Summary of Contents for Alcatel-Lucent 7210 SAS E OS
Page 1
7210 SAS E OS Router Configuration Guide Software Version: 7210 SAS OS 2.0 Rev. 03 September 2010 Document Part Number: 93-0222-03-03 *93-0222-03-03*...
Page 2
Except as specifically permitted herein, no portion of the provided information can be reproduced in any form, or by any means, without prior written permission from Alcatel-Lucent. Alcatel, Lucent, Alcatel-Lucent and the Alcatel-Lucent logo are trademarks of Alcatel-Lucent. All other trademarks are the property of their respective owners.
Preface About This Guide This guide describes logical IP routing interfaces, IP and MAC-based filtering support provided by the 7210 SAS OS and presents configuration and implementation examples. This document is organized into functional chapters and provides concepts and descriptions of the implementation flow, as well as Command Line Interface (CLI) syntax and command usage.
Preface List of Technical Publications The 7210-SAS E OS documentation set is composed of the following books: • 7210-SAS E OS Basic System Configuration Guide This guide describes basic system configurations and operations. • 7210-SAS E OS System Management Guide This guide describes system security and access configurations as well as event logging and accounting logs.
If you purchased a service agreement for your 7210 SAS router and related products from a distributor or authorized reseller, contact the technical support staff for that distributor or reseller for assistance. If you purchased an Alcatel-Lucent service agreement, contact your welcome center Web: http://www1.alcatel-lucent.com/comps/pages/carrier_support.jhtml...
Page 12
Preface Page 12 7210 SAS E Router Configuration Guide...
In This Chapter This chapter provides process flow information to configure routing entities, virtual routers, IP and MAC filters. Alcatel-Lucent 7210 SAS-Series Router Configuration Pro- cess Table 1 lists the tasks necessary to configure logical IP routing interfaces, virtual routers, IP and MAC-based filtering.
IP Router Configuration In This Chapter This chapter provides information about commands required to configure basic router parameters. Topics in this chapter include: • Configuring IP Router Parameters on page 16 → Interfaces on page 16 • Configuration Notes on page 18 Page 15 7210 SAS E Router Configuration Guide...
Configuring IP Router Parameters Configuring IP Router Parameters In order to provision services on a 7210 SAS device, logical IP routing interfaces must be configured to associate attributes such as an IP addressor the system with the IP interface. A special type of IP interface is the system interface. A system interface must have an IP address with a 32-bit subnet mask.
IP Router Configuration Process Overview The following items are components to configure basic router parameters. • System interface — This creates an association between the logical IP interface and the system (loopback) address. The system interface address is the circuitless address (loopback).
Configuration Notes Configuration Notes The following information describes router configuration caveats. • A system interface and associated IP address should be specified. • Boot options file (BOF) parameters must be configured prior to configuring router parameters. Page 18 7210 SAS E Router Configuration Guide...
IP Router Configuration Configuring an IP Router with CLI This section provides information to configure an IP router. Topics in this section include: • Router Configuration Overview on page 20 • Basic Configuration on page 21 • Common Configuration Tasks on page 22 →...
“1.1.1.1” is not allowed, but “int-1.1.1.1” is allowed. To create an interface on an Alcatel-Lucent 7210 SAS router, the basic configuration tasks that must be performed are: •...
IP Router Configuration Basic Configuration The most basic router configuration must have the following: • System name • System address The following example displays a router configuration: A:ALA-A> config# info . . . #------------------------------------------ # Router Configuration #------------------------------------------ router interface "system" address 10.10.10.103/32 exit exit...
Common Configuration Tasks Common Configuration Tasks The following sections describe basic system tasks. • Configuring a System Name on page 22 • Configuring Interfaces on page 23 → Configuring a System Interface on page 23 Configuring a System Name Use the command to configure a name for the device.
IP Router Configuration Configuring Interfaces The following command sequences create a system IP interface. The system interface assigns an IP address to the interface in the IES context and create logical IP interfaces for inband management. Note that the system interface cannot be deleted. Configuring a System Interface To configure a system interface: CLI Syntax: config>router...
Service Management Tasks Service Management Tasks This section discusses the following service management tasks: • Changing the System Name on page 24 • Modifying Interface Parameters on page 29Deleting a Logical IP Interface on page 25 Changing the System Name em command sets the name of the device and is used in the prompt string.
IP Router Configuration Deleting a Logical IP Interface The no form of the command typically removes the entry, but all entity associations interface must be shut down and/or deleted before an interface can be deleted. 1. Before loopback IP interface can be deleted, it must first be administratively disabled with command.
Page 26
Service Management Tasks Page 26 7210 SAS E Router Configuration Guide...
IP Router Configuration Configuration Commands Generic Commands shutdown Syntax [no] shutdown Context config>router>interface Description The shutdown command administratively disables the entity. When disabled, an entity does not change, reset, or remove any configuration settings or statistics. Many entities must be explicitly enabled using the no shutdown command.
Router Global Commands Router Global Commands router Syntax router Context config Description This command enables the context to configure router parameters, and interfaces. Default Base static-route [no] static-route {ip-prefix/prefix-length | ip-prefix netmask} [preference preference] [metric metric] [enable | disable] next-hop ip-address [no] static-route {ip-prefix/prefix-length | ip-prefix netmask} [preference preference] [metric metric] [enable | disable] black-hole Context...
Page 35
IP Router Configuration metric metric — The cost metric for the static route, expressed as a decimal integer. When modifying the metric of an existing static route, the preference will not change unless specified. This value is also used to determine which static route to install in the forwarding table: •...
Page 36
Router Interface Commands Router Interface Commands interface Syntax [no] interface ip-int-name Context config>router Description This command creates a system or a loopback IP routing interface. Once created, attributes like IP address, or system can be associated with the IP interface. Interface names are case-sensitive and must be unique within the group of IP interfaces defined for config router interface.
Page 37
IP Router Configuration address Syntax address {ip-address/mask | ip-address netmask} [broadcast {all-ones | host-ones}] no address Context config>router>interface Description This command assigns an IP addressto a system IP interface. Only one IP address can be associated with an IP interface. The IP address for the interface can be entered in either CIDR (Classless Inter-Domain Routing) or traditional dotted decimal notation.
Page 38
Router Interface Commands subnet broadcast address. Use this parameter to change the broadcast address to all-ones or revert back to a broadcast address of host-ones. The all-ones keyword following the broadcast parameter specifies that the broadcast address used by the IP interface for this IP address will be 255.255.255.255, also known as the local broadcast.
Page 39
IP Router Configuration Default IP interface has a system-assigned MAC address. Parameters ieee-mac-addr — Specifies the 48-bit MAC address for the IP interface in the form aa:bb:cc:dd:ee:ff or aa-bb-cc-dd-ee-ff, where aa, bb, cc, dd, ee and ff are hexadecimal numbers. Allowed values are any non-broadcast, non-multicast MAC and non-IEEE reserved MAC addresses.
Page 40
Router Interface Commands Router Interface Filter Commands egress Syntax egress Context config>router>interface Description This command enables access to the context to configure egress network filter policies for the IP interface. If an egress filter is not defined, no filtering is performed. ingress Syntax ingress...
Page 41
IP Router Configuration Router Interface ICMP Commands icmp Syntax icmp Context config>router>interface Description This command enables access to the context to configure Internet Control Message Protocol (ICMP) parameters on a network IP interface. ICMP is a message control and error reporting protocol that also provides information relevant to IP packet processing.
Page 42
Router Interface Commands ttl-expired Syntax ttl-expired [number seconds] no ttl-expired Context config>router>if>icmp Description This command configures the rate that Internet Control Message Protocol (ICMP) Time To Live (TTL) expired messages are issued by the IP interface. By default, generation of ICMP TTL expired messages is enabled at a maximum rate of 100 per 10 second time interval.
Page 43
IP Router Configuration Parameters number — The maximum number of ICMP unreachable messages to send, expressed as a decimal integer. The seconds parameter must also be specified. Values 10 — 1000 seconds — The time frame, in seconds, used to limit the number of ICMP unreachable messages that can be issued, expressed as a decimal integer.
Page 44
Router Interface Commands Page 44 7210 SAS E Router Configuration Guide...
Page 45
IP Router Configuration Show Commands Syntax arp [ip-int-name | ip-address/mask | mac ieee-mac-address | summary] [local | dynamic | static] Context show>router Description This command displays the router ARP table sorted by IP address. If no command line options are spec- ified, all ARP entries are displayed.
Page 46
Show Commands ------------------------------------------------------------------------------- 10.20.1.24 00:16:4d:23:91:b8 00h00m00s Oth system 10.10.4.11 00:03:fa:00:d0:c9 00h57m03s Dyn[I] to-core-sr1 10.10.4.24 00:03:fa:41:8d:20 00h00m00s Oth[I] to-core-sr1 ------------------------------------------------------------------------------- No. of ARP Entries: 3 =============================================================================== Syntax Context show>router Description This command displays the active FIB entries for a specific . Parameters ip-prefix/prefix-length —...
Page 47
IP Router Configuration Label Description (Continued) Type n/a — No IP address has been assigned to the IP interface, so the IP address type is not applicable. Pri — The IP address for the IP interface is the Primary address on the IP interface.
Page 48
Show Commands Detailed IP Interface Output — The following table describes the detailed output fields for an IP interface. Label Description If Name The IP interface name. Admin State Down — The IP interface is administratively disabled. Up — The IP interface is administratively enabled. Oper State Down —...
IP Router Configuration SAP Id : 1/1/2:0.* TOS Marking : Untrusted If Type : IES SNTP B.Cast : False IES ID : 100 MAC Address : 2e:59:01:01:00:02 Arp Timeout : 14400 IP MTU : 1500 Arp Timeout : 14400 ICMP Details Redirects : Number - 100 Time (seconds)
Page 50
Show Commands join-tlv-packing : N/A data-delay-interval: 3 seconds data-threshold : 224.0.0.0/4 --> 1 kbps =============================================================================== route-table Syntax route-table [ip-prefix[/prefix-length] [longer | exact | protocol]] | [protocol protocol-name] [all]] route-table summary Context show>router Description This command displays the active routes in the routing table. If no command line arguments are specified, all routes are displayed, sorted by prefix.
Page 51
IP Router Configuration ---------------------------------------------------------------------------------- 1.1.1.1/32 Remote Static 00h22m29s 6.6.6.1 2.2.2.2/32 Local Local 00h22m52s system 5.5.5.0/24 Remote Static 00h22m29s 6.6.6.1 6.6.6.0/24 Local Local 00h22m30s to-PE-E ----------------------------------------------------------------------------------- No. of Routes: 4 =============================================================================== A:ALA# B:ALA-B# show router route-table 100.10.0.0 exact =============================================================================== Route Table (Router: Base) =============================================================================== Dest Address Next Hop Type Proto Age Metric Pref -------------------------------------------------------------------------------...
Page 52
Show Commands static-arp Syntax static-arp [ip-addr | ip-int-name | mac ieee-mac-addr] Context show>router Description This command displays the router static ARP table sorted by IP address. If no options are present, all ARP entries are displayed. Parameters ip-addr — Only displays static ARP entries associated with the specified IP address. ip-int-name —...
Page 53
IP Router Configuration 12.200.1.1 00:00:5a:01:00:33 00:00:00 Inv to-ser1 =============================================================================== A:ALA-A# A:ALA-A# show router static-arp to-ser1 =============================================================================== ARP Table =============================================================================== IP Address MAC Address Type Interface ------------------------------------------------------------------------------- 10.200.0.253 00:00:5a:40:00:01 00:00:00 Sta to-ser1 =============================================================================== A:ALA-A# A:ALA-A# show router static-arp mac 00:00:5a:40:00:01 =============================================================================== ARP Table =============================================================================== IP Address...
Page 54
Show Commands Label Description (Continued) The route metric value for the static route. Metric BH — The static route is a black hole route. The for this type of Type Nexthop route is black-hole NH — The route is a static route with a directly connected next hop. The for this type of route is either the next hop IP address or an Nexthop egress IP interface name.
Page 55
IP Router Configuration Route Table =============================================================================== IP Addr/mask Pref Metric Type Nexthop Interface Active ------------------------------------------------------------------------------- 192.168.254.0/24 black-hole =============================================================================== A:ALA-A# A:ALA-A# show router static-route next-hop 10.10.0.254 =============================================================================== Route Table =============================================================================== IP Addr/mask Pref Metric Type Nexthop Interface Active ------------------------------------------------------------------------------- 192.168.253.0/24 10.10.0.254 =============================================================================== A:ALA-A# status...
Page 56
Clear Commands Clear Commands router Syntax router Context clear>router Description This command clears for a the router instance in which they are entered. Parameters router-instance — Specify the router name or service ID. Values service-id: 1 — 2147483647 Default Base Syntax arp {all | ip-addr | interface {ip-int-name | ip-addr}} Context...
Page 57
IP Router Configuration Debug Commands destination Syntax destination trace-destination Context debug>trace Description This command specifies the destination to send trace messages. Parameters trace-destination — The destination to send trace messages. Values stdout, console, logger, memory enable Syntax [no] enable Context debug>trace Description This command enables the trace.
Page 58
Debug Commands The no form of the command removes the trace points. router Syntax router Context debug Description This command configures debugging for a router instance. Parameters router-instance — Specify the router name or service ID. Values service-id: 1 — 2147483647 Default Base Syntax...
Page 59
IP Router Configuration interface Syntax [no] interface [ip-int-name | ip-address] Context debug>router>ip Description This command displays the router IP interface table sorted by interface index. Parameters ip-address — Only displays the interface information associated with the specified IP address. Values ipv4-address a.b.c.d (host bits must be 0) ip-int-name —...
Page 60
Debug Commands Parameters ip-prefix — The IP prefix for prefix list entry in dotted decimal notation. Values ipv4-prefix a.b.c.d (host bits must be 0) ipv4-prefix-length 0 — 32 longer — Specifies the prefix list entry matches any route that matches the specified ip-prefix and pre- fix mask length values greater than the specified mask.
Filter Policies In This Chapter This chapter provides information about filter policies and management. Topics in this chapter include: • Filter Policy Configuration Overview on page 62 → Service -Based Filtering on page 62 → Filter Policy Entities on page 63 •...
Filter Policy Configuration Overview Filter Policy Configuration Overview Filter policies, also referred to as Access Control Lists (ACLs), are templates applied to services or access uplink ports to control network traffic into (ingress) or out of (egress) a service access port (SAP) or access uplink based on IP and MAC matching criteria.
Filter Policies Filter Policy Entities A filter policy compares the match criteria specified within a filter entry to packets coming through the system, in the order the entries are numbered in the policy. When a packet matches all the parameters specified in the entry, the system takes the specified action to either drop or forward the packet.
Page 64
Filter Policy Configuration Overview • SAP egress — Filter policies applied on SAP egress define the Service Level Agreement (SLA) enforcement for service packets as they egress on the SAP according to the filter policy match criteria. SAP egress policies can be applied on both access ports and access uplink ports.
Filter Policies Creating and Applying Policies START SPECIFY SCOPE, DEFAULT ACTION, DESCRIPTION CREATE AN IP OR MAC FILTER (FILTER ID) CREATE FILTER ENTRIES (ENTRY ID) SPECIFY ACTION, PACKET MATCHING CRITERIA CREATE SERVICE ASSOCIATE FILTER ID SAVE CONFIGURATION 7210 SAS E Router Configuration Guide Page 65...
Creating and Applying Policies Packet Matching Criteria As few or as many match parameters can be specified as required, but all conditions must be met in order for the packet to be considered a match and the specified action performed. The process stops when the first complete match is found and then executes the action defined in the entry, either to drop or forward packets that match the criteria.
Page 67
Filter Policies MAC filter policies match criteria that associate traffic with an ingress or egress SAP. Matching criteria to drop or forward MAC traffic include: • Source MAC address and mask Entering the source MAC address range allows the filter to search for matching a source MAC address and/or range.
Creating and Applying Policies Ordering Filter Entries When entries are created, they should be arranged sequentially from the most explicit entry to the least explicit. Filter matching ceases when a packet matches an entry. The entry action is performed on the packet. 7210 SAS supports either drop or forward action.To be considered a match, the packet must meet all the conditions defined in the entry.
Page 71
Filter Policies Figure 2 displays an example of several packets forwarded upon matching the filter criteria and several packets traversing through the filter entries and then dropped. FILTER ID: 5 SEARCH CRITERIA: DEFAULT ACTION: DROP Source Address: 10.10.10.103 FILTER ENTIES: 10 (ACTION: FORWARD) 20 (ACTION: FORWARD) Destination Address: 10.10.10.104 30 (ACTION: FORWARD)
Creating and Applying Policies Applying Filters After filters are created, they can be applied to the following entities: • Applying a Filter to a SAP on page 72 • Applying a Filter to an IES Interface on page 72 Applying a Filter to a SAP During the SAP creation process, ingress and egress filters are selected from a list of qualifying IP and MAC filters.
Filter Policies Configuration Notes The following information describes filter implementation caveats: • Creating a filter policy is optional. • Associating a service with a filter policy is optional. • When a filter policy is configured, it should be defined as having either an exclusive scope for one-time use, or a template scope meaning that the filter can be applied to multiple SAPs.
Configuration Notes MAC Filters • If a MAC filter policy is created with an entry and entry action specified but the packet matching criteria is not defined, then all packets processed through this filter policy entry will pass and take the action specified. There are no default parameters defined for matching criteria.
Filter Policies IP Filters • Define filter entry packet matching criteria — If a filter policy is created with an entry and entry action specified but the packet matching criteria is not defined, then all packets processed through this filter policy entry will pass and take the action specified. There are no default parameters defined for matching criteria.
Filter Policies Configuring Filter Policies with CLI This section provides information to configure filter policies using the command line interface. Topics in this section include: • Basic Configuration on page 78 • Common Configuration Tasks on page 79 → Creating an IP Filter Policy on page 79 →...
Basic Configuration Basic Configuration The most basic IP and MAC filter policies must have the following: • A filter ID • Template scope, either exclusive or template • Default action, either drop or forward • At least one filter entry →...
Filter Policies Common Configuration Tasks This section provides a brief overview of the tasks that must be performed for both IP and MAC filter configurations and provides the CLI commands. To configure a filter policy, perform the following tasks: • Creating an IP Filter Policy on page 79 •...
Common Configuration Tasks IP Filter Entry Within a filter policy, configure filter entries which contain criteria against which ingress, egress, or network traffic is matched. The action specified in the entry determine how the packets are handled, either dropped or forwarded. •...
Filter Policies IP Entry Matching Criteria Use the following CLI syntax to configure IP filter matching criteria: The following displays an IP filter matching configuration. *A:ALA-48>config>filter>ip-filter# info ---------------------------------------------- description "filter-mail" scope exclusive entry 10 create description "no-91" match dst-ip 10.10.10.91/24 src-ip 10.10.10.103/24 exit action forward...
Common Configuration Tasks Creating a MAC Filter Policy Configuring and applying filter policies is optional. Each filter policy must have the following: • The filter type specified (MAC). • A filter policy ID. • A default action, either drop or forward. •...
Common Configuration Tasks MAC Filter Entry Within a filter policy, configure filter entries which contain criteria against which ingress, egress, or network traffic is matched. The action specified in the entry determine how the packets are handled, either dropped or forwarded. •...
Common Configuration Tasks Applying Filter Policies Filter policies can be associated with the following entities: Table 5: Applying Filter Policies IP Filter MAC Filter Epipe SAP Epipe SAP IES interface SAP VPLS SAP VPLS SAP Apply IP and MAC Filter Policies The following example shows an example of applying an IP and a MAC filter policy to an Epipe service: CLI Syntax: config>service# epipe service-id...
Filter Policies Apply Filter Policies to an IES Interface IP filter policies can be applied to an IP interface created in an IES service. These filter policies apply to the routed management traffic. CLI Syntax: config>service>ies# interface ip-int-name address ip-address sap sap-id ingress filter ip ip-filter-id...
Filter Management Tasks Filter Management Tasks This section discusses the following filter policy management tasks: • Renumbering Filter Policy Entries on page 88 • Modifying an IP Filter Policy on page 90 • Deleting a Filter Policy on page 93 •...
Page 89
Filter Policies The following displays the original filter entry order on the left side and the reordered filter entries on the right side: A:ALA-7>config>filter# info A:ALA-7>config>filter# info ---------------------------------------------- ---------------------------------------------- ip-filter 11 create ip-filter 11 create description "filter-main" description "filter-main" scope exclusive scope exclusive entry 10 create entry 1 create...
Filter Management Tasks Modifying an IP Filter Policy To access a specific IP filter, you must specify the filter ID. Use the form of the command to remove the command parameters or return the parameter to the default setting. Example config>filter>ip-filter# description "New IP filter info"...
Filter Management Tasks Modifying a MAC Filter Policy To access a specific MAC filter, you must specify the filter ID. Use the form of the command to remove the command parameters or return the parameter to the default setting. Example config>filter# mac-filter 90 config>filter>mac-filter# description "New filter info"...
Filter Policies Deleting a Filter Policy Before you can delete a filter, you must remove the filter association from the applied ingress and egress SAPs and network interfaces. • From an Ingress SAP on page 93 • From an Egress SAP on page 93 •...
Filter Management Tasks From the Filter Configuration After you have removed the filter from the SAP, use the following CLI syntax to delete the filter. CLI Syntax: config>filter# no ip-filter filter-id CLI Syntax: config>filter# no mac-filter filter-id Example config>filter# no ip-filter 11 config>filter# no mac-filter Page 94 7210 SAS E Router Configuration Guide...
Filter Policies Copying Filter Policies When changes are made to an existing filter policy, they are applied immediately to all services where the policy is applied. If numerous changes are required, the policy can be copied so you can edit the “work in progress” version without affecting the filtering process. When the changes are completed, you can overwrite the work in progress version with the original version.
Page 96
Filter Management Tasks Page 96 7210 SAS E Router Configuration Guide...
Page 101
Filter Policies Configuration Commands Generic Commands description Syntax description string no description Context config>filter>ip-filter config>filter>ip-filter>entry config>filter>mac-filter config>filter>mac-filter>entry Description This command creates a text description stored in the configuration file for a configuration context. The description command associates a text string with a configuration context to help identify the context in the configuration file.
Global Filter Commands Global Filter Commands ip-filter Syntax [no] ip-filter filter-id [create] Context config>filter Description This command creates a configuration context for an IP filter policy. IP-filter policies specify either a forward or a drop action for packets based on the specified match criteria.
Page 103
Filter Policies policy. Use the config filter copy command to maintain policies in this manner. The no form of the command deletes the mac-filter policy. A filter policy cannot be deleted until it is removed from all SAP where it is applied. Parameters filter-id —...
Filter Policy Commands Filter Policy Commands default-action Syntax default-action {drop | forward} Context config>filter>ip-filter config>filter>mac-filter Description This command specifies the action to be applied to packets when the packets do not match the specified criteria in all of the IP filter entries of the filter. When multiple default-action commands are entered, the last command will overwrite the previous command.
Filter Policies General Filter Entry Commands entry Syntax entry entry-id [time-range time-range-name] [create] no entry entry-id Context config>filter>ip-filter config>filter>mac-filter Description This command creates or edits an IP or MAC filter entry. Multiple entries can be created using unique entry-id numbers within the filter. The implementation exits the filter on the first match found and executes the actions in accordance with the accompanying action command.
IP Filter Entry Commands IP Filter Entry Commands action Syntax action [drop] action forward action nat no action Context config>filter>ip-filter>entry Description This command specifies to match packets with a specific IP option or a range of IP options in the first option of the IP header as an IP filter match criterion.
Page 107
Filter Policies protocol-id — Configures the decimal value representing the IP protocol to be used as an IP filter match criterion. Well known protocol numbers include ICMP(1), TCP(6), UDP(17). The no form the command removes the protocol from the match criteria. Values 0 —...
MAC Filter Entry Commands MAC Filter Entry Commands action Syntax action drop action forward no action Context config>filter>mac-filter>entry Description This command configures the action for a MAC filter entry. The action keyword must be entered for the entry to be active. Any filter entry without the action keyword will be considered incomplete and will be inactive.
Filter Policies IP Filter Match Criteria dscp Syntax dscp dscp-name no dscp Context config>filter>ip-filter>entry>match Description This command configures a DiffServ Code Point (DSCP) name to be used as an IP filter match criterion. The no form of the command removes the DSCP match criterion. Default no dscp Parameters...
Page 110
IP Filter Match Criteria dst-port Syntax dst-port {eq} dst-port-number no dst-port Context config>filter>ip-filter>entry>match Description This command configures a destination TCP or UDP port number for an IP filter match criterion. Note that L4 match criteria (for example, dst-port) will only match on the first fragment of a packet since subsequent fragments will not contain the L4 information.
Page 111
Filter Policies of a packet since subsequent fragments will not contain the L4 information. This option is only meaningful if the protocol match criteria specifies ICMP (1). The no form of the command removes the criterion from the match entry. Default no icmp-code Parameters...
Page 112
IP Filter Match Criteria src-ip false — Specifies matching on IP packets that do not have any option field present in the IP header. Syntax src-ip {ip-address[/mask]} [netmask] no src-ip Context config>filter>ip-filter>entry>match Description This command configures a source IP address range to be used as an IP filter match criterion. To match on the source IP address, specify the address and its associated mask, e.g.
Page 113
Filter Policies tcp-ack Syntax tcp-ack {true | false} no tcp-ack Context config>filter>ip-filter>entry>match Description This command configures matching on the ACK bit being set or reset in the control bits of the TCP header of an IP packet as an IP filter match criterion. The no form of the command removes the criterion from the match entry.
MAC Filter Match Criteria MAC Filter Match Criteria dot1p Syntax dot1p ip-value [mask] no dot1p Context config>filter>mac-filter>entry Description Configures an IEEE 802.1p value or range to be used as a MAC filter match criterion. When a frame is missing the 802.1p bits, specifying an dot1p match criterion will fail for the frame and result in a non-match for the MAC filter entry.
Page 115
Filter Policies dst-mac Syntax dst-mac ieee-address [mask] no dst-mac Context config>filter>mac-filter>entry Description Configures a destination MAC address or range to be used as a MAC filter match criterion. The no form of the command removes the destination mac address as the match criterion. Default no dst-mac Parameters...
Page 116
MAC Filter Match Criteria Parameters ethernet-type — The Ethernet type II frame Ethertype value to be used as a match criterion expressed in hexadecimal. Values 0x0600 — 0xFFFF isid Syntax isid value | value to higher-value no isid Context config>filter>mac-filter>entry>match Description This command configures an ISID value or a range of ISID values to be matched by the mac-filter parent.
Page 117
Filter Policies ieee-address-mask — This 48-bit mask can be configured using: Format Style Format Syntax Example Decimal DDDDDDDDDDDDDD 281474959933440 Hexadecimal 0xHHHHHHHHHHHH 0x0FFFFF000000 Binary 0bBBBBBBB...B 0b11110000...B To configure so that all packets with a source MAC OUI value of 00-03-FA are subject to a match condition then the entry should be specified as: 003FA000000 0xFFFFFF000000 Default 0xFFFFFFFFFFFF (exact match)
Policy and Entry Maintenance Commands Policy and Entry Maintenance Commands copy Syntax copy {ip-filter | mac-filter} source-filter-id dest-filter-id dest-filter-id [overwrite] Context config>filter Description This command copies existing filter list entries for a specific filter ID to another filter ID. The copy command is a configuration level maintenance tool used to create new filters using existing filters.
Page 119
Filter Policies new-entry-id — Enter the new entry-number to be assigned to the old entry. Values 1 — 65535 7210 SAS E Router Configuration Guide Page 119...
Page 120
Policy and Entry Maintenance Commands Page 120 7210 SAS E Router Configuration Guide...
Page 121
Filter Policies Show Commands download-failed Syntax download-failed Context show>filter Description This command shows all filter entries for which the download has failed. Output download-failed Output — The following table describes the filter download-failed output. Label Description Displays the filter type. Filter-type Displays the ID of the filter.
Page 122
Show Commands counters — Displays counter information for the specified filter ID. Note that egress counters count the packets without Layer 2 encapsulation. Ingress counters count the packets with Layer 2 encapsulation. Output Show Filter (no filter-id specified) — The following table describes the command output for the command when no filter ID is specified.
Page 123
Filter Policies Label Description (Continued) Applied The filter policy ID has not been applied. No — The filter policy ID is applied. Yes — Def. Action The default action for the filter ID for packets that do not Forward — match the filter entries is to forward.
Page 124
Show Commands Label Description (Continued) TCP-ack No matching of the ACK bit. Off — Matches the ACK bit being set or reset in the control bits of the On — TCP header of an IP packet. Egr. Matches The number of egress filter matches/hits for the filter entry. Sample Output A:ALA-49>config>filter# show filter ip 3 ===============================================================================...
Page 125
Filter Policies time-range : night Cur. Status : Active Src. IP : 0.0.0.0/0 Src. Port : None Dest. IP : 10.10.1.1/16 Dest. Port : None Protocol : Undefined Dscp : Undefined ICMP Type : Undefined ICMP Code : Undefined Fragment : Off Option-present : Off TCP-syn...
Page 126
Show Commands Output Show Filter Associations — The following table describes the fields that display when the associations keyword is specified. Label Description The IP filter policy ID. Filter Id The filter policy is of type Template. Scope Template — The filter policy is of type Exclusive.
Page 127
Filter Policies Output Show Filter Associations (with TOD-suite specified) — If a filter is referred to in a TOD Suite assignment, it is displayed in the show filter associations command output: A:ALA-49# show filter ip 160 associations =============================================================================== IP Filter =============================================================================== Filter Id : 160...
Page 128
Show Commands Syntax mac [mac-filter-id [associations | counters] [entry entry-id]] Context show>filter Description This command displays MAC filter information. Parameters mac-filter-id — Displays detailed information for the specified filter ID and its filter entries. Values 1— 65535 associations — Appends information as to where the filter policy ID is applied to the detailed filter policy ID output.
Page 129
Filter Policies Label Description (Continued) The default action for the filter ID for packets that do not Def. Action Forward — match the filter entries is to forward. The default action for the filter ID for packets that do not match Drop —...
Page 130
Show Commands Description : Not Available Src Mac : 00:00:5a:00:00:00 ff:ff:ff:00:00:00 Dest Mac : 00:00:00:00:00:00 00:00:00:00:00:00 Dot1p : Undefined Ethertype : 802.2SNAP Match action : Forward Ing. Matches Egr. Matches Entry : 300 (Inactive) FrameType : Ethernet Description : Not Available Src Mac : 00:00:00:00:00:00 00:00:00:00:00:00 Dest Mac...
Page 131
Filter Policies Filter Entry Counters Output — When the counters keyword is specified, the filter entry output displays the filter matches/hit information. The following table describes the command output for the command. Sample Output Label Description The MAC filter policy ID. Mac Filter Filter Id The filter policy is of type Template.
Page 132
Show Commands Clear Commands Syntax ip ip-filter-id [entry entry-id] [ingress | egress] Context clear>filter Description Clears the counters associated with the IP filter policy. By default, all counters associated with the filter policy entries are reset. The scope of which counters are cleared can be narrowed using the command line parameters.
Page 133
Filter Policies Monitor Commands filter Syntax filter ip ip-filter-id entry entry-id [interval seconds] [repeat repeat] [absolute | rate] Context monitor Description This command monitors the counters associated with the IP filter policy. Parameters ip-filter-id — The IP filter policy ID. Values 1 —...
Page 134
Show Commands interval — Configures the interval for each display in seconds. Default 5 seconds Values 3 — 60 repeat repeat — Configures how many times the command is repeated. Default Values 1 — 999 absolute — When the absolute keyword is specified, the raw statistics are displayed, without pro- cessing.
Common CLI Command Descriptions In This Chapter This section provides information about common Command Line Interface (CLI) syntax and command usage. Topics in this chapter include: • SAP syntax on page 136 7210 SAS E Router Configuration Guide Page 135...
Common CLI Command Descriptions Common Service Commands SAP syntax Syntax [no] sap sap-id Description This command specifies the physical port identifier portion of the SAP definition. Parameters sap-id — Specifies the physical port identifier portion of the SAP definition. The sap-id can be configured in one of the following formats: Type Syntax Example...