see Section 2.9.2, “Backing Up Files”. 2.9. Installing and Backing Up Files You can install and back up files using the following forms found under the admin menu. Figure 2.40.
Page 57: Backing Up Files
2. System Administration Figure 2.41. Install Files forms On the Install Files form, select the file type and enter a URL. On the Install Files To Devices form, click the Perform button. 2.9.2. Backing Up Files To back up a file, click on backup-files. The Backup Files forms appear. Figure 2.42.
Page 58: Deleting Log Files
2. System Administration 2.10. Deleting Log Files Figure 2.43. Delete-logs menu To delete log files, click the Perform button on the Delete Log Files form. This form is accessible at admin/delete-logs. Figure 2.44. Delete Log Files form 2.11. Saving Full Configurations Save full configurations to a file using the forms below.
Page 59: Loading Full Configurations
2. System Administration Figure 2.46. Save Full Configuration forms To save full configurations to a file, select the format and enter the parameters in the Save Full Configuration form, then click the Perform button in the Saving Full Configuration form. 2.12.
Page 60: Time Synchronization
3. Time Synchronization 3. Time Synchronization ROX™ offers the following timekeeping and time synchronization features: • Local hardware timekeeping and time zone management • NTP time synchronization 3.1. NTP Fundamentals NTP (Network Time Protocol) is an Internet protocol used to synchronize the clocks of computers to some time reference.
Page 61: Configuring Time Synchronization
3. Time Synchronization After booting, NTP uses slewing to achieve synchronization by making small and frequent changes to the router hardware clock. If the reference server’s clock differs from the local clock by more than 1000 seconds, the NTP daemon decides that a major problem has occurred and terminates. 3.2.
Page 62: Configuring The Local Time Settings
3. Time Synchronization Figure 3.2. Timezone form • Commit the changes. 3.2.3. Configuring the Local Time Settings On the Local Time Settings form, you enable the local clock and set the NTP stratum level. The path to the Local Time Settings form is /services/time/ntp. To set the local time settings: •...
Page 63: Network Time Protocol (Ntp) Servers Form
3. Time Synchronization • In edit mode, navigate to /services/time/ntp/server and click <Add server>. • On the Key settings form, enter the IP address or hostname for the server and click Add. • On the Network Time Protocol (NTP) Servers form, set the server parameters. •...
Page 64: Adding Server Keys
3. Time Synchronization Prefer Marks this server as preferred. Synopsis: unsigned short integer An authentication key associated with this host. 3.2.5. Adding Server Keys Use server keys to use authentication for NTP communications. NTP authentication authenticates the time source to help prevent tampering with NTP timestamps. When using authentication, both the local and remote servers must share the same key and key identifier.
Page 65: Server Restrictions Key Settings Form
3. Time Synchronization Figure 3.7. Server Restrictions Key settings form Address Synopsis: IPv4 address in dotted-decimal notation Synopsis: IPv6 address in colon-separated hexadecimal notation Synopsis: Domain name (RFC 1034) Synopsis: string - the keyword { default } Address to match. The address can be host or network IP address or a valid host DNS name. Mask Synopsis: IPv4 address in dotted-decimal notation Synopsis: string - the keyword { default }...
Page 66: Configuring An Ntp Server Using Multicast Or Broadcast
3. Time Synchronization • nopeer: denies packets which result in mobilizing a new association. • nomodify: denies ntpq(8) and ntpdc(8) queries attempting to modify the state of the server; queries returning information are permitted. • lowpriotrap: declares traps set by matching hosts to be low priority. •...
Page 67: Configuring An Ntp Client Using Multicast
3. Time Synchronization 3.2.8. Configuring an NTP Client using Multicast Configuring a multicast address for an NTP client enables the client to listen for and receive NTP messages on the multicast address. It is recommended that NTP authentication be used and that a server key be set with the multicast setting.
Page 68: Checking Ntp Status
3. Time Synchronization Enable Broadcast Client The broadcast address on which the NTP client listens for NTP messages. 3.2.10. Checking NTP Status To view the NTP service status: • In normal or edit mode, navigate to /services/time/ntp/ntp-status and click <ntp-status>. •...
Page 69: Basic Network Configuration
4. Basic Network Configuration 4. Basic Network Configuration This chapter discusses the following: • IP Interfaces • Configuring IPv4 and IPv6 Addresses • Simple Network Setups with IPv4 and IPv6 Addresses 4.1. IP Interfaces Figure 4.1. IP menu The IP menu is accessible from the main menu under ip. 4.1.1.
Page 70: Simple Network Setup With The Default Ipv4 Addresses
4. Basic Network Configuration Figure 4.2. Configuring an IP Address Procedure 4.1. Configuring an IP Address Enter Edit Private mode. Navigate to ip/interface/ipv4. To delete an existing IP address, click the delete icon. Click Add address. The Key settings form appears. In the IPaddress field, type the new IP address.
Page 71: Configuring An Ipv6 Address
4. Basic Network Configuration Procedure 4.2. Basic Network Setup Using the Default IPv4 Addresses Connect a user PC to the Fast Ethernet port (fe-cm-1) of the RX5000 and configure the PC to be on the same subnet as the port. Configure the PC to use the IP address of the Fast Ethernet port as the default gateway Connect one of the switched ports from any available LMs to a switch typically connecting a LAN The PCs connected to the switch should be on the same subnet as the switch.
Page 72: Routable Interfaces
4. Basic Network Configuration Figure 4.4. Simple IPv6 Network Setup Procedure 4.4. Simple IPv6 Network Setup Connect a user PC to Fast Ethernet port (fe-cm-1) of the RX5000 and configure the PC to be on the same subnet as the port. Configure the S.PC with IPv6 address FDD1:9AEF:3DE4::1/24 and Default Gateway as FDD1:9AEF:3DE4::2.
Page 73: Addresses Form
4. Basic Network Configuration The name for this routable logical interface Auto-Cost Bandwidth (kbps) Synopsis: unsigned long integer This value is used in auto-cost calculations for this routable logical interface in kbps Figure 4.7. Addresses table The path to the Addresses table is ip/{interface}/ipv4. The Addresses table provides a summary of which IP addresses are configured.
Page 74: Ip Network Interfaces
5. IP Network Interfaces 5. IP Network Interfaces This chapter familiarizes the user with: • IPv6 Fundamentals and IPv6 Neighbor Discovery • Adding VLAN Interfaces to Switched Ports • Configuring IP Address Source and ProxyARP for Switched and Non-switched Interfaces 5.1.
Page 75: Ipv6 Neighbor Discovery
5. IP Network Interfaces Temporary), then the following 4 bits to define the scope (1 - Node, 2 - Link, 5 - Site, 8 – Organization and E – Global) and the last 112 bits identify a multicast Group ID. Some well-known multicast addresses are mentioned below: IPv6 M.Cast Address Scope...
Page 76: Neighbor Discovery Form
5. IP Network Interfaces Figure 5.1. Neighbor Discovery form The path to the Neighbor Discovery form is ip/{interface}/ipv6/nd. Enable Route Advertisement Enable to send router advertisement messages. Set Advertisement Interval Option Includes an Advertisement Interval option which indicates to hosts the maximum time in milliseconds, between successive unsolicited router advertisements.
Page 77: Neighbor Discovery Ipv6 Prefix
5. IP Network Interfaces Set Other Statefull Configuration Flag The flag in IPv6 router advertisements, which indicates to hosts that they should use the administered (stateful) protocol to obtain autoconfiguration information other than addresses. Router Lifetime Synopsis: unsigned integer Default: 1800 The value (in seconds) to be placed in the Router Lifetime field of router advertisements sent from the interface.
Page 78: Adding Interfaces To Switched Ports
5. IP Network Interfaces The length of time in seconds during which addresses generated from the prefix remain preferred. The default value is 604800. Off Link Indicates that advertisement makes no statement about on-link or off-link properties of the prefix. No Autoconfig Indicates to hosts on the local link that the specified prefix cannot be used for IPv6 autoconfiguration.
Page 79: Explicitly Adding A Vlan Interface To A Switched Port
5. IP Network Interfaces Figure 5.4. Explicitly Adding a VLAN Interface to a Switched Port Procedure 5.1. Explicitly Adding a VLAN Interface at switch/vlans/static-vlan Go into Edit Private mode. Navigate to switch/vlans/static-vlan. Click on Add static-vlan. The Key settings form appears. In the VLAN ID field, enter a number from 1 to 4094 (for example, 2).
Page 80: All-Vlans
5. IP Network Interfaces In the Trunk ID field, type a number between 1 and 15. Click Add. The Trunks forms appear. On the VLAN form, type a PVID number into the PVID field. Click Commit. Click Exit Transaction. Procedure 5.4. Implicitly Adding a VLAN Interface at switch/mac-tables/static-mac-table Go into Edit Private mode.
Page 81: All Vlans Table
5. IP Network Interfaces Figure 5.5. All VLANs table 5.3.1.1. Configuring IP Address Source and ProxyARP for VLAN Interfaces The All VLANs Properties form can be used to configure ProxyARP and dynamic address source by following the procedures below. Figure 5.6. All VLANs Properties form Procedure 5.6.
Page 82: Non-Switched Interface Menu
5. IP Network Interfaces 5.4. Non-switched Interface Menu Figure 5.7. Non-switched Interface menu The Non-switched (or Route-only) Interface menu is accessible from the main menu. Figure 5.8. Routable Ethernet Ports table The path to the Routable Ethernet Ports table is interface/eth. Figure 5.9.
Page 83 5. IP Network Interfaces Synopsis: string - one of the following keywords { lm6, lm5, lm4, lm3, lm2, lm1, sm } The name of the module location provided on the silkscreen across the top of the device. Port Synopsis: integer The port number as seen on the front plate silkscreen of the switch (or a list of ports, if aggregated in a port trunk).
Page 84: Configuring Ip Address Source And Proxyarp For Non-Switched Interfaces
5. IP Network Interfaces 5.4.1. Configuring IP Address Source and ProxyARP for Non-switched Interfaces IP addresses on routable ports are static by default. To change the IP address of the port to dynamic, follow the procedure below. ProxyARP can also be enabled using this form. Figure 5.10.
Page 85 5. IP Network Interfaces Click Commit. Click Exit Transaction. To set ProxyARP for a static or dynamic interface, follow the procedure below. Procedure 5.9. Setting ProxyARP Go into Edit Private mode. Go to interface/eth/(port}. The Routable Ethernet Ports form appears. In the ProxyARP field, click Enabled.
Page 86: Alarms
6. Alarms 6. Alarms 6.1. Introduction The ROXII alarm system is a highly configurable notification system of events of interest. Asserted alarms in the system may be viewed in a table in the CLI, web user interface, as well as queried by NETCONF.
Page 87: Alarm Configuration
6. Alarms 2. Clearable alarms - these alarms simply report an event of interest that has no resolution per se. An example of this would be a 'configuration changed' alarm. These alarms are clearable by the user and are never cleared by the system. Alarms may be cleared and acknowledged both on an individual basis and globally (i.e.
Page 88: Active Alarms Form
6. Alarms Figure 6.4. Active Alarms form subsystem Synopsis: string - one of the following keywords { wan, switch, chassis, admin } Alarms are categorized by the subsystem to which they belong e.g.: Admin, Chassis, Ethernet, WAN. Alarm ID Synopsis: integer Alarm Type Identifier.
Page 89: Acknowledge Alarm Menu Action Form
6. Alarms Indicates which actuator(s) this alarm currently asserts. 'ACKED' indicates the alarm was acknowledged so actuators are de-asserted. Individual alarms can be cleared or acknowledged on the Clear Alarm Menu Action form or the Acknowledge Alarm Menu Action form. To clear or acknowledge an alarm, select admin/alarms/{alarms submenu} and then select the Clear action or the Acknowledge action.
Page 90: Administrative Alarm Configuration
6. Alarms 6.2.1. Administrative Alarm Configuration Figure 6.9. Admin Alarm Configuration table The path to the Admin Alarm Configuration table is admin/alarm-config/admin. Figure 6.10. Admin Alarm Configuration form The path to the Admin Alarm Configuration form is admin/alarm-config/admin/{alarm id}. Synopsis: integer This is the ID number of the alarm assigned by the system.
Page 91: Chassis Alarm Configuration
6. Alarms 6.2.2. Chassis Alarm Configuration Figure 6.11. Chassis Alarm Configuration table The path to the Chassis Alarm Configuration form is admin/alarm-config/chassis. Figure 6.12. Chassis Alarm Configuration form The path to the Chassis Alarm Configuration form is admin/alarm-config/chassis/{alarm id). Synopsis: integer This is the ID number of the alarm assigned by the system.
Page 92: Switch Alarm Configuration
6. Alarms 6.2.3. Switch Alarm Configuration Figure 6.13. Switch Alarm Configuration table The path to the Switch Alarm Configuration form is admin/alarm-config/switch. Figure 6.14. Switch Alarm Configuration form The path to the Switch Alarm Configuration form is admin/alarm-config/switch/{alarm id). Synopsis: integer This is the ID number of the alarm assigned by the system.
Page 93: Domain Name Search
7. Domain Name Search 7. Domain Name Search 7.1. Domain Name Lookup The DNS (Domain Name Service) menu is accessible from the main menu under admin. The path to this menu is admin/dns. Figure 7.1. DNS menu Figure 7.2. Domain Name Searches form The path to the Domain Name Searches form is admin/dns/search.
Page 94: Logging
8. Logging 8. Logging The syslog provides users with the ability to configure local and remote syslog connections. The remote syslog protocol, defined in RFC 3164, is a UDP/IP-based transport that enables a device to send event notification messages across IP networks to event message collectors, also known as syslog servers. The protocol is simply designed to transport these event messages from the generating device to the collector.
Page 95: Remote Server Selector Table
8. Logging Figure 8.3. Remote Server form If data is configured, there will be a list of logging servers under admin/logging/server. Clicking on each server will allow you to access the settings and Remote Server forms. Server IP Address Synopsis: IPv4 address in dotted-decimal notation Synopsis: IPv6 address in colon-separated hexadecimal notation Synopsis: Domain name (RFC 1034) The IPv4 or IPv6 address of a logging server.
Page 96: Remote Server Selector Form
8. Logging Figure 8.6. Remote Server Selector form name Synopsis: integer The log selector identifier. Enter an integer greater than 0; up to 8 selectors can be added. The log selector determines which subsystem messages are included in the log. negate Excludes messages defined in the Remote Server Selector fields from the log.
Page 97: Deleting Logs
8. Logging facility-list Synopsis: string - one of the following keywords { all, local7, local6, local5, local4, local3, local2, local1, local0, uucp, user, syslog, security, news, mail, lpr, kern, ftp, daemon, cron, authpriv, auth } Synopsis: "facility-list" occurs in an array of at most 8 elements. The subsystems generating log messages.
Page 98: Snmp
9. SNMP 9. SNMP The SNMP (the Simple Network Management Protocol) protocol is used by network management systems and the devices they manage. SNMP is used to manage items on the device to be managed, as well as by the device itself, to report alarm conditions and other events. The first version of SNMP, V1, provides the ability to send a notification of an event via "traps".
Page 99 The main subtree for RuggedCom configuration change trap. trapFanBankTrap The main subtree for RuggedCom fan bank trap. trapHotswapModuleStateChangeTrap The main subtree for RuggedCom fan hotswap module state change trap. Table 9.1. SNMP Traps ROX™ v2.2 User Guide RuggedBackbone™ RX5000...
Page 100: Snmp Access Configuration
9. SNMP 9.2. SNMP Access Configuration To configure SNMP access to ROX™, follow the procedures outlined in the example below. 9.2.1. Add an SNMP User ID Figure 9.1. Adding an SNMP User ID Procedure 9.1. Adding an SNMP User ID Navigate to admin/user.
Page 101: Create An Snmp Community
9. SNMP 9.2.2. Create an SNMP Community Figure 9.2. Creating an SNMP Community Procedure 9.2. Creating an SNMP Community Navigate to admin/snmp/snmp-community. Click on <Add snmp-community>. The Key settings form appears. In the Community Name field, enter snmpv2_user and click Add. The SNMPv1/v2c Community Configuration form appears.
Page 102: Map The Community To A Security Group
9. SNMP 9.2.3. Map the Community to a Security Group Figure 9.3. Mapping the Community to a Security Group Procedure 9.3. Mapping the Community to a Security Group Navigate to admin/snmp/security-to-group. Click on <Add snmp-security-to-group>. The Key settings form appears. In the Security Model field, select v2c.
Page 103: Snmp Sessions Form
9. SNMP The SNMP menu is located at admin/snmp. The SNMP Sessions form and the SNMP USM Statistics form appear on the same screen as the SNMP menu. Figure 9.5. SNMP Sessions form Enable Synopsis: boolean Default: false Provides the ability to configure snmp features on the device. Listen IP Synopsis: IPv4 address in dotted-decimal notation Synopsis: IPv6 address in colon-separated hexadecimal notation...
Page 104 9. SNMP The SNMP agent will also listen on these IP Addresses:Port values. Add ':#' to set non-default port value #. (ie. xxx.xxx.xxx.xxx:19343 [::] [::]:16000) Maximum Number of SNMP Sessions Synopsis: unsigned integer Synopsis: - the keyword { unbounded } Default: 30 The maximum number of concurrent SNMP sessions SNMP Local Engine ID...
Page 105: Snmp Usm Statistics Form
9. SNMP Figure 9.6. SNMP USM Statistics form This table provides statistics for SNMP authentication requests Unsupported Security Levels Synopsis: unsigned integer The total number of packets received by the SNMP engine which were dropped because they requested a securityLevel that was unknown to the SNMP engine or otherwise unavailable. Not In Time Windows Synopsis: unsigned integer The total number of packets received by the SNMP engine which were dropped because they...
Page 106: Snmp Discovery
9. SNMP 9.4. SNMP Discovery Figure 9.7. SNMP-Discover action The path to this menu action is admin/snmp/snmp-discover. Figure 9.8. SNMP Engine ID Discover forms To discover SNMP Engine IDs, use the SNMP Engine ID Discover and Trigger Action forms. On the SNMP Engine ID Discover form, enter parameters in the fields.
Page 107: Snmp Target Addresses
9. SNMP The SNMP community security name Figure 9.10. SNMPv1/v2c Community Configuration form The path to the SNMP Community Configuration form is admin/snmp/snmp-community/{private} or {public}. 9.6. SNMP Target Addresses Figure 9.11. SNMP Target Configuration table The path to the SNMP Target Configuration table is admin/snmp/snmp-target-address. ROX™...
Page 108: Snmpv3 Target Configuration Form
9. SNMP Figure 9.12. SNMPv3 Target Configuration form To display the SNMP Target Configuration form, navigate to admin/snmp/snmp-target-address/ {address}. Target Name A descriptive name for the target (ie. 'Corportate NMS') enabled Synopsis: boolean Default: true Enables/disables this specific target Target Address Synopsis: IPv4 address in dotted-decimal notation Synopsis: IPv6 address in colon-separated hexadecimal notation IPv4 or IPv6 address for the remote target.
Page 109: Snmp Users
9. SNMP UDP Port for the remote target to receive traps on(default 162). Security Model Synopsis: string - one of the following keywords { v3, v2c, v1 } Default: v2c The SNMP security model to use: SNMPv1, SNMPv2c, or USM/SNMPv3 User Name Synopsis: string The user name to be used in communications with this target.
Page 110: Snmp User Configuration Form
9. SNMP Figure 9.14. User Configuration Key Settings form Figure 9.15. SNMP User Configuration form The path to the Key Settings form and the SNMP User Configuration form is admin/snmp/snmp-user/ {user}. User SNMP Engine ID The administratively-unique identifier for the SNMP engine; a value in the format nn:nn:nn:nn:nn:...:nn, where nn is a 2-digit hexadecimal number.
Page 111: Snmp Security To Group Maps
9. SNMP 9.8. SNMP Security to Group Maps Entries in this table map the configuration of the security model and security name (user) into a group name, which is used to define an access control policy. Up to 32 entries can be configured. Figure 9.16.
Page 112: Snmp Group Access Configuration Table
9. SNMP Figure 9.19. SNMP Group Access Configuration table The path to this table is admin/snmp/admin/snmp/snmp-access. Figure 9.20. Key Settings form Figure 9.21. SNMP Group Access Configuration form The path to this form is admin/snmp/snmp-access/{access group}. Group The SNMP group name. Security Model Synopsis: string - one of the following keywords { v3, v2c, v1, any } The SNMP security model to use: SNMPv1, SNMPv2c, or USM/SNMPv3...
Page 113 9. SNMP Write View Name Synopsis: string - one of the following keywords { all-of-mib, restricted, v1-mib, no-view } Default: all-of-mib The name of the write view to which the SNMP group has access: all-of-mib, restricted, v1-mib, or no-view. Notify View Name Synopsis: string - one of the following keywords { all-of-mib, restricted, v1-mib, no-view } Default: all-of-mib The name of the notification view to which the SNMP group has access: all-of-mib, restricted, v1-...
Page 114: Authentication
10. Authentication 10. Authentication The Authentication menu is accessible from the main menu under admin. The path to this menu is admin/authentication. Figure 10.1. Authentication menu The Authentication menu is accessible from the main menu under admin. The path to this menu is admin/authentication.
Page 115: Radius On Rox
10. Authentication both the NAS and the RADIUS server, transactions are encrypted and authenticated through the use of a shared secret, which is never sent in the clear. Some administrators set the passwords of existing ROX™ accounts uniquely for each router, and then employ a common password per account for all routers served by RADIUS.
Page 116: Primary Radius Server Form
10. Authentication Figure 10.2. Primary RADIUS Server form The Primary and Secondary RADIUS Server forms are accessible from the radius menu, which is a sub menu of the authentication menu. The path to this menu is admin/authentication/radius. These forms are also accessible from global/ppp/radius. address Synopsis: IPv4 address in dotted-decimal notation The IPv4 address of the server...
Page 117 10. Authentication password Synopsis: "AES CFB128"-encrypted string The password of the RADIUS server For more information on 802.1x Authentication, please see Chapter 21, Port Security. For additional information on RADIUS server configuration, please see Appendix B, RADIUS Server Configuration. ROX™ v2.2 User Guide RuggedBackbone™...
Page 118: Netconf
11. NETCONF 11. NETCONF Figure 11.1. NETCONF menu The NETCONF menu is accessible from the main menu under admin. The path to this menu is admin/ netconf. Figure 11.2. NETCONF Sessions form The path to the NETCONF Sessions form and the NETCONF State/Statistics form is admin/netconf. enabled Synopsis: boolean Default: true...
Page 119: Idle-Timeout Field
11. NETCONF Default: 830 The port on which NETCONF listens for NETCONF requests. The default is port 830. Extra IP:Ports Synopsis: A string Synopsis: "extra-ip-ports" occurs in an array. Additional IP addresses and ports on which NETCONF listens for NETCONF requests. You can specify IP addresses and ports in the following forms: •...
Page 120: Netconf State/Statistics Form
11. NETCONF Figure 11.4. NETCONF State/Statistics form in Bad Hellos Synopsis: unsigned integer The total number of sessions silently dropped because an invalid 'hello' message was received. This includes hello messages with a 'session-id' attribute, bad namespace, and bad capability declarations. in Sessions Synopsis: unsigned integer The total number of NETCONF sessions started towards the...
Page 121 11. NETCONF The total number of 'notification' messages sent. ROX™ v2.2 User Guide RuggedBackbone™ RX5000...
Page 122: Chassis Management
The Chassis Status form contains basic status information about the chassis. This form appears on the same screen as the Chassis menu. Chassis Model Synopsis: string The RuggedCom device model name. software-license Synopsis: string The current software capability. ROX™ v2.2 User Guide...
Page 123: Power Controller
12. Chassis Management order-code Synopsis: A string The order code derived from the current configuration of the device. ROX Software Release Synopsis: string The release of ROX running on the chassis. 12.1. Power Controller Figure 12.3. Power Controller form As of ROX version 2.2, the balance-mode feature is not supported. This feature remains in the interface for backwards compatibility.
Page 124: Slot Hardware
12. Chassis Management The name of the power module slot as labeled on the chassis MOV Protection Synopsis: string - one of the following keywords { damaged, working, na } The state of the MOV protection circuit PM Temperature (C) Synopsis: integer The temperature (Celsius) inside the power module PM Current (mA)
Page 125: Slot Identification
12. Chassis Management Synopsis: string - the keyword { trnk } The slot name, as marked on the silkscreen across the top of the chassis. Order Code Synopsis: A string The order code of the chassis as derived from the current hardware configuration. Detected Module Synopsis: A string The installed module's type specifier.
Page 126: Cpu
12. Chassis Management Detected Module Synopsis: A string The installed module's type specifier. Bootloader Synopsis: string The version of the ROX bootloader software on the installed module. FPGA Synopsis: string The version of the ROX FPGA firmware (if any) running on the installed module. 12.4.
Page 127: Slot Status
12. Chassis Management detected-module Synopsis: A string The installed module's type specifier. CPU load(%) Synopsis: integer The CPU load, in percent, on the installed module. RAM Avail(%) Synopsis: integer The proportion of memory (RAM) currently unused, in percent, on the installed module. RAM Low(%) Synopsis: integer The lowest proportion of unused memory (RAM), in percent, recorded for the installed module since...
Page 128: Slot Sensors
12. Chassis Management slot Synopsis: string - the keyword { --- } Synopsis: string - one of the following keywords { main, pm2, pm1 } Synopsis: string - one of the following keywords { lm6, lm5, lm4, lm3, lm2, lm1, sm } Synopsis: string - one of the following keywords { em, cm } Synopsis: string - the keyword { trnk } The slot name, as marked on the silkscreen across the top of the chassis.
Page 129: Module Configuration
12. Chassis Management Figure 12.15. Slot Sensors form Slot sensors contain temperature and power supply information about the installed modules. slot Synopsis: string - the keyword { --- } Synopsis: string - one of the following keywords { main, pm2, pm1 } Synopsis: string - one of the following keywords { lm6, lm5, lm4, lm3, lm2, lm1, sm } Synopsis: string - one of the following keywords { em, cm } Synopsis: string - the keyword { trnk }...
Page 130: Modules Table
12. Chassis Management Figure 12.16. Modules table Figure 12.17. Modules form The Module Configuration feature provides administrative control of the installed modules. The Modules table and form provide information about the administrative control of a module in a particular chassis slot.
Page 131: Module Database Table
12. Chassis Management slot Synopsis: string - the keyword { --- } Synopsis: string - one of the following keywords { main, pm2, pm1 } Synopsis: string - one of the following keywords { lm6, lm5, lm4, lm3, lm2, lm1, sm } Synopsis: string - one of the following keywords { em, cm } Synopsis: string - the keyword { trnk } The slot name, as marked on the silkscreen across the top of the chassis.
Page 132: Configurable Modules Table
12. Chassis Management Figure 12.22. Configurable Modules table Figure 12.23. Configurable Modules form ROX™ v2.2 User Guide RuggedBackbone™ RX5000...
Page 133: Ppp Users
13. PPP Users 13. PPP Users 13.1. Overview Use the PPP menu to configure local and remote authentication for PPP user login through an L2TP client. A PPP Server can be configured to accept a connection request only after validating the user’s credentials.
Page 134: Ppp Configuration Form
13. PPP Users Figure 13.3. Dial-in Users form The Dial-in Users form allows you to add PPP profiles for dial-in users. To display the Dial-out PPP Users table, navigate to global/ppp/profiles/dialout. Figure 13.4. Dial-out PPP Users table Dial-out PPP is used to add PPP profile for dialOut users. name Synopsis: A string The connection name...
Page 135 13. PPP Users Default: N/A The user ID used to log on to a remote PPP server password Synopsis: A string Default: N/A The password used to log on to a remote PPP server dial-type Synopsis: string - one of the following keywords { Pulse, DTMF } Default: DTMF The type of dialing system to use on the phone line.
Page 136: Ppp Interfaces And Link Failover
13. PPP Users Figure 13.6. PPP Primary Radius Server form address Synopsis: IPv4 address in dotted-decimal notation The IPv4 address of the server port-udp Synopsis: integer Default: 1812 password Synopsis: "AES CFB128"-encrypted string Figure 13.7. PPP Secondary Radius Server form address Synopsis: IPv4 address in dotted-decimal notation The IPv4 address of the server...
Page 137 13. PPP Users The PPP Dial-on-demand option is a standard PPP option. This option triggers the modem dial-out when there is traffic passing through the modem link. The modem hangs up when traffic stops within the time set in the PPP Disconnect-idle-timeout option. When Dial-on-demand is enabled, the presence of traffic controls the operation of the modem link.
Page 138: Dhcp Relay
14. DHCP Relay 14. DHCP Relay A DHCP Relay Agent is a device that forwards DHCP packets between clients and servers when they are not on the same physical LAN segment or IP subnet. The feature is enabled if the DHCP server IP address and a set of access ports are configured.
Page 139: Dhcp Relay Agent Client Ports Table
14. DHCP Relay The DHCP Relay Agent form appears on the same screen as the DHCP Relay Agent menu. DHCP Server Address Synopsis: IPv4 address in dotted-decimal notation The IP address of the DHCP server to which DHCP queries will be forwarded from this relay agent. Figure 14.3.
Page 140: Dhcp Server
15. DHCP Server 15. DHCP Server 15.1. DHCP Fundamentals Dynamic Host Configuration Protocol (DHCP) is a method for centrally and consistently managing IP addresses and settings for clients, offering a variety of assignment methods. IP addresses can be assigned based on the Ethernet MAC address of a client, sequentially, or by using port identification provided by a DHCP relay agent device.
Page 141: Configuring Dhcp Server
15. DHCP Server 15.2. Configuring DHCP Server The DHCP Server menu is available under services at services/dhcpserver. Figure 15.1. DHCP Server menu Under services/dhcpserver, you can configure the following: • enable the DHCP service. See Section 15.2.1, “Enabling the DHCP Service”.
Page 142: Dhcp Subnets And Pools
15. DHCP Server Figure 15.3. Listen Interfaces table • To add a DHCP listen interface, enter edit mode, navigate to services/dhcpserver/interface, and click <Add interface>. On the Key settings form, select an interface from the list and click Add. 15.2.3. DHCP Subnets and Pools •...
Page 143: Dhcp Shared Networks
15. DHCP Server 15.2.3.1. DHCP Pools • To view a list of DHCP pools, navigate to /services/dhcpserver/subnet{subnet02}/options/iprange. Figure 15.6. IP Pool Configuration table • To add a DHCP pool, enter edit mode, navigate to /services/dhcpserver/subnet{subnet02}/options/ iprange, and click <Add iprange>. On the Key settings form, type the starting IP address of the range and click Add.
Page 144: Dhcp Host-Groups
15. DHCP Server • To set Hardware Configuration, Lease Configuration, and Client Configuration options, navigate to /services/dhcpserver/host{host id}/options. For more information, see Section 15.2.10, “Hardware Configuration”, Section 15.2.8.1, “Lease Configuration Options”, and Section 15.2.8.2, “Client Configuration Options at the DHCP Levels”.
Page 145: Dhcp Options
15. DHCP Server Figure 15.10. /services/dhcpserver/show-active-leases form 15.2.8. DHCP Options You can set DHCP options at the subnet, shared network, host-groups, and hosts level. Options set at lower levels override those set at higher levels. DHCP options are set on the following forms: •...
Page 146: Lease Configuration Form
15. DHCP Server Figure 15.11. Lease Configuration form default Synopsis: integer Default: 600 The minimum leased time that the server offers to the client maximum Synopsis: integer Default: 7200 The maximum leased time that the server offers to the client 15.2.8.2.
Page 147: Client Configuration Form For Hosts
15. DHCP Server 15.2.8.2.2. Client Configuration Options: Hosts To set DHCP client configuration options at the host level, enter edit mode and navigate to /services/ dhcpserver/host{host id}/options. Figure 15.13. Client Configuration form for Hosts fixed-ip Synopsis: IPv4 address in dotted-decimal notation The IP address that the server assigns to the matching client unknown-client Synopsis: string - one of the following keywords { ignore, deny, allow }...
Page 148: Client Configuration Form For Dhcp Clients
15. DHCP Server unknown-client Synopsis: string - one of the following keywords { ignore, deny, allow } Default: allow The action to take for previously unregistered clients shared-network Synopsis: A string Shared-network that this host group belongs to subnet Synopsis: A string The subnet that this host group belongs to 15.2.8.3.
Page 149: Nis Configuration Form
15. DHCP Server The default route that the server offers to the client when it issues the lease to the client broadcast Synopsis: IPv4 address in dotted-decimal notation The broadcast address that the server offers to the client when it issues the lease to the client domain Synopsis: string The domain name that the server offers to the client when it issues the lease to the client...
Page 150: Custom Dhcp Options
15. DHCP Server Default: 127.0.0.1 The NetBIOS nameserver that the dhcpserver offers to the client when it issues the lease to the client 15.2.9. Custom DHCP Options You can set custom DHCP options at the under clients at all DHCP levels. To set a custom DHCP option, you need to know the number of the option you want to set and the valid values for the option.
Page 151 15. DHCP Server The physical network address of the client. Note that this corresponds to the hardware type; for example, MAC address for ethernet. ROX™ v2.2 User Guide RuggedBackbone™ RX5000...
Page 152: Network Interfaces And Ethernet Bridging
Part II. Network Interfaces and Ethernet Bridging Part II. Network Interfaces and Ethernet Bridging Part II describes network interfaces and the configuration and monitoring of Ethernet bridging on a ROX™- based networking device: Ethernet Ports Chapter 16, Ethernet Ports Ethernet Statistics Chapter 17, Ethernet Statistics IP Statistics Chapter 18, IP Statistics...
Page 153: Ethernet Ports
16. Ethernet Ports 16. Ethernet Ports ROX™ Ethernet port control provides the following features: • Configuring port physical parameters. • Configuring link alarms/traps for the port. • Configuring port rate limiting. • Establishing port mirroring. • Cable diagnostics. • Viewing port status. •...
Page 154: Ethernet Port Configuration
FX links is optional according to the IEEE 802.3 standard, which means that some link partners may not support it. RuggedCom offers an advanced Link-Fault-Indication (LFI) feature for the links where no native link partner notification mechanism is available. With LFI enabled, the device bases generation of a link integrity signal upon its reception of a link signal.
Page 155: Port Parameters
16. Ethernet Ports 16.2.1. Port Parameters Figure 16.3. Switched Ethernet Ports table The Switched Ethernet Ports table shows the Ethernet interfaces. To display the Switched Ethernet Ports table, navigate to interface/switch. Figure 16.4. Switched Ethernet Ports submenu The Switched Ethernet Ports Forms are accessible from submenus of the Ethernet Ports menu. To display the forms, navigate to interface/switch/{line module}.
Page 156: Switched Ethernet Ports Form
16. Ethernet Ports Figure 16.5. Switched Ethernet Ports form Slot Synopsis: string - one of the following keywords { lm6, lm5, lm4, lm3, lm2, lm1, sm } The name of the module location provided on the silkscreen across the top of the device. Port Synopsis: integer The port number as seen on the front plate silkscreen of the switch (or a list of ports, if aggregated...
Page 157: Port Rate Limiting
16. Ethernet Ports Disabling link-alarms will prevent alarms and LinkUp and LinkDown SNMP traps from being sent for that interface. Link alarms may also be controlled for the whole system under admin / alarm-cfg. Switchport Synopsis: boolean Default: true Sets the physical port into either switched mode or a dedicated routing mode. Flow Control Flow control is useful for preventing frame loss during times of severe network traffic Link Fault Indication (LFI) is specifically for FX interfaces.
Page 158: Port Mirroring
16. Ethernet Ports Default: broadcast This parameter specifies the types of frames to rate-limit on this port. It applies only to received frames: • BROADCAST : only broadcast frames will be limited. • MULTICAST : all multicast frames (including broadcast) will be limited. •...
Page 159: Ingress Source Ports Table
16. Ethernet Ports Figure 16.7. Port-Mirroring menu To display the Port-Mirroring menu and Port Mirror form, navigate to switch/port-mirroring. Figure 16.8. Port Mirror form Target Slot Synopsis: string - one of the following keywords { lm6, lm5, lm4, lm3, lm2, lm1, sm } The slot where a monitoring device should be connected.
Page 160: Diagnostics
16. Ethernet Ports Egress Source Slot Synopsis: string - one of the following keywords { lm6, lm5, lm4, lm3, lm2, lm1, sm } The name of the module location provided on the silkscreen across the top of the device. Egress Source Port Synopsis: integer The selected ports on the module installed in the indicated slot.
Page 161: Running Cable Diagnostics
16. Ethernet Ports Figure 16.12, “Cable Diagnostics Results form” displays the current value of diagnostic parameters for the corresponding Ethernet port. This form can be used to set certain cable diagnostic parameters for the port, as indicated below: Running Synopsis: boolean Whether or not a cable test is currently running on this port Good Termination Synopsis: unsigned short integer...
Page 162 16. Ethernet Ports 1. Configure the PUT’s cable diagnostics state to “Stopped”. Diagnostics may be stopped at any point. If a stop is issued in the middle of a diagnostics run, it will nevertheless run to completion and the results will be updated. Both the port under test (PUT) or partner port (PT) can be configured to be either in Enabled mode with auto-negotiation or in Disabled mode.
Page 163: Start Cable Diagnostics Test Form
16. Ethernet Ports Figure 16.13. Start Cable Diagnostics Test form Figure 16.14. Start Cable Test form To clear cable diagnostics, navigate to interfaces/switch/{line module}/diagnostics/clear-cable-stats- port. On the Clear Port Cable Diagnostic Test Results form, click Perform. Figure 16.15. Clear Port Cable Diagnostic Test Results form To clear all test results, rather than results from a single port, navigate to switch/clear-cable-stats-all.
Page 164: Clear All Alarms Menu
16. Ethernet Ports Figure 16.16. Clear All Diagnostics (Switch) menu To clear all cable diagnostic results, click the Perform button on the Clear All Cable Diagnostic Test Results form. Figure 16.17. Clear All Cable Diagnostic Test Results form 16.2.4.2.2. Clearing Ethernet Alarms Figure 16.18.
Page 165: Link Detection Options
16. Ethernet Ports 3. Do not connect the other end of the cable to any link partner. 4. Run cable diagnostics a few times on the port. OPEN fault should be detected. 5. Find the average distance to the OPEN fault recorded in the log and compare it to the known length of the cable.
Page 166: Port Status
16. Ethernet Ports time of up to 2 seconds. Once Port Guard disables FAST LINK DETECTION on a particular port, the user can re-enable FAST LINK DETECTION on the port by clearing the alarm. • ON: In certain special cases, where a prolonged excessive link state changes constitute a legitimate link operation, using this setting can prevent Port Guard from disabling FAST LINK DETECTION on the port in question.
Page 167: Interface Status Table
16. Ethernet Ports Figure 16.23. Interface Status table To display the Interface Status table, navigate to interfaces/switch. Figure 16.24. Interface Status form To display the Interface Status forms, navigate to interfaces/switch/{line module}. Slot Synopsis: string - one of the following keywords { lm6, lm5, lm4, lm3, lm2, lm1, sm } The slot of the module that contains this port.
Page 168: Resetting Ports
16. Ethernet Ports State Synopsis: string - one of the following keywords { lowerLayerDown, notPresent, dormant, unknown, testing, down, up } The port's link status. Media Synopsis: A string The type of port media { 100TX, 10FL, 100FX, 1000X, 1000T, 802.11g, EoVDSL, 100TX }. It provides the user with a description of the installed media type on the port for modular products.
Page 169: Resetting All Switched Ports
16. Ethernet Ports Figure 16.26. Reset Ethernet Port form 16.4.1. Resetting All Switched Ports To reset all switched ports, navigate to switch/reset-all-switched-ports. On the Reset All Switched Ports form, click Perform. Figure 16.27. Reset All Switched Ports menu Figure 16.28. Reset All Switched Ports form 16.5.
Page 170 16. Ethernet Ports Is it possible that the peer also has LFI enabled? If both sides of the link have LFI enabled, then both sides will withhold link signal generation from each other. ROX™ v2.2 User Guide RuggedBackbone™ RX5000...
Page 171: Ethernet Statistics
17. Ethernet Statistics 17. Ethernet Statistics ROX™ provides the following features for gathering and reporting Ethernet statistics: • Viewing basic Ethernet statistics. • Viewing and clearing detailed Ethernet statistics. • Configuring RMON History control. • Viewing collected RMON History samples. •...
Page 172 17. Ethernet Statistics InOctets Synopsis: unsigned integer The number of octets in received good packets. (Unicast+Multicast+Broadcast) and dropped packets. OutOctets Synopsis: unsigned integer The number of octets in transmitted good packets. InPkts Synopsis: unsigned integer The number of received good packets (Unicast+Multicast+Broadcast) and dropped packets. OutPkts Synopsis: unsigned integer The number of transmitted good packets.
Page 173: Rmon Port Statistics Form
17. Ethernet Statistics Figure 17.3. RMON Port Statistics Form InOctets Synopsis: unsigned long integer ROX™ v2.2 User Guide RuggedBackbone™ RX5000...
Page 174 17. Ethernet Statistics The number of octets in received good packets (Unicast+Multicast+Broadcast) and dropped packets. InPkts Synopsis: unsigned long integer The number of received good packets (Unicast+Multicast+Broadcast) and dropped packets. InBcastPkts Synopsis: unsigned long integer The number of good broadcast packets received. InMcastPkts Synopsis: unsigned long integer The number of good multicast packets received.
Page 175 17. Ethernet Statistics 2. The packet has invalid CRC. 3. A Collision Event has not been detected. 4. A Late Collision Event has not been detected. UndersizePkts Synopsis: unsigned long integer The number of received packets which meet all the following conditions: 1.
Page 176: Viewing Non-Switched Ethernet Statistics
17. Ethernet Statistics Pkts128to255Octets Synopsis: unsigned integer The number of received and transmitted packets with a size of 128 to 257 octets. This includes received and transmitted packets as well as dropped and local received packets. This does not include rejected received packets Pkts256to511Octets Synopsis: unsigned integer The number of received and transmitted packets with size of 256 to 511 octets.
Page 177: Routable-Only Ethernet Port Status Form
17. Ethernet Statistics Figure 17.5. Routable-Only Ethernet Port Status Form The Routable-Only Ethernet Port Status, Receive Statistics, and Transmit Statistics forms appear on the same screen as the Statistics menus. The Routable Ethernet Ports form displays the ethernet port configuration and status for a port. Ethernet statistics for the system’s IP interfaces are available on the Receive Statistics and Transmit Statistics forms.
Page 178: Receive Statistics Form
17. Ethernet Statistics Distance, Long Distance or Very Long Distance with connectors like LC, SC, ST, MTRJ etc. For the modules with SFP/GBICs, the media description is displayed per the SFF-8472 specification, if the transceiver is plugged into the module. E.g. 10/100/1000TX RJ45, 100FX SM SC, 10FX MM ST,1000SX SFP LC S SL M5.
Page 179: Clearing Switched Ethernet Port Statistics
17. Ethernet Statistics Figure 17.7. Transmit Statistics Form Bytes Synopsis: unsigned long integer Number of bytes transmitted. Packets Synopsis: unsigned long integer Number of packets transmitted. Errors Synopsis: unsigned integer Number of error packets transmitted. Dropped Synopsis: unsigned integer Number of dropped packets by the transmit device. Collisions Synopsis: unsigned integer Number of collisions detected on the port.
Page 180: Clear Switched Port Statistics Form
17. Ethernet Statistics Figure 17.9. Clear Switched Port Statistics Form This command clears Ethernet ports statistics for one switched port. Ports are cleared by clicking the Perform button on the Clear Switched Port Statistics form. Figure 17.10. Clear All Statistics Menu Figure 17.11.
Page 181: Ip Statistics
18. IP Statistics 18. IP Statistics The forms and tables accessible from the Interfaces IP menu (below) show the status of what has been configured using the forms and tables from the Interface and IP menus. Figure 18.1. Interfaces IP Menu The Interfaces IP menu is accessible from the main menu under interfaces/ip.
Page 182: Receive Statistics Form
18. IP Statistics Is point to point link. Figure 18.4. Receive Statistics Form Bytes Synopsis: unsigned long integer Number of bytes received. Packets Synopsis: unsigned long integer Number of packets received. Errors Synopsis: unsigned integer Number of error packets received. Dropped Synopsis: unsigned integer Number of dropped packets by the receive device.
Page 183 18. IP Statistics Errors Synopsis: unsigned integer Number of error packets transmitted. Dropped Synopsis: unsigned integer Number of dropped packets by the transmit device. Collisions Synopsis: unsigned integer Number of collisions detected on the port. ROX™ v2.2 User Guide RuggedBackbone™ RX5000...
Page 184: Virtual Switch Bridging
19. Virtual Switch Bridging 19. Virtual Switch Bridging 19.1. Overview A virtual switch bridges different network segments in way that is not dependent on a particular protocol. Network traffic between segments is forwarded regardless of the IP and MAC addresses in a packet. In a virtual switch, forwarding is done in Layer 2 and allows all network traffic, including L2 Multicast (GOOSE, ISO), IP Multicast, Unicast, and Broadcast messages, to go through the virtual switch tunnel without any modifications.
Page 185: Sample Use Case
19. Virtual Switch Bridging 19.2. Sample Use Case Figure 19.1. Virtual switch with multiple interfaces To create the configuration shown in this example, follow these steps: 1. Configure the port connected to the senders and receivers as follows: • PVID 20, format as tagged. •...
Page 186: Virtual Switch Configuration And Status
19. Virtual Switch Bridging 19.3. Virtual Switch Configuration and Status Figure 19.2. Adding a Virtual Switch To add a virtual switch, enter Edit Private mode. Add a virtual switch and at least two interfaces. You can also add VLANs. Figure 19.3. Interface Virtualswitch menu The Interface Virtualswitch menu is located at interface/virtualswitch.
Page 187: Virtualswitch Form
19. Virtual Switch Bridging Figure 19.5. Virtualswitch form To display this form, navigate to interface/virtualswitch/{number}. Forward Delay Synopsis: unsigned byte Default: 15 Delay (in seconds) of the listening and learning state before goes to forwarding state. Alias Synopsis: A string The SNMP alias name of the interface IP Address Source Synopsis: string - one of the following keywords { dynamic, static }...
Page 188: Vlan Form
19. Virtual Switch Bridging Figure 19.8. VLAN form To display this form, navigate to interface/virtualswitch/{number}/vlan/{number}. VLAN ID Synopsis: integer VLAN ID for this routable logical interface IP Address Source Synopsis: string - one of the following keywords { dynamic, static } Default: static Whether the IP address is static or dynamically assigned via DHCP or BOOTP.
Page 189: Receive Form
19. Virtual Switch Bridging Synopsis: integer MTU (Maximum Transmission Unit) value on the port. Synopsis: Ethernet MAC address in colon-separated hexadecimal notation The MAC address of the port. Figure 19.12. Receive form Bytes Synopsis: unsigned long integer Number of bytes received. Packets Synopsis: unsigned long integer Number of packets received.
Page 190: Vlan Table
19. Virtual Switch Bridging Packets Synopsis: unsigned long integer Number of packets transmitted. Errors Synopsis: unsigned integer Number of error packets transmitted. Dropped Synopsis: unsigned integer Number of dropped packets by the transmit device. Collisions Synopsis: unsigned integer Number of collisions detected on the port. Figure 19.14.
Page 191: Vlan Transmit Form
19. Virtual Switch Bridging Dropped Into Abyss Synopsis: unsigned integer Number of dropped packets by the receive device. Figure 19.16. VLAN Transmit form Bytes Synopsis: unsigned long integer Number of bytes transmitted. Packets Synopsis: unsigned long integer Number of packets transmitted. Errors Synopsis: unsigned integer Number of error packets transmitted.
Page 192: Link Aggregation
20. Link Aggregation 20. Link Aggregation Link Aggregation aggregates or bundles several Ethernet ports into one logical link, called a port trunk, with higher bandwidth. Link Aggregation is also known as port trunking or port bundling. ROX™ provides the following Link Aggregation features: •...
Page 193: Link Aggregation Limitations
20. Link Aggregation • If one of the aggregated ports joins or leaves a multicast group (for example, via IGMP or GMRP), all other ports in the trunk also join or leave. • Any port configuration parameter changes, such as VLAN or CoS, are automatically applied to all ports in the trunk.
Page 194: Link Aggregation Configuration
20. Link Aggregation If a speed/duplex mismatch is detected, the switch raises an alarm. RSTP dynamically calculates the path cost of the port trunk based on its aggregated bandwidth. However, if the aggregated ports are running at different speeds, the path cost may not be calculated correctly.
Page 195: Entering A Trunk Id
20. Link Aggregation Figure 20.4. Entering a Trunk ID Next, add parameters to the Multicast Filtering, CoS and VLAN forms. ROX™ v2.2 User Guide RuggedBackbone™ RX5000...
Page 196: Entering Parameters For Forms
20. Link Aggregation Figure 20.5. Entering Parameters for Forms Finally, add parameters for the trunk ports. First, click on "trunk-ports" on the menu. Next, click on "Add trunk-ports" on the menu. ROX™ v2.2 User Guide RuggedBackbone™ RX5000...
Page 197: Trunk-Ports Submenu - Adding A Trunk-Port
20. Link Aggregation Figure 20.6. Trunk-Ports Submenu - Adding a Trunk-Port Next, select the trunk slot from the drop-down menu on the Key Settings form. Click on "Add trunk- ports" again to add a second trunk-port. Click Commit. Click Exit Transaction when done. Figure 20.7.
Page 198: Trunk Ports Table
20. Link Aggregation Figure 20.8. Trunk Ports table Figure 20.9. Trunk Ports Table in Edit Private Mode To display the forms and tables below, click on interface/trunks/{number}. Most can also be accessed by clicking on interface/switch/{line module}. Figure 20.10. Key Settings Figure 20.11.
Page 199: Cos Form
20. Link Aggregation GMRP Synopsis: string - one of the following keywords { learn_advertise, advertise_only } GMRP (GARP Multicast Registration Protocol) operation on the port. There are several GMRP operation modes: • DISABLED : the port is not capable of any GMRP processing. •...
Page 200: Trunk Ports Table
20. Link Aggregation programmed to use VLAN 1. If you modify a switch port to use a VLAN other than the management VLAN, devices on that port will not be able to manage the switch. Type synopsis: token - one of { edge, trunk, pvlanedge } default: edge This parameter specifies how the port determines its membership in VLANs.
Page 201: Port Security
21. Port Security 21. Port Security ROX™ Port Security provides the following features: • Authorizing network access using Static MAC Address Table. • Authorizing network access using IEEE 802.1X authentication. • Configuring IEEE 802.1X authentication parameters. • Detecting port security violation attempt and performing appropriate actions. 21.1.
Page 202: X General Topology
21. Port Security Figure 21.1. 802.1X General Topology ROX™ supports the Authenticator component. 802.1X makes use of Extended Authentication Protocol (EAP) which is a generic PPP authentication protocol and supports various authentication methods. 802.1X defines a protocol for communication between the Supplicant and the Authenticator, EAP over LAN (EAPOL). RuggedBackbone™...
Page 203: Port Security Configuration
21. Port Security 21.1.2.1. RADIUS Figure 21.3. Port Security RADIUS Primary form The path to the Port Security RADIUS Primary form is switch/port-security/radius. Figure 21.4. Port Security RADIUS Secondary form The path to the Port Security RADIUS Secondary form is switch/port-security/radius. address Synopsis: IPv4 address in dotted-decimal notation The IPv4 address of the server...
Page 204: Port Security Parameters
21. Port Security Figure 21.5. Port Security menu 21.2.1. Port Security Parameters Figure 21.6. Port Security form Security Mode Synopsis: string - one of the following keywords { dot1x_mac_auth, dot1x, per_macaddress, off } Default: off Enables or disables the security feature for the port. The following port access control types are available: •...
Page 205: Parameters
21. Port Security Shutdown Enable Enables/disables administative shutdown if a security violation occurs. 21.2.2. 802.1X Parameters Figure 21.7. 802.1x Parameters form Transmission Period Synopsis: integer Default: 30 IEEE 802.1X PAE (Port Access Entity) parameters quiet-period Synopsis: integer Default: 60 The period of time not to attempt to acquire a supplicant after the authorization session failed. Reauthorization Enables or disables periodic reauthentication reauth-period...
Page 206 21. Port Security Supplicant Timeout Synopsis: integer Default: 30 The time to wait for the supplicant's response to the authentication server's EAP packet. Server Timeout Synopsis: integer Default: 30 The time to wait for the authentication server's response to the supplicant's EAP packet. Max Requests Synopsis: integer Default: 2...
Page 207: Multicast Filtering
This may introduce significant traffic onto ports that do not require it and receive no benefit from it. RuggedCom products with IGMP Snooping enabled will act on IGMP messages sent from the router and the host, restricting traffic streams to the appropriate LAN segments.
Page 208: Switch Igmp Operation
22. Multicast Filtering Figure 22.1. IGMP Operation Example 1 In this example, the general membership query sent to the C1-C2 segment is answered by a membership report indicating the desire to subscribe to a stream M2. The router will forward the M2 stream onto the C1-C2 segment.
Page 209 22. Multicast Filtering A switch running in passive mode requires the presence of a multicast router or it will not be able to forward multicast streams at all If no multicast routers are present, at least one IGMP Snooping switch must be configured for Active IGMP mode to make IGMP functional.
Page 210: Combined Router And Switch Igmp Operation
22. Multicast Filtering 22.1.3. Combined Router and Switch IGMP Operation This section describes the additional challenges of multiple routers, VLAN support and switching. Producer P1 resides on VLAN 2 while P2 resides on VLAN 3. Consumer C1 resides on both VLANs whereas C2 and C3 reside on VLANs 3 and 2, respectively.
Page 211: Gmrp Example
22. Multicast Filtering membership in multicast groups with other switches on a LAN, and for that information to be disseminated to all switches in the LAN that support Extended Filtering Services. GMRP is an industry-standard protocol first defined in IEEE 802.1D-1998 and extended in IEEE 802.1Q-2005.
Page 212: Example Using Gmrp
22. Multicast Filtering Figure 22.3. Example using GMRP Joining the Multicast Groups: The sequence of events surrounding the establishment of membership for the two Multicast Groups on the example network is as follows: • Host H1 is GMRP unaware but needs to see traffic for Multicast Group 1. Port E2 on Switch E, therefore, is statically configured to forward traffic for Multicast Group 1.
Page 213: Multicast Filtering Configuration And Status
22. Multicast Filtering • Switch B propagates the “join” message, causing Port D1 on Switch D to become a member of Multicast Group 1. Note that ports A1 and C1 also become members. • Host H2 is GMRP-aware and sends a “join” request for Multicast Group 2 to Port C2, which thereby becomes a member of Group 2.
Page 214: Router Ports Table
22. Multicast Filtering Figure 22.5. IGMP Snooping Parameters form The path to the IGMP Snooping forms and the Router Ports table is switch/mcast-filtering/igmp- snooping. IGMP Mode Synopsis: string - one of the following keywords { passive, active } Default: passive Specifies the IGMP mode: •...
Page 215: Configuring Static Multicast Groups
22. Multicast Filtering Port Synopsis: integer The selected ports on the module installed in the indicated slot. 22.3.2. Configuring Static Multicast Groups Figure 22.7. Egress Ports table If data is configured, display the Egress Ports table by navigating to switch/mcast-filtering/static-mcast- table and then clicking on one of the linked submenus.
Page 216: Multicast Group Summary Table
22. Multicast Filtering The Class Of Service that is assigned to the multicast group frames. Figure 22.10. Static Ports table If data is configured, the path to this menu will be switch/mcast-filtering/mcast-group-summary, then clicking on one of the linked submenus and then clicking on static-ports. Figure 22.11.
Page 217: Ip Multicast Groups Table
22. Multicast Filtering The VLAN Identifier of the VLAN upon which the multicast group operates. MAC Address Synopsis: Ethernet MAC address in colon-separated hexadecimal notation The multicast group MAC address. 22.3.2.2. Viewing IP Multicast Groups Figure 22.13. IP Multicast Groups table The IP Multicast Groups table allows you to view IP Multicast Groups.
Page 218: Configuring Gmrp
22. Multicast Filtering The path to this form is switch/mcast-filtering/ip-mcast-groups, then clicking on one of the linked submenus that follow, then on router-ports and then on a linked submenu. All ports that have been manually configured or dynamically discovered (by observing router specific traffic) as ports that link to multicast routers.
Page 219: Gmrp Dynamic Ports Table
22. Multicast Filtering The GMRP Form appears on the same screen as the Multicast Filtering menu. Enabled Synopsis: boolean Default: false GMRP Enable RSTP Flooding Whether or not multicast streams will be flooded out of all RSTP non-edge ports upon detection of a topology change.
Page 220: Troubleshooting
22. Multicast Filtering The Multicast Filtering form can be accessed in two locations: interface/switch and then clicking on a submenu (for example, lm1/1) or interface/trunks and then clicking on a submenu (for example, 1). GMRP Synopsis: string - one of the following keywords { learn_advertise, advertise_only } GMRP (GARP Multicast Registration Protocol) operation on the port.
Page 221 22. Multicast Filtering Ensure that you do not have a situation where different multicast groups have multicast IP addresses that map to the same multicast MAC address. The switch forwarding operation is MAC address-based and will not work properly for several groups mapping to the same MAC address. Problem Five Computers on my switch issue join requests but don’t receive multicast streams from a router.
Page 222: Classes Of Service
23. Classes Of Service 23. Classes Of Service ROX™ CoS provides the following features: • Support for 4 Classes of Service • Ability to prioritize traffic by ingress port. • Ability to prioritize traffic by the priority field in 802.1Q tags. •...
Page 223: Forwarding Phase
23. Classes Of Service Figure 23.1. Determining The CoS Of A Received Frame After inspection, the frame is forwarded to the egress port for transmission. 23.1.2. Forwarding Phase The inspection phase results in the CoS of individual frames being determined. When these frames are forwarded to the egress port, they are collected into one of the priority queues according to the CoS assigned to each frame.
Page 224: Priority To Cos Mapping
23. Classes Of Service The CoS form appears on the same screen as the Class-of-service menu. CoS Weighting Synopsis: string - one of the following keywords { strict, 8421 } Default: 8421 During traffic bursts, frames queued in the switch pending transmission on a port may have different CoS priorities.
Page 225: Dscp To Cos Mapping
23. Classes Of Service 23.2.3. DSCP to CoS Mapping Figure 23.6. TOS DSCP to CoS Mapping table The path to the TOS DSCP table is switch/class-of-service/dcsp-to-cos-mapping. Figure 23.7. TOS DSCP to CoS Mapping form The path to the TOS DSCP to CoS Mapping forms is switch/class-of-service/dscp-to-cos/{number}. TOS DSCP to CoS Mapping maps each Differentiated Services Code Point (DSCP) in the Type-Of- Service (TOS) field in the headers of the received IP packets to the Class of Service switch.
Page 226 23. Classes Of Service The CoS form can be accessed in two locations: interface/switch/{line module}/ or interface/trunks/ {number}. Default Priority Synopsis: integer Default: The priority of frames received on this port that are not prioritized based on the frame's contents (e.g.
Page 227: Mac Address Tables
24. MAC Address Tables 24. MAC Address Tables ROX™ MAC address table management provides following features: • Viewing learned MAC addresses. • Configuring the switch’s MAC Address Aging Time. • Configuring static MAC addresses. • Purging MAC Address entries. The MAC Address Tables (mac-tables) menu is is accessible from the main menu under switch/mac- tables.
Page 228: Mac Tables Form
24. MAC Address Tables The VLAN Identifier of the VLAN upon which the MAC address operates. Slot Synopsis: string - one of the following keywords { lm6, lm5, lm4, lm3, lm2, lm1, sm } The slot containing the module including the port. Port Synopsis: integer The port on which the MAC address has been learned.
Page 229: Key Settings
24. MAC Address Tables 3. Configuring The Static MAC Address Table Static MAC addresses are usually configured when the user wishes to enforce port security (if supported). Static MAC addresses must also be configured for devices that are able to receive but not able to transmit frames.
Page 230: Purge Mac Address Menu
24. MAC Address Tables VLAN ID Synopsis: integer The VLAN Identifier of the VLAN upon which the MAC address operates. learned If set, the system will auto-learn the port upon which the device with this address is located. Slot Synopsis: string - one of the following keywords { lm6, lm5, lm4, lm3, lm2, lm1, sm } The name of the module location provided on the silkscreen across the top of the device.
Page 231: Spanning Tree
• Full bridge and port status displays provide a rich set of tools for performance monitoring and debugging. Historically, a device implementing STP on its ports has been referred to as a bridge. RuggedCom uses the terms "bridge" and "switch" synonymously. • SNMP-manageable including newRoot and topologyChange traps. 25.1. RSTP Operation The 802.1D Spanning Tree Protocol (STP) was developed to enable the construction of robust networks...
Page 232: Rstp States And Roles
25. Spanning Tree A revised and highly optimized RSTP version was defined in the IEEE standard 802.1D-2004 edition. IEEE 802.1D-2004 RSTP reduces network recovery times to just milliseconds and optimizes RSTP operation for various scenarios. ROX™ supports IEEE 802.1D-2004 RSTP. 25.1.1.
Page 233: Bridge And Port Roles
25. Spanning Tree ROX™ introduces two more states - Disabled and Link Down. Introduced purely for purposes of management, these states may be considered subclasses of the RSTP Discarding state. The Disabled state refers to links for which RSTP has been disabled. The Link Down state refers to links for which RSTP is enabled but are currently down.
Page 234: Edge Ports
25. Spanning Tree 25.1.2. Edge Ports A port may be designated an Edge Port if it is directly connected to an end station. As such, it cannot create bridging loops in the network and can thus directly transition to forwarding, skipping the listening and learning stages.
Page 235: Bridge Diameter
There is a relationship between the bridge diameter and the maximum age parameter . To achieve extended ring sizes, RuggedCom eRSTP™ uses an age increment of ¼ of a second. The value of the maximum bridge diameter is thus four times the configured maximum age parameter.
Page 236: Mst Regions And Interoperability
25. Spanning Tree 25.2.1. MST Regions and Interoperability In addition to supporting multiple spanning trees in a network of MSTP-capable bridges, MSTP is capable of interoperating with bridges that support only RSTP or legacy STP, without requiring any special configuration. An MST region may be defined as the set of interconnected bridges whose MST Region Identification is identical.
Page 237: Mstp Bridge And Port Roles
25. Spanning Tree 25.2.2. MSTP Bridge and Port Roles 25.2.2.1. Bridge Roles: CIST Root The CIST Root is the elected root bridge of the CIST (Common and Internal Spanning Tree), which spans all connected STP and RSTP bridges and MSTP regions. CIST Regional Root The root bridge of the IST within an MST region.
Page 238: Benefits Of Mstp
25. Spanning Tree • A CIST Designated Port, CIST Alternate / Backup Port, or Disabled. At the MST region boundary, the MSTI Port Role is the same as the CIST Port Role. A Boundary Port connected to an STP bridge will send only STP BPDUs. One connected to an RSTP bridge need not refrain from sending MSTP BPDUs.
Page 239: Rstp Applications
25. Spanning Tree 1. Configure and enable RSTP (see Section 25.4.1, “Spanning Tree Parameters” Section 25.4.2, “Port RSTP Parameters”). Note that the Max Hops parameter in the Bridge RSTP Parameters menu is the maximum hop count for MSTP. 2. Create the VLANs that will be mapped to MSTIs (see the sections on VLAN Configuration). 3.
Page 240: Example Of A Structured Wiring Configuration
25. Spanning Tree Figure 25.3. Example of a Structured Wiring Configuration Procedure 25.1. Design Considerations for RSTP in Structured Wiring Configurations Select the design parameters for the network. What are the requirements for robustness and network fail-over/recovery times? Are there special requirements for diverse routing to a central host computer? Are there any special port redundancy requirements? Identify required legacy support.
Page 241: Rstp In Ring Backbone Configurations
25. Spanning Tree Identify desired steady state topology. Identify the desired steady state topology taking into account link speeds, offered traffic and QOS. Examine of the effects of breaking selected links, taking into account network loading and the quality of alternate links. Decide upon port cost calculation strategy.
Page 242: Rstp Port Redundancy
25. Spanning Tree Identify edge ports Ports that connect to host computers, IEDs and controllers may be set to edge ports in order to guarantee rapid transitioning to forwarding as well as to reduce the number of topology change notifications in the network. Choose the root bridge.
Page 243: Spanning Tree Parameters
25. Spanning Tree Figure 25.6. Spanning Tree menu 25.4.1. Spanning Tree Parameters The Spanning Tree parameter form at the top-level Spanning Tree menu configures parameters applicable to RSTP and MSTP over the whole bridge. Figure 25.7. Spanning Tree Parameter form Enabled Synopsis: boolean Default: true...
Page 244 25. Spanning Tree STP Protocol Version Synopsis: string - one of the following keywords { mstp, rstp, stp } Default: rstp The version of the Spanning Tree Protocol to support, either only STP or Rapid STP or Multiple STP Hello Time (sec) Synopsis: unsigned integer Default: 2 The time between configuration messages issued by the root bridge.
Page 245: Erstp Form
25. Spanning Tree Default: Variable length text string. You must configure an identical region name on all switches you want to be in the same MST region. Figure 25.8. RSTP Common Instance form Bridge Priority Synopsis: string - one of the following keywords { 61440, 57344, 53248, 49152, 45960, 40960, 36864, 32768, 28672, 24576, 20480, 16384, 12288, 8192, 4096, 0 } Default: 32768 The priority assigned to the RSTP / Common Bridge Instance...
Page 246 (and may be relatively long) for any given mesh topology. This configuration parameter enables RuggedCom's enhancement to RSTP which detects a failure of the root switch and performs some extra RSTP processing steps, significantly reducing the network recovery time and making it deterministic.
Page 247: Port Rstp Parameters
25. Spanning Tree 25.4.2. Port RSTP Parameters Figure 25.10. Interface/switch/{line module}/spanning-tree submenu This submenu is accessible from the main menu under interface/switch/{line module}/spanning-tree. Figure 25.11. Port RSTP Parameter form The Port RSTP Parameter form appears on the same screen as the interface/switch/{line module}/ spanning-tree submenu.
Page 248 25. Spanning Tree Edge ports are ports that do not participate in the Spanning Tree, but still send configuration messages. Edge ports transition directly to frame forwarding without any listening and learning delays. The MAC tables of Edge ports do not need to be flushed when topology changes occur in the STP network.
Page 249: Bridge Msti Parameters
25. Spanning Tree port costs as negotiated (20,000 for 1Gbps, 200,000 for 100 Mbps links and 2,000,000 for 10 Mbps links). For MSTP, this parameter applies to both external and internal path costs. 25.4.3. Bridge MSTI Parameters Figure 25.12. Key Settings form To configure parameters using the Key Settings form and MSTP Instance form, navigate to switch/ spanning-tree/mstp-instance.
Page 250: Mstp Id Table
25. Spanning Tree Figure 25.14. MSTP Instance table After data has been configured, the MSTP Instance table will be displayed at switch/spanning-tree/ mstp-instance. Figure 25.15. MSTP ID table To display the MSTP ID table, navigate to switch/spanning-tree/port-msti-id. MSTP Instance ID Synopsis: integer The MSTP Instance ID.
Page 251: Port Msti Parameters
25. Spanning Tree 25.4.4. Port MSTI Parameters Figure 25.16. MSTI Configuration table To display the MSTI Configuration table, navigate to interface/switch/{line module}/spanning-tree/msti. Figure 25.17. MSTI Configuration form To display the MSTI Configuration form, navigate to interface/switch/{line module}/spanning-tree/msti/ {number}. MSTP ID Synopsis: integer MSTP Instance Identifier MSTP Priority...
Page 252 25. Spanning Tree The cost to use in cost calculations, when the cost style parameter is set to STP in the bridge RSTP parameter configuration. Setting the cost manually provides the ability to preferentially select specific ports to carry traffic over others. Leave this field set to 'auto' to use the standard STP port costs as negotiated (four for 1Gbps, 19 for 100 Mbps links and 100 for 10 Mbps links).
Page 253: Spanning Tree Statistics
25. Spanning Tree 25.5. Spanning Tree Statistics 25.5.1. Bridge RSTP Statistics Figure 25.18. RSTP Status form To display this form, navigate to switch/spanning-tree. Status Synopsis: string - one of the following keywords { none, rootBridge, notDesignatedForAnyLAN, designatedBridge } The spanning tree status of the bridge. The status may be root or designated. This field may show text saying 'not designated for any LAN' if the bridge is not the designated bridge for any of its ports.
Page 254 25. Spanning Tree The bridge identifier of this bridge. Bridge MAC Synopsis: Ethernet MAC address in colon-separated hexadecimal notation The bridge identifier of this bridge. Root Priority Synopsis: integer Ports to which the multicast group traffic is forwarded. Root MAC Synopsis: Ethernet MAC address in colon-separated hexadecimal notation Ports to which the multicast group traffic is forwarded.
Page 255: Port Rstp Statistics
25. Spanning Tree Configured Forward Delay Synopsis: integer The configured Forward Delay time from the Bridge RSTP Parameters menu. Learned Forward Delay Synopsis: integer The actual Forward Delay time provided by the root bridge as learned in configuration messages. This time is used in designated bridges. Configured Max Age Synopsis: integer The configured Maximum Age time from the Bridge RSTP Parameters menu.
Page 256: Rstp Port Statistics Form
25. Spanning Tree Figure 25.20. RSTP Port Statistics form To display these forms, navigate to switch/spanning-tree/port-rstp-stats/{line module}. Slot Synopsis: string - one of the following keywords { lm6, lm5, lm4, lm3, lm2, lm1, sm } Synopsis: string - the keyword { trnk } The slot of the module that contains this port.
Page 257 25. Spanning Tree The role of this port in the spanning tree: • Designated : The port is designated for (i.e. carries traffic towards the root for) the LAN it is connected to. • Root : The single port on the bridge, which provides connectivity towards the root bridge. •...
Page 258: Msti Status
25. Spanning Tree TX Tcns Synopsis: unsigned integer The count of configuration messages transmitted from this port. 25.5.3. MSTI Status Figure 25.21. MSTI Status table To display this table, navigate to switch/spanning-tree/msti-status. Figure 25.22. MSTI Status form To display these forms, navigate to switch/spanning-tree/msti-status/{number}. MSTP Instance ID Synopsis: integer The bridge identifier of this bridge.
Page 259 25. Spanning Tree status Synopsis: string - one of the following keywords { none, rootBridge, notDesignatedForAnyLAN, designatedBridge } The spanning tree status of the bridge. The status may be root or designated. This field may show text saying 'not designated for any LAN' if the bridge is not the designated bridge for any of its ports. Root Priority Synopsis: integer Bridge Identifier of the root bridge.
Page 260: Port Mstp Statistics
25. Spanning Tree 25.5.4. Port MSTP Statistics Figure 25.23. MSTP Port Statistics table The path to the MSTP Port Statistics table is switch/spanning-tree/port-msti-id/{number}/port-msti-stats. Figure 25.24. MSTP Port Statistics form The path to MSTP Port Statistics forms is switch/spanning-tree/port-msti-id/{number}/port-msti-stats/ {line module}. Slot Synopsis: string - one of the following keywords { lm6, lm5, lm4, lm3, lm2, lm1, sm } Synopsis: string - the keyword { trnk }...
Page 261: Clearing Spanning Tree Statistics
25. Spanning Tree • Disabled : STP is disabled on this port. • Link Down : STP is enabled on this port but the link is down. • Discarding : The link is not used in the STP topology but is standing by. •...
Page 262: Troubleshooting
25. Spanning Tree The Spanning-Tree Statistics form clears all spanning tree statistics for ethernet ports. This form is accessible from the clear-stp-stats menu action. The path to this menu action is switch/spanning-tree/ clear-stp-stats. To clear statistics, click the Perform button on the Clear Spanning-Tree Statistics form. Figure 25.26.
Page 263 25. Spanning Tree Another possible explanation is that some links in the network run in half-duplex mode. RSTP uses a peer-to-peer protocol called Proposal-Agreement to ensure transitioning in the event of a link failure. This protocol requires full-duplex operation. When RSTP detects a non-full duplex port, it cannot rely on Proposal-Agreement protocol and must make the port transition the slow (i.e.
Page 264 25. Spanning Tree If the controller fails around the time of a link outage then there is the remote possibility that frame disordering or duplication may be the cause of the problem. Try setting the root port of the failing controller’s bridge to STP.
Page 265: Virtual Lans
26. Virtual LANs 26. Virtual LANs ROX™ provides the following VLAN features: • Support for up to 255 VLANs • Configurable port-native VLAN. • Port modes of operation tailored to edge devices (such as a PC or IED) and to network switch interconnections.
Page 266: Vlan Ingress And Egress Rules
26. Virtual LANs Frames transmitted out of the port on all VLANs other than the port’s native VLAN are always sent tagged. Sometimes it may be desirable to manually restrict the traffic on the trunk to a specified group of VLANs; for example, when the trunk connects to a device, such as a Layer 3 router, that supports a subset of the available VLANs.
Page 267: Gvrp (Garp Vlan Registration Protocol)
26. Virtual LANs operate in a VLAN-aware mode while providing functionality required for almost any network application. However, the IEEE 802.1Q standard defines a set of rules that must be followed by all VLAN-aware switches: • Valid VID range is 1 to 4094 (VID=0 and VID=4095 are invalid). •...
Page 268: Pvlan Edge
26. Virtual LANs Figure 26.1. Using GVRP An example of using GVRP: • Ports A2, and C2 are configured with PVID 7 and port E2 is configured with PVID 20. • End Node D is GVRP aware and is interested in VLAN 20, hence VLAN 20 is advertised by it towards switch D.
Page 269: Vlan Applications
26. Virtual LANs Note that this feature is strictly local to the switch. PVLAN Edge ports are not prevented from communicating with ports off the switch, whether protected (remotely) or not. 26.2. VLAN Applications 26.2.1. Traffic Domain Isolation VLANs are most often used for their ability to restrict traffic flows between groups of devices. Unnecessary broadcast traffic can be restricted to the VLAN that requires it.
Page 270: Vlan Configuration
26. Virtual LANs The number of network hosts may often be reduced. Often, a server is assigned to provide services for independent networks. These hosts may be replaced by a single, multi-homed host supporting each network on its own VLAN. This host can perform routing between VLANs. Figure 26.3.
Page 271: Static Vlans
26. Virtual LANs Figure 26.5. Internal VLAN Range form 26.3.1. Static VLANs If static VLANs have been configured, the Static VLAN table will be displayed under switch/vlans/static- vlan. To display the forms, navigate to switch/vlans/static-vlan/{number}. Figure 26.6. Static VLAN table Figure 26.7.
Page 272: Port Vlan Parameters
26. Virtual LANs If IGMP Snooping is not enabled for the VLAN, both IGMP messages and multicast streams will be forwarded directly to all members of the VLAN. If any one member of the VLAN joins a multicast group then all members of the VLAN will receive the multicast traffic. 26.3.2.
Page 273: Vlan Summary
26. Virtual LANs Format Synopsis: string - one of the following keywords { tagged, untagged } Default: untagged Whether frames transmitted out of the port on its native VLAN (specified by the 'PVID' parameter) will be tagged or untagged. GVRP Mode Synopsis: string - one of the following keywords { learn_advertise, advertise_only } GVRP (Generic VLAN Registration Protocol) operation on the port.
Page 274: Vlan Summary Form
26. Virtual LANs Figure 26.11. VLAN Summary form VLAN ID Synopsis: integer The VLAN Identifier is used to identify the VLAN in tagged Ethernet frames according to IEEE 802.1Q. IGMP Snooping Synopsis: boolean Enables/disables IGMP-Snooping. MSTI Synopsis: integer The assigned MSTP Instance ID. To display the VLAN Summary form, navigate to switch/vlans/vlan-summary/{number}.
Page 275: All Vlans Table
26. Virtual LANs Figure 26.14. Untagged Ports table To display the Tagged Ports table, navigate to switch/vlans/vlan-summary/{number}/untagged-ports. Figure 26.15. Untagged Ports form To display the Tagged Ports form, navigate to switch/vlans/vlan-summary/{number}/untagged-ports/ {line module}. Untagged Slot Synopsis: string - one of the following keywords { lm6, lm5, lm4, lm3, lm2, lm1, sm } The name of the module location provided on the silkscreen across the top of the device.
Page 276: Forbidden Ports
26. Virtual LANs To display the VLANs table, navigate to interface/eth/{line module}/vlan. Figure 26.19. VLANs form To display the VLANs form, navigate to interface/eth/{line module}/vlan/{number}. VLAN ID Synopsis: integer VLAN ID for this routable logical interface IP Address Source Synopsis: string - one of the following keywords { dynamic, static } Default: static Whether the IP address is static or dynamically assigned via DHCP or BOOTP.
Page 277 26. Virtual LANs can use a router. The router will treat each VLAN as a separate interface, which will have its own associated IP address space. ROX™ v2.2 User Guide RuggedBackbone™ RX5000...
Page 278: Network Discovery
27. Network Discovery 27. Network Discovery Figure 27.1. Net-discovery menu The Net-discovery menu is accessible from the main menu under switch. The path to this menu is switch/net-discovery. ROX™ supports LLDP (the Link Layer Discovery Protocol), a Layer 2 protocol for automated network discovery.
Page 279: Lldp Parameters
27. Network Discovery 27.2. LLDP Parameters Figure 27.2. Net-discovery LLDP menu The Net-discovery LLDP menu is accessible from the main menu under switch. The path to this menu is switch/net-discovery/lldp. The LLDP form, LLDP Global Statistics Form and LLDP Local System form appear on the same screen as the menu.
Page 280: Lldp Global Statistics Form
27. Network Discovery The multiplier of the Tx Interval parameter that determines the actual time-to-live (TTL) value used in an LLDPDU. The actual TTL value can be expressed by the following formula: TTL = MIN(65535, (Tx Interval * Tx Hold)) Reinitialization Delay (sec) Synopsis: integer Default: 2...
Page 281: Lldp Local System Form
27. Network Discovery Figure 27.5. LLDP Local System form The LLDP local system form provides access to the local host’s information that is being set to remote LLDP-enabled devices. Local Chassis Subtype Synopsis: string - one of the following keywords { local, interfaceName, networkAddress, macAddress, portComponent, interfaceAlias, chassisComponent } local-chassis-subtype Local Chassis ID...
Page 282: Lldp Port Statistics Table
27. Network Discovery Figure 27.6. LLDP Port Statistics table The LLDP Port Statistics table allows you to view port LLDP statistics The path to the LLDP Port Statistics table is switch/net-discovery/lldp/port-lldp-stats. Figure 27.7. LLDP Port Statistics form The path to the LLDP Port Statistics form is switch/net-discovery/lldp/port-lldp-stats and then clicking on one of the linked submenus (for example, sm/1).
Page 283: Lldp Neighbors Table
27. Network Discovery The port number as seen on the front plate silkscreen of the module. Frames Dropped Synopsis: unsigned integer A counter of all LLDP frames discarded Error Frames Synopsis: unsigned integer A counter of all LLDPDUs received with detectable errors Frames In Synopsis: unsigned integer A counter of all LLDPDUs received...
Page 284: Lldp Submenu
27. Network Discovery Figure 27.9. LLDP Neighbors form The path to the LLDP Neighbors form is switch/net-discovery/lldp/port-lldp-neighbors and then clicking on one of the linked submenus (for example, sm/1). slot Synopsis: string - the keyword { --- } Synopsis: string - one of the following keywords { main, pm2, pm1 } Synopsis: string - one of the following keywords { lm6, lm5, lm4, lm3, lm2, lm1, sm } Synopsis: string - one of the following keywords { em, cm } Synopsis: string - the keyword { trnk }...
Page 285: Lldp Form
27. Network Discovery The LLDP submenu is accessible from the main menu under interface. The path to this menu is interface/switch and then clicking on one of the linked submenus (for example, sm/1). Figure 27.11. LLDP form Admin Status Synopsis: string - one of the following keywords { no-lldp, rx-tx, rx-only, tx-only } Default: rx-tx •...
Page 286: Routing And Security
Part III. Routing and Security Part III. Routing and Security Part III describes routing and network security: Routing Overview Chapter 28, ROX™ Routing Overview Layer 3 Switching Chapter 29, Layer 3 Switching Tunnelling Chapter 30, Tunnelling Dynamic Routing Chapter 31, Dynamic Routing Static Routing Chapter 32, Static Routing Routing Status...
Page 287: Rox™ Routing Overview
28. ROX™ Routing Overview 28. ROX™ Routing Overview This section provides an overview of IP routing in ROX™. This section describes how ROX™ configures physical Ethernet ports, and how ROX™ switches and routes IP packets. 28.1. IP Routing in ROX™ ROX™...
Page 288: Routing Ip Packets
28. ROX™ Routing Overview Continuing with the example above, an IP interface with the name Switch.0100 is created when you create VLAN 100. Providing an IP address to this interface makes the ROX™ system accessible to the devices on VLAN 100. For example, assigning Switch.0100 the IP address 192.168.100.10/24 makes the ROX™...
Page 289: Layer 3 Switching
29. Layer 3 Switching 29. Layer 3 Switching 29.1. Layer 3 Switching Fundamentals 29.1.1. What is a Layer 3 Switch? A switch is an internetwork device that makes frame forwarding decisions in hardware. A Layer 3 switch, sometimes called a multilayer switch, is one which makes hardware-based decisions for IP packets as well as Layer 2 frames.
Page 290: Static Layer 3 Switching Rules
29. Layer 3 Switching 29.1.3. Static Layer 3 Switching Rules When creating a static route through switch management, you can explicitly configure it to be hardware- accelerated. If hardware acceleration is selected, an appropriate Layer 3 switching rule is installed in the ASIC’s TCAM and never ages out.
Page 291: Layer 3 Multicast Switching
29. Layer 3 Switching 29.1.6. Layer 3 Multicast Switching Some RuggedCom Layer 3 Switch models do not have full multicast Layer 3 switching capability and only support multicast cross-VLAN Layer 2 switching. Multicast cross-VLAN Layer 2 switching differs from the normal multicast Layer 3 switching in the following ways: •...
Page 292: Sample Use Case
29. Layer 3 Switching 29.1.9. Sample Use Case Consider the network illustrated below. The switch connecting all of these networks is a RuggedBackbone™ Layer 3 switch. Figure 29.2. Layer 3 Switch Use Case Assume the following: • VLAN 150 and VLAN 250 have approximately 200 devices each. •...
Page 293: Hardware Acceleration Enabled
29. Layer 3 Switching 29.1.9.1. Setting up Unicast Routes Because this use case only requires that the devices to be able to reach two networks, static routes can be used and can be hardware-accelerated. • Create a static route in routing/static/ipv4/route and enter the network 10.200.50.0/24. •...
Page 294 29. Layer 3 Switching • Add egress interface Switch.0300. This configuration creates Layer 3 switching rules which can be verified in switch/layer3-switching/rules- summary. Even if Hw-accelerate is not enabled, Layer 3 switching is still performed, but all switching rules for the multicast streams will have to be auto-learned. 29.1.9.3.
Page 295: Configuring Layer 3 Switching
29. Layer 3 Switching 29.2. Configuring Layer 3 Switching To display the Layer 3 Switching menu, navigate to switch/layer3-switching. Figure 29.5. Layer 3 Switching menu The Layer 3 Switching form on the menu page displays the configured Layer 3 switching settings. Figure 29.6.
Page 296: Configuring Layer 3 Switching Settings
29. Layer 3 Switching 29.2.1. Configuring Layer 3 Switching Settings To configure the Layer 3 switching settings: • In edit mode, navigate to switch/layer3-switching. • On the Layer 3 Switching form, set the Layer 3 switching parameters. • Commit the changes. Figure 29.7.
Page 297: Creating Static Arp Table Entries
29. Layer 3 Switching Default: flow-oriented Defines how dynamically learned traffic flows are identified: • flow-oriented: Traffic flows are identified by a 5-tuple signature: Src IP address Dst IP address Protocol Src TCP/UDP port + Dst TCP/UDP port This mode should be used, if fine-granularity firewall filtering is configured in the device (i.e. some flows between two hosts should be forwarded, while other flows between the same two hosts should be filtered).
Page 298: Viewing Static And Dynamic Arp Table Entries
29. Layer 3 Switching Figure 29.8. ARP Table Configuration form Synopsis: Unicast Ethernet MAC address in colon-separated hexadecimal notation Default: 00:00:00:00:00:00 MAC address of the network device specified by the IP address. VLAN ID Synopsis: integer VLAN Identifier of the VLAN upon which the MAC address operates. status Synopsis: string - one of the following keywords { unresolved, resolved } Default: unresolved...
Page 299: Routing Rules Summary Table
29. Layer 3 Switching Figure 29.10. Routing Rules Summary table To view the details for a routing rule: • Navigate to switch/layer3-switching/routing-rules-summary/{rule id}. • Review the entries on the Routing Rules Summary form. Figure 29.11. Routing Rules Summary form Rule Type Synopsis: string - one of the following keywords { hidden, invalid, unicast, multicast } Identifies the type of the rule: unicast,multicast,invalid In VLAN...
Page 300 29. Layer 3 Switching Synopsis: A string conforming to: "(([0-1]?[0-9]?[0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-1]?[0-9]?[0-9]| 2[0-4][0-9]|25[0-5])/\p{N}+" Synopsis: string - the keyword { any } Identifies the source IP address or subnet. To match the rule, the incoming packet's source IP address must belong to the subnet. destination Synopsis: IPv4 address in dotted-decimal notation Synopsis: A string conforming to: "(([0-1]?[0-9]?[0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-1]?[0-9]?[0-9]|...
Page 301: Flushing Dynamic Hardware Routing Rules
29. Layer 3 Switching 29.2.5. Flushing Dynamic Hardware Routing Rules Flushing dynamic hardware routing rules removed dynamic rules from the Routing Rules Summary table. You can only flush dynamic rules. Static rules, enabled by activating hardware acceleration, never age out. For more information on how to enable hardware acceleration, see Section 29.1, “Layer 3 Switching Fundamentals”...
Page 302: Tunnelling
30. Tunnelling 30. Tunnelling Figure 30.1. Tunnelling menu The tunnelling menu is accessible from the main menu under tunnel. This menu provides access to IPsec, L2TP, L2tunneld and GRE functions. 30.1. IPsec 30.1.1. VPN Fundamentals IPsec (Internet Protocol SECurity) uses strong cryptography to provide both authentication and encryption services.
Page 303: X509 Certificates
30. Tunnelling 30.1.1.2. Policy-Based VPNs RuggedBackbone™ supports the creation of policy-based VPNs, which may be characterized as follows: • IPsec network interfaces are not created. • The routing table is not involved in directing packets to the IPsec later. • Only data traffic matching the tunnel’s local and remote subnets is forwarded to the tunnel. Normal traffic is routed by one set of firewall rules and VPN traffic is routed based on separate rules.
Page 304 30. Tunnelling the two. If both digests match, the integrity of the certificate is verified (it was not tampered with), and the public key in the certificate is assumed to be the valid public key of the connecting host. 30.1.1.6. NAT Traversal Historically, IPSec has presented problems when connections must traverse a firewall providing Network Address Translation (NAT).
Page 305: Ipsec Configuration
30. Tunnelling 30.1.2. IPsec Configuration Figure 30.2. IPsec menu The IPsec menu is accessible from the main menu under tunnel. The path to this menu is tunnel/ipsec. The IPsec form appears on the same screen as the IPsec menu. Figure 30.3. IPsec form The IPsec form is used in configuring IPSec VPN.
Page 306: Show Public Rsa Key Form
30. Tunnelling Facility Synopsis: string - one of the following keywords { local7, local6, local5, local4, local3, local2, local1, local0, uucp, user, syslog, news, mark, mail, lpr, kern, daemon, cron, authpriv, auth } Default: daemon The log facility. Log Level Synopsis: string - one of the following keywords { warnings, notifications, informational, errors, emergencies, debugging, critical, alerts } Default: errors...
Page 307: Install-Certificate Forms
30. Tunnelling Figure 30.6. Install-Certificate forms The path to the Install-Certificates forms is tunnel/ipsec/certificate/install-certificate. To install the certificates, enter the parameters and then click the Perform button. ROX™ v2.2 User Guide RuggedBackbone™ RX5000...
Page 308: Install-Ca-Certificate Forms
30. Tunnelling Figure 30.7. Install-Ca-Certificate forms The path to the Install-Ca-Certificate forms is tunnel/ipsec/certificate/install-ca-certificate. Enter the parameters and then click on the Perform button to install the certificates. ROX™ v2.2 User Guide RuggedBackbone™ RX5000...
Page 309: Install-Crl-File Forms
30. Tunnelling Figure 30.8. Install-Crl-File forms The path to the Install-Crl-File forms is tunnel/ipsec/certificate/install-crl-file. To install the files, enter the parameters and then click the Perform button. Figure 30.9. Show IPsec Running Status form The path to the Show IPsec Running Status form is tunnel/ipsec/status. To display the IPsec status, click the Perform button.
Page 310: Connection Form
30. Tunnelling Figure 30.11. Connection form If data is configured, the path to the Connection form will be tunnel/ipsec/connection/{line module}. The Connection form is used for VPN connection configuration. Connection Name Synopsis: string - the keyword { default } Synopsis: A string conforming to: "[A-Za-z][A-Za-z0-9#%_\-+.,]+" The connection name.
Page 311: Esp Table
30. Tunnelling Figure 30.12. ESP table If data is configured, the path to the ESP table will be tunnel/ipsec/connection/{line module}/esp. Figure 30.13. ESP Key Settings If data is configured, the path to the ESP Key Settings form will be to click on esp/{line module}. ESP pertains to the Phase 2 encryption/authentication algorithm to be used for the connection.
Page 312: Public Ip Address Form
30. Tunnelling Modpgroup. There are right side and left side IPsec forms. The forms for each side are used for IPSec system settings on each side. The forms are the same for both sides, so only the left side forms are shown here. Figure 30.15.
Page 313: Nexthop To Other System Form
30. Tunnelling Figure 30.17. Nexthop To Other System form Type Synopsis: string - one of the following keywords { address, default-route, default } Default: default Type. IP Address Synopsis: IPv4 address in dotted-decimal notation IP address. Figure 30.18. System Identifier form type Synopsis: string - one of the following keywords { hostname, address, from-certificate, none, default }...
Page 314: Network Table
30. Tunnelling Type. Figure 30.20. Network table The Network table displays a list of subnet addresses. If data is configured, the path to the Preshared Key table will be tunnel/ipsec/preshared-key. Figure 30.21. Preshared Key table If data is configured, the path to the Preshared Key form will be tunnel/ipsec/preshared-key/{line module}.
Page 315: L2Tp Tunnelling Configuration
30. Tunnelling 30.2. L2TP Tunnelling Configuration Figure 30.23. L2TP menu The path to the L2TP menu is tunnel/l2tp. The L2TP, DNS Server, PPP Options and WINS server forms appear on the same screen as this menu. Figure 30.24. L2TP form Enable L2TP Enable L2TP.
Page 316: Ppp Options Form
30. Tunnelling Primary Synopsis: IPv4 address in dotted-decimal notation Primary DNS server. Secondary Synopsis: IPv4 address in dotted-decimal notation Secondary DNS server. Figure 30.26. PPP Options form Before enabling the Authorize Locally field on the PPP Options form, you need to add a PPP user name and password under the global/ppp/profiles/dialin menu.
Page 317: Layer 2 Tunnelling
30. Tunnelling Secondary Synopsis: IPv4 address in dotted-decimal notation Secondary WINS server. 30.3. Layer 2 Tunnelling RuggedBackbone™ is capable of extending the range of services that communicate solely via Layer 2 protocols (i.e. at the level of Ethernet) by tunneling them over routed IP networks. The Layer 2 Tunnel Daemon supports the IEC61850 GOOSE protocol as well as a generic mechanism for tunneling by Ethernet type.
Page 318: Generic Layer 2 Tunnel Fundamentals
30. Tunnelling GOOSE Packets received from the network are stripped of their network headers and forwarded to Ethernet ports configured for the same multicast address. The forwarded frames contain the MAC source address or the originating device, and not that of the transmitting interface. The VLAN used will be that programmed locally for the interface and may differ from the original VLAN.
Page 319: Layer 2 Tunnelling Configuration
30. Tunnelling 30.3.3. Layer 2 Tunnelling Configuration Figure 30.28. L2tunneld menu The path to the L2tunneld (Layer 2) menu is tunnel/l2tunneld. The L2 Tunnel Daemon form appears on the same screen as this menu. Figure 30.29. L2 Tunnel Daemon form This form configures general settings for the daemon that apply to all supported tunnel configurations.
Page 320: Generic L2 Tunnel Table
30. Tunnelling 30.3.3.1. Goose The forms and tables in this section are located under tunnel/l2tunneld/goose. Figure 30.30. Goose Tunnel table This table displays configured GOOSE tunnels. Figure 30.31. Goose Tunnel form name Synopsis: A string Description of goose tunnel interface Synopsis: A string The interface to listen on for goose frames multicast-mac...
Page 321: Generic L2 Tunnel Protocol Form
30. Tunnelling Figure 30.34. Generic L2 Tunnel Protocol form name Synopsis: A string Description of goose tunnel ingress-if Synopsis: A string The interface to listen on for Ethernet type frames Figure 30.35. Generic L2 Tunnel Egress Interface table egress-if Synopsis: A string Egress interface for Ethernet type frames Figure 30.36.
Page 322: Goose Tunnel Statistics Form
30. Tunnelling Figure 30.38. Goose Tunnel Statistics form tunnel-name Synopsis: A string Goose Tunnel name ifname Synopsis: A string VLAN Interface name Synopsis: Multicast Ethernet MAC address in colon-separated hexadecimal notation Multicast Destination MAC Address of Goose message rx-frames Synopsis: unsigned integer The number of frames received over the tunnel tx-frames Synopsis: unsigned integer...
Page 323: Connections Statistics Table
30. Tunnelling Figure 30.39. Connections Statistics table remote-ip Synopsis: IPv4 address in dotted-decimal notation IP address of remote goose daemon rx-packets Synopsis: unsigned integer The number of frames received over the tunnel tx-packets Synopsis: unsigned integer The number of frames transmitted over the tunnel rx-bytes Synopsis: unsigned integer The number of bytes received over the tunnel...
Page 324: Generic L2 Tunnel Statistics Table
30. Tunnelling Figure 30.41. Generic L2 Tunnel Statistics table Figure 30.42. Generic L2 Tunnel Statistics form tunnel-name Synopsis: A string Goose Tunnel name ifname Synopsis: A string VLAN Interface name rx-frames Synopsis: unsigned integer The number of frames received over the tunnel tx-frames Synopsis: unsigned integer The number of frames transmitted over the tunnel...
Page 325: Connections Statistics Table
30. Tunnelling Figure 30.43. Connections Statistics table Figure 30.44. Connections Statistics form remote-ip Synopsis: IPv4 address in dotted-decimal notation IP address of remote goose daemon rx-packets Synopsis: unsigned integer The number of frames received over the tunnel tx-packets Synopsis: unsigned integer The number of frames transmitted over the tunnel rx-bytes Synopsis: unsigned integer...
Page 326: Round Trip Time Statistics Table
30. Tunnelling Figure 30.45. Round Trip Time Statistics table The Round Trip Time Statistics table reflects the measured RTT to each remote daemon. The minimum, average, maximum and standard deviation of times is presented. Entries with a large difference between the Transmitted and Received fields indicate potential problems.
Page 327: Generic Routing Encapsulation (Gre)
30. Tunnelling The Standard Deviation 30.4. Generic Routing Encapsulation (GRE) ROX™ is able to encapsulate multicast traffic and IPv6 packets and transport them through an IPv4 network tunnel. A GRE tunnel can transport traffic through any number of intermediate networks. The key parameters for GRE in each router are the tunnel name, local router address, remote router address and remote subnet.
Page 328: Generic Routing Encapsulation Interfaces Table
30. Tunnelling Figure 30.49. Generic Routing Encapsulation Interfaces table The Generic Routing Encapsulation Interfaces table appears on the same screen as the GRE menu. Figure 30.50. Generic Routing Encapsulation Interfaces form The path to the Generic Routing Encapsulation Interfaces form is tunnel/gre and then clicking on one of the linked submenus that follow (for example, gre0).
Page 329 30. Tunnelling cost Synopsis: integer Default: The routing cost associated with networking routing that directs traffic through the tunnel ROX™ v2.2 User Guide RuggedBackbone™ RX5000...
Page 330: Dynamic Routing
31. Dynamic Routing 31. Dynamic Routing 31.1. Introduction This chapter familiarizes the user with: • Enabling the Dynamic Routing Suite • Enabling and starting OSPF, RIP, and BGP • Configuring OSPF, RIP, and BGP • Obtaining OSPF, RIP, and BGP Status •...
Page 331: Key Ospf And Rip Parameters
31. Dynamic Routing The ROX™ OSPF daemon (ospfd) is an RFC 2178 compliant implementation of OSPFv2. The daemon also adheres to the RFC2370 (Opaque LSA) and RFC3509 (ABR-Types) extensions. OSPF network design usually involves partitioning a network into a number of self-contained areas. The areas are chosen to minimize intra-area router traffic, making more manageable and reducing the number of advertised routes.
Page 332: Redistributing Routes
31. Dynamic Routing 31.1.4.3. Hello Interval and Dead Interval The hello interval is the time between transmission of OSPF Hello packets. The dead interval is the time to wait without seeing an OSPF Hello packet before declaring a neighboring router dead and discarding its routes.
Page 333: Ospf And Vrrp Example Network
31. Dynamic Routing 31.1.4.8. OSPF Authentication OSPF authentication is used when it is desirable to prevent unauthorized routers from joining the OSPF network. By enabling authentication and configuring a shared key on all the routers, only routers which have the same authentication key will be able to send and receive advertisements within the OSPF network.
Page 334: Ospf And Vrrp Example
31. Dynamic Routing Figure 31.1. OSPF and VRRP Example 31.1.5.1. Area And Subnets As the OSPF design is simple, an area of 0 is used. The three point-to-point T1/E1 links are placed in the area by adding 1.1.1.0/24 to it. Router 1 and 2 will include their Ethernet links by adding subnet 1.1.2.0/24 to their area descriptions.
Page 335: Bgp Fundamentals
31. Dynamic Routing After the failure all routers still know how to reach the entire network, and the clients on 1.1.2.0/24 can still send on the network using the same gateway address. The clients will see only a MAC address change of the gateway and experience a few seconds of network outage When the link returns, VRRP will switch back to the master, and the routes will return to their normal state.
Page 336: Rip Configuration
31. Dynamic Routing 31.3.1. RIP Configuration The RIP Configuration form and Routing Timers form appear on the same screen as the RIP menu. Figure 31.4. RIP Configuration Form Enable RIP Enables the RIP dynamic routing protocol. Default Information Originate The route element makes a static route only inside RIP. This element should be used only by advanced users who are particularly knowledgeable about the RIP protocol.
Page 337: Routing Timers Form
31. Dynamic Routing Figure 31.5. Routing Timers Form The RIP protocol has several timers. The user can configure those timers’ values by the timers-basic element. The default settings for the timers are as follows: * The update timer is 30 seconds. Every update timer seconds, the RIP process is awakened to send an unsolicited response message containing the complete routing table to all neighboring RIP routers.
Page 338 31. Dynamic Routing Subnet Subnet Address/Prefix Synopsis: IPv4 address and prefix in CIDR notation Network address/prefix. Neighbor Neighbor IP Address Synopsis: IPv4 address in dotted-decimal notation Neighbor IP address. 31.3.1.2. Distance Distance with Matched Subnet Subnet/Prefix Synopsis: IPv4 address and prefix in CIDR notation IP Address/Prefix.
Page 339: Rip Interface Parameters Table
31. Dynamic Routing Accept Lifetime Set the accept lifetime of the key. Time to Start Synopsis: date and time specification The time to start. Expire Time Synopsis: date and time specification Synopsis: string - the keyword { infinite } Expire time. Send Lifetime Set the send lifetime of the key.
Page 340: Rip Interface Parameters Form
31. Dynamic Routing Figure 31.7. RIP Interface Parameters Form To display the RIP Interface Parameters form and the Authentication form, navigate to routing/dynamic/ rip/interface/{interface}. Passive Interface The specified interface is set to passive mode. In passive mode, all received packets are processed normally and ripd sends neither multicast nor unicast RIP packets except to RIP neighbors specified with a neighbor element.
Page 341: Ospf
31. Dynamic Routing String Synopsis: string The authentication string. Split horizon controls whether routes learned through an interface should be allowed to be advertised back out that interface. By default RIP advertises all routes it knows about to everyone, which makes it take a very long time for dropped links to age out of the network. The split horizon prevents advertising those routes back out the same interface which helps to control this problem.
Page 342: Ospf Configuration
31. Dynamic Routing 31.4.1. OSPF Configuration Figure 31.10. OSPF Configuration Form Enable OSPF Enables the OSPF dynamic routing protocol. ABR Type Synopsis: string - one of the following keywords { standard, shortcut, ibm, cisco } Default: cisco The OSPF ABR type. Auto Cost Reference Bandwidth Synopsis: unsigned integer Default: 100...
Page 343: Ospf Area Distance Form
31. Dynamic Routing Distance Synopsis: unsigned integer The administrative distance. Enable Opaque-LSA capability Enables the Opaque-LSA capability (rfc2370). Passive Default Suppresses routing updates on interfaces by default. Refresh Timer Synopsis: unsigned short integer Default: 10 The refresh timer. Router ID Synopsis: IPv4 address in dotted-decimal notation The Router ID for OSPF.
Page 344: Interface Parameters Table
31. Dynamic Routing The OSPF area network/prefix. 31.4.1.2. OSPF Redistribute Redistribute from other Routing Protocols This feature redistributes information from another routing protocol. Redistribute Route From Synopsis: string - one of the following keywords { bgp, rip, connected, static, kernel } Redistributes the route type.
Page 345: Dead Interval Form
31. Dynamic Routing Interface Name Synopsis: string Interface name. Authentication Type Synopsis: string - one of the following keywords { null, message-digest } The authentication type on this interface. Link Cost Synopsis: unsigned integer The link cost. If not set, it cost is based on reference bandwidth. Hello Interval Synopsis: unsigned integer Default: 10...
Page 346: Bgp
31. Dynamic Routing The number of times a hello message can be sent within one second. Configuration Parameters Configuration forms and display tables can be found at routing/dynamic/ospf/interface, then clicking on one of the interface submenus (for example, dummy0) and then clicking on the further set of submenus that follow (authentication-ip, cost-ip, dead-interval-ip, hello-interval-ip, message-digest-key, message- digest-key-ip, retransmit-interval-ip and transmit-delay-ip).
Page 347: Distance Form
31. Dynamic Routing Default Local Preference Synopsis: unsigned integer Default: 100 Default local preference value. Deterministic Med Pick the best-MED path among paths advertised from neighboring AS. Router ID Synopsis: IPv4 address in dotted-decimal notation Router ID. Figure 31.17. Distance Form The path to the Distance form is routing/dynamic/bgp.
Page 348 31. Dynamic Routing The regular expression to match the BGP AS paths. Prefix List Prefix List Synopsis: A string conforming to: "[^\s]+" The name of the prefix list. Description Synopsis: string The description of the prefix list. Prefix List Entry Sequence Number Synopsis: unsigned integer Sequence number of the entry.
Page 349 31. Dynamic Routing On Match Goto Synopsis: unsigned integer Go to this entry on match. Route Map Match AS Path Filter Synopsis: A string conforming to: "[^\s]+" Match the BGP AS path filter. Match Address of Route Prefix List Synopsis: A string conforming to: "[^\s]+" The prefix list name.
Page 350 31. Dynamic Routing AS number. Exclude AS Number Synopsis: unsigned integer AS number. Local Preference Synopsis: unsigned integer Local preference. Metric operation Synopsis: string - one of the following keywords { sub, add, set } Set , add or subtract the metric value. value Synopsis: unsigned integer Value.
Page 351 31. Dynamic Routing 31.5.1.3. Neighbor Neighbors are other BGP routers with which to exchange routing information. One or more neighbors must be specified in order for BGP to operate. If BGP Neighbors are specified but no Networks are specified, then the router will receive BGP routing information from its neighbors but will not advertise any routes to them.
Page 352 31. Dynamic Routing Options value Synopsis: string - one of the following keywords { summary-only, as-set } Aggregate address option. 31.5.1.5. Distance-ip Distance with Matched Subnet Subnet/Prefix Synopsis: IPv4 address and prefix in CIDR notation IP Address/Prefix. Distance Synopsis: unsigned integer Distance value.
Page 353: Static Routing
32. Static Routing 32. Static Routing Figure 32.1. Static Menu The Static menu is accessible from the main menu under routing. The path to this menu is routing/static. Figure 32.2. Static Route table The path to the Static Route table is routing/static/ipv4. Figure 32.3.
Page 354: Static Route Using Interface Table
32. Static Routing The path to the Static Route Using Gateway form is routing/static/ipv4/{route}/via/{address}. Gateway Address Synopsis: IPv4 address in dotted-decimal notation The gateway for the static route. Distance (optional) Synopsis: unsigned integer The distance for the static route. Figure 32.6. Blackhole Static Route form The path to the Blackhole Static Route form is routing/static/ipv4/{route}/blackhole.
Page 355: Routing Status
33. Routing Status 33. Routing Status Figure 33.1. Routing Status Menu The Routing Status menu is accessible under routing/status. 33.1. IPv4 Figure 33.2. IPv4 Kernel Active Routing Table The path to the IPv4 Kernel Active Routing table is routing/status/ipv4routes. It is possible to create a route on a locally connected broadcast network (i.e. without a gateway) without also bringing up a corresponding IP address on that interface.
Page 356: Ipv6
33. Routing Status Metric Synopsis: string The route metric value. 33.2. IPv6 Figure 33.3. IPv6Kernel Active Routing Table The path to the IPv6 Kernel Active Routing table is routing/status/ipv6routes. Subnet Synopsis: string The network/prefix. Gateway Address Synopsis: string The gateway address. Interface Name Synopsis: string The interface name.
Page 357: Core Daemon Memory Statistics Form
33. Routing Status Figure 33.4. Core Daemon Memory Statistics Form Total heap allocated (Byte) Synopsis: unsigned integer The total heap allocated (in bytes). Used ordinary blocks (Byte) Synopsis: unsigned integer The number of used ordinary blocks (in bytes). Free ordinary blocks (Byte) Synopsis: unsigned integer The number of free ordinary blocks (in bytes).
Page 358: Rip
33. Routing Status total Synopsis: unsigned integer The total heap allocated (in bytes). used Synopsis: unsigned integer The number of used ordinary blocks (in bytes). free Synopsis: unsigned integer The number of free ordinary blocks (in bytes). Figure 33.7. OSPF Daemon Memory Statistics Form total Synopsis: unsigned integer The total heap allocated (in bytes).
Page 359: Ospf
33. Routing Status 33.5. OSPF Figure 33.9. OSPF Menu To display the OSPF menu, navigate to routing/status/ospf. Figure 33.10. Network Table To display the Network table, navigate to routing/status/ospf/route/network. Synopsis: string Network Prefix. discard Synopsis: string This entry is discarded entry. inter-area Synopsis: string Is path type inter area.
Page 360: Router Table
33. Routing Status Synopsis: string How to reach this network. Figure 33.12. Router Table To display the Router table, navigate to routing/status/ospf/route/router. Synopsis: string Router ID. Figure 33.13. Area Table To display the Area table, navigate to routing/status/ospf/route/router/{number}/area. Synopsis: string Area ID.
Page 361: Summary Table
33. Routing Status Synopsis: string Link ID. area Synopsis: string Area ID. adv-router Synopsis: string Advertising Router. Synopsis: integer Age. seqnum Synopsis: string Sequence number. Figure 33.15. Summary Table To display the Summary table, navigate to routing/status/ospf/database/summary. Synopsis: string Link ID. area Synopsis: string Area ID.
Page 362: Asbr-Summary Table
33. Routing Status Figure 33.16. ASBR-Summary Table To display the ASBR-Summary table, navigate to routing/status/ospf/asbr-summary. Synopsis: string Link ID. area Synopsis: string Area ID. adv-router Synopsis: string Advertising Router. Synopsis: integer Age. seqnum Synopsis: string Sequence number. Figure 33.17. AS-External Table To display the AS-External table, navigate to routing/status/ospf/database/as-external.
Page 363: Bgp
33. Routing Status External metric type. route Synopsis: string Route. Synopsis: string Route tag. Figure 33.18. Neighbor Table To display the Neighbor table, navigate to routing/status/ospf/neighbor. Synopsis: string Neighbor ID. address Synopsis: string Address. priority Synopsis: integer Priority. state Synopsis: string State.
Page 364: Route Table
33. Routing Status To display the BGP menu, navigate to routing/status/bgp. Figure 33.20. Route Table To display the BGP Route table, navigate to routing/status/bgp/route. network Synopsis: string Network. Figure 33.21. Next Hop Table To display the Next Hop table, navigate to routing/status/bgp/route/{address}/next-hop. address Synopsis: string Next-hop address.
Page 365: Bgp Neighbor Table
33. Routing Status Origin. Figure 33.22. BGP Neighbor Table To display the Neighbor table, navigate to routing/status/bgp/neighbor. Synopsis: string Neighbor address. version Synopsis: integer BGP version. Synopsis: string Remote AS number. msgrcvd Synopsis: integer Number of received BGP messages. msgsent Synopsis: integer Number of sent BGP messages.
Page 366: Multicast Routing
34. Multicast Routing 34. Multicast Routing Figure 34.1. Multicast Routing menu The Multicast Routing menu is accessible from the main menu under routing. The path to this menu is routing/multicast. The user can choose between enabling dynamic multicast routing or static multicast routing by checking off "Enable"...
Page 367: Multicast Groups Configuration Form
34. Multicast Routing Figure 34.5. Multicast Groups Configuration form The path to the Multicast Groups Configuration form is routing/multicast/static/mcast-groups and then clicking on one of the linked submenus. description Synopsis: A string Describes this multicast group source-ip Synopsis: IPv4 address in dotted-decimal notation The expected source IP address of the multicast packet, in the format xxx.xxx.xxx.xxx “U”...
Page 368: Multicast Routing Status Table
34. Multicast Routing The OutInterface is the interface to which the matched multicast packet will be forwarded. Figure 34.7. Multicast Routing Status table The path to the Multicast Routing Status table is routing/multicast/static/status. Figure 34.8. Multicast Routing Status form The path to the Multicast Routing Status form is routing/multicast/static/status and then clicking on one of the linked submenus.
Page 369 34. Multicast Routing entryStatus Synopsis: string The status of the multicast routing entry ROX™ v2.2 User Guide RuggedBackbone™ RX5000...
Page 370: Firewall
35. Firewall 35. Firewall 35.1. Firewall Fundamentals Firewalls are software systems designed to prevent unauthorized access to or from private networks. Firewalls are most often used to prevent unauthorized Internet users from accessing private networks (intranets) connected to the Internet. When the ROX™...
Page 371: Port Forwarding
35. Firewall IP Network/Mask Address Range 192.168.0.0/16 192.168.0.0 - 192.168.255.255 Table 35.1. RFC1918 Reserved IP Address Blocks As a packet from a host on the internal network reaches the NAT gateway, its source address and source TCP/UDP port number are recorded. The address and port number is translated to the public IP address and an unused port number on the public interface.
Page 372: Firewall Terminology And Concepts
35. Firewall 5. If your network interface IP is dynamically assigned, configure masquerading. 6. If your network interface IP is statically assigned, configure Source Network address Translation (SNAT). If a sufficient number of IP addresses are provided by the ISP, static NAT can be employed instead.
Page 373: Hosts
35. Firewall Interface Zone w1ppp Table 35.3. Interfaces 35.3.3. Hosts ROX™ firewall hosts are used to assign zones to individual hosts or subnets, on an interface which handles multiple subnets. This allows the firewall to manage traffic being forwarded back out the interface it arrived on, but destined for another subnet.
Page 374: Masquerading And Snat
35. Firewall 35.3.5. Masquerading and SNAT Masquerading and Source NAT (SNAT) are forms of dynamic NAT. Masquerading substitutes a single IP address for an entire internal network. Use masquerading when your ISP assigns you an IP address dynamically at connection time. SNAT substitutes a single address or range of addresses that have been assigned by your ISP.
Page 375: Rules
35. Firewall 35.3.6. Rules The default policies can completely configure traffic based upon zones. But the default policies cannot take into account criteria such as the type of protocol, IP source/destination addresses and the need to perform special actions such as port forwarding. The firewall rules can accomplish this. The ROX™...
Page 376: Configuring The Firewall And Vpn
35. Firewall 3. This rule forwards http traffic from 204.18.45.0/24 (which was originally directed to the firewall at 130.252.100.69) to the host at 192.168.1.3 in the local zone. If the firewall supports another public IP address (e.g. 130.252.100.70), a similar rule could map requests to another host. 4.
Page 377: Virtual Private Networking To A Dmz
35. Firewall 35.4.2. Virtual Private Networking to a DMZ If the firewall is to pass the VPN traffic through to another device (e.g. a VPN device in a DMZ) then establish a DMZ zone and install the following rules. Action Source-Zone Destination-Zone Protocol...
Page 378: Adding A Firewall
35. Firewall To display the Firewall form, navigate to security/firewall and then click on the submenu representing the configured firewall (for example, firewall1). 35.5.1. Adding a Firewall To add a firewall, enter edit private mode, navigate to /security/firewall/fwconfig, and click <Add fwconfig>.
Page 379: Working With Firewall Configurations
35. Firewall Figure 35.6. Firewall Submenus 35.5.2. Working with Firewall Configurations The ROX™ firewall configuration system allows a network security administrator to work on one or more inactive firewall configurations while another is active and installed on the system. Section 35.5.2.1, “Typical Use Case”...
Page 380: Zone Configuration
35. Firewall validation succeeds. A configuration in progress may be validated in this way at any time without affecting an active firewall configuration. 3. After ‘fw1’ has been verified, it may be made active in the system by setting the active-config variable to the name: ‘fw1’, setting firewall-enable and committing the changes.
Page 381: Interface Configuration
35. Firewall 35.5.4. Interface Configuration Figure 35.10. Main Interface Settings table interface Synopsis: string Currently active or not - add '+' for same interfaces: ppp+ Figure 35.11. Interface Options form Arp Filter Responds only to ARP requests for configured IP addresses routeback Allow traffic on this interface to be routed back out that same interface tcpflags...
Page 382: Host Configuration
35. Firewall routefilter Enables route filtering proxyarp Enables proxy ARP maclist Not currently implemented nosmurfs Packets with broadcast address as source are dropped and logged at info level logmartians Enables logging of packets with impossible source addresses Figure 35.12. Broadcast Address form broadcast-addr (Optional) A broadcast address 35.5.5.
Page 383: Policies
35. Firewall Zone Synopsis: A string A pre-defined zone Interface Synopsis: A string A pre-defined interface to which optional IPs and/or networks can be added IP Address List Synopsis: string (Optional) Additional IP addresses or networks - comma separated Figure 35.15. Host Options form IPsec zone Synopsis: boolean Default: false...
Page 384: Network Address Translation
35. Firewall Default: reject A default action for connection establishment between different zones. Log Level Synopsis: string - one of the following keywords { emergency, alert, critical, error, warning, notice, info, debug, none } Default: none (Optional) Whether or not logging will take place and at which logging level. description Synopsis: string (Optional) The description string for this policy...
Page 385: Ip Masquerading
35. Firewall Figure 35.21. Net Address Translation Main Settings form Nat Entry Name Synopsis: string Enter a name for this NAT entry External IP Address Synopsis: IPv4 address in dotted-decimal notation The external IP Address (must not be a DNS name) Interface Synopsis: A string Interfaces that have the EXTERNAL address...
Page 386: Rules
35. Firewall Figure 35.23. Net Address Translation Main Settings form Masquerading substitutes a single IP address for an entire internal network Masq Entry Name Synopsis: string A name for this masquerading configuration entry Outgoing Interface List Synopsis: string An outgoing interfacelist - usually the internet interface Outgoing Interface Specifics Synopsis: string (Optional) An outgoing interface list - specific destinations IP for the out-interface...
Page 387: Main Rule Settings Form
35. Firewall Figure 35.25. Main Rule Settings form Rules are to establish exceptions to the default policies. This table lists exceptions to the default policies for certain types of traffic, sources or destinations. The chosen action will be applied to packets matching the chosen criteria instead of the default.
Page 388: Source Zone Form
35. Firewall Default: all The protocol to match for this rule. Source Port Synopsis: string Synopsis: string - one of the following keywords { none, Related, Any } Default: none (Optional) The tcp/udp port the connection originated from. Destination Port Synopsis: string Synopsis: string - one of the following keywords { none, Related, Any } Default: none...
Page 389 35. Firewall (Optional) Add comma-separated host IPs to the destination-zone - may include :port for DNAT or REDIRECT ROX™ v2.2 User Guide RuggedBackbone™ RX5000...
Page 390: Traffic Control
36. Traffic Control 36. Traffic Control Traffic Control (TC) is a firewall subsystem managing the amount of bandwidth per network interface that different types of traffic are permitted to use. For a traffic control configuration to work, a firewall must be configured. A ROX™...
Page 391 36. Traffic Control assigned to the packet, and if no class matches the mark, then the packet is assigned to the default class. Marks are assigned to packets either by the TC Rules based on any of a number of parameters, such as IP address, port number, protocol, packet length, and so on.
Page 392: Traffic Control Configuration
36. Traffic Control 36.2. Traffic Control Configuration Figure 36.1. Traffic-Control menu To display the Traffic Control menu, navigate to qos/traffic-control. Figure 36.2. Traffic Control Configuration form The Traffic Control Configuration form appears on the same screen as the Traffic Control menu. Enable configuration Enables/disables traffic control (TC) for the current firewall configuration.
Page 393: Basic Traffic Control Interfaces Table
36. Traffic Control Figure 36.3. Enabling Basic-configuration Mode Procedure 36.1. Configuring Basic-configuration Mode Enter Edit Private mode. Click on qos/traffic-control. On the Traffic Control Configuration form, click Enabled in the Enable configuration field. Select basic in the Basic or Advanced Configuration Modes field. Click Commit.
Page 394: Interface To Apply Traffic Control Form
36. Traffic Control Figure 36.5. Interface to Apply Traffic Control form To display this form, navigate to qos/traffic-control/basic-configuration/tcinterfaces/{interface}. interface Synopsis: string An interface to which traffic shaping will apply Type Synopsis: string - one of the following keywords { none, external, internal } Default: none (optional) 'external' (facing toward the Internet) or 'internal' (facing toward a local network).
Page 395: Basic Traffic Control Priorities Table
36. Traffic Control The outgoing bandwidth for this interface. Specify only the number here. The unit (kbps, mbps) is specified in Out-unit. Unit for egress speed Synopsis: string - one of the following keywords { bps, mbps, mbit, kbps, kbit } Specifies the unit for the outgoing bandwidth Description Synopsis: string...
Page 396 36. Traffic Control To display this form, navigate to qos/traffic-control/basic-configuration/tcpriorities/{priority}. name Synopsis: string A distinct name for this configuration entry band Synopsis: string - one of the following keywords { low, medium, high } Default: medium Priority (band) : high, medium, low... High band includes: Minimize Delay (md) (0x10), md + Minimize Monetary Cost (mmc) (0x12),...
Page 397: Enabling Advanced-Configuration Mode
36. Traffic Control description Synopsis: string (optional) A description for this configuration For basic traffic control configurations, Port, Address and Interface refer to the source of the traffic. 36.2.1.2. Advanced-configuration Mode To configure advanced-configuration mode, follow the procedure below. Figure 36.8. Enabling Advanced-configuration Mode Procedure 36.2.
Page 398: Advanced Traffic Control Classes Table
36. Traffic Control Figure 36.9. Advanced Traffic Control Classes table To display this table, navigate to qos/traffic-control/advanced-configuration/tcclasses. Figure 36.10. TC Classes form To display this form, navigate to qos/traffic-control/advanced-configuration/tcclasses/{class}. Note that each class is associated with exactly one network interface. Exactly one class for each interface must be designated as the default.
Page 399 36. Traffic Control unique integer between 1-255. Each class must have its own unique mark. min-bandwidth Synopsis: string The minimum bandwidth this class should get, when the traffic load rise... This can be either a numeric value or a calculated expression based on the bandwidth of the interface.
Page 400: Options Form
36. Traffic Control description Synopsis: string A description for this configuration item Options Figure 36.11. Options form To display this form, navigate to qos/traffic-control/advanced-configuration/tcclasses/{class}. IP Traffic matching with the ToS options take precedence over the mark rules. tos-minimize-delay Synopsis: boolean Default: false Value/mask encoding: 0x10/0x10 tos-maximize-throughput...
Page 401: Advanced Traffic Control Interfaces Table
36. Traffic Control Value/mask encoding: 0x02/0x02 tos-normal-service Synopsis: boolean Default: false Value/mask encoding: 0x00/0x1e default Synopsis: boolean Default: false One default class per interface must be defined tcp-ack Synopsis: boolean Default: false All tcp ack packets into this class... This option should be specified only once per interface.
Page 402: Tc Devices Form
36. Traffic Control Figure 36.13. TC Devices form The display this form, navigate to qos/traffic-control/advanced-configuration/tcdevices/{interface}. interface Synopsis: string An interface to which traffic shaping will apply inbandwidth Synopsis: unsigned short integer Default: Incoming bandwidth - default: 0 = ignore ingress... Defines the maximum traffic allowed for this interface in total, if the rate is exceeded, the packets are dropped in-unit...
Page 403: Tcrules Menu
36. Traffic Control Figure 36.14. TCrules menu The tcrules menu allows you to add, edit or remove a traffic classification rule. Add a new rule by selecting <Add tcrules>. Remove a tcrule by selecting next to a tcrule and click on an existing tcrule to modify it.
Page 404: Tcrules Form
36. Traffic Control Figure 36.16. TCrules form The display this form, navigate to qos/traffic-control/advanced-configuration/tcrules/{rule}. name Synopsis: string A distinct name for this rule source Synopsis: string IF name, comma-separated list of hosts or IPs, MAC addr, or 'all'... When using MACs, use '~' as prefix and '-' as separator. Ex.: ~00-1a-6b-4a-72-34,~00-1a-6b-4a-71-42 destination Synopsis: string...
Page 405 36. Traffic Control (Optional) Comma- separated list of port names, port numbers or port ranges test Synopsis: string (Optional) Defines a test on the existing packet or connection mark... Default is packet mark. For testing a connection mark, add ':C' at the end of the test value. Ex.: Test if the packet mark is not zero: Test if the connection mark is not zero: !0:C...
Page 406: Set Form
36. Traffic Control Mark-choice Figure 36.17. Set form object Synopsis: string - one of the following keywords { connection, packet } Default: packet Set the mark on either a packets or a connection mark Synopsis: string Mark that corresponds to a class mark (decimal value) mask Synopsis: string (optional) Mask to determine which mark bits will be set...
Page 407: Modify Form
36. Traffic Control Figure 36.18. Modify form logic-op Synopsis: string - one of the following keywords { or, and } Logical operation to perform on the current mark: AND/OR mark-value Synopsis: string Mark to perform the operation with (decimal value) modify-chain Synopsis: string - one of the following keywords { prerouting, postrouting, forward } Default: forward...
Page 408: Continue Form
36. Traffic Control Mask to process the mark with op-chain Synopsis: string - one of the following keywords { prerouting, forward } Default: forward Chain in which the operation will take place Figure 36.21. Continue form continue-chain Synopsis: string - one of the following keywords { prerouting, forward } Default: forward Chain in which the operation will take place Hints on optimizing the TC Rule table...
Page 409: Vrrp
37. VRRP 37. VRRP 37.1. VRRP Fundamentals The Virtual Router Redundancy Protocol (VRRP) eliminates a single point of failure associated with statically routed networks by providing automatic failover using alternate routers. The RuggedBackbone™ VRRP daemon (keepalived) is an RFC 2338 version 2 compliant implementation of VRRP.
Page 410: Vrrp Example
37. VRRP In a similar fashion host 2 can use the VRID 11 gateway address of 1.1.1.252 which will normally be supplied by router 2. Figure 37.1. VRRP Example In this example traffic from host1 will be sent through router 1 and traffic from host2 through router 2. A failure of either router (or its wan link) will be recovered by the other router.
Page 411: Vrrp Configuration
37. VRRP Figure 37.2. VRRP Group Example Other VRRP parameters are the Advertisement Interval and Gratuitous ARP Delay. The advertisement interval is the time between which advertisements are sent. A backup router will assume mastership four advertisement intervals after the master fails, so the minimum fail-over time is four seconds.
Page 412: Virtual Router Redundancy Protocol (Vrrp) Form
37. VRRP Figure 37.4. Virtual Router Redundancy Protocol (VRRP) Form The Virtual Router Redundancy Protocol (VRRP) form appears on the same screen as the VRRP menu. In the Virtual Router Redundancy Protocol (VRRP) form, enable or disable the VRRP service. Enable VRRP Service Enables VRRP Service.
Page 413: Vrrp Instance Form
37. VRRP Figure 37.7. VRRP Instance Form The VRRP Instance Form is used when configuring a VRRP instance. To display this form, navigate to services/vrrp/instance/VRID20. Instance Name Synopsis: string The VRRP instance name. Interface Synopsis: A string The interface that VRRP packets are sent on. Virtual Router ID Synopsis: unsigned byte The Virtual Router ID.
Page 414: Vrrp Status
37. VRRP nopreempt Allows lower priority machine to maintain master role, even when a higher priority machine comes back online. preempt-delay Synopsis: unsigned integer Default: Seconds after startup until preemption. use-virtual-mac Use virtual MAC. Figure 37.8. Monitor Interface Form To display this form, navigate to services/vrrp/instance/VRID20/monitor. An Extra Interface to Monitor causes VRRP to release control of the VRIP if the specified interface stops running.
Page 415 37. VRRP The time of change to the current state. Interface State Synopsis: string The VRRP interface state. Monitored Interface State Synopsis: string Monitors the interface state. ROX™ v2.2 User Guide RuggedBackbone™ RX5000...
Page 416: Link Failover
38. Link Failover 38. Link Failover Link failover provides an easily configured means of raising a backup link upon the failure of a designated main link. The main and backup links can be Ethernet only. Link failover can back up to multiple remote locations, managing multiple main-to-backup link relationships.
Page 417: Configuring The Link Failover Settings
38. Link Failover Figure 38.2. Link Fail Over Information Table To configure link failover, do the following: • set the link failover settings. See Section 38.3.1, “Configuring the Link Failover Settings”. • add a link failover backup interface. See Section 38.3.2, “Setting a Link Failover Backup Interface”.
Page 418: Setting A Link Failover Backup Interface
38. Link Failover ping-timeout Synopsis: integer Default: 2 The time interval, in seconds, before immediately retrying a ping. ping-interval Synopsis: integer Default: 60 The time interval, in seconds, between ping tests. ping-retry Synopsis: integer Default: 3 The number of ping retries before construing a path failure. start-delay Synopsis: integer Default: 180...
Page 419: Setting A Link Failover Ping Target
38. Link Failover Figure 38.4. Backup Settings form priority Synopsis: string - one of the following keywords { first, second, third } Default: first The priority which is applied to the backup interface when switching transfer-default-route Transfer default gateway on switching main and backup interface. The default route on the main interface must have a 'distance' greater than one.
Page 420: Link Backup On Demand
38. Link Failover 38.3.4. Link Backup On Demand Use the On-demand option to keep interfaces down until they are needed by link failover: • When the On-demand option is enabled on an interface, the interface is down by default. The interface is brought up when needed by the link failover function, and is brought down again when no longer needed.
Page 421: Viewing The Link Failover Log
38. Link Failover link-backup-state Synopsis: string The backup link state. backup-interface-in-use Synopsis: string The name of the backup interface that is being used. 38.3.6. Viewing the Link Failover Log The Link Fail Over Logs form displays a log of link failover events. To view the link failover log in normal or edit mode, navigate to /services/link-failover{interface id}/log and click Perform.
Page 422 38. Link Failover Start-test-delay The amount of waiting time (in minutes) before running the test. ROX™ v2.2 User Guide RuggedBackbone™ RX5000...
Page 423: Appendices
Part IV. Appendices Part IV. Appendices Upgrading Software Appendix A, Upgrading Software RADIUS Server Configuration Appendix B, RADIUS Server Configuration Setting Up An Upgrade Server Appendix C, Setting Up An Upgrade Server Adding and Replacing Modules Appendix D, Adding and Replacing Line Modules GNU General Public License Appendix E, GNU General Public License...
Page 424: Upgrading Software
Appendix A. Upgrading Software Appendix A. Upgrading Software To launch a ROX™ operating system software upgrade, follow the procedure outlined below. A.1. Preparing The Software Upgrade The first step in a ROX™ software upgrade is to configure the location of the software upgrade repository and the version of software to which to upgrade.
Page 425: Launching The Upgrade
Appendix A. Upgrading Software Figure A.2. Entry Fields in Upgrade Settings Form After completing the information in the Upgrade Settings form, click the Commit button ( ) at the top of the screen. A dialog box will appear, prompting you to commit your changes. Click the OK button. Figure A.3.
Page 426: Monitoring The Software Upgrade
Appendix A. Upgrading Software Figure A.5. Launch Upgrade The Success! and Upgrade Options messages shown below indicate that the upgrade has been launched. Figure A.6. Upgrade Launched Dialogs Click the Exit Transaction ( ) button at the top of the screen to return to the View mode. A.3.
Page 427: A.8. Upgrade Monitoring Form In Reboot-Pending Stage
Appendix A. Upgrading Software Click on the Software-Upgrade menu to view the Upgrade Monitoring form. The Upgrade Monitoring form shows the real-time progress of the Upgrade procedure. The software upgrade progresses through four phases: • Estimating upgrade size • Copying filesystem •...
Page 428: A.9. Upgrade Monitoring Form Showing Successful Upgrade
Appendix A. Upgrading Software Figure A.9. Upgrade Monitoring Form Showing Successful Upgrade software-partition synopsis: a string of at most 31 characters The current active partition number. The unit has two software partitions: #1 and #2. Upgrades are always performed to the other partition. current-version synopsis: a string of at most 31 characters The current operating software version.
Page 429 Appendix A. Upgrading Software The date and time of completion of the last upgrade attempt. last-upgrade-result synopsis: string - one of { Interrupted, Declined, Not Applicable, Reboot Pending, Unknown, Upgrade Failed, Upgrade Successful } Indicates whether or not the last upgrade completed successfully ROX™...
Page 430: Radius Server Configuration
You must all the following information to the vendor-specific extensions of the chosen RADIUS server: • RuggedCom uses Vendor number 15004. • "RuggedCom-Privilege-level" is attribute 2, of type "string". • "RuggedCom-Privilege-level" must take one of the following three values: • "admin" • "operator"...
Page 431: Setting Up An Upgrade Server
Ensure that the web server publishes these directories. C.3. Upgrading The Repository Releases are obtained from the RuggedCom web site as ZIP files. Download the ZIP file to your regular and/or test release directories and unzip them. You may delete the original ZIP file if desired.
Page 432: Setting Up The Routers
Appendix C. Setting Up An Upgrade Server The ZIP file name will be in the form rrX.Y.Z.zip. The major release number ‘X’ is changed when major new functionality (often hardware related) is offered. The minor release number ‘Y’ is increased when new features are added or serious bugs fixed, and the patch release number ‘Z’...
Page 433: Adding And Replacing Line Modules
Appendix D. Adding and Replacing Line Modules Appendix D. Adding and Replacing Line Modules Procedures for Adding and Replacing Line Modules ROX™ version 2.2 does not support full hot-swap capability of line modules. Please adhere to the following procedures when adding or replacing line modules. D.1.
Page 434: Swapping A Switch Module (Sm) With A Different Type Of Sm
Appendix D. Adding and Replacing Line Modules 5. Under /interface/, interfaces have now been created for the new module; you may proceed with additional configurations. D.5. Swapping a Switch Module (SM) with a Different Type of • Shut down the RuggedBackbone™. •...
Page 435: Gnu General Public License
Appendix E. GNU General Public License Appendix E. GNU General Public License Version 2, June 1991 Copyright © 1989, 1991 Free Software Foundation, Inc. Free Software Foundation, Inc. 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed.
Page 436: Terms And Conditions For Copying, Distribution And Modification
Appendix E. GNU General Public License E.2. TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION E.2.1. Section 0 This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The “Program”, below, refers to any such program or work, and a “work based on the Program”...
Page 437: Section 3
Appendix E. GNU General Public License Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Program.
Page 438: Section 7
Appendix E. GNU General Public License terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License. E.2.8. Section 7 If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of...
Page 439: No Warranty Section 11
Appendix E. GNU General Public License E.2.12. NO WARRANTY Section 11 BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM “AS IS”...
Page 440 Appendix E. GNU General Public License You should also get your employer (if you work as a programmer) or your school, if any, to sign a “copyright disclaimer” for the program, if necessary. Here is a sample; alter the names: Yoyodyne, Inc., hereby disclaims all copyright interest in the program “Gnomovision”...

RuggedCom RuggedBackbone RX5000 User Manual

1 The ROX™ Web Interface

2 System Administration

3 Time Synchronization

4 Basic Network Configuration

5 IP Network Interfaces

6 Alarms

7 Domain Name Search

8 Logging

9 Snmp

10 Authentication

11 Netconf

12 Chassis Management

13 PPP Users

14 DHCP Relay

15 DHCP Server

16 Ethernet Ports

17 Ethernet Statistics

Quick Links

Troubleshooting

Related Manuals for RuggedCom RuggedBackbone RX5000

Summary of Contents for RuggedCom RuggedBackbone RX5000