Alcatel-Lucent 7210 SAS E OS Configuration Manual
Hide thumbs
Also See for 7210 SAS E OS:
- Service manual (952 pages) ,
- Configuration manual (558 pages) ,
- Quality of service manual (404 pages)
Related Manuals for Alcatel-Lucent 7210 SAS E OS
Summary of Contents for Alcatel-Lucent 7210 SAS E OS
- Page 1 7210 SAS E OS Router Configuration Guide Software Version: 7210 SAS OS 2.0 Rev. 03 September 2010 Document Part Number: 93-0222-03-03 *93-0222-03-03*...
- Page 2 Except as specifically permitted herein, no portion of the provided information can be reproduced in any form, or by any means, without prior written permission from Alcatel-Lucent. Alcatel, Lucent, Alcatel-Lucent and the Alcatel-Lucent logo are trademarks of Alcatel-Lucent. All other trademarks are the property of their respective owners.
-
Page 3: Table Of Contents
Getting Started Alcatel-Lucent 7210 SAS-Series Router Configuration Process ....... .13 IP Router Configuration Configuring IP Router Parameters . - Page 4 Table of Contents Creating an ISID Filter ............. .83 MAC Filter Entry .
- Page 5 IST OF ABLES Getting Started Table 1: Configuration Process ............13 Filter Policies Table 2: Applying Filter Policies .
- Page 6 List of Tables Page 6 7210-SAS E Router Configuration Guide...
- Page 7 IST OF IGURES Filter Policies Figure 1: ................64 Figure 2: Filtering Process Example .
- Page 8 7210-SAS E Router Configuration Guide Page 8...
-
Page 9: Preface
Preface About This Guide This guide describes logical IP routing interfaces, IP and MAC-based filtering support provided by the 7210 SAS OS and presents configuration and implementation examples. This document is organized into functional chapters and provides concepts and descriptions of the implementation flow, as well as Command Line Interface (CLI) syntax and command usage. -
Page 10: List Of Technical Publications
Preface List of Technical Publications The 7210-SAS E OS documentation set is composed of the following books: • 7210-SAS E OS Basic System Configuration Guide This guide describes basic system configurations and operations. • 7210-SAS E OS System Management Guide This guide describes system security and access configurations as well as event logging and accounting logs. -
Page 11: Technical Support
If you purchased a service agreement for your 7210 SAS router and related products from a distributor or authorized reseller, contact the technical support staff for that distributor or reseller for assistance. If you purchased an Alcatel-Lucent service agreement, contact your welcome center Web: http://www1.alcatel-lucent.com/comps/pages/carrier_support.jhtml... - Page 12 Preface Page 12 7210 SAS E Router Configuration Guide...
-
Page 13: Getting Started
In This Chapter This chapter provides process flow information to configure routing entities, virtual routers, IP and MAC filters. Alcatel-Lucent 7210 SAS-Series Router Configuration Pro- cess Table 1 lists the tasks necessary to configure logical IP routing interfaces, virtual routers, IP and MAC-based filtering. -
Page 14: Getting Started
Getting Started Page 14 7210 SAS E Router Configuration Guide... -
Page 15: Ip Router Configuration
IP Router Configuration In This Chapter This chapter provides information about commands required to configure basic router parameters. Topics in this chapter include: • Configuring IP Router Parameters on page 16 → Interfaces on page 16 • Configuration Notes on page 18 Page 15 7210 SAS E Router Configuration Guide... -
Page 16: Configuring Ip Router Parameters
Configuring IP Router Parameters Configuring IP Router Parameters In order to provision services on a 7210 SAS device, logical IP routing interfaces must be configured to associate attributes such as an IP addressor the system with the IP interface. A special type of IP interface is the system interface. A system interface must have an IP address with a 32-bit subnet mask. -
Page 17: Process Overview
IP Router Configuration Process Overview The following items are components to configure basic router parameters. • System interface — This creates an association between the logical IP interface and the system (loopback) address. The system interface address is the circuitless address (loopback). -
Page 18: Configuration Notes
Configuration Notes Configuration Notes The following information describes router configuration caveats. • A system interface and associated IP address should be specified. • Boot options file (BOF) parameters must be configured prior to configuring router parameters. Page 18 7210 SAS E Router Configuration Guide... -
Page 19: Configuring An Ip Router With Cli
IP Router Configuration Configuring an IP Router with CLI This section provides information to configure an IP router. Topics in this section include: • Router Configuration Overview on page 20 • Basic Configuration on page 21 • Common Configuration Tasks on page 22 →... -
Page 20: Router Configuration Overview
“1.1.1.1” is not allowed, but “int-1.1.1.1” is allowed. To create an interface on an Alcatel-Lucent 7210 SAS router, the basic configuration tasks that must be performed are: •... -
Page 21: Basic Configuration
IP Router Configuration Basic Configuration The most basic router configuration must have the following: • System name • System address The following example displays a router configuration: A:ALA-A> config# info . . . #------------------------------------------ # Router Configuration #------------------------------------------ router interface "system" address 10.10.10.103/32 exit exit... -
Page 22: Common Configuration Tasks
Common Configuration Tasks Common Configuration Tasks The following sections describe basic system tasks. • Configuring a System Name on page 22 • Configuring Interfaces on page 23 → Configuring a System Interface on page 23 Configuring a System Name Use the command to configure a name for the device. -
Page 23: Configuring Interfaces
IP Router Configuration Configuring Interfaces The following command sequences create a system IP interface. The system interface assigns an IP address to the interface in the IES context and create logical IP interfaces for inband management. Note that the system interface cannot be deleted. Configuring a System Interface To configure a system interface: CLI Syntax: config>router... -
Page 24: Service Management Tasks
Service Management Tasks Service Management Tasks This section discusses the following service management tasks: • Changing the System Name on page 24 • Modifying Interface Parameters on page 29Deleting a Logical IP Interface on page 25 Changing the System Name em command sets the name of the device and is used in the prompt string. -
Page 25: Deleting A Logical Ip Interface
IP Router Configuration Deleting a Logical IP Interface The no form of the command typically removes the entry, but all entity associations interface must be shut down and/or deleted before an interface can be deleted. 1. Before loopback IP interface can be deleted, it must first be administratively disabled with command. - Page 26 Service Management Tasks Page 26 7210 SAS E Router Configuration Guide...
-
Page 27: Ip Router Command Reference
IP Router Configuration IP Router Command Reference Command Hierarchies Configuration Commands • Router Commands on page 28 • Router Interface Commands on page 29 • Router Advertisement Commands on page 57Show Commands on page 30 • Clear Commands on page 31 •... - Page 28 IP Router Command Reference Router Commands config — router [router-name] — — [no] static-route {ip-prefix/prefix-length | ip-prefix netmask}[preference preference] [met- ric metric] [enable | disable] next-hop ip-address — [no] static-route {ip-prefix/prefix-length | ip-prefix netmask} [preference preference] [met- ric metric] [enable | disable] black-hole Page 28 7210 SAS E Router Configuration Guide...
-
Page 29: Router Interface Commands
IP Router Configuration Router Interface Commands config — router [router-name] — [no] interface ip-int-name — address {ip-address/mask | ip-address netmask} broadcast {all-ones | host- ones}] — no address — description description-string — no description — egress — filter ip ip-filter-id —... -
Page 30: Show Commands
IP Router Command Reference Show Commands show — router router-instance — aggregatearp [ ip-int-name | ip-address/mask | mac ieee-mac-address | summary] [local | dynamic | static] — authenticationstatisticsstatisticsstatisticsdhcpinterfaceiinterface [{[ip-address | ip-int- name] [detail] [family]} | [summary] — iinterface family [detail] —... -
Page 31: Clear Commands
IP Router Configuration Clear Commands clear — router [router-instance] — {all | ip-addr | interface {ip-int-name | ip-addr}} 7210 SAS E Router Configuration Guide Page 31... -
Page 32: Debug Commands
IP Router Command Reference Debug Commands debug — trace — destination trace-destination — enable — [no] trace-point [module module-name] [type event-type] [class event-class] [task task- name] [function function-name] — router router-instance — — [no] — icmp — no icmp — [no] interface [ip-int-name | ip-address] —... -
Page 33: Configuration Commands
IP Router Configuration Configuration Commands Generic Commands shutdown Syntax [no] shutdown Context config>router>interface Description The shutdown command administratively disables the entity. When disabled, an entity does not change, reset, or remove any configuration settings or statistics. Many entities must be explicitly enabled using the no shutdown command. -
Page 34: Router Global Commands
Router Global Commands Router Global Commands router Syntax router Context config Description This command enables the context to configure router parameters, and interfaces. Default Base static-route [no] static-route {ip-prefix/prefix-length | ip-prefix netmask} [preference preference] [metric metric] [enable | disable] next-hop ip-address [no] static-route {ip-prefix/prefix-length | ip-prefix netmask} [preference preference] [metric metric] [enable | disable] black-hole Context... - Page 35 IP Router Configuration metric metric — The cost metric for the static route, expressed as a decimal integer. When modifying the metric of an existing static route, the preference will not change unless specified. This value is also used to determine which static route to install in the forwarding table: •...
- Page 36 Router Interface Commands Router Interface Commands interface Syntax [no] interface ip-int-name Context config>router Description This command creates a system or a loopback IP routing interface. Once created, attributes like IP address, or system can be associated with the IP interface. Interface names are case-sensitive and must be unique within the group of IP interfaces defined for config router interface.
- Page 37 IP Router Configuration address Syntax address {ip-address/mask | ip-address netmask} [broadcast {all-ones | host-ones}] no address Context config>router>interface Description This command assigns an IP addressto a system IP interface. Only one IP address can be associated with an IP interface. The IP address for the interface can be entered in either CIDR (Classless Inter-Domain Routing) or traditional dotted decimal notation.
- Page 38 Router Interface Commands subnet broadcast address. Use this parameter to change the broadcast address to all-ones or revert back to a broadcast address of host-ones. The all-ones keyword following the broadcast parameter specifies that the broadcast address used by the IP interface for this IP address will be 255.255.255.255, also known as the local broadcast.
- Page 39 IP Router Configuration Default IP interface has a system-assigned MAC address. Parameters ieee-mac-addr — Specifies the 48-bit MAC address for the IP interface in the form aa:bb:cc:dd:ee:ff or aa-bb-cc-dd-ee-ff, where aa, bb, cc, dd, ee and ff are hexadecimal numbers. Allowed values are any non-broadcast, non-multicast MAC and non-IEEE reserved MAC addresses.
- Page 40 Router Interface Commands Router Interface Filter Commands egress Syntax egress Context config>router>interface Description This command enables access to the context to configure egress network filter policies for the IP interface. If an egress filter is not defined, no filtering is performed. ingress Syntax ingress...
- Page 41 IP Router Configuration Router Interface ICMP Commands icmp Syntax icmp Context config>router>interface Description This command enables access to the context to configure Internet Control Message Protocol (ICMP) parameters on a network IP interface. ICMP is a message control and error reporting protocol that also provides information relevant to IP packet processing.
- Page 42 Router Interface Commands ttl-expired Syntax ttl-expired [number seconds] no ttl-expired Context config>router>if>icmp Description This command configures the rate that Internet Control Message Protocol (ICMP) Time To Live (TTL) expired messages are issued by the IP interface. By default, generation of ICMP TTL expired messages is enabled at a maximum rate of 100 per 10 second time interval.
- Page 43 IP Router Configuration Parameters number — The maximum number of ICMP unreachable messages to send, expressed as a decimal integer. The seconds parameter must also be specified. Values 10 — 1000 seconds — The time frame, in seconds, used to limit the number of ICMP unreachable messages that can be issued, expressed as a decimal integer.
- Page 44 Router Interface Commands Page 44 7210 SAS E Router Configuration Guide...
- Page 45 IP Router Configuration Show Commands Syntax arp [ip-int-name | ip-address/mask | mac ieee-mac-address | summary] [local | dynamic | static] Context show>router Description This command displays the router ARP table sorted by IP address. If no command line options are spec- ified, all ARP entries are displayed.
- Page 46 Show Commands ------------------------------------------------------------------------------- 10.20.1.24 00:16:4d:23:91:b8 00h00m00s Oth system 10.10.4.11 00:03:fa:00:d0:c9 00h57m03s Dyn[I] to-core-sr1 10.10.4.24 00:03:fa:41:8d:20 00h00m00s Oth[I] to-core-sr1 ------------------------------------------------------------------------------- No. of ARP Entries: 3 =============================================================================== Syntax Context show>router Description This command displays the active FIB entries for a specific . Parameters ip-prefix/prefix-length —...
- Page 47 IP Router Configuration Label Description (Continued) Type n/a — No IP address has been assigned to the IP interface, so the IP address type is not applicable. Pri — The IP address for the IP interface is the Primary address on the IP interface.
- Page 48 Show Commands Detailed IP Interface Output — The following table describes the detailed output fields for an IP interface. Label Description If Name The IP interface name. Admin State Down — The IP interface is administratively disabled. Up — The IP interface is administratively enabled. Oper State Down —...
-
Page 49: Sample Output
IP Router Configuration SAP Id : 1/1/2:0.* TOS Marking : Untrusted If Type : IES SNTP B.Cast : False IES ID : 100 MAC Address : 2e:59:01:01:00:02 Arp Timeout : 14400 IP MTU : 1500 Arp Timeout : 14400 ICMP Details Redirects : Number - 100 Time (seconds) - Page 50 Show Commands join-tlv-packing : N/A data-delay-interval: 3 seconds data-threshold : 224.0.0.0/4 --> 1 kbps =============================================================================== route-table Syntax route-table [ip-prefix[/prefix-length] [longer | exact | protocol]] | [protocol protocol-name] [all]] route-table summary Context show>router Description This command displays the active routes in the routing table. If no command line arguments are specified, all routes are displayed, sorted by prefix.
- Page 51 IP Router Configuration ---------------------------------------------------------------------------------- 1.1.1.1/32 Remote Static 00h22m29s 6.6.6.1 2.2.2.2/32 Local Local 00h22m52s system 5.5.5.0/24 Remote Static 00h22m29s 6.6.6.1 6.6.6.0/24 Local Local 00h22m30s to-PE-E ----------------------------------------------------------------------------------- No. of Routes: 4 =============================================================================== A:ALA# B:ALA-B# show router route-table 100.10.0.0 exact =============================================================================== Route Table (Router: Base) =============================================================================== Dest Address Next Hop Type Proto Age Metric Pref -------------------------------------------------------------------------------...
- Page 52 Show Commands static-arp Syntax static-arp [ip-addr | ip-int-name | mac ieee-mac-addr] Context show>router Description This command displays the router static ARP table sorted by IP address. If no options are present, all ARP entries are displayed. Parameters ip-addr — Only displays static ARP entries associated with the specified IP address. ip-int-name —...
- Page 53 IP Router Configuration 12.200.1.1 00:00:5a:01:00:33 00:00:00 Inv to-ser1 =============================================================================== A:ALA-A# A:ALA-A# show router static-arp to-ser1 =============================================================================== ARP Table =============================================================================== IP Address MAC Address Type Interface ------------------------------------------------------------------------------- 10.200.0.253 00:00:5a:40:00:01 00:00:00 Sta to-ser1 =============================================================================== A:ALA-A# A:ALA-A# show router static-arp mac 00:00:5a:40:00:01 =============================================================================== ARP Table =============================================================================== IP Address...
- Page 54 Show Commands Label Description (Continued) The route metric value for the static route. Metric BH — The static route is a black hole route. The for this type of Type Nexthop route is black-hole NH — The route is a static route with a directly connected next hop. The for this type of route is either the next hop IP address or an Nexthop egress IP interface name.
- Page 55 IP Router Configuration Route Table =============================================================================== IP Addr/mask Pref Metric Type Nexthop Interface Active ------------------------------------------------------------------------------- 192.168.254.0/24 black-hole =============================================================================== A:ALA-A# A:ALA-A# show router static-route next-hop 10.10.0.254 =============================================================================== Route Table =============================================================================== IP Addr/mask Pref Metric Type Nexthop Interface Active ------------------------------------------------------------------------------- 192.168.253.0/24 10.10.0.254 =============================================================================== A:ALA-A# status...
- Page 56 Clear Commands Clear Commands router Syntax router Context clear>router Description This command clears for a the router instance in which they are entered. Parameters router-instance — Specify the router name or service ID. Values service-id: 1 — 2147483647 Default Base Syntax arp {all | ip-addr | interface {ip-int-name | ip-addr}} Context...
- Page 57 IP Router Configuration Debug Commands destination Syntax destination trace-destination Context debug>trace Description This command specifies the destination to send trace messages. Parameters trace-destination — The destination to send trace messages. Values stdout, console, logger, memory enable Syntax [no] enable Context debug>trace Description This command enables the trace.
- Page 58 Debug Commands The no form of the command removes the trace points. router Syntax router Context debug Description This command configures debugging for a router instance. Parameters router-instance — Specify the router name or service ID. Values service-id: 1 — 2147483647 Default Base Syntax...
- Page 59 IP Router Configuration interface Syntax [no] interface [ip-int-name | ip-address] Context debug>router>ip Description This command displays the router IP interface table sorted by interface index. Parameters ip-address — Only displays the interface information associated with the specified IP address. Values ipv4-address a.b.c.d (host bits must be 0) ip-int-name —...
- Page 60 Debug Commands Parameters ip-prefix — The IP prefix for prefix list entry in dotted decimal notation. Values ipv4-prefix a.b.c.d (host bits must be 0) ipv4-prefix-length 0 — 32 longer — Specifies the prefix list entry matches any route that matches the specified ip-prefix and pre- fix mask length values greater than the specified mask.
-
Page 61: Filter Policies
Filter Policies In This Chapter This chapter provides information about filter policies and management. Topics in this chapter include: • Filter Policy Configuration Overview on page 62 → Service -Based Filtering on page 62 → Filter Policy Entities on page 63 •... -
Page 62: Filter Policy Configuration Overview
Filter Policy Configuration Overview Filter Policy Configuration Overview Filter policies, also referred to as Access Control Lists (ACLs), are templates applied to services or access uplink ports to control network traffic into (ingress) or out of (egress) a service access port (SAP) or access uplink based on IP and MAC matching criteria. -
Page 63: Filter Policy Entities
Filter Policies Filter Policy Entities A filter policy compares the match criteria specified within a filter entry to packets coming through the system, in the order the entries are numbered in the policy. When a packet matches all the parameters specified in the entry, the system takes the specified action to either drop or forward the packet. - Page 64 Filter Policy Configuration Overview • SAP egress — Filter policies applied on SAP egress define the Service Level Agreement (SLA) enforcement for service packets as they egress on the SAP according to the filter policy match criteria. SAP egress policies can be applied on both access ports and access uplink ports.
-
Page 65: Creating And Applying Policies
Filter Policies Creating and Applying Policies START SPECIFY SCOPE, DEFAULT ACTION, DESCRIPTION CREATE AN IP OR MAC FILTER (FILTER ID) CREATE FILTER ENTRIES (ENTRY ID) SPECIFY ACTION, PACKET MATCHING CRITERIA CREATE SERVICE ASSOCIATE FILTER ID SAVE CONFIGURATION 7210 SAS E Router Configuration Guide Page 65... -
Page 66: Packet Matching Criteria
Creating and Applying Policies Packet Matching Criteria As few or as many match parameters can be specified as required, but all conditions must be met in order for the packet to be considered a match and the specified action performed. The process stops when the first complete match is found and then executes the action defined in the entry, either to drop or forward packets that match the criteria. - Page 67 Filter Policies MAC filter policies match criteria that associate traffic with an ingress or egress SAP. Matching criteria to drop or forward MAC traffic include: • Source MAC address and mask Entering the source MAC address range allows the filter to search for matching a source MAC address and/or range.
-
Page 68: Table 3: Dscp Name To Dscp Value Table
Creating and Applying Policies DSCP Values Table 3: DSCP Name to DSCP Value Table DSCP Name Decimal Hexadecimal Binary DSCP Value DSCP Value DSCP Value default af10 af11 af12 cp13 cp14 cp15 cp17 af21 cp19 af22 cp21 af23 cp23 cp25 af31 cp27 af32... -
Page 69: Filter Policies
Filter Policies Table 3: DSCP Name to DSCP Value Table (Continued) DSCP Name Decimal Hexadecimal Binary DSCP Value DSCP Value DSCP Value af33 cp21 cp33 af41 cp35 af42 cp37 af43 cp39 cp41 cp42 cp43 cp44 cp45 cp47 (cs6) cp49 cp50 cp51 cp52 cp53... -
Page 70: Ordering Filter Entries
Creating and Applying Policies Ordering Filter Entries When entries are created, they should be arranged sequentially from the most explicit entry to the least explicit. Filter matching ceases when a packet matches an entry. The entry action is performed on the packet. 7210 SAS supports either drop or forward action.To be considered a match, the packet must meet all the conditions defined in the entry. - Page 71 Filter Policies Figure 2 displays an example of several packets forwarded upon matching the filter criteria and several packets traversing through the filter entries and then dropped. FILTER ID: 5 SEARCH CRITERIA: DEFAULT ACTION: DROP Source Address: 10.10.10.103 FILTER ENTIES: 10 (ACTION: FORWARD) 20 (ACTION: FORWARD) Destination Address: 10.10.10.104 30 (ACTION: FORWARD)
-
Page 72: Applying Filters
Creating and Applying Policies Applying Filters After filters are created, they can be applied to the following entities: • Applying a Filter to a SAP on page 72 • Applying a Filter to an IES Interface on page 72 Applying a Filter to a SAP During the SAP creation process, ingress and egress filters are selected from a list of qualifying IP and MAC filters. -
Page 73: Configuration Notes
Filter Policies Configuration Notes The following information describes filter implementation caveats: • Creating a filter policy is optional. • Associating a service with a filter policy is optional. • When a filter policy is configured, it should be defined as having either an exclusive scope for one-time use, or a template scope meaning that the filter can be applied to multiple SAPs. -
Page 74: Mac Filters
Configuration Notes MAC Filters • If a MAC filter policy is created with an entry and entry action specified but the packet matching criteria is not defined, then all packets processed through this filter policy entry will pass and take the action specified. There are no default parameters defined for matching criteria. -
Page 75: Ip Filters
Filter Policies IP Filters • Define filter entry packet matching criteria — If a filter policy is created with an entry and entry action specified but the packet matching criteria is not defined, then all packets processed through this filter policy entry will pass and take the action specified. There are no default parameters defined for matching criteria. - Page 76 Configuration Notes Page 76...
-
Page 77: Configuring Filter Policies With Cli
Filter Policies Configuring Filter Policies with CLI This section provides information to configure filter policies using the command line interface. Topics in this section include: • Basic Configuration on page 78 • Common Configuration Tasks on page 79 → Creating an IP Filter Policy on page 79 →... -
Page 78: Basic Configuration
Basic Configuration Basic Configuration The most basic IP and MAC filter policies must have the following: • A filter ID • Template scope, either exclusive or template • Default action, either drop or forward • At least one filter entry →... -
Page 79: Common Configuration Tasks
Filter Policies Common Configuration Tasks This section provides a brief overview of the tasks that must be performed for both IP and MAC filter configurations and provides the CLI commands. To configure a filter policy, perform the following tasks: • Creating an IP Filter Policy on page 79 •... -
Page 80: Ip Filter Entry
Common Configuration Tasks IP Filter Entry Within a filter policy, configure filter entries which contain criteria against which ingress, egress, or network traffic is matched. The action specified in the entry determine how the packets are handled, either dropped or forwarded. •... -
Page 81: Ip Entry Matching Criteria
Filter Policies IP Entry Matching Criteria Use the following CLI syntax to configure IP filter matching criteria: The following displays an IP filter matching configuration. *A:ALA-48>config>filter>ip-filter# info ---------------------------------------------- description "filter-mail" scope exclusive entry 10 create description "no-91" match dst-ip 10.10.10.91/24 src-ip 10.10.10.103/24 exit action forward... -
Page 82: Creating A Mac Filter Policy
Common Configuration Tasks Creating a MAC Filter Policy Configuring and applying filter policies is optional. Each filter policy must have the following: • The filter type specified (MAC). • A filter policy ID. • A default action, either drop or forward. •... -
Page 83: Creating An Isid Filter
Filter Policies Creating an ISID Filter The following displays an ISID filter configuration example: A;ALA-7>config>filter# info ---------------------------------------------- mac-filter 90 create description "filter-wan-man" scope template entry 1 create description "drop-local-isids" match isid 100 to 1000 exit action drop exit entry 2 create description "allow-wan-isids"... -
Page 84: Mac Filter Entry
Common Configuration Tasks MAC Filter Entry Within a filter policy, configure filter entries which contain criteria against which ingress, egress, or network traffic is matched. The action specified in the entry determine how the packets are handled, either dropped or forwarded. •... -
Page 85: Mac Entry Matching Criteria
Filter Policies MAC Entry Matching Criteria The following displays a filter matching configuration example. A;ALA-7>config>filter>mac-filter# info ---------------------------------------------- description "filter-west" scope exclusive entry 1 create description "allow-104" match src-mac 00:dc:98:1d:00:00 ff:ff:ff:ff:ff:ff dst-mac 02:dc:98:1d:00:01 ff:ff:ff:ff:ff:ff exit action drop exit ---------------------------------------------- A:ALA-7>config>filter# 7210 SAS E Router Configuration Guide Page 85... -
Page 86: Applying Filter Policies
Common Configuration Tasks Applying Filter Policies Filter policies can be associated with the following entities: Table 5: Applying Filter Policies IP Filter MAC Filter Epipe SAP Epipe SAP IES interface SAP VPLS SAP VPLS SAP Apply IP and MAC Filter Policies The following example shows an example of applying an IP and a MAC filter policy to an Epipe service: CLI Syntax: config>service# epipe service-id... -
Page 87: Apply Filter Policies To An Ies Interface
Filter Policies Apply Filter Policies to an IES Interface IP filter policies can be applied to an IP interface created in an IES service. These filter policies apply to the routed management traffic. CLI Syntax: config>service>ies# interface ip-int-name address ip-address sap sap-id ingress filter ip ip-filter-id... -
Page 88: Filter Management Tasks
Filter Management Tasks Filter Management Tasks This section discusses the following filter policy management tasks: • Renumbering Filter Policy Entries on page 88 • Modifying an IP Filter Policy on page 90 • Deleting a Filter Policy on page 93 •... - Page 89 Filter Policies The following displays the original filter entry order on the left side and the reordered filter entries on the right side: A:ALA-7>config>filter# info A:ALA-7>config>filter# info ---------------------------------------------- ---------------------------------------------- ip-filter 11 create ip-filter 11 create description "filter-main" description "filter-main" scope exclusive scope exclusive entry 10 create entry 1 create...
-
Page 90: Modifying An Ip Filter Policy
Filter Management Tasks Modifying an IP Filter Policy To access a specific IP filter, you must specify the filter ID. Use the form of the command to remove the command parameters or return the parameter to the default setting. Example config>filter>ip-filter# description "New IP filter info"... - Page 91 Filter Policies dst-ip 10.10.10.91/24 src-ip 10.10.0.200/24 exit action forward exit exit ---------------------------------------------- A:ALA-7>config>filter# 7210 SAS E Router Configuration Guide Page 91...
-
Page 92: Modifying A Mac Filter Policy
Filter Management Tasks Modifying a MAC Filter Policy To access a specific MAC filter, you must specify the filter ID. Use the form of the command to remove the command parameters or return the parameter to the default setting. Example config>filter# mac-filter 90 config>filter>mac-filter# description "New filter info"... -
Page 93: Deleting A Filter Policy
Filter Policies Deleting a Filter Policy Before you can delete a filter, you must remove the filter association from the applied ingress and egress SAPs and network interfaces. • From an Ingress SAP on page 93 • From an Egress SAP on page 93 •... -
Page 94: From The Filter Configuration
Filter Management Tasks From the Filter Configuration After you have removed the filter from the SAP, use the following CLI syntax to delete the filter. CLI Syntax: config>filter# no ip-filter filter-id CLI Syntax: config>filter# no mac-filter filter-id Example config>filter# no ip-filter 11 config>filter# no mac-filter Page 94 7210 SAS E Router Configuration Guide... -
Page 95: Copying Filter Policies
Filter Policies Copying Filter Policies When changes are made to an existing filter policy, they are applied immediately to all services where the policy is applied. If numerous changes are required, the policy can be copied so you can edit the “work in progress” version without affecting the filtering process. When the changes are completed, you can overwrite the work in progress version with the original version. - Page 96 Filter Management Tasks Page 96 7210 SAS E Router Configuration Guide...
-
Page 97: Filter Command Reference
Filter Policies Filter Command Reference Command Hierarchies • IP Filter Policy Commands on page 98 • Redirect Policy Configuration Commands on page 197Generic Filter Commands on page 100 • Show Commands on page 100 • redirect-policyClear Commands on page 100 •... - Page 98 Filter Command Reference Configuration Commands IP Filter Policy Commands config — filter — ip-filter filter-id [create] — no ip-filter filter-id — default-action {drop | forward} — description description-string — no description — renum old-entry-id new-entry-id — scope {exclusive | template} —...
- Page 99 Filter Policies — mac-filter filter-id [create] — no mac-filter filter-id — description description-string — no description — default-action {drop | forward} — renum old-entry-id new-entry-id — scope {exclusive | template} — no scope — entry entry-id [time-range time-range-name] — no entry entry-id [create] —...
-
Page 100: Monitor Commands
Filter Command Reference Generic Filter Commands config — filter — copy ip-filter | mac-filter src-filter-id [src-entry src-entry-id] to dst-filter-id [dst-entry dst- entry-id] [overwrite] Show Commands show — filter — download-failed — [ip-filter-id [entry entry-id] [association | counters] — loglogmac {mac-filter-id [entry entry-id] [association | counters]} Clear Commands redirect-policy clear... - Page 101 Filter Policies Configuration Commands Generic Commands description Syntax description string no description Context config>filter>ip-filter config>filter>ip-filter>entry config>filter>mac-filter config>filter>mac-filter>entry Description This command creates a text description stored in the configuration file for a configuration context. The description command associates a text string with a configuration context to help identify the context in the configuration file.
-
Page 102: Global Filter Commands
Global Filter Commands Global Filter Commands ip-filter Syntax [no] ip-filter filter-id [create] Context config>filter Description This command creates a configuration context for an IP filter policy. IP-filter policies specify either a forward or a drop action for packets based on the specified match criteria. - Page 103 Filter Policies policy. Use the config filter copy command to maintain policies in this manner. The no form of the command deletes the mac-filter policy. A filter policy cannot be deleted until it is removed from all SAP where it is applied. Parameters filter-id —...
-
Page 104: Filter Policy Commands
Filter Policy Commands Filter Policy Commands default-action Syntax default-action {drop | forward} Context config>filter>ip-filter config>filter>mac-filter Description This command specifies the action to be applied to packets when the packets do not match the specified criteria in all of the IP filter entries of the filter. When multiple default-action commands are entered, the last command will overwrite the previous command. -
Page 105: General Filter Entry Commands
Filter Policies General Filter Entry Commands entry Syntax entry entry-id [time-range time-range-name] [create] no entry entry-id Context config>filter>ip-filter config>filter>mac-filter Description This command creates or edits an IP or MAC filter entry. Multiple entries can be created using unique entry-id numbers within the filter. The implementation exits the filter on the first match found and executes the actions in accordance with the accompanying action command. -
Page 106: Ip Filter Entry Commands
IP Filter Entry Commands IP Filter Entry Commands action Syntax action [drop] action forward action nat no action Context config>filter>ip-filter>entry Description This command specifies to match packets with a specific IP option or a range of IP options in the first option of the IP header as an IP filter match criterion. - Page 107 Filter Policies protocol-id — Configures the decimal value representing the IP protocol to be used as an IP filter match criterion. Well known protocol numbers include ICMP(1), TCP(6), UDP(17). The no form the command removes the protocol from the match criteria. Values 0 —...
-
Page 108: Mac Filter Entry Commands
MAC Filter Entry Commands MAC Filter Entry Commands action Syntax action drop action forward no action Context config>filter>mac-filter>entry Description This command configures the action for a MAC filter entry. The action keyword must be entered for the entry to be active. Any filter entry without the action keyword will be considered incomplete and will be inactive. -
Page 109: Ip Filter Match Criteria
Filter Policies IP Filter Match Criteria dscp Syntax dscp dscp-name no dscp Context config>filter>ip-filter>entry>match Description This command configures a DiffServ Code Point (DSCP) name to be used as an IP filter match criterion. The no form of the command removes the DSCP match criterion. Default no dscp Parameters... - Page 110 IP Filter Match Criteria dst-port Syntax dst-port {eq} dst-port-number no dst-port Context config>filter>ip-filter>entry>match Description This command configures a destination TCP or UDP port number for an IP filter match criterion. Note that L4 match criteria (for example, dst-port) will only match on the first fragment of a packet since subsequent fragments will not contain the L4 information.
- Page 111 Filter Policies of a packet since subsequent fragments will not contain the L4 information. This option is only meaningful if the protocol match criteria specifies ICMP (1). The no form of the command removes the criterion from the match entry. Default no icmp-code Parameters...
- Page 112 IP Filter Match Criteria src-ip false — Specifies matching on IP packets that do not have any option field present in the IP header. Syntax src-ip {ip-address[/mask]} [netmask] no src-ip Context config>filter>ip-filter>entry>match Description This command configures a source IP address range to be used as an IP filter match criterion. To match on the source IP address, specify the address and its associated mask, e.g.
- Page 113 Filter Policies tcp-ack Syntax tcp-ack {true | false} no tcp-ack Context config>filter>ip-filter>entry>match Description This command configures matching on the ACK bit being set or reset in the control bits of the TCP header of an IP packet as an IP filter match criterion. The no form of the command removes the criterion from the match entry.
-
Page 114: Mac Filter Match Criteria
MAC Filter Match Criteria MAC Filter Match Criteria dot1p Syntax dot1p ip-value [mask] no dot1p Context config>filter>mac-filter>entry Description Configures an IEEE 802.1p value or range to be used as a MAC filter match criterion. When a frame is missing the 802.1p bits, specifying an dot1p match criterion will fail for the frame and result in a non-match for the MAC filter entry. - Page 115 Filter Policies dst-mac Syntax dst-mac ieee-address [mask] no dst-mac Context config>filter>mac-filter>entry Description Configures a destination MAC address or range to be used as a MAC filter match criterion. The no form of the command removes the destination mac address as the match criterion. Default no dst-mac Parameters...
- Page 116 MAC Filter Match Criteria Parameters ethernet-type — The Ethernet type II frame Ethertype value to be used as a match criterion expressed in hexadecimal. Values 0x0600 — 0xFFFF isid Syntax isid value | value to higher-value no isid Context config>filter>mac-filter>entry>match Description This command configures an ISID value or a range of ISID values to be matched by the mac-filter parent.
- Page 117 Filter Policies ieee-address-mask — This 48-bit mask can be configured using: Format Style Format Syntax Example Decimal DDDDDDDDDDDDDD 281474959933440 Hexadecimal 0xHHHHHHHHHHHH 0x0FFFFF000000 Binary 0bBBBBBBB...B 0b11110000...B To configure so that all packets with a source MAC OUI value of 00-03-FA are subject to a match condition then the entry should be specified as: 003FA000000 0xFFFFFF000000 Default 0xFFFFFFFFFFFF (exact match)
-
Page 118: Policy And Entry Maintenance Commands
Policy and Entry Maintenance Commands Policy and Entry Maintenance Commands copy Syntax copy {ip-filter | mac-filter} source-filter-id dest-filter-id dest-filter-id [overwrite] Context config>filter Description This command copies existing filter list entries for a specific filter ID to another filter ID. The copy command is a configuration level maintenance tool used to create new filters using existing filters. - Page 119 Filter Policies new-entry-id — Enter the new entry-number to be assigned to the old entry. Values 1 — 65535 7210 SAS E Router Configuration Guide Page 119...
- Page 120 Policy and Entry Maintenance Commands Page 120 7210 SAS E Router Configuration Guide...
- Page 121 Filter Policies Show Commands download-failed Syntax download-failed Context show>filter Description This command shows all filter entries for which the download has failed. Output download-failed Output — The following table describes the filter download-failed output. Label Description Displays the filter type. Filter-type Displays the ID of the filter.
- Page 122 Show Commands counters — Displays counter information for the specified filter ID. Note that egress counters count the packets without Layer 2 encapsulation. Ingress counters count the packets with Layer 2 encapsulation. Output Show Filter (no filter-id specified) — The following table describes the command output for the command when no filter ID is specified.
- Page 123 Filter Policies Label Description (Continued) Applied The filter policy ID has not been applied. No — The filter policy ID is applied. Yes — Def. Action The default action for the filter ID for packets that do not Forward — match the filter entries is to forward.
- Page 124 Show Commands Label Description (Continued) TCP-ack No matching of the ACK bit. Off — Matches the ACK bit being set or reset in the control bits of the On — TCP header of an IP packet. Egr. Matches The number of egress filter matches/hits for the filter entry. Sample Output A:ALA-49>config>filter# show filter ip 3 ===============================================================================...
- Page 125 Filter Policies time-range : night Cur. Status : Active Src. IP : 0.0.0.0/0 Src. Port : None Dest. IP : 10.10.1.1/16 Dest. Port : None Protocol : Undefined Dscp : Undefined ICMP Type : Undefined ICMP Code : Undefined Fragment : Off Option-present : Off TCP-syn...
- Page 126 Show Commands Output Show Filter Associations — The following table describes the fields that display when the associations keyword is specified. Label Description The IP filter policy ID. Filter Id The filter policy is of type Template. Scope Template — The filter policy is of type Exclusive.
- Page 127 Filter Policies Output Show Filter Associations (with TOD-suite specified) — If a filter is referred to in a TOD Suite assignment, it is displayed in the show filter associations command output: A:ALA-49# show filter ip 160 associations =============================================================================== IP Filter =============================================================================== Filter Id : 160...
- Page 128 Show Commands Syntax mac [mac-filter-id [associations | counters] [entry entry-id]] Context show>filter Description This command displays MAC filter information. Parameters mac-filter-id — Displays detailed information for the specified filter ID and its filter entries. Values 1— 65535 associations — Appends information as to where the filter policy ID is applied to the detailed filter policy ID output.
- Page 129 Filter Policies Label Description (Continued) The default action for the filter ID for packets that do not Def. Action Forward — match the filter entries is to forward. The default action for the filter ID for packets that do not match Drop —...
- Page 130 Show Commands Description : Not Available Src Mac : 00:00:5a:00:00:00 ff:ff:ff:00:00:00 Dest Mac : 00:00:00:00:00:00 00:00:00:00:00:00 Dot1p : Undefined Ethertype : 802.2SNAP Match action : Forward Ing. Matches Egr. Matches Entry : 300 (Inactive) FrameType : Ethernet Description : Not Available Src Mac : 00:00:00:00:00:00 00:00:00:00:00:00 Dest Mac...
- Page 131 Filter Policies Filter Entry Counters Output — When the counters keyword is specified, the filter entry output displays the filter matches/hit information. The following table describes the command output for the command. Sample Output Label Description The MAC filter policy ID. Mac Filter Filter Id The filter policy is of type Template.
- Page 132 Show Commands Clear Commands Syntax ip ip-filter-id [entry entry-id] [ingress | egress] Context clear>filter Description Clears the counters associated with the IP filter policy. By default, all counters associated with the filter policy entries are reset. The scope of which counters are cleared can be narrowed using the command line parameters.
- Page 133 Filter Policies Monitor Commands filter Syntax filter ip ip-filter-id entry entry-id [interval seconds] [repeat repeat] [absolute | rate] Context monitor Description This command monitors the counters associated with the IP filter policy. Parameters ip-filter-id — The IP filter policy ID. Values 1 —...
- Page 134 Show Commands interval — Configures the interval for each display in seconds. Default 5 seconds Values 3 — 60 repeat repeat — Configures how many times the command is repeated. Default Values 1 — 999 absolute — When the absolute keyword is specified, the raw statistics are displayed, without pro- cessing.
-
Page 135: Common Cli Command Descriptions
Common CLI Command Descriptions In This Chapter This section provides information about common Command Line Interface (CLI) syntax and command usage. Topics in this chapter include: • SAP syntax on page 136 7210 SAS E Router Configuration Guide Page 135... -
Page 136: Common Service Commands
Common CLI Command Descriptions Common Service Commands SAP syntax Syntax [no] sap sap-id Description This command specifies the physical port identifier portion of the SAP definition. Parameters sap-id — Specifies the physical port identifier portion of the SAP definition. The sap-id can be configured in one of the following formats: Type Syntax Example... -
Page 137: Standards And Protocol Support
Standards and Protocol Support Standards Compliance RFC 3164 Syslog draft-ietf-secsh-architecture.txt SSH RFC 3273 HCRMON-MIB IEEE 802.1d Bridging Protocol Architecture RFC 3411 An Architecture for IEEE 802.1p/Q VLAN Tagging draft-ietf-secsh-userauth.txt SSH Describing Simple Network IEEE 802.1w Rapid Spanning Tree Authentication Protocol Management Protocol (SNMP) Protocol Management Frameworks... -
Page 138: Index
NDEX Filters overview applying filter to network ports to SAP entities entries filter entry ordering filter types matching criteria DSCP values packets policies policy entries port-based filtering scope services configuring basic IP filter policy MAC filter policy management tasks IP Router overview interfaces system... - Page 139 7210-SAS E Router Configuration Guide Page 139...