Page 1 H3C MSR 20/30/50 Series Routers Configuration Manual (v1.00) MSR 20 Series Routers MSR 30 Series Routers MSR 50 Series Routers www.3Com.com Part Number: 10016324 Rev. AA August 2007...
Page 2 LICENSE.TXT or !LICENSE.TXT. If you are unable to locate a copy, please contact 3Com and a copy will be provided to you.
Page 3: Table Of Contents
Troubleshooting ATM Interfaces Troubleshooting DSL Interfaces POS I NTERFACE ONFIGURATION Overview SONET/SDH Configuring a POS Interface Displaying and Maintaining POS Interfaces POS Interface Configuration Example Directly Connecting Routers Through POS Interfaces Connecting Routers Through POS Interfaces Across Frame Relay Troubleshooting POS Interfaces...
Page 4 Testing the Cable on an Ethernet Interface Configuring Layer 3 Ethernet Interfaces Configuration Task List Setting the MTU for an Ethernet Interface Configuring the Suppression Time of Link-Layer-State Changes on an Ethernet Interface Maintaining and Displaying an Ethernet Interface WAN I...
Page 5 Overview of IPoA, IPoEoA, PPPoA and PPPoEoA Applications IPoA IPoEoA PPPoA PPPoEoA Configuring ATM Configuring ATM Interface Configuring an ATM Sub-Interface Configuring an ATM Sub-Interface Checking Existence of PVCs When Determining the Protocol State of an ATM P2P Sub-interface Configuring PVC Configuring PVC parameters...
Page 6 Link State Error in IPoA Application Link Report Error in PPPoA Application Ping Failure ATM Interface State Error PVC State is Down while ATM Interface State is Up Ping Failure after PPPoA Configuration Packet Loss and CRC Errors and Changes of Interface State DCC C...
Page 7 DCC for Dialup ISDN BRI Line and Leased Line Connection Router-to-Router Callback with DCC (PPP Approach) Router-to-Router Callback with DCC (ISDN Approach) Router-to-PC Callback with DCC NT Server-to-Router Callback with DCC Circular Dial String Backup and Internet Access with DCC...
Page 8 Configuring Annex G Displaying and Maintaining Frame Relay Frame Relay Configuration Example Interconnecting LANs through Frame Relay Network Interconnecting LANs through Dedicated Line Interconnecting LANs through an Annex G DLCI Troubleshooting Frame Relay Frame Relay Compression Overview Configuring FRF.9 Compression Configuring FRF.20 IP Header Compression...
Page 9 Configuring LAPB Configuring X.25 Configuring X.25 Interface Parameters Configuring X.25 Interface Supplementary Parameters Configuring X.25 Datagram Transmission Configuring Additional Parameters for X.25 Datagram Transmission Configuring X.25 Subinterface Configuring X.25 Switching Configuring X.25 Load Sharing Configuring X.25 Closed User Group X.25 PAD Remote Access Service Introduction to X.25 PAD...
Page 10 Failed to Ping the Other Side with X.25 on Both Sides Being Up Troubleshooting X.25 Configuration X.25 of Two Sides Always Being Down with LAPB of two sides Being Up Failed to Ping the Other Side with X.25 on Both Sides Being Up...
Page 11 Configuring the Local Device to Authenticate the Peer Using PAP Configuring the Local Device to Authenticate the Peer Using CHAP Configuring the Local Device to Be Authenticated by the Peer Using PAP Configuring the Local Device to Be Authenticated by the Peer Using CHAP...
Page 12 Configuring the Negotiation Parameters of ISDN Layer 3 Protocol Configuring the SPID of the ISDN NI Protocol Setting the Called Number or Sub-Address to Be Checked During a Digital Incoming Call Configuring to Send Calling Number During an Outgoing Call...
Page 13 Configuring Permanent Link Function on ISDN BRI Link Layer Specifying an ISDN BRI Interface to be in Permanent Active State on Physical Layer Enabling Remote Powering on an ISDN BRI Interface Displaying and Maintaining ISDN ISDN Configuration Example Connecting Routers through ISDN PRI Lines...
Page 14 Configuring Voice VLAN under Automatic Mode Configuring Voice VLAN under Manual Mode Displaying and Maintaining Voice VLAN Voice VLAN Configuration Examples A Configuration Examples of the Voice VLAN under Automatic Mode A Configuration Examples of Voice VLAN under Manual Mode SOLATION ONFIGURATION...
Page 15 Overview Concept Features Implementation Dynamic Route Backup Configuration Creating Dynamic Route Backup Groups Enabling the Dynamic Route Backup Function on a Backup Interface Configuring Backup Link Disconnection Delay Dynamic Route Backup Configuration Example Example I Example II Example III Using One Dynamic Route Group to Monitor Multiple Network Segments...
Page 16 ARP Process ARP Mapping Table Configuring ARP Configuring a Static ARP Entry Configuring the Maximum Number of ARP Entries Dynamically Learned on an Interface Setting Aging Time for Dynamic ARP Entries Enabling the ARP Entry Check Enabling the Support for ARP Requests from a Natural Network...
Page 17 Configuring an Address Allocation Mechanism Configuring a Domain Name Suffix for the Client Configuring DNS Servers for the Client Configuring WINS Servers and NetBIOS Node Type for the Client Configuring the BIMS server Information for the Client Configuring Gateways for the Client...
Page 18 ONFIGURATION Introduction to BOOTP Client BOOTP Application Obtaining an IP Address Dynamically Protocols and Standards Configuring an Interface to Dynamically Obtain an IP Address through BOOTP Displaying and Maintaining BOOTP Client Configuration BOOTP Client Configuration Example DNS C ONFIGURATION DNS Overview...
Page 19 Configuring IP Unicast Policy Routing Defining a Policy Enabling System Policy Routing Enabling Interface Policy Routing Displaying and Maintaining IP Unicast Policy Routing Configuration IP Unicast Policy Routing Configuration Examples Configuring Policy Routing Based on Source Address Configuring Policy Routing Based on Packet Size...
Page 20 Configuring a Static Neighbor Entry Configuring the Maximum Number of Neighbors Dynamically Learned Configuring Parameters Related to an RA Message Configuring the Number of Attempts to Send an NS Message for DAD Configuring PMTU Discovery Configuring the Interface MTU Configuring a Static PMTU for a Specified IPv6 Address...
Page 21 Configuring Mappings for IPv4 Hosts Accessing IPv6 Hosts Configuring Mappings for IPv6 Hosts Accessing IPv4 Hosts Configuring the NAT-PT Session Timeout Time for Different Protocol Packets Configuring the Maximum Number of Sessions Configuring the ToS/Traffic Class Field in a Packet After NAT-PT...
Page 22 Defining an IPv6 Policy Enabling IPv6 System Policy Routing Enabling IPv6 Interface Policy Routing Displaying and Maintaining IPv6 Unicast Policy Routing Configuration IPv6 Unicast Policy Routing Configuration Examples Configuring Policy Routing Based on Source Address Configuring Policy Routing Based on Packet Size...
Page 23 Configuration Prerequisites Modifying System Configuration File inittab Editing the ttyd Configuration File Modifying Route Configuration File Running and Terminating ttyd on the Unix Server Installing and Using ttyd Administration Program ttyadm Installing and Configuring IBM AIX Server Installing Device Drivers...
Page 24 Controlling Route Distribution and Reception Prerequisites Configuring BGP Route Redistribution Configuring BGP Route Summarization Advertising a Default Route to a Peer or Peer Group Configuring BGP Route Distribution Policy Configuring BGP Route Reception Policy Enabling BGP and IGP Route Synchronization...
Page 25 Configuration Procedure Configuring IS-IS Routing Information Control Configuration Prerequisites Specifying a Priority for IS-IS Configuring IS-IS Link Cost Configuring the Maximum Number of Load Balanced Routes Configuring IS-IS Route Summarization Advertising a Default Route Configuring Inbound Route Filtering Configuring Route Redistribution...
Page 26 Configuring SPF Parameters Configuring Dynamic Host Name Mapping Configuring IS-IS Authentication Configuring LSDB Overload Tag Logging the Adjacency Changes Enabling an Interface to Send Small Hello Packets Enabling IS-IS Trap Configuring IS-IS GR Displaying and Maintaining IS-IS Configuration IS-IS Configuration Example...
Page 27 Disabling Interfaces from Sending OSPF Packets Configuring Stub Routers Configuring OSPF Authentication Adding Interface MTU into DD Packets Configuring the Maximum Number of External LSAs in LSDB Making External Route Selection Rules Defined in RFC1583 Compatible Logging Neighbor State Changes Configuring OSPF Network Management...
Page 28 Configuring the Split Horizon and Poison Reverse Configuring the Maximum Number of Load Balanced Routes Enabling CheckZero Field Check on RIPv1 Messages Enabling Source IP Address Check on Incoming RIP Updates Configuring RIP-2 Message Authentication Configuring a RIP Neighbor Configuring TRIP...
Page 29 Configuring an IPv6 Peer 1017 Advertising a Local IPv6 Route 1017 Configuring a Preferred Value for Routes from a Peer/Peer Group 1018 Specifying a Local Update Source Interface to a Peer/Peer Group 1018 Configuring a Non Direct EBGP Connection to a Peer/Peer Group...
Page 30 Configuring OSPFv3 Route Summarization 1054 Configuring OSPFv3 Inbound Route Filtering 1054 Configuring Link Costs for OSPFv3 Interfaces 1055 Configuring the Maximum Number of OSPFv3 Load-balanced Routes 1055 Configuring a Priority for OSPFv3 1055 Configuring OSPFv3 Route Redistribution 1056 Tuning and Optimizing an OSPFv3 Network...
Page 31 Optimizing the RIPng Network 1074 Configuring RIPng Timers 1075 Configuring the Split Horizon and Poison Reverse 1075 Configuring Zero Field Check 1076 Configuring the Maximum Number of Load Balanced Routes 1076 Displaying and Maintaining RIPng 1076 RIPng Configuration Example 1077 TATIC OUTING...
Page 32 IGMP Configuration Task List 1119 Configuring Basic Functions of IGMP 1120 Configuration Prerequisites 1120 Enabling IGMP 1120 Configuring IGMP Versions 1121 Configuring a Static Member of a Multicast Group 1122 Configuring a Multicast Group Filter 1122 Adjusting IGMP Performance 1123...
Page 33 Displaying and Maintaining IGMP 1127 IGMP Configuration Example 1127 Troubleshooting IGMP 1129 No Membership Information on the Receiver-Side Router 1129 Inconsistent Memberships on Routers on the Same Subnet 1130 MSDP C ONFIGURATION MSDP Overview 1131 Introduction to MSDP 1131 How MSDP Works...
Page 34 Failure of Building a Multicast Distribution Tree Correctly 1205 Multicast Data Abnormally Terminated on an Intermediate Router 1206 RPs Unable to Join SPT in PIM-SM 1207 No Unicast Route Between BSR and C-RPs in PIM-SM 1208 ULTICAST OUTING AND ORWARDING ONFIGURATION...
Page 35 Configuring Basic Functions of MLD 1224 Configuration Prerequisites 1224 Enabling MLD 1224 Configuring the MLD Version 1224 Configuring a Static Member of an IPv6 Multicast Group 1225 Configuring an IPv6 Multicast Group Filter 1225 Adjusting MLD Performance 1226 Configuration Prerequisites 1226...
Page 36 Troubleshooting IPv6 PIM Configuration 1275 Failure of Building a Multicast Distribution Tree Correctly 1275 RPs Unable to Join SPT in IPv6 PIM-SM 1276 No Unicast Route Between BSR and C-RPs in IPv6 PIM-SM Domain 1277 VPN C ULTICAST ONFIGURATION Multicast VPN Overview...
Page 37 Configuring MPLS LDP Capability 1328 Configuring Local LDP Session Parameters 1329 Configuring Remote LDP Session Parameters 1329 Configuring the Policy for Triggering LSP Establishment 1330 Configuring Label Advertisement, Distribution and Retention Modes 1331 Configuring LDP Loop Detection 1331 Configuring LDP MD5 Authentication...
Page 38 Configuring MPLS IP TTL Processing 1334 Configuration Prerequisites 1334 Configuring MPLS IP TTL Propagation 1334 Specifying the Type of Path for ICMP Responses 1334 Configuring MPLS Fast Forwarding 1335 Setting the Interval for Reporting Statistics 1336 Inspecting an MPLS LSP...
Page 39 Configuring a PE Interface Connecting a CE to Use Ethernet 1431 Configuring a PE Interface Connecting a CE to Use VLAN 1431 Configuring a PE Interface Connecting a CE to Use ATM AAL5 1431 Configuring CCC MPLS L2VPN 1432 Configuration Prerequisites...
Page 40 Configuring VPN Instances 1481 Creating a VPN Instance 1481 Associating a VPN Instance with an Interface 1481 Configuring Route Related Attributes of a VPN Instance 1482 Configuring a Tunneling Policy of a VPN Instance 1483 Configuring Basic MPLS L3VPN 1484...
Page 41 Displaying and Maintaining MPLS L3VPN 1499 MPLS L3VPN Configuration Example 1501 Example for Configuring MPLS L3VPNs 1501 Example for Configuring MPLS L3VPNs Using a GRE Tunnel 1508 Example for Configuring Inter-Provider VPN Option A 1513 Example for Configuring Inter-Provider VPN Option B 1519...
Page 42 Configuring the IP Address of Hub 1564 Configuring the Pre-Shared Key of VAM Server for a VPN Domain 1565 Configuring Keepalive Parameters 1565 Configuring the VAM Client 1565 VAM Client Configuration Task List 1566 Creating a VAM Client 1566 Specifying an Interval for Resending a VAM Packet...
Page 43 Configuring Mandatory CHAP Authentication 1611 Specifying to perform LCP Negotiation with Users 1612 Configuring the Local Address and the Address Pool for Allocation 1613 Configuring Local Authentication, Usernames and Passwords 1614 Specifying to Include ACCM in Control Messages 1614 Displaying and Maintaining L2TP...
Page 44 CQ Configuration Example 1659 Configuring WFQ 1660 Configuring WFQ 1660 WFQ Configuration Example 1660 Configuring Class-based Queuing 1661 Configuring the Maximum Available Bandwidth on the Interface 1662 Defining a Class 1663 Defining Traffic Behavior 1663 Defining Policy 1668 Applying Policy 1669...
Page 45 1689 Configuring MPLS PQ 1690 Configuring MPLS CQ 1690 Configuring MPLS QoS Policy 1691 MPLS QoS Configuration Example 1692 Configuring QoS for Traffics in the Same VPN 1692 DAR C ONFIGURATION DAR Overview 1697 IP Packet 1697 TCP Packet 1699...
Page 46 1761 Creating an ISP Domain 1761 Configuring ISP Domain Attributes 1762 Configuring an AAA Authentication Scheme for an ISP Domain 1762 Configuring an AAA Authorization Scheme for an ISP Domain 1764 Configuring an AAA Accounting Scheme for an ISP Domain...
Page 47 Setting the Upper Limit of RADIUS Request Retransmission Attempts 1772 Setting the Supported RADIUS Server Type 1772 Setting the Status of RADIUS Servers 1772 Configuring Attributes Related to the Data Sent to the RADIUS Server 1773 Setting Timers Regarding RADIUS Servers 1774 Configuring RADIUS Accounting-on 1775...
Page 48 ASPF Configuration Task List 1798 Enabling the Firewall Function 1798 Configuring an ASPF Policy 1799 Applying an ASPF Policy to an Interface 1799 Enabling the Session Logging Function for ASPF 1800 Configuring Port Mapping 1800 Displaying and Maintaining an ASPF...
Page 49 Configuring an Access Control Policy 1839 Displaying and Maintaining PKI 1840 PKI Configuration Examples 1840 Configuring a PKI Entity to Request a Certificate from a CA 1840 Applying RSA Digital Signature in IKE Negotiation 1844 Configuring a Certificate Attribute-Based Access Control Policy 1846...
Page 50 Portal + Re-DHCP Authentication Configuration Examples 1867 Layer 3 Portal + Layer 3 Authentication Configuration Examples 1869 Troubleshooting Portal 1870 Inconsistent Keys on the Access Device and the Portal Server 1870 Incorrect Server Port Number on the Access Device 1871 RSH C ONFIGURATION...
Page 51 Configuration Prerequisites 1945 Enabling the SFTP Server 1945 Configuring the SFTP Connection Idle Timeout Period 1946 Configuring an SFTP Client 1946 Specifying a Source IP Address or Interface for the SFTP Client 1946 Establishing a Connection to the SFTP Server 1946...
Page 52 Working with the SFTP Directories 1947 Working with SFTP Files 1948 Displaying Help Information 1949 Terminating the Connection to the Remote SFTP Server 1949 SFTP Configuration Example 1949 SSL C ONFIGURATION SSL Overview 1953 SSL Configuration Task List 1954 Configuring an SSL Server Policy...
Page 53 Configuring Temperature Alarm for a Card 2008 Configuring Alarm Buzzer 2009 Configuring Temperature Alarm Thresholds for a Card 2009 Clearing the 16-bit Interface Indexes Not Used in the Current System 2009 Displaying and Maintaining Device Management Configuration 2010 Device Management Configuration Example 2010...
Page 54 2025 Configuring the DLSw Test 2026 Configuring the Collaboration Function 2027 Configuring Trap Delivery 2027 Configuring Optional Parameters Common to an NQA Test Group 2028 Scheduling an NQA Test Group 2029 Displaying and Maintaining NQA 2030 NQA Configuration Examples 2030...
Page 55 Configuring NTP Server/Client Mode with Authentication 2070 Configuring NTP Broadcast Mode with Authentication 2071 Configuring MPLS VPN Time Synchronization in Server/Client Mode 2073 Configuring MPLS VPN Time Synchronization in Symmetric Peers Mode 2075 RMON C ONFIGURATION RMON Overview 2077 Introduction...
Page 56 2099 Saving the Current Configuration 2100 Erasing the Startup Configuration File 2102 Specifying a Configuration File for Next Startup 2102 Backing up/Restoring the Configuration File for Next Startup 2103 Displaying and Maintaining Device Configuration 2104 FTP C ONFIGURATION FTP Overview...
Page 57 Information Center Configuration Task List 2142 Setting to Output System Information to the Console 2142 Setting to Output System Information to a Monitor Terminal 2144 Setting to Output System Information to a Log Host 2145 Setting to Output System Information to the Trap Buffer...
Page 58 2166 Configuring MAC Address Entries 2166 Disabling Global MAC Address Learning 2166 Disabling MAC Address Learning on an Ethernet Port or Aggregation Port Group 2167 Configuring MAC Address Aging Timer 2167 Configuring Maximum Number of MAC Addresses an Ethernet Port or...
Page 59 2202 Controlling ACSEI Client 2204 Displaying and Maintaining ACSEI Client 2205 RACK ONFIGURATION Track Overview 2207 Collaboration between the Track Module and the Detection Modules 2207 Collaboration between the Track Module and the Application Modules 2207 Configuring Track-NQA Collaboration 2208...
Page 60 Configuring IPX SAP 2221 Configuration Prerequisite 2221 Enabling IPX SAP 2221 Configuring IPX SAP Timers 2222 Configuring a Response Mode for IPX SAP GNS Request 2222 Configuring IPX Service Information 2223 Configuring the IPX Forwarding Feature 2224 Configuration Prerequisite 2224...
Page 61 Start Mode 2248 Configuration Task List 2249 Configuring Call Progress Tones 2250 Configuration Prerequisites 2250 Specifying the Call Progress Tones of a Country 2250 Customizing Call Progress Tones for a Country 2250 Configuring Basic Functions 2251 Configuration Prerequisites 2251 Configuration Procedure...
Page 62 Configuration Task List 2266 Configuration Prerequisites 2266 Creating POTS Entity 2266 Configuring Basic Functions 2267 Configuring Local POTS Entity to Play Ringback Tones 2268 Configuring DTMF Transmission 2269 Enabling VAD 2269 Configuring Options Related to Dial Plan 2270 Configuring VoIP Entity...
Page 63 Dial Plan Process 2289 Regular Expression 2291 Introduction to Number Substitution 2292 Configuration Task List 2293 Configuring a Calling Number Permitted to Call In 2293 Enabling Private Line Auto Ring-Down 2294 Configuring a Number Match Mode 2294 Configuration Prerequisites 2294...
Page 64 Configuring a Start Mode 2331 Configuring Receive and Transit Signaling 2332 Configuring the Time Adjustment Function 2333 Querying the Trunk Circuits of a Timeslot or a Range of Timeslots 2334 Configuring Digital LGS Signaling 2334 Configuring the Time Adjustment Function 2334...
Page 65 2379 Configuring Direct Calling for SIP UAs 2379 Configuring Proxy Server Involved Calling for SIP UAs 2380 Troubleshooting 2382 Failed to Set Up Calls in the Proxy Server Approach to SIP Routing 2382 Failed to Register with the Registrar 2382...
Page 66 2393 Configuring Call Mode 2393 Configuring PSTN-Dialed Number 2394 Configuring Call Control Protocol 2394 Configuring Trunk Timer Length in FRF.11 Trunk Mode 2395 Configuring VoFR Packets to Carry Sequence Number 2395 Displaying and Maintaining VoFR 2395 VoFR Configuration Example 2395...
Page 67 2415 Enabling Authentication Function for Two-Stage Dialing Users 2415 Enabling Authorization Function for Two-Stage Dialing Users 2416 Configuring Method of Collecting Digits of Called Number 2417 Configuring Number of Digits in Card Number/Password 2417 Configuring Number of Redial Attempts 2418...
Page 68 Enabling/Disabling Incoming Call Barring Using Keys 2435 Configuring Incoming Call Barring Using Command Lines 2435 Configuration Example 2435 Configuring Outgoing Call Barring 2435 Configuration Prerequisites 2436 Enabling/Disabling Outgoing Call Barring Using Keys 2436 Configuring Outgoing Call Barring Using Command Lines...
Page 69: About This Guide
(+), for example: Press Ctrl+Alt+Del The words “enter” and “type” When you see the word “enter” in this guide, you must type something, and then press Return or Enter. Do not press Return or Enter when an instruction simply says “type.”...
Page 70: Related Documentation
Convention Description Words in italics Italics are used to: Emphasize a point. Denote a new term at the place where it is defined in the text. Identify menu names, menu commands, and software button names. Examples: From the Help menu, select Contents.
Page 71: Atm And Dsl Interface Configuration
(that is, whether uplink and downlink rates are the same). The ATM physical layer lies at the bottom of the ATM reference model. Though it is concerned with transmission media, its functionality does not rely on the transmission mechanism and speed of specific medium.
Page 72: Ima-E1/T1 Interface Configuration
It is a cheap way for you to transmit high-speed ATM cell streams over low-speed links while allowing for great flexibility.
Page 73: Configuring An Atm E1/T1 Interface
You can, however, assign multiple IMA-E1/T1 interfaces to an IMA group to form a higher-speed IMA interface link for ATM cell transmission. For both IMA groups and the E1/T1 links outside the groups, you can create PVCs, specify service types, and configure the related parameters. For more information (including the configuration of PVCs), refer to “ATM Configuration”...
Page 74: Atm Ima-E1/T1 Interface Configuration Example
As shown in Figure 1, on the IMA-8E1 interface module of the router, create two Example IMA groups, each of which is assigned two links; create two PVCs, setting their peer IP address to 10.10.10.10/24; and configure them to support pseudo broadcast.
Page 75: Troubleshooting Atm Ima-E1/T1 Interfaces
IMA-E1/T1 Interfaces using the ping command or the extended ping command. In an extended ping command, you can specify some options in IP header. For more information on the use of the ping command, refer to “System Maintaining and Debugging” on page...
Page 76: Atm E3/T3 Interface Configuration
■ “Configuring an ATM E3/T3 Interface” on page 76 ■ Overview This section covers only the physical configurations of the ATM E3/T3 interface. For more information about how to configure ATM (including PVCs), refer to “ATM Configuration” on page 127.
Page 77: Overview
Normally, in the uplink band of 26 kHz to 138 kHz, ADSL can provide transmission rates up to 640 kbps (uplink) and in the downlink band of 138 kHz to 1.104 MHz, it provides transmission rates up to 8 Mbps (downlink).
Page 78 CPE. A typical activation process may last 30 seconds, beginning with line negotiation until the line comes up. During this process, the two parties examine line distance and conditions against the line configuration template (which defines the ADSL criteria, channel mode, uplink and downlink speeds, and noise tolerance) and attempts to reach an agreement.
Page 79: Configuring An Adsl Interface
The upgradeable software includes Boot ROM and card software. You first need to Software load the new software by FTP or some other means to the flash memory or the CF card on your device. Before performing an upgrade, you need to shut down the interface with the shutdown command if the interface is up.
Page 80: G.shdsl Interface Configuration
When executing the bootrom update file command, do not use the all option unless absolutely necessary; use the part option instead. If you use the all option, you will find it hard to roll back to the old version once the upgrade fails. G.SHDSL Interface...
Page 81: Displaying And Maintaining Atm And Dsl Interfaces
Available in user view PVCs on the specified ATM interface-number ] interface For those physical interfaces that are not connected to cables, shut down them using the shutdown command to avoid anomalies resulted from interference. Troubleshooting This section covers these topics: “Troubleshooting ATM Interfaces”...
Page 82: Troubleshooting Dsl Interfaces
NTERFACE ONFIGURATION The ping command can test network connectivity. Extended ping command can be used to specify some options in the IP header in addition to that function. For more information about the ping command, see “System Maintaining and Debugging” on page 2119.
Page 83: Pos Interface Configuration
SONET physical layer transmission standard. It offers high-speed, reliable, and point-to-point data connectivity. The POS interface on your device supports PPP, Frame Relay, and HDLC at the data link layer and IP at the network layer. Its transmission rate can vary with devices.
Page 84: Displaying And Maintaining Pos Interfaces
{ local | remote } Optional mode Disabled by default Configure the flag { c2 | { j0 | j1 } { sdh | Optional overhead byte sonet } } flag-value By default, SDH framing applies. The default is hexadecimal 16 for C2.
Page 85: Pos Interface Configuration Example
POS Interface Configuration Example If a physical interface is idle or has no cable connection, shut down it with the shutdown command to avoid interface anomalies that may result from interference. As the command can disable the interface, use it with caution.
Page 86: Connecting Routers Through Pos Interfaces Across Frame Relay
Connect routers to a public Frame Relay network through POS interfaces. The Across Frame Relay routers are premise equipment that work as DTE side of Frame Relay. Router A uses Frame Relay sub-interfaces to connect Router B and Router C in different network segments. Network diagram...
Page 87: Troubleshooting Pos Interfaces
Check that the transmitting and receiving fibers-optic are correctly connected ■ to the POS interface. If you connect the two ends of a fiber-optic to the transmitting end and the receiving end of the same POS interface, you can see the message “loopback detected”...
Page 88 2: POS I HAPTER NTERFACE ONFIGURATION The correct clock mode is configured on the POS interface. If not, enormous ■ amount of CRC errors can be generated. Check that the MTU configuration is appropriate. ■...
Page 89: Ethernet Interface Configuration
A Combo port refers to two Ethernet interfaces in a device panel (normally one is an optical port and the other is an electrical port). Inside the device there is only one forwarding interface. Combo port and its corresponding electrical port work in a TX/SFP mode.
Page 90: Configuring Flow Control On An Ethernet Interface
Pause frame. In this way, flow controls helps to avoid the dropping of packets. Note that only after both the ingress and the egress interfaces have turned on their flow control will this be possible.
Page 91: Configuring Loopback Test On A Layer 2 Ethernet Interface
As for the internal loopback test and external loopback test, if a Layer 2 ■ interface is down, only the former is available on it; if the interface is shut down, both are unavailable. The speed, duplex, mdi, and shutdown commands are not applicable during ■...
Page 92: Configuring The Working Mode Of An Ethernet Interface
Only 4SIC-FSW interface cards, 9DSIC-FSW interface cards, and the fixed ■ switching interfaces of 20-21 routers support work mode switching. On an MSR series router, you can change the working mode to route mode for ■ up to two Ethernet interfaces.
Page 93: Configuring The Storm Suppression Ratio For An Ethernet Interface
Configuring Layer 2 Ethernet Interfaces add ports to or removing ports from a link aggregation port group can only be achieved through operations on the link aggregation group. Manual port group is mainly used to synchronize the configurations among the ports in it.
Page 94: Configuring The Interval For Collecting Ethernet Interface Statistics
If it detects a loopback on a port, the device will turn that port under loopback detection mode. If loops are detected on a port that is of access type, the port will be shutdown. ■...
Page 95: Configuring The Cable Type For An Ethernet Interface
Configuring Layer 2 Ethernet Interfaces If loops are detected on a port that is of trunk or hybrid type, trap messages are ■ sent to the terminal. If the loopback detection control function is also enabled on the port, the port will be blocked, trap messages will be sent to the terminal, and the corresponding MAC address forwarding entries will be removed.
Page 96: Testing The Cable On An Ethernet Interface
The optical interface of a Combo port does not support this feature. Complete the following configurations to test the current working state of the cable on an Ethernet interface. The system will return the testing result within five seconds, indicating the receiving direction (RX), transmit direction (TX), any short-circuit or open circuit, and the length of the faulty cable.
Page 97: Configuring The Suppression Time Of Link-Layer-State Changes On An Ethernet Interface
Limited to the QoS queue length (for example, the default length of an FIFO queue is 75), too small an MTU will result in too many fragments, which will be discarded from the QoS queue. In this case, you can increase MTU or QoS queue length properly.
Page 98 Use the command... Remarks Display the information about display port-group manual [ all | Available in any view a manual port group or all the name port-group-name ] manual port groups Display the information about display loopback-detection Available in any view...
Page 99: Wan Interface Configuration
WAN I NTERFACE ONFIGURATION In terms of line type, wide area networks (WANs) fall into these types: X.25, Frame Relay (FR), ATM, and ISDN. To interface to these networks, routers are designed with asynchronous serial interface, synchronous serial interface, ATM interface, ISDN BRI interface, CE1/PRI interface, and so on.
Page 100: Configuring An Asynchronous Serial Interface
This command is not available to AM interfaces. You can use the speed command to configure the baud rate for an ■ asynchronous serial interface. For details, refer to the “User Interface Configuration” on page 2155.
Page 101: Aux Interface
AUX Interface Overview The AUX interface is fixed on your device. It can work as a regular asynchronous serial interface at speeds up to 115200 bps. With this interface, you can perform functions such as remote device configuration and line backup.
Page 102: Synchronous Serial Interface
Interface Overview A synchronous serial interface has the following features: Work in either DTE or DCE mode. Usually, it serves as DTE to accept the clock ■ provided by DCE. Be connected to various types of cables, such as V.24, V.35, X.21, RS449, and ■...
Page 103: Am Interface
Analog modem (AM) interfaces bring services provided by asynchronous serial interfaces and analog modems together. Most of the configuration commands used on asynchronous serial interfaces and modems can be directly used on AM interfaces. When configuring an AM interface, you can treat it as a special asynchronous serial interface.
Page 104: Configuring An Am Interface
V.90 Modem standard to provide downstream rates up to 56 kbps and upstream rates up to 33.6 kbps. If the peer (usually a common user) uses an analog modem (or an AM interface), the AM interface can establish connection with V.34 Modem standard to provide rates (both downstream and...
Page 105 The following is the provision standardizing the ISDN user-network interface. ITU-T I.411 provides the referential ISDN user-network interface configuration as shown in the following figure on the basis of function group (a set of functions required for accessing an ISDN network) and reference point (a concept used to differentiate function groups).
Page 106: Configuring Isdn Bri Interface
Europe and P.R. China. The other is the ANSI recommended T1 system that is widely used in North American and Japan. (The system that Japan adopts is actually called J1. It is regarded as a T1 system due to high similarity between them.) A CE1/PRI interface can work in either E1 mode (also called non-channelized mode) and CE1/PRI mode (that is, channelized mode).
Page 107: Configuring Ce1/Pri Interface (In E1 Mode)
It supports link layer protocols such as PPP, FR, LAPB and X.25, and network protocols such as IP and IPX. When the interface is used as a PRI interface, timeslot 16 will be used as a D ■...
Page 108: Configuring Ce1/Pri Interface (In Pri Mode)
Optional Configuration” on page A CE1/PRI interface in CE1/PRI mode can be used as a CE1 interface where a serial interface is created upon creation of a channel set. You may bundle timeslots on a CE1/PRI interface into up to 31 channel sets.
Page 109: Configuring Other Ce1/Pri Interface Parameters
“Firewall Configuration” on page 1789 ■ The timeslots on a CE1/PRI interface can be bundled into either channel sets or a PRI set, but not both at a time. Configuring Other Follow these steps to configure other CE1/PRI interface parameters:...
Page 110: Configuring Error Packets Diffusion Restraint
A CT1/PRI interface can only operate in channelized mode. It can be used in the following two ways: When it is working as a CT1 interface, all the timeslots from 1 to 24 can be ■ randomly divided into groups. Each of these groups can form one channel set for which the system automatically creates an interface logically equivalent to a synchronous serial interface.
Page 111: Configuring Ct1/Pri Interface In Ct1 Mode
CT1/PRI Interface When it is working as a PRI interface, timeslot 24 is used as a D channel for ■ signaling transmission. Therefore, only a group of timeslots except timeslot 24 can be chosen as the B channel. This timeslot group is bundled together with timeslot 24 to form a PRI set.
Page 112: Configuring Other Ct1/Pri Interface Parameters
4: WAN I HAPTER NTERFACE ONFIGURATION For the PRI set, the system automatically creates a serial interface numbered serial number:23. This interface is logically equivalent to an ISDN PRI interface where you can make other configurations about: “DCC Configuration” on page 153 ■...
Page 113: Starting/Stopping A Bert Test On Ct1/Pri Interface
By default, 16-bit CRC is adopted. Note: 1. B8ZS = Bipolar 8-zero substitution; 2. ESF = Extended super frame; 3. LOS = Loss of signal; 4. AIS = Alarm indication signal; 5. LFA = Loss of frame align Starting/Stopping a...
Page 114: Configuring Error Packets Diffusion Restraint
Packets Diffusion Restraint The support of this feature varies with device model. Refer to your specific device. Error packet diffusion refers to the situation when one timeslot receives a certain error packet, all the other timeslots are affected and also receive error packets.
Page 115: E1-F Interface
The rate of the interface is thus n × 64 kbps and its logical features are the same as those of a synchronous serial interface where you can configure PPP, FR, LAPB and X.25 at the data link layer and IP or IPX at the network layer.
Page 116: Configuring Other E1-F Interface Parameters
Set other interface parameters See “Configuring Other E1-F Optional Interface Parameters” on page 116. Configuring Other E1-F Follow these steps to configure other E1-F interface parameters: Interface Parameters To do... Use the command... Remarks Enter system view system-view Enter E1-F interface view...
Page 117: T1-F Interface
A T1-F interface can only work in framed mode. Timeslots 1 through 24 on it can randomly form a channel set. The rate of the interface is thus n × 64 kbps or n × 56 kbps and its logical features are the same as those of a synchronous serial interface where you can configure PPP, FR, LAPB and X.25 at the data link layer...
Page 118: Starting/Stopping A Bert Test On T1-F Interface
BERT is operating as follows: BERT Test on T1-F The local end sends out a pattern, which is to be looped over somewhere on the Interface line and back to the local end. The local end then checks the received pattern for the bit error rate, and by so doing helps you determine whether the condition of the line is good.
Page 119: Displaying And Maintaining T1-F Interfaces
CE3 Interface Overview Like E1, E3 also belongs to the digital carrier system of ITU-T. It transmits data at 34.368 Mbps and adopts HDB3 as the line code format. A CE3 interface can work in either E3 or CE3 (the default) mode.
Page 120: Configuring A Ce3 Interface Operating In Ce3 Mode
Set other interface parameters See “Configuring Other CE3 Optional Interface Parameters” on page 120. Depending on the networking requirements, you probably need to configure the CE3 interface with parameters about “Configuring PPP” on page 367, “VoFR Configuration” on page 2385, “IP Addressing Configuration”...
Page 121: Displaying And Maintaining Ce3 Interfaces
Interfaces CAUTION: An interface is disabled when being shut down. So, perform operations of this type with caution. You can verify the configuration of a CE3 interface by using the display commands listed in the following table in any view.
Page 122: Ct3 Interface
56 kbps. Therefore, the number of logical lines that can be created on a CT3 interface in CT3 mode is either M × 1.544 Mbps where M ranges from 1 to 28 or N × 56 kbps or N x 64 kbps where N ranges from 1 to 300.
Page 123: Configuring A Ct3 Interface (In T3 Mode)
CT3 Interface number/line-number:set-number for it. This interface operates at N × 64 kbps or N × 56 kbps and is logically equivalent to a synchronous serial interface where you can make other configurations. Configuring a CT3 Follow these steps to configure a CT3 interface in CT3 mode: Interface (in T3 Mode) To do...
Page 124: Configuring Other Ct3 Interface Parameters
4: WAN I HAPTER NTERFACE ONFIGURATION Depending on the networking requirements, you probably need to configure the CT3 interface with parameters about “Configuring PPP” on page 367, “VoFR Configuration” on page 2385, “IP Addressing Configuration” on page 623, and so...
Page 125: Displaying And Maintaining Ct3 Interfaces
{ fdl-ansi-line-up | fdl-ansi-payload-up | fdl-att-payload-up | inband-line-up } Set an FDL format for a T1 line t1 line-number set fdl { ansi | Optional att | none } ANSI T1.403 FDL is not configured and PPR transmission is disabled by default.
Page 126 To shut down/bring up only a serial interface formed by T3 or T1 lines, or by ■ timeslot bundling on a T1 line, perform the shutdown/undo shutdown...
Page 127: Atm Configuration
As defined by ITU-T, ATM transmits, multiplexes, and switches information in ATM cells. An ATM cell has a fixed length of 53 bytes, among which 5 bytes is the cell header and the remaining 48 bytes are payloads. The major function of the cell header is to identify virtual connection, with limited functions on flow control, congestion control and error control.
Page 128: Overview Of Ipoa, Ipoeoa, Pppoa And Pppoeoa Applications
■ communication with peer layers by leveraging the service provided by the physical layer. The ATM layer relies on the types of the physical media and the specific implementation of the physical layer, as well as the types of services being transmitted.
Page 129: Ipoa
IP over Ethernet (IPoE) in the middle, and IPoEoA at the bottom. When a device is connected to a remote access server at high speed to access an external network, PVC over ATM is used because of the long distance. In this case, it is required for the ATM port of the server to carry Ethernet packets, which is known as IPoEoA.
Page 130: Configuring Atm
Depending on the actual networking environment and system requirements, Interface sometimes it may be necessary to modify certain parameters of an ATM interface. Note that although these parameters apply to the ATM main interface and sub-interfaces at the same time, they must be modified in ATM main interface view, except for the mtu command, which can be executed on a sub-interface.
Page 131: Checking Existence Of Pvcs When Determining The Protocol State Of An Atm P2P Sub-Interface
Optional sub-interface 1500 bytes by default CAUTION: When creating an ATM sub-interface, the two keywords p2mp and p2p are ■ available. The format of the command is interface atm interface-number.subnumber [ p2mp | p2p ]. When entering the view of an existing ATM sub-interface, the two keywords ■...
Page 132: Assigning A Transmission Priority To An Atm Pvc
For details about the configuration of the RADIUS scheme, refer to “AAA/RADIUS/HWTACACS Configuration” on page 1751. Assigning a You can assign transmission priority to ATM PVCs associated with the UBR, VBR-T, Transmission Priority to or VBR-NRT service. At the time of bandwidth allocation, the PVC with higher an ATM PVC priority has priority over other PVCs.
Page 133: Configuring Pvc Service Map
PVC [ vpi/vci ] | vpi/vci } { min [ max ] | default } A primary PVC refers to the one based on which a PVC-group is created on an ■ ATM interface A secondary PVC refers to a PVC created in a PVC-group.
Page 134 5: ATM C HAPTER ONFIGURATION To do... Use the command... Remarks Enter system view system-view Create an ATM class and enter ATM class view atm class Required atm-class-name Specify ATM AAL5 encapsulation type for the encapsulation Optional aal5-encap By default,...
Page 135 Required atm-class-name As for the configurations performed to a PVC, note that: The priorities of the same configurations performed to a PVC descend in this ■ order: the configuration directly performed to the PVC, the configuration performed to the ATM class applied to the PVC, and the configuration performed to the ATM class applied to the ATM interface.
Page 136: Configuring Vp Policing
All the configurations that are directly performed to the PVC, performed to the ■ ATM class applied to the PVC, and performed to the ATM class applied to the ATM interface take effect if they do not conflict. For different configurations performed to a PVC, the ATM class applied to the ■...
Page 137: Configuring Ipoeoa
When two routers are connected using DSL interfaces through a dial-up connection, configure them as PPPoA server and client respectively. The two are different in that, with the PPPoE server, you should configure an address pool to allocate IP address for the remote node; with the PPPoE client, you should configure address negotiation to accept the IP address allocated by the server end.
Page 138: Configuring Pppoeoa
As for the next hop and the outbound interface, only the former is required when you configure a static route on a virtual-template interface. If you want to specify the outbound interface as well, make sure the physical interface bound to the virtual-template is valid.
Page 139: Displaying And Maintaining Atm
As for the next hop and the outbound interface, only the former is required when you configure a static route on a virtual-template interface. If you want to specify the outbound interface as well, make sure the physical interface bound to the virtual-template is valid.
Page 140: Atm Configuration Examples
The IP addresses of their ATM interfaces of the three routers are 202.38.160.1/24, 202.38.160.2/24 and 202.38.160.3/24 respectively; In ATM network, the VPI/VCI of router A is 0/40 and 0/41, connecting to router B and router C respectively. The VPI/VCI of router B is 0/50 and 0/51, connecting to router A and C respectively.
Page 141: Network Diagram
To Router A:0/60 To Router B:0/61 Configuration procedure 1 Configure Router A # Enter the ATM interface, and configure an IP address for it. <RouterA> system-view [RouterA] interface atm 1/0 [RouterA-Atm1/0] ip address 202.38.160.1 255.255.255.0 # Establish a PVC, running IP.
Page 142: Ipoeoa Configuration Example
The VPI/VCI value of two PVCs connecting route C and DSLAM are 0/60 and ■ 0/61, pointing to Router A and Router B respectively. Both the WAN port of router C and the DSL interface of ADSL Router adopt ■ IPoEoA.
Page 143: Pppoa Configuration Example
The VPI/VCI value of two PVCs connecting Route C and DSLAM are 0/60 and 0/61, pointing to ADSL Router A and ADSL Router B respectively. Both the WAN port of Router C and the DSL interfaces of the two ADSL Router ■...
Page 144: Pppoeoa Server Configuration Example
IP address, the communication between the server and the client will fail. In this case, you need to shut down the ATM interface first, and delete the IP address pool on the server.
Page 145 ATM Configuration Examples Both the WAN port of router C and the DSL interface of ADSL Router adopt PPPoEoA. Each host within the two Ethernets uses pre-installed PPPoE Client program to make interactive PAP authentication with routers, and obtains IP address from the router.
Page 146: Pppoeoa Client Configuration Example
PCs in LAN. Router A is directly connected to the ADSL accessing end of public network via the ADSL card to serve as the client of PPPoEoA (Atm1/0 is the port number of the ADSL card). The Server, PPPoEoA authentication server of public network, is used to authenticate user information via CHAP.
Page 147 [RouterA-Virtual-Ethernet2] pppoe-client dial-bundle-number 12 # Configure the default route: [RouterA] ip route-static 0.0.0.0 0.0.0.0 Dialer 0 2 If the PPPoEoA Server is of the same type of router, its PPPoEoA can be configured as follow: # Configure user features. <Sysname> system-view...
Page 148: Atm Pvc Transmit Priority Configuration Example
155 Mbps interface, each assigned 100 Mbps of bandwidth and associated with the UBR service. Set the transmission priority of PVC 1 to 1 and that of PVC 2 to 3. Let Router A distribute equal amount of traffic to Router B on two PVCs and observe the statistics about received/sent/dropped packets.
Page 149: Troubleshooting Atm
If the interfaces of two routers are connected back-to-back, the local PVC mapped to the remote IP must have the same VPI/VCI value as the remote PVC mapped to the local IP. In addition, the IP addresses of the two ends must also be in the same network segment.
Page 150: Atm Interface State Error
HAPTER ONFIGURATION Check the ATM interfaces of the two sides to make sure that they are of the same type, for example, both are multimode fiber interfaces or both are single mode fiber interfaces, or both are multimode fiber interfaces but connected using single mode.
Page 151: Packet Loss And Crc Errors And Changes Of Interface State
UP and DOWN. Solution: Check the ATM interfaces of the two nodes to see if their types are the same, namely, both are multimode fiber interface or both are single mode fiber interface. If their types are different, you should change one of them. In most cases, when a multimode fiber interface and a single mode fiber interface are directly connected, they can communicate, but sometimes with the above-mentioned faults.
Page 152 5: ATM C HAPTER ONFIGURATION...
Page 153: Dcc Configuration
Two approaches are available to DCC: circular DCC (“C-DCC” on page 154), and resource-shared DCC (“RS-DCC” on page 155). They are suitable for different applications. In practice, the two parties in a call do not necessarily adopt the same approach. DCC terms:...
Page 154 ■ parameters by assigning it to a dialer circular group, or directly configure DCC parameters on the physical interface. All the physical interfaces in a dialer circular group inherit the attributes of the ■ same dialer interface. You may associate a dialer interface with multiple call destination addresses by ■...
Page 155 Introduction to DCC As shown in the above figure, a physical interface can be assigned to only one dialer interface, but each dialer interface can contain multiple physical interfaces and be mapped to multiple destination addresses. In addition, a physical interface does not necessarily belong to any dialer interface.
Page 156: Dcc Features
BRI 1/0, BRI 1/1 and Serial 2/1. Suppose BRI 1/0 is assigned the priority of 100, BRI 1/1 the priority of 50, and Serial 2/1 the priority of 75. Since BRI 1/0 has a higher priority over BRI 1/1 and Serial 2/1, it will be preferred first when Dialer2 wants to place a call.
Page 157: Dcc Configuration
You need to identify: Which routers will provide DCC and how they are related to each other. ■ Which interfaces on the routers will provide DCC, and which roles they will be ■ playing. Which transmission medium will be used, PSTN or ISDN.
Page 158: Task
Routing Volume. Associating a DCC dial ACL with the dial interface You may configure a dial ACL to filter traffic that traverses a dial interface. Packets fall into two categories, depending on whether they are in compliance with the permit or deny statements in the dial ACL.
Page 159: Configuring C-Dcc
For DCC to send packets normally, you must configure a dial access control list (ACL) and associate it with the concerned dial interface (physical or dialer) by using the dialer-group command.
Page 160 DCC module Configuring an interface to place calls to a remote end As shown in the following figure, an interface at the local end places calls to a single remote end (the components in inverse color represent the routers irrelevant...
Page 161 ] * Configuring an interface to receive calls from a remote end As shown in the following figure, an interface at the local end receives calls from a single remote end (the components in inverse color represent the routers irrelevant...
Page 162 Configuring an interface to place calls to multiple remote ends As shown in the following figure, an interface at the local end places calls to multiple remote ends (the components in inverse color represent the routers irrelevant to the networking):...
Page 163 DCC Configuration Configuring an interface to receive calls from multiple remote ends As shown in the following figure, an interface at the local end receives calls from multiple remote ends (the components in inverse color represent the routers irrelevant to the networking):...
Page 164 In this scenario, interfaces if0, if1, and if2 at the locate end place DCC calls to interfaces if1, if2 and if3 at the remote end. If only one remote end is involved, use the dialer number dial-number command to configure a dial string. If multiple remote ends are involved, use the dialer route command to configure the dial strings and destination addresses.
Page 165 (Single/Multiple interfaces) In this scenario, interfaces if0, if1, and if2 at the local end receive DCC calls from multiple remote interfaces including if1, if2 and if4. As multiple interfaces are involved at the local end, configure DCC parameters for them by configuring a dialer circular group.
Page 166: Configuring Rs-Dcc
For each dialer interface, you can define only one dial string. As this dial string ■ has its own dial attribute set, all calls placed using this dial string use the same DCC attribute parameters (such as dial rate). Each dialer interface can use only one dialer bundle. Each dialer bundle may ■...
Page 167 Before configuring RS-DCC, be aware of the following: In RS-DCC, a RS-DCC set is unable to apply the attribute information in it, PPP ■ authentication for example, to the physical interfaces in a dialer bundle. In other words, the physical interfaces do not inherit the authentication attribute in the RS-DCC set.
Page 168: Configuring Mp For Dcc
Assigning physical interfaces to the dialer bundle A dialer bundle is a collection of physical interfaces with different priorities. When placing a call, DCC selects a physical interface from the bundle in priority order. Follow these steps to assign physical interfaces to the dialer bundle: To do...
Page 169 Implementing DCC with MP In DCC applications, you may configure load thresholds for links. If you set a link load threshold in the range 1 to 99, MP tunes allocated bandwidth according to actual traffic percentage as follows: When the percentage of traffic on a link to bandwidth exceeds the defined ■...
Page 170: Configuring Ppp Callback
When the three commands, ppp mp min-bind, dialer threshold, and ppp mp max-bind, are configured, DCC brings up links as follows: 5 Bring up a minimum number of links depending on the setting of the ppp mp min-bind command. 6 If traffic size still exceeds the link load threshold set by the dialer threshold command, bring up the next idle link.
Page 171 1 Configure PPP callback client in the C-DCC implementation As a callback client, your router can place calls to the remote end (which can be a router or Windows NT server with the PPP callback server function), and receive return calls from the remote end.
Page 172 To leave enough time for a server to call back, the interval between two calls ■ on the client need to be at least 10 seconds longer than that of the server. It is recommended that the interval on the server be set to 5 seconds (the default)
Page 173 PPP callback server. 1 Configure PPP callback client in the RS-DCC implementation As a callback client, your router can place calls to the remote end (which can be a router or Windows NT server with the PPP callback server function), and receive return calls from the remote end.
Page 174: Configuring Isdn Caller Identification Callback
To leave enough time for a server to call back, the interval between two calls on the client need to be at least 10 seconds longer than that of the server. It is recommended that the interval on the server be set to 5 seconds (the default) and that on the client be set to 15 seconds.
Page 175 To leave enough time for a server to call back, the interval between two calls ■ on the client need to be at least 10 seconds longer than that of the server. It is recommended that the interval on the server be set to 5 seconds (the default)
Page 176: Configuring Advanced Dcc Functions
To leave enough time for a server to call back, the interval between two calls ■ on the client need to be at least 10 seconds longer than that of the server. It is recommended that the interval on the server be set to 5 seconds (the default) and that on the client be set to 15 seconds.
Page 177: Dcc Configuration
These dial strings are backups to each other. If DCC fails to call the remote end with a dial string, it will select the dialer route command with the next dial string for another try.
Page 178: Configuring Dcc Timers And Buffer Queue Length
Holddown timer ■ A holddown timer starts upon disconnection of a link. The call attempt to bring up this link can be made only after the timer expires. This is to prevent a remote PBX from being overloaded. Compete-idle timer ■...
Page 179: Configuring Traffic Statistics Interval
Displaying and Maintaining DCC Configuration procedure Follow these steps to configure DCC timers and buffer queue length on a dial interface: To do... Use the command... Remarks Enter system view system-view Enter dial interface (physical interface interface-type or dialer) view...
Page 180: C-Dcc Application
■ C-DCC Application Network requirements On a network segment are located three routers: Router A with the IP address of 100.1.1.1/24, Router B with the IP address of 100.1.1.2/24, and Router C with the IP address of 100.1.1.3/24. Configure C-DCC to allow Router A to call Router B and Router C from multiple interfaces while disabling Router B and Router C from calling each other.
Page 181 [RouterA-Serial2/1] physical-mode async [RouterA-Serial2/1] async mode protocol [RouterA-Serial2/1] dialer circular-group 0 [RouterA-Serial2/1] quit # Set interface Serial 1/0 to work in asynchronous protocol mode and assign it to dialer circular group 0. [RouterA] interface serial 1/0 [RouterA-Serial1/0] physical-mode async [RouterA-Serial1/0] async mode protocol...
Page 182: Rs-Dcc Application
[RouterC-Serial2/0] physical-mode async [RouterC-Serial2/0] async mode protocol # Assign an IP address to interface Serial 2/0, associate dialer access group 1 with the interface, enable C-DCC, and configure two dial strings for calling Router A. [RouterC-Serial2/0] ip address 100.1.1.3 255.255.255.0...
Page 183 DCC Configuration Example Configuration procedure 1 Configure Router A # Configure a dial access control rule for dialer access group 1; create local user accounts userb and userc for Router B and Router C and configure PPP authentication for them.
Page 184 [RouterA] user-interface tty2 [RouterA-ui-tty2] modem both 2 Configure Router B # Configure a dial access control rule for dialer access group 2; create a local user account usera for Router A and configure PPP authentication for it. <RouterB> system-view [RouterB] dialer-rule 2 ip permit...
Page 185 [RouterB] user-interface tty1 [RouterB-ui-tty1] modem both 3 Configure Router C # Configure a dial access control rule for dialer access group 1; create a local user account usera and configure PPP authentication for it. <RouterC> system-view [RouterC] dialer-rule 1 ip permit...
Page 186: Dcc Application On Isdn
On Router C, interface Dialer0 is assigned an IP address 122.1.1.2/24. ■ The Dialer0 interfaces on Router A and Router B are located on the same network segment, so are the Dialer1 interface on Router A and the Dialer0 interface on Router C.
Page 187 Dialer 0 122 .1 .1.2/24 Configuration procedure Solution 1: Use C-DCC to set up connection via ISDN BRI or PRI and configure DCC parameters on physical interfaces. 1 Configure Router A # Configure a dial access control rule for dialer access group 1.
Page 188 HAPTER ONFIGURATION <RouterC> system-view [RouterC] dialer-rule 1 ip permit # Assign an IP address to interface BRI 1/0, enable C-DCC, and configure the dial string for calling Router A. [RouterC] interface bri 1/0 [RouterC-Bri1/0] ip address 100.1.1.3 255.255.255.0 [RouterC-Bri1/0] dialer enable-circular [RouterC-Bri1/0] dialer-group 1 [RouterC-Bri1/0] dialer route ip 100.1.1.1 8810048...
Page 189 [RouterA-Bri1/0] ppp pap local-user usera password simple usera 5 Configure Router B # Configure a dial access control rule for dialer access group 2; create a local user account usera for Router A and configure PPP authentication for it. <RouterB> system-view...
Page 190: Rs-Dcc Application With Mp
Dialer0 on Router B is assigned an IP address 100.1.1.2/24. Use RS-DCC on Router A to call Router B and C-DCC on Router B to call Router A. In addition, implement traffic distribution for the two interfaces on Router A by...
Page 191 Configuration procedure 1 Configure Router A # Configure a dial access control rule for dialer access group 1; create a local user account userb for Router B and configure PPP authentication for it; and set traffic statistics interval to three seconds for DCC.
Page 192: Dcc For Dialup Isdn Bri Line And Leased Line Connection
[RouterA-Bri1/0] ppp pap local-user usera password simple usera 2 Configure Router B # Configure a dial access control rule for dialer access group 2; create a local user account usera for Router A and configure PPP authentication for it; and set traffic statistics interval to three seconds for DCC.
Page 193 Router A and Router to ensure that they can connect to the ISDN network. Configure C-DCC to allow Router A to call Router B and Router C and vice versa. Network diagram Figure 27 Network diagram for using DCC with dialup ISDN BRI and leased line...
Page 194: Router-To-Router Callback With Dcc (Ppp Approach)
Router A and Router B are interconnected via serial interfaces across PSTN. ■ Interface Serial 2/0 on Router A is assigned the IP address of 100.1.1.1/24 and ■ interface Serial 2/0 on Router B is assigned the IP address of 100.1.1.2/24.
Page 195 [RouterA] user-interface tty1 [RouterA-ui-tty1] modem both 2 Configure Router B # Configure a dial access control rule for dialer access group 2; and create a local user account usera for Router A and configure PPP authentication for it. <RouterB> system-view...
Page 196 [RouterA-ui-tty1] modem both 4 Configure Router B # Configure a dial access control rule for dialer access group 2; create a local user account usera for Router A and configure PPP authentication for it; and configure the dial string for callback.
Page 197: Router-To-Router Callback With Dcc (Isdn Approach)
BRI 1/0 on Router B is assigned the IP address of 100.1.1.2/24. Configure ISDN caller identification callback with C-DCC between Router A and Router B, specifying Router A as the callback client and Router B as the callback server.
Page 198: Router-To-Pc Callback With Dcc
Click <Next> to set Internet account connection information. # Type in the phone number for dialing to the callback server. Click <Next>. # Type in the username and password that you want to use for PPP authentication when connecting to the server. Click <Next>.
Page 199 2 Configure Router # Configure a dial access control rule for dialer access group 1; create a local user account userpc for PC and configure PPP authentication for the account. <Router> system-view...
Page 200: Nt Server-To-Router Callback With Dcc
100 .1.1.1/24 PSTN Callback client Callback server Configuration procedure 1 Configure Router # Configure a dial access control rule for dialer access group 1; create a local user account usernt for NT Server and configure PPP authentication for the account.
Page 201 2000 is adopted. Do the following to create a dialup connection with callback capability enabled: # Right-click on the My Network Places icon and from the popup menu select the Properties option. The [Network and Dial-up Connections] window appears. # Right-click on the Make New Connection icon; and from the popup menu select the New Connection...option.
Page 202: Circular Dial String Backup And Internet Access With Dcc
Internet to provide Internet access requests for the client. If otherwise, select the Do not allow virtual private connections. Then click <Next>. # In the [Allowed Users] dialog, click <Add>. In the popup [New User] dialog add the username and password for the PPP callback client and click <OK>. An icon for the new user account appears in the box in the [Allowed Users] dialog.
Page 203 DCC Configuration Example same as those of Router A and Router B, except that Router D uses an ISDN dial string 8810048, rather than PSTN dial strings, to provide services. Configure Router C and Router D to implement DCC with one dial string and use CHAP for authentication.
Page 204 [RouterA] user-interface tty1 [RouterA-ui-tty1] modem both 2 Configure Router B # Configure a dial access control rule for dialer access group 2; create local user accounts user1 through user16 and configure PPP authentication for the accounts. <RouterB> system-view [RouterB] dialer-rule 2 ip permit...
Page 205 DCC Configuration Example # Assign an IP address to interface Dialer0 and configure it to assign IP addresses for PPP users. [RouterB] interface dialer 0 [RouterB-Dialer0] link-protocol ppp [RouterB-Dialer0] ppp authentication-mode pap [RouterB-Dialer0] ppp pap local-user userb password simple userb [RouterB-Dialer0] ip address 100.1.1.254 255.255.255.0...
Page 206 No callback option under the [Callback] tab. Double-click the created connection to dial. Solution 2: On Router C on the dialup side configure a single dial string. On Router D on the access side, use C-DCC approach to set up connection with Router C through an ISDN PRI interface;...
Page 207 [RouterC-Bri1/0] dialer-group 1 [RouterC-Bri1/0] dialer route ip 100.1.1.254 8810048 5 Configure Router D # Configure a dial access control rule for dialer access group 2; create local user accounts user1 through user16 and configure PPP CHAP authentication for the accounts.
Page 208: Troubleshooting
“Troubleshooting Cases” on page 208 ■ Troubleshooting Cases Symptom 1: DCC dialup connection cannot be set up because the modem does not dial when the router forwards data. Solution: Check that: The modem and phone cable connections are correct, and the modem ■...
Page 209 Troubleshooting Use the debugging dialer event and debugging dialer packet commands ■ to locate the problem.
Page 210 6: DCC C HAPTER ONFIGURATION...
Page 211: Dls W Configuration
SNA device into Switch-to-Switch Protocol (SSP) frames that can be encapsulated in TCP packets, 2 The SSP frames are forwards across the WAN over a TCP connection to the remote router 3 The remote router converts the SSP frames back into LLC2 frames and sends them to the peer SNA device.
Page 212: Differences Between Dlsw V1.0 And Dlsw V2.0
In addition, DLSw v2.0 provides enhancements by means of UDP explorer frames sent in multicast and unicast modes. When the peer is also running DLSw v2.0, the two ends can use UDP packets to explore reachability, and a TCP connection is established only when data transmission is required.
Page 213: Related Specifications
Setting up a single TCP connection when required ■ A TCP connection is set up after the origin and target DLSw v2.0 routers get reachability information using UDP packets and when both the origin and target stations want to set up a circuit between them. A DLSw circuit establishment process is simplified into two stages: first, establishment of a single TCP connection;...
Page 214: Creating Dlsw Peers
Before the local router can initiate or accept a TCP connection request, you need to configure a local DLSw peer specifying the IP address of the local end of the TCP connection. A router can only have one local peer.
Page 215: Mapping A Bridge Set To Dlsw
| priority the remote DLSw router. priority ] * Removing a local DLSw peer will remove all its remote DLSw peers at the same time. Mapping a Bridge Set to DLSw was developed based on the bridging technology. Bridging between...
Page 216: Configuring Llc2 Parameters
■ Note that the timer values should be modified only when necessary. Configuring LLC2 SNA was designed to transmit LLC2 frames over Ethernet. By means of LLC2 Parameters related commands, you can modify some LLC2 parameters. Follow these steps to configure LLC2 parameters: To do...
Page 217: Enabling The Multicast Function Of Dlsw V2.0
■ multicast command first. Configuring the Each time the origin DLSw v2.0 router sends an explorer frame in a UDP multicast, Maximum Number of it starts an explorer timer. If no response is received before the explorer timer times DLSw v2.0 Explorer out, the router retransmits the explorer frame and resets the explorer timer.
Page 218: Configuring Dlsw In An Sdlc Environment
ACLs for inbound and acl-number outbound outbound traffic can be configured at the same time For details about creating a Layer 2 ACL, refer to ACL Configuration in the Security Volume. Configuring DLSw in an SDLC Environment Configuring DLSw Follow these steps to configure DLSw: To do...
Page 219: Configuring An Sdlc Interface
Reachability Information” on page 224 the router Configuring an SDLC The SDLC is a link layer protocol relative to the SNA. Its working principle is similar Interface to that of HDLC. In order to make DLSw work normally, you need to configure an SDLC interface by specifying SDLC as the link layer protocol on the synchronous serial interface.
Page 220: Configuring An Sdlc Address For A Secondary Station
SDLC station, you need to configure the address of each secondary SDLC station connected with the serial interface. An SDLC address ranges from 0x01 to 0xFE. The SDLC address of a router is valid on only one physical interface. That is, the SDLC addresses configured on different interfaces may be the identical.
Page 221: Configuring An Sdlc Peer
Configuring an SDLC XID An XID is used to identify a device in an SNA system. When configuring an SDLC connection, pay attention to the types of the connected SNA devices. Generally, there are two types of devices in an SNA system: PU2.0 and PU2.1. An XID has been configured on PU2.1 devices, so they can announce their identity by...
Page 222: Configuring An Sdlc Virtual Mac Address
No virtual MAC address by default Note that the sixth byte of the MAC address should be set to 0x00. The system will combine the first five bytes of this virtual MAC address with the SDLC address into a new MAC address, which will serve as the source MAC address in SDLC-to-LLC2 frame format conversion.
Page 223: Configuring Optional Sdlc Parameters
0xFF (marks) 0x7E by default during idle state Generally it is not required to change the idle-time encoding scheme of a synchronous serial interface, except when the synchronous serial interface is connected to an AS/400 device. Configuring Optional...
Page 224: Configuring Local Reachable Mac Or Sap Addresses
A SAP address refers to the address of one or more applications running on a computer or network device. Configuring Local To reduce the exploring time before the routers send information frames when...
Page 225: Displaying And Debugging Dlsw
As illustrated in Figure 36, DLSw works in a LAN-LAN environment. Configure DLSw on Router A and Router B to enable communication between an IBM host with an SNA host over the Internet. Network diagram Figure 36 Network diagram for LAN-to-LAN DLSw configuration...
Page 226: Configuring Sdlc-To-Sdlc Dlsw
ONFIGURATION Configuration procedure 1 Configure Router A: # Configure interface parameters on Router A to ensure that the local DLSw peer 1.1.1.1 and remote peer 2.2.2.2 are pingable to each other (specific configuration steps omitted). # Configure DLSw on Router A.
Page 227 SDLC address: 0xC1 Configuration procedure 1 Configure Router A: # Configure interface parameters on Router A to ensure that the local DLSw peer 1.1.1.1 and remote peer 2.2.2.2 are pingable to each other (specific configuration steps omitted). # Configure DLSw on Router A.
Page 228: Configuring Dlsw For Sdlc-Lan Remote Media Translation
SDLC-LAN Remote As shown in Figure 38, Host A and Host B are PU2.0 nodes (ATM), and Host C is a Media Translation PU2.1 node (OS2). Configure DLSw on Router A and Router B, using NRZ encoding on the port connected with the multiplexer and NRZI encoding on the port connected with Host C, so that the IBM host can communicate with all the SNA PCs over the Internet.
Page 229: Configuring Dlsw With Vlan Support
[RouterB] dlsw reachable mac-exclusivity [RouterB] dlsw reachable-cache 0014-cc00-54af remote 1.1.1.1 Note that in the configuration on router B, the MAC address in the sdlc mac-map remote and dlsw reachable-cache commands is the MAC address of the Ethernet card of the AS/400 device, which is connected to Router A. As an...
Page 230 IBM AS/400 Host(SNA ) Configuration procedure 1 Configure Router A # Configure interface parameters on Router A to ensure that the local DLSw peer 1.1.1.1 and remote peer 2.2.2.2 are pingable to each other (specific configuration steps omitted). [RouterA] bridge enable [RouterA] bridge 1 enable [RouterA] dlsw local 1.1.1.1...
Page 231: Dlsw V2.0 Configuration Example
Figure 40, Router A is DLSw v2.0 capable, connected with an IBM host, Router B and Router C are DLSw v1.0 or DLSw v2.0 capable, respectively connected with PC1 and PC2, and CISCO is a DLSw-capable router of Cisco, connected with PC3. All the DLSw routers listen to the multicast address 224.0.10.0.
Page 232: Troubleshooting Dlsw
IP routing configuration. Solution Check whether the IP address of the remote peer is reachable by using the ping command carrying the source address. Alternatively, use the display ip routing-table command to check whether there is a route to the network...
Page 233: Unable To Establish A Dlsw Circuit
PU type is correct. Use the sdlc xid command to configure the XID and change the configuration of the PU type. 3 If the PU type is correct, use the display dlsw circuit verbose command to check whether the virtual circuit can enter the CIRCUIT_EST state. If not, the MAC address of the SDLC peer is not correctly configured.
Page 234 7: DLS HAPTER ONFIGURATION...
Page 235: Frame Relay Configuration
Terminologies Overview Frame relay protocol is a simplified X.25 WAN protocol. It is a kind of statistical multiplexing protocol that can establish multiple virtual circuits (VC) over a single physical cable, each of which is identified by a data link connection identifier (DLCI).
Page 236: Frame Relay Protocol Parameters
DTE sends one Status Enquiry message to query the virtual circuit status at a certain interval. After the DCE receives the message, it will immediately use the Status message to inform DTE of the status of all the virtual circuits on current interface.
Page 237: Frame Relay Address Mapping
Frame Relay Terminologies A DTE sends a Status-Enquiry message at a certain interval to query the link status. The DCE responds with a Status response message upon receiving the message. If the DTE does not receive any response within a specified time, it will record this error.
Page 238: Frame Relay Configuration Task List
Network” on page 246 “Configuring Annex G” on page Optional Configuring DTE Side Frame Relay Configuring Basic DTE Follow these steps to configure DTE side frame relay: Side Frame Relay To do... Use the command... Remarks Enter system view system-view...
Page 239: Configuring Frame Relay Address Mapping
Static configuration means the manual setup of the mapping relation between ■ the peer IP address and local DLCI, and is usually applied when there are few peer hosts or there is a default route. Dynamic setup means the dynamic setup of mapping relation between peer IP ■...
Page 240: Configuring Frame Relay Switching
A device with frame relay switching function enabled can act as a frame relay switch. In this scenario, the frame relay interface should be NNI or DCE and it is required to perform corresponding configuration on the two or more interfaces used for frame relay switching before the frame relay switching function can work.
Page 241: Configuring Frame Relay Subinterface
P2MP subinterface is used to connect multiple remote devices. A P2MP subinterface can be configured with multiple virtual circuits, each of which sets up an address map with its connected remote network address to distinguish different connections. Address maps can be set up...
Page 242: Configuring Frame Relay Over Ip Network
P2P subinterface ■ Since there is only one peer address for a P2P subinterface, the peer address is determined when a virtual circuit is configured for the subinterface. You therefore do not need to configure dynamic or static address map for P2P subinterface.
Page 243 The frame relay packets transmitted through GRE tunnel fall into three categories: FR packet and InARP packet, both of which have IP header encapsulated, and LMI packet used to negotiate virtual circuit status in GRE tunnel. Configuration procedure Follow these steps to configure frame relay over IP network: To do...
Page 244: Configuring Annex G
■ FR mapping for the destination IP address. An Annex G interface is either a DCE or a DTE. For the two Annex G interfaces ■ of a VC, you need to configure one as the DTE and the other as the DCE.
Page 245: Configuring Dce Side Frame Relay
■ the destination are transmitted through specific DLCI. With X.25 address mapping configured in X.25 template view, a call to the specific X.25 address is launched before a packet is sent to the destination IP address. IP packets can be transmitted correctly only when the both types of address mappings are configured.
Page 246: Configuring Frame Relay Address Mapping
ONFIGURATION To do... Use the command... Remarks Configure frame relay fr interface-type { dce | nni } Required interface type to DCE or NNI The default frame relay interface type is DTE. Configure frame relay LMI fr lmi type { ansi |...
Page 247: Frame Relay Configuration Example
“Interconnecting LANs through Dedicated Line” on page 249 ■ Interconnecting LANs Network requirements through Frame Relay Interconnect LANs through the public frame relay network. In this implementation, Network the routers can only work as user equipment working in the frame relay DTE mode.
Page 248 8: F HAPTER RAME ELAY ONFIGURATION Network diagram Figure 43 Network diagram for connecting LANs through a frame relay network Router A Router B S2/0 S2/0 202 .38 .163 .251 /24 202 .38 .163 .252 /24 DLCI=50 DLCI=70 Router C...
Page 249: Interconnecting Lans Through Dedicated Line
Dedicated Line Two routers are directly connected through a serial interface. Router A works in the frame relay DCE mode, and Router B works in the frame relay DTE mode. Network diagram Figure 44 Network diagram for interconnecting LANs through a dedicated line...
Page 250: Interconnecting Lans Through An Annex G Dlci
[RouterB-Serial2/0] link-protocol fr [RouterB-Serial2/0] fr interface-type dte Approach II: On subinterfaces 3 Configure Router A # Set the link layer protocol on the interface to frame relay and interface type to DCE. <RouterA> system-view [RouterA] interface serial 2/0 [RouterA-Serial2/0] link-protocol fr...
Page 251 Frame Relay Configuration Example Network diagram Figure 45 Network diagram for interconnecting LANs through an Annex G DLCI S 2/0 S2/0 202 .38 .163 .251/24 202 .38 .163 .252 /24 DLCI=100 Router A Router B Configuration procedure 1 Configure Router A: # Create an X.25 template.
Page 252: Troubleshooting Frame Relay
The physical layer is in down status. Solution: Check whether the physical line is normal. ■ Check whether the remote device runs normally. ■ Symptom 2: The physical layer is already up, but the link layer protocol is down. Solution:...
Page 253: Frame Relay Compression
1 Ensure that the devices at both ends have configured (or created) correct address mapping for the peer. 2 Ensure that there is a route to the peer if the devices are not in the same subnet segment. Frame Relay...
Page 254: Configuring Frf.9 Compression
FRF.20-enabled interfaces to negotiate status information. The interfaces cannot exchange FRF.20 data packets before the negotiation succeeds. If the negotiation fails after 10 attempts to send control packets are made, the interfaces stop negotiation and their compression settings do not take effect.
Page 255: Displaying And Maintaining Frame Relay Compression
] Frame Relay Network requirements Compression Router A and Router B are connected through the frame relay network and frame Configuration Example relay compression function (FRF.9) is enabled between them. Network diagram Figure 46 Network diagram for frame relay compression...
Page 256 8: F HAPTER RAME ELAY ONFIGURATION <RouterB> system-view [RouterB] interface serial 2/0 [RouterB-Serial2/0] link-protocol fr [RouterB-Serial2/0] ip address 10.110.40.2 255.255.255.0 [RouterB-Serial2/0] fr interface-type dte [RouterB-Serial2/0] fr map ip 10.110.40.1 100 compression frf9...
Page 257: Multilink Frame Relay
The interrelationship between bundle and bundle link is illustrated as follows: Figure 47 Illustration of bundle and bundle links Bundle Bundle Link Bundle Link Bundle Link For the actual physical layer, bundle link is visible; while for the actual data link layer, bundle is visible.
Page 258: Configuring Multilink Frame Relay
MFR interface and physical interfaces. The function and configuration of the MFR interface is the same with that on the FR interface in common sense. Like the FR interface, the MFR interface supports DTE and DCE interface types as well as QoS queue mechanism.
Page 259: Displaying And Maintaining Multilink Frame Relay
Multilink Frame Relay Configuration Examples MFR Direct Connection Network requirements Configuration Example Router A and Router B are directly connected through Serial 2/0 and Serial 2/1. The frame relay protocol is used to bundle the two serial ports to provide broader bandwidth.
Page 260: Mfr Switched Connection Configuration Example
[RouterB-Serial2/0] link-protocol fr mfr 4 [RouterB-Serial2/0] quit [RouterB] interface serial 2/1 [RouterB-Serial2/1] link-protocol fr mfr 4 MFR Switched Network requirements Connection Router A and Router C are connected through MFR to Router B where MFR Configuration Example switching is enabled.
Page 261 # Configure interface MFR1 <RouterA> system-view [RouterA] interface mfr 1 [RouterA-MFR1] ip address 1.1.1.1 255.0.0.0 [RouterA-MFR1] quit # Add Serial 2/0 and Serial 2/1 to interface MFR1 [RouterA] interface serial 2/0 [RouterA-Serial2/0] link-protocol fr mfr 1 [RouterA-Serial2/0] quit [RouterA] interface serial 2/1...
Page 262 [RouterB] interface serial 2/3 [RouterB-Serial2/3] link-protocol fr mfr 2 [RouterB-Serial2/3] quit # Configure static route for frame relay switching [RouterB] fr switch pvc1 interface mfr 1 dlci 100 interface mfr 2 dl ci 200 3 Configure Router C # Configure interface MFR2 <RouterC>...
Page 263: Ppp Ofr
■ Overview PPP over frame relay (PPPoFR) enables routers to establish end-to-end PPP sessions on a frame relay network, allowing frame relay stations to use PPP features such as LCP, NCP, authentication, and MP fragmentation. Configuring PPPoFR Follow these steps to configure PPPoFR: To do...
Page 264: Pppofr Configuration Example
10: PPP HAPTER PPPoFR Configuration Network requirements Example Router A and Router B connect through frame relay network, and enable PPPoFR between them. Network diagram Figure 50 Network diagram of PPPoFR 10.1.1.2/8 10.1.1.1/8 S2/0 S2/0 Router A Router B Configuration procedure...
Page 265: Mp Ofr
“MPoFR Configuration Example” on page 266 ■ Overview Multilink PPP over frame relay (MPoFR) is PPPoFR making use of MP fragments to transmit MP fragments over frame relay stations. In MPoFR configuration, first configure PPPoFR on two or more virtual templates (it...
Page 266: Mpofr Configuration Example
PC4 and there is also a voice service stream. The bandwidth of Router B Serial2/0 is 64 kbps. PC3 sends data service stream 3 to PC1, PC4 sends data service stream 4 to PC2, and there is also a voice service stream.
Page 267 MPoFR Configuration Example To ensure voice quality, it is required to fragment the data packets to reduce voice jitter caused by transmission delay. MPoFR is adopted here, and MP is used to fragment data packets. Network diagram Figure 51 Net work diagram for MPoFR implementation...
Page 268 [RouterA] interface virtual-template 3 [RouterA-Virtual-Template3] ppp mp lfi [RouterA-Virtual-Template3] qos max-bandwidth 64 [RouterA-Virtual-Template3] ip address 1.1.6.1 255.255.255.0 # Cancel fast forwarding defined in virtual template (CBQ is not supported when fast forwarding is enabled). [RouterA-Virtual-Template3] undo ip fast-forwarding [RouterA-Virtual-Template3] quit # Map specified DLCI to PPP virtual template on the interface.
Page 269 MPoFR Configuration Example # Enable real-time queue and policy on the interface to prevent interface congestion [RouterA-Serial2/0] qos apply policy liuliang outbound [RouterA-Serial2/0] qos rtpq start-port 16384 end-port 32767 bandwid th 20 cbs 1500 2 Configure Router B # Configure ACL rule <RouterB>...
Page 270 [RouterB] interface Virtual-Template 3 [RouterB-Virtual-Template3] ppp mp lfi [RouterB-Virtual-Template3] qos max-bandwidth 64 [RouterB-Virtual-Template3] ip address 1.1.6.2 255.255.255.0 # Cancel fast forwarding defined in virtual template (CBQ is not supported when fast forwarding is enabled) [RouterB-Virtual-Template3] undo ip fast-forwarding [RouterB-Virtual-Template3] quit...
Page 271: Gvrp Configuration
GARP itself does not exist on a device as an entity. GARP-compliant application entities are called GARP applications. One example is GVRP. When a GARP application entity is present on a port on your device, this port is regarded a GARP application entity.
Page 272 Each GARP participant sends a Join message twice for reliability sake and uses a join timer to set the sending interval. If the first Join message is not acknowledged after the interval defined by the Join timer, the GARP participant sends the second Join message.
Page 273 Introduction to GVRP The settings of GARP timers apply to all GARP applications, such as GVRP, on a ■ LAN. Unlike other three timers, which are set on a port basis, the LeaveAll timer is ■ set in system view and takes effect globally.
Page 274: Gvrp
VLAN registration information from other devices to its local database about active VLAN members and through which port they can be reached. It thus ensures that all GVRP participants on a bridged LAN maintain the same VLAN registration information. The VLAN registration information propagated by GVRP includes both manually configured local static entries and dynamic entries from other devices.
Page 275: Configuring Gvrp
GVRP can only be configured at the Trunk port. GVRP configuration is broken down into: configuring GVRP functions and configuring GARP timers. Configuring GVRP Follow these steps to configure GVRP functions on a trunk port: Functions To do... Use the command...
Page 276: Displaying And Maintaining Gvrp
The setting of each timer must be a multiple of five (in centiseconds). ■ The settings of the timers are correlated. If you fail to set a timer to a certain ■ value, you can try to adjust the settings of the rest timers.
Page 277: Gvrp Configuration Example
GVRP Configuration Example # Configure port Ethernet 1/0 as a trunk port, allowing all VLANs to pass. [DeviceA] interface ethernet 1/0 [DeviceA-Ethernet1/0] port link-type trunk [DeviceA-Ethernet1/0] port trunk permit vlan all # Enable GVRP on Ethernet 1/0, the trunk port.
Page 278 1 Configure Device A # Enable GVRP globally. <DeviceA> system-view [DeviceA] gvrp # Configure port Ethernet 1/0 as a trunk port, allowing all VLANs to pass. [DeviceA] interface ethernet 1/0 [DeviceA-Ethernet1/0] port link-type trunk [DeviceA-Ethernet1/0] port trunk permit vlan all # Enable GVRP on Ethernet 1/0.
Page 279: Gvrp Configuration Example
1 Configure Device A # Enable GVRP globally. <DeviceA> system-view [DeviceA] gvrp # Configure port Ethernet 1/0 as a trunk port, allowing all VLANs to pass. [DeviceA] interface ethernet 1/0 [DeviceA-Ethernet1/0] port link-type trunk [DeviceA-Ethernet1/0] port trunk permit vlan all # Enable GVRP on Ethernet 1/0.
Page 280 HAPTER ONFIGURATION <DeviceB> system-view [DeviceB] gvrp # Configure port Ethernet 1/1 as a trunk port, allowing all VLANs to pass. [DeviceB] interface ethernet 1/1 [DeviceB-Ethernet1/1] port link-type trunk [DeviceB-Ethernet1/1] port trunk permit vlan all # Enable GVRP on Ethernet 1/1.
Page 281: Hdlc Configuration
The information field can be an arbitrary binary bit set. The minimum length ■ can be zero and the maximum length is decided by the FCS field or the buffer size of the communicating node. Generally, the maximum length is between...
Page 282: Configuring Hdlc
13: HDLC C HAPTER ONFIGURATION The checksum field can use a 16-bit CRC to check the content of a frame. ■ Configuring HDLC Follow these steps to configure HDLC protocol: To do... Use the command... Remarks Enter system view system-view...
Page 283: And Lapb Configuration
X.25 is the protocol for point-to-point interaction between DTE and DCE. DTE usually refers to the host or terminal at the user side, and DCE usually refers to a device like the synchronous modem. DTE is connected with DCE directly, DCE is...
Page 284 SVC for transmitting traffic that is generated in a burst way. Once a virtual circuit is established between a pair of DTEs, it is assigned a unique virtual circuit number. When one DTE is to send a packet to the other, it numbers this packet (with virtual circuit number) and sends it to DCE.
Page 285: Configuring Lapb
DTE and that of DCE. Through this bridge, packets can be transmitted continuously between the packet layer of DTE and that of DCE. The...
Page 286: Configuring X.25
X.121 address Interface Parameters If the device is used for X.25 switching, this task can be skipped. If it is connected to X.25 public packet network, you must set an X.121 address for the connected X.25 interface according to the requirements of the ISP. As defined in ITU-T recommendation X.121, an X.121 address is a string of 1 to 15 numbers.
Page 287 The numbers of the virtual circuits established by an X.25 call must be set in the ranges of B, C and D. The permanent virtual circuits must be set in the A range. According to ITU-T Recommendation X.25, the idle channel allocation rules in...
Page 288 (including 1 and 4095), but they are regarded correct only if they satisfy the following conditions: In strict ascending order, i.e. 1 ≤ lic ≤ hic< ltc ≤ htc < loc ≤ hoc ≤ 4095. ■ If the upper limit (or lower limit) of a range is 0, then the lower limit (or upper ■...
Page 289 (Parameter negotiation will be described in the later sections). The PVC, which can be established directly without calling, will also use these default values if no window size or packet size option is appended when it is specified. (Refer to “Configuring PVC Application of...
Page 290: Configuring X.25 Interface Supplementary Parameters
X.25 protocol defines a series of timers to facilitate its procedure. After X.25 sends a control message, if it does not receive the response before the timeout of the corresponding timer, X.25 protocol will take corresponding measure to handle this abnormal event.
Page 291 X.25 protocol. When receiving an X.25 call, the device will check the CUD field in the packet. If receiving a call carrying an unidentifiable CUD field, the router will deny it. However, an upper layer protocol can be specified as the default protocol on the X.25.
Page 292: Configuring X.25 Datagram Transmission
Datagram Transmission using the X.25 protocol through X.25 packet switching network. As shown in the following figure, LAN 1 and LAN 2 are far apart, and the large and distributed X.25 packet switching network can be used to realize information exchange...
Page 293 A PVC can be created for the data transmission featuring large but stable traffic size and requiring the service quality of leased line. A PVC does not need any call process and will always exist once set up. Before creating a PVC, it is unnecessary to create an address mapping, because an address mapping is created implicitly when a PVC is created.
Page 294: Configuring Additional Parameters For X.25 Datagram Transmission
Optional Specify the maximum idle time of SVC For the sake of cost saving, you can specify an SVC idle time upon the expiration of which the SVC will be disconnected. Enabling this feature will not affect the data transmission, as a new SVC can be set up again if there are new packets waiting for transmission.
Page 295 The value is called “receive-threshold”, which ranges from 0 to input-window-size. If it is set to 1, every packet will be acknowledged. If it is set to input-window-size, the acknowledgment will be sent only after the receiving window is full.
Page 296 (by using the x25 map command) ■ The configuration based on X.25 interface will be effective in every call originating from this X.25 interface, while the configuration based on address mapping will be effective only in the calls originating from this address mapping.
Page 297 303. Configure the data queue length of VC You can specify the sending and receiving queue lengths of VC for X.25 to adapt to different network environments. The default queue length can contain 200 packets, but you can increase the number for the sake of preventing accidental packet loss in case of large traffic size or low X.25 network transmission rate.
Page 298 Before a destination is called, this destination must be found in the address mapping table. Before a call is received, the source of this call must also be found in the address mapping table. However, in some cases, some address mappings are used for calling out only, while others are used for calling in only.
Page 299: Configuring X.25 Subinterface
Simply speaking, X.25 packet switching means that, after receiving a packet from an X.25 port or Annex G DLCI, a switch will select a certain X.25 port or Annex G DLCI to send the packet according to the related destination information contained in the packet.
Page 300: Configuring X.25 Load Sharing
X.25 packet switching network. X.25 load sharing can implement the load sharing between different DTEs or between different links in the same DTE, to ensure that link overload will not occur when a large number of users access the same address.
Page 301 X.25 load sharing can function only on SVC, and not on PVC. In an X.25 hunt group, the position of all DTEs is identical, and they have the same X.121 address. DTEs inside hunt group can call other DTEs outside hunt group according to the normal mode.
Page 302 ■ XOT channel inside hunt group for each call. For example, in the above figure, if the hunt group HG 1 uses the round-robin mode, the call will be sent in turn to server A or server B. The vc-number mode selects the interface with the maximum idle logic ■...
Page 303: Configuring X.25 Closed User Group
One user may belong to multiple CUGs. When the user calls another user in a CUG, the CUG number is included in its capability negotiation message. The user may also be set not to belong to any CUG, in which case the capability message does not carry CUG information.
Page 304 (X.25) during CUG call processing. For example, when processing the call from the DTE with CUG 10 to DTE with CUG 20, the system first searches the mapping table for this mapping entry: if the table has this entry, it forwards the packets, if not, it denies the forwarding.
Page 305: Pad Remote Access Service
[ no-incoming | no-outgoing | preferential ]* The x25 cug-service and x25 local-cug commands are supported only on the X.25 DCE interface, that is, you need to specify the interface as DCE when encapsulating X.25 protocol on the serial interface. X.25 PAD Remote Access Service Introduction to X.25 PAD...
Page 306: Configuring X.25 Pad
If two routers on an X.25 network support X.25 PAD, you can use the pad command to place an X.25 PAD call on one router (the client) to log onto the other router (the server). If authentication is configured, the server will authenticate the client before allowing it to log in.
Page 307: Troubleshooting X.25 Pad
Required specified X.121 address Troubleshooting X.25 Symptom: Failed to log onto a remote device after placing an X.25 PAD call to the remote device. The system prompted the destination address was unreachable. Solution: Check that: The two ends of the X.25 PAD call are connected through an X.25 network and ■...
Page 308: Configuration Procedure
“link layer” protocol of X.25. Router B, Router C and IP network in the middle can be looked upon as a big “X.25 switch”, and the data sent by Router A is directly switched to Router D via this “switch”.
Page 309 623. Configure XOT optional attributes After TCP link is established, TCP will also not be cleared easily even if the link is interrupted. However, after the Keepalive attribute is configured, the router will periodically send the detection packet to check the availability of the link. If it has not received the acknowledgement after sending packets for many times, the router will deem the link fault and will initiatively clear TCP connection.
Page 310: Configuring X.25 Over Fr
Interface where the XOT connection is initiated interface-number Configuring X.25 over Introduction to X.25 X.25 over FR carries X.25 packets over FR to interconnect two X.25 networks over FR across an FR network, as shown in the following figure. Figure 68 X.25 Over FR network diagram...
Page 311: Configuring Svc Application Of X.25 Over Fr
Configuring X.25 over FR Configuring SVC X.25 over FR is an extension to X.25 switching, so you need enable X.25 switch Application of X.25 over first. To configure SVC application of X.25 over FR, use the following commands: To do...
Page 312: Configuring X2T
X.25 call request packet, it checks the destination address of X.121 in the packet and looks up in the X2T routing table for a match. If there is a matching route, the router will set up a TCP connection with the host at the...
Page 313: Configuration Procedure
IP address and TCP port number of the TCP connection and looks up in the X2T routing table for a match. If there is a match, the router will set up an X.25 SVC destined to the host at the associated destination X.121 address of the X2T route.
Page 314: Displaying And Maintaining Lapb And
LAPB Configuration Network requirements Example Two routers are directly connected back to back via serial interfaces encapsulated with LAPB that can transmit IP datagrams directly. Network diagram Figure 70 Direct connection of two routers via serial interfaces (LAPB) S2 /0 S 2/0 10.1.1.1 /8...
Page 315 [RouterA] interface serial 2/0 # Assign an IP address for the interface. [RouterA-Serial2/0] ip address 10.1.1.2 255.0.0.0 # Configure the link layer protocol of the interface as LAPB, and specify it to work in DTE mode. [RouterA -Serial2/0] link-protocol lapb dte...
Page 316: Configuration Examples
[RouterA] interface serial 2/0 # Assign an IP address for the interface. [RouterA-Serial2/0] ip address 202.38.60.1 255.255.255.0 # Configure the link layer protocol of the interface as X.25, and configure the interface to operate in DTE mode. [RouterA-Serial2/0] link-protocol x25 dte # Assign an X.121 address to the interface.
Page 317: Direct Connection Of Two Routers Through Serial Interfaces (Two Mappings)
[RouterB-Serial2/0] x25 window-size 5 5 [RouterB-Serial2/0] shutdown [RouterB-Serial2/0] undo shutdown Note that, since IP to X.121 mapping is available, IP addresses of both ends can be on different network segments and no static route is needed. Direct Connection of Network requirements Two routers through As shown in the following figure, two routers are connected directly;...
Page 318 # Since the peer (Router A) has two IP addresses corresponding to the X.121 address at the local end (Router B) and the local IP address is not in the first mapping, two VCs will be created when connection being established, so you need to specify the maximum number of VCs in the mapping as 2.
Page 319: Connecting The Router To X.25 Public Packet Network
Connecting the Router Network requirements to X.25 Public Packet As shown in the following figure, Routers A, B, and C are connected to the same Network X.25 network. The requirements are: The IP addresses of the interfaces Serial 2/0 of the three routers are ■...
Page 320: Configuring Vc Range
Configuring VC Range Network requirements The link layer protocol of the router interface Serial 2/0 is X.25, and VC ranges as follows: PVC range [1, 8], incoming-only channel range [9, 16], two-way channel range [17, 1024], and outgoing-only channel range is disabled.
Page 321 X.25 Configuration Examples It is required to exchange route information between LAN 1 and LAN 2 using ■ RIP, so that Host A and Host B can exchange information without any static route. Network diagram Figure 74 Carry IP datagrams over X.25 PVC X.25 network...
Page 322 [RouterB-rip-1] network 196.0.0.0 As you go through the above configuration procedure, you may be probably puzzled due to different PVC numbers (that is, 3 and 4 in this scenario) on Router A and Router B. You should distinguish between “VC” and “logic-channel”.
Page 323: Subinterface Configuration Example
In the following figure, Router A is configured with two subinterfaces, which are connected with Router B and Router C. Router D operates as an X.25 switch. It is desired that Router A can communicate with Router B and Router C respectively.
Page 324: Svc Application Of Xot
SVC Application of XOT Network requirements Router B and Router C are connected through Ethernet interfaces. Set up a TCP connection between them to deliver data between Serial 2/0 of Router A and Serial 2/0 of Router D. Configure SVCs and XOT.
Page 325 # Enable X.25 switching. <RouterB> system-view [RouterB] x25 switching # Configure local X.25 switching, specifying packets to X.121 address 1 to pass through Serial 2/0. [RouterB] x25 switch svc 1 interface serial 2/0 # Configure XOT switching, specifying an X.25 switching route to XOT channel.
Page 326: Pvc Application Of Xot
PVC Application of XOT Network requirements Router B and Router C are connected through Ethernet interfaces. Set up a TCP connection between them to deliver data between Serial 2/0 of Router A and Serial 2/0 of Router D. Configure PVCs and XOT.
Page 327: Svc Application Of X.25 Over Fr
Network requirements over FR In the following figure, Router A is connected to Router B, Router C to Router D through X.25. Router B is connected to Router C through FR. Configure FR Annex G DLCI 100 on the two routers to interconnect the two X.25 networks, enabling Host A and Host B to communicate with each other.
Page 328 [RouterB-fr-dlci-Serial2/1-100] annexg dce # Configure X.25 local switching. [RouterB] x25 switch svc 1 interface serial 2/0 # Configure X.25 over FR switching. [RouterB] x25 switch svc 2 interface serial 2/1 dlci 100 4 Configure Router C # Enable X.25 switching. <RouterC> system-view [RouterC] x25 switching # Configure Serial 2/0 as X.25 interface.
Page 329: Pvc Application Of X.25 Over Fr
Network requirements over FR In the following figure, Router A is connected to Router B, Router C to Router D through X.25. Router B is connected to Router C through FR. Configure FR Annex G DLCI 100 on the two routers to interconnect the two X.25 networks, enabling Host A and Host B to communicate with each other.
Page 330 [RouterB] interface serial 2/0 [RouterB-Serial2/0] link-protocol x25 dce [RouterB-Serial2/0] x25 vc-range bi-channel 10 20 [RouterB-Serial2/0] x25 switch pvc 1 interface serial 2/1 dlci 100 pvc 1 # Configure an X.25 template. [RouterB] x25 template switch [RouterB-x25-switch] x25 vc-range bi-channel 10 20 # Configure the PVC switching route for the template.
Page 331: Load Sharing Application
■ enable destination address and source address substitution function, so that the calls from X.25 terminal can be sent to Router B, Router C and Router E via the load sharing function. As X.25 switch. Router D that connects with Router A and Router E is used to implement XOT ■...
Page 332 [RouterA] interface serial 2/0 [RouterA-Serial2/0] link-protocol x25 dce # In the same way as listed above, configure the link layer protocol of the interface Serial 2/2, Serial 2/3, and Serial 2/4 as X.25 and configure them to operate in DCE mode.
Page 333 [RouterA] x25 switch svc 1112 interface serial 2/4 [RouterA] x25 switch svc 1113 interface serial 2/0 2 Configure Router B # Configure the link layer protocol of interface Serial 2/0 as X.25, and configure it to operate in DTE mode. <RouterB> system-view...
Page 334: Implementing X.25 Load Sharing Function For Ip Datagram Transmission
LAPB C HAPTER ONFIGURATION [RouterC-fr-dlci-Serial2/0-100] x25-template vofr 4 Configure Router E. # Configure the link layer protocol on Serial 2/0 as X.25 and configure it to operate in DTE mode. <RouterE> system-view [RouterE] interface serial 2/0 [RouterE-Serial2/0] link-protocol x25 dte [RouterE-Serial2/0] x25 x121-address 8888 5 Configure Router D.
Page 335 X.25 switching. Note that there have been two lines connected to the same peer on Router C, so you must configure a virtual IP address and two static routes on the interface Serial 2/1 to “cheat”...
Page 336: Tcp/Ip Header Compression Protocol Application
[RouterC] ip route-static 10.1.1.0 24 1.1.1.1 [RouterC] ip route-static 10.1.1.0 24 2.1.1.1 [RouterC] ip route-static 10.2.1.0 24 1.1.1.2 [RouterC] ip route-static 10.2.1.0 24 2.1.1.2 TCP/IP Header Network requirements Compression Protocol As shown in the following figure, two routers are connected directly. Application...
Page 337 Router A Router B Configuration procedure 1 Configure RouterA # Configure the link layer protocol of Serial 2/0 as X.25, and configure the interface to operate in DTE mode. <RouterA> system-view [RouterA] interface serial 2/0 [RouterA-serial2/0] link-protocol x25 dte ietf # Assign an x121 address for the interface.
Page 338: Pad Configuration Example
Example As shown in the following figure, Router A is connected to Router B through an X.25 network. It is required that Router B could place X.25 PAD calls to log onto Router A and then configure Router A. Network diagram Figure 84 Network diagram for X.25 PAD configuration...
Page 339: X2T Configuration Example
X2T SVC Configuration Network requirements Example The router connects X.25 and IP networks together. In this connection, the X.25 terminal communicates with the router through SVC and the X2T technology applied on the router enables the communication between X.25 terminal and IP host.
Page 340: X2T Pvc Configuration Example
LAPB (or X.25) of Two Symptom Sides Always Being Link layer protocol LAPB (or X.25) of two sides is always down. Down Analysis A possible reason is that the two sides are working in the same mode (DTE or DCE).
Page 341: Failed To Ping The Other Side With X.25 On Both Sides Being Up
X.25 of two sides is always down although LAPB of two sides is up. with LAPB of two sides Being Up Analysis A possible reason is that the two sides are working in the same mode (DTE or DCE). Troubleshooting Change the working mode of one side.
Page 342: Continuous Resets And Clears Of The Vc Established
HAPTER ONFIGURATION Continuous Resets and Symptom Clears of the VC The virtual circuit can be set up, but is frequently reset or cleared during data Established transmission. Analysis The symptom may be caused by erroneous flow control parameter settings. Troubleshooting If the two sides are connected directly, verify the output window and input ■...
Page 343 Troubleshooting X.25 Configuration Analysis The physical status and protocol status of the interface are not up, or the PVC/XOT configuration is not correct. Troubleshooting First check whether the physical connection status and protocol status of the ■ interface are UP.
Page 344 14: X.25 LAPB C HAPTER ONFIGURATION...
Page 345: Link Aggregation Overview
LACP interacts with its peer by sending link aggregation control protocol data units (LACPDUs). By adding a port to a static aggregation group, you can enable LACP on the port. After LACP is enabled on a port, the port sends an LACPDU to notify the remote system of its system LACP priority, system MAC address, port LACP priority, port number, and operational key.
Page 346: Consistency Considerations For Ports In An Aggregation
HAPTER GGREGATION VERVIEW Consistency To participate in traffic sharing, member ports in an aggregation must use the Considerations for Ports same configurations with respect to STP, QoS, GVRP, VLAN, port attributes, MAC in an Aggregation address learning, and so on, as shown in the following table.
Page 347: Manual Link Aggregation
In addition, unless the master port should be selected, a port that joins the group after the limit is reached will not be placed in selected state even if it should be in normal cases. This is to prevent the ongoing service on selected ports from being interrupted.
Page 348: Static Lacp Link Aggregation
Member ports in up state can be selected if they have the configuration same as that of the master port. The number of selected ports however, is limited in a static aggregation group. When the limit is exceeded, the local and remote systems...
Page 349: Load Sharing In A Link Aggregation Group
As one configuration change may involve multiple ports, this can become troublesome if you need to do that port by port. As a solution, you may add the ports to an aggregation group where you can make configuration for all member ports.
Page 350 15: L HAPTER GGREGATION VERVIEW...
Page 351: Link Aggregation Configuration
You can remove all ports in a manual aggregation group by removing the ■ group. If this group contains only one port, you can remove the port only by removing the group.
Page 352: Configuring A Static Lacp Link Aggregation Group
16: L HAPTER GGREGATION ONFIGURATION To guarantee a successful aggregation, ensure that the ports at the two ends of ■ each link to be aggregated are consistent in selected/unselected state. Configuring a Static Follow these steps to configure a static aggregation group:...
Page 353: Entering Aggregation Port Group View
Enter aggregation port group port-group aggregation agg-id view CAUTION: In aggregation port group view, you can configure aggregation related settings such as STP, VLAN, QoS, GVRP, MAC address learning, but cannot add or remove member ports. Displaying and Maintaining Link To do...
Page 354 Device A Link aggregation Device B Configuration procedure This example only describes how to configure link aggregation on Device A. To achieve link aggregation, do the same on Device B. 1 In manual aggregation approach # Create manual aggregation group 1.
Page 355: Modem Configuration
■ Overview Modem is a network device that is widely used. It is important for a device to properly manage and control the use of modem in a network. However, there are many modem manufacturers and various modem models. Even though all of them support the AT command set and are compliant with the industry standard, each type of modem differs somewhat on the implementations and command details.
Page 356: Configuring The Modem Answer Mode
AUX interface or AM interface. Modem Configuration Network requirements Example Interface Serial 2/0 on your device connects to a remote Cisco router through DCC dialup. When data needs transmission from IP address 1.1.1.1/16 to IP address...
Page 357: Troubleshooting
2 Configuring the Cisco router For details, refer to Cisco documentation. Troubleshooting Symptom: Modem is in abnormal status (such as the dial tone or busy tone keeps humming for a long time). Solution: Execute the commands shutdown and undo shutdown on the device ■...
Page 358 17: M HAPTER ODEM ONFIGURATION...
Page 359: Port Mirroring Configuration
Local port mirroring is implemented through local port mirroring groups. Mirroring In a local port mirroring group, the source ports and the destination port are in the same local port mirroring group. Packets passing through the source ports are duplicated and then are forwarded to the destination port.
Page 360: Configuring Local Port Mirroring
[ mirroring-group groupid ] monitor-port A local mirroring group is effective only when it has both source ports and the ■ destination port configured. Layer 2 Ethernet ports, Layer 3 Ethernet interfaces, POS interfaces, and CPOS ■...
Page 361: Displaying And Maintaining Port Mirroring
Displaying and Maintaining Port Mirroring group. In this case, you need to remove the port mirroring group and then create another one. Only Layer 2 ports support port mirroring. ■ Displaying and Follow these steps to display and maintain port mirroring:...
Page 362 # Create a local port mirroring group. [DeviceC] mirroring-group 1 local # Add port Ethernet 1/1 and Ethernet 1/2 to the port mirroring group as source ports. Add port Ethernet 1/3 to the port mirroring group as the destination port.
Page 363: Ppp And Mp Configuration
(PAP) and challenge handshake authentication protocol (CHAP), where, LCP is responsible for establishing, removing and monitoring data links. ■ NCP is used to negotiate the format and type of the packets over data links. ■ PAP and CHAP are used for network security ■...
Page 364 MD5 algorithm; and then sends back to the authenticator a Response carrying the generated ciphertext and its own username. 3 If the authenticatee fails to find a match, it will check its local interface for the default CHAP password. If the CHAP password has been configured, the authenticatee encrypts this packet based on the packet ID, the default password and the MD5 algorithm;...
Page 365 Authenticate phase and starts the CHAP/PAP authentication 4 If the authentication fails, it will come to the Terminate phase to remove the link and the LCP will go down. If the authentication succeeds, it will proceed to start the network negotiation (NCP).
Page 366 After binding multiple PPP links to an MP, you need to create a VA interface for the MP to enable it to exchange data with the peers. VT and MP-group differ in the following.
Page 367: Configuring Ppp
Decrease transmission delay through fragmentation ■ MP can work on any physical or virtual interfaces encapsulated with PPP, such as serial, ISDN BRI/PRI, and PPPoX (PPPoE, PPPoA, or PPPoFR). However, a multilink bundle is preferred to include only one type of interfaces.
Page 368: Configuring The Local Device To Authenticate The Peer Using Pap
Configure domain user to use authentication ppp local Optional local authentication scheme For detailed description on how to create a local user and configure its attributes, and how to create a domain and configure its attributes, refer to “Configuring Local User Attributes” on page 1767.
Page 369: Configuring The Local Device To Be Authenticated By The Peer Using Pap
Configure domain user to use authentication ppp local Optional local authentication scheme For detailed description on how to create a local user and configure its attributes, and how to create a domain and configure its attributes, refer to “Configuring Local User Attributes” on page 1767.
Page 370: Configuring Ppp Negotiation
PC through PPP, you should configure the device to allocate DNS address for the peer. In doing so, the PC can access the Internet directly using the domain name. Or, if the device is connected with an access server of a carrier through PPP, you should configure the device to accept or actively request a DNS address from its peer.
Page 371 Configure IP address of the interface to ip address ppp-negotiate Required be negotiable 2 Configuring the device as server Follow these steps to configure the device as server for PPP users do not need authentication: To do... Use the command... Remarks...
Page 372 Required an IP address for interface-number the peer remote address ip-address Follow the following steps to configure the device as server for PPP users that need authentication: To do... Use the command... Remarks Enter system view system-view Enter the specified domain...
Page 373: Configuring Ppp Link Quality Control
PPP can generate traffic-based accounting statistics on each PPP link. The statistics Function include the amount of the inbound and outbound information (in terms of bytes and the number of the packets) on a link. The information can be used by AAA application modules for accounting and control purpose.
Page 374: Configuring Mp
When the ppp mp virtual-template command is configured on an interface, ■ the system does not look for a VT interface by username. Instead, it looks for the template configured by the command. You must configure the interfaces to be bundled in the same way.
Page 375 Configure other optional Refer to “Configuring other Optional parameters optional parameters” on page Configuring other optional parameters Follow these steps to configure other optional parameters: To do... Use the command... Remarks Enter system view system-view Create and enter MP VT...
Page 376: Configuring An Mp-Group
So, authentication username-based MP binding cannot be used when multiple peer devices exist. For a VT interface, if a static route is used, you are recommended to specify the ■ next hop rather than the outgoing interface. If the outgoing interface must be specified, make sure that the physical interfaces bound in the VT are effective to ensure normal transport of packets.
Page 377 The protocol includes a 40-byte header and a data section. There is a concern that the 40-byte header which is composed of a 20-byte IP header, an 8-byte UDP header and a 12-byte RTP header, is too large when compared with the 20 bytes to 160 bytes typical payloads of RTP.
Page 378: Configuring Iphc
Dispatching a large packet of 1500 bytes through a 56-kbps line, perhaps will take 215 ms, this will exceed the delay point that one can tolerate. LFI is a method for fragmenting larger packets and adding both the smaller packets and fragments of the large packet to the queue.
Page 379: Displaying And Maintaining Ppp/Mp/Ppp Link Efficiency Mechanism
MP-group interface Display the information about a VA display virtual-access [ dialer dialer-number | vt interface vt-number | user user-name | peer peer-address | va-number ] * Display the information about an display interface virtual-template [ number ] existing VT...
Page 380: Ppp And Mp Configuration Example
As shown in Figure 96, Router A and Router B are interconnected through the interface Serial 2/0, and Router A is required to authenticate Router B using PAP. Network diagram Figure 96 Network diagram for PAP and CHAP authentication S2/0 S 2/0 200.1.1.1 /16...
Page 381: Mp Configuration Example
■ and Serial 2/0:2 respectively. The same is done on Router C. Do the following: Bind two channels on Router A with the two channels on Router B and another ■ two channels with the two channels on Router C.
Page 382 [RouterA-Virtual-Template1] quit [RouterA] interface virtual-template 2 [RouterA-Virtual-Template2] ip address 202.38.168.1 255.255.255.0 [RouterA-Virtual-Template2] quit # Assign interfaces Serial 2/0:1, Serial 2/0:2, Serial 2/0:3, and Serial 2/0:4 to MP channels, taking Serial 2/0:1 for an example. [RouterA] interface serial 2/0:1 [RouterA-Serial2/0:1] link-protocol ppp...
Page 383 # Configure operating parameters of the virtual-template [RouterB] interface virtual-template 1 [RouterB-Virtual-Template1] ip address 202.38.166.2 255.255.255.0 [RouterB-Virtual-Template1] quit # Assign interfaces Serial 2/0:1 and Serial 2/0/:2 to the MP channel, taking Serial 2/0:1 for an example. [RouterB] interface serial 2/0:1 [RouterB-Serial2/0:1] ppp mp...
Page 384: Three Types Of Mp Binding Mode
Binding Mode As showed in the figure below, Router A and Router B are connected together through serial ports, Serial 2/0 to Serial 2/0 and Serial 2/1 to Serial 2/1 respectively. Three binding modes that are demonstrated are directly Virtual-Template binding mode, authentication binding mode and MP-group interface binding mode.
Page 385 [RouterB] local-user rta [RouterB-luser-rta] password simple rta [RouterB-luser-rta] service-type ppp [RouterB-luser-rta] quit # Create a virtual-template interface and assign an IP address to it. [RouterB] interface virtual-template 1 [RouterB-Virtual-Template1] ip address 8.1.1.2 24 [RouterB-Virtual-Template1] ppp mp binding authentication [RouterB-Virtual-Template1] quit # Configure Serial 2/1.
Page 386 If authentication is disabled, the bundle field should be identified by the remote endpoint descriptor. In addition, you can view the state of MP virtual channels by viewing the state of virtual access interfaces with the display virtual-access command.
Page 387 [RouterA-Serial2/0] ppp pap local-user rta password simple rta [RouterA-Serial2/0] ppp mp [RouterA-Serial2/0] shutdown [RouterA-Serial2/0] quit # Configure the user in the domain to use the local authentication scheme [RouterA] domain system [RouterA-isp-system] authentication ppp local [RouterA-isp-system] quit Configure Router B # Configure the username and password of Router A <RouterB>...
Page 388 19: PPP MP C HAPTER ONFIGURATION # Create a virtual-template and configure the IP address [RouterB] interface virtual-template 1 [RouterB-Virtual-Template1] ip address 8.1.1.2 24 [RouterB-Virtual-Template1] ppp mp binding authentication [RouterB-Virtual-Template1] quit # Configure Serial 2/1. [RouterB] interface serial 2/1 [RouterB-Serial2/1] link-protocol ppp...
Page 389 = 29/30/31 ms Incorrect configuration: If you intend to bind interfaces serial 2/1 and serial 2/0 into the same MP, but you configured one as ppp mp while the other as ppp mp virtual-template 1, the system will bind the two interfaces into different MP.
Page 390 [RouterA-Serial2/0] ppp pap local-user rta password simple rta [RouterA-Serial2/0] ppp mp mp-group 1 [RouterA-Serial2/0] shutdown [RouterA-Serial2/0] undo shutdown [RouterA-Serial2/0] quit # Configure the users in the domain to use the local authentication scheme. [RouterA] domain system [RouterA-isp-system] authentication ppp local [RouterA-isp-system] quit Configure Router B # Configure username and password for Router A <RouterB>...
Page 391 [RouterB-Serial2/0] ppp mp mp-group 1 [RouterB-Serial2/0] shutdown [RouterB-Serial2/0] undo shutdown [RouterB-Serial2/0] quit # Configure the users in the domain to use the local authentication scheme. [RouterB] domain system [RouterB-isp-system] authentication ppp local [RouterB-isp-system] quit Verify the results on Router A...
Page 392: Troubleshooting Ppp Configuration
ONFIGURATION 0.00% packet loss round-trip min/avg/max = 29/29/31 ms Note that in this approach to MP binding, all users are bound together and the concept of virtual access is not involved. Troubleshooting PPP Symptom 1: Link never turns into up state.
Page 393: Ppp O E Configuration
■ When a host wants to start a PPPoE process, it must first identify the MAC address of the Ethernet on the access end and create the SESSION ID of PPPoE. This is the very purpose of the discovery phase.
Page 394: Configuring Pppoe Server
ADSL. Currently, the PPPoE client, or PPPoE client dialup, is available on the device to enable users to access the Internet without installing client dial-up software on the hosts. Moreover, all the hosts on the same LAN can share the same ADSL account.
Page 395: Configuring Pppoe Client
PPP log information Enabled by default For a virtual template interface, if a static route is used, you are recommended to specify the next hop rather than the outgoing interface. If the outgoing interface must be specified, make sure that the physical interface bound in the virtual template is effective to ensure normal transport of packets.
Page 396: Configuration Procedure
PPPoE call. Only when there is data transmission requirement will the router initiate PPPoE call to create a PPPoE session. If the free time of a PPPoE link exceeds the value set by user, the router will automatically terminate the PPPoE session.
Page 397: Displaying And Maintaining Pppoe
The router acts as the PPPoE server, performing local authentication and assigning IP address for the users through address pool. Network diagram The router is connected to the Ethernet through the interface Ethernet 1/0 and the Internet through Serial 2/0. Figure 100 PPPoE network diagram...
Page 398: Pppoe Client Configuration Example
After these configurations, you should then install a PPPoE client software on each host, and configure a username and a password (in this case, user1 and pass1, respectively). As such, the hosts can run PPPoE and can access the Internet through the router.
Page 399: Pap Authentication
<RouterA> system-view [RouterA] local-user user2 [RouterA-luser-user2] password simple hello [RouterA-luser-user2] service-type ppp [RouterA-luser-user2] quit # Configure the parameters of the virtual template. [RouterA] interface virtual-template 1 [RouterA-Virtual-Template1] ppp authentication-mode pap [RouterA-Virtual-Template1] ip address 1.1.1.1 255.0.0.0 [RouterA-Virtual-Template1] remote address 1.1.1.2 [RouterA-Virtual-Template1] quit # Configure PPPoE server.
Page 400: Connecting A Lan To The Internet Via Adsl Modem
The username and password of the ADSL account are user1 and 123456 ■ respectively. Enable the PPPoE client function on Router A, allowing the hosts on the LAN to ■ access the Internet without PPPoE client software. Router B is operating as PPPoE server. It is connected to the DSLAM through ■...
Page 401 [RouterA-Ethernet1/0] quit [RouterA] ip route-static 0.0.0.0 0 dialer 1 If the IP addresses of the PCs in the LAN are private addresses, you need to configure NAT (Network Address Translation) on the device. The NAT configuration will not be elaborated here. For details, refer to “NAT-PT...
Page 402 # Apply RADIUS authentication to the domain users. [RouterB] domain system [RouterB-isp-system] authentication ppp radius-scheme cams # Add a local IP address pool that contains nine IP addresses. [RouterB-isp-system] ip pool 1 1.1.1.2 1.1.1.10 [RouterB-isp-system] quit # Configure RADIUS scheme [RouterB] radius scheme cams [RouterB-radius-cams] primary authentication 10.110.91.146 1812...
Page 403: Using Adsl As Backup Line
The router is connected to the network center via DDN dedicated line and ADSL, where the ADSL is the backup of the DDN dedicated line. When a fault occurs to the DDN dedicated line, the router can still initiate a PPPoE call and access the network center via the ADSL.
Page 404 20: PPP HAPTER ONFIGURATION Network diagram Figure 104 Accessing the Internet through an ADSL interface Internet ATM 1 / 0 Router Configuration procedure # Configure a dialer interface <Router> system-view [Router] dialer-rule 1 ip permit [Router] interface dialer 1 [Router-Dialer1] dialer user mypppoe...
Page 405: Bridging Configuration
Routing and bridging are simultaneously supported ■ Major Functionalities of Maintaining the bridge table Bridges A bridge relies on its bridge table to forward data. A bridge table consists two parts: MAC address list and interface list. Once connected to a physical LAN...
Page 406 Ethernet frames on the segments. When it receives an Ethernet frame, it extracts the source MAC address of the frame and creates a mapping entry between this MAC address and the interface on which the Ethernet frame was received.
Page 407 Host B. As the frame is received on bridge interface 1, the bridge determines that Host B is also attached to bridge interface 1, and creates a mapping between the MAC address of Host B and bridge interface 1 in its bridge table, as shown in Figure 107.
Page 408: Forwarding And Filtering
MAC address : 00e 0. fcdd.dddd MAC address : 00e0.fccc .cccc When Host A sends an Ethernet frame to Host B, as Host B is on the same LAN ■ segment with Host A, the bridge filters the Ethernet frame instead of...
Page 409: Bridging Configuration Task List
Bridging Configuration Task List When Host A sends an Ethernet frame to Host C, if the bridge does not find a ■ MAC-to-interface mapping about Host C in its bridge table, the bridge forwards the Ethernet frame to all interfaces except the interface on which the...
Page 410 21: B HAPTER RIDGING ONFIGURATION When configuring transparent bridging over FR, you need to configure FR on ■ the corresponding interface as the link layer protocol for interface encapsulation, configure the FR interface type (optional, DTE by default) and configure a virtual circuit. When establishing transparent bridging over FR, you need to configure mappings between bridge addresses and data link connection identifier (DLCI) addresses.
Page 411: Configuring Bridge Table Entries
The administrator, however, can manually configure some bridge table entries, which will never get aged out. The aging time of a dynamic bridge table entry refers to the lifetime of the entry before it is deleted from the table. When the aging timer of a dynamic table entry expires, the system deletes the entry from the table.
Page 412: Displaying And Maintaining Bridging Configurations
ATM As shown in Figure 112, LAN 1 and LAN 2 are attached to Router A and Router B respectively, which are interconnected through their respective ATM interfaces. Configure the two routers to enable transparent bridging between the two LAN...
Page 413: Transparent Bridging Over Ppp
PPP As shown in Figure 113, LAN 1 and LAN 2 are attached to Router A and Router B respectively, which are interconnected over PPP. Configure the two routers to enable transparent bridging between the two LAN segments. Network diagram...
Page 414: Transparent Bridging Over Mp
MP As shown in Figure 114, LAN 1 and LAN 2 are attached to Router A and Router B respectively, which are interconnected over multilink PPP. Configure the two routers to enable transparent bridging between the two LAN segments.
Page 415: Transparent Bridging Over Fr
FR As shown in Figure 115, LAN 1 and LAN 2 are attached to Router A and Router B respectively, which are interconnected over FR. Configure the two routers to enable transparent bridging between the two LAN segments. Network diagram...
Page 416: Transparent Bridging X.25
X.25 As shown in Figure 116, LAN 1 and LAN 2 are attached to Router A and Router B respectively, which are interconnected over X.25. Configure the two routers to enable transparent bridging between the two LAN segments. Network diagram Figure 116 Network diagram for transparent bridging over X.25 configuration...
Page 417: Inter-Vlan Transparent Bridging
118, Router A and Router B are interconnected through a network cable. Configure the bridging functionality on the sub-interfaces of the routers to bridge traffic between the two bridges constituted with the two routers. Network diagram Figure 118 Network diagram for inter-VLAN transparent bridging configuration...
Page 418: Bridging With Fr Sub-Interface Support
Enable bridging on the FR sub-interfaces Serial2/0.1 and Serial2/0.2 so that traffic between Host A and Host B can be bridged through bridge set 1 and traffic between Host C and Host D can be bridged through bridge set 2.
Page 419 Transparent Bridging Configuration Examples Network diagram Figure 119 Network diagram for bridging with FR sub-interface support Host A Host B Eth1 /0 Eth1/0 S2/0 S2/0 Router A Router B Eth1/1 Eth1/1 Host C Host D Configuration procedure 1 Configure Router A <RouterA>...
Page 420: Bridge Routing
(P2P) FR sub-interfaces. In this case, it is not necessary to use the fr map command on point-to-point FR sub-interfaces; however, you need to configure the same DLCI at both the DCE and DTE sides by using the fr dlci command. This is an alternative method of configuring bridging over FR.
Page 421: Isdn Configuration
The rate of D channel is 16 kbit/s (BRI) or 64 kbit/s (PRI). The ITU-T Q.921 is a data link layer protocol of D channel. It defines the rule for Layer 2 information interchange via D channel from the user to a network interface and supports the access of a layer 3 entity.
Page 422: Configuring Isdn
By far, there are three ways to obtain the SPID on one BRI interface over the ISDN in North America. Manually input the SPID consisting of 9 to 20 digits.
Page 423: Configuring Isdn Pri
Refer to “ISDN Optional function on ISDN BRI link Configuration” on page layer Configuring ISDN PRI Follow these steps to configure ISDN PRI: To do... Use the command... Remarks Enter system view system-view Enter specified ISDN PRI interface interface interface-type...
Page 424: Configuring The Negotiation Parameters Of Isdn Layer 3 Protocol
Configure the allowed incoming Refer to “ISDN Optional calling number Configuration” on page Configuring the Follow these steps to configure the negotiation parameters of ISDN layer 3 Negotiation Parameters protocol: of ISDN Layer 3 Protocol To do... Use the command... Remarks...
Page 425 Configure the time-interval of isdn l3-timer timer-name Optional ISDN Layer 3 time-interval By default, configure the duration of an ISDN L3 timer as (in seconds): T301 defaults to 240 T302 defaults to 15 T303 defaults to 4 T304 defaults to 30...
Page 426 Table 9 Types and code schemes of ISDN numbers Field (Bit) value Type Code scheme Protocol Definition...
Page 427 Configuring ISDN Table 9 Types and code schemes of ISDN numbers Field (Bit) value Type Code scheme Protocol Definition DSS1 Unknown International number National number Network specific number Subscriber number Abbreviated number Reserved for extension Unknown ISDN/telephony numbering plan (Recommendation E.164) Data numbering plan (Recommendation X.121)
Page 428: Configuring The Spid Of The Isdn Ni Protocol
The undefined bits in all the protocols are reserved for other purposes. Configuring the SPID of You may configure SPID on the BRI interfaces that are running the ISDN NI the ISDN NI Protocol protocol. Follow these steps to configure the SPID parameters of the ISDN NI protocol: To do...
Page 429: Incoming Call
If a called number or subaddress is specified, the system will deny an incoming Number or Sub-Address digital call if the calling party sends a wrong called number or subaddress or does to Be Checked During a not send at all.
Page 430: Setting The Local Management Isdn B Channel
Channel the connected exchange has higher priority in B channel selection. If the B channel the router selected for a call is different from the one indicated by the exchange, the one indicated by the exchange is used for communication.
Page 431: Configuring The Sliding Window Size On The Pri Interface
ISDN B channel, refer to “ISDN Configuration” on page 421). Configuring the Sliding Follow these steps to configure the size of the sliding window on the PRI interface: Window Size on the PRI Interface To do... Use the command... Remarks...
Page 432: Configuring Tei Treatment On The Bri Interface
153. ■ Configuring Permanent To enable a BRI interface to set up the Q.921 link automatically and maintain the Link Function on ISDN link permanently even when no calls are received from the network layer, you may BRI Link Layer configure the isdn q921-permanent command.
Page 433: Specifying An Isdn Bri Interface To Be In Permanent Active State On Physical Layer
Q.921 layer transits to the multi-framing state only after being triggered by a call and the Q.921 link that has been set up will be torn down if no Layer 3 call is received before the T.325 timer expires.
Page 434: Displaying And Maintaining Isdn
Bring up the current BRI undo shutdown Available in ISDN interface interface view ISDN Configuration Example Connecting Routers Network requirements through ISDN PRI Lines As shown in the figure below, Router A is connected with Router B through ISDN PRI lines.
Page 435: Connecting Routers Through Isdn Bri Lines Running Ni
2 Configure Router B Follow the same procedures to configure Router B. Connecting Routers Network requirements through ISDN BRI Lines As shown in the following figure, Router A is connected to Router B through NI Running NI protocol of ISDN BRI lines.
Page 436: Using Isdn Bri Leased Line To Implement Mp Bundling
Follow the same procedures to configure Router B. Using ISDN BRI Leased Network requirements Line to Implement MP As shown in the following figure, Router A is connected to Router B through two Bundling BRI leased lines, which are used for MP bundling.
Page 437 The system accepts MP bundles formed by multiple ISDN leased lines, which ■ can be 64K, 128K, or both. For detailed information, refer to the three ways to configure MP bundles discussed in “PPP and MP Configuration” on page 363 “PPPoE Configuration”...
Page 438: Configuring Isdn 128K Leased Lines
[RouterB-Bri2/0] dialer-group 1 [RouterB-Bri2/0] dialer isdn-leased 128k You do not need to configure a dial number because setup of leased line connection does not involve dial process. After you configure a lease line successfully, you can dial through. To view state about the interfaces, execute the following commands: <RouterA>...
Page 439 Output queue : (Protocol queue : Size/Length/Discards) 0/500/0 Output queue : (FIFO queuing : Size/Length/Discards) 0/75/0 Last 300 seconds input rate 2.44 bytes/sec, 0.20 packets/sec Last 300 seconds output rate 2.54 bytes/sec, 0.20 packets/sec Input: 17782 packets, 220973 bytes 0 broadcasts, 0 multicasts...
Page 440: Interoperating With Dms100 Switches
HAPTER ONFIGURATION As you can see, the state of interface Bri 2/0:1 is up, its speed is 128 kbps, and channels (timeslots used) B1 and B2 are in use; the state of Bri 2/0:2 is down, and the field of timeslots used is NULL.
Page 441: Troubleshooting
“CE1/PRI Interface” on page 106 “CT1/PRI Interface” on page 110. If the ISDN is not in multi-frame operation status on a PRI interface, or if ISDN is not in TEI configured status on a BRI interface, it may not physically connected well.
Page 442 22: ISDN C HAPTER ONFIGURATION Check whether the dial-up configuration is correct. If dial-up is correctly ■ configured and the maintaining information “Q921 send data fail(L1 return failure).” is not output, ISDN line may be not connected well.
Page 443: Mstp Configuration
The Spanning Tree Protocol (STP) was established based on the 802.1D standard of IEEE to eliminate physical loops at the data link layer in a local area network (LAN). Devices running this protocol detect loops in the network by exchanging information with one another and eliminate loops by selectively blocking certain ports until the loop structure is pruned into a loop-free network structure.
Page 444 Figure 127 shows designated bridges and designated ports. In the figure, AP1 and AP2, BP1 and BP2, and CP1 and CP2 are ports on Device A, Device B, and Device C respectively. If Device A forwards BPDUs to Device B through AP1, the designated bridge for ■...
Page 445 All the ports on the root bridge are designated ports. 4 Path cost Path cost is a reference value used for link selection in STP. By calculating the path cost, STP selects relatively “robust” links and blocks redundant links, and finally prunes the network into a loop-free tree structure.
Page 446 ONFIGURATION Upon initialization of a device, each port generates a BPDU with itself as the root bridge, in which the root path cost is 0, designated bridge ID is the device ID, and the designated port is the local port.
Page 447 Figure 128. In the feature, the priority of Device A is 0, the priority of Device B is 1, the priority of Device C is 2, and the path costs of these links are 5, 10 and 4 respectively. Figure 128 Network diagram for STP algorithm...
Page 448 Port AP2 receives the configuration BPDU of Device C {2, ■ 0, 2, CP1}. Device A finds that the BPDU of the local port {0, 0, 0, AP2} is superior to the received configuration BPDU, and discards the received configuration BPDU.
Page 449 Port BP2 receives the configuration BPDU of Device C {2, ■ 0, 2, CP2}. Device B finds that the configuration BPDU of the local port {1, 0, 1, BP2} is superior to the received configuration BPDU, and discards the received configuration BPDU.
Page 450 Device B to Device C becomes down. After the comparison processes described in the table above, a spanning tree with Device A as the root bridge is stabilized, as shown in Figure 129.
Page 451 BPDU of the local port, the port will immediately sends out its better configuration BPDU in response. If a path becomes faulty, the root port on this path will no longer receive new ■ configuration BPDUs and the old configuration BPDUs will be discarded due to timeout.
Page 452: Introduction To Mstp
LAN segment.
Page 453 VLANs 2 and 3 mapped to instance 2 Other VLANs mapped CIST 1 MST region A multiple spanning tree region (MST region) is composed of multiple devices in a switched network and network segments among them. These devices have the following characteristics: All are MSTP-enabled, ■...
Page 454 VLAN-to-instance mapping table of region A0 describes that the same region name, the same VLAN-to-instance mapping (VLAN 1 is mapped to MST instance 1, VLAN 2 to MST instance 2, and the rest to CIST). MSTP achieves load balancing by means of the VLAN-to-instance mapping table.
Page 455 MSTP Overview The root bridge of the IST or an MSTI within an MST region is the regional root bridge of the MST or that MSTI. Based on the topology, different spanning trees in an MST region may have different regional roots. For example, in region D0 in...
Page 456 Where, Devices A, B, C, and D constitute an MST region. ■ Port 1 and port 2 of device A connect to the common root bridge. ■ Port 5 and port 6 of device C form a loop.
Page 457: Protocols And Standards
CST. Inside an MST region, multiple spanning trees are generated through computing, each spanning tree called an MST instance. Among these MST instances, instance 0 is the IST, while all the others are MSTIs. Similar to STP, MSTP uses configuration BPDUs to compute spanning trees. The only difference between the two protocols being in that what is carried in an MSTP BPDU is the MSTP configuration on the device from which this BPDU is sent.
Page 458: Configuration Task List
HAPTER ONFIGURATION Configuration Task Before configuration, you need to know the position of each device in each MST List instance: root bridge or leave node. In each instance, one, and only one device acts as the root bridge, while all others as leaf nodes.
Page 459: Configuring The Root Bridge
“Configuring Protection Functions” on page 479 Optional If both GVRP and MSTP are enabled on a device at the same time, GVRP packets will be forwarded along the CIST. Therefore, if both GVRP and MSTP are running on the same device and you wish to advertise a certain VLAN within the network through GVRP, make sure that this VLAN is mapped to the CIST (instance 0) when configuring the VLAN-to-instance mapping table.
Page 460: Specifying The Root Bridge Or A Secondary Root Bridge
Two device belong to the same MST region only if they are configure to have the same MST region name, the same VLAN-to-instance mapping entries in the MST region and the same MST region revision level, and they are interconnected via a physical link.
Page 461 The current device has independent roles in different instances. It can act as the ■ root bridge or a secondary root bridge of one instance while it can also act as the root bridge or a secondary root bridge of another instance. However, the same device cannot be the root bridge and a secondary root bridge in the same instance at the same time.
Page 462: Configuring The Work Mode Of Mstp Device
A lower value indicates a higher priority. By setting the priority of a device to a low value, you can specify the device as the root bridge of spanning tree. An MSTP-compliant device can have different priorities in different MST instances.
Page 463: Configuring The Maximum Hops Of An Mst Region
1 whenever it passes a device. When its hop count reaches 0, it will be discarded by the device that has received it. As a result, devices beyond the maximum hops are unable to take part in spanning tree computing, and thereby the size of the MST region is restricted.
Page 464: Configuring The Network Diameter Of A Switched Network
2,000 centiseconds (20 seconds) by default These three timers set on the root bridge of the CIST apply on all the devices on the entire switched network. CAUTION: The length of the forward delay time is related to the network diameter of the ■...
Page 465: Configuring The Timeout Factor
If the hello time is set too long, the device will take packet loss on a link for link failure and trigger a new spanning tree computing process; if the hello time is set too short, the device will send repeated configuration BPDUs frequently, which adds to the device burden and causes waste of network resources.
Page 466: Configuring The Maximum Transmission Rate Of Ports
3 by default Timeout time = timeout factor × 3 × hello time. ■ Typically, we recommend that you set the timeout factor to 5, or 6, or 7 for a ■ stable network. Configuration example # Set the timeout factor to 6.
Page 467: Configuring Ports As Edge Ports
Configuring the Root Bridge Configuring Ports as If a port directly connects to a user terminal rather than another device or a shared Edge Ports LAN segment, this port is regarded as an edge port. When a network topology change occurs, an edge port will not cause a temporary loop. Therefore, if you specify a port as an edge port, this port can transition rapidly from the blocked state to the forwarding state without delay.
Page 468: Configuring The Mode A Port Uses To Recognize/Send Mstp Packets
If a port is configured as connecting to a point-to-point link, the setting takes ■ effect for the port in all MST instances. If the physical link to which the port connects is not a point-to-point link and you force it to be a point-to-point link by configuration, the configuration may incur a temporary loop.
Page 469: Enabling The Output Of Port State Transition Information
Information situation, you can enable the device to output the port state transition information of all STP instances or the specified STP instance so as to monitor the port states in real time. Follow these steps to enable output of port state transition information: To do...
Page 470: Configuring Leaf Nodes
To control MSTP flexibly, you can use the stp disable or undo stp command ■ to disable the MSTP feature for certain ports so that they will not take part in spanning tree computing and thus to save the device’s CPU resources.
Page 471 Specifying a standard that the device uses when calculating the default path cost You can specify a standard for the device to use in automatic calculation for the default path cost. The device supports the following standards: dot1d-1998: The device calculates the default path cost for ports based on ■...
Page 472 802.1T takes the number of ports in the aggregated link into account. The calculation formula is: Path Cost = 200,000,000/link speed (in 100 kbps), where link speed is the sum of the link speed values of the non-blocked ports in the aggregated link.
Page 473: Configuring Port Priority
Configuring Leaf Nodes Configuring Port Priority The priority of a port is an import basis that determines whether the port can be elected as the root port of device. If all other conditions are the same, the port with the highest priority will be elected as the root port.
Page 474: Enabling Output Of Port State Transition Information
Ports on an MSTP-compliant device have three working modes: STP compatible mode, RSTP mode, and MSTP mode. In a switched network, if a port on the device running MSTP (or RSTP) connects to a device running STP, this port will automatically migrate to the STP-compatible mode.
Page 475: Configuring Digest Snooping
MST region via checking the configuration ID in BPDU packets. The configuration ID includes the region name, revision level, configuration digest that is in 16-byte length and is the result computed via the HMAC-MD5 algorithm based on VLAN-to-instance mappings.
Page 476: Configuration Example
Configuration Example Network requirements Device A and Device B connect to a third-party’s router and all the routers are in ■ the same region. Enable Digest Snooping on Device A and Device B so that the three routers can ■...
Page 477: Configuring No Agreement Check
Configuring No Agreement Check Configuring No Two types of packet are used for rapid state transition on designated RSTP and Agreement Check MSTP ports: Proposal: Packets sent by designated ports to request rapid transition ■ Agreement: Packets used to acknowledge rapid transition requests ■...
Page 478: Prerequisites
As a result, the designated port of the upstream device fails to transit rapidly and can only change to the Forwarding state after a period twice the Forward Delay.
Page 479: Configuring Protection Functions
For access layer devices, the access ports generally connect directly with user terminals (such as PCs) or file servers. In this case, the access ports are configured as edge ports to allow rapid transition of these ports. When these ports receive configuration BPDUs, the system will automatically set these ports as non-edge ports and starts a new spanning tree computing process.
Page 480: Enabling Loop Guard
To prevent this situation from happening, MSTP provides the root guard function to protect the root bridge. If the root guard function is enabled on a port, this port will keep playing the role of designated port on all MST instances. Once this port...
Page 481: Enabling Tc-Bpdu Attack Guard
(assume the value is X). At the same time, the system monitors whether the number of TC-BPDUs received within that period of time is larger than X. If so, the device will perform another deletion operation after that period of time elapses. This prevents frequent deletion of forwarding address entries.
Page 482: Mstp Configuration Example
VLAN 40 is terminated on the access layer devices, so the root bridges of MST instance 1 and MST instance 3 are Device A and Device B respectively, while the root bridge of MST instance 4 is Device C.
Page 483 MSTP Configuration Example “Permit:” beside each link in the figure is followed by the VLANs the packets of which are permitted to pass this link. Configuration procedure 1 Configuration on Device A # Enter MST region view. <DeviceA> system-view [DeviceA] stp region-configuration...
Page 484 23: MSTP C HAPTER ONFIGURATION # Define Device B as the root bridge of MST instance 3. [DeviceB] stp instance 3 root primary # View the MST region configuration information that has taken effect. [DeviceB] display stp region-configuration Oper configuration...
Page 485 [DeviceD-mst-region] instance 1 vlan 10 [DeviceD-mst-region] instance 3 vlan 30 [DeviceD-mst-region] instance 4 vlan 40 [DeviceD-mst-region] revision-level 0 # Configure the region name, VLAN-to-instance mappings and revision level of the MST region. [DeviceD-mst-region] active region-configuration [DeviceD-mst-region] quit # View the MST region configuration information that has taken effect.
Page 486 23: MSTP C HAPTER ONFIGURATION...
Page 487: Vlan Configuration
If the number of the hosts in the network reaches a certain level, problems caused by collisions, broadcasts, and so on emerge, which may cause the network operating improperly.
Page 488: Vlan Fundamental
HAPTER ONFIGURATION A VLAN is not restricted by physical factors, that is to say, hosts that reside in different network segments may belong to the same VLAN, users in a VLAN can be connected to the same switch, or span across multiple switches or routers.
Page 489: Vlan Classification
1, MAC addresses are encapsulated in non-standard format. The filed is 0 by default. The VLAN ID field, 12 bits in length and with its value ranging from 0 to 4095, ■ identifies the ID of the VLAN a packet belongs to. As VLAN IDs of 0 and 4095 are reserved by the protocol, the actual value of this field ranges from 1 to 4094.
Page 490: Configuring Vlan Interface Basic Attributes
VLAN interface. Packets of a VLAN can be forwarded on network layer through the corresponding VLAN interface. As each VLAN forms a broadcast domain, a VLAN can be an IP network segment and the VLAN interface can be the gateway to enable IP address-based Layer 3 forwarding.
Page 491: Configuring A Port-Based Vlan
Introduction to This is the simplest and yet the most effective way of classifying VLANs. It groups Port-Based VLAN VLAN members by port. After added to a VLAN, a port can forward the packets of the VLAN. Port link type Based on the tag handling mode, a port’s link type can be one of the following...
Page 492: Configuring The Access-Port-Based Vlan
There are two ways to configure Access-port-based VLAN: one way is to configure Access-Port-Based VLAN in VLAN view, the other way is to configure in Ethernet port view or port group view. Follow the following steps to configure the Access-port-based VLAN: To do...
Page 493: Configuring The Trunk-Port-Based Vlan
VLAN 1 is the default by default To convert a Trunk port into a Hybrid port (or vice versa), you need to use the ■ Access port as a medium. For example, the Trunk port has to be configured as an Access port first and then a Hybrid port.
Page 494: Configuring The Hybrid-Port-Based Vlan
VLAN 1 is the default by default To configure a Trunk port into a Hybrid port (or vice versa), you need to use the ■ Access port as a medium. For example, the Trunk port has to be configured as an Access port first and then a Hybrid port.
Page 495: Vlan Configuration Examples
Device A connects to Device B through the Trunk port Ethernet 1/0; ■ The default VLAN ID of the port is 100; ■ This port allows packets from VLAN 2, VLAN 6 to VLAN 50, and VLAN 100 to ■ pass through. Network diagram...
Page 496 The output above shows that: The port is a trunk port. ■ The default VLAN is VLAN 100. ■ The port permits packets of VLAN 2, VLAN 6 through VLAN 50, and VLAN 100. ■ So the configuration is successful.
Page 497: Voice Vlan Configuration
MAC address. Packets containing source MAC addresses that comply with the voice device Organizationally Unique Identifier (OUI for short) addresses are regarded as voice traffic, and are forwarded in the voice VLANs. You can configure the OUI addresses in advance or use the default OUI addresses...
Page 498: Working Modes Of Voice Vlan
VLAN C HAPTER OICE ONFIGURATION As the first 24 bits of a MAC address (in binary format), an OUI address is a ■ globally unique identifier assigned to a vendor by IEEE (Institute of Electrical and Electronics Engineers). The default OUI address can be configured/removed manually.
Page 499: Security Mode And Normal Mode Of Voice Vlan
VLANs whose packets are allowed to pass through the access port CAUTION: If the voice traffic sent by an IP phone is tagged and that the access port has ■ 802.1x authentication and Guest VLAN enabled, assign different VLAN IDs for the voice VLAN, the default VLAN of the access port, and the 802.1x guest...
Page 500: Configuring The Voice Vlan
25: V VLAN C HAPTER OICE ONFIGURATION It is recommended that you do not mix voice packets with other types of data in a voice VLAN. If necessary, please ensure that the security mode is disabled. Configuring the Voice VLAN Configuration Create the corresponding VLAN before configuring the voice VLAN;...
Page 501: Displaying And Maintaining Voice Vlan
Enable the voice VLAN feature voice vlan enable Required on the port At the same time, only one VLAN of a device can have the voice VLAN feature ■ enabled. A port that has the Link Aggregation Control Protocol (LACP for short) enabled ■...
Page 502: Voice Vlan Configuration Examples
Configuration Examples A Configuration Network requirement Examples of the Voice Create VLAN 2 and configure it as a voice VLAN with an aging time of 100 ■ VLAN under Automatic minutes. Mode The voice traffic sent by the IP phones is tagged. Configure Ethernet 1/1 as a ■...
Page 503: A Configuration Examples Of Voice Vlan Under Manual Mode
[DeviceA-Ethernet1/1] port link-type access Please wait... Done. [DeviceA-Ethernet1/1] port link-type hybrid # Configure the default VLAN of the port as VLAN 6 and allow packets from VLAN 6 to pass through the port. [DeviceA-Ethernet1/1] port hybrid pvid vlan 6 [DeviceA-Ethernet1/1] port hybrid vlan 6 tagged # Enable the voice VLAN feature on the port.
Page 504 [DeviceA-Ethernet1/1]port link-type access Please wait... Done. [DeviceA-Ethernet1/1]port link-type hybrid # Configure the default VLAN of Ethernet 1/1 as voice VLAN and add it to the list of tagged VLANs whose packets can pass through the port. [DeviceA-Ethernet1/1] port hybrid pvid vlan 2 [DeviceA-Ethernet1/1] port hybrid vlan 2 untagged # Enable the voice VLAN feature of Ethernet 1/1.
Page 505 Voice VLAN Configuration Examples [DeviceA-Ethernet1/1] voice vlan enable Verification # Display information about the OUI addresses, OUI address masks, and descriptive strings. <DeviceA> display voice vlan oui Oui Address Mask Description 0001-e300-0000 ffff-ff00-0000 Simens phone 0003-6b00-0000 ffff-ff00-0000 Cisco phone 0004-0d00-0000...
Page 506 25: V VLAN C HAPTER OICE ONFIGURATION...
Page 507: Port Isolation Configuration
However, this will waste the limited VLAN resource. With port isolation, the ports can be isolated within the same VLAN. Thus, you need only to add the ports to the isolation group to implement Layer 2 isolation. This provides you with more secure and flexible networking schemes.
Page 508: Displaying And Maintaining Isolation Groups
Ethernet 1/1, Ethernet 1/2, Ethernet 1/3, and Ethernet 1/0 belong to the same ■ VLAN. It is desired that Host A, Host B, and Host C cannot exchange Layer 2 frames with each other, but can access the external network.
Page 509 [Device-Ethernet1/1] quit [Device] interface ethernet 1/2 [Device-Ethernet1/2] port-isolate enable [Device-Ethernet1/2] quit [Device] interface ethernet 1/3 [Device-Ethernet1/3] port-isolate enable # Display the information about the isolation group. <Device> display port-isolate group Port-isolate group information: Uplink port support: NO Group ID: 1 Ethernet1/1...
Page 510 26: P HAPTER SOLATION ONFIGURATION...
Page 511: Dynamic
In this case, dynamic route monitoring fails, and the backup link cannot be hanged up even after the primary link restores. For BGP, you need to take the following measures to solve this problem: Assign a higher IP address to the backup link that that to the primary link ■...
Page 512: Implementation
The logical relationship among these network segments is “OR”, that is, the backup link will be activated when there is no valid route to one of these network segments. For each dynamic route backup group, a link is dialed or hanged on a dialup interface.
Page 513: Enabling The Dynamic Route Backup Function On A Backup Interface
Before enabling the dynamic route backup function on a backup interface, make sure that DCC has been enabled on the backup interface. Configuring Backup Link In order to avoid route instability, you can disconnect the backup link after a Disconnection Delay specified delay after the primary link is connected.
Page 514 [RouterA-rip-1] network 10.0.0.0 [RouterA-rip-1] network 20.0.0.0 [RouterA-rip-1] import-route direct [RouterA-rip-1] quit # Create a dynamic route backup group. [RouterA] standby routing-rule 1 ip 30.0.0.1 32 # Configure to make the priority of routes on dialup interfaces lower than that of serial interfaces.
Page 515 [RouterC-Bri3/0] ip address 20.0.0.2 8 [RouterC-Bri3/0] dialer enable-circular [RouterC-Bri3/0] dialer-group 1 [RouterC-Bri3/0] quit # Configure Serial 2/1 and enable X.25 on it. [RouterC] interface serial 2/1 [RouterC-Serial2/1] link-protocol x25 dte ietf [RouterC-Serial2/1] x25 x121-address 15 [RouterC-Serial2/1] x25 map ip 10.0.0.1 x121-address 10 broadcast [RouterC-Serial2/1] ip address 10.0.0.2 8...
Page 516: Example Ii
[RouterC-rip-1] import-route direct Example II Network requirements Router A and Router B are directly connected through a serial interface, and ■ they are both connected to the ISDN switched network through ISDN BRI interfaces. Router A and Router B can dial each other. The telephone number of Router B is 8810052.
Page 517 [RouterA-ospf-1] quit # Create a dynamic route backup group. [RouterA] standby routing-rule 1 ip 40.0.0.1 32 # Configure to make the priority of routes on dialup interfaces lower than that of serial interfaces. [RouterA] interface bri3/0 [RouterA-Bri3/0] ospf cost 2000 [RouterA-Bri3/0] ospf network-type broadcast # Enable the dynamic route backup function.
Page 518: Example Iii
Router A and Router B are connected to the ISDN switched network through ■ ISDN BRI interfaces. Router A and Router B can dial each other through the shared DCC. The telephone number of Router A is 8810010, and that of Router B is 8810052.
Page 519 [RouterA-rip-1] network 10.0.0.0 [RouterA-rip-1] network 20.0.0.0 [RouterA-rip-1] import-route direct [RouterA-rip-1] quit # Configure to make the priority of routes on dialup interfaces lower than that of serial interfaces. [RouterA] interface bri 3/0 [RouterA-Bri3/0] rip metricin 2 2 Configure Router B # Configure a dialer rule and configure a local user database.
Page 520: Using One Dynamic Route Group To Monitor Multiple Network Segments
ISDN switched network at the same time. Segments Router A and Router B can dial each other. The telephone number of Router A is 660330, and that of Router B is 660220. As the master device of the dynamic route backup function, Router A monitors ■...
Page 521 12 .0 .0.1/8 1.0.0 .1/8 1.0.0.2/8 DLCI:100 DLCI:200 This network diagram just illustrates a simple implementation. In real practice, the monitored network segments may be distributed on multiple devices. Configuration procedure 1 Configure Router A # Configure a dialer rule.
Page 522 [RouterA] rip [RouterA-rip-1] network 1.0.0.0 [RouterA-rip-1] network 2.0.0.0 [RouterA-rip-1] import-route direct # Configure to make the priority of routes on dialup interfaces lower than that of serial interfaces. [RouterA] interface serial 2/1:15 [RouterA-Serial2/1:15] rip metricin 2 2 Configure Router B # Configure a dialer rule.
Page 523 Dynamic Route Backup Configuration Example [RouterB] interface ethernet 1/2 [RouterB-Ethernet1/2] ip address 12.0.0.1 255.0.0.0 [RouterB-Ethernet1/2] quit # Configure the dynamic routing protocol RIP. [RouterB] rip [RouterB-rip-1] network 1.0.0.0 [RouterB-rip-1] network 2.0.0.0 [RouterB-rip-1] network 10.0.0.0 [RouterB-rip-1] network 11.0.0.0 [RouterB-rip-1] network 12.0.0.0...
Page 524 27: D HAPTER YNAMIC OUTE ACKUP ONFIGURATION...
Page 525: Logical Interface Configuration
Loopback interfaces have various uses, for example, the IP address of a loopback interface can be used as the source addresses of all the IP packets that the local device generates. As loopback interface addresses are stable and are unicast...
Page 526: Configuring A Loopback Interface
In this case, all the data packets destined for the loopback interface are sent to the device itself, and the device does not forward these packets.
Page 527: Sub-Interface
Sub-interfaces are logical virtual interfaces configured on a primary interface. The Sub-interface primary interface can be either a physical interface (such as a layer-3 Ethernet interface) or a logical interface (such as an MFR interface). A sub-interface can share the physical-layer parameters of the primary interface and also have its own link-layer and network-layer parameters configured.
Page 528: Configuring A Wan Sub-Interfaces
Ethernet sub-interface, so as to verify the configuration. You can use the reset command in user view to clear the statistics on the VLAN associated with the specified sub-interface. Table 24 Display and maintain Ethernet sub-interfaces...
Page 529 2 Configure relevant operation parameters On sub-interfaces of a WAN interface with link-layer protocol being frame relay, you can configure: Frame relay address mapping different from the that of the WAN interface (also ■ known as the primary interface) IP addresses in a network segment different from the network segment that ■...
Page 530: Ethernet Sub-Interface Configuration Example
Figure 148, the encapsulation type for the VLAN ports of Switch 1 and Switch 2 is dot1q, workstation A and C belong to VLAN 10, and workstation B and D belong to VLAN 20. It is required that: The IP addresses of router subinterfaces Ethernet 3/0.10, Ethernet 3/0.20, ■...
Page 531 Sub-interface different switches but belonging to the same VLAN can intercommunicate with each other. Work station A can intercommunicate with work station D, and work station B ■ can intercommunicate with work station C, that is, devices connected to different switches and belonging to different VLANs can intercommunicate with each other.
Page 532: Wan Sub-Interface Configuration Example
WAN interface Serial 1/0 of Router A is connected to Router B and Router C ■ through the public frame relay network. Allow LAN 1 to access LAN 2 and LAN 3 at the same time through Serial 1/0 by ■ configuring sub-interfaces for Serial 1/0 of Router A.
Page 533: Configuring Mp-Group Interfaces
# Configure static routes from Router A to LAN 2 and LAN 3. [Sysname] ip route-static 129.10.0.0 255.255.0.0 202.38.160.2 [Sysname] ip route-static 129.11.0.0 255.255.0.0 202.38.161.2 2 The configurations of Router B and Router C are similar to that of Router A and thus omitted. Configuring MP-group MP-group interfaces are used in multilink PPP (MP).
Page 534: Vt And Va Interface
After a VPN session is established, a VA interface is necessary for data exchange with the peer end. In this case, the system will select a VT based on the user configurations, and then create a VA interface dynamically. Refer to “Configuring...
Page 535: Displaying And Maintaining Vts And Va Interfaces
VT VT can send multicast or broadcast packets. Before removing a VT, make sure that all the virtual interfaces derived from the VT are removed and the VT is not being used. Configure VT operation parameters Compared to normal physical interfaces, a VT supports only PPP on the link layer and IP on the network layer.
Page 536: Troubleshooting
VE interfaces are mainly used in point to point protocol over Ethernet over ATM (PPPoEoA). PPPoEoA is a structure of 3 layers: the top layer is PPP, the middle layer is PPP over Ethernet (PPPoE), and the bottom layer is PPPoEoA. Note that the parameters for PPPoE are configured through VE interfaces on the interface boards of the access device.
Page 537 Configuring VE The displaying and maintenance of a VE interface is similar to that of an ■ Ethernet interface. Refer to “Maintaining and Displaying an Ethernet Interface” on page 97 for the configuration procedure. Refer to “PPPoE Configuration” on page 393 for PPPoEoA configuration.
Page 538 28: L HAPTER OGICAL NTERFACE ONFIGURATION...
Page 539: Cpos Interface Configuration
CPOS Low-speed tributary signals are called channels when they are multiplexed to form SDH signals. CPOS, the channelized POS interface, makes full use of SDH to provide precise bandwidth division, reduce the number of low-speed physical interfaces on devices, enhance their redistribution capacity, and improve the access capacity of dedicated lines.
Page 540: Sdh Frame Structure
STM-N is a rectangle-block frame structure of 9 rows x 270 x N columns, where the N in STM-N equals the N columns. N takes the value 1, 4, 16, and so on, indicating the number of STM-1 signals that form SDH signal.
Page 541: Multiplexing E1/T1 Channels To Form Stm-1
Administrative unit (AU) and administrative unit group (AUG): AU is the ■ information structure that provides adaptation between higher-order channel layer and multiplex section layer. AUG is a set of one or more AUs that have fixed location in the payload of STM-N. Multiplexing E1/T1 In SDH multiplexing recommended by G.709, there are more than one path for a...
Page 542: Overhead Byte
The numbers in the aforementioned formula refer to the location numbers in a VC-4 frame. TUG-3 can be numbered in the range 1 to 3; TUG-2 in the range 1 to 7 and TU-12 in the range 1 to 3. TU-12 numbers indicate the order in which the 63 TU-12s in a VC-4 frame are multiplexed, that is, E1 channel numbers.
Page 543 Higher-order path overhead monitors paths at the VC-4/VC-3 level. Similar to the J0 byte, the higher-order VC-N path trace byte J1 is included in the higher-order path overhead to send the higher-order path access point identifier repeatedly.
Page 544: Configuring A Cpos Interface
N x 2 Mbps Access network N x 64 kbps N x 64 kbps N x 64 kbps Configuring a CPOS Follow these steps to configure a CPOS interface: Interface To do... Use the command... Remarks Enter system view system-view...
Page 545: Configuring An E1 Channel
Configuring an E1 Channel E1 configuration is supported on the CPOS (E) interface module while T1 configuration is supported on the T1 CPOS (T) interface module. Configuring an E1 Follow these steps to configure an E1 channel: Channel To do...
Page 546: Displaying And Maintaining Cpos Interfaces
As the command can disable the interface, use it with caution. ■ Troubleshooting CPOS Symptom: Interfaces Connect the CPOS interface of the device to that of another vendor through SDH, bundle E1 channels on the interface to form a serial interface and encapsulate it with PPP.
Page 547 Troubleshooting CPOS Interfaces Perform the display interface serial command to check information on interface status. It shows that the physical state of the interface is UP, but the link protocol is DOWN; and loopback, though not configured, is detected on some interfaces.
Page 548 29: CPOS I HAPTER NTERFACE ONFIGURATION...
Page 549: Arp Overview
Address resolution protocol (ARP) is used to resolve an IP address into a data link layer address. An IP address is the address of a host at the network layer. To send a network layer packet to a destination host, the device must know the data link layer address (such as the MAC address) of the destination host.
Page 550: Arp Process
■ the message is being sent to. ARP Process Suppose that Host A and Host B are on the same subnet and that Host A sends a message to Host B, as shown in Figure 156. The resolution process is as follows: 1 Host A looks in its ARP mapping table to see whether there is an ARP entry for Host B.
Page 551: Arp Mapping Table
0002 -6779 -0f4c 192 .168 .1 .1 When Host A and Host B are not on the same subnet, Host A first sends an ARP request to the gateway. The destination IP address in the ARP request is the IP address of the gateway.
Page 552: Configuring Arp
VLAN. A VLAN interface must be created for the VLAN. Before using the command with the vpn-instance keyword to configure a ■ permanent static ARP entry, you need to create a VPN instance and bind it to the VLAN interface. Configuring the...
Page 553: Enabling The Arp Entry Check
MAC address. Configuring such a static ARP entry is not allowed either; otherwise, the system prompts error information. After the ARP entry check is disabled, the device can learn the ARP entry with a multicast MAC address, and you can also configure such a static ARP entry on the device.
Page 554: Configuring Gratuitous Arp
Configuring Gratuitous ARP Introduction to A gratuitous ARP packet is a special ARP packet, in which the source IP address Gratuitous ARP and destination IP address are both the IP address of the sender, the source MAC address is the MAC address of the sender, and the destination MAC address is a broadcast address.
Page 555: Configuring Arp Source Suppression
Disabled by default. Configuring ARP Source Suppression Introduction to ARP If hosts on a network attack the device by sending large amounts of IP packets Source Suppression whose IP addresses cannot be resolved, the following consequences will be resulted in: The device sends large amounts of ARP request messages to the destination ■...
Page 556: Configuring Authorized Arp
Authorized ARP on a Router A acts as a DHCP server with an IP address pool of 10.1.1.0/24. ■ DHCP Server Router B is a DHCP client which obtains an IP address of 10.1.1.2/24 from the ■ DHCP server. Network diagram...
Page 557: Example For Configuring Authorized Arp On A Dhcp Relay Agent
2 Configure Router B <RouterB> system-view [RouterB] interface ethernet 1/0 [RouterB-Ethernet1/0] ip address dhcp-alloc [RouterB-Ethernet1/0] quit 3 After Router B obtains the IP address from Router A, display the authorized ARP information on Router A. [RouterA] display arp all Type: S-Static D-Dynamic...
Page 558 [RouterA] ip route-static 10.10.1.0 24 10.1.1.2 2 Configure Router B # Enable DHCP. <RouterB> system-view [RouterB] dhcp enable # Configure the IP addresses of Ethernet 1/0 and Ethernet 1/1. [RouterB] interface ethernet 1/0 [RouterB-Ethernet1/0] ip address 10.1.1.2 24 [RouterB-Ethernet1/0] quit [RouterB] interface ethernet 1/1 [RouterB-Ethernet1/1] ip address 10.10.1.1 24...
Page 559: Displaying And Maintaining Arp
[RouterC] interface ethernet 1/0 [RouterC-Ethernet1/0] ip address dhcp-alloc [RouterC-Ethernet1/0] quit [RouterC] ip route-static 10.1.1.0 24 10.10.1.1 4 After Router B obtains the IP address from Router A, display the authorized ARP information on Router B. [RouterB] display arp all Type: S-Static...
Page 560 30: ARP C HAPTER ONFIGURATION To do... Use the command... Remarks Clear ARP entries from the reset arp { all | dynamic | Available in user view ARP mapping table static | interface interface-type interface-number }...
Page 561: Proxy Arp Overview
■ Proxy ARP Overview For an ARP request of a host on a network to be forwarded to an interface that is on the same network but isolated at Layer 2 or a host on another network, the device connecting the two physical or virtual networks must be able to respond to the request.
Page 562: Displaying And Maintaining Proxy Arp
Network requirements Example Host A and Host D are on the same subnet. But from the angle of the device, they are located in different subnets. Configure proxy ARP on the device to enable the communication between Host A and Host D.
Page 563: Local Proxy Arp Configuration Example In Case Of Port Isolation
VLAN-interface 2 of the switch. Configuration procedure 1 Configure the Switch # Add Ethernet 1/0, Ethernet 1/1 and Ethernet 1/2 to VLAN 2. Host A and Host B are isolated and unable to exchange Layer 2 packets. <Switch> system-view...
Page 564: Configure The Router
# Configure local proxy ARP to let Host A and Host B communicate at Layer 3. [Router-Vlan-interface2] local-proxy-arp enable [Router-Vlan-interface2] quit Ping Host B on Host A to verify that Host B can be pinged, which indicates Layer 3 communication is implemented.
Page 565: Introduction To Dhcp
Figure 161 A typical DHCP application DHCP client DHCP client DHCP server DHCP client DHCP client When residing in a different subnet from the DHCP server, the DHCP client can get the IP address and other configuration parameters from the server via a DHCP...
Page 566: Dhcp Address Allocation
(2) DHCP-OFFER (3) DHCP-REQUEST (4) DHCP-ACK As shown in the figure above, a DHCP client obtains an IP address from a DHCP server via four steps: 1 The client broadcasts a DHCP-DISCOVER message to locate a DHCP server. 2 A DHCP server offers configuration parameters such as an IP address to the client in a DHCP-OFFER message.
Page 567: Ip Address Lease Extension
IP Address Lease The IP address dynamically allocated by a DHCP server to a client has a lease. After Extension the lease duration elapses, the IP address will be reclaimed by the DHCP server. If the client wants to use the IP address again, it has to extend the lease duration.
Page 568: Dhcp Options
DHCP server sends a reply back by unicast or broadcast. If this flag is set to 0, the DHCP server sent a reply back by unicast; if this flag is set to 1, the DHCP server sent a reply back by broadcast. The remaining bits of the flags field are reserved.
Page 569: Self-Defined Options
DHCP Options Option 66: TFTP server name option. It specifies a TFTP server to be assigned to ■ the client. Option 67: Bootfile name option. It specifies the bootfile name to be assigned ■ to the client. Option 150: TFTP server IP address option. It specifies the TFTP server IP address ■...
Page 570 VERVIEW Relay agent option (Option 82) Option 82 is the relay agent option in the option field of the DHCP message. It records the location information of the DHCP client. When a DHCP relay agent receives a client’s request, it adds Option 82 to the request message and sends it to the server.
Page 571: Protocols And Standards
PVC identifier VLAN ID In the above figure, except that the VLAN ID field has a fixed length of 2 bytes, all the other padding contents of sub-option 1 are length variable. sub-option 2: Padded with the MAC address of the interface that received the ■...
Page 572 32: DHCP O HAPTER VERVIEW...
Page 573: Introduction To Dhcp Server
The hosts are more than the assignable IP addresses and it is impossible to ■ assign a fixed IP address to each host. For example, an ISP limits the number of hosts to access the Internet at a time, so lots of hosts need to acquire IP addresses dynamically.
Page 574: Ip Address Allocation Sequence
The DHCP server observes the following principles to select an address pool to assign IP addresses to clients: 1 If there is an address pool where IP addresses are statically bound to the MAC addresses or IDs of clients, the DHCP server will select this address pool and assign statically bound IP addresses to clients.
Page 575: Dhcp Server Configuration Task List
With the DHCP server enabled on an interface, upon receiving a client’s request, Server on an Interface the DHCP server will assign an IP address from its address pool to the DHCP client. Follow these steps to enable the DHCP server on an interface: To do...
Page 576: Configuring An Address Pool For The Dhcp Server
IP address. Configuring manual address allocation Some DHCP clients such as a WWW server need fixed IP addresses. You can create a static binding of a client’s MAC or ID to IP address in the DHCP address pool.
Page 577 Otherwise, an IP address conflict may occur and the bound client cannot obtain an IP address correctly. The ID of the static binding must be identical to the ID displayed by using the ■ display dhcp client verbose command on the client. Otherwise, the client cannot obtain an IP address.
Page 578: Configuring A Domain Name Suffix For The Client
Not specified by default Configuring DNS Servers When a DHCP client wants to access a host on the Internet via the host name, it for the Client contacts a domain name system (DNS) server holding host name-to-IP address mappings to get the host IP address.
Page 579: Configuring Wins Servers And Netbios Node Type For The Client
WINS server address when assigning an IP address to the client. You can specify up to eight WINS servers in a DHCP address pool. You need to specify in a DHCP address pool a NetBIOS node type for the client to approach name resolution. There are four NetBIOS node types: b (broadcast)-node: The b-node client sends the destination name in a ■...
Page 580: Configuring Gateways For The Client
33: DHCP S HAPTER ERVER ONFIGURATION To configure the BIMS server IP address, port number, and shared key in the DHCP address pool, use the following commands: To do... Use the command... Remarks Enter system view system-view Enter DHCP address pool view dhcp server ip-pool pool-name -...
Page 581: Configuring The Tftp Server And Bootfile Name For The Client
Specify an IP address for the network calling processor before performing other configuration. Configuring the TFTP This task is to specify the IP address and name of a TFTP server and the bootfile Server and Bootfile name in the DHCP address pool. The DHCP clients use these parameters to...
Page 582: Configuring The Dhcp Server Security Functions
ONFIGURATION Define existing DHCP options. Some options have no unified definitions in RFC ■ 2132; however, vendors can define such options as Option 43 as needed. The self-defined DHCP option enables DHCP clients to obtain vendor-specific information. Expand existing DHCP options. When the current DHCP options cannot meet ■...
Page 583: Configuration Prerequisites
With this feature enabled, when receiving a DHCP message with the siaddr field not being 0 from a client, the DHCP server will record the value of the siaddr field in the message and the receiving interface. The administrator can use this information to check out any DHCP unauthorized servers.
Page 584: Configuring The Dhcp Server To Support Authorized Arp
Option 82 82 to assign an IP address to the requesting client. If the server is configured to ignore Option 82, it will assign an IP address to the client without adding Option 82 in the response message. Configuration prerequisites...
Page 585: Displaying And Maintaining The Dhcp Server
In this case, the server will deny the request for lease extension from a client and the client needs to request an IP address again.
Page 586 The DHCP server and client are on the same subnet and perform direct ■ message delivery. The DHCP server and client are not on the same subnet and communicate with ■ each other via a DHCP relay agent. The DHCP server configuration for the two types is the same.
Page 587: Self-Defined Option Configuration Example
DHCP Server Configuration Examples # Exclude IP addresses from dynamic allocation (addresses of the DNS server, WINS server, and gateways). [RouterA] dhcp server forbidden-ip 10.1.1.2 [RouterA] dhcp server forbidden-ip 10.1.1.4 [RouterA] dhcp server forbidden-ip 10.1.1.126 [RouterA] dhcp server forbidden-ip 10.1.1.254 # Configure DHCP address pool 0 (address range, client domain name suffix and DNS server address).
Page 588: Troubleshooting Dhcp Server Configuration
[RouterA] dhcp enable # Configure DHCP address pool 0. [RouterA] dhcp server ip-pool 0 [RouterA-dhcp-pool-0] network 10.1.1.0 mask 255.255.255.0 [RouterA-dhcp-pool-0] option 43 hex 80 0B 00 00 02 01 02 03 04 02 02 02 02 Troubleshooting DHCP Symptom Server Configuration A client’s IP address obtained from the DHCP server conflicts with another IP...
Page 589: Introduction To Dhcp Relay Agent
Since DHCP clients request IP addresses via broadcast messages, the DHCP server Environment and clients must be on the same subnet. Therefore, a DHCP server must be available on each subnet. It is not practical. DHCP relay agent solves the problem. Via a relay agent, DHCP clients communicate with a DHCP server on another subnet to obtain configuration parameters.
Page 590: Dhcp Relay Agent Support For Option 82
As shown in the figure above, the DHCP relay agent works as follows: 1 After receiving a DHCP-DISCOVER or DHCP-REQUEST broadcast message from a DHCP client, the DHCP relay agent fills the giaddr field of the message with its IP address and forwards the message to the designated DHCP server in unicast mode.
Page 591: Dhcp Relay Agent Configuration Task List
DHCP Relay Agent Configuration Task List If a reply returned by the DHCP server contains Option 82, the DHCP relay agent will remove the Option 82 before forwarding the reply to the client. If a client’s requesting Handling Padding message has...
Page 592: Correlating A Dhcp Server Group With Relay Agent Interfaces
■ connected must also use a subinterface to guarantee normal communication with the relay agent. In this case, if the client is a PC, it cannot obtain an IP address. If the DHCP client obtains an IP address via the DHCP relay agent, the address ■...
Page 593: Configuring The Dhcp Relay Agent To Send A Dhcp-Release Request
Configuring the DHCP Relay Agent Configuring the DHCP Sometimes, you need to release a client’s IP address manually on the DHCP relay Relay Agent to Send a agent. With this task completed, the DHCP relay agent can actively send a DHCP-Release Request DHCP-RELEASE request that contains the client’s IP address to be released.
Page 594 To solve this, the DHCP relay agent can update dynamic bindings at a specified interval. The DHCP relay agent uses the IP address of a client and the MAC address of the DHCP relay interface to regularly send a DHCP-REQUEST message to the DHCP server.
Page 595: Configuring The Dhcp Relay Agent To Support Option 82
With this feature enabled, upon receiving a DHCP message with the siaddr field (IP address of the server assigning IP addresses to clients) not being 0 from a client, the DHCP relay agent will record the value of the siaddr field and the information on the interface receiving the DHCP message.
Page 596: Displaying And Maintaining The Dhcp Relay Agent Configuration
Option 82” on page 584 for DHCP server configuration of this kind. If the handling strategy of the DHCP relay agent is configured as replace, you ■ need to configure a padding format for Option 82. If the handling strategy is keep or drop, you need not configure any padding format.
Page 597: Troubleshooting Dhcp Relay Agent Configuration
DHCP relay agent. Refer to “DHCP Server Configuration Examples” on page 585 for DHCP server configuration information. If the DHCP relay agent and server are on different subnets, routes in between ■ must be reachable. Troubleshooting DHCP Symptom...
Page 598 Check that: The DHCP is enabled on the DHCP server and relay agent. ■ The address pool on the same subnet where DHCP clients reside is available on ■ the DHCP server. The routes between the DHCP server and DHCP relay agent are reachable.
Page 599: Introduction To Dhcp Client
DHCP client may fail to obtain an IP address. Introduction to DHCP With the DHCP client enabled on an interface, the interface will use DHCP to Client obtain configuration parameters such as an IP address from the DHCP server.
Page 600: Displaying And Maintaining The Dhcp Client
Available in any view configuration information [ interface interface-type interface-number ] DHCP Client Network requirements Configuration On a LAN, Router B contacts the DHCP server via Ethernet1/1 to obtain an IP Example address. Network diagram Figure 170. Configuration procedure The following is the configuration on Router B shown in Figure 170.
Page 601: Dhcp Snooping Overview
The DHCP snooping enabled device does not work if it is between the DHCP ■ relay agent and DHCP server, and it can work when it is between the DHCP client and relay agent or between the DHCP client and server.
Page 602: Configuring Dhcp Snooping Basic Functions
ONFIGURATION Ensuring DHCP clients to obtain IP addresses from valid DHCP servers If there is an unauthorized DHCP server on a network, the DHCP clients may obtain invalid IP addresses. With DHCP snooping, the ports of a device can be configured as trusted or untrusted, ensuring the clients to obtain IP addresses from authorized DHCP servers.
Page 603 DHCP Snooping Configuration Example Network diagram Figure 175 Network diagram for DHCP snooping configuration Switch A DHCP server Eth 1 / 1 Switch B DHCP snooping Eth 1 / 3 Eth 1 / 2 DHCP client DHCP client Configuration procedure # Enable DHCP snooping.
Page 604 36: DHCP S HAPTER NOOPING ONFIGURATION...
Page 605: Introduction To Bootp Client
Introduction to BOOTP Client BOOTP Application After you specify an interface of a device as a BOOTP client, the interface can use BOOTP to get information (such as IP address) from the BOOTP server, which simplifies your configuration. Before using BOOTP, an administrator needs to configure a BOOTP parameter file for each BOOTP client on the BOOTP server.
Page 606: Obtaining An Ip Address Dynamically
ONFIGURATION Obtaining an IP Address Dynamically A DHCP server can take the place of the BOOTP server in the following dynamic IP address acquisition. A BOOTP client dynamically obtains an IP address from a BOOTP server in the following way: 1 The BOOTP client broadcasts a BOOTP request, which contains its own MAC address.
Page 607 [RouterB] interface ethernet 1/1 [RouterB-Ethernet1/1] ip address bootp-alloc To make the BOOTP client to obtain an IP address from the DHCP server, you need to perform additional configurations on the DHCP server. For details, refer to “DHCP Server Configuration Examples” on page...
Page 608 37: BOOTP C HAPTER LIENT ONFIGURATION...
Page 609: Dns Overview
1 A user program sends a name query to the resolver in the DNS client. 2 The DNS resolver looks up the local domain name cache for a match. If a match is found, it sends the corresponding IP address back. If not, it sends a query to the DNS server.
Page 610 IP addresses in the dynamic domain name cache. There is no need to send a request to the DNS server for a repeated query next time. The aged mappings are removed from the cache after some time, and latest entries are required from the DNS server.
Page 611: Dns Proxy
DNS client Operation of a DNS proxy 1 A DNS client considers the DNS proxy as the DNS server, and sends a DNS request to the DNS proxy, that is, the destination address of the request is the IP address of the DNS proxy.
Page 612: Configuring Dynamic Domain Name Resolution
IP address is configured in the database static DNS database by default. The IP address you last assign to the host name will overwrite the previous one if there is any. You may create up to 50 static mappings between domain names and IP addresses.
Page 613: Dns Configuration Examples
# Configure a mapping between host name host.com and IP address 10.1.1.2. <Sysname> system-view [Sysname] ip host host.com 10.1.1.2 # Execute the ping host.com command to verify that the device can use the static domain name resolution to get the IP address 10.1.1.2 corresponding to host.com.
Page 614 Configuration procedure Before performing the following configuration, make sure that there is a route ■ between the device and the host, and configurations are done on both the device and the host. For the IP addresses of the interfaces, see Figure 179.
Page 615 # Create a mapping between host name and IP address. Figure 181 Add a host Figure 181, right click zone com, and then select New Host to bring up a dialog box as shown in Figure 182. Enter host name host and IP address 3.1.1.1.
Page 616 # Configure com as the name suffix. [Sysname] dns domain com 3 Configuration verification # Execute the ping host command on the device to verify that the communication between the device and the host is normal and that the corresponding destination IP address is 3.1.1.1.
Page 617: Dns Proxy Configuration Example
Specify Device A as the DNS server of Device B (the DNS client). ■ Device A acts as a DNS proxy. The IP address of the real DNS server is 4.1.1.1. ■ Device B implements domain name resolution through Device A.
Page 618: Troubleshooting Dns Configuration
# Specify the DNS server 2.1.1.2. [DeviceB] dns server 2.1.1.2 4 Configuration verification # Execute the ping host.com command on Device B to verify that the host can be pinged after the host’s IP address 3.1.1.1 is resolved. [DeviceB] ping host.com Trying DNS resolve, press CTRL_C to break Trying DNS server (2.1.1.2)
Page 619: Introduction To Ip Accounting
Each IP accounting rule consists of an IP address and its mask, namely, a subnet address, which is the result of ANDing the IP address with its mask. IP packets are sorted as follows: If a firewall is configured on an interface and incoming and outgoing IP packets ■...
Page 620: Ip Accounting Configuration Example
184, the router is connected to Host A and Host B through Ethernet interfaces. Enable IP accounting on Ethernet1/0 of the router to count the IP packets from Host A to Host B, with the aging time for IP accounting entries being 24 hours.
Page 621: Network Diagram
[Router-Ethernet1/1] ip address 2.2.2.1 24 [Router-Ethernet1/1] quit Configure Host A and Host B. ■ # Configure static routes from Host A to Host B and from Host B to Host A. Ping Host B from Host A. Omitted. Display the IP accounting information.
Page 622: Displaying And Maintaining Ip Accounting Configuration
SrcIP DstIP Protocol Pkts Bytes 2.2.2.2 1.1.1.1 ICMP The two hosts can be replaced by other types of network devices such as routers. Displaying and Maintaining IP To do... Use the command... Remarks Accounting Display the IP display ip count rule...
Page 623: Ip Addressing Overview
For administration sake, IP addresses are divided into five classes. Which class an IP address belongs to depends on the first one to four bits of the net-id, as shown in the following figure (the blue part identifies the address class).
Page 624: Special Case Ip Addresses
Class B address Net-id Host-id Mask 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 Net-id Subnet-id Host-id...
Page 625: Ip Unnumbered
In the absence of subnetting, some special addresses such as the addresses with the net-id of all zeros and the addresses with the host-id of all ones, are not assignable to hosts. The same is true of subnetting. When designing your network, you should note that subnetting is somewhat a tradeoff between subnets and accommodated hosts.
Page 626: Ip Addressing Configuration Example
To enable the hosts on the two network segments to access the external network through Router, and enable the hosts on the two network segments to communicate with each other, do the following: Assign a primary IP address and a secondary IP address to Ethernet 1/0 on the ■ router.
Page 627 # Set the gateway address to 172.16.1.1 on the PCs attached to 172.16.1.0/24, and to 172.16.2.1 on the PCs attached to 172.16.2.0/24. # Use the ping command to verify the connectivity between the router and a host on the subnet 172.16.1.0/24.
Page 628: Configuring Ip Unnumbered
ONFIGURATION Configuring IP Unnumbered Configuration Assign a primary IP address to the interface from which you want to borrow the IP Prerequisites address. Alternatively, you may configure the interface to obtain one through BOOTP, DHCP, or PPP negotiation. Configuration Procedure Follow these steps to configure IP unnumbered on an interface: To do...
Page 629 [RouterA] interface serial 2/1 [RouterA-Serial2/1] ip address unnumbered interface ethernet 1/1 [RouterA-Serial2/1] quit # Create a route to the Ethernet segment attached to Router B, specifying interface Serial2/1 as the outgoing interface. [RouterA] ip route-static 172.16.20.0 255.255.255.0 serial 2/1 2 Configure Router B # Assign a primary IP address to Ethernet1/1.
Page 630: Displaying And Maintaining Ip Addressing
40: IP A HAPTER DDRESSING ONFIGURATION 3 Ping a host attached to Router B from Router A to verify the configuration. [RouterA] ping 172.16.20.2 PING 172.16.20.2: 56 data bytes, press CTRL_C to break Reply from 172.16.20.2: bytes=56 Sequence=1 ttl=255 time=25 ms Reply from 172.16.20.2: bytes=56 Sequence=2 ttl=255 time=25 ms...
Page 631: Ip Performance Overview
IP address of a directed broadcast, the network ID is a network-specific Broadcasts number and the host ID is all ones. Enabling the device to receive and forward directed broadcasts to a directly connected network will give hackers an opportunity to attack the network.
Page 632: Configuration Example
Ethernet 1/0 of Router B are on another network segment (2.2.2.0/24). The default gateway of the host is Ethernet 1/1 (IP address 1.1.1.2/24) of Router A. Configure a static route on Router B to enable the reachability between the host and Router B.
Page 633: Configuring Tcp Attributes
An interface’s TCP MSS determines whether the TCP packets of the interface need the Interface to be fragmented. If the size of a packet is smaller than the TCP MSS, the packet is not fragmented; otherwise, it will be fragmented according to the TCP MSS.
Page 634: Enabling Protection Against Naptha Attack
Naptha attackers control a huge amount of hosts to establish TCP connections with the server, keep these connections in the same state (any of the six), and request for no data so as to exhaust the memory resource of the server. As a result, the server cannot process normal services.
Page 635: Configuring Tcp Optional Parameters
When the TCP connection is in FIN_WAIT_2 state, finwait timer ■ will be started. If no FIN packets are received within the timer timeout, the TCP connection will be terminated. If FIN packets are received, the TCP connection state changes to TIME_WAIT.
Page 636: Configuring Icmp To Send Error Packets
ICMP timeout packet to the source. The device will send an ICMP timeout packet under the following conditions: If the device finds the destination of a packet is not itself and the TTL field of ■ the packet is 1, it will send a “TTL timeout” ICMP error message.
Page 637 Sending a lot of ICMP packets will increase network traffic. ■ If receiving a lot of malicious packets that cause it to send ICMP error packets, ■ the device’s performance will be reduced.
Page 638: Displaying And Maintaining Ip Performance
Display socket information display ip socket [ socktype sock-type ] [ task-id socket-id ] Display FIB forward display fib [ | { begin | include | information exclude } string | acl acl-number | ip-prefix ip-prefix-name ] Display FIB forward...
Page 639: Introduction To Ip Unicast Policy Routing
A policy can consist of multiple nodes identified by node numbers. The smaller the node number is, the higher the priority of the node’s policy is. A policy, which consists of if-match clauses and apply clauses, is used to import a route to forward IP packets.
Page 640 A packet satisfying the match rules on a node will not go to the other nodes. If the packet does not satisfy the match rules on any node, the packet will be forwarded by means of looking up the routing table.
Page 641: Enabling System Policy Routing
If you want to modify the two outgoing interfaces or next hops, you can directly specify two interfaces or next hops before executing the apply output-interface or apply ip-address next-hop command.
Page 642: Enabling Interface Policy Routing
OUTING ONFIGURATION The system policy routing is used to route packets generated by the local device. You can enable the interface policy routing and the system policy routing respectively. Only one policy can be referenced when system policy routing is enabled.
Page 643: Ip Unicast Policy Routing Configuration Examples
10 . 110 . 0 . 0 / 16 Host A Host B Configuration procedure # If the device supports the firewall function, set the default filtering mode of the firewall to deny. <Router> system-view [Router] firewall default deny # Define the ACLs.
Page 644 [Router-policy-based-route] apply output-interface serial 2/0 [Router-policy-based-route] quit # Define Node 10 of policy aaa so that policy routing will not be applied to packets matching ACL 3102 and these packets will be forwarded by means of looking up the routing table.
Page 645 [RouterA-Ethernet1/0] ip policy-based-route lab1 [RouterA-Ethernet1/0] quit # Forward IP packets with a size of 64 to 100 bytes to the next hop 150.1.1.2 and those with a size of 101 to 1,000 bytes to the next hop 151.1.1.2. [RouterA] rip [RouterA] interface serial 2/0 [RouterA-Serial2/0] ip address 150.1.1.1 255.255.255.0...
Page 646 42: IP U HAPTER NICAST OLICY OUTING ONFIGURATION...
Page 647: Introduction To Udp Helper
Sometimes, a host needs to forward broadcasts to obtain network configuration Helper information or request the names of other devices on the network. However, if the server or the device to be requested is located in another broadcast domain, the host cannot obtain such information through broadcast.
Page 648: Configuring Udp Helper
631. The UDP Helper enabled device cannot forward DHCP broadcast packets. That ■ is to say, the UDP port number cannot be set to 67 or 68. The dns, netbios-ds, netbios-ns, tacacs, tftp, and time keywords ■ correspond to the six default UDP port numbers. You can configure these default UDP port numbers by specifying port numbers or the corresponding parameters.
Page 649: Udp Helper Configuration Example
# Enable the forwarding of broadcast packets with the UDP destination port number 55. [RouterA] udp-helper port 55 # Specify the server with the IP address of 10.2.1.1 as the destination server to which UDP packets are to be forwarded. [RouterA] interface ethernet 1/0 [RouterA-Ethernet1/0] ip address 10.110.1.1 16...
Page 650 43: UDP H HAPTER ELPER ONFIGURATION...
Page 651: Urpf Overview
193, Router A originates a request to the server (Router B) by sending a packet with a forged source IP address 2.2.2.1/8, and Router B sends a packet to the real IP address 2.2.2.1/8 in response to the request. This type of illegal packets will attack Router B and Router C.
Page 652: Configuring Urpf
URPF lets the packet pass and be forwarded directly. 3 The packet will come to ACL check if and only if it is rejected. If the packet passes ACL check, it is forwarded as normal; otherwise, it is discarded.
Page 653: Introduction To Fast Forwarding
Finally, the link layer frame is copied to the output queue through direct memory access (DMA) for forwarding. The system bus will be involved twice in this process and the forwarding of each packet will repeat this process.
Page 654: Configuring Fast Forwarding
ONFIGURATION Fast forwarding can improve the packet forwarding efficiency greatly. The performance of fast forwarding is sometimes affected by some attributes, for example, packet queue management and packet header compression. Although fast forwarding can process segmented IP packets, it does not support re-segmentation of IP packets.
Page 655: Ipv6 Overview
IPv6 cuts down some IPv4 header fields or move them to the IPv6 extension headers to reduce the length of the basic IPv6 header. IPv6 uses the basic header with a fixed length, thus making IPv6 packet handling simple and improving...
Page 656 46: IP HAPTER ASICS ONFIGURATION addresses, the size of basic IPv6 headers is 40 bytes and is only twice that of IPv4 headers (excluding the Options field). Figure 194 Comparison between IPv4 packet header format and basic IPv6 packet header format...
Page 657: Introduction To Ipv6 Address
IPv6 Overview QoS support The Flow Label field in the IPv6 header allows the device to label packets in a flow and provide special handling for these packets. Enhanced neighbor discovery mechanism The IPv6 neighbor discovery protocol is implemented through a group of Internet Control Message Protocol Version 6 (ICMPv6) messages that manages the information exchange between neighbor nodes on the same link.
Page 658 Anycast address: An identifier for a set of interfaces (typically belonging to ■ different nodes). A packet sent to an anycast address is delivered to one of the interfaces identified by that address (the nearest one, according to the routing protocols’...
Page 659: Introduction To Ipv6 Neighbor Discovery Protocol
IPv6 Overview node may fill this address in the source address field of an IPv6 packet, but may not use it as a destination IPv6 address. Multicast address IPv6 multicast addresses listed in Table 37 are reserved for special purpose.
Page 660 The NDP mainly provides the following functions: Address resolution Similar to the ARP function in IPv4, a node acquires the link-layer addresses of neighbor nodes on the same link through NS and NA messages. Figure 196 shows...
Page 661 1 Node A sends an NS message whose destination address is the IPv6 address of node B. 2 If node A receives an NA message from node B, node A considers that node B is reachable. Otherwise, node B is unreachable.
Page 662 IPv6 address of node B. 3 Node A learns that the IPv6 address is being used by node B after receiving the NA message from node B. Otherwise, node B is not using the IPv6 address and node A can use it.
Page 663: Ipv6 Pmtu Discovery
When a host is started, its routing table may contain only the default route to the gateway. When certain conditions are satisfied, the gateway sends an ICMPv6 redirect message to the source host so that the host can select a better next hop to forward packets (similar to the ICMP redirection function in IPv4).
Page 664: Introduction To Ipv6 Dns
In the IPv6 network, a domain name system (DNS) supporting IPv6 converts domain names into IPv6 addresses, instead of IPv4 addresses. However, just like an IPv4 DNS, an IPv6 DNS also covers static domain name resolution and dynamic domain name resolution. The function and implementation of these two types of domain name resolution are the same as those of an IPv4 DNS.
Page 665: Configuring Basic Ipv6 Functions
IPv6 site-local addresses and aggregatable global unicast addresses can be Unicast Address configured in either of the following ways: EUI-64 format: When the EUI-64 format is adopted to form IPv6 addresses, the ■ IPv6 address prefix of an interface is the configured prefix, and the interface identifier is derived from the link-layer address of the interface.
Page 666: Configuring Ipv6 Ndp
If you first adopt the manual assignment and then the automatic generation, the automatically generated link-local address will not take effect and the link-local address of an interface is still the manually assigned one. If you delete the manually assigned address, the automatically generated link-local address is validated.
Page 667: Configuring The Maximum Number Of Neighbors Dynamically Learned
The device can dynamically acquire the link-layer address of a neighbor node and Maximum Number of add it into the neighbor table through NS and NA messages. Too large a neighbor Neighbors Dynamically table from which neighbor entries can be dynamically acquired may lead to the Learned forwarding performance degradation of the device.
Page 668 When sending an IPv6 packet, a host uses the value of this parameter to fill the Cur Hop Limit field in IPv6 headers. Meanwhile, the value of this parameter is equal to the value of the Cur Hop Limit field in response messages of the device.
Page 669: Configuring The Number Of Attempts To Send An Ns Message For Dad
IPv6 address. If the interface does not receive a response within a specified time NS Message for DAD (determined by the ipv6 nd ns retrans-timer command), it continues to send an NS message. If it still does not receive a response after the number of attempts to...
Page 670: Configuring Pmtu Discovery
IPv6 routers do not support packet fragmentation. After an IPv6 router receives an Interface MTU IPv6 packet, if the packet size is greater than the MTU of the forwarding interface, the router will discard the packet. Meanwhile, the router sends the MTU to the source host through an ICMPv6 packet - Packet Too Big message.
Page 671: Configuring The Aging Time For Pmtu
IP packets and improving the forwarding efficiency. In the load sharing mode of IPv6 FIB, the device can decide how to select an equal cost multi-path (ECMP) route to forward packets. Currently, two load sharing...
Page 672: Configuring Icmpv6 Packet Sending
Interval by adopting the token bucket algorithm. You can set the capacity of a token bucket, namely, the number of tokens in the bucket. In addition, you can set the update period of the token bucket, namely, the interval for updating the number of tokens in the token bucket to the configured capacity.
Page 673: Enable Sending Of Multicast Echo Replies
IPv6 address. When applying such applications as Telnet, Resolution you can directly use a host name and the system will resolve the host name into an IPv6 address. Each host name can correspond to only one IPv6 address.
Page 674: Displaying And Maintaining Ipv6 Basics Configuration
The dns resolve and dns domain commands are the same as those of IPv4 DNS. For details about the commands, refer to “DNS Configuration” on page 609.
Page 675: Ipv6 Configuration Example
Clear the statistics of all IPv6 UDP reset udp ipv6 statistics packets The display dns domain command is the same as the one of IPv4 DNS. For details about the commands, refer to “DNS Configuration” on page 609. IPv6 Configuration...
Page 676 HAPTER ASICS ONFIGURATION [RouterA-Ethernet1/0] ipv6 address 2001::/64 eui-64 # Assign an aggregatable global unicast address for interface Ethernet 1/0. [RouterA-Ethernet1/0] ipv6 address 3001::1/64 [RouterA-Ethernet1/0] ipv6 address 4001::1/64 # Allow interface Ethernet 1/0 to advertise RA messages. [RouterA-Ethernet1/0] undo ipv6 nd ra halt Configuration on Router B ■...
Page 677 # From Router A, ping the link-local address, EUI-64 address, aggregatable global unicast address, and automatically generated address of Router B. If the configurations are correct, the above four types of IPv6 addresses can be pinged. CAUTION: When you ping a link-local address, you should use the “-i” parameter to specify an interface for the link-local address.
Page 678: Troubleshooting Ipv6 Basics Configuration
IPv6 packet forwarding function is enabled. Carry out the display ipv6 interface command in any view to check that the ■ IPv6 address of the interface is correct and that the interface is up.
Page 679: Nat-Pt Overview
The Network Address Translation - Protocol Translation (NAT-PT) realizes translation between IPv4 and IPv6 addresses, implementing communications between IPv4 and IPv6 networks. For example, it can enable a host in an IPv6 network to access the FTP server in an IPv4 network.
Page 680: Nat-Pt Mechanism
The NAT-PT implementation process for a session initiated by an IPv6 host is as follows: 1 A packet from an IPv6 host to an IPv4 host reaches the NAT-PT device. The NAT-PT device translates the source IPv6 address of the packet into an IPv4 address according to the static or dynamic IPv6-to-IPv4 mappings.
Page 681: Nat-Pt Configuration Task List
The NAT-PT implementation process for a session initiated by an IPv4 host is as follows: 1 A packet from an IPv4 host to an IPv6 host reaches the NAT-PT device. The NAT-PT device translates the source IPv4 address of the packet into an IPv6 address according to the static or dynamic IPv4-to-IPv6 mappings.
Page 682: Enabling Nat-Pt
You can configure such a dynamic IPv6-to-IPv4 mapping rule as follows: When a packet is sent from an IPv6 network to an IPv4 network, the NAT-PT device receiving the packet will detect the prefix of the destination IPv6 address of the packet.
Page 683: Configuring Mappings For Ipv6 Hosts Accessing Ipv4 Hosts
Mappings for IPv6 hosts accessing IPv4 hosts refer to the IPv6-to-IPv4 NAT of for IPv6 Hosts Accessing packets. When a packet is sent from an IPv6 network to IPv4 network, the source IPv4 Hosts IPv6 address is translated to an IPv4 address in accordance with the configured mappings.
Page 684 IPv6 network to an IPv4 network, if the dynamic NAT-PT of combination 1 or 3 is set, the NAT-PT device will select an IPv4 address from the NAT-PT address pool as the source IPv4 address of the IPv6 packet.
Page 685: Configuring The Nat-Pt Session Timeout Time For Different Protocol Packets
Configuring the NAT-PT You can set the timeout time for NAT-PT sessions of different protocol packets Session Timeout Time according to the actual conditions. NAT-PT will stop after the NAT-PT session of a for Different Protocol specified protocol packet times out.
Page 686: Displaying And Maintaining Nat-Pt
2,048 by default Configuring the You can set the ToS/Traffic Class field in packets after NAT-PT to 0 or to the value ToS/Traffic Class Field in of the corresponding Traffic Class/ToS field in packets before NAT-PT. a Packet After NAT-PT Follow these steps to set the ToS and Traffic Class fields in packets after NAT-PT: To do...
Page 687: Configuring Dynamic Ipv6-To-Ipv4 Mappings
Network requirements IPv6-to-IPv4 Mappings An IPv4 network is connected to an IPv6 network through a NAT-PT device - Router B. Dynamic IPv6-to-IPv4 mappings are configured on Router B so that IPv6 hosts can access IPv4 hosts but IPv4 hosts cannot access IPv6 hosts.
Page 688: Configuring Static Ipv4-To-Ipv6 And Ipv6-To-Ipv4 Mappings
Configuring Static Network requirements IPv4-to-IPv6 and An IPv4 network is connected to an IPv6 network through a NAT-PT device - IPv6-to-IPv4 Mappings Router B. Static IPv4-to-IPv6 and IPv6-to-IPv4 mappings configured on Router B so that the IPv4 and IPv6 networks can access each other.
Page 689 IPV6Source IPV4Source IPV6Destination IPV4Destination 3001::0005 0 8.0.0.2 ICMP 2001::0002 0 8.0.0.5 Using the ping ipv6 3001::5 command on Router C can receive response packets, and you can view the following NAT-PT session information on Router B using the display command.
Page 690: Troubleshooting Nat-Pt
Locate the fault according to the debugging information of the device, and ■ then make further judgments by using other commands. During debugging, check whether the source address of a packet is translated correctly. If not, it is possible that the address pool is configured incorrectly.
Page 691: Dual Stack Overview
Dual stack is the most direct approach to making IPv6 nodes compatible with IPv4 nodes. The best way for an IPv6 node to be compatible with an IPv4 node is to maintain a complete IPv4 stack. A network node that supports both IPv4 and IPv6 is called a dual stack node.
Page 692 Manually specify ipv6 address IPv6 local address an IPv6 link-local ipv6-address link-local or global unicast address address, a link local address is automatically created. CAUTION: For more information about IPv6 address, refer to “Introduction to IPv6 Address” on page 657.
Page 693: Introduction To Tunneling
“Displaying and Maintaining Tunneling Configuration” on page 730 ■ “Troubleshooting Tunneling Configuration” on page 730 ■ A tunnel interface number is in the X format, where X ranges from 0 to 1023. Introduction to The expansion of Internet results in scarce IPv4 addresses. Although the Tunneling...
Page 694: Ipv6 Over Ipv4 Tunnel
IPv 6 host The IPv6 over IPv4 tunnel processes packets in the following way: 1 A host in the IPv6 network sends an IPv6 packet to the device at the source end of the tunnel. 2 After determining according to the routing table that the packet needs to be...
Page 695 4 The device at the destination end of the tunnel forwards the packet according to the destination address in the decapsulated IPv6 packet. If the destination address is the device itself, the device at the destination end forwards the IPv6 packet to the upper-layer protocol for processing.
Page 696 Since the 16-bit subnet number of the 64-bit address prefix in 6to4 addresses can be customized and the first 48 bits in the address prefix are fixed by a permanent value and the IPv4 address of the tunnel source or destination, it is possible that IPv6 packets can be forwarded by the tunnel.
Page 697: Ipv4 Over Ipv4 Tunnel
Through the embedded IPv4 address, an ISATAP tunnel can automatically be created to transfer IPv6 packets. The ISATAP tunnel is mainly used for connections between IPv6 routers or between a host and an IPv6 router in the IPv4 network.
Page 698: Ipv4/Ipv6 Over Ipv6 Tunnel
1 The IP packet received from the IPv4 network interface is sent to the IP protocol stack which checks the protocol number in the IP header. 2 If the protocol number is IPv4, the IP packet is sent to the tunnel module for decapsulation 3 The decapsulated IP packet is sent back to the IP protocol stack for processing.
Page 699: Pe Overview
A submits it to the corresponding data module for processing. The data module then determines how to route the packet. 2 If the destination of the packet is Host B connected to Router B, the packet is sent to Router A’s tunnel interface that is connected to Router B.
Page 700: Tunneling Configuration Task List
IPv 6 network Customer site Customer site “P” in the above figure refers to a backbone router in the network of a service provider. P is not directly connected with a CE and is required to have the basic MPLS capability.
Page 701: Configuration Procedure
Optional sent over the tunnel interface The default value varies with devices. For the configuration of MTU of IPv6 packets sent over a tunnel interface, refer to the ipv6 mtu command in “Configuring the Interface MTU” on page 670. CAUTION: After a tunnel interface is deleted, all the above features configured on the ■...
Page 702: Configuration Example
HAPTER UNNELING ONFIGURATION If the addresses of the tunnel interfaces at the two ends of a tunnel are not in ■ the same subnet, a forwarding route through the tunnel to the peer must be configured so that the encapsulated packet can be forwarded normally. You can configure static or dynamic routes.
Page 703 [RouterB-Tunnel0] source Ethernet 1/0 [RouterB-Tunnel0] destination 192.168.100.1 [RouterB-Tunnel0] tunnel-protocol ipv6-ipv4 Configuration verification After the above configurations, display the status of the tunnel interfaces on Router A and Router B, respectively: [RouterA] display ipv6 interface tunnel 0 Tunnel0 current state :UP...
Page 704: Configuring Automatic Ipv4-Compatible Ipv6 Tunnel
ND reachable time is 30000 milliseconds ND retransmit interval is 1000 milliseconds Hosts use stateless autoconfig for addresses # Ping the IPv6 address of the peer tunnel interface from Router A: [RouterA] ping ipv6 3001::2 PING 3001::2 : 56 data bytes, press CTRL_C to break...
Page 705 No destination address needs to be configured for an automatic ■ IPv4-compatible IPv6 tunnel. If the addresses of the tunnel interfaces at the two ends of a tunnel are not in ■ the same subnet, a forwarding route through the tunnel to the peer must be configured so that the encapsulated packet can be forwarded normally.
Page 706: Configuration Example
UNNELING ONFIGURATION Configuration Example Network requirements Between Router A and Router B is an IPv4 network. It is required that an IPv6 connection be established through an automatic IPv4-compatible IPv6 tunnel between the two dual-stack routers. Network diagram Figure 212 Network diagram for an automatic IPv4-compatible IPv6 tunnel...
Page 707 ND reachable time is 30000 milliseconds ND retransmit interval is 1000 milliseconds Hosts use stateless autoconfig for addresses # Ping the IPv4-compatible IPv6 address of the peer tunnel interface from Router [RouterA] ping ipv6 ::2.1.1.2 PING ::2.1.1.2 : 56 data bytes, press CTRL_C to break Reply from ::2.1.1.2...
Page 708: Configuring 6To4 Tunnel
IP addresses are configured for interfaces such as VLAN interface, Ethernet Prerequisites interface, and loopback interface on the device so that they can communicate. These interfaces serve as the source interface of the tunnel to ensure that the tunnel destination address is reachable. Configuration Procedure Follow these steps to configure a 6to4 tunnel: To do...
Page 709: Configuration Example 1
IPv4 address embedded in the IPv4-compatible IPv6 address. If the addresses of the tunnel interfaces at the two ends of a tunnel are not in ■ the same subnet, a forwarding route through the tunnel to the peer must be configured so that the encapsulated packet can be forwarded normally.
Page 710 [RouterA-Ethernet1/0] ip address 2.1.1.1 24 [RouterA-Ethernet1/0] quit # Configure a route from Ethernet1/0 of Router A to Ethernet1/0 of Router B. (Here the next-hop address of the static route is represented by [nexthop]. In practice, you should configure the real next-hop address according to the network.)
Page 711: Configuration Example 2
Router A is a 6to4 router, and 6to4 addresses are used on its IPv6 network. Router B serves as a 6to4 relay router and is connected to the IPv6 network. It is required that hosts in the 6to4 network can access the IPv6 network via Router B.
Page 712 2001 ::2 /16 Configuration procedure The configuration on a 6to4 relay router is the same as that on an ordinary 6to4 router. However, a 6to4 relay router can be connected to not only a 6to4 network, but also an IPv6 network.
Page 713 [RouterB-Ethernet1/0] ip address 6.1.1.1 255.255.255.0 [RouterB-Ethernet1/0] quit # Configure a route from Ethernet1/0 of Router A to Ethernet1/0 of Router B. (Here the next-hop address of the static route is represented by [nexthop]. In practice, you should configure the real next-hop address according to the network.)
Page 714: Configuring Isatap Tunnel
IP addresses are configured for interfaces such as VLAN interface, Ethernet Prerequisites interface, and loopback interface on the device so that they can communicate. These interfaces serve as the source interface of the tunnel to ensure that the tunnel destination address is reachable. Configuration Procedure Follow these steps to configure an ISATAP tunnel: To do...
Page 715: Configuration Example
“Configuring the Interface MTU” on page 670. CAUTION: If the addresses of the tunnel interfaces at the two ends of a tunnel are not in ■ the same subnet, a forwarding route through the tunnel to the peer must be configured so that the encapsulated packet can be forwarded normally.
Page 716 UNNELING ONFIGURATION Configuration procedure The following example shows how to configure an ISATAP tunnel between the router and the ISATAP host, which allows a separate ISATAP host to access the IPv6 network. Configuration on the ISATAP router ■ # Enable the IPv6 forwarding function.
Page 717: Configuring Ipv4 Over Ipv4 Tunnel
Router Discovery” is displayed, indicating that the router discovery function is enabled on the host. At this time, ping the IPv6 address of the tunnel interface of the router. If the address is successfully pinged, an ISATAP tunnel is established.
Page 718: Configuration Example
The default value varies with devices. CAUTION: If the addresses of the tunnel interfaces at the two ends of a tunnel are not in ■ the same subnet, a forwarding route through the tunnel to the peer must be configured so that the encapsulated packet can be forwarded normally. You can configure static or dynamic routes.
Page 719 # Configure a destination address for the interface tunnel 1 (IP address of Serial 2/1 of Router B). [RouterA-Tunnel1] destination 3.1.1.1 [RouterA-Tunnel1] quit # Configure a static route from Router A through the interface tunnel 1 to Group [RouterA] ip route-static 10.1.3.0 255.255.255.0 tunnel 1...
Page 720 # Configure the tunnel encapsulation mode. [RouterB-Tunnel2] tunnel-protocol ipv4-ipv4 # Configure the source address for the interface tunnel 2 (IP address of Serial 2/1). [RouterB-Tunnel2] source 3.1.1.1 # Configure a destination address for the interface tunnel 2 (IP address of Serial2/0 of Router A).
Page 721: Configuring Ipv4 Over Ipv6 Tunnel
IPv6 addresses are configured for interfaces such as VLAN interface, Ethernet Prerequisites interface, and loopback interface on the device so that they can communicate. These interfaces serve as the source interface of the tunnel to ensure that the tunnel destination address is reachable. Configuration Procedure Follow these steps to configure an IPv4 over IPv6 tunnel: To do...
Page 722: Configuration Example
“Configuring the Interface MTU” on page 670. CAUTION: If the addresses of the tunnel interfaces at the two ends of a tunnel are not in ■ the same subnet, a forwarding route through the tunnel to the peer must be configured so that the encapsulated packet can be forwarded normally.
Page 723 # Configure the tunnel encapsulation mode. [RouterA-Tunnel1] tunnel-protocol ipv4-ipv6 # Configure a source address for the interface tunnel 1 (IP address of Serial2/0). [RouterA-Tunnel1] source 2002::1:1 # Configure a destination address for the interface tunnel 1 (IP address of Serial 2/1 of Router B).
Page 724 49: T HAPTER UNNELING ONFIGURATION # Configure a static route from Router A through the interface tunnel 1 to Group [RouterA] ip route-static 30.1.3.0 255.255.255.0 tunnel 1 Configuration on Router B ■ # Enable the IPv6 forwarding function. <RouterB> system-view [RouterB] ipv6 # Configure an IPv4 address for Ethernet1/0.
Page 725: Configuring Ipv6 Over Ipv6 Tunnel
IPv6 addresses are configured for interfaces such as VLAN interface, Ethernet Prerequisites interface, and loopback interface on the device so that they can communicate. These interfaces serve as the source interface of the tunnel to ensure that the tunnel destination address is reachable.
Page 726: Configuration Procedure
Optional sent over a tunnel interface The default value varies with devices. For the configuration of the MTU of IPv6 packets sent over a tunnel interface, refer to the ipv6 mtu command in “Configuring the Interface MTU” on page 670.
Page 727: Configuration Example
Configuring IPv6 over IPv6 Tunnel CAUTION: If the addresses of the tunnel interfaces at the two ends of a tunnel are not in ■ the same subnet, a forwarding route through the tunnel to the peer must be configured so that the encapsulated packet can be forwarded normally. You can configure static or dynamic routes.
Page 728 # Configure a destination address for the interface tunnel 1 (IP address of Serial 2/1 of Router B). [RouterA-Tunnel1] destination 2002::22:1 [RouterA-Tunnel1] quit # Configure a static route from Router A through the interface tunnel 1 to Group [RouterA] ipv6 route-static 2002:3:: 64 tunnel 1 Configuration on Router B ■...
Page 729 # Configure the tunnel encapsulation mode. [RouterB-Tunnel2] tunnel-protocol ipv6-ipv6 # Configure a source address for the interface tunnel 2 (IP address of Serial 2/1). [RouterB-Tunnel2] source 2002::22:1 # Configure a destination address for the interface tunnel 2 (IP address of Serial2/0 of Router A).
Page 730: Displaying And Maintaining Tunneling Configuration
Solution: Follow the steps below: 1 The common cause is that the physical interface of the tunnel source is not up. Use the display interface tunnel or display ipv6 interface tunnel commands to view whether the physical interface of the tunnel source is up or down. If the physical interface is down, use the debugging tunnel event command in user view to view the cause.
Page 731: Introduction To Ipv6 Unicast Policy Routing
An IPv6 policy can consist of multiple nodes identified by node number. The smaller a node number is, the higher the priority the node has. A policy, which consists of if-match clauses and apply clauses, is used to route IPv6 packets.
Page 732 A packet satisfying the match rules on a node of a policy will not go to the other nodes. If the packet does not satisfy the match rules of all nodes of the policy, the packet cannot pass the policy and will be forwarded through the routing table.
Page 733: Enabling Ipv6 System Policy Routing
Therefore, you need to specify a next hop. If the match mode of a policy node is deny, no apply clauses will be executed. ■...
Page 734: Enabling Ipv6 Interface Policy Routing
Configuring Policy Network requirements Routing Based on Source As shown in the following figure, define the policy aaa for policy routing so that Address TCP packets arriving on the interface Ethernet 1/0 are forwarded via Serial 2/0 and other packets are forwarded through the routing table.
Page 735 [Router-pbr6-aaa-5] if-match acl6 3001 [Router-pbr6-aaa-5] apply output-interface serial 2/0 [Router-pbr6-aaa-5] quit # Define Node 10 of policy aaa so that policy routing will not be applied to packets matching ACL 3102 and these packets will be forwarded through the routing table.
Page 736 [RouterA-Ethernet1/0] ipv6 policy-based-route lab1 [RouterA-Ethernet1/0] quit # Forward IP packets with a size from 64 to 100 bytes to the next hop 150::2/64 and those with a size from 101 to 1,000 bytes to the next hop 151::2/64. [RouterA] ipv6 policy-based-route lab1 permit node 10...
Page 737 IPv6 Unicast Policy Routing Configuration Examples [RouterA-pbr6-lab1-10] apply ipv6-address next-hop 150::2 [RouterA-pbr6-lab1-10] quit [RouterA] ipv6 policy-based-route lab1 permit node 20 [RouterA-pbr6-lab1-20] if-match packet-length 101 1000 [RouterA-pbr6-lab1-20] apply ipv6-address next-hop 151::2 2 Configure Router B # Configure RIPng. <RouterB> system-view [RouterB] ipv6...
Page 738 50: IP HAPTER NICAST OLICY OUTING ONFIGURATION...
Page 739: Introduction To Terminal Access
TCP connection request and serves as the server of the TCP connection. A receiver can be an FEP or a router. An FEP is a system installed with an application program for banking, postal service, taxation, customs, civil aviation, and so on.
Page 740: Typical Applications Of Terminal Access
(the RTC client). The monitoring device is always ready to initiate a connection request at any time to access the data on the monitored device. The router connected to the monitored terminal acts as the...
Page 741: Terminal Access Feature List
IP network. Banking services run on the FEP, and the information entered by an employee at the bank outlet is sent to the FEP through Router A. The FEP then sends the corresponding service display to the service terminal through Router A, thereby implementing data exchange between the outlet and the branch.
Page 742: Terminal Access Features
CCESS ONFIGURATION Supporting terminal access Feature type Description “Idle connection timeout” on page 744 “Terminal number fixing” on page 744 “Data encryption” on page 745 “Automatic link establishment” on TTY, Telnet, RTC client page 745 “Automatic link teardown” on page “One-to-one access”...
Page 743 IP address of the upstream TCP connection from the router through IP unnumbered configuration. If an FEP runs, the IP address of the router connected to the FEP needs to be authenticated. Therefore, when the dial-up backup function is used in a wide area network (WAN), if the primary link fails, the router begins to use the backup interface.
Page 744 Each FEP runs multiple applications. Terminal access universally numbers all the applications, regardless of whether these applications are running on the same FEP or on multiple FEPs. With the numbering of the terminals and the applications and the special processing through the router, the mappings between the terminals and the banking services are established to implement fixed terminal numbering.
Page 745 Figure 223, data is transmitted in ciphertext between Router A and the FEP. Router A and the FEP that runs the program ttyd are responsible for data encryption and decryption. At present, the advanced encryption standard (AES) encryption is supported.
Page 746 TCP connection with the receiver. Connectivity test You can set the terminal test hotkey on the router. By pressing the test hotkey on the terminal, you can test the connectivity between the terminal and the router and the TCP connectivity between the terminal and the FEP.
Page 747 That is, some of the terminals connected to the router can be grouped in one VPN domain and some other in another VPN domain. This allows a terminal to access the FEP or remote router that is in the same VPN domain as the terminal.
Page 748: Terminal Access Specifications
List required. RTC terminal access is initiated and received by routers. TTY terminal access and Telnet terminal access are initiated by a router and received by a FEP. Functionally, the configuration commands fall into three types: basic configuration commands, advanced configuration commands, and display and maintenance commands.
Page 749: Tty Terminal Access Configuration
TTY according to the contents of the template and the specified terminal number, and sets up VTYs on the basis of the configuration information in the template. If you modify a template that was applied to an interface, you can use the update changed-config command to update the configuration of the terminal using the template.
Page 750 ■ command in “WAN Interface Configuration” on page After a template is applied on an interface, you need to set the flow control ■ mode of the user interface corresponding to the interface to software flow control. You can use the display user-interface command to display the associations between interfaces and user interfaces.
Page 751 TTY Terminal Access Configuration To do... Use the command... Remarks Configure the automatic auto-link time Optional link establishment time 0 seconds by default; that is, no automatic link establishment is performed. Bind a VPN instance bind vpn-instance Optional vpn-name Not configured by default...
Page 752 Update the configuration update changed-config Optional If both the global source IP address and the source IP address for a VTY are ■ configured, the one for the VTY is used. The TCP parameters must be configured before TCP connections are ■...
Page 753: Configuration Example For Tty Terminal Access
Network requirements for TTY Terminal Access The deposit services run on the Unix server, whose IP address is 1.1.254.77/16. The listening port of the ttyd program on the Unix server is 9010. The router is connected to four terminals through its four asynchronous interfaces.
Page 754 2 Modify system configuration file /etc/inittab Suppose the terminals operate in the active terminal mode. Check whether the pseudo terminal devices have been configured in the file inittab. Edit the file /etc/inittab and see whether the following information is available. If not, add this information.
Page 755: Telnet Terminal Access Configuration
■ command in “WAN Interface Configuration” on page After a template is applied on an interface, you need to set the flow control ■ mode of the user interface corresponding to the interface to software flow control. You can use the display user-interface command to display the associations between interfaces and user interfaces.
Page 756 51: T HAPTER ERMINAL CCESS ONFIGURATION For details about the flow-control software command, refer to the ■ flow-control command in “User Interface Configuration” on page 2155. Follow these steps to perform advanced Telnet initiator configuration: To do... Use the command...
Page 757 Optional configuration If both the global source IP address and the source IP address of a VTY are ■ configured, the one of the VTY is used. The parameters for TCP connections must be configured before the TCP ■...
Page 758: Configuration Example For Telnet Terminal Access
Configuring Telnet Receiver The receiver of Telnet terminal access is an FEP. An FEP only needs to run the Telnet server program and the corresponding application program; there is no need to modify or compile the Unix kernel.
Page 759: Rtc Terminal Access Configuration
[Sysname] user-interface tty 17 [Sysname-ui-tty17] flow-control software After the above-mentioned configurations, you can see the following menu on the terminal (You can enter an option on the display or exit by pressing <Esc>.): TTY ACCESS SYSTEM VERSION 3.0 1. SELECT VTY(0): chuxu_zhu 2.
Page 760 ■ command in “WAN Interface Configuration” on page After a template is applied on an interface, you need to set the flow control ■ mode of the user interface corresponding to the interface to software flow control. You can use the display user-interface command to display the associations between interfaces and user interfaces.
Page 761 Configure the auto-close time Optional automatic link 0 seconds by default; that is, no teardown time automatic link teardown is performed. Configure the auto-link time Optional automatic link 0 seconds by default; that is, no...
Page 762 VPN instance. Thus, the RTC client can receive terminal access packets from multiple VPNs and initiate connection requests through multiple asynchronous serial interfaces. If both the global source IP address and the source IP address for a VTY are ■ configured, the VTY uses the latter one.
Page 763 ■ command in “WAN Interface Configuration” on page After a template is applied on an interface, you need to set the flow control ■ mode of the user interface corresponding to the interface to software flow control. You can use the display user-interface command to display the associations between interfaces and user interfaces.
Page 764 Enter terminal template rta template view template-name Configure the auto-close time Optional automatic link 0 seconds by default; that is, no teardown time automatic link teardown is performed. Bind a VPN instance to bind vpn-instance Optional the template vpn-name Not configured by default...
Page 765: Asynchronous Rtc Terminal Access Configuration Example
Asynchronous RTC Network requirements Terminal Access Two routers, one serving as the RTC client and the other the RTC server, are Configuration Example connected to the central terminal device and the remote terminal device respectively.
Page 766 51: T HAPTER ERMINAL CCESS ONFIGURATION Network diagram Figure 226 Network diagram for asynchronous RTC terminal access configuration Configuration procedure 1 Configure the RTC server. # Enable terminal access. <Sysname> system-view [Sysname] rta server enable # Set the listening port of the server.
Page 767: Asynchronous Rtc Multi-Instance Configuration Example
Terminal CE A in the monitoring center and remote terminal CE B are in MPLS Configuration Example VPNA and respectively connected to the interface Async1/0 on PE A and PE B. It is required to monitor CE B in real time through CE A.
Page 768 [PEB] rta rtc-server listen-port 9000 # Configure the terminal access template. [PEB] rta template rtcs # Configure VTY 0 on the RTC server. [PEB-rta-template-rtcs] vty 0 rtc-server remote 169.254.2.1 2 # Bind the VPN instance to the template. [PEB-rta-template-rtcs] bind vpn-instance vpna [PEB-rta-template-rtcs] quit # Configure interface async1/0.
Page 769: Displaying And Maintaining Terminal Access Configuration
To do... Use the command... Remarks Access Configuration Display specified terminal display rta { all | statistics | Available in any view access information terminal-number { brief | detail | statistics | vty-number } } Clear the statistics of a...
Page 770 51: T HAPTER ERMINAL CCESS ONFIGURATION...
Page 771: Installing And Configuring Sco Openserver Server
2 Log in as a super user such as root. To install and configure this program, you must log in as a super user as follows: Step1: Press a hotkey to switch to a console, <Alt+F4> for example. The following...
Page 772 52: FEP I HAPTER NSTALLATION AND ONFIGURATION Insert the floppy disk into the floppy drive of the Unix server and then run the mount command to mount the floppy drive. # mount /dev/fd0 /mnt Copy the executable files to the Unix server.
Page 773 Transfer the program ttyadm to the Unix server in text format. Then, exit FTP. ftp> ascii ftp> put ttyadm ftp> bye 4 On the Unix server, change the file modes of the programs to the executable mode. # chmod u+x /etc/ttyd /etc/ttyadm /etc/ttyadmcmd Now, the ttyd, ttyadmcmd, and ttyadm programs are installed.
Page 774 Modifying the maximum number of files a process can open By default, each SCO OpenServer Unix process can open up to 110 files. If a Unix server is to be connected with more than 50 terminals, you are recommended to change the number to 600.
Page 775: Modifying System Configuration File Inittab
C50:234:respawn:/etc/getty ttyp50 m If the line is absent, add it. In the sample line, C50 is the identifier of the line. Each line in file inittab must have a unique identifier consisting of no more than four characters. According to banking applications, pseudo terminals fall into two categories: active terminal and dumb terminal.
Page 776 Currently, it must be set to 1. nodelay 1 Specifies the ttyd process to support (with a value of 1) or not to support (with a value of 0) the nodelay attribute. The default is 1, meaning that ttyd responds instantly upon receiving data from the peer.
Page 777 If authentication is configured on the FEP, you need to enter the password before performing any operation on the FEP. If neither exit 1 nor exit 0 is configured, terminating the connection using the hotkey or the reset rta connection command will not terminate the ttyd program.
Page 778 Addition takes effect automatically. For modification and deletion to take effect, however, the configuration file must be refreshed. Normally, you need to configure items 1, 2, 4, 9, 11, 12, and 13 as required and use defaults for other items.
Page 779 8309. All processes use the default configuration file /etc/ttyd.conf. ■ You can use the kill 8309 command to kill the ttyd process 8309 and all its ■ child processes, that is, all the processes mentioned above.
Page 780: Installing And Using Ttyd Administration Program Ttyadm
52: FEP I HAPTER NSTALLATION AND ONFIGURATION echo "Stop ttyd ..." pid=‘ps -ef | grep ttyd | awk ’{if ($3 == 1) print $0}’ | aw k ’{print $2}’‘ if [ ! "$pid" = "" ] then kill $pid esac 3 Save your configuration and exit.
Page 781 Then, you can terminate a ttyd process by entering its process number. If you enter the process number of a ttyd main process, all the ttyd child processes of that main process will be terminated as well. Here is an example: Main process: Process No.
Page 782 (PTYs) are output in the character format and in the hexadecimal format respectively. The default log output level is level 0; that is, only error information will be output. To view more detailed log information, you need to adjust the log output levels.
Page 783 If the size of a log file exceeds 1 MB, when its corresponding ttyd process starts ■ the next time, it will be cleared by the ttyd program and the logging will start all over again.
Page 784 1 Display CPU resources. From the system resource submenu, select option 1 to display the CPU resources in the system. This operation is the same as executing the sar -u 1 5 command. The following displays: SCO_SV sco2 3.2v5.0.5 i80386...
Page 785 From the system resource submenu, selection option 0 to return to the main menu. Displaying router status On the main interface, select option 0 and the system prompts you for the router IP address. After you enter the router IP address, the router status submenu displays:...
Page 786 2336030 Bytes Current APP Recv 2327134 Bytes Current APP Send 2490 Bytes 3 Display brief tty-server information. From the router status submenu, select option 3 to display the APP summary on the corresponding router. The following displays: APP_ID HOST_IP PORT STATE...
Page 787: Installing And Configuring Sco Unixware Server
Installing and Configuring SCO UnixWare Server Enter a terminal name to display all the statistics about the terminal. The following displays: Process ID. Parent process No. tty device name Router IP Port No. Terminal No. Debugging level 12676 12674 ttyp55 10.110.96.44...
Page 788: Modifying System Configuration File Ttydefs
Modifying the maximum number of files a process can open By default, each SCO UnixWare process can open up to 64 files. If a Unix server is to be connected with a large number of terminals (usually more than 50), you are recommended to change the value to 400.
Page 789: Modifying Route Configuration File
772. Configuration Adding pseudo terminals Prerequisites If there are not enough pseudo terminals on the SUN OS system, you can add new pseudo terminals by modifying the system file as follows: 1 Open the system file. # vi /etc/system Add set npty=176 into the file: 2 Save your configuration and exit.
Page 790: Editing The Ttyd Configuration File
Modifying the maximum number of files a process can open By default, each SUN OS process can open up to 64 files. If a Unix server is to be connected with a number of terminals (usually more than 50), change the value to 400.
Page 791: Installing And Configuring Ibm Aix Server
Modifying the maximum number of processes a user can open By default, each IBM AIX user can open up to 128 processes. If a Unix server is to be connected with many terminals (usually more than 50), change the value to 500.
Page 792: Running And Terminating Ttyd On The Unix Server
/dev/ttyA6 If the line is absent, add it. In the sample line, ttyA6 is the identifier of the line. Each line in file inittab must have a unique identifier consisting of no more than four characters.
Page 793: Installing And Configuring Hp-Ux Server
Modifying the maximum number of processes supported by the system By default, the HP-UX server supports up to 664 processes. If a Unix server is to be connected with many terminals (usually more than 50), change the value to 2000.
Page 794: Editing Ttyd Configuration File
9600 If the line is absent, add it. In the sample line, pa is the identifier of the line. Each line in file inittab must have a unique identifier consisting of no more than four characters.
Page 795: Installing And Configuring Red Hat Linux Server
Installing and Configuring Red Hat Linux Server echo "Stop ttyd" ’stop’) pid=‘ps -ef | grep ttyd | awk ’{if ($3 == 1) print $0}’ | aw k ’{print $2}’‘ if [ ! "$pid" = "" ] then kill $pid esac 3 Save your configuration and exit.
Page 796: Modifying System Configuration File Inittab
9600 If the line is absent, add it. In the sample line, pa is the identifier of the line. Each line in file inittab must have a unique identifier consisting of no more than four characters.
Page 797: Running And Terminating Ttyd On Unix Server
The terminal access router is usually connected to the Unix server through WANs Configuration File and therefore located on an IP segment different from that of the Unix server, in which case you must configure a route on the Unix server.
Page 798 52: FEP I HAPTER NSTALLATION AND ONFIGURATION...
Page 799: Prompts On Terminals
(TTY tty-number: vty-number The corresponding entries in the ttyd configuration authentication failed or file of the Unix server may be wrong, or the ttyd server-name no response) listening port on the Unix server and the application port on the router are different.
Page 800: Terminal Access Troubleshooting
Now, you can enter the test hotkey on the terminal. If the physical connectivity between the terminal and router is correct, the terminal screen will display “Terminal to Router test OK!” if you have set the language type to English on the Unix server. This means the connectivity between the terminal and the asynchronous serial interface of the router is correct and they can exchange data with each other normally.
Page 801 Terminal access converters are exclusively used for 8AS cables (RJ-45 for banks) and 16AS cables (RJ-45 for banks) to connect to terminals. One end of the cable is an RJ-45 receptacle for connecting to a standard network cable, and the other end is a DB-25 receptacle for connecting to a terminal.
Page 802 The WAN line between the router and the Unix server functions well, and the criterion is satisfied for the router to establish a TCP connection to the server. Refer “Check whether the main ttyd process and its child processes are present” on page 803.
Page 803 Check whether the main ttyd process and its child processes are present Use the process management function provided by the ttyd administration program or the ps -ef | grep ttyd command to check whether the main ttyd process and its child processes are present.
Page 804 CCESS ROUBLESHOOTING Now, you can press the test hotkey on the terminal. If the TCP connection between the terminal and the Unix server is correct, the terminal screen displays “Terminal to Unix test OK!”. This means a TCP connection has been established between the application used by the terminal and the ttyd program on the UNIX server, and the terminal can communicate with the server normally.
Page 805 The debugging file of a child process is named in the format of ttypxx.log, where ttypxx is the name of the ttyp device for the child process.
Page 806 CCESS ROUBLESHOOTING 6 Fail: the swap is not enough to store the data, so some data is discarded Cause: Data from the router is not written into the PTY device (pseudo terminal), making the buffer full and subsequent data discarded. Typically, this is because the PTY device is not operating normally.
Page 807 Unix server corresponding to the terminal by following these steps: 1 If the pseudo terminal is an active terminal, sign off; if it is a dumb terminal, terminate it from the banking service process and delete its configuration in the configuration file of the banking service.
Page 808 53: T HAPTER ERMINAL CCESS ROUBLESHOOTING...
Page 809 If there are insufficient stream resources on the Unix server, modify kernel parameters. If an FEP is connected to too many terminals, you need to modify the Unix kernel of the FEP to increase stream resources to avoid insufficient stream resources in operation.
Page 810 6 Set the [NSTRPAGES] field to 2000 (the default is 500). 7 Exit to the level 2 interface and select [Relink Kernel] to recompile the kernel. 8 Exit scoadmin and reboot the Unix server. After reboot, the change takes effect. You can use the netstat -m command to view current system stream resources.
Page 811 Note that the router only supports the one-to-one mode currently. Solution: For the first case, you may check the UNIX server log for a message similar to ■ "open ptyp10 failed: I/O error. In such a case, execute the following command...
Page 812 The status of a terminal is not OK but UP on the router If a terminal is correctly connected to the router, its status should be OK when you use the display rta command. If its status is UP, terminal access is not started, and you must use the rta server enable command in system view on the router to enable terminal access.
Page 813 First, check the hardware versions of the interface modules. 8AS modules have two hardware versions: 1.x and 2.x. 8AS modules with a hardware version of 1.x do not support card swiping and those with a hardware version of 2.x do. No such problems happen to any other interface modules.
Page 814 54: T HAPTER ERMINAL CCESS...
Page 815: Ip Routing And Routing Table
Routing in the Internet is achieved through routers. Upon receiving a packet, a router finds an optimal route based on the destination address and forwards the packet to the next router in the path until the packet reaches the last router, which forwards the packet to the intended destination host.
Page 816 55: IP R HAPTER OUTING VERVIEW IP address of the next hop: Specifies the address of the next router on the path. ■ If only the outbound interface is configured, its address will be the IP address of the next hop.
Page 817: Routing Protocol Overview
Routing Protocol Overview Static Routing and Static routing is easy to configure and requires less system resources. It works well Dynamic Routing in small, stable networks with simple topologies. Its major drawback is that you must perform routing configuration again whenever the network topology changes;...
Page 818: Routing Protocols And Routing Priority
Different routing protocols may find different routes to the same destination. Routing Priority However, not all of those routes are optimal. In fact, at a particular moment, only one protocol can uniquely determine the current optimal routing to the destination. For the purpose of route selection, each routing protocol (including static routes) is assigned a priority.
Page 819: Load Balancing And Route Backup
In multi-route mode, a routing protocol can be configured with multiple equal-cost routes to the same destination. These routes have the same priority and will all be used to accomplish load balancing if there is no route with a higher priority available.
Page 820: Configuring Load Sharing
For example, assume there are two equal-cost routes on the device. If one data flow is to pass through the device, it will be forwarded through either route; if two data flows are to pass through, they will be forwarded through the two routes separately.
Page 821: Displaying And Maintaining A Routing Table
Available in any view about the active routes in the [ vpn-instance vpn-instance-name ] routing table [ verbose | | { begin | exclude | include } regular-expression ] Display information about display ip routing-table ip-address Available in any view...
Page 822: Bandwidth-Based Load Sharing Configuration Example
2048 Serial2/0 # The display shows that packets are load-shared according to their default bandwidths. Specify bandwidths fpr the three interfaces on Router A and observe the load sharing. Network diagram Figure 230 Network diagram for bandwidth-based non-balanced load sharing...
Page 823 [Sysname] display load-sharing ip address 10.2.1.0 24 There are/is totally 3 route entry(s) to the same destination network. Nexthop Packet(s) Bandwidth[KB] Flow(s) Interface 10.1.2.2 142824 Atm1/0 10.1.1.2 285648 Ethernet0/0 10.1.3.2 428472 Serial2/0 # The display shows that packets are load-shared according to the specified interface bandwidths.
Page 824 55: IP R HAPTER OUTING VERVIEW...
Page 825: Bgp Overview
BGP C ONFIGURATION Border Gateway Protocol (BGP) is a dynamic inter-AS route discovery protocol. When configuring BGP, go to these sections for information you are interested in: “BGP Overview” on page 825 ■ “BGP Configuration Task List” on page 840 ■...
Page 826: Formats Of Bgp Messages
BGP runs on a router in one of the following two modes: IBGP (Interior BGP) ■ EBGP (External BGP) ■ BGP is called IBGP when it runs within an AS and is called EBGP when it runs between ASs. Formats of BGP Header Messages...
Page 827 BGP Overview Open After a TCP connection is established, the first message sent by each side is an Open message for peer relationship establishment. The Open message contains the following fields: Figure 232 BGP open message format Version My Autonomous System...
Page 828 Keepalive messages are sent between peers to maintain connectivity. Its format contains only the message header. Route-refresh A route-refresh message is sent to a peer to request the resending of the specified address family routing information. Its format is shown below: Figure 235 BGP Route-refresh message format Res.
Page 829: Bgp Path Attributes
AS_PATH is a well-known mandatory attribute. This attribute identifies the autonomous systems through which routing information carried in this Update message has passed. When a route is advertised from the local AS to another AS, each passed AS number is added into the AS_PATH attribute, thus the receiver can...
Page 830 AS_PATH length if other factors are the same. As shown in the above figure, the BGP router in AS 50 gives priority to the route passing AS 40 for sending information to the destination 8.0.0.0.
Page 831 MED value the best route if other conditions are the same. As shown below, traffic from AS 10 to AS 20 travels through Router B that is selected according to MED. Figure 238 MED attribute...
Page 832: Bgp Route Selection
When a BGP router obtains from several IBGP peers multiple routes to the same destination but with different next hops, it considers the route with the highest LOCAL_PREF value as the best route. As shown below, traffic from AS 20 to AS 10 travels through Router C that is selected according to LOCAL_PREF.
Page 833 Route selection with BGP load balancing The next hop of a BGP route may not be a directly connected neighbor. One of the reasons is next hops in routing information exchanged between IBGPs are not modified. In this case, the router finds the direct route via IGP route entries to reach the next hop.
Page 834: Ibgp And Igp Information Synchronization
Router D AS 200 In the above figure, Router D and Router E are IBGP peers of Router C. Router A and Router B both advertise a route destined for the same destination to Router C. If load balancing is configured and the two routes have the same AS_PATH attribute, ORIGIN attribute, LOCAL_PREF and MED, Router C adds both the two routes to its route table for load balancing.
Page 835: Settlements For Problems Caused By Large Scale Bgp Networks
EBGP peer. You can disable the synchronization feature in the following cases: The local AS is not a transitive AS (AS 20 is a transitive AS in the above figure). ■ IBGP routers in the local AS are fully meshed.
Page 836 Each time a route flap occurs (the state change of a route from active to inactive is a route flap), BGP adds a penalty value (1000, which is a fixed number and cannot be changed) to the route. When the...
Page 837 AS, the number of IBGP connections is n(n-1)/2. If there are many IBGP peers, most network and CPU resources will be consumed. Using route reflectors can solve the issue. In an AS, a router acts as a route reflector, and other routers act as clients connecting to the route reflector. The route reflector forwards (reflects) routing information between clients.
Page 838 “GR Overview” on page 1957. 1 To establish a BGP session with a peer, a BGP GR Restarter sends an OPEN message with GR capability to the peer. 2 Upon receipt of this message, the peer is aware that the sending router is capable of Graceful Restart, and sends an OPEN message with GR Capability to the GR Restarter to establish a GR session.
Page 839: Mp-Bgp
BGP Overview 3 The GR session between the GR Restarter and its peer goes down when the GR Restarter restarts BGP. The GR capable peer will mark all routes associated with the GR Restarter as stale. However, during the configured GR Time, it still uses these routes for packet forwarding, ensuring that no packet will be lost when routing information from its peer is recollected.
Page 840: Bgp Configuration Task List
■ RFC3065: Autonomous System Confederations for BGP ■ draft-ietf-idr-restart-08: Graceful Restart Mechanism for BGP ■ BGP Configuration To configure BGP, perform the tasks described in the following sections: Task List Task Description “Configuring BGP Basic Functions” on page 841 Required “Controlling Route Distribution and...
Page 841: Configuring Bgp Basic Functions
The section describes BGP basic configuration. Functions This section does not differentiate between BGP and MP-BGP. ■ Since BGP employs TCP, you need to specify IP addresses of peers, which may ■ not be neighboring routers. Using logical links can also establish BGP peer relationships.
Page 842 EBGP connection CAUTION: It is required to specify for a BGP router a router ID, a 32-bit unsigned integer ■ and the unique identifier of the router in the AS. You can specify a router ID manually. If not, the system selects an IP address as ■...
Page 843: Controlling Route Distribution And Reception
Before configuring this task, you have completed BGP basic configuration. Configuring BGP Route BGP can advertise the routing information of the local AS to peering ASs, but it Redistribution redistributes routing information from IGP into BGP routing table rather than self-finding.
Page 844: Advertising A Default Route To A Peer Or Peer Group
| suppress-policy route-policy-name ]* Advertising a Default To advertise a default route to a peer or peer group, use the following commands: Route to a Peer or Peer Group To do... Use the command... Remarks Enter system view...
Page 845: Configuring Bgp Route Reception Policy
CAUTION: Only routes passing the specified filter can be advertised. Configuring BGP Route To configure BGP routing reception policy, use the following commands: Reception Policy To do...
Page 846: Enabling Bgp And Igp Route Synchronization
56: BGP C HAPTER ONFIGURATION CAUTION: Only routes permitted by the specified filter policy can be added into the local ■ BGP routing table. Members of a peer group can have different inbound route filter policies from ■ the peer group.
Page 847 Enable to compare MED values of bestroute Optional routes from confederation peers med-confederation Not enabled by default Specify the router as the next hop of routes to peer { group-name | Optional a peer/peer group ip-address } By default, routes next-hop-local...
Page 848 ■ contains the local AS number. If so, it discards the route to avoid routing loops. You can specify a fake AS number to hide the real one as needed. The fake AS ■ number applies to EBGP peers only, that is, EBGP peers in other ASs can only...
Page 849: Tuning And Optimizing Bgp Networks
The current BGP implementation supports the route-refresh capability. With this capability enabled on all BGP routers in a network, when a policy is modified on a router, the router advertises a route-refresh message to its peers, which then resend their routing information to the router.
Page 850 Configure the interval for sending peer { group-name | Optional the same update to a peer/peer ip-address } The intervals for sending the group route-update-interval same update to an IBGP peer seconds...
Page 851: Configuring A Large Scale Bgp Network
The maximum keepalive interval should be 1/3 of the holdtime and no less ■ than 1 second. The holdtime is no less than 3 seconds unless it is set to 0. The intervals set with the peer timer command are preferred to those set with ■...
Page 852: Configuring Bgp Community
You need not specify the AS number when creating an IBGP peer group. ■ If there are peers in a peer group, you can neither change the AS number of ■ the group nor use the undo command to remove the AS number You need specify the AS number for each peer in a mixed EBGP peer group ■...
Page 853: Configuring A Bgp Route Reflector
In general, a cluster has only one route reflector, and the router ID is used to ■ identify the cluster. You can configure multiple route reflectors to improve network stability.
Page 854 56: BGP C HAPTER ONFIGURATION One device can act as both the GR Restarter and GR Helper at the same time. To do... Use the command... Remarks Enter system view system-view Enable BGP, and enter its view bgp as-number Required...
Page 855: Displaying And Maintaining Bgp Configuration
[ regular-expression as-regular-expression | as-path-acl as-path-acl-number | ip-address [ { mask | mask-length } [ longer-match ] ] ] Display routing information to display bgp routing-table peer ip-address or from a peer { advertised-routes | received-routes }...
Page 856: Resetting Bgp Connections
BGP Basic Configuration Network requirements Figure 246 are all BGP routers. Between Router A and Router B is an EBGP connection. Router B, Router C and Router D are IBGP fully meshed. Network diagram Figure 246 Network diagram for BGP basic configuration...
Page 857 # Configure Router A. <RouterA> system-view [RouterA] bgp 65008 [RouterA-bgp] router-id 1.1.1.1 [RouterA-bgp] peer 200.1.1.1 as-number 65009 # Advertise network 8.0.0.0/8 to the BGP routing table. [RouterA-bgp] network 8.0.0.0 [RouterA-bgp] quit # Configure Router B. [RouterB] bgp 65009 [RouterB-bgp] peer 200.1.1.2 as-number 65008 [RouterB-bgp] quit # Display BGP peer information on Router B.
Page 858 PrefVal Path/Ogn 8.0.0.0 200.1.1.2 65008i From above outputs, you can find Router A learned no route to AS65009, and Router C learned network 8.0.0.0 but the next hop 200.1.1.2 is unreachable, thus the route is invalid. 4 Redistribute direct routes # Configure Router B.
Page 859: Bgp And Igp Interaction Configuration
= 16/31/47 ms BGP and IGP Interaction Network requirements Configuration As shown below, OSPF is used as the IGP protocol in AS 65009, where Router C is a non-BGP router. Between Router A and Router B is an EBGP connection.
Page 860 [RouterB-bgp] router-id 2.2.2.2 [RouterB-bgp] peer 3.1.1.2 as-number 65008 [RouterB-bgp] quit 4 Configure BGP and IGP interaction # Configure BGP to redistribute routes from OSPF on Router B. [RouterB] bgp 65009 [RouterB-bgp] import-route ospf 1 [RouterB-bgp] quit # Display routing table information on Router A.
Page 861 BGP Typical Configuration Examples Origin : i - IGP, e - EGP, ? - incomplete Network NextHop LocPrf PrefVal Path/Ogn *> 8.1.1.0/24 0.0.0.0 *> 9.1.1.0/24 3.1.1.1 65009? *> 9.1.2.0/24 3.1.1.1 1563 65009? # Configure OSPF to redistribute routes from BGP on router B.
Page 862: Bgp Load Balancing And Med Attribute Configuration
Configuration MED attribute to affect BGP route election. As shown in the figure below, all routers run BGP, and Router A resides in AS 65008, Router B and Router C in AS 65009. Between Router A and Router B, Router A and Router C are EBGP connections, and between Router B and Router C is an IBGP connection.
Page 863 200.1.2.1 65009i From the above output, you can find two routes to the destination 9.1.1.0/24 are available, and the route with the next hop 200.1.1.1 is the best route because Router B has a smaller router ID than Router C.
Page 864: Bgp Community Configuration
65009i From the above information, you can find the route with the next hop 200.1.2.1 is the best route, because its MED (0) is smaller than the MED (100) of the other route with the next hop 200.1.1.1 (Router B).
Page 865 PrefVal Path/Ogn *> 9.1.1.0/24 200.1.3.1 20 10i Router C learned the route to the destination 9.1.1.0/24 from Router B. 3 Configure BGP community attribute. # Configure a routing policy. [RouterA] route-policy comm_policy permit node 0 [RouterA-route-policy] apply community no-export [RouterA-route-policy] quit...
Page 866: Bgp Route Reflector Configuration
: valid, external, best, Not advertised to any peers yet You can find the configured community attribute in the above output. At this time, the route to the destination 9.1.1.0/24 is not available in the routing table of Router C. BGP Route Reflector...
Page 867: Verify The Configuration
[RouterB] display bgp routing-table Total Number of Routes: 1 BGP Local router ID is 200.1.2.2 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete...
Page 868: Bgp Confederation Configuration
BGP Confederation Network requirements Configuration To reduce IBGP connections in AS 200, split it into three sub ASs, AS 65001, AS 65002 and AS 65003. Routers in AS 65001 are fully meshed. Network diagram Figure 251 Network diagram for BGP confederation configuration...
Page 869 [RouterC-bgp] router-id 3.3.3.3 [RouterC-bgp] confederation id 200 [RouterC-bgp] confederation peer-as 65001 65002 [RouterC-bgp] peer 10.1.2.1 as-number 65001 [RouterC-bgp] quit 3 Configure IBGP connections in AS 65001. # Configure Router A. [RouterA] bgp 65001 [RouterA-bgp] peer 10.1.3.2 as-number 65001 [RouterA-bgp] peer 10.1.3.2 next-hop-local [RouterA-bgp] peer 10.1.4.2 as-number 65001...
Page 870 [RouterE-bgp] confederation 200 [RouterE-bgp] peer 10.1.4.1 as-number 65001 [RouterE-bgp] peer 10.1.5.1 as-number 65001 [RouterE-bgp] quit 4 Configure the EBGP connection between AS 100 and AS 200. # Configure Router A. [RouterA] bgp 65001 [RouterA-bgp] peer 200.1.1.2 as-number 100 [RouterA-bgp] quit # Configure Router F.
Page 871: Bgp Path Selection Configuration
BGP Path Selection Network requirements Configuration In the figure below, all routers run BGP. Between Router A and Router B, ■ Router A and Router C are EBGP connections. Between Router B and Router D, Router D and Router C are IBGP connections.
Page 872 <RouterA> system-view [RouterA] bgp 100 [RouterA-bgp] peer 192.1.1.2 as-number 200 [RouterA-bgp] peer 193.1.1.2 as-number 200 # Advertise network 1.0.0.0/8 into the BGP routing table of Router A [RouterA-bgp] network 1.0.0.0 8 [RouterA-bgp] quit # Configure Router B [RouterB] bgp 200 [RouterB-bgp] peer 192.1.1.1 as-number 100...
Page 873 [RouterD-bgp] peer 195.1.1.2 as-number 200 [RouterD-bgp] quit 4 Configure different attribute values for the route 1.0.0.0/8 to make Router D give priority to the route learned from Router C. Specify a higher MED value for the route 1.0.0.0/8 advertised to 192.1.1.2 to ■...
Page 874: Troubleshooting Bgp Configuration
[RouterC] acl number 2000 [RouterC-acl-basic-2000] rule permit source 1.0.0.0 0.255.255.255 [RouterC-acl-basic-2000] quit # Define routing policy localpref on Router C to set the local priority of route 1.0.0.0/8 to 200 (the default is 100). [RouterC] route-policy localpref permit node 10...
Page 875 Troubleshooting BGP Configuration 5 Check whether a route to the peer is available in the routing table. 6 Use the ping command to check connectivity. 7 Use the display tcp status command to check the TCP connection. 8 Check whether an ACL disabling TCP port 179 is configured.
Page 876 56: BGP C HAPTER ONFIGURATION...
Page 877: Is-Is Overview
Link State Database (LSDB). All link states in the network forms the LSDB. There ■ is at least one LSDB in each IS. The IS uses SPF algorithm and LSDB to generate its own routes.
Page 878 Link State Protocol Data Unit (LSP). Each IS can generate an LSP which contains ■ all the link state information of the IS. Each IS collects all the LSPs in the local area to generate its own LSDB. Network Protocol Data Unit (NPDU). An NPDU is a network layer protocol ■...
Page 879: Is-Is Area
IS-IS Overview Extend each decimal number of the IP address to 3 digits by adding 0s from the ■ left, like 168.010.001.001; Divide the extended IP address into 3 sections with 4 digits in each section to ■ get the System ID 1680.1000.1001.
Page 880 Level-2 and Level-1-2 routers in different areas. A Level-1 router must be connected to other areas via a Level-1-2 router. The Level-1-2 router maintains two LSDBs, where the Level-1 LSDB is for routing within the area, and the Level-2 LSDB is for routing between areas.
Page 881 A Level-1 area is connected with the Level-2 area rather than other Level-1 areas. The routing information of the Level-1 area is sent to the Level-2 area through the Level-1-2 router. Therefore, the Level-2 router knows the routing information of the entire IS-IS routing domain but does not share the information with the Level-1 area by default.
Page 882: Is-Is Network Type
The pseudonode emulates a virtual node on the broadcast network. It is not a real router. In IS-IS, it is identified by the system ID and one byte Circuit ID (a non zero value) of the DIS.
Page 883: Is-Is Pdu Format
(PDU) consists of two parts, the headers and the variable length field, where the headers can be further divided into the common header and the specific header. The common headers are the same for all PDUs, while the specific headers vary by PDU type. The following figure shows the PDU format.
Page 884 Priority LAN ID ID length+1 Variable length fields Reserved/Circuit Type: The first 6 bits are reserved with value 0. The last 2 bits ■ indicates router types: 00 means reserved, 01 indicates L1, 10 indicates L2, and 11 indicates L1/2.
Page 885 PDU length Local Circuit ID Variable length fields Instead of the priority and LAN ID fields in the LAN IIH, the P2P IIH has a Local Circuit ID field. LSP packet format The Link State PDUs (LSP) carries link state information. There are two types: Level-1 LSP and Level-2 LSP.
Page 886 Router B to forward its packets to Router C in normal condition. Once other routers know the OL field on Router B is set to 1, Router A will send packets to Router C via Router D and Router E, but still send to Router B packets destined...
Page 887 SNP contains Complete SNP (CSNP) and Partial SNP (PSNP), which are further divided into Level-1 CSNP, Level-2 CSNP, Level-1 PSNP and Level-2 PSNP. CSNP covers the summary of all LSPs in the LSDB to synchronize the LSDB between neighboring routers. On broadcast networks, CSNP is sent by the DIS periodically (10s by default).
Page 888 Version Reserved Maximum area address PDU length Source ID ID length+1 Variable length fields The variable fields of PDU are composed of multiple Code-Length-Value (CLV) triplets. Figure 265 shows the CLV format. Figure 265 CLV format No. of Octets Code...
Page 889: Is-Is Features Supported
IS-IS Overview Code 1 to 10 of CLV are defined in ISO 10589 (code 3 and 5 are not shown in the table), and others are defined in RFC 1195. IS-IS Features Supported Multiple instances and processes IS-IS supports multiple instances and processes. Multiple processes allow a designated IS-IS process to work in concert with a group of interfaces.
Page 890 ID of the originating system. Extended LSP ■ It is the LSP generated by a virtual system. The system ID in its LSP ID field is the virtual system ID. After additional system IDs are configured, an IS-IS router can advertise more link state information in extended LSP fragments.
Page 891: Protocols And Standards
TLV of a pseudonode LSP. A host name is intuitively easier to remember than a system ID. After enabling this feature on the router, you can see the host names instead of system IDs after using the display command. Protocols and Standards ISO 10589 ISO IS-IS Routing Protocol ■...
Page 892: Is-Is Configuration Task List
■ Authentication RFC 3719 - Recommendations for Interoperable Networks using IS-IS ■ RFC 3786 - Extending the Number of IS-IS LSP Fragments Beyond the 256 Limit ■ RFC 3787 - Recommendations for Interoperable IP Networks using IS-IS ■ RFC 3784 - IS-IS extensions for Traffic Engineering ■...
Page 893: Configuring Is-Is Basic Functions
Before the configuration, accomplish the following tasks first: Prerequisites Configure the link layer protocol. ■ Configure an IP address for each interface, and make sure all nodes are ■ reachable. Configuration Procedure Follow these steps to configure IS-IS basic functions: To do...
Page 894: Configuring Is-Is Routing Information Control
If a router’s type is configured as Level-1 or Level-2, the type of interfaces must be the same, which cannot be changed using the isis circuit-level command. However, an interface’s type can be changed with this command when the router’s type is Level-1-2 for the establishment of a specific level adjacency.
Page 895: Configuring Is-Is Link Cost
Configuring IS-IS Routing Information Control Configuring IS-IS Link There are three ways to configure the interface link cost, in descending order of Cost interface costs: Interface cost: Assign a link cost for a single interface. ■ Global cost: Assign a link cost for all interfaces.
Page 896: Configuring The Maximum Number Of Load Balanced Routes
1 M to 10 M, the interface cost is 60; if the interface bandwidth is in the range of 11 M to 100 M, the interface cost is 50; if the interface bandwidth is in the range of 101 M to 155 M, the interface cost is 40;...
Page 897: Advertising A Default Route
| level-1-2 ] The default route is only advertised to routers at the same level. You can use a routing policy to generate the default route only when a local routing entry is matched by the policy.
Page 898: Configuring Is-Is Route Leaking
■ Configuring a DIS On an IS-IS broadcast network, a router should be selected as the DIS at a specific Priority for an Interface level, Level-1 or Level-2. You can specify a DIS priority at a level for an interface.
Page 899: Configuring Is-Is Timers
CSNPs are sent by the DIS on a broadcast network for LSDB synchronization. If ■ no level is included, the specified CSNP interval applies to both Level-1 and Level-2 of the current IS-IS process. If a level is specified, it applies to the level.
Page 900: Disabling An Interface From Sending/Receiving Is-Is Hello Packets
An LSP is given an aging time when generated by the router. When the LSP is received by another router, its aging time begins to decrease. If the receiving router does not get the update for the LSP within the aging time, the LSP will be deleted from the LSDB.
Page 901 Note the following when enabling LSP fragment extension After LSP fragment extension is enabled in an IS-IS process, the MTUs of all the ■ interfaces with this IS-IS process enabled must not be less than 512; otherwise, LSP fragment extension will not take effect.
Page 902: Configuring Dynamic Host Name Mapping
It is invalid on point-to-point links. The local host name on the local IS overwrites the remote host name on the remote IS. Configuring IS-IS For area authentication, the area authentication password is encapsulated into the Authentication Level-1 LSP, CSNP, and PSNP packets.
Page 903 Configuring LSDB When the overload tag is set on a router, other routers will not send packets to the Overload Tag router except for the packets destined to the network directly connected to the router.
Page 904: Logging The Adjacency Changes
Graceful Restart minimizes network disruption caused by LSDB synchronization ■ before LSP packets generation. When a router starts for the first time, it sets the overload bit in LSP packets ■ before LSDB synchronization is complete, which ensures no routing loop is...
Page 905: Displaying And Maintaining Is-Is Configuration
Displaying and Maintaining IS-IS Configuration The Graceful Restart interval on a router is used as the holdtime in the IS-IS Hello PDUs so that its neighbors can maintain the adjacencies within the interval after the router restarts. By setting the SA (Suppress-Advertisement) bit in the hello PDUs sent by the GR...
Page 906: Is-Is Configuration Example
266, Router A, B, C and Router D are in an IS-IS autonomous system. Router A and Router B are Level-1 routers, Router D is a Level-2 router, and Router C is a Level-1-2 router connecting two areas. Router A, Router B, and Router C are in area 10, while Router D is in area 20.
Page 907 IS-IS Configuration Example Configuration procedure 1 Configure IP addresses for interfaces (omitted) 2 Configure IS-IS # Configure Router A <RouterA> system-view [RouterA] isis 1 [RouterA-isis-1] is-level level-1 [RouterA-isis-1] network-entity 10.0000.0000.0001.00 [RouterA-isis-1] quit [RouterA] interface serial 2/0 [RouterA-Serial2/0] isis enable 1...
Page 908 57: IS-IS C HAPTER ONFIGURATION 3 Verify the configuration # Display the IS-IS LSDB information of each router to check the integrity of the LSP. [RouterA] display isis lsdb Database information for ISIS(1) -------------------------------- Level-1 Link State Database LSPID Seq Num...
Page 909 0/0/0 *-Self LSP, +-Self LSP(Extended), ATT-Attached, P-Partition, OL-Overload # Display the IS-IS routing information of each router. The routing table of Level-1 routers must contain a default route with the next hop being the Level-1-2 router. The routing table of Level-2 router must contain all routes of Level-1 and Level-2.
Page 910: Dis Selection Configuration
267, on a broadcast network (Ethernet), Router A, Router B, Router C and Router D reside in IS-IS area 10. Router A and Router B are Level-1-2 routers, Router C is a Level-1 router, and Router D is a Level-2 router.
Page 911 [RouterD-isis-1] network-entity 10.0000.0000.0004.00 [RouterD-isis-1] is-level level-2 [RouterD-isis-1] quit [RouterD] interface ethernet 1/0 [RouterD-Ethernet1/0] isis enable 1 [RouterD-Ethernet1/0] quit # Display information about IS-IS neighbors of Router A. Peer information for ISIS(1) ---------------------------- System Id: 0000.0000.0002 Interface: Ethernet1/0 Circuit Id: 0000.0000.0003.01...
Page 912 1497 L1/L2 No/Yes By using the default DIS priority, Router C is the Level-1 DIS, and Router D is the Level-2 DIS. The pseudonodes of Level-1 and Level-2 are 0000.0000.0003.01 and 0000.0000.0004.01 respectively. 3 Configure the DIS priority of Router A.
Page 913: Is-Is Gr Configuration Example
Down 1497 L1/L2 Yes/Yes After the DIS priority configuration, you can see Router A is the DIS for Level-1-2, and the pseudonode is 0000.0000.0001.01. # Display information about IS-IS neighbors and interfaces of Router C. [RouterC] display isis peer Peer information for ISIS(1) ---------------------------- System Id: 0000.0000.0001...
Page 914 IP address and subnet mask of each interface on the router. The configuration procedure is omitted. Configure IS-IS on the routers, ensuring that Router A, Router B and Router C can communicate with each other at layer 3 and dynamic route update can be implemented among them with IS-IS.
Page 915 IS-IS Configuration Example -------------------------------------------------------------------- IS-IS(1) Level-1 Restart Status Restart Interval: 150 SA Bit Supported Total Number of Interfaces = 1 Restart Status: RESTARTING Number of LSPs Awaited: 3 T3 Timer Status: Remaining Time: 239 T2 Timer Status: Remaining Time: 59...
Page 916 57: IS-IS C HAPTER ONFIGURATION...
Page 917: Introduction To Ospf
Loop-free: Computes routes with the Shortest Path Tree algorithm according to ■ the collected link states, so no loop routes are generated. Area partition: Allows an AS to be split into different areas for ease of ■ management and the routing information transmitted between areas is summarized to reduce network bandwidth consumption.
Page 918: Basic Concepts
Router ID To run OSPF, a router must have a Router ID, which is a 32-bit unsigned integer, the unique identifier of the router in the AS. You may assign a Router ID to an OSPF router manually. If no Router ID is...
Page 919: Ospf Area Partition And Route Summarization
Network Summary LSA: Type-3 LSA, originated by ABRs (Area Border Routers), ■ and flooded throughout the LSA’s associated area. Each summary-LSA describes a route to a destination outside the area, yet still inside the AS (an inter-area route). ASBR Summary LSA: Type-4 LSA, originated by ABRs and flooded throughout ■...
Page 920 ID. The boundaries between areas are routers rather than links. A network segment (or a link) can only reside in one area, in other words, an OSPF interface must be specified to belong to its attached area, as shown in the figure below.
Page 921 4 Autonomous System Border Router (ASBR) The router exchanging routing information with another AS is an ASBR, which may not reside on the boundary of the AS. It can be an internal router or area border router. Figure 270 OSPF router types...
Page 922 OSPF routers in between simply convey these OSPF packets as normal IP packets. (Totally) Stub area The ABR in a stub area does not distribute Type5 LSAs into the area, so the routing table scale and amount of routing information in this area are reduced significantly.
Page 923 In the following figure, the OSPF AS contains three areas: Area 1, Area 2 and Area 0. The other two ASs employ the RIP protocol. Area 1 is an NSSA area, and the ASBR in it translates RIP routes into type7 LSAs and advertises them throughout Area 1.
Page 924: Classification Of Ospf Networks
A type1 external route is an IGP route, such as a RIP or static route, which has high credibility and whose cost is comparable with the cost of an OSPF internal route.
Page 925 NBMA networks are fully meshed, non-broadcast and multi access. P2MP ■ networks are not required to be fully meshed. It is required to elect the DR and BDR on NBMA networks, while DR and BDR ■ are not available on P2MP networks.
Page 926: Ospf Packet Formats
Interfaces attached to the network and having priorities higher than ‘0" are election candidates. The election votes are hello packets. Each router sends the DR elected by itself in a hello packet to all the other routers. If two routers on the network declare themselves as the DR, the router with the higher DR priority wins.
Page 927 IP header OSPF packet header Number of LSAs LSA header LSA Data OSPF packet header OSPF packets are classified into five types that have the same packet header, as shown below. Figure 277 OSPF packet header Version Type Packet length...
Page 928 HelloInterval: The interval between the router’s hello packets. If two routers ■ have different intervals, they cannot become neighbors. Rtr Pri: Router priority. A value of 0 means the router cannot become the ■ DR/BDR. RouterDeadInterval: The time value before declaring a silent router down. If ■...
Page 929 Interface MTU: The size in bytes of the largest IP datagram that can be sent out ■ the associated interface, without fragmentation. I (Initial) The Init bit, which is set to 1 if the packet is the first packet in the ■ sequence of Database Description Packets, and set to 0 if not.
Page 930 Authentication LS type Link state ID Advertising router Major fields: LS type: The type number of the LSA to be requested, type 1 for example ■ indicates the Router LSA Link State ID: Determined by LSA type ■ Advertising Router: The ID of the router that sent the LSA ■...
Page 931 LS checksum Length Major fields: LS age: The time in seconds elapsed since the LSA was originated. A LSA ages ■ in the LSDB (added 1 per second), but does not in transmission. LS type: The type of the LSA ■...
Page 932 Type: Link type. A value of 1 indicates a point-to-point link to a remote router; ■ a value of 2 indicates a link to a transit network; a value of 3 indicates a link to a stub network; a value of 4 indicates a virtual link.
Page 933 TOS metric Major fields: Link State ID: For a type3 LSA, it is an IP address outside the area; for a type 4 ■ LSA, it is the router ID of an ASBR outside the area. Network Mask: The network mask for the type 3 LSA; set to 0.0.0.0 for the ■...
Page 934 58: OSPF C HAPTER ONFIGURATION A type3 LSA can be used to advertise a default route, having the Link State ID and Network Mask set to 0.0.0.0. 4 AS external LSA An AS external LSA originates from an ASBR, describing routing information to a destination outside the AS.
Page 935 For GR information, refer to “GR Overview” on page 1957. After an OSPF GR Restarter restarts OSPF, it needs to perform the following two tasks in order to re-synchronize its LSDB with its neighbors. To obtain once again effective OSPF neighbor information, assuming the ■...
Page 936 HAPTER ONFIGURATION After the restart, the GR Restarter will send an OSPF GR signal to its neighbors that will not reset their adjacencies with it. In this way, the GR Restarter can restore the neighbor table upon receiving the responses from neighbors.
Page 937: Related Rfcs
LSA as an inter-area route between the PE and CE. If a router connects to a PE router in the same area and establishes an internal route (backdoor route) for a special destination, in this case, since an OSPF intra-area route has a higher priority than a backbone route, VPN traffic will always travel on the backdoor route rather than the backbone route.
Page 938 “Configuring OSPF Route Optional Information Control” on Summarization” on page 943 page 942 “Configuring OSPF Inbound Optional Route Filtering” on page 943 “Configuring ABR Type3 LSA Optional Filtering” on page 943 “Configuring OSPF Link Cost” Optional on page 944 “Configuring the Maximum Optional Number of OSPF Routes”...
Page 939: Configuring Ospf Basic Functions
To ensure OSPF stability, you need to decide on router IDs and configure them manually. Any two routers in an AS must have different IDs. In practice, the ID of a router is the IP address of one of its interfaces.
Page 940: Configuring Ospf Area Parameters
7 LSAs (NSSA External LSAs) are advertised. Type 7 LSAs originate from the ASBR in a NSSA area. When arriving at the ABR in the NSSA area, these LSAs will be translated into type 5 LSAs for advertisement to other areas.
Page 941: Configuring Ospf Network Types
For routers having no direct link in between, you can configure related interfaces as the P2MP mode. If a router in the NBMA network has only a single peer, you can also configure associated interfaces as the P2P mode.
Page 942: Configuring An Nbma Neighbor
DR/BDR election on networks. However, if the local router is the DR or BDR, it will send a hello packet to the neighbor with priority 0 for adjacency relationship establishment.
Page 943: Configuring Ospf Route Summarization
Since OSPF is a link state-based internal gateway protocol, routing information is contained in LSAs. However, OSPF cannot filter LSAs. Using the filter-policy import command is to filter routes computed by OSPF, and only routes not filtered are added into the routing table.
Page 944: Configuring Ospf Link Cost
The value defaults to 100 Mbps If the cost value is not configured for an interface, OSPF computes the interface cost value automatically: Interface value= Bandwidth reference value/Interface bandwidth. If the calculated cost value is greater than 65535, the maximum cost will be 65535.
Page 945: Configuring Ospf Priority
Configuring OSPF A router may run multiple routing protocols. The router sets a priority for each Priority protocol, when a route found by several routing protocols, the route found by the protocol with the highest priority will be selected.
Page 946: Configuring Ospf Network Optimization
You can configure default values of parameters for redistributed routes, such ■ as the cost, upper limit, tag and type of external routes. The tag is used to indicate information related to protocol, for example, when redistributing BGP routes, OSPF uses the tag to differentiate AS IDs.
Page 947: Configuring Lsa Transmission Delay Time
The hello and dead intervals restore to default values after you change the ■ network type for an interface. The dead interval should be at least four times the hello interval on an ■ interface. The poll interval is at least four times the hello interval.
Page 948: Configuring Spf Calculation Interval
Configuring LSA When an interface receives an LSA that is the same with the previously received Minimum Repeat Arrival LSA within a specified interval, the LSA minimum repeat arrival interval, the Interval interface will discard the LSA.
Page 949: Disabling Interfaces From Sending Ospf Packets
OSPF networking and reduce resource consumption. Configuring Stub A stub router is used for traffic control. It informs other OSPF routers not to use it Routers to forward data, but they can have a route to the stub router.
Page 950: Configuring Ospf Authentication
The authentication mode and password for all interfaces attached to the same area must be identical. Adding Interface MTU Generally, when an interface sends a DD packet, it adds 0 into the Interface MTU into DD Packets field of the DD packet rather than the interface MTU.
Page 951: Configuring The Maximum Number Of External Lsas In Lsdb
Not enabled by default, that is, the interface fills in a value of 0 Configuring the Follow these steps to configure the maximum number of external LSAs in the Link Maximum Number of State Database: External LSAs in LSDB To do...
Page 952: Enabling The Advertisement And Reception Of Opaque Lsas
Disabled by default Configuring OSPF Graceful Restart One device can act as both a GR Restarter and a GR Helper at the same time. Configuring the OSPF GR You can configure the IETF standard or non IETF standard OSPF Graceful Restart Restarter capability on a GR Restarter.
Page 953: Configuring The Ospf Gr Helper
Helper neighbor by default. Triggering OSPF Graceful Performing main/backup switchover on a distributed device with two PDUs, or Restart performing the following configuration on an OSPF router will trigger OSPF Graceful Restart. Ensure that these routers are enabled with the following...
Page 954: Displaying And Maintaining Ospf Configuration
Display OSPF statistics display ospf [ process-id ] cumulative Display Link State display ospf [ process-id ] lsdb [ brief | [ { ase | Database information router | network | summary | asbr | nssa | opaque-link | opaque-area | opaque-as }...
Page 955: Ospf Configuration Examples
Network requirements Functions As shown in the following figure, all routers run OSPF. The AS is split into three areas, in which, RouterA and RouterB act as ABRs. After configuration, all routers can learn routes to every network segment in the...
Page 956 [RouterD-ospf-1-area-0.0.0.2] network 10.3.1.0 0.0.0.255 [RouterD-ospf-1-area-0.0.0.2] network 10.5.1.0 0.0.0.255 [RouterD-ospf-1-area-0.0.0.2] quit [RouterD-ospf-1] quit 3 Verify the above configuration # Display OSPF neighbors information on Router A.[RouterA] display ospf peer verbose OSPF Process 1 with Router ID 10.2.1.1 Neighbors Area 0.0.0.0 interface 10.1.1.1(Ethernet1/0)’s neighbors Router ID: 10.3.1.1...
Page 957 OSPF Configuration Examples Total Nets: 5 Intra Area: 3 Inter Area: 2 ASE: 0 NSSA: 0 # Display the Link State Database on RouterA [RouterA] display ospf lsdb OSPF Process 1 with Router ID 10.2.1.1 Link State Database Area: 0.0.0.0 Type...
Page 958: Configuring An Ospf Stub Area
RouterA and RouterB act as ABRs to forward routing information between areas. RouterD acts as the ASBR, redistributing routes (static routes). It is required to configure Area1 as a Stub area, reducing LSAs to this area without route reachability interference.
Page 959 Intra Area: 2 Inter Area: 3 ASE: 1 NSSA: 0 In the above output, since RouterC resides in a normal OSPF area, its routing table contains an external route. 4 Configure Area1 as a Stub area # Configure RouterA [RouterA] ospf [RouterA-ospf-1] area 1 [RouterA-ospf-1-area-0.0.0.1] stub...
Page 960: Configuring An Ospf Nssa Area
AS is split into three areas, where all routers run OSPF. RouterA and RouterB act as ABRs to forward routing information between areas. It is required to configure Area1 as an NSSA area, RouterC as an ASBR to redistribute static routes into the AS.
Page 961 It is recommended to configure the nssa command with the keyword default-route-advertise no-summary on Router A (an ABR) to reduce the routing table size on NSSA routers. On other NSSA routers, using the nssa command is ok. # Display routing information on RouterC [RouterC] display ospf routing OSPF Process 1 with Router ID 10.4.1.1...
Page 962: Configuring Ospf Dr Election
Configuring OSPF DR Network requirements Election Figure 292: Router A, B, C and D are on the same network, running OSPF. ■ Configure Router A as the DR, C as the BDR. ■ Network diagram Figure 292 OSPF DR election configuration network diagram...
Page 963 MTU: 0 Dead timer due in 31 Neighbor is up for 00:01:28 Authentication Sequence: [ 0 ] RouterD becomes the DR, and RouterC becomes the BDR. 3 Configure router priorities on interfaces # Configure RouterA [RouterA] interface ethernet 1/0 [RouterA-Ethernet1/0] ospf dr-priority 100...
Page 964 Neighbor is up for 00:11:15 Authentication Sequence: [ 0 ] The DR and BDR have no change. In the above output, you can find the priority configuration does not take effect immediately. 4 Restart the OSPF process (omitted) # Display neighbor information on RouterD [RouterD] display ospf peer OSPF Process 1 with Router ID 4.4.4.4...
Page 965 Figure 293, Area 2 has no direct connection to Area 0, the backbone, and Area 1 acts as the Transit Area to connect Area 2 to Area 0 via a virtual link between RouterA and RouterB. After configuration, RouterA can learn routes to Area 2.
Page 966 Intra Area: 2 Inter Area: 0 ASE: 0 NSSA: 0 Since Area 2 has no direct connection to Area 0, the OSPF routing table of Router A has no route to Area 2. 3 Configure a virtual link # Configure Router A.
Page 967 ■ and the same OSPF routing domain are GR capable. Router A acts as the non IETF standard GR Restarter, and Router B and Router ■ C are the GR Helpers and remain OOB synchronized with Router A through the GR mechanism.
Page 968: Troubleshooting Ospf Configuration
2 Display OSPF interface information using the display ospf interface command. 3 Ping the neighbor router’s IP address to check connectivity. 4 Check OSPF timers. The dead interval on an interface must be at least four times the hello interval.
Page 969 If more than two areas are configured, at least one area is connected to the backbone. 5 In a Stub area, all routers are configured with the stub command. In an NSSA area, all interfaces are configured with the nssa command.
Page 970 58: OSPF C HAPTER ONFIGURATION...
Page 971: Rip Overview
0. The hop count of a network reachable through one router is 1. To limit convergence time, the range of RIP metric value is from 0 to 15. A metric value of 16 (or bigger) is considered infinite, which means the destination network is unreachable.
Page 972: Operation Of Rip
The timeout timer defines the route aging time. If no update for a route is ■ received after the aging time elapses, the metric of the route is set to 16 in the routing table. The suppress timer defines how long a RIP route stays in the suppressed state.
Page 973: Rip Version
RIP Overview 4 RIP ages out routes by adopting an aging mechanism to keep only valid routes. RIP Version RIP has two versions, RIP-1 and RIP-2. RIP-1, a Classful Routing Protocol, supports message advertisement via broadcast only. RIP-1 protocol messages do not carry mask information, which means it can only recognize routing information of natural networks such as Class A, B, C.
Page 974 Subnet Mask: Mask of the destination address. ■ Next Hop: If set to 0.0.0.0, it indicates that the originator of the route is the ■ best next hop; Otherwise it indicates a next hop better that the originator of the route.
Page 975: Trip
Routing information is sent in triggered updates rather than periodic broadcasts to reduce the routing management cost the WAN. Only when data in the routing table changes or the next hop is unreachable, a ■ routing update message is sent.
Page 976: Rip Features Supported
RIP runs only on the interfaces residing on the specified networks. Therefore, ■ you need specify the network after enabling RIP to validate RIP on a specific interface. You can enable RIP on all interfaces using the command network 0.0.0.0.
Page 977 RIP-1 broadcasts and can receive RIP-1 broadcast and unicast packets, RIP-2 broadcast, multicast, and unicast packets. If an interface has no RIP version configured, it uses the global RIP version; ■ otherwise it uses the RIP version configured on it.
Page 978: Configuring Rip Advanced Functions
Configure basic RIP functions ■ Configuring an An additional routing metric can be added to the metric of a RIP route, namely, Additional Routing the inbound and outbound additional metric. Metric The outbound additional metric is added to the metric of a sent route, the route’s metric in the routing table is not changed.
Page 979: Configuring Rip-2 Route Summarization
Configuring RIP-2 Route The route summarization means that subnet routes in a natural network are Summarization summarized with a natural network that is sent to other networks. This function can reduce the size of routing tables. Configure RIP-2 route automatic summarization Disable RIP-2 route automatic summarization if you want to advertise all subnet routes.
Page 980: Disabling Host Route Reception
Enabled by default RIPv2 can be disabled from receiving host routes, but RIPv1 cannot. Advertising a Default You can configure RIP to advertise a default route with the specified metric to RIP Route neighbors. Follow these steps to configure RIP to advertise a default route: To do...
Page 981: Configuring A Priority For Rip
Configuring a Priority Multiple IGP protocols may run in a router. If you want RIP routes to have a higher for RIP priority than those learned from other routing protocols, you should assign RIP a smaller priority value to influence optimal route selection.
Page 982: To Do
Configuring the Split Horizon and Poison Reverse If both the split horizon and poison reverse are configured, only the poison reverse function takes effect. Configure split horizon The split horizon function disables an interface from sending routes received by the interface itself, so as to prevent routing loops between adjacent routers.
Page 983: Enabling Checkzero Field Check On Ripv1 Messages
For the message received on an Ethernet interface, RIP compares the source IP address of the message with the IP address of the interface. If they are not in the same network segment, RIP discards the message. For a message received on a serial interface, RIP checks whether the source address of the message is the IP address of the peer interface.
Page 984: Enabling Source Ip Address Check On Incoming Rip Updates
■ Incoming RIP Updates address of the message with the IP address of the interface. If they are not in the same network segment, RIP discards the message. For a message received on a serial interface, RIP checks whether the source ■...
Page 985: Configuring Trip
Configuring TRIP In a connection oriented network, a router may establish connections to multiple remote devices. In a WAN, links are created and removed as needed. In such applications, a link created between two nodes for data transmission is temporary and infrequently.
Page 986: Configuring Rip-To-Mib Binding
Request or Update Response The maximum retransmission time (upper limit × interval) for a packet cannot be too long lest when its neighbor is down, the router still resends the packet. Configuring RIP-to-MIB Follow these steps to bind RIP to MIB: Binding To do...
Page 987 Ethernet1/0 Destination/Mask Nexthop Cost Flags 10.0.0.0/8 1.1.1.2 From the routing table, you can see RIP-1 uses natural mask to advertise routing information. 3 Configure RIP version # Configure RIP-2 on Router A. [RouterA] rip [RouterA-rip-1] version 2 [RouterA-rip-1] undo summary # Configure RIP-2 on Router B.
Page 988: Configuring Rip-2 Route Summarization
Configure route redistribution on Router B, letting the two RIP processes redistribute routes from each other. Set the cost of redistributed routes from RIP 200 to 3. Configure a filtering policy on Router B to filter out the route 4.1.1.1/24 from RIP200, making the route not advertised to Router A.
Page 989 127.0.0.1 InLoop0 4 Configure a filtering policy for redistributed routes # On Router B, define ACL 2000 and reference it to a filtering policy to filter routes redistributed from RIP 200. [RouterB] acl number 2000 [RouterB-acl-basic-2000] rule deny source 4.1.1.1 0.0.0.255...
Page 990: Troubleshooting Rip Configuration
Analysis: In the RIP network, make sure all the same timers within the whole network are identical and relationships between timers are reasonable. For example, the timeout timer value should be larger than the update timer value.
Page 991: Introduction To Routing Policy
To implement a routing policy, you need define a set of match criteria according to attributes in routing information, such as destination address, advertising router’s address and so on.
Page 992: Filters
IP prefix list involves IPv4 and IPv6 prefix list. IP prefix list plays a role similar to ACL, but it is more flexible than ACL and easier to understand. When an IP prefix list is applied to filtering routing information, its matching object is the destination address of routing information.
Page 993: Routing Policy Application
The filter relation among different route policy nodes is logical OR. Once a node is matched, the routing policy is passed and the packet will not go through the next node.
Page 994: To Do
] [ less-equal max-mask-length ] If all items are set to the deny mode, no routes can pass the IPv4 prefix list. Therefore, you need to define the permit 0.0.0.0 0 less-equal 32 item following multiple deny mode items to allow other IPv4 routing information to pass.
Page 995: Defining An As Path Acl
Defining Filtering Lists Defining an AS Path ACL You can define multiple items for an AS path ACL that is identified by number. During matching, the relation between items is logical OR, that is, if the route matches one of these items, it passes the AS path ACL.
Page 996: Configuring A Routing Policy
If a node has the deny keyword specified, routing information matching all the ■ if-match clauses of the node can neither pass the node nor go to the next node. If route information cannot meet any if-match clause of the node, it will go to the next node for a match.
Page 997 } { acl default prefix list acl-number | ip-prefix ip-prefix-name } Match IPv6 routes having the next hop or source if-match ipv6 Optional specified in the ACL or IP prefix list { address | Not configured by next-hop |...
Page 998: Defining Apply Clauses For The Routing Policy
You can specify no or multiple if-match clauses for a routing policy. If no ■ if-match clause is specified, and the routing policy is in permit mode, all routing information can pass the node;...
Page 999 Optional IS-IS routes Not set by default The difference between IPv4 and IPv6 apply clauses is the command of setting ■ the next hop for routing information. The apply ip-address next-hop and apply ipv6 next-hop commands do ■...
Page 1000: Displaying And Maintaining The Routing Policy
Configure route redistribution on Router B to redistribute IS-IS routes into the OSPF routing domain, and use a routing policy to set attributes for redistributed routes. Set the cost of route 172.17.1.0/24 to 100, and the tag of route 172.17.2.0/24 to 20.

This manual is also suitable for:

Msr 30-20 Msr 30-40 Msr 30-60 Msr 20-20 Msr 20-21 Msr 20-40 ... Show all

3Com MSR 50 Series Configuration Manual

Table of Contents

Atm Dsl Iand Nterface 1

DCC Configuration

F R Crameelayonfiguration 8

Quick Links

Chapters

Troubleshooting

Related Manuals for 3Com MSR 50 Series

Summary of Contents for 3Com MSR 50 Series