Page 1 Copyright 2015 © Alcatel-Lucent. All rights reserved.All specifications, procedures, and information in this document are subject to change and revision at any time without notice. The information contained herein is believed to be accurate as of the date of publication. AlcatelLucent...
Page 2 This document may contain information regarding the use and installation of non-Alcatel-Lucent products. Please note that this information is provided as a courtesy to assist you. While Alcatel-Lucent tries to ensure that this information accurately reflects information provided by the supplier, please refer to the materials provided with any non-Alcatel-Lucent product and contact the supplier for confirmation.
Page 3 Getting Started Alcatel-Lucent 7210 SAS-Series Router Configuration Process ....... .15 IP Router Configuration Configuring IP Router Parameters .
Page 4 Table of Contents IP Router Command Reference ............57 VRRP VRRP Overview .
Page 5 Table of Contents Creating Interface Parameters ............175 Configuring VRRP Policy Components .
Page 6 Table of Contents Apply IP and MAC Filter Policies ..........276 Apply an IPv6 Filter Policy to VPLS .
Page 7 IST OF ABLES Getting Started Table 1: Configuration Process ............15 IP Router Configuration Table 2: IPv6 Header Field Descriptions.
Page 8 List of Tables Page 8 7210 SAS M, T, X, R6, R12, Mxp OS Router Configuration Guide...
Page 9 IST OF IGURES IP Router Configuration Figure 1: IPv6 Header Format ............25 Figure 2: IPv6 Internet Exchange .
Page 10 List of Figures Page 10 7210 SAS M, T, X, R6, R12, Mxp OS Router...
Page 11: Preface
Preface About This Guide This guide describes logical IP routing interfaces, IP and MAC-based filtering support provided by the 7210 SAS M, T, X, R6, R12, Mxp OS and presents configuration and implementation examples. On 7210 SAS devices, not all the CLI commands are supported on all the platforms and in all the modes.
Page 12 Preface This document is organized into functional chapters and provides concepts and descriptions of the implementation flow, as well as Command Line Interface (CLI) syntax and command usage. Audience This manual is intended for network administrators who are responsible for configuring the 7210 SAS-Series routers.
Page 13: List Of Technical Publications
Preface List of Technical Publications The 7210 SAS M, T, X, R6, R12, and Mxp OS documentation set is composed of the following books: • 7210 SAS M, T, X, R6, R12, and Mxp OS Basic System Configuration Guide This guide describes basic system configurations and operations. •...
Page 14: Technical Support
If you purchased a service agreement for your 7210 SAS router and related products from a distributor or authorized reseller, contact the technical support staff for that distributor or reseller for assistance. If you purchased an Alcatel-Lucent service agreement, contact your welcome center Web: http://www.alcatel-lucent.com/wps/portal/support...
Page 15: Alcatel-Lucent 7210 Sas-Series Router Configuration Process
In This Chapter This chapter provides process flow information to configure routing entities, virtual routers, IP and MAC filters. Alcatel-Lucent 7210 SAS-Series Router Configuration Pro- cess Table 1 lists the tasks necessary to configure logical IP routing interfaces, virtual routers, IP and MAC-based filtering.
Page 16 Getting Started Page 16 7210 SAS M, T, X, R6, R12, Mxp OS Router Configuration Guide...
Page 17: Ip Router Configuration
IP Router Configuration In This Chapter This chapter provides information about commands required to configure basic router parameters. Topics in this chapter include: • Configuring IP Router Parameters on page 18 → Interfaces on page 18 → Autonomous Systems (AS) on page 22 •...
Page 18: Configuring Ip Router Parameters
Configuring IP Router Parameters Configuring IP Router Parameters In order to provision services on a 7210 SAS router, logical IP routing interfaces must be configured to associate attributes such as an IP address or the system with the IP interface. A special type of IP interface is the system interface.
Page 19 IP Router Configuration 7210 SAS M, T, X, R6, R12, Mxp OS Router Configuration Guide Page 19...
Page 20: System Interface
Configuring IP Router Parameters System Interface The system interface is associated with the network entity (such as a specific router or switch), not a specific interface. The system interface is also referred to as the loopback address. The system interface is associated during the configuration of the following entities: •...
Page 21: Router Id
IP Router Configuration Router ID The router ID, a 32-bit number, uniquely identifies the router within an autonomous system (AS). In protocols such as OSPF, routing information is exchanged between areas, groups of networks that share routing information. It can be set to be the same as the loopback address. The router ID is used by both OSPF and BGP routing protocols in the routing table manager instance.
Page 22: Autonomous Systems (As)
Configuring IP Router Parameters Autonomous Systems (AS) Note: BGP protocol (only selected families) is supported only on 7210 SAS devices operating in Network Mode. It is not supported on 7210 SAS devices operating in access-uplink mode. Networks can be grouped into areas. An area is a collection of network segments within an AS that have been administratively assigned to the same group.
Page 23: Proxy Arp
Static ARP is used when an Alcatel-Lucent router needs to know about a device on an interface that cannot or does not respond to ARP requests. Thus, the configuration can state that if it has a packet with a certain IP address to send it to the corresponding ARP address.
Page 24: Internet Protocol Versions
Configuring IP Router Parameters Internet Protocol Versions NOTE: IPv6 is not supported on 7210 SAS-T in network mode. The TiMOS implements IP routing functionality, providing support for IP version 4 (IPv4) and IP version 6 (IPv6). IP version 6 (RFC 1883, Internet Protocol, Version 6 (IPv6)) is a newer version of the Internet Protocol designed as a successor to IP version 4 (IPv4) (RFC-791, Internet Protocol).
Page 25 IP Router Configuration Figure 1: IPv6 Header Format Table 2: IPv6 Header Field Descriptions Field Description Version 4-bit Internet Protocol version number = 6. Prio. 4-bit priority value. Flow Label 24-bit flow label. Payload Length 6-bit unsigned integer. The length of payload, for example, the rest of the packet following the IPv6 header, in octets.
Page 26: Ipv6 Applications
Configuring IP Router Parameters IPv6 Applications The IPv6 applications for 7210 SAS-M, 7210 SAS-R6, 7210 SAS-R12, and 7210 SAS-X are: • IPv6 inband management of the node using network port IPv6 IP interface • IPv6 transit traffic (using network port IPv6 IP interfaces) Examples of the IPv6 applications supported by the TiMOS include: •...
Page 27 IPv6 in an environment where not only IPv4 exists but native IPv6 networks depend on IPv4 for greater IPv6 connectivity. Alcatel-Lucent router supports dynamic IPv6 over IPv4 tunneling. The ipv4 source and destination address are taken from configuration, the source address is the ipv4 system address and the ipv4 destination is the next hop from the configured 6over4 tunnel.
Page 28 Configuring IP Router Parameters The DNS client is extended to use IPv6 as transport and to handle the IPv6 address in the DNS AAAA resource record from an IPv4 or IPv6 DNS server. An assigned name can be used instead of an IPv6 address since IPv6 addresses are more difficult to remember than IPv4 addresses.
Page 29: Ipv6 Provider Edge Router Over Mpls (6Pe)
IP Router Configuration IPv6 Provider Edge Router over MPLS (6PE) 6PE allows IPv6 domains to communicate with each other over an IPv4 MPLS core network. This architecture requires no backbone infrastructure upgrades and no re-configuration of core routers, because forwarding is purely based on MPLS labels. 6PE is a cost effective solution for IPv6 deployment.
Page 30 Configuring IP Router Parameters 6PE Control Plane Support The 6PE MP-BGP routers support: • IPv4/IPv6 dual-stack • MP-BGP can be used between 6PE routers to exchange IPv6 reachability information. → The 6PE routers exchange IPv6 prefixes over MP-BGP sessions running over IPv4 transport.
Page 31: Bi-Directional Forwarding Detection
IP Router Configuration Bi-directional Forwarding Detection Note: BFD is not supported on when the node is operated in access-uplink mode. Bi-directional Forwarding Detection (BFD) is a light-weight, low-overhead, short-duration mechanism to detect failures in the path between two systems. If a system stops receiving BFD messages for a long enough period (based on configuration) it is assumed that a failure along the path has occurred and the associated protocol or service is notified of the failure.
Page 32: Control Packet Format
Configuring IP Router Parameters • If authentication is enabled, the IP TTL should be 255. In case the IP TTL is not 255 the BFD packets are still processed, if packet passes the enabled authentication mechanism. • If multiple BFD sessions exist between two nodes, the BFD discriminator is used to de- multiplex the BFD control packet to the appropriate BFD session.
Page 33: Echo Support
IP Router Configuration Table 3: BFD Control Packet Field Descriptions (Continued) Field Description H Bit The “I Hear You” bit. This bit is set to 0 if the transmitting system either is not receiving BFD packets from the remote system, or is in the process of tearing down the BFD session for some reason.
Page 34: Bfd Support On 7210 Sas Platforms
Configuring IP Router Parameters The echo function is useful when the local router does not have sufficient CPU power to handle a periodic polling rate at a high frequency. As a result, it relies on the echo sender to send a high rate of BFD echo messages through the receiver node, which is only processed by the receiver’s forwarding path.
Page 35 IP Router Configuration loopback IP address, CPM CPU based sessions are supported with a minimum timer support of 100ms. • On 7210 SAS-M and 7210 SAS-X, BFD sessions and processing is implemented using the resources of the CPU with a minimum timer support of 100ms. 7210 SAS M, T, X, R6, R12, Mxp OS Router Configuration Guide Page 35...
Page 36: Process Overview
Process Overview Process Overview The following items are components to configure basic router parameters. • Interface — A logical IP routing interface. Once created, attributes like an IP address, port, link aggregation group or the system can be associated with the IP interface. •...
Page 37: Configuration Notes
IP Router Configuration Configuration Notes The following information describes router configuration guidelines. • A system interface and associated IP address should be specified. • Boot options file (BOF) parameters must be configured prior to configuring router parameters. • IPv6 addressing and routing is supported only for network port IP interfaces. IPv6 based services (that is, IES and VPRN IPv6 services) are not supported in 7210.
Page 38 Configuration Notes Page 38 7210 SAS M, T, X, R6, R12, Mxp OS Router Configuration Guide...
Page 39: Configuring An Ip Router With Cli
IP Router Configuration Configuring an IP Router with CLI This section provides information to configure an IP router. Topics in this section include: • Router Configuration Overview on page 40 • Basic Configuration on page 41 • Common Configuration Tasks on page 42 →...
Page 40: Router Configuration Overview
“1.1.1.1” is not allowed, but “int-1.1.1.1” is allowed. To create an interface on an Alcatel-Lucent 7210 SAS router, the basic configuration tasks that must be performed are: •...
Page 41: Basic Configuration
IP Router Configuration Basic Configuration Note: Refer to each specific chapter for specific routing protocol information and command syntax to configure protocols such as OSPF and BGP. The most basic router configuration must have the following: • System name • System address The following example displays a router configuration: A:ALA-A>...
Page 42: Common Configuration Tasks
Common Configuration Tasks Common Configuration Tasks The following sections describe basic system tasks. • Configuring a System Name on page 42 • Configuring Interfaces on page 43 → Configuring a System Interface on page 43 → Configuring a Network Interface on page 43 Configuring a System Name Use the command to configure a name for the device.
Page 43: Configuring Interfaces
IP Router Configuration Configuring Interfaces The following command sequences create a system and a logical IP interface. The system interface assigns an IP address to the interface, and then associates the IP interface with a physical port. The logical interface can associate attributes like an IP address or port. Note that the system interface cannot be deleted.
Page 44 Common Configuration Tasks The following displays an IP configuration output showing interface information. A:ALA-A>config>router# info #------------------------------------------ # IP Configuration #------------------------------------------ interface "system" address 10.10.0.4/32 exit interface "to-ALA-2" address 10.10.24.4/24 port 1/1/1 egress filter ip 10 exit exit #------------------------------------------ A:ALA-A>config>router# Page 44 7210 SAS M, T, X, R6, R12, Mxp OS Router Configuration Guide...
Page 45: Configuring Ipv6 Parameters
IP Router Configuration Configuring IPv6 Parameters IPv6 interfaces and associated routing protocols may be configured: *A:7210SAS>config>system>res-prof# info ---------------------------------------------- ..max-ipv6-routes1000 ..------------------------------------------------ The following displays the interface configuration showing the IPv6 default configuration when IPv6 is enabled on the interface. A:ALA-49>config>router>if>ipv6# info detail ---------------------------------------------- port 1/1/10...
Page 46 Common Configuration Tasks ---------------------------------------------- A:ALA-49>config>router>if# Page 46 7210 SAS M, T, X, R6, R12, Mxp OS Router Configuration Guide...
Page 47: Router Advertisement
IP Router Configuration Router Advertisement To configure the router to originate router advertisement messages on an interface, the interface must be configured under the router-advertisement context and be enabled (no shutdown). All other router advertisement configuration parameters are optional. Use the following CLI syntax to enable router advertisement and configure router advertisement parameters: CLI Syntax: config>router# router-advertisement interface ip-int-name...
Page 48: Configuring Proxy Arp
Common Configuration Tasks Configuring Proxy ARP To configure proxy ARP, you can configure: • A prefix list in the config>router>policy-options>prefix-list context. • A route policy statement in the config>router>policy-options>policy-statement context and apply the specified prefix list. → In the policy statement entry>to context, specify the host source address(es) for which ARP requests can or cannot be forwarded to non-local networks, depending on the specified action.
Page 49 IP Router Configuration entry 10 from prefix-list "prefixlist1" exit prefix-list "prefixlist2" exit action reject exit default-action accept exit exit ---------------------------------------------- A:ALA-49>config>router>policy-options# Use the following CLI to configure proxy ARP: CLI Syntax: config>router>interface interface-name local-proxy-arp proxy-arp-policy policy-name [policy-name...(upto 5 max)] remote-proxy-arp The following displays a proxy ARP configuration example: A:ALA-49>config>router>if# info ----------------------------------------------...
Page 50: Ecmp Considerations
Common Configuration Tasks ECMP Considerations NOTE: 7210 SAS devices operating in Network Mode supports only ECMP for IPv4 routes and not LDP or LDP over RSVP. The 7210 SAS devices operated in access-uplink platforms do not support ECMP. When ECMP is enabled and multiple equal-cost next-hops exit for the IGP route, the ingress IOM will spray the packets for this route based on hashing routine currently supported for IPv4 packets.
Page 51: Deriving The Router Id
IP Router Configuration Deriving the Router ID The router ID defaults to the address specified in the system interface command. If the system interface is not configured with an IP address, then the router ID inherits the last four bytes of the MAC address.
Page 52: Configuring An Autonomous System
Common Configuration Tasks Configuring an Autonomous System Configuring an autonomous system is optional. Use the following CLI syntax to configure an autonomous system: CLI Syntax: config>router autonomous-system as-number The following displays an autonomous system configuration example: A;ALA-A>config>router# info #------------------------------------------ # IP Configuration #------------------------------------------ interface "system"...
Page 53: Service Management Tasks
IP Router Configuration Service Management Tasks This section discusses the following service management tasks: • Changing the System Name on page 53 • Modifying Interface Parameters on page 54 • Deleting a Logical IP Interface on page 55 Changing the System Name em command sets the name of the device and is used in the prompt string.
Page 54: Modifying Interface Parameters
Service Management Tasks Modifying Interface Parameters Starting at the level, navigate down to the router interface context. config>router To modify an IP address, perform the following steps: Example A:ALA-A>config>router# interface “to-sr1” A:ALA-A>config>router>if# shutdown A:ALA-A>config>router>if# no address A:ALA-A>config>router>if# address 10.0.0.25/24 A:ALA-A>config>router>if# no shutdown To modify a port, perform the following steps: Example A:ALA-A>config>router# interface “to-sr1”...
Page 55: Deleting A Logical Ip Interface
IP Router Configuration Deleting a Logical IP Interface The no form of the command typically removes the entry, but all entity associations interface must be shut down and/or deleted before an interface can be deleted. 1. Before loopback IP interface can be deleted, it must first be administratively disabled with command.
Page 56 Service Management Tasks Page 56 7210 SAS M, T, X, R6, R12, Mxp OS Router Configuration Guide...
Page 57: Ip Router Command Reference
IP Router Configuration IP Router Command Reference Command Hierarchies Configuration Commands • Router Commands on page 58 • Router Interface Commands on page 60 • Router Interface IPv6 Commands on page 62 • Router Advertisement Commands on page 63 • Show Commands on page 64 •...
Page 58: Router Commands
IP Router Command Reference Router Commands config — router [router-name] — aggregate ip-prefix/ip-prefix-length [summary-only] — no aggregate ip-prefix/ip-prefix-length — autonomous-system autonomous-system — no autonomous-system — ecmp max-ecmp-routes — no ecmp — router-id ip-address — no router-id — [no] static-route {ip-prefix/prefix-length|ip-prefix netmask} [preference prefer- ence] [metric metric] [tag tag] [enable|disable] next-hop gateway [bfd-enable] [{cpe-check cpe-ip-address [interval seconds] [drop-count count] [log]}] —...
Page 59 IP Router Configuration — commit 7210 SAS M, T, X, R6, R12, Mxp OS Router Configuration Guide Page 59...
Page 60 IP Router Command Reference Router Interface Commands config — router [router-name] — [no] interface ip-int-name [unnumbered-mpls-tp] — accounting-policy policy-id — no accounting-policy — address {ip-address/mask | ip-address netmask} [broadcast {all-ones | host- ones}] — no address — arp-timeout seconds — no arp-timeout —...
Page 61 IP Router Configuration — unnumbered [ip-int-name|ip-address] 7210 SAS M, T, X, R6, R12, Mxp OS Router Configuration Guide Page 61...
Page 62 IP Router Command Reference Router Interface IPv6 Commands NOTE: IPv6 support is not available on 7210 SAS-T network mode devices. config — router [router-name] — [no] interface ip-int-name — [no] ipv6 [preferred] — address ipv6-address/prefix-length [eui-64] — no address ipv6-address/prefix-length —...
Page 63 IP Router Configuration Router Advertisement Commands NOTE: IPv6 support is not available on 7210 SAS-T network mode devices. config — router — [no]router-advertisement — [no] interface ip-int-name — current-hop-limit number — no current-hop-limit — [no] managed-configuration — max-advertisement-interval seconds — no max-advertisement-interval —...
Page 64 IP Router Command Reference Show Commands show — router router-instance — aggregate [family] [active] — [ ip-int-name | ip-address/mask | mac ieee-mac-address | summary] [local | dynamic | static] — | managed] — — bfd-template template-name — interface [interface-name] [family] detail —...
Page 65 IP Router Configuration Clear Commands clear — router [router-instance] — {all | ip-addr | interface {ip-int-name | ip-addr}}bfd — session src-ip ip-address dst-ip ip-address — statistics src-ip ip-address dst-ip ip-address — statistics — dhcp — statistics [interface ip-int-name|ip-address] — icmp6 —...
Page 66 IP Router Command Reference Page 66 7210 SAS M, T, X, R6, R12, Mxp OS Router Configuration Guide...
Page 67 IP Router Configuration Configuration Commands Generic Commands shutdown Syntax [no] shutdown Context config>router>interface config>router>router-advertisement Description The shutdown command administratively disables the entity. When disabled, an entity does not change, reset, or remove any configuration settings or statistics. Many entities must be explicitly enabled using the no shutdown command.
Page 68 Configuration Commands Router Global Commands router Syntax router Context config Description This command enables the context to configure router parameters, and interfaces. aggregate Syntax aggregate ip-prefix/ip-prefix-length [summary-only] no aggregate ip-prefix/ip-prefix-length Context config>router Description This command creates an aggregate route. Use this command to group a number of routes with common prefixes into a single entry in the routing table.
Page 69 IP Router Configuration The mask associated with the network address expressed as a mask length. Values 0 — 32 summary-only — This optional parameter suppresses advertisement of more specific component routes for the aggregate. To remove the summary-only option, enter the same aggregate command without the summary-only parameter.
Page 70 Configuration Commands The no form of the command disables ECMP path sharing. If ECMP is disabled and multiple routes are available at the best preference and equal cost, then the route with the lowest next-hop IP address is used. For more information, see the “7210 SAS M,T,X,R6, R12,Mxp Basic System Configuration User Guide”.
Page 71 IP Router Configuration By default, when a change is made to a policy in the config router policy options context and then committed, the change is effective immediately. There may be circumstances when the changes should or must be delayed; for example, if a policy change is implemented that would affect every BGP peer on a 7210 SAS M, X router, the consequences could be dramatic.
Page 72 Configuration Commands Parameters ip-prefix/prefix-length — The destination address of the static route. Values ipv4-prefix a.b.c.d (host bits must be 0) ipv4-prefix-length 0 — 32 Values ipv6-prefix x:x:x:x:x:x:x:x (eight 16-bit pieces) x:x:x:x:x:x:d.d.d.d [0 — FFFF]H [0 — 255]D ipv6-prefix-length 0 — 128 ip-address —...
Page 73: Table 4: Default Route Preferences
IP Router Configuration black-hole — Specifies the route is a black hole route. If the destination address on a packet matches this static route, it will be silently discarded. The black-hole keyword and the next-hop keyword are mutually exclusive. If an identical command is entered (with the exception of either the next-hop parameter), then this static route will be replaced with the newly entered command, and unless specified, the respective defaults for preference and metric will be applied.
Page 74 Configuration Commands disable — Static routes can be administratively enabled or disabled. Use the disable parameter to disable a static route while maintaining the static route in the configuration. In order to enable a static route, it must be uniquely identified by the IP address, mask, and any other parameter that is required to identify the exact static route.
Page 75 IP Router Configuration Router BFD Commands abort Syntax abort Context config>router>bfd Description Platforms Supported: 7210 SAS-R6, 7210 SAS-R12 and 7210 SAS-T network mode devices. This command discards the changes that are made to the BFD template configuration. begin Syntax begin Context config>router>bfd Description...
Page 76 Configuration Commands Context config>router>bfd>bfd-template Description Platforms Supported: 7210 SAS-R6, 7210 SAS-R12 and 7210 SAS-T network mode devices. This command specifies the transmit timer used for BFD packets. If the template is used for a BFD session on an MPLS-TP LSP, then this timer is used for CC packets. Default no transmit-interval Parameters...
Page 77 IP Router Configuration Default multiplier Syntax multiplier [3...20] no multiplier Context config>router>bfd>bfd-template Description Platforms Supported: 7210 SAS-R6, 7210 SAS-R12 and 7210 SAS-T network mode devices. This command specifies the detect multiplier used for a BFD session. If a BFD control packet is not received for a period of multiplier x receive-interval, then the session is declared down.
Page 78 Configuration Commands Router Interface Commands interface Syntax [no] interface ip-int-name [unnumbered-mpls-tp] Context config>router Description This command creates a logicalsystem or a loopback IP routing or unnumbered MPLS-TP interface. Once created, attributes like IP address, port, or system can be associated with the IP interface. Interface names are case-sensitive and must be unique within the group of IP interfaces defined for config router interface.
Page 79 IP Router Configuration form of an IP address. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed within double quotes. Values 1 — 32 alphanumeric characters. If the ip-int-name already exists, the context is changed to maintain that IP interface. If ip-int- name already exists within another service ID or is an IP interface defined within the config router commands, an error will occur and the context will not be changed to that IP interface.
Page 80 Configuration Commands The IP address for the interface can be entered in either CIDR (Classless Inter-Domain Routing) or traditional dotted decimal notation. Show commands display CIDR notation and are stored in configuration files. By default, no IP address or subnet association exists on an IP interface until it is explicitly created. The no form of the command removes the IP address assignment from the IP interface.
Page 81 IP Router Configuration The all-ones keyword following the broadcast parameter specifies that the broadcast address used by the IP interface for this IP address will be 255.255.255.255, also known as the local broadcast. The host-ones keyword following the broadcast parameter specifies that the broadcast address used by the IP interface for this IP address will be the subnet broadcast address.
Page 82 Configuration Commands Context config>router>interface Description This command specifies the bi-directional forwarding detection (BFD) parameters for the associated IP interface. If no parameters are defined the default values are used. The multiplier specifies the number of consecutive BFD messages that must be missed from the peer before the BFD session state is changed to down and the upper level protocols (OSPF, IS-IS) is notified of the fault.
Page 83 IP Router Configuration Description This command creates a delay to make the interface operational by the specified number of seconds The value is used whenever the system attempts to bring the interface operationally up. Parameters seconds — Specifies a delay, in seconds, to make the interface operational. Values 1 —...
Page 84 Configuration Commands Note that the LDP Sync Timer State is not always synched across to the standby CPM, so after an activity switch the timer state might not be same as it was on the previous active CPM. The no form of this command disables IGP/LDP synchronization and deletes the configuration Default no ldp-sync-timer Parameters...
Page 85 IP Router Configuration ntp-broadcast Syntax [no] ntp-broadcast Context config>router>interface Description This command enables SNTP broadcasts received on the IP interface. This parameter is only valid when the SNTP broadcast-client global parameter is configured. The no form of the command disables SNTP broadcast received on the IP interface. Default no ntp-broadcast port...
Page 86 Configuration Commands Syntax qos network-policy-id [queue-redirect-group queue-group-name] no qos Context config>router>interface Description This command associates a network Quality of Service (QoS) policy with an IP interface. Only one network QoS policy can be associated with an IP interface at one time. Attempts to associate a second QoS policy return an error.
Page 87 IP Router Configuration Use proxy ARP so the 7210 SAS responds to ARP requests on behalf of another device. Static ARP is used when a 7210 SAS needs to know about a device on an interface that cannot or does not respond to ARP requests.
Page 88 Configuration Commands ieee-mac-addr — Specifies the 48-bit MAC address for the static ARP in the form aa:bb:cc:dd:ee:ff or aa-bb-cc-dd-ee-ff, where aa, bb, cc, dd, ee and ff are hexadecimal numbers. Allowed values are any non-broadcast, non-multicast MAC and non-IEEE reserved MAC addresses. unnumbered —...
Page 89 IP Router Configuration unnumbered Syntax unnumbered [ip-address | ip-int-name] no unnumbered Context config>router>interface Description This command sets an IP interface as an unnumbered interface and specifies the IP address to be used for the interface. To conserve IP addresses, unnumbered interfaces can be configured. The address used when generating packets on this interface is the ip-addr parameter configured.
Page 90 Configuration Commands Router Interface Filter Commands egress Syntax egress Context config>router>interface Description This command enables access to the context to configure egress network filter policies for the IP interface. If an egress filter is not defined, no filtering is performed. ingress Syntax ingress...
Page 91 IP Router Configuration Parameters ip ip-filter-id — The filter name acts as the ID for the IP filter policy expressed as a decimal integer. The filter policy must already exist within the config>filter>ip context. Values 1 — 65535 ipv6 ipv6-filter-id — The filter name acts as the ID for the IPv6 filter policy expressed as a decimal integer.
Page 92 Configuration Commands Router Interface ICMP Commands icmp Syntax icmp Context config>router>interface Description This command enables access to the context to configure Internet Control Message Protocol (ICMP) parameters on a network IP interface. ICMP is a message control and error reporting protocol that also provides information relevant to IP packet processing.
Page 93 IP Router Configuration Default redirects 100 10 — Maximum of 100 redirect messages in 10 seconds. Parameters number — The maximum number of ICMP redirect messages to send, expressed as a decimal integer. This parameter must be specified with the time parameter. Values 10 —...
Page 94 Configuration Commands By default, generation of ICMP destination unreachables messages is enabled at a maximum rate of 100 per 10 second time interval. The no form of the command disables the generation of ICMP destination unreachables on the router interface. Default unreachables 100 10 —...
Page 95 IP Router Configuration Router Interface IPv6 Commands ipv6 Syntax [no] ipv6 Context config>router>interface Description This command configures IPv6 for a router interface. The no form of the command disables IPv6 on the interface. Default not enabled address Syntax address {ipv6-address/prefix-length} [eui-64] no address {ipv6-address/prefix-length} Context config>router>if>ipv6...
Page 96 Configuration Commands packet-too-big Syntax packet-too-big [number seconds] no packet-too-big Context config>router>if>ipv6>icmp6 Description This command configures the rate for ICMPv6 packet-too-big messages. Parameters number — Limits the number of packet-too-big messages issued per the time frame specifed in the seconds parameter. Values 10 —...
Page 97 IP Router Configuration Parameters number — Limits the number of redirects issued per the time frame specifed in seconds parameter. Values 10 — 1000 seconds — Determines the time frame, in seconds, that is used to limit the number of redirects issued per time frame.
Page 98 Configuration Commands link-local-address Syntax link-local-address ipv6-address [preferred] no link-local-address Context config>router>if>ipv6 Description This command configures the link local address. local-proxy-nd Syntax [no] local-proxy-nd Context config>router>if>ipv6 Description This command enables local proxy neighbor discovery on the interface. The no form of the command disables local proxy neighbor discovery. proxy-nd-policy Syntax proxy-nd-policy policy-name [policy-name...(up to 5 max)]...
Page 99 IP Router Configuration Parameters ipv6-address — The IPv6 address assigned to a router interface. Values ipv6-address: x:x:x:x:x:x:x:x (eight 16-bit pieces) x:x:x:x:x:x:d.d.d.d [0 — FFFF]H [0 — 255]D mac-address — Specifies the MAC address for the neighbor in the form of xx:xx:xx:xx:xx:xx or xx- xx-xx-xx-xx-xx.
Page 100 Configuration Commands Router Advertisement Commands router-advertisement Syntax [no] router-advertisement Context config>router Description This command configures router advertisement properties. By default, it is disabled for all IPv6 enabled interfaces. The no form of the command disables all IPv6 interface. However, the no interface interface-name command disables a specific interface.
Page 101 IP Router Configuration managed-configuration Syntax [no] managed-configuration Context config>router>router-advert>if Description This command sets the managed address configuration flag. This flag indicates that DHCPv6 is available for address configuration in addition to any address autoconfigured using stateless address autoconfiguration. . Default no managed-configuration max-advertisement-interval Syntax...
Page 102 Configuration Commands Default no mtu — The MTU option is not sent in the router advertisement messages. the MTU for the nodes to use to send packets on the link. Parameters mtu-bytes — Specify Values 1280 — 9212 other-stateful-configuration Syntax [no] other-stateful-configuration Description This command sets the "Other configuration"...
Page 103 IP Router Configuration Description This command specifies whether the prefix can be used for stateless address autoconfiguration. Default enabled on-link Syntax [no] on-link Context config>router>router-advert>if>prefix Description This command specifies whether the prefix can be used for onlink determination. Default enabled preferred-lifetime Syntax [no] preferred-lifetime {seconds | infinite}...
Page 104 Configuration Commands reachable-time Syntax reachable-time milli-seconds no reachable-time Context config>router>router-advert>if Description This command configures how long this router should be considered reachable by other nodes on the link after receiving a reachability confirmation. Default no reachable-time Parameters milli-seconds — Specifies the length of time the router should be considered reachable. Values 0 —...
Page 105 IP Router Configuration use-virtual-mac Syntax [no] use-virtual-mac Context config>router>router-advert>if Description This command enables sending router advertisement messages using the VRRP virtual MAC address, provided that the virtual router is currently the master. If the virtual router is not the master, no router advertisement messages are sent.
Page 106 Configuration Commands Page 106 7210 SAS M, T, X, R6, R12, Mxp OS Router Configuration Guide...
Page 107 IP Router Configuration Show Commands aggregate Syntax aggregate [family] [active] Context show>router Description This command displays aggregate routes. Parameters active — When the active keyword is specified, inactive aggregates are filtered out. family — Specifies the router IP interface family to display. Syntax arp [ip-int-name | ip-address/mask | mac ieee-mac-address | summary] [local | dynamic | static]...
Page 108 Show Commands Label Description (Continued) The ARP entry is a managed ARP entry. *Man The ARP entry is an internal ARP entry. The ARP entry is in use. Interface The IP interface name associated with the ARP entry. No. of ARP Entries The number of ARP entries displayed in the list.
Page 109 IP Router Configuration Syntax Context show>router Description This command enables the context to display bi-directional forwarding detection (BFD) information. ecmp Syntax ecmp Context show>router Description This command displays the ECMP settings for the router. Output ECMP Settings Output — The following table describes the output fields for the router ECMP settings.
Page 110 Show Commands bfd-template Syntax bfd-template template-name Context show>router>bfd Description This command displays BFD template information. Label Description Displays the name of the template. Templates Name Displays the type of the template. Template Type TX time Interval Displays the interval, in milliseconds, between the transmitted BFD messages to maintain the session Displays the expected interval, in milliseconds, between the received RX time Interval...
Page 111 IP Router Configuration Output BFD interface Output — The following table describes the show BFD interface output fields: Label Description Displays the interval, in milliseconds, between the transmitted BFD TX Interval messages to maintain the session Displays the expected interval, in milliseconds, between the received RX Interval BFD messages to maintain the session Multiplier...
Page 112 Show Commands Parameters ip-int-name — Specify the IP interface name. ip-address — Specify the address of the IPv6 interface address. mac ieee-mac-address — Specify the MAC address. summary — Displays summary neighbor information. dynamic — The Ipv6 neighbor entry is a dynamic neighbor entry. static —...
Page 113 IP Router Configuration =============================================================================== *A:Dut-A>config>router# show router neighbor dynamic =============================================================================== Neighbor Table (Router: Base) =============================================================================== IPv6 Address Interface MAC Address State Expiry Type ------------------------------------------------------------------------------- 2193:12:23:1::2 A_to_B2_23 e4:81:84:24:1d:6c STALE 01h12m27s Dynamic ------------------------------------------------------------------------------- No. of Neighbor Entries: 1 =============================================================================== *A:Dut-A>config>router# *A:Dut-A>config>router# show router neighbor static =============================================================================== Neighbor Table (Router: Base) ===============================================================================...
Page 114 Show Commands Label Description State Displays the administrative state for this BFD session. Protocol Displays the active protocol. Tx Intvl Displays the interval, in milliseconds, between the transmitted BFD mes- sages to maintain the session Tx Pkts Displays the number of transmitted BFD packets. Rx Intvl Displays the expected interval, in milliseconds, between the received BFD messages to maintain the session...
Page 115 IP Router Configuration F_Lag Up (3) 23.1.1.1 ospf2 267087 267093 C_Lag Up (3) 25.1.1.2 ospf2 267005 266996 ------------------------------------------------------------------------------- No. of BFD sessions: 3 =============================================================================== *A:7210-SAS>show>router>bfd# 7210 SAS M, T, X, R6, R12, Mxp OS Router Configuration Guide Page 115...
Page 116 Show Commands dhcp Syntax dhcp Context show>router Description This command enables the context to display DHCP information for the specified service. statistics Syntax statistics interface [ip-int-name|ip-address] Context show>router>dhcp Description Displays DHCP statistics information. Parameters ip-int-name | ip-address — Displays statistics for the specified IP interface. Show DHCP Statistics Output —...
Page 117 IP Router Configuration Label Description Server Packets The number of packets received from the DHCP server that were for- Relayed warded. Server Packets The number of packets received from the DHCP server that were Snooped snooped. *A:7210SAS>show>router>dhcp# statistics ==================================================================== DHCP Global Statistics, service 1 ==================================================================== Rx Packets : 416554...
Page 118 Show Commands Sample Output A:7210SAS# show router dhcp summary DHCP Summary, service 1 ======================================================================= Interface Name Used/ Info Admin SapId/Sdp Populate Provided Option State ------------------------------------------------------------------------------- egr_1 Replace Up Replace Up ------------------------------------------------------------------------------- Interfaces: 2 ======================================================================= *A:7210SAS>show>service>id>dhcp# Syntax fib slot-number [ip-prefix/prefix-length [longer]] Context show>router Description...
Page 119 IP Router Configuration icmp6 Syntax icmp6 Context show>router Description This command displays Internet Control Message Protocol Version 6 (ICMPv6) statistics. ICMP generates error messages (for example, ICMP destination unreachable messages) to report errors during processing and other diagnostic functions. ICMPv6 packets can be used in the neighbor discovery protocol and path MTU discovery.
Page 120 Show Commands Echo Request Echo Reply Router Solicits Router Advertisements Neighbor Solicits Neighbor Advertisements : 0 ------------------------------------------------------------------------------- Sent Total : 10 Errors Destination Unreachable : 0 Redirects Time Exceeded Pkt Too Big Echo Request Echo Reply Router Solicits Router Advertisements Neighbor Solicits Neighbor Advertisements : 5 ===============================================================================...
Page 121 IP Router Configuration interface Syntax interface [{[ip-address | ip-int-name] [detail]} interface [{[ip-address | ip-int-name] [detail] [family]} | [summary] | [exclude-services] interface family [detail] interface [ip-address | ip-int-name] Context show>router Description This command displays the router IP interface table sorted by interface index. Parameters ip-address —...
Page 122 Show Commands Sample Output *A:SASR1>config>router# show router interface =============================================================================== Interface Table (Router: Base) =============================================================================== Interface-Name Opr(v4/v6) Mode Port/SapId IP-Address PfxState ------------------------------------------------------------------------------- Up/Down Network 1/1/8:1 1.1.1.1/24 if1-1 Up/Down Network 2/1/1:1 Unnumbered If[system] Up/Down Unnumb* 5/1/1:1 Unnumbered If[system] if2-1 Up/Down Network 6/1/1:1 2.2.2.1/24 system Up/Down...
Page 123 IP Router Configuration Label Description (Continued) IP Addr/mask The IP address and subnet mask length of the IP interface. — Indicates no IP address has been assigned to Not Assigned the IP interface. If Index The interface index of the IP router interface. Virt If Index The virtual interface index of the IP router interface.
Page 124 Show Commands Redirects : Number - 100 Time (seconds) - 10 Unreachables : Number - 100 Time (seconds) - 10 TTL Expired : Number - 100 Time (seconds) - 10 =============================================================================== A:SIM7# *A:ALU_SIM11>show>router>ldp# interface detail =============================================================================== LDP Interfaces (Detail) =============================================================================== ------------------------------------------------------------------------------- Interface "a"...
Page 125 IP Router Configuration Parameters name — Specify an existing policy-statement name. prefix-list name — Specify a prefix list name to display the route policy entries. admin — Specify the admin keyword to display the entities configured in the config>router>policy- options context. route-table Syntax route-table [ip-address[mask] [longer|exact]]|[summary]...
Page 126 Show Commands Label Description (Continued) The route age in seconds for the route. Metric The route metric value for the route. B:ALA-B# show router route-table 100.10.0.0 exact =============================================================================== Route Table (Router: Base) =============================================================================== Dest Address Next Hop Type Proto Age Metric Pref ------------------------------------------------------------------------------- 100.10.0.0/16 Black Hole Remote Static 00h03m17s 1 5 -------------------------------------------------------------------------------...
Page 127 IP Router Configuration ipv6-prefix[/prefix-length] — Displays routes only matching the specified ip-address and length. Values ipv6 ipv6-prefix[/pref*: x:x:x:x:x:x:x:x (eight 16-bit pieces) x:x:x:x:x:x:d.d.d.d x: [0 — FFFF]H d: [0 — 255]D prefix-length: 1 — 128 Router-Advertisement Table Output — The following table describes the output fields for router- Output advertisement.
Page 128 Show Commands Label Description (Continued) False — Indicates there are no other stateful configurations. Router Lifetime Displays the router lifetime in seconds. Hop Limit Displays the current hop limit. Sample Output A:7210SAS# show router rtr-advertisement ======================================================================= Router Advertisement ======================================================================= ------------------------------------------------------------------------------- Interface: interfaceNetworkNonDefault ------------------------------------------------------------------------------- Rtr Advertisement Tx : 8...
Page 129 IP Router Configuration Nbr Advertisement Rx : 166 Nbr Solicitation Rx : 143 ------------------------------------------------------------------------------- Max Advert Interval : 601 Min Advert Interval : 201 Managed Config : TRUE Other Config : TRUE Reachable Time : 00h00m00s400ms Router Lifetime : 00h30m01s Retransmit Time : 00h00m00s400ms Hop Limit...
Page 130 Show Commands static-arp Syntax static-arp [ip-addr | ip-int-name | mac ieee-mac-addr] Context show>router Description This command displays the router static ARP table sorted by IP address. If no options are present, all ARP entries are displayed. Parameters ip-addr — Only displays static ARP entries associated with the specified IP address. ip-int-name —...
Page 131 IP Router Configuration 12.200.1.1 00:00:5a:01:00:33 00:00:00 Inv to-ser1 =============================================================================== A:ALA-A# A:ALA-A# show router static-arp to-ser1 =============================================================================== ARP Table =============================================================================== IP Address MAC Address Type Interface ------------------------------------------------------------------------------- 10.200.0.253 00:00:5a:40:00:01 00:00:00 Sta to-ser1 =============================================================================== A:ALA-A# A:ALA-A# show router static-arp mac 00:00:5a:40:00:01 =============================================================================== ARP Table =============================================================================== IP Address...
Page 132 Show Commands preference preference — Only displays static routes with the specified route preference. Values 0 — 65535 next-hop ip-address — Only displays static routes with the specified next hop IP address. Values ipv4-address: a.b.c.d (host bits must be 0) Values ipv6-address: x:x:x:x:x:x:x:x (eight 16-bit pieces)
Page 133 IP Router Configuration 192.168.250.0/24 10.200.10.1 to-ser1 192.168.252.0/24 10.10.0.254 192.168.253.0/24 to-ser1 192.168.253.0/24 10.10.0.254 192.168.254.0/24 black-hole =============================================================================== A:ALA-A# A:ALA-A# show router static-route 192.168.250.0/24 =============================================================================== Route Table =============================================================================== IP Addr/mask Pref Metric Type Nexthop Interface Active ------------------------------------------------------------------------------- 192.168.250.0/24 10.200.10.1 to-ser1 =============================================================================== A:ALA-A# A:ALA-A# show router static-route preference 4 =============================================================================== Route Table ===============================================================================...
Page 134 Show Commands Label Description Router The administrative and operational states for the router. OSPF The administrative and operational states for the OSPF protocol. ISIS The administrative and operational states for the IS-IS protocol. MPLS The administrative and operational states for the MPLS protocol. The administrative and operational states for the LDP protocol.
Page 135 IP Router Configuration ECMP Max Routes Mcast Info Policy default Triggered Policies LDP Shortcut Disabled Single SFM Overload Disabled IP Fast Reroute Disabled ======================================================================= *A:7210>show>router# tunnel-table Syntax tunnel-table [ip-address[/mask]] [protocol protocol | sdp sdp-id] [summary] Context show>router Description This command displays tunnel table information. Parameters ip-address[/mask] —...
Page 136 Show Commands Active Available ------------------------------------------------------------------------------- =============================================================================== A:ALA-A>config>service# Page 136 7210 SAS M, T, X, R6, R12, Mxp OS Router Configuration Guide...
Page 137 IP Router Configuration Clear Commands router Syntax router Context clear>router Description This command clears for a the router instance in which they are entered. Parameters router-instance — Specify the router name or service ID. Values Base, management Default Base Syntax arp {all | ip-addr | interface {ip-int-name | ip-addr}} Context clear>router...
Page 138 Clear Commands interface-name — Clears ICMP6 statistics for the specified interface. Syntax bfd src-ip ip-address dst-ip ip-address bfd all Context clear>router Description This command enables the context to clear bi-directional forwarding (BFD) sessions and statistics. dhcp Syntax dhcp Context clear>router Description This command enables the context to clear DHCP related information.
Page 139 IP Router Configuration dst-ip ip-address — Specifies the address of the remote endpoint of this BFD session. statistics Syntax statistics src-ip ip-address dst-ip ip-address statistics all Context clear>router>bfd Description This command clears BFD statistics. Parameters src-ip ip-address — Specifies the address of the local endpoint of this BFD session. dst-ip ip-address —...
Page 140 Clear Commands interface interface-name — Clear router advertisement counters for the specified interface. Page 140 7210 SAS M, T, X, R6, R12, Mxp OS Router Configuration Guide...
Page 141 IP Router Configuration Debug Commands router Syntax router Context debug Description This command configures debugging for a router instance. Parameters router-instance — Specify the router name or service ID. Values router-name: Base service-id: 1 — 2147483647 Default Base Syntax Context debug>router Description This command configures debugging for IP.
Page 142 Debug Commands icmp6 Syntax icmp6 [ip-int-name] no icmp6 Context debug>router>ip Description This command enables ICMP6 debugging. interface Syntax [no] interface [ip-int-name | ip-address] Context debug>router>ip Description This command displays the router IP interface table sorted by interface index. Parameters ip-address — Only displays the interface information associated with the specified IP address. Values ipv4-address a.b.c.d (host bits must be 0)
Page 143 IP Router Configuration protocol-id — Specifies the decimal value representing the IP protocol to debug. Well known protocol numbers include ICMP(1), TCP(6), UDP(17). The no form the command removes the protocol from the criteria. Values 0 — 255 (values can be expressed in decimal, hexidecimal, or binary) keywords: none, crtp, crudp, egp, eigrp, encap, ether-ip, icmp, idrp, igmp, igp, ip, isis, iso-ip, l2tp, ospf-igp, pim, pnni, ptp, rdp, rsvp, stp, tcp, udp, vrrp * —...
Page 144 Debug Commands Page 144 7210 SAS M, T, X, R6, R12, Mxp OS Router Configuration Guide...
Page 145: In This Chapter
VRRP In This Chapter This chapter provides information about configuring Virtual Router Redundancy Protocol (VRRP) parameters. Topics in this chapter include: • VRRP Overview on page 146 → Virtual Router on page 147 → IP Address Owner on page 147 →...
Page 146: Vrrp Overview
VRRP Overview VRRP Overview NOTE: VRRP for IPv4 is supported only in 7210 SAS devices configured in Network mode. It is not supported in devices configured in access-uplink mode. VRRP for IPv6 is not supported on any of the 7210 platforms. The Virtual Router Redundancy Protocol (VRRP) for IPv4 is defined in the IETF RFC 3768, Virtual Router Redundancy Protocol.
Page 147: Vrrp Components
(or address) across a common LAN. A VRRP router can backup one or more virtual routers. Up to four virtual routers are possible on a single Alcatel-Lucent IP interface. The virtual routers must be in the same subnet. Each virtual router has its own VRID, state machine and messaging instance.
Page 148: Primary Ip Addresses
VRRP Overview Primary IP Addresses A primary address is an IP address selected from the set of real interface address. VRRP advertisements are always sent using the primary IP address as the source of the IP packet. A IP interface must always have a primary IP address assigned for VRRP to be active on the interface.
Page 149: Virtual Router Backup
VRRP Virtual Router Backup A new virtual router master is selected from the set of VRRP routers available to assume forwarding responsibility for a virtual router should the current master fail. Owner and Non-Owner VRRP The owner controls the IP address of the virtual router and is responsible for forwarding packets sent to this IP address.
Page 150: Configurable Parameters
VRRP Overview Configurable Parameters In addition to backup IP addresses, to facilitate configuration of a virtual router on routers, the following parameters can be defined in owner configurations: • Virtual Router ID (VRID) on page 150 • Message Interval and Master Inheritance on page 152 •...
Page 151: Ip Addresses
VRRP When the IP address on the IP interface matches the virtual router IP address (owner mode), the priority value is fixed at 255, the highest value possible. This virtual router member is considered the owner of the virtual router IP address. There can only be one owner of the virtual router IP address for all virtual router members.
Page 152: Message Interval And Master Inheritance
VRRP Overview Message Interval and Master Inheritance Each virtual router is configured with a message interval per VRID within which it participates. This parameter must be the same for every virtual router on the VRID. For IPv4, the default advertisement interval is 1 second and can be configured between 1 second and 255 seconds and 900 milliseconds.
Page 153: Master Down Interval
VRRP Master Down Interval The master down interval is a calculated value used to load the master down timer. When the master down timer expires, the virtual router enters the master state. To calculate the master down interval, the virtual router evaluates the following formula: Master Down Interval = (3 x Operational Advertisement Interval) + Skew Time The operational advertisement interval is dependent upon the state of the inherit parameter.
Page 154: Vrrp Message Authentication
VRRP Overview VRRP Message Authentication The authentication type parameter defines the type of authentication used by the virtual router in VRRP advertisement message authentication. VRRP message authentication is applicable to IPv4 only. The current master uses the configured authentication type to indicate any egress message manipulation that must be performed in conjunction with any supporting authentication parameters before transmitting a VRRP advertisement message.
Page 155 VRRP • VRRP message checks → Version field – Must be set to the value 2 → Type field – Must be set to the value of 1 (advertisement) → Virtual router ID field – Must match one of the configured VRID on the ingress IP interface (All other fields are dependent on matching the virtual router ID field to one of the interfaces configured VRID parameters) →...
Page 156: Authentication Data
VRRP Overview Authentication Failure Any received VRRP advertisement message that fails authentication must be silently discarded with an invalid authentication counter incremented for the ingress virtual router instance. Authentication Data This feature is different than the VRRP advertisement message field with the same name. This is any required authentication information that is pertinent to the configured authentication type.
Page 157: Policies
VRRP Owner and non-owner virtual router instances have the supported IP addresses explicitly defined, making mismatched supported IP address within the interconnected virtual router instances a provisioning issue. Policies Policies can be configured to control VRRP priority with the virtual router instance. VRRP priority control policies can be used to override or adjust the base priority value depending on events or conditions within the chassis.
Page 158: Vrrp Priority Control Policies
VRRP Priority Control Policies VRRP Priority Control Policies This implementation of VRRP supports control policies to manipulate virtual router participation in the VRRP master election process and master self-deprecation. The local priority value for the virtual router instance is used to control the election process and master state.
Page 159: Vrrp Priority Control Policy Delta In-Use Priority Limit
VRRP VRRP Priority Control Policy Delta In-Use Priority Limit A VRRP priority control policy enforces an overall minimum value that the policy can inflict on the VRRP virtual router instance base priority. This value provides a lower limit to the delta priority events manipulation of the base priority. A delta priority event is a conditional event defined in the priority control policy that subtracts a given amount from the current, in-use priority for all VRRP virtual router instances to which the policy is applied.
Page 160: Vrrp Priority Control Policy Priority Events
VRRP Priority Control Policies VRRP Priority Control Policy Priority Events The main function of a VRRP priority control policy is to define conditions or events that impact the system’s ability to communicate with outside hosts or portions of the network. When one or multiple of these events are true, the base priority on the virtual router instance is either overwritten with an explicit value, or a sum of delta priorities is subtracted from the base priority.
Page 161: Port Down Priority Event
VRRP Port Down Priority Event The port down priority event is tied to either a physical port or a SONET/SDH channel. The port or channel operational state is evaluated to determine a port down priority event or event clear. When the port or channel operational state is up, the port down priority event is considered false or cleared.
Page 162 VRRP Priority Control Policies Table 5: LAG Events (Continued) Time LAG Port State Parameter State Comments One port up Event State Set - 4 ports down Cannot change until Hold Set Timer expires Event Threshold 3 ports down Hold Set Timer 5 seconds Event does not affect timer All ports up...
Page 163: Host Unreachable Priority Event
VRRP Host Unreachable Priority Event The host unreachable priority event creates a continuous ping task that is used to test connectivity to a remote host. The path to the remote host and the remote host itself must be capable and configured to accept ICMP echo request and replies for the ping to be successful.
Page 164: Vrrp Non-Owner Accessibility
VRRP Non-Owner Accessibility VRRP Non-Owner Accessibility Although the RFC states that only VRRP owners can respond to ping and other management-oriented protocols directed to the VRID IP addresses, allows an override of this restraint on a per VRRP virtual router instance basis. Non-Owner Access Ping Reply When non-owner access ping reply is enabled on a virtual router instance, ICMP echo request messages destined to the non-owner virtual router instance IP addresses are not...
Page 165: Non-Owner Access Ssh
VRRP Non-Owner Access SSH When non-owner access SSH is enabled on a virtual router instance, authorized SSH sessions may be established that are destined to the virtual router instance IP addresses when operating in master mode. SSH sessions are always discarded at the IP interface when destined to a virtual router IP address operating in backup mode.
Page 166: Vrrp Configuration Process Overview
VRRP Configuration Process Overview VRRP Configuration Process Overview Figure 9 displays the process to provision VRRP parameters. Figure 9: VRRP Configuration and Implementation Flow START CONFIGURE VRRP PRIORITY CONTROL POLICIES (optional) CONFIGURE IES SERVICE CONFIGURE ROUTER INTERFACE CONFIGURE INTERFACE CONFIGURE INTERFACE SPECIFY ADDRESS, SECONDARY ADDRESS(ES) SPECIFY ADDRESS, SECONDARY ADDRESS(ES) CONFIGURE VRRP OWNER/NON-OWNER INSTANCE...
Page 167: Configuration Notes
VRRP Configuration Notes This section describes VRRP configuration caveats. General • Creating and applying VRRP policies are optional. • Backup command: → The backup IP address(es) must be on the same subnet. The backup addresses explicitly define which IP addresses are in the VRRP advertisement message IP address list.
Page 168 Configuration Notes Page 168 7210 SAS M, T, X, R6, R12, Mxp OS Router Configuration Guide...
Page 169: Configuring Vrrp With Cli
VRRP Configuring VRRP with CLI This section provides information to configure VRRP using the command line interface. Topics in this section include: • VRRP Configuration Overview on page 170 • Basic VRRP Configurations on page 171 • Common Configuration Tasks on page 174 •...
Page 170: Vrrp Configuration Overview
VRRP Configuration Overview VRRP Configuration Overview Configuring VRRP policies and configuring VRRP instances on interfaces and router interfaces is optional. The basic owner and non-owner VRRP configurations on an IES or router interface must specify the backup ip-address parameter. VRRP helps eliminate the single point of failure in a routed environment by using virtual router IP address shared between two or more routers connecting the common domain.
Page 171: Basic Vrrp Configurations
VRRP Basic VRRP Configurations Configure VRRP parameters in the following contexts: • VRRP Policy on page 171 • VRRP IES Service Parameters on page 172 • VRRP Router Interface Parameters on page 173 VRRP Policy Configuring and applying VRRP policies are optional. There are no default VRRP policies. Each policy must be explicitly defined.
Page 172: Vrrp Ies Service Parameters
Basic VRRP Configurations VRRP IES Service Parameters VRRP parameters are configured within an IES service with two contexts, owner or non- owner. The status is specified when the VRRP configuration is created. When configured as owner, the virtual router instance owns the backup IP addresses. All other virtual router instances participating in this message domain must have the same vrid configured and cannot be configured as owner.
Page 173: Vrrp Router Interface Parameters
VRRP VRRP Router Interface Parameters VRRP parameters are configured on a router interface with two contexts, owner or non- owner. The status is specified when the VRRP configuration is created. When configured as owner, the virtual router instance owns the backed up IP addresses. All other virtual router instances participating in this message domain must have the same configured and vrid...
Page 174: Common Configuration Tasks
Common Configuration Tasks Common Configuration Tasks This section provides a brief overview of the tasks that must be performed to configure VRRP and provides the CLI commands. VRRP parameters are defined under a service interface or a router interface context. An IP address must be assigned to each IP interface.
Page 175: Creating Interface Parameters
VRRP Creating Interface Parameters If you have multiple subnets configured on an Ethernet interface, you can configure VRRP on each subnet. The following displays an IP interface configuration example: A:SR1>config>router# info #------------------------------------------ echo "IP Configuration " #------------------------------------------ interface "system" address 10.10.0.1/32 exit interface "testA"...
Page 176: Configuring Vrrp Policy Components
Configuring VRRP Policy Components Configuring VRRP Policy Components The following displays a VRRP policy configuration example: A:SR1>config>vrrp# info ---------------------------------------------- policy 1 delta-in-use-limit 50 priority-event port-down 1/1/2 hold-set 43200 priority 100 delta exit route-unknown 0.0.0.0/0 protocol isis exit exit exit ---------------------------------------------- A:SR1>config>vrrp# Page 176 7210 SAS M, T, X, R6, R12, Mxp OS Router Configuration...
Page 177: Configuring Service Vrrp Parameters
VRRP Configuring Service VRRP Parameters VRRP parameters can be configured on an interface in aservice to provide virtual default router support which allows traffic to be routed without relying on a single router in case of failure. VRRP can be configured the following ways: •...
Page 178: Owner Service Vrrp
Configuring VRRP Policy Components Owner Service VRRP The following displays the owner VRRP configuration example: A:SR4>config>router# info #------------------------------------------ echo "IP Configuration " #------------------------------------------ interface "test2" address 10.10.10.23/24 vrrp 1 owner backup 10.10.10.23 authentication-key "testabc" exit exit #------------------------------------------ A:SR4>config>router# Page 178 7210 SAS M, T, X, R6, R12, Mxp OS Router Configuration Guide...
Page 179: Configuring Router Interface Vrrp Parameters
VRRP Configuring Router Interface VRRP Parameters VRRP parameters can be configured on an interface in an interface to provide virtual default router support which allows traffic to be routed without relying on a single router in case of failure. VRRP can be configured the following ways: •...
Page 180: Router Interface Vrrp Owner
Configuring VRRP Policy Components Router Interface VRRP Owner The following displays router interface owner VRRP configuration example: A:SR2>config>router# info #------------------------------------------ interface "vrrpowner" address 10.10.10.23/24 vrrp 1 owner backup 10.10.10.23 authentication-key "testabc" exit exit #------------------------------------------ A:SR2>config>router# Page 180 7210 SAS M, T, X, R6, R12, Mxp OS Router Configuration Guide...
Page 181: Vrrp Configuration Management Tasks
VRRP VRRP Configuration Management Tasks This section discusses the following VRRP configuration management tasks: • Modifying a VRRP Policy on page 181 • Deleting a VRRP Policy on page 182 • Modifying Service and Interface VRRP Parameters on page 183 →...
Page 182: Deleting A Vrrp Policy
VRRP Configuration Management Tasks Deleting a VRRP Policy Policies are only applied to non-owner VRRP instances. A VRRP policy cannot be deleted if it is applied to an interface or to an IES service. Each instance in which the policy is applied must be deleted.
Page 183: Modifying Service And Interface Vrrp Parameters
VRRP Modifying Service and Interface VRRP Parameters Modifying Non-Owner Parameters Once a VRRP instance is created as non-owner, it cannot be modified to the state. owner must be deleted and then recreated with the keyword to invoke IP address vrid owner ownership.
Page 184 VRRP Configuration Management Tasks Page 184 7210 SAS M, T, X, R6, R12, Mxp OS Router Configuration Guide...
Page 185: Vrrp Command Reference (Supported Only In Network Mode)
VRRP VRRP Command Reference (Supported only in Network mode) Command Hierarchies Configuration Commands • VRRP Network Interface Commands on page 185 • VRRP Priority Control Event Policy Commands on page 186 • Show Commands on page 187 • Clear Commands on page 187 VRRP Network Interface Commands config —...
Page 186 VRRP Command Reference (Supported only in Network mode) — [no] traceroute-reply VRRP Priority Control Event Policy Commands config — vrrp — [no] policy policy-id [context service-id] — delta-in-use-limit limit — no delta-in-use-limit — description description string — no description — [no] priority-event —...
Page 187 VRRP — protocol protocol — no protocol[protocol] — [no] protocol ospf — [no] protocol isis — [no] protocol static Show Commands show — vrrp — policy [policy-id [event event-type specific-qualifier]] — router — vrrp — instance — instance [interface interface-name [vrid virtual-router-id]] —...
Page 188 VRRP Command Reference (Supported only in Network mode) — no packets Page 188...
Page 189: Interface Configuration Commands
VRRP Configuration Commands Interface Configuration Commands authentication-key Syntax authentication-key [authentication-key | hash-key] [hash | hash2] no authentication-key Context config>router>if>vrrp Description This command sets the simple text authentication key used to generate master VRRP advertisement messages and validates VRRP advertisements. If simple text password authentication is not required, the authenticaton-key command is not required.
Page 190 Interface Configuration Commands hash-key — The hash key. The key can be any combination of ASCII characters up to 22 (hash-key1) or 121 (hash-key2) characters in length (encrypted). If spaces are used in the string, enclose the entire string in quotation marks (“ ”). This is useful when a user must configure the parameter, but for security purposes, the actual unencrypted key value is not provided.
Page 191 VRRP When operating as (non-owner) master, the default functionality associated with ip-addr is ARP response to ARP requests to ip-addr, routing of packets destined to the virtual router instance source MAC address and silently discarding packets destined to ip-addr. Enabling the non-owner-access parameters selectively allows ping, Telnet and SSH connectivity to ip-addr when the virtual router instance is operating as master.
Page 192 Interface Configuration Commands conjunction with the IP addresses mask. If the defined virtual router IP address is equal to the associated subnet’s broadcast address, it is invalid. Virtual router IP addresses for non-owner virtual router instances that are equal to a parental IP interface IP address are also invalid. The same virtual router IP address may not be assigned to two separate virtual router instances.
Page 193 VRRP bfd-enable Syntax [no] bfd-enable [service-id] interface interface-name dst-ip ip-address [no] bfd-enable interface interface-name dst-ip ip-address Context config>router>if>vrrp Description This commands assigns a bi-directional forwarding (BFD) session providing heart-beat mechanism for the given VRRP instance. There can be only one BFD session assigned to any given VRRP instance, but there can be multiple VRRP sessions using the same BFD session.
Page 194 Interface Configuration Commands master-int-inherit Syntax [no] master-int-inherit Context config>router>if>vrrp Description This command enables the virtual router instance to inherit the master VRRP router’s advertisement interval timer which is used by backup routers to calculate the master down timer. The master-int-inherit command is only available in the non-owner nodal context and is used to allow the current virtual router instance master to dictate the master down timer for all backup virtual routers.
Page 195 VRRP • When a non-owner is in the backup state with master-int-inherit enabled, the configured mes- sage-interval is ignored. The master down timer is indirectly derived from the incoming VRRP advertisement message advertisement interval field value. VRRP advertisements messages that are fragmented contain IP options (IPv4) require a longer message interval to be configured.
Page 196 Interface Configuration Commands The no form of the command removes existing VRRP priority control policy associations from the virtual router instance. All associations must be removed prior to deleting the policy from the system. Default no policy — No VRRP priority control policy is associated with the virtual router instance. Parameters policy-id —...
Page 197 VRRP priority Syntax priority base-priority no priority Context config>router>if>vrrp Description This command configures the base router priority for the virtual router instance used in the master election process. The priority is the most important parameter set on a non-owner virtual router instance. The priority defines a virtual router’s selection order in the master election process.
Page 198 Interface Configuration Commands Ping must not have been disabled at the management security level (either on the parental IP interface or based on the Ping source host address). When ping-reply is not enabled, ICMP echo requests to non-owner master virtual IP addresses are silently discarded.
Page 199 VRRP ssh-reply Syntax [no] ssh-reply Context config>router>if>vrrp Description This command enables the non-owner master to reply to SSH requests directed at the virtual router instance IP addresses. This command is only applicable to IPv4. Non-owner virtual router instances are limited by the VRRP specifications to responding to ARP requests destined to the virtual router IP addresses and routing IP packets not addressed to the virtual router IP addresses.
Page 200 Interface Configuration Commands telnet-reply Syntax [no] telnet-reply Context config>router>if>vrrp Description This command enables the non-owner master to reply to TCP port 23 Telnet requests directed at the virtual router instances’ IP addresses. Non-owner virtual router instances are limited by the VRRP specifications to responding to ARP requests destined to the virtual router IP addresses and routing IP packets not addressed to the virtual router IP addresses.
Page 201 VRRP vrrp Syntax vrrp vrid [owner] no vrrp vrid Context config>router>interface ip-int-name Description This command creates the context to configure a VRRP virtual router instance. A virtual router is defined by its virtual router identifier (VRID) and a set of IP addresses. The optional owner keyword indicates that the owner controls the IP address of the virtual router and is responsible for forwarding packets sent to this IP address.
Page 202 Interface Configuration Commands • traceroute-reply Default no vrrp — No VRRP virtual router instance is associated with the IP interface. Parameters vrid — The virtual router ID for the IP interface expressed as a decimal integer. Values 1 — 255 owner —...
Page 203 VRRP Priority Policy Commands delta-in-use-limit Syntax delta-in-use-limit in-use-priority-limit no delta-in-use-limit Context config>vrrp>policy vrrp-policy-id Description This command sets a lower limit on the virtual router in-use priority that can be derived from the delta priority control events. Each vrrp-priority-id places limits on the delta priority control events to define the in-use priority of the virtual router instance.
Page 204 Priority Policy Commands description Syntax description string no description Context config>vrrp>policy vrrp-policy-id Description This command creates a text description stored in the configuration file for a configuration context. The description command associates a text string with a configuration context to help identify the content in the configuration file.
Page 205 VRRP Parameters vrrp-policy-id — The VRRP priority control ID expressed as a decimal integer that uniquely identifies this policy from any other VRRP priority control policy defined on the system. Up to 1000 policies can be defined. Values 1 — 9999 context service-id —...
Page 206 Priority Policy Event Commands Priority Policy Event Commands hold-clear Syntax hold-clear seconds no hold-clear Context config>vrrp>policy>priority-event>port-down config>vrrp>policy>priority-event>lag-port-down config>vrrp>policy>priority-event>route-unknown Description This command configures the hold clear time for the event. The seconds parameter specifies the hold- clear time, the amount of time in seconds by which the effect of a cleared event on the associated virtual router instance is delayed.
Page 207 VRRP Once the hold set timer expires and the event meets the cleared state requirements or is set to a lower threshold, the current set effect on the virtual router instances in-use priority can be removed. As with lag-port-down events, this may be a decrease in the set effect if the clearing amounts to a lower set threshold.
Page 208 Priority Policy Event Commands Default 0 delta — The set event will subtract 0 from the base priority (no effect). Parameters priority-level — The priority level adjustment value expressed as a decimal integer. Values 0 — 254 delta | explicit — Configures what effect the priority-level will have on the base priority value. When delta is specified, the priority-level value is subtracted from the associated virtual router instance’s base priority when the event is set and no explicit events are set.
Page 209 VRRP Priority Policy Port Down Event Commands port-down Syntax [no] port-down port-id Context config>vrrp>policy>priority-event Description This command configures a port down priority control event that monitors the operational state of a port or SONET/SDH channel. When the port or channel enters the operational down state, the event is considered set.
Page 210 Priority Policy Port Down Event Commands The port-id can only be monitored by a single event in this policy. The port can be monitored by multiple VRRP priority control policies. A port and a specific channel on the port are considered to be separate entities.
Page 211 VRRP Priority Policy LAG Events Commands lag-port-down Syntax [no] lag-port-down lag-id Context config>vrrp>policy>priority-event Description This command creates the context to configure Link Aggregation Group (LAG) priority control events that monitor the operational state of the links in the LAG. The lag-port-down command configures a priority control event. The event monitors the operational state of each port in the specified LAG.
Page 212 Priority Policy LAG Events Commands threshold again increases before the hold set timer expires, the timer is only reset to the hold-set value if the number of ports down is equal to or greater than the threshold that set the timer. The event contains number-down nodes that define the priority delta or explicit value to be used based on the number of LAG composite ports that are in the operationally down state.
Page 213 VRRP lag-ports-down, but does not equal or exceed the next highest configured number-of-lag-ports- down. Values 1 — 4 7210 SAS M, T, X, R6, R12, Mxp OS Router Configuration Guide Page 213...
Page 214 Priority Policy Host Unreachable Event Commands Priority Policy Host Unreachable Event Commands drop-count Syntax drop-count consecutive-failures no drop-count Context config>vrrp vrrp-policy-id>priority-event>host-unreachable ip-addr Description This command configures the number of consecutively sent ICMP echo request messages that must fail before the host unreachable priority control event is set. The drop-count command is used to define the number of consecutive message send attempts that must fail for the host-unreachable priority event to enter the set state.
Page 215 VRRP The host-unreachable command can reference any valid local or remote IP address. The ability to ARP a local IP address or find a remote IP address within a route prefix in the route table is considered part of the monitoring procedure. The host-unreachable priority event operational state tracks ARP or route table entries dynamically appearing and disappearing from the system.
Page 216 Priority Policy Host Unreachable Event Commands The hold-set timer be expired and the historical success rate must be met prior to the event operational state becoming cleared. The no form of the command deletes the specific IP host monitoring event. The event may be deleted at anytime.
Page 217 VRRP timeout Syntax timeout seconds no timeout Context config>vrrp vrrp-policy-id>priority-event>host-unreachable ip-addr Description This command defines the time, in seconds, that must pass before considering the far-end IP host unresponsive to an outstanding ICMP echo request message. The timeout value is not directly related to the configured interval parameter. The timeout value may be larger, equal, or smaller, relative to the interval value.
Page 218 Priority Policy Route Unknown Event Commands Priority Policy Route Unknown Event Commands less-specific Syntax [no] less-specific [allow-default] Context config>vrrp>policy>priority-event>route-unknown prefix/mask-length Description This command allows a CIDR shortest match hit on a route prefix that contains the IP route prefix associated with the route unknown priority event. The less-specific command modifies the search parameters for the IP route prefix specified in the route-unknown priority event.
Page 219 VRRP When more than one next hop IP addresses are eligible for matching, a next-hop command must be executed for each IP address. Defining the same IP address multiple times has no effect after the first instance. The no form of the command removes the ip-address from the list of acceptable next hops when looking up the route-unknown prefix.
Page 220 Priority Policy Route Unknown Event Commands a returned route prefix with a source of IS-IS will not be considered a match and will cause the event to enter the set state. static — This parameter defines a static route as an eligible route source for a returned route prefix from the RTM when looking up the route-unknown route prefix.
Page 221 VRRP route-unknown Description Operational State Set – default best The route exists in the route table as the default route but the default match route is not allowed for route matching. Cleared – less specific A less specific route exists in the route table and meets all criteria found including the less-specific requirements.
Page 222 Priority Policy Route Unknown Event Commands the ICMP echo request messages it generates. This allows received ICMP echo reply messages to be directed to the appropriate sending application. Values ip-prefix/mask: ip-prefix a.b.c.d (host bits must be 0) mask 0 — 32 ipv6-address/prefix: ipv6-address x:x:x:x:x:x:x:x (eight 16-bit pieces) x:x:x:x:x:x:d.d.d.d...
Page 223 VRRP Show Commands instance Syntax instance instance [interface interface-name [vrid virtual-router-id] Context show>vrrp Description This command displays information for VRRP instances. If no command line options are specified, summary information for all VRRP instances displays. Parameters interface ip-int-name — Displays detailed information for the VRRP instances on the specified IP interface including status and statistics.
Page 224 Show Commands Label Description (Continued) State When owner, backup defines the IP addresses that are advertised within VRRP advertisement messages. When non-owner, backup actually creates an IP interface IP address used for routing IP packets and communicating with the system when the access commands are defined (ping-reply, telnet-reply, and ssh- reply).
Page 225 VRRP Label Description (Continued) Ping Reply Yes — A non-owner master is enabled to reply to ICMP Echo requests directed to the virtual router instance IP addresses. Ping Reply is valid only if the VRRP virtual router instance associated with this entry is a non-owner. A non-owner backup virtual router never responds to such ICMP echo requests irrespective if Ping Reply is enabled.
Page 226 Show Commands Sample Output *A:ALA-A# show router vrrp instance =============================================================================== VRRP Instances =============================================================================== Interface Name VR Id Own Adm State Base Pri Msg Int Pol Id InUse Pri Inh Int ------------------------------------------------------------------------------- Master IPv4 Backup Addr: 5.1.1.10 ------------------------------------------------------------------------------- Instances : 2 =============================================================================== *A:ALA-A# *A:ALA-A# show router vrrp instance interface n2 vrid 1...
Page 227 VRRP Total Discards =============================================================================== *A:ALA-A# 7210SAS>show>router# vrrp instance interface "n1" vrid 1 =============================================================================== VRRP Instance 1 for interface "n1" =============================================================================== Owner : No VRRP State : Init Primary IP of Master: 0.0.0.0 (Self) Primary IP : 0.0.0.0 Standby-Forwarding: Disabled VRRP Backup Addr : None Admin State : Up...
Page 228 Show Commands policy Syntax policy [vrrp-policy-id [event event-type specific-qualifier]] Context show>vrrp Description This command displays VRRP priority control policy information. If no command line options are specified, a summary of the VRRP priority control event policies dis- plays. Parameters vrrp-policy-id — Displays information on the specified priority control policy ID. Default All VRRP policies IDs Values...
Page 229 VRRP Label Description (Continued) Delta Limit The delta-in-use-limit for a VRRP policy. Once the total sum of all delta events has been calculated and subtracted from the base-priority of the virtual router, the result is compared to the delta-in-use-limit value. If the result is less than this value, the delta-in-use-limit value is used as the virtual router in-use priority value.
Page 230 Show Commands Label Description (Continued) Explicit — The priority-level value is used to override the base priority of the virtual router instance if the priority event is set and no other explicit priority event is set with a lower priority-level. The set explicit priority value with the lowest priority-level determines the actual in-use protocol value for all virtual router instances associ- ated with the policy.
Page 231 VRRP VRRP Policy Event Output — The following table describes a specific event VRRP policy com- mand output fields. Label Description Description A text string which describes the VRRP policy. Policy Id The VRRP priority control policy associated with the VRRP virtual router instance.
Page 232 Show Commands Label Description (Continued) Master Priority The priority of the virtual router instance which is the current master. Priority The base priority used by the virtual router instance. Priority Effect Delta — A delta priority event is a conditional event defined in a priority control policy that subtracts a given amount from the base pri- ority to give the current in-use priority for the VRRP virtual router instances to which the policy is applied.
Page 233 VRRP Label Description (Continued) No — The event is not affecting the in-use priority of some virtual router. # trans to Set The number of times the event has transitioned to one of the 'set' states. Last Transition The time and date when the operational state of the event last changed. Sample Output A:ALA-A#show vrrp policy 1 event port-down ===============================================================================...
Page 234 Show Commands Value In Use : No Current State : n/a # trans to Set Previous State : n/a Last Transition : 04/13/2007 23:10:24 =============================================================================== A:ALA-A# A:ALA-A# show vrrp policy 1 event route-unknown =============================================================================== VRRP Policy 1, Event Route Unknown 10.10.100.0/24 =============================================================================== Description : 10.10.200.253 reachability...
Page 235 VRRP Sample Output A:ALA-48# show router vrrp statistics =============================================================================== VRRP Global Statistics =============================================================================== VR Id Errors Version Errors Checksum Errors =============================================================================== A:ALA-48# 7210 SAS M, T, X, R6, R12, Mxp OS Router Configuration Guide Page 235...
Page 236 Monitor Commands Monitor Commands instance Syntax instance interface interface-name vr-id virtual-router-id [interval seconds] [repeat repeat] [absolute | rate] Context monitor>router>vrrp Description Monitor statistics for a VRRP instance. Parameters interface-name — The name of the existing IP interface on which VRRP is configured. vr-id virtual-router-id —...
Page 237 VRRP Clear Commands interface Syntax interface ip-int-name [vrid virtual-router-id] Context clear>router>vrrp Description This command resets VRRP protocol instances on an IP interface. Parameters ip-int-name — The IP interface to reset the VRRP protocol instances. vrid vrid — Resets the VRRP protocol instance for the specified VRID on the IP interface. Default All VRIDs on the IP interface.
Page 238 Clear Commands policy [vrrp-policy-id] — Clears VRRP statistics for all or the specified VRRP priority control pol- icy. Default All VRRP policies. Values 1 — 9999 Page 238...
Page 239: Vrrp Debug Commands
VRRP VRRP Debug Commands events Syntax events events interface ip-int-name [vrid virtual-router-id] no events no events interface ip-int-name [vrid virtual-router-id] Context debug>router>vrrp Description This command enables debugging for VRRP events. The no form of the command disables debugging. Parameters ip-int-name — Displays the specified interface name. vrid virtual-router-id —...
Page 240 VRRP Debug Commands Page 240...
Page 241: Filter Policies
Filter Policies In This Chapter This chapter provides information about filter policies and management. Topics in this chapter include: • Filter Policy Configuration Overview on page 242 → Service and Network IP Interface-Based Filtering on page 242 → Filter Policy Entities on page 244 •...
Page 242: Filter Policy Configuration Overview
Filter Policy Configuration Overview Filter Policy Configuration Overview Filter policies, also referred to as Access Control Lists (ACLs), are templates applied to services or network IP interfaces to control network traffic into (ingress) or out of (egress) a service access port (SAP) or network IP interface based on IP and MAC matching criteria.
Page 243 Filter Policies IP and MAC filter policies specify either a forward or a drop action for packets based on information specified in the match criteria. Filter entry matching criteria can be as general or specific as you require, but all conditions in the entry must be met in order for the packet to be considered a match and the specified entry action performed.
Page 244: Filter Policy Entities
Filter Policy Configuration Overview Filter Policy Entities A filter policy compares the match criteria specified within a filter entry to packets coming through the system, in the order the entries are numbered in the policy. When a packet matches all the parameters specified in the entry, the system takes the specified action to either drop or forward the packet.
Page 245: Table 8: Applying Filter Policies For 7210 Sas-M And 7210 Sas-T (Access-Uplink Mode)
Filter Policies Table 7: Applying Filter Policies for 7210 SAS-M, X, T devices configured in Network Mode IES interface SAP Available (only on Not Available (ingress and egress) 7210 SAS-M/X) VPRN VPRN interface SAP Available (only on Not Available (ingress and egress) 7210 SAS-M/X) Ingress and Egress of Ingress and Egress of...
Page 246: Table 11: Applying Filter Policies For 7210 Sas-R6 And 7210 Sas-R12
Filter Policy Configuration Overview Table 8: Applying Filter Policies for 7210 SAS-M and 7210 SAS-T (Access-uplink mode) RVPLS VPLS access Not Avail- Not Avail- RVPLS (VPLS (ingress and able able (VPLS SAPs) egress) and SAPs) access-uplink SAPs (ingress and egress) RVPLS Ingress Over- Not Avail-...
Page 247: Acl On Range Saps
Filter Policies Table 12: Applying Filter policies for 7210 SAS-Mxp Service IP Filter IPv6 filter MAC Filter Network port IP Network port IP Network port IP Network port IP interface interface (ingress and interface (ingress and interface (ingress and egress) egress) egress) Epipe...
Page 248: Table 13: Acls Support In Epipe Services On 7210 Sas-X, R6, 7210 Sas-R12, And 7210 Sas-Mxp Variants
Filter Policy Configuration Overview ACLs support in VPLS services on 7210 SAS-M, T Network and Access-Uplink mode Table 13: ACLs support in Epipe services on 7210 SAS-X, R6, 7210 SAS-R12, and 7210 SAS-Mxp variants when using range SAPs Platforms/ Types of filters 7210 SAS-X 7210 SAS-R6 7210 SAS-Mxp...
Page 249 Filter Policies Filter policies are applied to the following service entities: • SAP ingress — IP and MAC filter policies applied on the SAP ingress define the Service Level Agreement (SLA) enforcement of service packets as they ingress a SAP according to the filter policy match criteria.
Page 250: Creating And Applying Policies
Creating and Applying Policies Creating and Applying Policies Figure 6 displays the process to create filter policies and apply them to a service network IP interface. START SPECIFY SCOPE, DEFAULT ACTION, DESCRIPTION CREATE AN IP OR MAC FILTER (FILTER ID) CREATE FILTER ENTRIES (ENTRY ID) SPECIFY ACTION, PACKET MATCHING CRITERIA CREATE SERVICE...
Page 251: Packet Matching Criteria
Filter Policies Packet Matching Criteria As few or as many match parameters can be specified as required, but all conditions must be met in order for the packet to be considered a match and the specified action performed. The process stops when the first complete match is found and then executes the action defined in the entry, either to drop or forward packets that match the criteria.
Page 252 Creating and Applying Policies • Ipv4 filter created in the mode to use ipv6 resource cannot be applied at egress SAP. Similarly IPv4 filter created in the mode to use IPv6 resource, will fail to match fragment option. • Fragmentation — IPv4 only: Enable fragmentation matching. A match occurs if packets have either the MF (more fragment) bit set or have the Fragment Offset field of the IP header set to a non-zero value.
Page 253 Filter Policies DSCP Values Table 15: DSCP Name to DSCP Value Table DSCP Name Decimal Hexadecimal Binary DSCP Value DSCP Value DSCP Value default af11 af12 cp13 cp15 cp17 af21 cp19 af22 cp21 af23 cp23 cp25 af31 cp27 af32 cp29 af33 cp21 7210 SAS M, T, X, R6, R12, Mxp OS Router Configuration Guide...
Page 254 Creating and Applying Policies Table 15: DSCP Name to DSCP Value Table (Continued) DSCP Name Decimal Hexadecimal Binary DSCP Value DSCP Value DSCP Value cp33 af41 cp35 af42 cp37 af43 cp39 cp41 cp42 cp43 cp44 cp45 cp47 (cs6) cp49 cp50 cp51 cp52 cp53...
Page 255: Ordering Filter Entries
Filter Policies Ordering Filter Entries When entries are created, they should be arranged sequentially from the most explicit entry to the least explicit. Filter matching ceases when a packet matches an entry. The entry action is performed on the packet. 7210 SAS supports either drop or forward action.To be considered a match, the packet must meet all the conditions defined in the entry.
Page 256 Creating and Applying Policies Figure 10 displays an example of several packets forwarded upon matching the filter criteria and several packets traversing through the filter entries and then dropped. FILTER ID: 5 SEARCH CRITERIA: DEFAULT ACTION: DROP Source Address: 10.10.10.103 FILTER ENTIES: 10 (ACTION: FORWARD) 20 (ACTION: FORWARD) Destination Address: 10.10.10.104...
Page 257: Applying Filters
Filter Policies Applying Filters After filters are created, they can be applied to the following entities: • Applying a Filter to a SAP on page 257 • Applying a Filter to a Network IP Interface on page 257 Applying a Filter to a SAP During the SAP creation process, ingress and egress filters are selected from a list of qualifying IP and MAC filters.
Page 258: Configuration Notes
Configuration Notes Configuration Notes NOTE: Please refer to the 7210 Services Guides for Service specific ACL support and restrictions. The following information describes filter implementation caveats: • Creating a filter policy is optional. • Associating a service with a filter policy is optional. •...
Page 259: Mac Filters
Filter Policies criterion).The available egress CAM hardware resources can be allocated as per user needs for use with different filter criteria using the commands under configure> system>resource-profile> egress-internal-tcam> acl-sap-egress. By default, the system allocates resources to maintain backward compatibility with release 4.0. Users can modify the resource allocation based on their needs to scale the number of entries or the number of associations (that is, number of SAP/IP interfaces using a filter policy that defines a particular match criterion).
Page 260: Ip Filters
Configuration Notes IP Filters • Define filter entry packet matching criteria — If a filter policy is created with an entry and entry action specified but the packet matching criteria is not defined, then all packets processed through this filter policy entry will pass and take the action specified. There are no default parameters defined for matching criteria.
Page 261: Resource Usage For Egress Filter Policies
Filter Policies example. When created with "use-ipv6-resource" the resource usage is the same as IPv6 filters using ipv6-128-bit-addresses. • ipv6-criteria using ipv6-64-bit addresses - User needs to allocate resources for ipv6- criteria with 64-bit address match from the filter resource pool by using the command "configure>...
Page 262 Configuration Notes cases, the resources can be shared with SAPs that use IPv4 or IPv6 64-bit filter policies. The first case allocates resources for exclusive use by MAC filter policies. The resource usage varies based how resources have been allocated: −...
Page 263 Filter Policies the filter policy uses two (2) entries from the chunks allocated for use in hardware. For example: Assume a filter policy is configured with 50 ipv6-128bit-criteria entries and user uses “configure> system> resource-profile> egress-internal-tcam> acl-sap-egress> ipv6-128bit-match-enable 2”, to configure two chunks for use by ipv6-128bit-criteria. This allows for a total of 128 for use by SAPs using filter policies that use ipv6-128bit- criteria.
Page 264 Configuration Notes Page 264 7210 SAS M, T, X, R6, R12, Mxp OS Router Configuration Guide...
Page 265: Configuring Filter Policies With Cli
Filter Policies Configuring Filter Policies with CLI This section provides information to configure filter policies using the command line interface. Topics in this section include: • Basic Configuration on page 266 • Common Configuration Tasks on page 269 → Creating an IP Filter Policy on page 269 →...
Page 266: Basic Configuration
Basic Configuration Basic Configuration The most basic IP and MAC filter policies must have the following: • A filter ID • Template scope, either exclusive or template • Default action, either drop or forward • At least one filter entry →...
Page 267 Filter Policies mac-match-enable max ---------------------------------------------- *A:sim_dutc>config>system>res-prof>ing-internal-tcam>acl-sap-ing# The following example displays a sample configuration of allocation of egress internal CAM resources for egress policy for 7210 SAS-Mxp: *A:sim_dutc>config>system>res-prof>egr-internal-tcam>acl-sap-egr# info detail ---------------------------------------------- mac-ipv4-match-enable 2 ipv6-128bit-match-enable 0 mac-ipv6-64bit-match-enable 0 mac-match-enable 0 ---------------------------------------------- *A:sim_dutc>config>system>res-prof>egr-internal-tcam>acl-sap-egr# The following example displays a sample configuration of an IP filter policy.
Page 268 Basic Configuration *A:7210SAS>config>system>res-prof>ing-internal-tcam>acl-sap-ing# ipv6-64- The following figure shows the IP filter applied to an ingress interface. Ingress Filter ALA-1 TCP Connection OSRG007 Figure 11: Applying an IP Filter to an Ingress Interface Page 268 7210 SAS M, T, X, R6, R12, Mxp OS Router Configuration Guide...
Page 269: Common Configuration Tasks
Filter Policies Common Configuration Tasks This section provides a brief overview of the tasks that must be performed for both IP and MAC filter configurations and provides the CLI commands. To configure a filter policy, perform the following tasks: • Creating an IP Filter Policy on page 269 •...
Page 270 Common Configuration Tasks ---------------------------------------------- A:ALA-7>config>filter# Page 270 7210 SAS M, T, X, R6, R12, Mxp OS Router Configuration Guide...
Page 271: Ip Filter Entry
Filter Policies IP Filter Entry Within a filter policy, configure filter entries which contain criteria against which ingress, egress, or network traffic is matched. The action specified in the entry determine how the packets are handled, either dropped or forwarded. •...
Page 272: Ip Entry Matching Criteria
Common Configuration Tasks IP Entry Matching Criteria Use the following CLI syntax to configure IP filter matching criteria: The following displays an IP filter matching configuration. *A:ALA-48>config>filter>ip-filter# info ---------------------------------------------- description "filter-mail" scope exclusive entry 10 create description "no-91" match dst-ip 10.10.10.91/24 src-ip 10.10.10.103/24 exit action forward...
Page 273: Ipv6 Filter Entry
Filter Policies no description scope template exit *A:7210SAS>config>filter>ipv6-filter# IPv6 Filter Entry Within an IPv6 filter policy, configure filter entries which contain criteria against which ingress, egress, or network traffic is matched. The action specified in the entry determine how the packets are handled, either dropped or forwarded.
Page 274: Creating A Mac Filter Policy
Common Configuration Tasks Creating a MAC Filter Policy Configuring and applying filter policies is optional. Each filter policy must have the following: • The filter type specified (MAC). • A filter policy ID. • A default action, either drop or forward. •...
Page 275: Mac Filter Entry
Filter Policies MAC Filter Entry Within a filter policy, configure filter entries which contain criteria against which ingress, egress, or network traffic is matched. The action specified in the entry determine how the packets are handled, either dropped or forwarded. •...
Page 276: Mac Entry Matching Criteria
Common Configuration Tasks MAC Entry Matching Criteria The following displays a filter matching configuration example. A;ALA-7>config>filter>mac-filter# info ---------------------------------------------- description "filter-west" scope exclusive entry 1 create description "allow-104" match src-mac 00:dc:98:1d:00:00 ff:ff:ff:ff:ff:ff dst-mac 02:dc:98:1d:00:01 ff:ff:ff:ff:ff:ff exit action drop exit ---------------------------------------------- Apply IP and MAC Filter Policies The following example shows an example of applying an IP and a MAC filter policy to an Epipe service: CLI Syntax: config>service# epipe service-id...
Page 277 Filter Policies *A:7210SAS>config>router#vpls# info detail ---------------------------------------------- ..ingress counter-mode in-out-profile-count no drop-count-extra-vlan-tag-pkts exit exit ingress qos 1 no aggregate-meter-rate filter ipv6 1 exit egress no filter exit no collect-stats no accounting-policy no shutdown exit *A:7210SAS>config>router#vpls 2 info detail 7210 SAS M, T, X, R6, R12, Mxp OS Router Configuration Guide Page 277...
Page 278: Apply Filter Policies To A Network Ip Interface
Common Configuration Tasks Apply Filter Policies to a Network IP Interface IP filter policies can be applied to network IP interfaces. MAC filters cannot be applied to network IP interfaces or to routable IES services. Apply an IP Interface CLI Syntax: config>router# interface ip-int-name The following displays an IP filter applied to an interface at ingress.
Page 279: Filter Management Tasks
Filter Policies Filter Management Tasks This section discusses the following filter policy management tasks: • Renumbering Filter Policy Entries on page 279 • Modifying an IP Filter Policy on page 281 • Detaching/Deleting a Filter Policy on page 284 • Copying Filter Policies on page 286 Renumbering Filter Policy Entries The system exits the matching process when the first match is found and then executes the actions...
Page 280 Common Configuration Tasks The following displays the original filter entry order on the left side and the reordered filter entries on the right side: A:ALA-7>config>filter# info A:ALA-7>config>filter# info ---------------------------------------------- ---------------------------------------------- ip-filter 11 create ip-filter 11 create description "filter-main" description "filter-main" scope exclusive scope exclusive entry 10 create...
Page 281: Modifying An Ip Filter Policy
Filter Policies Modifying an IP Filter Policy To access a specific IP filter, you must specify the filter ID. Use the form of the command to remove the command parameters or return the parameter to the default setting. Example config>filter>ip-filter# description "New IP filter info" config>filter>ip-filter# entry 2 create config>filter>ip-filter>entry$ description "new entry"...
Page 282: Modifying An Ipv6 Filter Policy
Common Configuration Tasks dst-ip 10.10.10.91/24 src-ip 10.10.0.200/24 exit action forward exit exit ---------------------------------------------- A:ALA-7>config>filter# Modifying an IPv6 Filter Policy To access a specific IPv6 filter, you must specify the filter ID. Use the no form of the command to remove the command parameters or return the parameter to the default setting. Example: config>filter# ipv6-filter 11 config>filter>ipv6-filter# description "IPv6 filter for Customer 1"...
Page 283: Modifying A Mac Filter Policy
Filter Policies Modifying a MAC Filter Policy To access a specific MAC filter, you must specify the filter ID. Use the form of the command to remove the command parameters or return the parameter to the default setting. Example config>filter# mac-filter 90 config>filter>mac-filter# description "New filter info"...
Page 284: Detaching/Deleting A Filter Policy
Common Configuration Tasks Detaching/Deleting a Filter Policy Before you can delete a filter, you must remove the filter association from the applied ingress and egress SAPs and network interfaces. • From an Ingress SAP on page 284 • From an Egress SAP on page 284 •...
Page 285: From A Network Interface
Filter Policies From a Network Interface To delete a filter from a network interface, enter the following CLI commands: CLI Syntax: config>router# interface ip-int-name ingress Example: config>router>if>ingress# no filter ip 2 config>router>if>ingress#exit From the Filter Configuration After you have removed the filter from the SAP, use the following CLI syntax to delete the filter. CLI Syntax: config>filter# no ip-filter filter-id CLI Syntax: config>filter# no mac-filter filter-id Example...
Page 286: Copying Filter Policies
Common Configuration Tasks Copying Filter Policies When changes are made to an existing filter policy, they are applied immediately to all services where the policy is applied. If numerous changes are required, the policy can be copied so you can edit the “work in progress”...
Page 287: Filter Command Reference
Filter Policies Filter Command Reference Command Hierarchies • IP Filter Policy Commands on page 287 • IPv6 Filter Policy Commands on page 289 • MAC Filter Policy Commands on page 290 • Redirect Policy Configuration Commands on page 123 • Generic Filter Commands on page 291 •...
Page 288 Filter Command Reference — icmp-type icmp-type — no icmp-type — option-present {true | false} — no option-present — src-ip{ip-address/mask | ip-address netmask} — no src-ip — src-port {{eq} src-port-number — no src-port — tcp-ack {true | false} — no tcp-ack —...
Page 289 Filter Policies IPv6 Filter Policy Commands config — filter — ipv6-filter ipv6-filter-id [ipv6-128bit-address | ipv6-64bit-address ] [create] — no ipv6-filter ipv6-filter-id — default-action {drop | forward} — description description-string — no description — filter-name filter-name — no filter-name — entry entry-id [time-range time-range-name] [create] —...
Page 290 Filter Command Reference MAC Filter Policy Commands config — filter — mac-filter filter-id [create] — no mac-filter filter-id — default-action {drop | forward} — description description-string — no description — entry entry-id [time-range time-range-name] — no entry entry-id — description description-string —...
Page 291 Filter Policies Generic Filter Commands config — filter — copy ip-filter | mac-filter src-filter-id [src-entry src-entry-id] to dst-filter-id [dst-entry dst- entry-id] [overwrite] Show Commands show — filter — download-failed — [ip-filter-id [entry entry-id] [association | counters] — ipv6 [ipv6-filter-id [entry entry-id] [association | counters]] —...
Page 292 Filter Command Reference Page 292 7210 SAS M, T, X, R6, R12, Mxp OS Router Configu- ration Guide...
Page 293 Filter Policies Configuration Commands Generic Commands description Syntax description string no description Context config>filter>ip-filter config>filter>ip-filter>entry config>filter>ipv6-filter config>filter>ipv6-filter>entry config>filter>mac-filter config>filter>mac-filter>entry Description This command creates a text description stored in the configuration file for a configuration context. The description command associates a text string with a configuration context to help identify the context in the configuration file.
Page 294 Configuration Commands Global Filter Commands ip-filter Syntax [no] ip-filter filter-id [use-ipv6-resource] [create] Context config>filter Description This command creates a configuration context for an IP filter policy. IP-filter policies specify either a forward or a drop action for packets based on the specified match criteria.
Page 295 Filter Policies ipv6-filter Syntax [no] ipv6-filter ipv6-filter-id [ipv6-128bit-address | ipv6-64bit-address ] [create] Context config>filter Description This command enables the context to create IPv6 filter policy. During the 'create', the user must specify if IPv6 addresses, both source and destination IPv6 addresses, specified in the match criteria uses complete 128-bits or uses only the upper 64 bits of the IPv6 addresses.
Page 296 Configuration Commands policy. Use the config filter copy command to maintain policies in this manner. The no form of the command deletes the mac-filter policy. A filter policy cannot be deleted until it is removed from all SAP where it is applied. Parameters filter-id —...
Page 297 Filter Policies Filter Policy Commands default-action Syntax default-action {drop | forward} Context config>filter>ip-filter config>filter>ipv6-filter config>filter>mac-filter Description This command specifies the action to be applied to packets when the packets do not match the specified criteria in all of the IP filter entries of the filter. When multiple default-action commands are entered, the last command will overwrite the previous command.
Page 298 Configuration Commands General Filter Entry Commands entry Syntax entry entry-id [time-range time-range-name] [create] no entry entry-id Context config>filter>ip-filter config>filter>ipv6-filter config>filter>mac-filter Description This command creates or edits an IP or MAC filter entry. Multiple entries can be created using unique entry-id numbers within the filter. The implementation exits the filter on the first match found and executes the actions in accordance with the accompanying action command.
Page 299 Filter Policies IP Filter Entry Commands action Syntax action [drop] action forward no action Context config>filter>ip-filter>entry config>filter>ipv6-filter>entry Description This command specifies to match packets with a specific IP option or a range of IP options in the first option of the IP header as an IP filter match criterion. The action keyword must be entered and a keyword specified in order for the entry to be active.
Page 300 Configuration Commands protocol-id — Configures the decimal value representing the IP protocol to be used as an IP filter match criterion. Well known protocol numbers include ICMP(1), TCP(6), UDP(17). The no form the command removes the protocol from the match criteria. Values 0 —...
Page 301 Filter Policies MAC Filter Entry Commands action Syntax action drop action forward no action Context config>filter>mac-filter>entry Description This command configures the action for a MAC filter entry. The action keyword must be entered for the entry to be active. Any filter entry without the action keyword will be considered incomplete and will be inactive.
Page 302 Configuration Commands Parameters frame-type keyword — The frame-type keyword configures an Ethernet frame type to be used for the MAC filter match criteria. Default ethernet_II Page 302 7210 SAS M, T, X, R6, R12, Mxp OS Router Configuration Guide...
Page 303 Filter Policies IP Filter Match Criteria dscp Syntax dscp dscp-name no dscp Context config>filter>ip-filter>entry>match config>filter>ipv6-filter>entry>match Description This command configures a DiffServ Code Point (DSCP) name to be used as an IP filter match criterion. The no form of the command removes the DSCP match criterion. Default no dscp Parameters...
Page 304 Configuration Commands ipv6-address — The IPv6 prefix for the IP match criterion in dotted decimal notation. Values ipv6-address x:x:x:x:x:x:x:x (eight 16-bit pieces) x:x:x:x:x:x::d.d.d.d x: [0..FFFF]H d: [0..255]D mask — The subnet mask length expressed as a decimal integer. Values 0 — 32 netmask —...
Page 305 Filter Policies Default no fragment Parameters true — Configures a match on all fragmented IP packets. A match will occur for all packets that have either the MF (more fragment) bit set OR have the Fragment Offset field of the IP header set to a non-zero value.
Page 306 Configuration Commands option-present Syntax option-present {true | false} no option-present Context config>filter>ip-filter>entry>match Description This command configures matching packets that contain the option field or have an option field of zero in the IP header as an IP filter match criterion. The no form of the command removes the checking of the option field in the IP header as a match criterion.
Page 307 Filter Policies src-port Syntax src-port {eq} src-port-number no src-port Context config>filter>ip-filter>entry>match config>filter>ipv6-filter>entry>match Description This command configures a source TCP or UDP port number for an IP filter match criterion. Note that an entry containing L4 match criteria will not match non-initial (2nd, 3rd, etc) fragments of a fragmented packet since only the first fragment contains the L4 information.
Page 308 Configuration Commands tcp-syn Syntax tcp-syn {true | false} no tcp-syn Context config>filter>ip-filter>entry>match config>filter>ipv6-filter>entry>match Description This command configures matching on the SYN bit being set or reset in the control bits of the TCP header of an IP packet as an IP filter match criterion. Note that an entry containing L4 match criteria will not match non-initial (2nd, 3rd, etc) fragments of a fragmented packet since only the first fragment contains the L4 information.
Page 309 Filter Policies MAC Filter Match Criteria dot1p Syntax dot1p ip-value [mask] no dot1p Context config>filter>mac-filter>entry>match Description Configures an IEEE 802.1p value or range to be used as a MAC filter match criterion. When a frame is missing the 802.1p bits, specifying an dot1p match criterion will fail for the frame and result in a non-match for the MAC filter entry.
Page 310 Configuration Commands dst-mac Syntax dst-mac ieee-address [mask] no dst-mac Context config>filter>mac-filter>entry>match Description Configures a destination MAC address or range to be used as a MAC filter match criterion. The no form of the command removes the destination mac address as the match criterion. Default no dst-mac Parameters...
Page 311 Filter Policies The no form of the command removes the previously entered etype field as the match criteria. Default no etype Parameters ethernet-type — The Ethernet type II frame Ethertype value to be used as a match criterion expressed in hexadecimal. Values 0x0600 —...
Page 312 Configuration Commands Policy and Entry Maintenance Commands copy Syntax copy {ip-filter | mac-filter} source-filter-id dest-filter-id dest-filter-id [overwrite] Context config>filter Description This command copies existing filter list entries for a specific filter ID to another filter ID. The copy command is a configuration level maintenance tool used to create new filters using existing filters. It also allows bulk modifications to an existing policy with the use of the overwrite keyword.
Page 313 Filter Policies renum Syntax renum old-entry-id new-entry-id Context config>filter>ip-filter config>filter>ipv6-filter config>filter>mac-filter Description This command renumbers existing MAC or IP filter entries to properly sequence filter entries. This may be required in some cases since the OS exits when the first match is found and executes the actions according to the accompanying action command.
Page 314 Configuration Commands Page 314 7210 SAS M, T, X, R6, R12, Mxp OS Router Configuration Guide...
Page 315 Filter Policies Show Commands download-failed Syntax download-failed Context show>filter Description This command shows all filter entries for which the download has failed. Output download-failed Output — The following table describes the filter download-failed output. Label Description Displays the filter type. Filter-type Displays the ID of the filter.
Page 316 Show Commands associations — Appends information as to where the filter policy ID is applied to the detailed filter policy ID output. counters — Displays counter information for the specified filter ID. Note that egress counters count the packets without Layer 2 encapsulation. Ingress counters count the packets with Layer 2 encapsulation.
Page 317 Filter Policies *A:Dut-C>config>filter# Output Show Filter (with filter-id specified) — The following table describes the command output for the command when a filter ID is specified. Label Description Filter Id The IP filter policy ID. Scope The filter policy is of type template. Template —...
Page 318 Show Commands Label Description (Continued) The explicit action to perform is forwarding of the Forward — packet. Ing. Matches The number of ingress filter matches/hits for the filter entry. Src. Port The source TCP or UDP port number. Dest. Port The destination TCP or UDP port numbere.
Page 319 Filter Policies IP Filter =============================================================================== Filter Id : fSpec-1 Applied : Yes Scope : Template Def. Action : Forward Radius Ins Pt: n/a CrCtl. Ins Pt: n/a Entries : 2 (insert By Bgp) Description : BGP FlowSpec filter for the Base router ------------------------------------------------------------------------------- Filter Association : IP -------------------------------------------------------------------------------...
Page 320 Show Commands Ing. Matches : 0 pkts Egr. Matches : 0 pkts Entry : fSpec-1-49151 - inserted by BGP FLowSpec Description : (Not Specified) Log Id : n/a Src. IP : 0.0.0.0/0 Src. Port : None Dest. IP : 0.0.0.0/0 Dest.
Page 321 Filter Policies Output Show Filter Associations — The following table describes the fields that display when the associations keyword is specified. Label Description The IP filter policy ID. Filter Id The filter policy is of type Template. Scope Template — The filter policy is of type Exclusive.
Page 322 Show Commands Output Show Filter Associations (with TOD-suite specified) — If a filter is referred to in a TOD Suite assignment, it is displayed in the show filter associations command output: A:ALA-49# show filter ip 160 associations =============================================================================== IP Filter =============================================================================== Filter Id : 160...
Page 323: Table 17: Show Filter (No Filter-Id Specified)
Filter Policies ipv6 Syntax ipv6 {ipv6-filter-id [entry entry-id] [association | counters]} Context show>filter Description This command shows IPv6 filter information. Parameters ipv6-filter-id — Displays detailed information for the specified IPv6 filter ID and filter entries. Values 1 — 65535 entry entry-id — Displays information on the specified IPv6 filter entry ID for the specified filter ID. Values 1 —...
Page 324: Table 18: Show Filter (With Filter-Id Specified)
Show Commands Output Show Filter (with filter-id specified) — The following table describes the command output for the command when a filter ID is specified. Table 18: Show Filter (with filter-id specified) Label Description The IP filter policy ID. Filter Id —...
Page 325 Filter Policies Table 18: Show Filter (with filter-id specified) Default — The filter does not have an explicit forward or drop Match action match action specified. If the filter entry ID indicates the entry is (Inactive), then the filter entry is incomplete as no action has been specified.
Page 326: Table 19: Show Filter Associations
Show Commands ICMP Type : Undefined ICMP Code : Undefined TCP-syn : Off TCP-ack : Off Match action : Forward Ing. Matches : 0 pkts Egr. Matches : 0 pkts Entry Description : (Not Specified) Src. IP : ::/0 Src. Port : None Dest.
Page 327: Table 20: Show Filter Counters
Filter Policies Sample Output *A:7210SAS>show>filter# ipv6 1 associations =============================================================================== IPv6 Filter =============================================================================== Filter Id Applied : Yes Scope : Template Def. Action : Drop Entries Description : (Not Specified) ------------------------------------------------------------------------------- Filter Association : IPv6 ------------------------------------------------------------------------------- Service Id Type : Epipe - SAP 1/1/1:1 (Ingress)
Page 328 Show Commands Table 20: Show Filter Counters The number of ingress filter matches/hits for the filter entry. Ing. Matches The number of egress filter matches/hits for the filter entry. Egr. Matches Note that egress counters count the packets without Layer 2 encapsulation.
Page 329 Filter Policies Output No Parameters Specified — When no parameters are specified, a brief listing of IP filters is produced. The following table describes the command output for the command. Filter ID Specified — When the filter ID is specified, detailed filter information for the filter and its entries is produced.
Page 330 Show Commands Label Description (Continued) The filter does not have an explicit forward or drop match Match action Default — action specified. If the filter entry ID indicates the entry is , the Inactive filter entry is incomplete, no action was specified. Packets matching the filter entry criteria will be dropped.
Page 331 Filter Policies Label Description (Continued) The filter policy ID is applied as an ingress filter policy on the inter- (Ingress) face. The filter policy ID is applied as an egress filter policy on the interface. (Egress) Sample Output A:ALA-49# show filter mac 3 associations =============================================================================== Mac Filter ===============================================================================...
Page 332 Show Commands Label Description (Continued) The filter ID filter entry ID. If the filter entry ID indicates the entry is Entry , then the filter entry is incomplete as no action has been (Inactive) specified. The entry ID match frame type is Ethernet Type II FrameType Ethernet II —...
Page 333 Filter Policies Clear Commands Syntax ip ip-filter-id [entry entry-id] [ingress | egress] Context clear>filter Description Clears the counters associated with the IP filter policy. By default, all counters associated with the filter policy entries are reset. The scope of which counters are cleared can be narrowed using the command line parameters.
Page 334 Show Commands Syntax mac mac-filter-id [entry entry-id] [ingress | egress] Context clear>filter Clears the counters associated with the MAC filter policy. By default, all counters associated with the filter policy entries are reset. The scope of which counters are cleared can be narrowed using the command line parameters. Default Clears all counters associated with the MAC filter policy entries Parameters...
Page 335 Filter Policies Monitor Commands filterip Syntax filter ip ip-filter-id entry entry-id [interval seconds] [repeat repeat] [absolute | rate] Context monitor Description This command monitors the counters associated with the IP filter policy. Parameters ip-filter-id — The IP filter policy ID. Values 1 —...
Page 336 Show Commands interval — Configures the interval for each display in seconds. Default 10 seconds Values 3 — 60 repeat repeat — Configures how many times the command is repeated. Default Values 1 — 999 absolute — When the absolute keyword is specified, the raw statistics are displayed, without pro- cessing.
Page 337: Common Cli Command Descriptions
Common CLI Command Descriptions In This Chapter This section provides information about common Command Line Interface (CLI) syntax and command usage. Topics in this chapter include: • SAP syntax on page 338 7210 SAS M, T, X, R6, R12, Mxp OS Router Configuration Guide Page 337...
Page 338: Common Service Commands
Common CLI Command Descriptions Common Service Commands SAP syntax Syntax [no] sap sap-id Description This command specifies the physical port identifier portion of the SAP definition. Parameters sap-id — Specifies the physical port identifier portion of the SAP definition. The sap-id can be configured in one of the following formats: Type Syntax Example...
Page 339: Standards And Protocol Support
Standards and Protocol Support NOTE: The capabilities available when operating in access-uplink mode/L2 mode and network mode/MPLS mode are different. Correspondingly, not all the standards and protocols listed below are applicable to access-uplink mode and network mode. Standards Compliance RFC 2385 Protection of BGP Sessions via MD5 DHCP RFC 2439 BGP Route Flap Dampening...
Page 340 Standards and Protocols RFC 2464 Transmission of IPv6 Packets MPLS - General RFC 6426 MPLS On-Demand over Ethernet Networks Connectivity and Route Tracing RFC 3031 MPLS Architecture RFC 2545 Use of BGP-4 Multiprotocol RFC 6478 Pseudowire Status for Static RFC 3032 MPLS Label Stack Encoding Extension for IPv6 Inter-Domain Pseudowires RFC 4379 Detecting Multi-Protocol...
Page 341 Standards and Protocols RFC 2206 RSVP-MIB RFC 4577 OSPF as the Provider/ draft-ietf-secsh-userauth.txt SSH Customer Edge Protocol for BGP/ Authentication Protocol RFC 2571 SNMP-FRAMEWORKMIB MPLS IP Virtual Private Networks draft-ietf-secsh-transport.txt SSH RFC 2572 SNMP-MPD-MIB (VPNs) Transport Layer Protocol RFC 2573 SNMP-TARGET-&- draft-ietf-secsh-connection.txt SSH NOTIFICATION-MIB PSEUDO-WIRE...
Page 342 Standards and Protocols ITU-T G.8262 Telecommunication TIMETRA-SAS-IEEE8021-PAE- Standardization Section of ITU, MIB.mib Timing characteristics of TIMETRA-SAS-GLOBAL-MIB.mib synchronous Ethernet equipment TIMETRA-SAS-LOG-MIB.mib.mib slave clock (EEC), issued 08/2007. TIMETRA-SAS-MIRROR-MIB.mib ITU-T G.8264 Telecommunication TIMETRA-SAS-MPOINT-MGMT- Standardization Section of ITU, MIB.mib (Only for 7210 SAS-X) Distribution of timing information TIMETRA-SAS-PORT-MIB.mib through packet networks, issued 10/ TIMETRA-SAS-QOS-MIB.mib...
Page 343 Standards and Protocols Standards and Protocols Page 343...
Page 344 Standards and Protocols Page 344 Standards and Protocols...
Page 345: Index
NDEX router ID service management tasks Filters system interface overview system name applying filter to network ports to SAP entities VRRP entries overview filter entry ordering components filter types IP address owner IP addresses owner and non-owner matching criteria virtual router DSCP values virtual router backup virtual router master...
Page 346 7210 SAS M, T, X, R6, R12, Mxp OS Router Configuration Guide Page 346...

This manual is also suitable for:

7210 sas m7210 sas r67210 sas mxp os7210 sas x 7210 sas r12

Alcatel-Lucent 7210 SAS T Configuration Manual

Quick Links

Related Manuals for Alcatel-Lucent 7210 SAS T

Summary of Contents for Alcatel-Lucent 7210 SAS T

This manual is also suitable for:

Table of Contents