Page 1: Configuration Guide
3Com Router Configuration Guide http://www.3com.com/ Published March 2004 Part No. 10014299...
Page 2 Software is delivered as “Commercial Computer Software” as defined in DFARS 252.227-7014 (June 1995) or as a “commercial item” as defined in FAR 2.101(a) and as such is provided with only such rights as are provided in 3Com’s standard commercial license for the Software. Technical data is provided with limited rights only as provided in DFAR 252.227-7015 (Nov 1995) or FAR 52.227-14 (June 1987), whichever is...
Page 3: System Management
ETTING TARTED YSTEM ANAGEMENT NTERFACE AYER ROTOCOL ETWORK ROTOCOL OUTING ULTICAST ECURITY...
Page 4 VPN 615 ELIABILITY S 681...
Page 5: About This Guide
Convention Description Screen displays This typeface represents information as it appears on the screen. Keyboard key names If you must press two or more keys simultaneously, the key names are linked with a plus sign (+), for example: Press Ctrl+Alt+Del The words “enter”...
Page 6 BOUT UIDE...
Page 7: Getting Started
ETTING TARTED Chapter 1 3Com Router Introduction Chapter 2 3Com Router User Interface...
Page 9: R Outing
This manual describes features and functions of the 3Com Router 1.x system software platform series of low end and middle range routers. In this manual the 3Com Router is also referred to as the 3Com Router 1.x software version. You should make sure that the 3Com Router you use is operating with the software version documented in this manual.
Page 10 PPP/SLIP Frame Relay HDLC X.25 Ethernet Features of the 3Com The following table lists the basic features of the 3Com Router 1.x: Router Version 1.10 Table 3 List of the 3Com Router 1.x features Attribute Description Interconnection protocol LAN Supports Ethernet_II and Ethernet_SNAP frame structure Follows IEEE 802.2 and IEEE 802.3 regulations...
Page 11 Supports DHCP Server and DHCP relay Supports VLAN Supports IP Accounting Non-IP service Supports Novell IPX protocol, provide RIP and SAP to maintain the database of Internetwork routes and service information Supports DLSw of SNA system, implementing SNA through WAN transmission...
Page 12 An X.25 or frame relay virtual circuit on the interface or a dialer route on the dial interface can be used as backup interface as well. Provides multiple backup interfaces for one main interface.
Page 13 ISP (QoS) Supports LR (Line Rate of physical interface) to limit the total speed of packet transmission on physical interface Traffic shaping Uses buffer and token bucket to support general traffic shaping (GTS).
Page 14 Support New Interfaces E3 and CE3 Interfaces Both E3 and E1 are part of the ITU-T digital carrier architecture and are used in most regions beyond North America. The data transmission speed of E3 is 34.368 Mbps and the line code is HDB3. E3/CE3 interfaces support the link layer protocols including PPP, HDLC, Frame Relay, LAPB, and X.25, as well as the...
Page 15: Multilink Frame Relay
Virtual Router Redundancy Protocol (VRRP) is a fault tolerant protocol. Normally, Redundancy Protocol the default route set for a host in a network takes the GW route of the network as (VRRP) the next hop. Through the default route, the host can carry out the communications with the external networks.
Page 16 1: 3C HAPTER OUTER NTRODUCTION...
Page 17: User Interface
On 3Com modular routers the CONSOLE port and AUX port are on the front of the unit, while other ports are on the rear of the unit. The above diagram shows the rear of the unit. For details, please refer to the 3Com Installation Guide.
Page 18 2: 3C HAPTER OUTER NTERFACE Figure 3 Establish a new connection Figure 4 Select the computer serial port for actual connection...
Page 19 Figure 5 Set port communication parameters Figure 6 Select terminal emulation type 3 Power on the router to display the self-test information of the router. Press Enter after the self-test to display the prompt “Username:” and “password:”. Type in the correct username and the password, then enter the system view of Router.
Page 20 9600 baud rate, 8 data bits, 1 stop bit, no parity, no flow control or hardware flow control, and select the terminal emulation type as VT100, the same as the connection established via the console port.
Page 21 Figure 8 Establish a dial-up connection via “HyperTerminal” Figure 9 Dial on remote computer 4 If a dial-up connection is established, then press Enter after the self-test to display the prompt “Username:” and “password:”. Enter the correct username and the password, then enter the system view of Router.
Page 22 Remote LAN Workstation Ethernet Remote router to be configured Workstation 2 As shown in the following two figures (Telnet client program interface in Windows 9X), run the Telnet client program on the computer and set its terminal emulation type as VT100.
Page 23: Command Line Interface (Cli)
Figure 12 Run a telnet program Figure 13 Establish a telnet connection with router The host name in the above figure is the name or IP address of a router interface of the remote connection. 3 If connection is established, press Enter after the self-test to display the prompt “Username:”...
Page 24 For example, the RIP view can configure corresponding commands. The views in the 3Com Router are in a hierarchical structure. You can enter the function views in system view and the sub-function views in the function views.
Page 25: System View
Voice dial program view Voice entity view Voice subscriber-line view The following table gives some details of the functionality features of the command views as well as the commands for entering these views. System view Table 4 Views and their prompts...
Page 26 AUX interface Configures the AUX Enter interface Enter quit to return [Router-Aux0] view interface parameters aux 0 in any views to the system view AM interface Configures the AM Enter interface Enter quit to return [Router-AM0] view interface parameters...
Page 27 The command line prompt character consists of the network device name (Router by default) and the command view name, such as [Router-rip]. The commands are divided according to view. In general, in a certain view, only the commands defined by the view can be executed, but some widely used...
Page 28: Command Line Error Message
NTERFACE The help information obtained via the above-mentioned online help is described as follows: 1 Full help: Enter “?” in any view, all the commands in this view and their brief descriptions can be obtained. [Router]? aaa-enable Enable AAA(Authentication, Authorization and Accounting)
Page 29: History Command
Command Line Interface (CLI) History Command The command line interface of the 3Com Router 1.x provides a function similar to DOSKey by automatically saving the history of commands inputted users. Users can check the history of commands saved in the command line to repeat execution.
Page 30 Trace the route taken by packets to reach a network host undo Cancel current setting 3 A guest user has no right to manage the router, but only has the right to perform a remote test on the router. The guest user can only execute the following commands.
Page 31 User Identity Management By default, no user is set on the router. In this case, the user can log onto the router without username and password, operating as the administrator user and have the right to execute all commands. The router should be configured with at least one administrator user. This is because any user can log onto the router as the administrator user if no user is set on the router which could lead to a breach in network security.
Page 32 Command Reboot the system right now reboot [ reason reason-string ] Reboot the system after a specified time reboot mode interval { hh:mm | time } [string ] Reboot the system at the specified time reboot mode time hh:mm [ dd/mm/yy ]...
Page 33 YSTEM ANAGEMENT Chapter 3 System Management Chapter 4 Terminal Service Chapter 5 Configuring Network Management Chapter 6 Display and Debugging Tools Chapter 7 POS Terminal Access Service...
Page 35 XModem only when the router is powered on for self-test. In Boot ROM software upgrade, first connect a computer external to the Console port of the router and run the terminal emulator on the computer. The specific upgrading procedure is:...
Page 36 The system returns to the prompt displayed at step 3. Select 3 to restart the router. 4 If 1 is selected, the system prompts you to select a baud rate for software loading. Please choose your download speed: 9600 bps...
Page 37 Upgrade Boot ROM Software 5 Example: if you select baud rate 115200 bps, the system will prompt you to modify the baud rate and select XMODEM transfer protocol: Download speed is 115200 bps. Change the terminal's speed to 115200 bps, and select XMODEM protocol. Press ENTER key when ready.
Page 38 HAPTER YSTEM ANAGEMENT Figure 16 “Send file” message window 8 After downloading, the router will save the file into Flash or NVRAM, display the following information, and prompt restoring of the baud-rate setting of the terminal emulator. Download completed. Writing to flash memory...
Page 39 Choose an option as required. Notice that option 3 is used for entering the system view from the user password. 4 Select 1, and the system prompts you to choose a baud rate for software loading: Please choose your download speed:...
Page 40 6: Exit and Reboot Enter your choice(1-6): Make your selection as needed. 5 After a baud rate (115200 bps for example) is selected, the system displays the following information to prompt you to modify the baud rate and select the XModem protocol: Download speed is 115200 bps.
Page 41 Upgrade the 3Com Router Main Program Software Figure 18 Transfer File dialog box 7 Click Browse to open the folder containing the Boot ROM software, select the file, change the download protocol to XModem, click Send, and the system will start...
Page 42 The 3Com Router can provide you with TFTP client service. That is, the router works as a TFTP client, and the file server as the TFTP server. You can enter the corresponding commands on the router to upload its configuration files to the file server or download the configuration files from the file server into the Flash or NVRAM of the local router.
Page 43 2FE module found first will be used as the downloading network interface. On an Router 5680, check the slots for a 1FE card in the order of 0, 2, 4, 6, 1, 3, 5 and 7. The Ethernet interface thus found will be used as the downloading network interface.
Page 44 After board is reset, start-up code will wait 5 seconds ------------------------------------------------------------------- (M)odify any of the 3Com router configuration or (C)ontinue? [M] 2 Enter C to confirm the selection and the router performs POST again, and the Boot ROM starts normally. 3 The router performs POST, and the following displays:...
Page 45 Input the Boot ROM password at the prompt. (By default, no ex-factory Boot ROM password is set on the router. Simply press Enter in this case.) If the Boot ROM password has been modified, enter the correct password. The system terminates the process if the password authentication attempts fails three times.
Page 46 FTP port to establish the control link with port 21 on the server, the link will be in place until there is no data waiting for transmission. The server uses port 20 to establish data link with the client for data transmission.
Page 47 Upgrade the 3Com Router Main Software with FTP 1 Assign an IP address to the interface on the router for connecting the router to the host running the FTP client program. 2 Using the Windows98 FTP client program as an example — place the file to be uploaded on a specified directory, C:\temp for example, on the FTP client.
Page 48 FTP client program. ftp> quit 9 The router writes the files into the Flash after receiving all of them, and the following information displays on the terminal: Now saving the program file. Please wait for a while...
Page 49 FTP in the Home Directory box. Figure 23 Edit Users/Group dialog box 3 Click Add to pop up the Path Name dialog box. Enter the path of the serv-u FTP and click OK to return.
Page 50 ANAGEMENT Figure 24 Path Name dialog box Select the check boxes Read, Write and Delete in FILES and click OK to return. Figure 25 Edit Users/Group check box 4 The cards can be upgraded on-line after the on-line upgrading files are copied to the path of the serv-u FTP.
Page 51: Configuration File Management
On-line upgrading uses the upgrading program of other cards and this card will not be upgraded on-line. The Console displays the following prompt information: %Error: File ID error! If the on-line upgrading file is damaged, the card cannot be upgraded on-line. The Console displays the following prompt information: %Error: File CRC error If another user on the same card is using the on-line upgrading command input, this user cannot execute the command.
Page 52 IP address of the server host, and the number of the port to be used should be set. After all these preparation tasks have been completed, you can perform the following configuration on the router. For the procedure, refer to Upgrading with TFTP.
Page 53: Back Up Configuration Files
“Current configuration” into a text file. TFTP approach First of all, start the TFTP server application program on a PC (the router should be connected to the PC directly or indirectly, and ping operation can be performed between them), then set a path and use the...
Page 54 { aaa | access-number | acct-method | cdr } View and Select the The the 3Com Router series has two kinds of media, i.e. Flash and NVRAM, to Storage Media of store configuration files. Either can be selected with the...
Page 55: Modify And Save Current Configuration
After the flag bit first-config set the Initial Setup Mode is set, the router will delete the config files in Flash or NVRAM before the system enters setup mode, in case of powering off, and reset. The operation is similar to command.
Page 56: Configure Ftp
The server establishes data connection with the client via port 20 and transfer data. The 3Com Router 1.x provides FTP service, that is, the router serves as the FTP server. Users can run the FTP client application and logon to the router to access files on the router.
Page 57 The FTP server can be started after configuring the authentication and authorization of the FTP server. The FTP server supports multi-user access simultaneously. The remote FTP user sends a request to the FTP server, which will execute a corresponding action and return the execution result to the user.
Page 58 Normal update mode: In this mode, the FTP Server writes the files uploaded by the user into Flash as it receives the files. The existing files in the router may be destroyed due to power disconnection. Compared with fast update mode, the system demands less empty memory in the router when working in normal update mode.
Page 59 Configure FTP Display FTP Serve Table 36 Display FTP server Operation Command Display the configuration status of current FTP display ftp-server server Display detailed information of the FTP user display local-user...
Page 60 3: S HAPTER YSTEM ANAGEMENT...
Page 61 Service at Console Port Please refer to Chapter 2 “3Com Router User Interface”for specific method. The features of the terminal service at the console port are shown in the following table. Parameters of the terminal program running on the computer should be set according to this table.
Page 62 Ensuring information security and reliability, the terminal message service fulfills information interaction among multiple terminals on one router. For example, user A and user B respectively log into Router A and Router B. If user A wants to communicate some information (such as configuration information)
Page 63: Configure Terminal
Supports the screen paste on HyperTerminal. Supports using the backspace button to modify the message input in a line. Does not support the control keys such as Insert, Delete, ↑ , ↓ , ← , → , Home, End, and Tab.
Page 64: Dumb Terminal Service
This is called the dumb terminal operation mode. As shown in the diagram below, the user can connect with any asynchronous serial port and log in to the router by running the hyper terminal on PC to carry out the configuration management of the router.
Page 65 Enter twice on the external terminal connected to the interface or log onto the router in modem dial-up mode and press Enter twice, the router will automatically execute the operation preset by the auto-execute command.
Page 66: Telnet Connection
After the configuration, press Enter twice on the terminal connected to this async interface to log on the SCO UNIX host 1.110.164.45. During the configuration, you can click exit to exit the command line interface and can also click Enter twice to return.
Page 67 (Telnet Server) Reverse Telnet Overview Reverse Telnet service: the user logs on the router with a specified port number by running the Telnet client program on the PC. Then the connection to the serial port device connected with the async port of the router is established. One...
Page 68 Reverse Telnet will disconnect automatically. By default, no timeout is configured for the Reverse Telnet, that is, as long as the Reverse Telnet is connected, even if there is no data being transmitted, the Reverse Telnet will not be disconnected.
Page 69 The interface listen port number is within the range of 1025 to 65535. Please note that the listen port number cannot be the same as that of the widely used ports. By default, the port number and asynchronous interface have the following relations: The async serial interface number starts from 2001.
Page 70 Rlogin (Remote Login) is one of the most common Internet applications developed Service by the BSD UNIX system, in which a client is connected with the server by TCP connection. It provides the function of several remote terminals accessing the UNIX host.
Page 71 TERM = (vt100) Terminal type is vt100 # exit rlogin: connection closed. Use local user name abc and enter the wrong password for the first time [Router] rlogin 1.1.254.78 Trying 1.1.254.78 ... Password: ( enter Wrong password)
Page 72: Pad Remote Access Service
PAD (Packet Assembly/Disassembly facility) is a definition specific to X.25 protocol. Access Service The traditional X.25 network requires that all its terminals are of X.25 type, and relevant hardware and software are needed to support X.25 protocol, which are the so-called packet terminals. Packet terminals must be intelligent ones, but many terminals uses are either non-X.25 or not intelligent (such as keyboard,...
Page 73 X.25 network. The 3Com Router implements X.29 and X.3 protocol in the X.25 PAD as well as in the X.29 protocol-based Telnet application and the users can configure routers without geographical limitation, as shown in the figure below.
Page 74 X.25 PAD call on a router and access another router, from which they do the same and access a third router. Or, the user first Telnets to a router from which they can place X.25 calls and access a third router. Or, users can place X.25 calls, access a router and then telnet to another router, and so on.
Page 75: Networking Requirement
I. Networking Requirement Configuration Example As shown in the figure below, with Serial 0 as the interface to the X.25 network, router A is connected with router B through the X.25 network. It is required that router B can access and configure router A after it calls router A.
Page 76 4: T HAPTER ERMINAL ERVICE c Enter the view of interface Serial 0 and set its link layer protocol as X.25 DTE IETF. [RouterA]interface serial 0 [RouterA-serial0]link-protocol x25 dte ietf d Set its X.121 address as 123456. [RouterA-serial0]x25 x121-address 123456 2 Configure Router B: a Enter the view of interface Serial 0 and set its link layer protocol as X.25 DTE...
Page 77: Configuring Management
Whenever the agent detects the occurrence of emergency events on the managed device, such as a change in the interface status or a failed call, it will send traps to notify the NMS. The relationship between NMS and agent is shown in the following figure:...
Page 78 MIB view specifies a collection of managed object types in the context. The MIB view takes the form of a “view sub-tree” to define objects because MIB adopts the tree structure. If the flag of the object to be accessed belongs to the MIB...
Page 79: Snmp Architecture
The hierarchical structure is like a tree, in which, the nodes of the tree represent the managed objects. As shown in the following figure, it can use a path starting from the root to identify an object unambiguously.
Page 80 By default, the system disables SNMP service. Engine ID is the unique ID of individual routers on the overall network. It is a string of 5 to 32 bytes in hexadecimal format. By default, the SNMP engine ID is...
Page 81 Equipment information can be the IP address, MAC address or self-defined hexadecimal digit string. You can skip these two operations when you begin to configure SNMP for a router because SNMP service will be enabled once you configure any related SNMP commands (except for the commands).
Page 82 The destination address is the IP address of the NMS receiving the trap packet, and the source address is the address of the local router, that is, the address of an interface on the local router.
Page 83: Display And Debug
By default, the router is disabled to send traps. 5 Configure the maximum size of SNMP packets that the router can send/receive Set the Max SNMP messages that can be received/sent by the agent according to the network loading capacity.
Page 84: Typical Configuration Examples
[Router] snmp-agent sys-info location telephone-closet,3rd-floor 4 Enable the router to send traps to NMS (129.102.149.23) and use the community name “public”, and set the source address in the traps to be the IP address of the interface ethernet 0. [Router] snmp-agent trap enable [Router] snmp-agent target-host trap address 129.102.149.23...
Page 85: Rmon Overview
RMON Overview Required if traps are to be sent — the IP address of the interface ethernet 0 is the source address of the traps, and the address of the NMS is the destination address. II. Networking Diagram Refer to the networking diagram of Example 1.
Page 86 The value includes three managed objects. With enhanced RMON alarm group function, if a sample is found to cross the threshold, which has been configured, RMON Agent will report to NMS so as to avoid a lot of query messages of the NMS.
Page 87 After enabling RMON statistics of an Ethernet interface, the router will perform the statistics of the packet incoming and outgoing through this interface. After disabling it, the router will not perform the statistics of the packet incoming and outgoing through this interface.
Page 88 5: C HAPTER ONFIGURING ETWORK ANAGEMENT [RouterA] interface ethernet 0 [RouterA-Ethernet0] rmon promiscuous...
Page 89: Debugging Tools
The command to display system running status The command to display system statistic information The following commands can be used to display related information of the whole system in all views. Please see related chapters in this manual for specific display commands.
Page 90: Ping Command
Ping sends Internet Control Message Packets (ICMP) echo packets to another computer connected on the network to see whether it echoes back. Ping is a useful command to test the connectivity of the network and details about the journey.
Page 91 Please see relevant chapters in the 3Com Router Command Reference Guide for detailed meanings of various options and parameters. Ping supporting IP protocol For each ping message sent, if the response message has not been received when the waiting time crosses the threshold, then Request time out output.
Page 92 ICMP error message, indicating that this packet cannot be sent (for TTL timeout). Then, this packet is re-sent with TTL added by 1 (namely 2). Similarly, the next hop returns TTL timeout. In this way, the procedure continues till the destination is reached.
Page 93: Log Function
279 ms The above results indicate which gateways (1~17) are passed from the source host to the destination host, and which gateways are faulty (12, 14, 15, 16 and 17). Log Function This section describes the various attributes that form the log function and how to configure on the router.
Page 94 Allocate proper router buffer to record log information. By configuring the log host, log information is directly sent by Syslog to the log host and then saved as file for later view. Please enter the following commands in system view.
Page 95 The rule to filter the log information according to the level is: the more urgent the log information is, the less severe it will be. The log information with severity higher than the set threshold is forbidden to be output. Only the log information with severity no higher than this threshold can be output.
Page 96 Turn off Syslog undo info-center enable When Syslog is turned on, the performance of the system will be affected due to the information classification and output - especially when processing a large amount of information. Display and Debug Perform the following configuration in all views.
Page 97: Syslog Configuration Example
The router-side configuration is as follows: 1 Turn on the log system [Router]info-center enable 2 Use the host with IP address of 10.110.12.119 as the log host, set the severity threshold to informational, and choose English as the output language. [Router]info-center loghost 10.110.12.119 language english...
Page 98 6: D HAPTER ISPLAY AND EBUGGING OOLS...
Page 99 Typical Configuration Example of POS Access Service POS Access Service Point of Sale (POS) service is a type of smart card service widely used in shopping Overview malls, gas stations, and so on. It links the POS terminal device at the commercial client (located in shopping mall or gas station) to the bank card accounting system to provide service.
Page 100 7: POS T HAPTER ERMINAL CCESS ERVICE Figure 40 Dial-up access when the POS access router is located at the commercial client side POS terminal PSTN/ISDN PSTN/ X.25/FR/DDN POS terminal Router Quidw ay Router Router UNIX FEP POS terminal Due to the way POS access service usually operates, that is, low speed, high frequency and small traffic, it is rather sensitive to the dial-up connection time and requires the interface board for fast dial-up function.
Page 101 2 Configure POS Access Port Only configured as a POS access port can the interface provide POS access service. At present, the interfaces of the 3Com Router series, which can be used for POS access service, include the asynchronous interface, AUX port, the synchronous/asynchronous interface, and the FCM interface.
Page 102 If the POS access port is connected to the POS terminal in asynchronous mode, and the POS asynchronous port does not send a DSR-DTR signal, it is necessary to configure the command undo detect dsr-dtr on the interface. If the POS access port is connected to the FCM interface via dial-up, it is unnecessary to configure the undo detect dsr-dtr command.
Page 103 When several POS terminal devices multiplex one TCP connection to set up relations with the application of the host, for the sake of security, it is necessary to hide the true IP address of the up TCP connection in the access service, and set another IP address for the source address instead.
Page 104 App-state is wrong 7 Set the parameters of FCM used during Modem negotiation In the POS access application, the Modem on the FCM card usually acts as the called party, and the Modem embedded in the POS terminal acts as the calling party.
Page 105: Networking Requirements
Three POS terminals access the Router A located at the FEP side through the FCM card and connect to UNIX A (10.1.1.1) and UNIX B (10.1.1.2) in TCP/IP mode. II. Networking Diagram Figure 42 Networking diagram when the router is located at the FEP side in TCP/IP mode 10.1.1.1/24 UNIX A...
Page 106: Configuration Procedure
Configuration Example when the Router is Located at the FEP Side in Asynchronous Connection Mode I. Networking Requirements Three POS terminals access the Router A located at the FEP side through the FCM and connect to UNIX A (10.1.1.1) and UNIX B (11.1.1.1) in asynchronous connection mode.
Page 107 Three POS terminals access the 3Com Router series located at the commercial client through the asynchronous serial port and connect to UNIX host (10.1.1.1) in TCP/IP connection mode. II. Networking Diagram Figure 44 Networking diagram when the router is located at commercial client in TCP/IP connection mode. terminal 172.17.0.1/ 172.17.0.2/...
Page 108 [RouterA-Async2] undo modem [RouterA-Async0] flow-control none [RouterA-Async0] undo detect dsr-dtr [RouterA-Async2] async mode pos 3 g Configure the route to Router B (take the static route as example). [RouterA-Async2] quit [RouterA] ip route-static 10.1.1.2 255.255.255.0 serial 0 2 Configure Router B a Configure the Ethernet interface Ethernet 0.
Page 109 NTERFACE Chapter 8 Interface Configuration Overview Chapter 9 Configuring LAN Interface Chapter 10 Configuring WAN Interface Chapter 11 Configuring Logical Interface...
Page 111: Configure Interface
CE1/PRI, ISDN BRI interface. Through the WAN interface, the router can exchange data with the network devices in the external network. Logical interface is an interface that does not physically exist and needs to be established through configuration, which can also exchange the data. Logical interface includes the Dialer interface, sub-interface, standby center logic channel and virtual-template.
Page 112 The parameter minutes is 5 minutes by default. Interface Configuration Before configuring an interface, it is necessary to have a clear idea about the Method networking requirement and network diagram. The following operations must be implemented at least for the interface configuration.
Page 113 The protocol state of the interface is changed state to UP changed to UP If a physical interface on the router is idle and not connected with cable, use the command to disable the interface in case that the interface goes shutdown...
Page 114 8: I HAPTER NTERFACE ONFIGURATION VERVIEW...
Page 115: Ethernet Interface Overview
Overview The conventional Ethernet interface complies with 10BASE-T physical layer specifications, working at 10 Mbps and in two modes: full duplex and half duplex. The fast Ethernet interface complies with 100BASE-T and also 10BASE-T physical layer specifications, working at 10 Mbps or 100 Mbps, and in two modes: half duplex and full duplex.
Page 116 Enter view of specified Ethernet interface interface ethernet number 2 Set network protocol address The 3Com Router supports IP and IPX at Ethernet interface. Therefore, it is necessary to configure IP or IPX network address. Please use the following commands in Ethernet interface view.
Page 117 The default is to disable both internal loopback and external loopback. Display and Debug The following command can be used to view the state of Ethernet interface in all Ethernet Interface views, so that the specified Ethernet interface can be displayed and debugged.
Page 118: Network Diagram
If either test fails to pass, it indicates that the Ethernet interface of the router or the connected Ethernet is abnormal. After confirming the fault, proceed as follows: 1 View whether the LAN connection between the host and router is correct.
Page 119 Ethernet interface of the 3Com Router series, does not support 100 Mbps working rate, while the local end is working at 100 Mbps rate by force. At this time, the user should ensure that the opposite side has been configured correspondingly and is working at the rate of 100 Mbps.
Page 120 HAPTER ONFIGURING NTERFACE HUB is connected, all the other devices on the whole network segment will show serious network collisions), while the party working in full duplex mode shows large amount of error messages received, accompanied with serious message losses at both parties. In this case, use...
Page 121: Asynchronous Serial Interface
CE3 Interface CT3 Interface WAN Interface The wide area network (WAN) can be divided into X.25 network, frame relay Introduction network, ATM network and ISDN network according to the line type. Accordingly, the router has synchronous/asynchronous serial interface, ATM interface, ISDN BRI and CE1/PRI.
Page 122 1 Set the synchronous/asynchronous serial interface to work in asynchronous mode If the physical interface to be configured is synchronous/asynchronous serial interface, it must be set to work in asynchronous mode by executing the following commands. Please use the following command in the view of synchronous / asynchronous...
Page 123 Table 96 Set the work mode of asynchronous serial interface Operation Command Set the asynchronous serial interface to work in dial mode. modem { in | out } Set the asynchronous serial interface to work in dedicated undo modem line mode.
Page 124 When transmitting data, the interface will automatically detect the CTS signal. If there are CTS signals, it will transmit data. If no signals are detected, it will terminate the data transmission. If software flow control is adopted, the data transmission on the asynchronous serial interface will be controlled by the software flow control characters.
Page 125 { 5 | 6 | 7 | 8 } works in flow mode 5, 6, 7 and 8 stand for 5, 6, 7 and 8 data bits respectively. By default, there are 8 data bits. 11 Enable or disable level detection...
Page 126: Aux Interface
AUX Interface AUX interface is a fixed port provided by the 3Com Router. It can be used as a common asynchronous serial interface with the highest rate of 115200bps. It can also implement functions such as remote configuration of the router and line...
Page 127: Synchronous Serial Interface
When the stop bit is configured on AUX interface, the parameter of the stopbits command cannot be 1.5. That is, AUX interface does not support the stop bit 1.5. In addition to the above points, AUX interface is configured in the same way as that of the asynchronous serial interface. Synchronous Serial...
Page 128 The synchronous/asynchronous serial interface works in synchronous mode by default. 2 Enter the view of the specified synchronous serial interface In all views, enter the view of the specified synchronous serial interface with the following command. Table 110 Enter view of specified synchronous interface...
Page 129 DCE-side. Therefore, when the synchronous serial interfaces are working in DCE mode, the baud rate is to be set. However, if the interfaces act as DTE, then the baud rate need not be configured. Default baud rate of synchronous serial interface is 64000 bps.
Page 130 By default, when the system decides whether the synchronous serial interface is in UP status or DOWN status, it detects the DSR signal, DCD signal and whether the interface connects a cable at the same time. Only when the three signals are effective, will the system regard the interface is in UP status, otherwise, in DOWN status.
Page 131 To operate with some devices working in half-duplex mode, the synchronous serial interface can be configured to work in half-duplex mode. Please make the following configurations in synchronous serial interface mode. Table 119 Set the synchronous serial interface to work in full duplex or half duplex mode Operation Command...
Page 132: Isdn Bri Interface
ISDN is different from conventional PSTN. In conventional PSTN, information is sent to the switch via analog user loop, converted to digital signal through A/D conversion and then resumed to analog signal when reaching the destination user.
Page 133: Preparations Before Configuration
In ITU-T I.411 recommendations, reference configurations for ISDN user-network interfaces are given according to concepts of function group (a group of functions required by users to access ISDN) and reference point (a point used to distinguish function groups), as shown in the following diagram.
Page 134: Ce1/Pri Interface
Point-to-Multipoint connection is required. Caller Identification function (optional): On ISDN with CID function, the caller number can be filtered, so that only a group of user lines can dial in this router, enhancing the security of the network. Configure ISDN BRI...
Page 135 PPP, Frame Relay, LAPB and X.25, and the network protocols such as IP and IPX. When the interface is used as a PRI interface, timeslot 16 will be used as a D channel to transmit signaling. Therefore, only a group of timeslots except the timeslots 0 and 16 can be chosen as the B channels.
Page 136 Only one timeslot binding mode is supported on one CE1/PRI at one time, that is, the interface can only be bound into either channel sets or a pri set in that period. After binding the interface to be channel sets, the system will automatically create a Serial interface numbered serial number:set-number.
Page 137 When binding an interface to be a pri set, timeslot 16 on a CE1/PRI interface is used as the D channel and the other timeslots are used as B channels. As for the CE1/PRI interface, timeslot 0 will be excluded since it is used to transmit the synchronous information.
Page 138 6 Set line clock When the CE1/PRI interface operates as DCE, you should choose the internal clock, that is, master clock mode. When it operates as DTE, you should choose the line clock, that is, slave clock mode. When the CE1/PRI interfaces on two routers are directly connected, the two ends will respectively operate in line clock mode (slave) and internal clock mode (master).
Page 139: Display And Debug
DS1 contains 24 DS0 (64kbps) timeslots, each of them has 8 bits, and other 1 bit is taken as the framing bit. As a result, each primary frame has 193 bits. This value can be got as follows: 24 x 8 + 1=193 bits. Since 8000 frames can be sent per second, the transmission speed of DS1 is 193 x 8K = 1.544 Mbps.
Page 140 CE1/PRI mode through the using ce1 command. Only one timeslot binding mode is supported on one CT1/PRI interface at one time, that is, the interface can only be bound into either channel sets or a pri set in that period.
Page 141 Timeslots on a CT1/PRI interface can be bound to be only one pri set. When binding an interface to be a pri set, timeslot 24 is used as the D channel and the other timeslots are used as B channels. If no timeslots are specified to be bound, all the timeslots will be bound to form an interface similar to an ISDN PRI interface of 23B+D.
Page 142 Super Frame (ESF). In SF format, multiple frames can share the same frame-synchronization information and signaling information, so that more significant bits can be used to transmit user data. In practice, a system should be tested often. The application of ESF satisfies the requirement that the services are still in normal operation even at the time of testing.
Page 143 E1-F interface is fractional E1 interface, and it is respectively simplified CE1/PRI interface. If there is no need to use multiple channel sets or if ISDN PRI is not necessary in an E1 application, it is too much to use CE1/PRI interface. At this time, E1-F interface is more than enough for meeting the simple E1 access requirements.
Page 144 When it works in framed mode, however, it is physically divided into 32 time slots numbered in the range of 0 to 31. In these time slots, except for time slot 0 used for synchronization information transmission, all the other time slots can be randomly bound into one channel set.
Page 145 The line code format for an E1-F interface defaults to hdb3. 5 Set Line Clock If E1-F interface is used as DCE, the slave clock should be selected. If it is used as DTE, the master clock should be selected.
Page 146 By default, the frame format of E1-F interface is no-CRC4. 7 Enable or Disable Local Loopback/Remote Loopback An interface should be place in local loopback or remote loopback for some special functionality tests. Perform the following configuration in E1-F interface view.
Page 147 T1-F interface is fractional T1 interface, and it is respectively simplified CT1/PRI interface. If there is no need to use multiple channel sets or if ISDN PRI is not necessary in an T1 application, it is too much to use CT1/PRI interface. At this time, T1-F interface is more than enough for meeting the simple T1 access requirements.
Page 148 HAPTER ONFIGURING NTERFACE module in slot 2. Hence, the E1-F interface will be numbered Serial 0, and the 4SA interfaces will be numbered Serial 1 through Serial 4, and the T1-F interfaces will be numbered Serial 5 and Serial 6.
Page 149 T1-F Interface If T1-F interface is used as DCE, the slave clock should be selected. If it is used as DTE, the master clock should be selected. If the T1-F interfaces of two routers are directly connected, they must respectively work in slave and master clock modes.
Page 150 G.742. Each E1 interface can be divided into 32 time slots numbered in the range of 0 to 31. The time slots between 1 and 31 can be randomly bound into N x 64Kbps logical channels (time slot 0 for transmitting frame synchronizing signals cannot participate in binding operation).
Page 151 Disable loopback on the CE3 interface undo loopback By default, loopback is disabled. Single-channel loopback can be set on the E1 channels on a CE3 interface, and the settings of individual channels are independent. Table 169 Set loopback mode of E1 channel...
Page 152 10: C WAN I HAPTER ONFIGURING NTERFACE If framing has been enabled on an E1 channel, you can set its frame format. Perform the following configuration in CE3 interface view. Table 170 Set E1 frame format Operation Command Set E1 frame format...
Page 153 After executing the command on the specified CE3 interface, shutdown all the E1 channels and the serial interfaces formed by channel binding on the CE3 interface will be shut down, and data transmitting and receiving activities will stop. Executing the...
Page 154 Set CRC of the Serial Interface Depending on the networking requirements, the user perhaps needs to configure the parameters such as PPP, Frame Relay and IP address for the CT3 interface. For details, refer to the involving chapters. 1 Enter the view of the specified CT3 interface CT interface uses the command to enter its view.
Page 155 (remote). By default, loopback is disabled. Single-channel loopback can be set on the T1 channels on a CT3 interface, and the settings of individual channels are independent. Table 179 Set loopback mode of T1 channel...
Page 156 / line-number: set-number and whose rate is N x 64 kbps or N x 56 kbps. The interface has the same logic feature as that of a synchronous serial interface; therefore, it can be regarded as a synchronous serial interface for further configuration.
Page 157 T1 interface and the serial interfaces formed through binding operation. To disable/enable only the serial interface formed by T3, the serial interface formed by T1 channel or the serial interface formed by timeslot bundle of T1 channel, user can use command in Serial interface view.
Page 158 10: C WAN I HAPTER ONFIGURING NTERFACE...
Page 159 Standby Center Logic Channel Virtual-Template and Virtual Interface Logical Interface The logical interface refers to the interface that can exchange data, but does not Introduction exist physically and needs to be established through configuration, including the Dialer interface, loopback interface, null interface, sub-interface, standby center logic channel and virtual-template.
Page 160: Null Interface
Create the Null interface Configure operating parameters of the interface 1 Create the Null interface Only one interface Null 0 can be created on the 3Com Router. Please perform the following configurations in all views. Table 188 Create/Delete Null interface:...
Page 161 Ethernet interface: When the sub-interface of Ethernet has not been configured with VLAN id, the sub-interface can only support IPX network protocol. After configured with VLAN id, it will be able to support both IPX and IP protocols. WAN interface which link layer protocol is frame relay: Its sub-interface can support IP and IPX network protocols.
Page 162 2 Configure relevant working parameters If the sub-interface of Ethernet has not been configured with VLAN id, it can only support IPX network protocol. Therefore, only IPX network address and other IPX working parameters can be configured on this sub-interface.
Page 163: Networking Diagram
Typical WAN sub-interface configuration example I. Networking Requirements As shown below, WAN interface Serial0 of router A is connected with router B and router C via public frame relay network. By configuring sub-interfaces on Serial0 of router A, LAN 1 can simultaneously access LAN 2 and LAN 3 via Serial0.
Page 164: Virtual-Template And Virtual Interface
Virtual-template as the name implies, is a template used to configure a virtual Virtual Interface interface, mainly used in VPN and MP. After setting up the connection of VPN session, it is necessary to create a virtual interface to exchange data with the opposite end. At this times configuration and...
Page 165 Similarly, after multiple PPP links are bound as MP, a virtual interface also needs to be created to exchange data with the opposite end. At this time, select an interface template to dynamically create a virtual interface.
Page 166: Troubleshooting
Virtual Interface configuration. The virtual interface will be deleted because of low-layer link disconnection or user intervention. The following command can be used to display the state of virtual-template in all views. Table 193 Display state of the specified virtual-template...
Page 167 AYER ROTOCOL Chapter 12 Configuring PPP and MP Chapter 13 Configuring PPPoE Client Chapter 14 Configuring SLIP Chapter 15 Configuring ISDN Protocol Chapter 16 Configuring LAPB and X.25 Chapter 17 Configuring Frame Relay Chapter 18 Configuring HDLC Chapter 19 Configuring Bridge...
Page 169: Ppp Overview
PPP defines a whole set of protocols, including link control protocol (LCP), network control protocol (NCP) and authentication protocols (PAP and CHAP). Of them: Link Control Protocol is used to negotiate some parameters of the link and is responsible for creating and maintaining the link.
Page 170 (Acknowledge or Not Acknowledge). 3 Phases of PPP negotiation: When the physical layer is unavailable, the link is in Dead phase. A link shall start from the Dead phase. When the physical layer becomes available, PPP link enters the Establish phase.
Page 171: Configure Ppp
1 Detect whether the interface of the peer works in MP mode. First begin LCP negotiation with the peer, negotiating about ordinary LCP parameters and verify whether the interface of the peer works in MP mode. If the peer does not work in MP mode, begin NCP negotiation and do not bundle MP.
Page 172 12: C HAPTER ONFIGURING Table 194 Configure the link layer protocol of the interface to PPP Operation Command Configure the link layer protocol of the interface to PPP link-protocol ppp The default link layer protocol of the interface is PPP.
Page 173 , to perform CHAP authentication. While configuring CHAP password authentication, user of one end is the username of the other, and the password must be the same. In some situation, if the router cannot configure user list then it needs to...
Page 174 10s, and the value range is 1~10s. Some negotiation parameters of NCP For the configuration of local IP address and the IP address assigned to the peer, refer to Network Protocol. For example, if it is necessary for the remote...
Page 175 After the link is disabled, the system will calculate the link quality in every ten LQR packets. The link will be resumed only if the calculation results of link quality are qualified for three consecutive times.
Page 176 2 Configure Operating Parameters of Virtual Template Comparing virtual template interface with general physical interface, users can find that the link layer protocol supports only PPP and the network protocol supports IP and IPX. Therefore the following operating parameters can be set:...
Page 177 Bind according to username or endpoint Here the username refers to the received remote username when PPP link performs PAP or CHAP authentication. Endpoint is the unique mark of a router and refers to the received remote endpoint when performing LCP negotiation.
Page 178 In the above cases, you should set the virtual Baud rate on interfaces. When virtual Baud rate (must not be 0) is set on an interface, system will substitute virtual Baud rate for interface Baud rate to control flows. Proper application of virtual Baud rate can make full use of the total link bandwidth and reduce network delay time, while the irrational configuration runs the opposite.
Page 179: Display And Debug
Quidway 1 III. Configuration Procedure 1 Configure Router1 (authenticator): a Add a user with name Router2 and password hello to the local database [Router]local-user Router2 password simple hello b Configure to start PAP authentication at this side [Router]interface serial 0...
Page 180: Networking Diagram
Typical MP I. Configuration Requirement Configuration In Figure 51, two B channels of E1 interface of router-a are bound to the B channel Example of router-b, and the other two B channels are bound to router-c. Suppose that four B channels on router-a are serial2:1, serial2:2, serial2:3 and serial2:4, the names of interfaces of two B channels on router-b are serial2:1 and serial2:2, and the names of interfaces of two B channels on router-c are serial2:1 and serial2:2.
Page 181 Configure working parameters of the virtual interface template [Router]interface virtual-template 1 [Router-Virtual-Template1]ip address 202.38.168.2 255.255. 255.0 d Add the interfaces serial2:1 and serial2:2 into MP channel. Here, take serial2: 1 as an example, and other interfaces are configured similarly.
Page 182 Indicates that this interface is activated, but link negotiation is not successful. Fault 3: Fail to ping through the peer although the link is UP and LCP and IPCP are all opened.
Page 183: Configuring Ppp O E Client
PPP data according to PPP. The PPP packets are encapsulated in Ethernet frames as payload of PPPoE frames, and transmitted to the peers of the PPPoE link. In this case, all the Ethernet frames are unicast. Refer to RFC2516 for PPPoE.
Page 184 PPPoE Session PPPoE Server As shown in the above figure, the PCs on an Ethernet are connected to a 3Com Router running PPPoE client. The data destined for the Internet first reach the router where PPPoE encapsulates the data, and then go through the ADSL access server via the ADSL Modem attached to the router, and finally access the Internet.
Page 185 In permanent connection, the router will originate a PPPoE call to automatically and immediately set up a PPPoE session. And this session will be always in place unless the user uses the command to delete it.
Page 186 Internet via ADSL. It uses “3com" as the user name of the ADSL account, and the password is 12345. Enable the PPPoE client function on the router, so that the hosts on the LAN can access the Internet, even installed with no PPPoE client software.
Page 187: Networking Requirements
RouterA uses both DDN leased line and ADSL to connect with the network center and ADSL is used as a standby for the DDN leased line. Thus, if the DDN leased line fails, RouterA can still originate PPPoE call for connection to the network center across ADSL.
Page 188 13: C HAPTER ONFIGURING LIENT...
Page 189: Configuring Slip
For further details about SLIP, you can refer to RFC1055. Configure SLIP Because SLIP does not negotiate the name of the remote end, SLIP dialer can only be used with the standard BDR. SLIP dialer on the physical port configuration includes:...
Page 190: Networking Requirement
By default, the link layer protocol of the interface is PPP. Note the following: The link layer protocol of the interface can be set to SLIP only when it operates in the asynchronous mode. When link layer protocol LAPB, X.25, HDLC or Frame Relay is operating on the interface, the physical attributes of the interface cannot be modified to asynchronous mode.
Page 191 Enable BDR [Router-Serial0]dialer enable-legacy f Configure the Dialer String to router B [Router-Serial0]dialer number 8810026 g Configure the link layer protocol of the interface to SLIP [Router-Serial0]link-protocol slip h Specify Dialer Group [Router-Serial0]dialer-group 1 Configure the default route to Route B [Router]ip route-static 0.0.0.0...
Page 192 14: C SLIP HAPTER ONFIGURING [Router]ip route-static 0.0.0.0 0.0.0.0 10.110.0.1...
Page 193: Isdn Protocol
Basic Rate Interface (BRI) and Primary Rate Interface (PRI). The bandwidth of BRI is 2B+D, and that of PRI is 30B+D or 23B+D. Here: B channel is a user channel, used to transmit the voice, data and other user information with the transmission rate 64kbps.
Page 194 ISDN PRI interfaces. isdn protocol-type For an ISDN BRI interface, it does not take effect. In other words, an ISDN BRI interface can use only DSS1 signaling, whereas an ISDN PRI interface can use either DSS1 signaling or QSIG signaling.
Page 195 By default, no called number or sub-address is configured. The commands are used to set the items to be checked in the digital incoming call. If the sub-address is set, call of the opposite will be rejected when the sub-address...
Page 196 ISDN network support. 1 Configure Calling Method for Initiating a Connection on an Interface For an interface generating ISDN calls, you must set the call type to either voice call or data call. Perform the following configuration in dialer interface or ISDN interface view.
Page 197: Typical Configuration Example
[Router-Serial0:15]dialer route-info ip 202.38.154.2 8810154 [Router-Serial0:15]dialer-group 1 [Router-Serial0:15]quit [Router]dialer-rule 1 ip permit 2 Configure Router B: The parameter configuration on Router B is almost the same as Router A, so it will not be mentioned here. Typical ISDN DoV I. Networking Requirements Configuration Example RouterA and Router are connected over an ISDN and RouterA will initiate a call to RouterB.
Page 198 If the system prompts “there is display isdn call-info no isdn port”, it means that there is no ISDN PRI port, and you should configure one. For the configuration, refer to the section “cE1/PRI Interface and cT1/PRI Interface Configuration” in Operation Manual - Interface.
Page 199: Protocols Overview
X.25 is the protocol of point-to-point interaction between DTE and DCE. DTE usually refers to the host or terminal at the user side, and DCE usually refers to the synchronous modem. DTE is connected with DCE directly, DCE is connected to a...
Page 200 PSE: Packet Switching Equipment PSN: Packet Switching Network The X.25 protocol suite maps to the lowest three layers of the OSI (Open System Interconnection) reference model. The following protocols are typically used in X.25 implementations: Packet-Layer Protocol (PLP), Link Access Procedure Balanced (LAPB), and other physical-layer serial interfaces.
Page 201 X.25 and LAPB Protocols Overview Once a virtual circuit is established between a pair of DTEs, it is assigned with a unique virtual circuit number. When one DTE is to send a packet to the other, it numbers this packet (with virtual circuit number) and sends it to DCE. According to the number on the packet, DCE determines the method to switch this packet within the switching network, so that this packet can reach the destination.
Page 202: Configure Lapb
Configure LAPB parameter K The parameter K in the LAPB window represents the maximum number of I frames numbered in sequence that is to be identified by the DTE or DCE in any specified time. In the interface view, configure as follows:...
Page 203 T1 should be larger than the maximum interval between sending a frame and receiving its response frame. Retransmission timer is started after sending the frame but if response is not received and timer is expired then frame will be retransmitted.
Page 204 DTE side and requires the IETF format. Therefore, the working mode of X.25 should be DTE and the format should be IETF. If a pair of serial interfaces of two routers is directly connected for data transmission, make sure the two transmission ends are DTE and DCE and the formats are the same.
Page 205 Configure X.25 X.25 protocol can multiplex multiple virtual connection over a real physical link between DTE and DCE, also called virtual circuit (VC) or logical channel (LC). X.25 can establish up to 4095 virtual connections numbered from 1 to 4095. The number that can be employed to identify each virtual circuit (or logical channel) is called logical channel identifier (LCI) or virtual circuit number (VCN).
Page 206 In strict numerically increasing order, i.e. 1lichic<ltchtc<lochoc4095. If the upper limit (or lower limit) of a section is 0, then the lower limit (or upper limit) shall also be 0, (which indicates this section is prohibited to use).
Page 207 It is essential to set correct default flow control parameters (window size and packet size) for the operation of the link because X.25 protocol is good at traffic control. However, most public X.25 packet networks use the default window size and maximum packet size specified in ITU-T X.25 Recommendation, which is also...
Page 208 To establish a SVC with a call, X.25 address is needed, which adopts the address format specified in ITU-T Recommendation X.121. X.121 address is a character string consists of the Arabic numerals from 0 to 9, and it is of 0 to 15 characters.
Page 209 * addresses 3 Configure the attributes related to the address code block in the call packet or call accept packet As specified in X.25 protocol, the call packet must carry the information set of both the calling DTE address (source address) and the called DTE address (destination address).
Page 210 CUD field; when receiving calls carrying the CUD fields that cannot be identified, it will reject them. But an upper layer protocol can be specified as the default protocol borne on the X.25 of the 3Com Router series.
Page 211 In the most frequently used X.25 service, data is transmitted remotely between two hosts using the X.25 protocol via X.25 public packet network. As shown in the figure below, LAN A and LAN B are far apart, and X.25 packet switching network can be used to realize information exchange between them.
Page 212 While creating a permanent virtual circuit, some attributes of the PVC can also be selected via the option. This [option] is a subset of [option] in the command " ..[option]".
Page 213 The X.25 of the 3Com Router series can establish up to 8 virtual circuits on one address mapping. In case of large traffic and low line rate, this parameter can be increased properly to reduce data loss. By default, one address mapping is associated with only one virtual circuit.
Page 214 " x25 map..command). The configuration based on X.25 interface will be effective in every call originated from this X.25 interface, while the configuration based on address mapping will be effective only in the calls originated from this address mapping.
Page 215 PVC will choose the default value of X.25 x25 pvc interface. name is the name of the ROA ID list configured by the command x25 roa-list in the system view, for example: [Router]x25 roa-list list1 12 34 567...
Page 216 But for non-broadcasting networks like X.25, how to realize the broadcasting? The X.25 of the 3Com Router series can enable this to decide if the broadcast packet should be duplicated and sent to a destination. This is very important. For instance, the broadcast-based application layer routing protocol will request broadcasting datagram sent by X.25 to exchange routing information on the X.25...
Page 217: Switching Function
X.25 port selected according to related destination address information contained in the packets. X.25 switching enables the 3Com Router series to perform packet switching function in the packet layer, and to be used as a small packet switching exchange.
Page 218 2 Add/Delete an SVC route In the system view, the commands in the following table can be used to add or delete an SVC route. Table 259 Add or delete an SVC route...
Page 219 X.25 networks, a group of DTE/DCE interfaces (synchronous serial interfaces or XOT Tunnels) need to be configured at the remote DCE on the network as a hunt group. And it is necessary to allocate an X.121 address to such hunt group. When other equipment in the network accesses the DTE inside the hunt group, they need to call the hunt group address.
Page 220 Server B and DCE. Thus all the first 200 calls will be sent to Server A, and the calls following the first 200 ones will be sent to Server A and Server B by turns.
Page 221 Delete specified XOT Tunnels from hunt undo channel xot ip-address group It should be noted that a hunt group can have ten synchronous serial interfaces or XOT Tunnels at most. XOT Tunnels cannot be added to the hunt group that adopts vc-number channel selection policy.
Page 222: Introduction To Xot Protocol
Configure X.25 over TCP Introduction to XOT Protocol (XOT) XOT (X.25 Over TCP) is a protocol that is supported by TCP, and implements the connection of two X.25 networks through IP network. The practical application environment is shown in the following figure.
Page 223 Implementing theory of XOT (taking SVC as an example): As shown in the former figure, when it has data to transmit, RouterA first send a request packet to set up a VC. After RouterB receive the call packet and judges that it is XOT application, it first set up a TCP connection with RouterC, and then stick the XOT packet header to X.25 call packet which is encapsulated in TCP...
Page 224 Operation Manual - Network protocol. 3 Configure local switching (SVC) For SVC, when it receives the packets from the remote side, it must send out the packets through local switch interface, so you have to configure local switching.
Page 225 5 Configure Keepalive and xot-source attributes After the TCP link is established, TCP will not be easily cleared even if the link is disconnected. But after configuring Keepalive, the router will send checking packets in time to check the usability of the link. If it cannot get confirmation after sending out packets several times, it will consider the link failure and clear it automatically.
Page 226 When configuring an Annex G DLCI, the user must explicitly configure it with the argument DCE or DTE. In addition, the configurations on the routers of a connection should not be the same. That is, if a router is configured to work as DTE, the other router must be configured as DCE.
Page 227: Display And Debug
DTE [Router-Serial0]link-protocol lapb dte d Configure other Lapb parameters (if the link is of good quality, and a higher rate is required, the flow control parameter modulo can be increased to 128, k to 127, but they must be the same for both ends in the direct connection)
Page 228 DCE [Router-Serial1]link-protocol lapb dce d Configure other LAPB parameters (if the link quality is good, and a higher rate is required, the flow control parameter modulo can be increased to 128, k to 127, but they must be the same for both ends in the direct connection)
Page 229 Connect the Router to I. Networking Requirement X.25 Public Packet As shown in the diagram below, three routers A, B and C are connected to the Network same X.25 network for mutual communication. The requirements are: IP addresses of the interfaces Serial0 of three routers are 168.173.24.1, 168.173.24.2 and 168.173.24.3 respectively.
Page 230: Router-Serial0]Ip Address 168.173.24.1 255.255.255.0
1 Configure Router A: a Configure interface IP address [Router]interface Serial 0 [Router-Serial0]ip address 168.173.24.1 255.255.255.0 b Connect to public packet network, make the router as DTE side [Router-Serial0]link-protocol x25 dte [Router-Serial0]x25 x121-address 30561001 [Router-Serial0]x25 window-size 5 5 [Router-Serial0]x25 packet-size 512 512 [Router-Serial0]x25 map ip 168.173.24.2 x121-address 30561002...
Page 231 4 respectively. The IP network addresses of Ethernet A and B are 202.38.165.0 and 196.25.231.0 respectively. It is required to exchange routing information between Ethernet A and B with RIP routing protocol, so that PC A and PC B can exchange information without adding static route.
Page 232 3 and 4 respectively. Virtual circuit refers to the end-to-end logical link between the calling DTE and the called DTE, while logical channel refers to the logical link between two directly connected devices (either between DTE and DCE, or between the ports of two packet switching exchanges).
Page 233: Configure Router C
Typical X.25 Configuration Example II. Networking Diagram Figure 72 Diagram of X.25 sub-interface configuration RouterD RouterA RouterC RouterB III. Configuration Procedure 1 Configure Router A: [Router]interface serial 0 [Router-Serial0]link-protocol x25 dte [Router-Serial0]x25 x121-address 100 [Router-Serial0]interface serial 0.1 a Create sub-interface serial 0.1 [Router-Serial0.1]ip address 10.1.1.2 255.255.0.0...
Page 234 HAPTER ONFIGURING SVC Application of XOT I. Networking Requirement Router B and C connect through Ethernet interface, and build TCP connection between them. X.25 packets forward through TCP, and configure SVC to implement the SVC function. II. Networking Diagram Figure 73 SVC application networking diagram of XOT...
Page 235 [Router-Serial0]link-protocol x25 dce ietf PVC Application of XOT I. Networking Requirement Router B and C connect through Ethernet interface, and build TCP connection between them. X.25 packets forward through TCP, and configure PVC to implement the PVC function. II. Networking Diagram...
Page 236: Networking Requirements
RouterB, RouterC and RouterE equally as one destination, and the calls of X.25 terminal can be sent to routers RouterB, RouterC and RouterE to achieve load balancing. Therefore the load balancing of routers on X.25 network can be implemented.
Page 237: Configure Routerb
RouterE X.25 Terminal III. Configuration Procedure 1 Configure RouterA a Configure the link layer protocol of interface Serial1 to X.25 and specify it to operate in DCE mode. [Router]interface serial 1 [Router-Serial1]link-protocol x25 dce b Configure the link layer protocol of other synchronous serial interfaces to X.25 and specify it to operate in DCE mode.
Page 238 The configurations of RouterC and RouterE are identical with the configuration of RouterB 3 Configure RouterD a Configure link layer protocol of interface Serial 0 to X.25 and specify it to operate in DCE mode. [Router]interface serial 0 [Router-Serial0]link-protocol x25 dce b Configure IP addresses on interface Ethernet 0.
Page 239: Configure Interface Ethernet
Typical X.25 Configuration Example Note that you must configure a virtual IP address and two static routes on interface Serial 1 to deceive the router because two lines connected to the same peer exist in router RouterC. Thus load balancing can be achieved because router RouterC will deem that there are two routes connected to network segment 10.1.1.0.
Page 240 Interconnect LANs via I. Networking Requirements Annex G DLCIs Two Routers are directly connected via serial interfaces. Router A works as Frame Relay DCE whereas Router B as Frame Relay DTE. II. Networking Diagram Figure 77 Interconnect LANs via an Annex G DLCI...
Page 241 RouterA and RouterC are respectively connected to RouterB and RouterD through X.25. RouterB and RouterC are connected through Frame Relay. Configure Annex G DLCI 100 for Frame Relay on both RouterB and RouterC to interconnect the two X.25 networks. Thereby, PC1 and PC2 can access each other.
Page 242 16: C LAPB X.25 HAPTER ONFIGURING II. Networking Diagram Figure 78 Networking for the SVC application of X.25 over Frame Relay DLCI100 Router B Router C Router D Router A III. Configuration Procedure 1 Configure the router Router A: a Configure the basic X.25 parameters.
Page 243 X.25. RouterB and RouterC are connected through Frame Relay. Configure Frame Relay Annex G DLCI 100 on both RouterB and RouterC to set up an X.25 PVC to interconnect the two X.25 networks. Thereby, PC1 and PC2 can access each other.
Page 244 Configure a Frame Relay Annex G DLCI. [Router-Serial1]fr dlci 100 [Router-fr-dlci-100]annexg dce g Apply the X.25 template to Annex G DLCI 100 (which is equivalent to configure X.25 attributes for the Annex G DLCI). [Router-fr-dlci-100]x25-template profile1 4 Configure Router C: a Enable X.25 switching.
Page 245 "UP" status. Troubleshooting: It is possible that the local working mode has been configured wrong, for example, both sides of a connection are DTE or DCE. Try again after changing the interface working mode. Fault 2: X.25 protocol is "UP", but virtual circuit can not be established, i.e., unable to ping through.
Page 246 DLCI has been in place after negotiation. However, the remote end cannot be pinged. Troubleshooting: Check whether the X.25 protocol is up at both ends of the Annex G DLCI by using the command. Both the Frame Relay interface display fr pvc-info and DLCI number should be explicitly specified in the command.
Page 247 Fault Diagnosis and Troubleshooting of X.25 If receiving the ping packet forwarded from the router at one end, check whether the returning route has been configured in the routing table. In addition, if the destination IP address for returning the packets is different from that configured in the Frame Relay address map and X.25 address map, you...
Page 248 16: C LAPB X.25 HAPTER ONFIGURING...
Page 249: Configuring Frame Relay
Frame Relay mainly bears IP. In sending IP packet, only the next hop address of the packet can be obtained from the route table, so this IP address must be used to determine the corresponding DLCI before sending.
Page 250 DCE. In case that the two network devices are directly connected, the equipment administrator sets the virtual circuit status of DCE. In The 3Com Router, the quantity and status of the virtual circuits are set at the time when address mapping is set (with the command).
Page 251 In Frame Relay, the two sides in communication are classified into user side and network side. The user side is called DTE, and the network side is called DCE. The equipment response interface should be configured as DTE or DCE format according to its location in the network.
Page 252 If the timer T391 times out, but no status message is received yet at the DTE side to respond to that, this event error will be recorded and 1 will be added to the number of errors.
Page 253 4 times (N393) In which, the related parameters at the DTE side include: T391DTE: The interval of the link integrity polling for the equipment at the DTE side N391DTE: DTE equipment will send a status enquiry message at a certain interval (which is determined by T391).
Page 254 DCE side. N393DCE: The total number of observed events at the DCE side. It should be noted that N392 should be no larger than N393 and T391DTE should be smaller than its peer T392DCE. 5 Configure Frame Relay Address Mapping Frame Relay address mapping means to establish the mapping between the peer protocol address and the local DLCI.
Page 255 Frame Relay class. The virtual circuit number is valid locally, that is, the virtual circuit numbers on both ends of the link can be the same. Different interfaces can be assigned with the same virtual circuit number, but the virtual circuit number must be unique on one physical interface.
Page 256 By default, all the sub-interfaces are enabled to use dynamic inverse-arp. 8 Configure Frame Relay PVC Switching Router routers can be used as Frame Relay switches to provide the function of Frame Relay PVC switching. There are two ways to configure the Frame Relay switching: configuring the Frame Relay switched route or configuring the Frame Relay switched PVC.
Page 257 { dte | dce | nni } By default, Frame Relay PVC switching is disabled. The configured PVC can take effect only when the type of Frame Relay interface is NNI or DCE. b Configure Frame Relay switched route Perform the following configurations in synchronous serial interface view.
Page 258 “bundle link”. As for an actual physical layer, bundle link is equal to an analog data link layer, and bundle manages all the bundle links. As for data link layer, bundle is analog physical layer.
Page 259 Configure Frame Relay will not take effect. On the MFR interface, you can configure the network layer parameters (e.g., IP address) and Frame Relay parameters (e.g., DLCI). The physical interface bundled on the MFR interface will use the parameters on the MFR interface.
Page 260 The default link identification is the name of its physical interface. By default, a bundle link will send out hello message every 10 seconds; it will send a hello message a maximum of 3 times and wait 4 seconds for a hello message acknowledgement.
Page 261 This will cause delay and even drop of voice packets behind it, and hence degrade the voice quality. The purpose of configuring Frame Relay fragmentation is to shorten voice delay and ensure real-time voice transmission.
Page 262 As shown in Figure 82, Router B transmits packets to Router A at the rate of 128 kbps whereas the maximum interface rate of Router A is only 64 kbps. In this case, the...
Page 263 CIR ALLOW= 64 kbps, CIR = 32 kbps, CBS = 64000 bit, EBS = 64000 bit, and interval Tc = CBS / CIR ALLOW = 1s. Within the first interval Tc, the PVC-transmitting burst traffic size equals to CBS+EBS. Beginning from the second Tc, the transmitted traffic size within each interval Tc becomes CBS.
Page 264 For the detailed introduction, refer to the part of QoS. PIPQ can only be applied on the Frame Relay interface. It is similar to PQ, but aiming at the PVCs on an interface. When the Frame Relay traffic shaping is enabled on an interface, the queueing type on the interface can only be either FIFO or PIPQ.
Page 265 CIR ALLOW = 64 kbps, CBS = 64000 bit, EBS = 64000 bit, and interval Tc = CBS / CIR ALLOW = 1s. When the interval is in the range of 0 to 2s, DTE will transmit packets to DCE at 64 kbps and DCE will normally forward these packets at 64 kbps.
Page 266 Relay PVCs on a router, and each of them contains multiple DE rules. If a packet transmitted on a PVC complies with the rules in the DE rule list, its DE flag bit will be set to 1, and the packets like it will be discarded first if the congestion occurs on the network.
Page 267: Configure Frame Relay Traffic Shaping
If there is a Frame Relay class associated with the PVC, use the QoS parameters configured to the Frame Relay class. If there is no Frame Relay class associated with the PVC but a Frame Relay class associated with the interface to which the PVC belongs, use the QoS parameters configured to this Frame Relay class.
Page 268 By default, the Frame Relay traffic shaping is not enabled on the interface. The function of Frame Relay traffic shaping is applied on the outgoing interfaces on a router. Usually it is applied at the DTE end on a Frame Relay network. 2 Create a Frame Relay class Refer to the previous section “Configure Frame Relay class”...
Page 269 By default, the Frame Relay traffic policing is not enabled on the interface. The function of Frame Relay traffic policing is applied on the interface receiving the Frame Relay packets on a router. It can only be applied at the DCE side on a Frame Relay network.
Page 270 Frame Relay interface or PVC occupies the total queue length on the interface. If the ratio is greater than the threshold set by the user, the router will assume that there is congestion, and will process the packets with the corresponding methods, such as discarding.
Page 271 [ characteristic ] By default, no DE rule list is defined. A router can support up to 10 DE rule lists, and each of them can contain up to 100 DE rules. The commands...
Page 272 2 Configure Frame Relay Interface Queueing The user can configure four queueing types on a Frame Relay interface:.FIFO, PQ, CQ and WFQ. All of them are the queues owned by a general QoS. For their configurations, refer to the part of QoS.
Page 273 Relay networks. In the technique of Frame Relay over IP, a GRE tunnel is established between the Frame Relay networks at both ends of IP, and the Frame Relay data are carried over IP. The application of Frame Relay over IP is illustrated in the following figure:...
Page 274 ISDNs and the related devices can be used to access Frame Relay networks, the so-called Frame Relay over ISDN. With the Frame Relay over ISDN technique, the cost of a leased line can be shared by the routers, so the overall cost is lowered. The users can access the Frame Relay networks much quicker and with lower cost.
Page 275 DTE device and a DCE device can only be connected via a B channel. Since a B channel can only be connected to a remote end and cannot have more than one IP addresses, it cannot be configured with multiple DLCIs, nor configured with multiple sub-interfaces.
Page 276 PVC segment. When both PVC segments are in active status, it means that the whole PVC is set up. In this case, Frame Relay can be adopted on the B channel to carry the network layer data.
Page 277 ] The two ends of a BDR call should work with the same link layer protocol. For a physical interface (such as an ISDN BRI or PRI interface), both the D channel and B channel are configured with Frame Relay.
Page 278 [ callback ] The two ends of a BDR call should work with the same link layer protocol. For a dialer interface adopting dialer profiles to implement Frame Relay over ISDN, it should be configured with Frame Relay. In addition, Frame Relay and PPP are probably carried on a B channel for supporting the dynamic configuration on the channel.
Page 279 [ interface type number ] Enable the debugging of Frame Relay status debugging fr status [ interface type number [ dlci ] ] Enable the debugging of Frame Relay traffic rate debugging fr transmit-rate [ interface type number ]...
Page 280: Networking Requirement
Interconnect LANs via I. Networking Requirement Frame Relay Network Interconnect LANs via the public Frame Relay network. The router work as user equipment in the Frame Relay DTE mode. The routers use static address mapping. II. Networking Diagram Figure 92 Interconnect LANs via Frame Relay network...
Page 281: Networking Requirements
Interconnect LANs via I. Networking Requirement Private Line Two Routers are directly connected via a serial port. Router A works in the Frame Relay DCE mode, and Router B works in the Frame Relay DTE mode. The router use dynamic address mapping.
Page 282 [Router-Serial0]link-protocol fr mfr 0 Frame Relay Compress I. Networking Requirements Typical Configuration Router A and Router B are connected via a Frame Relay network. To improve the Example (FRF.9) efficiency of data transmission, Frame Relay payload compression is used between them.
Page 283 [Router-Serial0]fr dlci 100 [Router-Serial0]fr map ip 202.38.163.252 dlci 100 compression frf9 2 Configure Router B You can configure Router B in the same way as that of Router A, so its configuration will not be mentioned here. Typical Frame Relay I.
Page 284 Configuration Example I. Configuration Requirements of Frame Relay Traffic The Router is connected to the Frame Relay network via the interface Serial 0. It is Shaping required that the average transmit rate of the router should be 96 kbps, the...
Page 285 I. Networking Requirements through Frame Relay RouterA (DTE) and RouterB (DCE) are connected via ISDN. RouterA adopts legacy over ISDN BDR to make calls while RouterB adopts dialer profiles. To establish a PVC, the call must be originated from RouterA.
Page 286 RAME ELAY On RouterA, two BRI interfaces, Bri0 and Bri1, are available. Bri0 is assigned with the ISDN number 660218, the IP address 110.0.0.1 and the DLCI number 100. Bri1 is assigned with the ISDN number 660208, the IP address 120.0.0.1 and the DLCI number 200.
Page 287 Frame Relay Switching I. Networking Requirements Connection through RouterB (DCE) is connected to the ISDN interface on RouterA (DTE) via ISDN at one Frame Relay over ISDN side and RouterC (DTE) via the serial interface at another side. With the Frame Relay switching function of DCE, routers can interwork across ISDN.
Page 288 [Router-Serial2:15]dialer bundle-member 10 [Router-Serial2:15]dialer bundle-member 20 For configuring the BDR and Frame Relay parameters on Dialer1, refer to the configuration on Dialer0. The user only needs to change the IP address to 120.0.0.2, DLCI number to 200, and configure to receive the incoming calls from the number 660208 and assign Dialer1 to Dialer Bundle 20.
Page 289 Check the configurations of the Frame Relay class associated with the Frame Relay interface or the PVCs, and use the fr cbs command to make the CBS larger.
Page 290 17: C HAPTER ONFIGURING RAME ELAY Check whether the Frame Relay configurations at both ends are correct. Read the section of troubleshooting in Link Layer Protocol.
Page 291: Display And Debug
DDN. The address field of HDLC is 8 bits, its control field is 8 bits, and the protocol field is 16 bits, which are used to represent all kinds of control information of HDLC protocol and to mark whether they are data.
Page 292 18: C HDLC HAPTER ONFIGURING Enable HDLC packet debugging debugging hdlc packet [ interface type number ]...
Page 293: Bridge Overview
Typical Bridge Configuration Bridge Overview Bridge is a type of network device on the data link layer, which interconnects Local Area Networks (LANs) and transfers data between them. In some small-sized networks, especially in the networks widely dispersed, using bridges can reduce...
Page 294: Main Functions Of Bridging
Ethernet frames on this segment. Once the Ethernet frame sent from a node is detected, the source MAC address of this frame will be picked up and the correlation between this MAC address and the interface receiving this frame will be added to the bridging address table.
Page 295 Ethernet frame from Workstation B and learn that Workstation B is also connected to Bridge port 1 because the frame is detected on port 1 too. As a result, the correlation between the MAC address of Workstation B and Bridge port 1 is added to the bridging table too, as shown in the following figure: Figure 103 Bridge learns that Workstation B is connected with the port 1 too.
Page 296 If Workstation A sends an Ethernet frame whose destination is Workstation C, the bridge will detect this frame and learn that Workstation C corresponds to Bridge port 2 by looking up its bridging table. So, it will forward the frame to Bridge port 2, as shown in the following figure.
Page 297 As shown in the following figure, both bridges X and Y are connected with Ethernet segment 1. Once detecting a broadcasting frame, both bridges will send it to all ports except the source port on which the frame is detected. That is, both bridges X and Y will forward this broadcast frame.
Page 298 Ethernet segment 3 and Ethernet segment 2 again. Thus, Ethernet segment 2 and Ethernet segment 3 receive a copy of this frame for the second time. Like this, the frame is repeatedly forwarded over the network, which is called bridging loop.
Page 299 Bridge Overview will also specify which bridge to be the “root bridge” and which bridges to be the “leaf nodes”. A BPDU contains the following information: Root Identifier: Consists of the Bridge Priority and the MAC address of the root bridge.
Page 300: Multi-Protocol Router
Hello Time. If it is the root port receives the BPDU, it will increase the Message Age carried in the BPDU and enable the timer to time this BPDU. If a path fails, the root port on this path will not receive new BPDUs any more and old BPDUs will be discarded due to timeout, which will result in the spanning tree recompilation.
Page 301 Other corresponding link ports are all in congestion state. This can guarantee normal bridging between two bridge devices on the cost of wasting link bandwidth.
Page 302 Each bridge set is independent, and packets can not be transmitted between the ports belonging to different bridge sets. That is, the packets received via one bridge set port can only be sent via the ports of the same bridge set. One physical interface can only be added to one bridge set.
Page 303 By default, the dynamic address table is used to forward frames. c Configure the aging time of dynamic address table The aging time of dynamic address table refers to the time that an entry can remain in the address table before it is deleted. The aging time is controlled by the aging timer.
Page 304 647. It is valued in the range 1 to 65535. d Configure the bridge port priority In the case that path costs of the ports are the same, the port with lower ID is more likely to become the designated port. The port ID is comprised of Port Priority and Port Number.
Page 305 Restore the default value of the Hello Time timer undo bridge stp timer hello By default, the value of Hello Time timer is 2 seconds. It is in the range of 1 to 10 seconds. When configuring the Hello Time timer, it should be noted that: In the spanning tree, all the bridges use the time value of Hello Time timer of the root bridge, and their own configurations take no effect.
Page 306 Restore the default value of the Max Age timer undo bridge stp max-age By default, the value of the Max Age timer is 20 seconds. It is in the range of 6 to 40 seconds. When configuring the Max Age timer, it should be noted that: Spanning tree should use the value of the Max Age timer of the root bridge.
Page 307 Configure Bridge’s Routing Function When creating an ACL based on Ethernet type code (Ethernet-II, SNAP or LSAP), you can specify aclt-number in the range of 200 to 299. type-code is a 16-bit hexadecimal number written with a leading “0x”, corresponding to the type-code field in the Ethernet-II or SNAP frames.
Page 308 If the bridge’s routing is not enabled yet, the data of all the protocols can only be bridged. Once the bridge’s routing is enabled, you can specify both bridging and routing for the packets of a particular protocol.
Page 309 Executing the command can display display bridge bridge-set link-set the configuration of the link-set on each bridge as well as whether it is sharing the load. 10 Configure Bridging over Frame Relay When establishing a bridge, mapping between the bridge address and DLCI address should be specified.
Page 310 12 Configure Bridging over LAPB Perform the following configuration in interface view. Table 346 Configure the link layer protocol of the interface to LAPB Operation Command Configure the link layer protocol of the link-protocol lapb [ dte | dce ]...
Page 311: Transparent Bridging
I. Networking Requirements Multiple LANs Suppose that there are several PCs located on the Ethernet segment LAN1 of a building's floor and several PCs and servers on the Ethernet segment LAN2 of another floor of the building. It is required to build the transparent bridge...
Page 312: Networking Diagram
19: C HAPTER ONFIGURING RIDGE II. Networking Diagram Figure 111 Networking of building transparent bridges between multiple Ethernet segments Router A Router B LAN 1 LAN 2 III. Configuration Procedure Configure Router A [Router]bridge enable [Router]bridge 1 stp ieee [Router]bridge 1 learning...
Page 313 Typical Bridge Configuration Transparent Bridging I. Networking Requirements over Frame Relay Two routers are directly connected via serial interfaces. Implement transparent bridging over the Frame Relay. II. Networking Diagram Figure 112 Transparent bridge over the Frame Relay DLCI=50 DLCI=50 Router B Router A III.
Page 314 Configure transparent bridging for synchronous dial-in standby on two routers. Standby Thereby, transparent bridging can be implemented by enabling synchronous dial-in in case that the serial interfaces through which the routers are directly connected are failed. II. Networking Diagram Figure 113 Networking of transparent bridging for synchronous dial-in standby...
Page 315 Configure transparent bridging for asynchronous dial-in standby on two routers. Standby Thereby, transparent bridging can be implemented by enabling asynchronous dial-in in case that the serial interfaces through which the routers are directly connected are failed. II. Networking Diagram Please refer to Figure 113.
Page 316: Configuration Procedure
19: C HAPTER ONFIGURING RIDGE Bridge-Template I. Networking Requirements interface Configure a router so that routing can be carried out on each interface in the bridge-set. II. Networking Diagram Figure 114 Networking of bridge-template interface Bridge-Template interface 1.1.1.1 Bridge Set 1 2.1.1.1...
Page 317 Typical Bridge Configuration Bridging on I. Networking Requirements Sub-Interfaces Two routers are connected via a network cable. Enabling bridging on the Ethernet sub-interfaces so that the two bridges established via the routers can be interconnected. II. Networking Diagram Figure 115 Networking for bridging on sub-interfaces e0.1...
Page 318 RIDGE Link-Set Configuration I. Networking Requirements Bind multiple parallel links between bridges into a link-set so that the links can share the load when bridging the traffic. II. Networking Diagram Figure 116 Networking of use link-set to implement port binding...
Page 319 ETWORK ROTOCOL Chapter 20 Configuring IP Address Chapter 21 Configuring IP Application Chapter 22 Configuring IP Performance Chapter 23 Configuring IP Count Chapter 24 Configuring IPX Chapter 25 Configuring DLSw...
Page 321: Ip Address Overview
IP address is a unique 32-bit address assigned to a host connected to Internet. Usually it is composed of two parts: network ID and host ID. Its structure enables convenient addressing on Internet. IP address is assigned by Network Information Center (NIC) of American National Defense Data Network.
Page 322 Network class IP network range Description 1.0.0.0 ~ 126.0.0.0 Network IDs with all the digits being 0 or all the digits being 1 are reserved for special use. Host ID with all the digits being 0 indicates that the IP address is the network address, and is used for network routing.
Page 323 A router connecting multiple sub-nets will have multiple sub-net IP addresses. The IP addresses mentioned above cannot be directly used in communication, because: An IP address is only an address of a host in the network layer. To send the data messages transmitted through the network layer to the destination host, physical address of the host is required.
Page 324 Configure IP Address Configure IP Address for an Interface Use a mask to label the network ID contained in an IP address. Example: the IP address of an Ethernet interface of a router is 129.9.30.42, and the mask is 255.255.0.0. To obtain the network ID a logical and operation is performed between the IP address and the mask.
Page 325 When configuring the master IP address for an interface, note: An interface can only have one master IP address. When deleting the IP address of the interface, if no IP address and mask is specified, all the IP addresses (including all slave IP addresses) will be deleted from the interface.
Page 326 IP address for the interface, as negotiation will automatically originate an IP address. After setting IP address of an interface to negotiable, if the interface is set to negotiable again, then the IP address originated from the original negotiation will be deleted, and the interface obtains IP address through the re-negotiation.
Page 327: Configuration Example
Shenzhen and Shanghai and one office in Wuhan. R is the headquarters router, which connects the subsidiaries and office routers R1, R2 and R3 via PSTN. The four routers R, R1, R2 and R3 all have its serial port for dialing and one Ethernet interface to connect with local network.
Page 328: Troubleshooting Ip Address Configuration
Two static routing must be configured on Beijing headquarters router R to ensure access to Ethernet host of Shenzhen router R1. The first static routing is to Ethernet segment of R1: the next hop is the IP address of serial port of R1 (or an unnumbered IP address) ip route-static 172.16.20.1 255.255.255.0 172.16.20.1...
Page 329: Map Between Wan Interface Ip Address And Link Layer Protocol Address
IP address either. Troubleshooting: Check whether the lender port is UP. Only when the port protocol of the lender is UP, will the address be added to the route table and pinged through by other ports.
Page 330 20: C IP A HAPTER ONFIGURING DDRESS...
Page 331 To configure ARP, carry out the following steps: 1 Manually add/delete static ARP mapping table item In some special cases, for example, the LAN gateway is assigned with a fixed IP address and bound to a specific network adapter, so that packets to this IP address can only go out via this gateway.
Page 332: Name Resolution
Turn on ARP commission information debugging arp Configure Domain The TCP/IP Extranet not only provides an IP address to locate a device, but also Name Resolution designs a specific character-string host naming mechanism. This system uses a (DNS) layered naming mode, designating a meaningful name for a device on the Internet.
Page 333: Vlan Configuration
In accordance with the IEEE 802.1Q, to implement the VLAN functionality of the 3Com Router series, a 4-byte VLAN tag is placed between the source/destination MAC address of the original Ethernet frame header and the Type field to mark the VLAN message. The format of VLAN tag is shown as below.
Page 334: Configure Vlan
TCI (Tag Control Information) fields, with the higher three bits being user priority field, the fourth being the instruction of standard encapsulation format and the other 12 bits being VLAN IDs whose value ranges from 0 to 4094 (the value must begin with 1 on routers).
Page 335: Networking Requirements
IP address must be correct. The default gateway of LAN Switch ports that belong to the same VLAN should be set as the IP address of this subinterface. Besides, the IP address of Ethernet subinterface can be set only when this subinterface has finished the configuration of VLAN ID.
Page 336 It must be ensured that the default VLAN id of ports connected with router Ethernet interface differs from that of ports connected with PC and the type of all ports must be tagged. However, the type of all ports...
Page 337: Dhcp Server Configuration
If one PC can ping through the IP address of Ethernet subinterface in the same VLAN, but fails to ping through another PC, please use the command route in MS-DOS of the two PCs to see if the route to peer PC is available. If print not, please add the relevant route.
Page 338: Fundamentals Of Dhcp Server
IP addresses through the DHCP service and the number of simultaneous users is limited to a certain degree. There are only a few hosts with their own fixed IP addresses on the network (for example, various server hosts need fixed IP addresses) while most hosts have no requirement for fixed IP addresses.
Page 339 DHCP Server Configuration DHCP client logins the network for the first time If it is the first time for a DHCP client to login to the network, it will establish a connection with the DHCP server through four stages: Discovering stage. This is the stage when the DHCP client searches the DHCP servers.
Page 340 IP leasing contract to the DHCP server when the DHCP client starts up or half of the valid period of the IP leasing contract has expired. To renew the IP leasing contract, the DHCP client will send a DHCP_Discover message to the DHCP server.
Page 341 By default, the DHCP service is disabled. 2 Create a DHCP address pool To allocate the IP addresses, the user needs to create an address pool on the DHCP server. When the client requests an IP address, the DHCP server will choose an...
Page 342 Some special clients (e.g., WWW server) need to be bound with fixed IP addresses, that is, to bind a certain client MAC address with a certain IP address. When the client with this MAC address applies for a DHCP address, the server will find the corresponding fixed IP address according to the client MAC address, and allocate it for the client.
Page 343 4 Configure the IP Addresses in the DHCP Address Pool not participating in Auto-allocation As for a network or subnetwork, some IP addresses may have been used by some servers or particular hosts, like WWW server, gateway and FTP server. The DHCP server should exclude these addresses to ensure the normal operation of the network when allocating addresses.
Page 344 IP addresses. To access the DHCP client to the Internet, a DHCP server specifies the DNS address for the client when allocating the IP address to it. Each DHCP address pool can be configured with up to a maximum of 8 DNS addresses.
Page 345 If no response is received after the longest time waiting for a response, re-send ping packets to this address until reaching the maximum number of ping packets allowed to be sent. If still no response is received, you can...
Page 346 HAPTER ONFIGURING PPLICATION assume that the IP address in this segment is not in use. Only when it is not in use can the IP address be allocated to the specified client. Perform the following configurations in system view. Table 377 Configure maximum number of ping packets sent by DHCP server & time for...
Page 347 The common DHCP networking methods can be classified into two categories: Configuration Example One is that the DHCP server and the clients reside on the same subnetwork and they directly carry out the interaction of DHCP. Another one is that the DHCP server and the clients reside on different subnetworks and they must implement the allocation of IP addresses through the DHCP relay proxy.
Page 348: Configure Dhcp Relay
Fault: Dynamic IP address allocation conflict occurs at the client. Solution: Following these steps to solve this problem. 1 First of all, determine whether there is a host with this IP address on the network. You can perform the ping operation with relative long timeout to check the connectivity of this IP address.
Page 349 DHCP trunk router DHCP server DHCP client The above figure is the schematic diagram of DHCP relay. Its working principle is as follows: After starting DHCP client, a configuration request message is broadcast and the DHCP relay router will send the message to the designated DHCP server on the other network after processing it properly.
Page 350: Display And Debug
I. Configuration Requirement Configuration Example DHCP client host is in the network segment 10.110.0.0, while DHCP server is in the network segment 202.38.0.0. DHCP relay router needs to relay DHCP messages, so that DHCP client hosts can obtain configuration information such as IP address from DHCP server through application.
Page 351: Configuration Procedure
Configuration example of transparent transmission forwarding protocol I. Configuration Requirements The host and TFTP server should not be in the same network segment. As the host does not know the IP address of TFTP server, it sends a request message with the broadcast address as the destination address so as to transmit it transparently to the TFTP server via router A.
Page 352: Troubleshooting Dhcp
Fault 1: (DHCP client host fails to obtain configuration information. Troubleshooting: perform as follows. Check whether the DHCP server is configured with the address pool of the network segment where the DHCP client host is located. Check whether the DHCP relay router and the DHCP server have routes reachable to each other.
Page 353: Configure Network Address Translation (Nat)
172.16.0.0 --- 172.31.255.255 192.168.0.0 --- 192.168.255.255 That is to say, the addresses within the three ranges will not be allocated on the Internet. They can be used internally in a unit or a company. The enterprises can select appropriate internal network addresses according to their forecast of the number of internal host computers and networks in future.
Page 354 Mechanism of Network Address Translation (NAT) The mechanism of address translation is to translate the IP address and port number of the host computer in the network to the external network address and port number, to implement the translation from <internal address + port number>...
Page 355: Configure Nat
All the addresses in the address pool should be consecutive. For the most, 64 addresses can be defined in each address pool. An address pool can not be deleted, if it is correlated to one access control list and address translation has started.
Page 356 Configure the correlation between the access control and the interface is also known as EASY IP feature. It refers to taking the IP address of the interface as the translated source address directly during the course of address translation, which is applicable to two conditions.
Page 357 During the course of address translation, it will look up the resource address of the message, to determine if the message is sent from the internal server. If yes, the source address is translated to the corresponding public network address.
Page 358: Networking Requirement
3Com Router series. It is required that the enterprise can access the Internet via serial port 0 of the 3Com Router series, and provide WWW, FTP and SNMP services to the outside, as well as two WWW servers. The internal network address of the enterprise is 10.110.0.0/16.
Page 359 Configure Network Address Translation (NAT) II. Networking Diagram Figure 132 NAT configuration case networking diagram 1 10.110.10.1 10.110.10.2 10.110.10.3 10.110.10.4 FTP server www server1 www server2 SMTP server Internal Ethernet of enterprise 10.110.12.100 10.110.10.100 Internal PC Internal PC Quidway Router External PC III.
Page 360 Observe the source address after translation carefully, and make sure that it is the expected address. Otherwise, it is possible that the configuration of address pool is wrong. Meanwhile, make sure that there is routing to return to the address pool segment in the network to be accessed.
Page 361 It's possible that the internal server IP address is wrong, or that the firewall has inhibited the external host to access the internal network. Use the command for further check.
Page 362 21: C IP A HAPTER ONFIGURING PPLICATION...
Page 363 SNAP, the interface mtu ranges from 46 to 1492 bytes, and 1492 bytes is default value. The serial port mtu ranges from 128 to 1500 bytes, and 1500 bytes is default value. The BRI port mtu value ranges from 128 to 1500 bytes, and 1500 bytes is default value.
Page 364 TCP header compression is disabled in default status. 2 Configure TCP Timers The following TCP timers can be configured: Synwait timer: When a syn message is sent, TCP starts the synwait timer. If no response message is received till synwait timeout, TCP connection will be terminated.
Page 365 The Synwait timer's timeout ranges between 2~600 seconds, with a default value of 75 seconds. The Finwait timer's timeout ranges between 76~3600 seconds, with a default value of 675 seconds. The value of window-size ranges between 1~32Kbytes, with a default value of 4Kbytes.
Page 366 Message forwarding efficiency is a key feature evaluating router performance. Forwarding According to regular flow, when a message arrives, the router will copy it from the interface memory to the main CPU. The CPU specifies the network ID from the IP address, consults with the routing table to get the best path to forward the message, and creates MAC frame suitable for output of the message.
Page 367 Restore the default fast-forwarding table undo ip fast-forwarding cache-size size The fast-forwarding table size on a router defaults to 4K, that is, up to 4K entries are allowed in the table. Fast-forwarding table size depends on the memory capacity. The larger the memory capacity is, the larger the configurable fast-forwarding table size will be.
Page 368: Troubleshooting Ip Performance Configuration
IP P HAPTER ONFIGURING ERFORMANCE Troubleshooting IP Fault 1: TCP and UDP are created upon IP protocol, and IP is able to provide Performance data packet transmission. However, TCP and UDP protocols do not work normally Configuration Troubleshooting: Turn on corresponding debugging switches to check the...
Page 369 Likewise, if IP Count is enabled on the incoming interface Ethenet0, the statistics will be made on the flows from the A network to the router. If a firewall for filtering the incoming packets has been enabled on the interface, the IP Count...
Page 370 1 Enable IP Count Service This command can be used to enable or disable IP Count service. You can configure IP Count to make statistics on the packets that the router has input or output depending on the specific requirements on the router.
Page 371 IP Count list before making statistics on it. If a match has found, the statistics about the packet will be retained in Interior-List. If not, it will be kept in Exterior-List.
Page 372: Networking Requirements
HAPTER ONFIGURING OUNT The default max entries number of exterior is set to 0, namely, the packets that do not match the rules will not be counted. 5 Configure Upper Threshold of Interior-List Accounting Entries The following command is used for specifying count maximum of interior, that is, the max entries number of the packets compliant with the IP Count lists.
Page 373: Troubleshooting
Specify count maximum of interior-list to 10 [Router]ip count interior-threshold 10 d Configure an IP Count list [Router]ip count table 169.254.10.1 255.255.0.0 e Enter the interface view of the interface Ethernet 0 and assign it with the address 169.254.10.2. [Router]interface ethernet 0 [Router-Ethernet0]ip address 169.254.10.2 255.255.0.0 f Configure IP Count to make statistics on the packets input and output on the interface.
Page 374 23: C IP C HAPTER ONFIGURING OUNT...
Page 375: Ipx Protocol Overview
The preamble 0 can be omitted and not input. Node value is, of 6 bytes long, the unique identifier of one node. Every two bytes are followed by ".", and then the node value is divided into three groups. Each group is represented with four hexadecimal numbers with the preamble 0 omitted.
Page 376 ONFIGURING network routing information which can be sent to destination or needs to be forwarded, so that when a packet is received, the next router can be found to transmit the packet. The routing information here can be configured both statically and dynamically.
Page 377 P r o c e s s S o c k e t S A P R e q u e s t / R e s p o n s e P a c k e t s 0 x 4 5 2...
Page 378 ] | all } By default, there is no static route. The default priority of IPX static route is 10 and that of IPX dynamic route is 60. Smaller value indicates higher priority of the route. For default route, the value of network.node should be FFFFFFFE.
Page 379 Restore default value of RIP aging period undo ipx rip multiplier By default, the aging period of a routing table item is 3 times that of RIP updating period. In other words, if a routing table item is not updated after 3...
Page 380 HAPTER ONFIGURING When the length of a route reserve queue is 1, the system only saves one route for a destination. If this unique route is faulty, it will be deleted by the system and there will be no route to the destination while searching for the substitute routes, resulting in huge loss of packets.
Page 381 Restore default value of SAP updating period undo ipx sap timer update By default, the updating period of IPX SAP is 1 tick (i.e. 1/18 seconds). c Configure SAP aging period Perform the following task in system view.
Page 382 HAPTER ONFIGURING If the length of a service information reserve queue is 1, the system saves only one service information. If the server to which the only service information corresponds is faulty, system will delete this information, and you cannot find any server to provide such service while searching for the substitute service information.
Page 383 By default, the delay of Ethernet interface is 1 tick, For asynchronous serial port is 30 ticks and that for WAN port is 6 ticks. The range of ticks is: 0~30000. 8 Configure Management of IPX Packet...
Page 384: Networking Requirement
Networking with Router A and Router B. Here, both Server1 and Server2 are installed with NetWare 4.1. Server1 is the master server, its external network ID is 2, packet encapsulation format Arpa, and internal network ID 937f. Server2 is the slave server, its network ID is 3, packet encapsulation format is Snap, and internal network ID is 9300.
Page 385 Configure IPX d Activate IPX module on interface Serial0, the network ID being 1000. Configuring BDR parameter [Router] interface serial 0 [Router-Serial0] dialer enable-legacy [Router-Serial0] dialer-group 1 [Router-Serial0] ipx network 1000 e Configure an address map to Router B [Router-Serial0] dialer route ipx 1000.0.0c91.f61f 8810124...
Page 386 24: C HAPTER ONFIGURING Configure an information about Server1 directory service [Router] ipx service 26B tree 937f.0000.0000.0001 5 hop 2 [Router] ipx service 278 tree 937f.0000.0000.0001 4006 hop 2 Configure dialing rules [Router] dialer-rule 1 ipx permit...
Page 387 From the above diagram, you may find out the router with DLSw transforms the frame in format LLC2 on the local SNA equipment into SSP frame which can be encapsulated into TCP messages. Then it sends SSP frame to the remote end...
Page 388 Creating TCP channel is the first step for establishing DLSw connection. To create TCP channel, you have to firstly configure DLSw local peer entity in order to specify the IP address of the local end for establishing TCP connection, then the request sent by the remote end router can be received for establishing TCP connection.
Page 389 This prompt indicates that the user should create a remote master peer before creating the backup peer. If the TCP connection of the master link fails, the backup link can be used to maintain the connection (the backup TCP connection link can be found via the command) until its timeout.
Page 390 No Ethernet port is added to Bridge set by default. 5 Configure Link Layer Protocol for Interface Encapsulation as SDLC SDLC is a link layer protocol relative to SNA. The working principle is very similar to HDLC. To allow DLSw to operate normally, the encapsulation protocol of synchronous interface link layer should be changed to SDLC.
Page 391 VMAC, it will use this VMAC address as the source MAC address for DLSw; if the node does not has its own VMAC, it will use the shared VMAC address, and applies its own sdlc-address as the last byte of the VMAC address, so as to differentiate between this address and other ADLC nodes.
Page 392 0007.3fc0.5a12 if the mark is 00e0.fc03.a548. Thereinto, the first byte "00" of 00e0 is reversed as "00", the binary form of the second byte "e0" is 11100000, after reversed, it is 00000111, that is "07" in hexadecimal form. Computed in this way, "3fc0"...
Page 393 The SDLC serial ports of the 3Com Router series of routers is identified with “7E” during the idle time, but all of the serial ports on some SDLC equipment use high level working status “1” during the idle time. To improve the compatibility with the equipment, you need to change the idle time encoding mode of the routers.
Page 394 Generally, the idle time encoding mode of synchronous interface doesn't need to be modified. You may need to configure this command when connecting AS/400, that is, to change the idle time encoding mode in order to accelerate the polling rate of AS/400.
Page 395 LLC2 can wait for the replies from the peer at the same time after the whole window has been sent. LLC2 local acknowledgement window size is the Max. amount of packets that LLC2 can send before receiving the replies.
Page 396 By default, LLC2 local acknowledgement time is 200 ms. g Configure BUSY Status Time of LLC2 When it queries the station, LLC2 will wait for the next query if the station is busy. The interval of re-querying LLC2 Busy station.
Page 397 SDLC Local Acknowledgement Window adopts the window mechanism when sending packets, while not requiring the timely reply for each packet. SDLC Local Acknowledgement Window can wait for the replies from the peer at the same time after the whole window has been sent.
Page 398 By default, the maximum receivable frame length of SDLC is 265 bytes. Generally, the length is 265 for some PU2.0 equipment and 521 for IBM AS/400. We often need to configure our equipment to be of the same values as the connected SDLC equipment.
Page 399 This command is used to allow the synchronous serial port of the encapsulated SDLC protocol to work in the bi-directional data transmission mode. In other words, you can restore the time to wait for a reply used by secondary station to the default value Please process the following configurations in the synchronous interface view.
Page 400 Open debugging information switch of SDLC messages display dlsw bridge-entry Typical DLSw Configuration Example DLSw Configuration of I. Networking Requirement LAN-LAN LAN-LAN working mode is used. The two running SNA and LAN are connected by IP across WAN.
Page 401: Networking Diagram
[Router-Ethernet0] bridge-set 7 Thus, the two LANs across WAN are connected together. Note that we don't list the related IP commands here, but you have to make sure that IPs of the configured local-peer and remote-peer can be intercommunicated each other. The notes apply for the following sections.
Page 402 SDLC includes multipoint support function. Among this, the connected node C1 and C2 are nodes of PU2.0 type (ATM) and C3 is node of PU2.1 type (OS2). The port connected to multiplexer uses NRZ encoding mode and the port connected...
Page 403 B, but the word digital order on Ethernet and Token-Ring are reversed, thus you should reverse the MAC addresses to configure them. If the other part is Token-Ring, then you do not need to reverse it. In the...
Page 404 25: C HAPTER ONFIGURING above example, c1 and c2 are the equipment of PU2.0 type, and c3 is the equipment of PU2.1 type. Diagnosis and The normal communication of DLSw requires the sound coordination between the Troubleshooting of two SNA equipments and two routers operating DLSw, which participate in the DLSw Fault communication.
Page 405 Diagnosis and Troubleshooting of DLSw Fault active equipment of SDLC (such as AS/400 or S390) is activated. Sometimes, communication can be implemented after you activate SDLC line manually.
Page 406 25: C HAPTER ONFIGURING...
Page 407 OUTING Chapter 26 IP Routing Protocol Chapter 27 Configuring Static Routes Chapter 28 Configuring RIP Chapter 29 Configuring OSPF Chapter 30 Configuring BGP Chapter 31 Configuring IP Routing Policy Chapter 32 Configuring IP Policy Routing...
Page 409: Ip Routing Protocol Overview
For example, in Figure 142, a packet from host A to host C passes through 3 networks and 2 routers for a total of 3 hops. It shows that when two nodes are connected to each other by a network, they are separated by one hop and are neighbors on the Internet.
Page 410 routers.
Page 411: Routing Priority
(the less the value, the higher the priority) are shown in the Table 465. Here, 0 stands for a directly connected route and 255 stands for any route from unknown sources or terminals. Table 465 Routing Protocol and Routing Priority...
Page 412 Normally, the router will send data through the main path. When a fault occurs on the line, the route will be hidden, and router will select the backup route with second-highest priority for data transmission. In this way, the switchover from the active interface to the backup interface is implemented.
Page 413: Static Route Overview
Troubleshooting a Static Route Configuration Static Route Overview A static route is a special route that allows a router to transmit packets over one path to a specified destination. Proper setting and application of the static route can guarantee network security effectively and at the same time, ensure bandwidth for important applications.
Page 414: Configuring A Static Route
When NBMA interfaces like the interface encapsulated with X.25 or frame relay or dial-up interface support point-to-multipoint mode, besides configuring the IP route, you must also set up the secondary route at the link layer and map from the...
Page 415: Displaying And Debugging The Routing Table
IP router searches for the matching route in the routing table. Only when the address of next hop is specified in the route, can the link layer find a corresponding address through this address and transfer packets.
Page 416: Static Route Configuration Example
3 Configure the static routes for RouterC: [RouterC] ip route-static 1.1.1.0 255.255.255.0 1.1.2.1 [RouterC] ip route-static 1.1.4.0 255.255.255.0 1.1.3.2 Troubleshooting a The status of the physical interface and link layer protocol is UP, but IP packets Static Route cannot be forwarded normally. Configuration...
Page 417: Rip Overview
In RIP, a hop count that is equal to or larger than 16 is defined as infinity (the destination network or host is unreachable) so RIP is generally applied to medium-sized networks, such as a campus network.
Page 418: Configure Rip
ONFIGURING The procedure of running RIP can be described as follows: 1 When a specific router is starting RIP for the first time, it broadcasts request messages to the neighbor routers. After receiving the request messages, the neighbor routers respond to the request and return response messages including local routing information.
Page 419 RIP by default after RIP is enabled. undo network After enabling RIP, you must specify a list of networks with the RIP, since RIP works only on the interface of specified network segment. RIP won't receive or forward a route on interfaces of non-specified network segments, and it functions as if these interfaces do not exist.
Page 420 Normally, this command is not recommended because the node on the other end does not need to receive two identical packets at the same time. Also when a peer sends messages, it is also subject to the restrictions of such commands as...
Page 421 Configure RIP RIP Version 2 does not have provisions for a zero field in its header so this configuration is invalid for RIP-2. Perform the following configurations in RIP view. Table 473 Configure Check Zero Field of RIP Version 1...
Page 422 RIP-1 always sends routes with natural mask. RIP-2 supports sub-net mask and routs of unknown category. If the sub-net route needs to be broadcast, RIP-2 route summary function can be disabled. Perform the following configurations in RIP view.
Page 423 Cancel route distribution for RIP undo import-route protocol By default, RIP does not import routes from other domains into the routing table. The protocol attribute specifies the source routing domain that can be imported. At present RIP can import routes domain such as Connected, Static, OSPF, OSPF-ASE, and BGP.
Page 424 Setting Route Preference Each routing protocol has its own preference that decides which routing protocol is used to select the best route by IP route strategy. The greater the value is, the lower the preference. RIP preference can be set manually.
Page 425: Displaying And Debugging Rip
} export [ protocol ] By default, RIP does not filter any route information received or being advertised. attribute specifies the routing domain that can be filtered. At protocol present, RIP can filter routes domain such as Connected, Static, OSPF, OSPF-ASE and BGP.
Page 426: Troubleshooting Rip
28: C HAPTER ONFIGURING RIP - Unicast RIP is a broadcast protocol so it can only exchange routing information with Configuration non-broadcasting networks in unicast mode. This example shows how to Example configure RIP message unicasting. Router A connects Router B and Router C with serial lines in non-broadcasting networks.
Page 427: Ospf Overview
AS. Each system is divided into areas. If a router port is allocated to multiple areas, it is an area boundary router (ABR) since it is located at the boundary and connected with multiple areas.
Page 428 Obviously, each router in the autonomous system receives the same topology diagram of the network. 3 Each router calculates with the SPF algorithm a shortest path tree with itself as the root. This tree gives the routes to all autonomous systems. External routing information is the leaf sub-node.
Page 429 Setting Route Preference Specify Router ID Router ID is a 32-bit integral with symbol, the exclusive ID of a router in the AS. If all interfaces of the router have not been configured with IP addresses, the router ID must be configured in OSPF view, otherwise OSPF will not run.
Page 430 Some routers belong to different areas (called area Interface boundary router ABR), while a network segment can only be in one area. In other words, each interface running the OSPF protocol must be put in a specific area.
Page 431 But point-to-multipoint network does not necessarily require full connection. DR and BDR should be elected on NBMA while there is no DR or BDR on point-to-point network. NBMA is a default network type. For example, if the link layer protocol is X.25 or frame relay, OSPF regards the network type of this interface as NBMA (whether the network is wholly connected).
Page 432 The default value is automatically calculated according to interface baud rate. If the baud rate is less than 2000 bps, 2000 is taken, and the overhead value is 100000000/2000=50000. If the baud rate is greater than 100000000 bps, 100000000 is taken, and the overhead value is 100000000/100000000=1.
Page 433 When two routers in the same network segment claim to be the DR, the one with the higher priority is chosen. If the priorities are equivalent, the one with higher router ID is chosen. If the priority of a router is 0, it is not selected as the DR or “backup designated router” (BDR).
Page 434 (peer) is not received within a certain period, the neighbor router is invalid. You can specify the dead-timer, the period where the peer route fails. The value of the dead-timer must be at least 4 times the value of the hello-timer. Perform the following configurations in interface view.
Page 435 The interval for retransmitting an LSA between adjacent routers must not be so small as to cause unnecessary retransmission. Specifying the The LSA ages in the link status database (LSDB) of the local router (1 is added per Transmit-delay second), but not during the process of network transmission. Therefore, it is necessary to add the aging time before the transmission.
Page 436 A default routing (0.0.0.0) is generated for the area by the ABR of the area to insure that these routes are reachable. A stub area is an optional configured attribute, but it does not mean that each area is configurable.
Page 437 Area 0 and Area 2. The RIP route is generated as a Type-5 LSA and propagated in the OSPF AS by the ASBR of Area 2. This Type-5 LSA will not reach Area 1 because Area 1 is an NSSA area. On this point, an NSSA area and a stub area are the same.
Page 438 The OSPF protocol requires that all non-backbone areas be connected to backbone areas and at least one port on an ABR must be in the area 0.0.0.0. If there is no physical connection between an area and the backbone area 0.0.0.0, a virtual link must be created.
Page 439 Configuring OSPF The virtual link is activated after the route through the transit area is calculated. It is equivalent to a point-to-point connection between two terminals. Parameters can be configured for this connection like a physical interface, such as sending a hello-timer.
Page 440: Configuring Authentication
OSPF protocol considers the cost from the ASBR to outside the AS as much as, or more than, the cost to the ASBR within the AS. Therefore, mainly the former is considered in the calculation of route cost, i.e.
Page 441: Configuring Parameters
OSPF as the external routing information of its own AS, some other parameters External Routes are needed, including the default cost and default tag of the route. Router tag can be used to identify the information related to the protocol, such as the number OSPF uses as the AS number when receiving BGP protocol.
Page 442: Configuring A Route
HAPTER ONFIGURING By default, the cost value is 1, and the tag value is 1. The imported route is external route Type 2, the interval of importing external route is 1 second and at most 150 external routes can be imported in each interval.
Page 443: Ospf Configuration Example
Router A Router E Router C 1.1.1.5 1.1.1.3 Router D 1.1.1.4 To configure OSPF on the point-to-multipoint network 1 Configure Router A: a Configure the ip address of interface Serial0, encapsulated into frame relay and configure frame relay mapping table.
Page 444 [RouterA-Serial0] ospf peer 1.1.1.2 [RouterA-Serial0] ospf peer 1.1.1.3 [RouterA-Serial0] ospf peer 1.1.1.4 2 Configure Router B: a Configure the ip address of interface Serial0, encapsulated into frame relay and configure frame relay mapping table. [RouterB] interface serial 0 [RouterB-Serial0] ip address 1.1.1.2 255.0.0.0 [RouterB-Serial0] link-protocol fr [RouterB-Serial0] fr map ip 1.1.1.1 dlci 201 broadcast...
Page 445 Router A is selected as DR. Router C is of the second highest priority, therefore is chosen as BDR. The preference of Router B is 0, which means that it cannot be a DR. Router D has no preference, so the default value 1 is taken.
Page 446: Networking Diagram
29: C OSPF HAPTER ONFIGURING II. Networking diagram Figure 148 Networking diagram of configuring “DR” selection of OSPF preference 4.4.4.4 1.1.1.1 Router A Router D E0 192.1.1.1/24 E0 192.1.1.4/24 E0 10.1.2.3/24 E0 192.1.1.2/24 Router B Router C 2.2.2.2 3.3.3.3 III. Configuration procedure...
Page 447 Only DR and BDR have created neighboring relation with all routers on the network. Router A is DR and Router C is BDR on the network. All other peers are DRother, which means that they are neither DR nor BDR.
Page 448: Configure Router A
Area 4 is not directly connected with area 0 in the following diagram. Area 1 Virtual Link serves as the transit area to connect area 4 and area 0. Configure a virtual link between Router B and Router C. Figure 149 Networking diagram of configuring OSPF virtual link Router A 1.1.1.1...
Page 449: Configuring Ospf Peer Authentication
MD5 authentication is used when Router A and Router C exchange route updating. The Ethernet interface of Router A and that of Router B are in OSPF area 0.The serial interface of Router A and that of Router B are both in area 1, configured with MD5 authentication.
Page 450 FULL status, it means the protocol is running normally. (Note that on broadcast network and NBMA network, the peer state machine between two DROther routers is not in FULL status but in 2 way status. DR, BDR and all other routers are in FULL status).
Page 451 Router C (area1, area2). One area in Router B is 0, which satisfies the requirement. However, none of the two areas in Router C is 0. In such a case, a virtual link must be set up between Router C and Router B.
Page 452 29: C OSPF HAPTER ONFIGURING...
Page 453: Bgp Overview
ASs to eliminate route loops and carry out user configured strategies. The BGP protocol is usually used between ISPs. The current version of BGP is BGP- 4. It applies to the distributed structure and supports classless interdomain routing (CIDR). BGP-4 has become the standard of Internet external routing protocol.
Page 454 When a BGP speaker receives a new route advertisement from other ASs, if this route is better than the existing route, or if there is no acceptable route currently, the BGP speaker broadcasts this route to all other BGP speakers in the AS.
Page 455: Configuring Networks For Bgp Distribution
Resetting BGP Connections Enabling BGP Specify the local AS number when BGP is enabled. After BGP is enabled, the local router continuously monitors whether any incoming BGP connection request is received from the peer routers. To make the local router send BGP connection requests to the peer routers, use the command.
Page 456 [ external peers max-hop-count ] By default, the BGP connection can be established with a directly connected peer router. 2 Configure the BGP version of the peer. Table 512 Configure the BGP Version of the Peer...
Page 457 By default, the local router does not advertise the default route to any peer. A next hop should be sent to the peer unconditionally as the default route. 8 Set the own IP address as the next hop when the peer distributes routes.
Page 458 { import | export } By default, no route filtering policy based on IP ACL for a peer is set. 11 Create BGP route filtering based on the AS path for the peer. By default, a BGP filter is disabled.
Page 459 If a keepalive or update message is received, the holding timer is reset. If a router has not received any messages from the opposite router for a specific period of holding time, this BGP connection is considered broken and is cut off.
Page 460 EBGP peers may discard the route updating information you have sent. All peers in this group must be configured with an AS number, if this group is not configured with an AS number. If you add an AS number to the peer group, any peer in this group cannot be configured with an AS number different from this peer group AS number.
Page 461 By default, it only allows direct-connection peer. The maximum hop value is ttl. The default value is 64, ranging from 1 to 255. 3 Set the timers of BGP peer group Table 530 Set the Timers of BGP Peer Group...
Page 462 Not to set the own IP address as next hop undo peer group-name next-hop-local when peer group distributes route By default, the router’s own IP address is not set as the next hop when the peer group distributes routes. 9 Create a routing policy for the peer group...
Page 463 { import | export } By default, the route from the peer or peer group is not designated with any route policy. 10 Create a filtering policy based on the access list for the peer group...
Page 464 (reflects) information among the client routers in turn. As shown in the following diagram, Router A receives an update from an external peer and transfers it to Router B. Router B is a route reflector, which has two clients: Router A and Router C.
Page 465 The traditional AS routing method cannot detect the internal circle of the AS, because the update has not left the AS yet. BGP provides two methods to avoid an AS internal loop when you configure the route reflector:...
Page 466: Configuring A Bgp Community
Route-Reflector Remove Cluster-ID of the Route-Reflector undo reflect cluster-id cluster-id By default, the router ID of the route reflector is used as the cluster ID. Configuring a BGP In BGP range, a community is a logical area formed by a group of destinations Community which share common attributes for applying the route policy.
Page 467 1 Configure a Confederation You can use different IGP for each sub-AS. Externally, a sub-AS is an integer and the confederation ID is the identification of the sub-AS. Perform the following configurations in BGP view.
Page 468: Configuring Route Dampening
The unstable route is penalized by not allowing it to advertise when its penalty level reaches a threshold. The penalty is exponentially decreased as time goes by. Once it is lower than a certain threshold, the route is unsuppressed and is advertised again, as shown in the following diagram.
Page 469 BGP peers to external peers unless the destination can be and IGP known also through IGP. If a router can know the destination through IGP, then the route can be distributed in the AS because an internal connection has been ensured.
Page 470 IBGP so that the connection of the AS is insured. When AS is not a transitional AS. Configuring the BGP can import route information that is found by running IGP in another AS to its Interactions between own AS. BGP and an IGP Perform the following configurations in BGP view.
Page 471 When importing a route, it is compared to a rule by number, from small to large. When the first matched rule is found, the matching process is completed. If no matched rules are found, router...
Page 472 Delete the specified cost undo if-match cost By default, AS regular expression, community list, interface type, IP address range, and metric value are not matched. See “Define matching rules” of “Configuration of IP Routing Policy” for details.
Page 473 } Remove the origin attribute undo apply origin By default, AS serial number, BGP community attribute, next hop, local preference, metric value, and origin attributes are not applied. See “Define Apply Clause “of “Configuration of IP Routing Policy” for details.
Page 474: Resetting Bgp Connections
BGP ip-prefix prefix-list-name } export [ protocol ] By default, BGP does not filter any route information that is received or advertised. specifies the routing domain that can will be filtered. At present, BGP protocol can filter route domains such as connected, static, OSPF and OSPF-ASE.
Page 475: Bgp Configuration Example
This section describes several different configurations of BGP with a suggested Example procedure for each configuration. Configuring the AS As shown in the following diagram, AS 100 is divided into 3 sub-ASs: 1001, 1002, Confederation Attribute 1003, which are configured with EBGP, confederation EBGP and IBGP.
Page 476: Configuring Bgp Route Reflector
Router B receives a BGP update message and forwards the update to Router C, Reflector which is configured as a route reflector and has two clients: Router B and Router D. When Router C receives routing update from Router B, it reflects the information to Router D.
Page 477 BGP Configuration Example Figure 155 Networking diagram of configuring route reflector Router C Route reflector 3.3.3.3 IBGP 193.1.1.1/24 Connected w ith 194.1.1.1/24 netw ork 1.0.0.0 AS100 AS200 IBGP IBGP Router E 5.5.5.5 193.1.1.2/24 EBGP 194.1.1.2/24 192.1.1.2/24 2.2.2.2 Router A 192.1.1.1/24 4.4.4.4...
Page 478 All routers are configured with BGP. OSPF is used by IGP in AS200. Router A is in AS100, functioning as the BGP peer of Router B and Router C in AS200. When Router B and Router C run IBGP to Router D, Router D is also in...
Page 479 [RouterA-bgp] acl 1 [RouterA-acl-1] rule permit source 1.0.0.0 0.255.255.255 Define two routing diagram, namely set_med_50 and set_med_100. The first routing diagram is network 1.0.0.0. The MED attribute is 50, and the second MED attribute is 100. [RouterA-acl-1] route-policy set_med_50 permit 1...
Page 480 [RouterC-acl-1] rule permit source 1.0.0.0 0.255.255.255 Define a routing diagram named localpref. In the diagram, the local preference of the route matching access list 1 is set to 200 and the local preference of the route not matching access list 1 is 100.
Page 481 BGP Configuration Example [RouterD-ospf] network 4.0.0.0 0.0.0.255 area 0 [RouterD] bgp 200 [RouterD-bgp] undo synchronization [RouterD-bgp] peer 194.1.1.2 as-number 100 [RouterD-bgp] peer 194.1.1.2 as-number 200 To make the configuration effective, use the command to reset all reset bgp all BGP neighbors.
Page 482 30: C HAPTER ONFIGURING...
Page 483: Ip Routing Policy Overview
The route strategy also provides measures for the routing protocol to implement these functions. The route strategy consists of a series of rules, classified into three types and used for route information filtering in route advertisement, route receiving, and route import.
Page 484 Access List An access list can be divided into a standard access list and an extended access list. The standard access list is usually used for filtering routing information. When you define an access list, you need to specify the network segment range of an IP...
Page 485 When the route item satisfies all if-match clauses of the node, it is permitted to pass the filtering of this node and execute apply clauses of this node. If the route item does not satisfy the if-match clauses of this node, the next node of this routing policy is tested.
Page 486 OSPF tag field and OSPF routing information type are not matched. Note that: For one routing policy node, the if-match clauses of the same part use Boolean “AND” operations in the matching process so the routing information cannot...
Page 487 Configure IP Routing Policy be filtered through the routing policy unless it matches all if-match clauses of this part and it can execute the operation of teh apply sub-clause. If an if-match clause is not specified, all routing information is filtered through the policy of this node.
Page 488 1 to 4294967295 kbyte/s. delay is the route time delay, each unit stands for 10µs, ranging from 1 to 16777215 reliability is the channel reliability, ranging 0 to 255. 255 stands for 100% creditable.
Page 489 IP Prefix List An IP prefix list is identified with the list name and consists of several parts, with the sequence-number specifying the matching order of these parts. In each part, you can specify an individual matching range in the form of network prefix.
Page 490 2 Configure filtering the route information being advertised Define a strategic rule and quote an ACL or prefix-list to filter the routing information that does not meet the requirements when receiving routes. Specify the protocol to filter only the distributed protocol routing information.
Page 491: Networking Requirements
Routing Policy As shown in the following figure, the router connects a campus network which uses RIP as its internal routing protocol and an external area network which uses OSPF routing protocol. The router advertises some routing information of the campus network around the external area network.
Page 492 This example describes how OSPF imports RIP route selectively. Route Information The router connects campus network A and campus network B, both of which use RIP as the internal routing protocol. The router needs to distribute the routes 192.1.1.0/24 and 192.1.2.0/24 of campus A in the local network. To achieve this function, RIP protocol on the router defines a filter-policy to filter the routing information, perform the route filtering function through quoting a prefix list.
Page 493: Troubleshooting Ip Routing Policy
But if all list items are in deny mode, no route will pass the filtering of this prefix-list. Define a permit 0.0.0.0/0 list item after multiple items are defined in deny modes, so that all other routes will pass the filtering.
Page 494 31: C IP R HAPTER ONFIGURING OUTING OLICY...
Page 495: Ip Policy Routing Overview
Overview by strategy without going through the routing table. When a router is forwarding a packet by policy routing, it is first filtered by a route policy which decides the packets to be forwarded and to which router. The user configures the IP policy for routing. It is composed of a group of if-match clauses and a group of apply clauses.
Page 496 The smaller the sequence-num, the higher the preference and the defined strategy will be executed first. This strategy can be used to import routes and perform policy routing when IP messages are forwarded. When a routing policy is recreated, the configuration information of the new routing policy overwrites that of the old routing policy.
Page 497 Disable local policy routing undo ip local policy route-policy By default, local policy routing is disabled. Only one local policy route can be configured. Enabling and Disabling Perform the following configurations in interface view Interface Policy Routing...
Page 498 1 [Router-acl-101]route-policy aaa permit 10 [Router-route-policy]if-match ip address [Router-route-policy]apply interface serial 1 3 Define node 20, indicating all the other messages will be sent to serial interface 0 [Router-route-policy]route-policy aaa permit 20 [Router-route-policy]if-match ip address [Router-route-policy]apply interface serial 0...
Page 499: Configure Router A
S1 and those of other sizes must be routed normally. Apply IP policy routing lab1 on E0 of Router A. This strategy sets message of 64-100 bytes to 150.1.1.2 as the IP address of next forwarding and set message of 101-1000 bytes to 151.1.1.2 as the IP address of next forwarding.
Page 500 On Router A, change the message size to 101 bytes and monitor policy routing with debug ip policy command. Note: the messages of 101 bytes match the entry item whose serial number 20 as shown in the routing diagram lab1. They are sent to 151.1.1.2.
Page 501 ULTICAST Chapter 33 IP Multicast Chapter 34 Configuring IGMP Chapter 35 Configuring PIM-DM Chapter 36 Configuring PIM-SM...
Page 503: Ip Multicast Overview
One is to send such message 200 times to ensure that all the subscribers are able to get it. The other one is to transmit the data within the whole network to enable subscribers to get the necessary data directly from the network by adopting the broadcast method.
Page 504: Ip Multicast Features
33: IP M HAPTER ULTICAST Class D address is 1110, the range of the multicast addresses is from 224.0.0.0 to 239.255.255.255. The multicast group can be either permanent or temporary. The permanent group has a constant group address assigned by IANA, while the number of members in the group can be random, even zero.
Page 505: Internet Group Management Protocol
There is no need for the router to save the membership for all the hosts. It is only necessary to know whether there is any host belonging to a certain multicast group on the network segment.
Page 506: Protocol Independent Multicast-Sparse Mode
The join message passes routers and finally reaches the root, the RP. The path that the join message used becomes a branch of the shared tree. In PIM sparse mode, multicast packets are sent to the RP first and then are forwarded along the shared tree rooted at the RP and with members as the branches.
Page 507: Ip Multicast Packet Forwarding
IP Multicast Packet Forwarding The transmitting end is first registered at the RP if it needs to send data to a specific address, and then sends the data to the RP. Once data reaches the RP, multicast data packets are duplicated and sent to receivers who are interested in getting them along the distribution tree path.
Page 508 33: IP M HAPTER ULTICAST...
Page 509: Igmp Overview
For a group-specific query message, the router is used to check whether there is...
Page 510 Meanwhile, when a router exits from a group, it sends a message to the multicast router when it exits. When it receives the message, the multicast router sends a packet to inquire about the group to ensure that the member has already gone.
Page 511 IGMP Version 2 is able to configure query message timeout and the maximum Number of IGMP at the query response time. All the systems in the same subnet must run the same IGMP Router Interface version because the routers are not able to check the version number of IGMP currently running on the interface.
Page 512: Igmp Configuration Example
When there are several routers operating IGMP in a subnet, one router is chosen Querier Survival Time to serve as a querier to take charge of sending query messages to other routers in the network segment. In the network initialization, all the routers in the network segment act as querier by default, and send general query messages to all the multicast hosts in the subnet the routers connect to.
Page 513 Quidway B 10.16.1.3 10.16.1.2 10.16.1.0/24 10.16.1.1 1 Configure the IP addresses of the interfaces of Router A, Router B and the PC. [RouterA]interface e0 [RouterA-Ethernet0]ip address 10.16.1.3 24 [RouterB]interface e0 [RouterB-Ethernet0]ip address 10.16.1.2 24 2 Execute the multicast routing-enable command on 3Com A and 3Com B to enable multicast routing.
Page 514 34: C IGMP HAPTER ONFIGURING...
Page 515: Pim-Dm Overview
When new members appear in the prune area, PIM-DM sends graft message to enable the pruned path to restore to distribution status.
Page 516: Pim-Dm Configuration
Graft Message: The host informs the router which multicast groups it wants to join by a IGMP membership report message. At this time, the port sends a graft message to the upstream router. After the upstream router receives a graft message, it adds this port to the forwarding list of the multicast group.
Page 517: Debugging Pim-Dm
Disable PIM-DM protocol undo pim dm Configuring the Time After the interface starts PIM-DM protocol, it will periodically send to all the PIM Interval for Hello routers (group address is 224.0.0.13) hello messages to find neighbors. PIM Messages query-interval timer determines the time interval.
Page 518: Pim-Dm Configuration Example
| prune } } After making the previous configuration, execute the command in all display views to display the running of the PIM-DM configuration, and to verify the effect of the configuration. Execute the command in system view to debug debugging PIM-DM.
Page 519: Pim-Sm Overview
And it reduces data messages and controls the network bandwidth occupied by the messages occupy by allowing routers to explicitly join and leave multicast groups. PIM-SM constructs an RP path tree (RPT) with the RP its root so as to make the multicast packets transmitted along with the RPT.
Page 520: Pim-Sm Configuration
Bootstrap Message: The router sends this message from all the interfaces except on that interface receiving this kind of message. This kind of message is generated in BSR, and is forwarded by all the routers. It is used to inform all the routers of the RP-Set information collected by BSR.
Page 521 C-RPs periodically unicast to BSR C-RP advertisements. BSR then selects the RP, and propagates it to the whole network. There may be several RPs, and each has different group service range. In this way, all the routers can get RP information.
Page 522 Use pim command in system view to enter PIM view. Generally, only one C-BSR and one C-RP are configured in the network, and usually it is the same router. Only one C-BSR can be configured for a single router. The latter configured C-BSR replaces the formerly configured C-BSR. Subscribers are recommended to configure the C-RP and C-BSR at the loopback interface of the same router.
Page 523: Debugging Pim-Sm
By default, the threshold value of the shortest path switches from the shared tree to source is zero. That is to say, after the router receives the first multicast data packet in the last hop, it switches immediately to the shortest path tree.
Page 524: Pim-Sm Configuration Example
Example equipment, the routing protocols are different. Because the PIM protocol is independent of any specific unicast protocol, there is no need to pay attention to the unicast protocol. The the purpose of this example, the routers are mutually accessible.
Page 525: Troubleshooting
Configure PIM domain boundary [RouterB-Serial2] pim bsr-boundary When the Serial 2 has been configured to be BSR, Router D will not be able to receive the BSR information sent by Router B, which will be excluded from this PIM domain.
Page 526 36: C PIM-SM HAPTER ONFIGURING...
Page 527: S Ecurity
VIII ECURITY Chapter 37 Configuring Terminal Access Security Chapter 38 Configuring AAA and RADIUS Protocol Chapter 39 Configuring Firewall Chapter 40 Configuring IPSec Chapter 41 Configuring IKE...
Page 529 Operators Guests A guest user can only log onto the router to execute the interconnectivity test commands, such as ping, tracert, pad. An operator user can only view the running and debugging information of the router. An administrator user can not only view all the router information, but can also configure and maintain the router.
Page 530 Delete a user undo local-user user-name By default, no user is configured. Configuring User Login All users who access a router through a terminal are called terminal users. 3Com Authentication routers divide terminal users into five types: Asynchronous port terminal user X.25 PAD calling user...
Page 531 An operator user using telnet Configureng Administrator User Login Authentication from a Console Port In this example, the user name is abc and the password is hello. The RADIUS server first authenticates the user, and then local authentication is used when the former authentication cannot be carried out normally.
Page 532 37: C HAPTER ONFIGURING ERMINAL CCESS ECURITY...
Page 533: Aaa Overview
Server: A RADIUS server runs on a central computer or workstation, and contains the information for user authentication and network service visits. Client: A client is located at the Network Access Server (NAS) side. It can be placed anywhere in the network.
Page 534: Basic Information
Dictionary Users Clients In addition, a RADIUS server can act as the client of other AAA servers to perform authentication or accounting. A RADIUS server supports multiple ways to authenticate the user, such as PPP-based PAP, CHAP and UNIX-based login.
Page 535: Radius Protocol
2 Having received the username and password, teh RADIUS client sends an authentication request packet (Access-Request) to the RADIUS server. 3 The RADIUS server authenticates the user information in the user database. If the authentication succeeds, it sends the user's right information in an authentication response packet (Access-Accept) to the RADIUS client.
Page 536 Attribute field and the valid received response packets, but remains unchanged during retransmission. The Authenticator field (16 bytes) is used to authenticate the request transmitted by the RADIUS server, and it can also be used on the password hidden algorithm. There are two kinds of Authenticator packets: Request Authenticator: Adopts 16-byte random code.
Page 537 Framed-Route Login-LAT-Port Attribute field 26 (Vender-Specific) in the RADIUS protocol can be easily extended, so that the user can define extension attributes. Figure 168 shows the packet structure: Figure 168 Fragment of the RADIUS packet that includes extension attribute Type...
Page 538: Enabling And Disabling
List for Login Users list is used in sequence to authenticate users. Login users are divided into FTP users and EXEC users. EXEC means logging on the router through Telnet or other methods, such as the console port, asynchronous serial port, telnet, X.25 PAD calling, for router configuration. The two types of users have to be authorized in a local user database with the command .
Page 539 The none method is meaningful only when it is the last item of the method list. Note that only one login method list can be configured, which can use a different name from the previously configured list.
Page 540 Configuring a Local IP A local address pool is mainly used to assign an IP address for users who log in Address Pool remote PPP. If the end IP address of the pool is not specified when the IP address pool is defined, there will be only one IP address in the address pool.
Page 541 1 Information about the user is sought in the local database. If the information is present, the login of the user is permitted. 2 If the user information is not in the local database and if the RADIUS server authentication is configured, the user information is sent to the RADIUS server for authentication.
Page 542 Delete a user with caller number undo local-user user-name Configure FTP User and the Usable Directory An FTP user and the FTP directory available for the user can be configured in the local database. The function is reserved temporarily for future extension.
Page 543: Configure Radius Server
When a single service is authorized to a user, it is only necessary to configure any one of the parameters of , and after the service type.
Page 544 To insure the identification validity of the two parties, the secret key of the router must be the same as the one set on the RADIUS server, so that it can pass the authentication of the RADIUS server.
Page 545 RADIUS process failure, the system sets this server to "dead", and periodically queries whether it can work normally or not. If the server is found to work normally, then after the currently used server breaks down, the system will automatically uses the first one.
Page 546: Configuration Examples
By default, the real-time accounting packet is sent to the RADIUS server at an interval of 0 minutes, indicating that real-time accounting is disabled. The interval ranges from 0 to 32767 minutes.
Page 547 1812 and 1813 respectively. Authenticate by the local database first, and if there is no response, use the RADIUS server. Charge all users in real time. The real-time accounting packet is sent at the interval of 5 minutes. See Figure 169.
Page 548: Troubleshooting Aaa
[Router] radius timer realtime-accounting 5 Authenticating an FTP The authentication server is 129.7.66.66, numbers of ports being 1812 and 1813. Authenticate and charge FTP users using RADIUS server first, and if there is no response, do not authenticate or charge them. See Figure 169.
Page 549 5 If none of the above operations work, check whether the RADIUS server has been configured correctly, and whether the modification has been activated A user's RADIUS authentication is always rejected Follow the steps below.
Page 550 38: C RADIUS P HAPTER ONFIGURING ROTOCOL...
Page 551: Firewall Overview
A firewall is used not only to connect the Internet, but also to control the access to some special part of the internal network, such as to protect mainframes and important resources, such as data, in the network.
Page 552: Packet Filtering
For example, the FTP application gateway will be a FTP server to a connected client end, but will be an FTP dlient to the server end. All FTP data packets transmitted on the connection must pass through this FTP application gateway.
Page 553 Access Control List To filter data packets, rules need to be configured. A rule identifies a packet to be considered by an Access Control List. The access control list is generally employed to configure the rules to filter data...
Page 554 Protocol-number is the type of the protocol carried by IP in the form of name or number. The range of number is from 0 to 255, and the range of name is icmp, igmp, ip, tcp, udp, gre and ospf.
Page 555 Firewall Overview Table 619 Mnemonic Symbol of the Port Number Protocol Mnemonic Symbol Meaning and Actual Value Border Gateway Protocol (179) chargen Character generator (19) Remote commands (rcmd, 514) daytime Daytime (13) discard Discard (9) domain Domain Name Service (53)
Page 556 Time (37) Who(513) Xdmcp X Display Manager Control Protocol (177) As for the ICMP, you can specify the ICMP packet type. You can use a number (ranging 0 to 255) or a mnemonic symbol to specify the packet type.
Page 557 By configuring the firewall and adding appropriate access rules, you can use packet filtering to check IP packets that pass the router. The passing of unexpected packets can thus be prohibited. In this way the packet filtering helps to protect the network security.
Page 558: Configure Firewall
If they are the same, then compare the wildcards of the destination address. If they are still the same, compare the range of port numbers, and the rule with smaller range will be arranged first. If the port numbers are the same, then match the rules according to the user's configuration sequence.
Page 559: Access Control List
Configure Firewall Configuring Standard The value of the standard access control list is an integer from 1 to 99. First of all, Access Control List enter the ACL view through command, and configure the match sequence of the access control list, and then configure specific access rules through rule command.
Page 560: Time-Range
Users shall set the special time range when using . Multiple rules with the same serial special number will be matched according to “depth-first”principle.
Page 561 The command can define 6 time ranges at the same time. settr The format of the time range is hh:mm. The value of hh is 0 - 23 hours and the value of mm is 0- - 59 minutes. The command...
Page 562: Firewall Configuration Example
Specifying Logging Host Firewall supports a logging function. When an access rule is matched, and if the user has specified to generate logging for this rule, logs can be sent to and recorded and saved by the logging host. Perform the following configurations in system view.
Page 563 129.38.1.3. The enterprise address to the outside is 202.38.160.1.Address conversion has been configured on the router so that the internal PC can access the Internet, and the external PC can access the internal server. By configuring a firewall, the following are expected: Only specific users from external network can access the internal server.
Page 564 39: C HAPTER ONFIGURING IREWALL 6 Configure rules to permit specific user to obtain data (only packets of port greater than 1024) from an external network [Router-acl-102] rule permit tcp source any destination 202.38.160.1 0.0.0.0 destination-port greater-than 1024 7 Apply rule 101 on packets coming in from interface Ethernet0...
Page 565: Configuring Ipsec
With IPSec, it is unnecessary to worry about the data to be monitored, modified or forged when they are transmitted in public network, which enables secure access to VPN (Virtual Private Network), including internal, external networks and that between remote users.
Page 566 Thus, crypto cards can synchronously process user data, which improves the speed of data encryption and decryption. For the IPSec applied at the crypto card side, the crypto cards will be unable to implement the IPSec processing if all the crypto cards on the router are in abnormal state.
Page 567 IPSec systems. Inbound data stream and outbound data stream are processed separately by inbound SA and outbound SA. SA is identified uniquely by a triple (SPI, IP destination address and security protocol number (AH or ESP). SA can be established through manual configuration or automatic negotiation.
Page 568 This can prevent the router from encrypting or decrypting communication information. (that is to say not allowing the policy defined in this security policy to be applied). If all the security policies on an interface are denied, this communication is not protected by encryption.
Page 569 By default, the outputting of log is disabled. Enable the main For the SAs applied at the encrypt-card side, the works of IPSec processing on the software backup traffic will be shared among the normal encrypt-cards as long as there are encrypt-cards in normal status on the router.
Page 570 IPSec security confederation. Define IPSec proposal Multiple IPSec proposals can be defined, and then one or many of them can be quoted in one security policy. The same security protocol and algorithm conversion must be configured at both ends when security confederation is manually created.
Page 571 After the transport mode is defined, it is necessary to select the security protocol for the transport mode. The security protocols available at present include AH and ESP, both of which can also be used at the same time. Both ends of security tunnel must select the same security protocols.
Page 572: Creating A Security Policy
For example, a security policy created with manual mode cannot be modified to a policy with isakmp mode. To have the same policy with a different mode, you must delete the policy then recreate it with a different mode.
Page 573 When a security policy group is applied on an interface, actually multiple different security policies in this security policy group are applied on it at the same time, so that different data streams are protected by different SAs. Creating a Security Perform the following configurations in system view.
Page 574 At both ends of a security tunnel, the SPI and the key of the local inbound SA must be the same as those of the peer outbound SA, and the SPI and the key of the local outbound SA must be the same as those of the peer inbound SA.
Page 575 {ah |esp} spi AH/ESP protocol (applicable to IPSec software and crypto card) By default, no SPI value of inbound/outbound SA is set. 2 Set the key used by the security policy association Table 644 Configure Key Used by Security Policy Association...
Page 576 The keys are input in two modes and those input in string mode are preferred. At both ends of the security tunnel, the keys should be input in the same mode. If the key is input at one end in string mode, but at the other end in hexadecimal mode, the security tunnel cannot be created correctly.
Page 577 The new SA should have completed the negotiation before the original SA times out, so that the new SA can be put into use as soon as the original SA expires. Soft timeout of SA occurs when a new SA is negotiated at the time when the existing...
Page 578 DOWN state, the communication switches to the backup link automatically. In this case, a new SA pair (including phase 1 SA and phase 2 SA) that correspond to the backup link are created, but the original SA pair on the primary link is not deleted in time.
Page 579: Displaying And Debugging Ipsec
By default, detection of the router at the remote end of the tunnel is disabled. Apply Security Policy To put the defined SA into effect, it is necessary to apply a security policy to each Group on Interface interface (logical or physical) that will encrypt site-out data and decrypt site-in data.
Page 580 When the crypto card operates abnormally, resetting the crypto card can be used to restore the crypto card to normality. When resetting the crypto card, the crypto card restores its initialization. At the same time, the host retransmits the card's configured information and SA information being used to the crypto card.
Page 581: Ipsec Configuration Example
Encrypting, Decrypting, and Authenticating NDEC Cards Creating an SA Manually Establish a security tunnel between Router-A and Router-B to perform security protection for the data streams between PC-A represented subnet (10.1.1.x) and PC-B represented subnet (10.1.2.x). The security protocol adopts ESP protocol,...
Page 582 10.1.1.2 10.1.2.2 Prior to the configuration, you should ensure that Router A and Router B can interwork at the network layer through a serial interface. 1 Configure Router A: a Configure an access list and define the data stream from Subnet 10.1.1x to Subnet 10.1.2x.
Page 583 Configure the route. [RouterA] ip route-static 10.1.2.0 255.255.255.0 202.38.162.1 2 Configure Router B: a Configure an access list and define the data stream from Subnet 10.1.2x to Subnet 10.1.1x. [RouterB] acl 101 [RouterB-acl-101] rule permit ip source 10.1.2.0 0.0.0.255 destination 10.1.1.0 0.0.0.255...
Page 584 DES, and authentication algorithm adopts sha1-hmac-96. See Figure 174 for an illustration of the configuration. Prior to configuring, you should ensure that Router A and Router B can interwork at the network layer through a serial interface. 1 Configure Router A: a Configure an access list and define the data stream from Subnet 10.1.1x to...
Page 585 Configure corresponding IKE [RouterA] ike pre-shared-key abcde remote 202.38.162.1 2 Configure Router B: a Configure an access list and define the data stream from Subnet 10.1.2x to Subnet 10.1.1x. [RouterB] acl 101 [RouterB-acl-101] rule permit ip source 10.1.2.0 0.0.0.255 destination 10.1.1.0 0.0.0.255...
Page 586 PC A PC B 10.1.1.2 10.1.2.2 Configure Router A a Configure an access list and define a data stream from subnet 10.1.1.x to subnet 10.1.1.2.x. [RouterA] acl 101 permit [RouterA-acl-101] rule permit ip source 10.1.1.0 0.0.0.255 destination 10.1.2.0 0.0.0.255 [RouterA-acl-101] rule deny ip source any destination any b Establish proposal view of crypto card in the name of tran1.
Page 587 Apply security policy base on serial port. [RouterA-Serial0] ipsec policy policy1 2 Configure Router B a Configure an access list and define a data stream from subnet 10.1.2.x to subnet 10.1.1.x. [RouterB] acl 100 [RouterB-acl-100] rule permit ip source 10.1.2.0 0.0.0.255 destination 10.1.1.0 0.0.0.255...
Page 588: Troubleshooting Ipsec
Enter serial port configuration mode and configure IP address. [RouterB] interface serial 0 [RouterB-Serial0] ip address 202.38.162.1 255.255.255.0 q Return to system view and configure static routing to network segment 10.1.1.x. [RouterB-Serial0] quit [RouterB] ip route-static 10.1.1.0 255.255.255.0 202.38.163.1 r Apply security policy base on serial port.
Page 589 The crypto card may be enabled (“run” indicator blinks quickly). If 5 seconds later the crypto card is still enabled, the router may be restarted (it must be noted that the configuration of the router must be saved first).
Page 590 40: C HAPTER ONFIGURING...
Page 591: Configuring Ike
(such as shut-off), the local party has no way to know about it. When the peer party restarts the machine, because there is a security association locally, the negotiation cannot be initiated, or only initiated by the peer party, or negotiated after timeout.
Page 592 Policy then reach a negotiation using an IKE policy. During the subsequent negotiation, the security data provided by this IKE policy will be used to protect negotiation data. Multiple policies with priority must be created on each terminal to ensure that at least one policy can match that of the remote terminal.
Page 593 IKE policy used by both sides. The remote terminal will match the received policy with all of its IKE policies as per the precedence order. The one of highest precedence will be first judged. If one IKE...
Page 594 41: C HAPTER ONFIGURING The system creates only the default IKE security policy that cannot be deleted or modified by users. Selecting an Encryption The two types of encryption algorithms that are supported are the 56-bit Algorithm DES-Cipher Block Chaining (DES-CBC) algorithm and the 168-bit 3DES-CBC algorithm.
Page 595 If the policy lifetimes of two terminals are different, only when the lifetime of originating terminals is reater than or equal to that of the peer end can the IKE policy be selected, and the shorter lifetime selected as IKE SA lifetime.
Page 596: Displaying And Debugging Ike
Usually, the initiator transmits a packet proving itself still alive to the peer party, while the responder confirms that the peer party is still alive after receiving it. The keepalive function includes two timers, interval and timeout.
Page 597: Ike Configuration Example
Example with IKE automatic negotiation between security gateways A and B. Configure an IKE policy on Gateway A, with Policy 10 is of highest priority and the default IKE policy is of the lowest priority. Pre-shared key authentication algorithm is adopted.
Page 598 IPSec SA. policy If the above two results show that one party has SA but the other does not, then use the command to clear SA with error and re-originate reset ike sa...
Page 599 Chapter 42 Configuring VPN Chapter 43 Configuring L2TP Chapter 44 Configuring GRE...
Page 601: Vpn Overview
VPN cannot be used by other VPNs on the same carrying network or by network users who do not belong to the VPN. The VPN is safe enough to make sure that the internal information within a VPN is free from being invaded by external users.
Page 602: Operation Mode
Partner In this configuration, the users who need the internal resources of enterprises, can access the POP (Point of Presence) server of local ISP via PSTN or ISDN, and further access the internal resources of the enterprises. Traditional WAN construction techniques only supply the service with the aid of leased line between them.
Page 603: Layer 2 Tunneling Protocol
VPN (VPDN accessing) services but also leased line VPN services. Layer 3 tunneling protocol Layer 3 tunneling protocol starts from and ends in ISP. PPP session ends in NAS and only layer 3 messages are carried over the tunnel. The current layer 3 tunneling protocols include:...
Page 604 Virtual Leased Line (VLL): VLL emulates the traditional leased line service with the help of the IP network and hence providing asymmetrical and inexpensive leased line service. For the users at both ends of the VLL, the VLL is similar to the traditional leased line.
Page 605: Configuring L2Tp
The management tool is responsible for managing VPDN equipment and users, including NMS and AAA. Remote dial-up users access local ISP NAS by dialing via the local PSTN or ISDN. With the aid of a onnection to the local ISP and proper tunneling protocol encapsulating a higher-level protocol, a VPN is established between the NAS and the peer gateway.
Page 606 LAC and the remote system, but in a VPDN application, the PPP link is often adopted. Being an end of the L2TP tunnel, LNS is the peer device of LAC and is the logical terminating end of the PPP sessions transmitted by the LAC through the tunnel.
Page 607 Overview of L2TP The L2TP (Layer 2 Tunneling Protocol) supports transmitting PPP frames by tunneling, and the end of layer 2 data link and the PPP session can reside on different devices, communicating based on packet switching which extends the PPP model.
Page 608 L2TP detects the connectivity of a tunnel using a Hello message. When the tunnel is idle for some time, LAC and LNS begin to transmit the Hello message to the opposite end. If no response to the Hello message is received for some time, the sessionis cleared up.
Page 609 (e.g. CHAP and PAP) provided by PPP, so it has all security features of PPP. L2TP can be integrated with IPSec to fulfill data security, so it is difficult to attack the data transmitted with L2TP. As required by specific network security, L2TP adopts channel encryption technique, end-to-end data encryption or application layer data encryption on it to improve data security.
Page 610 Originate L2TP connection request and configure LNS address Configure AAA and local users Enable L2TP The L2TP on a router can work normally only after it is enabled. If it is disabled, the router will not provide the related function even if the L2TP parameters are configured.
Page 611 After a dial-up user passes VPN authentication successfully, LAC conveys the Connection Request and request of creating tunnel to a designated LNS. Besides the IP address of the LNS, Configure LNS Address LAC can fulfill authentication for 3 types (namely, 3 triggering conditions) of dial-up users based on this configuration: full user name (fullusername), user with a particular domain (domain) and called number (dnis).
Page 612 Configure the name of the receiving end of the tunnel Configure the local VPN user Enable L2TP The L2TP on a router can work normally only after it is enabled. If it is disabled, the router will not provide the related function even if the L2TP parameters are configured.
Page 613 After a request of this is received, the LNS will check Tunnel whether the name of LAC is compliant with that of the legal remote end of the tunnel first, then decide whether the tunnel will be created.
Page 614 When the group number of L2TP is 1 (the default L2TP group number), it is unnecessary to specify the remote-name. If the name of remote end is still specified in the view of L2TP group 1, L2TP group 1 will not work as the default L2TP group.
Page 615 This configuration is applicable to LAC and LNS. Name Users can configure the local tunnel name at both LAC and LNS. The tunnel name at LAC should keep consistent with the name of the receiving end of the tunnel configured at LNS.
Page 616 The tunnel authentication password is the router host name, so you must manually configure the tunnel authentication password after the authentication is enabled, and ensure that the password at the LAC side is the same as that at the LNS side.
Page 617 Configure Domain This configuration is applicable to LAC only. Delimiter and Searching If there are a lot of users dialing in domain name mode, it is time-consuming to Order search users in sequence. Therefore, it is recommended to set the necessary searching policies (e.g., prefix and suffix delimiters) at LAC side to speed up the...
Page 618 CHAP Authentication authenticate these users again. In this case, the users will be authenticated twice, the first authentication being at LAC and the second one at LNS side. Only after passing both of the authentications can the L2TP tunnel be established.
Page 619 LNS where the user will be checked based on the received proxy authentication information. But in some specific cases (e.g., when it is necessary to authenticate and charge at LNS side), the LCP renegotiation between the LNS and the user will be implemented by force, at that time, the proxy authentication information at NAS side will be ignored.
Page 620 By default, AV pairs are hidden. In actual configuration, it is recommended to enable hiding AV pairs at LAC and LNS sides at the same time, or disable hiding AV pairs at LAC and LNS sides at the same time Configure the Maximum This configuration is applicable to LAC and LNS.
Page 621: L2Tp Configuration Examples
NAS authenticates the users to determine whether they are VPN users. The tunnel is used to transmit data between NAS and LNS. A user can have access to the LAN of a company through dialup. Both the LAC (NAS) and LNS connect to the Internet through serial interfaces, and transmit data through Tunnel.
Page 622 LAC side) [Router-LNS] local-user lac service-type ppp password simple lac b Define an address pool and assign an address for the dialup user. [Router-LNS] ip pool 1 192.168.0.3 192.168.0.100 c Implement local AAA authentication for the VPN user.
Page 623 [New Connection] and choose “Dial-up to the Internet”. Figure 184 Network Connection Wizard Click <Next> and choose “I want to set up my Internet connection manually, or I want to connect through a local area network (LAN)” in the popup dialog...
Page 624 ONFIGURING Figure 185 Internet Connection Wizard (1) Click <Next> and input the telephone number at the NAS side in the popup dialog box (if it is a local telephone number, you should deselect “Use area code and dialing rules”), as shown in the following figure.
Page 625 Click <Next> and input username and password (such as the username lac and password lac) in the popup dialog box so as to access ISP. The input contents must be the same as the configuration at the NAS side, as shown in the...
Page 626 L2TP HAPTER ONFIGURING Figure 187 Internet Connection Wizard (3) Click <Next> and input the name of dialup connection (such as “Connection to 660046”) in the popup dialog box, as shown in the following figure. Figure 188 Internet Connection Wizard (4)
Page 627 L2TP Configuration Examples Click <Next> and deselect "To connect to the Internet immediately, select this box and then click Finish" in the popup dialog box, as shown in the following figure. Figure 189 Internet Connection Wizard (5) Click <Finish> and double click “Connection to 66046” icon, then after inputting the username and password, you can dial up to access NAS.
Page 628 Networking After connecting to the Internet, the VPN user originates request for connecting Tunnel. At receiving the request, LNS establishes a Tunnel with the VPN, so as to transmit data between the user and the company headquarters. LAC (NAS) and LNS are connected to a 3Com router. They connect to the Internet through serial interfaces and transmit data through Tunnel.
Page 629 Configure the username and password (when establishing VPN connection in Windows2000). [Router-LNS] local-user lns_user service-type ppp password simple b Define an address pool and assign a VPN address for the dialup user. [Router-LNS] ip pool 1 192.168.0.3 192.168.0.100 c Implement local AAA authentication on VPN user.
Page 630 Windows2000. Create a dialup connection and a VPN connection in Windows2000 operation system. The way to create a dialup connection is the same as that introduced in the example of “NAS-originated VPN Networking”. To create a VPN connection, open [Start/Program/Accessories/Network and Dialup Connection], click [New Connection], and then choose “Connect to a...
Page 631 L2TP Configuration Examples Figure 193 Network Connection Wizard (2) Click <Next>, and configure the IP address of LNS in the popup dialog box (The address is the address of LNS interface connected to the Internet), as shown in the following figure.
Page 632 After connection, input the username and password that are the same as those configured at LNS side, as shown in the following figure.
Page 633 ISDN ISDN III. Configuration procedure 1 Configuration at the user side Set up a dialup network, with the same access number as that of Router1, and it receives the address assigned by LNS server. Input as the vpdnuser@3Com.com username and as the password in the popup terminal window.
Page 634 Networking of VPN I. Networking requirements Protected by IPSec To create an IPSec tunnel between the both ends of L2TP to transmit L2TP packets which are encrypted through IPSec, so as to guarantee the security for VPN. II. Networking diagram...
Page 635 202.38.160.2 [Router1-ipsec-policy-l2tpmap-10] match address 101 [Router1-ipsec-policy-l2tpmap-10] set peer 202.38.160.2 [Router1-ipsec-policy-l2tpmap-10] set transform l2tptrans f Configure an IP address on Serial 0 interface and apply a IPSec policy. [Router1] interface serial 0 [Router1-Serial0] ip address 202.38.160.1 255.255.255.0 [Router1-Serial0] ipsec policy l2tymap g Configure a L2TP group and configure the related attributes.
Page 636: Troubleshooting L2Tp
1 Fail to establish the tunnel. The reasons are as follows: At LAC side, the LNS address is improperly configured. LNS (usually a router) is not configured to receive L2TP group of the peer of the tunnel. For details, refer to the description of the command.
Page 637 Errors occur to user name and password set at LAC, or the corresponding user information is not set at LNS. LNS cannot allocate addresses, e.g., the address pool is set too small, or is not set at all. The types of tunnel password authentication are inconsistent. Given that the default authentication type of VPN connection created by Windows 2000 is MSCHAP, if the peer does not support MSCHAP, CHAP is recommended.
Page 638 43: C L2TP HAPTER ONFIGURING...
Page 639 IP and IPX, and enables these encapsulated datagrams to transmit in another network layer protocol, such as IP. GRE is a Layer 3 protocol that creates Virtual Private Network (VPN) tunnels. A tunnel is a virtual point-to-point connection and is a virtual interface that only supports point-to-point connections.
Page 640 ONFIGURING which examines the key, checksum or message sequence number. After the GRE header is removed, the IP message is processed by the IPX protocol in the same way as an ordinary datagram. The system receives a datagram to be encapsulated and routed,. The datagram is first encapsulated in the GRE message so that the datagram is the payload of a GRE message.
Page 641 Router IP network When using RIP, if the hop count between two terminals in Figure 202 is more than 15, the two terminals cannot communicate with each other. If tunneling is used in the network, hop counts will not be incremented inside the tunnel, that is, hops can be hidden, which enlarges the operating range of the network.
Page 642: Configuring Gre
With the tunnel available, the trans-WAN VPN can be established. In addition, GRE also allows users to select and record an identification key word for the tunnel interface, a check of the encapsulated message, and the use of synchronous sequence numbers to ensure channel safety and correctness of transmission data.
Page 643 By default, no network address for the tunnel interface is configured. Setting the It is stipulated in RFC 1701 that if the key field of the GRE header is set, the Identification Key Word receiving side and transmitting side check the identification key word of the of the Tunnel Interface channel.
Page 644 By default, no identification key word of the tunnel interface is configured. Setting the Tunnel It is stipulated in RFC 1701 that if the checksum field of the GRE header is set, the Interface to Check with checksum is valid. The transmitting side calculates the checksums of GRE header Checksum and payload.
Page 645: Displaying And Debugging Gre
It can be implemented by using GRE. PC A communicates with PC B in GRE tunneling mode in the Internet. Router A and Router B are two ends of the GRE tunnel, while Router C is located in the GRE tunnel.
Page 646 [RouterC-Serial0] ip address 10.1.1.2 255.255.255.0 [RouterC-Serial0] interface serial 1 [RouterC-if-Serial1] ip address 20.1.1.1 255.255.255.0 Application of The two subnets group1 and group2 that running Novell IPX protocol need to set IPX-over-IP GRE up a virtual private network across a LAN using GRE technology.
Page 647 Configure the IP address of Serial0 interface. [RouterA] interface serial 0 [RouterA-Serial0] ip address 192.10.1.1 255.255.255.0 d Create a virtual tunnel interface, and configure the IP address, source address and destination address. [RouterA] interface tunnel 0 [RouterA-Tunnel0] ip address 10.1.2.1 255.255.255.0 [RouterA-Tunnel0] ipx network 1f [RouterA-Tunnel0] source 192.10.1.1...
Page 648: Troubleshooting Gre
PC A and PC B fails. Check whether there is a route passing through the Tunnel interface, that is, on Router A, the route to 10.2.0.0/16 passes through Tunnel0 interface; on Router B, the route to 10.1.0.0/16 passes through Tunnel0 interface (it is implemented by...
Page 649 ELIABILITY Chapter 45 Configuring a Standby Center Chapter 46 Configuring VRRP...
Page 651 Configuring Standby Load Sharing Entering the View of the On a 3Com router, not only every physical interface or sub-interfaces of the router, Main Interface but every virtual circuit of X.25 or frame relay can work as a main interface. If the...
Page 652 If the main interface is a virtual circuit, it should be treated differently depending on the type of the virtual circuit. First, specify its logic channel number in the view of the physical interface to which it is subordinate, then enter the corresponding logic channel view.
Page 653 If the main interface recovers within the delay time, the system will not switch to the standby interface. Table 699 Set the Delay Time for the Switchover from the Main Interface to the Standby Interface...
Page 654: Load Sharing
ONFIGURING A TANDBY ENTER priority; after the logic channel changes to up, it's required to switch from the standby interface with the second highest priority to this logic channel. Perform the following commands in the view of the logic channel.
Page 655 Serial 0, and use interface Serial 1 as a preference. 1 Enter the view of Serial 0. [Router] interface serial 0 2 Set interfaces Serial 1 and Serial 2 as the standby interfaces, their priorities being 30 and 20, respectively. [Router-Serial0] standby interface serial 1 30...
Page 656 HAPTER ONFIGURING A TANDBY ENTER 5 Enter the view of logic channel 5 and set logic channel 3 and interface Serial 1 as its standby interfaces, their priorities being 50 and 20 respectively. [Router-Serial1]logic-channel 5 [Router-logic-channel5]standby logic-channel 3 50 [Router-logic-channel5]standby interface serial 2 20...
Page 657: Vrrp Overview
Virtual Router Redundancy Protocol (VRRP) is a fault-tolerant protocol. In general, a default route (the next hop is 10.100.10.1) is configured for a network host so that packets sent by the host with destination addresses not in the local network segment go through the default route to Router 1 to implement communication between the host and the external network.
Page 658 10.10.100.1 Ethernet This virtual router has its own IP address: 10.100.10.1 (it can be the same as the interface address of a router within the standby group). The routers within the standby group have their own IP addresses (10.100.10.2 for the master routers and 10.100.10.3 for the backup routers).
Page 659 The range of priority is 0 to 255 (the bigger the number, the higher the priority) with 100 as the default. However the range to be configured is from 1 to 254. Priority 0 is reserved for special use by the system and 255 is reserved for the IP address owner.
Page 660 VRRP HAPTER ONFIGURING Configuring Preemption Once a router in the standby group becomes the master router, so long as it still Mode and Delay of functions properly, other routers, even configured with higher priority later, cannot Standby Group Routers become the master router unless they are configured with preemption mode. The router in preemption mode becomes the master router if it finds its own priority is higher than that of the present master router.
Page 661: Displaying And Debugging Vrrp
Once the monitored interface becomes unavailable, the priority value of this router is reduced, so that another router with a more stable interface state in the same backup group can act as a master router more easily...
Page 662: Vrrp Configuration Examples
Examples procedure for each configuration VRRP Single Standby Host A uses the VRRP standby group which combines router A and router B as its Group default gateway to visit host B on the Internet. A VRRP standby group consists of the following parts: standby group number1, virtual IP address 202.38.160.111, router A as the MASTER and router B as the...
Page 663 Under normal conditions, router A functions as the gateway, but when the interface Serial0 of router A is malfunctioning, its priority will be reduced by 30, lower than that of router B so that router B will preempt to function as master for gateway services instead.
Page 664 To solve these problems, try to ping the many master routers. If that fails, it indicates faults in the links between routers and it is necessary to check the links. If they can be pinged through, it indicates that the problems may be caused by an inconsistent configuration.
Page 665 Chapter 47 QoS Overview Chapter 48 Traffic Policing, Traffic Shaping and Line Rate Chapter 49 Congestion Management Chapter 50 Congestion Avoidance...
Page 667: Qos Overview
In the traditional IP network, all the packets are treated identically. Each router has to handle these packets a following first in first out (FIFO) policy. That is, it makes best effort to transmit the packets to the destination without considering the throughput, delay, jitter, drop rate of the packets, etc.
Page 668 C bucket has sufficient tokens, the traffic is said to conform to allowable burst levels. If the C Bucket is short of tokens but the E bucket has sufficient tokens, the traffic partially conforms to allowable burst levels.
Page 669 Benefits of QoS for the Network Service Adjustable network service. If the user is ISP, by using QoS, the adjustable network services of different priority levels can be provided to various types of clients. Secure network services for specific data flows. For example, it can ensure that the multimedia data flows and voice flows sensitive to the delay will acquire the service in time.
Page 670 47: Q HAPTER VERVIEW...
Page 671: Traffic Shaping
The typical function of t traffic policing is to limit traffic that enters the network to an allowable range by supervising its specification. If the packet traffic of a certain connection is too large, the packet is dropped or the priority level of the packet is specified.
Page 672 If the reaching speed of the user packets is faster than the speed at which the tokens are transmitted, it is necessary to take measures for the data exceeding the specified rate, for example, they are marked and allowed to pass through the network only when the network is not congested and they are dropped first when the network is congested.
Page 673: Committed Access Rate (Car)
The user can use the priority fields in the ToS domain of the IP packet header to define up to six types of services. The rules used to classify the packets can be...
Page 674 IP priority and MAC address). The CAR rules can be independent of each other. That is, each CAR rule reacts to a certain type of the packets separately. A cascade of CAR rules can also be used in which a packet is matched with successive CAR rules.
Page 675 On one interface (inbound or outbound directions), multiple CAR policies can be applied. However, on each interface (both inbound and outbound directions), a total of 100 CAR policies can be applied. Up to 100 CAR policies can be applied on one interface (inbound and outbound directions).
Page 676: Configure Router A
191.0.0.2 Router B 1 Configure Router A: CAR policy is applied to all the packets that are input to router A Ethernet 0 [RouterA-Ethernet0] ip address 190.0.0.1 255.255.255.0 [RouterA-Ethernet0] qos car inbound any cir 8000 cbs 15000 ebs 8000 conform pass exceed discard CAR policy is applied to all the packets that are output from router A Ethernet 1 [RouterA-Ethernet1] ip address 191.0.0.1 255.255.255.0...
Page 677 Router C Router A 10.0.0.1 11.0.0.2 1 Configure Router A: The CAR policy is applied to the packet inputted to router A serial interface 0 and matching priority level 1. [RouterA] qos carl 1 precedence 1 [RouterA]acl 1 [RouterA-acl-1]rule permit source 10.0.0.0 0.0.0.255 [RouterA-acl-1]interface serial 0 [RouterA-Serial0] ip address 10.0.0.1 255.255.255.0...
Page 678 HAPING AND Apply a CAR Policy on the Packets that Match ACL The CAR policy is applied to the packet that is input to router A serial interface 0 and that matches the specific ACL rule, directly forwarding the packet that meets the conditions and dropping the packet that does not meet the conditions.
Page 679: Configuring Gts
Discarded packets If an interface does not use the rule defined by rule to classify the packet, the interface has only one queue. If GTS uses the rule defined by rule to classify the packet, it maintains a separate queue for every type of flow. In every interface,...
Page 680 Cancel the shaping parameters of the flow undo qos gts any By default, the traffic shaping is not performed on the interface. This command cannot be used along with the qos gts acl command on the same interface. You must disable fast forwarding before configuring all the traffic shaping parameters.
Page 681 Compared with CAR, LR can limit all the packets passing through the physical interface. CAR is implemented in the IP layer and is ineffective on the packets that are not processed by the IP layer. It is simple to use LR when the user only requires the limitation of all packets.
Page 682 48: T HAPTER RAFFIC OLICING RAFFIC HAPING AND Displaying and Table 718 Display and Debug LR Debugging LR Operation Command Display the LR configuration conditions display qos lr [ interface type and statistic information of the interface number ]...
Page 683: Congestion Management
The loss of the data packet can cause the host or router that is sending the data packet to resend this data packet because of a timeout which can cause a communication failure.
Page 684: Priority Queuing
When the congestion occurs, if not enough memory space is provided to buffer Management Policy the packets, some of the packets will be lost. The loss of the packets may cause Overview the host or router that is sending the packet to resend this packet because of overtime, re-congesting and resending, and so on, thereby causing a vicious circle.
Page 685: Weighted Fair Queuing
WFQ uses the fair queuing algorithm to dynamically divide the communications into messages. The message is a part of a session. With the use of WFQ, the interactive communication with a small capacity can obtain the fair allocation of the bandwidth, as the same as the communication with a large capacity (such as file transmission).
Page 686 Operating Principle of For congestion management, queuing technology is used. When congestion the Congestion occurs, the data packet is queued at the router by a policy. When dispatching, the Management Policies order for sending the data packet is decided by the policy.
Page 687 All the packets that will be transmitted from the interface are input to the end of the FIFO queue of the interface in the priority order of their arrivals. At the time when the interface transmits the packets, the packets are transmitted in order, starting from the head of the FIFO queue.
Page 688 With the use of CQ, such a case can be avoided. CQ has total of 7 queues. Queue 0 is the system queue that is first dispatched, and the queues 1 to 16 are the user queues that are dispatched by a polling method based on the bandwidth settings.
Page 689 For example, there are 5 types of traffic on an interface, and their priority levels are 0,1,2,3 and 4 respectively, the total quota of the bandwidth is the sum of each priority plus 1, that is 1 + 2 + 3 + 4 + 5 = 15. The percentage of the bandwidth...
Page 690: Configuring Congestion Management
1/15, 2/15, 3/15, 4/15 and 5/15. For example, there are total 4 flows currently, and the priority levels of three of them are 4, and that of one of them is 5, and then the total number of the allocated bandwidth is:...
Page 691 1 Configure the priority queue according to the network layer protocol Based on packet length, TCP/UDP port number, whether or not matching ACL, you can classify data packets, so that they can enter the queues with different priority. Perform the following configurations in system view.
Page 692 The data packet is inputted into the specified queue if it matches with the policy. If the data packet does not match with any policy, it is inputted into the default priority queue.
Page 693 Displaying and debugging the custom-list queue Configuring custom-list queuing Custom queuing includes up to 16 groups (the value range of cql-index is 1 to 16), each of which specifies which types of data packets are input to each queue, the lengths of various queues, and the number of bytes that can be continuously transmitted by polling every queue.
Page 694 If the data packet does not match with any policy, it is input to the default queue. If the default custom-list queue is not configured, the priority level is normal.
Page 695 By default, the length of the custom-list queue is 20, and the range of the value is 1 to 1024. Configuring the number of the continuously transmitted bytes of the...
Page 696: Configuring Wfq
CQ, and determine how long the router will dispatch the next queue of CQ. If the byte-count value is too small, the router will go to the next queue after at least one data packet is transmitted, and the bandwidths allocated to various queues may be far from the expected result.
Page 697: Congestion Management
[Router] qos pql 1 protocol ip acl 1 queue top 3 Set the length of the group 1 top queue of the priority queue to 10, while the lengths of other queues utilize the default values. [Router] qos pql 1 queue top queue-length 10 4 Apply the priority queue 1 to Serial 0.
Page 698: Configure Router A
[RouterA] qos cql 1 queue 2 queue-length 100 [RouterA] qos cql 1 queue 2 serving 1000 [RouterA] qos cql 1 protocol ip acl 107 queue 1 [RouterA] qos cql 1 protocol ip acl 108 queue 2 b Configure Serial0 master/slave addresses [RouterA-Serial0] ip address 192.168.0.1 255.255.255.252...
Page 699: Wfq Configuration Example
[RouterB-Tunnel1] ip address 10.1.7.2 255.255.255.0 [RouterB-Tunnel1] source 192.168.1.2 [RouterB-Tunnel1] destination 192.168.1.1 WFQ Configuration Example 1 Configure a WFQ queue with congestion discard threshold as 64 packets and 512 dynamic queues. [Router] interface ethernet 0 [Router-Ethernet0] qos wfq queue-length 64 queue-number 512...
Page 700 49: C HAPTER ONGESTION ANAGEMENT...
Page 701: Congestion Avoidance Overview
TCP flow control, of the source end, so as to adjust the traffic of the network to a rational load status in a more efficient way. The combination...
Page 702 The average length of the queue is the result of the low pass filtering of the queue length, it reflects the variation trend of the queue, and is not sensitive to the burst change of the queue length, so as to avoid the unfair treatment on the burst data flows.
Page 703: Wred Configuration
The longer the queue is, the higher the drop probability is--but there is a maximum drop probability.
Page 704 IP precedence, and the range of the value is 0 to 7. low-limit and high-limit are the minimum and maximum thresholds respectively. The default values are 10 and 30 respectively, and the range of the value is 1 to 1024.
Page 705: Congestion Avoidance
[Router-Ethernet0] qos wred weighting-constant 1 4 Configure the lower threshold, upper threshold, and drop probability denominator of the WRED queue with precedence 0 to be 10, 1024 and 30 respectively. [Router-Ethernet0] qos wred ip-precedence 0 low-limit 10 high-limit 1024 discard-probability 30...
Page 706 50: C HAPTER ONGESTION VOIDANCE...
Page 707 Chapter 51 Configuring DCC Chapter 52 Configuring Modem...
Page 709: Configuring Dcc
DCC configuration after it is bound to the dialer interface. Dial interface: A general term describing an interface for dialup connection. It can be a dialer interface, a physical interface bound to the dialer interface, or a physical interface directly configured with DCC parameters.
Page 710 In addition, all the B channels on an ISDN BRI interface inherit the configuration of this physical interface, and the dial route will become more complicated as the network grows and more protocols are supported. Therefore, the application of circular DCC is restricted due to the static binding between the dialing destination addresses and the physical interface configuration.
Page 711 Each dialer interface can contain multiple physical interfaces. In addition, a physical interface does not necessarily belong to any dialer interface, and can directly route to one or multiple destination addresses. As shown in Figure 224, physical interfaces Serial1, Bri0 and Serial2 belong to Dialer2, and on Dialer2 there are the maps of the string dialed and destination addresses.
Page 712 Suppose that Bri0 in Dialer bundle2 is assigned with the priority 100, Bri1 with 50, and Bri2 with 75. Since the priority of Bri0 is higher than that of Bri1 and Bri2, Bri0 will be selected first when Dialer2 selects a physical interface from Dialer bundle2.
Page 713: Preparing To Configure
DCC) to enable the initial DCC implementation. Configure MP binding, PPP callback, ISDN caller identification callback, ISDN leased line, auto-dial, or a combination of these, in addition to the basic DCC configuration, if special applications are required. Alternatively, depending on the actual dialing link state the user can make an appropriate adjustments to the attribute parameters of the DCC dial interface.
Page 714 If the physical interface is connected to a synchronous modem, configure the physical interface to operate in synchronous and dial mode. For an ISDN BRI or PRI interface, this step can be ignored.
Page 715 “permit” or “deny” statements in the dialer ACL. The packet complies with the “permit” statements. If the corresponding link has been set up, DCC will send the packet through this link and clear all the data in the idle-timeout timer. If not, it originates a new call.
Page 716 DCC parameters directly on a physical interface is only applicable for a single interface to originate calls to one or more remote ends. However, a dialer circular group is also applicable for multiple interfaces to originate calls to one or more remote ends in addition to that.
Page 717 As shown in this figure, the single local interface interface0 (if0) originates a DCC call to the single remote interface if1. Since the call originates at a single remote end the dialer string can be configured using the dialer number or dialer route command.
Page 718 As shown in this figure, the single local interface interface0 (if0) receives a DCC call from a single remote interface if1. Since the call is received by a single local interface, the dialer circular group can be used to configure DCC. You can choose to configure either PAP or CHAP authentication.
Page 719 As shown in this figure, the single local interface interface0 (if0) receives DCC calls from the remote interfaces if1 and if4. Since the local end is a single interface, the dialer circular group can be used to configure DCC. The user can select to configure either PAP or CHAP authentication.
Page 720 Router As shown in Figure 230, the local interfaces interface0 (if0), if1, and if2 originate DCC calls to the remote interfaces if1, if2 and if3. For allowing calls to originate from multiple remote ends, the user must use the command to dialer route configure the dialer strings and destination addresses.
Page 721 As shown in Figure 231, the local interfaces interface1 (if0), if1, and if2 receive DCC calls from the remote interfaces if1, if2 and if3. Since the local end is multiple interfaces, the dialer circular group must be used to configure DCC. The user can select to configure either PAP or CHAP authentication.
Page 722 When configuring resource-shared DCC based on RS-attribute set, a RS-attribute set is unable to apply its attributes to the physical interfaces in a dialer bundle. (For example, it is unable to apply PPP authentication to the physical interfaces). In other words, the physical interfaces do not inherit the authentication attribute of the RS-attribute set.
Page 723 Disable Resource-Shared DCC and delete undo dialer bundle the dialer bundle. By default, circular DCC has been enabled on ISDN BRI and PRI interfaces, so you need to configure the command when enable undo dialer enable-circular resource-shared DCC. Circular DCC has been disabled on other interfaces (serial, asynchronous, AUX, etc).
Page 724 By default, no dialer bundle is created, and the physical interfaces do not belong to any dialer bundle. If a physical interface is assigned to a dialer bundle, a default priority of 1 is assigned. Configuring dialing authentication for resource-shared DCC...
Page 725 0 means that the max bandwidth of all the channels is enabled and there is no flow control. If the traffic threshold is in the range 1 to 100, MP binding will adjust the allocated bandwidth by the actual traffic percentage.
Page 726 Configuring PPP callback in the circular DCC implementation Configure PPP callback client in the circular DCC implementation As a callback client, a router can originate calls to the remote end (which can be a router or Windows NT server having the PPP callback server function), and receive the return calls from the remote end.
Page 727 The user should configure the callback client user name in the dialer route command, so that the callback server can authenticate whether a calling party is a legal callback user when receiving its call requesting callback. Use the...
Page 728 Configure the PPP callback client in the resource-shared DCC implementation As a callback client, a router can originate calls to the remote end (which can be a router or Windows NT server having the PPP callback server function), and receive the return calls from the remote end.
Page 729: Configuring Isdn Caller Identification Callback
Features of ISDN caller identification callback In the applications of ISDN caller identification callback, the callback server can process a incoming call in three ways, depending on the matching result of the calling number and the dialer call-in command at the local end:...
Page 730 By default, callback according to ISDN caller identification is not configured. command configured on the dial interface (physical or dialer) dialer route at the server should be exactly the same dialer route in the dial-in dialer number. Configuring ISDN caller identification callback in the resource-shared DCC implementation...
Page 731: Configuring Auto-Dial
By default, no B channel is configured for ISDN leased line connection. Configuring auto-dial This function can only be used with circular DCC. With a circular DCC, after the router is started, the DCC will automatically attempt to dial the remote end of the connection without requiring a triggering packet.
Page 732 Configuring the buffer queue length of the dialer Configuring the Link Idle Time In the case that a dial interface originates a call, DCC can be set to disconnect the line after the amount of time for which the line stays idle. In the duration of the...
Page 733 Configuring the link disconnection time before initiating the next call After a line for DCC calls enters the down status due to faults or disconnection, a specified period of time must be elapsed (the interval before it can originate the next call) before a new dialup connection can be established again.
Page 734 To effectively control the time that should wait for the connection after a call is originated, the user can configure the wait-carrier timer to specify a duration, after which DCC will terminate the call if the connection cannot be established.
Page 735: Dcc Configuration Examples
RouterC can respectively call RouterA. However, RouterB and RouterC cannot call each other. As shown in Figure 233, when circular DCC is used, the addresses of RouterA, RouterB and RouterC are on the same segment. In this case, 100.1.1.1, 100.1.1.2, and 100.1.1.3 are the addresses respectively for RouterA, RouterB and RouterC.
Page 736: Configure Routerb
[Router-Serial0] dialer route ip 100.1.1.1 8810048 [Router-Serial0] dialer route ip 100.1.1.1 8810049 Solution 2 Establish a connection via the serial interfaces by using Resource-Shared DCC, and configure the DCC parameters on the dialer interfaces. a Configure RouterA: [Router] dialer-rule 1 ip permit...
Page 737 DCC Configuration Examples [Router-Serial0] dialer bundle-member 1 [Router-Serial0] dialer bundle-member 2 [Router-Serial0] link-protocol ppp [Router-Serial0] ppp authentication-mode pap [Router-Serial0] ppp pap local-user usera password simple usera [Router-Serial0] interface serial 1 [Router-Serial1] physical-mode async [Router-Serial1] modem [Router-Serial1] dialer bundle-member 1 [Router-Serial1] dialer bundle-member 2...
Page 738 51: C HAPTER ONFIGURING Solution 3: Establish a connection via ISDN BRI or PRI interfaces by using Circular DCC, and configure the DCC parameters on the physical interfaces. 1 Configure RouterA: [Router] dialer-rule 1 ip permit [Router] interface bri 0 [Router-Bri0] ip address 100.1.1.1 255.255.255.0...
Page 739 The maximum available bandwidth is specified. As shown in Figure 234, the ISDN BRI interfaces on RouterA and the ISDN PRI interface on RouterB are connected through an ISDN network. RouterA must adopt resource-shared DCC to call RouterB, and RouterB adopts circular DCC to call RouterA.
Page 740 51: C HAPTER ONFIGURING Figure 234 Network for the DCC application providing MP binding Bri0 8810148 8810152 ISDN Pri0 8810149 Router B Router A Bri1 Configure RouterA: [Router] dialer-rule 1 ip permit [Router] local-user userb password simple userb [Router] flow-interval 3 [Router] interface dialer 0 [Router-Dialer0] ip address 100.1.1.1 255.255.255.0...
Page 741: Router-To-Router Callback For Dcc
DCC Configuration Examples DCC Application Using To implement circular DCC, use a B channel on the ISDN BRI interface to provide a ISDN BRI Interface to leased line, and another B channel to implement remote dialing connection. Dial and Providing...
Page 742 Networking for ISDN caller ID callback Solution 1: Use Circular DCC to implement PPP callback. The server determines whether to originate a return call to a client according to the user names configured in the dialer routes. 1 Configure RouterA:...
Page 743 [Router-Bri1] dialer route ip 100.1.1.1 user usera 8810148 [Router-Bri1] dialer call-in 8810148 callback Router-to-PC Callback A router and a PC implement PPP callback via the serial interfaces over PSTN. As for DCC shown in the following figure, the PC and RouterA are interconnected via the modems across PSTN.
Page 744 [Router-Serial0] ppp pap local-user Router password simple Router [Router-Serial0] ppp callback server NT Server-to-Router A router and an NT server implement PPP callback via the serial interfaces across Callback for DC PSTN. As shown in Figure 238, RouterA and the NT server are interconnected via the modems across PSTN.
Page 745 [Router-Async0] dialer route ip 100.1.1.254 8810052 2 Configure NT server: a Configure the modem connected to the PC to be in “autoanswer mode”, open [Start/Programs/Accessories/Communications/Dialup Network], click [Set up new connection] in the [Dialup Network] window, select the [Server type] page in the established new connection, and perform the following operations: b First, open the [Network attributes/Services] page, add “remote access server”...
Page 746 As shown in the following figure, RouterB and RouterD work as access server, RouterA and RouterC at the dialing side accept the negotiated addresses assigned by the remote ends. The address pool for allocation is in the range of 100.1.1.1 to 100.1.1.16. RouterB and RouterD use the address 100.1.1.254, and obtain the dialer numbers 8810048 to 8810055 from the telecommunications service provider.
Page 747 [Router-Async8] ppp authentication-mode pap 3 Configure subscriber PC: a Install a modem in a subscriber PC, configure it to be in “autoanswer mode”, open [Start/Programs/Accessories/Communications/Dialup network], click [Set up new connection] in the [Dialup network] window, and select [Server type] in...
Page 748: Logical Interface Standby Through Dialer Route For Dcc
Start dialing, and input the user name user1 and the password pass1. Solution 2: The dialing side uses a single number to dial, and the accessing side uses circular DCC to set up the connection via the ISDN PRI interface. Configure the DCC parameters on the dialer interface.
Page 749 DCC Configuration Examples Figure 240 Network for the DCC application providing logic interface standby through dialer route Modem Modem 8810059 8810060 PSTN Serial0 Serial0 Serial1 Serial1 Router A Router B Solution 1: Adopt circular DCC and use the logic interface configured through the dialer route command as the standby interface.
Page 750 [Router-Serial1] ip address 200.1.1.2 255.255.255.0 [Router-Serial1] link-protocol ppp Troubleshooting DCC Modem does not dial when the router forwards the data, so the DCC dialup connection cannot be set up. Do the following: Check whether the modem and phone cable connections are correct, and whether the modem initialization process is correct.
Page 751 DCC and the remote end and diagnosis In this section, the debugging information that may be output when DCC cannot reach the remote end will be displayed and explained. The user can solve the problems with the solutions recommended in this section.
Page 752 ***, end for a long time. It may occur because the shutdown!start enable-time remote end is busy or the quality of the phone line is bad. The debugging information is probably outputted DCC: The interface has no...
Page 753: Configuring Modem
Routers Provide the scripts (modem script) for modem management to enable the user to better control the modems connected to the router. A modem script can be executed by the following two means: Executes a modem script directly through the...
Page 754 Both the strings and keywords are separated by spaces. If a space is contained in a string, it should be put in the double quotation marks (" "). A pair of empty quotation marks (that is, "") have two meanings. Being a leading "" in a script, it means that no string is expected from the modem and the system will directly send the strings to the modem.
Page 755: Configuring A Modem
Once being set, the setting will be valid till a new TIMEOUT is set. In which, seconds defaults to 180 and is in the range of 0 to 180. Table 776 Script Escape Characters...
Page 756 Command Configure modem through the AT sendat at-string Command A modem can accept the AT commands only when it is in AT command mode. If it is forwarding data, the AT command sent via the command is sendat at-string invalid.
Page 757 Answer Mod asynchronous interface is connected is in auto-answer mode (whether the AA LED on the modem is on). If the modem is in auto-answer mode, the user should execute before using the dial function. If not, the user should...
Page 758: Router]Interface Serial
On the asynchronous interface connected to the modem, use a standard AT command to configure the modem baud rate, and send the “AT” command to the modem. If “OK” is received from the modem, it indicates that the modem can automatically adapt to the corresponding baud rate. Then, write the configuration into the modem for conservation, and the corresponding AT command is “AT&W”.
Page 759 Otherwise, the user should send an AT command to the remote modem so that the modem can be set to the new speed. The port speed must not change when a session is negotiated with a remote modem.
Page 760: Troubleshooting
[Router-Serial0] modem-login [Router-Serial0] script trigger connect welcome [Router-Serial0] undo modem auto-answer Troubleshooting The modem is in abnormal status (such as the dial tone or busy tone remains for a long time). Do the following: Execute the commands on the router physical...
Page 761 Troubleshooting If the modem is still in abnormal status, proceed to run the AT string, such as “AT&F OK ATE0S0=0&C1&D2 OK AT&W” on the router physical interface connected to the modem.
Page 762 52: C HAPTER ONFIGURING ODEM...

This manual is also suitable for:

3034 3033 3035 3040 3041 3036 ... Show all

3Com 3032 Configuration Manual

Quick Links

Configuration Guide

Troubleshooting

Related Manuals for 3Com 3032

Summary of Contents for 3Com 3032