Page 1 v2.2 Web Interface User Guide For RuggedBackbone™ RX1500 November 24, 2011...
Page 2 We have checked the contents of this manual against the hardware and software described. However, deviations from the description cannot be completely ruled out. RuggedCom shall not be liable for any errors or omissions contained herein or for consequential damages in connection with the furnishing, performance, or use of this material.
Page 3: Table Of Contents
2.8.2. Upgrading Feature Levels in the field ............55 2.8.3. When a File-based featurekey does not Match the Hardware ..... 55 2.8.4. Viewing RuggedCom Serial Numbers ............56 2.8.5. Uploading a Featurekey ................57 2.8.6. Backing Up a Featurekey Using the Web User Interface ......58 2.9.
Page 4 ROX™ 3.2.9. Configuring an NTP Client using Broadcast ..........70 3.2.10. Checking NTP Status ................71 4. Basic Network Configuration ..................72 4.1. IP Interfaces ..................... 72 4.1.1. Configuring an IP Address ..............72 4.1.2. Simple Network Setup with the Default IPv4 Addresses ......73 4.1.3.
Page 5 ROX™ 10.1.3. RADIUS on ROX™ ................118 10.1.4. RADIUS, ROX™, and Services ............118 10.1.5. RADIUS Authentication Configuration ........... 118 11. NETCONF ....................... 121 12. Chassis Management ....................125 12.1. Power Controller .................... 126 12.2. Slot Hardware ....................127 12.3. Slot Identification ................... 128 12.4.
Page 6 ROX™ 19.2. Sample Use Case ..................187 19.3. Virtual Switch Configuration and Status ............188 20. Link Aggregation ...................... 194 20.1. Link Aggregation Operation ................194 20.1.1. Link Aggregation Rules ............... 194 20.1.2. Link Aggregation Limitations ..............195 20.2. Link Aggregation Configuration ............... 196 20.2.1.
Page 7 ROX™ 25.1.1. Router and Host IGMP Operation ............274 25.1.2. Switch IGMP Operation ............... 275 25.1.3. Combined Router and Switch IGMP Operation ........277 25.2. GMRP (GARP Multicast Registration Protocol) ..........277 25.2.1. GMRP Example .................. 278 25.3. Multicast Filtering Configuration and Status ............ 280 25.3.1.
Page 8 ROX™ 29.1.6. Forbidden Ports List ................333 29.1.7. VLAN-aware Mode of Operation ............333 29.1.8. GVRP (GARP VLAN Registration Protocol) ......... 334 29.1.9. PVLAN Edge ..................335 29.2. VLAN Applications ..................336 29.2.1. Traffic Domain Isolation ............... 336 29.2.2. Administrative Convenience ..............336 29.2.3.
Page 9 ROX™ 34.1.1. RIP, OSPF, and BGP ................ 397 34.1.2. RIP Fundamentals ................397 34.1.3. OSPF Fundamentals ................. 397 34.1.4. Key OSPF And RIP Parameters ............398 34.1.5. OSPF And VRRP Example Network ............ 400 34.1.6. BGP Fundamentals ................402 34.2. Dynamic Routing Configuration ..............402 34.3.
Page 10 ROX™ 39.2. Traffic Control Configuration ................459 39.2.1. Traffic Control Modes ................459 40. VRRP ........................476 40.1. VRRP Fundamentals ..................476 40.1.1. The Problem With Static Routing ............476 40.1.2. The VRRP Solution ................476 40.1.3. VRRP Terminology ................476 40.2.
Page 11 ROX™ E.2.11. Section 10 ..................505 E.2.12. NO WARRANTY Section 11 ............... 506 E.2.13. Section 12 ..................506 E.3. How to Apply These Terms to Your New Programs ........... 506 ROX™ v2.2 User Guide RuggedBackbone™ RX1500...
Page 12 ROX™ List of Figures 1.1. The ROX™ Login Form ....................28 1.2. The ROX™ Web Interface ....................28 1.3. Top-level Menu ......................... 30 1.4. Example of Edit Private Mode ................... 32 1.5. Adding Key Information ..................... 33 1.6. Key Information in a Table ....................34 1.7.
Page 13 ROX™ 2.42. Backup Files forms ......................60 2.43. Delete-logs menu ......................61 2.44. Delete Log Files form ...................... 61 2.45. Save-full-configuration menu .................... 61 2.46. Save Full Configuration forms ..................62 2.47. Load-full-configuration menu .................... 62 2.48. Load Full Configuration forms ..................62 3.1.
Page 14 ROX™ 8.1. Logging menu ........................97 8.2. Remote Server table ......................97 8.3. Remote Server form ......................98 8.4. Remote Server Selector table .................... 98 8.5. Selector menu ........................98 8.6. Remote Server Selector form ..................... 99 9.1. Adding an SNMP User ID ....................103 9.2.
Page 15 ROX™ 12.21. Module Database form ....................134 12.22. Configurable Modules table ..................134 12.23. Configurable Modules form ..................134 13.1. PPP menu ........................135 13.2. Dial-in PPP Users table ....................135 13.3. Dial-in Users form ......................136 13.4. Dial-out PPP Users table ....................136 13.5.
Page 16 ROX™ 16.23. Interface Status table ....................169 16.24. Interface Status form ....................169 16.25. Port Security Status form ..................... 170 16.26. Reset Ethernet Port form ..................... 171 16.27. Reset All Switched Ports menu ..................171 16.28. Reset All Switched Ports form ..................171 17.1.
Page 17 ROX™ 21.2. HSPA Cellular Modem Information form ................204 21.3. Edge Cellular Modem Information form ................205 21.4. Global Cellular GSM menu .................... 206 21.5. GSM Cellular Network Configuration form ............... 207 21.6. PPP Configuration form ....................207 21.7. CDMA EVDO Cellular Modem Information form ............... 208 21.8.
Page 18 ROX™ 23.8. Adding a Connection ..................... 242 23.9. Frame Relay Parameter form ..................242 23.10. Connection Frame Relay DLCI table ................243 23.11. Adding an MLPPP Connection ..................244 23.12. Adding IP and Remote Addresses ................245 23.13. HDLC-ETH menu ......................246 23.14.
Page 19 ROX™ 25.12. Multicast Group Summary table ..................283 25.13. IP Multicast Groups table ..................... 284 25.14. IP Multicast Groups form ..................... 284 25.15. Router-Ports table ......................284 25.16. Router-Ports form ......................284 25.17. Joined-Ports table ......................285 25.18. Joined-Ports form ......................285 25.19.
Page 20 ROX™ 29.1. Using GVRP ......................... 335 29.2. Multiple Overlapping VLANs ................... 336 29.3. Inter-VLAN Communications ..................337 29.4. Virtual LANs menu ......................337 29.5. Internal VLAN Range form ..................... 338 29.6. Static VLAN table ......................338 29.7. Static VLAN form ......................338 29.8.
Page 21 ROX™ 33.10. Connection table ......................376 33.11. Connection form ......................377 33.12. ESP table ........................378 33.13. ESP Key Settings ......................378 33.14. IKE table ........................378 33.15. Public IP Address form ....................379 33.16. System Public Key form ....................379 33.17.
Page 22 ROX™ 34.14. Dead Interval Form ...................... 412 34.15. BGP Menu ........................413 34.16. BGP Configuration Form ....................413 34.17. Distance Form ......................414 35.1. Static Menu ........................420 35.2. Static Route table ......................420 35.3. Static Route form ......................420 35.4.
Page 23 ROX™ 38.13. Main Host Settings table ....................449 38.14. Main Host Settings form ....................449 38.15. Host Options form ....................... 450 38.16. Main Policy Settings table .................... 450 38.17. Main Policy Settings form .................... 450 38.18. Destination Zone form ....................451 38.19.
Page 24 ROX™ A.1. The Software Upgrade Menu Interface ................491 A.2. Entry Fields in Upgrade Settings Form ................492 A.3. Pending Commit ......................492 A.4. Commit Succeeded ......................492 A.5. Launch Upgrade ......................493 A.6. Upgrade Launched Dialogs ..................... 493 A.7. Software-Upgrade Menu ....................493 A.8.
Page 25: Preface
This guide describes the web-based user interface for the ROX™ version 2.2 Operating System running on the RuggedBackbone™ RX1500 family of products. Supported Platforms ROX™2.2 is designed to work on RuggedCom's RuggedBackbone™ and RuggedRouter® hardware platforms. This ensures a consistent user experience when migrating from one product model in the family to another.
Page 26: Administration
Part I. Administration Part I. Administration Part I describes the administration of a ROX™-based networking device: The ROX Web Interface Chapter 1, The ROX™ Web Interface System Administration Chapter 2, System Administration Time Synchronization Chapter 3, Time Synchronization Basic Networking Configuration Chapter 4, Basic Network Configuration Advanced Networking Chapter 5, IP Network Interfaces...
Page 27: The Rox™ Web Interface
1. The ROX™ Web Interface 1. The ROX™ Web Interface ROX™ features two primary user interfaces: a web-based interface and a command line interface (CLI). This user guide documents the usage and structure of the web-based user interface. For details of the CLI, please refer to the ROX™...
Page 28: The Structure Of The Web Interface
1. The ROX™ Web Interface Start a web browser session and open a connection to the switch by entering a URL that specifies its IP address (https://192.168.1.2, to continue with the example above). Once the web browser makes contact with the switch, The resulting page should be the login prompt displayed below: Figure 1.1.
Page 29 This icon is usually found on a form where there are parameters to enter. Every web page in the ROX™ user interface has a header, illustrated above, containing: • The ROX™ and RuggedCom logos and a Logout button, which terminates the current web session.
Page 30: Top-Level Menu Categories
1. The ROX™ Web Interface • Tcpdump: a packet analyzer for TCP/IP and other packets • Traceroute: a tool for displaying route or path information and packet transit delays between IPv4 addresses • Traceroute6: a tool for displaying route or path information and packet transit delays between IPv6 addresses •...
Page 31: Making Configuration Changes
1. The ROX™ Web Interface interfaces The interfaces menu displays the status of functions configured via the interface menu. For example, eth functions can be configured using the eth submenu that is accessible from the interface menu. The eth status can be viewed by clicking on the eth submenu of the interfaces menu. switch The switch menu is used for configuring Layer 2 packet switching functions.
Page 32: Example Of Edit Private Mode
1. The ROX™ Web Interface Figure 1.4. Example of Edit Private Mode The example above depicts the process of adding a VLAN ID to an interface. The interface/eth/cm1 menu can be seen to contain: • A configuration entry, followed by a "delete" icon, , which removes the corresponding entry.
Page 33: Configuring Tables Using Key Settings Forms
1. The ROX™ Web Interface Exit Transaction Exit from configuration editing mode. If there are pending changes, a prompt will be presented to verify the discarding of all pending changes. 1.3.1. Configuring Tables Using Key Settings Forms Much of the information in ROX™ is organized into tables. Each table is indexed or sorted by a key, which is a piece of information such as a name, address, or other variable.
Page 34: Key Information In A Table
1. The ROX™ Web Interface Figure 1.6. Key Information in a Table The information entered in the key settings form will now appear in the table. Note that the table appears on the server screen, while the key settings form appears on the address screen, which is a submenu linked to the server screen (see below).
Page 35: Viewing More Information In Tables
1. The ROX™ Web Interface Figure 1.8. Example of Key Settings 2 The submenus that display the key settings forms appear in the far right column of the screen. Sometimes, it will be necessary to traverse several menu screens to get to a key settings form. 1.3.2.
Page 36: First Table Of Information
1. The ROX™ Web Interface Figure 1.9. First Table of Information Figure 1.10. Second Table of Information The second table of information shows the balance of the entries and contains a link back to the previous entries. ROX™ v2.2 User Guide RuggedBackbone™...
Page 37: System Administration
2. System Administration 2. System Administration This chapter describes administration-related functions and the Administration menu. Information on the Administration submenus is found throughout Part 1 of this guide. 2.1. Administration menu Figure 2.1. Administration menu The Administration (Admin) menu is accessible from the main menu. Use this menu to link to submenus related to alarms, DNS, logging, SNMP, authentication, user IDs and passwords, software versions (upgraded) and netconf.
Page 38: Shutdown The Device Menu Action Form
2. System Administration To acknowledge all alarms, click on the acknowledge-all-alarms menu action and then click the Perform button on the Acknowledge All Alarms form. Figure 2.4. Shutdown the Device Menu Action form To shut down the device, click on the shutdown menu action and then click the Perform button on the Shutdown the Device form.
Page 39: Administration Form
2. System Administration Figure 2.8. Restore-factory-defaults Trigger Action form To restore factory defaults to the system, click on the restore-factory-defaults menu action and then click the Perform button on the Restore-factory-defaults Trigger Action form. The Administration, Hostname, Timezone and Current System Time forms are accessible from the Admin menu.
Page 40: Timezone Form
2. System Administration The hostname is the name of the product. (This can be changed, though.) name Synopsis: A string conforming to: "[A-Za-z0-9]([A-Za-z0-9-]*[A-Za-z0-9])*" Default: ruggedcom The hostname is the name of this device. domain Synopsis: Domain name (RFC 1034) Default: localdomain The domain for this hostname.
Page 41: Administrative Access Control
2. System Administration The current local time 2.3. Administrative Access Control The following access control forms are accessible from the Administration menu - by clicking on the main menu under admin. Figure 2.14. CLI Sessions form enabled Synopsis: boolean Default: true Provides the ability to configure CLI features on the device.
Page 42: Idle-Timeout Field
2. System Administration Maximum Number of CLI Sessions Synopsis: unsigned integer Synopsis: - the keyword { unbounded } Default: 10 The maximum number of concurrent CLI sessions Idle Timeout Default: PT30M Maximum idle time before terminating a NETCONF session. If the session is waiting for notifications, or has a pending confirmed commit, the idle timeout is not used.
Page 43: Stfp Sessions Form
2. System Administration Figure 2.17. STFP Sessions form The SFTP Sessions form sets the parameters for Secure File Transfer Protocol (SFTP) sessions. enabled Synopsis: boolean Default: false Enable/Disable the SFTP user interface Listen IP Synopsis: IPv4 address in dotted-decimal notation Synopsis: IPv6 address in colon-separated hexadecimal notation Default: 0.0.0.0 The IP Address the SFTP will listen on for SFTP requests (default 0.0.0.0).
Page 44: Www Interface Sessions
2. System Administration Figure 2.18. WWW Interface Sessions The WWW Interface Sessions form provides control of WWW User Interface settings. enabled Synopsis: boolean Default: true Provides the ability to configure WebUI features on the device. Listen IP Synopsis: IPv4 address in dotted-decimal notation Synopsis: IPv6 address in colon-separated hexadecimal notation Default: 0.0.0.0 The IP Address the CLI will listen on for WebUI requests (default 0.0.0.0).
Page 45: User Accounts
2. System Administration Idle Timeout Default: PT30M Maximum idle time before terminating a WebUI session. If the session is waiting for notifications, or has a pending confirmed commit, the idle timeout is not used. The default value is 0, which means no timeout.
Page 46: Users Form
2. System Administration Figure 2.22. Users form name Synopsis: string User Name password Synopsis: A string User Password role Synopsis: string - one of the following keywords { guest, operator, administrator } Default: guest User Role Figure 2.23. Users Screen in Edit Private View Passwords can be managed, added and deleted while in the Edit Private view.
Page 47: Software Upgrade
2. System Administration 2.5. Software Upgrade ROX™ supports two system partitions. One is always active and the other is inactive. ROX™ always applies software upgrades to the inactive partition, providing the following advantages: 1. The current system is unaffected and can operate normally while the upgrade is in progress 2.
Page 48: Upgrade Monitoring
2. System Administration target-version Figure 2.26. Upgrade Monitoring The Upgrade Monitoring form displays the status of the current upgrade operation. software-partition Synopsis: A string The current active partition number. The unit has two software partitions: #1 and #2. Upgrades are always peformed to the other partition.
Page 49: Launch Upgrade
2. System Administration Phase 3: Package Installation (% complete) Synopsis: integer Phase 3 of the upgrade installs all packages that require an update. This reflects the estimated percent complete. Last Attempt Synopsis: A string The date and time of completion of the last upgrade attempt. Last Result Synopsis: string - one of the following keywords { Interrupted, Declined, Not Applicable, Reboot Pending, Unknown, Upgrade Failed, Upgrade Successful }...
Page 50: Roxflash Cross-Partition Imaging Tool - Software Downgrade
ROX™ software version to the inactive partition. To obtain a flash image, contact your RuggedCom sales representative. Place the flash image in a location on your network accessible to the ROX™. On the ROXflash form, enter the URL for the flash image and flash it to the inactive partition.
Page 51: Roxflash Menu
2. System Administration The ROX-Imaging menu is accessible from the main menu under admin. The ROXflash Monitoring form appears on the same screen as this menu. Figure 2.31. ROXflash Monitoring form This form shows the progress and state of the roxflash operation (during an upgrade or downgrade). ROXflash Phase Synopsis: string - one of the following keywords { Failed, Completed successfully, Unknown state, Imaging partition, Downloading image, Inactive }...
Page 52: Scheduling Jobs
2. System Administration Figure 2.33. ROXFlash forms To perform a ROXFlash operation, enter the URL into the ROXflash form and then click the Perform button. Next, monitor the progress by returning to the ROXflash Monitoring form. 2.7. Scheduling Jobs Use job scheduling to execute CLI (command line interface) commands at a specified time and date or in response to configuration changes.
Page 53: Scheduled-Jobs Table
2. System Administration Figure 2.35. Scheduled-jobs table To add a scheduled job: • Enter edit mode, navigate to admin/scheduler, and click <Add scheduled-jobs>. • On the Key settings form, enter a name for the job and click Add. • On the Scheduled Jobs form, set the job parameters. Figure 2.36.
Page 54 2. System Administration • To specify a range of values, enter the range as comma-separated values. For example, to launch the job every minute between 30 and 45 minutes past the hour, enter 30-45 Hour Synopsis: A string For periodic jobs, sets the hour portion of the job launch time, in the 24-hour clock format. Valid values are in the range of 0 to 23.
Page 55: The Featurekey
If you want the upgraded feature level to be tied to a specific device, contact your RuggedCom sales representative to arrange for an RMA (Return to Manufacturer Authorization) to have the featurekey programmed into the device.
Page 56: Viewing Ruggedcom Serial Numbers
2. System Administration 2.8.4. Viewing RuggedCom Serial Numbers When you order a new featurekey, you need to provide RuggedCom with the chassis serial number. This section describes how to view your device’s serial numbers through the CLI screen in the ROX™...
Page 57: Uploading A Featurekey
2. System Administration 2.8.5. Uploading a Featurekey After receiving your featurekey file from RuggedCom, save the file to a computer that is accessible to your device through your network. 2.8.5.1. Uploading a Featurekey Using the Web User Interface Install Featurekey files using the Install Files forms found under the admin menu.
Page 58: Backing Up A Featurekey Using The Web User Interface
For example: file scp-featurekey-from-url wsmith@10.200.20.39:/files/keys/1_cmRX1K-12-11-0015.key 1_cmRX1K-12-11-0015.key Type the command with your parameters and press Enter. When prompted, type the user’s password and press Enter. The system uploads the featurekey file: ruggedcom# file scp-featurekey-from-url wsmith@10.200.20.39:/files/keys/ 1_cmRX1K-12-11-0015.key 1_cmRX1K-12-11-0015.key wsmith@10.200.20.39's password: 1_cmRX1K-12-11-0015.key 100% 0.2KB/s...
Page 59: Installing And Backing Up Files
2. System Administration Figure 2.39. Backup Files forms For more information on backing up files, see Section 2.9.2, “Backing Up Files”. 2.9. Installing and Backing Up Files You can install and back up files using the following forms found under the admin menu. Figure 2.40.
Page 60: Backing Up Files
2. System Administration Figure 2.41. Install Files forms On the Install Files form, select the file type and enter a URL. On the Install Files To Devices form, click the Perform button. 2.9.2. Backing Up Files To back up a file, click on backup-files. The Backup Files forms appear. Figure 2.42.
Page 61: Deleting Log Files
2. System Administration 2.10. Deleting Log Files Figure 2.43. Delete-logs menu To delete log files, click the Perform button on the Delete Log Files form. This form is accessible at admin/delete-logs. Figure 2.44. Delete Log Files form 2.11. Saving Full Configurations Save full configurations to a file using the forms below.
Page 62: Loading Full Configurations
2. System Administration Figure 2.46. Save Full Configuration forms To save full configurations to a file, select the format and enter the parameters in the Save Full Configuration form, then click the Perform button in the Saving Full Configuration form. 2.12.
Page 63: Time Synchronization
3. Time Synchronization 3. Time Synchronization ROX™ offers the following timekeeping and time synchronization features: • Local hardware timekeeping and time zone management • NTP time synchronization 3.1. NTP Fundamentals NTP (Network Time Protocol) is an Internet protocol used to synchronize the clocks of computers to some time reference.
Page 64: Configuring Time Synchronization
3. Time Synchronization After booting, NTP uses slewing to achieve synchronization by making small and frequent changes to the router hardware clock. If the reference server’s clock differs from the local clock by more than 1000 seconds, the NTP daemon decides that a major problem has occurred and terminates. 3.2.
Page 65: Configuring The Local Time Settings
3. Time Synchronization Figure 3.2. Timezone form • Commit the changes. 3.2.3. Configuring the Local Time Settings On the Local Time Settings form, you enable the local clock and set the NTP stratum level. The path to the Local Time Settings form is /services/time/ntp. To set the local time settings: •...
Page 66: Network Time Protocol (Ntp) Servers Form
3. Time Synchronization • In edit mode, navigate to /services/time/ntp/server and click <Add server>. • On the Key settings form, enter the IP address or hostname for the server and click Add. • On the Network Time Protocol (NTP) Servers form, set the server parameters. •...
Page 67: Adding Server Keys
3. Time Synchronization Prefer Marks this server as preferred. Synopsis: unsigned short integer An authentication key associated with this host. 3.2.5. Adding Server Keys Use server keys to use authentication for NTP communications. NTP authentication authenticates the time source to help prevent tampering with NTP timestamps. When using authentication, both the local and remote servers must share the same key and key identifier.
Page 68: Server Restrictions Key Settings Form
3. Time Synchronization Figure 3.7. Server Restrictions Key settings form Address Synopsis: IPv4 address in dotted-decimal notation Synopsis: IPv6 address in colon-separated hexadecimal notation Synopsis: Domain name (RFC 1034) Synopsis: string - the keyword { default } Address to match. The address can be host or network IP address or a valid host DNS name. Mask Synopsis: IPv4 address in dotted-decimal notation Synopsis: string - the keyword { default }...
Page 69: Configuring An Ntp Server Using Multicast Or Broadcast
3. Time Synchronization • nopeer: denies packets which result in mobilizing a new association. • nomodify: denies ntpq(8) and ntpdc(8) queries attempting to modify the state of the server; queries returning information are permitted. • lowpriotrap: declares traps set by matching hosts to be low priority. •...
Page 70: Configuring An Ntp Client Using Multicast
3. Time Synchronization 3.2.8. Configuring an NTP Client using Multicast Configuring a multicast address for an NTP client enables the client to listen for and receive NTP messages on the multicast address. It is recommended that NTP authentication be used and that a server key be set with the multicast setting.
Page 71: Checking Ntp Status
3. Time Synchronization Enable Broadcast Client The broadcast address on which the NTP client listens for NTP messages. 3.2.10. Checking NTP Status To view the NTP service status: • In normal or edit mode, navigate to /services/time/ntp/ntp-status and click <ntp-status>. •...
Page 72: Basic Network Configuration
4. Basic Network Configuration 4. Basic Network Configuration This chapter discusses the following: • IP Interfaces • Configuring IPv4 and IPv6 Addresses • Simple Network Setups with IPv4 and IPv6 Addresses 4.1. IP Interfaces Figure 4.1. IP menu The IP menu is accessible from the main menu under ip. 4.1.1.
Page 73: Simple Network Setup With The Default Ipv4 Addresses
4. Basic Network Configuration Figure 4.2. Configuring an IP Address Procedure 4.1. Configuring an IP Address Enter Edit Private mode. Navigate to ip/interface/ipv4. To delete an existing IP address, click the delete icon. Click Add address. The Key settings form appears. In the IPaddress field, type the new IP address.
Page 74: Configuring An Ipv6 Address
4. Basic Network Configuration Figure 4.3. Basic Network Setup Using the Default IPv4 Addresses Procedure 4.2. Basic Network Setup Using the Default IPv4 Addresses Connect a user PC to the Fast Ethernet port (fe-cm-1) of the RX1500 and configure the PC to be on the same subnet as the port.
Page 75: Simple Network Setup With Ipv6 Addresses
4. Basic Network Configuration From the WEB UI Navigate to ip/interface/ipv6. Click Add address. The Key settings form appears. In the IPaddress field, type an IPv6 address with a network prefix Click Commit. Click Exit Transaction. To delete an existing IPv6 address, click the delete icon under ip/interface/ipv6. Refer to steps 3 to 7 to configure a new IPv6 address 4.1.4.
Page 76: Routable Interfaces
4. Basic Network Configuration 4.1.5. Routable Interfaces Figure 4.5. Routable Interfaces table The Routable Interfaces table is accessible from the ip menu. Figure 4.6. Routable Interfaces form The path to the Routable Interfaces form is ip/{interface}. Interface Name Synopsis: A string The name for this routable logical interface Auto-Cost Bandwidth (kbps) Synopsis: unsigned long integer...
Page 77: Ip Network Interfaces
5. IP Network Interfaces 5. IP Network Interfaces This chapter familiarizes the user with: • IPv6 Fundamentals and IPv6 Neighbor Discovery • Adding VLAN Interfaces to Switched Ports • Configuring IP Address Source and ProxyARP for Switched and Non-switched Interfaces 5.1.
Page 78: Ipv6 Neighbor Discovery
5. IP Network Interfaces Temporary), then the following 4 bits to define the scope (1 - Node, 2 - Link, 5 - Site, 8 – Organization and E – Global) and the last 112 bits identify a multicast Group ID. Some well-known multicast addresses are mentioned below: IPv6 M.Cast Address Scope...
Page 79: Neighbor Discovery Form
5. IP Network Interfaces Figure 5.1. Neighbor Discovery form The path to the Neighbor Discovery form is ip/{interface}/ipv6/nd. Enable Route Advertisement Enable to send router advertisement messages. Set Advertisement Interval Option Includes an Advertisement Interval option which indicates to hosts the maximum time in milliseconds, between successive unsolicited router advertisements.
Page 80: Neighbor Discovery Ipv6 Prefix
5. IP Network Interfaces Set Other Statefull Configuration Flag The flag in IPv6 router advertisements, which indicates to hosts that they should use the administered (stateful) protocol to obtain autoconfiguration information other than addresses. Router Lifetime Synopsis: unsigned integer Default: 1800 The value (in seconds) to be placed in the Router Lifetime field of router advertisements sent from the interface.
Page 81: Adding Interfaces To Switched Ports
5. IP Network Interfaces The length of time in seconds during which addresses generated from the prefix remain preferred. The default value is 604800. Off Link Indicates that advertisement makes no statement about on-link or off-link properties of the prefix. No Autoconfig Indicates to hosts on the local link that the specified prefix cannot be used for IPv6 autoconfiguration.
Page 82: Explicitly Adding A Vlan Interface To A Switched Port
5. IP Network Interfaces Figure 5.4. Explicitly Adding a VLAN Interface to a Switched Port Procedure 5.1. Explicitly Adding a VLAN Interface at switch/vlans/static-vlan Go into Edit Private mode. Navigate to switch/vlans/static-vlan. Click on Add static-vlan. The Key settings form appears. In the VLAN ID field, enter a number from 1 to 4094 (for example, 2).
Page 83: All-Vlans
5. IP Network Interfaces In the Trunk ID field, type a number between 1 and 15. Click Add. The Trunks forms appear. On the VLAN form, type a PVID number into the PVID field. Click Commit. Click Exit Transaction. Procedure 5.4. Implicitly Adding a VLAN Interface at switch/mac-tables/static-mac-table Go into Edit Private mode.
Page 84: All Vlans Table
5. IP Network Interfaces Figure 5.5. All VLANs table 5.3.1.1. Configuring IP Address Source and ProxyARP for VLAN Interfaces The All VLANs Properties form can be used to configure ProxyARP and dynamic address source by following the procedures below. Figure 5.6. All VLANs Properties form Procedure 5.6.
Page 85: Non-Switched Interface Menu
5. IP Network Interfaces 5.4. Non-switched Interface Menu Figure 5.7. Non-switched Interface menu The Non-switched (or Route-only) Interface menu is accessible from the main menu. Figure 5.8. Routable Ethernet Ports table The path to the Routable Ethernet Ports table is interface/eth. Figure 5.9.
Page 86 5. IP Network Interfaces Synopsis: string - one of the following keywords { lm6, lm5, lm4, lm3, lm2, lm1, sm } The name of the module location provided on the silkscreen across the top of the device. Port Synopsis: integer The port number as seen on the front plate silkscreen of the switch (or a list of ports, if aggregated in a port trunk).
Page 87: Configuring Ip Address Source And Proxyarp For Non-Switched Interfaces
5. IP Network Interfaces 5.4.1. Configuring IP Address Source and ProxyARP for Non-switched Interfaces IP addresses on routable ports are static by default. To change the IP address of the port to dynamic, follow the procedure below. ProxyARP can also be enabled using this form. Figure 5.10.
Page 88 5. IP Network Interfaces Click Commit. Click Exit Transaction. To set ProxyARP for a static or dynamic interface, follow the procedure below. Procedure 5.9. Setting ProxyARP Go into Edit Private mode. Go to interface/eth/(port}. The Routable Ethernet Ports form appears. In the ProxyARP field, click Enabled.
Page 89: Alarms
6. Alarms 6. Alarms 6.1. Introduction The ROXII alarm system is a highly configurable notification system of events of interest. Asserted alarms in the system may be viewed in a table in the CLI, web user interface, as well as queried by NETCONF.
Page 90: Alarm Configuration
6. Alarms 2. Clearable alarms - these alarms simply report an event of interest that has no resolution per se. An example of this would be a 'configuration changed' alarm. These alarms are clearable by the user and are never cleared by the system. Alarms may be cleared and acknowledged both on an individual basis and globally (i.e.
Page 91: Active Alarms Form
6. Alarms Figure 6.4. Active Alarms form subsystem Synopsis: string - one of the following keywords { wan, switch, chassis, admin } Alarms are categorized by the subsystem to which they belong e.g.: Admin, Chassis, Ethernet, WAN. Alarm ID Synopsis: integer Alarm Type Identifier.
Page 92: Acknowledge Alarm Menu Action Form
6. Alarms Indicates which actuator(s) this alarm currently asserts. 'ACKED' indicates the alarm was acknowledged so actuators are de-asserted. Individual alarms can be cleared or acknowledged on the Clear Alarm Menu Action form or the Acknowledge Alarm Menu Action form. To clear or acknowledge an alarm, select admin/alarms/{alarms submenu} and then select the Clear action or the Acknowledge action.
Page 93: Administrative Alarm Configuration
6. Alarms 6.2.1. Administrative Alarm Configuration Figure 6.9. Admin Alarm Configuration table The path to the Admin Alarm Configuration table is admin/alarm-config/admin. Figure 6.10. Admin Alarm Configuration form The path to the Admin Alarm Configuration form is admin/alarm-config/admin/{alarm id}. Synopsis: integer This is the ID number of the alarm assigned by the system.
Page 94: Chassis Alarm Configuration
6. Alarms 6.2.2. Chassis Alarm Configuration Figure 6.11. Chassis Alarm Configuration table The path to the Chassis Alarm Configuration form is admin/alarm-config/chassis. Figure 6.12. Chassis Alarm Configuration form The path to the Chassis Alarm Configuration form is admin/alarm-config/chassis/{alarm id). Synopsis: integer This is the ID number of the alarm assigned by the system.
Page 95: Switch Alarm Configuration
6. Alarms 6.2.3. Switch Alarm Configuration Figure 6.13. Switch Alarm Configuration table The path to the Switch Alarm Configuration form is admin/alarm-config/switch. Figure 6.14. Switch Alarm Configuration form The path to the Switch Alarm Configuration form is admin/alarm-config/switch/{alarm id). Synopsis: integer This is the ID number of the alarm assigned by the system.
Page 96: Domain Name Search
7. Domain Name Search 7. Domain Name Search 7.1. Domain Name Lookup The DNS (Domain Name Service) menu is accessible from the main menu under admin. The path to this menu is admin/dns. Figure 7.1. DNS menu Figure 7.2. Domain Name Searches form The path to the Domain Name Searches form is admin/dns/search.
Page 97: Logging
8. Logging 8. Logging The syslog provides users with the ability to configure local and remote syslog connections. The remote syslog protocol, defined in RFC 3164, is a UDP/IP-based transport that enables a device to send event notification messages across IP networks to event message collectors, also known as syslog servers. The protocol is simply designed to transport these event messages from the generating device to the collector.
Page 98: Remote Server Selector Table
8. Logging Figure 8.3. Remote Server form If data is configured, there will be a list of logging servers under admin/logging/server. Clicking on each server will allow you to access the settings and Remote Server forms. Server IP Address Synopsis: IPv4 address in dotted-decimal notation Synopsis: IPv6 address in colon-separated hexadecimal notation Synopsis: Domain name (RFC 1034) The IPv4 or IPv6 address of a logging server.
Page 99: Remote Server Selector Form
8. Logging Figure 8.6. Remote Server Selector form name Synopsis: integer The log selector identifier. Enter an integer greater than 0; up to 8 selectors can be added. The log selector determines which subsystem messages are included in the log. negate Excludes messages defined in the Remote Server Selector fields from the log.
Page 100: Deleting Logs
8. Logging facility-list Synopsis: string - one of the following keywords { all, local7, local6, local5, local4, local3, local2, local1, local0, uucp, user, syslog, security, news, mail, lpr, kern, ftp, daemon, cron, authpriv, auth } Synopsis: "facility-list" occurs in an array of at most 8 elements. The subsystems generating log messages.
Page 101: Snmp
9. SNMP 9. SNMP The SNMP (the Simple Network Management Protocol) protocol is used by network management systems and the devices they manage. SNMP is used to manage items on the device to be managed, as well as by the device itself, to report alarm conditions and other events. The first version of SNMP, V1, provides the ability to send a notification of an event via "traps".
Page 102 The main subtree for RuggedCom configuration change trap. trapFanBankTrap The main subtree for RuggedCom fan bank trap. trapHotswapModuleStateChangeTrap The main subtree for RuggedCom fan hotswap module state change trap. Table 9.1. SNMP Traps ROX™ v2.2 User Guide RuggedBackbone™ RX1500...
Page 103: Snmp Access Configuration
9. SNMP 9.2. SNMP Access Configuration To configure SNMP access to ROX™, follow the procedures outlined in the example below. 9.2.1. Add an SNMP User ID Figure 9.1. Adding an SNMP User ID Procedure 9.1. Adding an SNMP User ID Navigate to admin/user.
Page 104: Create An Snmp Community
9. SNMP 9.2.2. Create an SNMP Community Figure 9.2. Creating an SNMP Community Procedure 9.2. Creating an SNMP Community Navigate to admin/snmp/snmp-community. Click on <Add snmp-community>. The Key settings form appears. In the Community Name field, enter snmpv2_user and click Add. The SNMPv1/v2c Community Configuration form appears.
Page 105: Map The Community To A Security Group
9. SNMP 9.2.3. Map the Community to a Security Group Figure 9.3. Mapping the Community to a Security Group Procedure 9.3. Mapping the Community to a Security Group Navigate to admin/snmp/security-to-group. Click on <Add snmp-security-to-group>. The Key settings form appears. In the Security Model field, select v2c.
Page 106: Snmp Sessions Form
9. SNMP The SNMP menu is located at admin/snmp. The SNMP Sessions form and the SNMP USM Statistics form appear on the same screen as the SNMP menu. Figure 9.5. SNMP Sessions form Enable Synopsis: boolean Default: false Provides the ability to configure snmp features on the device. Listen IP Synopsis: IPv4 address in dotted-decimal notation Synopsis: IPv6 address in colon-separated hexadecimal notation...
Page 107 9. SNMP The SNMP agent will also listen on these IP Addresses:Port values. Add ':#' to set non-default port value #. (ie. xxx.xxx.xxx.xxx:19343 [::] [::]:16000) Maximum Number of SNMP Sessions Synopsis: unsigned integer Synopsis: - the keyword { unbounded } Default: 30 The maximum number of concurrent SNMP sessions SNMP Local Engine ID...
Page 108: Snmp Usm Statistics Form
9. SNMP Figure 9.6. SNMP USM Statistics form This table provides statistics for SNMP authentication requests Unsupported Security Levels Synopsis: unsigned integer The total number of packets received by the SNMP engine which were dropped because they requested a securityLevel that was unknown to the SNMP engine or otherwise unavailable. Not In Time Windows Synopsis: unsigned integer The total number of packets received by the SNMP engine which were dropped because they...
Page 109: Snmp Discovery
9. SNMP 9.4. SNMP Discovery Figure 9.7. SNMP-Discover action The path to this menu action is admin/snmp/snmp-discover. Figure 9.8. SNMP Engine ID Discover forms To discover SNMP Engine IDs, use the SNMP Engine ID Discover and Trigger Action forms. On the SNMP Engine ID Discover form, enter parameters in the fields.
Page 110: Snmp Target Addresses
9. SNMP The SNMP community security name Figure 9.10. SNMPv1/v2c Community Configuration form The path to the SNMP Community Configuration form is admin/snmp/snmp-community/{private} or {public}. 9.6. SNMP Target Addresses Figure 9.11. SNMP Target Configuration table The path to the SNMP Target Configuration table is admin/snmp/snmp-target-address. ROX™...
Page 111: Snmpv3 Target Configuration Form
9. SNMP Figure 9.12. SNMPv3 Target Configuration form To display the SNMP Target Configuration form, navigate to admin/snmp/snmp-target-address/ {address}. Target Name A descriptive name for the target (ie. 'Corportate NMS') enabled Synopsis: boolean Default: true Enables/disables this specific target Target Address Synopsis: IPv4 address in dotted-decimal notation Synopsis: IPv6 address in colon-separated hexadecimal notation IPv4 or IPv6 address for the remote target.
Page 112: Snmp Users
9. SNMP UDP Port for the remote target to receive traps on(default 162). Security Model Synopsis: string - one of the following keywords { v3, v2c, v1 } Default: v2c The SNMP security model to use: SNMPv1, SNMPv2c, or USM/SNMPv3 User Name Synopsis: string The user name to be used in communications with this target.
Page 113: Snmp User Configuration Form
9. SNMP Figure 9.14. User Configuration Key Settings form Figure 9.15. SNMP User Configuration form The path to the Key Settings form and the SNMP User Configuration form is admin/snmp/snmp-user/ {user}. User SNMP Engine ID The administratively-unique identifier for the SNMP engine; a value in the format nn:nn:nn:nn:nn:...:nn, where nn is a 2-digit hexadecimal number.
Page 114: Snmp Security To Group Maps
9. SNMP 9.8. SNMP Security to Group Maps Entries in this table map the configuration of the security model and security name (user) into a group name, which is used to define an access control policy. Up to 32 entries can be configured. Figure 9.16.
Page 115: Snmp Group Access Configuration Table
9. SNMP Figure 9.19. SNMP Group Access Configuration table The path to this table is admin/snmp/admin/snmp/snmp-access. Figure 9.20. Key Settings form Figure 9.21. SNMP Group Access Configuration form The path to this form is admin/snmp/snmp-access/{access group}. Group The SNMP group name. Security Model Synopsis: string - one of the following keywords { v3, v2c, v1, any } The SNMP security model to use: SNMPv1, SNMPv2c, or USM/SNMPv3...
Page 116 9. SNMP Write View Name Synopsis: string - one of the following keywords { all-of-mib, restricted, v1-mib, no-view } Default: all-of-mib The name of the write view to which the SNMP group has access: all-of-mib, restricted, v1-mib, or no-view. Notify View Name Synopsis: string - one of the following keywords { all-of-mib, restricted, v1-mib, no-view } Default: all-of-mib The name of the notification view to which the SNMP group has access: all-of-mib, restricted, v1-...
Page 117: Authentication
10. Authentication 10. Authentication The Authentication menu is accessible from the main menu under admin. The path to this menu is admin/authentication. Figure 10.1. Authentication menu The Authentication menu is accessible from the main menu under admin. The path to this menu is admin/authentication.
Page 118: Radius On Rox
10. Authentication both the NAS and the RADIUS server, transactions are encrypted and authenticated through the use of a shared secret, which is never sent in the clear. Some administrators set the passwords of existing ROX™ accounts uniquely for each router, and then employ a common password per account for all routers served by RADIUS.
Page 119: Primary Radius Server Form
10. Authentication Figure 10.2. Primary RADIUS Server form The Primary and Secondary RADIUS Server forms are accessible from the radius menu, which is a sub menu of the authentication menu. The path to this menu is admin/authentication/radius. These forms are also accessible from global/ppp/radius. address Synopsis: IPv4 address in dotted-decimal notation The IPv4 address of the server...
Page 120 10. Authentication password Synopsis: "AES CFB128"-encrypted string The password of the RADIUS server For more information on 802.1x Authentication, please see Chapter 24, Port Security. For additional information on RADIUS server configuration, please see Appendix B, RADIUS Server Configuration. ROX™ v2.2 User Guide RuggedBackbone™...
Page 121: Netconf
11. NETCONF 11. NETCONF Figure 11.1. NETCONF menu The NETCONF menu is accessible from the main menu under admin. The path to this menu is admin/ netconf. Figure 11.2. NETCONF Sessions form The path to the NETCONF Sessions form and the NETCONF State/Statistics form is admin/netconf. enabled Synopsis: boolean Default: true...
Page 122: Idle-Timeout Field
11. NETCONF Default: 830 The port on which NETCONF listens for NETCONF requests. The default is port 830. Extra IP:Ports Synopsis: A string Synopsis: "extra-ip-ports" occurs in an array. Additional IP addresses and ports on which NETCONF listens for NETCONF requests. You can specify IP addresses and ports in the following forms: •...
Page 123: Netconf State/Statistics Form
11. NETCONF Figure 11.4. NETCONF State/Statistics form in Bad Hellos Synopsis: unsigned integer The total number of sessions silently dropped because an invalid 'hello' message was received. This includes hello messages with a 'session-id' attribute, bad namespace, and bad capability declarations. in Sessions Synopsis: unsigned integer The total number of NETCONF sessions started towards the...
Page 124 11. NETCONF The total number of 'notification' messages sent. ROX™ v2.2 User Guide RuggedBackbone™ RX1500...
Page 125: Chassis Management
The Chassis Status form contains basic status information about the chassis. This form appears on the same screen as the Chassis menu. Chassis Model Synopsis: string The RuggedCom device model name. software-license Synopsis: string The current software capability. ROX™ v2.2 User Guide...
Page 126: Power Controller
12. Chassis Management order-code Synopsis: A string The order code derived from the current configuration of the device. ROX Software Release Synopsis: string The release of ROX running on the chassis. 12.1. Power Controller Figure 12.3. Power Controller form As of ROX version 2.2, the balance-mode feature is not supported. This feature remains in the interface for backwards compatibility.
Page 127: Slot Hardware
12. Chassis Management The name of the power module slot as labeled on the chassis MOV Protection Synopsis: string - one of the following keywords { damaged, working, na } The state of the MOV protection circuit PM Temperature (C) Synopsis: integer The temperature (Celsius) inside the power module PM Current (mA)
Page 128: Slot Identification
12. Chassis Management Synopsis: string - the keyword { trnk } The slot name, as marked on the silkscreen across the top of the chassis. Order Code Synopsis: A string The order code of the chassis as derived from the current hardware configuration. Detected Module Synopsis: A string The installed module's type specifier.
Page 129: Cpu
12. Chassis Management Detected Module Synopsis: A string The installed module's type specifier. Bootloader Synopsis: string The version of the ROX bootloader software on the installed module. FPGA Synopsis: string The version of the ROX FPGA firmware (if any) running on the installed module. 12.4.
Page 130: Slot Status
12. Chassis Management CPU load(%) Synopsis: integer The CPU load, in percent, on the installed module. RAM Avail(%) Synopsis: integer The proportion of memory (RAM) currently unused, in percent, on the installed module. RAM Low(%) Synopsis: integer The lowest proportion of unused memory (RAM), in percent, recorded for the installed module since start-up.
Page 131: Slot Sensors
12. Chassis Management The slot name, as marked on the silkscreen across the top of the chassis. Detected Module Synopsis: A string The installed module's type specifier. State Synopsis: string - one of the following keywords { disconnected, failed, operating, resetting, disabled, empty, unknown } The current state of the installed module.
Page 132: Module Configuration
12. Chassis Management slot Synopsis: string - the keyword { --- } Synopsis: string - one of the following keywords { main, pm2, pm1 } Synopsis: string - one of the following keywords { lm6, lm5, lm4, lm3, lm2, lm1, sm } Synopsis: string - one of the following keywords { em, cm } Synopsis: string - the keyword { trnk } The slot name, as marked on the silkscreen across the top of the chassis.
Page 133: Fixed Modules Form
12. Chassis Management The Module Configuration feature provides administrative control of the installed modules. The Modules table and form provide information about the administrative control of a module in a particular chassis slot. slot Synopsis: string - one of the following keywords { lm6, lm5, lm4, lm3, lm2, lm1, sm } The slot name, as marked on the silkscreen across the top of the chassis.
Page 134: Module Database Table
12. Chassis Management Figure 12.20. Module Database table Figure 12.21. Module Database form Figure 12.22. Configurable Modules table Figure 12.23. Configurable Modules form ROX™ v2.2 User Guide RuggedBackbone™ RX1500...
Page 135: Ppp Users
13. PPP Users 13. PPP Users 13.1. Overview Use the PPP menu to configure local and remote authentication for PPP user login through an L2TP client. A PPP Server can be configured to accept a connection request only after validating the user’s credentials.
Page 136: Ppp Configuration Form
13. PPP Users Figure 13.3. Dial-in Users form The Dial-in Users form allows you to add PPP profiles for dial-in users. To display the Dial-out PPP Users table, navigate to global/ppp/profiles/dialout. Figure 13.4. Dial-out PPP Users table Dial-out PPP is used to add PPP profile for dialOut users. name Synopsis: A string The connection name...
Page 137 13. PPP Users Default: N/A The user ID used to log on to a remote PPP server password Synopsis: A string Default: N/A The password used to log on to a remote PPP server dial-type Synopsis: string - one of the following keywords { Pulse, DTMF } Default: DTMF The type of dialing system to use on the phone line.
Page 138: Ppp Interfaces And Link Failover
13. PPP Users Figure 13.6. PPP Primary Radius Server form address Synopsis: IPv4 address in dotted-decimal notation The IPv4 address of the server port-udp Synopsis: integer Default: 1812 password Synopsis: "AES CFB128"-encrypted string Figure 13.7. PPP Secondary Radius Server form address Synopsis: IPv4 address in dotted-decimal notation The IPv4 address of the server...
Page 139 13. PPP Users The PPP Dial-on-demand option is a standard PPP option. This option triggers the modem dial-out when there is traffic passing through the modem link. The modem hangs up when traffic stops within the time set in the PPP Disconnect-idle-timeout option. When Dial-on-demand is enabled, the presence of traffic controls the operation of the modem link.
Page 140: Dhcp Relay
14. DHCP Relay 14. DHCP Relay A DHCP Relay Agent is a device that forwards DHCP packets between clients and servers when they are not on the same physical LAN segment or IP subnet. The feature is enabled if the DHCP server IP address and a set of access ports are configured.
Page 141: Dhcp Relay Agent Client Ports Table
14. DHCP Relay The DHCP Relay Agent form appears on the same screen as the DHCP Relay Agent menu. DHCP Server Address Synopsis: IPv4 address in dotted-decimal notation The IP address of the DHCP server to which DHCP queries will be forwarded from this relay agent. Figure 14.3.
Page 142: Dhcp Server
15. DHCP Server 15. DHCP Server 15.1. DHCP Fundamentals Dynamic Host Configuration Protocol (DHCP) is a method for centrally and consistently managing IP addresses and settings for clients, offering a variety of assignment methods. IP addresses can be assigned based on the Ethernet MAC address of a client, sequentially, or by using port identification provided by a DHCP relay agent device.
Page 143: Configuring Dhcp Server
15. DHCP Server 15.2. Configuring DHCP Server The DHCP Server menu is available under services at services/dhcpserver. Figure 15.1. DHCP Server menu Under services/dhcpserver, you can configure the following: • enable the DHCP service. See Section 15.2.1, “Enabling the DHCP Service”.
Page 144: Dhcp Subnets And Pools
15. DHCP Server Figure 15.3. Listen Interfaces table • To add a DHCP listen interface, enter edit mode, navigate to services/dhcpserver/interface, and click <Add interface>. On the Key settings form, select an interface from the list and click Add. 15.2.3. DHCP Subnets and Pools •...
Page 145: Dhcp Shared Networks
15. DHCP Server 15.2.3.1. DHCP Pools • To view a list of DHCP pools, navigate to /services/dhcpserver/subnet{subnet02}/options/iprange. Figure 15.6. IP Pool Configuration table • To add a DHCP pool, enter edit mode, navigate to /services/dhcpserver/subnet{subnet02}/options/ iprange, and click <Add iprange>. On the Key settings form, type the starting IP address of the range and click Add.
Page 146: Dhcp Host-Groups
15. DHCP Server • To set Hardware Configuration, Lease Configuration, and Client Configuration options, navigate to /services/dhcpserver/host{host id}/options. For more information, see Section 15.2.10, “Hardware Configuration”, Section 15.2.8.1, “Lease Configuration Options”, and Section 15.2.8.2, “Client Configuration Options at the DHCP Levels”.
Page 147: Dhcp Options
15. DHCP Server Figure 15.10. /services/dhcpserver/show-active-leases form 15.2.8. DHCP Options You can set DHCP options at the subnet, shared network, host-groups, and hosts level. Options set at lower levels override those set at higher levels. DHCP options are set on the following forms: •...
Page 148: Lease Configuration Form
15. DHCP Server Figure 15.11. Lease Configuration form default Synopsis: integer Default: 600 The minimum leased time that the server offers to the client maximum Synopsis: integer Default: 7200 The maximum leased time that the server offers to the client 15.2.8.2.
Page 149: Client Configuration Form For Hosts
15. DHCP Server 15.2.8.2.2. Client Configuration Options: Hosts To set DHCP client configuration options at the host level, enter edit mode and navigate to /services/ dhcpserver/host{host id}/options. Figure 15.13. Client Configuration form for Hosts fixed-ip Synopsis: IPv4 address in dotted-decimal notation The IP address that the server assigns to the matching client unknown-client Synopsis: string - one of the following keywords { ignore, deny, allow }...
Page 150: Client Configuration Form For Dhcp Clients
15. DHCP Server unknown-client Synopsis: string - one of the following keywords { ignore, deny, allow } Default: allow The action to take for previously unregistered clients shared-network Synopsis: A string Shared-network that this host group belongs to subnet Synopsis: A string The subnet that this host group belongs to 15.2.8.3.
Page 151: Nis Configuration Form
15. DHCP Server The default route that the server offers to the client when it issues the lease to the client broadcast Synopsis: IPv4 address in dotted-decimal notation The broadcast address that the server offers to the client when it issues the lease to the client domain Synopsis: string The domain name that the server offers to the client when it issues the lease to the client...
Page 152: Custom Dhcp Options
15. DHCP Server Default: 127.0.0.1 The NetBIOS nameserver that the dhcpserver offers to the client when it issues the lease to the client 15.2.9. Custom DHCP Options You can set custom DHCP options at the under clients at all DHCP levels. To set a custom DHCP option, you need to know the number of the option you want to set and the valid values for the option.
Page 153 15. DHCP Server The physical network address of the client. Note that this corresponds to the hardware type; for example, MAC address for ethernet. ROX™ v2.2 User Guide RuggedBackbone™ RX1500...
Page 154: Network Interfaces And Ethernet Bridging
Part II. Network Interfaces and Ethernet Bridging Part II. Network Interfaces and Ethernet Bridging Part II describes network interfaces and the configuration and monitoring of Ethernet bridging on a ROX™- based networking device: Ethernet Ports Chapter 16, Ethernet Ports Ethernet Statistics Chapter 17, Ethernet Statistics IP Statistics Chapter 18, IP Statistics...
Page 155: Ethernet Ports
16. Ethernet Ports 16. Ethernet Ports ROX™ Ethernet port control provides the following features: • Configuring port physical parameters. • Configuring link alarms/traps for the port. • Configuring port rate limiting. • Establishing port mirroring. • Cable diagnostics. • Viewing port status. •...
Page 156: Ethernet Port Configuration
FX links is optional according to the IEEE 802.3 standard, which means that some link partners may not support it. RuggedCom offers an advanced Link-Fault-Indication (LFI) feature for the links where no native link partner notification mechanism is available. With LFI enabled, the device bases generation of a link integrity signal upon its reception of a link signal.
Page 157: Port Parameters
16. Ethernet Ports 16.2.1. Port Parameters Figure 16.3. Switched Ethernet Ports table The Switched Ethernet Ports table shows the Ethernet interfaces. To display the Switched Ethernet Ports table, navigate to interface/switch. Figure 16.4. Switched Ethernet Ports submenu The Switched Ethernet Ports Forms are accessible from submenus of the Ethernet Ports menu. To display the forms, navigate to interface/switch/{line module}.
Page 158: Switched Ethernet Ports Form
16. Ethernet Ports Figure 16.5. Switched Ethernet Ports form Slot Synopsis: string - one of the following keywords { lm6, lm5, lm4, lm3, lm2, lm1, sm } The name of the module location provided on the silkscreen across the top of the device. Port Synopsis: integer The port number as seen on the front plate silkscreen of the switch (or a list of ports, if aggregated...
Page 159: Port Rate Limiting
16. Ethernet Ports Disabling link-alarms will prevent alarms and LinkUp and LinkDown SNMP traps from being sent for that interface. Link alarms may also be controlled for the whole system under admin / alarm-cfg. Switchport Synopsis: boolean Default: true Sets the physical port into either switched mode or a dedicated routing mode. Flow Control Flow control is useful for preventing frame loss during times of severe network traffic Link Fault Indication (LFI) is specifically for FX interfaces.
Page 160: Port Mirroring
16. Ethernet Ports Default: broadcast This parameter specifies the types of frames to rate-limit on this port. It applies only to received frames: • BROADCAST : only broadcast frames will be limited. • MULTICAST : all multicast frames (including broadcast) will be limited. •...
Page 161: Ingress Source Ports Table
16. Ethernet Ports Figure 16.7. Port-Mirroring menu To display the Port-Mirroring menu and Port Mirror form, navigate to switch/port-mirroring. Figure 16.8. Port Mirror form Target Slot Synopsis: string - one of the following keywords { lm6, lm5, lm4, lm3, lm2, lm1, sm } The slot where a monitoring device should be connected.
Page 162: Diagnostics
16. Ethernet Ports Egress Source Slot Synopsis: string - one of the following keywords { lm6, lm5, lm4, lm3, lm2, lm1, sm } The name of the module location provided on the silkscreen across the top of the device. Egress Source Port Synopsis: integer The selected ports on the module installed in the indicated slot.
Page 163: Running Cable Diagnostics
16. Ethernet Ports Figure 16.12, “Cable Diagnostics Results form” displays the current value of diagnostic parameters for the corresponding Ethernet port. This form can be used to set certain cable diagnostic parameters for the port, as indicated below: Running Synopsis: boolean Whether or not a cable test is currently running on this port Good Termination Synopsis: unsigned short integer...
Page 164 16. Ethernet Ports 1. Configure the PUT’s cable diagnostics state to “Stopped”. Diagnostics may be stopped at any point. If a stop is issued in the middle of a diagnostics run, it will nevertheless run to completion and the results will be updated. Both the port under test (PUT) or partner port (PT) can be configured to be either in Enabled mode with auto-negotiation or in Disabled mode.
Page 165: Start Cable Diagnostics Test Form
16. Ethernet Ports Figure 16.13. Start Cable Diagnostics Test form Figure 16.14. Start Cable Test form To clear cable diagnostics, navigate to interfaces/switch/{line module}/diagnostics/clear-cable-stats- port. On the Clear Port Cable Diagnostic Test Results form, click Perform. Figure 16.15. Clear Port Cable Diagnostic Test Results form To clear all test results, rather than results from a single port, navigate to switch/clear-cable-stats-all.
Page 166: Clear All Alarms Menu
16. Ethernet Ports Figure 16.16. Clear All Diagnostics (Switch) menu To clear all cable diagnostic results, click the Perform button on the Clear All Cable Diagnostic Test Results form. Figure 16.17. Clear All Cable Diagnostic Test Results form 16.2.4.2.2. Clearing Ethernet Alarms Figure 16.18.
Page 167: Link Detection Options
16. Ethernet Ports 3. Do not connect the other end of the cable to any link partner. 4. Run cable diagnostics a few times on the port. OPEN fault should be detected. 5. Find the average distance to the OPEN fault recorded in the log and compare it to the known length of the cable.
Page 168: Port Status
16. Ethernet Ports time of up to 2 seconds. Once Port Guard disables FAST LINK DETECTION on a particular port, the user can re-enable FAST LINK DETECTION on the port by clearing the alarm. • ON: In certain special cases, where a prolonged excessive link state changes constitute a legitimate link operation, using this setting can prevent Port Guard from disabling FAST LINK DETECTION on the port in question.
Page 169: Interface Status Table
16. Ethernet Ports Figure 16.23. Interface Status table To display the Interface Status table, navigate to interfaces/switch. Figure 16.24. Interface Status form To display the Interface Status forms, navigate to interfaces/switch/{line module}. Slot Synopsis: string - one of the following keywords { lm6, lm5, lm4, lm3, lm2, lm1, sm } The slot of the module that contains this port.
Page 170: Resetting Ports
16. Ethernet Ports State Synopsis: string - one of the following keywords { lowerLayerDown, notPresent, dormant, unknown, testing, down, up } The port's link status. Media Synopsis: A string The type of port media { 100TX, 10FL, 100FX, 1000X, 1000T, 802.11g, EoVDSL, 100TX }. It provides the user with a description of the installed media type on the port for modular products.
Page 171: Resetting All Switched Ports
16. Ethernet Ports Figure 16.26. Reset Ethernet Port form 16.4.1. Resetting All Switched Ports To reset all switched ports, navigate to switch/reset-all-switched-ports. On the Reset All Switched Ports form, click Perform. Figure 16.27. Reset All Switched Ports menu Figure 16.28. Reset All Switched Ports form 16.5.
Page 172 16. Ethernet Ports Is it possible that the peer also has LFI enabled? If both sides of the link have LFI enabled, then both sides will withhold link signal generation from each other. ROX™ v2.2 User Guide RuggedBackbone™ RX1500...
Page 173: Ethernet Statistics
17. Ethernet Statistics 17. Ethernet Statistics ROX™ provides the following features for gathering and reporting Ethernet statistics: • Viewing basic Ethernet statistics. • Viewing and clearing detailed Ethernet statistics. • Configuring RMON History control. • Viewing collected RMON History samples. •...
Page 174 17. Ethernet Statistics InOctets Synopsis: unsigned integer The number of octets in received good packets. (Unicast+Multicast+Broadcast) and dropped packets. OutOctets Synopsis: unsigned integer The number of octets in transmitted good packets. InPkts Synopsis: unsigned integer The number of received good packets (Unicast+Multicast+Broadcast) and dropped packets. OutPkts Synopsis: unsigned integer The number of transmitted good packets.
Page 175: Rmon Port Statistics Form
17. Ethernet Statistics Figure 17.3. RMON Port Statistics Form InOctets Synopsis: unsigned long integer ROX™ v2.2 User Guide RuggedBackbone™ RX1500...
Page 176 17. Ethernet Statistics The number of octets in received good packets (Unicast+Multicast+Broadcast) and dropped packets. InPkts Synopsis: unsigned long integer The number of received good packets (Unicast+Multicast+Broadcast) and dropped packets. InBcastPkts Synopsis: unsigned long integer The number of good broadcast packets received. InMcastPkts Synopsis: unsigned long integer The number of good multicast packets received.
Page 177 17. Ethernet Statistics 2. The packet has invalid CRC. 3. A Collision Event has not been detected. 4. A Late Collision Event has not been detected. UndersizePkts Synopsis: unsigned long integer The number of received packets which meet all the following conditions: 1.
Page 178: Viewing Non-Switched Ethernet Statistics
17. Ethernet Statistics Pkts128to255Octets Synopsis: unsigned integer The number of received and transmitted packets with a size of 128 to 257 octets. This includes received and transmitted packets as well as dropped and local received packets. This does not include rejected received packets Pkts256to511Octets Synopsis: unsigned integer The number of received and transmitted packets with size of 256 to 511 octets.
Page 179: Routable-Only Ethernet Port Status Form
17. Ethernet Statistics Figure 17.5. Routable-Only Ethernet Port Status Form The Routable-Only Ethernet Port Status, Receive Statistics, and Transmit Statistics forms appear on the same screen as the Statistics menus. The Routable Ethernet Ports form displays the ethernet port configuration and status for a port. Ethernet statistics for the system’s IP interfaces are available on the Receive Statistics and Transmit Statistics forms.
Page 180: Receive Statistics Form
17. Ethernet Statistics Distance, Long Distance or Very Long Distance with connectors like LC, SC, ST, MTRJ etc. For the modules with SFP/GBICs, the media description is displayed per the SFF-8472 specification, if the transceiver is plugged into the module. E.g. 10/100/1000TX RJ45, 100FX SM SC, 10FX MM ST,1000SX SFP LC S SL M5.
Page 181: Clearing Switched Ethernet Port Statistics
17. Ethernet Statistics Figure 17.7. Transmit Statistics Form Bytes Synopsis: unsigned long integer Number of bytes transmitted. Packets Synopsis: unsigned long integer Number of packets transmitted. Errors Synopsis: unsigned integer Number of error packets transmitted. Dropped Synopsis: unsigned integer Number of dropped packets by the transmit device. Collisions Synopsis: unsigned integer Number of collisions detected on the port.
Page 182: Clear Switched Port Statistics Form
17. Ethernet Statistics Figure 17.9. Clear Switched Port Statistics Form This command clears Ethernet ports statistics for one switched port. Ports are cleared by clicking the Perform button on the Clear Switched Port Statistics form. Figure 17.10. Clear All Statistics Menu Figure 17.11.
Page 183: Ip Statistics
18. IP Statistics 18. IP Statistics The forms and tables accessible from the Interfaces IP menu (below) show the status of what has been configured using the forms and tables from the Interface and IP menus. Figure 18.1. Interfaces IP Menu The Interfaces IP menu is accessible from the main menu under interfaces/ip.
Page 184: Receive Statistics Form
18. IP Statistics Is point to point link. Figure 18.4. Receive Statistics Form Bytes Synopsis: unsigned long integer Number of bytes received. Packets Synopsis: unsigned long integer Number of packets received. Errors Synopsis: unsigned integer Number of error packets received. Dropped Synopsis: unsigned integer Number of dropped packets by the receive device.
Page 185 18. IP Statistics Errors Synopsis: unsigned integer Number of error packets transmitted. Dropped Synopsis: unsigned integer Number of dropped packets by the transmit device. Collisions Synopsis: unsigned integer Number of collisions detected on the port. ROX™ v2.2 User Guide RuggedBackbone™ RX1500...
Page 186: Virtual Switch Bridging
19. Virtual Switch Bridging 19. Virtual Switch Bridging 19.1. Overview A virtual switch bridges different network segments in way that is not dependent on a particular protocol. Network traffic between segments is forwarded regardless of the IP and MAC addresses in a packet. In a virtual switch, forwarding is done in Layer 2 and allows all network traffic, including L2 Multicast (GOOSE, ISO), IP Multicast, Unicast, and Broadcast messages, to go through the virtual switch tunnel without any modifications.
Page 187: Sample Use Case
19. Virtual Switch Bridging 19.2. Sample Use Case Figure 19.1. Virtual switch with multiple interfaces To create the configuration shown in this example, follow these steps: 1. Configure the port connected to the senders and receivers as follows: • PVID 20, format as tagged. •...
Page 188: Virtual Switch Configuration And Status
19. Virtual Switch Bridging 19.3. Virtual Switch Configuration and Status Figure 19.2. Adding a Virtual Switch To add a virtual switch, enter Edit Private mode. Add a virtual switch and at least two interfaces. You can also add VLANs. Figure 19.3. Interface Virtualswitch menu The Interface Virtualswitch menu is located at interface/virtualswitch.
Page 189: Virtualswitch Form
19. Virtual Switch Bridging Figure 19.5. Virtualswitch form To display this form, navigate to interface/virtualswitch/{number}. Forward Delay Synopsis: unsigned byte Default: 15 Delay (in seconds) of the listening and learning state before goes to forwarding state. Alias Synopsis: A string The SNMP alias name of the interface IP Address Source Synopsis: string - one of the following keywords { dynamic, static }...
Page 190: Vlan Form
19. Virtual Switch Bridging Figure 19.8. VLAN form To display this form, navigate to interface/virtualswitch/{number}/vlan/{number}. VLAN ID Synopsis: integer VLAN ID for this routable logical interface IP Address Source Synopsis: string - one of the following keywords { dynamic, static } Default: static Whether the IP address is static or dynamically assigned via DHCP or BOOTP.
Page 191: Receive Form
19. Virtual Switch Bridging Synopsis: integer MTU (Maximum Transmission Unit) value on the port. Synopsis: Ethernet MAC address in colon-separated hexadecimal notation The MAC address of the port. Figure 19.12. Receive form Bytes Synopsis: unsigned long integer Number of bytes received. Packets Synopsis: unsigned long integer Number of packets received.
Page 192: Vlan Table
19. Virtual Switch Bridging Packets Synopsis: unsigned long integer Number of packets transmitted. Errors Synopsis: unsigned integer Number of error packets transmitted. Dropped Synopsis: unsigned integer Number of dropped packets by the transmit device. Collisions Synopsis: unsigned integer Number of collisions detected on the port. Figure 19.14.
Page 193: Vlan Transmit Form
19. Virtual Switch Bridging Dropped Into Abyss Synopsis: unsigned integer Number of dropped packets by the receive device. Figure 19.16. VLAN Transmit form Bytes Synopsis: unsigned long integer Number of bytes transmitted. Packets Synopsis: unsigned long integer Number of packets transmitted. Errors Synopsis: unsigned integer Number of error packets transmitted.
Page 194: Link Aggregation
20. Link Aggregation 20. Link Aggregation Link Aggregation aggregates or bundles several Ethernet ports into one logical link, called a port trunk, with higher bandwidth. Link Aggregation is also known as port trunking or port bundling. ROX™ provides the following Link Aggregation features: •...
Page 195: Link Aggregation Limitations
20. Link Aggregation • If one of the aggregated ports joins or leaves a multicast group (for example, via IGMP or GMRP), all other ports in the trunk also join or leave. • Any port configuration parameter changes, such as VLAN or CoS, are automatically applied to all ports in the trunk.
Page 196: Link Aggregation Configuration
20. Link Aggregation If a speed/duplex mismatch is detected, the switch raises an alarm. RSTP dynamically calculates the path cost of the port trunk based on its aggregated bandwidth. However, if the aggregated ports are running at different speeds, the path cost may not be calculated correctly.
Page 197: Entering A Trunk Id
20. Link Aggregation Figure 20.4. Entering a Trunk ID Next, add parameters to the Multicast Filtering, CoS and VLAN forms. ROX™ v2.2 User Guide RuggedBackbone™ RX1500...
Page 198: Entering Parameters For Forms
20. Link Aggregation Figure 20.5. Entering Parameters for Forms Finally, add parameters for the trunk ports. First, click on "trunk-ports" on the menu. Next, click on "Add trunk-ports" on the menu. ROX™ v2.2 User Guide RuggedBackbone™ RX1500...
Page 199: Trunk-Ports Submenu - Adding A Trunk-Port
20. Link Aggregation Figure 20.6. Trunk-Ports Submenu - Adding a Trunk-Port Next, select the trunk slot from the drop-down menu on the Key Settings form. Click on "Add trunk- ports" again to add a second trunk-port. Click Commit. Click Exit Transaction when done. Figure 20.7.
Page 200: Trunk Ports Table
20. Link Aggregation Figure 20.8. Trunk Ports table Figure 20.9. Trunk Ports Table in Edit Private Mode To display the forms and tables below, click on interface/trunks/{number}. Most can also be accessed by clicking on interface/switch/{line module}. Figure 20.10. Key Settings Figure 20.11.
Page 201: Cos Form
20. Link Aggregation GMRP Synopsis: string - one of the following keywords { learn_advertise, advertise_only } GMRP (GARP Multicast Registration Protocol) operation on the port. There are several GMRP operation modes: • DISABLED : the port is not capable of any GMRP processing. •...
Page 202: Trunk Ports Table
20. Link Aggregation programmed to use VLAN 1. If you modify a switch port to use a VLAN other than the management VLAN, devices on that port will not be able to manage the switch. Type synopsis: token - one of { edge, trunk, pvlanedge } default: edge This parameter specifies how the port determines its membership in VLANs.
Page 203: Modem
21. Modem 21. Modem 21.1. PPP and the Cellular Modem 21.1.1. PPP and Cellular Modem Fundamentals RX1500 may be equipped with an internal cellular modem or land-line modem. PPP (the Point-to-Point Protocol) is used to establish an IP network connection over a cellular radio modem link. Depending on local cellular network availability, one of three cellular modem types may be ordered: •...
Page 204: Hspa Cellular Modem Information Form
21. Modem 21.1.2.1. HSPA The HSPA GSM profile is selected from the HSPA menu but Edge data needs to be configured from the Global Cellular GSM menu. See Section 21.1.2.3, “Global Cellular Modem GSM Configuration” information on configuration. If data is configured, the HSPA Cellular Modem Information form can be found under interfaces/ cellmodem/{line module}/hspa.
Page 205: Edge Cellular Modem Information Form
21. Modem The Subscriber Indentity Module number The following information provides additional details about the fields in the HSPA Cellular Modem Information Form. The IMEI (International Mobile Equipment Identity) is a numeric identifier unique to the cellular modem card. Rssi Indicator (Received Signal Strength) indicates the signal level received by the cellular modem from the cell site.
Page 206: Global Cellular Gsm Menu
21. Modem International Mobile Equipment Indentity radio Synopsis: A string The current RF status of cellmodem rssi-indicator Synopsis: integer The Received Signal Strength Indicator in dBm network-operator Synopsis: A string The wireless network operator currently in use network-in-use Synopsis: A string The network technology currently in use by the modem network-status Synopsis: A string...
Page 207: Ppp Configuration Form
21. Modem Figure 21.5. GSM Cellular Network Configuration form name Synopsis: A string Create gsm profile name Synopsis: string The wireless network access point name dial-string Synopsis: string Default: *99***1# The dial string given by the wireless provider to connect to the access point name The Access Point Name (APN) is necessary only on GPRS networks (Edge or HSPA).
Page 208: Cdma Evdo Cellular Modem Information Form
21. Modem password Synopsis: string Default: N/A The password to be authenticated by the remote server dial-on-demand Activates Dial-on-Demand on this connection. The establishment of the PPP connection is postponed until there is data to be transmitted via the interface disconnect-idle-timeout Synopsis: integer Default:...
Page 209 21. Modem Synopsis: A string The Electronic Serial Number of the modem. ESN is only avaible for the CDMA modem. ecio Synopsis: integer The total energy per chip per power density value in dBm rssi-indicator Synopsis: integer The Received Signal Strength Indicator in dBm network-operator Synopsis: A string The wireless network operator currently in use...
Page 210: Cdma Over The Air Activation Form
21. Modem Over-The-Air Account Activation ROX™ supports the OTASP (Over-the-Air Service Provisioning) mechanism offered by most CDMA cellular service providers for provisioning cellular end stations for use on their networks. Using this method, the service provider, or carrier, supplies an OTASP dial string which ROX™ can use to contact the cellular network via the modem.
Page 211: Cdma Manual Activation Form
21. Modem Figure 21.10. CDMA Manual Activation form Figure 21.11. CDMA Manual Activation Trigger Action form 1. First, establish an account with a service representative of the cellular network provider. You will need the following settings in order to activate your modem. Note that not all of these parameters are required by all network providers: •...
Page 212: Global Cellular Cdma Menu
21. Modem 21.1.2.4.2. Global Cellular CDMA Modem Configuration Figure 21.13. Global Cellular CDMA menu The path to this menu is global/cellular/profiles/cdma. The Cellular Network Configuration table appears on the same screen as the global menu. CDMA data is configured from the Global Cellular CDMA menu. Figure 21.14.
Page 213: Ppp Configuration Form
21. Modem Figure 21.16. PPP Configuration form use-peer-dns Enables the DNS server entries that the PPP server recommends. Enables this option unless you provide your own name servers username Synopsis: string Default: N/A The user ID to connect to the remote server password Synopsis: string Default: N/A...
Page 214: Routable Cellular Modem Interfaces Table
21. Modem The path to the interface/cellmodem menu is interface/cellmodem. The Routable Cellular Modem Interfaces table appears on the same screen as this menu. Figure 21.18. Routable Cellular Modem Interfaces table Figure 21.19. Routable Cellular Modem Interfaces form The path to this form is interface/cellmodem/{line module}. slot Synopsis: string - one of the following keywords { lm6, lm5, lm4, lm3, lm2, lm1, sm } The name of the module location provided on the silkscreen across the top of the device.
Page 215: Interface Cellmodem Hspa Menu
21. Modem Figure 21.20. Interface Cellmodem HSPA menu The path to this menu is interface/cellmodem/{line module}/hspa. Figure 21.21. GSM Profile form The path to this form is interface/cellmodem/{line module}/hspa/ppp-client. Connect Synopsis: A string Selects the gsm profile to connect to wireless network. The gsm profile is configured in /global/ cellular/profiles/gsm 21.1.2.5.2.
Page 216: Interfaces Cellmodem Hspa Menu
21. Modem state Synopsis: string - one of the following keywords { lowerLayerDown, notPresent, dormant, unknown, testing, down, up } The port's link status. media Synopsis: A string The type of port media { ***range of values** }. It provides the user with a description of the installed media type on the port for modular products.
Page 217 21. Modem Local IP address Synopsis: A string The IP address assigned to the modem by the remote server Peer IP address Synopsis: A string The IP address of the remote server TX (bytes) Synopsis: unsigned integer The bytes transmitted over the modem RX (bytes) Synopsis: unsigned integer The bytes received by the modem...
Page 218: Serial Protocols
• Tracing Serial Port activity 22.1.1. Serial IP Port Features The RuggedCom Serial Server provides the following features for forwarding serial traffic over IP: • Raw Socket Protocol - a means to transport streams of characters from one serial port on the router to a specified remote IP address and TCP port •...
Page 219: Serial Protocols Applications
22. Serial Protocols 22.1.2. Serial Protocols Applications 22.1.2.1. Character Encapsulation Character encapsulation is used any time a stream of characters must be reliably transported across a network. The character streams can be created by any serial device. The baud rates supported at either server need not be the same.
Page 220: Serial Protocols Concepts And Issues
22. Serial Protocols 22.1.3. Serial Protocols Concepts And Issues 22.1.3.1. Host And Remote Roles The RX1500 can either initiate or accept a TCP connection for serial encapsulation. It can establish a connection from field (“remote”) equipment to the central site (“host”) equipment, vice versa, or bi- directionally.
Page 221: Tcpmodbus Server Application
22. Serial Protocols time. This delay ensures that the RTU has time to process the broadcast message before it has to receive the next poll. When polling is performed, network delays may cause the broadcast and next poll to arrive at the remote server at the same time.
Page 222: Sources Of Delay And Error In An End To End Exchange
22. Serial Protocols The decision to use retransmissions, and the number to use depends upon factors such as: • The probability of a line failure • The number of RTUs and amount of traffic on the port • The cost of retransmitting the request from the server vs. timing-out and retransmitting at the master. This cost is affected by the speed of the ports and of the network.
Page 223 22. Serial Protocols In step 1, the master issues a request to the Client Gateway. If the Client Gateway validates the message it will forward it to the network as step 2. The Client Gateway can respond immediately in certain circumstances, as shown in step 1a. When the Client Gateway does not have a configuration for the specified RTU it will respond to the master with an exception using TcpModbus exception code 11 (“No Path”).
Page 224: Dnp (Distributed Network Protocol)
22. Serial Protocols 22.1.6. DNP (Distributed Network Protocol) The RX1500 supports DNP 3.0, commonly used by utilities in process automation systems. DNP3 protocol messages specify source and destination addresses. A destination address specifies which device should process the data, and the source address specifies which device sent the message. Having both destination and source addresses satisfies at least one requirement for peer-to-peer communication since the receiver knows where to direct a response.
Page 225: Serial Protocol Configuration
22. Serial Protocols 22.2. Serial Protocol Configuration Figure 22.3. Serial Protocols menu To display the Serial Protocols menu, navigate to interface/serial. Figure 22.4. Serial Interfaces table If data and ports have been configured, the Serial Interfaces table appears on the same screen as the Serial Protocols menu.
Page 226: Selecting A Protocol Type In The Edit Private Screen
22. Serial Protocols Figure 22.5. Adding a Protocol in the Edit Private screen In Edit Private view, the <Add protocols> option can be clicked, which adds a protocol to a port. Figure 22.6. Selecting a Protocol Type in the Edit Private screen Selecting a protocol type from the Protocol field in the Key Settings form associates a protocol with a serial port.
Page 227: Serial Ports Configuration Form
22. Serial Protocols Figure 22.7. Serial Ports Configuration form The Serial Interfaces form configures the serial settings and electrical protocol associated with a serial port. Changes are made immediately. To display this form, navigate to interface/serial/{line module}. baud-rate Synopsis: string - one of the following keywords { 230400, 115200, 57600, 38400, 19200, 9600, 2400, 1200 } Default: 9600 The baudrate selection of serial port...
Page 228: Setting Rawsockets
22. Serial Protocols Figure 22.8. Serial Protocols table The Serial Protocols table displays the protocols configured. To display the Serial Interfaces table, navigate to interface/serial/{line module}/protocols. protocol Synopsis: string - one of the following keywords { dnp, tcpmodbus, rawsocket } 22.2.2.
Page 229: Setting Tcpmodbus
22. Serial Protocols turnaround Synopsis: integer Default: The amount of delay (if any) to insert between the transmissions of individual messages out the serial port call-direction Synopsis: string - one of the following keywords { both, out, in } Default: out Whether to accept an incoming connection, place an outgoing connection or do both max-connection Synopsis: integer...
Page 230 22. Serial Protocols The TCP Modbus Configuration form is used to configure the TcpModbus settings for each port. Changes are made immediately. To display the TCP Modbus Configuration form, navigate to interface/ serial/{line module}/protocols/tcpmodbus/settcpmodbus. response-timer Synopsis: integer Default: 100 The maximum time from the last transmitted character of the outgoing poll until the first character of the response.
Page 231: Setting Dnp
22. Serial Protocols 22.2.4. Setting DNP Figure 22.11. DNP Protocols Configuration form The DNP Protocols Configuration form is used to configure the DNP settings for each port. To display the DNP Protocols Configuration form, navigate to interface/serial/{line module}/protocols/dnp/setdnp. address-learning Synopsis: A string The interface to learn the RTU address from.
Page 232: Serial Protocol Statistics
22. Serial Protocols The local or remote DNP device address. The address may be that of a DNP device connected to a local serial port or one available via the serial port of a remote IP host. remote-ip Synopsis: IPv4 address in dotted-decimal notation IP address of the remote host that provides a connection to the DNP device with the configured address.Leave this field empty to forward DNP message that matches the configured address to local serial port...
Page 233: Serial Port Statistics Form
22. Serial Protocols Figure 22.16. Serial Port Statistics form To display the Serial Port Statistics form, navigate to interfaces/serial/port and then clicking on a linked submenu. Serial Port Synopsis: A string conforming to: "[A-Za-z]{1}[-0-9A-Za-z]{0,9}.*" The serial interface name media Synopsis: A string The type of port media { RS232 RS422 RS485 }.
Page 234: Transport Connections
22. Serial Protocols rx-chars Synopsis: unsigned integer The number of bytes received by the serial port rx-packets Synopsis: unsigned integer The number of packets received by the serial port packet-errors Synopsis: unsigned integer The number of packet errors on this serial port parity-errors Synopsis: unsigned integer The number of parity errors on this serial port...
Page 235: Tcp/Udp Connection Statistics Form
22. Serial Protocols Figure 22.18. TCP/UDP Connection Statistics form index Synopsis: A string The transport connection index remote-ip Synopsis: A string The IP address of the remote serial server Remote TCP/UDP port Synopsis: integer The port of the remote serial server Local TCP/UDP port Synopsis: integer The local port for the incoming connection...
Page 236: Restarting The Serial Server
22. Serial Protocols 22.4. Restarting the Serial Server Figure 22.19. Restart Serserver menu The path to the Restart Serserver menu is interfaces/serial/restart-serserver. To restart the serserver, click on the restart-serserver trigger action and the click the Perform button on the Trigger Action form. Figure 22.20.
Page 237: Wan
23. WAN 23. WAN 23.1. T1/E1 Fundamentals A T1 line is a communications circuit using the Digital Signal 1 (DS1) signalling scheme. DS1 allows 24 “timeslots” of 64 Kbps DS0 information, along with 8 Kbps of signalling information, to be multiplexed onto a 1544 Kbps circuit.
Page 238: Wan Configuration
23. WAN • When using a single physical Frame Relay interface and connecting to the RX1500 with multiple DLCIs with mixed Cisco and IETF encapsulations, enable IETF encapsulation as follows. The text in [square brackets] indicates the type of encapsulation set by the command; do not type the text in [square brackets]: Cisco(config)#interface serial0/0 Cisco(config-if)#encap frame...
Page 239: T1 Parameters
23. WAN The path to the Enable WAN Interface form is interface/wan/{line module}. slot Synopsis: string - one of the following keywords { lm6, lm5, lm4, lm3, lm2, lm1, sm } The name of the module location for the WAN card. port Synopsis: integer The port number on the WAN card.
Page 240: E1 Parameters
23. WAN clock Synopsis: string - one of the following keywords { master, normal } Default: normal Serial clocking mode: master or normal. • master : provide serial clock signal. • normal : accept external clock signal. Synopsis: string - one of the following keywords { 550-660ft, 440-550ft, 330-440ft, 220-330ft, 110-220ft, 0-110ft, 22.5db, 15db, 7.5db, 0db } Default: 0db Line Build Out: tunes the shape of the T1 pulses and adjusts their amplitude depending upon...
Page 241: T1 Channels And Associated Time Slots Table
23. WAN Figure 23.6. T1 Channels and Associated Time Slots table The path to the T1 Time Slots form is /interface/wan{line module and port}/t1/channel{channel id}. 23.2.3.1. Adding Channels You can configure one or more channels over one t1/e1 physical interface, and each channel can have one or more time slots.
Page 242: Frame Relay Parameter Form
23. WAN Figure 23.8. Adding a Connection 23.2.3.3. Configuring Frame Relay From the connection submenu (see Figure 23.8, “Adding a Connection”), add a framerelay connection by clicking on the plus sign icon next to the framerelay submenu. Configure the parameters in the Frame Relay Parameter form.
Page 243: Connection Frame Relay Dlci Table
23. WAN The behavior of the frame relay connection, i.e. CPE (Customer Premises Equipment) or as a switch. signal Synopsis: string - one of the following keywords { none, q933, lmi, ansi } Default: ansi The frame relay link management protocol used. t391 Synopsis: integer Default: 10...
Page 244: Adding An Mlppp Connection
23. WAN The PPP Multilink Protocol, also known as Multilink PPP or MLPPP, is defined in Internet RFC 1990. Its purpose is to combine two or more PPP links into a single “bundle” to provide more bandwidth for a point-to-point connection. PPP Multilink must be supported on both sides of the link and may be used if there is more than one PPP link connecting the two endpoints.
Page 245: Adding Ip And Remote Addresses
23. WAN bundle Synopsis: integer Default: 1 The bundle number on-demand This interface is up or down on demand of link fail over. In the Bundle field, enter a bundle number (the default is 1). An MLPPP connection is added and an interface for this connection appears under the ip menu.
Page 246: Hdlc-Eth Menu
23. WAN Figure 23.13. HDLC-ETH menu Before adding an HDLC-ETH connection, you must first have a T1/E1 connection in place. For instructions on adding a T1/E1 connection, see Figure 23.8, “Adding a Connection”. To add an HDLC-ETH connection, navigate to a T1/E1 connection at interface/wan/{line module}/t1/ channel{number}/connection/hdlc-eth and click the icon beside the hdlc-eth submenu.
Page 247: Adding A Vlan
23. WAN Figure 23.15. Adding a VLAN • Click on the VLAN submenu and then on <Add vlan>. The Key settings form appears. • On the Key settings form, enter a VLAN ID (VID) number and click Add. The Ethernet Over HDLC VLAN Settings form appears.
Page 248: Loopback Test
23. WAN • c[channel number] identifies the channel number. • [connection identifier] identifies the type of connection. The connection identifier can be any of the following: • ppp • hdlc-eth • hdlc-eth with VLAN ID • mlppp with a bundle number •...
Page 249: Statistics
23. WAN The path to the Loopback Test forms is interfaces/wan/loopback. In the Loopback Test form, select the Interface and Type and then set the Nloops and Duration parameters. To start a loopback test, click the Perform button on the trigger action form. Figure 23.18.
Page 250: Physical Layer-Related Statistics
23. WAN 23.3.1. Physical Layer-related Statistics Figure 23.21. Receiving Errors Statistics form The path to this form is interfaces/wan/t1e1/{line module}/receive-error. Over Run Synopsis: unsigned integer The number of receiver overrun errors. CRC Error Synopsis: unsigned integer The number of receiver CRC errors. Abort Synopsis: unsigned integer The number of receiver abort errors.
Page 251: T1E1 Receiving Statistics Form
23. WAN Figure 23.22. T1E1 Receiving Statistics form The path to this form is interfaces/wan/t1e1/{line module}/receive-stats. Frames Synopsis: unsigned integer The number of frames received. Bytes Synopsis: unsigned integer The number of bytes received. Frames Discarded as Link Inactive Synopsis: unsigned integer Received frames that were discarded (link inactive).
Page 252: T1E1 Transmitting Errors Statistics Form
23. WAN Figure 23.24. T1E1 Transmitting Errors Statistics form The path to this form is interfaces/wan/t1e1/{line module}/transmit-error. PCI Error Synopsis: unsigned integer The number of transmitter PCI errors. PCI Latency Warning Synopsis: unsigned integer The number of transmitter PCI latency warnings. DMA Error Synopsis: unsigned integer The number of transmitter DMA descriptor errors.
Page 253: T1E1 Transmitting Statistics Form 2
23. WAN The number of frames transmitted. Bytes Synopsis: unsigned integer The number of bytes transmitted. Realigned Synopsis: unsigned integer Transmits frames that were realigned. Figure 23.26. T1E1 Transmitting Statistics Form 2 The path to this form is interfaces/wan/t1e1/{line module}/transmit. Bytes Synopsis: unsigned long integer Number of bytes transmitted.
Page 254: T1E1 Alarm Indication Form
23. WAN Figure 23.27. T1E1 Alarm Indication form Alarm physical statistics are displayed in the T1E1 Alarm Indication form. The path to this form is interfaces/wan/t1e1/{line module}/alarm. alos Synopsis: string ALOS (Loss of Signal) alarm. Synopsis: string LOS (Loss Of Signal) alarm. Synopsis: string RED (red alarm is a combination of a LOS or an OOF failure) alarm.
Page 255: Protocol-Related Statistics
23. WAN 23.3.2. Protocol-related Statistics 23.3.2.1. PPP Statistics Summary Figure 23.28. T1E1 Statistics form The T1E1 Statistics form displays PPP statistics and physical statistics. The path to this form is interfaces/wan/t1e1/{line module}. Figure 23.29. PPP Receiving Protocol Statistics form The PPP Receiving Protocol Statistics form displays PPP receiving statistics. The path to this form is interfaces/wan/t1e1/{line module}/ppp-stats.
Page 256: T1E1 Statistics Form
23. WAN The number of IPCP (Internet Protocol Control Protocol) packets. Figure 23.30. PPP Transmitting Protocol Statistics form The PPP Receiving Protocol Statistics form displays PPP transmitting statistics. The path to this form is interfaces/wan/t1e1/{line module}/ppp-stats. Additional statistics forms can be found under this ppp- stats submenu.
Page 257 23. WAN name Synopsis: A string Interface name. slot Synopsis: string - one of the following keywords { lm6, lm5, lm4, lm3, lm2, lm1, sm } Synopsis: string Line module name of the slot. Port Synopsis: integer Synopsis: string Port number on the slot. Channel Number Synopsis: integer Synopsis: string...
Page 258: Frame Relay Errors Packets Statistics Form
23. WAN 23.3.2.3. Frame-relay Statistics Figure 23.32. Frame Relay Errors Packets Statistics form The path to this form is interfaces/wan/t1e1/{line module}/fr-stats/fr-error. Frame Length Synopsis: unsigned integer I-frames not transmitted after a tx. interrupt due to exessive frame length. Throughput Synopsis: unsigned integer I-frames not transmitted after a tx.
Page 259: Frame Relay Controlling Packets Statistics Form
23. WAN App. didn't respond to the triggered IRQ within the given timeout period. Signalling Format Error Synopsis: unsigned integer Discarded In-channel Signalling frames due to a format error. Invalid Send Sequence Synopsis: unsigned integer In-channel frames received with invalid Send Seq. Numbers received. Invalid Receive Sequence Synopsis: unsigned integer In-channel frames received with invalid Receive Seq.
Page 260: Frame Relay Receiving Statistics Form
23. WAN Synopsis: unsigned integer Full Status Enquiry messages sent. LIVSE Synopsis: unsigned integer Link Integrity Verification Status Enquiry messages sent. Synopsis: unsigned integer Full Status messages received. LIVS Synopsis: unsigned integer Link Integrity Verification Status messages received. CPEI Synopsis: unsigned integer CPE initializations.
Page 261: Clearing Statistics
23. WAN I-frames received with the Discard Eligibility (DE) indicator set. FECN Synopsis: unsigned integer I-frames received with the FECN bit set. BECN Synopsis: unsigned integer I-frames received with the BECN bit set. 23.3.3. Clearing Statistics Figure 23.35. Clear Interface Statistics Form And Trigger Action Statistics can be cleared by specifying the appropriate parameters in the Clear Interface Statistics form and then clicking the Perform button on the Trigger Action.
Page 262: Dds Configuration
23. WAN the format of the data signal. The CSU part of the DSU/CSU manages electrical levels and isolation, and provides loopback to the TELCO. A RuggedCom DDS port provides an integrated DTE, DSU, and CSU. 23.4.1. DDS Configuration To configure DDS, you must first enable the WAN interface supporting DDS. See Section 23.4.1.1,...
Page 263: Ppp Form
23. WAN Figure 23.38. DDS Parameters form mode Synopsis: string - one of the following keywords { 64k, 56k } Default: 56k DDS speed mode (kbps). clock Synopsis: string - one of the following keywords { master, normal } Default: master Serial clocking mode: master or normal.
Page 264: Frame Relay Parameters Form
23. WAN • /interface/wan{wan slot and port}/dds/connection/framerelay/dlci configures the Data Link Connection Identifier (DLCI) parameters. To set the DDS frame relay parameters: • Enter edit mode and navigate to /interface/wan{wan slot and port}/dds/connection/framerelay. Figure 23.40. Frame Relay Parameters form station Synopsis: string - one of the following keywords { switch, cpe } Default: cpe The behavior of the frame relay connection, i.e.
Page 265: Loopback Test Form
23. WAN The number of error events (enumerated by n393) for which the channel is declared inactive; valid for either cpe or Switch. n393 Synopsis: integer Default: 4 The number of error events on the frame relay channel; valid for either cpe or switch.
Page 266: Viewing And Clearing Dds Statistics
23. WAN Type The loopback type. Nloops The number of loops. Duration The number of seconds required to run the test. • On the Trigger Action form, click Perform. 23.4.2. Viewing and Clearing DDS Statistics DDS statistics are available when at least one logical interface is configured. The main DDS statistics menu is available at /interfaces/wan/dds.
Page 267: Clear Interface Statistics Form
23. WAN Figure 23.43. Clear Interface Statistics form DDS Interface Select the DDS interface for which to clear statistics. T1E1 Interface Select the T1E1 interface for which to clear statistics. T3E3 Interface Select T3E3 interface for which to clear statistics. All-interfaces Clear statistics for all WAN interfaces.
Page 268: Port Security
24. Port Security 24. Port Security ROX™ Port Security provides the following features: • Authorizing network access using Static MAC Address Table. • Authorizing network access using IEEE 802.1X authentication. • Configuring IEEE 802.1X authentication parameters. • Detecting port security violation attempt and performing appropriate actions. 24.1.
Page 269: X General Topology
24. Port Security Figure 24.1. 802.1X General Topology ROX™ supports the Authenticator component. 802.1X makes use of Extended Authentication Protocol (EAP) which is a generic PPP authentication protocol and supports various authentication methods. 802.1X defines a protocol for communication between the Supplicant and the Authenticator, EAP over LAN (EAPOL). RuggedBackbone™...
Page 270: Port Security Configuration
24. Port Security 24.1.2.1. RADIUS Figure 24.3. Port Security RADIUS Primary form The path to the Port Security RADIUS Primary form is switch/port-security/radius. Figure 24.4. Port Security RADIUS Secondary form The path to the Port Security RADIUS Secondary form is switch/port-security/radius. address Synopsis: IPv4 address in dotted-decimal notation The IPv4 address of the server...
Page 271: Port Security Parameters
24. Port Security Figure 24.5. Port Security menu 24.2.1. Port Security Parameters Figure 24.6. Port Security form Security Mode Synopsis: string - one of the following keywords { dot1x_mac_auth, dot1x, per_macaddress, off } Default: off Enables or disables the security feature for the port. The following port access control types are available: •...
Page 272: Parameters
24. Port Security Shutdown Enable Enables/disables administative shutdown if a security violation occurs. 24.2.2. 802.1X Parameters Figure 24.7. 802.1x Parameters form Transmission Period Synopsis: integer Default: 30 IEEE 802.1X PAE (Port Access Entity) parameters quiet-period Synopsis: integer Default: 60 The period of time not to attempt to acquire a supplicant after the authorization session failed. Reauthorization Enables or disables periodic reauthentication reauth-period...
Page 273 24. Port Security Supplicant Timeout Synopsis: integer Default: 30 The time to wait for the supplicant's response to the authentication server's EAP packet. Server Timeout Synopsis: integer Default: 30 The time to wait for the authentication server's response to the supplicant's EAP packet. Max Requests Synopsis: integer Default: 2...
Page 274: Multicast Filtering
This may introduce significant traffic onto ports that do not require it and receive no benefit from it. RuggedCom products with IGMP Snooping enabled will act on IGMP messages sent from the router and the host, restricting traffic streams to the appropriate LAN segments.
Page 275: Switch Igmp Operation
25. Multicast Filtering Figure 25.1. IGMP Operation Example 1 In this example, the general membership query sent to the C1-C2 segment is answered by a membership report indicating the desire to subscribe to a stream M2. The router will forward the M2 stream onto the C1-C2 segment.
Page 276 25. Multicast Filtering A switch running in passive mode requires the presence of a multicast router or it will not be able to forward multicast streams at all If no multicast routers are present, at least one IGMP Snooping switch must be configured for Active IGMP mode to make IGMP functional.
Page 277: Combined Router And Switch Igmp Operation
25. Multicast Filtering 25.1.3. Combined Router and Switch IGMP Operation This section describes the additional challenges of multiple routers, VLAN support and switching. Producer P1 resides on VLAN 2 while P2 resides on VLAN 3. Consumer C1 resides on both VLANs whereas C2 and C3 reside on VLANs 3 and 2, respectively.
Page 278: Gmrp Example
25. Multicast Filtering membership in multicast groups with other switches on a LAN, and for that information to be disseminated to all switches in the LAN that support Extended Filtering Services. GMRP is an industry-standard protocol first defined in IEEE 802.1D-1998 and extended in IEEE 802.1Q-2005.
Page 279: Example Using Gmrp
25. Multicast Filtering Figure 25.3. Example using GMRP Joining the Multicast Groups: The sequence of events surrounding the establishment of membership for the two Multicast Groups on the example network is as follows: • Host H1 is GMRP unaware but needs to see traffic for Multicast Group 1. Port E2 on Switch E, therefore, is statically configured to forward traffic for Multicast Group 1.
Page 280: Multicast Filtering Configuration And Status
25. Multicast Filtering • Switch B propagates the “join” message, causing Port D1 on Switch D to become a member of Multicast Group 1. Note that ports A1 and C1 also become members. • Host H2 is GMRP-aware and sends a “join” request for Multicast Group 2 to Port C2, which thereby becomes a member of Group 2.
Page 281: Router Ports Table
25. Multicast Filtering Figure 25.5. IGMP Snooping Parameters form The path to the IGMP Snooping forms and the Router Ports table is switch/mcast-filtering/igmp- snooping. IGMP Mode Synopsis: string - one of the following keywords { passive, active } Default: passive Specifies the IGMP mode: •...
Page 282: Configuring Static Multicast Groups
25. Multicast Filtering Port Synopsis: integer The selected ports on the module installed in the indicated slot. 25.3.2. Configuring Static Multicast Groups Figure 25.7. Egress Ports table If data is configured, display the Egress Ports table by navigating to switch/mcast-filtering/static-mcast- table and then clicking on one of the linked submenus.
Page 283: Multicast Group Summary Table
25. Multicast Filtering The Class Of Service that is assigned to the multicast group frames. Figure 25.10. Static Ports table If data is configured, the path to this menu will be switch/mcast-filtering/mcast-group-summary, then clicking on one of the linked submenus and then clicking on static-ports. Figure 25.11.
Page 284: Ip Multicast Groups Table
25. Multicast Filtering The VLAN Identifier of the VLAN upon which the multicast group operates. MAC Address Synopsis: Ethernet MAC address in colon-separated hexadecimal notation The multicast group MAC address. 25.3.2.2. Viewing IP Multicast Groups Figure 25.13. IP Multicast Groups table The IP Multicast Groups table allows you to view IP Multicast Groups.
Page 285: Configuring Gmrp
25. Multicast Filtering The path to this form is switch/mcast-filtering/ip-mcast-groups, then clicking on one of the linked submenus that follow, then on router-ports and then on a linked submenu. All ports that have been manually configured or dynamically discovered (by observing router specific traffic) as ports that link to multicast routers.
Page 286: Gmrp Dynamic Ports Table
25. Multicast Filtering The GMRP Form appears on the same screen as the Multicast Filtering menu. Enabled Synopsis: boolean Default: false GMRP Enable RSTP Flooding Whether or not multicast streams will be flooded out of all RSTP non-edge ports upon detection of a topology change.
Page 287: Troubleshooting
25. Multicast Filtering The Multicast Filtering form can be accessed in two locations: interface/switch and then clicking on a submenu (for example, lm1/1) or interface/trunks and then clicking on a submenu (for example, 1). GMRP Synopsis: string - one of the following keywords { learn_advertise, advertise_only } GMRP (GARP Multicast Registration Protocol) operation on the port.
Page 288 25. Multicast Filtering Ensure that you do not have a situation where different multicast groups have multicast IP addresses that map to the same multicast MAC address. The switch forwarding operation is MAC address-based and will not work properly for several groups mapping to the same MAC address. Problem Five Computers on my switch issue join requests but don’t receive multicast streams from a router.
Page 289: Classes Of Service
26. Classes Of Service 26. Classes Of Service ROX™ CoS provides the following features: • Support for 4 Classes of Service • Ability to prioritize traffic by ingress port. • Ability to prioritize traffic by the priority field in 802.1Q tags. •...
Page 290: Forwarding Phase
26. Classes Of Service Figure 26.1. Determining The CoS Of A Received Frame After inspection, the frame is forwarded to the egress port for transmission. 26.1.2. Forwarding Phase The inspection phase results in the CoS of individual frames being determined. When these frames are forwarded to the egress port, they are collected into one of the priority queues according to the CoS assigned to each frame.
Page 291: Priority To Cos Mapping
26. Classes Of Service The CoS form appears on the same screen as the Class-of-service menu. CoS Weighting Synopsis: string - one of the following keywords { strict, 8421 } Default: 8421 During traffic bursts, frames queued in the switch pending transmission on a port may have different CoS priorities.
Page 292: Dscp To Cos Mapping
26. Classes Of Service 26.2.3. DSCP to CoS Mapping Figure 26.6. TOS DSCP to CoS Mapping table The path to the TOS DSCP table is switch/class-of-service/dcsp-to-cos-mapping. Figure 26.7. TOS DSCP to CoS Mapping form The path to the TOS DSCP to CoS Mapping forms is switch/class-of-service/dscp-to-cos/{number}. TOS DSCP to CoS Mapping maps each Differentiated Services Code Point (DSCP) in the Type-Of- Service (TOS) field in the headers of the received IP packets to the Class of Service switch.
Page 293 26. Classes Of Service The CoS form can be accessed in two locations: interface/switch/{line module}/ or interface/trunks/ {number}. Default Priority Synopsis: integer Default: The priority of frames received on this port that are not prioritized based on the frame's contents (e.g.
Page 294: Mac Address Tables
27. MAC Address Tables 27. MAC Address Tables ROX™ MAC address table management provides following features: • Viewing learned MAC addresses. • Configuring the switch’s MAC Address Aging Time. • Configuring static MAC addresses. • Purging MAC Address entries. The MAC Address Tables (mac-tables) menu is is accessible from the main menu under switch/mac- tables.
Page 295: Mac Tables Form
27. MAC Address Tables The VLAN Identifier of the VLAN upon which the MAC address operates. Slot Synopsis: string - one of the following keywords { lm6, lm5, lm4, lm3, lm2, lm1, sm } The slot containing the module including the port. Port Synopsis: integer The port on which the MAC address has been learned.
Page 296: Key Settings
27. MAC Address Tables 3. Configuring The Static MAC Address Table Static MAC addresses are usually configured when the user wishes to enforce port security (if supported). Static MAC addresses must also be configured for devices that are able to receive but not able to transmit frames.
Page 297: Purge Mac Address Menu
27. MAC Address Tables VLAN ID Synopsis: integer The VLAN Identifier of the VLAN upon which the MAC address operates. learned If set, the system will auto-learn the port upon which the device with this address is located. Slot Synopsis: string - one of the following keywords { lm6, lm5, lm4, lm3, lm2, lm1, sm } The name of the module location provided on the silkscreen across the top of the device.
Page 298: Spanning Tree
• Full bridge and port status displays provide a rich set of tools for performance monitoring and debugging. Historically, a device implementing STP on its ports has been referred to as a bridge. RuggedCom uses the terms "bridge" and "switch" synonymously. • SNMP-manageable including newRoot and topologyChange traps. 28.1. RSTP Operation The 802.1D Spanning Tree Protocol (STP) was developed to enable the construction of robust networks...
Page 299: Rstp States And Roles
28. Spanning Tree A revised and highly optimized RSTP version was defined in the IEEE standard 802.1D-2004 edition. IEEE 802.1D-2004 RSTP reduces network recovery times to just milliseconds and optimizes RSTP operation for various scenarios. ROX™ supports IEEE 802.1D-2004 RSTP. 28.1.1.
Page 300: Bridge And Port Roles
28. Spanning Tree ROX™ introduces two more states - Disabled and Link Down. Introduced purely for purposes of management, these states may be considered subclasses of the RSTP Discarding state. The Disabled state refers to links for which RSTP has been disabled. The Link Down state refers to links for which RSTP is enabled but are currently down.
Page 301: Edge Ports
28. Spanning Tree 28.1.2. Edge Ports A port may be designated an Edge Port if it is directly connected to an end station. As such, it cannot create bridging loops in the network and can thus directly transition to forwarding, skipping the listening and learning stages.
Page 302: Bridge Diameter
There is a relationship between the bridge diameter and the maximum age parameter . To achieve extended ring sizes, RuggedCom eRSTP™ uses an age increment of ¼ of a second. The value of the maximum bridge diameter is thus four times the configured maximum age parameter.
Page 303: Mst Regions And Interoperability
28. Spanning Tree 28.2.1. MST Regions and Interoperability In addition to supporting multiple spanning trees in a network of MSTP-capable bridges, MSTP is capable of interoperating with bridges that support only RSTP or legacy STP, without requiring any special configuration. An MST region may be defined as the set of interconnected bridges whose MST Region Identification is identical.
Page 304: Mstp Bridge And Port Roles
28. Spanning Tree 28.2.2. MSTP Bridge and Port Roles 28.2.2.1. Bridge Roles: CIST Root The CIST Root is the elected root bridge of the CIST (Common and Internal Spanning Tree), which spans all connected STP and RSTP bridges and MSTP regions. CIST Regional Root The root bridge of the IST within an MST region.
Page 305: Benefits Of Mstp
28. Spanning Tree • A CIST Designated Port, CIST Alternate / Backup Port, or Disabled. At the MST region boundary, the MSTI Port Role is the same as the CIST Port Role. A Boundary Port connected to an STP bridge will send only STP BPDUs. One connected to an RSTP bridge need not refrain from sending MSTP BPDUs.
Page 306: Rstp Applications
28. Spanning Tree 1. Configure and enable RSTP (see Section 28.4.1, “Spanning Tree Parameters” Section 28.4.2, “Port RSTP Parameters”). Note that the Max Hops parameter in the Bridge RSTP Parameters menu is the maximum hop count for MSTP. 2. Create the VLANs that will be mapped to MSTIs (see the sections on VLAN Configuration). 3.
Page 307: Example Of A Structured Wiring Configuration
28. Spanning Tree Figure 28.3. Example of a Structured Wiring Configuration Procedure 28.1. Design Considerations for RSTP in Structured Wiring Configurations Select the design parameters for the network. What are the requirements for robustness and network fail-over/recovery times? Are there special requirements for diverse routing to a central host computer? Are there any special port redundancy requirements? Identify required legacy support.
Page 308: Rstp In Ring Backbone Configurations
28. Spanning Tree Identify desired steady state topology. Identify the desired steady state topology taking into account link speeds, offered traffic and QOS. Examine of the effects of breaking selected links, taking into account network loading and the quality of alternate links. Decide upon port cost calculation strategy.
Page 309: Rstp Port Redundancy
28. Spanning Tree Identify edge ports Ports that connect to host computers, IEDs and controllers may be set to edge ports in order to guarantee rapid transitioning to forwarding as well as to reduce the number of topology change notifications in the network. Choose the root bridge.
Page 310: Spanning Tree Parameters
28. Spanning Tree Figure 28.6. Spanning Tree menu 28.4.1. Spanning Tree Parameters The Spanning Tree parameter form at the top-level Spanning Tree menu configures parameters applicable to RSTP and MSTP over the whole bridge. Figure 28.7. Spanning Tree Parameter form Enabled Synopsis: boolean Default: true...
Page 311 28. Spanning Tree STP Protocol Version Synopsis: string - one of the following keywords { mstp, rstp, stp } Default: rstp The version of the Spanning Tree Protocol to support, either only STP or Rapid STP or Multiple STP Hello Time (sec) Synopsis: unsigned integer Default: 2 The time between configuration messages issued by the root bridge.
Page 312: Erstp Form
28. Spanning Tree Default: Variable length text string. You must configure an identical region name on all switches you want to be in the same MST region. Figure 28.8. RSTP Common Instance form Bridge Priority Synopsis: string - one of the following keywords { 61440, 57344, 53248, 49152, 45960, 40960, 36864, 32768, 28672, 24576, 20480, 16384, 12288, 8192, 4096, 0 } Default: 32768 The priority assigned to the RSTP / Common Bridge Instance...
Page 313 (and may be relatively long) for any given mesh topology. This configuration parameter enables RuggedCom's enhancement to RSTP which detects a failure of the root switch and performs some extra RSTP processing steps, significantly reducing the network recovery time and making it deterministic.
Page 314: Port Rstp Parameters
28. Spanning Tree 28.4.2. Port RSTP Parameters Figure 28.10. Interface/switch/{line module}/spanning-tree submenu This submenu is accessible from the main menu under interface/switch/{line module}/spanning-tree. Figure 28.11. Port RSTP Parameter form The Port RSTP Parameter form appears on the same screen as the interface/switch/{line module}/ spanning-tree submenu.
Page 315 28. Spanning Tree Edge ports are ports that do not participate in the Spanning Tree, but still send configuration messages. Edge ports transition directly to frame forwarding without any listening and learning delays. The MAC tables of Edge ports do not need to be flushed when topology changes occur in the STP network.
Page 316: Bridge Msti Parameters
28. Spanning Tree port costs as negotiated (20,000 for 1Gbps, 200,000 for 100 Mbps links and 2,000,000 for 10 Mbps links). For MSTP, this parameter applies to both external and internal path costs. 28.4.3. Bridge MSTI Parameters Figure 28.12. Key Settings form To configure parameters using the Key Settings form and MSTP Instance form, navigate to switch/ spanning-tree/mstp-instance.
Page 317: Mstp Id Table
28. Spanning Tree Figure 28.14. MSTP Instance table After data has been configured, the MSTP Instance table will be displayed at switch/spanning-tree/ mstp-instance. Figure 28.15. MSTP ID table To display the MSTP ID table, navigate to switch/spanning-tree/port-msti-id. MSTP Instance ID Synopsis: integer The MSTP Instance ID.
Page 318: Port Msti Parameters
28. Spanning Tree 28.4.4. Port MSTI Parameters Figure 28.16. MSTI Configuration table To display the MSTI Configuration table, navigate to interface/switch/{line module}/spanning-tree/msti. Figure 28.17. MSTI Configuration form To display the MSTI Configuration form, navigate to interface/switch/{line module}/spanning-tree/msti/ {number}. MSTP ID Synopsis: integer MSTP Instance Identifier MSTP Priority...
Page 319 28. Spanning Tree The cost to use in cost calculations, when the cost style parameter is set to STP in the bridge RSTP parameter configuration. Setting the cost manually provides the ability to preferentially select specific ports to carry traffic over others. Leave this field set to 'auto' to use the standard STP port costs as negotiated (four for 1Gbps, 19 for 100 Mbps links and 100 for 10 Mbps links).
Page 320: Spanning Tree Statistics
28. Spanning Tree 28.5. Spanning Tree Statistics 28.5.1. Bridge RSTP Statistics Figure 28.18. RSTP Status form To display this form, navigate to switch/spanning-tree. Status Synopsis: string - one of the following keywords { none, rootBridge, notDesignatedForAnyLAN, designatedBridge } The spanning tree status of the bridge. The status may be root or designated. This field may show text saying 'not designated for any LAN' if the bridge is not the designated bridge for any of its ports.
Page 321 28. Spanning Tree The bridge identifier of this bridge. Bridge MAC Synopsis: Ethernet MAC address in colon-separated hexadecimal notation The bridge identifier of this bridge. Root Priority Synopsis: integer Ports to which the multicast group traffic is forwarded. Root MAC Synopsis: Ethernet MAC address in colon-separated hexadecimal notation Ports to which the multicast group traffic is forwarded.
Page 322: Port Rstp Statistics
28. Spanning Tree Configured Forward Delay Synopsis: integer The configured Forward Delay time from the Bridge RSTP Parameters menu. Learned Forward Delay Synopsis: integer The actual Forward Delay time provided by the root bridge as learned in configuration messages. This time is used in designated bridges. Configured Max Age Synopsis: integer The configured Maximum Age time from the Bridge RSTP Parameters menu.
Page 323: Rstp Port Statistics Form
28. Spanning Tree Figure 28.20. RSTP Port Statistics form To display these forms, navigate to switch/spanning-tree/port-rstp-stats/{line module}. Slot Synopsis: string - one of the following keywords { lm6, lm5, lm4, lm3, lm2, lm1, sm } Synopsis: string - the keyword { trnk } The slot of the module that contains this port.
Page 324 28. Spanning Tree The role of this port in the spanning tree: • Designated : The port is designated for (i.e. carries traffic towards the root for) the LAN it is connected to. • Root : The single port on the bridge, which provides connectivity towards the root bridge. •...
Page 325: Msti Status
28. Spanning Tree TX Tcns Synopsis: unsigned integer The count of configuration messages transmitted from this port. 28.5.3. MSTI Status Figure 28.21. MSTI Status table To display this table, navigate to switch/spanning-tree/msti-status. Figure 28.22. MSTI Status form To display these forms, navigate to switch/spanning-tree/msti-status/{number}. MSTP Instance ID Synopsis: integer The bridge identifier of this bridge.
Page 326 28. Spanning Tree status Synopsis: string - one of the following keywords { none, rootBridge, notDesignatedForAnyLAN, designatedBridge } The spanning tree status of the bridge. The status may be root or designated. This field may show text saying 'not designated for any LAN' if the bridge is not the designated bridge for any of its ports. Root Priority Synopsis: integer Bridge Identifier of the root bridge.
Page 327: Port Mstp Statistics
28. Spanning Tree 28.5.4. Port MSTP Statistics Figure 28.23. MSTP Port Statistics table The path to the MSTP Port Statistics table is switch/spanning-tree/port-msti-id/{number}/port-msti-stats. Figure 28.24. MSTP Port Statistics form The path to MSTP Port Statistics forms is switch/spanning-tree/port-msti-id/{number}/port-msti-stats/ {line module}. Slot Synopsis: string - one of the following keywords { lm6, lm5, lm4, lm3, lm2, lm1, sm } Synopsis: string - the keyword { trnk }...
Page 328: Clearing Spanning Tree Statistics
28. Spanning Tree • Disabled : STP is disabled on this port. • Link Down : STP is enabled on this port but the link is down. • Discarding : The link is not used in the STP topology but is standing by. •...
Page 329: Troubleshooting
28. Spanning Tree The Spanning-Tree Statistics form clears all spanning tree statistics for ethernet ports. This form is accessible from the clear-stp-stats menu action. The path to this menu action is switch/spanning-tree/ clear-stp-stats. To clear statistics, click the Perform button on the Clear Spanning-Tree Statistics form. Figure 28.26.
Page 330 28. Spanning Tree Another possible explanation is that some links in the network run in half-duplex mode. RSTP uses a peer-to-peer protocol called Proposal-Agreement to ensure transitioning in the event of a link failure. This protocol requires full-duplex operation. When RSTP detects a non-full duplex port, it cannot rely on Proposal-Agreement protocol and must make the port transition the slow (i.e.
Page 331 28. Spanning Tree If the controller fails around the time of a link outage then there is the remote possibility that frame disordering or duplication may be the cause of the problem. Try setting the root port of the failing controller’s bridge to STP.
Page 332: Virtual Lans
29. Virtual LANs 29. Virtual LANs ROX™ provides the following VLAN features: • Support for up to 255 VLANs • Configurable port-native VLAN. • Port modes of operation tailored to edge devices (such as a PC or IED) and to network switch interconnections.
Page 333: Vlan Ingress And Egress Rules
29. Virtual LANs Frames transmitted out of the port on all VLANs other than the port’s native VLAN are always sent tagged. Sometimes it may be desirable to manually restrict the traffic on the trunk to a specified group of VLANs; for example, when the trunk connects to a device, such as a Layer 3 router, that supports a subset of the available VLANs.
Page 334: Gvrp (Garp Vlan Registration Protocol)
29. Virtual LANs operate in a VLAN-aware mode while providing functionality required for almost any network application. However, the IEEE 802.1Q standard defines a set of rules that must be followed by all VLAN-aware switches: • Valid VID range is 1 to 4094 (VID=0 and VID=4095 are invalid). •...
Page 335: Pvlan Edge
29. Virtual LANs Figure 29.1. Using GVRP An example of using GVRP: • Ports A2, and C2 are configured with PVID 7 and port E2 is configured with PVID 20. • End Node D is GVRP aware and is interested in VLAN 20, hence VLAN 20 is advertised by it towards switch D.
Page 336: Vlan Applications
29. Virtual LANs Note that this feature is strictly local to the switch. PVLAN Edge ports are not prevented from communicating with ports off the switch, whether protected (remotely) or not. 29.2. VLAN Applications 29.2.1. Traffic Domain Isolation VLANs are most often used for their ability to restrict traffic flows between groups of devices. Unnecessary broadcast traffic can be restricted to the VLAN that requires it.
Page 337: Vlan Configuration
29. Virtual LANs The number of network hosts may often be reduced. Often, a server is assigned to provide services for independent networks. These hosts may be replaced by a single, multi-homed host supporting each network on its own VLAN. This host can perform routing between VLANs. Figure 29.3.
Page 338: Static Vlans
29. Virtual LANs Figure 29.5. Internal VLAN Range form 29.3.1. Static VLANs If static VLANs have been configured, the Static VLAN table will be displayed under switch/vlans/static- vlan. To display the forms, navigate to switch/vlans/static-vlan/{number}. Figure 29.6. Static VLAN table Figure 29.7.
Page 339: Port Vlan Parameters
29. Virtual LANs If IGMP Snooping is not enabled for the VLAN, both IGMP messages and multicast streams will be forwarded directly to all members of the VLAN. If any one member of the VLAN joins a multicast group then all members of the VLAN will receive the multicast traffic. 29.3.2.
Page 340: Vlan Summary
29. Virtual LANs Format Synopsis: string - one of the following keywords { tagged, untagged } Default: untagged Whether frames transmitted out of the port on its native VLAN (specified by the 'PVID' parameter) will be tagged or untagged. GVRP Mode Synopsis: string - one of the following keywords { learn_advertise, advertise_only } GVRP (Generic VLAN Registration Protocol) operation on the port.
Page 341: Vlan Summary Form
29. Virtual LANs Figure 29.11. VLAN Summary form VLAN ID Synopsis: integer The VLAN Identifier is used to identify the VLAN in tagged Ethernet frames according to IEEE 802.1Q. IGMP Snooping Synopsis: boolean Enables/disables IGMP-Snooping. MSTI Synopsis: integer The assigned MSTP Instance ID. To display the VLAN Summary form, navigate to switch/vlans/vlan-summary/{number}.
Page 342: All Vlans Table
29. Virtual LANs Figure 29.14. Untagged Ports table To display the Tagged Ports table, navigate to switch/vlans/vlan-summary/{number}/untagged-ports. Figure 29.15. Untagged Ports form To display the Tagged Ports form, navigate to switch/vlans/vlan-summary/{number}/untagged-ports/ {line module}. Untagged Slot Synopsis: string - one of the following keywords { lm6, lm5, lm4, lm3, lm2, lm1, sm } The name of the module location provided on the silkscreen across the top of the device.
Page 343: Forbidden Ports
29. Virtual LANs To display the VLANs table, navigate to interface/eth/{line module}/vlan. Figure 29.19. VLANs form To display the VLANs form, navigate to interface/eth/{line module}/vlan/{number}. VLAN ID Synopsis: integer VLAN ID for this routable logical interface IP Address Source Synopsis: string - one of the following keywords { dynamic, static } Default: static Whether the IP address is static or dynamically assigned via DHCP or BOOTP.
Page 344 29. Virtual LANs can use a router. The router will treat each VLAN as a separate interface, which will have its own associated IP address space. ROX™ v2.2 User Guide RuggedBackbone™ RX1500...
Page 345: Network Discovery
30. Network Discovery 30. Network Discovery Figure 30.1. Net-discovery menu The Net-discovery menu is accessible from the main menu under switch. The path to this menu is switch/net-discovery. ROX™ supports LLDP (the Link Layer Discovery Protocol), a Layer 2 protocol for automated network discovery.
Page 346: Lldp Parameters
30. Network Discovery 30.2. LLDP Parameters Figure 30.2. Net-discovery LLDP menu The Net-discovery LLDP menu is accessible from the main menu under switch. The path to this menu is switch/net-discovery/lldp. The LLDP form, LLDP Global Statistics Form and LLDP Local System form appear on the same screen as the menu.
Page 347: Lldp Global Statistics Form
30. Network Discovery The multiplier of the Tx Interval parameter that determines the actual time-to-live (TTL) value used in an LLDPDU. The actual TTL value can be expressed by the following formula: TTL = MIN(65535, (Tx Interval * Tx Hold)) Reinitialization Delay (sec) Synopsis: integer Default: 2...
Page 348: Lldp Local System Form
30. Network Discovery Figure 30.5. LLDP Local System form The LLDP local system form provides access to the local host’s information that is being set to remote LLDP-enabled devices. Local Chassis Subtype Synopsis: string - one of the following keywords { local, interfaceName, networkAddress, macAddress, portComponent, interfaceAlias, chassisComponent } local-chassis-subtype Local Chassis ID...
Page 349: Lldp Port Statistics Table
30. Network Discovery Figure 30.6. LLDP Port Statistics table The LLDP Port Statistics table allows you to view port LLDP statistics The path to the LLDP Port Statistics table is switch/net-discovery/lldp/port-lldp-stats. Figure 30.7. LLDP Port Statistics form The path to the LLDP Port Statistics form is switch/net-discovery/lldp/port-lldp-stats and then clicking on one of the linked submenus (for example, sm/1).
Page 350: Lldp Neighbors Table
30. Network Discovery The port number as seen on the front plate silkscreen of the module. Frames Dropped Synopsis: unsigned integer A counter of all LLDP frames discarded Error Frames Synopsis: unsigned integer A counter of all LLDPDUs received with detectable errors Frames In Synopsis: unsigned integer A counter of all LLDPDUs received...
Page 351: Lldp Submenu
30. Network Discovery Figure 30.9. LLDP Neighbors form The path to the LLDP Neighbors form is switch/net-discovery/lldp/port-lldp-neighbors and then clicking on one of the linked submenus (for example, sm/1). slot Synopsis: string - the keyword { --- } Synopsis: string - one of the following keywords { main, pm2, pm1 } Synopsis: string - one of the following keywords { lm6, lm5, lm4, lm3, lm2, lm1, sm } Synopsis: string - one of the following keywords { em, cm } Synopsis: string - the keyword { trnk }...
Page 352: Lldp Form
30. Network Discovery The LLDP submenu is accessible from the main menu under interface. The path to this menu is interface/switch and then clicking on one of the linked submenus (for example, sm/1). Figure 30.11. LLDP form Admin Status Synopsis: string - one of the following keywords { no-lldp, rx-tx, rx-only, tx-only } Default: rx-tx •...
Page 353: Routing And Security
Part III. Routing and Security Part III. Routing and Security Part III describes routing and network security: Routing Overview Chapter 31, ROX™ Routing Overview Layer 3 Switching Chapter 32, Layer 3 Switching Tunnelling Chapter 33, Tunnelling Dynamic Routing Chapter 34, Dynamic Routing Static Routing Chapter 35, Static Routing Routing Status...
Page 354: Rox™ Routing Overview
31. ROX™ Routing Overview 31. ROX™ Routing Overview This section provides an overview of IP routing in ROX™. This section describes how ROX™ configures physical Ethernet ports, and how ROX™ switches and routes IP packets. 31.1. IP Routing in ROX™ ROX™...
Page 355: Routing Ip Packets
31. ROX™ Routing Overview Continuing with the example above, an IP interface with the name Switch.0100 is created when you create VLAN 100. Providing an IP address to this interface makes the ROX™ system accessible to the devices on VLAN 100. For example, assigning Switch.0100 the IP address 192.168.100.10/24 makes the ROX™...
Page 356: Layer 3 Switching
32. Layer 3 Switching 32. Layer 3 Switching 32.1. Layer 3 Switching Fundamentals 32.1.1. What is a Layer 3 Switch? A switch is an internetwork device that makes frame forwarding decisions in hardware. A Layer 3 switch, sometimes called a multilayer switch, is one which makes hardware-based decisions for IP packets as well as Layer 2 frames.
Page 357: Static Layer 3 Switching Rules
32. Layer 3 Switching 32.1.3. Static Layer 3 Switching Rules When creating a static route through switch management, you can explicitly configure it to be hardware- accelerated. If hardware acceleration is selected, an appropriate Layer 3 switching rule is installed in the ASIC’s TCAM and never ages out.
Page 358: Layer 3 Multicast Switching
32. Layer 3 Switching 32.1.6. Layer 3 Multicast Switching Some RuggedCom Layer 3 Switch models do not have full multicast Layer 3 switching capability and only support multicast cross-VLAN Layer 2 switching. Multicast cross-VLAN Layer 2 switching differs from the normal multicast Layer 3 switching in the following ways: •...
Page 359: Sample Use Case
32. Layer 3 Switching 32.1.9. Sample Use Case Consider the network illustrated below. The switch connecting all of these networks is a RuggedBackbone™ Layer 3 switch. Figure 32.2. Layer 3 Switch Use Case Assume the following: • VLAN 150 and VLAN 250 have approximately 200 devices each. •...
Page 360: Hardware Acceleration Enabled
32. Layer 3 Switching 32.1.9.1. Setting up Unicast Routes Because this use case only requires that the devices to be able to reach two networks, static routes can be used and can be hardware-accelerated. • Create a static route in routing/static/ipv4/route and enter the network 10.200.50.0/24. •...
Page 361 32. Layer 3 Switching • Add egress interface Switch.0300. This configuration creates Layer 3 switching rules which can be verified in switch/layer3-switching/rules- summary. Even if Hw-accelerate is not enabled, Layer 3 switching is still performed, but all switching rules for the multicast streams will have to be auto-learned. 32.1.9.3.
Page 362: Configuring Layer 3 Switching
32. Layer 3 Switching 32.2. Configuring Layer 3 Switching To display the Layer 3 Switching menu, navigate to switch/layer3-switching. Figure 32.5. Layer 3 Switching menu The Layer 3 Switching form on the menu page displays the configured Layer 3 switching settings. Figure 32.6.
Page 363: Configuring Layer 3 Switching Settings
32. Layer 3 Switching 32.2.1. Configuring Layer 3 Switching Settings To configure the Layer 3 switching settings: • In edit mode, navigate to switch/layer3-switching. • On the Layer 3 Switching form, set the Layer 3 switching parameters. • Commit the changes. Figure 32.7.
Page 364: Creating Static Arp Table Entries
32. Layer 3 Switching Default: flow-oriented Defines how dynamically learned traffic flows are identified: • flow-oriented: Traffic flows are identified by a 5-tuple signature: Src IP address Dst IP address Protocol Src TCP/UDP port + Dst TCP/UDP port This mode should be used, if fine-granularity firewall filtering is configured in the device (i.e. some flows between two hosts should be forwarded, while other flows between the same two hosts should be filtered).
Page 365: Viewing Static And Dynamic Arp Table Entries
32. Layer 3 Switching Figure 32.8. ARP Table Configuration form Synopsis: Unicast Ethernet MAC address in colon-separated hexadecimal notation Default: 00:00:00:00:00:00 MAC address of the network device specified by the IP address. VLAN ID Synopsis: integer VLAN Identifier of the VLAN upon which the MAC address operates. status Synopsis: string - one of the following keywords { unresolved, resolved } Default: unresolved...
Page 366: Routing Rules Summary Table
32. Layer 3 Switching Figure 32.10. Routing Rules Summary table To view the details for a routing rule: • Navigate to switch/layer3-switching/routing-rules-summary/{rule id}. • Review the entries on the Routing Rules Summary form. Figure 32.11. Routing Rules Summary form Rule Type Synopsis: string - one of the following keywords { hidden, invalid, unicast, multicast } Identifies the type of the rule: unicast,multicast,invalid In VLAN...
Page 367 32. Layer 3 Switching Synopsis: A string conforming to: "(([0-1]?[0-9]?[0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-1]?[0-9]?[0-9]| 2[0-4][0-9]|25[0-5])/\p{N}+" Synopsis: string - the keyword { any } Identifies the source IP address or subnet. To match the rule, the incoming packet's source IP address must belong to the subnet. destination Synopsis: IPv4 address in dotted-decimal notation Synopsis: A string conforming to: "(([0-1]?[0-9]?[0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-1]?[0-9]?[0-9]|...
Page 368: Flushing Dynamic Hardware Routing Rules
32. Layer 3 Switching 32.2.5. Flushing Dynamic Hardware Routing Rules Flushing dynamic hardware routing rules removed dynamic rules from the Routing Rules Summary table. You can only flush dynamic rules. Static rules, enabled by activating hardware acceleration, never age out. For more information on how to enable hardware acceleration, see Section 32.1, “Layer 3 Switching Fundamentals”...
Page 369: Tunnelling
33. Tunnelling 33. Tunnelling Figure 33.1. Tunnelling menu The tunnelling menu is accessible from the main menu under tunnel. This menu provides access to IPsec, L2TP, L2tunneld and GRE functions. 33.1. IPsec 33.1.1. VPN Fundamentals IPsec (Internet Protocol SECurity) uses strong cryptography to provide both authentication and encryption services.
Page 370: X509 Certificates
33. Tunnelling 33.1.1.2. Policy-Based VPNs RuggedBackbone™ supports the creation of policy-based VPNs, which may be characterized as follows: • IPsec network interfaces are not created. • The routing table is not involved in directing packets to the IPsec later. • Only data traffic matching the tunnel’s local and remote subnets is forwarded to the tunnel. Normal traffic is routed by one set of firewall rules and VPN traffic is routed based on separate rules.
Page 371 33. Tunnelling the two. If both digests match, the integrity of the certificate is verified (it was not tampered with), and the public key in the certificate is assumed to be the valid public key of the connecting host. 33.1.1.6. NAT Traversal Historically, IPSec has presented problems when connections must traverse a firewall providing Network Address Translation (NAT).
Page 372: Ipsec Configuration
33. Tunnelling 33.1.2. IPsec Configuration Figure 33.2. IPsec menu The IPsec menu is accessible from the main menu under tunnel. The path to this menu is tunnel/ipsec. The IPsec form appears on the same screen as the IPsec menu. Figure 33.3. IPsec form The IPsec form is used in configuring IPSec VPN.
Page 373: Show Public Rsa Key Form
33. Tunnelling Facility Synopsis: string - one of the following keywords { local7, local6, local5, local4, local3, local2, local1, local0, uucp, user, syslog, news, mark, mail, lpr, kern, daemon, cron, authpriv, auth } Default: daemon The log facility. Log Level Synopsis: string - one of the following keywords { warnings, notifications, informational, errors, emergencies, debugging, critical, alerts } Default: errors...
Page 374: Install-Certificate Forms
33. Tunnelling Figure 33.6. Install-Certificate forms The path to the Install-Certificates forms is tunnel/ipsec/certificate/install-certificate. To install the certificates, enter the parameters and then click the Perform button. ROX™ v2.2 User Guide RuggedBackbone™ RX1500...
Page 375: Install-Ca-Certificate Forms
33. Tunnelling Figure 33.7. Install-Ca-Certificate forms The path to the Install-Ca-Certificate forms is tunnel/ipsec/certificate/install-ca-certificate. Enter the parameters and then click on the Perform button to install the certificates. ROX™ v2.2 User Guide RuggedBackbone™ RX1500...
Page 376: Install-Crl-File Forms
33. Tunnelling Figure 33.8. Install-Crl-File forms The path to the Install-Crl-File forms is tunnel/ipsec/certificate/install-crl-file. To install the files, enter the parameters and then click the Perform button. Figure 33.9. Show IPsec Running Status form The path to the Show IPsec Running Status form is tunnel/ipsec/status. To display the IPsec status, click the Perform button.
Page 377: Connection Form
33. Tunnelling Figure 33.11. Connection form If data is configured, the path to the Connection form will be tunnel/ipsec/connection/{line module}. The Connection form is used for VPN connection configuration. Connection Name Synopsis: string - the keyword { default } Synopsis: A string conforming to: "[A-Za-z][A-Za-z0-9#%_\-+.,]+" The connection name.
Page 378: Esp Table
33. Tunnelling Figure 33.12. ESP table If data is configured, the path to the ESP table will be tunnel/ipsec/connection/{line module}/esp. Figure 33.13. ESP Key Settings If data is configured, the path to the ESP Key Settings form will be to click on esp/{line module}. ESP pertains to the Phase 2 encryption/authentication algorithm to be used for the connection.
Page 379: Public Ip Address Form
33. Tunnelling Modpgroup. There are right side and left side IPsec forms. The forms for each side are used for IPSec system settings on each side. The forms are the same for both sides, so only the left side forms are shown here. Figure 33.15.
Page 380: Nexthop To Other System Form
33. Tunnelling Figure 33.17. Nexthop To Other System form Type Synopsis: string - one of the following keywords { address, default-route, default } Default: default Type. IP Address Synopsis: IPv4 address in dotted-decimal notation IP address. Figure 33.18. System Identifier form type Synopsis: string - one of the following keywords { hostname, address, from-certificate, none, default }...
Page 381: Network Table
33. Tunnelling Type. Figure 33.20. Network table The Network table displays a list of subnet addresses. If data is configured, the path to the Preshared Key table will be tunnel/ipsec/preshared-key. Figure 33.21. Preshared Key table If data is configured, the path to the Preshared Key form will be tunnel/ipsec/preshared-key/{line module}.
Page 382: L2Tp Tunnelling Configuration
33. Tunnelling 33.2. L2TP Tunnelling Configuration Figure 33.23. L2TP menu The path to the L2TP menu is tunnel/l2tp. The L2TP, DNS Server, PPP Options and WINS server forms appear on the same screen as this menu. Figure 33.24. L2TP form Enable L2TP Enable L2TP.
Page 383: Ppp Options Form
33. Tunnelling Primary Synopsis: IPv4 address in dotted-decimal notation Primary DNS server. Secondary Synopsis: IPv4 address in dotted-decimal notation Secondary DNS server. Figure 33.26. PPP Options form Before enabling the Authorize Locally field on the PPP Options form, you need to add a PPP user name and password under the global/ppp/profiles/dialin menu.
Page 384: Layer 2 Tunnelling
33. Tunnelling Secondary Synopsis: IPv4 address in dotted-decimal notation Secondary WINS server. 33.3. Layer 2 Tunnelling RuggedBackbone™ is capable of extending the range of services that communicate solely via Layer 2 protocols (i.e. at the level of Ethernet) by tunneling them over routed IP networks. The Layer 2 Tunnel Daemon supports the IEC61850 GOOSE protocol as well as a generic mechanism for tunneling by Ethernet type.
Page 385: Generic Layer 2 Tunnel Fundamentals
33. Tunnelling GOOSE Packets received from the network are stripped of their network headers and forwarded to Ethernet ports configured for the same multicast address. The forwarded frames contain the MAC source address or the originating device, and not that of the transmitting interface. The VLAN used will be that programmed locally for the interface and may differ from the original VLAN.
Page 386: Layer 2 Tunnelling Configuration
33. Tunnelling 33.3.3. Layer 2 Tunnelling Configuration Figure 33.28. L2tunneld menu The path to the L2tunneld (Layer 2) menu is tunnel/l2tunneld. The L2 Tunnel Daemon form appears on the same screen as this menu. Figure 33.29. L2 Tunnel Daemon form This form configures general settings for the daemon that apply to all supported tunnel configurations.
Page 387: Generic L2 Tunnel Table
33. Tunnelling 33.3.3.1. Goose The forms and tables in this section are located under tunnel/l2tunneld/goose. Figure 33.30. Goose Tunnel table This table displays configured GOOSE tunnels. Figure 33.31. Goose Tunnel form name Synopsis: A string Description of goose tunnel interface Synopsis: A string The interface to listen on for goose frames multicast-mac...
Page 388: Generic L2 Tunnel Protocol Form
33. Tunnelling Figure 33.34. Generic L2 Tunnel Protocol form name Synopsis: A string Description of goose tunnel ingress-if Synopsis: A string The interface to listen on for Ethernet type frames Figure 33.35. Generic L2 Tunnel Egress Interface table egress-if Synopsis: A string Egress interface for Ethernet type frames Figure 33.36.
Page 389: Goose Tunnel Statistics Form
33. Tunnelling Figure 33.38. Goose Tunnel Statistics form tunnel-name Synopsis: A string Goose Tunnel name ifname Synopsis: A string VLAN Interface name Synopsis: Multicast Ethernet MAC address in colon-separated hexadecimal notation Multicast Destination MAC Address of Goose message rx-frames Synopsis: unsigned integer The number of frames received over the tunnel tx-frames Synopsis: unsigned integer...
Page 390: Connections Statistics Table
33. Tunnelling Figure 33.39. Connections Statistics table remote-ip Synopsis: IPv4 address in dotted-decimal notation IP address of remote goose daemon rx-packets Synopsis: unsigned integer The number of frames received over the tunnel tx-packets Synopsis: unsigned integer The number of frames transmitted over the tunnel rx-bytes Synopsis: unsigned integer The number of bytes received over the tunnel...
Page 391: Generic L2 Tunnel Statistics Table
33. Tunnelling Figure 33.41. Generic L2 Tunnel Statistics table Figure 33.42. Generic L2 Tunnel Statistics form tunnel-name Synopsis: A string Goose Tunnel name ifname Synopsis: A string VLAN Interface name rx-frames Synopsis: unsigned integer The number of frames received over the tunnel tx-frames Synopsis: unsigned integer The number of frames transmitted over the tunnel...
Page 392: Connections Statistics Table
33. Tunnelling Figure 33.43. Connections Statistics table Figure 33.44. Connections Statistics form remote-ip Synopsis: IPv4 address in dotted-decimal notation IP address of remote goose daemon rx-packets Synopsis: unsigned integer The number of frames received over the tunnel tx-packets Synopsis: unsigned integer The number of frames transmitted over the tunnel rx-bytes Synopsis: unsigned integer...
Page 393: Round Trip Time Statistics Table
33. Tunnelling Figure 33.45. Round Trip Time Statistics table The Round Trip Time Statistics table reflects the measured RTT to each remote daemon. The minimum, average, maximum and standard deviation of times is presented. Entries with a large difference between the Transmitted and Received fields indicate potential problems.
Page 394: Generic Routing Encapsulation (Gre)
33. Tunnelling The Standard Deviation 33.4. Generic Routing Encapsulation (GRE) ROX™ is able to encapsulate multicast traffic and IPv6 packets and transport them through an IPv4 network tunnel. A GRE tunnel can transport traffic through any number of intermediate networks. The key parameters for GRE in each router are the tunnel name, local router address, remote router address and remote subnet.
Page 395: Generic Routing Encapsulation Interfaces Table
33. Tunnelling Figure 33.49. Generic Routing Encapsulation Interfaces table The Generic Routing Encapsulation Interfaces table appears on the same screen as the GRE menu. Figure 33.50. Generic Routing Encapsulation Interfaces form The path to the Generic Routing Encapsulation Interfaces form is tunnel/gre and then clicking on one of the linked submenus that follow (for example, gre0).
Page 396 33. Tunnelling cost Synopsis: integer Default: The routing cost associated with networking routing that directs traffic through the tunnel ROX™ v2.2 User Guide RuggedBackbone™ RX1500...
Page 397: Dynamic Routing
34. Dynamic Routing 34. Dynamic Routing 34.1. Introduction This chapter familiarizes the user with: • Enabling the Dynamic Routing Suite • Enabling and starting OSPF, RIP, and BGP • Configuring OSPF, RIP, and BGP • Obtaining OSPF, RIP, and BGP Status •...
Page 398: Key Ospf And Rip Parameters
34. Dynamic Routing The ROX™ OSPF daemon (ospfd) is an RFC 2178 compliant implementation of OSPFv2. The daemon also adheres to the RFC2370 (Opaque LSA) and RFC3509 (ABR-Types) extensions. OSPF network design usually involves partitioning a network into a number of self-contained areas. The areas are chosen to minimize intra-area router traffic, making more manageable and reducing the number of advertised routes.
Page 399: Redistributing Routes
34. Dynamic Routing 34.1.4.3. Hello Interval and Dead Interval The hello interval is the time between transmission of OSPF Hello packets. The dead interval is the time to wait without seeing an OSPF Hello packet before declaring a neighboring router dead and discarding its routes.
Page 400: Ospf And Vrrp Example Network
34. Dynamic Routing 34.1.4.8. OSPF Authentication OSPF authentication is used when it is desirable to prevent unauthorized routers from joining the OSPF network. By enabling authentication and configuring a shared key on all the routers, only routers which have the same authentication key will be able to send and receive advertisements within the OSPF network.
Page 401: Ospf And Vrrp Example
34. Dynamic Routing Figure 34.1. OSPF and VRRP Example 34.1.5.1. Area And Subnets As the OSPF design is simple, an area of 0 is used. The three point-to-point T1/E1 links are placed in the area by adding 1.1.1.0/24 to it. Router 1 and 2 will include their Ethernet links by adding subnet 1.1.2.0/24 to their area descriptions.
Page 402: Bgp Fundamentals
34. Dynamic Routing After the failure all routers still know how to reach the entire network, and the clients on 1.1.2.0/24 can still send on the network using the same gateway address. The clients will see only a MAC address change of the gateway and experience a few seconds of network outage When the link returns, VRRP will switch back to the master, and the routes will return to their normal state.
Page 403: Rip Configuration
34. Dynamic Routing 34.3.1. RIP Configuration The RIP Configuration form and Routing Timers form appear on the same screen as the RIP menu. Figure 34.4. RIP Configuration Form Enable RIP Enables the RIP dynamic routing protocol. Default Information Originate The route element makes a static route only inside RIP. This element should be used only by advanced users who are particularly knowledgeable about the RIP protocol.
Page 404: Routing Timers Form
34. Dynamic Routing Figure 34.5. Routing Timers Form The RIP protocol has several timers. The user can configure those timers’ values by the timers-basic element. The default settings for the timers are as follows: * The update timer is 30 seconds. Every update timer seconds, the RIP process is awakened to send an unsolicited response message containing the complete routing table to all neighboring RIP routers.
Page 405 34. Dynamic Routing Subnet Subnet Address/Prefix Synopsis: IPv4 address and prefix in CIDR notation Network address/prefix. Neighbor Neighbor IP Address Synopsis: IPv4 address in dotted-decimal notation Neighbor IP address. 34.3.1.2. Distance Distance with Matched Subnet Subnet/Prefix Synopsis: IPv4 address and prefix in CIDR notation IP Address/Prefix.
Page 406: Rip Interface Parameters Table
34. Dynamic Routing Accept Lifetime Set the accept lifetime of the key. Time to Start Synopsis: date and time specification The time to start. Expire Time Synopsis: date and time specification Synopsis: string - the keyword { infinite } Expire time. Send Lifetime Set the send lifetime of the key.
Page 407: Rip Interface Parameters Form
34. Dynamic Routing Figure 34.7. RIP Interface Parameters Form To display the RIP Interface Parameters form and the Authentication form, navigate to routing/dynamic/ rip/interface/{interface}. Passive Interface The specified interface is set to passive mode. In passive mode, all received packets are processed normally and ripd sends neither multicast nor unicast RIP packets except to RIP neighbors specified with a neighbor element.
Page 408: Ospf
34. Dynamic Routing String Synopsis: string The authentication string. Split horizon controls whether routes learned through an interface should be allowed to be advertised back out that interface. By default RIP advertises all routes it knows about to everyone, which makes it take a very long time for dropped links to age out of the network. The split horizon prevents advertising those routes back out the same interface which helps to control this problem.
Page 409: Ospf Configuration
34. Dynamic Routing 34.4.1. OSPF Configuration Figure 34.10. OSPF Configuration Form Enable OSPF Enables the OSPF dynamic routing protocol. ABR Type Synopsis: string - one of the following keywords { standard, shortcut, ibm, cisco } Default: cisco The OSPF ABR type. Auto Cost Reference Bandwidth Synopsis: unsigned integer Default: 100...
Page 410: Ospf Area Distance Form
34. Dynamic Routing Distance Synopsis: unsigned integer The administrative distance. Enable Opaque-LSA capability Enables the Opaque-LSA capability (rfc2370). Passive Default Suppresses routing updates on interfaces by default. Refresh Timer Synopsis: unsigned short integer Default: 10 The refresh timer. Router ID Synopsis: IPv4 address in dotted-decimal notation The Router ID for OSPF.
Page 411: Interface Parameters Table
34. Dynamic Routing The OSPF area network/prefix. 34.4.1.2. OSPF Redistribute Redistribute from other Routing Protocols This feature redistributes information from another routing protocol. Redistribute Route From Synopsis: string - one of the following keywords { bgp, rip, connected, static, kernel } Redistributes the route type.
Page 412: Dead Interval Form
34. Dynamic Routing Interface Name Synopsis: string Interface name. Authentication Type Synopsis: string - one of the following keywords { null, message-digest } The authentication type on this interface. Link Cost Synopsis: unsigned integer The link cost. If not set, it cost is based on reference bandwidth. Hello Interval Synopsis: unsigned integer Default: 10...
Page 413: Bgp
34. Dynamic Routing The number of times a hello message can be sent within one second. Configuration Parameters Configuration forms and display tables can be found at routing/dynamic/ospf/interface, then clicking on one of the interface submenus (for example, dummy0) and then clicking on the further set of submenus that follow (authentication-ip, cost-ip, dead-interval-ip, hello-interval-ip, message-digest-key, message- digest-key-ip, retransmit-interval-ip and transmit-delay-ip).
Page 414: Distance Form
34. Dynamic Routing Default Local Preference Synopsis: unsigned integer Default: 100 Default local preference value. Deterministic Med Pick the best-MED path among paths advertised from neighboring AS. Router ID Synopsis: IPv4 address in dotted-decimal notation Router ID. Figure 34.17. Distance Form The path to the Distance form is routing/dynamic/bgp.
Page 415 34. Dynamic Routing The regular expression to match the BGP AS paths. Prefix List Prefix List Synopsis: A string conforming to: "[^\s]+" The name of the prefix list. Description Synopsis: string The description of the prefix list. Prefix List Entry Sequence Number Synopsis: unsigned integer Sequence number of the entry.
Page 416 34. Dynamic Routing On Match Goto Synopsis: unsigned integer Go to this entry on match. Route Map Match AS Path Filter Synopsis: A string conforming to: "[^\s]+" Match the BGP AS path filter. Match Address of Route Prefix List Synopsis: A string conforming to: "[^\s]+" The prefix list name.
Page 417 34. Dynamic Routing AS number. Exclude AS Number Synopsis: unsigned integer AS number. Local Preference Synopsis: unsigned integer Local preference. Metric operation Synopsis: string - one of the following keywords { sub, add, set } Set , add or subtract the metric value. value Synopsis: unsigned integer Value.
Page 418 34. Dynamic Routing 34.5.1.3. Neighbor Neighbors are other BGP routers with which to exchange routing information. One or more neighbors must be specified in order for BGP to operate. If BGP Neighbors are specified but no Networks are specified, then the router will receive BGP routing information from its neighbors but will not advertise any routes to them.
Page 419 34. Dynamic Routing Options value Synopsis: string - one of the following keywords { summary-only, as-set } Aggregate address option. 34.5.1.5. Distance-ip Distance with Matched Subnet Subnet/Prefix Synopsis: IPv4 address and prefix in CIDR notation IP Address/Prefix. Distance Synopsis: unsigned integer Distance value.
Page 420: Static Routing
35. Static Routing 35. Static Routing Figure 35.1. Static Menu The Static menu is accessible from the main menu under routing. The path to this menu is routing/static. Figure 35.2. Static Route table The path to the Static Route table is routing/static/ipv4. Figure 35.3.
Page 421: Static Route Using Interface Table
35. Static Routing The path to the Static Route Using Gateway form is routing/static/ipv4/{route}/via/{address}. Gateway Address Synopsis: IPv4 address in dotted-decimal notation The gateway for the static route. Distance (optional) Synopsis: unsigned integer The distance for the static route. Figure 35.6. Blackhole Static Route form The path to the Blackhole Static Route form is routing/static/ipv4/{route}/blackhole.
Page 422: Routing Status
36. Routing Status 36. Routing Status Figure 36.1. Routing Status Menu The Routing Status menu is accessible under routing/status. 36.1. IPv4 Figure 36.2. IPv4 Kernel Active Routing Table The path to the IPv4 Kernel Active Routing table is routing/status/ipv4routes. It is possible to create a route on a locally connected broadcast network (i.e. without a gateway) without also bringing up a corresponding IP address on that interface.
Page 423: Ipv6
36. Routing Status Metric Synopsis: string The route metric value. 36.2. IPv6 Figure 36.3. IPv6Kernel Active Routing Table The path to the IPv6 Kernel Active Routing table is routing/status/ipv6routes. Subnet Synopsis: string The network/prefix. Gateway Address Synopsis: string The gateway address. Interface Name Synopsis: string The interface name.
Page 424: Core Daemon Memory Statistics Form
36. Routing Status Figure 36.4. Core Daemon Memory Statistics Form Total heap allocated (Byte) Synopsis: unsigned integer The total heap allocated (in bytes). Used ordinary blocks (Byte) Synopsis: unsigned integer The number of used ordinary blocks (in bytes). Free ordinary blocks (Byte) Synopsis: unsigned integer The number of free ordinary blocks (in bytes).
Page 425: Rip
36. Routing Status total Synopsis: unsigned integer The total heap allocated (in bytes). used Synopsis: unsigned integer The number of used ordinary blocks (in bytes). free Synopsis: unsigned integer The number of free ordinary blocks (in bytes). Figure 36.7. OSPF Daemon Memory Statistics Form total Synopsis: unsigned integer The total heap allocated (in bytes).
Page 426: Ospf
36. Routing Status 36.5. OSPF Figure 36.9. OSPF Menu To display the OSPF menu, navigate to routing/status/ospf. Figure 36.10. Network Table To display the Network table, navigate to routing/status/ospf/route/network. Synopsis: string Network Prefix. discard Synopsis: string This entry is discarded entry. inter-area Synopsis: string Is path type inter area.
Page 427: Router Table
36. Routing Status Synopsis: string How to reach this network. Figure 36.12. Router Table To display the Router table, navigate to routing/status/ospf/route/router. Synopsis: string Router ID. Figure 36.13. Area Table To display the Area table, navigate to routing/status/ospf/route/router/{number}/area. Synopsis: string Area ID.
Page 428: Summary Table
36. Routing Status Synopsis: string Link ID. area Synopsis: string Area ID. adv-router Synopsis: string Advertising Router. Synopsis: integer Age. seqnum Synopsis: string Sequence number. Figure 36.15. Summary Table To display the Summary table, navigate to routing/status/ospf/database/summary. Synopsis: string Link ID. area Synopsis: string Area ID.
Page 429: Asbr-Summary Table
36. Routing Status Figure 36.16. ASBR-Summary Table To display the ASBR-Summary table, navigate to routing/status/ospf/asbr-summary. Synopsis: string Link ID. area Synopsis: string Area ID. adv-router Synopsis: string Advertising Router. Synopsis: integer Age. seqnum Synopsis: string Sequence number. Figure 36.17. AS-External Table To display the AS-External table, navigate to routing/status/ospf/database/as-external.
Page 430: Bgp
36. Routing Status External metric type. route Synopsis: string Route. Synopsis: string Route tag. Figure 36.18. Neighbor Table To display the Neighbor table, navigate to routing/status/ospf/neighbor. Synopsis: string Neighbor ID. address Synopsis: string Address. priority Synopsis: integer Priority. state Synopsis: string State.
Page 431: Route Table
36. Routing Status To display the BGP menu, navigate to routing/status/bgp. Figure 36.20. Route Table To display the BGP Route table, navigate to routing/status/bgp/route. network Synopsis: string Network. Figure 36.21. Next Hop Table To display the Next Hop table, navigate to routing/status/bgp/route/{address}/next-hop. address Synopsis: string Next-hop address.
Page 432: Bgp Neighbor Table
36. Routing Status Origin. Figure 36.22. BGP Neighbor Table To display the Neighbor table, navigate to routing/status/bgp/neighbor. Synopsis: string Neighbor address. version Synopsis: integer BGP version. Synopsis: string Remote AS number. msgrcvd Synopsis: integer Number of received BGP messages. msgsent Synopsis: integer Number of sent BGP messages.
Page 433: Multicast Routing
37. Multicast Routing 37. Multicast Routing Figure 37.1. Multicast Routing menu The Multicast Routing menu is accessible from the main menu under routing. The path to this menu is routing/multicast. The user can choose between enabling dynamic multicast routing or static multicast routing by checking off "Enable"...
Page 434: Multicast Groups Configuration Form
37. Multicast Routing Figure 37.5. Multicast Groups Configuration form The path to the Multicast Groups Configuration form is routing/multicast/static/mcast-groups and then clicking on one of the linked submenus. description Synopsis: A string Describes this multicast group source-ip Synopsis: IPv4 address in dotted-decimal notation The expected source IP address of the multicast packet, in the format xxx.xxx.xxx.xxx “U”...
Page 435: Multicast Routing Status Table
37. Multicast Routing The OutInterface is the interface to which the matched multicast packet will be forwarded. Figure 37.7. Multicast Routing Status table The path to the Multicast Routing Status table is routing/multicast/static/status. Figure 37.8. Multicast Routing Status form The path to the Multicast Routing Status form is routing/multicast/static/status and then clicking on one of the linked submenus.
Page 436 37. Multicast Routing entryStatus Synopsis: string The status of the multicast routing entry ROX™ v2.2 User Guide RuggedBackbone™ RX1500...
Page 437: Firewall
38. Firewall 38. Firewall 38.1. Firewall Fundamentals Firewalls are software systems designed to prevent unauthorized access to or from private networks. Firewalls are most often used to prevent unauthorized Internet users from accessing private networks (intranets) connected to the Internet. When the ROX™...
Page 438: Port Forwarding
38. Firewall IP Network/Mask Address Range 192.168.0.0/16 192.168.0.0 - 192.168.255.255 Table 38.1. RFC1918 Reserved IP Address Blocks As a packet from a host on the internal network reaches the NAT gateway, its source address and source TCP/UDP port number are recorded. The address and port number is translated to the public IP address and an unused port number on the public interface.
Page 439: Firewall Terminology And Concepts
38. Firewall 5. If your network interface IP is dynamically assigned, configure masquerading. 6. If your network interface IP is statically assigned, configure Source Network address Translation (SNAT). If a sufficient number of IP addresses are provided by the ISP, static NAT can be employed instead.
Page 440: Hosts
38. Firewall Interface Zone w1ppp Table 38.3. Interfaces 38.3.3. Hosts ROX™ firewall hosts are used to assign zones to individual hosts or subnets, on an interface which handles multiple subnets. This allows the firewall to manage traffic being forwarded back out the interface it arrived on, but destined for another subnet.
Page 441: Masquerading And Snat
38. Firewall 38.3.5. Masquerading and SNAT Masquerading and Source NAT (SNAT) are forms of dynamic NAT. Masquerading substitutes a single IP address for an entire internal network. Use masquerading when your ISP assigns you an IP address dynamically at connection time. SNAT substitutes a single address or range of addresses that have been assigned by your ISP.
Page 442: Rules
38. Firewall 38.3.6. Rules The default policies can completely configure traffic based upon zones. But the default policies cannot take into account criteria such as the type of protocol, IP source/destination addresses and the need to perform special actions such as port forwarding. The firewall rules can accomplish this. The ROX™...
Page 443: Configuring The Firewall And Vpn
38. Firewall 3. This rule forwards http traffic from 204.18.45.0/24 (which was originally directed to the firewall at 130.252.100.69) to the host at 192.168.1.3 in the local zone. If the firewall supports another public IP address (e.g. 130.252.100.70), a similar rule could map requests to another host. 4.
Page 444: Virtual Private Networking To A Dmz
38. Firewall 38.4.2. Virtual Private Networking to a DMZ If the firewall is to pass the VPN traffic through to another device (e.g. a VPN device in a DMZ) then establish a DMZ zone and install the following rules. Action Source-Zone Destination-Zone Protocol...
Page 445: Adding A Firewall
38. Firewall To display the Firewall form, navigate to security/firewall and then click on the submenu representing the configured firewall (for example, firewall1). 38.5.1. Adding a Firewall To add a firewall, enter edit private mode, navigate to /security/firewall/fwconfig, and click <Add fwconfig>.
Page 446: Working With Firewall Configurations
38. Firewall Figure 38.6. Firewall Submenus 38.5.2. Working with Firewall Configurations The ROX™ firewall configuration system allows a network security administrator to work on one or more inactive firewall configurations while another is active and installed on the system. Section 38.5.2.1, “Typical Use Case”...
Page 447: Zone Configuration
38. Firewall validation succeeds. A configuration in progress may be validated in this way at any time without affecting an active firewall configuration. 3. After ‘fw1’ has been verified, it may be made active in the system by setting the active-config variable to the name: ‘fw1’, setting firewall-enable and committing the changes.
Page 448: Interface Configuration
38. Firewall 38.5.4. Interface Configuration Figure 38.10. Main Interface Settings table interface Synopsis: string Currently active or not - add '+' for same interfaces: ppp+ Figure 38.11. Interface Options form Arp Filter Responds only to ARP requests for configured IP addresses routeback Allow traffic on this interface to be routed back out that same interface tcpflags...
Page 449: Host Configuration
38. Firewall routefilter Enables route filtering proxyarp Enables proxy ARP maclist Not currently implemented nosmurfs Packets with broadcast address as source are dropped and logged at info level logmartians Enables logging of packets with impossible source addresses Figure 38.12. Broadcast Address form broadcast-addr (Optional) A broadcast address 38.5.5.
Page 450: Policies
38. Firewall Zone Synopsis: A string A pre-defined zone Interface Synopsis: A string A pre-defined interface to which optional IPs and/or networks can be added IP Address List Synopsis: string (Optional) Additional IP addresses or networks - comma separated Figure 38.15. Host Options form IPsec zone Synopsis: boolean Default: false...
Page 451: Network Address Translation
38. Firewall Default: reject A default action for connection establishment between different zones. Log Level Synopsis: string - one of the following keywords { emergency, alert, critical, error, warning, notice, info, debug, none } Default: none (Optional) Whether or not logging will take place and at which logging level. description Synopsis: string (Optional) The description string for this policy...
Page 452: Ip Masquerading
38. Firewall Figure 38.21. Net Address Translation Main Settings form Nat Entry Name Synopsis: string Enter a name for this NAT entry External IP Address Synopsis: IPv4 address in dotted-decimal notation The external IP Address (must not be a DNS name) Interface Synopsis: A string Interfaces that have the EXTERNAL address...
Page 453: Rules
38. Firewall Figure 38.23. Net Address Translation Main Settings form Masquerading substitutes a single IP address for an entire internal network Masq Entry Name Synopsis: string A name for this masquerading configuration entry Outgoing Interface List Synopsis: string An outgoing interfacelist - usually the internet interface Outgoing Interface Specifics Synopsis: string (Optional) An outgoing interface list - specific destinations IP for the out-interface...
Page 454: Main Rule Settings Form
38. Firewall Figure 38.25. Main Rule Settings form Rules are to establish exceptions to the default policies. This table lists exceptions to the default policies for certain types of traffic, sources or destinations. The chosen action will be applied to packets matching the chosen criteria instead of the default.
Page 455: Source Zone Form
38. Firewall Default: all The protocol to match for this rule. Source Port Synopsis: string Synopsis: string - one of the following keywords { none, Related, Any } Default: none (Optional) The tcp/udp port the connection originated from. Destination Port Synopsis: string Synopsis: string - one of the following keywords { none, Related, Any } Default: none...
Page 456 38. Firewall (Optional) Add comma-separated host IPs to the destination-zone - may include :port for DNAT or REDIRECT ROX™ v2.2 User Guide RuggedBackbone™ RX1500...
Page 457: Traffic Control
39. Traffic Control 39. Traffic Control Traffic Control (TC) is a firewall subsystem managing the amount of bandwidth per network interface that different types of traffic are permitted to use. For a traffic control configuration to work, a firewall must be configured. A ROX™...
Page 458 39. Traffic Control assigned to the packet, and if no class matches the mark, then the packet is assigned to the default class. Marks are assigned to packets either by the TC Rules based on any of a number of parameters, such as IP address, port number, protocol, packet length, and so on.
Page 459: Traffic Control Configuration
39. Traffic Control 39.2. Traffic Control Configuration Figure 39.1. Traffic-Control menu To display the Traffic Control menu, navigate to qos/traffic-control. Figure 39.2. Traffic Control Configuration form The Traffic Control Configuration form appears on the same screen as the Traffic Control menu. Enable configuration Enables/disables traffic control (TC) for the current firewall configuration.
Page 460: Basic Traffic Control Interfaces Table
39. Traffic Control Figure 39.3. Enabling Basic-configuration Mode Procedure 39.1. Configuring Basic-configuration Mode Enter Edit Private mode. Click on qos/traffic-control. On the Traffic Control Configuration form, click Enabled in the Enable configuration field. Select basic in the Basic or Advanced Configuration Modes field. Click Commit.
Page 461: Interface To Apply Traffic Control Form
39. Traffic Control Figure 39.5. Interface to Apply Traffic Control form To display this form, navigate to qos/traffic-control/basic-configuration/tcinterfaces/{interface}. interface Synopsis: string An interface to which traffic shaping will apply Type Synopsis: string - one of the following keywords { none, external, internal } Default: none (optional) 'external' (facing toward the Internet) or 'internal' (facing toward a local network).
Page 462: Basic Traffic Control Priorities Table
39. Traffic Control The outgoing bandwidth for this interface. Specify only the number here. The unit (kbps, mbps) is specified in Out-unit. Unit for egress speed Synopsis: string - one of the following keywords { bps, mbps, mbit, kbps, kbit } Specifies the unit for the outgoing bandwidth Description Synopsis: string...
Page 463 39. Traffic Control To display this form, navigate to qos/traffic-control/basic-configuration/tcpriorities/{priority}. name Synopsis: string A distinct name for this configuration entry band Synopsis: string - one of the following keywords { low, medium, high } Default: medium Priority (band) : high, medium, low... High band includes: Minimize Delay (md) (0x10), md + Minimize Monetary Cost (mmc) (0x12),...
Page 464: Enabling Advanced-Configuration Mode
39. Traffic Control description Synopsis: string (optional) A description for this configuration For basic traffic control configurations, Port, Address and Interface refer to the source of the traffic. 39.2.1.2. Advanced-configuration Mode To configure advanced-configuration mode, follow the procedure below. Figure 39.8. Enabling Advanced-configuration Mode Procedure 39.2.
Page 465: Advanced Traffic Control Classes Table
39. Traffic Control Figure 39.9. Advanced Traffic Control Classes table To display this table, navigate to qos/traffic-control/advanced-configuration/tcclasses. Figure 39.10. TC Classes form To display this form, navigate to qos/traffic-control/advanced-configuration/tcclasses/{class}. Note that each class is associated with exactly one network interface. Exactly one class for each interface must be designated as the default.
Page 466 39. Traffic Control unique integer between 1-255. Each class must have its own unique mark. min-bandwidth Synopsis: string The minimum bandwidth this class should get, when the traffic load rise... This can be either a numeric value or a calculated expression based on the bandwidth of the interface.
Page 467: Options Form
39. Traffic Control description Synopsis: string A description for this configuration item Options Figure 39.11. Options form To display this form, navigate to qos/traffic-control/advanced-configuration/tcclasses/{class}. IP Traffic matching with the ToS options take precedence over the mark rules. tos-minimize-delay Synopsis: boolean Default: false Value/mask encoding: 0x10/0x10 tos-maximize-throughput...
Page 468: Advanced Traffic Control Interfaces Table
39. Traffic Control Value/mask encoding: 0x02/0x02 tos-normal-service Synopsis: boolean Default: false Value/mask encoding: 0x00/0x1e default Synopsis: boolean Default: false One default class per interface must be defined tcp-ack Synopsis: boolean Default: false All tcp ack packets into this class... This option should be specified only once per interface.
Page 469: Tc Devices Form
39. Traffic Control Figure 39.13. TC Devices form The display this form, navigate to qos/traffic-control/advanced-configuration/tcdevices/{interface}. interface Synopsis: string An interface to which traffic shaping will apply inbandwidth Synopsis: unsigned short integer Default: Incoming bandwidth - default: 0 = ignore ingress... Defines the maximum traffic allowed for this interface in total, if the rate is exceeded, the packets are dropped in-unit...
Page 470: Tcrules Menu
39. Traffic Control Figure 39.14. TCrules menu The tcrules menu allows you to add, edit or remove a traffic classification rule. Add a new rule by selecting <Add tcrules>. Remove a tcrule by selecting next to a tcrule and click on an existing tcrule to modify it.
Page 471: Tcrules Form
39. Traffic Control Figure 39.16. TCrules form The display this form, navigate to qos/traffic-control/advanced-configuration/tcrules/{rule}. name Synopsis: string A distinct name for this rule source Synopsis: string IF name, comma-separated list of hosts or IPs, MAC addr, or 'all'... When using MACs, use '~' as prefix and '-' as separator. Ex.: ~00-1a-6b-4a-72-34,~00-1a-6b-4a-71-42 destination Synopsis: string...
Page 472 39. Traffic Control (Optional) Comma- separated list of port names, port numbers or port ranges test Synopsis: string (Optional) Defines a test on the existing packet or connection mark... Default is packet mark. For testing a connection mark, add ':C' at the end of the test value. Ex.: Test if the packet mark is not zero: Test if the connection mark is not zero: !0:C...
Page 473: Set Form
39. Traffic Control Mark-choice Figure 39.17. Set form object Synopsis: string - one of the following keywords { connection, packet } Default: packet Set the mark on either a packets or a connection mark Synopsis: string Mark that corresponds to a class mark (decimal value) mask Synopsis: string (optional) Mask to determine which mark bits will be set...
Page 474: Modify Form
39. Traffic Control Figure 39.18. Modify form logic-op Synopsis: string - one of the following keywords { or, and } Logical operation to perform on the current mark: AND/OR mark-value Synopsis: string Mark to perform the operation with (decimal value) modify-chain Synopsis: string - one of the following keywords { prerouting, postrouting, forward } Default: forward...
Page 475: Continue Form
39. Traffic Control Mask to process the mark with op-chain Synopsis: string - one of the following keywords { prerouting, forward } Default: forward Chain in which the operation will take place Figure 39.21. Continue form continue-chain Synopsis: string - one of the following keywords { prerouting, forward } Default: forward Chain in which the operation will take place Hints on optimizing the TC Rule table...
Page 476: Vrrp
40. VRRP 40. VRRP 40.1. VRRP Fundamentals The Virtual Router Redundancy Protocol (VRRP) eliminates a single point of failure associated with statically routed networks by providing automatic failover using alternate routers. The RuggedBackbone™ VRRP daemon (keepalived) is an RFC 2338 version 2 compliant implementation of VRRP.
Page 477: Vrrp Example
40. VRRP In a similar fashion host 2 can use the VRID 11 gateway address of 1.1.1.252 which will normally be supplied by router 2. Figure 40.1. VRRP Example In this example traffic from host1 will be sent through router 1 and traffic from host2 through router 2. A failure of either router (or its wan link) will be recovered by the other router.
Page 478: Vrrp Configuration
40. VRRP Figure 40.2. VRRP Group Example Other VRRP parameters are the Advertisement Interval and Gratuitous ARP Delay. The advertisement interval is the time between which advertisements are sent. A backup router will assume mastership four advertisement intervals after the master fails, so the minimum fail-over time is four seconds.
Page 479: Virtual Router Redundancy Protocol (Vrrp) Form
40. VRRP Figure 40.4. Virtual Router Redundancy Protocol (VRRP) Form The Virtual Router Redundancy Protocol (VRRP) form appears on the same screen as the VRRP menu. In the Virtual Router Redundancy Protocol (VRRP) form, enable or disable the VRRP service. Enable VRRP Service Enables VRRP Service.
Page 480: Vrrp Instance Form
40. VRRP Figure 40.7. VRRP Instance Form The VRRP Instance Form is used when configuring a VRRP instance. To display this form, navigate to services/vrrp/instance/VRID20. Instance Name Synopsis: string The VRRP instance name. Interface Synopsis: A string The interface that VRRP packets are sent on. Virtual Router ID Synopsis: unsigned byte The Virtual Router ID.
Page 481: Vrrp Status
40. VRRP nopreempt Allows lower priority machine to maintain master role, even when a higher priority machine comes back online. preempt-delay Synopsis: unsigned integer Default: Seconds after startup until preemption. use-virtual-mac Use virtual MAC. Figure 40.8. Monitor Interface Form To display this form, navigate to services/vrrp/instance/VRID20/monitor. An Extra Interface to Monitor causes VRRP to release control of the VRIP if the specified interface stops running.
Page 482: Vrrp Status Form
40. VRRP Figure 40.11. VRRP Status Form To display this form, navigate to services/vrrp/status/{number}. Instance Name Synopsis: string The VRRP instance name. State Synopsis: string The VRRP instance state. Time Of Change To Current State Synopsis: string The time of change to the current state. Interface State Synopsis: string The VRRP interface state.
Page 483: Link Failover
41. Link Failover 41. Link Failover Link failover provides an easily configured means of raising a backup link upon the failure of a designated main link. The main and backup links can be Ethernet, Cellular Modem, T1/E1, or DDS. Link failover can back up to multiple remote locations, managing multiple main-to-backup link relationships.
Page 484: Configuring The Link Failover Settings
41. Link Failover Figure 41.2. Link Fail Over Information Table To configure link failover, do the following: • set the link failover settings. See Section 41.3.1, “Configuring the Link Failover Settings”. • add a link failover backup interface. See Section 41.3.2, “Setting a Link Failover Backup Interface”.
Page 485: Setting A Link Failover Backup Interface
41. Link Failover ping-timeout Synopsis: integer Default: 2 The time interval, in seconds, before immediately retrying a ping. ping-interval Synopsis: integer Default: 60 The time interval, in seconds, between ping tests. ping-retry Synopsis: integer Default: 3 The number of ping retries before construing a path failure. start-delay Synopsis: integer Default: 180...
Page 486: Setting A Link Failover Ping Target
41. Link Failover Figure 41.4. Backup Settings form priority Synopsis: string - one of the following keywords { first, second, third } Default: first The priority which is applied to the backup interface when switching transfer-default-route Transfer default gateway on switching main and backup interface. The default route on the main interface must have a 'distance' greater than one.
Page 487: Link Backup On Demand
41. Link Failover 41.3.4. Link Backup On Demand Use the On-demand option to keep interfaces down until they are needed by link failover: • When the On-demand option is enabled on an interface, the interface is down by default. The interface is brought up when needed by the link failover function, and is brought down again when no longer needed.
Page 488: Viewing The Link Failover Log
41. Link Failover backup-link-status Synopsis: string The backup link status. main-ping-test Synopsis: string Results of the pinging target using the main interface. time-of-last-state-change Synopsis: string The time of the last state change. link-backup-state Synopsis: string The backup link state. backup-interface-in-use Synopsis: string The name of the backup interface that is being used.
Page 489: Link Fail Over Test Settings Form
41. Link Failover Figure 41.7. Link Fail Over Test Settings form Test-duration The amount of time (in minutes) to run the test before restoring service to the main trunk. Start-test-delay The amount of waiting time (in minutes) before running the test. ROX™...
Page 490: Appendices
Part IV. Appendices Part IV. Appendices Upgrading Software Appendix A, Upgrading Software RADIUS Server Configuration Appendix B, RADIUS Server Configuration Setting Up An Upgrade Server Appendix C, Setting Up An Upgrade Server Adding and Replacing Modules Appendix D, Adding and Replacing Line Modules GNU General Public License Appendix E, GNU General Public License...
Page 491: Upgrading Software
Appendix A. Upgrading Software Appendix A. Upgrading Software To launch a ROX™ operating system software upgrade, follow the procedure outlined below. A.1. Preparing The Software Upgrade The first step in a ROX™ software upgrade is to configure the location of the software upgrade repository and the version of software to which to upgrade.
Page 492: Launching The Upgrade
Appendix A. Upgrading Software Figure A.2. Entry Fields in Upgrade Settings Form After completing the information in the Upgrade Settings form, click the Commit button ( ) at the top of the screen. A dialog box will appear, prompting you to commit your changes. Click the OK button. Figure A.3.
Page 493: Monitoring The Software Upgrade
Appendix A. Upgrading Software Figure A.5. Launch Upgrade The Success! and Upgrade Options messages shown below indicate that the upgrade has been launched. Figure A.6. Upgrade Launched Dialogs Click the Exit Transaction ( ) button at the top of the screen to return to the View mode. A.3.
Page 494: Upgrade Monitoring Form In Reboot-Pending Stage
Appendix A. Upgrading Software Click on the Software-Upgrade menu to view the Upgrade Monitoring form. The Upgrade Monitoring form shows the real-time progress of the Upgrade procedure. The software upgrade progresses through four phases: • Estimating upgrade size • Copying filesystem •...
Page 495: Upgrade Monitoring Form Showing Successful Upgrade
Appendix A. Upgrading Software Figure A.9. Upgrade Monitoring Form Showing Successful Upgrade software-partition synopsis: a string of at most 31 characters The current active partition number. The unit has two software partitions: #1 and #2. Upgrades are always performed to the other partition. current-version synopsis: a string of at most 31 characters The current operating software version.
Page 496 Appendix A. Upgrading Software The date and time of completion of the last upgrade attempt. last-upgrade-result synopsis: string - one of { Interrupted, Declined, Not Applicable, Reboot Pending, Unknown, Upgrade Failed, Upgrade Successful } Indicates whether or not the last upgrade completed successfully ROX™...
Page 497: Radius Server Configuration
You must all the following information to the vendor-specific extensions of the chosen RADIUS server: • RuggedCom uses Vendor number 15004. • "RuggedCom-Privilege-level" is attribute 2, of type "string". • "RuggedCom-Privilege-level" must take one of the following three values: • "admin" • "operator"...
Page 498: Setting Up An Upgrade Server
Ensure that the web server publishes these directories. C.3. Upgrading The Repository Releases are obtained from the RuggedCom web site as ZIP files. Download the ZIP file to your regular and/or test release directories and unzip them. You may delete the original ZIP file if desired.
Page 499: Setting Up The Routers
Appendix C. Setting Up An Upgrade Server The ZIP file name will be in the form rrX.Y.Z.zip. The major release number ‘X’ is changed when major new functionality (often hardware related) is offered. The minor release number ‘Y’ is increased when new features are added or serious bugs fixed, and the patch release number ‘Z’...
Page 500: Adding And Replacing Line Modules
Appendix D. Adding and Replacing Line Modules Appendix D. Adding and Replacing Line Modules Procedures for Adding and Replacing Line Modules ROX™ version 2.2 does not support full hot-swap capability of line modules. Please adhere to the following procedures when adding or replacing line modules. D.1.
Page 501: Swapping A Module With A Different Type Of Module
Appendix D. Adding and Replacing Line Modules 5. After the commit, the module will power on, but its LED will be red indicating it is not yet passing traffic as it is not fully integrated into the system. 6. Reboot the unit. 7.
Page 502: Gnu General Public License
Appendix E. GNU General Public License Appendix E. GNU General Public License Version 2, June 1991 Copyright © 1989, 1991 Free Software Foundation, Inc. Free Software Foundation, Inc. 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed.
Page 503: Terms And Conditions For Copying, Distribution And Modification
Appendix E. GNU General Public License E.2. TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION E.2.1. Section 0 This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The “Program”, below, refers to any such program or work, and a “work based on the Program”...
Page 504: Section 3
Appendix E. GNU General Public License Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Program.
Page 505: Section 7
Appendix E. GNU General Public License terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License. E.2.8. Section 7 If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of...
Page 506: E.2.12. No Warranty Section 11
Appendix E. GNU General Public License E.2.12. NO WARRANTY Section 11 BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM “AS IS”...
Page 507 Appendix E. GNU General Public License You should also get your employer (if you work as a programmer) or your school, if any, to sign a “copyright disclaimer” for the program, if necessary. Here is a sample; alter the names: Yoyodyne, Inc., hereby disclaims all copyright interest in the program “Gnomovision”...

RuggedCom RuggedBackbone RX1500 User Manual

1 The ROX™ Web Interface

2 System Administration

3 Time Synchronization

4 Basic Network Configuration

5 IP Network Interfaces

6 Alarms

7 Domain Name Search

8 Logging

9 Snmp

10 Authentication

11 Netconf

12 Chassis Management

13 PPP Users

14 DHCP Relay

15 DHCP Server

16 Ethernet Ports

17 Ethernet Statistics

Quick Links

Troubleshooting

Related Manuals for RuggedCom RuggedBackbone RX1500

Summary of Contents for RuggedCom RuggedBackbone RX1500